Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.


STRIDE


Spoofing – Falsifying identity to gain systems access


Tampering – Making unauthorized changes to data or systems


Repudiation – Forging identify of actions to data or system to deny responsibility or even blame a 3rd party


Information Disclosure – Stealing (exfiltrating) information and disclosing it to unauthorized individuals


Denial of Service – Depriving legitimate users access to data or systems


Elevation of Privilege – Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)


Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. 😉


(Source Photo: Andy Blumenthal 

Advertisements

Cybersecurity Vulnerabilities Database

Cybersecurity.jpeg

There is a very useful article in Bloomberg about how the U.S. is taking too long to publish cybersecurity vulnerabilities. 


And the longer we take to publish the vulnerabilities with the patch/fix, the more time the hackers have to exploit it!


Generally, the U.S. is lagging China in publishing the vulnerabilities by a whopping 20-days!


Additionally, China’s database has thousands of vulnerabilities identified that don’t appear in the U.S. version. 


Hence, hackers can find the vulnerabilities on the Chinese database and then have almost three weeks or more to target our unpatched systems before we can potentially catch up in not only publishing but also remediating them. 


Why the lag and disparity in reporting between their systems and ours?


China uses a “wider variety of sources and methods” for reporting, while the U.S. process focuses more on ensuring the reliability of reporting sources–hence, it’s a “trade-off between speed and accuracy.”


For reference: 


The Department of Commerce’s National Institute of Standards and Technology publishes the vulnerabilities in the National Vulnerability Database (NVD).


And the NCD is built off of a “catalog of Common Vulnerabilities and Exposures (CVEs) maintained by the nonprofit Mitre Corp.”


Unfortunately, when it comes to cybersecurity, speed is critical.


If we don’t do vastly better, we can be cyber “dead right” before we even get the information that we were vulnerable and wrong in our cyber posture to begin with.  😉


(Source Photo: Andy Blumenthal)

Never Ever More Vulnerable

Vulnerable.jpeg

So we have never been more technology advanced. And at the same time, we have never been more vulnerable


As we all know, our cybersecurity have not kept near pace with our ever growing reliance on everything technology.


There is virtually nothing we do now-a-days that does not involve networks, chips, and bits and bytes. 


Energy

Transportation

Agriculture

Banking

Commerce

Health

Defense

Manufacturing

Telecommunications


If ANYTHING serious happens to cripple our technology base, we are toast!


From a crippling cyberattack that disables or hijacks our systems, steals or locks down our data, or creates massive chaotic misinformation flow to a EMP blast that simply fries all our electronic circuitry–we are at the mercy of our technology underpinnings. 


Don’t think it cannot happen!


Whether it’s Wannacry ransonware or the Equifax breach of our privacy data or the Kaspersky Labs hidden backdoor to our top secret files or North Korea threatening to hit us with an EMP–these are just a few of the recent cyber events of 2017!


Technology is both a blessing and a curse–we have more capability, more speed, more convenience, more cost-effectiveness than ever before, but also there is greater vulnerability to complete and utter death and destruction!


This is not just a risk that life could become more difficult or inconvenient–it is literally an existential threat, but who wants to think of it that way?


People, property, and our very society is at risk when our cybersecurity is not what it must be.


It’s a race of defensive against offensive capability. 


And we can’t just play defense, we had better actually win at this! 😉


(Source Photo: Andy Blumenthal)

At The Doorstep…WMD

Chem Attack.jpeg

With a new threat again of a chemical weapons attack in Syria…


The U.S. is sending clear warnings to the Assad regime–Don’t do it!


Generally, the threat of using weapons of mass destruction–chemical, biological, radiological, and nuclear–have become all too blase!


Syria uses chemical weapons on its own people. 


– Iraq used chemical weapons on Iran and the Kurds


– Terrorists used chemical weapons in Japan and have threatened similar in UK


– Russia threatens use of nukes over Crimea or in a conflict with NATO.


North Korea threatens preemptive nuclear strike on the U.S. 


Iran has threatened attacks on Israel over nukes.


– Biological weapons such as Anthrax have been used against the U.S. and bioterror has been threatened in India


This list is far from comprehensive–and how very commonplace this is becoming is exactly the problem!


It is one thing (already scary bad) to have weapons that can do the unthinkable, and it is quite another to actually use or threaten to use them in such blase fashion like taking out the garbage or something!


If we don’t ensure that cooler and more stable heads prevail at the notorious red buttons around the world, then the risk of someone eventually doing something very stupid and dangerous to millions–or even billions–of lives is no longer just in the realm of science fiction anymore, but becomes so very ominous and real a disastrous possibility. 😉


(Source Photo: Andy Blumenthal)

Drumbeats Of War

War.JPEG

My bet is that we are looking at a semi-major international confrontation over the next few years. 


The bend over backwards for our enemies is over. 


Terrible and unenforceable deals are shameful history.


Cyberattacks and hacking will not be treated as the cost of doing business in the 21st century. 


Buzzing of our ships and planes won’t be tolerated anymore.


Letting other nations take what they want in Georgia, Crimea, Syria, and the South China Sea is finished. 


Watching helplessly the nuclear proliferation and buildup of the means to deliver weapons of mass destruction by Iran and North Korea won’t go unanswered.


Radical Islamic terrorism is not a dirty word anymore and we will bring the fight to the enemy in a bigger and more serious way. 


Our defense and that of our allies won’t be treated lightly and we will not retreat in the face of evil. 


No one wants war, everyone wants peace, but unless we stop the aggression against us once and for all, the drumbeats of war will only get louder and more ominous. 


Set the boundaries and enforce them before the all the red lines are crossed and a real and highly dangerous confrontation becomes inevitable. 


Peace through strength is far preferable than war because of disengagement, weakness, and leadership from behind. 


(Source Photo: Andy Blumenthal)

Our Assets Are Compromised

Compromise.jpeg

So in the games that nations play, spy games is #1 on the hit parade.


Of course, it’s about using information to get a strategic advantage. 


It runs the gamut from pure espionage in terms of stealing state secrets and intellectual property to conducting stealthy subversive acts to undermine enemies and competitors. 


Whatever spies do, it’s all about compromising assets…whether they be human, information, or critical infrastructure. 


From turning patriots into traitors, words into info warfare, or critical infrastructure in trojan horses ready to im/explode…whatever leads to getting the upper-hand or advantage. 


What one nation comes to rely on for their sustainment and survival is instead exploited and turned against them like a trojan horse or modern-day malware.


And with people, using money, sex, ideology, compromising material (Kompromat), or threats against loved ones–it’s simply about appealing to either opportunism or extortion. 


So truly defense means protecting not only what before one’s eyes, but also what in the rear and at the flanks. 


When the over 21 million personnel records and background investigations where stolen from OPM on virtually all federal employees (civilian, military, and intelligence personnel) a door was left open and the demon is still hiding and waiting to cross the threshold, infiltrate, exfiltrate, and compromise. 


As an society that meaningfully values an open and transparent democracy, we can perhaps too easily become lured or lax to common sense safeguards and vigilance, but that does not excuse negligence, incompetence or stupidity.


Rich people and countries around the world can unknowingly falter by becoming overly comfortable and full of themselves…to the point where many don’t fully care about their jobs or their country, as they sit in their mansions, designer clothes, and with busting bellies.


From the need to vastly improve our competencies in cyberwarfare to defending ourselves from a tidel wave of global terrorism to upgrading the U.S. nuclear triad against resurgent superpowers and dangerous rogue dictators, we have let our guard down to compromise. 


Is expelling 35 Russian diplomats an effective strategy against their technical attempts to subvert our free and democratic elections or does it just underscore how vulnerable we continue to be?


When as a country and with our leadership, we decide to get serious rather than stay scared and war weary then we will not only stand firm again, but fight against weakness and compromise of ourselves. 😉


(Source Photo: Rebecca Blumenthal)

Just Cut It Out

cut-it-out

What a way to handle global leadership…all you have to say is,  just “Cut it out!” and your job is done. 


– Cyber attacking the U.S. democratic election, invasion of Crimea, and encroaching on NATO with nuclear capable missiles…just cut it out! 


– Vast destruction of Aleppo including hospitals, schools, and markets, killings, refugees, and humanitarian crisis, and the dangerous use of chemical weapons on civilians…just cut it out!


– China stealing our drone and militarizing the South China Sea…just cut it out!


– North Korea testing advanced nukes and ballistic missiles capable of reaching Europe and America and threatening to use them…just cut it out!


– Iran taking our sailors captive, humiliating them, buzzing our warships, and violating the nuclear arms deal…just cut it out!


– Abandoning our friends and allies and befriending our enemies sworn to kill us and not even being able to say the words, “Radical Islamist”…just cut it out!


– Spiraling divisiveness, rioting in our inner cities, and cycles of racial and police violence…just cut it out!


– An unsustainable Obamacare with double digit rising rates and decreasing insurance choices (many localities with only 1)…just cut it out!


– Doubling of the U.S. national debt by another $10 trillion and enacting regulations that are strangling business…just cut it out!


– Endless ISIS and other terrorist attacks (yesterday on Berlin, Zurich, Turkey and more) and calls it “workplace violence” or a traffic accident…just cut it out!


Anyone who says that now “We’re feeling what not having hope feels like,” truly must be referring to where we come from and not where we are going.


(Source Photo: Andy Blumenthal)