Sunday, October 31, 2021

Nuclear Ransomware 3.0

I follow a lot of material from KnowBe4. They provide really good training for enterprises covering social engineering attacks.
Hopefully, I'm personally beyond that risk. At least I passed all the KnowBe4 classes I just took.

Recently KnowBe4's Roger Grimes posted an article on "Nuclear Ransomware 3.0."

We all know what ransomware started out doing.

He described Nuclear Ransomware 2.0 as "Quintuple Extortion."

The five elements were:
  • Stealing Intellectual Property/Data
  • Stealing Every Credential It Can - Business, Employee, Personal, Customer
  • Threatening Victim’s Employees and Customers
  • Using Stolen Data to Spear Phish Partners and Customers
  • Publicly Shaming Victims
Those are bad enough.

Then he went on to suggest what Nuclear Ransomware 3.0 would consist of:
  • Selling exfiltrated data
  • Selling exfiltrated stolen credentials
  • Selling initial access
  • Stealing money from bank and stock accounts
  • Personal extortion against individuals
  • Hacking for hire
  • Selling lead lists from stolen customer data
  • Business email compromise scams
  • Installing adware
  • Launching DDoS attacks
  • Crypto mining
  • Creating rentable botnets
  • Sending spam emails
  • Resource renting
  • Acting as proxy sites for other attacks
  • Anything else they can think of to generate revenue

And some of these are already emerging. If you haven't heard of Initial Access Brokers (IABs), read this.

Sunday, October 24, 2021

Top 5 Cyber Threats

Trend Micro shared a study in July 2021 on Cyber Risk Index.

There's a lot of comparison of risks across geographic regions, e.g. North America, Latin/South Americas, Europe, Asia-Pacific.

North America had the highest risk when Trend Micro compared regions' preparedness to the threat index.

While there's a lot to worry about there, to me the actionable topics are what Trend Micro called the "Top 5 Cyber Threats".

North America
  1. Phishing and social engineering
  2. Clickjacking
  3. Ransomware
  4. Man-in-the-middle attack
  5. Fileless attack
Make that your "to do" list.

Sunday, October 17, 2021

8 Inches vs 12 Inches

Ok, get your minds out of the gutter. I'm talking about silicon wafers.

We've all heard about car and truck production being impacted by chip shortages.

Why? I could have never guessed.

It turns out that automotive chips are fabricated on 200mm (8 in.) silicon wafers. Current wafer technology is 300mm (12 in.).

The use of chips in automobiles is booming so demand for 200mm wafers is increasing.

But the manufacturers of the wafer production technology are focusing on 300mm wafers.

This has caused a crunch in manufacturing of 200mm wafers.
As one headline from December (2020) read, "8-inch wafer capacity is in short supply to unimaginable levels", with the article stating "wafer production capacity is so tight that customers' demand for production capacity has reached a panic level." And that from mid 2021 "to the second half of 2022, the logic and DRAM markets will be out of stock."
ExtremeTech reported:
200mm was supposed to fade away as 300mm came online, and that worked from 2007 - 2014, ... 200mm capacity has gotten difficult to book. Large foundries like TSMC have been slow to add new 200mm capacity ...
Even the IEEE weighed in:
Despite the auto industry's desperation, there's no great rush to build new 200-mm fabs.
So, maybe the automotive industry could just move to 300mm wafers.
For automotive products from specification to PPAP would be more like 24 to 36 months, again depending on the complexity.
There's not going to be a quick fix.

Here's the only good news I've found around this:
Stop-start technology will be gone for now from non-diesel versions of Cadillac Escalade; Chevy Tahoe, Suburban, and Silverado; plus GMC Sierra and Yukon.

Sunday, October 10, 2021

Plan Z

Facebook had a bad day recently. And the next day wasn't too good either.

I've posted a couple of times (here and here) about my "Plan Z."

I've also posted several times (here, here, and here) about WFH risks.

Apparently Facebook doesn't read my blog.

Somebody at Facebook made a mistake. People make mistakes. That will happen.

What happened (or rather what didn't happen) next is the issue.

The Daily Mail had a good recap of the series of problems.
But the repair was delayed, according a purported insider, because of 'lower staffing in data centers due to pandemic measures', ...
There's the "WFH risk." And no Plan A.
Kieron Harding, an IT Infrastructure Engineer at GRC International Group, told 'The nature of the problem meant Facebook would have needed network engineers to physically access their BGP routers - and due to the pandemic, some of the data centers quite possibly don't have an engineer based on site, or someone who could have immediately started to work on the problem.'
"Facebook would have needed network engineers to physically access their BGP routers," Facebook didn't have a Plan B.
... the misconfiguration of the BGP also affected Facebook's physical door access systems
Facebook didn't have a Plan C.

You have to have a plan all the way down to Plan Z.

Be prepared.

Sunday, October 03, 2021

Microsegmentation Discovery

In my previous post on Microsegmentation, my closing comment was:
Labeling of assets is critical along with a comprehensive understanding of the applications relationships and dependencies.

In HP Enterprise's article on microsegmentation they said:
The smaller the segments, the more likely that security policies and controls can break normal interactions. So it's crucial to first get a lay of the land through a robust discovery process that uncovers what devices and applications are running on the network and then maps their data and traffic flows.
At a recent lunch with a network architect, he related how they had bought and implemented all the hardware for microsegmentation. But nobody would step up to the "robust discovery process" necessary. The microsegmentation capabilities of the equipment were never implemented. Eventually their hardware's capacity was exceeded and they were replaced.

What a shame.

Make sure that your microsegmentation project has not only the financial capital but the political capital to succeed.