Login
Pledging to follow healthier habits is consistently the most popular new year’s resolution. That January 1st promise looks different to everyone: snacking less often, going to the gym more often, drinking more water, drinking less soda, etc. This year, instead of a juice cleanse subscription, opt for a healthier habit that’s not an unappetizing shade of green: follow this digital detox, instead! In three easy steps, you can make great strides in improving your digital wellness.
There are various aspects of your digital habits that you should consider updating for a more private and safer online life. For starters, update your passwords. Do you reuse the same password for multiple online accounts? Doing so puts your personally identifiable information (PII) at great risk. For example, if a business with which you have an online shopping account is breached by a cybercriminal, your login and password combination could make it on the dark web, through no fault of your own. Then, through a brute force attack, a criminal could use that same password and username combo to walk into your banking or tax filing accounts.
Remembering unique, complicated passwords and passphrases for your dozens of online accounts would be impossible. Luckily, there’s software that remembers them for you! It’s called a password manager, which acts as a vault for all your login information. Just remember one master password, and you can be confident in the security of your accounts and never have to deal with the hassle of forgetting passwords.
Another aspect of updating you should adopt in 2023 is making an effort to always upgrade to the latest software updates on all your devices. The easiest way to do this is to turn on automatic updates. From there, you don’t need to take any further action! Apps and operating systems (like Apple, Android, and Windows) often release updates to patch security vulnerabilities. When you run outdated software, there’s a chance a cybercriminal could take advantage of that security gap.
Finally, make sure that you keep updated on the latest security headlines. Consider setting up news alerts to notify you when a breach occurs at a company that you frequent or have an account with. Speed is often key in making sure that your information remains safe, so it’s best practice to have your finger on the pulse on the security news of the day.
A new year digital detox can be a whole family affair. Connect with your family, anyone connected to your home network, and your elderly relatives to get everyone on the same page with security best practices. Here are some common online security snags people of all ages encounter:
Everyone has an oversharer on their newsfeed. Alert your family members of the dangers of posting too much about their personal life. When someone takes those “get to know you” quizzes and posts their answers, cybercriminals can use that post to take educated guesses at your passwords. Additionally, social engineers can tailor social media scams to specific people in order to increase the chances of tricking someone into sending money or sharing valuable personal or banking details.
While spam filters catch a lot of phishing emails, phishers are getting smarter by the day and are making their attempts more and more believable. Connect with your loved ones and make sure they know how to recognize phishing emails, texts, and social media direct messages. Telltale signs of a phishing message include:
If you’re ever unsure if a message is a phishing attempt, the best course of action is to just delete it. If the “sender” is a well-known institution, follow up with a phone call using the official customer service number listed on their website. The phisher may also claim to be someone you know personally. In that case, give the loved one in question a phone call. It’s a good excuse to reconnect and have a nice conversation!
In the quest for free streams of the latest new show or movie, people often encounter unsafe sites that hide malware, spyware or other types malicious links and programs. Some types of malware can jump from one device to others connected to the same home Wi-Fi network. That’s why it’s important to make sure everyone under your roof practices excellent digital security habits. One wrong click could sink an entire household. Consider signing up your family for a safe browsing extension that can notify you when you stray onto a risky site. So, instead of putting your device at risk during movie night, connect with your friends or loved ones over one copy of a safely and officially purchased version.
As with any new health regimen, immediately zooming from zero to a hundred will likely be overwhelming and result in failure. The same goes for adopting new digital safety habits. If you try to do too much at once, all the security measures you put in place will likely get in the way of your daily online activities. The more inconvenient it is, the more likely you may be to cut corners; thus, negating all the progress you’ve made.
Being cybersafe doesn’t mean you can’t still enjoy your connected devices to the fullest. It just means that you may need to act with more intention and slow down before volunteering personal details online or clicking on links.
To supplement your digital detox, consider signing up for McAfee+ Ultimate to make 2023 the year for a safer online you. McAfee+ Ultimate includes all the tools you need to live your best online life safely and privately, including a password manager, web protection, unlimited VPN and antivirus, and $1 million in identity theft coverage and restoration for peace of mind.
Cheers to a digitally smart 2023!
The post Start the New Year Right With This 3-Step Digital Detox appeared first on McAfee Blog.
hny-1200
Happy Download Day! (Yes, there’s a day for that.) Today is an excellent day to share downloading best practices to keep all your devices safe from malicious content. It’s tempting to download “free” shows, movies, and video games, but the consequences of doing so can be quite expensive. All it takes is for one malicious download to compromise your identity or leak your banking information to cybercriminals.
Luckily, there are a few ways to keep your devices and personally identifiable information (PII) safe. Here’s how!
How many streaming services do you subscribe to? Two? Ten? No matter how many premium entertainment subscriptions you have, the hottest new show always seems to be on the channel you can’t access. This is a common scenario that often drives people to download episodes from websites that claim crystal-clear, safe downloads. In actuality, these sites could harbor malware, spyware, or other types of malware that lurk in the shadows until an unsuspecting person downloads them to their desktop, tablet, or cellphone.
Malware, which stands for malicious software, often hides behind legitimate-looking links or downloadable content. It’s only until it’s on your device that you realize there’s a criminal hiding behind it. For example, earlier in 2022, a ransomware program (a type of malware) disguised itself as a Microsoft system update. The criminal behind the scheme then threatened leaking or permanently deleting sensitive files if the person didn’t pay the ransom.
Once malware infects one device, some malware programs can infect an entire home network and spread to other connected devices.1 From there, the cybercriminal can steal the online shopping, banking, or personal details of a whole household and either sell their findings on the dark web or keep it for themselves.
Before you download anything to any of your devices, go through this checklist to help you determine the safety of most content:
Overall, while downloading entertainment for free is appealing to people on a budget, it’s better to avoid doing so altogether. The risk isn’t worth it. Consider scheduling a watch party with a friend or family member who has the subscription service you’re seeking.
In case you slip up and accidentally download malware, spyware, or ransomware, McAfee+ Ultimate can defend your devices, remove the software, and monitor the dark web to make sure your PII wasn’t compromised. McAfee antivirus is compatible with macOS, iOS, and Android devices and Chromebooks, so you can regularly scan all your devices for programs that shouldn’t be there. If the worst does happen and a cybercriminal gets a grip on your personal information, McAfee can back you up with $1 million in identity theft coverage and restoration and continuous identity monitoring.
Browse confidently and enjoy your devices to the fullest! Just remember these safe downloading tips and partner with McAfee for peace of mind.
1Federal Trade Commission, “Malware from illegal video streaming apps: What to know”
The post Celebrate National Download Day With This Safe Downloading Checklist appeared first on McAfee Blog.
There are no ifs, ands, or buts about it: A stolen identity creates a mess. Once they have a few key pieces of personally identifiable information (PII), an identity thief can open new credit lines, create convincing new identities, and ruin an innocent person’s good credit.
If you suspect you’ve been affected by identity theft, acting quickly is key to stopping the thief and repairing the damage. Here are the definitive five steps of identity remediation, or the process of restoring and protecting the privacy of your identity.
With a stolen identity in hand, thieves can open new lines of credit or apply for large loans using someone else’s excellent credit score for leverage. If undetected, fraudsters can run up huge bills, never pay them, and in turn, ruin the credit score that you spent years perfecting. When you suspect or confirm that your identity has been compromised and you’re in the United States, alert the three major credit bureaus: Equifax, TransUnion, and Experian.
Freezing your credit means that no one (not even you) can open a new credit card or bank account. This prevents criminals from misusing your identity. Initiating a credit freeze is free and it doesn’t affect your credit score.
Once you suspect a criminal has stolen your identity, file a report with the Federal Trade Commission. Its official identity theft website includes a form for you to detail the circumstances. From there, the FTC will investigate.
It’s important to file a report because law enforcement can get involved and hopefully stop the criminal from striking again. Also, an official document from law enforcement or the FTC may help your bank and the credit bureaus resolve the damage.
Whenever a company with which you have an account is breached, the first step you should take is to quickly change your password. The same goes for when your identity is compromised with the added step of getting in touch with your banks and asking their fraud department to issue you new credit and debit cards and put them on alert for possible suspicious charges.
Having unique passwords for all your accounts is crucial to keeping them secure. For instance, if one of your accounts is breached and a cybercriminal lifts that username and password combination, they may then attempt to use it on other sites. To ensure you have strong passwords and passphrases for every site, consider using password manager software. Password managers are incredibly secure and make it so you only have to remember one password ever again.
In addition to freezing your credit, you may have to sync up with each bureau to remedy any damage the identity thief may have done to your credit. Each bureau’s fraud department is very familiar with these scenarios, so their customer service department is experienced and more than willing to help you work through it.
Once you’ve cleaned up the immediate mess made by an identity thief, it’s important to continuously monitor your identity in case the thief is biding their time or pieces of your PII are still circulating on the dark web. Plus, the headache of one compromised identity incident is enough for someone to never want it to happen again. Identity monitoring is a very thorough process that will give you peace of mind that you’ll be protected and can enjoy your online life safely.
These five steps, while important, can be tedious. It may require a lot of patience to sit on hold and sift through all the relevant forms. Luckily, McAfee is an excellent partner who can help you with all your identity remediation needs with just one service: McAfee+ Ultimate. For example, security freeze is an easy way to put a halt on your credit. McAfee’s identity monitoring service monitors up to 60 unique types of personal details. If your PII appears on the dark web, Personal Data Cleanup can remove it.
Recover and move forward confidently after an identity theft with McAfee by your side.
The post Everything You Need to Know About Identity Remediation appeared first on McAfee Blog.
The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022
The post 2022 in review: 10 of the year’s biggest cyberattacks appeared first on WeLiveSecurity
Our core mission in the NOC is network resilience. We also provide integrated security, visibility and automation, a SOC inside the NOC.
In part one, we covered:
In part two, we are going deep with security:
As the needs of Black Hat evolved, so did the Cisco Secure Technologies in the NOC:
The SecureX dashboard made it easy to see the status of each of the connected Cisco Secure technologies.
Since joining the Black Hat NOC in 2016, my goal remains integration and automation. As a NOC team comprised of many technologies and companies, we are pleased that this Black Hat NOC was the most integrated to date, to provide an overall SOC cybersecurity architecture solution.
We have ideas for even more integrations for Black Hat Asia and Black Hat USA 2023. Thank you, Piotr Jarzynka, for designing the integration diagram.
Below are the SecureX threat response integrations for Black Hat Europe, empowering analysts to investigate Indicators of Compromise very quickly, with one search.
The original Black Hat NOC integration for Cisco was NetWitness sending suspicious files to Threat Grid (know Secure Malware Analytics). We expanded that in 2022 with Palo Alto Networks Cortex XSOAR and used it in London, for investigation of malicious payload attack.
NetWitness observed a targeted attack against the Black Hat network. The attack was intended to compromise the network.
NetWitness extracted the payload and sent it to Secure Malware Analytics for detonation.
Reviewing the analysis report, we were able to quickly determine it was the MyDoom worm, which would have been very damaging.
The attack was blocked at the perimeter and the analysts were able to track and enrich the incident in XSOAR.
My first time at Black Hat turned out to be an incredible journey!
Thanks to the cybersecurity partnership between Paris 2024 and Cisco, I was able to integrate into the Cisco Crew, to operate the NOC/SOC as a Threat Hunter on the most dangerous network in the world for this European Edition of Black Hat.
My first day, I helped with deploying the network by installing the wireless Meraki APs on the venue, understanding how they were configured and how they could help analysts to identify and locate any client connected to the network that could have a bad behavior during the event, the idea being to protect the attendees if an attack was to spray on the network.
Following this “physical” deployment, I’ve been able to access the whole Cisco Secure environment including Meraki, Secure Malware Analytics, Umbrella, SecureX and the other Black Hat NOC partners software tools.
SecureX was definitely the product on which I wanted to step up. By having so fantastic professionals around me, we were able to dig in the product, identifying potential use cases to deploy in the orchestration module and expected integrations for Paris 2024.
Time was flying and so were the attendees to the conference, a network without user is fun but can be quite boring as nothing happens, having so many cybersecurity professional at the same place testing different security malwares, attacks and so on led us to very interesting investigations. A paradox at the Black Hat, we do not want to block malicious content as it could be part of exercises or training classes, quite a different mindset as what we, security defenders, are used to! Using the different components, we were able to find some observables/IOCs that we investigate through SecureX, SecureX being connected to all the other components helped us to enrich the observables (IPs, urls, domains…), understanding the criticality of what we identified (such as malware payloads) and even led us to poke the folks in the training classes to let them know that something really wrong was happening on their devices.
Being part of the Black Hat NOC was an incredible experience, I was able to meet fantastic professionals, fully committed on making the event a success for all attendees and exhibitors. It also helped me to better understand how products, that we use or will use within Paris 2024, could be leveraged to our needs and which indicators could be added to our various Dashboards, helping us to identify, instantaneously, that something is happening.
During the last day of Black Hat Europe, our NOC partner, NetWitness saw some files being downloaded on the network. The integration again automatically carved out the file and submitted the Cisco Secure Malware Analytics (SMA) platform. One of those files came back as a trojan, after SMA detonated the file in a sandbox environment. The specific hash is the below SHA-256:
938635a0ceed453dc8ff60eab20c5d168a882bdd41792e5c5056cc960ebef575
The screenshot below shows some of the behaviors that influenced the decision:
The result of seeing these behaviors caused SMA to give it the highest judgement score available to a detonated file:
After this judgement was made, we connected with the Palo Alto Networks team, and they found the IP address associated with the file download.
Once we had this information, we went to the Meraki dashboard and did a search for the IP address. The search returned only one client that has been associated with the address for the entire Black Hat conference.
Knowing that there has only been one client associated with the address made finding the attendee easier. We then needed to know where they were and Meraki had this figured out. After opening the client’s profile, we saw what SSID and access point (AP) they were connected to using the Meraki location map.
We then found the attendee and let them know to have their IT inspect their laptop to make sure it is clean.
Apart from the technical challenges of running a temporary network for N thousand people, the Black Hat event reminded us that success doesn’t happen without teamwork; that leadership isn’t just about keeping the project on track. It is also about looking after the team and that small details in planning, build up and tear down can be just as important, as having all the right tools and fantastically skilled Individuals using them during the event itself.
In the Cisco Secure technology stack, within the Black Hat NOC, we use SecureX Single Sign-on. This reduces the confusion of managing multiple accounts and passwords. It also streamlines the integrations between the Cisco products and our fellow NOC partners. We have an open ecosystem approach to integrations and access in the NOC, so we will provision Cisco Secure accounts for any staff member of the NOC. Logging into each individual console and creating an account is time consuming and can often lead to confusion on which tools to provision and which permission levels are needed.
To automate this process, I developed two workflows: one to create non-admin users for NOC partners and one to create administrator accounts in all the tools for Cisco staff. The workflows create accounts in SecureX, Secure Malware Analytics (Threat Grid), Umbrella DNS and Meraki dashboard, all using SecureX Single Sign-On.
Here is what the workflow looks like for creating non-admin users.
The workflow requires three inputs: first name, last name, and email. Click Run.
The sequence of API calls is as follows:
Once the workflow has completed successfully, the user will receive four emails to create a SecureX Sign-On account and accept the invitations to the various products. These workflows really improved our responsiveness to account provisioning requests and makes it much easier to collaborate with other NOC partners.
Over the previous Black Hat events, we have been utilizing Meraki scanning data to get location data for individual clients, as they roamed conference. In the initial blog post (Black Hat Asia 2022), we created a Docker container to accept the data from the Meraki Scanning API and save it for future analysis. At Black Hat USA 2022, we wrote about how to use Python Folium to use the flat text files to generate chronological heatmaps that illustrated the density of clients throughout the conference.
This time around, we’ve stepped it up again by integrating Umbrella DNS Security events and adding the ability to track clients across the heatmap using their local IP address.
To improve the portability of our data and the efficiency of our code, we began by moving from flat JSON files to a proper database. We chose SQLite this time around, though going forward we will likely use Mongo.
Both can be queried directly into Python Pandas dataframes which is what will give us the optimal performance we are looking for. We have a dedicated Docker container (Meraki-Receiver) that will validate the incoming data stream from the Meraki dashboard and insert the values into the database.
The database is stored on a Docker volume that can be mounted by our second container, the Meraki-Mapper. Though this container’s primary purpose is building the heatmaps, it also performs the task of retrieving and correlating Umbrella DNS security events. That is, any DNS query from the Black Hat network that matches one of several predefined security categories. Umbrella’s APIs were recently improved to add OAuth and simplify the URI scheme for each endpoint. After retrieving a token, we can get all security events in the time frame of the current heatmap with one call.
What we want to do with these events is to create Folium Markers. These are static “pins” that will sit on the map to indicate where the DNS query originated from. Clicking on a marker will popup more information about the query and the client who sent it.
Thanks to the Umbrella Virtual Appliances in the Black Hat network, we have the internal IP address of the client who sent the DNS query. We also have the internal IP address in the Meraki scanning data, along with the latitude and longitude. After converting the database query into a Pandas dataframe, our logic takes the IP address from the DNS query and finds all instances in the database of location data for that IP within a 5-minute window (the resolution of our heatmap).
What we end up with is a list of dictionaries representing the markers we want to add to the map. Using Bootstrap, we can format the popup for each event to make it look a bit more polished. Folium’s Popup plugin allows for an iFrame for each marker popup.
The result is a moving heatmap covering an entire day on a given conference floor, complete with markers indicating security events (the red pushpin icon).
Clicking on the pushpin shows the details of the query, allowing us in the NOC to see the exact location of the client when they sent it.
To further improve this service during the next conference, we plan to implement a web page where NOC staff can submit an IP address and immediately get map tracking that client through the conference floor. This should give us an even more efficient way to find and notify folks who are either behaving maliciously or appear to be infected.
For years we have been tracking the DNS stats at the Blackhat conferences. The post-pandemic 2022 numbers look like we never skipped a beat after the dip in DNS queries from 2021, seen in the bar graph below. This year’s attendance saw well over 11 million total DNS queries.
The Activity volume view from Umbrella gives a top-level level glance of activity by category, which we can drill into for deeper threat hunting. On trend with the previous Black Hat Europe events, the top Security categories were Dynamic DNS and Newly Seen Domains. However, it’s worth noting a proportionally larger increase in the cryptomining and phishing categories from 9 to 17 and 28 to 73, respectively, compared to last year.
These years, Black Hat saw over 4,100 apps connect to the network, which is nearly double of what was seen last year. However, still not topping over 6,100 apps seen at Black Hat USA early this year.
Should the need arise, we can block any application, such as Mail.ru above.
Black Hat Europe 2022 was the best planned and executed NOC in my experience, with the most integrations and visibility. This allowed us the time to deal with problems, which will always arise.
We are very proud of the collaboration of the team and the NOC partners.
Black Hat Asia will be in May 2023, at the Marina Bay Sands, Singapore…hope to see you there!
Thank you to the Cisco NOC team:
Also, to our NOC partners NetWitness (especially David Glover, Iain Davidson, Alessandro Contini and Alessandro Zatti), Palo Alto Networks (especially James Holland, Matt Ford, Matt Smith and Mathew Chase), Gigamon, IronNet, and the entire Black Hat / Informa Tech staff (especially Grifter ‘Neil Wyler’, Bart Stump, Steve Fink, James Pope, Jess Stafford and Steve Oldenbourg).
For 25 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and USA. More information is available at: blackhat.com. Black Hat is brought to you by Informa Tech.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
In this blog about the design, deployment and automation of the Black Hat network, we have the following sections:
Cisco is honored to be a Premium Partner of the Black Hat NOC, and is the Official Network Platform, Mobile Device Management, Malware Analysis and DNS (Domain Name Service) Provider of Black Hat.
2022 was Cisco’s sixth year as a NOC partner for Black Hat Europe. However, it was our first time building the network for Black Hat Europe. We used experiences of Black Hat Asia 2022 and Black Hat USA 2022 to refine the planning for network topology design and equipment. Below are our fellow NOC partners providing hardware, to build and secure the network, for our joint customer: Black Hat.
We are grateful to share that Black Hat Europe 2022 was the smoothest experience we’ve had in the years at Black Hat. This is thanks to the 15 Cisco Meraki and Cisco Secure engineers on site (plus virtually supporting engineers) to build, operate and secure the network; and great NOC leadership and collaborative partners.
To plan, configure, deploy (in two days), maintain resilience, and recover (in four hours) an enterprise class network, took a lot of coordination. We appreciate the Black Hat NOC leadership, Informa and the NOC partners; meeting each week to discuss the best design, staffing, gear selection and deployment, to meet the unique needs of the conference. Check out the “Meraki Unboxed” podcast – Episode 94: Learnings from the Black Hat Europe 2022 Cybersecurity Event
We must allow real malware on the Black Hat network: for training, demonstrations, and briefing sessions; while protecting the attendees from attack within the network from their fellow attendees, and prevent bad actors from using the network to attack the Internet. It is a critical balance to ensure everyone has a safe experience, while still being able to learn from real world malware, vulnerabilities, and malicious websites.
In addition to the weekly meetings with Black Hat and the other partners, the Cisco Meraki engineering team of Sandro Fasser, Rossi Rosario Burgos, Otis Ioannou, Asmae Boutkhil, Jeffry Handal and I met every Friday for two months. We also discussed the challenges in a Webex space with other engineers who worked on past Black Hat events.
The mission:
Division of labor is essential to reduce mistakes and stay laser focused on security scope. Otis took the lead working on network topology design with Partners. Asmae handled the port assignments for the switches. Rossi ensured every AP and Switch was tracked, and the MAC addresses were provided to Palo Alto Networks for DCHP assignments. Otis and Rossi spent two days in the server room with the NOC partners, ensuring every switch was operating and configured correctly. Rossi also deployed and configured a remote Registration switch for Black Hat.
In the weeks before deployment, our virtual Meraki team member, Aleksandar Dimitrov Vladimirov, and I focused on planning and creating a virtual Wi-Fi site survey. Multiple requirements and restrictions had to be taken into consideration. The report was based on the ExCel centre floor plans, the space allocation requirements from Black Hat and the number of APs we had available to us. Although challenging to create, with some uncertainties and often changing requirements due to the number of stakeholders involved, the surveys AP placement for best coverage ended up being pivotal at the event.
Below is the Signal Strength plan for the Expo Hall Floor on the 5 GHz band. The original plan to go with a dual-Band deployment was adjusted onsite and the 2.4 GHz band was disabled to enhance performance and throughput. This was a decision made during the network setup, in coordination with the NOC Leadership and based on experience from past conferences.
Upon arrival at the ExCel Centre, we conducted a walkthrough of the space that most of us had only seen as a floor plan and on some photos. Thanks to good planning, we could start deploying the 100+ APs immediately, with only a small number of changes to optimize the deployment on-site. As the APs had been pre-staged and added to the Meraki dashboard, including their location on the floor maps, the main work was placing and cabling them physically. During operation, the floor plans in the Meraki Dashboard were a visual help to easily spot a problem and navigate the team on the ground to the right spot, if something had to be adjusted.
As the sponsors and attendees filled each space, in the Meraki dashboard, we were able to see in real-time the number of clients connected to each AP, currently and over the time of the conference. This enabled quick reaction if challenges were identified, or APs could be redeployed to other zones. Below is the ExCel Centre Capital Hall and London Suites, Level 0. We could switch between the four levels with a single click on the Floor Plans, and drill into any AP, as needed.
The Location heatmaps also provided essential visibility into conference traffic, both on the network and footfalls of attendees. Physical security is also an important aspect of cybersecurity; we need to know how devices move in space, know where valuable assets are located and monitor their safety.
Below is the Business Hall at lunchtime, on the opening day of the conference. You can see no live APs in the bottom right corner of the Location heatmap. This is an example of adapting the plan to reality onsite. In past Black Hat Europe conferences, the Lobby in that area was the main entrance. Construction in 2022 closed this entrance. So, those APs were reallocated to the Level 1 Lobby, where attendees would naturally flow from Registration.
The floor plans and heatmaps also helped with the Training, Briefings and Keynote network resilience. Capacity was easy to add temporarily, and we were able to remove it and relocate it after a space emptied.
During our time in the NOC, we had the chance to work with other vendor engineers and some use cases that came up led to interesting collaborations. One specific use case was that we wanted to block wireless clients, that show some malicious or bad behavior, automatically after they have been identified by one of the SOC analysts on the different security platforms, in addition we wanted to show them a friendly warning page that guides them to the SOC for a friendly conversation.
The solution was a script that can be triggered thru the interfaces of the other security products and attaches a group policy thru the Meraki Dashboard, including a quarantine VLAN and a splash page, via the Meraki APIs. This integration was just one of the many collaboration bits that we worked on.
During the first day of training, in the Meraki dashboard Air Marshal, I observed packet flood attacks, against we were able to adapt and remain resilient.
I also observed an AP spoofing and broadcast de-authentication attack. I was able to quickly identify the location of the attack, which was at the Lobby outside the Business Hall. Should the attacks continue, physical security had the information to intervene. We also had the ability to track the MAC address throughout the venue, as discussed in Christian Clasen’s section in part two.
From our experiences at Black Hat USA 2022, we had encrypted frames enabled, blunting the attack.
The Meraki dashboards made it very easy to monitor the health of the network APs and Switches, with the ability to aggregate data, and quickly pivot into any switch, AP or clients.
Through the phases of the conference, from two days of pre-conference setup, to focused and intense training the first two days, and transition to the briefings and Business Hall, we were able to visualize the network traffic.
In addition, we could see the number of attendees who passed through the covered area of the conference, with or without connecting to the network. Christian Clasen takes this available data to a new level in Part 2 of the blog.
As the person with core responsibilities for the switch configuration and uptime, the Meraki dashboard made it very simple to quickly change the network topology, according to the needs of the Black Hat customer.
If you refer back to Black Hat USA 2022, you’d have seen that we had over 1,000 iOS devices to deploy, with which we had several difficulties. For context, the company that leases the devices to Black Hat doesn’t use a Mobile Device Management (MDM) platform for any of their other shows…Black Hat is the only one that does. So, instead of using a mass deployment technology, like Apple’s Automated Device Enrollment, the iOS devices are “prepared” using Apple Configurator. This includes uploading a Wi-Fi profile to the devices as part of that process. In Las Vegas, this Wi-Fi profile wasn’t set to auto join the Wi-Fi, resulting in the need to manually change this on 1,000 devices. Furthermore, 200 devices weren’t reset or prepared, so we had those to reimage as well.
Black Hat Europe 2022 was different. We took the lessons from US and coordinated with the contractor to prepare the devices. Now, if you’ve ever used Apple Configurator, there’s several steps needed to prepare a device. However, all of these can be actions can be combined into a Blueprint:
Instead of there being several steps to prepare a device, there is now just one! Applying the Blueprint!
For Black Hat Europe, this included:
There’s lots of other things that can be achieved as well, but this results in the time taken to enroll and set up a device to around 30 seconds. Since devices can be set up in parallel (you’re only limited by the number of USB cables / ports you have), this really streamlines the enrollment and set up process.
Now, for the future, whilst you can’t Export these blueprints, they are transportable. If you open Terminal on a Mac and type:
cd /Users/<YOUR USER NAME>/Library/Group Containers/K36BKF7T3D.group.com.apple.configurator/Library/Application Support/com.apple.configurator/Blueprints
You’ll see a file / package called something.blueprint This can be zipped up and emailed to some else so, they can then use the exact same Blueprint! You may need to reboot your computer for the Blueprint to appear in Apple Configurator.
As mentioned, the registration / lead capture / session scanning devices are provided by the contractor. Obviously, these are all catalogued and have a unique device code / QR code on the back of them. However, during setup, any device name provisioned on the device gets lost.
So, there’s three things we do to know, without having to resort to using the unwieldy serial number, what devices is what.
In the footnote, you’ll see Device Name and Device Serial in blue. This denotes that the values are actually dynamic and change per device. They include:
On the Lock Screen, it’s now possible to see the device’s name and serial number, without having to flip the device over (A problem for the registration devices which are locked in a secure case) or open systems preferences.
We also had integration with SecureX device insights, to see the security status of each iOS device.
With the ability to quickly check on device health from the SecureX dashboard.
This goes without saying, but the iOS devices (Registration, Lead Capture and Session Scanning) do have access to personal information. To ensure the security of the data, devices are wiped at the end of the conference. This is incredibly satisfying, hitting the Erase Devices button in Meraki Systems Manager, and watching the 100+ devices reset!
Deploying a network like Black Hat takes a lot of work, and repetitive configuration. Much of this has been covered in previous blogs. However, to make things easier for this event, instead of the 60 training SSIDs we had in Black Hat US 2022, the Meraki team discussed the benefits of moving to iPSKs with Black Hat NOC Leadership, which accepted the plan.
For context, instead of having a single pre shared key for an SSID, iPSK functionality allows you to have 1000+. Each of these iPSKs can be assigned its own group policy / VLAN. So, we created a script:
This only involves five API calls:
The bulk of the script is error handling (The SSID or network doesn’t exist, for example) and logic!
The result was one SSID for all of training: BHTraining, and each classroom had their own password. This reduced the training SSIDs from over a dozen and helped clear the airwaves.
Thank you to the Cisco NOC team:
Also, to our NOC partners NetWitness (especially David Glover, Iain Davidson, Alessandro Contini and Alessandro Zatti), Palo Alto Networks (especially James Holland, Matt Ford, Matt Smith and Mathew Chase), Gigamon, IronNet, and the entire Black Hat / Informa Tech staff (especially Grifter ‘Neil Wyler’, Bart Stump, Steve Fink, James Pope, Jess Stafford and Steve Oldenbourg).
For 25 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and USA. More information is available at: blackhat.com. Black Hat is brought to you by Informa Tech.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
For many Aussies, identity theft was always something that happened to other people. People on TV, usually. But the recent spate of data breaches at Optus, Medibank and Energy Australia has made many of us pay far more attention than ever to one of the fastest growing crimes in our country.
According to the Department of Home Affairs, 1 in 4 Aussies will be the victim of identity theft over the course of their lives with an annual economic impact of more than $2 billion. And with the financial fallout from the recent data breaches only just starting to be counted, these statistics will no doubt increase dramatically next year.
Identity theft is when a cybercriminal gains access to your personal information to steal money or gain other benefits. Armed with your personal info, they can apply for real identity documents in your name but with another person’s photograph. This enables them to then apply for loans or benefits in your name, sign up for memberships or even apply for credit cards.
And it goes without saying that the financial and emotional fallout from identity theft can be huge. Since the Optus and Medibank hacking stories broke just a few months ago, there has been multiple stories of Aussie families who have had their identities stolen and who are in a world of pain. This Melbourne family who have had over $40,000 stolen from ATM withdrawals alone is just one example.
Your personal information is any piece of information or data that can confirm who you are or how to find you. It may be a single piece of information, or several pieces used together. It’s often referred to as personally identifiable information (PII). So, it includes your name, parents’ name, address, date of birth, phone numbers, email address, usernames/passwords or passphrases, bank account details, school or university attended, location check-ins even RSVPS for events.
Every time you register with a new shopping site or social media platform, you will be asked to share some personally identifiable information. However, what you share may be stolen or even misused – just think about the recent list of Australian companies who had their customers’ private information stolen by hackers. So that’s why you need to ensure you are only sharing your information with trusted online sites and take every possible step to protect your personal information online.
While there are no guarantees in life, there are steps you can take to ensure your online identity is as safe as possible. Here are my top 5 tips:
Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) is a no-brainer because it makes a hacker’s life a lot harder. In short, it requires the user to provide two or more verification factors to gain access to an account or app. This might be a text, email or even a code generated by an authentication app. So, even if a hacker has your password and username, they still need that final piece of information before they can get their hands on your account!
Now this may take a bit of work to set up but using a unique and complex password on every account is one of the best things you can do to protect your online identity. And here’s the rationale – if you use the same password on all your accounts and your login details are stolen then hackers have access to all the accounts that are accessed with that password. Yikes!!! So, a unique password for each account is a great measure. I love using a password manager to make this process a little easier. Not only do they generate complex passwords, but they remember them too! All you need to do is remember your Master Password which needs to be extremely complex!!!
Updates are most commonly about addressing security weaknesses. And yes, I know they can be a pain but if you ignore them, you are essentially making it easier for hackers to find their way into your life via weak spots. And don’t forget to ensure your security software remains updated too!
I always recommend keeping a backup of all your important info in case something goes wrong. This should include all your photos, key documents and all your personally identifiable information. A hard drive works well but saving to the cloud is also a good option. I once dropped a hard drive and lost treasured family photos, so the cloud is my personal preference.
We all know knowledge is power so investing in top notch security and identity monitoring software will help keep you ahead of threats. McAfee+, McAfee’s new all in one privacy, identity and device protection solution is a fantastic way for Aussies to protect themselves online. It features identity monitoring and a password manager but also an unlimited VPN, a file shredder, protection score and parental controls. And the Rolls Royce version called McAfee+ Advanced, also offers subscribers additional identity protections including access to licensed restoration experts who can help you repair your identity and credit, in case you’re affected by a data breach. It also gives subscribers access to lost wallet protection which help you cancel and replace your ID, credit cards if they are lost or stolen.
Public, unsecured Wi-Fi can make life so much easier when you’re out and about but it’s also a tried and tested way for scammers to access your personal information. Unsecured Wi-Fi is free Wi-Fi that is available in public places such as libraries, cafes, or shopping centres. So, instead of using Wi-Fi, just use the data in your phone plan. Or alternatively invest in a Virtual Private Network (VPN) that cleverly encrypts everything you share on your device.
About 2 months ago, I embarked on a project to clean up my online life. I’m working through the list of sites I have accounts with and am closing those I no longer use, I’m also doing a huge password audit to ensure they are all unique to each site and are super complex, thanks to my password manager. Now, I’m not quite done yet, but things are in better shape than they were. Why not consider doing the same? With the holiday season fast approaching, why not dedicate a little of your poolside time to practicing a little cyber hygiene.
Till next time, keep those identities safe!
Alex
The post The Best Way To Protect Your Online Identity appeared first on McAfee Blog.
We recently had the chance to discuss the top trend predictions for 2023, issued by Gartner®, and what these may mean for CISOs. The trends are below:
These showed several themes: internal pressures, external changes and solution adoption.
CISOs need to be aware of the pressures that may come from inside the business. C Level executives having risk related elements in their employment contracts (8) may result in a higher focus on Risk management. This may benefit CISOs to position cyber security as part of the Risk calculation and perhaps unlock more support for risk reduction initiatives.
Aligned is the concept of a culture of organisational resilience being mandated by CEOs (7). CISOs now talk about culture change in cyber security, making business colleagues identify as part of the overall security of the organisation. This may now include resilience. Again, this may provide a vehicle for change for CISOs.
Risk as a factor when assessing whether to do business with third parties (4) will highlight the third-party dependency issues that now concern CISOs. The perimeter is now long gone; security extends beyond the organisational remit of the CISO. The ability to understand and collaborate with third party security will become n increasing requirement. There is a downside for CISOs. Many are already burdened with the need to report on compliance and audits. This may increase as requests come in from business partners, current and potential, on the organisation’s cyber security posture.
Related to compliance and reporting is the issue of Privacy. It is predicted the consumer privacy will increase to cover most countries (1). This may require additional focus on the extent and scope to which Privacy is reported. Many CISOs address this already due to requirements such as GDPR. This may provide a strong basis to move forward. CISOs have seen Privacy as a positive. “Do you really need that data?” is a question often asked. Organisations can reduce the amount of unwanted data stored and needing security.
Responding to attacks and the relentless change in tactics is an additional trend. Payments for ransomware is contentious. From the morale, legal and practical aspects of making payments. If this becomes regulated (5) it may provide a clearer basis for decision making. Perhaps it may provide a for of deterrent for attacks. If the victim cannot pay why attack them? Perhaps this is just wishful thinking. On the negative side attackers may increase the capability of their tools in the operational technology environment with extreme impact (6). A current area of concern for CISOs that may increase in focus.
On a positive side a majority of organisation will adopt zero trust as a starting point for their security (3). However, many will not gain the benefits. CISOs are now increasing addressing the organisational and cultural change required to make Zero Trust succeed and realising it is not just about the technology. There are clear benefits that have been identified in Cisco research papers1. CISOs are looking to introduce new consolidated technologies in web, cloud services and private application access (3). This may reduce tech debt, enable smoother operational management, centralised policy control and better reporting.
https://www.cisco.com/c/dam/en/us/products/collateral/security/zero-trust-field-guide.pdf
Source: https://www.gartner.com/en/articles/the-top-8-cybersecurity-predictions-for-2021-2022
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Give the gift of security resilience and receive instant savings from a secure choice enterprise agreement.
When it comes to the holidays, most thoughts turn towards shopping and spending time with friends and loved ones. In the business world, the holiday season often lands at the end of the quarter / fiscal year, and businesses start to make lists of things that need to be purchased in the coming years, and sometimes they find themselves wanting to purchase a gift – so to speak – for themselves.
The problem that many organizations face is that when it comes to purchasing products and services, balancing today’s needs and budget isn’t as easy as it sounds. Add to this the concern of unclear future security needs which can be stressful. But what if you could get exactly what you need, protect the budget and future-proof your investment at the same time?
We want to give a gift to you. That is right, you read that correctly. We want to make your holidays a little bit more special with the gift of security resilience. And we can offer that to you with instant savings.
Here are a few examples of how you can build the gift of security resilience that best fits your organization’s security needs today and is ready to grow with your tomorrow.
Provide edge to edge protection. Hold the first line of defense against cyberthreats for branch offices and remote users. Maintain the last line of defense, by protecting your endpoint devices with rapid incident detection, response, and remediation of advanced threats.
Provide protection for your users and devices with these essential Cisco Secure products.
Protect what matters, get cloud and application protection that secures internet access, safeguards cloud app usage, and identifies public cloud threats. Build out your cloud and application security with these essential Cisco Secure products.
Cisco Secure Zero Trust helps you transform your business with continuous verification of users and devices for secure access. These Cisco Secure products are part of the essential architecture towards building zero trust secure access.
Choose any of the two Cisco Secure products that you want to buy towards building out user and device security, cloud and application security, zero trust secure access, or any of our security solutions. You do not have to stop with two, you have the freedom to grow; add more, save more.
Cisco Secure products you can choose from:
Give the Gift of Security with a Cisco Secure Choice Enterprise Agreement
Choose, buy, and deploy Cisco Secure products through one easy-to-manage Cisco Secure Choice Enterprise Agreement; save more as you buy more for all of those on your holiday list. Protect your end users working remotely, in office only, or in a hybrid environment as with more devices on and off the network, cybersecurity risks are not slowing down anytime soon. Build the solution that best fits your organization through a single, flexible agreement that lets you pay annually, as you go, over 3 or 5 years, with 0% financing.
With Cisco’s Secure Choice Enterprise Agreements, you can add security resilience in 2023 and beyond, with exactly the security products and services you need, right when you need them the most.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure.
Without question, smart home devices have truly stormed the marketplace. We’ve gone from a handful of relatively straightforward things like connected lights, outlets, and cameras to a wide range of fully connected household appliances like refrigerators, stoves, and laundry machines. You can even water your garden with smart devices, which check for soil moisture, weather reports, and for what you’re watering.
Further new technologies like the Matter protocol aim to make them all work more reliably and easily—with a new networking standard that allows different devices from different platforms to work together. Something they couldn’t do before and something that likely kept people from adding to their connected home because of compatibility issues. No more.
It’s exciting, as it should be. Yet the security and privacy measures for these devices hasn’t quite kept up with all this rapid development and expansion. Not across the board, anyway. Security isn’t always built into these devices. In some cases, it’s so poorly handled that it makes some devices prone to attack.
However, you can absolutely enjoy a smart home and all the comforts and conveniences that come along with it. Safely. Just a little extra effort from you makes it possible. And you don’t need to be any kind of whiz to pull it off.
For starters, the old security adage holds true for smart homes and devices: “If it’s connected, it must be protected.” Any connected device can provide a hacker with an inroad to your home network and the data and devices on it. So even that seemingly innocent smart wall outlet that you use to run your living room lamps could be a target.
In fact, we’ve seen instances where a little outlet created a big security issue, such as one report where an unsecure plug used poor factory passwords and didn’t use secure encryption to communicate with the household router. The result—hackers could obtain login credentials to a victim’s entire home network.
Another old security adage is that your home network is only as secure as your weakest device. In the above case, that was a poorly designed smart outlet—at least from a security standpoint.
Now consider a highly connected smart home with a dozen or so smart devices. Maybe some of those have great security built in and are backed by manufacturers that update them regularly for ongoing security. And maybe some of those other devices, not so much. Again, just one poorly secured device in that mix could jeopardize your connected things, along with the data you keep on them.
On the topic of data, we often talk about privacy policies and how they’re not all created equal. Depending on the app, device, and operating system—along with any settings you have control over too—may determine what information a company collects, keeps, and shares about you and your usage. Moreover, it may determine what they or other third parties might do with that data as well.
Put simply, not every company treats your personal data the same way. Some may sell it to data brokers for profit or share it with third parties like insurance companies, government agencies, law enforcement, and others according to findings published by some industry groups.
Still others may not sell that data, yet they will share it with third parties for analysis or use it to fuel their own advertising campaigns or advertising platforms they own. And of course, there are others who collect and analyze the bare minimum and keep that data to themselves.
Consider once more that smart home filled with a dozen or so smart devices. That likely means several different data privacy policies are in play as well, each handing the data created by that home in different ways. And in ways that you may or may not be fully aware of, given that privacy policies are often notoriously long reads, sometimes filled with legalese.
Without question, privacy is another consideration for your smart home.
You can do plenty of things that can make your smart devices more private and more secure than they were when they came out of the box. And as mentioned above, the steps are all rather straightforward. Our Smart Home Security Guide lays it out for you.
It’s part of the McAfee Security Guide Series, and in it you’ll get a closer look at how you can protect a smart wall outlet, along with that smart coffeemaker, door lock, refrigerator and more. It covers the basics of protection, how to shop for more private and secure smart devices, plus a section that talks specifically about smart speakers and protecting your privacy while using them.
In all, our Smart Home Security Guide is here to help. The truth is that security isn’t always included with smart home devices. Not right out of the box anyway. Just like with your computers, smartphones, and other devices, the best security relies on you. With a handful of steps, you can enjoy your smart home with confidence.
The post The Smart Home Security Guide appeared first on McAfee Blog.
Attackers specifically craft business email compromise (BEC) and phishing emails using a combination of malicious techniques, expertly selected from an ever-evolving bag of tricks. They’ll use these techniques to impersonate a person or business that’s well-known to the targeted recipient and hide their true intentions, while attempting to avoid detection by security controls.
As a result of the requisite expertise needed to combat these complex attacks, email security has traditionally been siloed away in disparate teams and security controls. Practitioners are buried under an ever-growing pile of RFCs, requiring extensive domain-specific knowledge, unending vigilance, and meticulous manual interventions, such as tweaking trust levels and cultivating allow/block lists with IPs, domains, senders, and vendors.
Cisco Secure Email Threat Defense is leading the industry forward with a major shift, elevating email security into a new era; where administration will consist of merely associating specific business risks with the appropriate due diligence response required to remediate against them.
Email Threat Defense has introduced a new Threat Profile that provides the customer with deep insights into the specific business risks of individual email threats and the confidence to act quickly. This new visualization is powered by a new patent-pending threat detection engine. This engine leverages intelligence distilled from Talos global-scale threat research across a massive volume of email traffic into machine learning, behavioral modeling, and natural language understanding.
The detection engine granularly identifies specific underlying threat techniques utilized in the message by the attacker. The identified techniques provide the full context of the threat message as the supporting foundation for the engine to determine threat categorization and the specific risk to the business. These malicious Techniques, together with the threat category and specific business risk, are used to populate the Threat Profile.
Each message’s Threat Profile is identified in real-time, automatically remediated per policy, and surfaced directly to the operator in the message detail views, providing deep contextual insights into the attacker’s intent and the associated risks to the business. As part of a larger Extended Detection and Response (XDR) strategy, the actionable intelligence in Email Threat Defense is integrated with the wider enterprise orchestration of security controls via SecureX, easing the operational burden by decreasing your mean time to remediation (MTTR).
Email Threat Defense delivers a distinct understanding of malicious messages, the most vulnerable targets within the organization, and the most effective means of protecting them from phishing, scams, and BEC attacks. With a clean design and core focus on simplifying administration, Email Threat Defense deploys in minutes to strengthen protection of your existing Microsoft 365 Exchange Online platform against the most advanced email threats.
For more information, visit the Cisco Secure Email product pages, read the Email Threat Defense data sheet, and view the demo video below.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 