CSOonline: Lessons learned from the Park Jin Hyok indictment

Last month the US DoJ unsealed this indictment of a North Korean spy Park Jin Hyok that they claim was behind the hacks against Sony and the creation and distribution of Wanna Cry. It is a 170+ page document that was written by Nathan Shields of the FBI’s LA office and shows the careful sequence of forensic analysis they used to figure out how various attacks were conducted. In this post for CSOonline, I talk about some of the implications for IT managers, based on the extensive details described in the indictment.

Advertisements

CSOonline: New ways to protect your AWS infrastructure

Properly testing your virtual infrastructure has been an issue almost since there were virtual VMs and AWS. Lately, the tool sets have gotten better. Part of the problem is that to adequately test your AWS installation, you need to know a lot about how it is constructed. CPUs can come and go, and storage blocks are created and destroyed in a blink of an eye. And as the number of AWS S3 data leaks rises, there have to better ways to protect things. Rhino Security and Amazon both offer tools to improve visibility into your AWS cloud environments, making it easier to find configuration errors and vulnerabilities.I write about Pacu and CloudGoat tools as well as various AWS services to test your VMs in my article from CSOonline here.

Internet Protocol Journal: Understanding fileless malware

I have written for this excellent 20 year-old publication occasionally. My article in this issue is about fileless malware.

Malware authors have gotten more clever and sneaky over time to make their code more difficult to detect and prevent. One of the more worrying recent developments
goes under the name “fileless.” There is reason to worry because these kinds of attacks can do more damage and the malware can persist on your computers and networks for weeks or months until they are finally neutralized. Let’s talk about what this malware is and how to understand it better so we can try to stop it from entering our
networks to begin with. Usually, the goal of most malware is to leave something behind on one of your endpoints: one or more files that contain an executable program that can damage your computer, corral your PC as part of a botnet, or make copies of sensitive data and move them to an external repository. Over the years, various detection products have gotten better at finding these residues, as they are called, and blocking them.

You can read my article here, along with other fine pieces on the state of the Internet in this month’s edition.

In-house blogging at RSA Archer Summit in Nashville

Last week I was in Nashville, covering the RSA Archer Summit conference. Here are my posts about the show:

RSA Archer blog: LEAVE THE STONE AGE (AND SPREADSHEET) BEHIND

When I asked RSA Archer VP David Walter who was their competition, he told me earnestly it was the simple spreadsheet. I believe him, especially after what I have seen what people do with spreadsheets over the years that I have been a tech reporter.

Dan Bricklin and Bob Frankston invented the electronic spreadsheet with VisiCalc for the Apple II in 1979. It wasn’t long after that when I began using it on an HP 85 running CPM to build mathematical models working at various jobs in DC. That was a sweet machine, with its three-inch monochrome monitor and all 8K of RAM. Then Lotus 1-2-3 and the IBM PC came along making spreadsheets the go-to general business tool.

It has surprising staying power, given the software has essentially had the same user interface for more than 30 years. In this post for the RSA blog, I talk about the drawbacks of spreadsheets and give four reasons why you want something better for integrated risk management

 

CSO Online: Mastering email security with DMARC, SPF and DKIM

Phishing and email spam are the biggest opportunities for hackers to enter the network. If a single user clicks on some malicious email attachment, it can compromise an entire enterprise with ransomware, cryptojacking scripts, data leakages, or privilege escalation exploits. Despite making some progress, a trio of email security protocols has seen a rocky road of deployment in the past year. Going by their acronyms SPF, DKIM and DMARC, the three are difficult to configure and require careful study to understand how they inter-relate and complement each other with their protective features. The effort, however, is worth the investment in learning how to use them.

In this story for CSO Online, I explain the trio and how to get them setup properly across your email infrastructure. Spoiler alert: it isn’t easy and it will take some time.

The story has been updated and expanded since I first wrote about it earlier this year, to include some new surveys about the use of these protocols.

RSA Blog: New ways to manage digital risk

Organizations are becoming increasingly digital in their operations, products and services offerings, as well as with their business methods. This means they are introducing more technology into their environment. At the same time, they have shrunk their IT shops – in particular, their infosec teams – and have less visibility into their environment and operations. While they are trying to do more with fewer staff, they are also falling behind in terms of tracking potential security alerts and understanding how attackers enter their networks. Unfortunately, threats are more complex as criminals use a variety of paths such as web, email, mobile, cloud, and native Windows exploits to insert malware and steal a company’s data and funds.

In this post for RSA’s blog, I talk about how organizations have to become better at managing their digital risk through using more advanced security and information event management systems and adaptive authentication tools. Both of these use more continuous detection mechanisms to monitor network and user behaviors.