Archive for August 17, 2022

The North Koreans Have A New Cyberespionage Campaign Say ESET

Posted in Commentary with tags on August 17, 2022 by itnerd

You might recall that I posted a story on North Koreans posing to get IT jobs in the US. I have a follow up on that story with a bit of a twist. ESET researchers sent a series of tweets outlining a cyberespionage campaign by North Korean APT group Lazarus that is targeting Apple and Intel chip systems via a fake engineering job post supposedly from Coinbase.

Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi had this to say:

“The North Korean APT group Lazarus has made a real name for itself with its cyberespionage campaigns, and this attack targeting developers with signed executables has the potential to inflict huge damage on North Korea’s rivals. Our research shows that the proceeds of cybercriminal activities from North Korean APT groups are being used to circumvent international sanctions and gather intelligence. The money from such attacks is being funnelled directly into the DPRK’s weapons programmes, and any intel gathered could also be used against its enemies.”

“A key component of the attack is the use of a signed executable disguised as a job description. Code signing certificates has become the modus operandi for many North Korean APT groups, as these digital certificates are the keys to the castle, securing communication between machines of all kinds, from servers to applications, Kubernetes clusters and microservices. We’ve seen countless times how North Korean hackers use signed certificates to access networks, passing malicious software off as legitimate and enabling them to launch devastating supply chain attacks. Incidents such as the 2014 Sony Hack, or the $101 million heist of the Bangladesh Bank via the SWIFT banking system, have demonstrated North Korea’s long-standing interest in the malicious use of machine identities. This attack makes use of a similar technique so could deal similar damage as Lazarus understands machine identity and exploits it so effectively, whilst it’s still such a blind spot for many organizations.”

The North Koreans are clearly looking for new angles to get whatever it is they are looking for. Which of course is bad for all of us. Thus businesses everywhere have to be on guard for whatever they have planned next.

Leave a comment »

Digital Ocean Indirectly Pwned In Attack On Mailchimp

Posted in Commentary with tags on August 17, 2022 by itnerd

Digital Ocean says some customer email addresses were exposed due to a recent ‘Security incident’ at email marketing company Mailchimp.

  • On August 8th, DigitalOcean discovered that our Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain. 
  • From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed. Out of an abundance of caution, we are currently sending email communications to those impacted. 
  • A very small number of DigitalOcean customers experienced attempted compromise of their accounts through password resets. These customers’ accounts have been secured, and have been contacted directly. 
  • As of August 9th, we have migrated email services away from Mailchimp. 
  • No customer information other than email address was compromised, however, we recommend increased vigilance against phishing attempts in the coming weeks, in addition to enabling two-factor authentication on your DigitalOcean account. 

Charming. This is similar the Toronto Symphony Orchestra ransomware hack from a couple of weeks ago. Which is that this was a supply chain attack.

Mark Bower, VP of Product, Anjuna Security:

“There are three things attackers go for – credentials, code and keys, irrespective of platform or architecture. From there, it’s access to sensitive data, sometimes en-masse and catastrophic. The first is the human problem and the easy button for attackers with trusted email being a great place to start to obtain escalated privilege and control, as in this case. But businesses have to look out for insider risk and also get past the unsustainable patch sprints that leave system’s open to compromise like Log4J did to the industry. Escalated privilege – from insiders, attacks, or vulns leaves a massive gap in defenses: operating memory data theft has been missing from risk conversations because it’s not been easy to protect until the arrival of new techniques like confidential computing. With more and more data staying persistent in memory for speed, cloud latency reduction and scaling, it’s becoming a considerable risk – mitigations must therefore include it today and on CISO’s near term roadmap.”

If you take this hack combined with the indirect attack on the TSO, companies should get the message that they have to assess their attack surface including the third party services that they use and see what their risks are. That way they take steps to make sure that they don’t pwned directly or indirectly.

Leave a comment »

94% of CDOs Say That Data Privacy Tech Would Increase Revenues: TripleBlind

Posted in Commentary with tags on August 17, 2022 by itnerd

TripleBlind today released survey findings showing 94% of CDOs surveyed from healthcare organizations and financial services firms agree that deploying data privacy technology which enforces existing data privacy regulations would result in increased revenue for their organization.

Mark Bower, VP of Product, Anjuna Security:

     “Gone are the days of set and forget on a privacy compliance assessment: organizations have to balance responsible data collection to amplify business for shareholder value, while balancing risk of data leakage or inappropriate access that is naturally amplified by cloud adoption and data sharing. However, newer data security and privacy enhancing technologies must also be embraced to protect consumer data during use – such as confidential computing which is quickly finding a role in solving complex problems of separating data from unauthorised users, the clouds own IT, insiders, and attackers while enabling workload use. This new approach allows enterprises to share and collaborate on vast amounts of data, enabling outcomes and insights without exposing each parties own highly prized data assets including customer data, AI/ML models, Intellectual property – far more than just regulated data. This is a win-win for the CISO, business and customers, and available now in every major cloud provider.”

I read the report and this might mark a change in how data privacy is perceived. It’s now clearly seen as a must for business. That’s a good thing as that’s going to make us all safer.

Leave a comment »

Dasera Hits New Growth Milestones and Announces New Major Release

Posted in Commentary with tags on August 17, 2022 by itnerd

Dasera, the leader in helping organizations operationalize their data governance programs, announced some of its Q2-2022 results today. Since its initial product launch in July 2021, the company has been growing exponentially, tripling the number of clients every quarter. The most recently acquired customers ranged from well-known startups to multinational corporations, with existing customers expanding their usage of Dasera’s platform after piloting the product.

Dasera reached a record number of new customers this quarter by closely working with the clients and better understanding their needs. Starting from positioning itself as a data security startup, Dasera transformed into a data governance company that prompts a cross-functional collaboration of the Security, Data, and Legal teams.

Following a slight expansion of the platform’s capabilities, Dasera delivered a better solution to its customers and experienced significant growth. The company’s customer list has tripled twice since the transformation to data governance. Such an observation signals a stronger product/market fit and proves the demand for tools that help operationalize data governance.

The second quarter of 2022 has been particularly successful for Dasera. The company closed nine new customers, ranging from financial services companies to multinational food corporations. In addition to showing the need across multiple verticals, Dasera was able to help clients solve critical problems in their data governance programs. Three example use cases follow.

A customer in the financial services sector was worried about improperly stored PII and turned to Dasera to solve the problem. Dasera automatically monitored PII in non-sanctioned locations, resulting in 100% of the data being properly classified and non-compliance events being detected immediately. The client was extremely satisfied with the results and expanded its license by four-fold this quarter.

In a second use case, a client in the software development industry was struggling with the speed at which the data access requests were processed and the ongoing inability to govern those requests after access was granted. Dasera’s solution created a single platform that provided all the necessary contextual information that enables a quicker decision-making process. The access requests were redirected to decision-makers through appropriate channels in a timely manner, accelerating the requests’ approval process by three-fold. In addition, the client now has the ability to automatically monitor these new access grants on an ongoing basis, to ensure that employees don’t inadvertently get access to more sensitive data due to data sprawl.

The third customer, a multinational food corporation, experienced a problem with inconsistent data tags within data stores. Before getting onboarded by Dasera, the customer was tagging data manually, resulting in inaccuracies and a lack of an accurate data inventory. Dasera improved tag coverage from 37% to 100% by using automated workflows instead of manual processing. As a result, the customer plans to expand its contract with Dasera by more than 6-fold next quarter.

The above-mentioned use cases illustrate Dasera’s customer-centric approach and dedication to solving clients’ pain points. With Dasera, clients can operationalize their data governance programs: they can have a real-time inventory of their data; automatically enrich their data with metadata; know exactly where it’s stored and how it’s used; continually govern their data; and keep their security, data, and compliance teams completely in sync.

Crater Lake: A New Major Release

Dasera regularly co-creates with its customers to deliver the most value possible. As a direct result of this customer input, Dasera is announcing the availability of its new Crater Lake 5.0 release. Crater Lake allows customers to identify and onboard key data decision-makers from the Security, Data, and Compliance teams, including Data Owners & Stewards; provides them with object-level data and user access visibility; and enables sharing context across the ecosystem with Dasera APIs. To learn more about the new release, visit their blog here.

Leave a comment »

Telstra Appoints Eric Dalessio to Head Customer Service Delivery for the Americas

Posted in Commentary with tags on August 17, 2022 by itnerd

Telstra has named Eric Dalessio as Vice President, Customer Service Delivery, for the Americas, responsible for driving digital transformation and business growth across the region while playing a key role in redefining the Telstra customer experience.

Dalessio takes on his new role at a time when customer expectations of a network service provider are higher than ever, in terms of response times, creative solutions and ongoing support. To meet and exceed these expectations, Dalessio and his team will work across the enterprise and wholesale business to identify new ways to onboard and use Telstra’s digital tools, efficiently manage service and delivery teams, and work with customers as a true business partner for long-term growth.

Dalessio has been with Telstra for 20 years, holding a range of leadership positions within the operations department and successfully managing several large-scale global projects to reinforce Telstra’s position as a leading network solutions provider.

Dalessio has a Bachelor of Science degree from the State University of New York at Cortland.

Leave a comment »

Guest Post: One in four Russians downloaded VPN apps in H1 2022, a global study reveals

Posted in Commentary with tags on August 17, 2022 by itnerd

The latest updates for the Global VPN Adoption Index created by Atlas VPN reveal that in H1 2022, VPN downloads reached 215 million. The most significant shift in the market was recorded in Russia, where nearly one-fourth of the population downloaded VPN services.

Prior to H1 2022, VPN penetration in the Russian Federation was somewhere between 3% to 9%. However, in March 2022, the Russian court banned Facebook and Instagram, labeling its parent company Meta as “extremist”. 

These restrictions caused an unprecedented upshift in VPN demand. The VPN usage in Russia reached record heights, totaling 35 million downloads in six months, putting VPN adoption at 23.94%. In other words, nearly 1 in 4 Russian citizens downloaded a VPN application in H1 2022. 

On a similar note, Ukraine made it to the tenth position of VPN adopters globally, with 4.2 million downloads and a 9.62% penetration rate. 

The VPN Adoption Index by Atlas VPN overviews country-by-country VPN statistics and explores why VPNs are so prevalent in those nations. 

VPN adoption refers to the percentage of the country’s population that downloaded VPN applications in the given period. The data for the analysis was extracted from Google Play Store and Apple App store using Sensor Tower and App Tweak services. 

To read the full article, head over to: https://atlasvpn.com/blog/one-in-four-russians-downloaded-vpn-apps-in-h1-2022-a-global-study-reveals

Leave a comment »

Does Having Mesh WiFi Slow Down Your Access To The Internet? Let’s Find Out! Plus Some Tips To Help You Deploy Mesh WiFi For The Best Coverage

Posted in Commentary on August 17, 2022 by itnerd

I got an email from a reader asking me about using mesh WiFi versus having a single router that supposedly will cover a large area. The reason for this person’s question is that they are moving into a large property of about 3000 square feet and their concerns are two fold:

  • Will a single router cover that area?
  • Will a mesh router slow down my Internet access?

The first question can be answered this way. Yes a single router may in theory cover the property. But there may be spots on the property that it may not quite reach. And it may have to deal with walls and other people’s WiFi that would make that option less than ideal. That makes the mesh router a better option as for the areas that you can’t quite reach, you can stick a properly placed mesh node in the area to improve your coverage.

Now let’s go to the second question. Will a mesh router slow down their Internet acces?. I dug into this a bit more and discovered that they were afraid that a mesh node (let’s call this the primary node) connected to the modem from their ISP would have faster speeds than a mesh node (let’s call this the secondary node) that is connected to the primary node wirelessly. Now that’s an interesting question. So I decided to conduct an experiment seeing as I currently own a ASUS ZenWiFi AX XT8 which is a mesh router. The experiment was to do speed tests at each node, and note how much slower that it did or didn’t get along with anything else that I noticed. And for bonus points, I would also do a speed test from the far end of my condo, but in range of my secondary node to see what the speed was. Granted I am dealing with a sub 1000 square foot condo and not 3000 square feet, but it should give me an idea of what to expect.

Let’s start with my primary node which is connected to my Bell Fibe Internet connection. Here’s the speed that I am getting from within 6 feet of this node:

So the download and upload speeds are what I would expect from a WiFi 6 connection from a node that’s directly connected to the Internet. But take a look at the idle ping time. It’s five milliseconds which is pretty low seeing as the HH4000 which this primary mesh node is connected to reports a consistent 1 millisecond Idle ping time.

Let’s move on to the secondary node and see what results we get:

Well, the upload speed dropped by about 14%. And the download speed dropped by about 10%. And the idle ping time went up to 8 milliseconds from 5. I suspect that some of this is due to the fact the speed test had to take an extra hop to get to the Internet. By that I mean:

  • The first speed test went from the primary node out to the Internet directly.
  • The second speed test went from the secondary node, to the primary node, to the Internet.

Another factor is that this secondary node is connecting wirelessly via a feature called a wireless backhaul. Let me go down the rabbit hole on this. This ZenWiFi AX XT8 has three WiFi bands:

  • 2.4 Ghz up to 300 Mbps
  • 5 Ghz up to 1201 Mbps
  • 5 Ghz up to 4804 Mbps

You can set it up to have that 5 Ghz 4804 Mbps band (that speed is calculated in ideal conditions which don’t exist outside a lab by the way) to be reserved simply to connect to other nodes and not be available for anything else. This is how I run my XT8 system. That sounds great, but the wireless backhaul is subject to the same limitations as laptops, tablets and smartphones that use WiFi. The further you are from the access point, the slower your connection will be. Or in the case of wireless backhaul, the further the secondary node(s) are from the primary node, the slower the connection will be. And that doesn’t take into account that there may be a wall or two that it has to deal with along the way, or neighbouring WiFi access points to deal with. So in my case, seeing as there’s about 10 meters (32.81 feet) roughly between my primary node and secondary node with a concrete wall in between, combined with the fact that the XT8 mesh router uses WiFi 6 for the wireless backhaul which has range limitations versus earlier versions of WiFi, and there are about 20 other access points that this XT8 has to deal with, the numbers that I got seem to make sense.

Now onto the bonus round. What happens when I go to the far end of my condo and do a speed test as that introduces another wall into the mix while connected to the secondary node. Here’s the result that I got:

Now the speeds dropped again. The download speed dropped by 20% versus the previous test. And the upload speed dropped by 47% versus the previous test. Strangely the ping time improved by 1 millisecond (which was something that I was able to repeat). But it validates the fact that the further away you get from the node, the slower your WiFi connection will get.

So what did I learn from this? Well, I was able to validate the person’s concern. Which is there is a bit of a speed penalty by using a mesh setup. However, the speed penalty that I see here isn’t that much of a penalty as the worst case here is well above 300 Mbps in either direction. And the ping times are still in the single digits which is more than enough for a Zoom or Teams call, or binge watching something in 4K on Netflix.

But if this speed drop does bother you, there is a way that you can avoid it. If the option is available to you, use a wired backhaul by running Ethernet cables to the locations the nodes will be located in. That will guarantee gigabit or better (depending on the router and what type of Ethernet ports that it has, be it 1 Gbps, 2.5 Gbps or 10 Gbps) backhaul speeds which in turn will make the speeds you get from each node consistently fast. Now this may not be possible as it might require too much work to retrofit Ethernet runs into your home, but it is an option for the best speed possible if that really matters to you.

The other thing that I learned from this is that the further that you get from the router, and the more obstacles such as walls and other WiFi from all around you that you have to deal with, the slower your connection will be. Though in my case, it was still good enough to do a Zoom or Teams call, or watching a 4K show on Netflix. Thus that validates that a single router is likely not ideal for this use case. But it is still usable. Assuming that you don’t have to deal with any dead spots of course.

Thus my recommendation to the person was:

  • Buy a mesh WiFi router that explicitly states that it has support for a wired and wireless backhaul. That way they have options in terms of how they want to deploy it.
  • Start with two nodes if they’re using a wireless backhaul. A good rule of thumb is to place the second node halfway between the primary node that’s connected to the Internet and the dead zone, but limit the distance to no more than two rooms, or about 30 feet. Then see if you have the coverage that you want.
  • If they need more coverage, follow the above with each additional node.
  • If they have multiple floors, try placing the nodes on the landing of each floor. And then go back to my second point if you need to add additional nodes after that.

Now if you’re using a wired backhaul, you might have a bit more or less freedom in terms of where you could place each node depending on where your electrician put your Ethernet jacks. But one rule of thumb is that I don’t have the cables that connect the node to the Ethernet jack longer than six feet to make sure it doesn’t create a tripping hazard or some cat decides to chew on it (That has happened to a client of mine. That forced them to hide the Ethernet cables in wiremold to keep the cat from munching on them. Strangely, the cat never went after the power cables). But the tips above will help you to make sure that you don’t have dead spots in a wired backhaul use case.

If you have questions about this, please leave a comment below or drop me an email and I will do my best to help you out.

6 Comments »