Login
Be impeccable with your words. It’s the first of the Four Agreements – a set of universal life principles outlined in the bestselling book by Don Miguel Ruiz. ‘Being impeccable with your words’ is my favorite, and it’s no surprise. As a product marketer, I spend most of my daily existence casting about for the perfect word to use in web copy, a webinar, or video script.
Words can connect us, as well as divide us. In helping to develop the message that Cisco takes to the market about zero trust, I try to be as impeccable as I can with each word. After all, cybersecurity is too important to be cavalier about what is possible – within a particular use case, product, or service.
Clarifying what zero trust means to you comes first. The zero trust principles reflect another of the four agreements: ‘Don’t make assumptions’. Don’t assume that a user or device is trusted based on their presence on the network, their type of device, or any other aspect of the connection request. Instead, verify it.
At the same time, don’t assume that everyone in your organization is in accord with, or clear on the goals of a zero trust initiative. Confirm goals and clearly communicate them. Over the past year, I’ve met with several customers keen to embark on zero trust and generally those goals involve one or more of the following:
The phrase zero trust does not inspire trust, clarity, or transparency. No name is perfect, but the challenge with calling an architecture that is consistent with a ‘never assume trust, always verify it, and enforce the principle of least-privilege’ policy ‘zero trust’ is that it sends the message that ‘one cannot ever be trusted’.
Changing the mindset of anyone is already a complex undertaking, but
starting off with a lack of trust (even if it’s only a word) doesn’t help.
Zero trust is simply good security. Zero trust is a conversation about the totality of the security stack, and how to bring it to bear in ways that allow teams to…
Simply put, make sure that one only has access to resources they need and that any violations of this policy are investigated.
Relationships build trust – an essential ingredient for zero trust momentum. In the Harvard Business Review’s “Begin with Trust”, Frances Frei and Anne Morriss describe three key drivers for trust: authenticity, logic, and empathy. Perhaps we can apply these drivers within the context of zero trust security:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
In today’s security climate, NetOps and SecOps teams are witnessing increased attack surface area as applications and workloads move far beyond the boundaries of their data center. These applications/workloads move to, and reside in multi-cloud architecture, adding complexity to connectivity, visibility, and control. In the multi-cloud world, the SecOps teams use a distributed security model that is expensive, difficult to deploy, and complex to manage.
Cisco has partnered with Alkira to help secure your multi-cloud environment. Combining Alkira’s simplified cloud connection through their cloud network-as-a-service platform (SaaS-like model) with Cisco’s industry-leading security controls, we can deliver a centralized security model for multi-cloud architecture that is easy to deploy, manage, and increases visibility and control.
Cisco Secure Firewall Threat Defense Virtual provides unmatched security controls such as stateful firewalling, Snort3 IPS, URL filtering, malware defense, application visibility and control, and more. Additionally, with the purchase of Secure Firewall Threat Defense Virtual, you will receive license entitlement to Cisco SecureX, our open XDR and orchestration platform, helping you accelerate threat detection, investigation, and remediation.
Cisco Secure Firewall Management Center (FMC) is required for managing Secure Firewall Threat Defense Virtual, helping administrators enforce consistent access policies, rapidly troubleshoot security events, and view summarized reports across the deployment.
Secure Firewall Threat Defense Virtual is available on Alkira’s service marketplace through Bring-Your-Own-License (BYOL) and Pay-As-You-Go licensing options. Customers can seamlessly deploy and insert Secure Firewall in their Alkira Cloud Exchange Points (CXP).
Benefits of this integrated architecture include:
The Cisco Secure Firewall Threat Defense brings the following capabilities to the environment:
Figure 1 shows a multi-cloud environment inter-connected using Alkira Cloud Exhange Platform (CXP). In the above architecture, Cisco provides seamless insertion of security controls and enables the following use cases for firewall insertion:
Using Alkira’s customer portal, Cisco Secure Firewall Threat Defense Virtual can be easily inserted in the traffic path within minutes. Figure 2 shows how automation & orchestration eliminates additional configuration required in the legacy insertion model.
Cisco Secure Firewall Threat Defense Virtual is managed using Cisco Secure Firewall Management Center (FMC). Customers can use on-premises FMC or build a virtual FMC instance in the cloud. Cisco and Alkira support both models of deployment.
Cisco Secure Firewall Threat Defense Virtual protects the following traffic flows in Alkira CXP:
Alkira and Cisco’s partnership simplifies the deployment of enterprise-grade security in the cloud while enabling multi-cloud visibility and end-to-end threat defense for customers.
Additional Resources:
Cisco Secure Firewall Threat Defense
Cisco Secure Firewall Data Sheet
Cisco Secure Firewall Management Center
Alkira blog on Cisco Secure Firewall Threat Defense
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022
The post ESET APT Activity Report T3 2022 appeared first on WeLiveSecurity
For Cisco engineers working on Duo, having a remote-first workplace has helped them reach life goals, connect with colleagues around the world, and be intentional communicators. We understand that working remotely can be an adjustment — that’s why we’ve compiled the 10 parts of remote work that surprised our team members most and their advice for navigating the nuances. If you’re interested in being part of a remote-first workplace, check out our open positions.
Senior Engineering Leader David Rines has worked remotely for the past seven years. He’s found that Cisco’s approach to distributed teams has “enabled us to pick up the right talent, and not necessarily local talent. We are moving towards a global, follow the sun environment,” he said.
One of the aspects Rines appreciates most of this structure is getting “a widely varied set of perspectives and experiences that help build a more reliable, more robust product, which is why we’re here.”
Another benefit to having colleagues across the globe is the sharing of recipes, a perk Senior Site Reliability Engineer Bernard Ting particularly enjoys. Proactively communicating with colleagues virtually “helps you to form bonds with people from other teams. You can always learn something new about cultures elsewhere. I talk to people about food and so I’m always gathering recipes from people from all over the world,” Ting shared.
While some may fear that working remotely could lead to feelings of isolation and loneliness, a different camaraderie can flourish in the structure of our distributed teams. With colleagues across time zones, “there’s always someone there who you can reach out to help solve your problem,” Rines said.
Collaboration hours are another way Site Reliability Engineering Manager Jaya Sistla has cultivated virtual community and problem-solving. These hours are blocked off for team members to talk about what they’re working on. “The main thing is being able to ask for help so you don’t go into the rabbit hole debugging things,” Sistla said.
Ting points out that working in a distributed model allows you to really engage in virtual events and conversations. Given that the team mainly communicates through online chat, Ting has found that “forces you to see everyone as equally approachable, which has made me more comfortable reaching out to people from anywhere in the world.”
For folks sharing an office, collaboration can happen through casual chats over coffee. When facing a challenge, you can ask your neighbor for support. While ideally virtual communication could have a similar cadence and spontaneity, the logistics of remote and distributed work require intentionality and being proactive in connecting with colleagues as people and as co-workers.
When Ting first started working remotely, he felt that every meeting needed to be formal and have a business objective. By sharing his feelings with his manager, he was reassured that “socializing is a very important part of teamwork, because if you don’t have a good relationship with your colleagues you’re not going to be able to have healthy discussions, healthy conflict or be able to critique each other when the situation arises.”
Since that conversation, Ting has been more proactive about catching up with colleagues, which can include sharing a coffee over video chat. Duo’s “coffee roulette” formalizes the process as every month, employees who opt in can be randomly paired up for a quick half-hour chat focused exclusively on socializing. Ting has found being proactive about socializing virtually helpful. “It’s made me more intentional with my time and really treasure the social experience you can get,” he said.
Some folks may be concerned that without a manager observing their efforts and work ethic day in and day out, it may be harder to recognize accomplishments and challenges. Ting found that within his team “when you work on projects and in your one-on-ones with your managers, they’re always very intentional about learning what you’ve been doing and seeing what your progress is like on certain projects. I’ve been asked, ‘How do you think you can improve? What are some of the things you’ve been doing outside of the team work?’”
To cultivate cross-team collaboration and education, there are thoughtfully planned virtual lunch and learns. “We schedule training sessions and common meetings at times that are flexible for everyone. If it has to be repeated, we do it so people can comfortably attend rather than stretching themselves and attending at odd hours,” Sistla said.
For Software Engineer Nick Aspinall, an important and fun part of working remotely is keeping in touch with virtual messaging. One unique perk has been getting to create and customize emojis with team members including a few of himself in “various ridiculous states,” he said.
Connecting with colleagues on themed channels focused on personal and professional interests from coffee to pets “makes it really cool because you can meet people across different teams and still get some of the feeling of rubbing elbows that you get when you’re in the office,” Aspinall said. Participating in these virtual conversations boosts morale while also providing an endless supply of cute animal pics.
Given the multi-faceted nature of our work and the importance of consistent information sharing, having different communication channels and formats to communicate data with varying degrees of complexity is vital. Having information readily accessible, accurate and updated is particularly necessary in a field like cybersecurity.
Senior Software Engineer Mario Lopez finds that the variety of information sources contributes to an easeful remote working experience. For instance, for complex architecture decisions or detailing, Duo’s Wiki is the best source.
Software Engineer Hanna Fernandez has benefited from chat channels dedicated to design and engineering topics to “see what everyone’s up to and what thoughts people have,” she said. Sista pointed out these are great places to ask questions and open up dialogue to solve problems.
Our culture is “video-on,” meaning that it is preferred that during video meetings, as much as possible, attendees have their cameras on. Lopez loves this because “you get a bit of that personal human element.”
“We’re all people behind these screens. You definitely get some of people’s personality through text, but you get it more when you actually see them. It’s infectious when you see someone smiling. You’ve got to smile back,” he shared (while we both smiled).
When Fernandez started at Cisco, she was advised to schedule individual meetings with everyone she would be working with on every team that she joined. That suggestion is one she’s applied even virtually.
“It’s a great strategy because I already know that my team is super talented and very smart, but this way I also get to know them as humans beyond their roles,” Fernandez said. Fernandez also finds it important to check in with co-workers and ask how they’re feeling and how their time off was. “I know a lot of people hate small talk, but it’s not just small talk. I’m genuinely interested in how my co-workers are doing.”
One of Ting’s biggest goals was buying his first house in the countryside outside of London. By working remotely, Ting has flexibility in his location which allowed him to achieve his goal of buying a house and settling down with his partner, while giving their dogs the space they need to be dogs.
When transitioning from fully remote to hybrid, it’s important to recognize that there will be some shifts to get accustomed to. As the structures of remote, distributed and hybrid work evolve, it’s important to stay flexible and notice what’s possible through multiple modalities of team building. Many teams have enjoyed in-person gatherings and connecting through virtual lunches and team games when remote.
Fernandez has had multiple roles with multiple structures at Cisco. As an intern, she was fully in person and shared desk space with other interns who collaborated on full stack engineering. While working in finance IT, Fernandez was hybrid and many of her colleagues were distributed among multiple offices. The pandemic began while she was in a DevOps role, forcing her to maintain boundaries around her work time while working fully remotely. In her current role working on Duo, Fernandez is completely remote but advocates for in-person events if possible, because “humans are social creatures who want to see each other’s faces in real life once in a while.”
For Aspinall, “when we did come back to the office, there was a bit of an adjustment period where you were overstimulated from the office.” He also wanted to ensure team members who were 100% remote were fully included. Now he sees that while half his team is fully remote and the other half is hybrid, “that doesn’t stop anyone from doing anything. All of our meetings feel the same. They’re all seamless.”
If you’re interested in joining our team from wherever you are in the world, check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Related tags
Imagine this: Your CEO sends you an email asking for your help transferring $5,000 to a new vendor for an urgent project. You make the transfer, only to find out later that the email was actually from an imposter, and that money is now in the hands of cybercriminals. Oops, right? crickets
Business Email Compromise (BEC) is a type of cybercrime that involves compromising or imitating legitimate business email accounts to carry out fraudulent transactions or steal sensitive information. The goal of a BEC attack is typically to trick the victim into transferring money, clicking on a malicious link, or disclosing sensitive information such as login credentials. BEC attacks can have a devastating impact on organizations of all sizes and in all industries, making it essential for businesses to be aware of the threat, understand the business risk, and take the necessary steps to protect themselves.
According to the latest FBI IC3 report, BEC is “one of the most financially damaging online crimes” and in 2021 was accountable for $2.4 Billion in adjusted losses for businesses and consumers.
One of the most common types of BEC attacks is called impersonating or email spoofing. By pretending to be a trusted colleague or business partner to gain the victim’s trust, the attacker uses social engineering techniques to trick the victim into clicking on a link or attachment in an email that contains malware, takes the victim to a malicious website, and has them transfer funds or change payment information.
BEC attacks can be very sophisticated and are difficult to detect. Many times, what the end-user sees on their email client does not represent the true email address of that sender, or it shows one that has been spoofed.
Typically, the attacker tries to impersonate someone in the organization with enough authority to not be questioned about what he/she is asking to be done.
As with everything in security, to be able to succeed in stopping BEC attacks, additional security layers & techniques should be implemented. There are several options to mitigate or reduce the number of successful BEC attacks. Creating a list of the people who will be likely to be impersonated will provide the best results. Usually, with names from the CxO level, this is known as a High Impact Personnel list. It will be used along with other security analysis engines to make sure any impersonated/spoof emails, along with other threats, get stopped and will not reach the end user.
The Cisco Secure Email Threat Defense solution leverages hundreds of detection engines that utilize state-of-the-art artificial intelligence/machine learning and natural language processing to convict messages from the most creative attackers! On top of this, our customers can define their High Impact Personnel list, and together with the other detection engines, will be able to not only block malicious messages but also understand the reasons and categories of why a message is being convicted as malicious.
In summary, Business Email Compromise (BEC) is a serious threat to organizations of all sizes and in all industries. To protect against BEC attacks, businesses should implement multiple techniques including identifying their High Impact Personnel for their organization, educating employees about the threat, and relying on reporting to understand who is being targeted most frequently so their security policies can be adjusted.
See how Secure Email Threat Defense identifies specific business risk factors to protect your organization.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country
The post SwiftSlicer: New destructive wiper malware strikes Ukraine appeared first on WeLiveSecurity
Cybersecurity professionals are often perceived as sole practitioners, plying their craft in dimly lit rooms. Nothing could be further from the truth, as one of the keys to being a successful cybersecurity professional is the ability to collaborate and, more importantly, to share knowledge as far and wide as possible.
At Cisco, we have formed the Cisco Insider Advocacy program, which consists of a global community of professionals passionate about working and spreading their knowledge with others. We celebrate these individuals’ efforts with annual awards in various disciplines and locales. In 2023, Cisco will recognize top advocates by region for the Global Advocate Awards. Our first event – highlighting Cisco customers from across the EMEA region – is around the corner. It all happens at Cisco Live in Amsterdam, in a live ceremony on February 8!
I am joined on the Advocate Awards judges’ panel by my colleagues, Cindy Valladares, Director of Brand Strategy and Customer Advocacy at Cisco Secure, Caroline Surujpaul, EMEA and European Marketing Director at Cisco Secure and Sarah Stephens, Senior Security Marketing Leader for EMEA at Cisco Secure. We are pleased to introduce the nominees for the Cybersecurity Defender of the Year Award in EMEA.
We have five distinguished nominees, and while we have yet to select a winner, you will see how each of their contributions to Cisco’s cybersecurity community raised our attention.
Alessandro was featured in a recent successful case study about the Future of Work with Umbrella, as well as an earlier piece about simplified security using Cisco Meraki in Talent Garden.
Alessandro also authored a book about digital transformation long before it was a common buzzword. That is typical of Alessandro’s foresight, the ability to be proactive to changes before they are commonplace. He is indeed on the cutting edge.
Alessandro considers his involvement in the Advocacy community as “a very easy goal for me. First, because I’m very passionate about cybersecurity, and second because here I can find very valuable peers and professionals to share information with.” Alessandro’s abilities are borne from passion, drive, and adherence to a personal code of excellence; he learned security in a strictly hands-on style. He is also a member of Cisco’s “League of Cybersecurity Heroes.”
Christoffer, the newest Cisco Insider Advocacy community member, has gotten off to a brisk involvement with the group. He was recently featured in the case study “NTNU Supports a Diverse Academic and Research Community with Proactive Security,” which detailed how the Norwegian University of Science and Technology tackled the management of a dizzying 110,000 endpoints connecting to the university’s VPN.
Christoffer fully embraces the ideology of collaboration, mentioning that when he was seeking a security solution, “We didn’t want a vendor. We didn’t want a product. We wanted a partner to help us attack this large problem of cybersecurity.” He also demonstrates a fervent dedication to sharing by authoring half a dozen works in the cybersecurity realm, ranging from scientific to academic articles. His involvement in the Insider Advocacy community has earned him a spot in Cisco’s “League of Cybersecurity Heroes.”
Mark is one of the most erudite cybersecurity professionals one could meet. He has extensive educational credentials and enjoys sharing his knowledge, making him one of the Top 10 most engaged advocates of the Cybersecurity Channel within the Cisco Insider Advocates community.
Mark’s professional involvement extends beyond his local precinct, offering his knowledge of security best practices across the UK Policing community. In completing his most recent university degree, he authored a dissertation that “has led to an initiative to improve the security posture of my workplace.” Mark’s support to other Cisco customers has also led to his election as Vice-Chair of the Internet Society Cybersecurity Special Interest Group. He is also a member of Cisco’s “League of Cybersecurity Heroes.”
Luigi is a valuable member of the Insider Advocacy group and was recently featured in a video and written success story about Zero Trust and XDR.
Luigi is an agent of change who embraces the collaborative spirit of a true cybersecurity expert, as exemplified in his entire professional approach: “Since the infrastructure is now cloud-based, we had to change our mindset regarding cybersecurity as well. It was important to have the people, the process, the organisation, and the technology under the same security umbrella.”
When not working to ensure the security of the Sara Assicurazioni environment, Luigi has dedicated time to speaking at events, such as the “Experts Learning from Experts” global virtual session, a special virtual roundtable dedicated to Zero Trust and, last but not least, his presentation at Cisco Live Emea in Amsterdam about XDR and Zero Trust. His contributions to the Insider Advocacy platform reflect a tireless commitment to the cybersecurity community. Luigi is also a member of Cisco’s “League of Cybersecurity Heroes.”
Last year, Diego participated as speaker at the Tech Forum: Convergencia entre redes y seguridad. He will also be featured in a future ThreatWise TV – Cisco episode
Diego recognised early on that remote work would place his organisation outside the scope of their security and took proactive measures to meet the challenge. Part of his proactive approach is to freely communicate his ideas, leading to his involvement in the Insider Advocacy community. This has also earned him a place within Cisco’s “League of Cybersecurity Heroes.”
Diego’s view of working with Cisco’s products is summed up in a catchy phrase: “If it’s connected, it’s protected.” His involvement within the Insider Advocacy community makes us echo that sentiment by stating that he is connected, helping to keep everyone protected.
One point of note is the absence of women from the list of nominees. This was not the result of bias, as Cisco has a history of substantial diversity, equity, and inclusion. As you can see from the activities of the current nominees, the selection was based strictly on contributions to the community. We would love to see more engagement and membership in the Insider Advocacy program, not only from women but from a broader geographic area. This would increase the choices of possible nominees and add an even wider palette of inclusion to the entire nomination process.
We know that there is an entire population of cybersecurity professionals who seek more connection with like-minded individuals, and we welcome you to join this cohesive community.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.
The tip about the Experian weakness came from Jenya Kushnir, a security researcher living in Ukraine who said he discovered the method being used by identity thieves after spending time on Telegram chat channels dedicated to cybercrime.
Normally, Experian’s website will ask a series of multiple-choice questions about one’s financial history, as a way of validating the identity of the person requesting the credit report. But Kushnir said the crooks learned they could bypass those questions and trick Experian into giving them access to anyone’s credit report, just by editing the address displayed in the browser URL bar at a specific point in Experian’s identity verification process.
When I tested Kushnir’s instructions on my own identity at Experian, I found I was able to see my report even though Experian’s website told me it didn’t have enough information to validate my identity. A security researcher friend who tested it at Experian found she also could bypass Experian’s four or five multiple-choice security questions and go straight to her full credit report at Experian.
Experian acknowledged receipt of my Dec. 23 report four days later on Dec. 27, a day after Kushnir’s method stopped working on Experian’s website (the exploit worked as long as you came to Experian’s website via annualcreditreport.com — the site mandated to provide a free copy of your credit report from each of the major bureaus once a year).
Experian never did respond to official requests for comment on that story. But earlier this week, I received an otherwise unhelpful letter via snail mail from Experian (see image above), which stated that the weakness we reported persisted between Nov. 9, 2022 and Dec. 26, 2022.
“During this time period, we experienced an isolated technical issue where a security feature may not have functioned,” Experian explained.
It’s not entirely clear whether Experian sent me this paper notice because they legally had to, or if they felt I deserved a response in writing and thought maybe they’d kill two birds with one stone. But it’s pretty crazy that it took them a full month to notify me about the potential impact of a security failure that I notified them about.
It’s also a little nuts that Experian didn’t simply include a copy of my current credit report along with this letter, which is confusingly worded and reads like they suspect someone other than me may have been granted access to my credit report without any kind of screening or authorization.
After all, if I hadn’t authorized the request for my credit file that apparently prompted this letter (I had), that would mean the thieves already had my report. Shouldn’t I be granted the same visibility into my own credit file as them?
Instead, their woefully inadequate letter once again puts the onus on me to wait endlessly on hold for an Experian representative over the phone, or sign up for a free year’s worth of Experian monitoring my credit report.
As it stands, using Kushnir’s exploit was the only time I’ve ever been able to get Experian’s website to cough up a copy of my credit report. To make matters worse, a majority of the information in that credit report is not mine. So I’ve got that to look forward to.
If there is a silver lining here, I suppose that if I were Experian, I probably wouldn’t want to show Brian Krebs his credit file either. Because it’s clear this company has no idea who I really am. And in a weird, kind of sad way I guess, that makes me happy.
For thoughts on what you can do to minimize your victimization by and overall worth to the credit bureaus, see this section of the most recent Experian story.
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”
A copy of the passport for Denis Emelyantsev, a.k.a. Denis Kloster, as posted to his Vkontakte page in 2019.
First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device.
Customers could pay to rent access to a pool of proxies for a specified period, with costs ranging from $30 per day for access to 2,000 proxies, to $200 daily for up to 90,000 proxies.
Many of the infected systems were Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. Later in its existence, the RSOCKS botnet expanded into compromising Android devices and conventional computers.
In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet. But that action did not name any defendants.
Inspired by that takedown, KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Emelyantsev’s personal blog, where he went by the name Denis Kloster. The blog featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world,” and even included a group photo of RSOCKS employees.
“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
But by the time that investigation was published, Emelyantsev had already been captured by Bulgarian authorities responding to an American arrest warrant. At his extradition hearing, Emelyantsev claimed he would prove his innocence in an U.S. courtroom.
“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Emelyantsev told the Bulgarian court. “I am not a criminal and I will prove it in an American court.”
RSOCKS, circa 2016. At that time, RSOCKS was advertising more than 80,000 proxies. Image: archive.org.
Emelyantsev was far more than just an administrator of a large botnet. Behind the facade of his Internet advertising company based in Omsk, Russia, the RSOCKS botmaster was a major player in the Russian email spam industry for more than a decade.
Some of the top Russian cybercrime forums have been hacked over the years, and leaked private messages from those forums show the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted community where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the forum imploded in 2010.
A Google-translated version of the Rusdot spam forum.
Indeed, the very first mentions of RSOCKS on any Russian-language cybercrime forums refer to the service by its full name as the “RUSdot Socks Server.”
Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, Emelyantsev probably knows quite a bit about other top players in the botnet spam and malware community.
It remains unclear whether Emelyantsev made good on his promise to spill that knowledge to American investigators as part of his plea deal. The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of California, which has not responded to a request for comment.
Emelyantsev pleaded guilty on Monday to two counts, including damage to protected computers and conspiracy to damage protected computers. He faces a maximum of 20 years in prison, and is currently scheduled to be sentenced on April 27, 2023.
As part of Cisco’s recognition of International Data Privacy Day, today we released the Cisco 2023 Data Privacy Benchmark Study, our sixth annual review of key privacy issues and their impact on business. Drawing on responses from more than 3100 organizations in 26 geographies, the findings show that organizations continue to prioritize and get attractive returns from their privacy investments, while integrating privacy into many of their most important processes, including sales motions, management metrics, and employee responsibilities.
Nearly all organizations have recognized the importance of privacy to their business. Ninety-four percent (94%) of respondents said their customers wouldn’t buy from them if their data was not properly protected, and 95% said privacy has become a business imperative.
Even in a difficult economic environment, the average privacy spend in 2022 was $2.7 Million, up 125% from 3 years ago. Estimated benefits from privacy rose to $3.4 Million with significant gains across all organization sizes. The average organization is getting benefits of 1.8 times spending, meaning they get $180 of benefit for each $100 invested in privacy. Thirty-six percent (36%) of organizations are getting returns at least twice their spending with many getting returns upwards of 3 or 5 times.
More organizations are recognizing that everyone across the organization plays a vital role in protecting personal data. Ninety-five percent (95%) of survey respondents said that “all of their employees” need to know how to protect data privacy. Among the security professionals who completed our survey, one-third (33%) included data privacy in their top three areas of responsibility.
Another important indication of privacy’s importance to the organization is the use of privacy metrics. Ninety-eight percent (98%) of organizations said they are reporting one or more privacy-related metrics to the Board of Directors. The average number of privacy metrics was 3.1, which is up from 2.6 in last year’s survey. The most-reported metrics include the status of any data breaches, impact assessments, and incident response.
Privacy legislation continues to be very well-received around the world. Seventy-nine percent (79%) of all corporate respondents said privacy laws have had a positive impact, and only 6% indicated that the laws have had a negative impact.
Ninety-six percent (96%) of organizations said they have an ethical obligation to treat data properly. However, when it comes to earning and building customer trust, their priorities are not fully consistent with those of consumers. Transparency – providing easily accessible and clear information about how their data is being used – was the top priority (39%) for respondents in the consumer survey, well ahead of not selling personal information or complying with privacy laws. Yet, when asked what builds trust for consumers, organizations in the Benchmark Survey selected compliance over transparency. It seems consumers consider legal compliance to be a “given” with transparency more of a differentiator.
This disconnect can also be seen when it comes to the use of Artificial Intelligence (AI). Ninety-six percent (96%) of organizations in our survey believe they have processes already in place to meet the responsible and ethical standards that customers expect. Yet, the majority of consumers don’t see it that way. As reported in our 2022 Consumer Privacy Survey, 65% already have lost trust in organizations over their AI practices. Fortunately, organizations may be starting to get the message that they aren’t doing enough. Ninety-two percent (92%) of respondents said that when it comes to AI applications, their organization needs to be doing more to reassure customers that their data is only being used for intended and legitimate purposes.
Many governments and organizations are putting in place data localization requirements, which forces data to be kept within a country or region. The vast majority (88%) of survey respondents believe that their data would be inherently safer if it is only stored locally. Remarkably, 90% also said that a global provider, operating at scale, can better protect the data compared to local providers. When viewing these two statements together, it seems that while organizations would ideally like to keep their data local, they still prefer and trust a global provider over a local provider. Of course, if they can get both — a local instance set up by a global provider — they would presumably like that even better.
This research suggests that organizations should continue to build and apply privacy capabilities into their operations and solutions, particularly among engineering, IT and security professionals, and those who work with personal data. Transparency is particularly important to customers, and organizations need to do more to reassure customers on how their data is being used, especially when applying and using AI and automated decision-making. Finally, organizations should consider the consequences of data localization requirements and recognize that these add cost and may degrade functionality, privacy, and security.
To learn more, check out the Cisco 2023 Data Privacy Benchmark Study, Infographic, and our Principles for Responsible AI.
Also, the new Cisco 2022 Purpose Report (Power section) and the Cisco ESG Reporting Hub (Integrity and Trust section) to see how trustworthiness, transparency, and accountability are key to Cisco’s approach to security, privacy, and trust.
All this and more can be found on the Cisco Trust Center.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS