DOCSLIB.ORG

Why Your Organization Should Treat Every Account As Privileged 2 Introduction

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

CREATE POSITION Univers 55 Roman Depth is 2x width of “I” Standard IA Light Gray “I” 2x width of “I” Space between TM and logo is 1 x “I” 1x “I” Align with top of letter or top Why Your Organization of ribbon. Should Treat Every Account as Privileged Contents PAGE INTRODUCTION 3 YOU’VE BEEN LOOKING AT PRIVILEGED ACCESS ALL WRONG 5 YOUR BUSINESS SYSTEMS AND DATA ARE LESS SECURE THAN YOU THINK 7 IMPACT OF FAILING TO ACT 11 PROTECT YOUR ORGANIZATION WITH IDENTITY-DRIVEN SECURITY BEST PRACTICES 14 GET STARTED 18 Why Your Organization Should Treat Every Account as Privileged 2 Introduction There have been a slew of major data breaches in recent years. The number of records exposed in data breaches last year alone reached 174.4 million—close to five times the The hard truth is that 36.6 million records exposed in 2016.1 any unsafe system or individual puts Every time you turn around, another organization is in the headlines for having millions of everyone at risk. records compromised. Look no further than the recent Equifax breach in which sensitive information on more than 140 million individuals was stolen. This trend is expected to continue, with data breaches and other cybercrime costing the world $6 trillion per year by 2021, up from $3 trillion annually in 2015.2 In the vast majority of data breaches, stolen credentials for privileged accounts are the prime target for hackers. In fact, Forrester estimates that 80 percent of security breaches involve privileged accounts.3 Traditional privileged accounts are IT-based and have special active directory (AD) attributes. IT administrators use them to log into servers, switches, routers, and applications and perform tasks without restriction. This level of access means these accounts pose a significant risk to your company. Once obtained by hackers, the accounts can be used to access the most sensitive data, lock out legitimate users, and create ghost accounts and back doors that are not easily seen. Legacy security systems focus on protecting these AD privileged accounts; however, there are many business accounts with privileged access to critical systems and monetizable data that fall outside of the standard definition of “privileged.” Why Your Organization Should Treat Every Account as Privileged 3 Accounts that Fall Under the Traditional Definition of a Privileged Account • Local admin accounts are typically used by IT staff to perform maintenance or set up new workstations and often have the same passwords across platforms. • Privileged user accounts give administrative privileges to one or more systems and usually have unique and complex passwords. • Domain admin accounts have privileged access across all workstations and servers on a Windows domain. If these accounts are compromised, this could have catastrophic consequences for the organization. • Emergency accounts, often called firecall or break glass accounts, give unprivileged users admin access to secure systems in an emergency. • Service accounts are privileged local or domain accounts that are used by an application or service to interact with the operating system. • Application accounts are used by applications to access databases and provide access to other applications. Why Your Organization Should Treat Every Account as Privileged 4 You’ve Been Looking at Privileged Access All Wrong The traditional definition of privileged access simply is not adequate for today’s cybersecurity threats. After all, privileged access has become much broader than just IT Your organization administrator accounts. With the business digital transformation, there are more users must adopt a zero- accessing more critical systems and sensitive data. “Privileged” today should encompass trust mindset, any account with access to monetizable data (protected health information (PHI), credit operating under the card numbers, and social security numbers) or that can cause reputation damage. assumption that all users, endpoints, So, what do you do about these accounts that don’t fall under the standard definition, but and resources are still have access to confidential and critical data? There are business-privileged roles, such untrusted and as payroll and social media manager accounts, which are not monitored by traditional AD- therefore, always need based security tools. And there are business systems and applications that require exactly to be verified. the same protection as any of their high-risk or high-value internal IT systems. The hard truth is that any unsafe system or individual puts everyone at risk. “If you have something that is valuable to hackers, they will go to any length to obtain it,” observed Larry Szebeni, president of Apex Technology Services. “It’s just a matter of finding your network’s biggest vulnerability and launching a targeted attack at the right time.”5 There are many avenues of access to your systems, and more must be done to protect all accounts, not just traditional privileged accounts. Your organization must adopt a zero-trust mindset, operating under the assumption that all users, endpoints, and resources are untrusted and therefore, always need to be verified in order to reduce the risk of a breach. If you do not broaden your understanding of privileged access, you are putting your organization at risk. Why Your Organization Should Treat Every Account as Privileged 5 The recent breach of multinational accounting and tax firm Deloitte demonstrates the risk that poorly secured business systems can pose to an organization. In this case, hackers were able to breach a server and gain access to the private emails of at least five million Deloitte clients. “The key lesson from this incident is that businesses need to do more to protect their private accounts,” said Rich Tehrani, group editor-in-chief at TMC, upon analyzing the breach. “Strong passwords need to be used at all times and enforced by IT. Also, two-step verification is imperative. If two-step verification had been used in this situation, hackers may have been unable to get inside of the network.”6 Why Your Organization Should Treat Every Account as Privileged 6 The Exception to the Role Your Business Systems and Data Are Less Secure than You Think To avoid a costly and potentially devastating data breach, here are six business systems and applications that you want to pay attention to in reviewing your access control policies. There are numerous These systems often aren’t treated with the same level of concern for security as privileged ways for hackers to accounts, even though they provide access to highly sensitive and valuable information. get into your email system. Versions might 1) EMAIL, YOUR NEW ONLINE STORAGE be out of date, and patches might not be If you were to scan all employee emails, what would you find? Most likely, you’d discover applied in a timely valuable information that you don’t want to get outside your organization. Many companies, manner, if at all. including those who regularly send and receive highly sensitive and confidential information, lack proper email security. For example, the Panamanian law firm Mossack Fonseca hadn’t updated its client login portal and webmail systems in years and failed to encrypt sensitive emails. As a result, hackers exploited these security flaws to expose 4.8 million emails and 6.5 million other confidential client files.7 There are numerous ways for hackers to get into your email systems. Versions might be out of date, and patches might not be applied in a timely manner, if at all. And most email systems do not use encryption because of the expense and hassle. And sometimes email account breaches are the result of human error, as was the case with the Russian hack of Clinton Campaign Chairman John Podesta’s email. Hackers gained access to Podesta’s email account when he supplied his password in response to a phishing email.8 The disclosure of 20,000 pages of sensitive and embarassing emails by WikiLeaks contributed to Hillary Clinton’s loss to Donald Trump in the 2016 presidential election.9 Why Your Organization Should Treat Every Account as Privileged 7 2) SOCIAL MEDIA Another security area that is often overlooked are company social media accounts, such as Twitter, LinkedIn, and Facebook. Leaving these accounts vulnerable puts your company at risk of major embarrassment and brand damage. Unfortunately, social media accounts are rarely treated with the same care as other corporate assets. Often, they are protected with just a username and password, or access is shared among multiple people. Furthermore, these accounts are often assigned to interns or entry-level marketing personnel to manage, increasing the risk of human error. As a result, there is a high risk that a hacker can gain access to or figure out an account password and begin posting things that could damage a company’s or individual’s reputation. One hacking group in particular, OurMine, has gained a reputation for taking over social media accounts by using information obtained in other public data breaches.10 Recent hacks by OurMine include HBO, Sony PlayStation, and Facebook CEO Mark Zuckerberg. In the case of Sony PlayStation, OurMine was able to take over the company’s Twitter and Facebook accounts, tweeting “PlayStation Network Databases leaked #OurMine” to the company’s millions of followers. They claimed to have also breached a confidential database, although they didn’t publish any of the information. While OurMine’s primary purpose in taking over accounts is to sell its IT security service, there is little security in place to stop more malicious groups from hacking accounts and posting damaging information or extorting individuals or companies. Why Your Organization Should Treat Every Account as Privileged 8 3) CRM AND MARKETING AUTOMATION 60 percent of Other systems that are often overlooked are customer relationship management (CRM) internal perpetrators software and marketing automation systems.
Recommended publications
  • UNITED STATES DISTRICT COURT NORTHERN DISTRICT of GEORGIA ATLANTA DIVISION in Re

    UNITED STATES DISTRICT COURT NORTHERN DISTRICT of GEORGIA ATLANTA DIVISION in Re

    Case 1:17-md-02800-TWT Document 739 Filed 07/22/19 Page 1 of 7 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION MDL Docket No. 2800 In re: Equifax Inc. Customer No. 1:17-md-2800-TWT Data Security Breach Litigation CONSUMER ACTIONS Chief Judge Thomas W. Thrash, Jr. PLAINTIFFS’ MOTION TO DIRECT NOTICE OF PROPOSED SETTLEMENT TO THE CLASS Plaintiffs move for entry of an order directing notice of the proposed class action settlement the parties to this action have reached and scheduling a hearing to approve final approval of the settlement. Plaintiffs are simultaneously filing a supporting memorandum of law and its accompanying exhibits, which include the Settlement Agreement. For the reasons set forth in that memorandum, Plaintiffs respectfully request grant the Court enter the proposed order that is attached as an exhibit to this motion. The proposed order has been approved by both Plaintiffs and Defendants. For ease of reference, the capitalized terms in this motion and the accompanying memorandum have the meaning set forth in the Settlement Agreement. Case 1:17-md-02800-TWT Document 739 Filed 07/22/19 Page 2 of 7 Respectfully submitted this 22nd day of July, 2019. /s/ Kenneth S. Canfield Kenneth S. Canfield Ga Bar No. 107744 DOFFERMYRE SHIELDS CANFIELD & KNOWLES, LLC 1355 Peachtree Street, N.E. Suite 1725 Atlanta, Georgia 30309 Tel. 404.881.8900 [email protected] /s/ Amy E. Keller Amy E. Keller DICELLO LEVITT GUTZLER LLC Ten North Dearborn Street Eleventh Floor Chicago, Illinois 60602 Tel. 312.214.7900 [email protected] /s/ Norman E.
  • Business Analytics

    Business Analytics

    SPRING 2017 Business Analytics Meeting the need for talent. PAGE 4 VIRGINIA TECH BUSINESS is published twice a year by: RANKINGS Pamplin College of Business, Virginia Tech No. 2 1030 Pamplin Hall (0209) U.S. 880 West Campus Drive Blacksburg, VA 24061 540-231-6601 No. 2 No. 7 No. 6 World www.pamplin.vt.edu Master of Evening Hospitality and Address changes: [email protected] Information Technology MBA Tourism Management Editorial inquiries and story suggestions: [email protected] U.S. News & World Report QS Top Universities In this magazine, alumni, with some exceptions, are DONNIE GRAY identified by degree and the year it was received. VIRGINIA TECH’S EVENING MBA ranking in U.S. News & World Report has improved DEAN to No. 7 among the nation’s part-time Robert T. Sumichrast MBA programs, according to the 2018 EDITOR survey released in March. It was ranked Sookhan Ho No. 16 for the previous two years. Offered DESIGN by the Pamplin College of Business, the Uncork-it, Inc. Evening MBA program serves aspiring FEATURE WRITERS business leaders in the Washington, D.C., Sookhan Ho, Dan Radmacher area with classes taught at the Northern PHOTOGRAPHERS Virginia Center, and has seen significant STUDENTS such as Mala Lal balance work, Christina O’Connor, Jim Stroup, Logan Wallace, growth in recent years. study, and family in the highly ranked Evening Oliver Meredith MBA program. ALUMNI INFORMATION Gina French, Bonnie Gilbert DISTRIBUTION MANAGER Jodi Jennings Charles Schwab Financial Planning Suite ABOUT enhances learning for business students Virginia Tech’s nationally ranked Pamplin College of JIM STROUP Business offers undergraduate and graduate programs in accounting and information systems, business information technology, economics, finance, hospitality and tourism management, management, and market- ing.
  • What Every CEO Needs to Know About Cybersecurity

    What Every CEO Needs to Know About Cybersecurity

    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
  • Cyberattack Attribution

    Cyberattack Attribution

    CYBERATTACK ATTRIBUTION A BLUEPRINT FOR PRIVATE SECTOR LEADERSHIP RESEARCH FELLOWS SENIOR RESEARCH FELLOWS Justin Collins Allison Anderson Cameron Evans Stacia Lee Chris Kim Kayley Knopf FACULTY LEAD Selma Sadzak Jessica Beyer Nicholas Steele Julia Summers Alison Wendler This report is a product of the Applied Research Program in the Henry M. Jackson School of International Studies at the University of Washington. The Applied Research Program matches teams of top-achieving Jackson School students with private and public sector organizations seeking dynamic, impactful, and internationally-minded analyses to support their strategic and operational objectives. For more information about the Applied Research Program please contact us at [email protected]. Executive Summary After three decades of development, adoption, and innovation, the Internet stands at the core of modern society. The same network that connects family and friends across the world similarly ties together all aspects of daily life, from the functioning of the global economy to the operation of governments. The digitization of daily life is the defining feature of the 21st century. While the pervasiveness of Internet-enabled technology brings significant benefits, it also brings serious threats—not only to our economy and safety, but also to our trust in computer systems.1 The Internet is central to modern life, yet major state-sponsored cyberattacks persist in disrupting Internet access and function. These attacks undermine faith in government and public trust in democratic institutions. Attribution attempts to date have been unable to deter states from building malicious code for even greater destructive capabilities. In response, we propose the formation of an attribution organization based on international private sector coordination.
  • Technical Education Landscape in the UAE: Qualifications & Opportunities

    Technical Education Landscape in the UAE: Qualifications & Opportunities

    Technical Education Landscape in the UAE: Qualifications & Opportunities GLOBAL INNOVATIONS 2013 – DOHA, QATAR Sajida H. Shroff, April 2013 Agenda • Executive Summary • UAE Parameters for Technical Education • Current Status of TECH Education in the UAE • Enrollment Growth in Vocational/Technical/Career Track Education in the UAE • UAE’s Regulatory Landscape • Proposed and (sample) Private Qualifications Frameworks in the UAE • Current Career Track Training Options in the UAE • Public and Private Providers • Gaps and Potential Programmes • Next Steps • Potential Impact • Appendices: Sources Technical Education Landscape in the UAE- updated 04Apr13 2 Executive Summary The Technical (TECH) Landscape Study identifies the current status, prospects and challenges related to the expansion of TECH offerings in Dubai • There is a need for expanded Vocational/Technical Educational Programmes in Dubai to serve the UAE and the Region • Programmes would primarily serve the Expatriate population as there is sufficient capacity for the National population • The key target market is high school graduates from the UAE and the Region who DON’T/CAN’T go to university • To mitigate the identified skills gap, the focus of VTECH Education in the UAE needs to be on ‘white collar’ “career track opportunities” • In order for these career track programmes to have credibility, a qualifications framework aligned with global best practices and enabling transferability of qualifications is necessary • Due to the negative perception surrounding Vocational/Technical Education in this region as well as current labor market practices (i.e. importing blue collar workers) – VTECH Education needs to be repositioned in the UAE Technical Education Landscape in the UAE- updated 04Apr13 3 UAE’s parameters for Technical Education & Training (TECH) have to take into account regional nuances so they should be different from the global understanding; i.e.
  • The 2014 Sony Hack and the Role of International Law

    The 2014 Sony Hack and the Role of International Law

    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
  • Attack on Sony 2014 Sammy Lui

    Attack on Sony 2014 Sammy Lui

    Attack on Sony 2014 Sammy Lui 1 Index • Overview • Timeline • Tools • Wiper Malware • Implications • Need for physical security • Employees – Accomplices? • Dangers of Cyberterrorism • Danger to Other Companies • Damage and Repercussions • Dangers of Malware • Defense • Reparations • Aftermath • Similar Attacks • Sony Attack 2011 • Target Attack • NotPetya • Sources 2 Overview • Attack lead by the Guardians of Peace hacker group • Stole huge amounts of data from Sony’s network and leaked it online on Wikileaks • Data leaks spanned over a few weeks • Threatening Sony to not release The Interview with a terrorist attack 3 Timeline • 11/24/14 - Employees find Terabytes of data stolen from computers and threat messages • 11/26/14 - Hackers post 5 Sony movies to file sharing networks • 12/1/14 - Hackers leak emails and password protected files • 12/3/14 – Hackers leak files with plaintext credentials and internal and external account credentials • 12/5/14 – Hackers release invitation along with financial data from Sony 4 Timeline • 12/07/14 – Hackers threaten several employees to sign statement disassociating themselves with Sony • 12/08/14 - Hackers threaten Sony to not release The Interview • 12/16/14 – Hackers leaks personal emails from employees. Last day of data leaks. • 12/25/14 - Sony releases The Interview to select movie theaters and online • 12/26/14 –No further messages from the hackers 5 Tools • Targeted attack • Inside attack • Wikileaks to leak data • The hackers used a Wiper malware to infiltrate and steal data from Sony employee
  • View Final Report (PDF)

    View Final Report (PDF)

    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
  • The Deloitte Global 2021 Millennial and Gen Z Survey

    The Deloitte Global 2021 Millennial and Gen Z Survey

    A call for accountability and action T HE D ELO IT T E GLOB A L 2021 M IL LE N N IA L AND GEN Z SUR V E Y 1 Contents 01 06 11 INTRODUCTION CHAPTER 1 CHAPTER 2 Impact of the COVID-19 The effect on mental health pandemic on daily life 15 27 33 CHAPTER 3 CHAPTER 4 CONCLUSION How the past year influenced Driven to act millennials’ and Gen Zs’ world outlooks 2 Introduction Millennials and Generation Zs came of age at the same time that online platforms and social media gave them the ability and power to share their opinions, influence distant people and institutions, and question authority in new ways. These forces have shaped their worldviews, values, and behaviors. Digital natives’ ability to connect, convene, and create disruption via their keyboards and smartphones has had global impact. From #MeToo to Black Lives Matter, from convening marches on climate change to the Arab Spring, from demanding eco-friendly products to challenging stakeholder capitalism, these generations are compelling real change in society and business. The lockdowns resulting from the COVID-19 pandemic curtailed millennials’ and Gen Zs’ activities but not their drive or their desire to be heard. In fact, the 2021 Deloitte Global Millennial Survey suggests that the pandemic, extreme climate events, and a charged sociopolitical atmosphere may have reinforced people’s passions and given them oxygen. 01 Urging accountability Last year’s report1 reflected the results of two Of course, that’s a generality—no group of people is surveys—one taken just before the pandemic and a homogeneous.
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
  • Episode 230: Click Here to Kill Everybody

    Episode 230: Click Here to Kill Everybody

    Episode 230: Click Here to Kill Everybody Stewart Baker: [00:00:03] Welcome to Episode 230 of The Cyberlaw Podcast brought to you by Steptoe & Johnson. We are back and full of energy. Thank you for joining us. We're lawyers talking about technology, security, privacy, and government. And if you want me to talk about hiking through the rain forest of Costa Rica and just how tough my six-year-old granddaughter is, I'm glad to do that too. But today I'm joined by our guest interviewee Bruce Schneier, an internationally renowned technologist, privacy and security guru, and the author of the new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. We'll be talking to him shortly. For the News Roundup, we have Jamil Jaffer, who's the founder of the estimable and ever-growing National Security Institute. He's also an adjunct professor at George Mason University. Welcome, Jamil. Jamil Jaffer: [00:00:57] Thanks, Stewart. Good to be here. Stewart Baker: [00:00:58] And David Kris, formerly the assistant attorney general in charge of the Justice Department's National Security Division. David, welcome. David Kris: [00:01:07] Thank, you. Good to be here. Stewart Baker: [00:01:08] And he is with his partner in their latest venture, Nate Jones, veteran of the Justice Department, the National Security Council, and Microsoft where he was an assistant general counsel. Nate, welcome. Nate Jones: [00:01:23] Thank you. Stewart Baker: [00:01:25] I'm Stewart Baker, formerly with the NSA and DHS and the host of today's program.
  • Improving PKI Solution Analysis in Case of CA Compromisation

    Improving PKI Solution Analysis in Case of CA Compromisation

    Master Game and Media Technology Improving PKI Solution analysis in case of CA compromisation Samira Zaker Soltani January 2013 Utrecht University Faculty Computer Science Deloitte Nederland Deloitte Risk Services Supervisors: Gerard Tel - Univeristy Utrecht Henk Marsman - Deloitte Nederland To my mother, for she is the reason. Abstract Creating a secure connection on the Internet is made possible through the usage of certificates, binding an entity to its public key. These certificates can be issued by any of the Certificate Authorities (CA), where each CA has the same privileges. During the last year, we have seen many CA compromises, resulting into the issuance of fraudulent certificates. Fraudulent certificates can be used, in combination with the man-in-the-middle attack, to eavesdrop the communications of Internet users. This research focuses on solutions that can remove or limit the impact of a CA com- promisation and provides a description and analysis of each solution. The solutions have been chosen through interviews and literature. Among the discussed solutions are Public Key Pinning, Sovereign Keys, Certificate Transparency, Perspectives & Convergence, DANE, and MCS. In order to identify each solution’s advantages and disadvantages, we have created a metric of aspects. The aspects have been categorized into security, usability, and costs. The focus of this research has been on security, since that is the aspect in Public Key Infrastructure we are trying to solve. The results indicate that Certificate Transparency and DANE are the most promis- ing solutions for limiting the risks of a compromised CA. Further research will be needed to complete each solution, since both solutions are not yet ready for deploy- ment.