Threats and Vulnerabilities CYBR650 Week 3

These past three weeks have been quite interesting and frankly, almost frightening, as we delve more into threats and vulnerabilities that companies face today. The discussion topics made me conduct further research into the STRIDE threat model, which, to me, is probably the best threat classification model one can use when thinking about threats that exist in the computer security world. The six threat categories of STRIDE are Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege. More information can be obtained from the Microsoft website at https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx.

During 2017, there were some remarkable vulnerabilities and exploits. One that was very interesting was KRACK (Key Reinstallation Attack). This allowed attackers to exploit vulnerabilities in the Wi-Fi Protected Access 2 (WPA2) protocol to allow an attacker to eavesdrop on the network traffic between the device and Wi-Fi access point. Frankly, I was surprised to find out that there were security flaws in the WPA2 protocol. I was even more surprised to find out that over 41% of Android devices were vulnerable to variants of KRACK, with Linux systems also being heavily impacted. Some best practices to mitigate possible attacks on Wi-Fi networks and devices were recommended, including regularly updating your Wi-Fi router’s credentials, enabling your firewall, using a Virtual Private Network (VPN), and updating firmware often. You can read more on this at https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/vulnerabilities-in-wpa2-reportedly-expose-wi-fi-enabled-devices-to-eavesdropping

Being an avid user of iPhones (I won’t trade my iPhone for the best Android device in the world), I did some research on vulnerabilities and exploits that exist in the Apple world. I didn’t have to look too hard. It seems that every iPhone and Mac computer is affected by the Meltdown and Spectre chip vulnerabilities, which can be exploited by hackers using malicious apps running on a device. This is why it is so important that users download apps and software only from trusted sources. The fact is that smartphones has become a way of life us today. It’s hard to imagine that only two decades ago, people were able to survive with only analog phones! Our smartphones now hold very valuable and sensitive data, like our banking information, credit card information, and lots of other private data. With the millions of Apple devices being used around the world, the risk factor is global, as users throughout the world can be impacted negatively. Read more at http://www.newsweek.com/apple-iphone-chip-vulnerability-most-disturbing-security-issue-decades-771638.

In today’s world of technological convenience and mobility, the threats and vulnerabilities seem to be ever-increasing. Like many people. I handle my bank transactions through my mobile phone. And attackers seem to be aware of the rise in popularity in online banking, often targeting individual users’ bank accounts with an increased number of mobile malware and mobile bank Trojans. It was pretty disturbing to learn that a research by the Kaspersky Lab's Global Research and Analysis team found over 1.6 million malicious mobile installation packages circulating, including 323,000 new malicious mobile programs and 2,500 mobile banker Trojans. Read more about it here http://www.darkreading.com/vulnerabilities---threats/mobile-malware-makes-mobile-banking-treacherous/d/d-id/1322957

One of my favorite security readings is the yearly Verizon Data Breach Investigations Report (DBIR), and I’m not just saying that because I work for Verizon. This annual report explores the existing cybersecurity landscape, and uses the experience of many organizations to provide a detailed overview on the state of cybercrime today. Part of this task is to analyze thousands of incidents, including data breaches. Organizations would do well to use this report to prioritize and discover new ways to protect against threats. The fact is that if a company hasn’t suffered a cybersecurity breach yet, it’s because they are extremely-prepared, or lucky. My bet is the latter!

Credible Sources CYBR650 Week 2

These first two weeks in the ‘Current Trends in Cybersecurity’ class has made me think beyond my comfort zone, as I have never been involved in any threat modeling during my 25 year plus career in IT. As I delve more into the class and its reading assignments, and look online for related information, I see a rise in cyber threats, even as corporations and organizations continue to spend millions trying to ensure they implement the best security measures.

Looking back at 2017, there was a rapid onslaught of cyber threats. The SC Magazine published a good article on some of the top cybersecurity threats of 2017 https://www.scmagazine.com/the-top-cybersecurity-threats-for-2017/article/720097/ which included the exploit called KRACK (Key Reinstallation AttaCKs). KRACK empowered attackers to access any Wi-Fi device using WPA2 and remotely read and steal sensitive personal information. What was even more troubling, was the DDoS-for-Hire Services being offered online, publicly! Tech Republic published an article on ‘The top 5 cybersecurity threats of 2017’ https://www.techrepublic.com/article/report-the-top-5-cybersecurity-threats-of-2017/ and listed DDoS-for-Hire Services being offered by attackers as a major threat during 2017.

It is not very difficult to identify sources of information for threats, vulnerabilities, updates, and security news; the important thing is to make sure these sources are credible. Several sources I consider to be credible are:

• https://www.securityweek.com/. This organization provides an all-encompassing set of security news on malware and threats, cybercrime, risk and compliance, and the list goes on. It is a source that I review every week, just so I can stay on top of the latest data breaches and the latest on cybercrime happening around the world.  There is a very interesting article on “the other side of terrorism” https://www.securityweek.com/online-other-side-terrorism which details how terrorism groups are using the latest technology to wage war beyond our physical and geographical barriers.

• https://www.ftc.gov/. The purpose of the Federal Trade Commission collaborates with law enforcement partners in the United States and around the world to protect consumers and promote competition. They have a very helpful Tips & Advice section for consumers and businesses, and their News & Events section has the latest information on fighting attackers and cyber threats.

• https://www.fbi.gov/ is probably my favorite place to look for information on threats, vulnerabilities, updates, and the latest security news. The News section on their homepage gives information on their top stories and latest busts, and it brings some idea of comfort, knowing that the government is actively going after attackers. Currently the FBI investigates computer and network intrusions, ransomware, identity theft, etc.: information that is very relevant to companies and consumers.

• https://www.sans.org/ provides some extremely informative white papers on threats, vulnerabilities, and security news. Their reading Room section has a wealth of information that corporations and organizations can use to prepare themselves to combat latest security threats. One of their latest papers, ‘PCAP Next Generation: Is Your Sniffer Up to Snuff?’ https://www.sans.org/reading-room/whitepapers/detection/pcap-generation-sniffer-snuff-38335 has some very useful information.

• https://csrc.nist.gov/ Computer Resource Security Center contains great publications on threats and vulnerabilities. Their Security and Privacy section contains papers on cryptography, privacy, and risk management among others. The Laws and Regulations identify many federal laws that are applicable to the Information technology industry. NIST also has an Information Technology Lab with monthly newsletters on its projects and activities I particularly enjoy reading their News and Updates section. Their latest article “NIST Releases Report on Fog Computing for Internet of Things Devices” https://csrc.nist.gov/News/2018/Fog-Computing-for-Internet-of-Things-Devices discusses fog computing as an alternative to cloud computing. This is a new concept for me, and it describes fog computing as providing a significant reduction in the amount of time it takes to access data locally.

Stay tuned for more blogs next week!

Top Security Threats CYBR650 Week 1

My name is Bickram Mark Singh. I am a Systems Engineer Manager; working for Verizon for the past 25 years. Much of my daily functions include trouble-shooting and problem solving; it is a fast-paced, hands-on, non-stop work environment with deadlines to meet and emergencies occurring constantly. My major is Cyber Security, and this is my final Masters class with Bellevue University.

Each week I will post information on some of the top security threats we face, both personally and in the corporation. I will also share recommended ideas and steps to help mitigate some of these threats. In today's rapid pace technological environment, we all can use as much information as possible to stay safe.

The MIT Technology Review website https://www.technologyreview.com/s/609641/six-cyber-threats-to-really-worry-about-in-2018/ gives an interesting take on the top cyber threats to look out for during 2018. The author, Martin Giles describes some worrying scenarios; threats that can cause a magnitude of problems and with some serious, worrying consequences. Two that were particularly worrying to me are:

* Increasing data breaches like the one on Equifax. You'd think that with such top security, a company like Equifax could never be hacked successfully. That data breach showed us all that there is never really anything like 100% security, and that we are as strong as our weakest link. And just when you think you’ve heard it all, the bad news continue to grow. CNN wrote a good article last month describing how more information, including tax IDs and driver's license details were probably obtained in the Equifax data breach http://money.cnn.com/2018/02/09/pf/equifax-hack-senate-disclosure/index.html. As more information on the data breach is made public, you can’t help but wonder if Equifax is withholding any vital information from us, in their quest to reduce the damage done to their brand.

* Hacking elections. Although the debate rages on as to whether or not Russia really hacked the 2016 elections or to what extent their activities influenced our elections, the fact is that cyber attacks on our voting process is a clear and present danger. As much as we try to identify and mitigate vulnerabilities in our voting systems, it seems these hackers are way ahead of the game. NBC News published an interview with Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, where Jeanette stated that Russian successfully penetrated the voter registration rolls of several U.S. states preceding to the 2016 presidential elections https://www.nbcnews.com/politics/elections/russians-penetrated-u-s-voter-systems-says-top-u-s-n845721. It seems the same technology that has provided mobility, flexibility, and comfort has reared its ugly head to bite us.

Stay tuned!