The GDPR Cookie Consent plugin aids sites in complying with EU GDPR/Cookie Law regulations and is maintained by WebToffee.
that even “users who do not use Wordfence Premium have a clear upgrade path”
now that the patch is available, Wordfence described
access controls lead to a stored cross-site scripting vulnerability in the GDPR
Cookie Consent plugin that emerged after it was removed from the repository” and
released details on the vulnerability.
Essentially, a capabilities
check added to an AJAX endpoint meant only to be used by administrators made it
possible for “subscriber-level users to perform a number of actions” that could
compromise site security.
“While consent management platforms (CMP)
have been widely adopted, they have not been proven to honor consumer choice,”
said The Media Trust CEO Chris Olson. “CMPs conform to a minimum standard and
oftentimes provide outdated information to consumers.”
Calling CMPs useful, Olson points out each
implementations vary, depending on vendor, in the way it captures consumer
consent to meet a minimum standard. “Bottom line, the technologies that power
the digital ecosystem are still fragmented and after almost two years of GDPR
all that is being offered is a misplaced sense of trust,” he said.
Incident Of The Week: Garmin Pays $10 Million To Ransomware Hackers Who Rendered…
[Records Exposed: N/A | Industry: Technology | Type Of Attack: Ransomware]
On July 23, Garmin users went to Twitter to express their concern over inaccessible website features. Four days later, Garmin released an official statement confirming that a cyber attack had taken place. Garmin assured its users that no PII (personal identifying information) was compromised.
Garmin is most commonly known for its fitness tracking capabilities in the form of GPS wearables, but the corporation also operates in the aviation space. Consequently, some planes whose aviation infrastructure relies on Garmin technology were also affected by the hack.
Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure. In the case of Garmin, website functions, customer support, and user applications were all affected. Unlike typical ransomware software, WastedLocker does not steal identifying information and hold it for ransom. Instead, it renders programs useless until decrypted. The hacking organization then demands a fee for the decryption key. In the case of Garmin, although not verified by the U.S. corporation, it is believed that Garmin paid the $10 million ransom.
In the world of cyber crime, however, nothing is cut and dry. Cyber security experts have linked this young ransomware tool with the Russian hacking group known as Evil Corp. If this is the case, assuming the WastedLocker attack occurred under Evil Corp’s authority and not as a ransomware-for-hire event, Garmin had a difficult choice to make. To return their systems to working order, they had to risk breaking U.S. sanctions against Evil Corp.
Third-party negotiators can act as intermediaries between the hacked and the hackers. It appears that Garmin paid a cyber security firm in New Zealand to assist with the hack, meaning it is likely that they worked as the go-between to legally pay the $10 million ransom without breaking U.S. sanction laws. Garmin has declined to discuss the cyber event beyond its bare-bones press release on the 27th.
While ransomware attacks are nothing new, they are rapidly growing in sophistication and scale. It is believed that organized cyber crime entities are investing their “earnings” back into their hacking infrastructure much the way a startup grows by investing its profits. They’re building out specialized teams in order to run their operation on a larger scale, target larger entities, and decrease their rate of detection.
Traditionally, government organizations, cities, hospitals, and universities are most commonly targets of ransomware attacks. Those ransoms averaged around $100,000. Now, however, it appears threat actors like Evil Corp has moved their sites to Fortune 500 companies with random demands in the millions. Garmin may be just the beginning of a new ransomware era that specifically targets large U.S. corporations. That isn’t to say SMBs are off the hook. As Evil Corp and the likes go after bigger fish, the pond opens up for young hackers to come in and take their place.
To pay or not to pay a ransomware ransom comes down to personal choice. A Tripwire article by Graham Cluley offers this perspective: “That ultimately is a decision that only you can make. Bear in mind that the more companies that pay a ransom, the more the criminals are likely to launch similar attacks in the future. At the same time, you may feel that your business needs to make the difficult but pragmatic decision to pay the criminals if you feel your company cannot survive any other way.”
At its core, preventing ransomware attacks is about deploying a holistic cyber security solution. A hacking organization has nothing to ransom if it can’t breach enterprise systems. Most enterprise breaches start as basic phishing schemes. That is why organizations of all sizes must invest the time and money into strong cyber security policies and best practices such as:
- Making it easy to report suspicious emails by embedding a “report phishing” button into all incoming emails which triggers a cyber security incident response
- Giving employees the least amount of access they need to do their job, i.e. implementing a zero-trust strategy
- Practicing and testing anti-phishing awareness internally or with the assistance of a cyber security third party vendor
- Reducing workplace stress and creating a slower-paced environment, as cyber criminals pray on psychological human responses such as carelessness and hurriedness
Read More: Incident Of The Week
AI in Cybersecurity Helping with Threat Hunting, Reducing Attack Vectors
By John P. Desmond, AI Trends Editor
The cybersecurity landscape is looking at higher than ever threat levels, data volumes quadrupling every 36 months, computing power and data transfer speeds increasing just as fast, and a diversity of IoT devices ushering in a new era of automation.
To get a grip on this, more organizations are exploring how AI can help. The Next-generation security operations center (SOC) incorporates automation and orchestration — automation applied to both defense operations and threat hunting incorporating AI and machine learning, and orchestration managing how multiple sets of tools and platforms work together.
“AI and ML are not only used in a next-generation SOC to enhance detection and prevention activities, but also, increasingly, to augment incident response actions such as containment actions, ticket creation, and user engagement to triage and/or validate a suspicious action,” stated John Harrison, Director, Cybersecurity Center of Excellence for Criterion, in an article he wrote for Nextgov. “The applications of AI and ML reduce the time spent on each alert and improve the Mean Time to Detect as well as the Mean Time to Repair.” Criterion is a systems integrator focused on solutions for government agencies.
New challenges facing SOCs include: serving the needs of remote and teleworking employees, a dramatically increased number during the pandemic; managing multiple cloud platforms; and dealing with an exploding number of IoT devices that need to be configured.
“The structure of SOCs is already adapting and evolving to bring together defensive operations and the analysis of emerging threats with the strategic introduction of new technologies. The result is a mature, flexible, risk-based and cost-efficient approach to ensure the crown jewels of an enterprise remain secure,” Harrison stated.
Historical ways of doing things are being updated. Security information and event management (SIEM), a term coined in 2005, provides a real-time analysis of security alerts generated by applications and network hardware. Firewalls, malware protection and other signature-based options solve part of the problem. Successful threat hunting requires a preemptive search of large data sets, using AI and machine learning. The idea is to identify threats that may or may already have evaded the current detection capabilities.
“The application of automation to threat hunting enables faster response time and more agile and improved recommendations on responses. It reduces attack vectors, breaches, and breach attempts and enables organizations to move from a purely reactive response to operating ahead of threats,” Harrison stated.
AI Seen As Potentially Helping Extend Budgets by Delivering More Value
The push to incorporate AI into cybersecurity is also being seen as a way to extend corporate security budgets under pressure.
AI in cybersecurity until 2014 was a marketing term, stated Raef Meeuwisse, CISM, CISA, author of “Cybersecurity for Business,” in a recent account in infosecurity. He is not a fan of machine learning on its own applied to cybersecurity. “The problem with machine learning is that the AI is limited to the features that it has been taught to expect,” he states. “Fooling a machine learning security system is as simple as adding an unexpected/ unprogrammed feature into the exploit.”
Artificial neural networks, in contrast, effectively self-organize how the system reviews and manages the data it has access to. “It does not need to have seen the behavior before, it only has to recognize the outcome, or potential outcome,” he states.
Security programs using AI technologies, often running as local agents, can now understand and block rogue identity and access activities, identify and quarantine malware, prevent data loss, adapt the security configurations of devices, with few or no errors. “The progression and investment into artificial neural network technology means that some security software technologies have now reached a level of competency that was unthinkable 10 years ago,” Meeuwisse states.
In some SIEM environments, the AI applied to security can inspect, alert and block based on analysis that would be impossible to achieve manually. “The AI technologies are literally performing the equivalent of years of manual security work every minute,” he states.
As the AI technologies become more stable, the author sees the price point moving lower as well. The average AI anti-malware solution for home use is now priced at less than $1 per device per month. “My own experience using these technologies is that they are incredibly helpful,” he stated.
AI is a New Learning Requirement for Cybersecurity Professionals
Cybersecurity professionals working in enterprises now face a requirement to learn about how AI and machine learning can work within their systems. “AI/ML has a direct effect on cybersecurity teams and brings a whole new set of needs to the enterprise,” stated Bob Peterson, CTO architect at Sungard Availability Services, an IT service management company, in a recent account in .
The creation and maintenance of the AI/ML security system requires a joint effort from many contributors. “The team requires domain experts that understand the security data and how it is generated, data analysis and data science experts that understand data analysis techniques, and AI/ML experts that translate this information into the right models and algorithms,” Peterson stated.
When hiring, it’s good to be open-minded. Maybe a candidate has a needed skill but needs to come up the learning curve in cybersecurity. “It may be easier to educate them on cybersecurity versus the technology skill itself,” Peterson stated.
Cybersecurity also faces a challenge in diversity of staff. Only 20% of security professionals are women and only 26% in the US are from marginalized communities, according to Sivan Nir, a threat intelligence team leader at Skybox Security, a cybersecurity software supplier.
“This is a big problem because cybersecurity, in particular, is a field that thrives on diversity,” Nir stated. “If you think about who we are up against, cybercriminals come from diverse backgrounds, so it is crucial our teams have different points of views and a variety of thought processes.”
Nir emphasized the importance of making people—especially girls and underrepresented groups—aware of tech and cybersecurity as a career path from a young age. “Working in technological fields should be seen as exciting, not intimidating,” she stated. “Cybersecurity, in particular, is never boring—it tackles real-world challenges at a fast pace every day.”
Data Is The New Perimeter
Before the current millennium, enterprise talent would go to the office. It was so straightforward. Talent would all just sit at enterprise stations on prem and exist within a knowingly defined perimeter. The Firewall, VPN, LAN, Antivirus environment was within the gaze- and right under the nose- of the CISO.
CISO prioritization has always been on securing that perimeter. Managing technology vulnerabilities to ensure visibility over the complete threat landscape was the day-in-day out activity. The castle and moat strategy worked well when everything was inside the castle. But as cloud migration began and remote work continued, the perimeter expanded. The best CISOs in the business evolved with these changes and increased focus on nimble privilege-based access as opposed to a simple VPN on/off switch. Data at rest was always in view. Data in transit had been tougher to track. With global enterprise moving to a distributed structure reality, visibility over data in transit is truly an issue.
With the user consistently accessing data via non-enterprise endpoints an updated mindset and approach come into focus. In our Interactive Discussion on the CSHub Mid Year Report, Dennis Leber noted, “data is the new perimeter.”
We’ve been using the phrase infinite perimeter on CSHub to showcase what must be managed- access, endpoint, cloud and now IoT- as ever expansive. The distributed workforce, plus your 3rd party partners, plus their 3rd party partners thrusts access management and the concepts of least privilege and zero trust to the fore. Those same distributed users bringing their own devices turns endpoint security into a game of cat and mouse. Your network now includes the home routers of your distributed workforce as well as their smart speakers.
The data breach can now occur via myriad means. And so, rather than focus on the perimeter point that has been breached, focus on the data.
Controls For The Data Breach
A breach has always been focused on the data. But with an easily defined perimeter, the focus of the information security officer was rightly on the breach. Gaining an ever-widening scope of focus on the exponential expanse of the perimeter is mandatory. An additional focus on data at rest and data in transit will assist in that infinite perimeter scope of focus achieving clarity.
The focus has been on knowing where the crown jewels sit and protecting that space. CSHub Executive Board Member and IEEE Public Visibility Initiative spokesperson Kayne McGladrey notes, “if you don’t know where your data live, you can’t apply any effective policies around access controls or do any meaningful incident response or do any meaningful security awareness.”
Focusing on the Data in the Data Breach
As data exfiltration abounds, getting a handle on data in transit is of course, key. McGladrey continues, “right now, for almost all businesses data is the most important thing they have, whether it’s PII, PHI, IP. The threat actors are not attacking because people have nice office spaces that are currently empty, and they’re not attacking because they have nice manufacturing capacity, that’s also operating at a lower rate. They’re attacking because they want to steal the data and do things with it, depending on their motivation. And if you can’t say empirically, ‘We know where all those data are,’ you can not apply controls.”
But having basic controls over data in transit is simply not good enough. McGladrey expounds, “Build both policies to require encryption of data in transit, as well as policies around approved services to use, and then implement telemetry. If you don’t have a policy that says, ‘We’re going to have a standards list of approved services for transmitting data across organizations, and we’re going to have enforcement of that in our technical control,’ – think like a CASB at the very simplest level- then ultimately you have no idea where your data are going at the end of the day.”
Knowing everything about that most-important data in transit leads you to a cogent understanding of your actual enterprise risk. Horizon Power CISO and CSHub Executive Board Member Jeff Campbell notes, “It’s all got to be based on risk. Tapping into the corporate risk framework at your organization and understanding what they consider to be important as a strategic enabler, and then understanding that security- particularly now in this digital future- plays a very, very important part in enabling those strategic initiatives.”
Prioritization and risk go hand-in-hand. If the wrong things are prioritized, your risk increases. McGladrey notes that’s all the more important in a distributed enterprise. “Some of the projects that get spun up aren’t really going to have a material reduction in risk- and they’re not going to have a significant benefit to the business and with a nomadic workforce- that becomes a challenge.”
The organization should of course be already running in line with an industry standard like Center for Internet Security’s critical security controls. That ensures that you know that the enterprise is secure with where the business is. Zeroing in on the larger long-term enterprise goals provides a context of where the business is going. Understanding the Board and C-Suite cyber security focus points denotes how you can connect cyber security to those business goals. And when that connection is made, so is the business case for your current and future budget.
Campbell sums up, “So how do you prioritize? You develop metrics consistent with what your board likes to see around cyber security, as well as how that ties in into delivery of those initiatives. Those metrics need to be framed in a way that is a common language, and the common language at the board and executive layer. And that’s how you prioritize.”
The theme of business enablement has rifled through the industry over the past few years and the focus now has a fever pitch. A focus on business enablement has been about ensuring that the CISO can simply do what they know they need to do. We have now turned the corner in that business enablement can now help a CISO understand how to prioritize what they need to do.
Gnomes & Goblins to be Wevr’s Biggest Production, 10x Larger Than the Preview
Is It Worth Investing in a Website Builder?
How to Create a Cloud-connect AR Experience in 15 Minutes or Less
Mortal Blitz: Combat Arena’s PlayStation VR Open Beta Begins Next Week
AvidXchange Announces New “Tech Rising” Initiative to Remove Barriers to Technology Education
Swipe Is the Latest Project to Integrate Chainlink’s Price Oracles
Craig Wright Won’t Need to Pay Hodlnaut $60K Until Appeal Is Over, Says Counsel
Bitcoin a Hedge Against Elon Musk Mining Asteroid Gold, Say Winklevoss Twins
Solaris Offworld Combat has Been Delayed to September
Mastercard Announces Global Commercial Partnership With Pollinate
Oculus Social VR App ‘Venues’ to Get Overhaul in Preparation for ‘Facebook Horizon’
Thailand’s Central Bank Eyes DeFi Use Cases for Its Digital Baht
Bitcoin Proceeds of COVID-19 Business Support Scheme Fraud Seized
VR Giants’ Co-op Kickstarter Achieves Funding Success
Huntington Bancshares picks BillGo for faster payments
Banco Ripley goes live on Temenos Transact
OakNorth’s UK bank has approved £600m in loans since March
How a “Chad” minted Curve tokens early and briefly surpassed BTC’s market cap
Diplomatic ties Between Israel and UAE :Donald Trump
As the pandemic persists, New Zealand considers negative interest rates
Stock futures rise slightly after S&P 500 struggles to reach February record high
ABN Amro to slash size of investment bank after losses
Weed memes, explained
The $150 billion video game industry grapples with a murky track record on diversity
Cas & Chary Present: Top 10 ‘Half-Life: Alyx’ Mods So Far
J.B. Hunt’s 1st Delivery With Fully Electric Freightliner eCascadia
Sabesp anuncia resultados do 2T20
CarParts.com Announces Pricing of Public Offering of Common Stock
Four of the Top Five South Korean Banks to Offer Crypto Services
SABESP Announces 2Q20 Results
Alt Lending – week ending 14th August
Brussels Airport Company has selected Ecolog to perform COVID-19 Tests at the Brussels Airport
Coronavirus live updates: Congress leaves without passing relief bill; Fauci concerned with U.S. outbreak
Is Chainlink Poised for a Sell Off After Reaching New ATH?
China may never catch up with its commitments to the U.S. in ‘phase one’ deal, expert says
Danke Partners with Leading Chinese Media to Release 2020 College Graduate Housing Blue Book
$12K Bitcoin Price in Sight as Retail, Institutional Traders Turn ‘Greedy’
$99 Gas Fees on Ethereum Are Crippling DeFi’s Growth
UK’s Federation of Small Businesses Says Next Budget Must be “Most Pro-Business Ever” to Combat Negative Effects of First Recession in 11 Years
Former New York Times reporter Alex Berenson: I’m increasingly convinced that COVID-19 is a creation of the media/technology complex. (NO – I do not mean it’s not real or was bioengineered)
Gaming1 week ago
Server status – Is Fall Guys down?
Esports1 week ago
The best loadouts for the ISO in Call of Duty: Warzone and Modern Warfare
Esports1 week ago
Stuck on loading screen error in Fall Guys explained
AI1 week ago
AI Machine Learning Efforts Encounter A Carbon Footprint Blemish
Esports1 week ago
The best Standard Hearthstone decks to try for Scholomance Academy
Mobility1 week ago
Photos: A first look at the Samsung Galaxy Note 20 and Galaxy Note 20 Ultra
Esports1 week ago
The best loadouts for the AN-94 in Call of Duty: Warzone and Modern Warfare
Cannabis4 days ago
An in-depth look at the study that discovered THCP, a cannabinoid more potent than THC