Connect with us

CyberSecurity

Microsoft and Its Industry Partners Secure Key Domain Used in the SolarWinds Hack

Published

on

Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack. Mobile devices continue their march toward becoming powerful productivity machines. But they are also major security risks if they aren’t managed properly. We look at the latest wisdom and best practices for securing the mobile workforce. The domain in question is avsvmcloud[.]com, which served as a command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company’s Orion app. At the time of their release between March 2020 and June 2020, the SolarWinds Orion versions 2019.4 through 2020.2.1 contained a strain of malware named SUNBURST (also known as Solorigate).

Takedown to stop last-minute attempts to hack

The recent sinkholeing of avsvmcloud[.]com by a coalition of tech companies transferred the domain ownership to Microsoft. Sources familiar with today’s actions described the takedown as “protective work” done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers. Despite the SolarWinds breach becoming public on Sunday, the SUNBURST operators could still deploy additional malware payloads on the networks of companies that failed to update their Orion applications and still had the SUNBURST malware installed on their network. SolarWinds estimated on Monday that over 18,000 customers have installed the trojanized Orion app update, and most likely have the first-stage SUNBURST malware. Nonetheless, the hackers do not seem to have exploited all these systems and have only targeted a small number of carefully-planned intrusions into the networks of high-profile targets. The report was attributed to US security firm Symantec, which said that it discovered SUNBURST malware on the internal networks of 100 of its customers, although it did not observe any second-stage payloads or network escalation activity. According to Reuters, who confirmed the report with independent sources, many companies that installed the trojanized Orion app update did not find evidence of any further activity and escalation from the malware, confirming that hackers primarily targeted big-name companies.

Since Sunday, when the SolarWinds hack came to light, the number of confirmed victims has grown to include:

  • US cybersecurity firm FireEye
  • The US Treasury Department
  • The US Department of Commerce’s National Telecommunications and Information Administration (NTIA)
  • The Department of Health’s National Institutes of Health (NIH)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The Department of Homeland Security (DHS)
  • The US Department of State

Sinkholing operations are underway to discover all victims.

Currently, the avsvmcloud[.]com domain redirects to an IP address owned by Microsoft, with Microsoft and its partners receiving beacons from all the systems where the trojanized SolarWinds app has been installed.

The technique, known as sinkholing, is allowing Microsoft and its partners to compile an extensive list of infected victims, which they plan to use to notify all affected companies and government agencies.

“This is not the first time a domain associated with malware has been seized by international law enforcement and even by a provider,” ExtraHop CTO Jesse Rothstein told ZDNet in an email, referring to Microsoft’s previous takedown and sinkholing efforts against the Necurs and TrickBot botnets. Ongoing takedown and sinkholing efforts also involve the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, which is trying to pinpoint other US government agencies that may have been compromised. As SolarWinds has a large US government customer base, the government has declared the security crisis a national security emergency. On Thursday, the White House held a rare meeting of the US National Security Council to discuss the hack and its repercussions. Indicators of compromise and instructions on how to discover and deal with a SUNBURST malware infection are available from Microsoft, FireEye, and CISA.

Once installed, the malware would remain dormant in a computer for 12 to 14 days and then attempt to ping a subdomain of avsvmcloud[.]com. FireEye found that a C&C domain would issue a DNS reply that contains a CNAME field with information on another domain from which the SUNBURST malware can obtain additional instructions and execute additional payloads on an infected company’s network.

CyberSecurity

Cybersecurity, Could this be Your Chance to Get in?

Published

on

Cybersecurity is becoming an increasingly essential part of business

See the source imageThe significance of the cybersecurity capabilities of Russia is mission-critical, according to President Biden. “That it is approaching.” An FBI advisory notice also advised Russian intelligence services to scan various networks for vulnerabilities to use as a step for potential future invasions. Of course, businesses need to increase spending on cyber defense in light of the need for national security and the anxiety caused by the release of Colonial Pipeline and Solarwinds (SWI) insider information. Among solutions offered are cloud-based options that include Crowdstrike (CRWD), ZScaler (ZS), and Okta (OKTA) as well as consumer-focused choices like NortonLifelock (NLOK) and Fortinet (FTNT). Further, major conglomerates like Amazon (AMZN), Microsoft (MSFT), and Cisco (CSCO) have subsidiaries that concentrate on networking protection after possible breaches of security.

 

We believe the cyber security industry led by key names such as Palo Alto, Zscaler, Crowdstrike, Sentinel One, Check Point, Palantir, CyberArk, Tenable has been on the front lines proactively guarding from Russian cyber attacks and has been very successful; bullish for sector

— Dan Ives (@DivesTech) March 18, 2022

Notwithstanding the tumult resulting from the Russian invasion of Ukraine, a tried-and-true pick for the rest of 2022 is Palo Alto Networks (PANW). Incorporated in 2018, it offers a winning combination of strong financial health, evident growth, and a firm focus squarely on the cybersecurity domain, which has all the earmarks of a long-term investment.

Staying safe at home and keeping your Families Cybersecurity in mind.

See the source imageA major plotline of the modern economy after seeing the coronavirus years has been the shift to a work-at-home lifestyle. According to Pew Research, more than two-thirds of American workers took up remote work to do after the epidemic, with more than half hoping to continue in this setting. While this increases convenience for employees, it creates a headache for security industry professionals. “Employees increasingly require easy access to IT resources,” IT consulting firm Flint noted in a recent report. Currently, companies gaining a distinction in the marketplace must be most interested in providing business solutions rather than just consumer solutions. And for sure, a number of consumer-oriented companies aren’t faring well, when Symantec encountered difficulties as it attempted to buy Avast (AVASF).

“We think strong security demand should remain durable through ’22 and, as a result, security stocks provide better opportunities for relative outperformance vs. broader software.” In a recent note, Morgan Stanley analyst Hamza Fodderwala summed up the industry action.

Adaptive systems and innovations being developed to safeguard sensitive data are likely to stay a consistent and current priority in the foreseeable future, furthering intended budget cuts.

Discover the Many Reasons to Love Palo Alto

See the source imageAmong the choices available, there are numerous ways for investors to invest. Crowdstrike, Zscaler, and Okta are not investments to abandon. By all means, they will each gain from these overarching trends. But there is also an issue with respect to how much these niche services may succeed in valuations, considering that three of these mega services have trended more toward the high-end of the expected earnings growth rate. Dan Ives mentioned (Palo Alto) as “a table pounder” during his CNBC interview. Ives viewed (Palo Alto) as “a table pounder.” Palo’s strong balance sheet earned him high praise. Management attributed the sales increase to positive changes in the company’s income, particularly 20 in the last quarter, and to significant increases in its free cash flow, which was up to $441 million on a 33% profit margin. Clearly, there is a frugal trend of companies in harnessing profitability that has been holding other firms back. Palo Alto places an emphasis on maintaining a market-leading performance standard even as growth continues. Nikesh Arora, CEO of Nikesh Holdings, mentioned this ideal in the firm’s most recent earnings report.

Yet another outstanding quarter in Palo Alto, California, led by outstanding broad-spectrum performance, was led by 70 y er old annual recurring revenue (ARR) growth and hardware sales that are yet to surmount supply-chain difficulties as the company takes share on surging demand.

Two recent studies by Mistic Systems and Crowdstrike likewise appear to be strong, with each meeting Interlock’s own Stephen “Sarge” Guilfoyle’s standards for balance sheets and earnings of late. Nonetheless, I don’t think Sarge would assert that Palo Alto is the sturdiest among the group.

Considerably above the current market valuation, it seems prudent even though the current market varies and appears likely to continue to be able to demonstrate healthy profitability metrics for the foreseeable future. For a defensive-minded name in security that likewise offers an investor significant upside, Palo Alto appears an easy top pick even at all-time highs. Palo Alto appears an easy-to-read pick even at the top margin because of its healthcare sector’s defensive mindset and substantial profit potential.

About Palo Alto

See the source imagePalo Alto, California-based cybersecurity company Check Point Software Technologies Ltd. was founded in 1998 by a team of entrepreneurs led by Dr. Shmuel Hauser, who is currently its chairman and chief executive officer (CEO). The company provides cyber security solutions to corporate and government customers worldwide. In the early days of its development, the company received significant investment from Microsoft Corporation and Intel Corporation. After years of growth and innovation, Check Point entered into an agreement with IBM to create an alliance that would combine the strengths of their two companies in the cybersecurity market. In 2013, Check Point acquired Israeli cyber security startup ZoneAlarm for $1 billion.

Continue Reading

CyberSecurity

Top 10 in-demand cybersecurity skills for 2021

Published

on

Top 10 in-demand cybersecurity skills for 2021

Jimmy Sanders has a long list of work to do, so he wants a security team that can handle the multitude of tasks ahead – from advancing his company’s zero-trust security strategy to securing its cloud deployments to deploying machine learning solutions. Team members must be able to do all that at scale, as well as shift gears and upskill as quickly as business needs shift, technology evolves and security risks change. In fact, Sanders puts “comfortable with change” as one of the most in-demand skills for 2021, alongside internal drive and the ability to be self-directed with work. It’s a lot, he admits.

“The people who can do all that is in super high demand,” says Sanders, head of security for Netflix DVD and president of the San Francisco chapter of the Information Systems Security Association (ISSA).

Indeed, the demand for cybersecurity talent continues to outpace supply. A July 2020 report from the ISSA and the Enterprise Strategy Group (ESG) found that 70% of ISSA members believe the global cybersecurity skills shortage has impacted their organization, while the 2020 (ISC)2 Cybersecurity Workforce Study found that 64% of responding security professionals experienced skills shortages within their own organizations. Such statistics only tell part of the story, though. Security leaders say there’s not only a shortage in the number of qualified people working in the field, but it’s also challenging to find the needed skills among the existing pool of security professionals. That’s not surprising, considering the lengthy list of desired skills needed today. In fact, security professionals need more than a single certification or even experience with a few key tools. Increasingly, they need the right combination of multiple security skills alongside technology, business, and interpersonal skills, as security jobs morph into a hybrid of roles that span different disciplines.

“There’s a shift away from people in security who do one thing, and only one thing, well. There are too many threats and too many opportunities for systems to be comprised that you can’t be an effective security professional without a broad base of knowledge,” says Will Markow, managing director of Burning Glass Technologies, a labor market analytics firm, which issued a 2019 report on the hybridization of job roles. The most in-demand security skills for 2021 reflect this trend, with security chiefs saying they need people who can pull together expertise in the various sphere to meet the emerging security and threat environments as well as overall business requirements.

Here are the 10 areas where skills are most in demand for the year ahead — and why:

Risk identification and management

Jorge Rey, CISO for professional services firm Kaufman Rossin, wants security workers who understand both the company and its industry, which is why he values the low turnover rates within his department. He says veteran staffers bring the business insights he needs. And that insight, when combined with technical acumen and cybersecurity experience, helps them identify which threats pose the greatest risks to their company so they can effectively allocate limited resources to deliver the best protection.

“The best way to mitigate threats is to understand the risk,” he says, “so we need people versed on governance and strategy who can then determine the best solutions, who can find the right technology or the right outside provider or build the right capacity in-house.”

Others also put risk management high on their list of desired skills for 2021, with Burning Glass listing it as one of the security skills seeing the fastest growth in demand over the upcoming five years and one that could earn professionals more than $10,000 a year in premium pay.

“CISOs need people who can take a risk-based approach to build a secure digital infrastructure,” Markow adds.

Technical fundamentals

CISOs are also looking for people with overall technical skills, noting that they can’t understand risk and develop security plans for a digital world without understanding the IT components that make up the infrastructure.

“Programming skills, system administration skills, and network skills are all required and necessary to have … because security skills are worthless without foundational knowledge to build upon,” says Matthew Rogers, CISO of tech company Syntax.

Consulting firm PwC likewise identified technology acumen is critical for security professionals, listing knowledge of “digital building blocks” as one of the three critical areas of expertise (digital skills, business acumen, and social skills) needed for an effective security program. As such, Joe Nocera, principal, and leader of the Cyber & Privacy Innovation Institute at PwC say security chiefs want staffers who understand architecture as well as logging, monitoring, identity management, and authentication in addition to expertise around specific business and security solutions. Jack O’Meara, a veteran CISO now serving as a director on the cybersecurity solutions team at Guidehouse, a tech advisory, and outsourcing firm, agrees. “I want to make sure people have hands-on expertise for the specific technologies I’m deploying. They have to have an understanding of how the technology works because if they don’t, they’re never going to understand how an attacker can exploit it,” he says.

Data management and analysis

The security department is one of the biggest generators of data within the enterprise, and in many organizations, it’s becoming one of the biggest consumers of data, too, as it seeks to use the information to drive more effective and efficient protection strategies.

“They’re looking to make sense of the massive amounts of data they have, and the tools only go so far,” says Brandon S. Dunlap, a leading partner for security and risk management at the tech research firm Gartner, adding that he’s seeing more CISOs hire data scientists, data engineers, and data officers.

DevSecOps

Organizations are increasingly moving beyond DevOps to DevSecOps, seeking to add security considerations into the application design and development phase to ensure more secure apps. That requires security people with development and operations knowledge and experience.

“We’ve learned over the past few years that where security risk really sits is in the application itself, so we need to have the software developed with security integrated right from the start,” says Jeffrey Weber, executive director of the IT staffing firm Robert Half Technology. Burning Glass lists application development security as the No. 1 fastest-growing skill, with expected demand to increase 164% over the next five years.

Cloud

The widescale adoption of cloud, and especially the increasing embrace of a multi-cloud strategy, has increased the demand for security workers who are experienced in cloud deployments and can marry that with the enterprise security strategy. Rey, for example, says he wants team members with expertise on one or more of the public cloud platforms (AWS, Azure, Google) as well as private cloud architecture. “When I think about cloud security, it requires a bit of knowledge about everything; it’s about developing a secure network within a cloud environment,” he says.

Automation

In its 2020 report, The Life and Times of Cybersecurity Professionals, ESG says enterprise security can use automation to help address the cybersecurity skills shortage. Experts concur, explaining that automating repetitive tasks creates efficiencies and boosts effectiveness while shifting valuable employee time to the complex work that only humans can do. Automating security functions, though, requires security workers skilled in actually implementing automation solutions. Rey is among the CISOs who believe automation can help close the skills gap, saying that automation skills “should be embedded in anyone who is in IT or security.” He wants people who are able to identify tasks that can be automated as well as can do the automation itself, using Python, PowerShell, and other scripting languages to make it happen.

Threat hunting

Threat hunting is a relatively new security strategy that is gaining widescale traction. According to a 2020 survey from security solutions maker DomainTools, 93% of organizations said threat hunting should be a top security initiative to provide early detection and reduce risk. The growing interest in, and implementation of, threat hunting practices is driving demand for the right combination of skills needed to do the job. Burning Glass lists it as the No. 4 fastest-growing in-demand skill. Rick McElroy, the principal cybersecurity strategist at security tech company VMware Carbon Black, says it takes analytics skills, understanding of the MITRE ATT&CK framework or other such methodologies, knowledge of the enterprise technology stack (so “they can tell when something ‘wonky’ is happening”) and intellectual curiosity to probe for problems. “They have to think like an attacker; they have to wonder, ‘How would an attacker bypass my defenses?’” McElroy says.

Interpersonal skills

The cybersecurity function has become not only more critical with the rise of the digital economy, it has become more prominent as well. That puts security professionals in front of the C-suite, board members, and employees with greater frequency. So, they must be able to collaborate, communicate, and consult with these various stakeholders, making those and other interpersonal skills a hot commodity. “It’s almost a sales function, to be able to present to all different levels of the organization to impress upon them what they need to do to protect the organization,” says Gary Todd, associate director of cybersecurity for the energy firm PNM Resources.

Business acumen

HP CISO Joanna McDaniel Burkey wants workers who understand the business, who speak in business terms, and view themselves as business people as well as technologists. She says security professionals need such skills so they can help manage risk, which is the prime objective for the modern security team. Security professionals must help their organizations balance security with costs, market demands, and other business metrics. “I talk about it as ‘polarities to manage’ versus trade-offs,” she says. “We need to see both sides of issues, we need to put ourselves in their shoes, so we can co-create well with stakeholders.”

Agility

According to the 2020 (ISC)² workforce study, 30% of respondents saw their organizations move to a remote workforce in just one day as a result of the COVID-19 pandemic, while another 47% had just several days to a week to make the shift (only 16% had more than a week.) Experts don’t anticipate such rapid workplace transformations to become the norm, but they do expect the pace of technology and business changes to continue accelerating. Security needs to keep up. “COVID brought in a whole new set of scams and attacks and way of working,” says E.J. Widun, who as CTO of Oakland County, Mich., works with the security team. “COVID showed we need people with the ability to adapt, and to adapt fast.”

Continue Reading

CyberSecurity

Did social media actually counter election misinformation?

Published

on

Ahead of the election, Facebook, Twitter, and YouTube promised to clamp down on election misinformation, including unsubstantiated charges of fraud and premature declarations of victory by candidates. And they mostly did just that — though not without a few hiccups.

But overall their measures still didn’t really address the problems exposed by the 2020 U.S. presidential contest, critics of the social platforms contend.

“We’re seeing exactly what we expected, which is not enough, especially in the case of Facebook,” said Shannon McGregor, an assistant professor of journalism and media at the University of North Carolina.

One big test emerged early Wednesday morning as vote-counting continued in battleground states including Wisconsin, Michigan, and Pennsylvania. President Donald Trump made a White House appearance before cheering supporters, declaring he would challenge the poll results. He also posted misleading statements about the election on Facebook and Twitter, following months of signaling his unfounded doubts about expanded mail-in voting and his desire for final election results when polls closed on Nov. 3.

So what did tech companies do about it? For the most part, what they said they would, which primarily meant labeling false or misleading election posts in order to point users to reliable information. In Twitter’s case, that sometimes meant obscuring the offending posts, forcing readers to click through warnings to see them, and limiting the ability to share them.

The video-sharing app TikTok, popular with young people, said it pulled down some videos Wednesday from high-profile accounts that were making election fraud allegations, saying they violated the app’s policies on misleading information. For Facebook and YouTube, it mostly meant attaching authoritative information to election-related posts.

For instance, Google-owned YouTube showed a video of Trump’s White House remarks suggesting fraud and premature victories, just as some traditional news channels did. But Google placed an “information panel” beneath the videos noting that election results may not be final and linking to Google’s election results page with additional information.

“They’re just appending this little label to the president’s posts, but they’re appending those to any politician talking about the election,” said McGregor, who blamed both the tech giants and traditional media outlets for shirking their responsibility to curb the spread of misinformation about the election results instead of amplifying a falsehood just because the president said it.

“Allowing any false claim to spread can lead more people to accept it once it’s there,” she said.

Trump wasn’t alone in attracting such labels. Republican U.S. Sen. Thom Tillis got a label on Twitter for declaring a premature reelection victory in North Carolina. The same thing happened to a Democratic official claiming that former Vice President Joe Biden had won Wisconsin.

The flurry of Trump’s claims that began early Wednesday morning continued after the sun rose over Washington. By late morning, Trump was tweeting an unfounded complaint that his early lead in some states seemed to “magically disappear” as the night went on and more ballots were counted.

Twitter quickly slapped that with a warning that said “some or all of the content shared in this Tweet is disputed and might be misleading about an election or other civic process.” It was among a series of such warnings Twitter applied to Trump tweets Wednesday, which makes it harder for viewers to see the posts without first reading the warning.

Much of the slowdown in the tabulation of results had been widely forecasted for months because the coronavirus pandemic led many states to make it easier to vote by mail, and millions chose to do so rather than venturing out to cast ballots in person. Mail ballots can take longer to process than ballots cast at polling places.

In a Sept. 3 post, Facebook CEO Mark Zuckerberg said that if a candidate or campaign tries to declare victory before the results are in, the social network would label their post to note that official results are not yet in and direct people to the official results.

But Facebook limited that policy to official candidates and campaigns declaring premature victory in the overall election. Posts that declared premature victory in specific states were flagged with a general notification about where to find election information but not warnings that the information was false or misleading.

Facebook also issued a blanket statement on the top of Facebook and Instagram feeds on Wednesday noting that the votes for the U.S. presidential election are still being counted.

Twitter was a bit more proactive. Based on its “ civic integrity policy,” implemented last month, Twitter said it would label and reduce the visibility of Tweets containing “false or misleading information about civic processes” in order to provide more context. It labeled Trump’s tweets declaring premature victory as well as claims from Trump and others about premature victory in specific states.

The Twitter and Facebook actions were a step in the right direction, but not that effective — particularly in Twitter’s case, said Jennifer Grygiel, a professor at Syracuse University and social media expert.

That’s because tweets from major figures can get almost instant traction, Grygiel said. So even though Twitter labeled Trump’s tweets about “being up big,” and votes being cast after polls closed and others, by the time the label appeared, several minutes after the tweet, the misinformation had already spread. One Wednesday Trump tweet falsely complaining that vote-counters were “working hard” to make his lead in the Pennsylvania count “disappear” wasn’t labeled for more than 15 minutes and was not obscured.

“Twitter can’t really enforce policies if they don’t do it before it happens, in the case of the president,” Grygiel said. “When a tweet hits the wire, essentially, it goes public. It already brings this full force of impact of market reaction.”

Grygiel suggested that for prominent figures like Trump, Twitter could pre-moderate posts by delaying publication until a human moderator can decide whether it needs a label. That means flagged tweets would publish with a label, making it more difficult to spread unlabeled misinformation, especially during important events like the election.

This is less of an issue on Facebook or YouTube, where people are less likely to interact with posts in real-time. YouTube could become more of an issue over the next few days, Grygiel suggested, if Trump’s false claims are adopted by YouTubers who are analyzing the election.

“Generally, platforms have policies in place that are an attempt to do something, but at the end of the day it proved to be pretty ineffective,” Grygiel said. “The president felt empowered to make claims.”

Continue Reading

Trending