Cyber security is on the mind of every business executive in the world. Modern security challenges are not easy to fix or even identify, and despite some misleading advertising from vendors, there is no one-size-fits-all solution. We frequently observe large visibility gaps in existing security implementations, providing even obvious red flags to slip under the radar. Firewalls and traditional antivirus software are important, but only react to known threats. Too many organizations rely on passive preventative technology for network security. Good attackers employ stealth and polymorphic tools that defy signature-based detection, allowing them to bypass these technologies all together. We must assume that threats will get in, and no system is impenetrable.  

PCI Compliance is here to stay:

Typically, IT managers dread the annual PCI assessment. With publicized credit card breaches on the rise, meeting PCI compliancy will be even more so of a requirement with potential increases in punitive actions for companies not meeting that compliancy. To add to the existing complexity of PCI DSS, with emerging threats of capabilities to breach corporate networks on a consistent basis, PCI requirements will remain in a perpetual state of change. 

Honeypots once were a dying technology. In the age of generic anti-virus, a device that did not show immediate results wasn’t well received by most I.T. that had trouble understanding the security benefits behind the stealthy device. The truth of the matter is these honeypots are one of the most powerful internal detection mechanisms a network can have. A fully configured honeypot can help detect and stop a full blown internal attack.

As penetration testers, we get a lot of joy out of compromising Windows networks. They are basically our favorite targets because of how insecure they are by default. Microsoft has always favored backward compatibility over security, and while it is possible to really lock down an AD (Active Directory) environment, it takes a lot of effort. While setting up an organization’s network in the first place, many admins take the stance of, “Let’s just get it working, and then we’ll add security on afterwards.” Nine times out of ten, they never go back and enable the security features until after there is an incident.

KRACK or Key Reinstallation Attack is a vulnerability in the WPA2 wireless security protocol. The majority of wi-fi network implementations at this time are vulnerable to this attack as it exploits the protocol itself and not any specific brand or solution. As a whole, KRACK is focused around clients more than it is on APs, however, both need to be appropriately updated to avoid the vulnerabilities that make up KRACK. Do not change to different encryption schemes as opposed to maintaining an already stable implementation of WPA2, as it is still more secure than WEP or WPA despite this vulnerability.

Threat detection has grown to a complex and messy activity in organizations. Many utilize Security Information and Event Management systems which can play a critical role in today's enterprise.  In order to do their job, SIEMs depend on the logs generated by the enterprise's various systems. Sounds simple enough. However, in a typical Fortune 500 company scenario, an astounding amount of log data is generated. It's not at all unusual to see 10 Terabytes of plain text per month. Fact is, there can be hundreds, even thousands of sources of log data in the typical enterprise. Even small and medium sized businesses will be overwhelmed trying to collect, analyze, and store their log data. The questions are, then, “Can you collect AND analyze them all? Should you? Will the the infrastructure support storage and ongoing detection? Do you have the expertise in place to analyze logs and maintain the infrastructure to do so?”  

Discussing Cybersecurity in the Boardroom

Cyber warfare is a very real and present danger, with more companies finding themselves on the losing end of the battle. Statistics from security monitoring services show that in a single hour alone, there are about 184,188 recorded cyber security breaches. This should be a wake-up call to key stakeholders, the majority of whom assume that cybersecurity is simply an IT problem and responsibility.

Are you in the market exploring options for security log monitoring and management? If so, I’m sure you are inundated with requests for a meeting from various SIEM (Security Information and Event Management) vendors.

A few years back I had a lunch meeting with two IT Security veterans. One remarked, “There’s been no Pearl Harbor or 9/11 in cyber security. Nobody has ever died because of hacking.” If there was, there would have been a “rallying cry” or a massive response.

The NotPetya ransomware, a Petya variant, attack of July 2017 is similar to the recent WannaCry attack that struck 230,000 computers globally. NotPetya utilizes the same exploit as WannaCry, Eternal Blue, to infect Windows-based computers across the network. All of the files on the victim's computer are encrypted, the master boot record is overwritten, and a message appears that demands $300 in Bitcoin. Unlike other types of ransomware, paying this fee does not give access back to the files, as the malware is designed to be unable to undo its effects on the computer.