From Malware To Malevolent People

So in virus protection on the computer, there are 2 common ways antivirus software works:

1) Signature Detection – There are known patterns of viruses and the antivirus software looks for a match against one of these. 

2) Behavior Detection – There are known patterns of normal behavior on the computer, and the antivirus software looks for deviations from this. 

Each has certain weaknesses:

– With signature detection, if there is a zero-day exploit (i.e. a virus that is new and therefore which has no known signature) then it will not be caught by a blacklist of known viruses.

– While with behavior detection, some viruses that are designed to look like normal network or application behavior will not be caught by heuristic/algorithm-based detection methods. 

For defense-in-depth then, we can see why employing a combination of both methods would work best to protect from malware. 

It’s interesting that these same techniques for recognizing bad computer actors can be used for identifying bad or dangerous people. 

We can look for known signatures/patterns of evil, abusive, and violent behaviors and identify those people according to their bad actions.

Similarly, we generally know what “normal” looks like (within a range of standard deviations, of course) and people who behave outside those bounds could be considered as potentially dangerous to themselves or others. 

Yes, we can’t jump to conclusions with people — we don’t want to misjudge anyone or be overly harsh with them, but at the same time, we are human beings and we have a survival instinct. 

So whether we’re dealing with malware or malevolent individuals, looking at patterns of bad actors and significant deviations from the normal are helpful in protecting your data and your person. 😉

(Source Photo: Andy Blumenthal)

Cyber Attacks Typology

Saw this acronym to describe the types of cyber threats and thought it was useful.

STRIDE

Spoofing – Falsifying identity to gain systems access

Tampering – Making unauthorized changes to data or systems

Repudiation – Forging identify of actions to data or system to deny responsibility or even blame a 3rd party

Information Disclosure – Stealing (exfiltrating) information and disclosing it to unauthorized individuals

Denial of Service – Depriving legitimate users access to data or systems

Elevation of Privilege – Transforming user account to allow it to exceed legitimate user privileges (e.g. admin account or superuser)

Funny-sad enough, these six types of cyber attacks can cause any information security officer to lose their stride. 😉

(Source Photo: Andy Blumenthal 

Cybersecurity Vulnerabilities Database

There is a very useful article in Bloomberg about how the U.S. is taking too long to publish cybersecurity vulnerabilities. 

And the longer we take to publish the vulnerabilities with the patch/fix, the more time the hackers have to exploit it!

Generally, the U.S. is lagging China in publishing the vulnerabilities by a whopping 20-days!

Additionally, China’s database has thousands of vulnerabilities identified that don’t appear in the U.S. version. 

Hence, hackers can find the vulnerabilities on the Chinese database and then have almost three weeks or more to target our unpatched systems before we can potentially catch up in not only publishing but also remediating them. 

Why the lag and disparity in reporting between their systems and ours?

China uses a “wider variety of sources and methods” for reporting, while the U.S. process focuses more on ensuring the reliability of reporting sources–hence, it’s a “trade-off between speed and accuracy.”

For reference: 

The Department of Commerce’s National Institute of Standards and Technology publishes the vulnerabilities in the National Vulnerability Database (NVD).

And the NCD is built off of a “catalog of Common Vulnerabilities and Exposures (CVEs) maintained by the nonprofit Mitre Corp.”

Unfortunately, when it comes to cybersecurity, speed is critical.

If we don’t do vastly better, we can be cyber “dead right” before we even get the information that we were vulnerable and wrong in our cyber posture to begin with.  😉

(Source Photo: Andy Blumenthal)

Never Ever More Vulnerable

So we have never been more technology advanced. And at the same time, we have never been more vulnerable. 

As we all know, our cybersecurity have not kept near pace with our ever growing reliance on everything technology.

There is virtually nothing we do now-a-days that does not involve networks, chips, and bits and bytes. 

Energy

Transportation

Agriculture

Banking

Commerce

Health

Defense

Manufacturing

Telecommunications

If ANYTHING serious happens to cripple our technology base, we are toast!

From a crippling cyberattack that disables or hijacks our systems, steals or locks down our data, or creates massive chaotic misinformation flow to a EMP blast that simply fries all our electronic circuitry–we are at the mercy of our technology underpinnings. 

Don’t think it cannot happen!

Whether it’s Wannacry ransonware or the Equifax breach of our privacy data or the Kaspersky Labs hidden backdoor to our top secret files or North Korea threatening to hit us with an EMP–these are just a few of the recent cyber events of 2017!

Technology is both a blessing and a curse–we have more capability, more speed, more convenience, more cost-effectiveness than ever before, but also there is greater vulnerability to complete and utter death and destruction!

This is not just a risk that life could become more difficult or inconvenient–it is literally an existential threat, but who wants to think of it that way?

People, property, and our very society is at risk when our cybersecurity is not what it must be.

It’s a race of defensive against offensive capability. 

And we can’t just play defense, we had better actually win at this! 😉

(Source Photo: Andy Blumenthal)

Our Assets Are Compromised

So in the games that nations play, spy games is #1 on the hit parade.

Of course, it’s about using information to get a strategic advantage. 

It runs the gamut from pure espionage in terms of stealing state secrets and intellectual property to conducting stealthy subversive acts to undermine enemies and competitors. 

Whatever spies do, it’s all about compromising assets…whether they be human, information, or critical infrastructure. 

From turning patriots into traitors, words into info warfare, or critical infrastructure in trojan horses ready to im/explode…whatever leads to getting the upper-hand or advantage. 

What one nation comes to rely on for their sustainment and survival is instead exploited and turned against them like a trojan horse or modern-day malware.

And with people, using money, sex, ideology, compromising material (Kompromat), or threats against loved ones–it’s simply about appealing to either opportunism or extortion. 

So truly defense means protecting not only what before one’s eyes, but also what in the rear and at the flanks. 

When the over 21 million personnel records and background investigations where stolen from OPM on virtually all federal employees (civilian, military, and intelligence personnel) a door was left open and the demon is still hiding and waiting to cross the threshold, infiltrate, exfiltrate, and compromise. 

As an society that meaningfully values an open and transparent democracy, we can perhaps too easily become lured or lax to common sense safeguards and vigilance, but that does not excuse negligence, incompetence or stupidity.

Rich people and countries around the world can unknowingly falter by becoming overly comfortable and full of themselves…to the point where many don’t fully care about their jobs or their country, as they sit in their mansions, designer clothes, and with busting bellies.

From the need to vastly improve our competencies in cyberwarfare to defending ourselves from a tidel wave of global terrorism to upgrading the U.S. nuclear triad against resurgent superpowers and dangerous rogue dictators, we have let our guard down to compromise. 

Is expelling 35 Russian diplomats an effective strategy against their technical attempts to subvert our free and democratic elections or does it just underscore how vulnerable we continue to be?

When as a country and with our leadership, we decide to get serious rather than stay scared and war weary then we will not only stand firm again, but fight against weakness and compromise of ourselves. 😉

(Source Photo: Rebecca Blumenthal)

Why Can’t We Keep Our Secrets

Well after the now notorious email scandal and other information security mishaps galore, this advertisement in Washington, DC is really quite the rage. 

“Keeps classified data classified.”

As parents tell their children about keeping private things private:

“If you can’t keep it a secret, then how do you expect the other kids to keep it to themselves?”

There are lots of secrets in DC, but there are also a lot of big mouths, security negligence, and even corruption. 

This gives our adversaries the opportunities they need to get our countries vital information. 

We work too hard to develop the best intellectual property for national security and our economy as well as the critical policies for advancing human rights and democracy around the world to let it just be easy fodder for others to help themselves too. 

Technology won’t solve the gap in certain big mouths and sloppy Joes around town. 

Only vigilant, smart people can protect the nations vital information that is the fuel for our success and survival. 😉

(Source Photo: Andy Blumenthal)

Cybersecurity Lost In Unknowns

Today unveiled is a new Cybersecurity National Action Plan. 

This in the wake of another Federal data breach on Sunday at the Department of Justice where hackers stole and published online the contact information for 9,000 DHS and 20,000 FBI personnel. 

And this coming on the heels of the breach at OPM that stole sensitive personnel and security files for 21 million employees as well as 5.6 million fingerprints.

While it is nice that cybersecurity is getting attention with more money, expertise, public/private poartnerships, and centers of excellence. 

What is so scary is that despite our utter reliance on everything cyber and digital, we still have virtually no security!

See the #1 definition for security–“the state of being free from danger or threat.”

This is nowhere near where we are now facing threats every moment of every day as hackers, cybercriminals, cyber spies, and hostile nation states rapidly cycle to new ways to steal our secrets and intellectual property, commit identity theft, and disable or destroy our nation’s critical infrastructure for everything from communications, transportation, energy, finance, commerce, defense, and more. 

Unlike with kinetic national security issues–where we regularly innovate and build more stealthy, speedy, and deadly planes, ships, tanks, surveillance and weapons systems–in cyber, we are still scratching our heads lost in unkowns and still searching for the cybersecurity grail:

– Let’s share more information

– Let’s throw more money and people at the problem.

– Let’s seek out “answers to these complex challenges”

These have come up over and over again in plans, reviews, initiatives, and laws for cybersecurity.

The bottom line is that today it’s cyber insecurity that is prevailing, since we cannot reliably protect cyber assets and lives as we desperately race against the clock searching for real world solutions to cyber threats. 

Three priorities here…

1) Build an incredibly effective intrusion protection system

2) Be able to positively tag and identify the cyber attackers 

3) Wield a powerful and credible offensive deterrent to any threats 😉

(Source Photo: Andy Blumenthal)

From Vintage to Modern Threats

Just wanted to share this short video captured of vintage fighter planes flying over the Washington Monument in D.C. on Friday, May 8.

This was in commemoration of 70th anniversary of Victory in Europe Day. 

My father (A’H) used to tell me about when he was in England during the war and the Nazi bombers would fly over and carpet bomb them in a blitzkrieg.

This happened night after night, and so adaptive as people are, they sort of got used to the bombardment, if that is possible to say. 

After a while, instead of taking safety behind closed doors at home, people returned to go to the movies and dancing at night, even while the buildings next door were still being blown up–to the right and the left of them. 

In the morning, those who survived would get up, and see what was knocked down and what still standing. 

Hard to imagine living that way!

Now with new more destructive weapons (WMD, ICBMs, EMPs, etc.), we can only imagine that the destructive aftermath of WW II would be nothing in comparison to what a round III would be like.

It is crucial that we maintain our innovativeness and military superiority and not only offensively to defeat the enemy, but defensively so that we can stop whatever is coming at us whether a dirty bomb in suitcase, an ebola-type virus in an infected person or food, a drone carrying anthrax, or malware over the network.

We have come a long way in the last 70 years technologically, but the risk and stakes have also never been higher. 😉

(Source Video: Minna Blumenthal)

Data 4 Ransom

The future of cybercrime will soon become the almost routine taking of your personal and corporate data as hostage. 

Once the hacker has control of it, with or without exfiltration, they will attach malware to it–like a ticking time bomb.

A simple threat will follow:

“I have your data. Either you pay for your data back unharmed OR your data will become vaporware! You have one hour to decide. If you call the authorities, you data is history.”

So how valuable is your data to you?  

– Your personal information–financial, medical, legal, sentimental things, etc.

– Your corporate information–proprietary trade secrets, customer lists, employee data, more.

How long would it take you to reconstitute if it’s destroyed?  How about if instead it’s sold and used for identity theft or to copy your “secret sauce” (i.e. competitive advantage) or maybe even to surpass you in the marketplace? 

Data is not just inert…it is alive!

Data is not just valuable…often it’s invaluable!

Exposed in our networks or the cloud, data is at risk of theft, distortion, or even ultimate destruction. 

When the time comes, how much will you pay to save your data?

(Source Comic: Andy Blumenthal)

Shining A Light On Your Privacy

Check out this special report…

~Half a billion~ downloads of the top 10 Flashlights Apps–the ones we all have on our smartphones–and guess what?

All/most are malware/spyware from China, India, and Russia that are spying on you!

Your contacts, banking information, even your location, is being intercepted by hackers abroad,

The cybersecurity experts Snoopwall (that conducted this study and are offering a free opensource “privacy flashlight”) are recommending that you don’t just uninstall these flashlight apps, because they leave behind trojans that still are functioning behind the scene and capturing your information.

So instead doing a backup of key information and then a factory reset of the smartphone is advised.

Pain in the you know what, but these flashlight apps are shining a light and compromising your personal information.

Snopes points out that the flashlight apps may be no more vulnerable to spyware than other apps you download and that perhaps the screening process from the app stores help to protect us somewhat.

When the cyber hackers decide to exploit those apps that are vulnerable, whether for political, military, or financial gain, it will likely be ugly and that flashlight or other app you use may prove much more costly than the download to get them. 😉

(Thank you Betty Monoker for sharing this.)