Daily Tech Digest - January 21, 2021

15 SLA mistakes IT leaders still make

SLAs have often been a point of contention ­— not only between providers and customers, but within organizations themselves. “It often boils down to IT leaders hating to read legal agreements while procurement and legal teams can be focused on business and financial risk rather than IT dependencies or the impact of system outages to delivering services,” says Joel Martin, cloud strategies research vice president at HFS Research. And as companies move more solutions to the cloud, understanding the service levels agreed to is important to developing trusted and dependable relationships. Moreover, SLA development and management has evolved significantly in recent years, with an eye toward driving business value. “Service recipients have become far more sophisticated in how they manage SLAs,” says Marc Tanowitz, managing director with West Monroe, adding that they “are looking for end-to-end outcomes that drive business success and recognize that the true value of SLAs is to drive business insights and performance — rather than to reduce the cost of service by capturing performance credits.” Nonetheless, there remain some common — and potentially costly — SLA mistakes IT leaders can make. Following are some of the most detrimental to the IT organization and the business at large.

Ransomware provides the perfect cover

Attackers are constantly creating new variants that evade detection by traditional signature-based approaches. To counteract these attacks, firms need to have defence in depth. This starts with preventing threat actors from infiltrating the network by defending against tactics such as phishing and malware campaigns through staff training, the use of strong passwords, 2FA, and patch management. If a threat actor makes it onto the system, their potential for lateral movement is limited when organizations have deployed a least-privilege approach, where access to files and folders is limited based on job role or seniority. Behavioral anomalies are a prime indicator that a threat actor could be on the network. This includes encrypting or downloading large amounts of data or user accounts trying to access restricted data. Successfully spotting such behaviour requires correlating data from many sources, including endpoint and network detection and response solutions. Finally, to ensure they can recover quickly in the event of a ransomware attack, organizations must also have robust backups that they can rely on if their network does go down.

Cisco tags critical security holes in SD-WAN software

The first critical problem–with a Common Vulnerability Scoring System rating of 9.9 out of 10–is vulnerability in the web-based management interface of Cisco SD-WAN vManage Software.  “This vulnerability is due to improper input validation of user-supplied input to the device template configuration,” Cisco stated. “An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to gain root-level access to the affected system.” This vulnerability affects only the Cisco SD-WAN vManage product, the company stated. The second critical Cisco SD-WAN Software issue–with a CVSS rating of 9.8—could let an unauthenticated, remote attacker to cause a buffer overflow. “The vulnerability is due to incorrect handling of IP traffic,” Cisco stated. “An attacker could exploit this vulnerability by sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges.”

Microsoft Releases New Info on SolarWinds Attack Chain

According to Microsoft, the attackers achieved this by using a known MITRE attack method called event triggered execution, where malicious code is executed on a host system when a specific process is launched. In this case, the threat actors used the SolarWinds process to create a so-called Image File Execution Options (IEFO) registry value for running the malicious VBScript file when the dllhost dot exe process is executed on the infected system. The dllhost dot exe process is a legitimate Windows process for launching other applications and systems. When triggered, the VBScript then runs another executable that activates the Cobalt Strike DLL in a process that is completely disconnected and separate from the SolarWinds process. The VBScript then also deletes the IEFO registry value and other traces of the sequence of events that happened, according to Microsoft. The full motives behind the operation and its victims remain unclear — or at least publicly undisclosed — though some believe it may have been for corporate espionage or spying. FireEye, Microsoft, the US Cybersecurity and Infrastructure Security Agency (CISA), and numerous others have described the operation as being the work of a highly sophisticated state-backed actor. 

Accessible 5G: Making it a reality

To make 5G truly accessible to businesses, customers and consumers, we need to improve connectivity for all by eventually converging cellular and satellite networks to provide coverage both on land and via geo-satellite. While 3G and 4G were primarily created to improve mobile services for mobile device users, 5G is expected to support a much wider scope of IoT applications. With more intelligence being packed into smart, connected devices – we’ll need seamless connectivity and coverage. The hybrid network will enable all types of industries, from education and healthcare to construction and manufacturing, to not only use IoT technology to improve services and efficiencies but remove operational complexities, such as in-building coverage for more remote locations and black spots in connectivity when laying foundations – think basement renovations and housing developments in remote landscapes. As 5G-enabled smart devices and IoT applications increase, so too will the volume of data transactions between devices in the home: Smartphones, tablets, TVs, voice-assistance, and white goods like refrigerators and smart ovens. The sheer volume of applications transferring data to communicate with each other, for example, using voice assistance to dim the lights and select a film to watch for a night in, will require robust and seamless connectivity for the perfect experience.

Fueled by Record Profits, Ransomware Persists in New Year

In 2020, exfiltrating data from victims before crypto-locking their systems and naming and shaming victims via leaks sites became common. Pioneered by the now-defunct Maze group in late 2019, many other groups followed suit. Those include Clop, DoppelPaymer, Nefilim, Sekhmet and, more recently, Avaddon. DoppelPaymer was also tied to an attack against a hospital in Germany, which led to a seriously ill patient having to be rerouted to another hospital. "This individual later died, though German authorities ultimately did not hold the ransomware actors responsible because the German authorities felt the individual's health was poor and the patient likely would have died even if they had not been re-routed," the FBI notes in a private industry alert issued last month. For exfiltrating data, "size doesn't matter" for attackers, Sophos says. "They don't seem to care about the amount of data targeted for exfiltration. Directory structures are unique to each business, and some file types can be compressed better than others. We have seen as little as 5GB, and as much as 400GB, of compressed data being stolen from a victim prior to deployment of the ransomware." 

The state of the dark web: Insights from the underground

According to Raveed Laeb, product manager at KELA, the dark web of today represents a wide variety of goods and services. Although traditionally concentrated in forums, dark web communications and transactions have moved to different mediums including IM platforms, automated shops, and closed communities. Threat actors are sharing covert intelligence on compromised networks, stolen data, leaked databases and other monetizable cybercrime products through these mediums. “The market shifts are focused on automation and servitization [subscription models], aimed at aiding the cybercrime business to grow at scale,” says Laeb. “As can be witnessed by the exponential rise of ransomware attacks leveraging the underground financial ecosystem, the cybercriminal-to-cybercriminal markets allow actors to seamlessly create a supply chain that supports decentralized and effective cybercrime intrusions—giving attackers an inherent edge.” ... “Defenders can exploit these robust and dynamic ecosystems by gaining visibility into the inner workings of the underground ecosystem—allowing them to trace the same vulnerabilities, exposures, and compromises that would be leveraged by threat actors and remediate them before they get exploited,” says Laeb.

New MIT Social Intelligence Algorithm Helps Build Machines That Better Understand Human Goals

While there’s been considerable work on inferring the goals and desires of agents, much of this work has assumed that agents act optimally to achieve their goals. However, the team was particularly inspired by a common way of human planning that’s largely sub-optimal: not to plan everything out in advance, but rather to form only partial plans, execute them, and then plan again from there. While this can lead to mistakes from not thinking enough “ahead of time,” it also reduces the cognitive load.  For example, imagine you’re watching your friend prepare food, and you would like to help by figuring out what they’re cooking. You guess the next few steps your friend might take: maybe preheating the oven, then making dough for an apple pie. You then “keep” only the partial plans that remain consistent with what your friend actually does, and then you repeat the process by planning ahead just a few steps from there.  Once you’ve seen your friend make the dough, you can restrict the possibilities only to baked goods, and guess that they might slice apples next, or get some pecans for a pie mix. Eventually, you’ll have eliminated all the plans for dishes that your friend couldn’t possibly be making, keeping only the possible plans (i.e., pie recipes). Once you’re sure enough which dish it is, you can offer to help.

5G: Opportunities and Challenges for Electric Distribution Companies

While the primary focus for this new technology from a common carrier’s perspective seems to center around broadband services, the most likely areas that will be important to electric utilities will be the increased capacity to support field area network needs for connected grid devices. The "Grid of Things" will greatly benefit from the connectedness afforded by the larger IoT. "We plan to leverage our AMI network for connectivity needs, but that may change as we deploy more 'grid-edge' devices," said an executive of a mid-sized mid-Atlantic utility. Low-latency services potentially offer the opportunity to leverage this technology to support mission critical applications, such as protective relay management, SCADA, and substation communications. "Use of 5G can potentially provide SCADA and other system data over a cellular network versus a hard-wired solution through fiber or copper," said a general manager of a Connecticut public utility. The high data rate mmWave wireless broadband services may be applied to augmented/virtual reality (AR/VR), an area where some utilities like Duke Energy and EPRI are actively leveraging, and unmanned aerial vehicles (UAVs) that will improve asset management and visualization.

Financial institutions can strengthen cybersecurity with SWIFT’s CSCF v2021

SWIFT created the CSP to support financial institutions in protecting their own environments against cybercrime. The CSP established a common set of security controls, the Customer Security Controls Framework (CSCF), designed to help users secure their systems with a list of mandatory controls, community-wide information sharing initiatives, and security features on their payment infrastructure. The CSCF is designed to evolve based on threats observed across the transaction landscape. The CSCF’s controls are centered around three overarching objectives: Secure your environment; Know and limit access; and Detect and respond. The updated CSCF v2021 includes changes to existing controls and additional guidance and clarification on implementation guidelines. The newest version includes 31 security controls, 22 mandatory controls, and 9 advisory controls. Mandatory controls must be implemented by all users on the user’s local SWIFT infrastructure. Advisory controls are based on recommended best practices advised by SWIFT.

Quote for the day:

"Education is what survives when what has been learned has been forgotten." -- B. F. Skinner

No comments:

Post a Comment