Sunday, May 21, 2017

Week 10 Blog Post

      In week 9-10 we have created an "Action Plan" for our Harry & Mae Company. For some of you who have not encountered the Harry and Mae case study, the case is about a fictions company that  is franchising restaurants across the US.  You are given video presentations about the company, company assets, policies and procedures which you analyse for different classes you take.

  This time the assignment was to create an action plan to resolve all physical and asset vulnerabilities and harden the business after a credit card breach. As of right now my paper is about 23 pages long and covers asset identification, asset vulnerability assessments, policy and procedure review, glossary of terms used, network diagram, threat model and the action plan to resolve and mitigate vulnerabilities.


  Most fun part about the assignment was to research all the vulnerabilities associated with the assets. Example of this is below.




After the vulnerabilities were listed (lets just say there were many) the next step was to find ways to mitigate them. This was done by assigning a control to the process and addressing the vulnerability itself. Most mitigation techniques were collected from CVE MITRE.


Overall a very good assignment where students learn first hand how to find and address vulnerabilities and conduct risk assessments.

Sunday, May 14, 2017

Week 9 Blog Post

As many of you have seen in the news over the last few days a massive global ransomware attack has hit hundreds of thousands of organisations in over 150 countries. The attack was first noticed on Friday as the ransomware started propagating in a very unusual way, via worm.

So far according to the news outlets the worm was accidentally stopped when a security researcher registered the domain that was referenced in the worm code. Apparently this was the built in kill switch for the worm.

The gizmodo website contains a video showing the malware infecting a system which then continues to infect the other system in real time.

Here is the link.  Malware infection Video

Even though the worm has infected many organisations world wide the money collected from victims as of yesterday was only about $33k. There is still some concern about all the additional computers that are infected, because the companies wont know until Monday when they start them up.

Some security experts are also warning that since the developers now know how the worm was stopped they may change the kill switch and release a new version.

Be on the lookout and patch your systems.



Sunday, May 7, 2017

Week 8 Blog Post


In these last few weeks of this semester we are looking at different Cybersecurity trends for 2017. There is not much change from existing trends to be expected, unless we see some black swan effect attack that no one has ever anticipated. The trends continue to evolve around your standard malware distribution, ransomware, IOT hacking, DDoS attacks, cloud attacks, data breaches, spear phishing, mobile device security and other familiar trends.

These trends generally follow the growth in the specific market such as cloud computing or Internet of Things (IOT) growth. As more and more devices are built with capability to connect to the internet, and are built with insufficient security in mind they could and will end up getting hacked and used for other purposes. Most recent example of the Dyn attack caused by Mira botnet is a testimony to that growing trend. In this case infected IOT devices were turned into a large botnet used to bring down business and media outlet websites. The DDoS and ransomware attacks have been around for a while but will continue through 2017 as there are no real mitigation techniques to deal with such attacks on a large scale. Data breaches continue to stay in the news and will do so in 2017 as well. I personally think this is due to lack of penalties for the businesses that suffer a data breach. Currently the fines are to low and consumers only benefit they get is a free one year credit monitoring joke for their lost data. It's like consumer information experises after 12 months and becomes useless to the attackers. The SSN doesn't change, your DOB doesn't change, your mother's maiden name doesn't change so why would this information become irrelevant after a year? We need more strict penalties including cease and decist orders for companies with large data breaches. When they get scared they tend to invest more into security and pay more attention. When all they have to loose is few million dollars and bulk purchase of credit monitoring then no-one really cares that much. Mobile devices will most likely start getting hit at much larger scale with ransomware attacks as they collect more and more information on a daily basis. Mobile devices are replacing personal computers and are becoming more attractive targets with app distribution. Also lets not forget that many businesses allow for "BYOD" bring your own device to work which can also allow attackers to target businesses though the personal devices employees bring to work.

In summary we will not see a drop in different attack types this year but can expect an increase. We are also most likely to see an increase in state sponsored attacks as tensions rise between North Korea and the United States. Another emerging segment which will spill over onto cyber conflict is the rise of social movements such as antifa across the globe. This group will start emerging in the realm of cyber terrorism as more right leaning governments are elected and Europe continues to see a split between their members.

Tuesday, May 2, 2017

Week 7 Blog Post - Is the Impact of Power Grid Hacking Exaturated?

In one of my classes this past week a discussion topic of severity of power grid hacking/attack came under debate. What makes this topic so interesting is also that it appears in the news all the time and in politics. So the article by Washington Post from January named "Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say." must make you scared. Don't worry friends, I will not discuss politics this week, and the article was debunked as fake anyways.

What I wanted to share is that based on all the research I have done, the impact of power grid outages is in vast majority of cases are only short lived. This means even the most devastating power grid blackouts in U.S. history have been resolved in less then a day. The only outages that lasted longer then one to two days are tied to natural disasters such as hurricanes that have caused such damage. From the empirical and a risk perspective I cannot back up the hysteria with evidence, that a hacker caused event could trigger a long lasting power grid outage that could bring the U.S. economy down.

As I said to one of my fellow classmates if anything a brief power outage would do good for the economy. While most businesses can write off any income loss from their taxes the real benefit would be in the sale of goods to recover loss of spoiled food, generators during outage, fuel, wood, batteries and so forth. I guess you can just look at goods being sold before major hurricane strike and you should be able to predict the economic growth. I also did look at historical stock data and compared it to the dates of each of the major U.S. power grid outages and I have not seen a specific dip indicating a long term effect of any kind on the economy, as some people have claimed.

Anyways please let me know what you think?