Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Top Posts
Expert Commentary On 30,000 Macs Infected With New...
Response Comment: Half Of Businesses Suffered A Cyber-Attack...
Expert Reaction On Google’s Password Checkup Feature Expanding...
Expert Comments On Secondary Extortion Attacks
Cybersecurity Expert Shares Top Takeaways Amid SolarWinds Hearing
Experts Reacted On Retail Giant Kroger Data Breach
Security A Glaring Issue For Chatroom App Clubhouse...
Parents Alerted To Nurserycam Security Breach – Experts...
How Can Consumers Better Protect Their Finances From...
Experts Insight On ‘Silent Stealing’ New Cyber Crime...
Information Security Buzz
Connecting Security Experts
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Expert(s): November 30, 2020
Garret F. Grajek
CEOfeature_status*/ ?>
YouAttest

Comments Dotted : 5
February 19, 2021

CEOs Comments On Report: Rise In Healthcare Attacks

The information is coveted by hackers because of the valuable PII.

The attack on medical institutions for health care identity data has reached crisis proportions. The information is coveted by hackers because of the valuable PII (personal identification information) that can be used to create lines of credit and other valuable financial instruments.   

 

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that enforces federal civil rights laws has been issuing substantial fines for not adhering the practice and procedures

.....Read More

The attack on medical institutions for health care identity data has reached crisis proportions. The information is coveted by hackers because of the valuable PII (personal identification information) that can be used to create lines of credit and other valuable financial instruments.   

 

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that enforces federal civil rights laws has been issuing substantial fines for not adhering the practice and procedures outlined in the HIPAA regulations. These include:  $2.3m fine to Community Health Systems for a 6.1m data record breach and a $6.85m fine to Premera for a 10.4m breach in records.  Both were cited for failures concerning risk management and access controls.

  Read Less
Like(0)  (0)

Linkedin Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The information is coveted by hackers because of the valuable PII...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/ceos-comments-on-report-rise-in-healthcare-attacks

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The information is coveted by hackers because of the valuable PII...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/ceos-comments-on-report-rise-in-healthcare-attacks

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 19, 2021

Experts Reaction On Kia Motors Suffers Ransomware Attack

We know that in the Kill Chain, the attacker is going to attempt lateral movement and escalation of privileges.

The alert warns a "HUGE" amount of data was exfiltrated from Kia Motors America.   This is usually a sign the hackers were in the system for a long time, e.g. the hackers had a long "dwell-time." (Dwell-time is the amount of time during which an attack goes undetected.) According to one report from Booz Allen Hamilton, cybersecurity dwell times may last between 200-250 days before discovery.

 

Hackers are going to use some mechanism to enter or systems, be it phishing, social engineering, weak

.....Read More

The alert warns a "HUGE" amount of data was exfiltrated from Kia Motors America.   This is usually a sign the hackers were in the system for a long time, e.g. the hackers had a long "dwell-time." (Dwell-time is the amount of time during which an attack goes undetected.) According to one report from Booz Allen Hamilton, cybersecurity dwell times may last between 200-250 days before discovery.

 

Hackers are going to use some mechanism to enter or systems, be it phishing, social engineering, weak passwords, default admin passwords, etc. They might even be a trojan horse inside a legitimate agent (e.g. SolarWinds).   The logical defense is to detect their actions once they penetrate the system.  We know that in the Kill Chain, the attacker is going to attempt lateral movement and escalation of privileges. This is the point where we have to identify and stop the attack. 

 

One key mitigation method is enforcing the NIST PR.AC-6 principle of least privilege and attest to every privilege escalation to key security groups that legitimate users and hackers attempt. Organizations need to adopt solutions that force an immediate review of the account escalation attempts using IT audit and security access review products.

  Read Less
Like(0)  (0)

Linkedin Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"We know that in the Kill Chain, the attacker is going to attempt lateral movement and escalation of privileges...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-kia-motors-suffers-ransomware-attack

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"We know that in the Kill Chain, the attacker is going to attempt lateral movement and escalation of privileges...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-kia-motors-suffers-ransomware-attack

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 17, 2021

Malvertisers Redirecting To Scam Sites Via Browser Zero-day

These traditional credential collectors can be used to attack BOTH individuals and enterprises.

It's important to note that the malware that is being implanted into these browsers can also contain multiple payloads. That is the payload may not just be confined to malvertising material - but can also contain more traditional enterprise attacking payloads where corporate and other credentials are collected and directed back to the command and control center. These traditional credential collectors can be used to attack BOTH individuals and enterprises.

 

This is why enterprises need to

.....Read More

It's important to note that the malware that is being implanted into these browsers can also contain multiple payloads. That is the payload may not just be confined to malvertising material - but can also contain more traditional enterprise attacking payloads where corporate and other credentials are collected and directed back to the command and control center. These traditional credential collectors can be used to attack BOTH individuals and enterprises.

 

This is why enterprises need to insure that they are able to monitor their accounts and account privileges for nefarious usage and for nefarious privilege escalation that may result from these browser based attacks or other identity manipulation means.

  Read Less
Like(0)  (0)

Linkedin Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These traditional credential collectors can be used to attack BOTH individuals and enterprises...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/malvertisers-redirecting-to-scam-sites-via-browser-zero-day

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These traditional credential collectors can be used to attack BOTH individuals and enterprises...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/malvertisers-redirecting-to-scam-sites-via-browser-zero-day

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 12, 2021

Singtel Cyberattack Via 3rd Party Accellion File Sharing System – Experts Perspective

Billions of scans are running daily - looking for known, published vulnerabilities.

The key here is to note that hackers are usually INSIDE the enterprise, undetected for a long time. F5 reported in 2021 the average time it takes to discover a ":credential spill"  is 327 days.

 

By this time, we have to assume that an attacker is going to penetrate our network, servers, applications in some form or another. Billions of scans are running daily - looking for known, published vulnerabilities.  Chances are one of our systems is not fully patched or even SHIPPED w/ a vulnerability

.....Read More

The key here is to note that hackers are usually INSIDE the enterprise, undetected for a long time. F5 reported in 2021 the average time it takes to discover a ":credential spill"  is 327 days.

 

By this time, we have to assume that an attacker is going to penetrate our network, servers, applications in some form or another. Billions of scans are running daily - looking for known, published vulnerabilities.  Chances are one of our systems is not fully patched or even SHIPPED w/ a vulnerability (e.g. SolarWinds). Thus what's our defense? We have to be able to detect the actions of these attackers.  

 

It is known conduct  in the attacker's kill chain that the hacker will usually do the two following actions:  conduct lateral movement across the enterprise (to find valued resources) and to escalate their own privileges (say to admin account) to help move to all resources have the privileges necess to exfiltrate the data.

 

These privilege escalations are detectable if the enterprise is conducting regular and triggered access and privilege reviews. This is what a cloud identity governance product can do for the enterprise.  It is imperative to an enterprise to have regular reviews and be dynamically triggered when privilege escalations are occurring.

  Read Less
Like(0)  (0)

Linkedin Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Billions of scans are running daily - looking for known, published vulnerabilities...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/singtel-cyberattack-via-3rd-party-accellion-file-sharing-system-experts-perspective

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Billions of scans are running daily - looking for known, published vulnerabilities...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/singtel-cyberattack-via-3rd-party-accellion-file-sharing-system-experts-perspective

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
February 11, 2021

Experts Reaction On 2021 Credential Stuffing Report Highlighting Poor Security Practices

These privilege escalations are detectable if the enterprise is conducting regular and triggered access and privilege reviews.

The report states: ‘Organizations are also poor at detecting breach attempts: median time to discovering a credential spill between 2018 and 2020 was 120 days, while the average time to discovery was 327 days.’

 

I think this is the key point.  Hackers are going to find a vulnerability somehow, someway - we are all being scanned.  And once that flaw is found, e.g. an unpatched server, a weak password, an open network device - the hacker will be on our systems.   From there, we MUST be able

.....Read More

The report states: ‘Organizations are also poor at detecting breach attempts: median time to discovering a credential spill between 2018 and 2020 was 120 days, while the average time to discovery was 327 days.’

 

I think this is the key point.  Hackers are going to find a vulnerability somehow, someway - we are all being scanned.  And once that flaw is found, e.g. an unpatched server, a weak password, an open network device - the hacker will be on our systems.   From there, we MUST be able to detect their actions.  The known pattern of behaviors of attackers makes identifying compromised credentials (hacked accounts) possible.   We know that a hacker is going to want to move around the network (lateral movement) and escalate their privileges of the overtaken account (privilege escalation). This latter action, privilege escalation, is what hackers use to take normal "user" accounts and turn them into "admin" accounts.   This allows them access to more networks, more servers, and more data.

 

These privilege escalations are detectable if the enterprise is conducting regular and triggered access and privilege reviews, and is what cloud identity governance does for the enterprise.

  Read Less
Like(0)  (0)

Linkedin Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These privilege escalations are detectable if the enterprise is conducting regular and triggered access and privilege reviews...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-2021-credential-stuffing-report-highlighting-poor-security-practices

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Garret F. Grajek, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These privilege escalations are detectable if the enterprise is conducting regular and triggered access and privilege reviews...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-2021-credential-stuffing-report-highlighting-poor-security-practices

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

David Kennefick, Solutions Architect, Edgescan

"Mac users are advised to update their operating systems and install an antivirus. "

Expert Commentary On 30,000 Macs Infected With New Silver Sparrow Malware

Lewis Jones, Threat Intelligence Analyst, Talion

"The Silver Sparrow malware comes with a mechanism to completely remove itself, which is usually utilised for high-stealth operations. "

Expert Commentary On 30,000 Macs Infected With New Silver Sparrow Malware

Amit Sharma, Security Engineer , Synopsys Software Integrity Group

"One of the most substantial security challenges organisations currently face is how to manage their legacy products. "

Experts Reacted On Retail Giant Kroger Data Breach

Chris Ross, SVP, Barracuda Networks

"Combatting the issue from a business perspective requires an overhaul of cybersecurity policy. "

Response Comment: Half Of Businesses Suffered A Cyber-Attack In Last 12 Months

Jake Moore, Cybersecurity Specialist, ESET

"Password checking tools are an essential part of account security. "

Expert Reaction On Google’s Password Checkup Feature Expanding For Android Users

Satnam Narang, Senior Research Engineer, Tenable

"Despite the exclusivity of Clubhouse being available on an invite-only basis and limited to iOS devices. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Simon Mullis, Director of Technical Account Management, Tanium

"Simple steps can be put in place by any company that experiences a data breach to ensure it doesn’t happen again. "

Parents Alerted To Nurserycam Security Breach – Experts Comments

Stephen Kapp, CTO and Founder, Cortex Insight

"Organisations would be well-advised to embrace secure-by-design practices to avoid similar incidents. "

Parents Alerted To Nurserycam Security Breach – Experts Comments

Jonathan Reiber, Senior Director of Cybersecurity Strategy and Policy, AttackIQ

"ATT&CK provides an inventory for adversary tactics, techniques, and procedures that any organization can adopt. "

Cybersecurity Expert Shares Top Takeaways Amid SolarWinds Hearing

Jake Moore, Cybersecurity Specialist, ESET

"Similar to when Zoom usage went through the roof, Clubhouse is experiencing a huge uptake and learning as it goes. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Nick Emanuel, Senior Director of Product , Webroot

"Clubhouse is currently riding a wave of popularity. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black

"For opportunistic cybercriminals, secondary extortion is the name of the game. "

Expert Comments On Secondary Extortion Attacks

David Stewart, CEO, CriticalBlue - Approov

"You can't keep scripts and bots out of your business. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Saryu Nayyar, CEO, Gurucul

"Unfortunately, cybersecurity is an afterthought for many developers. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Martin Jartelius, CSO , Outpost24

"It’s been a month from becoming aware of the breach to this wider disclosure, but it seems it’s been hard to establish who has been affected at all. "

Experts Reacted On Retail Giant Kroger Data Breach

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

ISB CONFERENCE

ISB Conference 2021

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel