Monday, May 23, 2016

The Failed Decision of Weaponizing Drones

There comes a time in a decision-making process where you end up standing miles away from where you thought the answer to your initial decision was going to take you. It’s not a sudden thing and ends up slowly moving you away from where you thought you would have been before the decision. It’s like turning around, seeing where you started miles away in the distance, and not realizing how or when you got where you’re standing.

I feel many times this is how the American public feels about drone warfare. At what point did we have this technology turn into something of surveillance during times of true war, to a personal squad of borderless and warrantless killing machines? When did we accept the right to become judge, jury and executioner in a conflict that we’re not only fighting in, but also antagonizing?  When will we realize that by destroying tribes of people in an unsanctioned war we’re not making our lives any easier, but only swatting the hive for future attacks?

The “table-turning test” is a true example of eating your own ethical dog food. If we had people within our borders attempting to do other countries harm in a physically way, but were melted from the sky by a third party country before they were able to, America would cause a full out war.  I understand the need to protect our country, I understand the love of one’s country and wanting to defend it, but I still can’t understand the murder that we’re causing across the globe without a second thought. By loving one's country we should be concerned on how we deal with conflict in general and not just trying to eliminate conflict with more aggression.

At what point in time will the American public look back and realize that not only are foreign enemies being targeted, but anyone who’s considered an enemy of the state? With mass surveillance already in place the next natural step to keep order and monitor to civilians would be by using an unseen force that can be deployed from anywhere, to anyplace and without detection. My concern is that future of this type of mindset, the assassination of enemies with technology without thinking twice, would continue to dredge down to a local level. I know there’s been talk about protecting civilians from this type of abuse, but that’s only because they know how far an idea can spin away from them. If this happens the American public will turn around looking for their initial answer to their decision on drone warfare and instead of seeing in the distance where they started from, they’ll only see the charred earth of their starting point.  



Tuesday, May 3, 2016

Data Deception As A Defense

Let’s get something out before we start here – Deception isn’t an active blocking technology. It’s not going to stop attackers from breaking into your network and it sure isn’t going to proactively stop attacks from occurring. With that being said, you need it, maybe more than ever. Why is that? Because your defenses aren’t working and by using deception in your network it gives you the best opportunity to control the damage post-breach. With deception, you write the rules and lay traps for attackers as they actively scour for your data. It’s much harder to bypass deceptive technology when the decoys mimic genuine data or systems. The bad guys only have to mess up once and the trap is sprung.
We see attackers use deception all the time: spoofing, stolen accounts, phishing, rootkits, etc  (to name a few), so why aren’t we doing similar tactics to confuse and misdirect them from stealing our data? There are many different types of deception, but for this article we’re focusing on data deception. In order to lay a trap for an attacker using deception in your data you must first understand your data. The first rule of deception is laying a trap that looks real. If the decoys don’t look genuine you’re not fooling anyone and this will spook experienced attackers to hide deeper in your network. If you’re using deception to protect data you need to ask yourself these three questions before laying decoys:
  1. What is your sensitive data?
  2. Where is your sensitive data?
  3. Who has access to sensitive data?
Read more of my article on IdentityFinder's blog and get a better understanding of how to use data deception to protect your assets: http://www.identityfinder.com/blog/attackers-dont-play-fair-neither-should-you/#more-1601

Friday, April 29, 2016

Using Geo IP Data to Tighten Rulesets

The ability to geo-block countries is a great way to limit malicious requests from entering your network or at the very least reduce the footprint of attack from the internet – it’s a great tool to keep in your security tool box. Take a look at my article for Algosec on using GeoIP data in your firewall to tighten rulesets and increase security. 

http://blog.algosec.com/2016/04/using-geo-ip-data-tighten-firewall-rulesets.html

Tuesday, April 12, 2016

TeslaCrypt Still on the Rise

We’ve seen the explosion of ransomware over the past year and it’s showing no signs of stopping anytime soon. Cyber extortionists are not only flocking to this method, they’re evolving it to fit their malicious needs. This is the reason we’ve seen multiple iterations of TeslaCrypt being produced, with each copy being independently developed by another group, to fit the needs of the particular developers or their clients.  You can find everything you need regarding TeslaCrypt in this well written blog post: http://soft2secure.com/knowledgebase/teslacrypt-3-0

With TeslaCrypt being used as a standard in many ways, it’s interesting to see how malicious developers have countered each version of TeslaCrypt to advance their malware with new “features”. These new features allow for the malware to: evade anti-virus, ransom files with better encryption, include additional file types, etc. As the opportunity exists for attackers to make money from this threat we’ll continue to see ransomware infect our networks. I personally don’t think this will be the end of their features and I’m concerned that we’ll start seeing other “data” or “access” ransomed in the near future.  Once the bad guys see a successful way to make money they evolve it, just like they do their tools, to fit their needs. We’re only seeing the tip of the iceberg with TeslaCrypt and other just like it. 

With this being said, the best way not to fall victim to this attack is backing up your files on a regular basis. If you have a recent backup of your data there’s no need to pay someone to get it back. Please, consider backing up your files. A service like SpiderOak is great for this type of “unmapped” backup, where new data is copied up to the cloud for backup right away. If you read the above article you’ll know that mapped drives are part of what TeslaCrypt and other ransomware variants crawl into right away. 

Ransomware is showing no signs of slowing, but if we back up our data, patch our systems and use some common sense with clicking links, we can limit it to an extent. As soon as it’s no longer viable for criminals to make money off this scheme, they’ll move on. It’s up to us to dissuade them.

Friday, April 8, 2016

Why Patching Will Never Get Old

I was asked to participate in Heimdal Security's "Round Up" of experts as to why "Software Patching is Key for Your Online Security". It's something overlooked by many as a first line of defense to protect systems from vulnerabilities.

You can read the responses from all contributors here: https://heimdalsecurity.com/blog/expert-roundup-software-patching/

Thursday, April 7, 2016

WhatsApp Encrypts 1 Billion Users and Promptly Drops Mic

In attempts to find an analogy of the sheer amount of encrypted users using end-to-end encryption of phone, video, chat and images using WhatsApp, I came across this statistic:


That's right, it would take 32 years to count the amount of users (today) that now have  end-to-end encryption using WhatsApp. That's freaking huge. 

I think we'll all remember the Apple vs FBI case as the spark that lite the fire, but in reality the work being done behind the scenes at WhatsApp took place long before the FBI bungled the San Bernardino iPhone. There has been a steady increase in encryption being pushed down to the consumer level, mainly due to privacy concerns with the mistrust of governments and organizations handling data, that has fueled this effort to become commonplace. 

What many will see is the FBI cracking one iPhone and WhatsApp turning on encryption two weeks later for 1 billion users. I don't think this was due to this case alone (the sheer design change would be massive), but needless to say, it didn't help. Once hearing this I can honestly say that I downloaded the app for the first time and will use it along side Whisper Systems, Signal App, for increased privacy and security. 

When thinking about the government requesting data from WhatsApp after encryption being enabled end-to-end, especially after they were starting to focus their attention on them previously, all I could think of was this GIF:
 

via GIPHY

Wednesday, April 6, 2016

How to Defend Your Network Against Ransomware

We've all seen the recent headlines of the sheer destruction that ransomware can bring upon your network, but we haven't seen many tips on defending against it. With many companies paying the ransom to criminals after being infected, it's only promoting them to use it more. If they weren't making money off this scheme they won't be using it, but unfortunately they are.

What I'd like to do with this article is spread some common sense in defending against ransomware and ways to assist with mitigating it once it's in your network. Here's the article I wrote for Tripwire explaining a few methods, since everything we do in security is based on layers, there's not a single defense that's going to stop ransomware by itself.

http://www.tripwire.com/state-of-security/incident-detection/creating-a-malwarerasomware-defendable-network/