Archive for June 27, 2024

LockBit Pwns Evolve Bank & Trust And NOT The Federal Reserve

Posted in Commentary with tags on June 27, 2024 by itnerd

Remember when I told you that the infamous ransomware group LockBit claimed to have pwned The Federal Reserve? Well that turns out to be incorrect because yesterday, Evolve Bank & Trust confirmed in an online statement that hackers stole retail bank and financial technology partners’ customers’ information and posted it on the dark web. Here’s the connection to the Federal Reserve. The documents that were posted in relation to the alleged Federal Reserve hack actually belonged to Evolve.

“33 terabytes of juicy banking information containing Americans’ banking secrets,” claimed LockBit on its leak site.

The bank said it is investigating the incident and it appears the hackers have released data including Personal Identification Information that varies by individual but may include:

  • Name
  • Social Security Number
  • Date of birth
  • Account information
  • Other personal information

Earlier this month, Evolve was subject to a Federal Reserve enforcement action and Tuesday LockBit’s dark web post linked a press release about the enforcement action alongside a collection of information apparently taken from the institution’s systems. 

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

   “Once an organization experiences a breach, and the smoke begins to clear after a deep investigation into what happened, the biggest question they need to ask is, “What do we do next?” Everything in the networking environment is now suspect, possibly riddled with other exploitable vulnerabilities and weaknesses that likely remain hidden. Teams must find the attack path that allowed the breach to happen, and they must uncover other attack paths that could enable it to happen again.

   “Now is the time to thoroughly assess the entire networking environment, both on-premises and cloud, but that could take months if not longer. And as one area gets assessed, and human assessors move on to the next, changes have already taken place in areas that were previously marked as secure. This is the time when autonomous assessment solutions meet a critical need.

   “These technologies are designed to find the original attack path (if it still remains a mystery) and other attack paths that remain unknown. Acting as force multipliers for human assessors, autonomous assessment solutions never tire as they scan the entire environment looking for other weaknesses such as easily compromised credentials, additional exposed data, unidentified software misconfigurations, inadequately implemented security controls, and unenforced security policies.

   “Some of these issues were probably uncovered by attackers when defenses were breached the first time. If they are not resolved now, the inescapable will likely happen again.”

At this point, Evolve has some explaining to do given the fact that it was subject to an enforcement action from the Federal Reserve. And Evolve’s customers will be waiting to hear those answers.

Leave a comment »

Action1 Achieves CSA STAR Level 1 Certification and Signs CISA’s Secure by Design Pledge

Posted in Commentary with tags on June 27, 2024 by itnerd

Action1 announced today it has secured Security, Trust & Assurance Registry (STAR) Level 1 Certification from the Cloud Security Alliance (CSA), the world’s leading organization promoting the use of security best practices within cloud computing and helping foster secure cloud environments through education. Additionally, Action1 has signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. These initiatives underscore Action1’s commitment to internal security and solidify its position as a trusted vendor in the cloud-based patch management space.

As Action1 has achieved CSA STAR Level 1 successfully, it is now listed in CSA’s publicly accessible registry. The STAR registry lists cloud solutions from vendors that follow the strictest security and privacy controls, facilitating users in identifying vendors dedicated to maintaining data confidentiality, integrity, and availability. The CSA STAR program is recognized as the industry’s most powerful program for security assurance in the cloud.

Action1 is a cloud-native patch management platform enabling enterprises to rapidly discover and remediate vulnerabilities with a 99% patch success rate. It helps understaffed IT teams save time and reduce costs by streamlining third-party patching, including custom software, and OS updates, all fully integrated with full feature-parity and uniformity.

By signing CISA’s Secure by Design Pledge, Action1 has joined cybersecurity industry leaders in a unified commitment to enhancing software security standards. This pledge represents a significant step in ensuring that security is a foundational element in software development and is part of CISA’s global Secure by Design initiative, launched last year, which implements the White House’s National Cybersecurity Strategy.

These initiatives exemplify the high security standards of the Action1 cloud-native platform, which is also certified for ISO/IEC 27001:2022 and SOC 2 Type II by independent auditors. Visit action1.com/security to learn more about these certifications.

Leave a comment »

Sage study reveals IT channel partners embrace advisory roles to boost SMB digital agility

Posted in Commentary with tags on June 27, 2024 by itnerd

A new study from Sage reveals the evolving role of technology channel and reseller partners in the U.S. and Canada. The study indicates a shift from point solutions providers and integrators to strategic advisors for SMBs, unlocking significant growth opportunities and paving the way for greater digital agility.

The report, Small and medium-sized business demand for digital advisory services fuels IT channel growth’, surveyed 2,800 technology channel decision-makers globally, including in the U.S. and Canada, to better understand the key drivers impacting the IT channel and reseller market today. 

The research highlights that the majority of technology resellers in the U.S. (59%) and Canada (52%) have shifted their focus toward providing strategic advice and services, aiming to improve SMBs’ ability to swiftly adapt to market shifts, new technological breakthroughs and evolving customer demands.

The report found that almost three-quarters of SMBs in the U.S. (73%) and Canada (74%) see investing in digital agility as a high priority, believing it will drive business growth (30%), followed by enhance competitiveness in the U.S. (25%), and increase efficiency in Canada (26%). 

Key findings include:

  • Shift to Advisory Roles: U.S. and Canadian channel leaders are split on what is driving the shift to advisory roles with U.S. leaders citing the use of technology and data analytics for personalized solutions (59%), increased competition in the market requiring differentiation and value-added services (57%) and desire to build stronger customer relationships (55%). In Canada, leaders attribute the shift to the need to keep up with shifting customer demands (56%) and building stronger customer relationships (53%).
  • Digital Agility of SMBs: Almost two-thirds of Canadian SMBs (64%) and half of SMBs (51%) in the U.S. are recognized as ‘fairly digitally agile’ by channel leaders, highlighting their quick adoption of technologies that enhance efficiency and customer experience. However, only 39% of U.S. and 28% of Canadian partners feel SMBs are adequately prepared for future disruptions. Continuous investment in digital tools and training, supported by channel partners, is essential for maximizing the benefits of a digital-first approach. 
  • Challenges in Driving Digital Agility: The report identifies the main obstacle preventing channel partners from effectively supporting SMBs as the complexity of technology and integration processes. In the U.S., channel partners face significant challenges in providing advisory services, primarily due to keeping up with evolving technology and balancing priorities (both at 48%), along with SMB resistance to advisory services (45%). Similarly, in Canada, nearly half of the channel partners (47%) cite the complexity of technology and integration processes as the top hindrance to supporting SMBs’ digital agility journey.
  • Adoption of Innovative Technologies:  The majority of U.S. channel partners are focused on driving the adoption of innovative technologies (59%), while 52% of Canadian resellers are prioritizing offering strategic advice and solutions. This is to ensure that SMBs not only access but effectively utilize technology to enhance responsiveness and competitive edge in a rapidly changing market.
  • Critical Technologies: Channel leaders in both Canada (62%) and the U.S. (56%) believe cybersecurity solutions are the most instrumental in fostering digital agility. AI and automation followed closely, with 58% in Canada and 56% in the U.S. finding these as the second most critical technologies. Focusing on these areas can enhance SMB efficiency, and security.

Sage’s research underscores the importance of deepening collaboration between IT resellers and SMBs to fully harness new technologies and enhance resilience against market changes. By focusing on areas like cybersecurity, digital transformation, and operational efficiency, IT resellers can boost their growth while helping SMBs successfully navigate these challenges.

Summary of methodology 

The research questioned 2,800 decision makers in the tech industry whose company resells tech and IT supplies/services for various businesses in Canada, France, Germany, Portugal, South Africa, Spain, the United Kingdom and United States. The interviews were conducted in April and May 2024. 

This online survey was conducted by market research company OnePoll, in accordance with the Market Research Society’s code of conduct.  

Leave a comment »

Review: Western Digital My Passport SSD 1TB

Posted in Commentary with tags on June 27, 2024 by itnerd

This review started off in a weird way. A client of mine bought this at Best Buy because he saw some of the marketing claims on the box and figured that the Western Digital My Passport SSD in the 1TB size must be fast. But when it didn’t “feel” fast to him, he asked me to look at it because he figured that it was him and not the drive. Well, the short answer is that it’s the drive. But before I get to what I mean by that, let me give you a look at the drive in question:

In the box you get the drive (you do get to choose between 5 colours), a USB-C cable, and a USB-C to USB-A adapter. This is a good start as USB-C is used on the drive which means that getting replacement cables will be easy. On the drive itself is backup software which is likely more useful for PC users than Mac users who should use Time Machine instead. Though they will have to format the drive before that as the drive comes out of the box formatted for ExFAT. The drive itself is light despite being made of metal and feels solid enough. It claims to be shock resistant up to a 6.5 foot drop. Though I did not test that. And when I tried transferring files to it, it got warm to the touch. Which is fine as I have seen SSD drives get hot to the touch. This drives also supports 256-bit AES hardware encryption for those who are paranoid about keeping their data safe.

Now over to the testing part. Here’s a picture of the box that it came in so that I can show you the speed claim that Western digital makes:

Note the part that it says “Up to 1050 MB/s”. Flipping the box over and reading the fine print, they’re referring to read speed. And looking at the Western Digital website the company also says that it has up to 1000 MB/s write speeds. Those are very bold claims. But here’s what I got when I plugged the drive into my M1 Pro MacBook Pro which has Thunderbolt 4 via the included USB-C cable:

So I was able to confirm that Western Digital was correct on the write speeds as it hit 967.38. But the read speeds was significantly slower than what Western Digital claims. As in around 25% slower. I repeated this test on a PC with Thunderbolt 3 via the included USB-C cable and got similar results. So that suggests that it’s not the computer or the cable that’s responsible for those read speeds. Or lack thereof. It’s the drive that’s responsible. But to be fair to Western Digital. They did say “up to” so just like ISP’s who use that term to cover themselves when the Internet connections aren’t up to the speeds that they advertise, Western Digital has covered themselves. But this explains why the client felt the drive was “slow.” A 5% or even a 10% difference in read speed would likely not have been noticed by most people. But 25% will be noticed by most people. Also to be fair to Western Digital, this speed doesn’t suck. But it doesn’t measure up to the claims on the box.

Now does that mean that you should not buy this drive? As long as you’re not expecting the drive’s read speed to match what’s on the box, go ahead. It’s MSRP is $100 CDN so it’s not a lot of cash to spend. Just make sure you buy it direct from Western Digital or shop around as buying it from Best Buy will cost you $30 more for no good reason.

Leave a comment »

White House Serves Up An Executive Order To Protect Private Data

Posted in Commentary on June 27, 2024 by itnerd

The White House has served up an executive order on protecting private data:

The President’s Executive Order focuses on Americans’ most personal and sensitive information, including genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information. Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services. This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy.

Companies are collecting more of Americans’ data than ever before, and it is often legally sold and resold through data brokers. Commercial data brokers and other companies can sell this data to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.

The sale of Americans’ data raises significant privacy, counterintelligence, blackmail risks and other national security risks—especially for those in the military or national security community.  Countries of concern can also access Americans’ sensitive personal data to collect information on activists, academics, journalists, dissidents, political figures, and members of non-governmental organizations and marginalized communities to intimidate opponents of countries of concern, curb dissent, and limit Americans’ freedom of expression and other civil liberties. 

 Madison Horn, Congressional Candidate (OK-5) had this comment:

This executive order is a critical response to the escalating risks posed by our current geopolitical climate and the surge in ransomware attacks. Enterprise CISOs and CIOs will need to reassess their data management strategies to align with stringent new regulations aimed at preventing the large-scale transfer of Americans’ personal data to countries of concern and providing essential safeguards. The focus on protecting Americans’ most personal and sensitive information, including genomic, biometric, health, geolocation, and financial data, will necessitate significant enhancements in security measures. This order is particularly vital for safeguarding the military and national security community from foreign exploitation, emphasizing the need for increased collaboration with legal and compliance teams to navigate these regulatory changes effectively.

In light of the executive order, CISOs and CIOs must take immediate and concrete actions to mitigate risks and protect national security. Initially, conducting comprehensive audits of current data-sharing practices is essential to identify potential vulnerability and ways to reduce the attack surface. Evaluating current data protection protocols, such as access management, especially for sensitive data categories such as genomic, biometric, personal health, and geolocation information, will be critical to prevent potential exploitation by foreign entities. Establishing clear lines of communication with federal agencies and maintaining vigilance on evolving regulations are crucial. By leveraging the directives of this order, organizations can work in collaboration to significantly reduce risks, safeguard individuals’ personal information, and bolster national security against foreign exploitation and cyber threats, ensuring the protection of both civilians and the military or national security community.

This executive order is a win for Americans because this sort of data needs to be protected. And if companies won’t do the right thing on their own. I am all for forcing them to do the right thing.

Leave a comment »

Report Shows That SaaS Apps Are Biggest Targets Of Cyber Attacks

Posted in Commentary with tags on June 27, 2024 by itnerd

According to a recent report, the growing cloud usage across enterprises is driving an accompanying growth in the potential attack surface for threat actors, with cloud delivered SaaS apps cited as the top target for cyber attacks (31%) followed by cloud storage and cloud management. Further, with over half of organizations using more than 25 SaaS applications-—some of the most popular examples including Microsoft 365, Snowflake, Databricks, Salesforce and Google Workspace— and 47% of corporate data in the cloud being sensitive, securing the cloud is increasingly complex and a significant challenge for security teams.

 Glenn Chisolm, Co-Founder, Obsidian had this to say:

“That SaaS is one of the top targets for cyber attacks is unsurprising. Having handled hundreds of SaaS incidents with our incident response partners, we see SaaS threats become a rising concern for organizations. SaaS breaches have grown 4x in the last year. And while configuration issues may lead to IaaS breaches, identity forms the fulcrum of SaaS breaches—leading to over 80% of the breaches. These include attacks like help desk social engineering, self-service password resets (SSPR), or attacker-in-the-middle (AiTM). SaaS posture issues as well as data security and governance gaps form the other two key drivers of SaaS breaches.”

Concerns over SaaS security have a few of my clients rethinking their SasS strategies and some have even moved back to on premise if possible. Because they believe that they can trust themselves more than a SaaS provider. They may not be wrong on that front.

Leave a comment »