Login
The cybercrime economy is one of the runaway success stories of the 21st century — at least, for those who participate in it. Estimates claim it could be worth over $1 trillion annually, more than the GDP of many countries. Part of that success is due to its ability to evolve and shift as the threat landscape changes. Trend Micro has been profiling the underground cybercrime community for many years. Over the past five years, we’ve seen a major shift to new platforms, communications channels, products and services, as trust on the dark web erodes and new market demands emerge.
We also expect the current pandemic to create yet another evolution, as cyber-criminals look to take advantage of new ways of working and systemic vulnerabilities.
Shifts in the underground
Our latest report, Shifts in the Cybercriminal Underground Markets, charts the fascinating progress of cybercrime over the past five years, through detailed analysis of forums, marketplaces and dark web sites around the world. It notes that in many product areas, the cost of items has dropped as they become commoditised: so where in 2015 you expected to pay $1000 per months for crypting services, today they may be as little as $20.
In other areas, such as IoT botnets, cyber-propaganda and stolen gaming account credentials, prices are high as new products spark surging demand. Fortnite logins can sell for around $1,000 on average, for example.
The good news is that law enforcement action appears to be working. Trend Micro has long partnered with Interpol, Europol, national crime agencies and local police to provide assistance in investigations. So it’s good to see that these efforts are having an impact. Many dark web forums and marketplaces have been infiltrated and taken down over the past five years, and our researchers note that current users complain of DDoS-ing and log-in issues.
Cybercriminals have been forced to take extreme measures as trust erodes among the community, for example, by using gaming communications service Discord to arrange trades, and e-commerce platform Shoppy.gg to sell items. A new site called DarkNet Trust was even created to tackle this specific challenge: it aims to verify cybercrime vendors’ reputations by analysing their usernames and PGP fingerprints.
What does the future hold?
However, things rarely stay still on the cybercrime underground. Going forward, we expect to see a range of new tools and techniques flood dark web stores and forums. AI will be at the centre of these efforts. Just as it’s being used by Trend Micro and other companies to root out fraud, sophisticated malware and phishing, it could be deployed in bots designed to predict roll patterns on gambling sites. It could also be used in deepfake services developed to help buyers bypass photo ID systems, or launch sextortion campaigns against individuals.
Some emerging trends are less hi-tech but no less damaging. Log-ins for wearable devices could be stolen and used to request replacements under warranty, defrauding the customer and costing the manufacturers dear. In fact, access to devices, systems and accounts is so common today that we’re already seeing it spun out in “as-a-service” cybercrime offerings. Prices for access to Fortune 500 companies can hit as much as $10,000.
Post-pandemic threats
Then there’s COVID-19. We’re already seeing fraudsters targeted government stimulus money with fake applications, sometimes using phished information from legitimate businesses. And healthcare organisations are being targeted with ransomware as they battle to save lives.
Even as the pandemic recedes, remote working practices are likely to stay in many organisations. What does this mean for cybercrime? It means more targeting of VPN vulnerabilities with malware and DDoS services. And it means more opportunities to compromise corporate networks via connected home devices. Think of it like a kind of Reverse BYOD scenario – instead of bringing devices into work to connect, the corporate network is now merged with home networks.
Tackling such challenges will demand a multi-layered strategy predicated around that familiar trio: people, process and technology. It will require more training, better security for home workers, improved patch management and password security, and much more besides. But most of all it will demand continued insight into global cybercriminals and the platforms they inhabit, to anticipate where the next threats are coming from.
Fortunately, this is where Trend Micro’s expert team of researchers come in. We won’t let them out of our sight.
The post How the Cybercriminal Underground Has Changed in 5 Years appeared first on .
Cloud computing has revolutionized the IT world, making it easier for companies to deploy infrastructure and applications and deliver their services to the public. The idea of not spending millions of dollars on equipment and facilities to host an on-premises data center is a very attractive prospect to many. And certainly, moving resources to the cloud just has to be safer, right? The cloud provider is going to keep our data and applications safe for sure. Hackers won’t stand a chance. Wrong. More commonly than anyone should, I often hear this delusion from many customers. The truth of the matter is, without proper configuration and the right skillsets administering the cloud presence, as well as practicing common-sense security practices, cloud services are just (if not more) vulnerable.
The Shared Responsibility Model
Before going any further, we need to discuss the shared responsibility model of the cloud service provider and user.
When planning your migration to the cloud, one needs to be aware of which responsibilities belong to which entity. As the chart above shows, the cloud service provider is responsible for the cloud infrastructure security and physical security of such. By contrast, the customer is responsible for their own data, the security of their workloads (all the way to the OS layer), as well as the internal network within the companies VPC’s.
One more pretty important aspect that remains in the hands of the customer is access control. Who has access to what resources? This is really no different than it’s been in the past, exception being the physical security of the data center is handled by the CSP as opposed to the on-prem security, but the company (specifically IT and IT security) are responsible for locking down those resources efficiently.
Many times, this shared responsibility model is overlooked, and poor assumptions are made the security of a company’s resources. Chaos ensues, and probably a firing or two.
So now that we have established the shared responsibility model and that the customer is responsible for their own resource and data security, let’s take a look at some of the more common security issues that can affect the cloud.
Amazon S3
Amazon S3 is a truly great service from Amazon Web Services. Being able to store data, host static sites or create storage for applications are widely used use cases for this service. S3 buckets are also a prime target for malicious actors, since many times they end up misconfigured.
One such instance occurred in 2017 when Booz Allen Hamilton, a defense contractor for the United States, was pillaged of battlefield imagery as well as administrator credentials to sensitive systems.
Yet another instance occurred in 2017, when due to an insecure Amazon S3 bucket, the records of 198 million American voters were exposed. Chances are if you’re reading this, there’s a good chance this breach got you.
A more recent breach of an Amazon S3 bucket (and I use the word “breach,” however most of these instances were a result of poor configuration and public exposure, not a hacker breaking in using sophisticated techniques) had to do with the cloud storage provider “Data Deposit Box.” Utilizing Amazon S3 buckets for storage, a configuration issue caused the leak of more than 270,000 personal files as well as personal identifiable information (PII) of its users.
One last thing to touch on the subject of cloud file storage has to do with how many organizations are using Amazon S3 to store uploaded data from customers as a place to send for processing by other parts of the application. The problem here is how do we know if what’s being uploaded is malicious or not? This question comes up more and more as I speak to more customers and peers in the IT world.
API
APIs are great. They allow you to interact with programs and services in a programmatic and automated way. When it comes to the cloud, APIs allow administrators to interact with services, an in fact, they are really a cornerstone of all cloud services, as it allows the different services to communicate. As with anything in this world, this also opens a world of danger.
Let’s start with the API gateway, a common construct in the cloud to allow communication to backend applications. The API gateway itself is a target, because it can allow a hacker to manipulate the gateway, and allow unwanted traffic through. API gateways were designed to be integrated into applications. They were not designed for security. This means untrusted connections can come into said gateway and perhaps retrieve data that individual shouldn’t see. Likewise, the API requests to the gateway can come with malicious payloads.
Another attack that can affect your API gateway and likewise the application behind it, is a DDOS attack. The common answer to defend against this is Web Application Firewall (WAF). The problem is WAFs struggle to deal with low, slow DDOS attacks, because the steady stream of requests looks like normal traffic. A really great way to deter DDOS attacks at the API gateway however is to limit the number of requests for each method.
A great way to prevent API attacks lies in the configuration. Denying anonymous access is huge. Likewise, changing tokens, passwords and keys limit the chance effective credentials can be used. Lastly, disabling any type of clear-text authentication. Furthermore, enforcing SSL/TLS encryption and implementing multifactor authentication are great deterrents.
Compute
No cloud service would be complete without compute resources. This is when an organization builds out virtual machines to host applications and services. This also introduces yet another attack surface, and once again, this is not protected by the cloud service provider. This is purely the customers responsibility.
Many times, in discussing my customers’ migration from an on-premises datacenter to the cloud, one of the common methods is the “lift-and-shift” approach. This means customers take the virtual machines they have running in their datacenter and simply migrating those machines to the cloud. Now, the question is, what kind of security assessment was done on those virtual machines prior to migrating? Were those machines patched? Were discovered security flaws fixed? In my personal experience the answer is no. Therefore, these organizations are simply taking their problems from one location to the next. The security holes still exist and could potentially be exploited, especially if the server is public facing or network policies are improperly applied. For this type of process, I think a better way to look at this is “correct-and-lift-and-shift”.
Now once organizations have already established their cloud presence, they will eventually need to deploy new resources, and this can mean developing or building upon a machine image. The most important thing to remember here is that these are computers. They are still vulnerable to malware, so regardless of being in the cloud or not, the same security controls are required including things like anti-malware, host IPS, integrity monitoring and application control just to name a few.
Networking
Cloud services make it incredibly easy to deploy networks and divide them into subnets and even allow cross network communication. They also give you the ability to lock down the types of traffic that are allowed to traverse those networks to reach resources. This is where security groups come in. These security groups are configured by people, so there’s always that chance that a port is open that shouldn’t be, opening a potential vulnerability. It’s incredibly important from this perspective to really have a grasp on what a compute resource is talking to and why, so the proper security measures can be applied.
So is the cloud really safe from hackers? No safer than anything else unless organizations make sure they’re taking security in their hands and understand where their responsibility begins, and the cloud service provider’s ends. The arms war between hackers and security professionals is still the same as it ever was, the battleground just changed.
The post Is Cloud Computing Any Safer From Malicious Hackers? appeared first on .
If the first few months of 2020 have taught us anything, it’s the importance of collaboration and partnership to tackle a common enemy. This is true of efforts to fight the current pandemic, and it’s also true of the fight against cybercrime. That’s why Trend Micro has, over the years, struck partnerships with various organizations that share a common goal of securing our connected world.
So when we heard that one of these partners, the non-profit Shadowserver Foundation, was in urgent need of financial help, we didn’t hesitate to step in. Our new $600,000 commitment over three years will help to support the vital work it does collecting and sharing global threat data for the next three years.
What is Shadowserver?
Founded in 2004, The Shadowserver Foundation is now one of the world’s leading resources for reporting vulnerabilities, threats and malicious activity. Their work has helped to pioneer a more collaborative approach among the international cybersecurity community, from vendors and academia to governments and law enforcement.
Today, its volunteers, 16 full-time staff and global infrastructure of sinkholes, honeypots and honeyclients help run 45 scans across 4 billion IPv4 addresses every single day. It also performs daily sandbox scans on 713,000 unique malware samples, to add to the 12 Petabytes of malware and threat intelligence already stored on its servers. Thousands of network owners, including 109 CSIRTS in 138 countries worldwide, rely on the resulting daily reports — which are available free of charge to help make the digital world a safer place.
A Global Effort
Trend Micro is a long-time partner of The Shadowserver Foundation. We automatically share new malware samples via its malware exchange program, with the end goal of improving protection for both Trend Micro customers and Shadowserver subscribers around the world. Not only that, but we regularly collaborate on global law enforcement-led investigations. Our vision and mission statements of working towards a more secure, connected world couldn’t be more closely aligned.
As COVID-19 has brutally illustrated, protecting one’s own backyard is not enough to tackle a global challenge. Instead, we need to reach out and build alliances to take on the threats and those behind them, wherever they are. These are even more pronounced at a time when remote working has dramatically expanded the corporate attack surface, and offered new opportunities for the black hats to prosper by taking advantage of distracted employees and stretched security teams.
The money Trend Micro has donated over the next three years will help the Shadowserver Foundation migrate to the new data center it urgently needs and support operational costs that combined will exceed $2 million in 2020. We wish the team well with their plans for this year.
It’s no exaggeration to say that our shared digital world is a safer place today because of their efforts, and we hope to continue to collaborate long into the future
The post Securing the Connected World with Support for The Shadowserver Foundation appeared first on .
“How about… ya!”
Security needs to be treated much like DevOps in evolving organizations; everyone in the company has a responsibility to make sure it is implemented. It is not just a part of operations, but a cultural shift in doing things right the first time – Security by default. Here are a few pointers to get you started:
1. Security should be a focus from the top on down
Executives should be thinking about security as a part of the cloud migration project, and not just as a step of the implementation. Security should be top of mind in planning, building, developing, and deploying applications as part of your cloud migration. This is why the Well Architected Framework has an entire pillar dedicated to security. Use it as a framework to plan and integrate security at each and every phase of your migration.
2. A cloud security policy should be created and/or integrated into existing policy
Start with what you know: least privilege permission models, cloud native network security designs, etc. This will help you start creating a framework for these new cloud resources that will be in use in the future. Your cloud provider and security vendors, like Trend Micro, can help you with these discussions in terms of planning a thorough policy based on the initial migration services that will be used. Remember from my other articles, a migration does not just stop when the workload has been moved. You need to continue to invest in your operation teams and processes as you move to the next phase of cloud native application delivery.
3. Trend Micro’s Cloud One can check off a lot of boxes!
Using a collection of security services, like Trend Micro’s Cloud One, can be a huge relief when it comes to implementing runtime security controls to your new cloud migration project. Workload Security is already protecting thousands of customers and billions of workload hours within AWS with security controls like host-based Intrusion Prevention and Anti-Malware, along with compliance controls like Integrity Monitoring and Application Control. Meanwhile, Network Security can handle all your traffic inspection needs by integrating directly with your cloud network infrastructure, a huge advantage in performance and design over Layer 4 virtual appliances requiring constant changes to route tables and money wasted on infrastructure. As you migrate your workloads, continuously check your posture against the Well Architected Framework using Conformity. You now have your new infrastructure secure and agile, allowing your teams to take full advantage of the newly migrated workloads and begin building the next iteration of your cloud native application design.
This is part of a multi-part blog series on things to keep in mind during a cloud migration project. You can start at the beginning which was kicked off with a webinar here: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html. To have a more personalized conversation, please add me to LinkedIn!
The post Principles of a Cloud Migration – Security W5H – The HOW appeared first on .
I would like to express my outrage over the brutal killings of George Floyd, Breonna Taylor, and Ahmaud Arbery – not as the CEO of an international company, but as a human being and a citizen of the world. It makes me very sad, but also intensely frustrated and angry to realize how little is being done around the world to overcome the blatant inequality and racism that persists. The disturbing, high-profile incidents in the past weeks expose in a cruel way how we live in a world where fear, uncertainty and discrimination continue to impact the lives of black people every single day.
As a global society, we should do better; we must be better.
At Trend Micro, we are committed to providing a safe, empathetic and respectful environment where we reject any form of racism and discrimination, with zero tolerance. We not only welcome diversity in our Trend Micro family, we encourage it, whether it is diversity of race, ethnicity, nationality, gender, gender identification, sexual orientation, physical ability, age, religion, veteran status, socio-economic status, and political philosophy. We believe it is our different backgrounds and experiences that make us who we are and make us as strong as we are. But we continue to listen and learn how to create equality for all.
I feel very strongly that we all need to do something and become a force for change. We have an obligation towards our communities and our children to leave this world in a better place. I am fortunate as a CEO to be able to use my voice to speak out against any kind of discrimination, against racism in any form. I ask that we all seek to expand our perspectives and heighten our awareness of others. We must open our eyes to the current and ugly truth and challenge any subconscious tendencies to avoid this painful reality of inequality!
Today I am inspired to lift up the voice of a young Trend Micro employee who posted on our internal web site:
“Progress is a process. Unity is part of the process.
Unity drives awareness…
Awareness drives education…
Education drives action…
Action drives change…
Let’s make a change!”
These are very difficult times for us as individuals, communities, and as nations. I ask you to join me in doing our part to fight racism – we can’t afford any more lives to be lost, any more children growing up deprived of their opportunities. First and foremost, we need to listen to our black communities and educate ourselves. And we must acknowledge that this is an ongoing issue – and continue to fight inequality every day, even when the protests don’t make headlines anymore. We can all make a difference. Speak out against injustice, listen to the stories of inequality, act, vote and make a change.
Together, we can make this world a better place!
Eva Chen
The post Message from Eva Chen – as a human being, not a CEO: We need to speak out and act against racism appeared first on .
The analyst firm Canalys annually produces their Cybersecurity Leadership Matrix. Whereas many third-party assessments are looking at just the security product, this one focuses on the value to channel partners.
Sidebar: what is the channel? If you aren’t actively buying or selling cybersecurity and aren’t familiar with the term, the short answer is that the channel is how products get from the maker to the buyer. Resellers are the most commonly discussed example, however the channel is also distributors, system integrators, and others. Most established cybersecurity makers don’t have a big sales force that sells direct, for good reasons. Channel partners are usually not a single product seller, and they know a region, vertical or specific customer best and are ideally the end users’ de facto partner or trusted advisor. The channel dedicated for smaller companies sell more than just cybersecurity and can be an extension of the CIO team. Channel partners select products carefully: they are usually in for a much longer period of time and more of a commitment than a specific buyer.
Partners have to train staff, make significant investments, become familiar with the product and back it with their reputation. Features alone aren’t enough. Even the very best product that isn’t backed with a channel friendly vendor is a nightmare for the channel. Of course, bad products are a non-starter no matter how channel-friendly a company is as that reseller has to live with any fallout. Assessing channel success matters obviously to the channel but it is also significant for buyers. Channel partner success at the end of the day is a simple metric: a positive customer experience throughout a product lifecycle. In my experience a channel partner will do a more thorough product assessment than any enterprise buyer.
Canalys does a good job in capturing the channel aspects of a successful cybersecurity vendor with the leadership matrix, and they make it more than just about product or channel but combine the two. So, it is good news that Trend Micro is in the upper right “Champions” quadrant in 2020. It’s significant to me that Trend Micro is one of only seven entries in that quadrant when there are, according to Richard Stiennon, more than 2300 cybersecurity vendors in the world[1]. What is particularly significant to me is that the placement movement for Trend from last 2019 was so important, as it reflects the effort and focus we have put on our channel activities.
Like any third-party assessment it matters to know the context, so check out the Matrix here, and our own formal announcement here.
[1] https://www.techcentury.com/2020/02/14/cybersecurity-guru-stiennon-publishes-2020-yearbook/
The post Not Just Good Security Products, But a Good Partner appeared first on .
Some smart devices are not limited to use on the home network; for instance, your child’s mobile phone or tablet. Keeping your kids safe on these on-the-go devices means extending your security policies beyond the home. Trend Micro Home Network Security (HNS) makes it easy with its complementary app, Trend Micro Guardian. Guardian integrates with HNS’s parental control rules via Mobile Device Management technology to extend the rules you’ve applied on your home network to your children’s Wi-Fi / mobile connections outside the home.
Guardian enables the following security and parental controls:
|
|
Setup and Configuration
In order to benefit from these features, the Trend Micro Guardian app must be installed on your child’s device and paired with your Home Network Security Station. It’s recommended that you install Trend Micro Guardian on the child’s device before setting up Parental Controls. However, you may also save the Trend Micro Guardian setup process until after you’ve defined the Parental Control rules for your child. Either way, Guardian accepts the rules defined and applies them to the child’s device whenever they go beyond your home and hook up to public WiFi or their mobile network.
For the Trend Micro Guardian app setup and installation process, you may refer to FAQ: Trend Micro Guardian or the Home Network Security Product Guide for more details.
A Few Additional Notes
|
|
Protection that Goes Where Your Child Goes
Internet safety for kids is a must, whether they’re online at home, or out and about, away from home. Trend Micro Guardian ensures the child will observe and practice the same security rules at home and on the internet anywhere in the world.
For more information on Trend Micro Home Network Security with Guardian, go to Home Network Security.
The post Trend Micro Guardian: Protecting Your Kids On-the-Go appeared first on .
Vendor lock-in has been an often-quoted risk since the mid-1990’s.
Fear that by investing too much with one vendor, an organization reduces their options in the future.
Was this a valid concern? Is it still today?
Organizations walk a fine line with their technology vendors. Ideally, you select a set of technologies that not only meet your current need but that align with your future vision as well.
This way, as the vendor’s tools mature, they continue to support your business.
The risk is that if you have all of your eggs in one basket, you lose all of the leverage in the relationship with your vendor.
If the vendor changes directions, significantly increases their prices, retires a critical offering, the quality of their product drops, or if any number of other scenarios happen, you are stuck.
Locking in to one vendor means that the cost of switching to another or changing technologies is prohibitively expensive.
All of these scenarios have happened and will happen again. So it’s natural that organizations are concerned about lock-in.
When the cloud started to rise to prominence, the spectre of vendor lock-in reared its ugly head again. CIOs around the world thought that moving the majority of their infrastructure to AWS, Azure, or Google Cloud would lock them into that vendor for the foreseeable future.
Trying to mitigate this risk, organizations regularly adopt a “cloud neutral” approach. This means they only use “generic” cloud services that can be found from the providers. Often hidden under the guise of a “multi-cloud” strategy, it’s really a hedge so as not to lose position in the vendor/client relationship.
In isolation, that’s a smart move.
Taking a step back and looking at the bigger picture starts to show some of the issues with this approach.
The first issue is the heavy use of automation in cloud deployments means that vendor “lock-in” is not nearly as significant a risk as in was in past decades. The manual effort required to make a vendor change for your storage network used to be monumental.
Now? It’s a couple of API calls and a consumption-based bill adjusted by the megabyte. This pattern is echoed across other resource types.
Automation greatly reduces the cost of switching providers, which reduces the risk of vendor lock-in.
When your organization sets the mandate to only use the basic services (server-based compute, databases, network, etc.) from a cloud service provider, you’re missing out one of the biggest advantages of moving to the cloud; doing less.
The goal of a cloud migration is to remove all of the undifferentiated heavy lifting from your teams.
You want your teams directly delivering business value as much of the time as possible. One of the most direct routes to this goal is to leverage more and more managed services.
Using AWS as an example, you don’t want to run your own database servers in Amazon EC2 or even standard RDS if you can help it. Amazon Aurora and DynamoDB generally offer less operation impacts, higher performance, and lower costs.
When organizations are worried about vendor lock-in, they typically miss out on the true value of cloud; a laser focus on delivering business value.
In this new light, a multi-cloud strategy takes on a different aim. Your teams should be trying to maximize business value (which includes cost, operational burden, development effort, and other aspects) wherever that leads them.
As organizations mature in their cloud usage and use of DevOps philosophies, they generally start to cherry pick managed services from cloud providers that best fit the business problem at hand.
They use automation to reduce the impact if they have to change providers at some point in the future.
This leads to a multi-cloud split that typically falls around 80% in one cloud and 10% in the other two. That can vary depending on the situation but the premise is the same; organizations that thrive have a primary cloud and use other services when and where it makes sense.
There are some tools that are more effective when they work in all clouds the organization is using. These tools range from software products (like deployment and security tools) to metrics to operational playbooks.
Following the principles of focusing on delivering business value, you want to actively avoid duplicating a toolset unless it’s absolutely necessary.
The maturity of the tooling in cloud operations has reached the point where it can deliver support to multiple clouds without reducing its effectiveness.
This means automation playbooks can easily support multi-cloud (e.g., Terraform). Security tools can easily support multi-cloud (e.g., Trend Micro Cloud One). Observability tools can easily support multi-cloud (e.g., Honeycomb.io).
The guiding principle for a multi-cloud strategy is to maximize the amount of business value the team is able to deliver. You accomplish this by becoming more efficient (using the right service and tool at the right time) and by removing work that doesn’t matter to that goal.
In the age of cloud, vendor lock-in should be far down on your list of concerns. Don’t let a long standing fear slow down your teams.
The post The Fear of Vendor Lock-in Leads to Cloud Failures appeared first on .
Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources.
As with any launch, there is a lot of new information, so we decided to sit down with one of the founders of Conformity, Mike Rahmati. Mike is a technologist at heart, with a proven track record of success in the development of software systems that are resilient to failure and grow and scale dynamically through cloud, open-source, agile, and lean disciplines. In the interview, we picked Mike’s brain on how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure. Let’s dive in.
What are the common business problems that customers encounter when building on or moving their applications to Azure or Amazon Web Services (AWS)?
The common problem is there are a lot of tools and cloud services out there. Organizations are looking for tool consolidation and visibility into their cloud environment. Shadow IT and business units spinning up their own cloud accounts is a real challenge for IT organizations to keep on top of. Compliance, security, and governance controls are not necessarily top of mind for business units that are innovating at incredible speeds. That is why it is so powerful to have a tool that can provide visibility into your cloud environment and show where you are potentially vulnerable from a security and compliance perspective.
Common misconfigurations on AWS are an open Amazon Elastic Compute Cloud (EC2) or a misconfigured IAM policy. What is the equivalent for Microsoft?
The common misconfigurations are actually quite similar to what we’ve seen with AWS. During the product preview phase, we’ve seen customers with many of the same kinds of misconfiguration issues as we’ve seen with AWS. For example, Microsoft Azure Blobs Storage is the equivalent to Amazon S3 – that is a common source of misconfigurations. We have observed misconfiguration in two main areas: Firewall and Web Application Firewall (WAF),which is equivalent to AWS WAF. The Firewall is similar to networking configuration in AWS, which provides inbound protection for non-HTTP protocols and network related protection for all ports and protocols. It is important to note that this is based on the 100 best practices and 15 services we currently support for Azure and growing, whereas, for AWS, we have over 600 best practices in total, with over 70 controls with auto-remediation.
Can you tell me about the CIS Microsoft Azure Foundation Security Benchmark?
We are thrilled to support the CIS Microsoft Azure Foundation Security Benchmark. The CIS Microsoft Azure Foundations Benchmark includes automated checks and remediation recommendations for the following: Identity and Access Management, Security Center, Storage Accounts, Database Services, Logging and Monitoring, Networking, Virtual Machines, and App Service. There are over 100 best practices in this framework and we have rules built to check for all of those best practices to ensure cloud builders are avoiding risk in their Azure environments.
Can you tell me a little bit about the Microsoft Shared Responsibility Model?
In terms of shared responsibility model, it’s is very similar to AWS. The security OF the cloud is a Microsoft responsibility, but the security IN the cloud is the customers responsibility. Microsoft’s ecosystem is growing rapidly, and there are a lot of services that you need to know in order to configure them properly. With Conformity, customers only need to know how to properly configure the core services, according to best practices, and then we can help you take it to the next level.
Can you give an example of how the shared responsibility model is used?
Yes. Imagine you have a Microsoft Azure Blob Storage that includes sensitive data. Then, by accident, someone makes it public. The customer might not be able to afford an hour, two hours, or even days to close that security gap.
In just a few minutes, Conformity will alert you to your risk status, provide remediation recommendations, and for our AWS checks give you the ability to set up auto-remediation. Auto-remediation can be very helpful, as it can close the gap in near-real time for customers.
What are next steps for our readers?
I’d say that whether your cloud exploration is just taking shape, you’re midway through a migration, or you’re already running complex workloads in the cloud, we can help. You can gain full visibility of your infrastructure with continuous cloud security and compliance posture management. We can do the heavy lifting so you can focus on innovating and growing. Also, you can ask anyone from our team to set you up with a complimentary cloud health check. Our cloud engineers are happy to provide an AWS and/or Azure assessment to see if you are building a secure, compliant, and reliable cloud infrastructure. You can find out your risk level in just 10-minutes.
Get started today with a 60-day free trial >
Check out our knowledge base of Azure best practice rules>
Do you see value in building a security culture that is shifted left?
Yes, we have done this for our customers using AWS and it has been very successful. The more we talk about shifting security left the better, and I think that’s where we help customers build a security culture. Every cloud customer is struggling with implementing earlier on in the development cycle and they need tools. Conformity is a tool for customers which is DevOps or DevSecOps friendly and helps them build a security culture that is shifted left.
We help customers shift security left by integrating the Conformity API into their CI/CD pipeline. The product also has preventative controls, which our API and template scanners provide. The idea is we help customers shift security left to identify those misconfigurations early on, even before they’re actually deployed into their environments.
We also help them scan their infrastructure-as-code templates before being deployed into the cloud. Customers need a tool to bake into their CI/CD pipeline. Shifting left doesn’t simply mean having a reporting tool, but rather a tool that allows them to shift security left. That’s where our product, Conformity, can help.
The post Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations appeared first on .
Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. One of the main things they might use during this is “Infrastructure as Code,” where they are creating cloud resources for running their applications using lines of code.
In the below video, as part of a NADOG (North American DevOps Group) event, I describe some additional techniques on how your development staff can incorporate the Well Architected Framework and other compliance scanning against their Infrastructure as Code prior to it being launched into your cloud environment.
If this content has sparked additional questions, please feel free to reach out to me on my LinkedIn. Always happy to share my knowledge of working with large customers on their cloud and transformation journeys!
The post Principles of a Cloud Migration appeared first on .
Risk decisions are the foundation of information security. Sadly, they are also one of the most often misunderstood parts of information security.
This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy.
To properly evaluate the risk of an event, two components are required:
Unfortunately, teams—and humans in general—are reasonably good at the first part and unreasonably bad at the second.
This is a problem.
It’s a problem that is amplified when security starts to integration with teams in a DevOps environment. Originally presented as part of AllTheTalks.online, this talk examines the ins and outs of risk decisions and how we can start to work on improving how our teams handle them.
The post Risk Decisions in an Imperfect World appeared first on .
Intelligent transportation systems (ITS) require harmonization among manufacturers to have any chance of succeeding in the real world. No large-scale car manufacturer, multimodal shipper, or MaaS (Mobility as a Service) provider will risk investing in a single-vendor solution. Successful ITS require interoperable components, especially for managing cybersecurity issues. See https://www.trendmicro.com/vinfo/us/security/news/intelligent-transportation-systems for a set of reports on ITS cybersecurity.
The good news is we now have a standard for automotive cybersecurity, ISA/SAE 21434. This standard addresses all the major elements of connected car security including V2X, reaching from the internals of ECUs and communications busses including CAN to the broader issues of fleet management and public safety. See https://www.iso.org/standard/70918.html for the current draft version of this standard.
Intelligent transport systems rely on complex, contemporary infrastructure elements, including cloud (for data aggregation, traffic analysis, and system-wide recommendations) and 5G (for inter-component networking and real-time sensing). ITS also rely on aging industrial control systems and components, for vehicle detection, weather reporting, and traffic signaling, some dating back forty years or more. This profound heterogeneity makes the cybersecurity problem unwieldy. Automotive systems generally are the most complex public-facing applications of industrial IoT. Any information security problems with them will erode public trust in this important and ultimately critical infrastructure.
Robert Bosch GmbH began working on the first automotive bus architecture in 1986. Automobiles gained increasing electronic functions (smog controls, seat belt monitors, electric window controls, climate controls, and so on). With each new device, the manufacturers had to install additional point-to-point wiring to monitor and control them. This led to increasing complexity, the possibility for error, extended manufacturing time, more costly diagnosis and repair post-sales, and added weight. See Figure 1 for details. By replacing point-to-point wiring with a simple bus, manufacturers could introduce new features connected with one pair of wires for control. This simplified design, manufacturing, diagnosis, and improved quality and maintainability.
Figure 1: CAN Networks Significantly Reduce Wiring (from National Instruments https://www.ni.com/en-us/innovations/white-papers/06/controller-area-network–can–overview.html)
The bus was simple: all devices saw all traffic and responded to messages relevant to them. Each message has a standard format, with a header describing the message content and priority (the arbitration IDs), the body which contains the relevant data, and a cyclic redundancy check (CRC), which is a code to verify that the message contents are accurate. This CRC uses a mathematical formula to determine if any bits have flipped, and for small numbers of errors can correct the message, like a checksum. This is not as powerful as a digital signature. It has no cryptographic power. Every device on the bus can use the CRC algorithm to create a code for messages it sends and to verify the data integrity of messages it receives. Other than this, there is no data confidentiality, authentication, authorization, data integrity, or non-repudiation in CAN bus messages – or any other automotive bus messages. The devices used in cars are generally quite simple, lightweight, and inexpensive: 8-bit processors with little memory on board. Any device connected to the network is trusted. Figure 2 shows the layout of a CAN bus message.
Figure 2: The Standard CAN Frame Format, from National Instruments
Today’s automobiles have more sophisticated devices on board. The types of messages and the services the offer are becoming more complex. In-vehicle infotainment (IVI) systems provide maps, music, Bluetooth connectivity for smartphones and other devices, in addition to increasingly more elaborate driving assistance and monitoring systems all add more traffic to the bus. But given the diversity of manufacturers and suppliers, impeding security measures over the automotive network. No single vendor could today achieve what Robert Bosch did nearly forty years ago. Yet the need for stronger vehicle security is growing.
The ISO/SAE 21434 standard describes a model for securing the supply chain for automotive technology, for validating the integrity of the development process, detecting vulnerabilities and cybersecurity attacks in automotive systems, and managing the deployment of fixes as needed. It is comprehensive. ISO/SAE 21434 builds on decades of work in information security. By applying that body of knowledge to the automotive case, the standard will move the industry towards a safer and more trustworthy connected car world.
But the standard’s value doesn’t stop with cars and intelligent transport systems. Domains far beyond connected cars will benefit from having a model for securing communications among elements from diverse manufacturers sharing a common bus. The CAN bus and related technologies are used onboard ships, in aircraft, in railroad management, in maritime port systems, and even in controlling prosthetic limbs. The vulnerabilities are common, the complexity of the supply chain is equivalent, and the need for a comprehensive architectural solution is as great. So this standard is a superb achievement and will go far to improve the quality, reliability, and trustworthiness of critical systems globally.
What do you think? Let me know in the comments below or @WilliamMalikTM.
The post Connected Car Standards – Thank Goodness! appeared first on .
Organisations have been forced to adapt rapidly over the past few months as government lockdowns kept most workers to their homes. For many, the changes they’ve made may even become permanent as more distributed working becomes the norm. This has major implications for cybersecurity. Employees are often described as the weakest link in the corporate security chain, so do they become an even greater liability when working from home?
Unfortunately, a major new study from Trend Micro finds that, although many have become more cyber-aware during lockdown, bad habits persist. CISOs looking to ramp up user awareness training may get a better return on investment if they try to personalize strategies according to specific user personas.
What we found
We polled 13,200 remote workers across 27 countries to compile the Head in the Clouds study. It reveals that 72% feel more conscious of their organisation’s cybersecurity policies since lockdown began, 85% claim they take IT instructions seriously, and 81% agree that cybersecurity is partly their responsibility. Nearly two-thirds (64%) even admit that using non-work apps on a corporate device is a risk.
Yet in spite of these lockdown learnings, many employees are more preoccupied by productivity. Over half (56%) admit using a non-work app on a corporate device, and 66% have uploaded corporate data to it; 39% of respondents “often” or “always” access corporate data from a personal device; and 29% feel they can get away with using a non-work app, as IT-backed solutions are “nonsense.”
This is a recipe for shadow IT and escalating levels of cyber-risk. It also illustrates that current approaches to user awareness training are falling short. In fact, many employees seem to be aware of what best practice looks like, they just choose not to follow it.
Four security personas
This is where the second part of the research comes in. Trend Micro commissioned Dr Linda Kaye, Cyberpsychology Academic at Edge Hill University, to profile four employee personas based on their cybersecurity behaviors: fearful, conscientious, ignorant and daredevil.
In this way: Fearful employees may benefit from training simulation tools like Trend Micro’s Phish Insight, with real-time feedback from security controls and mentoring.
Conscientious staff require very little training but can be used as exemplars of good behavior, and to team up with “buddies” from the other groups.
Ignorant users need gamification techniques and simulation exercises to keep them engaged in training, and may also require additional interventions to truly understand the consequences of risky behavior.
Daredevil employees are perhaps the most challenging because their wrongdoing is the result not of ignorance but a perceived superiority to others. Organisations may need to use award schemes to promote compliance, and, in extreme circumstances, step up data loss prevention and security controls to mitigate their risky behavior.
By understanding that no two employees are the same, security leaders can tailor their approach in a more nuanced way. Splitting staff into four camps should ensure a more personalized approach than the one-size-fits-all training sessions most organisations run today.
Ultimately, remote working only works if there is a high degree of trust between managers and their teams. Once the pandemic recedes and staff are technically allowed back in the office, that trust will have to be re-earned if they are to continue benefiting from a Work From Home environment.
The post Survey: Employee Security Training is Essential to Remote Working Success appeared first on .
The endpoint has long been a major focal point for attackers targeting enterprise IT environments. Yet increasingly, security bosses are being forced to protect data across the organization, whether it’s in the cloud, on IoT devices, in email, or on-premises servers. Attackers may jump from one environment to the next in multi-stage attacks and even hide between the layers. So, it pays to have holistic visibility, in order to detect and respond more effectively.
This is where XDR solutions offer a convincing alternative to EDR and point solutions. But unfortunately, not all providers are created equal. Trend Micro separates themselves from the pack by providing mature security capabilities across all layers, industry-leading threat intelligence, and an AI-powered analytical approach that produces fewer, higher fidelity alerts.
Under pressure
It’s no secret that IT security teams today are under extreme pressure. They’re faced with an enemy able to tap into a growing range of tools and techniques from the cybercrime underground. Ransomware, social engineering, fileless malware, vulnerability exploits, and drive-by-downloads, are just the tip of the iceberg. There are “several hundred thousand new malicious programs or unwanted apps registered every day,” according to a new Osterman Research report. It argues that, while endpoint protection must be a “key component” in corporate security strategy, “It can only be one strand” —complemented with protection in the cloud, on the network, and elsewhere.
There’s more. Best-of-breed approaches have saddled organizations with too many disparate tools over the years, creating extra cost, complexity, management headaches, and security gaps. This adds to the workload for overwhelmed security teams.
According to Gartner, “Two of the biggest challenges for all security organizations are hiring and retaining technically savvy security operations staff, and building a security operations capability that can confidently configure and maintain a defensive posture as well as provide a rapid detection and response capacity. Mainstream organizations are often overwhelmed by the intersectionality of these two problems.”
XDR appeals to organizations struggling with all of these challenges as well as those unable to gain value from, or who don’t have the resources to invest in, SIEM or SOAR solutions. So what does it involve?
What to look for
As reported by Gartner, all XDR solutions should fundamentally achieve the following:
However, the analyst urges IT buyers to think carefully before choosing which provider to invest in. That’s because, in some cases, underlying threat intelligence may be underpowered, and vendors have gaps in their product portfolio which could create dangerous IT blind spots. Efficacy will be a key metric. As Gartner says, “You will not only have to answer the question of does it find things, but also is it actually finding things that your existing tooling is not.”
A leader in XDR
This is where Trend Micro XDR excels. It has been designed to go beyond the endpoint, collecting and correlating data from across the organization, including; email, endpoint, servers, cloud workloads, and networks. With this enhanced context, and the power of Trend Micro’s AI algorithms and expert security analytics, the platform is able to identify threats more easily and contain them more effectively.
Forrester recently recognized Trend Micro as a leader in enterprise detection and response, saying of XDR, “Trend Micro has a forward-thinking approach and is an excellent choice for organizations wanting to centralize reporting and detection with XDR but have less capacity for proactively performing threat hunting.”
According to Gartner, fewer than 5% of organizations currently employ XDR. This means there’s a huge need to improve enterprise-wide protection. At a time when corporate resources are being stretched to the limit, Trend Micro XDR offers global organizations an invaluable chance to minimize enterprise risk exposure whilst maximizing the productivity of security teams.
The post Beyond the Endpoint: Why Organizations are Choosing XDR for Holistic Detection and Response appeared first on .
Things fail. It happens. A core principle of building well in the AWS Cloud is reliability. Dr. Vogels said it best, “How can you reduce the impact of failure on your customers?” He uses the term “blast radius” to describe this principle.
One of the key methods for reducing blast radius is the AWS account itself. Accounts are free and provide a strong barrier between resources, and thus, failures or other issues. This type of protection and peace of mind helps teams innovate by reducing the risk of running into another team’s work. The challenge is managing all of these accounts in a reasonable manner. You need to strike a balance between providing security guardrails for teams while also ensuring that each team gets access to the resources they need.
AWS Services & Features
There are a number of AWS services and features that help address this need. AWS Organizations, AWS Firewall Manager, IAM Roles, tagging, AWS Resource Access Manager, AWS Control Tower, and more, which all play a role in helping your team manage multiple accounts.
For this post, we’ll look at AWS Control Tower a little closer. AWS Control Tower was made generally available at AWS re:Inforce. The service provides an easy way to setup and govern AWS accounts in your environment. You can configure strong defaults for all new accounts, pre-populate IAM Roles, and more. Essentially, AWS Control Tower makes sure that any new account starts off on the right foot.
For more on the service, check out this excellent talk from the launch.
Partner Integrations
With almost a year under its belt, AWS Control Tower is now expanding to provide partner integrations. Now, in addition to setting up AWS services and features, you can pre-config supported APN solutions as well. Trend Micro is among the first partners to support this integration by providing the ability to add Trend Micro Cloud One – Workload Security and Trend Micro Cloud One – Conformity to your Control Tower account factory. Once configured, any new account that is created via the factory will automatically be configured in your Trend Micro Cloud One account.
Integration Advantage
This integration not only reduces the friction in getting these key security tools setup, it also provides immediate visibility into your environment. Workload Security will now be able show you any Amazon EC2 instances or Amazon ECS hosts within your accounts. You’ll still need to install and apply a policy to the Workload Security agent to protect these instances, but this initial visibility provides a map for your teams, reducing the time to protection. Conformity will start generating information within minutes. This information from Conformity will allow your teams to get a quick handle on their security posture and more with fast and ongoing security and compliance checks.
Integrating this from the beginning of every new account will allow each team to track their progress against a huge set of recommended practices across all five pillars of the Well-Architected Framework.
What’s Next?
One of the biggest challenges in cloud security is integrating it early in the development process. We know that the earlier security is factored into your builds, the better the result. You can’t get much earlier than the initial creation on an account. That’s why this new integration with AWS Control Tower is so exciting. Having security in every account within your organization from day zero provides much needed visibility and a fantastic head start.
The post Automatic Visibility And Immediate Security with Trend Micro + AWS Control Tower appeared first on .
“Cloud security is simple, absolutely simple. Stop over complicating it.”
This is how I kicked off a presentation I gave at the CyberRisk Alliance, Cloud Security Summit on Apr 17 of this year. And I truly believe that cloud security is simple, but that does not mean easy. You need the right strategy.
As I am often asked about strategies for the cloud, and the complexities that come with it, I decided to share my recent talk with you all. Depending on your preference, you can either watch the video below or read the transcript of my talk that’s posted just below the video. I hope you find it useful and will enjoy it. And, as always, I’d love to hear from you, find me @marknca.
For those of you who prefer to read rather than watch a video, here’s the transcript of my talk:
Cloud security is simple, absolutely simple. Stop over complicating it.
Now, I know you’re probably thinking, “Wait a minute, what is this guy talking about? He is just off his rocker.”
Remember, simple doesn’t mean easy. I think we make things way more complicated than they need to be when it comes to securing the cloud, and this makes our lives a lot harder than they need to be. There’s some massive advantages when it comes to security in the cloud. Primarily, I think we can simplify our security approach because of three major reasons.
The first is integrated identity and access management. All three major cloud providers, AWS, Google and Microsoft offer fantastic identity, and access management systems. These are things that security, and [inaudible 00:00:48] professionals have been clamouring for, for decades.
We finally have this ability, we need to take advantage of it.
The second main area is the shared responsibility model. We’ll cover that more in a minute, but it’s an absolutely wonderful tool to understand your mental model, to realize where you need to focus your security efforts, and the third area that simplifies security for us is the universal application of APIs or application programming interfaces.
These give us as security professionals the ability to orchestrate. and automate a huge amount of the grunt work away. These three things add up to, uh, the ability for us to execute a very sophisticated, uh, or very difficult to pull off, uh, security practice, but one that ultimately is actually pretty simple in its approach.
It’s just all the details are hard and we’re going to use these three advantages to make those details simpler. So, let’s take a step back for a second and look at what our goal is.
What is the goal of cybersecurity? That’s not something you hear quite often as a question.
A lot of the time you’ll hear the definition of cybersecurity is, uh, about, uh, securing the confidentiality, integrity, and availability of information or data. The CIA triad, different CIA, but I like to phrase this in a different way. I think the goal is much clearer, and the goal’s much simpler.
It is to make sure that whatever you’re building works as intended and only as intended. Now, you’ll realize you can’t accomplish this goal just as a security team. You need to work with your, uh, developers, you need to work with operations, you need to work with the business units, with the end users of your application as well.
This is a wonderful way of phrasing our goal, and realizing that we’re all in this together to make sure whatever you’re building works as intended, and only as intended.
Now, if we move forward, and we look at who are we up against, who’s preventing our stuff from working, uh, well?
You look at normally, you think of, uh, who’s attacking our systems? Who are the risks? Is it nation states? Is it maybe insider threats? While these are valid threats, they’re really overblown. You’re… don’t have to worry about nation state attacks.
If you’re a nation state, worry about it. If you’re not a nation state, you don’t have to worry about it because frankly, there’s nothing you can do to stop them. You can slow them down a little bit, but by definition, they’re going to get through your resources.
As far as insider attacks, this is an HR problem. Treat your people well. Um, check in with them, and have a strong information management policy in place, and you’re going to reduce this threat naturally. If you go hunting for people, you’re going to create the very threats that you’re looking at.
So, it brings us to the next set. What about cyber criminals? You know, we do have to worry about cyber criminals.
Cyber criminals are targeting systems simply because these systems are online, these are profit motivated criminals who are organized, and have a good set of tools, so we absolutely need to worry about them, but there’s a more insidious or more commonplace, maybe a simpler threat that we need to worry about, and that’s one of mistakes.
The vast majority of issues that happen around data breaches around security vulnerabilities in the cloud are mistake driven. In fact, to the point where I would not even worry about cyber criminals simply because all the work we’re going to do to focus on, uh, preventing mistakes.
And catching, and rectifying the stakes really, really quickly is going to uh, you a cover all the stuff that we would have done to block out cyber criminals as well, so mistakes are very common because people are using a lot more services in the cloud.
You have a lot more, um, parts and moving, uh, complexity in your deployment, um, and you’re going to make a mistake, which is why you need to put automated systems in place to make sure that those mistakes don’t happen, or if they do happen that they’re caught very, very quickly.
This applies to standard DevOps, the philosophies for building. It also applies to security very, very wonderfully, so this is the main thing we’re going to focus on.
So, if we look at that sum up together, we have our goal of making sure whatever we’re building works as intended, and only as intended, and our major issue here, the biggest risk to this is simple mistakes and misconfigurations.
Okay, so we’re not starting from ground zero here. We can learn from others, and the first place we’re going to learn is the shared responsibility model. The shared responsibility applies to all cloud service providers.
If you look on the left hand side of the slide here, you’ll see the traditional on premise model. We roughly have six areas where something has to be done roughly daily, whether it’s patching, maintenance, uh, just operational visibility, monitoring, that kind of thing, and in a traditional on premise environment, you’re responsible for all of it, whether it’s your team, or a team underneath your organization.
Somewhere within your tree, people are on the hook for doing stuff daily. Here when we move into an infrastructure, so getting a virtual machine from a cloud provider right off the bat, half of the responsibilities are pushed away.
That’s a huge, huge win.
And, as we move further and further to the right to more managed service, or staff level services, we have less and less daily responsibilities.
Now, of course, you always still have to verify that the cloud service provider’s doing what they, uh, say they’re doing, which is why certifications and compliance frameworks come into play, uh, but the bottom line is you’re doing less work, so you can focus on fewer areas.
Um, that is, or I should say not less work, but you’re doing, uh, less broad of a work.
So you can have that deeper focus, and of course, you always have to worry about service configuration. You are given knobs and dials to turn to lock things down. You should use them like things like encrypting, uh, all your data at rest.
Most of the time it’s an easy check box, but it’s up to you to check it ‘cause it’s your responsibility.
We also have the idea of an adoption framework, and this applies for Azure, for AWS and for Google, uh, and what they do is they help you map out your business processes.
This is important to security, because it gives you the understanding of where your data is, what’s important to the business, where does it lie, who needs to touch it, and access it and process it.
That also gives us the idea, uh, or the ability to identify the stakeholders, so that we know, uh, you know, who’s concerned about this data, who is, has an investment in this data, and finally it helps to, to deliver an action plan.
The output of all of these frameworks is to deliver an action plan to help you migrate into the cloud and help you to continuously evolve. Well, it’s also a phenomenal map for your security efforts.
You want to prioritize security, this is how you do it. You get it through the adoption framework, understanding what’s important to the business, and that lets you identify critical systems and areas for your security.
Again, we want to keep things simple, right? And, the third, uh, the o- other things we want to look at is the CIS foundations. They have them for AWS, Azure and GCP, um, and these provide a prescriptive guidance.
They’re really, um, a strong baseline, and a checklist of tasks that you can accomplish, um, or take on, on your, uh, take on, on your own, excuse me, uh, in order to, um, you know, basically cover off the really basics is encryption at rest on, um, you know, do I make sure that I don’t have, uh, things needlessly exposed to the internet, that type of thing.
Really fantastic reference point and a starting point for your security practice.
Again, with this idea of keeping things as simple as possible, so when it comes to looking at our security policy, we’ve used the frameworks, um, and the baseline to kind of set up a strong, uh, start to understand, uh, where the business is concerned, and to prioritize.
And, the first question we need to ask ourselves as security practitioners, what happened? If we, if something happens, and we ask what happened?
Do we have the ability to answer this question? So, that starts us off with logging and auditing. This needs to be in place before something happened. Let me just say that again, before something happened, you need [laughs] to be able to have this information in place.
Now, uh, this is really, uh, to ask these key questions of what happened in my account, and who, or what made that thing happen?
So, this starts in the cloud with some basic services. Uh, for AWS it’s cloud trail, for Azure, it’s monitor, and for Google Cloud it used to be called Stackdriver, it is now the Google Cloud operations suite, so these need to be enabled on at full volume.
Don’t worry, you can use some lifecycle rules on the data source to keep your costs low.
But, this gives you that layer, that basic auditing and logging layer, so that you can answer that question of what happened?
So, the next question you want to ask yourself or have the ability to answer is who’s there, right? Who’s doing what in my account? And, that comes down to identity.
We’ve already mentioned this is one of the key pillars of keeping security simple, and getting that highly effective security in your cloud.
[00:09:00] So here you’re answering the questions of who are you, and what are you allowed to do? This is where we get a very simple privilege, uh, or principle in security, which is the principle of least privilege.
You want to give an identity, so whether that’s a user, or a role, or a service, uh, only the privileges they, uh, require that are essential to perform the task that, uh, they are intended to do.
Okay?
So, basically if I need to write a file into a storage, um, folder or a bucket, I should only have the ability to write that file. I don’t need to read it, I don’t need to delete it, I just need to write to it, so only give me that ability.
Remember, that comes back to the other pillar of simple security here of, of key cloud security, is integrated identity.
This is where it really takes off, is that we start to assign very granular access permissions, and don’t worry, we’re going to use the APIs to automate all this stuff, so that it’s not a management headache, but the principle of these privilege is absolutely critical here.
The services you’re going to be using, amazingly, all three cloud providers got in line, and named them the same thing. It’s IAM, identity access management, whether that’s AWS, Azure or Google Cloud.
Now, the next question we’re going to a- ask ourselves are the areas where we’re going to be looking at is really where should I be focusing security controls? Where should I be putting stuff in place?
Because up until now we’ve really talked about leveraging what’s available from the cloud service providers, and you absolutely should available, uh, maximize your usage of their, um, native and primitive, uh, structures primitive as far as base concepts, not as, um, refined.
They’re very advanced controls and, but there are times where you’re going to need to put in your own controls, and these are the areas you’re going to focus on, so you’re going to start with networking, right?
So, in your networking, you’re going to maximize the native structures that are available in the cloud that you’re in, so whether that’s a project structure in Google Cloud, whether that’s a service like transit gateway in AWS, um, and all of them have this idea of a VPC or virtual private cloud or virtual network that is a very strong boundary for you to use.
Remember, most of the time you’re not charged for the creation of those. You have limits in your accounts, but accounts are free, and you can keep adding more, uh, virtual networks. You may be saying, wait a minute, I’m trying to simplify things.
Actually, having multiple virtual networks or virtual private clouds ends up being far simpler because each of them has a task. You go, this application runs in this virtual private cloud, not a big shared one in this specific VPC, and that gives you this wonderfully strong security boundaries, and a very simple way of looking at one VPC, one action, very much the Unix philosophy in play.
Key here though is understanding that while all of the security controls in place for your service provider, um, give you, so, you know, whether it’s VPCs, routing tables, um, uh, access control lists, security groups, all the SDN features that they’ve got in place.
These really help you figure out whether service A or system A is allowed to talk to B, but they don’t tell you what they’re saying.
And, that’s where additional controls called an IPS, or intrusion prevention system come into play, and you may want to look at getting a third party control in to do that, because none of the th- big three cloud providers offer an IPS at this point.
[00:12:00] But that gives you the ability to not just say, “Hey, you’re allowed to talk to each other.” But, to monitor that conversation, to ensure that there’s not malicious code being passed back and forth between systems that nobody’s trying a denial of service attack.
A whole bunch of extra things on there have, so that’s where IPS comes into play in your network defense. Now, we look at compute, right?
We can have compute in various forms, whether that’s in serverless functions, whether that’s in containers, manage containers, whether that’s in traditional virtual machines, but all the principles are the same.
You want to understand where the shared responsibility line is, how much is on your plate, how much is on the CSPs?
You want to understand that you need to harden the EOS, or the service, or both in some cases, make sure that, that’s locked down, so have administrator passwords. Very, very complicated.
Don’t log into these systems, uh, you know, because you want to be fixing things upstream. You want to be fixing things in the build pipeline, not logging into these systems directly, and that’s a huge thing for, uh, systems people to get over, but it’s absolutely essential for security, and you know what?
It’s going to take a while, but there’s some tricks there you can follow with me. You can see, uh, on the slides, uh, at Mark, that is my social everywhere, uh, happy to walk you through the next steps.
This idea of this presentation’s really just the simple basics to start with, to give you that overview of where to focus your time, and, dispel that myth that cloud security is complicating things.
It is a huge path is simplicity, which is a massive lens, or for security.
So, the last area you want to focus here is in data and storage. Whether this is databases, whether this is big blob storage, or, uh, buckets in AWS, it doesn’t really matter the principles, again, all the same.
You want to encrypt your data at rest using the native cloud provided, uh, cloud service provider, uh, features functionality, because most of the time it’s just give it a key address, and give it a checkbox, and you’re good to go.
It’s never been easier to encrypt things, and there is no excuse for it and none of the providers charge extra for, uh, encryption, which is amazing, and you absolutely want to be taking advantage of that, and you want to be as granular as possible with your IAM, uh, and as reasonable, okay?
So, there’s a line here, and a lot of the data stores that are native to the cloud service providers, you can go right down to the data cell level and say, Mark has access, or Mark doesn’t have access to this cell.
That can be highly effective, and maybe right for your use case. It might be too much as well.
But, the nice thing is that you have that option. It’s integrated, it’s pretty straightforward to implement, and then, uh, when we look here, uh, sorry. and then, finally you want to be looking at lifecycle strategies to keep your costs under control.
Um, data really spins out of control when you don’t have to worry about capacity. All of the cloud service providers have some fantastic automations in place.
Basically, just giving you, uh, very simple rules to say, “Okay, after 90 days, move this over to cheaper storage. After 180 days, you know, get rid of it completely, or put it in cold storage.”
Take advantage of those or your bill’s going to spiral out of control, and, and that relates to availability ‘cause uh, uh, and reliability, ‘cause the more you’re spending on that kind of stuff, the less you have to spend on other areas like security and operational efficiency.
So, that brings us to our next big security question. Is this working?
[00:15:00] How do you know if any of this stuff is working? Well, you want to talk about the concept of traceability. Traceability is a, you know, somewhat formal definition, but for me it really comes down to where did this come from, who can access it, and when did they access it?
That ties very closely with the concept of observability. Basically, the ability to look at, uh, closed systems and to infer what’s going on inside based on what’s coming into that system, and what’s leaving that system, really what’s going on.
There’s some great tools here from the service providers. Again, you want to look at, uh, Amazon CloudWatch, uh, Azure Monitor and the Google Cloud operations, uh, suite. Um, and here this leads us to the key, okay?
This is the key to simplifying everything, and I know we’ve covered a ton in this presentation, but I really want you to take a good look at this slide, and again, hit me up, uh, @marknca, happy to answer any questions with, questions afterwards as well here, um, that this will really, really make this simple, and this will really take your security practice to the next level.
If the idea of something happened in your, cloud system, right? In your deployment, there’s a trigger, and then, it either is generating an event or a log.
If you go the bottom row here, you’ve got a log, which you can then react to in a function to deliver some sort of result. That’s the slow-lane on the bottom.
We’re talking minutes here. You also have the top lane where your trigger fires off an event, and then, you react to that with a function, and then, you get a result in the fast lane.
These things happen in seconds, sub-second time. You start to build out your security practice based on this model.
You start automating more and more in these functions, whether it’s, uh, Lambda, whether it’s Cloud Functions, whether it’s Azure Functions, it doesn’t matter.
The CSPs all offer the same core functionality here. This is the critical, critical success metric, is that when you start reacting in the fast lane automatically to things, so if you see that a security event is triggered from like your malware, uh, on your, uh, virtual machine, you can lock that off, and have a new one spin up automatically.
Um, if you’re looking for compliance stuff, the slow lane is the place to go, because it takes minutes.
Reactions happen up top, more, um, stately or more sedate things, so somebody logging into a system is both up top and down low, so up top, if you logged into a VPC or into, um, an instance, or a virtual machine, you’d have a trigger fire off and maybe ask me immediately, “Mark, did you log into the system? Uh, ‘cause you’re, you know, you’re not supposed to be.”
But then I’d respond and say, “Yeah, I, I did log in.” So, immediately you don’t have to respond. It’s not an incident response scenario, but on the bottom track, maybe you’re tracking how many times I’ve logged in.
And after the three or fourth time maybe someone comes by, and has a chat with me, and says, “Hey, do you keep logging into these systems? Can’t you fix it upstream in the deployment, uh, and build a pipeline ‘cause that’s where we need to be moving?”
So, you’ll find this balance, and this concept, I just wanted to get into your heads right now of automating your security practice. If you have a checklist, it should be sitting in a model like this, because it’ll help you, uh, reduce your workload, right?
The idea is to get as much automated possible, and keep things in very clear, and simple boundaries, and what’s more simple than having every security action listed as an automated function, uh, sitting in a code repository somewhere?
[00:18:00] Fantastic approach to modern security practice in the cloud. Very simple, very clear. Yes, difficult to implement. It can be, but it’s an awesome, simple mental model to keep in your head that everything gets automated as a function based on a trigger somewhere.
So, what are the keys to success? What are the keys to keeping this cloud security thing simple? And, hopefully you’ve realized the difference between a simple mental model, and the challenges, uh, in, uh, implementation.
It can be difficult. It’s not easy to implement, but the mental model needs to be kept simple, right? Keep things in their own VPCs, and their own accounts, automate everything. Very, very simple approach. Everything fits into this s- into this structure, so the keys here are remembering the goal.
Make sure that cybersecurity, uh, is making sure that whatever you build works as intended and only as intended. It’s understanding the shared responsibility model, and it’s really looking at, uh, having a plan through cloud adoption frameworks, how to build well, which is a, uh, a concept called the Well-Architected Framework.
It’s specific to AWS, but it’s generic, um, its principles, it can be applied everywhere. We didn’t cover it here, but I’ll put the links, um, in the materials for you, uh, as well as remembering systems over people, right?
Adding the right controls at the right time, uh, and then, finally observing and react. Be vigilant, practice. You’re not going to get this right out of the gates, uh, perfect.
You’re going to have to refine, iterate, and then it’s extremely cloud friendly. That is the cloud model is, get it out there, iterate quickly, but putting the structures in place, you’re not going to make sure that you’re not doing that in an insecure manner.
Thank you very much, uh, here’s a couple of links that’ll help you out before we take some Q&A here, um, trendmicro.com/cloud will get you to the products to learn more. We’re also doing this really cool streaming.
Uh, I host a show called Let’s Talk Cloud. Um, we uh, interview experts, uh, and have a great conversation around, um, what they’re talking about, uh, in the cloud, what they’re working on, and not just around security, but just in building in general.
You can hit that up at trendtalks.fyi. Um, and again, hit me up on social @marknca.
So, we have a couple of questions to kick this off, and you can put more questions in the webinar here, and they will send them along, or answer them in kind if they can.
Um, and that’s really what these are about, is the interaction is getting that, um, to and from. So, the first question that I wanted to tackle is an interesting one, and it’s really that systems over people.
Um, you heard me mention it in the, uh, in the end and the question is really what does that mean systems over people? Isn’t security really about people’s expertise?
And, yes and no, so if you are a SOC analyst, if you are working in a security, uh, role right now, I am really confident saying that 80%, 90% of what you do right now could be delegated out to a system.
So, if you were looking at log lines, and stuff that should be done by systems and bubble up, just the goal for you to investigate to do what people are good at in systems are bad at, so systems mean, uh, you know, putting in, uh, to build pipeline, putting in container scanning in the build pipeline, so that you have to manually scan stuff, right to get rid of the basics. Is that a pen test? 100% no.
Um, but it gets rid of that, hey, you didn’t upgrade to, um, you know, this version of this library.
[00:21:00] That’s all automated, and those, the more systems you get in place, the more you as a security professional, or your security team will be able to focus on where they can really deliver value and frankly, where it’s more interesting work, so that’s what systems over people mean, is basically automate as much as you can to get people doing what people are really good at, and to make sure that the systems catch what we make as mistakes all the time.
If you accidentally try to push an old build out, you know that systems should stop that, if you push a build that hasn’t been checked by that container scanning or by, um, you know, it doesn’t have the appropriate security policy in place.
Systems should catch all that humans shouldn’t have to worry about it at all. That’s systems over processing. You saw that on the, uh, keys to success slide here. I’ll just pull it up. Um, you know, is that, that’s absolutely key.
Another question that we had, uh, was what we didn’t get into here, which was around the Well-Architected Framework. Now, this is a document that was published by AWS, uh, a number of years back, and they’ve kept it going.
They’ve evolved it and essentially it has five pillars. Um, performance, efficiency, uh, op- reliability, security, cost optimization, and operational excellence. Hey, I’ve got all five.
Um, and really [laughs] what that is, is it’s about how to take advantage of these cloud tools.
Now, AWS publishes it, but honestly it applies to Azure, it applies to Google Cloud as well. It’s not service specific. It teaches you how to build in the cloud, and obviously security is one of those big pillars, but it’s… so talking about teaching you how to make those trade offs, how to build an innovation flywheel, so that you have an idea, test it, uh, get the feedback from it, and move forward.
Um, and that’s really, really key. Again, now you should be reading that even if you are an Azure, or GCP customer or, uh, that’s where you’re putting your most of your stuff, because it’s really about the principles, and everything we do, and encourage people to build well, it means that there’s less security issues, right?
Especially we know that the number one problem is mistakes.
That leads to the last question we have here, which is about that, how can I say that cyber criminals, you don’t need to worry about them.
You need to worry about mistakes? That’s a good question. It’s valid, and, um, Trend Micro does a huge amount of research around cyber criminals. I do a whole huge amount of research around cyber criminals.
Uh, my training, by training, and by professional experience. I’m a forensic investigator. This is what I do is take down cyber crimes. Um, but I think mistakes are the number one thing that we deal with in the cloud simply because of the underlying complexity.
I know it’s ironic, and to talk about simplicity, to talk about complexity, but the idea is, um, is that you look at all the major breaches, especially around s3 buckets, those are all m- based on mistake.
There’ve been billions, and billions, and billions of records, and, uh, millions of dollars of damage exposed because of simple mistakes, and that is far more common, uh, than cyber criminals.
And yes, cyber crimes you have [inaudible 00:23:32] worry. You have to worry about them, but everything you’re going to do to fix mistakes, and to put systems in place to stop those mistakes from happening is also going to be for your pr- uh, protection up against cyber criminals, and honestly, if you’re the guy who runs around your organization’s screaming about cyber criminals all the time, you’re far less credible than if you’re saying, “Hey, I want to make sure that we build really, really well, and don’t make mistakes.”
Thank you for taking the time. My name’s Mark Nunnikhoven. I’m the vice president of cloud research at Trend Micro. I’m also an AWS community hero, and I love this stuff. Hit me up on social @marknca. Happy to chat more.
The post Cloud Security Is Simple, Absolutely Simple. appeared first on .
The Mac has always been pretty easy to use, but even the most ardent Mac supporters know there comes a time when their Mac is no longer new and they notice slowdowns in its performance, particularly after intensive use. They’d like a handy one-stop tool to help them optimize memory and CPU performance, free up disk space, and generally speed up their Mac, since they don’t want to dig around in the MacOS for buried utilities they don’t know how to use. Fortunately, Trend Micro has a solution for that.
Trend Micro Cleaner One Pro is an easy-to-use, all-in-one disk cleaning and optimization utility that can help you boost your Mac’s performance. Cleaner One Pro includes a number of Mac housecleaning tools such as a Memory Optimizer, a Junk Files cleaner, a Big Files scanner, a Duplicate Files finder, an App Manager, a File Shredder, and a Disk Map. These functions are all rolled into an easy-to-use interface that helps you visualize your Mac’s usage, while freeing up memory and storage on your Mac.
In this two-part blog, we will show you how you can use Cleaner One Pro to make your Mac run faster, walking you through its features. In Part 1, we focus on Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we’ll focus on System and Application Management, Privacy Protection, and some Other Options.
Once you’ve installed Cleaner One Pro, its Quick Optimizer appears in the Apple Menu, with handy tools to speed up your Mac. Click the icon and it displays a Console that monitors your Memory, Junk Files, CPU, and Network Usage, while letting you Optimize your Memory Usage and Clean your Junk Files with just one click. System Optimizer opens a Window onto the contents of your Mac for more detailed management.
Memory Optimizer
There are applications running in the background of your Mac that take up physical memory and affect its performance. The Memory Optimizer gives you control over how your computer consumes its memory resources—and you can free up your Mac’s memory in seconds with just one click on the Optimize button. If you want to see which apps are taking up significant memory, you can click the three-dot icon next to Memory Usage. It will show your Mac’s memory usage by app, in descending order. Click the Information (i) icon in the Memory Usage window for a breakdown of the types of memory being used.
Junk files, temporary files, system files and other non-essential items will accumulate on your Mac over time. These files take up a lot of space on your hard drive and may degrade the performance of your Mac as you reach higher disk usage. Click the Clean button and the Junk Files cleaner quickly removes application cache, system log files, update files, temporary files and hidden leftover files. You can also see the details of the identified Junk Files by clicking the three-dot icon next to Junk Files.
When your computer starts to run slowly it’s helpful to have a snapshot of its CPU usage. With this feature, you can see which apps are using significant CPU resources and how much percentage they’re using. It also let you know how long your computer has been up and running, since system reliability can degrade if it’s been awhile since you restarted your Mac.
If you want to keep an eye on your bandwidth consumption and avoid exceeding data caps, it’s useful to know the real-time download and upload speeds on your Mac. The Network Usage Monitor also provides a view of other network related information such as your Wi-Fi signal quality.
The Main Console is the core workplace in Trend Micro Cleaner One Pro and provides the following features, which are presented here grouped by purpose:
|
|
To access the Main Console, click System Optimizer in the Cleaner One Pro Apple Menu. The first time you do, you’ll need to authorize full access to your disk, so Cleaner One Pro can access more junk files. Simply click Grant Access in the System Optimizer window and watch the video or follow the written instructions. Complete the steps by closing Cleaner One Pro, then reload it. You’re now ready to begin optimizing.
The hard drive on your Mac holds the entire Mac operating system and important files including your data. As you use your Mac, over time its hard drive will accumulate junk files. These junk files are generated by the system and other programs. Cleaner One Pro is equipped with advanced and efficient algorithms that scan and remove junk files within seconds. Click Scan to scan for Junk Files and when the scan is done, either check a whole category or individual items in the category, then click Remove.
You may have a lot of clutter on your Mac in the form of big or old files that you probably no longer need and may have just forgotten about. Removing big unused files can recover a lot of disk space, but it could be time-consuming to delete them if done manually. Also, it is hard to select files for deletion if you don’t know the proper context— where the files are stored or how important they may be.
Big Files scanner provides a big file collector where you can easily spot and remove these files if you don’t need them anymore. Additionally, if you hover your mouse on a file, you’ll see a magnifier and a lock icon. Once you click the magnifier icon, you’ll locate the actual file. If you click the lock icon, the file will be added to the Ignore List, which will be locked.
Disk Map is a significant tool that helps you analyze the usage of your storage in a visual and interactive map. It quickly scans your drive and builds a visualization of files on the target folder of your Mac, allowing you to easily navigate the system. With Disk Map, you can find out the date when the file/folder was created, modified, and last opened. Furthermore, hovering your mouse on a folder then clicking the magnifier icon will direct you to the file’s location.
Another practice that you are probably comfortable doing is backing-up important files, photos, program installation files and apps on your hard drive. While this is a good practice, it creates duplicate files on your Mac that eventually add clutter and consume disk space. It’s also hard to find files in name searches when you have too many of them.
The Duplicate Files function lets you select a source folder where it will inspect and identify duplicate files on your Mac. In the scan results, an option called “Auto Select” helps you automatically select duplicate files. The information provided by “Auto Select” is listed below:
|
|
You can choose Remove to Trash or Delete Permanently on the confirmation page.
Often, you organize pictures of travels and life events, and also keep a copy to ensure you don’t lose those captured moments. But as digital photos pile up, often similar to others on your drive, they take up a lot of space. To assist you cleaning these up, use Similar Photos, and then choose your photo library to scan the photos on your Mac.
The result will display similar photos and you can choose the ones you don’t need, and the files will be added in the selected list. Click the Remove button to completely delete them from your hard drive.
That’s it for now! The second part of this blog will take up the remaining toolsets of Trend Micro Cleaner One Pro.
Go to Cleaner One Mac for more information or to purchase the app.
The post Cleaner One Pro Speeds Up Your Mac: Part 1 appeared first on .
In July 2015, I did my first threat webinar. I had planned to do it on a monthly basis, and never imagined I would still be doing it five years later, but here I am, still creating monthly webinars. I still do. I started the webinar series to help people understand the different threats targeting our customers and I have always tried to focus on three areas:
|
|
This last point, discussing technologies versus solutions, has been one of the key items I try to follow as much as possible – after all, the goal of my webinars is to be educational, not a sales pitch.
Coming from a technical background, BS in Electrical Engineering from Michigan State University (Go Spartans!!), I enjoy learning about the new technologies being used to detect the latest threats and to ensure you know what to look for when selecting a vendor and/or a security solution. Over the years, I’ve discussed everything from APTs, coinminers, exploits, messaging threats, ransomware, underground activity and lots in between. It is pretty easy to find topics to discuss, as there is so much going on in our industry, and with the malicious actors regularly shifting their tactics, techniques and procedures, I can keep the content fairly fresh.
I really enjoy having guest speakers on my webinars to mix things up a bit for the viewers as well, as I know my limitations – there are just too many threats out there to keep up with all of them. The main reason I love doing the threat webinars is that I enjoy sharing information and teaching others about our industry and the threats affecting them. If you want to check out any of my previous five years of webinars you can watch them here.
For my fifth year anniversary I wanted to try something different and I would like to do an open Q&A session. As I’ve never done this before, it will certainly be an interesting experience for me, but hopefully for you as well. I hope I can answer a majority of your questions, but I know some of you are way too smart for me, so please bear with me.
Our registration page for this webinar allows you to submit any pre-session questions that I’ll answer throughout the webinar. You can ask me anything that is on your mind and if I cannot get to your question, I’ll do my best to answer you afterwards in an email.
I hope to continue to do these webinars for the foreseeable future and I would like to end my post by thanking each and every one of you who has participated in my webinars over the years. It has been a pleasure, and I look forward to answering your questions.
Take care, stay healthy, and keep on smiling!
Jon
The post Ask Me Anything – Celebrating The Fifth Anniversary Of My Monthly Threat Webinar appeared first on .
Migrating to the cloud is hard. The PowerPoint deck and pretty architectures are drawn up quickly but the work required to make the move will take months and possibly years.
The early stages require significant effort by teams to learn new technologies (the cloud services themselves) and new ways of the working (the shared responsibility model).
In the early days of your cloud efforts, the cloud center of expertise is a logical model to follow.
A cloud center of excellence is exactly what it sounds like. Your organization forms a new team—or an existing team grows into the role—that focuses on setting cloud standards and architectures.
They are often the “go-to” team for any cloud questions. From the simple (“What’s an Amazon S3 bucket?”), to the nuanced (“What are the advantages of Amazon Aurora over RDS?”), to the complex (“What’s the optimum index/sort keying for this DynamoDB table?”).
The cloud center of excellence is the one-stop shop for cloud in your organization. At the beginning, this organizational design choice can greatly accelerate the adoption of cloud technologies.
The problem is that accelerated adoption doesn’t necessarily correlate with accelerated understanding and learning.
In fact, as the center of excellent continues to grow its success, there is an inverse failure in organizational learning which create a general lack of cloud fluency.
Cloud fluency is an idea introduced by Forrest Brazeal at A Cloud Guru that describes the general ability of all teams within the organization to discuss cloud technologies and solutions. Forrest’s blog post shines a light on this situation and is summed up nicely in this cartoon;
Our own Mark Nunnikhoven also spoke to Forrest on episode 2 of season 2 for #LetsTalkCloud.
Even though the cloud center of excellence team sets out to teach everyone and raise the bar, the work soon piles up and the team quickly shifts away from an educational mandate to a “fix everything” one.
What was once a cloud accelerator is now a place of burnout for your top, hard-to-replace cloud talent.
If you’ve paid attention to how cybersecurity teams operate within organizations, you have probably spotted a number of very concerning similarities.
Cybersecurity teams are also considered a center of excellence and the central team within the organization for security knowledge.
Most requests for security architecture, advice, operations, and generally anything that includes the prefix “cyber”, word “risk”, or hints of “hacking” get routed to this team.
This isn’t the security team’s fault. Over the years, systems have increased in complexity, more and more incidents occur, and security teams rarely get the opportunity to look ahead. They are too busy stuck in “firefighting mode” to take as step back and re-evaluate the organizational design structure they work within.
According to Gartner, for every 750 employees in an organization, one of those is dedicated to cybersecurity. Those are impossible odds that have lead to the massive security skills gap.
Security needs to follow the example of cloud fluency. We need “security fluency” in order to import the security posture of the systems we built and to reduce the risk our organizations face.
This is the reason that security teams need to turn their efforts to educating development teams. DevSecOps is a term chock full of misconceptions and it lacks context to drive the needed changes but it is handy for raising awareness of the lack of security fluency.
Successful adoption of a DevOps philosophy is all about removing barriers to customer success. Providing teams with the tools and autonomy they require is a critical factor in their success.
Security is just one aspect of the development team’s toolkit. It’s up to the current security team to help educate them on the principles driving modern cybersecurity and how to ensure that the systems they build work as intended…and only as intended.
The post Are You Promoting Security Fluency in your Organization? appeared first on .
The cloud space has been evolving for almost a decade. As a company we’re a major cloud user ourselves. That means we’ve built up a huge amount of in-house expertise over the years around cloud migration — including common challenges and perspectives on how organizations can best approach projects to improve success rates.
As part of our #LetsTalkCloud series, we’ve focused on sharing some of this expertise through conversations with our own experts and folks from the industry. To kick off the series, we discussed some of the security challenges solution architects and security engineers face with customers when discussing cloud migrations. Spoiler…these challenges may not be what you expect.
Drag and drop
This lack of strategy and planning from the start is symptomatic of a broader challenge in many organizations: There’s no big-picture thinking around cloud, only short-term tactical efforts. Sometimes we get the impression that a senior exec has just seen a ‘cool’ demo at a cloud vendor’s conference and now wants to migrate a host of apps onto that platform. There’s no consideration of how difficult or otherwise this would be, or even whether it’s necessary and desirable.
These issues are compounded by organizational siloes. The larger the customer, the larger and more established their individual teams are likely to be, which can make communication a major challenge. Even if you have a dedicated cloud team to work on a project, they may not be talking to other key stakeholders in DevOps or security, for example.
The result is that, in many cases, tools, applications, policies, and more are forklifted over from on-premises environments to the cloud. This ends up becoming incredibly expensive. as these organizations are not really changing anything. All they are doing is adding an extra middleman, without taking advantage of the benefits of cloud-native tools like microservices, containers, and serverless.
There’s often no visibility or control. Organizations don’t understand they need to lockdown all their containers and sanitize APIs, for example. Plus, there’s no authority given to cloud teams around governance, cost management, and policy assignment, so things just run out of control. Often, shared responsibility isn’t well understood, especially in the new world of DevOps pipelines, so security isn’t applied to the right areas.
Getting it right
These aren’t easy problems to solve. From a security perspective, it seems we still have a job to do in educating the market about shared responsibility in the cloud, especially when it comes to newer technologies, like serverless and containers. Every time there’s a new way of deploying an app, it seems like people make the same mistakes all over again — presuming the vendors are in charge of security.
Automation is a key ingredient of successful migrations. Organizations should be automating everywhere, including policies and governance, to bring more consistency to projects and keep costs under control. In doing so, they must realize that this may require a redesign of apps, and a change in the tools they use to deploy and manage those apps.
Ultimately, you can migrate apps to the cloud in a couple of clicks. But the governance, policy, and management that must go along with this is often forgotten. That’s why you need clear strategic objectives and careful planning to secure more successful outcomes. It may not be very sexy, but it’s the best way forward.
To learn more about cloud migration, check out our blog series. And catch up on all of the latest trends in DevOps to learn more about securing your cloud environment.
The post Fixing cloud migration: What goes wrong and why? appeared first on .
It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message;
I am giving back to the community.
All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.
[- BITCOIN WALLET ADDRESS -]
Are Apple, Elon Musk, Barrack Obama, Uber, Joe Biden, and a host of others participating in a very transparent bitcoin scheme?
No. Of course, not. The question was whether or not individual accounts were compromised or if something deeper was going on.
User Account Protection
These high profile accounts are prime targets for cybercriminals. They have a broad reach, and even a brief compromise of one of these accounts would significantly increase a hacker’s reputation in the underground.
That is why these accounts leverage the protections made available by Twitter in order to keep their accounts safe.
This means;
|
|
While it’s believed that one or two of these accounts failed to take these measures, it’s highly unlikely that dozens and dozens of them did. So what happened?
Rumours Swirl
As with any public attack, the Twitter-verse (ironically) was abuzz with speculation. That speculation ramped up when Twitter took the reasonable step of preventing any verified account from tweeting for about three hours.
This step helped prevent any additional scam tweets from being published and further raised the profile of this attack.
While some might shy away from raising the profile of an attack, this was a reasonable trade-off to prevent further damage to affected accounts and to help prevent the attack from taking more ground.
This move also provided a hint as to what was going on. If individual accounts were being attacked, it’s unlikely that this type of movement would’ve done much to prevent the attacker from gaining access. However, if the attacker was accessing a backend system, this mitigation would be effective.
Had Twitter itself been hacked?
Occam’s Razor
When imagining attack scenarios, a direct breach of the main service is a scenario that is often examined in-depth, which is also why it is one of the most planned for scenarios.
Twitter — like any company — has challenges with its systems, but they center primarily around content moderation…their backend security is top-notch.
An example of this an incident in 2018. Twitter engineers made a mistake that meant anyone’s password could have been exposed in their internal logs. Just in case, Twitter urged everyone to reset their password.
While possible, it’s unlikely that Twitter’s backend systems were directly breached. There is a much simpler potential explanation: insider access.
Internal Screenshot
Quickly after the attack, some in the security community noticed a screenshot of an internal support tool from Twitter surfacing in underground discussion forums. This rare inside view showed what appeared to be what a Twitter support team member would see.
This type of access is dangerous. Very dangerous.
Joseph Cox’s article detailing the hack has a key quote,
“We used a rep that literally done all the work for us.”
Anonymous Source
What remains unclear is whether this is a case of social engineering (tricking a privileged insider into taking action) or a malicious insider (someone internally motivated to attack the system).
The difference is important for other defenders out there.
The investigation is ongoing, and Twitter continues to provide updates via @TwitterSupport;
Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020
Social Engineering
Donnie Sullivan from CNN has a fantastic interview with the legendary Rachel Tobac showing how simple social engineering can be and the dangerous impact it can have;
What is “social engineering,” you ask? @RachelTobac showed me. pic.twitter.com/TAw7FB1QPQ
— Donie O'Sullivan (@donie) July 16, 2020
If this attack was conducted through social engineering, the security team at Twitter would need to implement additional processes and controls to ensure that it doesn’t happen again.
Such a situation is what your team also needs to look at. While password resets, account closures, data transfers, and other critical processes are at particular risk of social engineering, financial transactions are atop the cybercriminal’s target list.
BEC—business email compromise—attacks accounted for USD 1.7 billion in losses in 2019 alone.
Adding additional side-channel confirmations, additional steps for verifications, firm and clear approvals and other process steps can help organizations mitigate these types of social engineering attacks.
Malicious Insider
If the attack turns out to be from a malicious insider. Defenders need to take a different approach.
Malicious insiders are both a security problem and human resource one.
From the security perspective, two key principles help mitigate the potential of these attacks;
Making sure that individuals only have the technical access needed to complete their assigned tasks, and only that access is key to limiting this potential attack. Combined with the smart separation of duties (one person to request a change, another to approval it), this significantly reduces the possibility of these attacks causing harm.
The other—and not often spoken of—side of these attacks is the reason behind the malicious intent. Some people are just malicious, and when presented with an opportunity, they will take it.
Other times, it’s an employee that feels neglected, passed over, or is disgruntled in some other way. A strong internal community, regular communication, and a strong HR program can help address these issues before they escalate to the point where aiding a cybercriminal becomes an enticing choice.
Support Risks
Underlying this whole situation is a more challenging issue; the level of access that support has to any given system.
It’s easy to think of a Twitter account as “yours.” It’s not. It’s part of a system run by a company that needs to monitor the health of the system, respond to support issues, and aid law enforcement when legally required.
All of these requirements necessitate a level of access that most don’t think about.
How often are you sharing sensitive information via direct message? Those messages are most likely accessible by support.
What’s to prevent them from accessing any given account or message at any time? We don’t know.
Hopefully, Twitter—and others—have clear guardrails (technical and policy-based) in place to prevent abuse of support access, and they regularly audit them.
It’s a hard balance to strike. User trust is at stake but also the viability of running a service.
Clear, transparent policies and controls are the keys to success here.
Abuse can be internal or external. Support teams typically have privileged access but are also among the lowest paid in the organization. Support—outside of the SRE community—is usually seen as entry-level.
These teams have highly sensitive access, and when things go south, can do a lot of harm. Again, the principles of least privilege, separation of duties, and a strong set of policies can help.
What’s Next?
In the coming days, more details of the attack will surface. In the meantime, the community is still struggling to reconcile the level of access gained and how it was used.
Getting access to some of the world’s most prominent accounts and then conducting a bitcoin scam? Based on the bitcoin transactions, it appears the cybercriminals made off with a little over USD 100,000. Not insignificant, but surely there were other opportunities?
Occam’s razor can help here again. Bitcoin scams and coin miners are the most direct method fo cybercriminals to capitalized on their efforts. Given the high profile nature of the attack, the time before the discovery was always going to be sure. This may have been the “safest” bet for the criminal(s) to profit from this hack.
In the end, it’s a lesson for users of social networks and other services; even if you take all of the reasonable security precautions, you are relying on the service itself to help protect you. That might not always hold true.
It’s a harsh reminder that the very tooling you put in place to run your service may be its biggest risk for service providers and defenders…a risk that’s often overlooked and underestimated.
In the end, Marques Brownlee sums it up succinctly;
Don't send Bitcoin to strangers.
— Marques Brownlee (@MKBHD) July 15, 2020
What do you think of this entire episode? Let’s talk about it—un-ironically—on Twitter, where I’m @marknca.
The post Twitter Hacked in Bitcoin Scam appeared first on .
In Part 1 of this blog, we introduced Trend Micro Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we resume the discussion of how to make your Mac run faster with the remaining Cleaner One Pro features: System and Application Management, Privacy Protection, and Other Options.
Your Mac may get sluggish after a year or two of usage and you may find that booting up takes a lot longer. Doing a Startup Manager scan can help you reduce slowdown due to unwanted startup programs and services, to help your Mac boot faster.
Upon completing the scan, Startup Manager will identify apps under two categories: Login Items and Launch Agents.
Login Items are apps that run automatically upon login. You can manage these apps by enabling them to run automatically or disabling them to make your Mac more efficient. If you don’t need autorun, you can remove the apps from the list.
Launch Agents are background services that run automatically on System startup for the extension features of apps. You can manage these services by letting them run automatically or by disabling them to make your Mac boot faster. Similarly, you can remove these agents if you don’t need them or they’re broken.
When a user installs an app that doesn’t meet their expectations, they’ll never use it again. In many cases, they remove the app by simply dragging it into the trash, assuming the action completely removes the app, but this is not always true. When you uninstall an app, there are often associated files left on your Mac, even after you have emptied the Trash. They’re known as leftovers.
Leftovers are an app’s associated files and folders that can include different languages, log files, agents, or processes that might try to start an application. App Manager aims to resolve this and helps you clean up your Mac by completely removing app leftovers. App Manager detects all app leftovers automatically so you can remove them with just one click.
Data security and privacy are especially important and managing these applies to anyone collecting and keeping data. Data that has reached its retention limit needs to be permanently removed from your file system and to be sure it can’t be recovered you need to overwrite the file with random series of binary data multiple times. This process is often referred to as shredding. With File Shredder, you can remove sensitive files from your hard disk without worrying that they can be recovered.
Preferences allows you to manage how the Cleaner One Pro app performs. In Preferences, you’ll see General, Notifications, Memory, Duplicates, Whitelists and Auto Select.
On the General tab, you can choose Auto start at login and other options according to how you would like Cleaner One Pro to behave during startup.
On the Notifications tab, you can disable the notification about smart memory optimization.
Cleaner One Pro is also equipped with a Smart Memory Optimization feature on the Memory tab. This feature uses artificial intelligence. You can set auto clean when your available memory is low or when an app is closed.
The Duplicates, Whitelists and Auto Select tabs work when you use the Duplicate Files feature on the main console. When there are too many duplicate files on your Mac, you can set the rules on the minimum file size, as well as which files to exempt or prioritize during deletion.
If you need technical assistance about Cleaner One Pro, click the robot icon either in the Apple Menu window or on the Main Console.
A chat support person will attend to your concerns or suggestions when using Cleaner One Pro. In case there is no available support engineer, you can send an email by clicking Send Email. Make sure to provide the correct email address.
Aside from Cleaner One Pro for Mac, we offer Antivirus One for Mac—as well as Cleaner One for iPhone, which you can download by scanning the QR Code. You can also submit your ideas for Other Tools by clicking the panel.
As you use your Mac over time, you need to maintain it to keep it running smoothly. Trend Micro Cleaner One Pro can clean up your disk space, help boost performance, and solve other Mac issues you might encounter during your daily work. As you consider it for your Mac, you may have remaining questions:
What’s the difference between the Free version and the Paid version? The Free version of Cleaner One Pro includes the Memory Optimizer, basic CPU and Network Monitoring, a Junk Files Cleaner, a Big Files Scanner, a Disk Map, and the Startup Manager. The Paid upgrade of Cleaner One Pro unlocks more features, including more Advanced CPU/Network Monitoring, a Duplicate Finder, a Similar Photos Scanner, an App Manager, and a File Shredder.
Is it safe to use Cleaner One Pro? Cleaner One Pro is notarized by Apple, which assures its users both security and privacy.
How can I download Cleaner One Pro? Cleaner One Pro is distributed via the official Trend Micro website and other authorized channels. Note that Cleaner One Pro is also available for Windows. To make it easy for the readers of this blog series, we’ve provided the download links here: Download Mac Version – Download Windows Version
Go to Cleaner One Windows or to Cleaner One Mac for more information or to purchase the apps.
The post Cleaner One Pro Speeds Up Your Mac: Part 2 appeared first on .
Ransomware is Still a Blight on Business
Trends come and go with alarming regularity in cybersecurity. Yet a persistent menace over the past few years has been ransomware. Now mainly targeting organizations rather than consumers, and with increasingly sophisticated tools and tactics at their disposal, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.
Celebrating its fourth anniversary this week, the initiative has helped over four million victims fight the scourge of ransomware, saving hundreds of millions of dollars in the process. At Trend Micro, we’re proud to have played a major part, helping to decrypt over 77 million files for victims.
Not going anywhere
Ransomware has been with us for years, but only really hit the mainstream after the global WannaCry and NotPetya incidents of 2017. Unfortunately, that was just the start. Today, no sector is safe. We saw attacks rage across US municipalities, school districts and hospitals in 2019. Most recently, a major outage at a connected technology giant impacted everything from consumer fitness trackers to on-board flight systems.
Such attacks can hit victim organizations hard. There are serious reputational and financial repercussions from major service outages, and the stakes have been raised even further as attackers now often steal data before encrypting victims’ files. A recent incident at a US cloud computing provider has led to data compromise at over 20 universities and charities in the UK and North America, for example. A separate ransomware attack on a managed service provider earlier this year may cost it up to $70m.
The bad guys have shown no sign of slowing down during the pandemic — quite the reverse. Even as hospitals have been battling to save the lives of patients battling COVID-19, they’ve been targeted by ransomware designed to lock mission-critical systems.
No More Ransom
That’s why we need to celebrate public-private partnerships like No More Ransom, which provides helpful advice for victims and a free decryption tool repository. Over the past four years it has helped 4.2 million visitors from 188 countries, preventing an estimated $632 million in ransom demands finding its way into the pockets of cyber-criminals.
At Trend Micro, we’re proud to have been an associate partner from the very start, contributing our own decryption tools to the scores available today to unlock 140 separate ransomware types. Since the start of No More Ransom, Trend Micro tools have been downloaded nearly half a million times, helping over 50,000 victims globally to decrypt more than 77 million files. We simply can’t put a price on this kind of intervention.
https://www.europol.europa.eu/publications-documents/infographic-4th-anniversary-no-more-ransom
Yet while the initiative is a vital response to the continued threat posed by ransomware, it is not all we can do. To truly beat this menace, we need to educate organizations all over the planet to improve their resilience to such malware threats. That means taking simple steps such as:
|
|
I’m also speaking on a panel today hosted by the U.S. Chamber of Commerce on NotPetya and general ransomware attack trends related to the pandemic. Join us to learn more about ransomware from law enforcement agencies, policy makers and businesses.
If your organization has been impacted by ransomware, check the resources available on https://www.nomoreransom.org/ for advice and access to the free decryption tool repository.
The post Ransomware is Still a Blight on Business appeared first on .
The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.
Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.
The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.
Protect your smart home and router
Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:
|
|
Secure your home office
Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:
|
|
Stay safe from phishing
Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:
|
|
Use video conferencing safely
New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:
|
|
Stay safe shopping and banking
Next, protect your financial information and stay safe from e-commerce fraud by doing the following:
|
|
Think about online safety for kids
They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:
|
|
Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by
|
|
When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:
Trend Micro Home Network Security
Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution
|
|
Trend Micro Security (PC and Mac)
Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:
|
|
Trend Micro Mobile Security:
Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.
|
|
Additional Trend Micro Tools:
Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides
|
|
Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .
Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.
To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.
In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.
This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include
|
|
Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:
|
|
This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.
Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.
There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.
It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.
|
|
So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”
Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .
At Black Hat USA 2020, Trend Micro presented two important talks on vulnerabilities in Industrial IoT (IIoT). The first discussed weaknesses in proprietary languages used by industrial robots, and the second talked about vulnerabilities in protocol gateways. Any organization using robots, and any organization running a multi-vendor OT environment, should be aware of these attack surfaces. Here is a summary of the key points from each talk.
Rogue Automation
Presented at Black Hat, Wednesday, August 5. https://www.blackhat.com/us-20/briefings/schedule/index.html#otrazor-static-code-analysis-for-vulnerability-discovery-in-industrial-automation-scripts-19523 and the corresponding research paper is available at https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming
Industrial robots contain powerful, fully capable computers. Unlike most contemporary computers, though, industrial robots lack basic information security capabilities. First, at the architectural level, they lack any mechanism to isolate certain instructions or memory. That is, any program can alter any piece of storage, or run any instruction. In traditional mainframes, no application could access, change, or run any code in another application or in the operating system. Even smartphone operating systems have privilege separation. An application cannot access a smartphone’s camera, for instance, without being specifically permitted to do so. Industrial robots allow any code to read, access, modify, or run any device connected to the system, including the clock. That eliminates data integrity in industrial robots and invalidates any audit of malfunctions; debugging becomes exceptionally difficult.
Industrial robots do not use conventional programming languages, like C or Python. Instead, each manufacturer provides its own proprietary programming language. That means a specialist using one industrial robot cannot use another vendor’s machine without training. There are no common information security tools for code validation, since vendors do not develop products for fragmented markets. These languages describe programs telling the robot how to move. They also support reading and writing data, analyzing and modifying files, opening and closing input/output devices, getting and sending information over a network, and accessing and changing status indicators on connected sensors. Once a program starts to run on an industrial robot, it can do anything any fully functional computer can do, without any security controls at all. Contemporary industrial robots do not have any countermeasures against this threat.
Most industrial robot owners do not write their own programs. The supply chain for industrial robot programs involves many third-party actors. See Figure 1 below for a simplified diagram. In each community, users of a particular vendor’s languages share code informally, and rely on user’s groups for hints and tips to solve common tasks. These forums rarely discuss security measures. Many organizations hire third-party contractors to implement particular processes, but there are no security certifications relevant to these proprietary languages. Most programmers learned their trade in an air-gapped world, and still rely on a perimeter which separates the safe users and code inside from the untrusted users and code outside. The languages offer no code scanners to identify potential weaknesses, such as not validating inputs, modifying system services, altering device state, or replacing system functions. The machines do not have a software asset management capability, so knowing where the components of a running program originated from is uncertain.
Figure 1: The Supply Chain for Industrial Robot Programming
All is not lost – not quite. In the short term, Trend Micro Research has developed a static code analysis tool called OTRazor, which examines robotic code for unsafe code patterns. This was demonstrated during our session at Black Hat.
Over time, vendors will have to introduce basic security checks, such as authentication, authorization, data integrity, and data confidentiality. The vendors will also have to introduce architectural restrictions – for instance, an application should be able to read the clock but not change it.. Applications should not be able to modify system files, programs, or data, nor should they be able to modify other applications. These changes will take years to arrive in the market, however. Until then, CISOs should audit industrial robot programs for vulnerabilities, and segment networks including industrial robots, and apply baseline security programs, as they do now, for both internally developed and procured software.
Protocol Gateway Vulnerabilities
Presented at Black Hat, Wednesday, August 5, https://www.blackhat.com/us-20/briefings/schedule/index.html#industrial-protocol-gateways-under-analysis-20632, with the corresponding research paper available here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/lost-in-translation-when-industrial-protocol-translation-goes-wrong.
Industry 4.0 leverages the power of automation alongside the rich layer of software process control tools, particularly Enterprise Resource Planning (ERP), and its bigger cousin, Supply Chain Management (SCM). By bringing together dynamic industrial process control with hyper-efficient “just-in-time” resource scheduling, manufacturers can achieve minimum cost, minimum delay, and optimal production. But these integration projects require that IIoT devices speak with other technology, including IIoT from other manufacturers and legacy equipment. Since each equipment or device may have their own communication protocol, Industry 4.0 relies heavily on protocol converters.
Protocol converters are simple, highly efficient, low-cost devices that translate one protocol into another. Protocol converters are ubiquitous, but they lack any basic security capabilities – authentication, authorization, data integrity or data confidentiality – and they sit right in the middle of the OT network. Attackers can subvert protocol converters to hijack the communication or change configuration. An attacker can disable a safety thresholds, generate a denial of service attack, and misdirect an attached piece of equipment.
In the course of this research, we found nine vulnerabilities and are working with vendors to remediate the issues. Through our TXOne subsidiary, we are developing rules and intelligence specifically for IIoT message traffic, which are then embedded in our current network security offerings, providing administrators with better visibility and the ability to enforce security policies in their OT networks.
Protocol converters present a broad attack surface, as they have limited native information security capabilities. They don’t validate senders or receivers, nor do they scan or verify message contents. Due to their crucial position in the middle of the OT network, they are an exceptionally appealing target for malicious actors. Organizations using protocol converters – especially those on the way to Industry 4.0 – must address these weak but critical components of their evolving infrastructure.
What do you think? Let me know in the comments below or @WilliamMalikTM
The post Black Hat Trip Report – Trend Micro appeared first on .
Identifying security threats early can be difficult, especially when you’re running multiple security tools across disparate business units and cloud projects. When it comes to protecting cloud-native applications, separating legitimate risks from noise and distractions is often a real challenge.
That’s why forward-thinking organizations look at things a little differently. They want to help their application developers and security operations (SecOps) teams implement unified strategies for optimal protection. This is where a newly expanded partnership from Trend Micro and Snyk can help.
Dependencies create risk
In today’s cloud-native development streams, the insatiable need for faster iterations and time-to-market can impact both downstream and upstream workflows. As a result, code reuse and dependence on third-party libraries has grown, and with it the potential security, compliance and reputational risk organizations are exposing themselves to.
Just how much risk is associated with open source software today? According to Snyk research, vulnerabilities in open source software have increased 2.5x in the past three years. https://info.snyk.io/sooss-report-2020. What’s more, a recent report claimed to have detected a 430% year-on-year increase in attacks targeting open source components, with the end goal of infecting the software supply chain. While open source code is therefore being used to accelerate time-to-market, security teams are often unaware of the scope and impact this can have on their environments.
Managing open source risk
This is why cloud security leader Trend Micro, and Snyk, a specialist in developer-first open source security, have extended their partnership with a new joint solution. It’s designed to help security teams manage the risk of open source vulnerabilities from the moment code is introduced, without interrupting the software delivery process.
This ambitious achievement helps improve security for your operations teams without changing the way your developer teams work. Trend Micro and Snyk are addressing open source risks by simplifying a bottom-up approach to risk mitigation that brings together developer and SecOps teams under one unified solution. It combines state-of-the-art security technology with collaborative features and processes to eliminate the security blind spots that can impact development lifecycles and business outcomes.
Available as part of Trend Micro Cloud One, the new solution being currently co-developed with Snyk will:
This unified solution closes the gap between security teams and developers, providing immediate visibility across modern cloud architectures. Trend Micro and Snyk continue to deliver world class protection that fits the cloud-native development and security requirements of today’s application-focused organizations.
The post Removing Open Source Visibility Challenges for Security Operations Teams appeared first on .
The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?
What is a VPN?
A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.
How does a VPN work and why you need a VPN service?
Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.
|
|
This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.
|
|
One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.
|
|
Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.
Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.
|
|
Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.
|
|
The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.
Choosing the right VPN for you
Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.
Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:
|
|
Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.
Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.
Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.
Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.
Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.
The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .
Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. Today we released the second in this three-part series of reports which detail the what, how, and why of cybercriminal hosting (see the first part here).
As part of this report, we dive into the common life cycle of a compromised server from initial compromise to the different stages of monetization preferred by criminals. It’s also important to note that regardless of whether a company’s server is on-premise or cloud-based, criminals don’t care what kind of server they compromise.
To a criminal, any server that is exposed or vulnerable is fair game.
Cloud vs. On-Premise Servers
Cybercriminals don’t care where servers are located. They can leverage the storage space, computation resources, or steal data no matter what type of server they access. Whatever is most exposed will most likely be abused.
As digital transformation continues and potentially picks up to allow for continued remote working, cloud servers are more likely to be exposed. Many enterprise IT teams, unfortunately, are not arranged to provide the same protection for cloud as on-premise servers.
As a side note, we want to emphasize that this scenario applies only to cloud instances replicating the storage or processing power of an on-premise server. Containers or serverless functions won’t fall victim to this same type of compromise. Additionally, if the attacker compromises the cloud account, as opposed to a single running instance, then there is an entirely different attack life cycle as they can spin up computing resources at will. Although this is possible, however, it is not our focus here.
Attack Red Flags
Many IT and security teams might not look for earlier stages of abuse. Before getting hit by ransomware, however, there are other red flags that could alert teams to the breach.
If a server is compromised and used for cryptocurrency mining (also known as cryptomining), this can be one of the biggest red flags for a security team. The discovery of cryptomining malware running on any server should result in the company taking immediate action and initiating an incident response to lock down that server.
This indicator of compromise (IOC) is significant because while cryptomining malware is often seen as less serious compared to other malware types, it is also used as a monetization tactic that can run in the background while server access is being sold for further malicious activity. For example, access could be sold for use as a server for underground hosting. Meanwhile, the data could be exfiltrated and sold as personally identifiable information (PII) or for industrial espionage, or it could be sold for a targeted ransomware attack. It’s possible to think of the presence of cryptomining malware as the proverbial canary in a coal mine: This is the case, at least, for several access-as-a-service (AaaS) criminals who use this as part of their business model.
Attack Life Cycle
Attacks on compromised servers follow a common path:
|
|
The monetization lifecycle of a compromised server
Often, targeted ransomware is the final stage. In most cases, asset categorization reveals data that is valuable to the business but not necessarily valuable for espionage.
A deep understanding of the servers and network allows criminals behind a targeted ransomware attack to hit the company where it hurts the most. These criminals would know the dataset, where they live, whether there are backups of the data, and more. With such a detailed blueprint of the organization in their hands, cybercriminals can lock down critical systems and demand higher ransom, as we saw in our 2020 midyear security roundup report.
In addition, while a ransomware attack would be the visible urgent issue for the defender to solve in such an incident, the same attack could also indicate that something far more serious has likely already taken place: the theft of company data, which should be factored into the company’s response planning. More importantly, it should be noted that once a company finds an IOC for cryptocurrency, stopping the attacker right then and there could save them considerable time and money in the future.
Ultimately, no matter where a company’s data is stored, hybrid cloud security is critical to preventing this life cycle.
The post The Life Cycle of a Compromised (Cloud) Server appeared first on .
When we published our 2020 Predictions report in December, we didn’t realize there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. Malicious actors have always taken advantage of big news to use as lures for socially engineered threats, but these events tend to be fairly short news cycles.
When Covid-19 started making headlines in early 2020, we started seeing new threats using this in the attacks. As you see below, April was the peak month for email-based Covid-19 related threats.
The same was true for phishing URLs related to Covid-19, but for files using Covid-19 in their naming convention, the peak month in the first half was June.
Impact on Cybercrime
The constant 24×7 news around cases, cures and vaccines makes this pandemic unique for cybercriminals. Also, the shift to remote working and the challenges posed to supply chains all gave cybercriminals new content they could use as lures to entice victims into infecting themselves.
As we’ve seen for many years now, email-based threats were the most used threat vector by malicious actors, which makes sense as the number one infection vector to penetrate an organization’s network is to use a socially engineered email against an employee.
We even saw malicious mobile apps being developed using Covid-19 as a lure, as you see below.
In this case it was supporting potential cures for the virus, which many people would have wanted.
Other Highlights in 1H 2020
While Covid-19 dominated the threat landscape in the 1H 2020, it wasn’t the only thing that defined it. Ransomware actors continued their attacks against organizations, but as we’ve been seeing over the past year, they’ve become much more selective in their victims. The spray and pray model using spam has been shifted to a more targeted approach, similar to how nation-state actors and APT groups perform their attacks. Two things showcase this trend:
|
|
Home network attacks are another interesting aspect of the threat landscape in the first half of this year. We have millions of home routers around the world that give us threat data on events coming into and out of home networks.
Threat actors are taking advantage of more remote workers by launching more attacks against these home networks. As you see below, the first half of 2020 saw a marked increase in attacks.
Many of these attacks are brute force login attempts as actors try to obtain login credentials for routers and devices within the home network, which can allow them to do further damage.
The above are only a small number of security events and trends we saw in just six months of 2020. Our full roundup of the security landscape so far this year is detailed out in our security roundup report – Securing the Pandemic-Disrupted Workplace. You can read about all we found to help prepare for many of the threats we will continue to see for the rest of the year.
The post 1H 2020 Cyber Security Defined by Covid-19 Pandemic appeared first on .
Coronavirus has caused a major shift to our working patterns. In many cases these will long outlast the pandemic. But working from home has its own risks. One is that you may invite ransomware attacks from a new breed of cyber-criminal who has previously confined his efforts to directly targeting the corporate network. Why? Because as a remote worker, you’re increasingly viewed as a soft target—the open doorway to extorting money from your employer.
So how does ransomware land up on your front doorstep? And what can a home worker do to shut that door?
The new ransomware trends
Last year, Trend Micro detected over 61 million ransomware-related threats, a 10% increase from 2018 figures. But things have only gotten worse from there. There has been a 20% spike in ransomware detections globally in the first half of 2020, rising to 109% in the US. And why is that?
At a basic level, ransomware searches for and encrypts most of the files on a targeted computer, so as to make them unusable. Victims are then asked to pay a ransom within a set time frame in order to receive the decryption key they need to unlock their data. If they don’t, and they haven’t backed-up this data, it could be lost forever.
The trend of late, however, has been to focus on public and private sector organizations whose staff are working from home (WFH). The rationale is that remote workers are less likely to be able to defend themselves from ransomware attacks, while they also provide a useful stepping-stone into high-value corporate networks. Moreover, cybercriminals are increasingly looking to steal sensitive data before they encrypt it, even as they’re more likely to fetch a higher ransom for their efforts than they do from a typical consumer, especially if the remote employee’s data is covered by cyber-insurance.
Home workers are also being more targeted for a number of reasons:
|
|
What’s the attack profile of the remote working threat?
In short, the bad guys are now looking to gain entry to the corporate network you may be accessing from home via a VPN, or to the cloud-hosted systems you use for work or sharing files, in order to first steal and then encrypt company data with ransomware as far and wide as possible into your organization. But the methods are familiar. They’ll
|
|
How can I prevent ransomware when working from home?
The good news is that you, the remote worker, can take some relatively straightforward steps up front to help mitigate the cascading risks to your company posed by the new ransomware. Try the following:
|
|
How Trend Micro can help
In short, to close the cyber front door to ransomware, you need to protect your home network and all your endpoints (laptops, PCs, mobile devices) to be safe. Trend Micro can help via
|
|
With these tools, you, the remote worker, can help shut the front door to ransomware, protecting your work, devices, and company from data theft and encryption for ransom.
The post Ransom from Home – How to close the cyber front door to remote working ransomware attacks appeared first on .
Introduction to hash functions Hash functions are one of the most extensively-used cryptographic algorithms in blockchain technology. They are cryptographic (but not encryption) algorithms that are designed to protect data integrity. In a nutshell, a hash algorithm is a mathematical function that transforms any input into a fixed size output. To be cryptographically secure — […]
The post Hash Functions in Blockchain appeared first on Infosec Resources.
How public-key cryptography works Public-key or asymmetric cryptography is one of the two main types of encryption algorithms. Its names come from the fact that it uses two different encryption keys: a public one and a private one. Public and private keys The private key used in public-key cryptography is a random number with certain […]
The post Public-Key Cryptography in Blockchain appeared first on Infosec Resources.
Introduction: Knowing the Notions Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication, sensor data, Big Data, etc. This article will focus predominantly on the consumer Internet of Things (IoT) and how it relates to Operational Technology (OT). Operational Technology (OT) is a term that defines a specific category of […]
The post IoT Security Fundamentals: IoT vs OT (Operational Technology) appeared first on Infosec Resources.
Introduction: IoT Manufacturers Favor Convenience over Security Because IoT security is still an afterthought, cybercriminals in general consider smart devices a “low-hanging fruit” – a target easy to compromise and manipulate. Security (and privacy) by design is key for IoT, and probably the only effective way for a smart gadget to protect its communications is […]
The post IoT Security Fundamentals: Intercepting and Manipulating Wireless Communications appeared first on Infosec Resources.
Introduction: This article provides an overview of various techniques that can be used to mitigate Format String vulnerabilities. In addition to the mitigations that are offered by the compilers & operating systems, we will also discuss preventive measures that can be used while writing programs in languages susceptible to Format String vulnerabilities. Techniques to prevent […]
The post How to mitigate Format String Vulnerabilities appeared first on Infosec Resources.
Introduction: In the previous article of this series, we discussed how format string vulnerabilities can be exploited. This article provides a case study of how format string vulnerabilities can be used to exploit serious vulnerabilities such as Buffer Overflows. We will begin by understanding what stack canaries are and then we will exploit a Buffer […]
The post Format String Vulnerabilities Exploitation Case Study appeared first on Infosec Resources.
We’ve all been spending more of our time online since the crisis hit. Whether it’s ordering food for delivery, livestreaming concerts, holding virtual parties, or engaging in a little retail therapy, the digital interactions of many Americans are on the rise. This means we’re also sharing more of our personal and financial information online, with each other and the organizations we interact with. Unfortunately, as ever, there are bad guys around every digital corner looking for a piece of the action.
The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.
It therefore pays to be careful about how you use your data and how you protect it. Even more: it’s time to get proactive and monitor it—to try and spot early on if it has been stolen. Here’s what you need to know to protect your identity data.
How identity theft works
First, some data on the scope of the problem. In the second quarter of 2020 alone 349,641 identity theft reports were filed with the FTC. To put that in perspective, it’s over half of the number for the whole of 2019 (650,572), when consumers reported losing more than $1.9 billion to fraud. What’s driving this huge industry? A cybercrime economy estimated to be worth as much as $1.5 trillion annually.
Specialized online marketplaces and private forums provide a user-friendly way for cyber-criminals and fraudsters to easily buy and sell stolen identity data. Many are on the so-called dark web, which is hidden from search engines and requires a specialized anonymizing browser like Tor to access. However, plenty of this criminal activity also happens in plain sight, on social media sites and messaging platforms. This underground industry is an unstoppable force: as avenues are closed down by law enforcement or criminal in-fighting, other ones appear.
At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.
There are various ways for attackers to get your data. The main ones are:
|
|
The COVID-19 challenge
As if this weren’t enough, consumers are especially exposed to risk during the current pandemic. Hackers are using the COVID-19 threat as a lure to infect your PC or steal identity data via the phishing tactics described above. They often impersonate trustworthy institutions/officials and emails may claim to include new information on outbreaks, or vaccines. Clicking through or divulging your personal info will land you in trouble. Other fraud attempts will try to sell counterfeit or non-existent medical or other products to help combat infection, harvesting your card details in the process. In March, Interpol seized 34,000 counterfeit COVID goods like surgical masks and $14m worth of potentially dangerous pharmaceuticals.
Phone-based attacks are also on the rise, especially those impersonating government officials. The aim here is to steal your identity data and apply for government emergency stimulus funds in your name. Of the 349,641 identity theft reports filed with the FTC in Q2 2020, 77,684 were specific to government documents or benefits fraud.
What do cybercriminals do with my identity data?
Once your PII is stolen, it’s typically sold on the dark web to those who use it for malicious purposes. It could be used to:
|
|
How do I protect my identity online?
The good news among all this bad is that if you remain skeptical about what you see online, are cautious about what you share, and follow some other simple rules, you’ll stand a greater chance of keeping your PII under lock and key. Best practices include:
|
|
How Trend Micro can help
Trend Micro offers solutions that can help to protect your digital identity.
Trend Micro ID Security is the best way to get proactive about data protection. It works 24/7 to monitor dark web sites for your PII and will sound the alarm immediately if it finds any sign your accounts or personal data have been stolen. It features
|
|
Trend Micro Password Manager enables you to manage all your website and app log-ins from one secure location. Because Password Manager remembers and recalls your credentials on-demand, you can create long, strong and unique passwords for each account. As you’re not sharing easy-to-remember passwords across multiple accounts, you’ll be protected from popular credential stuffing and similar attacks.
Finally, Trend Micro WiFi Protection will protect you if you’re out and about connecting to WiFi hotspots. It automatically detects when a WiFi connection isn’t secure and enables a VPN—making your connection safer and helping keep your identity data private.
In short, it’s time to take an active part in protecting your personal identity data—as if your digital life depended on it. In large part, it does.
The post Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis appeared first on .
Fuzzing is a black-box software testing technique and consists of finding implementation flaws and bugs by using malformed/semi-malformed payloads via automation. Fuzzing an application is not a matter of simply exploiting a specific point of an application, but also acquiring knowledge and potential crashes that could be explored in-depth through the implementation of crafted payloads […]
The post Fuzzing introduction: Definition, types and tools for cybersecurity pros appeared first on Infosec Resources.
Copy-paste compromises: Introduction and overview Although the concept of copy-paste compromises is not exactly new, there are now several different forms of the attack. In the version of copy-paste compromise that we’ll discuss today, malicious actors use open-source or publicly available exploit code, web shells and other tools to gain information. Recently, Australia has revealed […]
The post Copy-paste compromises appeared first on Infosec Resources.
Introduction In the previous articles, we discussed printing functions, format strings and format string vulnerabilities. This article provides an overview of how Format String vulnerabilities can be exploited. In this article, we will begin by solving a simple challenge to leak a secret from memory. In the next article, we will discuss another example, where […]
The post How to exploit Format String Vulnerabilities appeared first on Infosec Resources.
Introduction In the previous article, we understood how print functions like printf work. This article provides further definition of Format String vulnerabilities. We will begin by discussing how Format Strings can be used in an unusual way, which is a starting point to understanding Format String exploits. Next, we will understand what kind of mistakes […]
The post Format String Vulnerabilities: Use and Definitions appeared first on Infosec Resources.
Introduction This article provides an overview of how printing functions work and how format strings are used to format the data being printed. Developers often use print functions for a variety of reasons such as displaying data to the users and printing debug messages. While these print functions appear to be innocent, they can cause […]
The post Introduction to Printing and Format Strings appeared first on Infosec Resources.
Introduction Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provided by wireless networks, we use wireless networks widely for connecting to the internet. We connect to the internet wirelessly either by router or using […]
The post Wireless Networks and Security appeared first on Infosec Resources.
Introduction To understand Network Security, it’s imperative that we understand networking fundamentals and networking basics. In this post, we will be learning about networking basics and fundamentals to get started with Network Security. We cannot cover whole networking in a single post so we will be focusing only on core networking concepts needed for network […]
The post Networking fundamentals (for Network security professionals) appeared first on Infosec Resources.
Introduction The CCNA (Cisco Certified Network Associate) is one of the most well-known entry-level certifications within the IT industry. Holding this credential proves your ability to install, configure, manage and support small- to medium-sized networks. A study by CompTIA found that 47% of SMBs see the IT skills gap growing. This IT skills gap is […]
The post Average CCNA salary 2020 appeared first on Infosec Resources.
Introduction In order to keep your AWS environment secure while allowing your users to properly utilize resources, you must ensure that users are correctly created with proper permissions. Also, you must monitor your environment to ensure that unauthorized access does not occur and accounts are up to date. User Account Creation and Management AWS IAM […]
The post AWS User Management appeared first on Infosec Resources.
What percentage of the exam focuses on network fundamentals? The network fundamentals section is 20% of the CCNA 200-301’s topics. It’s neither the largest nor the smallest. The fact that the percentage increased from 15% in the previous version indicates that Cisco has emphasized the importance of having a strong base in this topic, on […]
The post CCNA certification prep: Network fundamentals [updated 2020] appeared first on Infosec Resources.
Introduction The CCNP, or Cisco Certified Network Professional, is a certification endorsing IT professionals who have the knowhow and skill to set up, configure and manage local and wide-area networks within an enterprise. CCNP certification takes you through video, voice, wireless and advanced security issues. Since the training module and examinations for the CCNP certification […]
The post Average CCNP salary 2020 appeared first on Infosec Resources.
Introduction It has been said that a picture is worth a thousand words. In the world of malware, a picture is worth an infection — in other words, a picture can actually be the malware (ransomware, specifically in this case) that initially infects the compromised machine. This malware is called Tycoon and it uses an […]
The post Tycoon malware: What it is, how it works and how to prevent it | Malware spotlight appeared first on Infosec Resources.
Introduction In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by André Henrique. Per the description given by the author, you must “Help Morpheus to leave the Matrix and return to Zion.” To do so, we have to find and read two flags (user and […]
The post ZION: 1.2 — VulnHub CTF walkthrough (part 1) appeared first on Infosec Resources.
Introduction In modern networks, security is not an afterthought. You need to know how to build secure networks from the outset. Security has to be woven into the very fabric of the network. The 200-301 CCNA exam covers security fundamentals among a broad range of networking topics. This article describes what you need to know […]
The post CCNA certification prep: Security fundamentals appeared first on Infosec Resources.
Introduction The global COVID-19 pandemic has forced individuals and organizations to adopt new ways of doing daily tasks, from working to learning. It has also accelerated the journey to the cloud for many organizations; for others, it has made them more reliant on the cloud. With that move comes a demand for professionals with cloud […]
The post Microsoft Azure Certification: Overview And Career Path appeared first on Infosec Resources.
Today, we will be continuing with our exploration of Hack the Box (HTB) machines, as seen in previous articles. This walkthrough is the first half of an HTB machine named Cascade. HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve […]
The post Hack the Box (HTB) machines walkthrough series — Cascade (Part 1) appeared first on Infosec Resources.
Introduction CAPTCHA seems to be everywhere we look. These sloppy characters are on blogs, ticket websites, shopping portals — you name it. Those cars you need to spot in a block of images before you can access a website? That’s CAPTCHA too. CAPTCHA was invented to help sites distinguish human users from bots and automated […]
The post How hackers use CAPTCHA to evade automated detection appeared first on Infosec Resources.
Introduction In cryptography, a key is a very important piece of information used to combine with an algorithm (a cipher) to transform plaintext into ciphertext (encryption). The first step of preventive security is not encryption; however, the proper management of a cryptographic key is essential. Key management includes the generating, using, storing, archiving and deleting […]
The post The ultimate guide to encryption key management appeared first on Infosec Resources.
Introduction While penetration testing and Red Teaming are crucial to check a system’s security and to validate potential entry-points in the infrastructure, sometimes establishing an initial foothold on the target can be a big challenge due to host IDS agents, host firewalls, antivirus or even due to bypass security appliances that are inspecting internal network […]
The post Using Merlin agents to evade detection appeared first on Infosec Resources.
Introduction Imagine a situation where criminals steal access to your property. They offer you a seemingly valid solution in the way of a tool that will give you your access back. But you use that solution and yet you still do not have access? Welcome to the nightmarish world of STOP/DJVU — a ransomware that […]
The post Fake STOP/DJVU decryptor malware: What it is, how it works and how to prevent it appeared first on Infosec Resources.
Introduction Confidentiality is a fundamental information security principle. According to ISO 27001, it is defined as ensuring that information is not made available or disclosed to unauthorized individuals, entities or processes. There are several security controls designed specifically to enforce confidentiality requirements, but one of the oldest and best known is the use of passwords. […]
The post How to find weak passwords in your organization’s Active Directory appeared first on Infosec Resources.
FreshRSS 