Daily Tech Digest - February 09, 2020

Ransomware attacks are now targeting industrial control systems


Researchers found Ekans contains a list of commands and processes associated with a number of industrial control system-specific functionalities aimed at stopping these functions in a ransomware attack. While this functionality is described as limited, researchers' analysis of Ekans notes that it still represents "a deeply concerning evolution in ICS-targeting malware" because it indicates that cyber criminals are now targeting ICS operation systems purely for financial gain. Files encrypted are renamed with a random five character file extension, while victims are presented with a ransom note with an email address to contact to negotiate a ransom to be paid in cryptocurrency. In order to deploy the ransomware, the attackers behind Ekans likely need to compromise the network before executing the attack. This follows the same trend as ransomware variants like Ryuk and Megacortex, which rely on a hands-on method of deployment rather than the self-propagation followed by other forms of ransomware. The way in which Ekans is designed to target ICS operations indicates that the attackers very much have a specific target in mind, so are likely to take their time to compromise targets relevant to their plans.



Security Predicted by Gartner to Improve in DevOps Teams

One tool on Gartner’s roadmap is IAST, or "Interactive Application Security Testing". IAST helps teams understand and address security during development and testing, in a manner similar to how Application Performance Management tools helped teams understand performance. Instead of sending code to a specialized performance team to evaluate isolated tests in a lab, APM tools such as New Relic, Dynatrace, and AppDynamics used instrumentation to continuously monitor what happened in an application without requiring code changes. As a result, teams could monitor their own data without requiring dedicated study in the field of performance engineering. With tools such as IAST, teams can leverage tools to find security defects without requiring dedicated study in security risk. As a result, these newer DevOps tools can locate security defects by identifying interesting occurrences, such as: when user input reaches an SQL command without validation, where an XML parser is configured to provide local files to external users, and many other types of risk.


Why private micro-networks could be the future of how we connect


The current social-media model isn’t quite right for family sharing. Different generations tend to congregate in different places: Facebook is Boomer paradise, Instagram appeals to Millennials, TikTok is GenZ central. Updating family about a vacation across platforms—via Instagram stories or on Facebook, for example—might not always be appropriate. Do you really want your cubicle pal, your acquaintance from book club, and your high school frenemy to be looped in as well? “Social media treats everyone—a friend, a family member, an acquaintance—the same,” says Courtney Walsh, a lecturer in human development and family sciences at the University of Texas who consulted for Cocoon. “I would argue that what we are doing is impersonal on social media.” Cocoon aims to change the way we share. It launched on Thanksgiving, with more than 10,000 users signing up from 163 countries that week, according to Monga. Everything you post stays within the group. The app is its own small world: a feed is the home screen, greeting users with updates since they last signed on; messaging capabilities include threads to help corral conversations.


Add a Turbocharged Data Grid to Your Angular Application

Developers of enterprise web applications that need to display data in grids are faced with a dilemma. Do you use plain HTML tables, which are simple and easy to build, but tired and featureless (especially since you know users will compare them to Google Sheets)? Or do you try again to find that elusive, free, open-source (but reliable) datagrid tool that will give you the performance, features, and support you need? Oh, and page bloat is always an issue... Enter Wijmo FlexGrid, a mature, fully supported data grid. It’s now over five years old and, at version 5, it’s feature-rich, incredibly fast, and has a tiny code footprint. FlexGrid features an Angular wrapper that simplifies the work required to create the Angular components you need, with support for all versions from Angular 2 through Angular 9. We will use Angular 8 in this tutorial. To see how easy it is to use Wijmo FlexGrid tables in an Angular 8 application, we’ll start with a simple Angular component containing a data-bound HTML table. Once the basic version works, we’ll alter the code and switch to Wijmo FlexGrid.


How to prioritize IT security projects

prioritize IT security projects
The state of IT security has never been more precarious. Advanced Persistent Threats (APTs), often state-sponsored, can embed themselves in a security environment, move laterally, and steal an organization’s critical assets without being detected for months. Cloud migration – and the challenges of handling on prem/cloud risks in an integrated manner – has created new attack paths while greatly increasing the demands placed on modern organizational security teams. These developments exacerbate the already tough mandate for IT security pros: they must be right every time, and the attackers need only be successful once. This doesn’t mean that hackers can operate with an entirely free hand; they, too, must pick and prioritize their spots. If your security is robust enough relative to other targets, attackers may judge it to be more trouble than it is worth, especially when there are so many other lightly guarded networks, devices, etc. Automation is the critical weapon in this game of attack and defend, as it allows attackers to maximize their resources and probe for the most vulnerable targets at scale. For defenders, automation plays an equally essential role.


Success follows Indiana Tech cybersecurity team

Katie Fyfe | The Journal Gazette
 Purdue University's Tyler Jones  competes in Saturday's Indiana Collegiate Cyber Defense Competition at Indiana Tech.
Darryl Togashi, director of Indiana Tech's cybersecurity program, was hired in June to beef up the university's offerings to increase lab space and align classes with current industry requirements. As cyber-threats evolve, professional training must adapt, he said. His vision includes creating more hands-on opportunities for students to gain practical experience. Togashi's focus includes securing a CAE-CDE – of Center of Academic Excellence in Cyber Defense Education – designation from the National Security Agency and the Department of Homeland Security. Results of the review should be available in March or April, he said. If Indiana Tech doesn't receive the prestigious designation, it will get feedback on what deficiencies were found and allowed to correct them and reapply, Togashi said. Within a year to two, university officials hope to offer working IT professionals opportunities to receive training in specific cybersecurity skills or topics. Voting machine security issues might be a focus of one, for example. Togashi is also charged with sponsoring and participating in events that introduce middle and high school students to cybersecurity at a level they can understand.


Google releases TyDi QA, a data set that aims to capture the uniqueness of languages


Whether we’re aware of it or not, AI and cybersecurity technology are nearly omnipresent in our daily lives, and they’re only gaining importance as our world becomes more connected, “intelligent,” and reliant on online or automated systems. Yet both can seem intractably technical, even to tech-savvy people, with an ominous gravity that multiplies at the intersection of their Venn diagrams. The easy metaphor is that cybersecurity is an escalating arms race between good actors and bad actors, while the advent of AI is proverbial nuclear warfare. Some of that’s true, but the reality is far more illuminating, nuanced, and accessible. Huge cybersecurity threats can be amplified by AI technologies, so cybersecurity experts need to employ AI to protect us — and they are. In this issue, we’ll discuss how some threats are more sophisticated than ever, but most are not. We’ll learn that even as attack and defense systems are supercharged by technology, the need for human expertise has become more critical, not less. And we’ll look at practical solutions to some of the most onerous threats, like deepfakes and the increasing presence of AI-powered cameras.


How Twitter Improves Resource Usage with a Deterministic Load Balancing Algorithm


Twitter has been using a client-side load balancing technique for several years with its microservices architecture. They call this technique a "deterministic aperture," and it's part of Finagle's RPC framework, an open-source project for the JVM. Finagle embeds a client-side load balancer in every client. Instead of making calls to a central server-side load balancer, all requests go straight to a destination server, without an intermediary. This reduces the need for an extra infrastructure layer, and also reduces network hops, bandwidth, and points of failure in the system. Client-side load balancing is an approach that other projects like Baker Street and Netflix Ribbon use. And also companies like Yelp, Airbnb, or Stripe use it to run microservices systems. Using client-side load balancers means that now there can be multiple load balancers distributed within clients throughout the system—at least one per client. Therefore, it gets complicated when trying to distribute traffic load to servers in an even manner, especially when there are thousands of servers. For this reason, Finagle's deterministic aperture algorithm combines the P2C approach for distributing traffic load with the combination of a deterministic approach when picking which servers to connect.


This crafty malware makes you retype your passwords so it can steal them


Once running on the compromised Windows system, Metamorfo terminates any running browsers and then prevents any new browser windows from using auto-complete and auto-suggest in data entry fields. This prevents the user from using auto-complete functions to enter usernames, passwords and other information, allowing the malware's keylogger functionality to collect the data the users are thus obliged to retype. It then sends that data back to a command-and-control server run by the attackers. Metamorfo even includes a function that monitors 32 keywords associated with the targeted banks, likely so that the attackers can be alerted in real time as to when a victim is trying to access online services. Researchers haven't revealed the keywords or the names of the financial institutions being targeted, as it's likely the Metamorfo campaign is still active. To help protect against falling victim to attacks using the malware, users should be wary of unexpected emails and attachments, while using an antivirus product can also help detect the malware.


How Enterprise Architecture can reduce risk in Mergers and Acquisitions


A merger involves two or more entities combining in such a way that previously recognized legal entities cease to exist. The merging entities have a shared burden in defining the new or changed business model; changes in their go-to-market strategy; customer journey, etc. This includes the complexity of the risks involved in getting the necessary clearance and support required in clearing a myriad of regulatory hurdles. All of this means risk and resource allocation decisions above and beyond the typical day to day business operations. Merging companies share an interest in articulating organizational structure and behavior from a strategy, operational, regulatory, and financial perspective. For Acquisition, the balance of sharing risk and resource allocation shifts depending on the nature of the purchase. In a friendly acquisition, it could look more like a merger in which parties are sharing some level of risk and resource decisions. Both participating organizations have an interest in representing their companies in the best possible light, but perhaps for different reasons. The acquiring firm wants to ensure they can demonstrate to the market and shareholders they are doing the right thing and will bring increased value.



Quote for the day:


"Leadership is particularly necessary to ensure ready acceptance of the unfamiliar and that which is contrary to tradition." -- Cyril Falls


No comments:

Post a Comment