Cybersecurity News CYBR650 Week 8

We’re not in the last few weeks of this class in Current Trends in Cybersecurity. I learned how to perform a threat analysis using my process model and the threats vulnerabilities I identified in the Harry and Mae's case study. After completing this assignment, I can see how critical thinking is a fundamental requirement for security professionals. I also see the need for IT security professionals to be able to present all vulnerabilities, threats, and risks in the language that will be easily understood by non-technical management. Threat modeling is a great approach to analyze the security of a company’s IT infrastructure, and serves to identify and help to mitigate all associated security risks, prioritizing the top threats that would have the greatest potential impact. This is why threat modeling should be an iterative process for any corporation. The Microsoft STRIDE threat model is a wonderful tool that group threats into categories, allowing security professionals to consider how the different threats in the model can affect application components.

I access Security Week often to get all the latest cyber security news. There’s a great article “Don't Fall Victim to IP Theft and Corporate Espionage” that discusses cyber espionage related to the business world, where corporate espionage targets proprietary information from private entities for commercial advantage, where a variety of techniques are used to gain illegal access to networks. Read more at https://www.securityweek.com/dont-fall-victim-ip-theft-and-corporate-espionage. This is why software companies have to move quickly to identify vulnerabilities and provide patches so espionage threat actors cannot exploit them. Users also have to demonstrate responsibility by not downloading unauthorized (and often malicious) software. Companies like ours regularly review security and access permissions granted to these programs to ensure we are in compliance. We are also very careful that our contractors and vendors are only given access to company networks that are absolutely necessary.

It is a fact that the number of attacks is rapidly increasing, as is the sophistication of these attacks. Last week’s hacking attack on three Mexican banks was centered on real-time payment transfers, which allows banks to transfer money between private accounts across an encrypted network. The hackers are stepping up their game, and should the good guys, when it comes to security. Read more at https://www.databreachtoday.com/hackers-target-3-mexican-banks-real-time-transfers-a-10927. Cyber attacks are more Sophisticated, and with today’s payload of data, the impact is more damaging, disruptive, and mostly than ever before. The data breach last year at Equifax was a wake up call to us that no one is really safe, and that today’s attacks are becoming more dangerous. Foreign nation-state hackers and criminals are using all the latest tools to steal data or set up conditions for conducting destructive attacks against networks in the future. This year, sophisticated cyber attacks continue to be one of the biggest technology concerns, as attackers continue to use tactics like social engineering, malware, and ransomware. Organizations must continue to invest in good, sensible security measures to protect against cyber attacks. The attacks are also becoming more public and more visible, as the impact of successful attacks are more far-reaching and with more potential victims. The problem is that hackers don’t give up; they simply change their method of operation and try other tools and techniques. However, one must bear in mind that the old social engineering technique is still a tried and true method that attackers use as they prey on people's tendencies to manipulate them. Sometimes they’re able to best of us, including IT security professionals. Just a few weeks ago a friend of mine was so afraid that the police was going to knock on his door that he quickly sent $2000.00 to pay a supposed IRS tax fee!

Threats and Vulnerabilities CYBR650 Week 7

This class has proven to be increasingly interesting. I’m taking this class simultaneously with Ethical Hacking and Response, and both classes have really opened my eyes to the world of cyber security, as well as current trends in cyber security. As I go through each week’s readings and assignments, I see many areas where I can apply what I learn to our corporation and in my own personal life. As I begin to learn about threats and vulnerabilities and the risk to pose, I’m gaining a better understanding of how I need to exercise good security measures in all my computing endeavors.

The Security Trends forum has been an excellent way to discover more of the cyber security environment; not just threats and vulnerabilities, but ways to mitigate those risks, which often involved good security policies that are already in existence. A good security policy is a proactive way organizations can ensure they are protected. It also establishes rules for good user behavior, and has to include employee training, and follow up to ensure users are in compliance. Security policies also serve to ensure the organization is in compliance to any applicable federal and state regulations. These classes are really helping me to understand how taking seemingly small security steps can help companies avoid data breach that can have major impacts.

In my Ethical Hacking and Response class, I was surprised to discover how much vulnerability has been discovered with the Apple iOS. I only use Apple devices, absolutely love them, and won’t switch to an Andriod device, ever. However, I must admit I was concerned. Like other Apple users, I thought Apple’s operating systems had the greatest high-tech security, but I am coming to grips with the fact that Apple mobile devices are also targets for attackers, and that any iOS device can be subject to attack sources of malware and viruses. For example, a Tech World article referenced 15 of the biggest Apple security threats, and I was surprised to learn about MacDefender, which was a malware that masqueraded as a security app users were invited to install an app as a way to detect non-existent security threats on their devices. Read more about it here https://www.techworld.com/picture-gallery/security/biggest-mac-security-threats-from-adware-icloud-hacks-ransomware-3623261/. A different article from Norton Security pointed out some common threats for Android, iOS, and Windows devices, with the rapidly advancing pace of technology bringing more sophisticated attacks. Some of the more common threats include collecting sensitive data stored on a device, spying on users and logging their activity, tracking locations, and opening back doors into a device to allow attackers to take control. Read more at https://www.nortonsecurityonline.com/security-center/mobile-threats-protection.html.

Back to my class, Current Trends in Cybersecurity, this is a great opportunity for me to learn more about perform threat and systems analysis, and discovering and analyzing certain threats and vulnerabilities so I can perform a risk assessment. I believe a threat analysis can be very useful in identifying and assessing threats and vulnerabilities, and, in the long run, create a more resilient network against threats, and mitigate any threats that do happen to break through. The fact is that a threat analysis allows IT personnel to locate vulnerable devices and systems, which can allow the company to respond quickly and make a considerable difference to limit damage from a cyber attack. Cyber attacks are on the rise, where attackers can wreak havoc on a corporation without ever leaving the safety of their homes. As attacks become increasingly sophisticated using technical skills and social engineering tactics to breach networks and gain access to sensitive data, the need for threat analysis becomes more apparent and more important.

Credible sources for threats, vulnerabilities, updates, and security news CYBR650 Week 6

The ‘Current Trends in Cybersecurity’ class has proven to be one of the best classes I’ve taken in this degree program. During week 2, I listed several credible sources of information for threats, vulnerabilities, updates, and security news. Although I haven’t actually used those sources for this week’s assignment, I still believe they are credible and I actually discovered some additional sources:

* https://www.csoonline.com/. One of their articles by Justin Dolly points out the top 5 cybersecurity concerns for 2018. Cyberthreats continue to rise exponentially, and no one (consumers or businesses) seems to be exempt from malware attacks and data breaches. The top five threats to watch out for in 2018 are (1) cryptojacking; where an attacker secretly uses someone’s computing device to mine cryptocurrency. Websites can run hidden cryptocurrency mining scripts in a user’s browser without the user’s knowledge. The attacker mines cryptocurrencies by using the computer's CPU to earn money for someone else. (2) PowerShell-based attacks; where an attacker uses malicious scripts to communicate with compromised websites acting as proxies for the command and control server. (3) Further growth in the cybercriminal underground; where the increase in cybercriminal tools and lower expertise will increase the number of cybercriminals. (4) Security software will be targeted; where attackers will target trusted programs and the software and hardware supply chain to control devices and manipulate users. (5) More cyber criminals will use worms to launch malware; where attackers will make more use of worm functionality to spread malware, simply because network compromise from worms spread faster than many other methods. Read more at https://www.csoonline.com/article/3241766/cyber-attacks-espionage/top-5-cybersecurity-concerns-for-2018.html.

* https://digitalguardian.com/. This is another great source for cybersecurity news. One article by Greg Funaro details several cybersecurity issues organizations can work on in an attempt to increase the effectiveness of their cybersecurity effort: (1) Treat data protection as your top priority. Recent data breaches at Equifax and several large U.S. banks only serve to emphasize the importance of protecting classified data. The fallout from losing sensitive data can be tremendous, including loss of customers, loss of revenue, and having to pay some hefty fines.  (2) Identify your critical IT assets and sensitive data. This is key to any organization. Once critical assets are identified, companies can go to work to gain visibility and control capabilities that can prevent attackers from accessing and stealing classified data. (3) Protect data assets. It’s just not enough to identify critical assets, but steps must be implemented to protect them carefully. When sensitive data is classified properly (using digital labels like “confidential”, etc.) it can help to protect information more likely to be targeted by attackers. Additionally, organizations must track who is accessing data and how that data is being used and shared, both internally and externally. (4) Pursue security education for employees. It’s just not enough to invest in security for critical assets. Part of that investment must include educating employees in password and data security practices. Employees must be aware that they play a crucial role in the security within their organization. Education on social engineering techniques and widespread attack methods can empower employees to recognize and report such attacks. (5). Compliance is not enough. In fact, compliance with industry and even government standards is often the beginning steps to securely protect sensitive data. Read more at https://digitalguardian.com/blog/5-cybersecurity-issues-avoid.

* https://www.infosecurity-magazine.com/news/. This magazine is actually one of my favorite sources for Information Security and IT Security News & Articles. One interesting article lauds the security for Windows 10 as being almost twice as safe as Windows 7. I find this surprising, especially since my assignment for another class in this Cybersecurity major was on the many vulnerabilities identified in the Windows 10 operating system. The author states that almost all the devices that were victims of the WannaCry ransomware attack were running Windows 7; even so, companies continue to rely on Windows 7 more than Windows 10. It seems that consumers are more prone to make better decisions, with almost 72% of home user devices migrating to Windows 10 by December 2017. Read more at https://www.infosecurity-magazine.com/news/windows-10-safe/.

Cybersecurity News CYBR650 Week 5

I’ve been looking forward to Weeks 5 and 6, even though I’m a little apprehensive about analyzing systems and data centers. The reading materials provide a lot of valuable information to help with the assignments. A description of the systems, networks, servers, and computers, and policies, standards, and procedures play a great role in systems analysis.

This week I’d like to focus on something that is currently at the top of cybersecurity news – the Facebook data breach. Although it seems outrageous that the personal information for more than 87 million users was compromised during the Cambridge Analytica data breach, a lot of security experts were sounding big warnings during the past decade. Additionally, more than a million users in each of the UK, Philippines and Indonesia may have also had their personal information compromised, with about 310,000 users in Australian. We’re told the number of users affected in the United States could actually be higher than the 87 million that was announced. Read more about it here http://time.com/5234740/facebook-data-misused-cambridge-analytica/ and here https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-breach. What is even more alarming, is that Cambridge Analytica used data obtained from these illegally accessed Facebook profiles to build a program to predict and influence voters. I say we shift our focus from Russia to Facebook when it comes to meddling in our elections! To make matters worse, more than 63,000 New Zealand users were also exposed, it was announced yesterday. Thankfully, that country’s privacy commissioner is working with his counterparts in the US, UK Australia and Canada to determine the severity and consequences of the privacy beach. Read more here https://www.theguardian.com/technology/2018/apr/10/facebook-data-breach-hits-63714-new-zealanders-after-10-people-download-quiz. 

It seems that Facebook did not learn from the many other companies who have suffered data breaches; even though Facebook discovered the data breach in late 2015, it did not alert users immediately. They probably tried to contain the breach in the hopes of maintaining the company brand, but alas, like our data breaches, word gets out sooner or later, and when done later, with major consequences! I must say I was not impressed with Mark Zuckerberg’s acknowledgement that he didn’t take a broad enough view of the company’s responsibilities! I mean, come on! You’re running the most influential and popular social media platform of all time, with more than a billion users, and he didn’t take a ‘broad enough view of the company’s responsibilities’? The fact that Facebook suffered a data breach of this magnitude and displayed such ignorance and lack of responsibility is quite appalling. 

To me, the bigger concern is who exactly has access to our data, and what are they using our data for. The issue of data harvesting and the threat it poses to our personal privacy is quite alarming. Our smartphones now store and transmit personal and sensitive information that we once kept locked away in our safes at home and in the office. We carry our personal identification information, our banking and credit card information, and login information to a host of other services; all of which could be very detrimental to us if it falls into the wrong hands. Our apps on our smartphones also have access to a lot of valuable and classified data. Data harvesting is big business today, and data companies are adding to the amount of data they have access to, and can sell or otherwise pass on to other entities. Some companies use the data they collect to determine and often dictate our likes and dislikes, our buying behaviors and patterns, our income levels, our hobbies, our personalities … and sell them to companies who are hungry to get their hands onto a particular market or target audience. It doesn’t help that companies like Equifax, who also recently suffered a major data breach, hold a treasure hove of valuable personal data on consumers. 

Cybersecurity News CYBR650 Week 4

Coming into week 4, this class continues to be very interesting. Cybersecurity is definitely not a boring topic! The Microsoft STRIDE threat modeling tool was quite useful in this week’s assignments. This week I decided to take a closer look at some relevant cybersecurity news from various organizations.

McAfee Threat Intelligence: for latest in-depth security threat research reports, insights from security experts, and learning how to protect enterprise from malware, cybercrime, and other cybersecurity threats. The McAfee Labs Threats Report from March 2018 was quite informative, highlighting the switch from threats like ransomware, to newer tools and techniques like PowerShell malware and cryptocurrency mining. The report also stated that new malware has reached an all-time high of 63.4 million new samples, with PowerShell malware growing 267% in the fourth quarter. The report can be viewed here: https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2018.pdf.

McAfee also had some good information on ransomware; this is a type of malware that uses asymmetric encryption to hold a victim’s information at ransom. In a ransomware attacker, the victim must pay up before the attacker will make the private key available to the victim; it is almost impossible to decrypt the files that are being held for ransom without access to the private key. The reality is that users and organizations can follow simple cyber security advice to avoid becoming a victim of ransomware. Sometimes victims can regain access to their encrypted files or locked systems, without having to pay. This is made possible by McAfee’s creation of a repository of keys and applications that can decrypt data locked by different types of ransomware.

One of my all time favorite cybersecurity report is the annual Verizon Data Breach Investigations Report. This report is an incredibly valuable tool to help any organization prepare themselves from being the next victim of a data breach. The 2017 report was no different. It reminded organizations they don’t have to be huge or well-known to become a target. As an example, the healthcare industry could be hit by both external and internal attackers. Many employees and others have access to valuable patient information that could result in identity theft and cloning of identities. Attackers can also use other organizations as a soft target useful as a stepping stone to their partners’ systems. You can download the 2017 report here: http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf.

CNET Security and Privacy: And it’s time to report yet another data breach. This time it’s Delta, Sears, and Kmart who suffered a data breach, in which customers’ names, addresses and credit card numbers may have been stolen during September 26th and October 12th, 2017. However, this breach was a bit different from the others. None of these companies' internal databases were actually breached. Rather, a piece of malware temporarily residing in their online chat service possibly harvested customers’ payment information after they completed a transaction. While Delta reported that multiple hundreds of thousands of its customers could potentially have had data stolen, Sears believes fewer than 100,000 of its customers were affected by the breach. Read more about this at https://www.cnet.com/news/delta-sears-kmart-data-breach-credit-card-address/.

And finally! Some commonsense ruling: A judge allows Massachusetts to sue Equifax for data breach. I believe this was long overdue. Equifax has been entrusted with our most private and sensitive data and they should have been better prepared to deal with data security attacks. Not only that - it seemed, based on their response, that they were more interested in preserving their reputation and brand, rather than alerting consumers properly and thoroughly. Read about it here: https://www.cnet.com/news/massachusetts-judge-says-state-can-sue-equifax-for-data-breach/.

Here’s another data breach: Hackers steal data from 5 million Saks, Lord & Taylor customers. 

Read more about it at https://www.cnet.com/news/hackers-steal-data-from-5-million-saks-lord-taylor-customers/.