Joel Brenner Keynote at CEIC 2014: The Changing Face of Espionage

For more than a decade, a series of high-profile security breaches have bought to light the vulnerability of the security systems upon which we rely. The best known include:

• Titan Rain: Hackers were able to gain access to U.S. defense contractor computer networks and siphon off large amounts of information.
• New York Times: Ten years after Titan Rain, Chinese hackers broke into the New York Times network and gained access to employees' computers and passwords.
• Target: More than 40 million credit and debit cards and 70 million records, including names, addresses, email addresses and phone numbers of customers were stolen in the attack on the retail giant.

Cybersecurity expert Joel Brenner shared deeper insights into the state of security with CEIC 2014 attendees in his keynote speech. In spite of a series of high-profile, damaging attacks dating back to 2003, public and private organizations are still under siege, and there is no end in sight.

Through the looking glass...blessing or burden?

Josh Beckett

Google Glass coming out has had some interesting implications to the world of security and forensics.  I thought the QR code vulnerability was certainly unique and akin to the drive-by RFID vulnerabilities that exist.  I'm sure we haven't seen the last of such issues.  Google, of course, says this was all part of their plan to really shake out the bugs and round the rough edges that they didn't foresee.  Is that claim more marketing than truth?  Meh, probably a little of each.  It's a nice idea, but I hardly think that even one thousand hacking oriented techies could even scratch the surface of possibilities for what this technology could potentially deliver, good and bad.  Some interesting use cases have already come about, but I think the best are still to come.

Who Turned Off the Lights? U.S. Electric Grid Sees Increase in Cyber Attacks

Ale Espinosa When news of Stuxnet broke out, the world was shocked. It was the first discovered malware to spy on and subvert industrial systems, as well as the first to include a programmable logic-controller rootkit, used to attack Iran’s nuclear facilities.

Yet, despite fears of retaliation from foreign governments against the U.S. electric grid, a recent report based on over 100 surveyed utility companies revealed alarming vulnerabilities in the nation’s energy system. The report was supported by members of the U.S. House of Representatives in an effort to bring awareness to the security gaps in the utilities sector.

Among some of the report’s key findings were:

• Attacks on the nation’s critical infrastructure – including energy – were up 68 percent from 2011
• Many utility companies reported receiving “daily,” “constant” or “frequent” cyber-attack attempts
• Among the attacks reported were phishing, malware infection, and unfriendly probes
• Most utility companies are compliant with mandatory cybersecurity standards issued by the government, but voluntary recommendations by the industry watchdog – the North America Electric Reliability Corporation (NERC) – have been ignored by many

Hello? You’ve Been Breached.

Ale Espinosa Knock, knock. Who’s there? The FBI.

The reality of the world we live and do business in has made us increasingly vulnerable to cyber threats and attacks. Perimeter security and signature-based threat detection tools can only do so much when the threat is brand new or if it morphs as it spreads out through your network, making their signature unrecognizable. Chances are, there is someone lurking in your network right now and you don’t even know it.

In fact, Verizon’s 2013 Data Breach Investigations Report revealed that approximately 70% of cyber breaches go completely undetected by organizations’ security teams, and are instead discovered by external parties like the authorities, FBI, or even the attackers themselves.

Information Security Executives Share their Perspective at the 2013 CISO/CLO Summit

Ale Espinosa This year’s Computer and Enterprise Investigations Conference (CEIC) was referred to by many of its loyal attendees as our best one yet. Running concurrently with the show was the CISO/CLO Summit, which brought together top information security and legal technology executives for a day filled with valuable panel sessions, presentations, and networking opportunities.

One of the most talked about presentations at the CISO/CLO Summit was offered by Bryan Sartin of Verizon, who gave an in-depth review of the 2013 Data Breach Investigations Report (read more about the report on one of my earlier posts). And in the spirit of survey data, we asked Summit attendees to answer a few questions for us regarding their information security concerns and challenges.

Minimizing Customer Impact with Proper Breach Assessment

Ale Espinosa

Apologies are never easy – much less when they are public. Just a couple of weeks ago, daily deal website LivingSocial contacted and issued an apology to more than 50 million of its customers whose information may have been compromised in a recent cyber-attack, according to the Daily Deal Media. Whether all 50 million were indeed compromised remains the question.

Before issuing an apology or coming out publicly with details of the breach, it is critical to know the exact size and scope of the loss and damage the attack caused. Leaving room for uncertainty behind any of the details in your communication can be assumed as poor handling of the situation or a lack of insight into what really happened.

Tools like EnCase® Cybersecurity enable you to fully understand and measure the impact of a breach – down to the exact number of files, accounts, or data accessed by the attacker – by looking into the metadata of all of the files stored in your endpoints. That way, your post-breach communications are targeted to the exact number of users it may have affected, helping you minimize any impact to your customer base or brand. Your PR team will appreciate it.

It is estimated that only half of all security breaches will require disclosure of some kind to the affected parties or to the public in general. The remaining half will only affect internal systems and data that, with the right tools, can either be caught before sensitive data is accessed or remediated and brought back to normal before it causes damage to others outside of the business -- giving new meaning to the saying "better be safe than sorry."

The Best Tool in Your Kit

Josh Beckett As security professionals, we all have to deal with real events and incidents and false positives.  Furthermore, we all need to try to minimize the impact that false positives have on our workflow so that we can focus on the real stuff. I love to use real world examples that have a parable-like quality to them in order get interesting points about security across.

A friend recently told me of an issue with someone they knew where they were requested to show their drivers license and it happened to be expired. Now, there are obviously many situations where we know this will become a problem, but there is really only one situation where this particular bit of information is actually relevant.  What is a driver's license really? It is proof of your authorization to drive a particular class of motor vehicle. If expired, it is possible that you are no longer so authorized. That is the only use case where such information is completely relevant.