Potentially Unwanted Leaks: Social Engineering, Small Missteps, and Big Mistakes

Therefore, you are faced with a situation where you not only have to protect your information but also ensure a third-party is protecting your information. By no means is this an easy task. And if you cannot do that, you need to ensure that you are equipped with the necessary tools to protect against what we’ve been calling “potentially unwanted leaks” (PUL).

In our previous article, we laid the groundwork for what we believe to be a serious threat to ICS/SCADA devices: social engineering. We continue here with some definitions, some of which you may already know. 

Phishing

Phishing is a relatively broad term for any attempt to trick victims into sharing sensitive information, such as passwords, usernames and credit card details. The intent is almost always malicious. Another characteristic of phishing is that it tends to be random, usually exploratory in nature, as opposed to a targeted act. Instead of targeting a specific individual or group of individuals, phishing tends to target multiple victims from within the same organization. Think of phishing as the “throwing spaghetti on the wall and whatever sticks” approach. Continue reading “Potentially Unwanted Leaks: Social Engineering, Small Missteps, and Big Mistakes”

A National Cybersecurity Action Plan is a Serious Priority

We cannot allow this slow economic bleed of our economy to continue. It slows down and even reverses living standards. We simply cannot invest billions into research and development and have it siphoned from us with a few clicks. There is no justifiable reason to let this happen anymore. Smart and competent people have been sounding the alarm bells for some time, but they need more voices to back them.

Expectedly, our cybersecurity issues are growing.  We say expectedly for a variety of factors including, but not limited to: size and scope of breaches, increasing costs that cannot be accurately estimated or predicted, a proliferation of technologies and abilities, and geopolitical tensions. Given current conditions, we do not see a particularly bright future if our current cybersecurity strategy remains more or less constant.

What is our current strategy? In short, it is the accumulation of a lot of expensive toys to hold together decaying infrastructure, along with a healthy dose of the putting aside or worse, ignoring, the basics. In short, we look to more technological solutions, but we avoid the single greatest problem: our decisions. The growing track record of failures demonstrates that this “technology-heavy” approach is not working.

The underlying problem with this strategy is that it is simply untenable unless there is some revolutionary technology that completely changes the landscape. And while we do think artificial intelligence and quantum computing will be game-changing, we do not necessarily believe they will solve all our problems. Poor handling and implementation of these two technologies may, in fact, accelerate our demise. Therefore, we cannot continue to throw what limited resources we have at supposed technological wizardry, fixes, and repairs when the root of our deepest problems are inherently insecure systems, poor maintenance, and social engineering. Continue reading “A National Cybersecurity Action Plan is a Serious Priority”

Science of Cybersecurity Interview with Chuck Brooks

Frank Abagnale, one of the world’s most respected authorities on the subjects of forgery, embezzlement, cybercrime, and secure documents succinctly states the troubling environment. “The police can’t protect consumers. People need to be more aware and educated about identity theft. You need to be a little bit wiser, a little bit smarter and there’s nothing wrong with being skeptical. We live in a time when if you make it easy for someone to steal from you, someone will.” There are many malicious actors out in the digital landscape and it will be increasingly important to stay ever vigilant.

Email interview held on 30th September 2017 – as follows between Alan Radley (questioner) and Chuck Brooks (relator):

  1. What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?

The current state is a scary one. Constant breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware.  We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Science of Cybersecurity Interview with Chuck Brooks”

ICS/SCADA Devices, The Threat to Critical Infrastructure, and Social Engineering

The threat which concerns us most is effectively preying on humans, our concern is warranted. And that is why we feel that the biggest problem the power grid faces today is phishing, spear-phishing, and pretexting, all of which we will define in this set of articles.

Do you go fishing? You may or may not, but we see far too much phishing going on in the Internet ocean, and it scares us. The risk of over-phishing is not necessarily our concern. Our concern rests in that phishing is so easy, and big fat phish of this Internet ocean are getting gobbled up. And that’s not good for us because many of us don’t really know what is in the ocean, like critical infrastructure (CI).

As the title suggests, our biggest concern as it relates to ICS/SCADA connected devices is us. We are an incredible vulnerability to CI, and seeing as though everything we depend on runs on some form of CI, its best we protect it.

Let’s start with some basics. Our CI is for the most part old. Devices are stuck with legacy software and cannot be updated or patched because they are simply too old and out-of-date are a potential problem, as these systems have vulnerabilities that hackers can take advantage of. Yes, there is a flip side to the argument here that some of these systems are so old they cannot be hacked or are extremely difficult to be hack, as is the case in the US nuclear system. (But don’t think for a moment that nobody is trying!)

Continue reading “ICS/SCADA Devices, The Threat to Critical Infrastructure, and Social Engineering”

Defining and Addressing the Growing Cyber Insider Threat

Comprehensive risk management should include cyber-hygiene best practices; education/training, use policies and permissions, configuring network access, device management, application controls, and regular network audits. Also, encryption tools, new network mapping, automated rapid detection technologies and behavioral analytic software tools have also been developed that help mitigate the insider threat landscape of morphing digital and physical threats.

The Cyber Insider Threat is one of the most difficult challenges for companies, organizations, and countries. It is often difficult to discover, defend and remediate because such threats can involve a combination of human behavioral elements and hardware and software technologies. Many of the threat actors are tech-savvy and are becoming increasingly sophisticated in their methods of infiltration. What Is Insider Threat – read more

The recent “Vault 7” WikiLeaks download of thousands of pages of sensitive CIA hacking tools and techniques is the latest episode of high profile insider breaches. Other noted examples include Army Pfc Chelsea Manning – 400,000 documents – Iraq War logs, 91,000 documents- Afghanistan database, Edward Snowden – 50,000 to 200,000 NSA documents, Harold Thomas Martin III NSA Contractor- 50,000 gigabytes, about 500 million documents, Home Depot data breach – 56 million credit cards, Yahoo – 1 billion accounts, and Twitter – 32 million accounts. Healthcare – 4 million patient records. Average cost of a data breach in 2016 was $4 million dollars/company (Ponemon). Global business loss in 2014 – $1.7 trillion dollars with 23% annual growth. 2016 losses could be higher than $3 trillion dollars globally (stats courtesy of Mr. Thomas Kupiec – Chief Information Security Officer – SMS and former CISO of the National Geospatial Intelligence Agency) Continue reading “Defining and Addressing the Growing Cyber Insider Threat”