New Compliance Report Finds Explosive Use of Automation, Overwhelming Ransomware And Zero Trust Focus

Posted in Commentary with tags on May 18, 2022 by itnerd

A-LIGN, a cybersecurity compliance and audit firm, has released its second annual benchmark report, highlighting organizational compliance year-over-year as executives emphasize such programs and their significance in accelerating corporate growth. There are sereveal critical themes surrounding automation, ransomware, and zero trust including:

  • 72% of organizations now utilize a form of software for conducting audits compared to only 25% of businesses reporting the use of automation in 2021
  • 85% of businesses can focus on critical security issues and controls essential for corporate growth and regional expansion by streamlining compliance and consolidating auditing processes 
  • 98% of companies plan to develop and implement zero-trust strategies and ransomware preparedness programs 

This benchmark report should be considered required reading by enterprises as it can serve as a roadmap as to where you focus your efforts. The report can be viewed here.

India To VPN Companies: Do What We Want Or Get Out Of India

Posted in Commentary with tags on May 18, 2022 by itnerd

You might recall that I did a story on India wanting VPN companies to retain data on who uses their services, and VPN companies considering their options including leaving the company. India has now escalated this by saying the following:

The Indian Computer Emergency Response Team clarified (PDF) on Wednesday that “virtual private server (VPS) providers, cloud service providers, VPN service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organisations” shall follow the directive, called Cyber Security Directions, that requires them to store customers’ names, email addresses, IP addresses, know your customer records, financial transactions for a period of five years.

And:

Rajeev Chandrasekhar, the junior IT minister of India, said that VPN providers who wish to conceal who uses their services “will have to pull out.” He also said that there won’t be any public consultation on these rules.

Keep in mind that India is the second largest Internet market on the planet. So I am guessing that the Indian government is counting on the fact that VPN providers will comply rather than give up doing business in that market. And even if some or most of them do leave, the Indian government will win anyway because it will leave the VPN companies that do comply with their directive. That of course assumes that Indian citizens don’t just go out and get a VPN service from outside the country. After all, it’s not like we haven’t seen that happen before.

This will be interesting to see as I suspect that the push back will be substantial from both sides, and only one side will win. Let’s see which side that is.

Is It Time To Make The Internet An Essential Service And Hold Canadian Telcos Accountable For Providing That Service?

Posted in Commentary with tags , on May 18, 2022 by itnerd

Back in 2016, the CRTC said that high speed Internet was “essential”. This is what they meant by that at the time:

As part of declaring broadband a “basic” or essential service, the CRTC has also set new goals for download and upload speeds. For fixed broadband services, all citizens should have the option of unlimited data with speeds of at least 50 megabits per second for downloads and 10 megabits per second for uploads — a tenfold increase of previous targets set in 2011. The goals for mobile coverage are less ambitious, and simply call for “access to the latest mobile wireless technology” in cities and major transport corridors.

The CRTC estimates that some two million Canadian households, or 18 percent of the population, do not currently have access to their desired speeds. The $750 million government fund will help to pay for infrastructure to remedy this. The money will be distributed over five years, with the CRTC expecting 90 percent of Canadians to access the new speeds by 2021. 

The new digital plan also touches on accessibility problems, with CRTC mandating that wireless service providers will have to offer platforms that address the needs of people with hearing or speech disabilities within six months. Blais said this timeline was necessary, as the country “can’t depend on market forces to address these issues.”

Fast forward to 2022 and this really doesn’t go far enough to address what I think “essential” means to Canadians. Given that a lot of us still work from home, and the Internet is the difference between earning a paycheque and not earning one, or learning and not learning, I think that this needs to change. Now Public Safety Canada has a list of what it defines as “Essential Services” which it defines as this:

Canada’s National Strategy for Critical Infrastructure defines critical infrastructure as the processes, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government. 

And while this list does list “Information and Communication Technologies” as part of this, I think it needs to go further to include not only the Internet specifically, but it should also include telcos like Rogers, Bell, and Telus so that they are responsible for maintaining and resolving issues to a high standard. As in resolving issues within hours and not days. And having a minimum uptime guarantee that said telcos are held accountable to. Now I know that Rogers, Bell, Telus and others would say that this isn’t required and they go above and beyond for their customers. But while I agree that these telcos do the best that they can to resolve customer issues in what they consider to be a timely manner, I don’t think that’s good enough. When the Internet goes out for a single home or a group of homes, even for a few hours, there are people who aren’t learning or making a living. That affects the economy. That alone makes it worthwhile to explore this idea and to take action to make it reality. And perhaps if something like this came into effect, telcos would spend a lot more time and effort to ensure that their networks were resilient enough so that outages became corner cases. That would be good for all Canadians.

What do you think? Should Canada do more to make the Internet an “essential service” as I’ve described above? Please leave a comment and share your thoughts.

Infosec Institute Unveils New Role-Guided Cybersecurity Training Roadmaps 

Posted in Commentary with tags on May 18, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today unveiled Infosec Skills Roles, pre-built training roadmaps aligned to the 12 most in-demand cybersecurity roles including SOC Analyst, Penetration Tester, Security Engineer and Cybersecurity Beginner. Hosted in the Infosec Skills training platform, Infosec Skills Roles helps organizations upskill and cross-train talent for open security roles while also improving engagement and performance.

Today there are over 600,000 unfilled cybersecurity roles in the U.S., with more than half requiring at least one certification. As critical cybersecurity roles remain unfilled and technology change continues to outpace skill development, organizations are increasingly vulnerable to today’s record number of cyber threats. Additionally, security leaders face increasing pressure to prevent and mitigate cyberattacks with overburdened cyber teams, inadequate training programs and limited resources.

To help cyber leaders upskill and cross-train talent quickly, Infosec Skills Roles provide training recommendations for 12 of the most common cybersecurity positions, enabling enterprises to upskill and reskill cyber talent at scale and individuals to break into the industry. Backed by the research of skills requested by employers and a panel of cybersecurity subject matter experts, each of the 12 Infosec Skills Roles clearly outline which training and certifications are needed so learners can laser focus on the most important areas to strengthen and security leaders fill skill gaps on their teams. 

Recently named a Leader in IT Training by IDC Marketscape, the Infosec Skills platform offers 1,400+ hands-on cybersecurity courses and cyber ranges mapped to the NICE Workforce Framework for Cybersecurity and MITRE ATT&CK® Matrix. Infosec Skills helps cyber leaders prepare teams for ATT&CK tactics, guide team development and fast-track certification, with over 80% of learners reporting improved skills and abilities. 

Infosec Skills Roles will be showcased at the upcoming RSA Conference, June 6-9 in San Francisco, CA and Gartner Security & Risk Management Summit June 7-9, in National Harbor, MD. Individuals are encouraged to explore Infosec Skills Roles firsthand and take Infosec’s new #MyCyberRole quiz with a custom role recommendation and a trial Infosec Skills subscription to start training towards their newly matched role. 

Explore Infosec Skills Roles. 

Musk Claims That 20% Or More Of Twitter Accounts Are Bots…. WTF?

Posted in Commentary with tags on May 17, 2022 by itnerd

Yesterday an analyst suggested that Elon Musk may be looking for an off ramp from his attempt to buy Twitter by making the amount of bots on the platform an issue. Today he went further…. By Tweeting this:

Musk doesn’t say where he gets this 20% number from. But he is basically accusing Twitter’s current CEO Parag Agrawal of lying without using the word lying. That’s a very dangerous thing to say as Musk could get called on it if Twitter produces proof that backs up their claims. But the interesting point is that the deal cannot move forward until Twitter’s current CEO pony’s up proof. If he doesn’t, that’s Musk’s off ramp from the deal. Either that or is he trying to get a better deal.

This will be worth watching to see how this turns out.

CISA Adds Zyxel & Spring Cloud Gateway Vulnerabilities To Their List Of Actively Exploited Bugs

Posted in Commentary with tags on May 17, 2022 by itnerd

The CISA has added two vulnerabilities to its list of actively exploited bugs. Specifically the code injection in the Spring Cloud Gateway library and the command injection flaw in Zyxel firmware for business firewalls and VPN devices. 

Artur Kane, VP of Product for GoodAccess had this to say:

“Zero-day vulnerabilities are inevitable in SW and HW engineering. Sometimes this may be due to a flaw in the design, but often it is a goofy engineer who makes a wrong decision when under pressure to deliver on time. Attackers have loads of time to discover and access vulnerabilities. Then, such intelligence is sold on the dark web, hence it can spread rapidly in the community. Companies should look for such vendors who have a proven record of responding fast to zero-day vulnerabilities by issuing patches fast, who also have sufficient security certifications and standards. IT experts have options to mitigate the risk and impact in their hands too, by having regular vulnerability assessments and patching and updating programs in place. If the organization can’t meet such precautionary practices, they should also consider replacing their technologies with applications delivered as a SaaS, where there’s no self-hosted HW (with firmware) and/or software. Patching is done on the level of the application infrastructure and in most cases, much faster as it is in hands of the vendor. When all these processes fail, as they sometimes do, it is a good practice to implement processes that minimize breach impact (micro segmentations, zero trust access, etc.) and incident response and remedial action plans.”

I would make it part of your security process to check the CISA list of exploited bugs so that you know where to focus your efforts on so that you don’t get caught with your pants down, metaphorically speaking. Also, you should look at SaaS as this takes all the guesswork out of this.

Imply Announces $100M Investment Led By Thoma Bravo

Posted in Commentary with tags on May 17, 2022 by itnerd

Imply Data, Inc., the company founded by the original creators of Apache Druid, today announced its $100 million Series D financing, which values the company at $1.1 billion. This investment round was led by Thoma Bravo with participation from OMERS Growth Equity, both new investors. Existing investors Bessemer Venture Funds, Andreessen Horowitz and Khosla Ventures also participated in the financing. This round brings Imply’s total funding raised to date to $215 million as the company accelerates to meet the growing need for modern analytics applications. 

Demand for Imply is driven by an industry evolution in analytics led by software developers. For decades, analytics have been confined to static executive dashboards and reports powered by batch-oriented data warehouses. Increasingly, leading companies are turning to their developers to build analytics applications that deliver interactive data experiences from streaming data and deliver real-time insights to both internal and external users. And developers at 1,000s of companies have turned to Apache Druid, the leading real-time analytics database. 

This new round of funding will enable Imply to accelerate its mission to help developers become the new heroes of analytics.

This funding round is the latest milestone solidifying Imply’s position as the industry leader in this emerging category. It follows the recent product and open source innovation announced in March—specifically, the launch of Imply Polaris, the fully-managed DBaaS built from Apache Druid and the introduction of a new multi-stage query engine that makes Druid the only database to support advanced reports and complex alerts alongside interactive, real-time analytics.

As a leading contributor to Apache Druid, Imply delivers the complete developer experience for Druid as a fully-managed DBaaS (Imply Polaris), hybrid-managed software offering (Imply Enterprise Hybrid) and self-managed software offering (Imply Enterprise). The company builds on the speed and scalability of Apache Druid with committer-driven expertise, effortless operations and flexible deployment to meet developers’ application requirements with ease. Organizations trust Imply’s technology to play a key role in their internally-facing and customer-facing solutions and services.

To learn more:

AV-Comparatives Releases Factsheet for March-April Enterprise Malware And Real-World Protection Tests 

Posted in Commentary with tags on May 17, 2022 by itnerd

AV-Comparatives, the independent ISO-certified security software evaluation lab, has released the latest results from the Business Main-Test Series, which evaluated a range of anti-virus products in business environments. This report is brought in the interim of the full Performance Test and product reviews, which will be released in July.   

In business environments, it is usual for products to be configured by the system administrator in accordance with vender’s guidelines. With the Enterprise Main-Test Series, AV-Comparatives invited all vendors to configure their respective products towards an enterprise-first environment. The applied settings are then used across all Enterprise Tests over the year. AV-Comparatives has listed all relevant deviations from default settings.  

The following products (latest version available at time of testing) were tested under Windows 10 64-bit systems: Acronis, Avast, Bitdefender, Cisco, CrowdStrike, Cybereason, Elastic, ESET, G Data, K7, Kaspersky, Malwarebytes, Microsoft, Sophos, Trellix, VIPRE, VMware and WatchGuard.  

The Real-World Protection Test examines the performance of leading antivirus solutions to assess their capabilities in conditions experienced every day by users around the world. The interim results of this the Real-World Protection Test are based on a set of 373 live test cases (malicious URLs found in the field), tested from the beginning of March until the end of April. Of the 18 vendors tested, nine received a 99% and above protection rate, with Bitdefender and G Data earning the highest protection rate score of 99.7%.  

The Malware Protection Test assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. For this test, 1,007 recent malware samples were used. Of the 18 vendors tested, 14 received a 99% or above Malware Protection Rate, with VMware, Acronis, Bitdefender and Trellix scoring the highest.  

To ensure that the tested programs do not protect the system at the expense of high false-alarm rates, a false-positives test is also run for the Malware Protection Test. False positives run on a scale of ‘Remarkably High’ to ‘Very Low’. A Low to Very-Low rate of false positives is considered anything below 15, with the highest number of false positives being greater than 125. From this year onwards, products are required to have a false-positive rate on non-business files below the ‘Remarkably High’ threshold in order to be approved. As of the March-Aril Business Test, Acronis, ESET, Kaspersky, Microsoft, Avast, Bitdefender, Cybereason, Sophos, VIPRE, VMware and WatchGuard have scored either ‘Low’ or ‘Very Low’. 

The full report, including Performance Testing and product reviews, will be released in July. To be certified in July 2022 as an ‘Approved Business Product’ by AV-Comparatives, the tested products must score at least 90% in the Malware Protection Test, with zero false alarms on common business software, a rate below ‘Remarkably High’ for false positives on non-business files and must score at least 90% in the overall Real-World Protection Test over the course of four months, with less than one hundred false alarms on clean software/websites. 

The full results of the March-April Business Test Factsheet are available here: 

Cradlepoint Extends Cellular Intelligence Capabilities To Bolster Visibility Into 5G Cell Towers

Posted in Commentary with tags on May 17, 2022 by itnerd

Cradlepoint, the global leader in cloud-delivered LTE and 5G wireless network edge solutions, today announced additional Cellular Intelligence capabilities that provide extended visibility into enterprise LTE and 5G Wireless WAN (WWAN) deployments. As part of its NetCloud Service, Cradlepoint has expanded Wireless WAN visibility to include cell tower location with service provider details for each connected router or adapter. These unique insights are now integrated into a single pane of glass to ease deployments and ongoing troubleshooting of the Wireless WAN.

Announced in February 2022, Cradlepoint’s Cellular Intelligence is a collection of software features that allow administrators with distributed Wireless WANs to visualize, optimize, and troubleshoot cellular connections, data plans, and traffic flow. Integration between NetCloud and connectivity management platforms, such as Ericsson’s IoT Accelerator, and other SIM aggregation platforms provide visibility into the SIMs and data plans, with the ability to perform SIM management functions (activations, deactivations, data plan adjustments, and more) in seconds. 

This new feature within NetCloud GeoView allows IT teams to visualize where their cell tower is located in proximity to their Cradlepoint cellular modem on a map, enabling optimal placement of the modem for enhanced performance. IT teams will also have valuable cell tower insights at their fingertips, including the supported service provider, service type, and active band(s) — all without having to use external cell mapping tools. Additionally, for routers and modems that are not GPS-enabled, or not able to acquire a GPS signal, the location of the serving cell tower can be used to provide the approximate location of any Cradlepoint router or modem, regardless of where it is located. This accelerates network troubleshooting and improves asset tracking, especially in IoT deployments.

For more on Cradlepoint’s Cellular Intelligence and added insights into 5G cell tower connections, visit here: https://cradlepoint.com/technology/cellular-intelligence.

Guest Post: 54% Of Successful Phishing Attacks End In A Customers Data Breach Says Atlas VPN

Posted in Commentary with tags on May 17, 2022 by itnerd

While not all cyberattacks succeed, those that do usually have devastating consequences for both organizations and their clients. 

According to the data presented by the Atlas VPN team, more than half (54%) of successful phishing attacks end in a customer or client data breach, followed by credential and account compromise (48%). Overall, 83% of organizations reported they had experienced a successful phishing attack in 2021. The data is based on the Proofpoint’s 2022 State of the Phish Report . 

Other common consequences of phishing attacks include ransomware infections (46%), loss of data and intellectual property (44%), and infections with malware other than ransomware (27%).

Cybersecurity writer and researcher at Atlas VPN Ruta Cizinauskaite shares her thoughts on the situation:

Social engineering attacks like phishing heavily rely on human factors, such as an employee clicking a malicious link in order to be successful. Therefore, the most effective way to safeguard against such attacks is to invest in employee training where employees would be educated on recognizing cyberattack attempts and how to act when they do.

Bulk phishing attacks were most frequently faced by organizations 

While cybercriminals tried various phishing methods to lure in the victims, some attack types were more common than others. Out of all, bulk phishing was the most frequently used attack. In total, 86% of companies experienced bulk phishing attacks last year.

In bulk phishing attacks, cybercriminals send out generic phishing emails to a vast number of targets in hopes that at least some will fall for the attack. 

The second most common type of phishing attacks organizations faced was spear phishing and whaling. Such targeted attacks hit 79% of companies worldwide. 

In contrast to bulk phishing, spear phishing is a targeted attack where cybercriminals have researched their victim beforehand and use personal information they have found to make their message more believable. Meanwhile, whaling phishing attacks are particularly targeted at high-profile people to maximize gain.

Email-based ransomware attacks occupy the third spot on the list.  They affected 78% of organizations. In the meantime, business email compromise (BEC) attacks were encountered by 77% of companies. 

However, email was not the only medium where criminals tried to phish victims. Other types of phishing attacks that plagued organizations last year include smishing (74%), social media attacks (74%), vishing (69%), and malicious USB drops (64%). 

To read the full article, head over to: https://atlasvpn.com/blog/54-of-successful-phishing-attacks-end-in-customers-data-breach