Defend Rather than attack ..when unfazed with Advanced Attacks

To hold your own against nation-state-grade attacks, you must think and act differently.
It used to be that when cyber professionals heard the term “nation-state,” a clear picture came to mind of countries — China, Russia, Iran, North Korea, and even the US — hiding behind the computer using keyboard strokes to attack one another’s critical infrastructure, banking systems, utilities, and more.

A slight but important shift on that term is changing what businesses deal with daily. Nation-state-grade attacks use the same tools and techniques that countries employ to attack each other, but might not be state-sponsored. This puts businesses of all shapes, sizes, and focuses square in the crosshairs of highly sophisticated attacks.

Upping the Game

When Shadow Brokers, a mysterious hacking group that first appeared in summer 2016, published cyber tools created by the National Security Agency (NSA), the nation-state game changed. No longer was it only that countries were directly attacking each other or sponsoring attackers to do so on their behalf.

Now these tools that are capable of creating chaos, cost tens of millions of dollars to develop, and were used only by the most sophisticated cyber pros in the world were available for a few hundred dollars on the Dark Web. Hackers with less skill are able to up their game by easily purchasing and using these highly advanced tools against business targets of all sizes. In short, nation-state hacking tools have created nation-state level attackers and increased the threat against any business in any market in the world.

Defending Like an Attacker

Organizations today use cyber best practices and are compliant where they need to be — important steps that are not providing enough security. Our cybersecurity budgets are no longer never-ending, which requires us to be efficient and smart. We must prioritize our programs in a way that allows us to take calculated risks. And the only way to do that is to think like an attacker.

To do so, we have to figure out how to be less vulnerable, period. By putting up the right defense, we can exhaust the attackers so they move on. While it’s important to be as secure as possible, what’s more valuable is to be more secure than other businesses. An attacker is going to take the path of least resistance; if you can block enough holes to frustrate him/her, the likelihood they will move on to another target increases.

We need to take the normal considerations into account — things like vulnerability, budget, business impact analyses, etc. — but also need to understand how our holes and weaknesses come together to help attackers achieve their objectives. It’s only then that we can look at those weaknesses in contact and resolve them in a meaningful way.

Specific Set of Cyber Skills

It sounds simple to think like an attacker, but it’s an extremely difficult task that requires a specific set of skills. I’ve broken it down into four elements a typical organization should put in place to not only prevail against nation-state-grade attacks but become the new wave of cyber sophistication themselves:

Build your team.

If possible, hire highly sophisticated people to your own cybersecurity team that were formerly attackers or part of a nation-state intelligence organization. This can be challenging given that only a small percentage of US government attackers leave before retirement, and those that do are extremely expensive.

Create a “defender offensive” methodology.

This approach must come from an attacker’s point of view. It’s not enough to just identify holes or weaknesses. You have to have a plan for how to prioritize those issues so you can focus on — and solve — the ones that make you the most vulnerable. If your team comes up with 100 vulnerabilities and prioritizes them equally, nothing is going to be resolved in a meaningful way.

Think holistically.

Treat your organization as the complex entity it is. The cybersecurity team must think holistically and partner with various departments such as HR and supply chain to understand as many risks as possible.

Automate where you can.

Relieving the mundane day-to-day work that your security analysts experience every day is the goal of automation. By automating what you can, you can focus your human defenders on squashing threats from your human attackers.

VDI… Powerful when it comes with HCI & Edge

As more and more businesses realise the key benefits that virtual desktop infrastructure (VDI) offers, the market for these solutions has seen relatively steady growth. More recently, this growth is being driven by the sudden need for optimized remote workforces, caused by the global coronavirus pandemic. In fact, a recent Gartner survey found that 74% of CFOs questioned intend to shift some employees to remote work permanently after the crisis.

With its capabilities to streamline the management, deployment, and maintenance of endpoints, VDI demonstrated great promise when it first hit the market. It also provided the ability to reduce hardware spend and cut the three-year refresh cycle, which made it a great choice from a technological standpoint. VDI also had many experience focused benefits, making it a viable choice for end-users. These included the fact that the end-user could now obtain the same desktop experience from anywhere (regardless of hardware device), as well as increased backup, security and greater productivity rates.

There were, however, a few downsides to VDI. One of these was its large licensing fees, which was due to the bulky, complicated, and costly backend IT infrastructure it required. VDI also required lock-in to vendor hardware, which, added with the licensing fees, drove up acquisition prices. Consequently, VDI was not adopted in large enterprises at the rate predicted.

However, more recently, the combination of hyperconverged infrastructure and the emergence of edge computing has shaken up existing VDI technologies to make them far better suited. So, what is it about these technologies that makes them a great formula?

Introducing HCI and edge

Not too long ago it seemed that VDI had run its course, but the arrival of edge computing and hyperconverged infrastructures (HCI) turned that around. These innovations made deploying VDI easy and practical, eliminating the need for highly specialized skills and allowing for tasks such as software and anti-virus updates for each user to be managed and maintained remotely. Rolling out a hyperconverged edge computing solution is practical for hundreds of users, even when they are supported by small IT teams. It’s a technology that doesn’t require specialist knowledge, other than a few hours of training.

Thanks to the centralization of mundane tasks, IT teams had more time and were better equipped to handle crises. The addition of edge computing systems meant that integrated and automated disaster recovery (DR) capabilities became available, and replication, snapshot scheduling, and file-level recovery could easily be implemented to help with data recovery.

These innovations have brought a long list of benefits to their end-users, including: easy log-in between different machines; the ability to secure data on the edge of the network; easy recoverability; rapid configuration of a substitute machine; higher availability; and reduced downtime risks. Due to the fact that the machines used store and process data at the point of creation, edge computing also eliminated latency and bottleneck issues.

Keeping security top of mind

With a VDI deployment running on a hyperconverged edge computing solution, users are able to log-on securely to any machine on the network. They can then access their emails, files and applications as usual. They aren’t limited to PC terminals, they load their personal desktop or applications on their smart phone or tablet, significantly boosting workforce agility.

Regardless of location, IT teams can remotely monitor user profiles, and receive automated alerts which help to identify potentially suspicious activity or log inactive users out. A VDI deployment can also offer a cost-effective and secure method to extend network access beyond the office walls to provide remote access to employees wherever they are located.

For a large percentage of businesses, the security and admin challenges associated with managing BYODs are considerable. In many organisations, managing BYODs has considerable security and admin challenges. However, by integrating BYODs onto an officially sanctioned VDI environment, employee mobiles and tablets can be more effectively protected from potential security risks, so information is better secured from accidental disclosure and loss.

The full potential of VDI

With the help of edge innovation, VDI is now readily available to many businesses, being affordable to deploy, as well as offers the ability to improve workforce agility. It offers a cost-effective and secure method to extend network access beyond the office building. While the initial flaws of VDI (such as high-cost, complicated software licensing and weak network connections) once made the exciting solution seem like nothing more than a pipe-dream, the introduction of edge computing and HCI have allowed for companies to truly benefit from it.

As we continue to see the increase in the remote work % , VDI Industry is booming and will become a cutting edge…with HCI

Cloud Security war room ..Getting premium as Defaults.

Microsoft and Google have announced updates to their respective virtual-machine (VM) instances for highly confidential information to be processed in Microsoft Azure and Google Compute Engine.

Microsoft has moved its Azure DCsv2-Series VMs to general availability. The VMs feature hardware-based trusted execution environments (TEE) that are based on Intel’s SGX or Software Guard eXtensions.

TEEs – also known as secure enclaves – are isolated from the host operating system and hypervisor, and are located in a part of the CPU with its own memory.

People with physical access to hypervisor cloud servers, such as a cloud admin or workers in a data center, can’t access data actively being processed in a TEE. It offers an additional protection to encryption of data at rest and in transit.

While SGX makes it very difficult to run malware in a secure enclave, researchers have found ways a person with physical access can tamper with data stored inside SGX.

The feature is likely to be of interest to private sector and government organisations that process financial data, healthcare and intelligence data.

“By combining the scalability of the cloud and ability to encrypt data while in use, new scenarios are possible now in Azure, like confidential multi-party computation where different organisations combine their datasets for compute-intensive analysis without being able to access each other’s data,”

Google meanwhile this week made its Unified Extensible Firmware Interface (UEFI) and Shielded VM the default for all Google Compute Engine users for free. The feature helps ensure that VMs boot with a verified bootloader and kernel.

The Shielded VM offers protection from malicious guest system firmware, UEFI extensions, and drivers; a persistent boot and kernel compromise in the guest OS; and VM-based secret exfiltration and replay.

Shielded VM is available for customers using CentOS, Google’s Container-Optimized OS, CoreOS, Debian, RHEL, Ubuntu, SUSE Linux Enterprise Server, Windows Server, and SQL Server on Windows Server images.

Zoom gone.. Now it’s time for Teams………

Teams collaboration

The flaw, which researchers said was fixed prior to yesterday’s announcement, could lead to widespread data-theft campaigns, compromised credentials, ransomware attacks and even corporate espionage.

A critical security vulnerability” in Microsoft Teams, a popular workplace collaboration platform that has seen its daily active users more than double to a total of 44 million in recent months.

The flaw, which researchers said was fixed prior to Monday’s announcement, could lead to widespread data-theft campaigns, compromised credentials, ransomware attacks and even corporate espionage.
It was found that leveraging a compromised Microsoft Teams subdomain enabled attackers to send a malicious GIF image to their target, scrape the user’s data and ultimately take over an entire roster of accounts belonging to an organization.

Researchers said the victim only needs to see the malicious image, which seems innocuous, to be attacked. The vulnerability could attack every user running Microsoft Teams for desktop or via a Web browser.
“One of the biggest and the scariest things about this vulnerability is that it can be spread automatically, just like a worm virus,”.“The fact that the victim needs only to see the crafted message to be impacted is a nightmare from a security perspective. Every account that could have been impacted by this vulnerability could also have been a spreading point to all other company accounts.”

CyberArk said it had worked with the Microsoft Security Research Center through its Coordinated Vulnerability Disclosure process to fix the flaw. The vulnerable subdomains were quickly reconfigured, a patch was issued on April 20, and Microsoft is continuing to develop security features to prevent similar flaws.

“In times of remote working – as companies continue to rely on technologies like Microsoft Teams, Zoom and others to stay connected with employees, customers and partners – more information is being passed back and forth more than ever,”.

“The amount of data that goes into these applications is enormous, making them prime targets for attackers,” they said. “Vulnerabilities like this can put sensitive data, credentials and conversations at risk.”
Tags cyber security israel cyber security Microsoft hack