Security Security
Total Page:16
File Type:pdf, Size:1020Kb
network SECURITY ISSN 1353-4858 JuneJuly 2017 2020 www.networksecuritynewsletter.com Featured in this issue: Contents How data can be the lingua franca for security and IT NEWS takeholder engagement, expecta- effective systems. But while they may Russian nation-state attackers target Exim mail servers 1 Stion management and cross-team be looking at the same raw information, Network and web app attacks increase 2 communications are among the most their interpretations can be wildly dif- Scammers exploit Covid-19 measures 3 challenging aspects of business. And ferent. Some form of automated data FEATURES all of these come together in a unique analysis can help get both teams on the How data can be the lingua franca confluence for security teams. same page, argues Dr Leila Powell of for security and IT 6 IT and security teams are both aim- Panaseer. IT and security teams are both aiming for the same goal – secure and effective systems. But their priori- ing for the same goal – secure and Full story on page 6… ties often differ. While they may be looking at the same raw information, their interpretations can be wildly different. Some form of automated data Keeping a secure hold on data through modern analysis can help get both teams on the same page, electronic content management argues Dr Leila Powell of Panaseer. Keeping a secure hold on data ompanies are attempting to deal through modern electronic content tent or to ensure that data is stored in the management 8 Cwith a tidal wave of data. And a right way. Companies need to gain a tight Companies are attempting to deal with a tidal wave lack of integration inside a business rein on their digital assets and institute a of data. And a lack of integration inside a business can promote the dangerous phenomenon of content can promote the dangerous phenom- rigid content management system to keep sprawl. Companies need to keep a tight rein on their enon of content sprawl. digital assets and institute a rigid content manage- up with the data explosion. But that can ment system to keep up with the data explosion. This occurs when different departments be easier said than done, explains Paul But that can be easier said than done, explains Paul do not harmonise their processes and Hampton of Alfresco. Hampton of Alfresco. there is no plan to address outdated con- Keeping critical assets safe when Full story on page 8… teleworking is the new norm 11 The Covid-19 pandemic has led to an explosion of Keeping critical assets safe when teleworking is the remote working. And this brings with it some fresh challenges – not least the need to safeguard critical new norm corporate assets within an information security landscape that has been profoundly altered, almost he Covid-19 pandemic has upended none of these is more important than the overnight, says Gus Evangelakos of XM Cyber. Talmost every aspect of our lives – and need to safeguard critical corporate assets Safeguarding against the insider threat 14 work is no exception. Remote working within an information security landscape Data breaches are on the rise and a significant proportion of the threat comes from insiders. Some has suddenly become the norm for many. that has been profoundly altered, almost breaches are malicious but many are simply acciden- There are many advantages to remote overnight, says Gus Evangelakos of XM tal. To manage the insider threat, organisations must ensure that identity is at the heart of cyber security working. Yet our new professional reality Cyber. and compliance risk assessment monitoring, says also comes with fresh challenges. Perhaps Full story on page 11… Ben Bulpett of SailPoint. Keep security top of mind when moving into the cloud 17 Russian nation-state attackers target Exim Cloud adoption is soaring. However, as Thomas Deighton of Westcon and Michael Wakefield of mail servers Check Point warn, the defence of sensitive data and he US National Security Agency Russian activity as we approach anoth- information is no less important when it is in the cloud than on premise. It is vital for businesses look- T(NSA) has issued a warning stat- er US presidential election. ing to make the move into the cloud to understand ing that Russian nation-state attackers Since at least August 2019, the so-called why and how it has become so popular and the importance of securing it. belonging to a military intelligence Sandworm Team has been launching ThreatWatch 3 agency are actively exploiting a weak- attackers against Exim mail transfer agent Report Analysis 4 ness in Exim mail servers. The purpose (MTA) installations, taking advantage of News in brief 5 of the attacks is unclear but many a known flaw (CVE-2019-10149). The Firewall 20 commentators have noted increased Continued one page 2... Events 20 ISSN 1353-4858/101353-4858/20 © 20112020 Elsevier Ltd. All rights reserved This journalpublication and andthe individualthe individual contributions contributions contained contained in it inare it protectedare protected under under copyright copyright by Elsevier by Elsevier Ltd, Ltd,and andthe followingthe following terms terms and andconditions conditions apply apply to their to their use: use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. NEWS ...Continued from front page an estimated $10bn in damage world- Editorial Office: The vulnerability was patched last year, wide in 2017, campaigns against NATO Editorial Office: Elsevier Ltd Elsevier Ltd but many organisations are reluctant to members and European governments The Boulevard, Langford Lane, Kidlington, The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, United Kingdom patch mail servers because of the potential in 2019 and attacks on several US state Oxford, OX5 1GB, United Kingdom Fax: +44 (0)1865 843973 disruption. election boards leading up to the 2016 Tel: +44 1865 843239 Web: www.networksecuritynewsletter.com Web: www.networksecuritynewsletter.com The NSA said: “The Russian presidential election. Publisher: Greg Valero actors, part of the General Staff Main The NSA has identified two IP addresses Publishing Director: Sarah Jenkins E-mail: g.valero@elsevier.com Intelligence Directorate’s (GRU) – 95.216.13.196 and 103.94.157.5 – and Editor:Editor: Steve Steve Mansfield-Devine Mansfield-Devine Main Centre for Special Technologies one domain, hostapp.be, that seem to be E-mail:E-mail: smd@contrarisk.com smd@contrarisk.com (GTsST), have used this exploit to add associated with the attacks. It encourages Senior Editor: Sarah Gordon privileged users, disable network security organisations to search their logs for these InternationalColumnists: EditoralIan Goslin, Advisory Karen Renaud, Board: Dario Forte, DaveEdward Spence, Amoroso, Colin AT&T Tankard Bell Laboratories; settings and execute additional scripts as possible indicators of compromise. FredInternational Cohen, Fred Cohen Editoral & Associates; Advisory Jon David,Board: The for further network exploitation.” “The election is right around the corner Fortress;Dario BillForte, Hancock, Edward Exodus Amoroso, Communications; AT&T Bell Laboratories; Ken Lindup, ConsultantFred Cohen, at Cylink; Fred CohenDennis & Longley, Associates; Queensland Jon David, University The The exploit starts with nothing more and this is an actor that was involved in the ofFortress; Technology; Bill Hancock, Tim Myers, Exodus Novell; Communications; Tom Mulhall; Padget Ken than a specially crafted email being sent to 2016 incidents,” John Hultquist, director of Lindup,Petterson, Consultant Martin Marietta;at Cylink; EugeneDennis Longley,Schultz, Hightower;Queensland EugeneUniversity Spafford, of Technology; Purdue University; Tim Myers, Winn Novell; Schwartau, Tom Mulhall; Inter.Pact the server. “The actors exploited victims intelligence at FireEye, told Wired. “We’re PadgetProduction Petterson, Support Martin Marietta; Manager: Eugene Lin Schultz,Lucas using Exim software on their public- very concerned they’ll be involved again in Hightower;E-mail: Eugene l.lucas@elsevier.com Spafford, Purdue University; Winn Schwartau, Inter.Pact facing MTAs by sending a command in this election. This is an actor that’s been SubscriptionProduction Information Support Manager: Lin Lucas the ‘MAIL FROM’ field of an SMTP involved in election-related hacking in the An annual subscriptionE-mail: tol.lucas@elsevier.com Network Security includes 12 (Simple Mail Transfer Protocol) message,” past and the most important, destructive issues and online access for up to 5 users. Prices: the NSA explained. The attackers then attack in history. Any development involv- Subscription Information E1112 for all European countries & Iran An annual subscription to Network Security includes 12 US$1244 for all countries except Europe and Japan download a shell to provide them with ing them is worth watching.” issues and online access for up to 5 users. ¥147 525 for Japan Subscriptions run for 12 months, from the date additional control, which can ultimately The NSA is urging all users of Exim (Prices valid until 31 July 2017) payment is received. To subscribe send payment to the address above. include full control over the server.