High-profile ransomware attacks made headlines again last month as Garmin and Canon both suffered significant outages. Garmin’s in particular appeared to take down the majority of their public-facing systems, from the Garmin Connect app to critical aeronautical navigation services.
The media claims Garmin ended up paying a hefty multimillion-dollar ransom to unlock their infrastructure. A fine prize for the alleged perpetrators, “Evil Corp,” who supposedly used a variant known as WastedLocker to lockdown Garmin’s apps and services.
How could an organization with the resources and talent of Garmin face a multiday outage under intense scrutiny? While dodging ransomware may seem as simple as restoring a backup, in practice a large-scale attack is a major mitigation undertaking. Here are three reasons why it can take days or even weeks to recover even if you give in and pay the ransom.
Please note that Green House Data is actively tracking the spread of COVID-19, also known as the coronavirus. We have taken proactive steps, including implementing precautionary measures to ensure the safety of our personnel and to support the continuity of our operations.
This past week Green House Data employees found an invitation to connect in their LinkedIn inboxes from one Coleman Anglin, who claimed to be a Marketing Specialist at the company (unsurprisingly, no one in the marketing department received this invitation).
Of course the humorous last name of “Anglin” belies the true nature of this connection: phishing. While our security team was swift to send out a notice not to connect to this individual, the attempt highlights a growing trend of phishing attacks reaching beyond e-mail to the social media realm.
But why bother posing as a fellow employee or a friend on social media? Several employees asked what the threat could be from this seemingly innocuous connection, even if it was made in bad faith.
As we approach year-end and look forward to future tech trends, we also reflect on the lessons learned over the past year. In the information security realm, things seem to stay the same even as they change.
Pervasive and persistent threats that are hardly new to the scene have made their way past small fry to take down some of the biggest service providers around. In many ways, 2019 proved the most effective threat vectors remain the most difficult to protect against, with the crucial attack point coming in the form of people – the hardest thing to control for within your organization.
There are some newer threats to consider as well, of course. Hackers never sleep!
Here’s our lineup for the nastiest InfoSec baddies of 2019.
It’s been over a month since I attended the Gartner IT Symposium/Xpo in Orlando and I’ve spent that time really chewing on some of the great sessions and thought leadership presented at the show. Modern IT practices remain a moving target so plugging into the analyst machine every once in a while helps me get a bigger picture beyond even our day to day at Green House Data (which can be pretty diverse itself, with big pushes on DevOps and digital transformation while we balance our existing data center, cloud, and managed services pillars).
It was interesting hearing Gartner start to shift their message from “cloud is the only option” to “cloud is an option.” As cloud adoption strategies have matured we have seen this attitude shift as well, with more organizations looking multi-cloud while maintaining some on-prem systems. One presentation on public cloud costs compared to on-prem data centers really helped drive this home. The bottom line is that the cloud is not automatically cheaper or even necessarily more efficient depending on the application or purpose of the deployment.
Other major topics included how to find digital talent, as the management of human capital and IT teams continues to evolve alongside the industry, as well as one of my favorite presentations, “Are You Maximizing Your Security Operations Center,” which had a ton of great information around security.
With the symposium still fresh in mind, here is my list of where enterprise IT operations are heading in 2020 and beyond.
If your organization is large enough to have an information security manager or an entire security team, then it’s likely that any security issue or task will be pushed in their direction. That’s why you hired them, isn’t it?
Security is a specialized area of IT and it requires specific skills for a holistic approach. It is also a moving target with many components and attack vectors across your technology stack. A dedicated security team or individual, whether in-house or contracted, can therefore be valuable. But security must be a shared responsibility among every user, no matter their role.
There’s an inherent problem here and its name is Diffusion of Responsibility. When everyone has a stake in security and there are dedicated managers to boot, users could be more likely to engage in risky behavior. After all, it’s taken care of! That’s why we hired that security guy.
There are two main categories of application security testing: dynamic and static. They can be thought of as testing from the outside-in and from the inside-out, respectively.
Dynamic testing is performed as an application is running and focuses on simulating how an outside attacker might access that application and associated systems. Static testing, on the other hand, examines the code itself and related documentation, often throughout the actual development process, to try and discover potential vulnerabilities before the application reaches production.
Should you use DAST or SAST for your applications? In truth it is not an either/or situation, as DAST and SAST are complementary and evolved indivually. First let's take a look at the key differences between them.
Ransomware is a digital attack in which an executable or malicious link opened by an unsuspecting (and likely untrained) user installs a program that blocks access to applications, phone systems, and/or data until a ransom is paid. It’s been making the rounds for many years now. But only lately have hackers begun zeroing in on a specific vertical: state and local governments.
In 2019, over 22 governments have been affected by ransomware – and that number was prior to recent news breaking that an additional 22 small towns in Texas were all targeted in a single coordinated attack.
Over 200 state, county, or city government IT systems have been targeted in recent years. With thousands and thousands of cities and towns across America, that may seem like a drop in the bucket. But ransomware is becoming easier and easier to distribute and users continue fall victim; usually via phishing emails or web exploits that deliver malware without any user action outside of visiting an apparently innocuous site.
Why are governments becoming a preferred target for ransomware? And how can you improve your chances of avoiding or mitigating ransomware?
In InfoSec we continually encounter the unknown, the unfamiliar. Technology marches ever forward, application design matures, bells and whistles chime and toot. This commonly results in the InfoSec professional needing to responsibly secure technology that they don’t holistically understand. Attackers know this, for it is within those gaps in understanding that malicious activity may most readily occur and may do so without notice.
A common InfoSec response to the unfamiliar is to attempt to cover all potential angles of attack, regardless of whether they are pertinent to the technology. This is done in order to ensure that we meet both risk and governance management goals. The result of this approach is rarely better security. Rather, it typically results in unnecessarily complicated security control implementations that are neither functional (e.g., they don’t do what we want/expect them to do) nor operational (e.g., our personnel can’t adequately manage them).
How do we avoid over-complication in our security controls? We focus on the fundamentals: Preparation, Awareness, Response.
Migrating e-mail and productivity apps to the cloud is a no brainer. Continuous updates, access from anywhere, no need to manage the supporting servers and associated hardware…the benefits are clear. As with any IT outsourcing, however, careful planning around security measures is essential. And with your O365 environment exposed to the public internet, security best practices are even more important.
While securing Office 365 is an ongoing effort, there are several top priorities that should be first to be addressed after your migration.