Reuters is among news outlets disclosing that the US Treasury says Chinese hackers stole documents in ‘major incident’, reporting that “The hackers compromised a third-party cybersecurity service provider and were able to access unclassified documents, the letter said, calling it a ‘major incident.’”
According to the letter from the US Treasury to the Chair and Ranking Member of the Senate Committee on Banking, Housing and Urban Affairs, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Lawrence Pingree, VP, Dispersive had this to say:
“Beijing’s routine denial of responsibility for cyberespionage incidents raises diplomatic challenges with the US in addressing such breaches effectively since there’s lack of transparency and accountability/coordination. In this case, it’s hard to tell whether it was a breach of an application’s “secret” or some form of cryptographic key. Secrets and cryptographic key management are critical elements of managing software API access and thus if deficient in some way, or a compromise occurs via a developer’s endpoint, the breach of those secrets and authentication keys can create these types of epic breaches. It’s important that systems that developers and administrators use are properly isolated by zero trust technology controls, along with robust key and secrets management processes are tested and followed.”
Former NSA cybersecurity expert Evan Dornbush follows up with this:
“The cybersecurity world is reeling from yet another high-profile breach, this time targeting the clients of security vendor BeyondTrust. This incident joins a growing list of attacks on security firms, including Okta (whose breach directly impacted BeyondTrust as a customer), LastPass, SolarWinds, and Snowflake.
“In today’s interconnected landscape, your perimeter has all but vanished. A single zero-day exploit against a vendor can cripple your own operations. The BeyondTrust response, while remarkably swift, underscores this harsh reality.
“Discovered on December 2nd, the BeyondTrust hack saw the root cause identified by December 5th, leading to the emergence of two CVEs. Clients were notified on December 8th, and a patch was released by December 18th. Recent reports attribute the attack to Chinese actors.
“Sixteen days from discovery to mitigation, patching, disclosure, and attribution is impressive. However, this speed doesn’t negate the fundamental problem: their zero-days are your problem. While BeyondTrust acted quickly, the attackers likely exfiltrated data long before the patch was available. In smash-and-grab operations like this, data theft doesn’t take 16 days.
“As we enter 2025, one prediction is unavoidable: Network Detection and Response (NDR) must become a cornerstone of both internal security and third-party risk management. It’s the clearest way to detect anomalous activity across the enterprise. Further, until defenders gain advanced warning of the exploits attackers wield, the playing field remains tilted sharply in the attackers’ favour.”
Given that this is the latest cybersecurity incident tied to China, it is becoming clear that they need to be held accountable for their actions in some way, shape or form. But at the same time, we need to do a better job of defending against them so that they are less of a threat than they are now.
Founder And CEO Of Other World Computing Gives His Predictions For 2025
Posted in Commentary with tags OWC on December 31, 2024 by itnerdAs 2024 wraps up, we’ve seen tech trends like AI, data management, and performance tools evolve in exciting ways. Looking ahead to 2025, Larry O’Connor, Founder and CEO of Other World Computing (OWC), has made some bold predictions about how businesses and creatives will approach these technologies in the future:
Prediction 1: The Return of On-Prem Data, Compute, and Backup to Improve Performance, Strengthen Security, and Control Costs
On-premises data storage and computing will become increasingly essential as companies prioritize security, performance, and financial control. With rising costs and growing vulnerabilities in the cloud, organizations and individual operators are increasingly moving back to on-prem solutions as the primary strategy for secure data management. Storing confidential data locally not only cuts costs and improves access speed but also greatly reduces the risk of exposure to large-scale breaches, making it a safer choice over public cloud options. Local data storage, especially in the case of smaller businesses, is a far less attractive target for cyber-attacks, offering a crucial security layer that cloud solutions cannot match. While the cloud can still play a role as an add-on or tertiary backup for external data sharing or less critical uses, on-prem data and computing are now the must-have strategy, with the cloud as a “nice to have” or specific use application in the mix.
“The cost of cloud storage in particular has gone from nearly given away to becoming significantly expensive. The freebies that drew people in have been slowly but surely pulled away and with a growing cost to the storage. I have spoken to some in the service space that a decade ago got into the business of driving customers to cloud storage services who are now finding good business driving them back to on prem.”
“It’s not that these distributed storage providers do not offer value – but it’s all about the right services for the right need.”
“There’s no reason to depend on the cloud for all or even a majority of your data needs. It’s not cost-effective to do so vs. easy-to-deploy, faster, on-prem options. The cloud also requires and costs you bandwidth, and also time.”
“If your confidential data is on the cloud, you obviously have a greater risk of being part of a massive, large-scale breach… It’s less of a risk to use the cloud for external data sharing but not for corporate infrastructure. Keeping your data local, as a smaller target, is often more secure.”
“The cloud for backup really should be tertiary, in my humble opinion, whereas having a good backup strategy locally is going to be more cost-effective and give you much greater accessibility. If something goes down locally and you need to recover, it’s faster and more convenient if you do so locally, rather than having to pull it off the cloud.”
Prediction 2: The Rise of On-Prem AI for Democratization and IP Protection
Bringing AI capabilities on-premises allows more businesses, especially smaller ones that may not have the budget for extensive cloud-based AI, to benefit from powerful data processing and analysis tools. Having AI on-site also plays a crucial role in protecting a company’s intellectual property (IP). When AI is run locally, sensitive and proprietary data – such as customer insights, unique algorithms, and business strategies – stays within the company’s secure environment, reducing the risk of exposure or leakage that can happen when data is sent to and processed in the cloud – i.e., avoiding “data bleed” where proprietary information could unintentionally enhance third-party models or be accessed intentionally by external entities.
“On-prem AI will democratize some of the AI learning and capabilities that smaller businesses and institutions will have access to. AI in the cloud is already really expensive.”
“Having on-prem AI means that your data and IP gets to stay on-prem… There’s not one bit of risk that there’s any bleed-over from the datasets you provide for AI, ultimately helping other systems and potentially competitors learn and benefit from your private data and knowledge. You also have an ongoing benefit, not a forever cost expenditure.”
Prediction 3: The Performance Gap Between Locally Operated Systems and Cloud-Dependent Solutions Will Continue to Expand
Higher-performance desktop storage and local networking is going to create a larger gap versus network-dependent data needs. For those that benefit from higher performance at their working location – for editing, ingest, backup, you name it – the advent of Thunderbolt 5 and continued improvements in Thunderbolt 3/4 40Gb/s capabilities on the latest crop and future Mac and PC/Windows systems means local data and interface capabilities have never been better.
“When you are able to operate locally with interface speeds, on plug and play cabling or networking, at up to 7000MB/s vs. a typical at best of 100MB/s (1/70th the speed), suddenly you’re feeling even more so the drag of remote cloud dependency vs. what you can do internally and now externally on your system.”
“Complex data sets, high-resolution imagery, video – all of these things can be manipulated and processed more and more efficiently on a local level with the cloud being a good distribution vector for the final works versus the raw.”
“The sheer improvements of the last few years and the leapfrog/jump of this recently with Thunderbolt 5 gives all of us great options for how we get it done on-site and how we balance the benefits of cloud capabilities for share and distribution as needed. When it takes longer to upload and then download a large data set site to site versus duplicating to a fast drive and shipping it… and for a far lower cost…. It’s all about finding the best fit and using all the available technologies for the workflow a given user/company finds best for them.”
Leave a comment »