Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2022

Out of Band (OOB) Data Exfiltration via DNS

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which you can exfiltrate data. One of these uses files written to disk and multiple DNS queries to send large chunks of data.

World Backup Day: Simplicity and Patience is Key

A few months ago, a popular cybersecurity news organization posted an urgent notice on social media seeking help to recover their data after their blog was deleted. They announced that they had no backups and they were desperately trying to contact the site administrator to restore their blog collection. This was as maddening as it was embarrassing for the same reasons.

What Trust and Compliance Looks Like in a Cookieless Digital World

Originally envisaged as a convenient way to store web data, cookies emerged as a powerful marketing tool in the 2000s. For many years, digital marketers relied on cookies for data collection. However, in recent history, new privacy laws, browser features, and plug-ins have changed the landscape of data collection. Marketers have had to develop tools and strategies to ensure they meet compliance as the internet becomes more and more cookieless.

How Tripwire ExpertOps Can Help Solve the UK's Cybersecurity Challenges

Many UK business and technology executives aren’t hopeful about their digital security going into 2022. In a survey of 3,600 business and technology executives, of which 257 were from the UK, PwC learned that a majority (61%) of respondents expected to see an increase in reportable ransomware attacks next year.

6 Critical Areas of Cloud-Native Security That Are Influential in 2022

Cloud computing has emerged as the go-to organizational workload choice because of its innate scalability and flexibility. However, cloud computing still comes with some security risks. Examining cloud security is an important part of adopting this new technology. Presently, cloud-native security is experiencing changes and innovations that help address security threat vectors.

AvosLocker ransomware - what you need to know

AvosLocker is a ransomware-as-a-service (RaaS) gang that first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities. In March 2022, the FBI and US Treasury Department issued a warning about the attacks.

The Obsession with Faster Cybersecurity Incident Reporting

Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting of cybersecurity incidents. Here’s a brief rundown of the recent activity.

EDoS: The Next Big Threat to Your Cloud

Economic Denial of Sustainability (EDoS) is a cybersecurity threat targeting cloud environments. EDoS attacks exploit the elasticity of clouds, particularly auto-scaling capabilities, to inflate the billing of a cloud user until the account reaches bankruptcy or large-scale service withdrawal. EDoS attacks exploit the cloud’s economies of scale to disrupt or discontinue the availability of cloud services and infrastructure that support applications, systems, and corporate networks.

EPP/EDR: What Is It and How Can It Help to Keep Your Organization Safe?

Endpoint devices played a big part in malware and ransomware attacks in 2021. According to a study covered by Help Net Security, security researchers detected more malware and ransomware endpoint infections in the first nine months of the year than they did for all of 2020. Attack scripts leveraging PowerSploit, Cobalt Strike, and other tools were particularly prevalent in that nine-month period, having grown 10% over the previous year after having already climbed 666% compared to 2019.

How to Combat Asset Blindness in OT Security

One of the main challenges of OT security is the problem of compatibility. OT components often differ significantly from each other in terms of age and sophistication as well as software and communication protocols. This complicates asset discovery and makes it difficult to establish a consistent cybersecurity governance approach. Combating asset blindness in OT security begins with taking account of these differences.

As tax deadlines approach, Emotet malware disguises itself in an IRS email

With just a few weeks until the April 15 deadline for US individuals and businesses to file their tax returns, scammers are as busy as ever. Security researchers at Cofsense have warned that they have seen a number of malicious email campaigns which pose as communications from the Internal Revenue Service (IRS). The emails which purport to come from “IRS.gov”, claim to contain tax forms (such as a W-9) that need to be filled out by the recipient.

How Tripwire Log Center and Tripwire Industrial Visibility Can Work Together

Many industrial security professionals lack visibility into their organizations’ assets and processes. This includes Industrial Internet of Things (IIoT) devices as well as industrial organizations’ supply chains. Back in March 2021, Tripwire announced the results of a survey in which 99% of security professionals said that they had experienced challenges securing their organizations’ IoT and IIoT devices.

Healthcare Providers Need to Increase Budgets for Cybersecurity

The past few years have emphasized just how important cybersecurity is. As cybercrime reached record heights and more companies went digital, industries realized their current security efforts fell short. Healthcare is a prime example. The medical sector has had the second highest number of data breaches of any industry for more than five years. This became increasingly noticeable in 2019 alone, when the industry experienced 525 data breaches, up from 369 the year before.

Tripwire Change Analyzer Quick Start

Tripwire Change Analyzer automates the verification and promotion of “known good” and business as usual changes that are the result of software updates, upgrades, and patches, saving IT organizations time, reducing human error, and increasing efficiency. Tripwire Change Analyzer also works in concert with Tripwire Enterprise to deliver alert notifications and granular details needed for rapid response when unexpected, unauthorized, or high-risk changes are detected. Check out this quick start tutorial video on how to get started with using Tripwire Change Analyzer.

Building Cyber Resilience in a heightened alert environment

There has been a lot of talk about cyber weapons and the cyber dimension of global politics after the NotPetya and WannaCry attacks of 2017 and the Stuxnet worm, first discovered in 2010, when it was used to attack the control mechanisms of Iran’s uranium enriching centrifuges.

The Challenge of Asset Tracking in Industrial Environments

Asset inventory is a significant part of a comprehensive security plan for all organizations. After all, if you do not know what assets you have, then you cannot manage them. Even a small company can amass a surprisingly large amount of assets. It is no surprise that accounting for all of these assets can be like chasing a moving target, as new and old assets must be accounted for, and conversely, decommissioned assets must also be removed.

OT Cybersecurity Concerns Are Increasing Across the Globe

2021 was the year that marked a major cyber-attack against a critical national infrastructure organization whose impact was felt by millions of Americans on the East Coast. However, the attack against the Colonial Pipeline Company was not the only incident that affected the Operational Technology (OT) systems of a critical sector for the U.S. national economy.

What Is CPS 234 and Who Needs to Comply with It?

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new Standard emerged as an offshoot to the Notifiable Data Breach Scheme, which came into effect in early 2018.

Regulating a Nation's Information Security Workforce

In a previous article, I examined Australia’s proposed Security Legislation Amendment (Critical Infrastructure) Bill 2020. This information security overhaul imposes strict reporting requirements for enterprises as well as affords the Australian government unprecedented and far-reaching powers that enables them to intervene in the operation of an organisztion’s network in the event of a threat to critical infrastructure.

US legislation brings mandatory cyberattack and ransomware reporting one step closer

The US Senate has passed legislation designed to improve the cybersecurity of the Federal Government. The legislation, which consists of three bills, was unanimously passed by the Senate on Tuesday evening, and would – amongst other things – require organisations working in critical industry sectors to alert the US Government about hacks and ransomware attacks.

How to Stimulate Organizations' Security Awareness Training Programs

We all know how important security awareness training is for an organization. Moreover, we try to enhance our efforts by weaving security into the “culture” of the organization. Yet, from the employee’s perspective, it all gets very stale. It seems like it is always the same message, but if that is the case, why hasn’t this knowledge been adopted into the corporate consciousness? Perhaps it is our approach.

What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?

Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities of technology professionals have been enhanced to include full certification paths towards demonstrating cloud proficiency.