Archive for February 1, 2024

Carahsoft & Fortra Announce A Distribution Partnership 

Posted in Commentary with tags on February 1, 2024 by itnerd

Fortra and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced a partnership. Under the agreement, Carahsoft will serve as Fortra’s Public Sector Distributor, making its products available to the Public Sector through Carahsoft’s reseller partners and GSA Schedule, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2) and OMNIA Partners contracts. 

Fortra’s security solutions empower organizations to protect on-premise, cloud or hybrid environments with confidence. Its comprehensive portfolio offers agencies a wide array of solutions and managed security services that are easy to deploy and is designed to be the only resource an organization needs when conceptualizing and implementing new cybersecurity strategies. Fortra is dedicated to staying ahead of the rapidly changing cybersecurity landscape so that it can provide customers with solutions ready to combat the latest threat. 

Fortra’s solutions are available through Carahsoft’s GSA Schedule No. 47QSWA18D008F, SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042 and OMNIA Partners Contract #R191902. For more information, contact the Carahsoft team at (571) 591-6280 or Fortra@carahsoft.com

Leave a comment »

FBI Warns That Chinese Hackers Are Prepping To ‘Wreak Havoc’On US Critical Infrastructure 

Posted in Commentary with tags , on February 1, 2024 by itnerd

Yesterday, FBI Director Christopher Wray, the head of the NSA and other senior officials addressed the House Select Committee on the Chinese Communist Party with an unprecedented public warning that Chinese hackers are preparing to “wreak havoc and cause real-world harm” to the US:

Chinese government hacking efforts now target the entire American populace, and the escalating urgency of the overall threat that China poses to U.S. national security requires more investment in the FBI’s capabilities, FBI Director Wray warned lawmakers during a January 31 appearance before the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party. 

“I do not want those watching today to think we can’t protect ourselves,” he told legislators. “But I do want the American people to know that we cannot afford to sleep on this danger.” 

China’s quest to steal American intellectual property to gain an economic and militaristic edge over the United States—through nefarious cyber means and traditional espionage, alike—hasn’t let up. But the scope of its malicious cyber activities has expanded to target our nation’s critical infrastructure, Wray told lawmakers during the hearing, which looked to gauge the risks that CCP cyber efforts poses to U.S. national security. 

“There has been far too little public focus on the fact that PRC [People’s Republic of China] hackers are targeting our critical infrastructure—our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems,” Wray told the committee during his opening remarks. “And the risk that poses to every American requires our attention now.” 

China’s state-sponsored hackers are posturing themselves to be able to take down these vital resources at a moment’s notice. That way, if conflict breaks out between the U.S. and China, they can cripple those resources and do direct harm to U.S. citizens, Wray explained. “Low blows against civilians are part of China’s plan,” he said. 

HYAS CEO David Ratner had this comment:

“Critical infrastructure is unfortunately too vulnerable to a variety of attacks, and we need to focus on cyber resiliency across the board or risk not just the interruption of basic services but potentially loss of human life.   Bad actors will continue to find new vectors to try and wreak havoc; the only path forward is proactive intelligence and overall operational resiliency to ensure that each new attack is handled quickly and efficiently, before damage ensues.  The time to act is now.”

I’m going to go out on a limb and say that the US aren’t the only targets of these hackers. Chances are that other countries are in the same boat. Which means that it’s time for them to step up their security game, or really bad things will happen to those who don’t.

UPDATE: Mark B. Cooper, President & Founder, PKI Solutions adds this comment:

   “The warning from FBI Director Christopher Wray about Chinese hackers targeting US infrastructure emphasizes the sense of urgency needed to improve the security of core systems to critical infrastructure.  It’s no longer safe to assume these core systems like Identity and Encryption are resilient; organizations need to manage the security posture of each of their critical systems. These measures are essential in ensuring vulnerabilities are identified and mitigated properly, reducing the risk of exploitation by malicious actors.”

Leave a comment »

I Question The Security Of Freedom Mobile’s Freedom My Account Web Portal

Posted in Commentary with tags on February 1, 2024 by itnerd

My wife and I have been customers of Freedom Mobile since the end of the year. And I have to admit that one thing that does give me cause to pause is the Freedom My Account Web Portal located at https://login.freedommobile.ca. I say that because in the age of SIM swap attacks, I question if this web portal can adequately defend against a threat actor who wanted to do either or both.

First let me explain what a SIM swap attack is. This is where a threat actor takes over the SIM card on your cell phone by porting the number from the SIM card in your phone to a SIM card inside a phone that they have control over. Why would they want to do that? Well, if you have text message based two factor authentication set up, those authentication messages will now come to the threat actor’s SIM card instead of yours. Which means that if they already have your user name to a given online account that relies on two factor authentication, you’re pwned because they can reset the password to said account to get in, assuming that they don’t already have the password. If you want an example of how bad a SIM swap attack could be, take a look at this article written by Brian Krebs on a very large scale SIM swap attack that affected 130 organizations.

Here’s a couple of examples of why SIM swap attacks are dangerous. Late last year I wrote about telephone scams from threat actors pretending to be Rogers, TELUS, or Bell, offering great deals and a new phone to the unsuspecting. But in reality, what the threat actors were doing was that they were trying to get victims to hand over the two factor authentication codes that victims got via email or text message so that they can get into the victim’s account and order a new phone for shipment overseas. Now imagine if they could just focus in on the text message group by doing a SIM swap so they don’t even need to call you to do that. Or how about this? A threat actor does a SIM swap attack and is able to get the two factor authentication codes for your bank account. Then they proceed to drain your bank account dry. Clearly these are non trivial results of a SIM swap attack, which is why the security that telcos provide to stop these attacks need to be top shelf.

Now here’s why I question if Freedom Mobile is doing enough on this front. When you go to https://login.freedommobile.ca, you see this:

Here you will be asked to enter your Freedom Mobile phone number and a four digit PIN number that you chose when you set yourself up to access this web portal. Realistically, Freedom Mobile needs to have proper accounts with proper passwords. And have a password complexity requirement. For example, all passwords need to be a minimum of eight characters with one capital letter, a number, and a special character ($%#& for example). I say that because I can see a scenario where a threat actor who tries a credential stuffing attack by trying various combinations of the PIN number to see if they can get into the account. To be fair, I have not tested this which means that I have no idea if Freedom Mobile can defend against this attack. But seeing that only four digits are in play here, if I were a threat actor, that’s what I would try first as I have “only” 9999 possibilities to work with. Which from a security perspective is pretty weak.

The other thing that Freedom Mobile should do is move away from delivering the two factor authentication via text message. I say that because of this:

Once you enter your Freedom Mobile number and enter the PIN you get to choose the phone number that you want a text message with a two factor authentication code delivered to, and confirm that phone number.

Here’s where you get to enter the security code that you get via text message.

Now I will admit that there’s a lot of hoops that a threat actor would have to hop through to pull an attack on Freedom Mobile off. But as evidenced by the Brian Krebs story, threat actors if they are motivated enough and believe that there’s value in doing so will find a way to pull this sort of attack off.

But let me hand some free advice to Freedom Mobile to help them to kill off this potential attack vector. My current bank of choice is CIBC. Their mobile app has an option to receive verification codes via push notification rather than text. So if you try to log into the CIBC website, you’ll get a push notification on your phone as long as the CIBC app is installed on your phone. That does two things. First a SIM swap attack won’t work because it’s not tied to your phone number. Second, if your phone gets stolen you can kill push notification access to that phone. Now for Freedom Mobile to do something like this, it would require them to do a real phone app rather than the one that they presently have which only replicates the exact functionality of https://login.freedommobile.ca in a mobile friendly way. But that would be something that would be a worthy endeavour in my opinion.

Now I will put it out there that I could be completely off base here and Freedom Mobile may have security measures “behind the curtain” so to speak that addresses my concerns. If they do and they are willing to go on the record about how they protect customers from this sort of attack, I’d love to hear from Freedom Mobile about this and publish a story with their response. To be clear, I don’t expect them to tell the world exactly what they are doing. But Freedom Mobile addressing these concerns would be a smart move on their part because I am sure that their customers would love to hear how they are being protected from SIM swap attacks among other threats that exist in the world in 2024.

2 Comments »

A Novel Malware Campaign Is Targeting Docker

Posted in Commentary with tags on February 1, 2024 by itnerd

Cado researchers have recently encountered a novel malware campaign, dubbed “Commando Cat,” targeting exposed Docker API endpoints – the second campaign targeting Docker since the beginning of 2024, the first being the malicious deployment of the 9hits traffic exchange application.

Commando Cat is a novel cryptojacking campaign exploiting Docker for initial access by deploying a benign container generated using the Commando Project on GitHub. It leverages Docker as an initial access vector and abuses the service to mount the host’s filesystem before running a series of interdependent payloads directly on the host. 

These payloads are responsible for registering persistence, enabling a backdoor, exfiltrating various Cloud Service Provider credential files, and executing the miner. The malware’s several sophisticated evasion techniques, including an unusual process hiding mechanism, are of particular interest. 

You can read the report here.

Leave a comment »

Fulton County Systems Are Down After They Got Pwned Over The Weekend… And There’s No Endgame In Sight

Posted in Commentary with tags on February 1, 2024 by itnerd

In a press conference earlier this week, Georgia’s Fulton County Board of Commissioner explained that a cyber-attack discovered over the weekend has affected county office phone systems and online transactions, including court filings, tax processing and other services. You can watch the press conference below:

Fulton County has more than 1 million residents and is home to Atlanta. At time of writing, it’s unclear when systems would return to normal. A source close to the matter said the court filing system could be down until February 5.

While the phone systems are down, the county website has is urging residents to email the County’s Customer Service if they have any questions.

Last year both Georgia’s Forsyth County and the government of Augusta, Georgia also dealt with ransomware attacks disrupting city systems.

And in case you were wondering, the case involving Donald Trump among others is apparently unaffected by this.

Mark B. Cooper, President & Founder, PKI Solutions had this to say:

   “The cyberattack on Fulton County, Georgia, causing widespread IT outages underlines the need for adaptive security strategies that must include a deep level of assessment of Core Systems and Critical Infrastructure like Identity and Encryption.  Technical debt from the assessments to these critical Identity and Encryption systems is complex and often needs to be addressed quickly to reduce the threat landscape.”

Given that there’s currently no light to the end of the tunnel, this should serve as a warning as to what can happen if you think that your defences are good enough rather than the best that they can be.

1 Comment »

Datadobi Caps Off 2023 with Groundbreaking Innovations & Strategic Milestones In Unstructured Data Management

Posted in Commentary with tags on February 1, 2024 by itnerd

Datadobi today announced the successful close of 2023. The year was marked by a series of notable achievements, underscoring the company’s commitment to excellence across every aspect of its business. This unwavering dedication also played a key role in helping to cement its StorageMAP platform’s reputation for transforming unstructured data from a financial, legal, and operational burden into a highly valuable and strategic business asset.

Datadobi’s 2023 achievements included: 

Bar Raising Innovation: 

Customer Success Highlights: 

Strategic Partnerships: 

  • Datadobi is Now Available in the AWS Marketplace – StorageMAP Assess Solution and StorageMAP Unstructured data management software now empower AWS customers to mitigate potential risk and cost while driving improved ESG effectiveness and optimum data value.

Awards & Accolades: 

  • Datadobi Named to 2023 CRN® Storage 100 List – StorageMAP named in the Data Management, Protection, and Resilience category. The Storage 100 recognizes industry-leading storage vendors that provide transformative, channel-friendly products and services.

Leave a comment »

GAO Finds That Agencies Lack Insight Of Critical Infrastructure Ransomware Protections

Posted in Commentary with tags on February 1, 2024 by itnerd

On Tuesday, the Government Accountability Office reported findings of a year-and-a-half long performance audit of the federal agencies charged with overseeing the manufacturing, energy, health care and transportation sectors concluding that “none” know whether protections against ransomware have been implemented.

The six agencies include: CISA, the Department of Energy, the Department of Health and Human Services, the U.S. Coast Guard, Transportation Security Administration, and the Department of Transportation.

It was found that “none have fully assessed the effectiveness of their support to sectors” as directed in the Department of Homeland Security’s 2013 National Infrastructure Protection Plan and they also haven’t “determined the extent of adoption of the National Institute of Standards and Technology’s recommended practices for addressing ransomware.”

The GAO made 11 recommendations to four agencies to, among other things, determine selected sectors’ adoption of cybersecurity practices. DHS and HHS agreed with their recommendations while the DOE and DOT partially agreed.

“Given that ransomware remains one of the most serious and concerning cybersecurity challenges to our nation’s critical infrastructure, it is vital that the SRMAs assess risks and measure the effectiveness of their support activities to better protect their respective sectors from this pervasive threat,” the report said.

Emily Phelps, VP, Cyware had this comment:

   “This situation underscores the paramount importance of intelligence sharing and collaborative, proactive cybersecurity to safeguard our nation’s critical infrastructure. By fostering an environment where information and strategies are shared across agencies and sectors, we can build a more resilient and responsive defense system.”

Mark B. Cooper, President & Founder, PKI Solutions adds this comment:

   “The GAO report reveals a crucial gap in the understanding and implementation of protections for core systems like identity and encryption in critical infrastructure. Agencies overseeing sectors like manufacturing, energy, healthcare, and transportation lack comprehensive assessments on the adoption of recommended ransomware protections. This situation also highlights the need for a more coordinated approach across agencies and a requirement for deeper level of assessment to Identity and Encryption systems. This is crucial for strengthening the operational resilience of critical infrastructure against ever changing cyber security threat landscape.”

Given how dangerous and pervasive ransomware attacks are, everyone needs to step up their game to ensure that they aren’t the next victim of a ransomware attack. Thus I hope that these agencies take the advice of the GAO and take immediate action.

Leave a comment »

Radiant Logic Delivers Trifecta of Impressive Results for Fifth Year in a Row

Posted in Commentary with tags on February 1, 2024 by itnerd

Radiant Logic, the Identity Data Fabric company, announces its 5th straight year of profitable growth, with ~40% year-over-year ARR growth, 30%+ profit margins, and remarkable customer retention of 95% to close an unparalleled year for the company. In 2023, Radiant Logic showcased unwavering resilience and adaptability through a series of strategic moves. These included continued innovation on the RadiantOne Identity Data Platform, the establishment of a dedicated partner program, and the acquisition of Brainwave GRC, a respected French-based Identity Governance and Analytics (IGA) provider.  

The acquisition of Brainwave GRC and the integration of its full suite of IGA and analytics capabilities was a perfect complement to RadiantOne’s Identity Data Management expertise, and unlocked new potential for growth and innovation. This acquisition introduces the ability to apply analytics and visibility onto an unprecedented set of correlated, normalized, and cleansed identity data. In 2023, Radiant Logic entered the Identity Analytics field for the first time, gaining swift recognition in the Gartner Market Guide as an important component of an Identity Governance and Administration solution. Looking ahead, Radiant Logic envisions sustained and substantial growth in 2024, driven by the launch of new, AI-driven capabilities on the industry leading RadiantOne Identity Data platform. 

Throughout 2023, Radiant Logic continued to demonstrate its unrelenting dedication to customers and partners with the announced expanded and revitalized Partner Program and dedicated Partner Portal. The program launch included an impressive partner roster consisting of both global security leaders and specialists in the Identity and Access Management (IAM) field, including: AWS, Wipro, CyberIAM, SDG, iC Consult, Hub City Media, UberEther, Novacoast, NetBR and CyberSolve. Radiant’s partner program has resulted in deployments at the Department of the Navy and at the Defense Information Systems Agency (DISA), among many others.  

In 2024, Radiant Logic aims to capitalize on its momentum with the introduction of RadiantOne AI and AIDA, its generative AI data assistant. RadiantOne AI complements existing technology and governance investments by correlating data from all sources and systems, providing contextual information for better decision-making across your entire identity and IT landscape. This leads to improved outcomes for organizations, including reduced time and resources required for data gathering for audits, plus fewer security gaps and increased compliance with organizational policies. 

With the new year, Radiant Logic is pleased to announce the appointment of Jim Love as Chief Revenue Officer. Love brings over 20 years of technology sales and leadership experience, most recently serving as President at Orca Security and Chief Revenue Officer at Illumio. Love aims to transform Radiant Logic’s enterprise go-to-market initiatives including global sales, partnerships, and sales operations. This strategic move will invigorate the company’s ecosystem, implement a channel-first Go-to-Market motion, and drive unprecedented growth by focusing on building meaningful relationships with our customers and partners. 

Leave a comment »