CYBR650 Week 12 Final Entry

I made it through all the week to week 12! This class has been exciting, informative, and very stimulating. Believe it or not, the most difficult part of this course was developing my own threat model. The feedback from the professor and my classmates helped tremendously to help me stay on track! One of the best parts of this class was the ability to review other classmates’ assignments. This gave me a great opportunity to learn from others in the class. I believe this class will help to push me into the cyber security world in the company I work for, and I know the objectives and concepts taught in this class will be a great starting point for me. I know that I can now analyze the various elements of an information system, conduct an analysis for risks, threats, and vulnerabilities, and develop a process model to help identify the existing and future threat landscape.

This blog assignment was one of my favorites, as it gave me an opportunity to explore other topics related to current trends in cyber security, and to post my thoughts and opinions. I now browse through several online sites weekly in search of the latest news related to the world of cyber security, and this is a habit I will continue long after the class is over. One of my preferred online sources is Security Week. This online magazine was ablaze this week as the European Union’s new data protection rules went into effect. The EU’s General Data Protection Regulation (GDPR) seem to have far-reaching effects, as I have been receiving a large amount of emails and mail with privacy update notices. This new law is supposed to provide greater protection of people's online information, but as with many other consumers, I am skeptical. I appreciate that individuals must explicitly grant permission for their data to be used, but believe big companies will soon find loopholes or other ways around it. Read more here: https://www.securityweek.com/eus-new-data-protection-rules-come-effect.

Now that we have the EU’s GDPR in effect, how about someone start working on protecting us from the real bad guys? I mean, it’s great that the GDPR is focused on big companies like Facebook, WhatsApp, and Twitter, but is going after the hackers and other illegal actors on the cyber security stage? The news is currently highlighting the attack by alleged Russian hackers who have infected at least 500,000 routers and storage devices in over 50 countries. Now the FBI is warning that the attackers could collect user information or shut down network traffic on these home and office routers. Read more here https://www.reuters.com/article/us-usa-cyber-routers/fbi-warns-russians-hacked-hundreds-of-thousands-of-routers-idUSKCN1IQ2DY and here https://www.securityweek.com/us-disrupts-russian-botnet-500000-hacked-routers. Now that we’ve potentially ordered big corporations to place better security measures to comply with the GDPR, we need to also invest even more time and resources into going after the bad guys, and stopping them before they can attack.

My final entry for this class is a synopsis of a really good article on Security Week by Joshua Goldfarb. He talks about the 10 security behaviors that anger us. It is one of the most-commonsense pieces of security advice I’ve read in a long time. One of the 10 security behaviors is fire fighting; where a security team seems to running from one emergency to another. Companies often bring this upon themselves, when they refuse to threat model, or to hire enough properly trained It professionals. The result is a reactive one, where the security team has to put out endless ‘security’ fires. Another security behavior is probably the most common one: writing down passwords. We all know that writing down passwords is considered a terrible security habit. Yet, our password policies dictate that we create complex passwords that include upper and lower case letters, mixed with numeric and special characters, and with a particular length. If we didn’t write down our passwords somewhere, we’d be kicked out of our computer systems constantly. Companies need to help us with password management systems so we can keep track of all these unique passwords we need. You can read the full article at https://www.securityweek.com/10-security-behaviors-anger-us.

The Action Plan CYBR650 Week 10

Week 10 feels good as we near the finishing line of this class. The assignments are really empowering, as they have been helping me to understand a part of our company business that I’m not usually involved in. Developing the action plan really helped me to get a better appreciation of our IT team. The action plan is a crucial document that could go a long way in mitigating the risks that have been identified. I believe one of the challenges our IT folks face is (sometimes) their inability to communicate their findings in the kind of verbiage that upper management (who are often not technical) understands. This is such a vital piece of the equation; if the action plan properly conveys to management how you conducted your assessment, along with your results and the plan to address the threats, vulnerabilities, and risks, chances are management would approve it. The learning objectives for these two weeks (9 and 10) gave us the opportunity to review and provide constructive criticism on the action plan provide by our classmates, and I really enjoyed it. While giving feedback, I am also taking away ideas on how I can improve my own document.

A good action plan is extremely important for improved security in any organization. Just identifying threats and vulnerabilities is not good enough. Action must be taken to mitigate these risks, and that’s where the action plan with good security recommendations come it handy. Many security breaches can be avoided if organizations simply implemented some common security controls and best practices, like updating configurations and keeping operating systems up to date with latest security patches. Even the best of hardware and software tools, if not properly configured, cannot resist cyber attackers. Hackers seem to be at the top of their game, employing more enhanced and sophisticated techniques to perform their exploits. Successful data breaches yield a big payload to attackers, and often have a major impact on organizations, including loss of revenue, loss of customers, damage to their brand, and even fines!

Many companies without a dedicated security team are now getting into the habit of using a managed security provider, much like in the case of Harry and Mae’s Inc. It can often be more cost effective and with less distractions to an internal staff. The idea is to go on the offensive, rather then being defensive. While we embrace rapidly advancing technologies, we have to understand these technologies often pose a serious security risk to organizations. IT staff have to stay current on new threats and security best practices. In today’s world of compliance with industry standards and federal and state regulations, companies have to be very serious about security; non-compliance can often result in hefty fines and other consequences. The action plan is useful in that it prioritizes the vulnerabilities, giving companies the chance to work on those that pose a major threat to the organization.

One very popular strategy in many action plan recommendations for better security is the development and implementation of a strong security policy, along with ongoing employee education and training, and monitoring for compliance. Employee education and training is beneficial to the employee and ultimately to the company. As employees practice good security measures, especially when it comes to passwords, etc., they’re doing their part to help keep the company safe and secure from data breaches. Employee education and training also helps to improve productivity, and it definitely goes a long way in adherence to quality and other industry standards. The action plan also provides a man to help track action ownership, resource estimates, priorities, target dates, etc. As it defines the recommended risk and compliance-related mitigation actions needed to improve the organization’s risk posture, it also provides a way to identify the company’s high priority assets and the owners or prime points of contact for these assets, which could come in very useful during or after an attack.

Threats and Vulnerabilities CYBR650 Week 9

Delving into week 9 brings the stark reminder that no one: no company, no organization, be it private or government, profitable or non-profit, no one is exempt from a cyber attack, no one is ever 100% secure from a cyber attack. While we laud the rapid pace of technological advances, and the comfort it brings us (I’m writing this blog while working from home today, so I don’t want to be too hypocritical), the problem is that this same technology is misused tremendously by cyber attackers. Despite the increasing wave of data breaches over the past few years to companies like Home Deport, Chase Bank, and Experian, it seems like companies are not doing their best to keep their data (and our data) as safe as possible. Just a few days ago Twitter announced that a bug in their system may have exposed user passwords internally. While the company quickly said that no breach occurred, and must be commended for coming out publicly very quickly, the fact remains that this information was available to hackers for a period of time, so Twitter can never be 100% sure that the compromised data was not acquired by attackers! I am leery that Twitter’s own internal investigation showed no signs of a breach or misuse; let’s get an independent auditor to confirm Twitter’s findings! Read more about it here: https://www.trendmicro.com/vinfo/us/security/news/online-privacy/change-your-passwords-twitter-bug-exposes-user-passwords.

The Twitter accounts’ compromise and the other data breaches is a reminder to all users, personal or corporate, of the need to practice good security measures on social media accounts. The top on the security list is creating and using strong passwords that follow complexity rules. If your password is easy for you to guess or remember, it is more likely to be an easy target for hackers. Also, always check your security and privacy settings. Don’t use the system default settings. Adjust the default settings as much as necessary so you can protect your personal information.

Every time I hear about a new technology or device being introduced, I get a little fearful. Take Amazon’s virtual assistant, Alexa, for example. Amazon has made several Alexa-enabled devices, and other manufacturers are building Alexa into many types of devices like phones and thermostats. I thought to myself: great; now let’s say see what hackers will do with it! Just two weeks ago, an article on the Trend Micro website stated that Alexa can be programmed to eavesdrop on its users and transcribe the information, which is a great potential for hackers to steal private information. As far as most (if not all) users understand it, the Alexa digital assistant is supposed to end the active session until prompted for another active session. However, it seems attackers can prompt Alexa to believe it has informed the user that the device is still actively listening, and can transcribe and send the information to the programmers. Read more about it at https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/alexa-can-listen-indefinitely-potentially-exploited-to-transcribe-information-to-cybercriminals.

           The need for education of users in the area of cyber security and general security measures remains strong. People must understand that they are responsible for maintaining the security on their products, and should not rely entirely on vendors and manufacturers. While manufacturers may identify vulnerabilities and provide patches and system updates, it is still the user’s responsibility to actually download these firmware and software updates. Good security practices, like using strong passwords, not using the same passwords on different accounts, and changing passwords regularly should be followed. Operating systems and browsers should always be kept up-to-date in regards to patches and security updates. And make sure to keep regular backups of data; this comes in useful if an attacker targets and corrupts your data – a backup can save you time, money, and a lot of headaches.

Cybersecurity News CYBR650 Week 8

We’re not in the last few weeks of this class in Current Trends in Cybersecurity. I learned how to perform a threat analysis using my process model and the threats vulnerabilities I identified in the Harry and Mae's case study. After completing this assignment, I can see how critical thinking is a fundamental requirement for security professionals. I also see the need for IT security professionals to be able to present all vulnerabilities, threats, and risks in the language that will be easily understood by non-technical management. Threat modeling is a great approach to analyze the security of a company’s IT infrastructure, and serves to identify and help to mitigate all associated security risks, prioritizing the top threats that would have the greatest potential impact. This is why threat modeling should be an iterative process for any corporation. The Microsoft STRIDE threat model is a wonderful tool that group threats into categories, allowing security professionals to consider how the different threats in the model can affect application components.

I access Security Week often to get all the latest cyber security news. There’s a great article “Don't Fall Victim to IP Theft and Corporate Espionage” that discusses cyber espionage related to the business world, where corporate espionage targets proprietary information from private entities for commercial advantage, where a variety of techniques are used to gain illegal access to networks. Read more at https://www.securityweek.com/dont-fall-victim-ip-theft-and-corporate-espionage. This is why software companies have to move quickly to identify vulnerabilities and provide patches so espionage threat actors cannot exploit them. Users also have to demonstrate responsibility by not downloading unauthorized (and often malicious) software. Companies like ours regularly review security and access permissions granted to these programs to ensure we are in compliance. We are also very careful that our contractors and vendors are only given access to company networks that are absolutely necessary.

It is a fact that the number of attacks is rapidly increasing, as is the sophistication of these attacks. Last week’s hacking attack on three Mexican banks was centered on real-time payment transfers, which allows banks to transfer money between private accounts across an encrypted network. The hackers are stepping up their game, and should the good guys, when it comes to security. Read more at https://www.databreachtoday.com/hackers-target-3-mexican-banks-real-time-transfers-a-10927. Cyber attacks are more Sophisticated, and with today’s payload of data, the impact is more damaging, disruptive, and mostly than ever before. The data breach last year at Equifax was a wake up call to us that no one is really safe, and that today’s attacks are becoming more dangerous. Foreign nation-state hackers and criminals are using all the latest tools to steal data or set up conditions for conducting destructive attacks against networks in the future. This year, sophisticated cyber attacks continue to be one of the biggest technology concerns, as attackers continue to use tactics like social engineering, malware, and ransomware. Organizations must continue to invest in good, sensible security measures to protect against cyber attacks. The attacks are also becoming more public and more visible, as the impact of successful attacks are more far-reaching and with more potential victims. The problem is that hackers don’t give up; they simply change their method of operation and try other tools and techniques. However, one must bear in mind that the old social engineering technique is still a tried and true method that attackers use as they prey on people's tendencies to manipulate them. Sometimes they’re able to best of us, including IT security professionals. Just a few weeks ago a friend of mine was so afraid that the police was going to knock on his door that he quickly sent $2000.00 to pay a supposed IRS tax fee!

Threats and Vulnerabilities CYBR650 Week 7

This class has proven to be increasingly interesting. I’m taking this class simultaneously with Ethical Hacking and Response, and both classes have really opened my eyes to the world of cyber security, as well as current trends in cyber security. As I go through each week’s readings and assignments, I see many areas where I can apply what I learn to our corporation and in my own personal life. As I begin to learn about threats and vulnerabilities and the risk to pose, I’m gaining a better understanding of how I need to exercise good security measures in all my computing endeavors.

The Security Trends forum has been an excellent way to discover more of the cyber security environment; not just threats and vulnerabilities, but ways to mitigate those risks, which often involved good security policies that are already in existence. A good security policy is a proactive way organizations can ensure they are protected. It also establishes rules for good user behavior, and has to include employee training, and follow up to ensure users are in compliance. Security policies also serve to ensure the organization is in compliance to any applicable federal and state regulations. These classes are really helping me to understand how taking seemingly small security steps can help companies avoid data breach that can have major impacts.

In my Ethical Hacking and Response class, I was surprised to discover how much vulnerability has been discovered with the Apple iOS. I only use Apple devices, absolutely love them, and won’t switch to an Andriod device, ever. However, I must admit I was concerned. Like other Apple users, I thought Apple’s operating systems had the greatest high-tech security, but I am coming to grips with the fact that Apple mobile devices are also targets for attackers, and that any iOS device can be subject to attack sources of malware and viruses. For example, a Tech World article referenced 15 of the biggest Apple security threats, and I was surprised to learn about MacDefender, which was a malware that masqueraded as a security app users were invited to install an app as a way to detect non-existent security threats on their devices. Read more about it here https://www.techworld.com/picture-gallery/security/biggest-mac-security-threats-from-adware-icloud-hacks-ransomware-3623261/. A different article from Norton Security pointed out some common threats for Android, iOS, and Windows devices, with the rapidly advancing pace of technology bringing more sophisticated attacks. Some of the more common threats include collecting sensitive data stored on a device, spying on users and logging their activity, tracking locations, and opening back doors into a device to allow attackers to take control. Read more at https://www.nortonsecurityonline.com/security-center/mobile-threats-protection.html.

Back to my class, Current Trends in Cybersecurity, this is a great opportunity for me to learn more about perform threat and systems analysis, and discovering and analyzing certain threats and vulnerabilities so I can perform a risk assessment. I believe a threat analysis can be very useful in identifying and assessing threats and vulnerabilities, and, in the long run, create a more resilient network against threats, and mitigate any threats that do happen to break through. The fact is that a threat analysis allows IT personnel to locate vulnerable devices and systems, which can allow the company to respond quickly and make a considerable difference to limit damage from a cyber attack. Cyber attacks are on the rise, where attackers can wreak havoc on a corporation without ever leaving the safety of their homes. As attacks become increasingly sophisticated using technical skills and social engineering tactics to breach networks and gain access to sensitive data, the need for threat analysis becomes more apparent and more important.

Credible sources for threats, vulnerabilities, updates, and security news CYBR650 Week 6

The ‘Current Trends in Cybersecurity’ class has proven to be one of the best classes I’ve taken in this degree program. During week 2, I listed several credible sources of information for threats, vulnerabilities, updates, and security news. Although I haven’t actually used those sources for this week’s assignment, I still believe they are credible and I actually discovered some additional sources:

* https://www.csoonline.com/. One of their articles by Justin Dolly points out the top 5 cybersecurity concerns for 2018. Cyberthreats continue to rise exponentially, and no one (consumers or businesses) seems to be exempt from malware attacks and data breaches. The top five threats to watch out for in 2018 are (1) cryptojacking; where an attacker secretly uses someone’s computing device to mine cryptocurrency. Websites can run hidden cryptocurrency mining scripts in a user’s browser without the user’s knowledge. The attacker mines cryptocurrencies by using the computer's CPU to earn money for someone else. (2) PowerShell-based attacks; where an attacker uses malicious scripts to communicate with compromised websites acting as proxies for the command and control server. (3) Further growth in the cybercriminal underground; where the increase in cybercriminal tools and lower expertise will increase the number of cybercriminals. (4) Security software will be targeted; where attackers will target trusted programs and the software and hardware supply chain to control devices and manipulate users. (5) More cyber criminals will use worms to launch malware; where attackers will make more use of worm functionality to spread malware, simply because network compromise from worms spread faster than many other methods. Read more at https://www.csoonline.com/article/3241766/cyber-attacks-espionage/top-5-cybersecurity-concerns-for-2018.html.

* https://digitalguardian.com/. This is another great source for cybersecurity news. One article by Greg Funaro details several cybersecurity issues organizations can work on in an attempt to increase the effectiveness of their cybersecurity effort: (1) Treat data protection as your top priority. Recent data breaches at Equifax and several large U.S. banks only serve to emphasize the importance of protecting classified data. The fallout from losing sensitive data can be tremendous, including loss of customers, loss of revenue, and having to pay some hefty fines.  (2) Identify your critical IT assets and sensitive data. This is key to any organization. Once critical assets are identified, companies can go to work to gain visibility and control capabilities that can prevent attackers from accessing and stealing classified data. (3) Protect data assets. It’s just not enough to identify critical assets, but steps must be implemented to protect them carefully. When sensitive data is classified properly (using digital labels like “confidential”, etc.) it can help to protect information more likely to be targeted by attackers. Additionally, organizations must track who is accessing data and how that data is being used and shared, both internally and externally. (4) Pursue security education for employees. It’s just not enough to invest in security for critical assets. Part of that investment must include educating employees in password and data security practices. Employees must be aware that they play a crucial role in the security within their organization. Education on social engineering techniques and widespread attack methods can empower employees to recognize and report such attacks. (5). Compliance is not enough. In fact, compliance with industry and even government standards is often the beginning steps to securely protect sensitive data. Read more at https://digitalguardian.com/blog/5-cybersecurity-issues-avoid.

* https://www.infosecurity-magazine.com/news/. This magazine is actually one of my favorite sources for Information Security and IT Security News & Articles. One interesting article lauds the security for Windows 10 as being almost twice as safe as Windows 7. I find this surprising, especially since my assignment for another class in this Cybersecurity major was on the many vulnerabilities identified in the Windows 10 operating system. The author states that almost all the devices that were victims of the WannaCry ransomware attack were running Windows 7; even so, companies continue to rely on Windows 7 more than Windows 10. It seems that consumers are more prone to make better decisions, with almost 72% of home user devices migrating to Windows 10 by December 2017. Read more at https://www.infosecurity-magazine.com/news/windows-10-safe/.

Cybersecurity News CYBR650 Week 5

I’ve been looking forward to Weeks 5 and 6, even though I’m a little apprehensive about analyzing systems and data centers. The reading materials provide a lot of valuable information to help with the assignments. A description of the systems, networks, servers, and computers, and policies, standards, and procedures play a great role in systems analysis.

This week I’d like to focus on something that is currently at the top of cybersecurity news – the Facebook data breach. Although it seems outrageous that the personal information for more than 87 million users was compromised during the Cambridge Analytica data breach, a lot of security experts were sounding big warnings during the past decade. Additionally, more than a million users in each of the UK, Philippines and Indonesia may have also had their personal information compromised, with about 310,000 users in Australian. We’re told the number of users affected in the United States could actually be higher than the 87 million that was announced. Read more about it here http://time.com/5234740/facebook-data-misused-cambridge-analytica/ and here https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-breach. What is even more alarming, is that Cambridge Analytica used data obtained from these illegally accessed Facebook profiles to build a program to predict and influence voters. I say we shift our focus from Russia to Facebook when it comes to meddling in our elections! To make matters worse, more than 63,000 New Zealand users were also exposed, it was announced yesterday. Thankfully, that country’s privacy commissioner is working with his counterparts in the US, UK Australia and Canada to determine the severity and consequences of the privacy beach. Read more here https://www.theguardian.com/technology/2018/apr/10/facebook-data-breach-hits-63714-new-zealanders-after-10-people-download-quiz. 

It seems that Facebook did not learn from the many other companies who have suffered data breaches; even though Facebook discovered the data breach in late 2015, it did not alert users immediately. They probably tried to contain the breach in the hopes of maintaining the company brand, but alas, like our data breaches, word gets out sooner or later, and when done later, with major consequences! I must say I was not impressed with Mark Zuckerberg’s acknowledgement that he didn’t take a broad enough view of the company’s responsibilities! I mean, come on! You’re running the most influential and popular social media platform of all time, with more than a billion users, and he didn’t take a ‘broad enough view of the company’s responsibilities’? The fact that Facebook suffered a data breach of this magnitude and displayed such ignorance and lack of responsibility is quite appalling. 

To me, the bigger concern is who exactly has access to our data, and what are they using our data for. The issue of data harvesting and the threat it poses to our personal privacy is quite alarming. Our smartphones now store and transmit personal and sensitive information that we once kept locked away in our safes at home and in the office. We carry our personal identification information, our banking and credit card information, and login information to a host of other services; all of which could be very detrimental to us if it falls into the wrong hands. Our apps on our smartphones also have access to a lot of valuable and classified data. Data harvesting is big business today, and data companies are adding to the amount of data they have access to, and can sell or otherwise pass on to other entities. Some companies use the data they collect to determine and often dictate our likes and dislikes, our buying behaviors and patterns, our income levels, our hobbies, our personalities … and sell them to companies who are hungry to get their hands onto a particular market or target audience. It doesn’t help that companies like Equifax, who also recently suffered a major data breach, hold a treasure hove of valuable personal data on consumers. 

Cybersecurity News CYBR650 Week 4

Coming into week 4, this class continues to be very interesting. Cybersecurity is definitely not a boring topic! The Microsoft STRIDE threat modeling tool was quite useful in this week’s assignments. This week I decided to take a closer look at some relevant cybersecurity news from various organizations.

McAfee Threat Intelligence: for latest in-depth security threat research reports, insights from security experts, and learning how to protect enterprise from malware, cybercrime, and other cybersecurity threats. The McAfee Labs Threats Report from March 2018 was quite informative, highlighting the switch from threats like ransomware, to newer tools and techniques like PowerShell malware and cryptocurrency mining. The report also stated that new malware has reached an all-time high of 63.4 million new samples, with PowerShell malware growing 267% in the fourth quarter. The report can be viewed here: https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2018.pdf.

McAfee also had some good information on ransomware; this is a type of malware that uses asymmetric encryption to hold a victim’s information at ransom. In a ransomware attacker, the victim must pay up before the attacker will make the private key available to the victim; it is almost impossible to decrypt the files that are being held for ransom without access to the private key. The reality is that users and organizations can follow simple cyber security advice to avoid becoming a victim of ransomware. Sometimes victims can regain access to their encrypted files or locked systems, without having to pay. This is made possible by McAfee’s creation of a repository of keys and applications that can decrypt data locked by different types of ransomware.

One of my all time favorite cybersecurity report is the annual Verizon Data Breach Investigations Report. This report is an incredibly valuable tool to help any organization prepare themselves from being the next victim of a data breach. The 2017 report was no different. It reminded organizations they don’t have to be huge or well-known to become a target. As an example, the healthcare industry could be hit by both external and internal attackers. Many employees and others have access to valuable patient information that could result in identity theft and cloning of identities. Attackers can also use other organizations as a soft target useful as a stepping stone to their partners’ systems. You can download the 2017 report here: http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf.

CNET Security and Privacy: And it’s time to report yet another data breach. This time it’s Delta, Sears, and Kmart who suffered a data breach, in which customers’ names, addresses and credit card numbers may have been stolen during September 26th and October 12th, 2017. However, this breach was a bit different from the others. None of these companies' internal databases were actually breached. Rather, a piece of malware temporarily residing in their online chat service possibly harvested customers’ payment information after they completed a transaction. While Delta reported that multiple hundreds of thousands of its customers could potentially have had data stolen, Sears believes fewer than 100,000 of its customers were affected by the breach. Read more about this at https://www.cnet.com/news/delta-sears-kmart-data-breach-credit-card-address/.

And finally! Some commonsense ruling: A judge allows Massachusetts to sue Equifax for data breach. I believe this was long overdue. Equifax has been entrusted with our most private and sensitive data and they should have been better prepared to deal with data security attacks. Not only that - it seemed, based on their response, that they were more interested in preserving their reputation and brand, rather than alerting consumers properly and thoroughly. Read about it here: https://www.cnet.com/news/massachusetts-judge-says-state-can-sue-equifax-for-data-breach/.

Here’s another data breach: Hackers steal data from 5 million Saks, Lord & Taylor customers. 

Read more about it at https://www.cnet.com/news/hackers-steal-data-from-5-million-saks-lord-taylor-customers/.

Threats and Vulnerabilities CYBR650 Week 3

These past three weeks have been quite interesting and frankly, almost frightening, as we delve more into threats and vulnerabilities that companies face today. The discussion topics made me conduct further research into the STRIDE threat model, which, to me, is probably the best threat classification model one can use when thinking about threats that exist in the computer security world. The six threat categories of STRIDE are Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege. More information can be obtained from the Microsoft website at https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx.

During 2017, there were some remarkable vulnerabilities and exploits. One that was very interesting was KRACK (Key Reinstallation Attack). This allowed attackers to exploit vulnerabilities in the Wi-Fi Protected Access 2 (WPA2) protocol to allow an attacker to eavesdrop on the network traffic between the device and Wi-Fi access point. Frankly, I was surprised to find out that there were security flaws in the WPA2 protocol. I was even more surprised to find out that over 41% of Android devices were vulnerable to variants of KRACK, with Linux systems also being heavily impacted. Some best practices to mitigate possible attacks on Wi-Fi networks and devices were recommended, including regularly updating your Wi-Fi router’s credentials, enabling your firewall, using a Virtual Private Network (VPN), and updating firmware often. You can read more on this at https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/vulnerabilities-in-wpa2-reportedly-expose-wi-fi-enabled-devices-to-eavesdropping

Being an avid user of iPhones (I won’t trade my iPhone for the best Android device in the world), I did some research on vulnerabilities and exploits that exist in the Apple world. I didn’t have to look too hard. It seems that every iPhone and Mac computer is affected by the Meltdown and Spectre chip vulnerabilities, which can be exploited by hackers using malicious apps running on a device. This is why it is so important that users download apps and software only from trusted sources. The fact is that smartphones has become a way of life us today. It’s hard to imagine that only two decades ago, people were able to survive with only analog phones! Our smartphones now hold very valuable and sensitive data, like our banking information, credit card information, and lots of other private data. With the millions of Apple devices being used around the world, the risk factor is global, as users throughout the world can be impacted negatively. Read more at http://www.newsweek.com/apple-iphone-chip-vulnerability-most-disturbing-security-issue-decades-771638.

In today’s world of technological convenience and mobility, the threats and vulnerabilities seem to be ever-increasing. Like many people. I handle my bank transactions through my mobile phone. And attackers seem to be aware of the rise in popularity in online banking, often targeting individual users’ bank accounts with an increased number of mobile malware and mobile bank Trojans. It was pretty disturbing to learn that a research by the Kaspersky Lab's Global Research and Analysis team found over 1.6 million malicious mobile installation packages circulating, including 323,000 new malicious mobile programs and 2,500 mobile banker Trojans. Read more about it here http://www.darkreading.com/vulnerabilities---threats/mobile-malware-makes-mobile-banking-treacherous/d/d-id/1322957

One of my favorite security readings is the yearly Verizon Data Breach Investigations Report (DBIR), and I’m not just saying that because I work for Verizon. This annual report explores the existing cybersecurity landscape, and uses the experience of many organizations to provide a detailed overview on the state of cybercrime today. Part of this task is to analyze thousands of incidents, including data breaches. Organizations would do well to use this report to prioritize and discover new ways to protect against threats. The fact is that if a company hasn’t suffered a cybersecurity breach yet, it’s because they are extremely-prepared, or lucky. My bet is the latter!

Credible Sources CYBR650 Week 2

These first two weeks in the ‘Current Trends in Cybersecurity’ class has made me think beyond my comfort zone, as I have never been involved in any threat modeling during my 25 year plus career in IT. As I delve more into the class and its reading assignments, and look online for related information, I see a rise in cyber threats, even as corporations and organizations continue to spend millions trying to ensure they implement the best security measures.

Looking back at 2017, there was a rapid onslaught of cyber threats. The SC Magazine published a good article on some of the top cybersecurity threats of 2017 https://www.scmagazine.com/the-top-cybersecurity-threats-for-2017/article/720097/ which included the exploit called KRACK (Key Reinstallation AttaCKs). KRACK empowered attackers to access any Wi-Fi device using WPA2 and remotely read and steal sensitive personal information. What was even more troubling, was the DDoS-for-Hire Services being offered online, publicly! Tech Republic published an article on ‘The top 5 cybersecurity threats of 2017’ https://www.techrepublic.com/article/report-the-top-5-cybersecurity-threats-of-2017/ and listed DDoS-for-Hire Services being offered by attackers as a major threat during 2017.

It is not very difficult to identify sources of information for threats, vulnerabilities, updates, and security news; the important thing is to make sure these sources are credible. Several sources I consider to be credible are:

• https://www.securityweek.com/. This organization provides an all-encompassing set of security news on malware and threats, cybercrime, risk and compliance, and the list goes on. It is a source that I review every week, just so I can stay on top of the latest data breaches and the latest on cybercrime happening around the world.  There is a very interesting article on “the other side of terrorism” https://www.securityweek.com/online-other-side-terrorism which details how terrorism groups are using the latest technology to wage war beyond our physical and geographical barriers.

• https://www.ftc.gov/. The purpose of the Federal Trade Commission collaborates with law enforcement partners in the United States and around the world to protect consumers and promote competition. They have a very helpful Tips & Advice section for consumers and businesses, and their News & Events section has the latest information on fighting attackers and cyber threats.

• https://www.fbi.gov/ is probably my favorite place to look for information on threats, vulnerabilities, updates, and the latest security news. The News section on their homepage gives information on their top stories and latest busts, and it brings some idea of comfort, knowing that the government is actively going after attackers. Currently the FBI investigates computer and network intrusions, ransomware, identity theft, etc.: information that is very relevant to companies and consumers.

• https://www.sans.org/ provides some extremely informative white papers on threats, vulnerabilities, and security news. Their reading Room section has a wealth of information that corporations and organizations can use to prepare themselves to combat latest security threats. One of their latest papers, ‘PCAP Next Generation: Is Your Sniffer Up to Snuff?’ https://www.sans.org/reading-room/whitepapers/detection/pcap-generation-sniffer-snuff-38335 has some very useful information.

• https://csrc.nist.gov/ Computer Resource Security Center contains great publications on threats and vulnerabilities. Their Security and Privacy section contains papers on cryptography, privacy, and risk management among others. The Laws and Regulations identify many federal laws that are applicable to the Information technology industry. NIST also has an Information Technology Lab with monthly newsletters on its projects and activities I particularly enjoy reading their News and Updates section. Their latest article “NIST Releases Report on Fog Computing for Internet of Things Devices” https://csrc.nist.gov/News/2018/Fog-Computing-for-Internet-of-Things-Devices discusses fog computing as an alternative to cloud computing. This is a new concept for me, and it describes fog computing as providing a significant reduction in the amount of time it takes to access data locally.

Stay tuned for more blogs next week!

Top Security Threats CYBR650 Week 1

My name is Bickram Mark Singh. I am a Systems Engineer Manager; working for Verizon for the past 25 years. Much of my daily functions include trouble-shooting and problem solving; it is a fast-paced, hands-on, non-stop work environment with deadlines to meet and emergencies occurring constantly. My major is Cyber Security, and this is my final Masters class with Bellevue University.

Each week I will post information on some of the top security threats we face, both personally and in the corporation. I will also share recommended ideas and steps to help mitigate some of these threats. In today's rapid pace technological environment, we all can use as much information as possible to stay safe.

The MIT Technology Review website https://www.technologyreview.com/s/609641/six-cyber-threats-to-really-worry-about-in-2018/ gives an interesting take on the top cyber threats to look out for during 2018. The author, Martin Giles describes some worrying scenarios; threats that can cause a magnitude of problems and with some serious, worrying consequences. Two that were particularly worrying to me are:

* Increasing data breaches like the one on Equifax. You'd think that with such top security, a company like Equifax could never be hacked successfully. That data breach showed us all that there is never really anything like 100% security, and that we are as strong as our weakest link. And just when you think you’ve heard it all, the bad news continue to grow. CNN wrote a good article last month describing how more information, including tax IDs and driver's license details were probably obtained in the Equifax data breach http://money.cnn.com/2018/02/09/pf/equifax-hack-senate-disclosure/index.html. As more information on the data breach is made public, you can’t help but wonder if Equifax is withholding any vital information from us, in their quest to reduce the damage done to their brand.

* Hacking elections. Although the debate rages on as to whether or not Russia really hacked the 2016 elections or to what extent their activities influenced our elections, the fact is that cyber attacks on our voting process is a clear and present danger. As much as we try to identify and mitigate vulnerabilities in our voting systems, it seems these hackers are way ahead of the game. NBC News published an interview with Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, where Jeanette stated that Russian successfully penetrated the voter registration rolls of several U.S. states preceding to the 2016 presidential elections https://www.nbcnews.com/politics/elections/russians-penetrated-u-s-voter-systems-says-top-u-s-n845721. It seems the same technology that has provided mobility, flexibility, and comfort has reared its ugly head to bite us.

Stay tuned!