01.10.2021 Views

Cyber Defense eMagazine October Edition for 2021

Cyber Defense eMagazine October Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, International Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES #CYBERSECURITYAWARENESSMONTH

Cyber Defense eMagazine October Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, International Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES #CYBERSECURITYAWARENESSMONTH

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

The Top 6 Cyber Attacks Of 2021 So Far

Source Code Protection Market

Intercepting data traffic via iPhone

Is the Edge Really Secure?

…and much more…

Cyber Defense eMagazineOctober 2021 Edition 1

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


CONTENTS

Welcome to CDM’s October 2021 Issue -------------------------------------------------------------------------------------------- 6

The Top 6 Cyber Attacks Of 2021 So Far ------------------------------------------------------------------------------- 34

By Nicole Allen, Marketing Executive, Salt Communications.

Source Code Protection Market ----------------------------------------------------------------------------------------- 39

By Marta Przybylska, Marketing Manager, GitProtect.io / Xopero Software

How to Close the Security Gap Between Identity and Access Management (IAM) and Shared Accounts

----------------------------------------------------------------------------------------------------------------------------------- 42

By Maurice Côté, Vice President of Business Solutions, Devolutions

Intercepting data traffic via iPhone ------------------------------------------------------------------------------------ 44

By Jordan Marcus Bonagura

Modern Times, Old Prejudices ------------------------------------------------------------------------------------------- 52

By Jordan Marcus Bonagura

The Brutal Reality of Brute Force Attacks And How To Defend Against Them ------------------------------ 57

By John Nowotny, Customer Success Engineer, Exabeam

Application Modernization and Other Best Practices of Securing Legacy Infrastructures ---------------- 60

By Roman Davydov, Technology Observer, Itransition

Being Mindful of Communication Security --------------------------------------------------------------------------- 64

By James Ryan, Director of Information Security, BISO, IntelePeer

Is the Edge Really Secure? ------------------------------------------------------------------------------------------------ 67

By Chetan Venkatesh, CEO and Co-Founder of Macrometa

Staying Ahead of an Attack Starts with Prioritizing Data Backup ---------------------------------------------- 70

By Mike Wiseman, Vice President, Public Sector, Pure Storage

Making Sure the Lights Don’t Go Out ---------------------------------------------------------------------------------- 73

By Brett Raybould, EMEA Solutions Architect at Menlo Security

Cyber Defense eMagazineOctober 2021 Edition 2

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Protecting SMBs from Current Cybersecurity Threats ------------------------------------------------------------- 76

By Mike Mosher, Director of Technology, Cinch I.T.

Get Ahead of the Game: Packet Capture and Digital Forensic Evidence Collection ------------------------ 79

By Mark Bowling, Vice President of Security Response Services, ExtraHop

Thousands of Fortinet VPN Account Credentials Leaked ---------------------------------------------------------- 83

By Rajiv Pimplaskar, CRO, Veridium

Helping Ports to Elevate Their Cyber Security ------------------------------------------------------------------------ 86

By Gordon Feller

Your Greatest Vulnerability is Your Credentials. It’s Time to Protect Them. --------------------------------- 90

By Carolyn Crandall, Chief Security Advocate, Attivo Networks

Thwarting Today’s Phishing Attacks ----------------------------------------------------------------------------------- 93

By Eyal Benishti, CEO and Founder, IRONSCALES

Misconfigurations Are the Biggest Threat to Cloud Security, Period. ------------------------------------------ 96

By eSentire

Identity Governance Is Everyone’s Responsibility ----------------------------------------------------------------- 100

By Theis Nilsson, vice president of customer success and innovation, Omada

Cyber Defense eMagazineOctober 2021 Edition 3

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


@MILIEFSKY

From the

Publisher…

Dear Friends,

We’ll be celebrating our 10 th Year in business and of our Global InfoSec Awards and as a

Platinum Media Partner of RSA Conference on Feb 7 – 10, 2022 – See You There!

Here at the Publisher’s desk at Cyber Defense Media Group, looking back over nearly 10 years since we first published the

eMagazine, it is encouraging to see the progress we have made in becoming the recognized source of so many valuable

insights into developments in the cybersecurity industry. It is also fulfilling to know that the growth in both the range of

submissions from expert sources, as well as the breadth of our readership, reflect the success of our endeavor.

One of our Cyber Defense Media Group initiatives has been, and continues to be, the Global Infosec Awards program.

Although most of our readers are familiar with the Awards program, let me reiterate some of the reasons you and your

company will want to participate. Detailed information is posted online at

https://cyberdefenseawards.com/global-infosec-awards-2022-apply-today/

I should also mention that applying for an award entry gives you the chance to win an award that would help you bolster your

credibility, but it's not compulsory for you to buy a media package to win an award. Many of the award applicants do take

advantage of special pricing to access the great value of the media support provided by Cyber Defense Media Group.

We are also pleased to announce the launch of Cyber Defense Professionals, an online facility for employers can upload your

trusted jobs for free to invite cyber security job seekers to send to their applications and find their desired jobs.

This valuable new facility is located at https://cyberdefenseprofessionals.com/

With those new announcements, I am pleased to direct your attention to the valuable, actionable information provided by

our contributing authors in this month’s Cyber Defense Magazine.

Wishing you all success in your own cyber endeavors.

Warmest regards,

Gary S.Miliefsky, CISSP®, fmDHS

CEO, Cyber Defense Media Group

Publisher, Cyber Defense Magazine

P.S. When you share a story or an article or information about

CDM, please use #CDM and @CyberDefenseMag and

@Miliefsky – it helps spread the word about our free resources

even more quickly

Cyber Defense eMagazineOctober 2021 Edition 4

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


@CYBERDEFENSEMAG

CYBER DEFENSE eMAGAZINE

Published monthly by the team at Cyber Defense Media Group and

distributed electronically via opt-in Email, HTML, PDF and Online

Flipbook formats.

INTERNATIONAL EDITOR-IN-CHIEF & CO-FOUNDER

Pierluigi Paganini, CEH

Pierluigi.paganini@cyberdefensemagazine.com

InfoSec Knowledge is Power. We will

always strive to provide the latest, most

up to date FREE InfoSec information.

From the International

Editor-in-Chief…

Throughout my past commentary on the need for cooperation and

coordination of regulatory efforts reaching across jurisdictional lines, I have

always emphasized the fact that we must be aware of cybersecurity gaps

and duplications to address.

This month, however, I must comment on a pending action which flies in

the face of this need for the coordinated response to international

cybersecurity challenges.

At this time, there is a move afoot to curb U.S. access to critical data in the

European Union. To be sure, there may be tangential reasons or motives

for this new rule to be floated for commentary and response. But the

prospect of the imposition of a divisive practice appears to undermine

cooperative international efforts to overcome criminals operating from

locations where they are able to perpetrate cybercrimes without fear of

apprehension and punishment.

Support for the proposed rule includes stated concerns about the desire to

have EU laws supersede those of other nations, creating strategic digital

autonomy and proprietary cloud services, and also in part due to fears of

surveillance by others.

But from our perspective, we still believe that criminals simply do not

respect national or regional borders, and this kind of restriction can only

facilitate criminal activities and restrict the kinds of defenses we can better

mount an effective defense together.

As always, we encourage cooperation and compatibility among nations

and international organizations in responding to these cybersecurity and

privacy matters.

To our faithful readers, we thank you,

Pierluigi Paganini

International Editor-in-Chief

US EDITOR-IN-CHIEF

Yan Ross, JD

Yan.Ross@cyberdefensemediagroup.com

ADVERTISING

Marketing Team

marketing@cyberdefensemagazine.com

CONTACT US:

Cyber Defense Magazine

Toll Free: 1-833-844-9468

International: +1-603-280-4451

SKYPE: cyber.defense

http://www.cyberdefensemagazine.com

Copyright © 2021, Cyber Defense Magazine,

a division of CYBER DEFENSE MEDIA GROUP

1717 Pennsylvania Avenue NW, Suite 1025

Washington, D.C. 20006 USA

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

PUBLISHER

Gary S. Miliefsky, CISSP®

Learn more about our founder & publisher at:

http://www.cyberdefensemagazine.com/about-our-founder/

9+ YEARS OF EXCELLENCE!

Providing free information, best practices, tips and

techniques on cybersecurity since 2012, Cyber Defense

magazine is your go-to-source for Information Security.

We’re a proud division of Cyber Defense Media Group:

CYBERDEFENSEMEDIAGROUP.COM

MAGAZINE TV RADIO AWARDS

PROFESSIONALS

VENTURES WEBINARS

CYBERSECURITYMAGAZINE (FOR CONSUMERS)

Cyber Defense eMagazineOctober 2021 Edition 5

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Welcome to CDM’s October 2021 Issue

From the U.S. Editor-in-Chief

Once again, in this month’s issue of Cyber Defense Magazine, we are pleased to include a broad

variety of relevant articles with actionable intelligence from highly knowledgeable cyber professionals.

The range of subjects covered by our contributing authors this month is both broad and indicative of the

many facets of cybersecurity in our global economy and society. We include both immediate responses

to the developing challenges of ransomware exploits and more generalized articles on preparing for the

continued onslaught of cyber-attacks during a period of great uncertainty.

Events of the past month have shown that the 16 elements of our critical infrastructure are fast becoming

the most targeted areas for cyber criminals. In my role as editor, I would renew my call to our readers to

become familiar with the 16 areas of critical infrastructure designated by the Department of Homeland

Security, found at www.dhs.gov. Going forward, activities in these areas will become more and more

important in the world of cybersecurity.

In that context, our articles this month cover a full spectrum of recognition of threats, appropriate

preventive measures, means of assuring resilience and sustainability, and operational aspects of

organizations needing to maintain the confidentiality, accessibility, and integrity of sensitive data.

Wishing you all success in your cybersecurity endeavors,

Yan Ross

US Editor-in-Chief

Cyber Defense Magazine

About the US Editor-in-Chief

Yan Ross, J.D., is a Cybersecurity Journalist & U.S. Editor-in-Chief of Cyber

Defense Magazine. He is an accredited author and educator and has provided

editorial services for award-winning best-selling books on a variety of topics. He

also serves as ICFE's Director of Special Projects, and the author of the

Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As

an accredited educator for over 20 years, Yan addresses risk management in the areas of identity theft, privacy,

and cyber security for consumers and organizations holding sensitive personal information. You can reach him by

e-mail at yan.ross@cyberdefensemediagroup.com

Cyber Defense eMagazineOctober 2021 Edition 6

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 7

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 8

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 9

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 10

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 11

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 12

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 13

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 14

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 15

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 16

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 17

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 18

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 19

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 20

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 21

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 22

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 23

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 24

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 25

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 26

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 27

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 28

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 29

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 30

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 31

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 32

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 33

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


The Top 6 Cyber Attacks Of 2021 So Far

By Nicole Allen, Marketing Executive, Salt Communications.

Cyberattacks have been on the rise for years, and the trend shows no signs of slowing down. To add salt

(no pun intended) to the wound, the COVID-19 pandemic has just made matters worse when it comes to

cybersecurity. Those hoping for reprieve from the growing menace of cybercrime in 2021 will be

disappointed, as the number of attacks continues to rise day by day.

Having completed the first half of 2021, already there have been many major cyberattacks that have

made headlines throughout the world. We have detailed six of the most significant cyberattacks that

occurred in the first half of 2021:

#1 CNA Financial

CNA Financial, one of the US’s top insurance companies, was struck by a "sophisticated cybersecurity

attack" on March 21, 2021. The company's employee and customer services were disrupted for three

days as a result of the cyberattack, which forced the company to shut down "out of an abundance of

caution" to prevent additional compromise.

An attack like this, according to Joshua Motta, CEO of security firm Coalition, is a "horror scenario" that

might result in a hacker gaining access to cyber insurance policyholder data. This information would

provide a hacker with precise knowledge on how much money policyholders are willing to pay out in the

event of a future assault. Typically, ransomware hackers must make educated predictions about how

much a firm can pay to regain access to its data, and a company can always claim that it lacks the funds

— a valuable negotiating chip for the victim. That bargaining chip would be gone with CNA's insurance

data, with hackers having the ability to launch far more effective attacks.

Cyber Defense eMagazineOctober 2021 Edition 34

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


#2 Florida’s water system

A hacker gained unauthorised access to the system controlling a 15,000-person Florida city's water

treatment plant and attempted to contaminate the water supply with a caustic chemical, exposing a threat

cybersecurity experts say has grown as systems have become more computerised and accessible via

the internet.

The hacker who used a remote access application shared by plant personnel to enter the system at the

city of Oldsmar's water treatment plant temporarily boosted the amount of sodium hydroxide by a factor

of one hundred (from 100 parts per million to 11,100 parts per million).

#3 Microsoft Exchange mass cyber attack

Microsoft's popular Exchange mail server service for businesses has been found to have had several

zero-day vulnerabilities. After learning about vulnerabilities, highly-skilled bad actors identified as the

Hafnium gang from China actively attacked four zero-day vulnerabilities in Exchange Server, affecting

millions of Microsoft clients across the world.

Cybercriminals used security flaws to construct a backdoor into Microsoft's corporate clients' networks,

allowing them to inject malware, ransomware, steal patented technical documents, trade secrets, and

other sensitive data. Using the ProxyLogon vulnerability, ransomware rushed in and started

compromising Microsoft Exchange servers. On the evening of March 9th 2021, BleepingComputer

reported on a new piece of file-encrypting malware named DearCry being used in attacks on Exchange

servers.

#4 Airplane Manufacturer Bombardier

Bombardier, a well-known Canadian jet manufacturer, experienced a data breach in February 2021. The

hack exposed the confidential information of suppliers, customers, and approximately 130 Costa Rican

employees. An unauthorised individual had gained access to the data by exploiting a weakness in a thirdparty

file-transfer application, according to the inquiry. The stolen information was then leaked onto a site

which was operated by the Clop ransomware gang.

The faulty software, although not named by Bombardier, has been widely reported as being the Accellion

FTA package. Since the attack on the New Zealand central bank in December 2020, attackers have been

targeting Accellion clients. Some of those targeted, however, discover that stolen material is being

transferred to a dark web site in an apparent attempt to extort money from the companies. The site has

previously been exploited by the Clop ransomware gang in double-dip extortion attempts, according to

FireEye.

Cyber Defense eMagazineOctober 2021 Edition 35

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


#5 Accellion supply chain attack

Between December 2020 and January 2021, Acellion patched various reported vulnerabilities. Accellion,

a security software supplier, had a security leak in their FTA product, exposing the data of many of their

clients to hackers. The Jones Day legal firm, Kroger supermarkets, and Shell Oil corporation, as well as

other government and educational institutions, were among the high-profile customers affected.

The Accellion File Transfer Appliance (FTA) is enterprise-level file transfer software. In December 2020,

FireEye's Mandiant reported that the Clop ransomware group was extorting enterprises by exploiting

previously unknown vulnerabilities in legacy software, threatening to disclose critical data acquired from

vulnerable servers unless a ransom was paid.

The programme was used "to transfer information as part of our customer support system [in] a

segregated DMZ environment," according to the business, but it was kept away from production systems,

codebases, and Qualys Cloud. However, a zero-day vulnerability in third-party software had already been

exploited, and the corporation received an "integrity alert" on December 24 2020 signalling a possible

compromise.

Now in 2021 the reports show Accellion may still not be completely aware of the amount of compromise

connected with these vulnerabilities, based on the company's assertions during the course of 2021.

Furthermore, it is suspected that future reports of Accellion FTA abuse will reveal more firms, sectors,

and countries than previously revealed, based on the number of industries and nations that comprise

Accellion clients.

#6 Channel Nine

A cyber-attack on Australia's Channel Nine TV network had delayed live broadcasts, raising fears about

the country's vulnerability to hackers. Several shows, including Weekend Today, were unable to air on

Sunday 29th March 2021, according to the broadcaster. As soon as the service was discovered, it was

disconnected from the rest of the government's networks as a precaution, and Australia's Cyber Security

Centre were called in to investigate.

The hack was being investigated as "criminal sabotage or the work of a foreign nation," according to

Nine. This isn't the first time a media company has been hacked, and it's certainly not the first time a

foreign power has been involved. In 2013, Chinese hackers attempted to mine the New York Times for

important information, while in 2015, a catastrophic breach that drove a French TV network off the air

appeared to be the work of radicals at first, before being tracked back to Russian hackers.

How to protect your organisation from cyber-attacks as we head further into 2021:

Seeing the devastation that cyber attacks can create should be enough to motivate you to take the

required precautions right away. So, here are some things you can do to strengthen your company's

cyber security framework and keep it safe from cyber threats.

Cyber Defense eMagazineOctober 2021 Edition 36

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Raise Cyber Security Awareness: When it comes to cyber security, uninformed workforce might be a

company's biggest weakness. One of the most efficient strategies to safeguard your company from cyber

attacks is to raise awareness among your staff about current and emerging cyber threats.

Implement a Phishing Incident Response Tool: Educating your employees is only going to get you so far

if you don't give them the tools they need to deal with cyber threats. A phishing incident response tool,

can enable your employees to recognise and report questionable emails right away, decreasing cyber

risks dramatically.

Use a secure communications system: Your best option for managing a cyber threat sensitively would

be to deploy a secure communications system, and provide extensive and ongoing training to your

employees around the importance of that system. Not only would you extinguish the threat of mobile

interception, but would also ensure complete privacy and security when sharing information about other

potential breaches within your organisation. At Salt Communications we work with businesses of all sizes

all around the world to enable them to have secure, confidential discussions wherever they are, at any

time.

While hackers leave digital footprints, they are also cunning, often disguising their traces and staying in

systems for weeks, if not months, before being discovered. When it comes to causing havoc in an

organisation, an encryption assault can be "a near-perfect crime". To disguise their tracks, attackers

frequently delete the decryption keys, leaving their victims with little prospect of recovering the encrypted

material. Protect yourself and your organisation now, before it's too late.

To discuss this article in greater detail with the team, or to sign up for a free trial of Salt Communications

contact us on info@saltcommunications.com or visit our website at saltcommunications.com.

About Salt Communications

Salt Communications is a multi-award winning cyber security company providing a fully enterprisemanaged

software solution giving absolute privacy in mobile communications. It is easy to deploy and

uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications

offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and

secure communications, to protect their trusted relationships and stay safe. Salt is headquartered in

Belfast, N. Ireland, for more information visit Salt Communications.

Cyber Defense eMagazineOctober 2021 Edition 37

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Nicole Allen, Marketing Executive at Salt Communications. Nicole

has been working within the Salt Communications Marketing team for

several years and has played a crucial role in building Salt

Communications reputation. Nicole implements many of Salt

Communications digital efforts as well as managing Salt

Communications presence at events, both virtual and in person

events for the company.

Nicole can be reached online at (LINKEDIN, TWITTER or by emailing

nicole.allen@saltcommunications.com) and at our company website https://saltcommunications.com/

Cyber Defense eMagazineOctober 2021 Edition 38

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Source Code Protection Market

Do we need GitHub and Bitbucket backup software?

By Marta Przybylska, Marketing Manager, GitProtect.io / Xopero Software

Today, the software is the driving force of the world, and developers are game changers. There are

approximately 40 million people that are involved in writing code or programs. Thus, the real revolution

is happening on the other side of our screens. And with thousands of startups coming up worldwide, the

demand for developers and source code is soaring.

Data is compared to Oil in the 18 th Century driving the digital economy more than ever. And developers

are responsible for generating most of the data processed daily. How many? Well, this number grows at

an exponential rate. In 1992 it was 100 GB generated daily, in 97’ - 100 GB per hour and today it reaches

the number of 50 000 GB per... Second.

Source code, as an Intellectual Property is one of the most crucial business assets. When it comes to

startups, tech or software development companies - is a key factor of a company valuation. There is no

wonder that businesses put more and more effort and expenses into cybersecurity. However, there is

one area software development companies cannot underestimate. Protecting the source code itself.

Market potential

GitHub claims to have over 56 million registered developers, including 72% of Fortune 50 companies. It

makes it “the largest source code” globally. GitLab estimates its users for more than 30 million while

Atlassian’s Bitbucket reached 10 million business users.

Cyber Defense eMagazineOctober 2021 Edition 39

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Software developers use version control systems like Git and hosting platforms like GitHub, Bitbucket,

and GitLab on a daily basis. Those are places where code is created, hosted and where the development

teams spend thousands of hours to write, support, and improve projects. Can you imagine how much it

would cost tech companies to lose access to such valuable data? And is it even possible?

Source code, even if hosted within such reliable hosting, might get unavailable or lost. While those

services are considered accessible and proven, no service provider can ensure customers with 100%

availability.

Ups, something went wrong...

Downtime and outages are one of the reasons. For example, in June 2020 GitHub experienced a major

outage that lasted for hours and impacted millions of developers. In 2017 the huge outage happened to

GitLab.com and made its services unavailable for hours. The company lost some production data that

was unable to recover.

How about cyberattacks? In 2019 most of tech media reported that attackers were targeting Bitbucket,

GitHub and GitLab accounts, wiping code and commits from many repositories leaving behind only a

mysterious ransom note.

Finally, we have to mention the nightmare of every IT administrator and cybersecurity professional –

human errors. Branch deletion, synchronization problems, or some intentional malicious behavior - that’s

just some of the developers’ mistakes (intentional or not) that can put source code in danger or wipe it

out.

Shared responsibility

Like most SaaS providers, also GitHub, GitLab, and Atlassian rely on shared responsibility models. Those

define which security duties are handled by the service provider and which belong to the organization. In

a nutshell: version control systems providers are responsible for maintaining the infrastructure and

making sure data is available and accessible. Companies as users are responsible for protecting their

GitHub, GitLab, or Bitbucket data in general.

While there is a lot of management, monitoring, code quality, and security apps available in both the

Atlassian and GitHub marketplace, there is a big niche when it comes to backup software.

Source protection today

So, how do companies handle repository backup today? Generally: they don’t at all. And if so, there are

usually DIY methods based on git-clone commands and self-written scripts. Some businesses rely on

snapshots of their local git instances. But those approaches have their limitations - high-long-term costs

Cyber Defense eMagazineOctober 2021 Edition 40

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


of script administration, no backup verification, no automation, and no restore guarantee which could

potentially make backup useless in case of any event of failure.

The source code backup market is still crawling - the first backup solutions start to appear as a result of

internal development teams’ needs. However, there are also some established and experienced backup

vendors, that discovered and decided to develop this niche, making it the most professional backup

software for GitHub and Bitbucket environments.

Considering Intellectual Property value and GitHub and Atlassian’s emphasis on adequate data

protection, we might foresee that GitHub and Atlassian backup, in the footsteps of Microsoft and Google

Workspace, will become another, key data protection field.

About the Author

Marta Przybylska, Marketing Manager at GitProtect.io/Xopero Software.

From the very beginning of her career, she has been associated with the IT

industry and technology startups. For over 3 years has been related to the

cybersecurity market – working at Xopero Software, a backup vendor on

the project code named GitProtect.io – the most professional, fully

manageable GitHub and Bitbucket backup software (available on both

GitHub Marketplace and Atlassian Marketplace). Company websites:

https://xopero.com/ and https://gitprotect.io/

Cyber Defense eMagazineOctober 2021 Edition 41

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


How to Close the Security Gap Between Identity and

Access Management (IAM) and Shared Accounts

By Maurice Côté, Vice President of Business Solutions, Devolutions

For more than half a century, passengers of London’s underground (a.k.a. The Tube) have been warned

to “mind the gap” when crossing the small, but potentially dangerous openings between train doors and

station platforms.

Well, organizations these days need to mind the gap as well: the virtual gap that exists between their

Identity and Access Management (IAM) system and their various shared accounts. Otherwise, much like

unwitting tube passengers, they could find themselves rather badly injured — not physically, but

financially.

Of course, the issue here is not that IAM systems are somehow ineffective or unnecessary. On the

contrary, given how vast the attack surface has become in recent years with the explosive popularity of

cloud services and remote workers, IAM systems are highly valuable. Rather, the problem is that a chasm

exists between IAM systems and devices that do not use a federated identity, such as networking

equipment and specialized appliances. What’s more, out of practical necessity, most of these devices

are managed using shared accounts, which means they are coveted by hackers who are highly motivated

Cyber Defense eMagazineOctober 2021 Edition 42

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


to steal “the keys to the kingdom” (i.e. privileged accounts that provide access to sensitive, confidential,

and proprietary data).

Clearly, all organizations — and we are not just talking about large enterprises, but SMBs as well — need

to close the gap between their IAM system and shared accounts. That is where a Privileged Access

Management (PAM) system enters the picture and makes a game-changing difference.

A PAM system extends the robust protection offered by an IAM system into the non-federated identity

space, and enables eight key functions and features:

1. A secure vault that safely stores credentials and other sensitive data that is shared between

multiple end users (e.g., software license keys).

2. Account checkout, which allows SysAdmins to approve or reject an access request on a case-bycase

basis; and in the event of approvals, SysAdmins can set a time limit.

3. Customized notifications that alert SysAdmins when certain events or actions take place

regarding specific end users, roles, vaults, etc.

4. Automated mandatory password rotation upon check-in.

5. Automated mandatory password rotation at a scheduled time/date.

6. Account discovery, which automatically scans and identifies privileged accounts from an Active

Directory provider so they can be updated, monitored, or deleted.

7. Behind-the-scenes account brokering, which automates workflows (e.g., open a VPN client,

launch a remote access protocol, and access a privileged account) without ever having to provide

end users with passwords in the first place.

8. Session activity recording, which is highly valuable for organizations that have contractors and

third-party vendors, as well as organizations that want to monitor employee performance and

productivity.

Organizations should make it a top priority to implement a PAM system, and in doing so close the security

gap between their IAM system and shared accounts when access cannot be federated. Frankly, this is

more than a best practice. Given that the average cost of a data breach has surged to a staggering USD

4.24 million per incident, it is a necessary requirement.

About the Author

Maurice Côté is vice president of business solutions at Devolutions, a

provider of best-in-class privileged access management, password

management, and remote connection management solutions to all

organizations—including SMBs.

For more information about Devolutions, check out their Twitter

@DevolutionsInc or their website https://devolutions.net/

Cyber Defense eMagazineOctober 2021 Edition 43

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Intercepting data traffic via iPhone

Intercepting data traffic via iPhone

By Jordan Marcus Bonagura

Introduction

This article aims to demonstrate in a simplified way different approach for capturing and intercepting

network traffic data originating from an iPhone device.

Obviously, the iPhone is not the only device subject to these approaches, and the strategies presented

here are not the only ones capable of performing such intercepts.

The simplest way to get this data is to use a proxy server. In the first part of this article, we will adopt

BURP software to exemplify this operation. After collecting the data, we will analyze the packages of a

given application and its connection to the WEB services.

However, if the objective is a more detailed analysis of the traffic of an application that uses

communication ports other than WEB requests, we can diversify the strategy and use a remote virtual

interface (RVI), as we will demonstrate in the second part of this article.

Cyber Defense eMagazineOctober 2021 Edition 44

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Part 1 - Using a Proxy Server – BURP

When we mention the use of a proxy server, we are basically referring to intercepting and analyzing

requests related to the HTTP (Hypertext Transfer Protocol), whether the one with the TLS (Transport

Layer Security) security layer or not.

Some of the applications we have on our smartphones still only use the HTTP protocol, which means

that data travels in plain text form, that is, without any encryption, making sensitive information fully

exposed to any attacker who adopts techniques man in the middle.

To configure our proxy, the first step is to open BURP software, by default the interface it will be listening

to will be the equipment itself, that is, the IP address 127.0.0.1 and port 8080 as we can see in the image

below:

In BURP every capture is by default related to the local machine, but to execute our strategy of

intercepting the data that will reach our server through the iPhone we will need to add the internal IP of

the local machine in the Specific address field.

Note that in this case we adopt the IP 192.168.1.102 with port 8081.

Once BURP is configured, let's go to iPhone:

Cyber Defense eMagazineOctober 2021 Edition 45

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Note: Note that the IP address associated with the iPhone has no relationship with the proxy server, but

it is obvious that they will have to be on the same network so that traffic can be captured.

As soon as we finish configuring the iPhone to use BURP as our proxy server, we can already see some

packages, this is because several applications are running in the background, usually software’s updates,

email’s updates, among others.

Cyber Defense eMagazineOctober 2021 Edition 46

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Below we have an example of intercepted packet with POST method in connection with office365 for

email update, note that DeviceType is already identified as an iPhone.

For demonstration we used a real healthcare application, more precisely from a healthcare company,

and for ethical reasons, I obviously kept the data hidden.

We can analyze that when we open the application on our smartphone, API requests to the server are

already executed to exchange information and with this we have already seen the packages as shown

in the image below:

Despite being an application that requires a high level of information secrecy, data is transferred in plain

text, so that’s means without any encryption involved.

As we can see in the image below, we are not yet talking about access credentials, but in any case, they

are sensitive data, such as the beneficiary number (insurance ID) and telephone number.

Cyber Defense eMagazineOctober 2021 Edition 47

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Unfortunately, in this application, not only the previously highlighted sensitive data are transferred in plain

text, but also the access credentials (username and password) as we can see in the image below:

This means that if we had someone connected to the same network, for example an airport wifi network,

cafeteria, restaurants etc., and were running a traffic analyzer where we opened this application, we

would have our user and password data leaked (Man in the middle attack).

Part 2 - Using a Remote Virtual Interface (RVI) – Wireshark

Another approach that can sometimes be more interesting is to analyze all the network traffic that occurs

between the iPhone device and the application servers, now not only focused on WEB applications and

requests (HTTP), but on different protocols.

To implement this, we start with the connection of our iPhone via USB to the computer that will run

Wireshark for data collection, then we will create the RVI (Remote Virtual Interface) where we will need

to pass the UUID (Universal Unique Identifiers) of the iPhone as a parameter.

Through "Finder" it is possible to discover the device UUID, just click on the name of the connected

device and the information will appear as shown in the image below:

Cyber Defense eMagazineOctober 2021 Edition 48

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Having the device UUID and being connected, it is necessary to activate the virtual interface (RVI), using

the following command:

After receiving

the SUCCEEDED message, we are ready with the interface enabled and then we can go to the Wireshark

network traffic analyzer opening and select the rvi0 interface.

In this example and even for comparison purposes with the previous model, we adopted the same

healthcare application and applied a basic filter (ip.src == 192.168.1.23) to facilitate viewing only the

source IP (iPhone).

It is possible to view protocols from different layers of the OSI model, in this example, we have protocols

from the transport layer (TCP) as well as from the application layer (HTTP) as seen in the image below:

Cyber Defense eMagazineOctober 2021 Edition 49

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Analyzing only the HTTP packets it is possible to analyze the same information that we saw previously

in BURP.

So, if we open the content of our selected package, we will also have all the previously demonstrated

credential information, as shown in the image below:

Conclusion

We could verify that there are different approaches regarding the capture of data traffic via iPhone. In the

first part we demonstrated the technique with the adoption of a Proxy server (BURP) where it was

possible to analyze packages related to WEB requests, this technique is easier to implement, but often

limited.

Cyber Defense eMagazineOctober 2021 Edition 50

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


In the second part, we demonstrate a broader analysis where it was possible to verify that protocols from

different layers can also be analyzed, therefore, depending on the desired objective and/or the form of

communication of the application, this may be more suitable.

It is worth remembering that both techniques are complementary, therefore, depending on the

application's final analysis objective, both can be combined.

The path of the stones is given, now it's up to you to follow for an in-depth analysis of their applications.

Stay Safe

About the Author

CISO and Information Security Researcher - CEH

Hacker is NOT a Crime Advocate

Stay Safe (Magazine and Podcast) Founder

Computer Scientist

Post Graduated in Business Strategic Management, Innovation and

Teaching

Organizer of Vale Security Conference – Brazil

Director Member of Cloud Security Alliance - Brazil

Advisory Member of Digital Law and High Tech Crimes OAB (Association of Brazilians Lawyers)

IT Teacher and Course Coordinator

SJC Hacker Space Founder

Speaker (AppSec California, GrrCon, Angeles Y Demonios, BSides Augusta, Bsides SP, H2HC, Silver

Bullet, Seginfo, ITA, INPE, BalCCon2k14, etc)

Jordan can be reached online at (jobonagura@gmail.com)

Cyber Defense eMagazineOctober 2021 Edition 51

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Modern Times, Old Prejudices

The Hacker Era

By Jordan Marcus Bonagura

The century of constant acceleration

Twenty-first century, more than a century of human evolution and great changes, a century of constant

acceleration. Everything is always changing and exaggeratedly fast - technology, social changes and

even our lifestyles. Changes so impactful that not even our most consolidated routines escaped, escape,

or will escape impunity.

Cyber Defense eMagazineOctober 2021 Edition 52

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Currently, we are bound to use technology in everything we do. If we stop to think about the idea of its

emergence, the objective was not only to contribute to solving problems and interconnecting people, but

also to reduce time with daily and repetitive tasks, which in fact occurred, but instead of taking advantage

of this time to enjoy with family and friends, we end up filling it with more and more tasks, whether out of

necessity or simply for having a walking encyclopedia in our hands and quickly wanting to explain the Big

Bang theory while trying to learn 20 different languages in just 15 minutes.

Alert (‘Don’t eat that!!!’);

I believe it is almost impossible to imagine the present day without computers, tablets or our new bodycoupled

organ called smartphone. Computer equipment today is used for absolutely everything, from

scientific research to exploring the universe and discovering new planets, helping to create vaccines

during a pandemic, curing or fighting diseases, facilitating locomotion without wasting more hours in traffic

and even warning through your fridge for your organ coupled that it is full of sugars and fats, and that's

why you tend to have a few nano seconds less perspective of life.

However, despite our lives being totally linked to this new era, we, for

the most part, still live with diverse prejudices.

Prejudice meaning…

The word prejudice means having an opinion or thinking about something or someone, whose content is

built from superficial and unfounded analysis, or preconceived without knowledge and/or reflection.

Fortunately, or unfortunately, depending on the interlocutor or situation, the acceleration process we saw

above also brought us beyond an evident technological dependence, a huge amount of information and

possibilities associated with an absolute lack of time and/or interest for us to deepening and not just

becoming “superficial experts” of all the things summarized in the first three lines of the first two search

returns of our internet browser.

Cyber Defense eMagazineOctober 2021 Edition 53

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


A great example of a “superficial expert”

Perhaps here is the root of the superficiality that feeds many of our prejudices, after all, we add to this

misinformation the ease of parasitizing the world from the perspective of the opinion of others, which

leads us to judge what we do not know, or to defend ourselves from what someone one day “out of

absolute ignorance” judged to be harmful, and we do this for everything, we are always judging, taking

as truth an event, idea or news without even deeply analyzing the facts.

And it is precisely in the ditch of these flawed judgments that a concept that has been widely used recently

around the world enters, the Hacker concept.

Bookworms and nerds

But before we delve into this, let's go back to school days. Do you remember when you studied and there

were the great scholars in the classroom? Everyone remembers them, the “book worms”, the “nerds”,

the ones who knew everything, who spent hours in the library researching and who went deeper than

requested in a given job. In the end, everyone wanted to pair test with them, as they were sure of the

best grades and the best results.

These people still exist, and continue to be sunk in libraries, now, often digital, they continue to seek

knowledge in what makes them tick, they continue to do all this, however, in different areas of knowledge

and with the support of different technologies.

The word Hacker is the word that defines this group of people, that is, natural researchers and tireless

seekers of knowledge.

Cyber Defense eMagazineOctober 2021 Edition 54

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


You can be a hacker too!

Remember, all that super-modern hospital equipment that helps people, that super-fast plane or train,

that last generation of cell phone that tracks your heartbeat and lets your doctor or relatives know if you

don't feel well, none of it built itself, the system that controls all this was not made by aliens... I'm so sorry

to inform you that the voice of the "woman or man" that you program to turn on your bathtub, show you

the best way and make your coffee are not real and they can make mistakes... and trust me, some of

these mistakes can be very harmful...

Well, someone needed to develop, test, and ensure that this technology works, and more than that, that

it is safe and available when we need it, right? No one would want to go into their bank account and see

that it was stolen, be caught by surprise by a hurricane, without being able to prepare beforehand, or the

freezer tricking you into saying it has chocolate ice cream, when in fact it doesn't... And do you know who

is behind all these things that make your life easier? Them the hackers.

A huge different purpose means everything

No! The hacker is not the professional who steals your Instagram account, takes the pennies of all your

banking transactions to another account in a tax haven, and then uses his money to finance an

international network of computers who will break into the systems that regulate the upcoming elections

to choose Batman as the new leader of the Justice League. The correct definition for this guy is Criminal,

it doesn't matter if cybercriminal or not; It's Criminal.

Hackers are not these guys! What has historically brought them closer to this confusion about having the

knowledge and the tools and therefore being found guilty of the fact, was precisely the prejudice based

on superficiality as we discussed earlier. It's like judging the shovel owner guilty of all the holes in

the world. Hackers are great researchers, regardless of the area or segment of knowledge in which they

work.

Cyber Defense eMagazineOctober 2021 Edition 55

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


What I want to reinforce here is that what separates Hackers from Criminals is the same that separates

any other person or professional from doing right or wrong, that is, facts, actions, purposes, and a good

dose of character.

Stay Safe

About the Author

CISO and Information Security Researcher - CEH

Hacker is NOT a Crime Advocate

Stay Safe (Magazine and Podcast) Founder

Computer Scientist

Post Graduated in Business Strategic Management, Innovation and

Teaching

Organizer of Vale Security Conference – Brazil

Director Member of Cloud Security Alliance - Brazil

Advisory Member of Digital Law and High Tech Crimes OAB (Association of Brazilians Lawyers)

IT Teacher and Course Coordinator

SJC Hacker Space Founder

Speaker (AppSec California, GrrCon, Angeles Y Demonios, BSides Augusta, Bsides SP, H2HC, Silver

Bullet, Seginfo, ITA, INPE, BalCCon2k14, etc)

Jordan can be reached online at (jobonagura@gmail.com)

Cyber Defense eMagazineOctober 2021 Edition 56

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


The Brutal Reality of Brute Force Attacks And How To

Defend Against Them

By John Nowotny, Customer Success Engineer, Exabeam

Russian cyberattacks have seemingly become the new normal with the recent spate of high-profile events

at SolarWinds, Colonial Pipeline and Kaseya putting U.S. government officials and private sector

businesses on high alert.

In July, the National Security Agency (NSA), together with partner agencies from the U.S. and the U.K.,

sounded yet another alarm about a global and likely ongoing “brute-force” cyber campaign by the Russian

military intelligence agency, the GRU. The NSA advisory details the malicious group’s tactics for targeting

hundreds of U.S. and foreign entities and the steps that organizations should take to mitigate their risk.

Underscoring the gravity of what the White House perceives as an escalating threat to national security,

President Joe Biden put Russian President Vladimir Putin on notice, suggesting that the U.S. will retaliate

if Moscow fails to crack down on Russia-based cybercrime groups that target American institutions.

Cyber Defense eMagazineOctober 2021 Edition 57

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Containerization: New spin on a classic tactic

Brute-force attacks are hardly new to the cybercrime scene, and password spraying remains a widelyused

tactic for breaking into private networks, which can then be exfiltrated, degraded or destroyed.

According to the NSA advisory, the GRU has upped the game, leveraging software containers –

specifically a Kubernetes cluster – to easily scale brute-force attempts. Containerization allows the

attackers to use many different dynamic IPs and routes by which to harvest credentials. As a way to

evade defenses, they route the authentication attempts through TOR and commercial VPN services.

Coupling prevention with better detection

The advisory further cautions that the distributed, highly scalable and anonymized nature of the password

spray capability makes indicators of compromise (IOC) much more difficult for target networks to detect.

And while preventing a network intrusion is always the primary goal, being able to detect a breach ahead

of any long-term impact is equally essential.

For organizations to protect their networks from password spray attacks, the NSA recommends the

following mitigations:

1. Adopt multi-factor authentication (MFA) and single sign-on (SSO) and MFA for cloud services

2. Establish lock out and time out policies

3. Check for poor passwords

4. Remove weak authentication methods, change default passwords and remove local accounts

5. Establish policies for where accounts can authenticate from (e.g. global admins, power users)

Adding analytics to the cybersecurity arsenal

The NSA advisory also advises organizations to use analytics to detect anomalous activities and

accesses. By pairing analytics with known tactics, techniques and procedures (TTPs), security teams

can watch for unusual changes in patterns instead of just monitoring for specific risks. This is especially

important for organizations that are managing “SaaS sprawl” – which can amount to hundreds of different

software applications in their tech stack.

Because there is no signature, by the time adversaries penetrate a network environment, they already

have credentials. Behavioral analytics enables security teams to detect deviations from normal baseline

behavior for a compromised credential. They may see failed logins, a new country of logon or an

abnormal number of accesses to the host across the organization.

Cyber Defense eMagazineOctober 2021 Edition 58

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Multi-factor authentication is one of the strongest tactics an organization can implement to protect

themselves from a variety of password/authentication attacks, particularly password spray attacks.

Unfortunately though, multi-factor authentication isn’t bulletproof. Session hijacking, an attack featuring

the exploitation of web session control mechanisms, and SIM swapping attacks, a form of account

takeover fraud, continue to target employees in order to bypass MFA protections. Similar to other

avenues adversaries use to gain access to a system, MFA and authentication logs should be evaluated

to look for anomalies. Indicators that something is wrong include methods used, source locations, and

number of attempts.

Keeping up with the MITRE ATT&CK® framework and using analytics to map network activities to the

growing knowledge base of TTPs will continue to be a critical piece of the security process in guarding

against brute-force attacks. This summer, MITRE released D3FEND as a complement to its existing

ATT&CK framework, providing a catalog of cybersecurity countermeasures for the most common

offensive techniques. Funded by the NSA, D3FEND aims to standardize the vocabulary used by

cybersecurity teams across all industries and sheds more light on the relationships between defensive

and offensive tactics.

The recent ransomware attack at Kaseya – which affected as many as 1,500 small and medium-sized

companies worldwide – was a rude awakening, proving that no organization is safe from an insidious

cyberattack. With the next brute-force attack likely underway, cybersecurity teams need to ensure they

are equipped with the latest information and advanced analytics to detect and neutralize an impending

attack before the damage is done.

About the Author

John Nowotny is a Customer Success Engineer at Exabeam.

He is the Customer Success Engineer at Exabeam. He ensures

that the products that Exabeam customers are benefiting from are

top quality and exceeding expectations.

Cyber Defense eMagazineOctober 2021 Edition 59

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Application Modernization and Other Best Practices of

Securing Legacy Infrastructures

By Roman Davydov, Technology Observer, Itransition

Legacy systems continue to play a vital role in the operations of many enterprises. However, over time,

things like poor user adoption, increased maintenance costs, frequent errors and downtime significantly

reduce the value of such digital solutions.

The situation may be even worse if we look at legacy software from the cybersecurity perspective. Legacy

vulnerabilities pose one of the biggest enterprise cyber threats; experts state that any software that was

deployed as early as two years ago may already be at risk.

Despite such statistics, enterprise managers often delay application modernization regardless of its

apparent benefits. As a result, enterprises may put their data and business reputation at stake; after all,

the use of outdated software is always associated with many technical, operational, and even legal risks.

In this article, we’ll discuss the reasons why legacy applications carry security risks, name some common

vulnerabilities, and provide several recommendations on how enterprises can eliminate these threats.

Cyber Defense eMagazineOctober 2021 Edition 60

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Why outdated software poses cybersecurity risks

There are many different reasons why legacy software cannot be considered secure. One of them is that

software vendors and manufacturers sometimes stop delivering updates over time. This fact, in turn,

means that hackers may utilize known vulnerabilities to infiltrate corporate digital infrastructures; still, IT

departments can partially mitigate this risk if they build and deploy their own fixes.

Another group of risks is related to the fact that legacy solutions rarely provide the functionality required

to ensure cybersecurity; default features of modern software systems such as multi-factor authentication,

data encryption, or role-based access may simply not be available. Even if a team has the desire and

resources to develop and implement such functionality, outdated software may just not provide enough

capabilities for doing it.

Enterprises may also experience security challenges due to a lack of IT staff who has the knowledge

needed for maintaining legacy software. Many organizations have one or two engineers who are deeply

immersed in the context of their systems and therefore can ensure a strong level of security; if these

specialists quit their jobs, enterprises may simply not find someone to replace them. Even if an

organization hires a professional who is familiar with the latest cybersecurity practices, enterprise

managers may require months to onboard this person.

So, can enterprise managers do something to mitigate the aforementioned risks and improve legacy

software security? Fortunately, yes, and here are some tips that can help them do it.

How enterprises can enhance the security of their legacy systems

Assessing cybersecurity

Obviously, you cannot eliminate specific threats when you don’t know if there are any and which exactly;

therefore, the first thing an enterprise should do is thoroughly analyze its legacy infrastructure from the

security perspective. In most cases, teams can choose such security assessment frameworks as ISO/IEC

27000 or NIST; if a software solution requires a more specialized approach, enterprise managers can

also look up to such frameworks as GDPR, HIPAA, or CMMC.

The assessment process itself may vary depending on the specifics of your infrastructure, as well as your

business and technical requirements. For example, you may start with defining an assessment scope

and then start searching and identifying cyber risks; after that, you can implement specific security

measures to eliminate the threats you’ve discovered.

In case your company lacks the right talent, competencies, or resources to conduct an assessment, you

can consider hiring third-party consultants. Although this may require certain investments, this can also

be the fastest and simplest way to gain a 360-degree view of your digital infrastructure.

Cyber Defense eMagazineOctober 2021 Edition 61

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Eliminating discovered threats

It may be difficult to provide one piece of advice here since any actions will largely depend on the

assessment results. However, there are some things any team can do to mitigate the existing threats (of

course in case it has the relevant talent and expertise).

First, a team can use the assessment results to develop patches for the discovered vulnerabilities.

Although this is not a one-size-fits-it-all solution, this way enterprises can increase the security of their

software if there is no other way possible. Also, here the team should tread particularly carefully —

sometimes, patches and upgrades may generate new risks and vulnerabilities; therefore, if the team isn’t

sure about the positive result, it may be better to entrust this task to third-party cybersecurity experts.

Second, based on the assessment, the team can develop new security policies or improve their existing

ones. For example, an enterprise may implement user segmentation to limit access to the most

vulnerable modules of its application. Alternatively, teams can start running regular penetration tests to

be able to find and fix any threats quickly.

Considering software modernization

Although the above-listed measures may help with advancing security, legacy software may generate

new risks and vulnerabilities anyway. Therefore, enterprise managers should still consider modernizing

their software; this is the only fully reliable way to ensure that the corporate infrastructure is up-to-speed

and follows best cybersecurity practices. For instance, teams can renovate their app architecture, migrate

solutions to a more modern and secure platform, transfer data to the cloud, or implement selective

customizations. If more radical measures are required, teams can also consider refactoring or developing

a completely new solution instead of the old one.

Final thoughts

For many enterprises, legacy software remains an integral part of their digital infrastructures. While

outdated solutions continue to provide some value, they also pose security risks; to mitigate them, teams

can conduct cybersecurity assessments and fix vulnerabilities by deploying patches and enhancing their

security policies. Still, only a comprehensive application modernization may guarantee advanced and

future-proof cybersecurity.

Cyber Defense eMagazineOctober 2021 Edition 62

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Roman Davydov is a Technology Observer at Itransition. With over four

years of experience in the IT industry, Roman follows and

analyzes digital transformation trends to guide businesses in making

informed software buying choices. Roman can be reached online at

r.davydov@itransition.com and at our company website Itransition.

Cyber Defense eMagazineOctober 2021 Edition 63

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Being Mindful of Communication Security

The potential risks of communication APIs and CPaaS and secure vendor selection criteria.

By James Ryan, Director of Information Security, BISO, IntelePeer

The pandemic accelerated the demand for various things, from vaccines to virtual telecommunications

platforms. Cloud services also rose in use to enrich customer communication channels, from Software

as a Service (SaaS) and Infrastructure as a Service (IaaS) to Platform as a Service (PaaS) and

Communication Platform as a Service (CPaaS) seeing considerable growth. In 2017, Frost and Sullivan's

researchers found that of 1,695 companies, 81% had already deployed CPaaS, and that number has

only increased since the pandemic. Nevertheless, this shift to a cloud-based infrastructure introduced a

new attack surface, opening fresh cyber threats to businesses. As part of an organizational security effort,

enterprises must select the most secure and reliable providers within the CPaaS space.

Cyber Defense eMagazineOctober 2021 Edition 64

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


What data security risks do communication APIs and CPaaS create?

The integration of CPaaS services and Application programming interfaces (APIs), often used by CPaaS

providers to deliver added value, can be infiltrated by sophisticated attackers to modify content during

transmission. Sometimes, open APIs leave data exposed, making them vulnerable to attacks such as

unwanted access to API infrastructure resulting in potential data leakage. A famous example of a data

leak was when Facebook's API got exploited, compromising users' information. Although most

enterprises won’t have the same level of open API access that caused the Facebook data breach – the

same principles apply.

With API abuse, a bad actor, having obtained stolen credentials, can, depending on the level of access,

manipulate a company’s budget, steal personal information, and even lock an enterprise out of its own

API and CPaaS systems. Similarly, unsecured code can jeopardize a business, leaving it susceptible to

further data security risk. Besides the loss of revenue and productivity often associated with data

breaches and network downtime, the erosion of customer trust is perhaps the most long-term

consequence of a data breach due to compromised APIs and CPaaS solutions.

Having secure communication, and by extension, a secure CPaaS provider is an essential business

requirement. Any organization that communicates with its customers, employees and suppliers and

collaborates with devices must prioritize the devolvement of a security strategy.

Selecting a safe and secure CPaaS Vendor

When selecting a CPaaS vendor, they must prove their commitment to security – it cannot be an

afterthought. Some initial checklist investigations include examining the vendor’s certifications and the

maturity of those certifications. Note, some vendors perform self-certification processes to fluff up their

resumes. By confirming the level of encryption that the CPaaS provider offers, companies can make a

more accurate judgment of the vendor’s security capabilities. Enterprises should also understand what

processes and tools CPaaS vendors use to keep communications safe. Likewise, it’s helpful to send a

thorough questionnaire to several vendors to rate their security prioritization. Having multiple choices,

complete with notes and ratings, will provide an organization’s IT team with a more holistic view of their

options.

Beyond these preliminary inquiries, other best security practices for selecting an apt CPaaS vendor

involve consistently calculating the risk verse benefit. Given that every company will at one point in time

experience an unexpected circumstance after implementation, it’s always suitable to complete a

risk/benefit assessment. After companies have selected a CPaaS vendor and the implementation

process is complete, organizations must focus their attention on endpoint management (laptops, mobile

phones, and PCs) as it is necessary to protect the cloud network and customer data. An ideal CPaaS

partner will have available teams ready to assist customers with issues or projects that might arise or

direct the client's attention to necessary system changes and patches. Such updates could include

replacing a cipher suite or an algorithm for a certain circuit; it is helpful for organizations themselves to

be up-to-date on CPaaS standards.

Cyber Defense eMagazineOctober 2021 Edition 65

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Benefits of Secure CPaaS and APIs

Although the consequences of having unsecure communication APIs and a less-than-optimal CPaaS

vendor can be severe, successfully leveraging a reliable CPaaS provider will be highly beneficial. CPaaS

is an invaluable tool for many industries that manage sensitive information – namely, healthcare and

financial services. For healthcare specifically, CPaaS can help set appointments, handle payment

information and automate various processes. Similarly, communication APIs can optimize employee

workflows and organize data within a single platform streamlining efforts and eliminating the need to

toggle between apps. Plus, APIs are customizable, allowing enterprises to enhance workflows even more

to meet employee needs.

Although having a secure CPaaS vendor is critical to business success and assurance that company and

customer information is safe through robust CPaaS and APIs, not all CPaaS vendors are equal. Some

providers might be a better fit for one industry but a poor choice for another; security shouldn’t be the

only criteria.

About James Ryan

James Ryan, Director of Information Security, BISO, IntelePeer. James

can be reached online at his LinkedIn and at our company website

https://intelepeer.com/.

Cyber Defense eMagazineOctober 2021 Edition 66

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Is the Edge Really Secure?

By Chetan Venkatesh, CEO and Co-Founder of Macrometa

The simplest answer is…

No.

But, if history has taught security professionals anything it’s that the most secure network is the one

without any users. It also happens to be the least useful of networks.

So what are we actually asking when we discuss security and the edge? Most often, the question is

usually hiding the subtext of:

“In a new deployment methodology involving edge data (in a Point of Presence or on a new spectrum)

distributed globally, do the techniques that I use for security today still apply?”

The answer to this question differs based on your experience and deployment architecture. However,

there are some commonalities.

Cyber Defense eMagazineOctober 2021 Edition 67

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Our industry has developed standard requirements of physical security, software security, access control,

etc., that tend to be rolled up into a series of compliance schemes. These compliance programs

absolutely apply in the era of edge computing and edge data centers.

The edge tends to conjure up the image of an outdated server living in a remote office (perhaps shoved

in a corner under a dusty desk). This is no longer true. Rather, massive deployments of hardware

enabling real-time, low-latency experiences (regardless of geographic region) are becoming increasingly

normal and, I would assert, will become more prevalent in the future.

Your current compliance knowledge and your current expertise remains relevant. There are new

concepts to learn, of course, and new considerations as data proliferates across the edge in global

footprints. But the basis remains the same. It’s extremely important that the tools adopted in edge

deployments support your desire to stay compliant with data regulations.

When choosing a vendor, ensure that you have the required controls to define what data and events are

cached, stored, and processed. And, given a global deployment, you are able to define this on a perregion

basis. When the internal compliance requirements are met, and appropriate certifications are

obtained, edge deployments enable a variety of new and exciting capabilities not yet feasible.

With the basics achieved, what becomes even more interesting is what edge deployment paradigms

mean for the security and compliance workflow offered by companies.

First, it’s important to understand that these edge deployments are done to extend capabilities while also

providing a fast round-trip response time. Today, it’s absolutely possible to achieve a P90 round trip

latency of less than 50ms globally. This speed, when coupled with data controls, powers exciting new

capabilities.

Consider, for example, real-time event correlation.

In a globally-deployed environment, you’re able to offer workflows that can detect complex event patterns

and isolate threats across multiple nodes in real time. In an industry like financial services, the ability to

offer both real-time decisioning and real-time compliance are dependent on strict event correlation. You

can also imagine this being broadly applicable to FINRA compliance that requires mandatory reporting

of communications and over-the-counter transactions.

As another example, think about real-time threat & anomaly detection

.

At first glance, it may seem to be a subset of the above, but the ability to perform real-time detection of

complex event patterns and threat isolation enables security alerting in a powerful new fashion. Data

manipulation functions are used to spot early trends or patterns in data and prevent or quickly respond

to business opportunities and threats.

Cyber Defense eMagazineOctober 2021 Edition 68

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Or, let’s spend some time discussing the need for access control.

Perhaps you have some familiarity with ABAC (attribute-based access control) or RBAC (role-based

access control). Edge deployments, with real-time filtering, enable an entirely new category of “locationbased

access control”. Basically, you can think of all the existing power of RBAC/ABAC coupled with the

location-based identifiers of where the user, application, etc. is connecting. For companies maintaining

some set of personally identifiable information (PII), you could define granular policies on workflow

restrictions when certain parts of a schema are accessed. In essence, using physical location (latitude,

longitude, even altitude) to build complex rules that enrich, enhance, present, and analyze data. This

allows you to control and delegate analytics on sensitive/encrypted data to the edge compute and then

serve the result set only when fully complete.

The workflow customizations are nearly endless. And the ideation is exciting. In fact, the workflows

mentioned above are based on conversations that I have daily.

So then, is the edge really secure?

As secure as your deployments today.

Or, perhaps, it is not inherently insecure.

It could even be more secure as you optimize your infrastructure globally.

Importantly, edge deployments (when combined with stateful services, intelligent filtering, and finegrained

data control) can be deployed extremely securely. And, you can enable workflows that enhance

compliance and offer unique, secure capabilities for your users and customers.

The era of edge deployments is here… and it is here to stay. Start planning your compliance wisely and

make sure to dream about the new, exciting workflows you can now enable.

About the Author

Chetan Venkatesh, CEO and Co-Founder of Macrometa – a

silicon valley based edge computing startup. Chetan Venkatesh

is a technology startup veteran & executive focused on

enterprise data center, cloud infrastructure and software

products/companies. He has 20 years of experience in building

primary data storage, databases and data replication products.

Chetan holds a dozen patents in the area of distributed

computing and data storage. Chetan can be reached online at

https://twitter.com/Macrometa and at our company website

https://www.macrometa.com/

Cyber Defense eMagazineOctober 2021 Edition 69

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Staying Ahead of an Attack Starts with Prioritizing Data

Backup

By Mike Wiseman, Vice President, Public Sector, Pure Storage

The protection of our personal data is something often taken for granted, yet a cyberattack can easily

take down an entire system and expose this valuable information. Government agencies at all levels

have been on edge over the past few months, wondering if their cyber infrastructure is stable enough to

safeguard their most treasured asset – their data.

Recent, high-profile attacks like the Colonial Pipeline, JBS Foods, and SolarWinds are unique – making

headlines, causing rippling effects across the country, and giving citizens a look into the weaknesses of

our cybersecurity infrastructure.

In 2021 so far, ransomware incidents account for up to 30% of total incidents, whereas in 2018

ransomware events accounted for only 18% of total incidents. It is clear that we have a growing issue of

data protection in our society at all levels of government.

The Biden administration is prioritizing our cybersecurity in a new way, and the recent cybersecurity

executive order is a step in the right direction for rebuilding our cybersecurity infrastructure. Federal

cybersecurity is a number one priority for government and technology companies alike, so government

leaders at all levels must be ready to take steps in the right direction to minimize the risk of ransomware.

With the looming threat of ransomware, Federal agencies of all sizes and functions are wondering when

an attack could strike them. Do all Federal agencies have the right tools and technologies to face an

inevitable attack? Often, agencies do not have these tools in place until it is too late. Agency IT leaders

should focus on implementing solutions that offer premier protection while remaining cost-effective and

Cyber Defense eMagazineOctober 2021 Edition 70

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


accessible. Different agencies have varying needs, and there are solutions out there that can provide

benefits for agencies of all sizes and functions.

Optimizing Around Costs

One of the most intimidating parts of a ransomware attack is not only the information being sacrificed,

but the costs associated with recovery. In the case of the Colonial Pipeline attack, the nearly $5 million

ransom was paid in full – and a payout this high can debilitate agencies’ budgets and their ability to

maintain services.

High costs to restore information can be daunting for agencies of all sizes. Moreover, paying the ransom

in the event of an attack is not a guarantee that the effects of the attack can be mitigated. Nevertheless,

with the right data security processes in place, the likelihood of enduring these costs in the first place can

be reduced significantly.

While many data protection platforms often come with a steep price tag, agencies should look to invest

in solutions that fit the changing needs of their budget and service goals. For example, many As-a-Service

solutions optimize around relatively low installation costs yet allow the agency to flex their storage plans

as capabilities evolve.

Restore and Backup – Keys to Success

The best way to prevent a ransomware attack is to stay ahead of it. Organizations should focus on

routinely backing up systems, reinforcing basic cybersecurity awareness and education, and revisiting

cyber incident response plans. In addition, agencies should focus on preparation now rather than reacting

after an attack occurs. By investing in solutions that get ahead of the attack, with security built into the

platform, it is easier to minimize downtime and get systems back online more efficiently and effectively.

Two additional essential variables in a backup platform are reliability and speed of backup. Federal

agencies doing mission-critical work cannot afford any amount of downtime. Rapid restore is necessary

as agencies try to protect themselves against the effects of ransomware attacks. Systems with the fastest

recovery time ensure that they can avoid significant operational and financial impact, protect critical data,

and stay focused on the mission.

Invest in the Right Solutions Today

Having consistent, real-time access to data is critical for agencies – and in the event of an attack, they

must be able to recover data at scale, as quickly as possible, when systems go down. In addition, the

backups themselves must be both valid and usable. Modern data protection is fast, simple, and costeffective.

This strategy helps prevent the devastating effects of cyberattacks that could reduce

productivity, cost millions, threaten mission-critical work, or create a lapse in essential citizen services.

Cyber Defense eMagazineOctober 2021 Edition 71

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


A ransomware attack is often right around the corner, so IT leaders must prioritize rapid restore and data

backup. Data is the most valuable asset in an agency – agencies must invest in the most secure systems

that prioritize both backup and recovery against potential threats.

About the Author

Michael Wiseman is the vice president, public sector, Pure Storage, leading

the sales team responsible for federal, state, local and education customers.

In his current role, Wiseman is responsible for developing a team to enable

the transformation of how public sector customers protect, serve and

educate their constituents by leveraging technology to connect, innovate and

lead. Prior to joining Pure Storage, Wiseman spent 17 years at Cisco. Mike

Wiseman can be reached online at mwiseman@purestorage.com and at our

company

website

https://www.purestorage.com/solutions/industries/government.html.

Cyber Defense eMagazineOctober 2021 Edition 72

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Making Sure the Lights Don’t Go Out

By Brett Raybould, EMEA Solutions Architect at Menlo Security

The ransomware attack on Colonial Pipeline, the largest fuel pipeline in the US has shown just how

vulnerable the energy industry is to cyber-attacks. Brett Raybould, EMEA Solutions Architect at Menlo

Security, looks at what it takes to keep the lights on.

In threat reports, the energy and utilities sector often tops the list of industries in terms of the number of

attacks and cost of remediation.

In its 2021 Cyber Readiness Report 1 , insurer Hiscox, gave the energy industry the highest risk score,

with an average remediation cost of $35,439 per incident.

Earlier this year, the ransomware attack on Colonial Pipeline, which carries 45% of the East Coast’s

supply of diesel, gasoline and jet fuel, sent shockwaves across the industry and around the world. But it

is just one of a number of breaches that have impacted critical infrastructure and supply chains over the

last 12 months.

1

https://www.hiscox.co.uk/cyberreadiness

Cyber Defense eMagazineOctober 2021 Edition 73

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


While the attack made headlines and led to shortages, it was certainly not the only one to cause

disruptions. So what makes this sector particularly vulnerable?

McKinsey & Company 2 has suggested three reasons based on their experience:

1. The first is the strategic infrastructure and economic value of this sector. Nation-state actors and

hacktivists can cause significant commercial and societal disruption, or use techniques, such as

ransomware to draw attention to their political agendas. With energy and utility companies under

huge pressure to maintain availability of services, they are very likely to pay ransoms. Colonial

Pipeline is reported to have paid a $4.4 million ransom.

2. Energy and utility companies are often sophisticated and geographically diverse. As a result of the

pandemic, a growing portionof the workforce is now working remotely and will continue to do so.

Decentralized cyber teams must manage an increased attack surface created by these factors, by

eliminating threats from the web, documents and email.

3. Energy and utility companies often have complex interdependencies between physical and IT

infrastructure. Cyber professionals are responsible for managing the risk posed by unique

endpoints – from new and innovative digital customer interfaces to a complex assortment of

operational technology (OT) – all of which can be possible points of vulnerability.

If they are to defend themselves against an increasing number of attacks, companies must mobilize their

capabilities to proactively prevent users, data and applications from providing an easy first point of entry

for attackers – whatever their motivation.

To achieve this, security professionals are exploring strategic approaches, such as Zero Trust and

Secure Access Service Edge, or SASE, and deploying solutions that create an ‘air gap’ between the user

and the Internet, such as secure web gateways powered by isolation.

Isolation ensures no entity can connect directly to an organisation’s devices as the first step of an attack,

even if a user clicks on a malicious link or downloads a suspicious document.

Helping energy companies

Gösgen Nuclear Power Plant in Switzerland is one of the many organizations we work with in this sector,

supporting the cybersecurity team to reduce their cyber risk level while promoting employee productivity.

This is a common balancing act for security teams who need to provide employees with Internet access

without putting the organization at risk.

A homegrown isolation solution was already deployed and proved very effective at shutting down

malware access to endpoints, but it was hard to maintain and could impact essential user productivity.

Now employees of the Gösgen Nuclear Power Plant and some of their strategic supply chain partners

have been surfing productivelyvia our isolation-powered secure web gateway.

2

https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/the-energy-sector-threat-how-to-addresscybersecurity-vulnerabilities

Cyber Defense eMagazineOctober 2021 Edition 74

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Gösgen’s IT Security Officer, Francois Gasser and his team are confident that no malicious code can

reach endpoints, so now allow employee access to websites that were previously blocked. We’ve also

helped reduce manual administration and improve productivity for the team by generating exceptions

directly from log files to speed time to resolution.

Taking action on ransomware

For energy and utility organizations, the race is on to establish a prevention based approach to

cybersecurity, rather than rely on legacy detect-and-respond that has resulted in significant losses for

businesses.

For many, this means a Zero Trust approach to security – which creates an air gap and assumes that no

traffic shouldbe trusted – is high on their agenda. Zero Trust includes browser-based Internet traffic,

as well as content within every email and document attachment.

But Zero Trust must also work at speed and scale making the legacy on-premises, appliance-based

proxies that conduct standard URL filtering and sandboxing just too laborious and inflexible to stop the

real threat of ransomware in its tracks. This is where isolation comes in.

Other organizations in the energy and utilities sector are deploying solutions to prevent malicious code

from ever reaching the network perimeter, mobilizing isolation-powered cloud security to shut the door

on malware for good and significantly reducing operational and commercial risk.

Detection should always play a role in a layered cybersecurity strategy, but focusing on a proactive,

pragmatic prevention strategy gives the business, employees and partners the security they need to

avoid ransomware and other sophisticated forms of attack – and, ultimately, make sure the lights don’t

go out.

About the Author

Brett Raybould is EMEA Solutions Architect at Menlo Security, a

leader in cloud security. In this role, he is responsible for technical

sales, product demonstrations, installations, solution proposals

and evaluations. Brett joined Menlo Security in 2016 and

discovered how Isolation technology provides a new approach to

solving the problems that detection-based systems continue to

struggle with. Passionate about security, Brett has worked for

over 15 years for some of the leading vendors specialising in the

detection of inbound threats across web and email, and data loss prevention (DLP) including FireEye

and Websense. He has represented Menlo Security as a speaker at industry events, including e-Crime

& Cybersecurity Congress and Cloud Security Expo.

Cyber Defense eMagazineOctober 2021 Edition 75

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Protecting SMBs from Current Cybersecurity Threats

A Few Small Practices Can Have a Large Impact

By Mike Mosher, Director of Technology, Cinch I.T.

If you own a small or medium-sized business, you are a target of the majority of cyber security attacks.

It can happen to you, it does happen to your peers, and more than half of all SMBs that suffer a

cybersecurity attack never recover. Attacks against SMBs almost never make the news; those stories

are reserved for the multi-million-dollar ransoms that takedown city governments, oil and gas pipelines,

and hospitals. That doesn’t make them any less real.

As threatening as the cybersecurity landscape is for your SMB, there are a few small (and inexpensive!)

practices you can implement to hopefully prevent but at least recover from a cybersecurity attack—time

to get started.

Turn on MFA. Everywhere. Now.

According to Microsoft, MFA (Multi-Factor Authentication, sometimes called 2FA or Two Factor

Authentication) prevents an estimated 99.9% of attacks on accounts. Human beings are terrible with

passwords. We re-use them. We make them easy to remember, which also makes them easy to guess.

When we change them, we add a 1 or a ! to the end of the password. Maybe your password is

Summer2021 (that’s a “strong” password, by the way). MFA protects you from these bad habits.

Cyber Defense eMagazineOctober 2021 Edition 76

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


MFA works a few different ways, but the basics are the same. After entering a username and password,

you verify with an additional factor. This can be a verification code sent via text or email, a notification

received through your phone, or a code in an authenticator app that rotates every 30 seconds or so.

Requiring that additional factor adds just a few seconds of inconvenience but prevents a leaked password

from compromising your accounts.

MFA is included with most applications and services now. If it is not already turned on, turn it on. We do

not consider it an optional feature. You and every one of your employees needs it.

Implement and test your Business Continuity Plan

Do you have backups? Have you tested your backups? Are they separate from your primary

environment? If your server closet had a flood or fire, how long would it take you to get back up and

running? What if your entire server was encrypted? What if all of your devices were encrypted?

If you’ve never thought of these questions before, you probably don’t have a business continuity plan.

Business continuity is all about continuing to operate your business in the event of X. A good business

continuity plan will cover things from fire, flood, ransomware or other cybersecurity attacks, human error,

or everyone is required to work from home because of a global pandemic.

Your business continuity plan should identify the most critical aspects of your business and include a

plan of how to get them up and running again, or even make sure they never stop. If you’re furiously

searching for a business continuity template right now, you’ll see two acronyms: RTO (Recovery Time

Objective) and RPO (Recovery Point Objective). RTO is “how long until I’m up and running again,” and

RPO is “how much data can I afford to lose.”

A good business continuity plan will cover the following areas:

- Servers

o How frequently are they backed up? (RPO)

o Do you also have failover servers? (RTO)

- Line of Business Applications

o Are they hosted in-house? Are they hosted by a vendor? Can they be used remotely?

How often is this data backed up?

- Office Network/Internet

o Do you have a failover internet line? Do you have a spare or redundant switch/firewall?

- Workstations

o If user computers needed to be wiped & reinstalled, would they still have their data? E.g.,

are they saving to server/cloud?

o Do you have spare workstations & laptops so a user can keep working while one is

repaired?

- Cloud Services

o If you’re hosting data with third parties, are they backing up your data, or are you

responsible for backups? (Hint: two of the largest cloud providers do not back up your

data)

- People / Office

o If people can’t go to the office, can they still work? How? Is it secure?

Cyber Defense eMagazineOctober 2021 Edition 77

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Provide Cybersecurity Training for your staff

Your employees are the single largest threat surface for your company. An email mailbox can get all the

malware and bad links in the world, but nothing actually happens until a person clicks on the link.

Computers require a person to bypass warning prompts. Computers don’t initiate fraudulent wire

transfers on their own. Your technology doesn’t leak information over the phone. Laptops don’t lose

themselves. Your computer won’t call the fake IT support number in the popup and give away credit card

information. All of those acts are done by poorly trained and educated staff.

As the business owner, it is up to you to ensure that you can trust your staff to handle your business’

information as well as information about your customers safely and securely. Cybersecurity training

should be part of the employee onboarding process, as well as something that is reviewed at

least annually to ensure that users are being kept up to date on current trends.

Ask for help

When was the last time you performed even a basic cybersecurity audit? Who handles your company’s

IT? Is it an add-on to someone else’s duties? A lot of times in the SMB space, there’s a technically inclined

person that can make things work. However, there’s a huge difference between making things work and

setting yourself up for success.

We recommend to business owners that they meet with their IT team on a quarterly basis to make sure

that the company’s future goals align with the company’s technology capabilities. Your IT team should

be able to assist with compliance, security, business continuity, and even workflow improvements. IT is

often considered a cost purely when it truly is an investment that can enable your business to succeed.

About the Author

Mike Mosher is the Director of Technology for Cinch I.T. He joined

Cinch I.T., Inc. in 2015 to expand the technology roadmap for Cinch

I.T.’s fastest-growing franchise. He started his career as a senior

technician for a New England-based MSP and worked his way to

Cyber-security Specialist and eventually the Chief Operation Officer.

Mosher then went on to start his own MSP that was acquired in

2016. Mike has extensive expertise in managed services, business

operations, and innovation.

Mike can be reached online at mmosher@cinchit.com and at our company website https://cinchit.com/.

Cyber Defense eMagazineOctober 2021 Edition 78

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Get Ahead of the Game: Packet Capture and Digital

Forensic Evidence Collection

By Mark Bowling, Vice President of Security Response Services, ExtraHop

Investigations driven by digital evidence collection and analysis have risen to the forefront as crucial

components of the corporate security strategy as organizations navigate the altered landscape of a postcompromise

world. Attacks evolve daily, and the number of advanced threats security teams are forced

to confront continues to rise. Recently, IBM reported that over 25,000 data records are stolen in the

average data breach, costing the targeted company as much as $8.64M per incident in the US. The new

realities of cloud and hybrid security show the value of always-on incident response compared to IR

focused only on specific security events.

For attacks like SUNBURST, which evaded traditional detection methods, continuous PCAP enables

digital analysts and investigators to go back in time and inspect packets for proper forensic analysis.

Line-rate decryption and analysis via cloud-hosted machine learning ensure that analysts have an

accurate understanding of what is happening, or more importantly, what did happen in their AWS, GCP,

and Azure environments.

Packet capture plays a vital role in forensic analysis, digital investigation, incident response, and threat

hunting, but it hasn't always translated easily to security use cases in cloud environments. Historically,

collecting and analyzing packets in cloud environments was a complex, time-consuming, manual process

that often involved multiple tools.

Cyber Defense eMagazineOctober 2021 Edition 79

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


To avoid those issues, cloud-focused security teams often rely on logs. However, it's impossible to log

everything in cloud environments, limiting the amount of information incident responders and threat

hunters can use to conduct deeper investigations. Limited information leads to limited insights and less

context. Organizations must collect forensic evidence, preserve the evidence, share information across

teams to establish the root cause, and pull together an actionable plan to contain and eradicate the risk

or exploit from the organization’s digital environment, including cloud hosted assets.

Collect Forensic Evidence

Incident responders, forensic analysts, and investigators working in cloud environments often find

themselves in a challenging position. Most organizations’ security systems only offer an after-the-fact

snapshot of a network intrusion with no context of the breach. The snapshot provides very limited insight

and makes it extremely difficult to analyze the intrusion event accurately and comprehensively. Teams

need richer forensic evidence and technical detail than what is available in logs and data from agents

and firewalls, but those response teams rarely have access to full network packet collection.

The ability to look back retroactively to assess the entire “blast radius” for critical CVEs, exploits, rootkits,

and zero-day attacks is priceless. Collecting and reviewing the comprehensive information about the

threat can highlight potentially vulnerable devices on the network leading both to expeditious remediation

and mitigations of current risk, and a more comprehensive security strategy in the future.

Complete visibility into captured live network traffic allows for analysis before, during, and after intrusion.

For future breaches, packet capture and forensics give SecOps teams the ability to reduce the time

establishing the root cause, the cost of downtime on a system, and the overall impact of the breach.

Collaborate across teams to establish root cause

Remote work has made systems more vulnerable to breaches and communication between team

members more difficult. HP Inc.’s Wolf Security Blurred Lines & Blindspots report found that hackers are

increasingly targeting home workers resulting in a 238 percent increase in global cyberattack volume

during the pandemic. There’s also a growing number of devices on the network and more business being

conducted online, causing a rapid increase in network traffic and providing a larger attack surface for

threat actors.

When forensic analysts and incident responders are able to view metrics and packets from a single

management interface with remote accessibility, the speed to a detection, and then resolution, is

expedited. There’s great value in always-on incident response rather than IR that is focused only on

retrospective investigation of specific security events.

Blocking and containment alone are no longer enough to keep up with the advanced threats that typically

land within an organization and pivot to their higher value targets. There’s a great need for deep

Cyber Defense eMagazineOctober 2021 Edition 80

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


investigations and the ability to track lateral movement to fully understand the root cause of the

compromise.

Pull together an actionable plan

It was impossible to predict the pandemic and the need for a nearly overnight shift to remote work. But

an evolving workplace and corporate structure makes it an imperative to plan for the future of hybrid

work. Organizations must implement a full spectrum response to protect against advanced threats,

including hunting and investigations alongside remediation rather than relying on alert cannons to flag

one-off security incidents. With the ability to eradicate intruders before significant damage is done,

organizations are given the opportunity to collect and preserve their data and prepare for either litigation

or prosecution.

SecOps teams will always be in a highly responsive environment knowing that their data is vulnerable to

insider and persistent threats in addition to more mundane ransomware attacks.

How well organizations are prepared for security incidents will determine how fast they can respond to

intruders pivoting toward your critical assets. Common attacker’s obfuscation tactics have taught

seasoned incident responders to be suspicious of network, server, and endpoint logs when an intruder

is in the mists. Experienced and savvy responders recognize packets that can provide you with the

unalterable ground truth. IP doesn’t lie.

Conclusion

With today’s sophisticated attacks, it’s time to finally capitalize the letter R in network detection and

response (NDR). Packet capture, and forensic collection and analysis are tremendous responsive assets

to equip SecOps teams because they enable a complete look at network traffic with a great level of detail

and can be saved for further analysis to prevent future attacks. Incident response should streamline

workflow and investigative capabilities with network forensic collection and analysis to better identify

overall threat exposure and reduce mean-time-to-respond.

Cyber Defense eMagazineOctober 2021 Edition 81

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Mark Bowling is Vice President of Security Response Services at

ExtraHop. He advises our global customers on cyber security

processes, risk management, and security strategies. He helps them

with security response to complex cybersecurity incidents quickly,

thoroughly, and in compliance with regulatory frameworks including

GDPR, CCPA, NERC, SOX, PCI-DSS, ISO, SEC/FINRA, and

HIPAA. Prior to ExtraHop, Mark spent more than five years in cyber

security leadership and CISO roles in financial services, healthcare,

manufacturing, technology, distribution/logistics, and the electrical

power industry. Prior to his civilian career, Mark spent more than two

and a half decades investigating and combating cyber-criminal and

nation state attacks in leadership roles with the FBI and the

Department of Education, and protected our nation as an officer in the U.S. Navy.

Mark can be reached online @ExtraHop on Twitter and at our company website http://www.extrahop.com

Cyber Defense eMagazineOctober 2021 Edition 82

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Thousands of Fortinet VPN Account Credentials Leaked

Broad Adoption of Modern, Identity Provider-Agnostic Authentication Strategy Is the Inevitable and

Future-Proof Solution.

By Rajiv Pimplaskar, CRO, Veridium

Fortinet confirmed that malicious actors have posted SSL-VPN access information to 87,000 FortiGate

SSL-VPN devices online.

The breach is yet another stark reminder of today’s dangers with password-based systems. Enterprises

and users are starting to adopt passwordless authentication methods like ‘phone as a token’ and FIDO2

security keys for customer and Single Sign On (SSO) portals and enterprise applications. But even so,

major vulnerabilities still exist across entire categories of use cases such as 3rd party sites, contractors,

Virtual Private Networks (VPN) and Virtual Desktop Infrastructure (VDI) - all of which are particularly

vulnerable in the current Work from Home (WFH) explosion.

Companies need to adopt a more holistic modern Multi Factor Authentication (MFA) strategy that is

identity provider agnostic and can operate across all use cases to build true resiliency and ensure cyber

defense against such actors.

Cyber Defense eMagazineOctober 2021 Edition 83

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Authenticator Choice Impacts That Crucial Last Mile of User Experience

Consumers and enterprise users are increasingly asserting choice and control as they grapple with

challenging new issues around privacy, consent, and digital identity. New identity paradigms are driving

the need for more and better choice. Examples include Bring Your Own Identity (BYOI) where an end

user's username and credentials are managed by a third party, and W3C Verifiable Credentials (VCs) –

an open standard for tamper-evident digital credentials which represent information found in physical

credentials, such as a passport or license. Each further drives the need for more and better choice.

End users are also demanding that self-service management and choice of authentication methods be

available at their disposal from corporate IT. Furthermore, users strongly desire to use these preferred

authentication method across multiple use cases as they navigate across disparate systems such as

personal computers, mobile devices, corporate IT applications, and consumer applications. The

complexity of choice and resulting friction is further compounded as diverse user populations that span

internal, partner and external groups are considered. Each of these has their own entitlements and policy

driven rules.

Needed: A Modern Authentication Strategy That is Identity Provider Agnostic

Identity Providers (IdPs) are services that store and manage digital identities for enterprises and

consumers. The record growth in the proliferation of digital identities has propelled the global identity

and access management (IAM) market towards reaching $22.68 billion by 2025 with several vendors

consolidating and vying to capture the lion’s share of the customer’s wallet by bundling multiple products

from their portfolio. The widespread acceptance of Microsoft 365 has resulted in digital identities also

proliferating across Azure Active Directory (Azure AD) - Microsoft's cloud-based identity and access

management service with their own attributes and related services.

These diverging developments have forced a strategic shift in thinking within IAM groups which is away

from the historical goal of standardizing on a single IdP across the entire enterprise, to an acceptance

that there is likely to be coexistence at least for the foreseeable future amongst multiple IdPs – on prem,

hybrid and / or multi-cloud.

This has resulted in a new strategic driver to separate the authentication component from the IdP offered

services as part of developing a modern authentication strategy that simultaneously addresses multiple

stakeholders. The organization can more effectively manage the “last mile” of user experience agnostic

of the IdP’s MFA capabilities. It also levels the playing field enabling better competition between Identity

Providers IdPs and drives improved economic value for the organization.

Some Key Areas That a Modern Authentication System Must Address

User Centric Passwordless Authentication: A passwordless future is inevitable in response to the

endemic threat of credential exploits resulting in spread of data breaches and ransomware attacks.

Passwordless authentication methods improve cyber security while simultaneously reducing user friction

Cyber Defense eMagazineOctober 2021 Edition 84

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


and operating costs. FIDO2 is the set of standards and protocols developed by the FIDO Alliance and

the World Wide Web Consortium (W3C) to strengthen authentication. Passwordless authentication

options for consumers could include use of “phone as a token” where an un phishable trusted relationship

is established between the individual and their enrolled mobile phone. For private or secure

environments like contact centers where a phone may not be feasible, FIDO2 security keys could be an

efficient alternative. Users would utilize their preferred passwordless authenticator across multiple use

cases.

Ease of Administration and Resourcing: According to Cybersecurity Ventures, there will be 3.5 million

unfilled cybersecurity jobs globally by end of 2021, up from 1 million positions in 2014. A modern

authentication system needs to enable “no code and low code” practices consistent with the current trend

in software development world where policy development, administration and operation of these systems

can be conducted by citizen developers without the need of specially trained and highly paid security

operations resources. The ability to orchestrate complex user journeys with granular controls and a rulesbased

engine that can intelligently step-up authentication based on risk level is critical.

Support for Edge Cases and “Out of Band” Step-up: A key attribute for a modern authentication

system is the ability to operate without limitation across multiple use cases such as WFH, that are

commonly encountered by the user. Also, these should encompass scenarios such as lost phone, offline

access when the authenticator may not be connected to a network. Account recovery, enrollment or

reenrollment poses special challenges as there is an inherent danger of the authenticator having been

compromised. An “out of band” step-up authentication capability that is established during identity

proofing can help in these situations to restore confidence.

About the Author

A seasoned cybersecurity executive, Veridium CRO Rajiv Pimplaskar is

driving global go-to-market strategy and revenue for Veridium. Based out

of the company’s New York headquarters, Rajiv comes to Veridium from

the San Francisco based Cloudmark – a leader in Threat Intelligence

(acquired by Proofpoint). Previously, he held senior leadership roles

spanning sales, marketing, product, and corporate development at Atlantis

Computing (acquired by HiveIO) and Verizon. Rajiv is an Electrical

Engineering and Computer Science professional by trade and is

passionate about building and scaling enterprise software companies that

offer a market disruption.

First Name can be reached online at @veridiumid and at our company website

https://www.veridiumid.com/

Cyber Defense eMagazineOctober 2021 Edition 85

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Helping Ports to Elevate Their Cyber Security

By Gordon Feller

Ships carry more than 90% of all merchandise trade. As a result, maritime transport is an essential

component of the global economy. It is also increasingly vulnerable. A new report, Accelerating

Digitalization Across the Maritime Supply Chain, has been published by the World Bank and the

International Association of Ports and Harbors (IAPH). It shows that digital technology could greatly

enhance the performance and resilience of maritime supply chains. It proposes a concrete roadmap to

support the digitization of the entire maritime industry. Given the strategic role of the maritime sector, the

digital transformation envisioned in the report could bring wide-ranging economic benefits, especially for

developing countries.

Ports around the world report dramatic increases in cyber-crime, particularly since the outbreak of the

COVID-19 pandemic. Between February and May of 2020, the maritime industry overall suffered a

fourfold increase in cyber-attacks. Attacks which have been targeting OT systems at ports increased by

900 percent since 2017. The risk of a cyber-attack has become the top risk for port authorities -- and the

vast community of enterprises which work inside and around ports. That list includes the companies

which handle logistics, freight forwarding, trucking, stevedoring, customer brokering, and warehousing.

The accelerated pace of port digitization has intensified the urgency amongst executives, especially those

that want to focus on organizational cyber-resilience. Their goal is to safeguard the integrity and

availability of critical data, ensure service delivery and protect maritime infrastructure. They believe that

doing so will increase the overall cybersecurity capabilities of the global maritime supply chain.

Cyber Defense eMagazineOctober 2021 Edition 86

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


As ports have been steadily ramping up digitization, the IAPH organized a collaborative effort linking port

and cyber-security experts. IAPH launched a new initiative to help global ports gauge their readiness to

withstand cyber-security attacks. The IAPH’s staff drew on insights from cyber-security experts located

at 22 of the IAPH’s member ports, associate member cyber-security specialists, plus some contributors

from the World Bank. The Guidelines address the concrete actions (and associated resources) which

port organizations need in order to manage their cyber-security risks.

The experts called upon by IAPH collectively offered up their many decades of experience, both inside

and outside the maritime industry. A new IAPH report, “Cybersecurity Guidelines for Ports and Port

Facilities”, was developed in order to support the development of effective cyber-response plans. The

focus has been on helping ports to assess “the true financial, commercial and operational impact of a

cyberattack”.

Each chapter explores a different dimension of the “cyber conundrum”, with practical recommendations,

advice and examples. Some of the key elements include:

- cyber security is a vital issue for port communities – and it touches on trade, regulatory, geo-political

and defense.

- ‘speaking the same language’ around cyber security is vitally important.

- enabling practical steps which increase cyber-resilience is now the missing ingredient for port cybersecurity.

- the essential building blocks for a cyber-resilient port community are now readily available and

accessible.

The IAPH’s new “Cybersecurity Guidelines” were developed to support the global port and port facility

community in a manner consistent with the International Maritime Organization’s “Guidelines on Maritime

Cyber-Risk Management”. The new Guidelines are to be used by the Chief Executive Officer and C-suite

executives to recognize the importance of managing cyber-risk and to instill an understanding that it is a

responsibility that starts at the top of their organization, despite the digital divide among the ports,

worldwide.

The Guidelines are mainly focused on developing the business case by which executives can determine

“how much enough is enough?”. This opens the way to making reasonable levels of investment in cyberrisk

management. And it answers a key question: how will a cyber-event actually impact the ability of a

port (or port facility) to function -- and with what cost of disruption?

These Guidelines address the need for executives to develop effective cyber-risk management

strategies. This means sustaining a “defense-in-depth posture”. The 21st century cyber-threat landscape

is complex, and requires a deeper understanding of the impacts of cyber-attacks against integrated port

systems; building stronger organizational structures; identifying key stakeholders; creating reporting

mechanisms; facilitating data flow and network mapping; characterizing mission-critical activities; fully

analyzing critical data, systems, assets, and infrastructures.

Cyber Defense eMagazineOctober 2021 Edition 87

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


The Guidelines illustrate how executives should consider cyber-risk in the context of their own operations,

irrespective of where they might reside within the digital divide. Insights are provided for executives in

how to assess risk and vulnerabilities in their port operations. The focus is on adopting a holistic approach

that enables them to manage their cybersecurity programs. The emphasis in on implementing customized

cyber-security protection, detection, and mitigation measures. One key element of the program to reduce

cybersecurity risks is to adopt best practices for information sharing, communication and coordination.

The establishment of organizational cyber-awareness is equally important. This means addressing the

human factor as the pivotal element. General and technical training is highlighted, because of the need

to implement emergency management plans. These are vital for maritime organizations, particularly if

they want to respond quickly and effectively. The IAPH believes that the focus must be placed squarely

on improving the resiliency of ports, and of port facilities, as well as upgrading those companies which

are part of the broader port ecosystem.

Since cybersecurity represents a collective responsibility – that it is not solely limited to the IT department

– the Guidelines demonstrate how cybersecurity capability can drive cyber-resilience. It is essential that

C-suite executives take the lead in allocating resources to deal with cyber-security, actively managing

governance and building an organizational culture to support cybersecurity operations, and developing

leadership strategies for driving cyber-resilience including the creation of a port ecosystem cybersecurity

workforce.

Finally, these new Guidelines provide designated cybersecurity managers with practical assistance as

they go about their facility security assessments and implement meaningful plans.

Sidebar:

Founded in 1955, the International Association of Ports and Harbors (IAPH) is a non-profit-making global

alliance of 170 ports and 140 port-related organizations covering 90 countries. Its member ports handle

more than 60 percent of global maritime trade and around 80 percent of world container traffic. IAPH has

consultative NGO status with several United Nations agencies. In 2018, IAPH established the World

Ports Sustainability Program (WPSP). WPSP covers five main areas of collaboration: energy transition,

resilient infrastructure, safety and security, community outreach and governance.

Cyber Defense eMagazineOctober 2021 Edition 88

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


About the Author

Working at the intersection of government and private

investment for more than four decades, Gordon Feller has

helped accelerate the emergence of smarter cybertechnologies.

Since arriving in Silicon Valley in 1983, From

inside the executive suite he’s developed ambitious projects

aimed at solving complex problems. Current and past clients

include World Bank, EY, World Economic Forum, Ford Motor

Company, Stanford University, IBM, The Financial Times,

Apple, International Telecommunications Union, International

Standards Organization, Chevron, Bechtel, Lockheed, The Rockefeller Foundation, Ford Foundation,

United Nations, national governments (Germany, Canada, US), Reuters, and many others. From 2010

to 2017, he served as Director of Urban Innovation at Cisco Systems HQ. He founded Meeting of the

Minds in the 1990s to harness the power of a global leadership network building innovation-powered

futures. Gordon was appointed by the Obama/Biden White House to serve on the US Federal Comm.

established by the US Congress to accelerate tech breakthroughs. Gordon served as a Global Fellow

at the Smithsonian Institution in Washington, D.C. He sits on numerous corporate and non-profit

boards. Gordon’s first published article appeared in a journal published by World Policy in 1979. Since

then he’s published more than 400 magazine articles for The Economist, The Financial Times,

ThomsonReuters, IHS Markit, The Banker, Time, Fortune, and dozens more.

Gordon can be reached online at Gordon@GordonFeller.com, Twitter: @GordonFeller.

Cyber Defense eMagazineOctober 2021 Edition 89

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Your Greatest Vulnerability is Your Credentials. It’s Time

to Protect Them.

By Carolyn Crandall, Chief Security Advocate, Attivo Networks

Today’s attackers are more adept than ever at exploiting identity-based vulnerabilities. Credential-related

breaches are on the rise, and every major ransomware attack has leveraged it. Many organizations lack

the necessary credential and privilege escalation protections needed to slow them down, allowing

attackers to move laterally within the network, escalate their privileges, and increase the severity of their

attacks with little fear of detection.

Security experts have often said that “identity is the new perimeter,” emphasizing the importance of

identity-based security. Unfortunately, even organizations with identity-based security measures in place

have limited their scope to protect user identities. Identities include more than user identities, especially

in the cloud. Organizations must monitor applications, containers, serverless functions, and other asset

identities. This narrow scope commonly fails to protect credentials, privileges, and the systems that

manage them.

This limitation highlights the need for identity visibility and live attack detection controls. Exposed

credentials, misconfigurations, outdated permissions, and other vulnerabilities can lead to potentially

costly breaches. However, emerging technology like Identity Detection and Response (IDR) tools can

keep organizations informed of credential theft, misuse, and other attack paths that today’s attackers

leverage.

Cyber Defense eMagazineOctober 2021 Edition 90

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Today’s Threat Landscape

The 2021 Verizon Data Breach Investigations Report noted that 89% of compromises had some form of

credential abuse. Credential data factors into a whopping 61% of all breaches today, making credentials

among the most sought-after data types. And it isn’t hard to see why. After all, if an attacker uses valid

credentials, they can avoid setting off most in-network defenses to move throughout the network

undetected. They will often attempt to reach Active Directory to escalate their credentials even further.

Attackers that compromise AD and achieve administrator status can be very difficult to remove from

networks.

MITRE® similarly emphasizes the importance of credential discovery and protection, calling out specific

attack techniques in its most recent edition of MITRE ATT&CK®. Tactics like OS credential dumping,

unsecured credentials, forged Kerberos tickets, and stolen web session cookies are all popular with

attackers and can lead to compromised AD and a severe breach. Gartner also stresses the need for

more comprehensive identity security, estimating that “75% of security failures will result from inadequate

management of identities, access, and privileges” by 2023—up from 50% one year ago. This prediction

is not surprising, given the volume of identities in today’s network and cloud environments. The need for

visibility into privileged access and excessive access across thousands of accounts can make identity

management a challenge.

Achieving Greater Visibility Is Key

Because identity security has become a hot topic in the cybersecurity world, there is no shortage of

available solutions. Unfortunately, many of today’s most popular security tools lack the comprehensive

approach required to face down today’s threats. For example, Endpoint Detection and Response (EDR)

technology typically does not include identity security. EDR is a valuable tool, but it primarily excels at

looking for attacks on endpoints and collecting data for analysis. Likewise, Identity and Access

Management (IAM) tools can help manage privileges, but they grant static, longstanding access, creating

significant risk over time. This focus stands in contrast to IDR tools, which offer a more comprehensive

approach to identity security, covering gaps in identity visibility and attack detection.

Organizations need to see what attackers see and identify likely pathways into the network, allowing

defenders to shrink the attack surface by identifying and remediating vulnerabilities by gaining visibility

into exposed credentials and detecting misused credentials. Even valid credentials can set off alarms if

used inappropriately or in a suspicious network area. Visibility into identities with excessive access is

also critical, as these can turn an endpoint exposure into a network or cloud breach in the blink of an eye.

Because AD is a prime target, organizations also need visibility into unauthorized queries from the

endpoint. Such queries should set off immediate alarm bells within the organization, and AD exposure

management and attack detection should be high priorities. Similarly, it is essential to avoid overlooking

cloud visibility. Overlapping cloud and multi-cloud environments can create misconfigurations for

attackers to exploit. Defenders need visibility into those potential attack paths and the ability to effectively

visualize and track overprovisioning and cloud identities and entitlements over time.

Cyber Defense eMagazineOctober 2021 Edition 91

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


It may sound like a lot, and, indeed, it isn’t always easy to keep track of all identities with so many of them

in a typical network. Permission sprawl has become a major issue, but manually managing every identity

would require superhuman abilities. Organizations need visibility into outdated and orphaned credentials

or those with too many permissions. And the rise of remote work, cloud migrations, and DevOps practices

have also made it essential for organizations to limit an attacker’s ability to obtain excessive rights and

privileges. This task is too much for any individual—or even a team of individuals using traditional

methods. Stopping today’s attackers requires having modern tools that deliver continuous and scalable

monitoring for these exposures and signs of suspicious activity. Live attack detection is also a must have

for derailing attacks on domain controllers that could lead to “game over” situations for defenders.

Shrink the Attack Surface with Identity Security and Network Visibility

Attackers are increasingly targeting exposed credentials and using them to move laterally within victim

networks. Therefore, defenders need visibility into not just those exposed credentials but the potential

attack paths that intruders might take within the network. Visibility into cloud and network permissions

over time is also critical, and limited permissions and effective permissions management can make it

harder for attackers to misuse even valid credentials.

With a complete view of identity risks and exposures, defenders can remediate potential vulnerabilities,

including stored credentials, AD misconfigurations, overly permissive entitlements, and more. And with

attackers increasingly willing to move laterally within networks in search of the most valuable targets,

defenders must be able to identify and remediate vulnerabilities and detect attacks in progress in realtime.

The attack landscape is constantly changing, and defenders need every tool in their arsenal to stay

one step ahead of their adversaries.

About the Author

Carolyn Crandall is the Chief Security Advocate at Attivo Networks, the

leader in preventing identity privilege escalation and detecting lateral

movement attacks. She has worked in high-tech for over 30 years and

has been recognized as a top 100 women in cybersecurity, a guest on

Fox News, and profiled in the Mercury News. She is an active speaker

on security innovation at CISO forums, industry events, and technology

education webinars. Carolyn contributes regularly to Dark Reading and

SC Magazine, and co-authored the book Deception-Based Threat

Detection: Shifting Power to the Defenders.

Carolyn can be reached online at carolyn@attivonetworks.com and at our company website

http://www.attivonetworks.com

Cyber Defense eMagazineOctober 2021 Edition 92

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Thwarting Today’s Phishing Attacks

By Eyal Benishti, CEO and Founder, IRONSCALES

In late July, Microsoft warned against a new phishing campaign that uses legitimate-looking original

sender email addresses. This sophisticated attack lures potential victims by spoofing display sender

addresses containing the target’s usernames and domains, and display names that look real. They even

include real links to make the email appear legitimate. However, it only takes one click on the wrong link

to fall victim.

This latest large-scale phishing attack showcases the increased sophistication cyber criminals are taking

to steal information. Unfortunately, human error makes it even easier for cybercriminals to carry out these

attacks, with some studies attributing up to 85% of cyberattacks to human error, often non-IT employees

who unintentionally expose their respective companies. These types of attacks were the number one

type of cyberattack in 2020.

Cyber Defense eMagazineOctober 2021 Edition 93

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


A New Most Wanted List

The FBI saw cyberattack complaints rise nearly 20% between 2019 and 2020, while the collective cost

of ransomware attacks reported to the bureau rose more than 200% in 2020 to roughly $29.1 million. The

average cost of a data breach soared to $21,659 per incident during the pandemic (with five percent of

successful attacks cost businesses $1 million or more).

Companies relying heavily on integrated security features also fall victim to these attacks. Around 25%

of phishing attacks get past existing defenses. The best line of defense is to stay informed on the latest

threat trends and using an email solution that specifically targets phishing attacks.

Push Cybersecurity Smarts

Companies can take certain steps to help mitigate the chances of falling victim to cyberattacks. Here are

some things to consider:

• Security solution: Consider working directly with a specialized email security vendor to mitigate

your risks and keep your employees educated. Many next generation security solutions use

machine learning and artificial intelligence to stop even the most sophisticated phishing attempts.

• Training: Conduct regular training to educate employees to recognize and handle suspicious

emails. Work with your IT solutions vendor on a regular training program that addresses

constantly evolving phishing techniques.

• MFA: Multi-Factor Identification is one of the most cost-effective ways for companies to reduce

unauthorized access. MFA adds an extra step when logging into your email, asking you to confirm

your identity by entering a code sent to your cell or via an app. This is standard practice, and most

security experts consider this “table stakes” in the fight against cyber criminals. Double-check to

make sure you have MFA in place in order to make it more difficult for hackers to access your

information.

• User access: Not everyone in your organization needs access to all your information, files and

apps. Only give access to those who need it. This way you minimize the potential loss if an

employee’s cloud account is compromised.

• Off-boarding: Create a comprehensive off-boarding process to ensure the credentials of former

employees are no longer active. The fewer active accounts, the fewer access points for

cyberattacks.

Cyber Defense eMagazineOctober 2021 Edition 94

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Security is Everyone’s Job

Employees must play their role in their companies’ security efforts. There are tried-and-true steps they

can take to help avoid falling victim to the latest phishing scams. Here are a few:

• Do not open any links or attachments that you receive in emails from unknown sources.

• If a colleague sent you a link or shared a file with you that you believe is suspicious, confirm with

them by phone or in-person that they really are the sender.

• Hover on the links with your mouse cursor to see the address it links to. If the link doesn’t look

familiar, report the email to your IT team.

• Hover your mouse over the email sender’s name. If the address displayed does not match the

real email address of the sender report the email to your security team.

Cybersecurity is a complex issue. Taking proactive measures to protect against phishing attacks enables

you to safely embrace today’s (and tomorrow’s) computing environment.

About the Author

Eyal Benishti is the founder and CEO of IRONSCALES. Prior

to launching the company, he served as a member of the

Israeli Defense Forces’ elite Intelligence Technology unit.

IRONSCALES offers security professionals an AI-driven,

self-learning email security platform that provides a

comprehensive solution to proactively fight phishing attacks.

Using the world’s most decentralized threat protection

network, the IRONSCALES platform accelerates the

prevention, detection, and remediation of phishing attacks already inside your email with threat removal

times in seconds. The company give organizations of all sizes complete anti-phishing protection against

any type of phishing attack. For more information visit the IRONSCALES website and visit the LinkedIn

page.

Cyber Defense eMagazineOctober 2021 Edition 95

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Misconfigurations Are the Biggest Threat to Cloud

Security, Period.

By eSentire

There is no doubt that cloud adoption is accelerating at an exponential rate. Whether it’s for business

collaboration or to store critical data assets, organizations are increasingly relying on the cloud–– in fact,

recent reports have found that 62% of organizations utilize at least two cloud platforms.

As a result of this acceleration, we have also seen a multitude of data breaches occurring due to

misconfigurations in the cloud, which occur because of improper settings being used when architecting

and deploying services within the cloud platform. This leads to an expanded attack surface for

cybercriminals to access any data stored within the cloud environment and increases the risk of a cyber

attack.

In fact, a survey conducted by Fugue also found that 73% of the organizations reported having 10+

incidents per day due to misconfigurations, 36% reported having 100+ incidents per day, and 10%

suffered from 500+ incidents per day.

Unfortunately, misconfigurations are no small threat–many of the biggest data breaches associated with

cloud-based infrastructure have boiled down to some sort of a misconfiguration. For example, the 2019

Cyber Defense eMagazineOctober 2021 Edition 96

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


CapitalOne data breach occurred as a result of a misconfigured Web Application Firewall (WAF) that’s

part of Amazon Web Services (AWS), which compromised the records of 100M+ customers.

It’s no surprise that this has led the National Security Agency (NSA) to further declare that

misconfigurations are easily the biggest (and most prevalent) cloud vulnerability that organizations are

currently facing.

So, why do these misconfigurations happen in the first place? Ultimately, there are three primary drivers:

• Lack of experience: Unlike on-prem environments, cloud services are notoriously easy to deploy

and set up by internal teams. So, if your organization has an inexperienced employee who doesn’t

know much about proper cloud configuration, they are likely to miss key elements that must be

enabled to maintain security.

• Strained resources: Depending on the use of the cloud platform, many configurations are reliant

on simple checkboxes that can easily be overlooked by overworked employees who wear multiple

hats. Missed critical details such as this, can lead to unintentionally exposing sensitive data to the

public.

• Inadequate cloud migration strategy: Often, organizations still rooted in on-prem environments

don’t have the in-house resources with the cloud-specific experience necessary to properly rearchitect

their environment as part of the cloud migration strategy. This means that many

organizations simply “lift and shift” any data or services on-prem without considering how to redeploy

them in the cloud.

Simplifying Cloud Security with Cloud Security Posture Management (CSPM)

To reduce the risk associated with misconfigurations, organizations need to combine preventative

measures with ongoing threat monitoring. This means leveraging a cloud security provider that can

support multi-cloud environments with cloud security posture management.

Cloud security posture management is integral in eliminating cloud misconfigurations since it actively

monitors the cloud infrastructure and assesses the configurations in real-time against best practice

frameworks such as the CIS benchmarks.

Of course, each cloud provider has their own CIS benchmark, which is a list of policies and protocols that

dictate how assets and services should be configured in the cloud. It should be noted that there may be

business reasons to deviate from specific line items on the CIS benchmark. Therefore, a strong cloud

security posture management solution will accomplish two things:

• Report any deviation from ‘good’ and notify you when your cloud resources are online and offline,

since it’s a critical signal of malicious activity.

• Assess your cloud infrastructure against the configuration requirements of certain regulatory

frameworks, such as PCI or HIPAA, to ensure that your cloud assets are configured to maintain

regulatory compliance.

If you’re currently in the process of assessing various multi-cloud security providers, ask yourself:

Cyber Defense eMagazineOctober 2021 Edition 97

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


1. How is the security provider detecting misconfigurations within your cloud infrastructure?

Many security providers analyze logs ingested from cloud infrastructure providers, in order to

identify misconfigurations. Depending on how often logs are being ingested, this could introduce

a delay in identifying critical misconfigurations and therefore increase potential exposure time. On

the other hand, if their tool connects directly into your cloud infrastructure and makes API calls to

identify cloud resources, the detections can happen in real-time.

2. Does the security provider have a strong breadth of detection capabilities?

As we know, cloud providers are enhancing and expanding available services every day. Ensure

that your security provider is committed to authoring new detections to keep pace with your

expanding cloud footprint.

3. Can the security provider automatically remediate critical misconfigurations?

Another limitation of using log monitoring is that logs don’t provide any response capabilities. So,

relying on a provider that can monitor additional signal sources such as endpoints allows their

security operations analysts to automatically remediate found misconfigurations.

At the end of the day, every organization will move to a cloud platform, even if it’s in a hybrid environment.

As this migration occurs, the onus of protecting the data and assets will rest with each business leader.

It’s safe to say that it’s far more cost-effective to invest in a cloud security solution that strengthens your

overall security posture and decreases cyber risk than to suffer the consequences of a crippling cyber

attack, especially one that could have been prevented.

To learn more about how eSentire can protect your multi-cloud environment with Cloud Security Posture

Management and 24/7 Threat Detection and Investigation, connect with a security specialist today.

Cyber Defense eMagazineOctober 2021 Edition 98

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


About eSentire

eSentire Inc., is the Authority in Managed Detection

and Response, protecting the critical data and

applications of 1000+ organizations in 70+ countries

from known and unknown cyber threats. Founded in

2001, the company’s mission is to hunt, investigate

and stop cyber threats before they become business disrupting events. Combining cutting-edge machine

learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire

mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises

are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber

Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat

Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident

Response services.

For more information, visit www.esentire.com and follow @eSentire.

Cyber Defense eMagazineOctober 2021 Edition 99

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Identity Governance Is Everyone’s Responsibility

By Theis Nilsson, vice president of customer success and innovation, Omada

It’s common for organizations to think of identity governance and access (IGA) as something the

security team does. After all, identity governance is about keeping the organization’s network and assets secure; it

guards the access to those assets and notes when and why they are accessed. But there are more stakeholders

involved in IGA than the security team. Business and IT teams need to keep it top of mind, too, for several reasons

– rather than passing the buck to the CISO.

Making your cloud migration safe

Though cloud adoption had already been growing rapidly, it’s now at a record high due to the massive shift to

remote work that the COVID-19 lockdowns brought about. In fact, Gartner forecasts that worldwide end-user

spending on public cloud services will grow 23% by 2022 for a total of $332.3 billion.

When it comes to cloud services, identity governance and access management is an essential consideration – or

at least, it should be. For instance, typically when you move to the cloud, you must stick with a certain level

of standardised request and approval processes to give your organization’s users the right access for the right

reasons. And this can be a complex process – which is where the right IGA solution with the right level of

adaptability can help by making this process far less cumbersome on the end-user side.

Simplifying and automating this and other processes is a huge value proposition for anyone working in a

department and needing to bring on new employees or give existing employees a different or new type of access.

Cyber Defense eMagazineOctober 2021 Edition 100

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Complying with regulations

Security and compliance are almost considered one and the same because they are supposed to co-occur, but that

isn’t automatically the case. They do, in fact, typically go hand in hand, but the relationship is a bit more nuanced

than that. Essentially, cybersecurity is the practice of implementing effective means and controls to protect your

assets, while compliance is the application of that practice to meet your own – or those of the third parties you work

with – regulatory or contractual requirements.

GDPR serves as a prime example. GDPR is the EU’s way of protecting the processing of personal data. To meet

GDPR requirements is a matter of regulatory compliance; to prove compliance with GDPR, a company needs to be

able to show they have the practices in place to ensure and demonstrate that they are capable

of protecting personal data. Identity governance is a cornerstone of compliance and an efficient tool for

achieving it with the data security and access management aspects of regulations such as GDPR.

An important prerequisite to reducing risk to your everyday business is implementing processes for

controlling, managing and auditing access to data. If you consider how many different divisions within any given

organization are likely collecting or using, for example, customer data that is subject to regulations such as GDPR,

the more it becomes clear that this isn’t just something the security function needs to be thinking about. You cannot

control what you cannot see; effective governance and compliance management requires a full overview of all

identity-related activities as well as effective audit processes to trail and log what happened when and why.

Efficiency and risk

As the amount of data stored and shared increases, balancing efficiency and risk is incredibly important for most

organizations. To enable collaboration, sharing information is a necessity, and users must

have purposeful access. As organizations continue their digital transformation journey, many realize that their

existing IGA solution no longer fulfils all new requirements. A modern identity governance solution offers identity

lifecycle management, automatic provisioning, seamless workflows and optimized helpdesk capacity.

Many organizations are facing two significant challenges: the shift to cloud applications and an increased pressure

from the business to onboard new business applications. There is almost always the question of how to maintain

control, manage risk and ensure compliance without restraining overall efficiency.

The key to efficiency is automation. A modern IGA solution provides automated identity governance best practice

processes out-of-the-box. Each process and workflow – as well as governing policies – can be easily configured to

meet specific business needs without the need for code development.

An identity governance solution helps address risk and compliance and keeps efficiency front and centre – which,

for busy IT departments, is crucial. Some of today’s IGA solutions offer the capability to provide zero-touch access

provisioning without compromising organizational risk and security.

Take a closer look at IGA

Identity governance has become increasingly important as more organizations have migrated to the cloud and cloud

applications. It’s understandable that identity and security get lumped together, but IGA is too important to simply

write off as only the CISO’s responsibility. However, it needs to work efficiently so that employees can perform their

work productively. And it needs to ensure compliance, so organizations don’t need to worry about fines. A modern

Cyber Defense eMagazineOctober 2021 Edition 101

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


IGA solution can meet today’s needs for both efficiency and compliance while savings money, as well. To reduce

risk, reconsider your identity governance and management process to see if it needs an upgrade.

About the Author

Theis Nilsson has held different consultancy and management

roles within Omada for about 15 years. He began his career in

research and development in the area of network

management security and holds a master’s degree in computer

science from the Danish Technical University. He has been

working with organizational development and information

technology for more than three decades. His work with

organizations includes a combination of consulting and

advisory roles, where process improvement, benefits realization

and organizational restructuring has played a key role.

Theis Nilsson can be reached online via social media or the Omada website https://omadaidentity.com

Cyber Defense eMagazineOctober 2021 Edition 102

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 103

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 104

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 105

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 106

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 107

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 108

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 109

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 110

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 111

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


CyberDefense.TV now has 200 hotseat interviews and growing…

Market leaders, innovators, CEO hot seat interviews and much more.

A division of Cyber Defense Media Group and sister to Cyber Defense Magazine.

Cyber Defense eMagazineOctober 2021 Edition 112

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Free Monthly Cyber Defense eMagazine Via Email

Enjoy our monthly electronic editions of our Magazines for FREE.

This magazine is by and for ethical information security professionals with a twist on innovative consumer

products and privacy issues on top of best practices for IT security and Regulatory Compliance. Our

mission is to share cutting edge knowledge, real world stories and independent lab reviews on the best

ideas, products and services in the information technology industry. Our monthly Cyber Defense e-

Magazines will also keep you up to speed on what’s happening in the cyber-crime and cyber warfare

arena plus we’ll inform you as next generation and innovative technology vendors have news worthy of

sharing with you – so enjoy. You get all of this for FREE, always, for our electronic editions. Click here

to sign up today and within moments, you’ll receive your first email from us with an archive of our

newsletters along with this month’s newsletter.

By signing up, you’ll always be in the loop with CDM.

Copyright (C) 2021, Cyber Defense Magazine, a division of CYBER DEFENSE MEDIA GROUP (STEVEN G. SAMUELS LLC. d/b/a)

1717 Pennsylvania Avenue NW, Suite 1025, Washington, D.C. 20006, Toll Free (USA): 1-833-844-9468 d/b/a

CyberDefenseAwards.com, CyberDefenseMagazine.com, CyberDefenseNewswire.com, CyberDefenseProfessionals.com,

CyberDefenseRadio.com, CyberSecurityMagazine, CyberDefenseVentures and CyberDefenseTV.com, is a Limited Liability

Corporation (LLC) originally incorporated in the United States of America. Our Tax ID (EIN) is: 45-4188465, Cyber Defense

Magazine® is a registered trademark of Cyber Defense Media Group. EIN: 454-18-8465, DUNS# 078358935. All rights

reserved worldwide. marketing@cyberdefensemagazine.com

All rights reserved worldwide. Copyright © 2021, Cyber Defense Magazine. All rights reserved. No part of this newsletter

may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or

by any information storage retrieval system without the written permission of the publisher except in the case of brief

quotations embodied in critical articles and reviews. Because of the dynamic nature of the Internet, any Web addresses or

links contained in this newsletter may have changed since publication and may no longer be valid. The views expressed in

this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby

disclaims any responsibility for them. Send us great content and we’ll post it in the magazine for free, subject to editorial

approval and layout. Email us at marketing@cyberdefensemagazine.com

Cyber Defense Magazine

1717 Pennsylvania Avenue NW, Suite 1025

Washington, D.C. 20006

EIN: 454-18-8465, DUNS# 078358935.

All rights reserved worldwide.

marketing@cyberdefensemagazine.com

www.cyberdefensemagazine.com

Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 10/01/2021

Cyber Defense eMagazineOctober 2021 Edition 113

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Books by our Publisher: https://www.amazon.com/Cryptoconomy-Bitcoins-Blockchains-Bad-Guys-ebook/dp/B07KPNS9NH

(with others coming soon...)

9+ Years in The Making…

Thank You to our Loyal Subscribers!

We've Completely Rebuilt CyberDefenseMagazine.com - Please Let Us Know What You

Think. It's mobile and tablet friendly and superfast. We hope you like it. In addition,

we're past the five nines of 7x24x365 uptime as we continue to scale with improved Web

App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More

Secure DNS and CyberDefenseMagazine.com up and running as an array of live mirror

sites and our new B2C consumer magazine CyberSecurityMagazine.com. Millions of

monthly readers and new platforms coming…starting with

https://www.cyberdefenseprofessionals.com this month…

Cyber Defense eMagazineOctober 2021 Edition 114

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 115

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.


Cyber Defense eMagazineOctober 2021 Edition 116

Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!