Tuesday, May 19, 2020

What I'm Reading 5/19/2020 - Mostly Stuff About Cloud Deployment Security and The 2020 Verizon Data Breach Investigation Report

Washington Post - Officials: Israel linked to a disruptive cyberattack on Iranian port facility -

On May 9, shipping traffic at Iran’s bustling Shahid Rajaee port terminal came to abrupt and inexplicable halt. Computers that regulate the flow of vessels, trucks and goods all crashed at once, creating massive backups on waterways and roads leading to the facility.

After waiting a day, Iranian officials acknowledged that an unknown foreign hacker had briefly knocked the port’s computers offline. Now, more than a week later, a more complete explanation has come to light: The port was the victim of substantial cyberattack that U.S. and foreign government officials say appears to have originated with Iran’s archenemy, Israel.

Denial of Service (DoS), ransomware, and financially-motivated data breaches were the winners in this year’s Verizon DBIR.

Denial-of-service (DoS) attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report (DBIR) released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals.

It is interesting to note that 45 % breaches occur due to hacking, and 22 % went via targeting a user or employee. The attackers then on an average need less than 4 further steps in 90 % of the attacks, but most do indeed require more than a single step.

This shows clearly that defence in depth is just as important as ever.

...
 
43 % of all the recorded breaches involved web applications. But when we look at hacking, the numbers get really interesting, where we see that 90 % of hacking targets web applications.

...
The fact that “misconfiguration” is in the top five action varieties for breaches is an important acknowledgment that not all incidents are the result of an exploited vulnerability. Misconfigurations actually lead to more breaches than exploited systems, but organizations often don’t put the same effort into assessing them as they do scanning for vulnerabilities. 

At a high level, the key things for every organisation to worry about are brute force and stolen credentials, and web applications

Case Western Reserve University School of Medicine professor and former Cleveland Clinic employee was arrested Wednesday over his alleged ties to China.

The Justice Department announced that Qing Wang was arrested at his Shaker Heights, Ohio home as part of a joint operation conducted by the FBI and the  Department of Health and Human Service Office of the Inspector-General. Wang was charged with wire fraud related to more than $3.6 million in grant funding that Wang and his research team at the Cleveland Clinic had received from the National Institutes of Health.


Just thought I'd give everyone a Tiger King fix 


Facebook founder Mark Zuckerberg on Monday urged the European Union to take the lead in setting global standards for tech regulation or risk seeing countries follow China as a model.

"I think right now a lot of other countries are looking at China... and saying: 'Hey, that model looks like maybe it might work. Maybe it gives our government more control?'," Zuckerberg said, during a video debate with EU commissioner Thierry Breton.

The Trump administration will announce on Tuesday that it has signed a $354 million four-year contract with a new company in Richmond, Va., to manufacture generic medicines and pharmaceutical ingredients that are needed to treat Covid-19 but are now made overseas, mostly in India and China.

The contract, awarded to Phlow Corp. by the Biomedical Advanced Research and Development Authority, meshes President Trump’s “America First” economic promises with concerns that coronavirus treatments be manufactured in the United States. It may be extended for a total of $812 million over 10 years, making it one of the largest awards in the authority’s history.

A White House advisory panel on Tuesday will call for the government and private industry to work together to build new technological infrastructure to support future jobs and provide the underpinnings critical to a solid economic recovery from the coronavirus pandemic, an official briefed on the plans said.

The White House American Workforce Policy Advisory Board, which is co-chaired by White House adviser Ivanka Trump and U.S. Commerce Secretary Wilbur Ross, and includes Apple (AAPL.O) Chief Executive Tim Cook, Lockheed Martin (LMT.N) Chief Executive Marillyn Hewson and IBM (IBM.N) Executive Chairman Ginni Rometty, plans to call for “an unprecedented investment in digital infrastructure.”
In a May 18 announcement, HackerOne announced it achieved an authorization through the Federal Risk and Authorization Management Program known as tailored low impact-software as a service. FedRAMP is a program inside the General Services Administration that approves cloud tools for use in the federal government.

HackerOne’s authorization is a significant step for the company, as agencies want to create vulnerability disclosure programs for their public-facing websites under a draft mandate released in November 2019 by the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.

U.S. facilities that produce, use or store hazardous chemicals are vulnerable to cyberattacks, in part because cybersecurity guidelines from the Department of Homeland Security are outdated, according to a recent audit by the General Accountability Office.

...

The Chemical Facility Anti-Terrorism Standards program regulates operations at about 3,300 facilities in the U.S., many of which use newer technologies, such as internet-connected devices, as critical parts of their operations, integrating them with their process control systems and physical security, the GAO report notes. This creates opportunities for malicious actors to remotely accesses these networks, making the facilities more vulnerable to cyberthreats.

To combat this security issue, and for other non-security reasons, GitOps was introduced to “pull” rather than “push pipelines.

In GitOps, the whole deployment state is defined in a git repository. Then, the pipeline writes or proposes a modification of the deployment repository and does not communicate with the cluster directly. For the synchronization of the deployment repository, an operator is placed inside the kubernetes (or OpenShift) cluster which can update all resources according to the definitions in the repository.

The final goal is to have a pipeline, which is authorized to only deploy the newly built artifacts, but not modify or access the structure or any other resources of the deployment defined in the repository thereby adhering to the security principle of defense in depth and limit an attacker’s impact.

A new study from cloud security company Accurics found that in as many as 90% of cases the configuration of cloud resources was modified by privileged users after deployment. While many of those changes might have legitimate business reasons, others might be the result of malicious lateral movement activities following compromises. Insecure configurations are the top cause of data breaches involving cloud resources and cloud-hosted data. If they're not detected and left unaddressed, they can be an easy entry point for attackers.

A report on DevOps security has found that only 4% of issues found in production are dealt with because of the increased complexity of cloud based IT systems is creating new security gaps.

The State of DevSecOps report was commissioned by Accurics — which specializes in addressing  IT security through infrastructure as code in order to better handle the increased complexity of IT in the cloud. 




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)