Cyber Defense eMagazine December 2019
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
108<br />
Drive, AWS, Office 365, etc. It used to be the case that you could generally trust a link<br />
like “docs.google.com” and generally distrust a link like “byg7fewiuv347vscdahgf7vt832.com,” but this is<br />
no longer the case, as attackers are increasingly using Google Docs and Office 365 to launch attacks.<br />
A great example of this is the 2016 election hacking wherein much of the compromise originated by<br />
stealing passwords via a fake Gmail page. This type of attack, referred to as cache poisoning or DNS<br />
(Domain Name System) hijacking, exploits vulnerabilities in the DNS to reroute traffic from legitimate<br />
servers, among other things. Research indicates there has been a strong emergence of similar DNS<br />
attacks in recent years, from rerouting and intercepting email, to stealing cryptocurrencies, and so on.<br />
Now imagine what an intern or volunteer with a legitimate inside account could do, such as setting up a<br />
fake website to reroute unsuspecting traffic. That would likely be far more difficult to discover or<br />
investigate than the Clinton incident was, but it’s a very real threat we must entertain.<br />
This raises difficult questions about trust. Organizations need to really understand that their networks,<br />
whether self-managed or outsourced, are not only no-trust, they’re likely hostile. We need to be honest<br />
about these realities because doing so allows us to develop a plan for remediating potential risks and<br />
threats. Ideally, organizations will have safeguards in place to ensure people or computers can only<br />
access information they truly have the appropriate trust level for; those trust levels are granularly defined;<br />
the controls are configured conservatively; and the controls work perfectly.<br />
Of course, recognizing these hidden or seemingly trusted threats can be nearly impossible to achieve,<br />
even for mature organizations. As such, monitoring and auditing for every user, device and application –<br />
whether managed or unmanaged – is paramount. Being able to quickly detect and understand the intent<br />
of every threat allows teams to respond accordingly. If all resources in a high-risk network aren’t<br />
monitored for appropriate behavior and information access patterns, your next breach may come sooner<br />
than expected.<br />
About the Author<br />
Gary Golomb is co-founder and chief scientist of Awake Security. He<br />
previously served in the United States Marines 2nd Force Reconnaissance<br />
Company. Gary can be reached online on LinkedIn and at<br />
https://awakesecurity.com.