Ever wondered how large-scale power plants monitor or control the myriad of systems that fill their environment? Have you thought about how some of the world’s greatest industrial hacks were enacted? This post will look to illuminate how one tiny legacy protocol, namely "ModBus" could help to understand just how straight forward this could be.
Two decades ago, the web was a casual escape dominated by message boards, AOL Instant Messenger, and Homestar Runner. Only some people used it for work. Fast forward 20 years, and countless jobs require that you use the internet in some way. This has made it easier than ever to take a quick break, open a new tab, and do some personal surfing – blurring the line between work and leisure.
Please introduce yourself and tell us what you do, and what your company does. I’m Kimber Dowsett and I’m a Director at Krebs Stamos Group(KSG). We conduct cybersecurity consultancy engagements for high-profile organizations that may or may not have experienced a high-profile breach or acquisition, or simply want a world-class assessment of their org’s overall security posture.
Security experts around the world are talking about the importance of improving security measures to keep networks safe—and for good reason. We have plenty of examples of how relentless threat actors can be, and we’ve now seen that not even a pandemic can stop or slow down their attacks.
In order to maintain compliance, enforce governance, and build transparency, teams across your organization need deep insight into how their users and automation interact with Datadog. For stakeholders in leadership roles, such as CIOs and CDOs, knowing what actions users took and when is essential for spotting gaps in enablement, budgeting, and reporting, as well as building a modern compliance strategy for the organization as a whole.
BPF (not eBPF), typically viewed from a defender/sysadmin’s perspective, provides easy access to network packets and the ability to take actions via programs written based on custom filters BEFORE they ever reach a (local) firewall. This same power, according to the PWC report and pending conference talk, was leveraged by a threat actor named Red Menshen, where the attackers have used BPFDoor technique to gain stealthy remote access to compromised devices from at least 2018 to the present.
Verizon’s Data Breach Investigation Report for 2022 (DBIR) was recently released and it has some good news and it has some bad news when it comes to the risk of insider attacks. First the good news, sort of. According to the DBIR, the vast majority of breaches continue to come from external actors (80% vs 18% of insiders). Hopefully we can be a little less suspicious of Bob who sits two offices down from you. However when an insider attack happens, it can be really, really destructive.
