Thursday, August 20, 2020

What I'm Reading 8/20/2020 - Stuff, Just Stuff

Sorry for the Gap, Was busy with on-boarding for the new job.  

CIS - Introducing the Community Defense Model -
CIS ascertained that the safeguards in IG1 provide defense against approximately 62% of the Techniques identified in the ATT&CK Framework with a focus on the Initial Access, Execution, Persistence, Privilege Escalation, and Defense Evasion of the top attack patterns’ stages (or Tactics). If these top attack patterns’ stages are successfully defended against, organizations can mitigate subsequent impacts of an attack.
Most importantly, though, CIS determined that the safeguards in IG1 defend against the five most significant attack patterns from the 2019 Verizon DBIR. Any organization can start by implementing IG1 to create a solid foundation for cyber defense.
The white paper is here .  The Community Defense Model looks at attacks across different industry groups, maps them to the MITRE ATT&CK Framework and then recommends mitigations.  The five most common attacks according to their research are:

  • Web Application Hacking
  • Insider and Privilege Misuse
  • Malware
  • Ransomware
  • Targeted Intrusions
In the 2020 “Security Culture Report”, data was collected from 120,050 employees in 1,107 organisations across 24 countries. There was a total of 17 industry sectors examined in detail and results revealed a large gap between the best performers and the poor performers when it comes to security culture. Only 7% of the analysed organisations have demonstrated a good security culture. The majority, 92%, were found to have developed a moderate security culture.

"This protocol that STUDENTS ONLY are required to sign and abide by says that they will download an app that tracks their locations, that they will not leave campus for 14 weeks, agree to give Albion College medical information that is none of their business and that they will not have jobs off campus," the petition says.
Perhaps more concerning is that the Amazon Web Services access keys for the backend servers of the Android version of Aura were, it is claimed, accessible within the app's code. The credentials were found by an Albion College student, who asked to be identified by her Twitter handle Q3w3e3. The keys could, we're told, be used to access the app's backend data and virtual machines in the Amazon-hosted US-West-2 region, including people's COVID-19 test result and medical insurance information.

There is also a Techcrunch article with a lot more depth, but it is not as excerptable.  I'm going to get on my soapbox a bit and say this is one of the things I hate about Agile and the Minimal Viable Product mentality.  This product appears to be a particularly egregious example, but in the last 4 years I have seen this numerous times and it's always because of a ship at any cost we'll fix it in a future sprint attitude.   It's bullshit!.  I know there are good reasons to ship products with known bugs and I know that mistakes happen but this, and other cases I have seen in the past, are beyond that.


Security Week - U.S. Details North Korean Malware Used in Attacks on Defense Organizations -
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries.
Dubbed BLINDINGCAN, the malware was apparently used in “Dream Job,” a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.
 Security Boulevard - Disrupting a power grid with cheap equipment hidden in a coffee cup -
Cyber-physical systems security researchers at the University of California, Irvine can disrupt the functioning of a power grid using about $50 worth of equipment tucked inside a disposable coffee cup.
...
For this project, Al Faruque and his team used a remote spoofing device to target electromagnetic components found in many grid-tied solar inverters.
“Without touching the solar inverter, without even getting close to it, I can just place a coffee cup nearby and then leave and go anywhere in the world, from which I can destabilize the grid,” Al Faruque said. “In an extreme case, I can even create a blackout.”
Help Net Security - 62% of blue teams have difficulty stopping red teams during adversary simulation exercises

Help Net Security - Most ICS vulnerabilities disclosed this year can be exploited remotely -
More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections, according to Claroty.

No comments: