CyberX Adds to Microsoft’s IoT Security Foundation

Image Source: CyberX.com

IoT security, especially security that relates to ICS (Industrial Control Systems) is becoming an area of focus for some of the biggest players in the IT space. 

In February we reported on the Snake (EKA NS) ransomware that was found to be targeting ICS software packages from GE and Honeywell. Disconcerting to say the least since ICS systems literally run the industry of the world, including all of the world’s critical infrastructure. 

Building on the Base

Two years ago Microsoft announced that they would invest $5 billion into the Internet of Things security space over the next 4 years. At the time Microsoft Corporate Vice President, Microsoft Azure – Julia White noted:

“With our IoT platform spanning cloud, OS and devices, we are uniquely positioned to simplify the IoT journey so any customer—regardless of size, technical expertise, budget, industry or other factors—can create trusted, connected solutions that improve business and customer experiences, as well as the daily lives of people all over the world. The investment we’re announcing today will ensure we continue to meet all our customers’ needs both now and in the future.”

Today, almost exactly half way through their 4 year journey Microsoft’s addition of CyberX to their portfolio significantly bolsters their capabilities aimed at securing industrial control systems and builds upon their 2018 purchase of Bonsai, an AI based approach to ICS security. As part of the larger Azure IoT security suite CyberX’s IoT/OT-aware behavioral analytics platform will deliver end-to-end security across managed and unmanaged IoT devices.

Solutions for the Unmanageable

Every ICS is connected to thousands upon thousands of unmanaged, embedded devices that can’t be protected by agent based anti-malware technologies even if they were, patched, up-to-date and correctly configured, which of course they are not! CyberX provides a simple way to get 100% visibility into these sprawling, diverse and often antiquated systems. No wonder Microsoft found them to be a great addition to their Azure IoT suite.

Konsultek Knows IoT

Need more than just traditional network security? Konsultek has you covered when It comes to IoT. We have both the knowledge and the experience to help you leverage the promise of the IoT future while keeping your critical assets safe. Whether you require assistance in developing an IoT program, evaluating the security of embedded devices, uncovering vulnerabilities, or assessing your security with a penetration test, we can assist you with these challenges and help future-proof your efforts so you are ready for whatever comes next.

 

 

 

 

Civil Unrest Another Factor When Locating Data Centers

Source: New York Times

The riots across many of the largest cities in America make this the opportune time to address one of the customer questions we are often asked – “Where should we locate our data center?”

Let’s begin by reviewing what historically have been the most important factors when choosing a location for your data center.

      1. Propensity for Natural Disasters 

While taken on an individual basis, most natural disasters are relatively rare. However, if you are in a risk zone the likelihood of a disaster striking is more a matter of “when”, not “if. Therefore, these high-risk areas should be avoided if at all possible. Earthquakes, volcanoes, hurricanes, tornadoes, flooding, forest fires, landslides, tsunamis, and blizzards are all natural risk factors that should be considered. 

      2. Proximity, Reliability and Price of Power 

Data centers need lots of reliable and preferably inexpensive power. While power rates vary within states and from city to city, you likely are not going to find inexpensive power anywhere in Hawaii (the Nation’s most expensive on average) where you can probably do pretty well anywhere in Washington (the Nation’s cheapest on average). 

      3. Network Access – You’ll Want at Least 2 Major Providers 

All your valuable data is worthless if you can’t get access and distribute it reliably. Our recommendation is that you have at least 2 major providers in order to avoid disruption. Fortunately, the FCC has a great interactive tool to help you understand the presence and reliability of providers. Below is a map of Illinois – the darker the blue, the larger the number of service providers. 

Source: FCC

     4. Proximity to People – Skilled Workers and End Users 

Your data center is going to need skilled employees to operate it. Your end users are going to want to access their data without latency issues. Make sense? 

     5. Access to Affordable Real Estate 

You’ll need real estate to house your data center. And, much like power, real estate costs vary widely depending upon a variety of factors. Here is a 3D map courtesy of visualcapitalist.com that shows the relative prices of real estate across the United States. The lighter the shade, the higher the average price per square foot. 

     6. Avoiding Civil Unrest and Riots 

Finally, with the world seemingly simmering and in parts boiling it makes sense to ensure your data center operation is not going to be impacted by civil unrest and rioting. This probably means avoiding the largest cities in most states. 

Konsultek Knows Data Centers 

Whether you would like a second opinion regarding the proposed location of your new data center, would like us to locate your data center for you or you would like to co-locate your data center within one of our own, Konsultek has the knowledge and expertise to help. Simply pick up the phone and give us a call to begin a dialogue. 

Ransoms Continue to Grow in 2020

We’ve said it before and we’ll say it again. Ransomware is here to stay and it is only going to grow in popularity and ransom size.  Coveware’s most recent ransomware report shows an increase in ransom size across the board for the three largest ransomware players; Phobos, Ryuk and Sodinokibi as shown below. The big winner was clearly Sodinokibi as their ransom average leapt by over 4X in the past quarter, driven primarily by their targeting larger victims.

Targeting Strategies Changing

Another interesting observation from Coveware is how these three players are changing their target victim profile as we pass the first quarter of 2020. Sodinokibi has gone up-market targeting select, large enterprise victims where their ability to deploy VPN exploits gives them an “in” to otherwise more sophisticated targets as compared to their usual SMB bread and butter. At the same time Ryuk took the opposite tact and moved their focus down-market while Phobus followed Sodinokibi up-market, albeit to a much lesser extent.

Attack Vectors Vary Widely

When comparing the three ransomware leaders it is fascinating to note which attack vectors are preferred and relied upon for each player’s success. Sodinokibi, being more sophisticated spreads its attacks across email phishing, RDP, software vulnerabilities and a smattering of other vectors while Phobos sticks to RDP and Ryuk primarily phishes with a smidge of RDP.

Good News as Shade Gets a Conscience

In a surprising turn of events, while many ransomwares are getting more aggressive and exploitive the operators behind the infamous and once prolific Shade ransomware have exited the business and publicly posted decryption keys. According to a post on Cisomag.com over 750,000 keys were published!

More Good News Konsultek Has You Covered

Even as the world struggles to recover from the Covid-19 pandemic cybercriminals are hard at work phishing, exploiting and brute-forcing their way into organizations of all size. What you need more than ever is a security partner like Konsultek on your side. Our team of engineers is prepared to help your organization stay secure no matter what your unique circumstances might be. Give us a call to learn how you can become more secure in these trying times.

 

Zoom Users Face Unexpected Security Risks

Image Source: Wikipedia

As remote workers and students flock to Zoom and online classroom portals they need to be taking all possible security protections. That, according to an FBI press release last week. In that release two cases of “Zoom-bombing” were reported by separate Boston area schools. The first school reported that an unidentified individual(s) dialed into the classroom, shouted profanity and disrupted the session. The second school reported that their session was disrupted by an unidentified individual displaying swastika tattoos on camera.

Schools Ditching Zoom

Fast forward to this week and school districts in New York, Washington DC and Las Vegas have announced that they are discontinuing their use of Zoom for “security, privacy, harassment and other concerns” as reported by NPR.

Zoom’s Response

In response to complaints of “Zoom-bombing” and harassment Zoom has provided best practice security guidelines for schools using Zoom for virtual classroom activities.

Zoom Back Pedals on Encryption

While Zoom originally claimed its platform used end-to-end encryption, in an April 1, 2020 post on their blog, the company provided this clarification:

“We want to start by apologizing for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption. Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption. While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it. “ – Zoom

So, just how secure is Zoom in light of the fact that their definition of end-to-end encryption seems to differ from the commonly accepted definition? The good folks at Citizen Lab in Toronto have shed some light in their April 3 post titled “Move Fast and Roll Your Own Crypto.”

What Citizen Lab found is that Zoom uses its own home-grown encryption scheme that, for a variety of reasons, is not as secure as its users believe it or want it to be. For example, Zoom’s encryption and decryption use AES in ECB mode, a “well-understood bad idea” as the image above from Wikipedia shows. Clearly the ECB encrypted image is still a penguin, so unless your goal is to keep your exact color palette a mystery, ECB is probably not going to be as secure as you had hoped.

From China with Love

Zoom is a Silicon Valley company and listed on the Nasdaq but Citizen Lab found that Zoom owns 3 companies in China and employees at least 700 people located there. While this may simply be a way to get affordable talent, the platform, which is primarily focused on serving the North American market has some interesting arrangements when it comes to session security keys as shown below.

Image Source: Citizen Lab

In a call that originated and ended in North America the encryption key appears to have been generated from a key server located in China. Potentially troubling for sure given China’s laws surrounding encryption and government access.

Waiting Room Issue

The researchers at Citizen Lab also found an apparently glaring and dangerous vulnerability in the Zoom waiting room that presented such a risk to users that they are not providing public information about the vulnerability until Zoom gets it fixed.

Other More Secure Alternatives

If you are having second thoughts about Zoom you are not alone. For a list of other more secure alternatives head over to Computer World and look at what they believe to be 12 more secure options including these:

Konsultek Knows Security

Whether it is help securing your now remote workforce or more traditional network security solutions Konsultek and their team of partner-providers has you covered. To learn more about how your organization can enjoy a more secure future please give us a call.

COVID-19 Distributed Your Workforce, Konsultek Will Secure It

The Global response to the rapid spread of the COVID-19 virus has been swift and unprecedented. Your organization and organizations around the world have been forced to implement or consider implementing a distributed workforce. No problem, right? Everyone has email, and remote access to the network so there really shouldn’t be much of a disruption. But how is this newly distributed workforce affecting your network security?

How Secure are your Remote Workers?

While it’s true that at this point in time working remotely isn’t very difficult for individuals and organizations, working SECURELY is a whole different story and you can count on the fact that the cyber-criminal element out there is going to have a field day breaking into networks through insecure network access protocols.

Enter Zero Trust

Zero Trust is an information security framework originally released by the Cloud Security Alliance in 2014 which states that organizations should not trust any entity inside or outside of their perimeter at any time. A Zero Trust Network Access architecture such as that provided by Konsultek and their partner PulseSecure is the answer to the question you should be asking yourself — “How do I best secure my newly distributed workforce?”

VPN and Beyond

For years organizations of all sizes have relied on some sort of virtual private network (VPN) to allow remote workers to securely connect to centralized services. However, in today’s higher risk world filled with mobile devices, BYOD and more skilled and persistent hackers many organizations are looking to move beyond traditional VPNs. That is where Pulse Connect Secure (PCS) comes in.

Pulse Connect Secure provides mobile resources with:

  • Web access, using PCS to access corporate resources from any location using any web-enabled device such as a laptop, smartphone, or tablet
  • Per-app access where any mobile app access is supported without modification, app wrapping, or SDK
  • Always-on access where a VPN is automatically established based regardless of user setting

Konsultek is Here to Help

Konsultek is pleased to be able to offer 2 great deals for those of you looking to secure your mobile, distributed workforce.

First, if you contact us before 5/31/2020 we will be able to expedite Pulse Connect Secure licenses and registration.

Second, if a traditional VPN will meet your needs, we are offering FREE VPN licenses for all our existing customers through our valued partner Check Point.

Help is just a phone call or contact form inquiry away!

5G – 5 Good Reasons These New Networks Are Less Secure

You can’t turn on the television or stream content without seeing ads for the 5G revolution and how it is going to make the future of organizations and individuals better and brighter.

Well that bright future and the benefits it will bring may be true, 5G poses five greater security risks than traditional broadband according to a study released by the Brookings Institute.

“5G will be a physical overhaul of our essential networks that will have decades-long impact. Because 5G is the conversion to a mostly all-software network, future upgrades will be software updates much like the current upgrades to your smartphone. Because of the cyber vulnerabilities of software, the tougher part of the real 5G “race” is to retool how we secure the most important network of the 21st century and the ecosystem of devices and applications that sprout from that network.” -Brooking Institute

Five Good Reasons to Rethink Your Security as You Move to 5G

  1. The 5G network represents a move from centralized, hardware-based switching to distributed, software-defined digital routing. Hardware networks by their very nature provided discrete points where cyber cleanliness could be addressed. This is not the case with the software oriented 5G ecosystem.
  2. Higher-level network functions formerly performed by physical appliances or “boxes” are now being virtualized within software. This increases cyber vulnerability.
  3. Unlike a physical network, at its core the 5G network is run by software. If an attacker gets control of the software, he can also control the network.
  4. More bandwidth means more potential avenues of attack.
  5. More bandwidth equals more connected devices, perhaps billions more IoT devices, and that means billions of potentially hackable devices.

 

What’s an Organization to Do?

The Brookings Institute recommends that organizations take control of their own 5G security and not rely on or expect the service providers to handle it for them.

More specifically, organizations should:

  1. Implement machine learning and AI solutions – Since 5G is software based your security will need to be as well.
  2. Shift to leading indicators – In the fast paced world of 5G, lagging indicators just won’t cut it.
  3. Apply the NIST Cybersecurity Framework – This framework establishes the five areas of cybersecurity that every organization should be addressing:
    1.    Identify
    2.    Protect
    3.    Detect
    4.    Respond
    5.    Recover

Konsultek Knows Security

Konsultek, along with software-oriented partners like Gigamon can help your organization increase your visibility into your network in real time. And of course, our customized approach to security solutions can address all of your security needs, including your transition to 5G networks and devices.

Posted in 5G

Repurposing – How Smart Hackers Leverage Existing Assets

Source: Slides from RSAC 2020 presentation

Let’s say you want to pull off a seriously significant hacking caper against targets that are more than just a little bit sophisticated. As an accomplished hacker you have two choices. You can either crack open that case of Red Bull and toil away for weeks or months developing your own code or, you can hi-jack and repurpose someone else’s killer code and spend your free time however you like. It’s this lazy-man’s  (smart man?) approach that former NSA hacker Patrick Wardle  shared with the audience at this year’s RSA security conference.

Why Toil When Stealing is So Easy?

Wardle, who now specializes in macOS and iOS security at Jamf made the case for “borrowing” the code of others, especially well funded government sponsored hackers.

Wardle supported his premise by sharing with the audience how he altered 4 different Mac malwares that have successfully been used by others in recent years.  With just a little effort he was able to alter the potent and proven code of others to report to his own command servers. Once hi-jacked he could install his own payloads to accomplish whatever goals he was interested in.

So Many Benefits, So Little Time

Repurposing the code of others is nothing new. WannaCry and its cousin NotPetya that rode roughshod across the globe a few years back were aided in their virality by incorporating EternalBlue, the NSA Window’s exploit that was stolen and later released by Shadow Brokers.

Recycling the great work of others brings many benefits:

  1. Quicker development time
  2. Proven effectiveness
  3. Let’s you use other’s code in hi-risk environments
  4. Masks your identity
  5. Implicates others if detected.

The CIA Has a Repurpose Library

According to an article on theintercept.com from 2017 which cites a tranche of Wikileaks documents, the CIA hacking resource known as UMBRAGE has created a repository of other group’s “techniques” that “can not only increase its total number of attack types, but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.” “The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions.”

Purposeful Protection

At Konsultek we create custom security solutions designed to keep your organization safe from even the most sophisticated attacks. For many organizations, perhaps yours, the biggest value contained in your network may not be personal information at all but rather commercial data such as specifications and trade secrets. We help organizations of all types protect their valuable information by developing and deploying custom solutions using the best technologies available on the planet.  If you have concerns, we have solutions and the good news is we are just a phone call away!

MGM Grand Admits to Breach and Immediately Gets Sued

Well, that didn’t take long. On Wednesday February 19th ZDNet.com reported that MGM had a “security incident” last summer. On Friday February 21st Morgan & Morgan announced that they were filing a lawsuit against MGM for “complaint for damages” and “injunctive relief”. If that is not a world record, it has to be close!

10.6 Million Users Including Justin Bieber

At 10.6 million users, the MGM breach is relatively small when compared to Marriot’s massive 500 million user breach. However, the star power of this breach shines quite a bit brighter. Some of the names included in the breached database include:

  • Justin Bieber
  • Twitter CEO Jack Dorsey
  • Department of Homeland Security Officials
  • TSA Officials.

Kept Under Wraps till Now

MGM Resorts managed to keep the size and scope of this breach under wraps until ZDNet and a security researcher from Under the Breach published their post last week. While MGM has stated that they contacted the affected guests after they confirmed the unauthorized access to a cloud server last summer, according to an article on the Morgan & Morgan website “only about 1,300 former guests were notified that their passport numbers were exposed, and about 52,000 more were told about the leaks of the less sensitive information, according to news reports.”

“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,”

“We are confident that no financial, payment card or password data was involved in this matter.” – MGM Spokesperson

The Costs of Breaches Continue to Rise

Loss of operational efficiency, brand damage and lawsuits are just a few of the costs that have data breach costs trending higher as shown in the data below from Security Intelligence.  Of course these are global averages and US organizations and specific fields such as healthcare are experiencing significantly higher costs. The average total cost of a data breach in the U.S. is up to $8.19 million, more than twice the global average while healthcare tops the charts again was again with the total cost of a data breach in 2019 averaging $6.45 million.

Konsultek is Here to Help

Sure, the numbers are scary but we’re here to help.  Just pick up the phone and give us a call. We’re always ready to learn more about you and your organization and to apply some of the best diagnostic tools in the world to help you determine just how at risk your data and network might be.

MAC Targeted Malware Outpaces PC for First Time

Source: Malwarebytes

Microsoft and Apple are constantly battling for bragging rights such as who has the highest revenue or largest profit. However, one claim to fame you can bet neither wants is whose platform has the highest growth rate of malware!

Apple Takes the Lead

In 2019 the number of malware detections per machine as tracked by Malwarebytes soared for Mac, placing Apple, and Mac squarely at the top for this unenviable metric as shown below.

A Top 5 Global Threat Contender

Further confirming the rise in Mac based malware is this surprising stat. 2019 was the first year that Mac malware punched into the upper echelon of global threats. And not once, but twice. In 2019 Mac Adware “NewTab” took the number 2 position while PUP.PCVARK took the number 5 position.

Source: Malwarebytes 2020 Threat Summary

As shown above, the top 10 Mac threat are a mix of PUPs and adware. The PUPs are primarily “cleaning” apps that have been deemed unnecessary and unwanted by both the Mac community at large as well as Malwarebytes.

An Annoying Rise in Hassle

So, while adware and PUPs do not represent as serious a threat as say traditional malware or ransomware the sheer volume and hyperbolic growth means that millions of Macophiles around the globe are facing an ever-increasing hassle each day. Mac’s once perceived immunity to malware has been replaced by a reality where daily operation is hindered by a variety of nuisance level threats that appear to be evolving into more aggressive, malicious and persistent threats. It will be interesting to see what 2021 and beyond hold for the Mac community as they clearly have a target on their backs that wasn’t there just a few short years ago.

No Matter What You Run, Konsultek has You Covered

Mac or PC? This is where Konsultek really shines. With a client base that covers Fortune 100 companies to local not-for-profits, our consultants and engineers are well versed in working with all types and all sizes of organizations. Cyber security should always be organization and process driven, not product driven and we pride ourselves in our ability to develop cost effective and powerful solutions for organizations just like yours.

Still confused about where to begin your quest for cyber security? Not a problem. Just give us a call and we’ll begin a dialogue. The call is always free and the education you’ll receive will be value-filled and powerful.

Ryuk Proves Mightier than the Pen

The pen may be mightier than the sword but the January 23, 2020 Ryuk attack on the Tampa Bay Times has shown that Ryuk is mightier than the pen.

“A Nuisance More than Anything”

Fortunately for the Tampa Bay Times their IT department had the procedures, policies and technologies in place to prevent the loss of sensitive customer information and to make recovery a relatively simple process. At this point in time the attack vector is not known.

“We’ve been able to recover pretty much all of our primary systems,” Tampa Bay Times chief digital officer Conan Gallaty said Friday. “This is something that’s been a nuisance more than anything.”

Other Newspapers Not So Lucky

In late December 2018 the LA Times reported on a malware attack that crippled itself as well as sister publications including the Chicago Tribune; Baltimore Sun; Capital Gazette in Annapolis, Md.; Hartford Courant; New York Daily News; South Florida Sun Sentinel and Orlando Sentinel.

“They’re looking at the people that have the most to lose.” – Malwarebytes senior security researcher JP Taggart

Ryuk Continues to be Popular

Ryuk sprang to prominence in 2018, becoming such a popular attack mode that the FBI issued a public warning about it on their website.

Two years later and Ryuk continues to be a favorite tool of cyber-criminals for extracting profit at the expense of their victim’s pain. According to new Malwarebytes data, those attacks have continued. From January 1–23, 2020, Malwarebytes recorded a cumulative 724 Ryuk detections. The daily detections fluctuated, with the lowest detection count at 18 on January 6, and the highest detection count an impressisve 47 on January 14.

Malwarebytes Partner Konsultek Knows Security

At Konsultek we eat, breathe and live information security. With the help of our world class partners such as Malwarebytes, Checkpoint, ForeScout and Gigamon we craft customized security solutions and managed service solutions for organizations of all sizes in all industries. When you are ready to learn more about just how secure your information can be with Konsultek on your side just pick up the phone and give us a call!

© Copyright 2018 Konsultek