Cyber Defense eMagazine February Edition for 2023

More documents

Recommendations

Info

To exacerbate the exposed, vulnerable, and easily manipulated DNS of organisations, Cloud Computing, DNS, and Content Delivery Network (CDN) outsourcing, became the new norm. This conveniently was often seen (incorrectly) as passing the challenge onto various outsourced providers. One can outsource pretty much everything these days. That is, everything apart from responsibility and especially Fiduciary responsibility. CDN providers like Akamai, Cloudflare, Fastly, and others exponentially grew. It was deemed a double whammy to reduce both CAPEX to become OPEX budgets and reduce the perceived Internet Assets’ distribution responsibility and security. The ownership of hundreds of servers, along with their costs, premises, maintenance, and ongoing upgrading along with latency issues through the distributed CDN network. It is easy to see how this became a very attractive proposition. CDN’s provide the equivalent of DHL or a FedEx to the digital world by distributing digital packets rather than physical packets and instead of physical warehouses, CDN’s have data and server warehouses. Nonetheless, both the physical, and digital packets being sent and received require security to avoid being tampered with. Imagine if a courier sent you a shipped and tracked Rolex watch, however, was swapped out for a Timex en-route. You get the idea. DNS tampering allows data in flight to be altered on the fly. This is without the knowledge of the sender or the recipient. It can and does go much further. In November 2021, a well-known Federal Agency purportedly sent 100,000 phishing emails complete with nefarious content. In actuality, the Agency did not send the 100,000 rogue emails. The bogus emails were sent by cybercriminals who surreptitiously commandeered the Federal Agency’s DNS MX servers that were part of the Agency’s IT Infrastructure. The resulting chaos shook up many Americans. On January 26, 2022, the White House issued their paper on Zero Trust Strategy (M-22-09). One week later the European Commission issued their paper on DNS Abuse. The combined papers cited DNS over 1000 times. These papers were published within days of the Ukraine Government suffering cyberattacks. Over 70 Government Websites as well as the Ukraine Critical Infrastructure suffered cyberattacks due to being exposed and their maintained Insecure positions. My book on the Cyberwar in Ukraine, Digital Blood on Their Hands, shares how NOT SECURE Websites and INSECURE DNS positions were identified and targeted by Russian Nation State Hackers as part of the lead up to the 24 February 2022 when Russia invaded Ukraine. DNS is possibly one of the worst kept secrets in the world of technology. It goes everywhere, and by everywhere I truly mean everywhere. This article will be emailed and rely upon DNS. A website that I visit will also rely upon DNS. DNS is intrinsically linked to all Internet communications and traffic. Think of Critical Infrastructure where recent cyberattacks have occurred. These attacks exploited exposed and vulnerable positions and more often than not, these include Insecure DNS positions. Rarely understood, DNS Abuse can be the root cause of phishing campaigns. Many in security confirm that Phishing campaigns are prominent and often used as a means to cause chaos and disrupt a Network. What is desperately required is the ability to segregate symptoms from causes. The Department of Homeland Security recently stated; ‘’An attacker can alter the DNS records-including the address Mail Cyber Defense eMagazine – February 2023 Edition 108 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
Exchange (MX) and Name Service (NS) records and replace a legitimate address with their own to redirect all traffic. People naturally trust internal emails from their boss or colleagues. We rarely subscribe to the term used to call cyber criminals as “sophisticated,” however, one thing for sure is they know if they can commandeer an MX Server and take control of it, so their phishing emails now become internal emails coming from the same server and masquerading as bona fide emails, their chances of success are greatly increased as opposed to external, highly suspicious emails that can be caught by spam or virus tools. DNS plays a pivotal role in overall security. Security professionals understandably are a tad divided on the criticality of DNS due to lack of knowledge. If they have not studied, or do not fully comprehend DNS, it is often pushed back as not relevant. This is a grave error. This is more than a tremendous shame; it is a nothing short of a tragedy. Given the papers by Governments, Agencies, Emergency Directives following Federal Agency on DNS attacks, this stance is an incredibly dangerous position to adopt and maintain. The reluctance by some security professionals sadly can and does create false positives. When a company believe they are secure and receive evidence of their DNS is exposed and can be tampered with, their dismissal can overlook and ignore major exposed vulnerabilities. Such instances can lead to a ‘Doctor administering a medicinal remedy only to unknowingly administer access to the very poison killing the patient.’ A cyberattack causes chaos, disruption, damages the brand and can have a negative impact and reduction on the share price. SolarWinds shares are trading at less than $10 from a high of $24 prior to their cyberattack in 2020. It is not uncommon to witness cyber security budgets greatly increased following a cyber incident and hear that “sophisticated attackers’ had gained access. What is never said is that due to oversights, errors, sometimes even negligence, access was easily achieved into the network that caused the cyber incident. Sadly, one can never rule out internal foul play. If we consider last week’s Federal Aviation Authority (FAA) ‘outage,’ an initial statement was made that a corrupt file caused the incident. Ms. Katie Arrington, the former CISO for the Department of Defence, said in a publicly shared LinkedIn video: ‘’Anyone who thinks this was a corrupt file issue knows nothing about cyber security.’’ Katie has been very vocal on her insight and knowledge of this ‘outage.’ Our research showed that within hours following the ‘outage’ that grounded the entire United States from all flights on the 11 th of January, the Website https://notams.aim.faa.gov had replaced a critical Digital Certificate. This could of course be a coincidence. It could also be a strategic action in case the incident was more than just an outage. However, not all digital certificates were replaced. The main concern is that the FAA’s DNS was and remains suboptimal and exposed to tampering as the U.S. Government issued the 19-01 DNS Mitigation program in 2019. Due to this error, the newly issued digital certificate is not ensuring authentication, nor encryption. This oversight ensures the FAA, the FAA’s partners, and the FAA’s clients, the American public are equally as exposed to cyber incidents today as it was the day prior to the incident. An internationally recognized DNS Expert, the late Mr. Dan Kaminsky showed Microsoft DNS issues back in a secret meeting in Microsoft’s Redmond headquarters in 2008 when he, along with Dr Paul Vixie, Cyber Defense eMagazine – February 2023 Edition 109 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Time to Build an Unhackable Interne
Page 3 and 4:
Emerging API Security Trends: What
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s February 2023 Is
Page 9 and 10:
Cyber Defense eMagazine - February
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Banco Banrisul’s thirty-six domai
Page 35 and 36:
Why Cybersecurity Remains a Persist
Page 37 and 38:
Robust Cybersecurity is Essential f
Page 39 and 40:
1. Facing the Cyber Crisis No compa
Page 41 and 42:
About the Author Amitabh Sinha is t
Page 43 and 44:
1. Risk Assessment Government agenc
Page 45 and 46:
8. Incident Response Plan Preventio
Page 47 and 48:
This is what happened to Dropbox la
Page 49 and 50:
trust and growth, the board can hel
Page 51 and 52:
etween governments and operators wi
Page 53 and 54:
Accelerating Machine Learning Advan
Page 55 and 56:
Secondly, MLOps platforms record al
Page 57 and 58: Cybercriminals Are Ramping Up Their
Page 59 and 60: Organizations should follow best pr
Page 61 and 62: 7 Biggest Cyber Attacks of 2022 By
Page 63 and 64: 4. Ex-Amazon worker convicted over
Page 65 and 66: About Salt Communications Salt Comm
Page 67 and 68: saw this most recently through a ra
Page 69 and 70: CPRA/CCPA Compliance in A Cloud-Fir
Page 71 and 72: having an excessive amount of permi
Page 73 and 74: In the coming months and beyond, on
Page 75 and 76: Emerging API Security Trends: What
Page 77 and 78: malicious communication pattern thr
Page 79 and 80: Free Consumer Apps Are Not Safe for
Page 81 and 82: But simultaneously - and unlike ema
Page 83 and 84: lives and works. The topic is tough
Page 85 and 86: and tendencies. The good question h
Page 87 and 88: others or the situation among some
Page 89 and 90: eing pushed into heavy criminalitie
Page 91 and 92: preparing and analyzing such a coll
Page 93 and 94: words, behind those high-tech crimi
Page 95 and 96: always make new and new damage if t
Page 97 and 98: References: [1] Djekic, M. D., 2017
Page 99 and 100: How Government Agencies Can Leverag
Page 101 and 102: The result leads to optimal perform
Page 103 and 104: A linchpin of Biden’s cyber-defen
Page 105 and 106: An effective observability platform
Page 107: Section 3553(h) of title 44, U.S. C
Page 111 and 112: Looking Ahead to 2023: Cyber Trends
Page 113 and 114: we’re falling behind, especially
Page 115 and 116: Old vulnerabilities are not being d
Page 117 and 118: Insider Threats are a Primary Vulne
Page 119 and 120: The first step in insider threat mi
Page 121 and 122: “We’re happy to announce MIRACL
Page 123 and 124: The organisers of Europe’s most i
Page 125 and 126: usable by everyday people. I think
Page 127 and 128: Quentyn Taylor, Senior Director Pro
Page 129 and 130: SDR for Cyber Defense By Kaue Morce
Page 131 and 132: Figure 2: Cyan SDR - from Per Vices
Page 133 and 134: as it allows the SDR to capture and
Page 135 and 136: Security at the Enterprise Edge: To
Page 137 and 138: This behavior makes it essential to
Page 139 and 140: Shields Up: Organizations Need to D
Page 141 and 142: eport, domains with the terms “bi
Page 143 and 144: The Anti-Fraud Frontline Predictive
Page 145 and 146: Cloud vendors' features can be depl
Page 147 and 148: About the author Ryohei Fujimaki, F
Page 149 and 150: The resulting phishing sites mirror
Page 151 and 152: The javascript code in which the da
Page 153 and 154: The Top Secrets of CISOs By Pat McG
Page 155 and 156: About the Author Pat has more than
Page 157 and 158: The latest analysis shows that Nort
Page 159 and 160:
What Role Can AI Play in Data Objec
Page 161 and 162:
Avoiding bias Objectivity and credi
Page 163 and 164:
As more and more data moves to the
Page 165 and 166:
to know where a document or other r
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
CyberDefense.TV now has 200 hotseat
Page 181 and 182:
Books by our Publisher: https://www
Page 183 and 184:
Page 185 and 186:
show all

Cyber Defense eMagazine February Edition for 2023

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?