Tech Friday with Dave Hatter- January 10th 2020 - SPONSORED BY INTRUST IT

  • Hackers will be the weapon of choice for governments in 2020:
    • Cybersecurity plays a mission-critical role in each organization and for society-at-large
    • Cyber capabilities are expanding and nation-states are using these capabilities for espionage and warefare
    • Nation state actors are known as Advanced Persistent Threats (APTs) and first tier APTs include Israel, the UK, Russia, China, Iran and North Koreans
    • Thanks to the increasingly interconnected nature of our technology and our dependence on it, cyberattacks have the potential affect us all directly and indirectly
    • This is especially true in this presidential election year
    • Iranian leadership and several affiliated violent extremist organizations publicly stated they intend to retaliate after the recent drone attack and have done so physically
    • DHS Said: “Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber-enabled attacks against a range of US- based targets,”
    • "Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States." - DHS
    • "Iran has a very sophisticated broad spectrum of capabilities able to target critical national infrastructure, financial institutions, education establishments, manufacturers and more," Philip Ingram, a former colonel in British military intelligence
    • Ingram says Iran "has a first world cyberattack capability"
    • Iran has been building its cyberwarfare capabilities since 2010, when the Stuxnet virus impacted its nuclear program by destroying uranium enriching centrifuges
    • Iran is known to have attacked financial institutions and probed the defenses of critical infrastructure:
      • In 2015, they caused a power outage in Turkey that lasted more than 12 hours
      • Iran has been accused of attacking the Saudi Aramco oil company in 2017 with Shamoon, a "Wiper" virus that did significant damage
      • In December 2018, Italian oil company Saipem was targeted by hackers utilizing a modified version of Shamoon
      • In 2019, Iranian hackers were discovered hacking employees at major manufacturers and operators of industrial control systems used by power grids, manufacturing and oil refineries
      • Late 2011 to Mid-2013 were DDoS attacks targeting the US financial sector
      • August/September 2013, Unauthorized access to dam in New York state was found
      • February 2014, the Sands Las Vegas Corporation was hacked
    • This past Saturday, American Federal Depository Library Program (FDLP) website was defaced with an image of Preident Trump being punched. It appears to be, but not proven to be Iran
    • On January 7th, Texas Gov. Greg Abbott said the Texas Department of Information Resources has seen attempted cyberattacks state agency networks at the rate of about 10,000 per minute emanating from Iran
    • The increase Iranian attacks as spiked in the last 48 hours, and Amanda Crawford, the executive director of the Department of Information Resources has said none have yet been successful
    • Attacks could be launched against businesses, governments, individuals or some combination of all of the above
    • Javvad Malik, security awareness advocate at KnowBe4 predicts that other actors could launch attacks "and try to attribute them to Iran in order to muddy the waters"
    • The US CERT [Computer Emergency Readiness Team]’s has warned that thus far, the standard Iranian attacks are phishing and password spraying
    • A significant cyberattack that can be concretely attributed to any actor could result in a kinetic response
    • US defense efforts have been improved by a recent leak of Iran's cyber operations the darkweb according to Charity Wright, a former National Security Agency who is now at IntSights
    • Check Point said "In many cases, critical power and water distribution infrastructure uses older technology that is vulnerable to remote exploitation because upgrading it risks service interruptions and downtime"
    • Critical infrastructure operators must remain vigilant and utilize best practices including air-gapping, firewalls, endpoint protections, intrusion detection and prevention, log monitor, security-in-depth and training employees to spot and report social engineering and potential insider threats
    • Everyone should be extra vigilant and extra skeptical
    • Given the current climate, it’s a good time to fortify your defenses
    • Good sources of cybersecurity related information include:
    • DHS bulletin:https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf
    • CISA Alert:https://www.us-cert.gov/ncas/alerts/aa20-006a
  • Gathering intelligence on critical infrastructure, and yours too:
    • "Critical infrastructure" can be hard to define, but in general are things that are considered essential for society and national economy
    • DHS has defined 16 critical infrastructure sectors
    • DHS and other government agencies and security experts have indicated that critical infrastructure should be secured
    • OSINT (Open Source Intelligence) can be used to gather intelligence on a country’s critical asset and is typically the first step in a targeted cyberattack
    • OSINT is passive, the target is not aware of the data being gathered
    • Tools like Shodan make it easy
    • When infrastructure and devices are built without security in mind, they are easy prey for cyberattacks and espionage
    • As systems get increasingly interconnected, cyberattacks can cause damage in the real world, we've seen it with Stuxnet
  • The secret tech that lets government agencies data from our apps:
    • Law enforcement investigations still frequently rely on the data stored on mobile phones
    • In many cases, it's the data that is stored in the cloud that is more valuable than that stored on the phone
    • In their in their Annual Trend Survey, Cellebrite, a surveillance technology vendor, noted that in approximately half of all investigations, cloud data "appears" and that "[t]ypically, this data involves social media or application data that does not reside on the physical device."
    • Law enforcement is turning to "cloud extraction" to access data stored on third-party servers often to back up data
    • Cloud extraction goes even further granting access not only to data in the phone but a data accessible from it
    • Examples include OneDrive, Dropbox, Twitter, Facebook, Google, Instragram, Uber, etc.
    • Some experts estimate that by 2025, 49 percent of data will be stored in public cloud environments
    • Data stored in the cloud is a potential goldmine for investigators
    • The purported capabilities of the companies providing this software are disturbing
    • Cellebrite’s Cloud Analyser, for example, claims to “extract, preserve and analyze public domain and private social media data, instant messaging, file storage, web-pages and other cloud-based content using a forensically sound process”. 
    • Privacy International has raised concerns over mobile phone extraction and has highlighted the lack of effective privacy and security safeguards
    • There should be transparency and accountability with respect to new forms of technology they law enforcement uses
    • I encourage everyone to read this important article from Privacy International:https://privacyinternational.org/long-read/3300/cloud-extraction-technology-secret-tech-lets-government-agencies-collect-masses-data

55KRC · THE Talk Station in Cincinnati

Listen Now on iHeartRadio

outbrain pixel