Expert(s):
Manager, Offensive Securityfeature_status*/ ?>
Outpost24

Comments Dotted : 11
October 14, 2020

Comment: Hacker Groups Chain VPN And Windows Bugs To Attack US Government Networks
Once an initial foothold is gained by adversaries, they want to try and elevate their privileges as quickly as possible.
This is typical behavior when new vulnerabilities and public exploits surface, underlining the importance of proper asset & vulnerability management and patch management. You can safely assume whenever a new vulnerability becomes publicly known, that a race starts to whomever can find a stable exploit and potentially chain it in further attacks. This goes for both the information security community, as well as adversarial hackers. The main difference is their motivation, to either disclose.....Read More
This is typical behavior when new vulnerabilities and public exploits surface, underlining the importance of proper asset & vulnerability management and patch management. You can safely assume whenever a new vulnerability becomes publicly known, that a race starts to whomever can find a stable exploit and potentially chain it in further attacks. This goes for both the information security community, as well as adversarial hackers. The main difference is their motivation, to either disclose something and help expedite solutions or to weaponize and exploit as many victims as possible in the shortest amount of time. Once an initial foothold is gained by adversaries, they want to try and elevate their privileges as quickly as possible. By chaining vulnerabilities such as the VPN vulnerabilities (gaining access) and the Zerologon vulnerability (elevating privileges) adversaries can go through the entire attack lifecycle in an efficiently automated fashion.  Read Less
January 01, 2020

2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Looking at the global political situation, nation-state attackers are also likely to make some headlines next year.
What will be the top five cybersecurity threats to businesses in 2020? Will ransomware and BEC attacks still be the biggest threats or will any new ones come to light?
  • Supply chain attacks are a constantly developing threat. Although overall, they seem limited to more advanced and determined adversaries, the risk is evolving. What to do when you struggle to catch the big fish? Poison its bait! Target a supplier that has far less security control in place and from that ‘island’ you can jump
    • .....Read More
    What will be the top five cybersecurity threats to businesses in 2020? Will ransomware and BEC attacks still be the biggest threats or will any new ones come to light?
  • Supply chain attacks are a constantly developing threat. Although overall, they seem limited to more advanced and determined adversaries, the risk is evolving. What to do when you struggle to catch the big fish? Poison its bait! Target a supplier that has far less security control in place and from that ‘island’ you can jump straight onto your target. From a defensive perspective this is difficult thing to prevent. The larger the organisation, the harder it is to enforce security and perform business impact assessments for each and every supplier. 2020 might just be the year that gives us more large-scale examples of this threat.
  • I think ransomware is a prevalent threat and still something that should be taken seriously in 2020. We see that large organisations are well aware of the risk and taking the necessary precautions. Looking at the number of municipalities, hospitals and small businesses fallen prey to ransomware this year, we clearly see a shift towards the public sector and SMEs. As these targets overall have lesser security, chances are that a greater number will fall victim and actually pay the ransom, making ransomware still very profitable for adversaries. Good to note is that ransomware still, more often than not, seems to rely mainly on the human element… Which bring us to the next point: phishing.
  • Business email compromise and phishing in general is ever evolving and will most likely continue to grow in both volume and sophistication. The past year we have seen an increase in advanced phishing methods targeting applications secured with two-factor authentication (2FA) and almost all reporting phishing website appear to use a secure HTTPS connection. Although it is a good trend that 2FA and use of HTTPS is being adopted, we see that end-users still fall prey to phishing. Hopefully 2020 will also be the year of increased support and adoption for hardware authentication devices.
  • In line with phishing, SMS phishing (or Smishing) seems to be on the rise. More and more Smishing campaign appear to be executed by adversaries, most of which are going full-circle to where we were ten-or-so years ago with email: The sender can easily be spoofed, and we will rely on the inherent trust users have in this type of messages. Most Smishing campaigns don’t seem to focus that much on the content of the text message, as long as the content puts some pressure on the victim and the company name that is used as sender matches the victim’s profile they will click. The included hyperlinks are often not even masking the fact that it is an illicit webpage: ‘https://resetyouroutpost24password.evilhackerwebsite.com’… right!
    • What impact will GDPR have in 2020? Will we see larger fines than those against BA and Marriott?
  • Hopefully we will see the effects of GDPR. We seem to have surpassed the ‘peak of inflated expectations’ (to put it in Gartner terms), where each and every vendor drives on the ‘GDPR fear’. In 2020 we will hopefully see realistic fines and proportioned action on violations of GDPR.
    • What will be the leading cause of data breaches in 2020?
  • The human element will most likely remain the leading cause of data breaches.
    • How will the most successful cybercriminals operate in 2020? State-sponsored hacking attacks? As part of cybercrime rings? Lone warriors?
  • Cybercrime is constantly growing, with new phishing and ransomware attacks (and associated tools) I expect cyber-criminals to have the biggest impact next year. Looking at the global political situation, nation-state attackers are also likely to make some headlines next year. However, with these actors it might also happen without it ever making the news. Only time will tell!
    •   Read Less
    November 28, 2019

    Experts Comments On Dexphot Polymorphic Malware Detection
    Chances are the malware would execute itself again, change its appearances and persist on its host system.
    "Even for end-points the defense in-depth method applies. Such polymorphic threats are, although a technical masterpiece, hard to eradicate from your systems. In this case the sudden increase in processing utilization cause by Dexphot should be a give-away that something is wrong with an infected host. However, also on the endpoints you want to be able to prevent and/or detect the malware at any of its stages. The best thing would be to prevent the host of becoming infected. Either by having.....Read More
    "Even for end-points the defense in-depth method applies. Such polymorphic threats are, although a technical masterpiece, hard to eradicate from your systems. In this case the sudden increase in processing utilization cause by Dexphot should be a give-away that something is wrong with an infected host. However, also on the endpoints you want to be able to prevent and/or detect the malware at any of its stages. The best thing would be to prevent the host of becoming infected. Either by having an Internet proxy, or local ‘safe-browsing’ solution the prevents the user from downloading anything from malicious locations. Should the installer still make its way onto the system, the antivirus solution on the device should detect it. If due to its polymorphic nature the initial installer not be detected, then throughout the malware’s various stages one of the executables or system calls utilized should raise an alert. If all would fail, which is realistic when facing a newly developed malware threat. The endpoint should, once the malware is executed and goes into its ‘operational state’ detect the unusual behavior. If a user always uses a browser and Word processor, and all of a sudden the user start mining virtual currencies, the system would alert or even quarantine the involved processes and files. However, should such polymorphic malware make its way through your lines of defenses the effective remediation is often very difficult. You can compare it to a three-headed hydra, if you cut off one head it grows back multiple others. In this case, if your anti-virus would remove one of the files because it thinks its malicious but does not remove the others. Chances are the malware would execute itself again, change its appearances and persist on its host system."  Read Less
    November 05, 2019

    Security Experts Comments On Millions Of ‘Camgirl’ Site Users And Sex Workers Exposed
    The big caveat with this breach is that this may leave the users vulnerable to sextortion attacks.
    Unprotected systems directly accessible over the Internet are never a good thing. In this case, it seems that the logs being centrally collected, which from a security perspective is a good thing. Were it not left unprotected. Whenever possible, systems should be placed on the internal/trusted network and only accessible by individual users through a VPN. By maintaining such approach, it is difficult to accidentally deploy a system that is accessible by anyone with access to the Internet. The.....Read More
    Unprotected systems directly accessible over the Internet are never a good thing. In this case, it seems that the logs being centrally collected, which from a security perspective is a good thing. Were it not left unprotected. Whenever possible, systems should be placed on the internal/trusted network and only accessible by individual users through a VPN. By maintaining such approach, it is difficult to accidentally deploy a system that is accessible by anyone with access to the Internet. The big caveat with this breach is that this may leave the users vulnerable to sextortion attacks. If the users can be linked to an individual (for example when using the same email for username), adversaries could start targeting individuals in spear-phishing campaigns using real facts from this breach. For example, we knew you watched camgirl X on these dates. If you do not pay this information will be spread to friends/family/colleagues.  Read Less
    October 31, 2019

    The World’s First Internet Domain Name Provider Confirms Data Breach – Expert Reactions
    If your customers are impacted, it is your organisation’s due diligence to also inform your customers about the breach.
    Your organisation’s data is your responsibility, whether you are processing the data yourself or a third-party is handling the information. The same risk assessments and security measures should be taken to ensure it is protected at the appropriate level of security. If a third-party your business is utilizing is breach, such as this case, you should have an internal incident response process that is followed in your company. For example; changing credentials for the affected services,.....Read More
    Your organisation’s data is your responsibility, whether you are processing the data yourself or a third-party is handling the information. The same risk assessments and security measures should be taken to ensure it is protected at the appropriate level of security. If a third-party your business is utilizing is breach, such as this case, you should have an internal incident response process that is followed in your company. For example; changing credentials for the affected services, reviewing 2FA utilization and reviewing if any of your customers is affected by the third-party breach. If your customers are impacted, it is your organisation’s due diligence to also inform your customers about the breach.  Read Less
    October 30, 2019

    Blogger And WordPress Accounts Hacked In Sextortion Scam
    Make sure that any unique password you use for every website/service is sufficiently long and complex.
    Sextortion, as indicated again with this kind of hacks, is often a strong enticement to sway users into paying the extortion fee. The overall advise would be the never reuse password, and make sure that any unique password you use for every website/service is sufficiently long and complex: Upper-, lower-case, special characters and numbers at least 8 characters long (but preferably longer). This can easily be solved by using a password manager that will generate and remember complex passwords.....Read More
    Sextortion, as indicated again with this kind of hacks, is often a strong enticement to sway users into paying the extortion fee. The overall advise would be the never reuse password, and make sure that any unique password you use for every website/service is sufficiently long and complex: Upper-, lower-case, special characters and numbers at least 8 characters long (but preferably longer). This can easily be solved by using a password manager that will generate and remember complex passwords for you. Where possible use a second authentication factor such as a hardware authentication token or a soft-token. This advice is general for all Internet users, but especially if you are a blogger/website owner you want to make sure your site is adequately protected. If they cannot get into your website that easily, chances of this happening to you are way smaller.  Read Less
    October 22, 2019

    Comment: US Military And Government Data Included In 179GB Database Leak
    “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password”.
    This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password”. With the countless possibilities of ‘quickly deploying a system in the.....Read More
    This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password”. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organizations. As datasets grow to these sizes, the data is becoming increasingly valuable to our business and in some cases even more valuable than money. Unfortunately, not everyone protects it like the valuable asset it is.  Read Less
    September 16, 2019

    198 Million Car-Buyer Records Exposed – Experts Comments
    As datasets grow to these sized, the data is becoming increasingly valuable to our business and in some cases even more valuable than money.
    This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password. With the countless possibilities of ‘quickly deploying a system in the.....Read More
    This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organisations. As datasets grow to these sized, the data is becoming increasingly valuable to our business and in some cases even more valuable than money. Unfortunately not everyone protects is like the valuable asset it is.  Read Less
    September 16, 2019

    Experts Comments: Personal Records Of Most Of Ecuador’s Population Leaked
    As datasets grow to this size, the data is becoming increasingly valuable to businesses and in some cases even more valuable than money.
    This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password. With the countless possibilities of ‘quickly deploying a system in the.....Read More
    This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organisations. As datasets grow to this size, the data is becoming increasingly valuable to businesses and in some cases even more valuable than money. Unfortunately not everyone protects it like the valuable asset it is.  Read Less
    August 15, 2019

    More Problems For British Airways – Now An e-ticketing Vulnerability Has Been Discovered
    This is a classic example of what is described as Sensitive Data Exposure in the OWASP top ten.
    This is a classic example of what is described as Sensitive Data Exposure in the OWASP top ten. It is not just at risk of being captured in-transit, but it could well be that this data is also stored in plain text on systems that process the request. Meaning the data could have been stored in for example logs, waiting for an attacker to find it.