THE MAGAZINE FOR SECURITY & TECHNOLOGY PROFESSIONALS | www.cyberriskleaders.com Issue 7, 2021
What are the hot tech trends for 2022?
Shields Up – Cyber agencies issue High Alerts Ukraine cyberattack prior to Russian invasion Scammers take advantage of Ukrainian conflict
AI With Everything – The future of artificial intelligence in networking Exploring the Myths of Zero Trust
Asia Most Cyberattacked Region
Bug Alert - Critical vulnerability alerting system
Ransomware’s attacks increase 232%
ECURITY S R E B Y C & E M I R AI, C
PLUS
Tech & Sec weekly highlights
UNDER THE PATRONAGE OF HIS HIGHNESS SHEIKH MOHAMMED BIN RASHID AL MAKTOUM VICE PRESIDENT AND PRIME MINISTER OF THE UNITED ARAB EMIRATES AND RULER OF DUBAI
SMART. SECURE. TOGETHER
14 - 17 MARCH 2022 DUBAI EXHIBITION CENTRE - EXPO 2020, DUBAI
REDEFINING POLICING AND LAW ENFORCEMENT FOR A SAFER AND SECURE WORLD 10,000
50+
150+
2,000+
VISITORS
CHIEFS OF POLICE
EXHIBITORS
CONFERENCE DELEGATES
CONFERENCES • CRIME PREVENTION • DRONES • FORENSIC SCIENCE • ANTI-NARCOTICS • POLICE INNOVATION & RESILIENCE • K9
REGISTER NOW
www.worldpolicesummit.com @Worldpolicesummit
@policesummit
App now available
on iTunes &
DOWNLOAD NOW!
www.cyberriskleaders.com
Contents Contents Movers and Shakers
Director David Matrai Art Director Stefan Babij
8
Shields Up - Cyber agencies issue High Alerts
Director & Executive Editor Chris Cubbage
10
Bug Alert - Critical vulnerability alerting system
11
Suspected Supplier Cyber-Attack shuts down Toyota plant
12
Log4j – Searchable Repository: Community-sourced Faking it: Deepfake crime exposing cyber security
GitHub Comes to Rescue
13
Open source is dying, and the critical infrastructure bill could be the finishing blow
14
Ransomware’s attacks increase 232%
18
Way to secure your inactive Google account and data - Even when you’re not around
MARKETING AND ADVERTISING promoteme@mysecuritymedia.com Copyright © 2020 - My Security Media Pty Ltd GPO Box 930 SYDNEY N.S.W 2001, AUSTRALIA E: promoteme@mysecuritymedia.com All Material appearing in Australian Cyber Security Magazine is copyright. Reproduction in whole or part is not permitted without permission in writing from the publisher. The views of contributors are not necessarily those of the publisher. Professional advice should be sought before applying the information to particular circumstances.
20
How will we stop the march of cybercrime?
22
Faking it: Deepfake crime exposing cyber security
24
Open Networking – Agility and control for a new rra of connectivity What are the hot tech trends for 2022?
CONNECT WITH US
26
AI With Everything – The future of artificial intelligence in networking
30
Ukraine cyberattack prior to Russian invasion
34
Data wiping malware HermeticWiper targets Ukraine
36
Scammers take advantage of Ukrainian conflict
38
Asia Most Cyberattacked Region
40
Exploring the Myths of Zero Trust
44
Technology’s Role in Driving U.S. Competitiveness
46
What are the hot tech trends for 2022?
48
www.facebook.com/MySecMarketplace/ @MSM_Marketplace
How will we stop the march of cybercrime?
www.linkedin.com/company/my-securitymedia-pty-ltd/ www.youtube.com/user/MySecurityAustralia
OUR CHANNELS
Ransomware’s attacks increase 232%
Like us on Facebook and follow us on Twitter and LinkedIn. We post about new issue releases, feature interviews, events and other topical discussions.
Correspondents* & Contributors Exploring the Myths of Zero Trust
Vinoth Venkatesan Guy Matthews
Alex Tilley Jack Lindsay
YOUR ADVERTS WORK Migrating MPLS networks to the cloud age
Contact us for enquiries
Editor's Desk "Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner"
- US Securities and Exchange Commission Chair, Gary Gensler, March 9, 2022
A
s 2021 ended, Russia had already amassed troops near the border of Ukraine. Amidst the uncertainty of what 2022 held, there was early anticipation the year may commence with war in Eastern Europe. The consequences of an escalation beyond Ukraine are unthinkable. In a cyber risk context, the conflict epitomises modern warfare, with pre-invasion cyber-attacks on Ukrainian public infrastructure and broader, indeed global, misinformation campaigns. Russian cyberattacks against Ukraine are not new, but with memory of the Petya malware in 2017, warnings to raise cybersecurity posture were sent around the world. For now, direct cyberattacks have been relatively isolated to be between Russia and Ukraine. The US Cyber Command created ‘Shields Up’, a dedicated webpage to disseminate the latest information to help organisations prepare for potential cyber threats. The war in Europe is understandably worth monitoring in the context of digital risk. Changes in the combat theatre, as well as, the envelope of geo-politics most often leads to corresponding changes in the global cyber threat landscape. As highlighted in our interview with Professor Matt Warren, Director of the Australian-Lithuanian Cybersecurity Research Network, modern cyber war tactics are executed by state-actors, third party proxies and further overlayed with scaled misinformation campaigns and opportunistic cybercriminals. The relationship between cybersecurity and information warfare is intertwined and conducted in the grey zone. We spoke with Professor Alexey Muraviev of Curtin University, who highlighted the RussianChinese strategic partnership is deeper than ever before, having jointly announced at the Beijing Winter Olympics that their partnership had “no limits”. Further analysis confirms Chinese state media and government officials have largely adopted Kremlin-mandated sanitized language used by Russian media to describe the war in Ukraine. “On March 6, the Russian Ministry of Defense claimed to have evidence that the United States is running 30 bioweapons labs in Ukraine. Beijing’s amplification of Russia’s bioweapons disinformation has been substantial, and, by some metrics, has outpaced efforts by the Kremlin to promote its own
claim… China’s intensive amplification effort has been driven by both diplomats and state media figures, who have used the opportunity to relaunch their efforts to cast blame on the outbreak of the coronavirus on the U.S.-based Fort Detrick lab.” (Source) Ely Ratner, assistant defense secretary for Indo-Pacific security affairs, told the U.S. House Armed Services Committee on March 9 that the danger of China conducting a major military attack on Taiwan has increased in the wake of the Russian invasion of Ukraine. "I think there is a mounting threat of aggression from the PRC... His (Xi) capabilities are growing and his patience seems to be decreasing," Mr. Ratner said. Zack Cooper of the American Enterprise Institute agrees, saying, “ Where will U.S.-China relations go from here? I think they will worsen, unfortunately. My guess is that we will look back at this period as the point at which the relationship changed permanently. And not for the better. Buckle up.” In this environment, the potential for wider cyber warfare will clearly remain a systemic threat. The S-CERT Alert (AA22-047A) reports “From at least January 2020, through February 2022, the FBI, NSA and CISA have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources. Then there is still the threat of ransomware as a cybercrime. As Danielle Jablanski, Security Strategist at Nozomi Networks writes in this issue, the U.S. and U.K. recorded rises in ransomware in 2021 of 98% and 227%, respectively. In Asia, ransomware attacks also leapt with a 121.682% increase YoY, with India and Japan reporting rises of 981% and 63.55% respectively, in IoT malware volume. We also highlight the suspected cyber-attack on Toyota to emphasise the risk cyber-attacks pose to justin-time production. The difficulty in securing entire supply chains from multiple vendors is a wide and daunting task. If the supplier supplies more than one customer, the impact of the cyber-attack and the incentive to pay any ransom is magnified. As part of the western nation’s response, the Financial Crimes Enforcement Network
(FinCEN) has issued a FinCEN Alert, advising all financial institutions to be vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions on the Russian Federation. The alert provides examples of red flags to assist in identifying suspected sanctions evasion activity and highlights reporting obligations under the Bank Secrecy Act. In addition, as provided in the opening quote, the Securities and Exchange Commission has proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. Our cover feature on Deepfake crime proposes this is a real and present danger for businesses, as well as to governments with heightened political tensions. Last year, it cost one bank alone $35 million in a single scam. With Deepfake technology becoming more sophisticated – and readily available to criminals – we need to see the technology as a current threat and not a future concern. Also in this edition, Jack Lindsay proposes the open source community is a great risk following the Log4j project vulnerability found in a critical Java ecosystem package and Vinoth Venkatesan writes a series of articles, including concerns around the delays in notifications of the Log4j vulnerability. We also include some of the more notable ‘Movers and Shakers’ and continue to take a deep dive into the cybersecurity domain, network security, cloud security and throughout we have links through to our Tech & Sec Weekly Series and the latest Cyber Security Weekly podcasts. Another edition with a lot to unpack. On that note, as always, there is so much more to touch on and we trust you will enjoy this edition of Cyber Risk Leaders Magazine. Enjoy the reading, listening and viewing!
Chris Cubbage CPP, CISA, GAICD
Executive Editor
Movers and Shakers Google buys Mandiant in blockbuster $5.4 billion deal Google is buying cyber threat intelligence business Mandiant in a US$5.4 billion deal that will significantly upgrade Google’s existing cyberdefence offering. When the deal is done, Mandiant will bring its highly regarded cyber-threat intelligence and analysis products across to the Google Cloud platform. Google says the purchase will build on Google Cloud’s existing security strengths. By tapping into Mandiant’s expertise, Google Cloud will boost its capabilities by delivering an end-to-end operations suite and offering better advisory services when customers deal with cyber-security challenges.
Darktrace acquires Cybersprint Darktrace is acquiring Cybersprint for €47.5 million (AU $74.3 million) to be paid approximately 75% in cash and 25% in equity, valuing the transaction at approximately 12.5 times Cybersprint’s annual recurring revenue (ARR). With an expected completion date of on or around 1 March 2022, Cybersprint’s results of operations are not expected to be material to Darktrace’s results for the remainder of FY 2022. Through this acquisition, Darktrace gains a second European R&D Centre in The Hague, Netherlands, joining forces with Cambridge-based mathematicians and software engineers. “We are very excited to welcome the Cybersprint team to Darktrace. Bringing insideout and outside-in visibility together is critical and having access to the robust, rich, real-time external dataset combined with Darktrace’s SelfLearning AI means that customers get a holistic view of prioritised cyber risks to harden the parts of their organisation that are most vulnerable. With this acquisition, we are able to leverage Cybersprint’s seven years of R&D to accelerate our Prevent product family, ultimately making it much
8 | Cyber Risk Leaders Magazine
harder for cyber-attackers to carry out successful missions,” said Poppy Gustafsson, CEO, Darktrace. “I’m very excited about this fantastic step in the journey of Cybersprint. We are passionate about automating manual tasks in cybersecurity from an outside perspective. We believe attackers never sleep and operate without scope. When we began conversations with Darktrace, we felt an instant connection on vision, culture and technology. That’s why we are looking forward to joining Darktrace and working together to accelerate state-of-the-art innovations to make organisations more cyber secure,” commented Pieter Jansen, CEO, Cybersprint.
Cloudflare to acquire Area 1 Security Cloudflare has announced it has agreed to acquire Area 1 Security. “Email is the largest cyber attack vector on the Internet, which makes integrated email security critical to any true Zero Trust network. That’s why today we’re welcoming Area 1 Security to help make Cloudflare’s platform the clear leader in Zero Trust,” said Matthew Prince, cofounder and CEO of Cloudflare. “To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organisation’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market.” “Data from the FBI’s Internet Crime Complaint Center 2020 Internet Crime Report shows that malicious phishing campaigns including business email compromise are the most costly—with U.S. businesses losing more than $1.8 billion. Well known incidents of the last decade include the JPMorgan Chase breach, where a phishing attack impacted 76 million households and 7 million small businesses; SolarWinds, where phishing led to the compromise of 18,000 customers including multiple government agencies; Sony Pictures, where a phishing attack reportedly led to more than 100 terabytes of proprietary data being stolen; and in the U.S. elections, where phishing has been cited as the cause of damage inflicted upon the United States’ electoral process.” According to Forrester, “the biggest problems with email are its ubiquity and our willingness to
trust it. Every person has an email account, often more than one, making this medium a perennially ripe target for attackers.” As email continues to be an attractive entry point for increasingly sophisticated cyberattacks, businesses of all sizes need to consider how to integrate email solutions into their overall security stack and bolster it with global threat intelligence.
Akamai to acquire Linode for $900M Akamai Technologies has announced it has entered into a definitive agreement to acquire Linode. “The opportunity to combine Linode’s developer-friendly cloud computing capabilities with Akamai’s market-leading edge platform and security services is transformational for Akamai,” said Dr. Tom Leighton, chief executive officer and co-founder, Akamai Technologies. “Akamai has been a pioneer in the edge computing business for over 20 years, and today we are excited to begin a new chapter in our evolution by creating a unique cloud platform to build, run and secure applications from the cloud to the edge. This a big win for developers who will now be able to build the next generation of applications on a platform that delivers unprecedented scale, reach, performance, reliability and security.” Christopher Aker, founder and chief executive officer, Linode, added, “We started Linode 19 years ago to make the power of the cloud easier and more accessible. Along the way, we built a cloud computing platform trusted by developers and businesses around the world. Today, those customers face new challenges as cloud services become all-encompassing, including compute, storage, security and delivery from core to edge. Solving those challenges requires tremendous integration and scale which Akamai and Linode plan to bring together under one roof. This marks an exciting new chapter for Linode and a major step forward for our current and future customers.” Under terms of the agreement, Akamai has agreed to acquire all of the outstanding equity of Linode Limited Liability Company for approximately $900 million, after customary purchase price adjustments. As a result of structuring the transaction as an asset purchase, Akamai expects to achieve cash income tax savings over the next 15 years that have an
INDUSTRY UPDATE estimated net present value of approximately $120 million. The transaction is expected to close in the first quarter of 2022 and is subject to customary closing conditions. For fiscal year 2022, the acquisition of Linode is anticipated to add approximately $100 million in revenue and be slightly accretive to non-GAAP EPS by approximately $0.05 to $0.06. PJT Partners served as financial advisor and WilmerHale served as legal counsel to Akamai. DH Capital served as financial advisor and Latham & Watkins served as legal counsel to Linode.
Darkweb monitoring startup raises US$10M series A Funding Cyble has raised a US $10M Series A financing round led by Blackbird, with continued participation from Spider Capital, January Capital, Cendana Capital, and VentureSouq. The funds will be allocated to expanding Cyble’s product roadmap, enabling deeper penetration into existing & new markets, and amplifying its Cyble Research Labs (CRL) capabilities. Founded by Beenu Arora and Manish Chachada in 2019, Cyble continuously monitors the darkweb and surfaceweb data in real-time across open and closed sources to map, monitor, and mitigate companies’ digital risk footprint. The news of Series A funding marks almost a year since Cyble’s initial Seed funding round. In April 2021, Cyble announced it raised $4M led by Blackbird and Spider Capital, with participation from Picus Capital and Cathexis Ventures. Since then, the company has built a solid foundation through sustainable growth, evolving its client offering with darkweb, brand, and attack surface monitoring, growing its client base across 6 countries and increasing its headcount from 25 to 80 people. “Cyble began with an ambitious goal to democratize visibility into the darkweb and empower organizations to fortify their security infrastructure and consequently ensure resilience to malicious cyberattacks,” says Manish Chachada, co-founder and COO of Cyble. “We are incredibly excited to receive the support from our investors to continue to carry out Cyble’s vision, and honored that Cyble is recognized as a leading voice in cybersecurity and a trusted partner that enables businesses to advance their Digital Risk Protection Strategy.” Minsoo Chi of Spider Capital noted: “We’ve been impressed with Beenu and Manish and the
entire Cyble team on their execution towards providing organizations with real-time visibility into the darkweb. We are thrilled to continue to support them in their vision to democratize digital risk protection.” Tom Humphrey of Blackbird noted: “In less than 12 months, the growth that Cyble has achieved is nothing short of stunning. Beenu, Manish and their team have already made significant progress on the product roadmap and global expansion, and it’s clear they’re just getting started. Cyble is solving a big, painful problem for businesses across the world and we are proud to continue supporting their ambition.” Alongside its continual focus to minimize and manage cyber risk for its clients, Cyble recently introduced a Law Enforcement Agency (LEA) and defense threat intelligence tailored solution, Cyble Hawk to aid law enforcement and government agencies in combating cyber risks that have national and geopolitical ramifications.
security monitoring, extended to next-gen SIEM with a scalable cloud-native architecture, and introduced Open XDR and SOAR capabilities to deliver a true end-to-end security operations fabric for threat detection and response. Our goal is to extend this to the application layer and to OT and IoT. Vista’s proven track record of partnering with next-gen, hypergrowth SaaS companies will advance our mission and allow us to help our customers solve these problems.” Securonix offers the leading SaaS-based, multi-tenant security analytics, operations and response platform that provides complete visibility, advanced detection and response, and unlimited scalability. “As a next-gen SaaS company with a strong leadership team, differentiated platform, and passionate customer base, Securonix is leading the SIEM and XDR markets at a time of significant transformation,” said Michael Fosnaugh, Co-Head of Vista’s Flagship Fund and Senior Managing
“The Series A funding round is a major milestone for our rapidly growing company, and affirmation of Cyble’s emergence as a pioneer and thought leader in the infosec industry. We are thrilled to receive this support and intend to direct these funds to drive our research, development, and intelligence capabilities to greater heights. It is no secret that cybercrime activity conducted in the darkweb is rising exponentially, we believe that continuous threat intelligence and darkweb monitoring are critical for organizations to identify and manage data breaches in a timely manner. Cyble is committed to deliver comprehensive cybersecurity solutions that resonate with our growing client base,” says
Director. “It’s a privilege to partner with talented founders like Sachin and Tanuj, and we look forward to supporting the entire Securonix team to help advance their vision and set the standard for modern security analytics and operations.” “Since inception, Securonix has been steadfast in its commitment to develop innovative products that solve the difficult problem of identifying and responding to advanced security threats while meeting the needs of scalability, cloud readiness, and operational efficiency,” said Tanuj Gulati, CTO and co-founder, Securonix. “We look forward to this partnership with Vista to support our goal of enabling leading enterprises and managed service providers to secure their infrastructure, network, and applications against advanced threats with speed and efficiency.” “Securonix has established a mission-critical business that is uniquely qualified and well positioned to redefine the SIEM industry,” said Rod Aliabadi, Managing Director at Vista. “We are excited to partner with their exceptional team as they expand into new markets and continue to innovate with their products and solutions.” Citi is serving as exclusive financial advisor to Securonix, and Fenwick & West LLP is acting as legal counsel. Kirkland & Ellis LLP is serving as legal counsel to Vista.
Securonix receives US$1B+ growth In vestment Securonix has announced it has received more than $1 billion growth investment led by Vista Equity Partners. “Securonix is driven by technology innovation and a passionate mission to address the cybersecurity challenges faced by organizations globally. We solve a very tough problem that requires excellence across multiple domains, including product engineering, threat detection/hunting, data science, and operations. This funding will help us accelerate investments in these areas and continue to provide a worldclass service to our customers,” said Sachin Nayyar, CEO and co-founder, Securonix. “We pioneered User Entity Behavior Analytics (UEBA) with an analytics-centric approach to
Cyber Risk Leaders Magazine | 9
Shields Up - Cyber agencies issue High Alerts By Staff Writer MySecurity Media
10 | Cyber Risk Leaders Magazine
T
he United Kingdom’s National Cyber Security Centre, CISA, the National Security Agency, and the Federal Bureau of Investigation have released a joint Cybersecurity Advisory (CSA) reporting that the malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops Blink. Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers and networkattached storage devices. The NCSC, CISA, and the FBI have previously attributed the Sandworm actor to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST). Given the rising geopolitical tensions between Russia and Ukraine, the US Cyber Command has created a webpage, named Shields Up, to help disseminate the latest information to help organisations prepare for potential cyber threats. The S-CERT Alert (AA22-047A) reports “From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources. Historically, Russian state-sponsored cyber actors have used common but effective tactics to gain access to target networks, including spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security. These actors take advantage of simple passwords, unpatched systems, and unsuspecting employees to gain initial access before moving laterally through the network to establish persistence and exfiltrate data. In many attempted compromises, these actors have employed similar tactics to gain access to enterprise and cloud networks, prioritizing their efforts against the widely
used Microsoft 365 (M365) environment. The actors often maintain persistence by using legitimate credentials and a variety of malware when exfiltrating emails and data.” On 23 February 2022, the ACSC released an Alert “Australian organisations encouraged to urgently adopt an enhanced cyber security posture”. This Technical Advisory provides additional information to support entities to take appropriate actions in order to secure their systems and networks. While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations. This advisory has been compiled with respect to the MITRE ATT&CK® framework, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This advisory draws on information derived from ACSC partner agencies and industry sources. For further information visit https://www.cyber.gov.au/acsc/viewall-content/advisories/australian-organisations-shouldurgently-adopt-enhanced-cyber-security-posture
CYBER SECURITY
Bug Alert - Critical vulnerability alerting system By Vinoth Venkatesan
B
rand new open-source service aims to speed up the security industry’s response to high impact vulnerabilities and zero-days. Bug Alert, developed by security engineer Matthew Sullivan, is an open-source tool running on GitHub that sends subscribers early warnings of newly disclosed security flaws. This project resulted from Sullivan’s experience around notification of Log4j vulnerability. Considering most of us first came to know about Log4j through Twitter feeds and then LunaSec put out their widely-shared blog post followed by a CVE identifier got allocated. All this took more than a day to realize the criticality of the Log4j. By then, precious time to react has been wholly lost based on the time zone you’re located. The industry must act faster. As reported by various industry experts during the Log4j incident, attacks were already massively ramping up from the time vulnerability was disclosed on Twitter. As a security professional, this is not comforting when the bad guys have nearly a day of a head start, simply because it takes a long time to make everyone aware there is a problem in the first place.
This is where the Bug Alert comes in. As per Sullivan, Bug Alert is not here to compete with commercial threat intelligence services. Bug Alert has a different model, where it wants to notify you the moment it’s clear there is a real threat, even if we can’t help you understand the next steps. The alerts are triggered based on a self-registration process. Developers, security professionals, and others can subscribe to alerts by email, text messages, or even phone calls. As well, subscribers can choose the types of issues they care about (Example: ‘Operating Systems’ or ‘Software Libraries’) and how they want to be contacted for each of those types. Sullivan indicates that Bug Alert will focus on “get-outof-bed and cancel-your-date-night types of issues”, with short and clear messages. Alerts, he says, will be “rare”, with only the most severe notices sent out.
Being an open-source project and all engagements are entirely open to the community. Anyone in the world can submit vulnerability notices via Pull Request. Once merged, it will be posted on the website and delivered to subscribers via their preferred communication method in under 10 minutes. The process of vulnerability disclosure, validation, and allocation of severity is all dependent on the community. As per Sullivan’s blog, he is looking for assistance from the security community to make this endeavour work. He needs a team of volunteers worldwide who can review and rapidly merge GitHub pull requests detailing new issues as they come in. Considering Bug Alert will trigger the notifications/call only for the ‘very high severity’ or ‘critical’ vulnerabilities, I believe this is an excellent way to get notifications ahead to plan the remediation strategy for crown jewels. Bug Alert may become a trigger to call your respective threat intel provider if this works well. Let’s hope for the best and a better 2022 with fewer critical vulnerabilities. About the Author: Vinoth is a cybersecurity professional by heart with over two decades of experience in Information Technology and Cybersecurity. He is an Australian Computer Society (ACS) Senior Certified Professional in Cybersecurity and holds various industry-leading cybersecurity credentials. Vinoth loves to write about the latest cybersecurity happenings and blockchain-related articles.
Cyber Risk Leaders Magazine | 11
Suspected Supplier Cyber-Attack shuts down Toyota plants By Staff Writer MySecurity Media
12 | Cyber Risk Leaders Magazine
A
suspected cyber-attack on a key supplier has caused global car giant Toyota to suspend its Japanese car production operations. Kojima Industries Corporation, supplier of plastic parts and electronic components to Toyota, said an error was detected in its computer server system that it believed could be a cyber-attack. The shutdown of 28 production lines across 14 Toyota plants in Japan came about because Kojima’s system could not communicate properly with Toyota or monitor production. “This has never happened before,” Kojima spokesperson Tomohiro Takayama said on Monday. “We are not sure yet if it is a cyber-attack, but we suspect it might be one.” There is no timeline provided as to when Kojima might resolve the issue. Meanwhile, Toyota’s daily output of 13,000 vehicles from the closed plants remains halted. Those vehicles account for around one-third of Toyota’s daily global production. “Due to a system failure at a supplier in Japan, we have decided to suspend the operation at all 14 domestic plants”, a Toyota spokesperson said. An early adopter and keen enthusiast of just-intime manufacturing, cyber-attacks on Toyota’s suppliers can leave the car manufacturer vulnerable to production disruptions. While there is some speculation a cyber-attack on Kojima could be a reprisal from Russia following Japan electing to support and participate in the current global Russian pushback, Rich Armour, CISO at Detroit-based General Motors, thinks this is not the case. “The dark web has been quiet on this attack so far. It’s certainly possible that the Russian Government is behind the attack or one of its cyber-criminal organisations, but it looks more like a typical ransomware or other play against a target of opportunity,” he said. “Bridgestone was also hit with a cyber-induced outage over the weekend, which raises the possibility of a coordinated attack on the industry. Right now, it’s too early to tell if the two are related.”
Also impacted by the problem at Kojima are Toyota subsidiaries Hino Motors and Daihatsu Motors. Hino Motors has confirmed two of its Japanese plants are shut down. Daihatsu has also said production at its Japanese plants are affected. Danielle Jablanski, Security Strategist at Nozomi Networks says the suspected cyber-attack highlights the risk cyber-attacks pose to just-in-time production. “This incident highlights a single point of failure for business interruption resulting in a loss of production,” she says. “It is also an example of a major cyber risk for ‘just-intime’ manufacturing. Toyota has thwarted direct attacks in the past, but the difficulty in securing entire supply chains from multiple vendors is a wider and more daunting task.” Any attack on Kojima also reflects a trend targeting supply chain links rather than a high-profile global company. If the supplier supplies more than one customer, the impact of the cyber-attack and the incentive to pay any ransom is magnified. “Supply chain attacks are on the mind of the Federal Government, think tanks, and standards bodies,” adds Ms Jablanski. “At the same time, we see the number of suppliers for some critical hardware components across manufacturing continue to decrease. There is no easy fix to this complexity, and we will likely continue to see similar incidents.”
Log4j – Searchable Repository: Community-sourced GitHub Comes to Rescue By Vinoth Venkatesan
S
ince the Log4j vulnerability surfaced, one of the most prominent challenges organizations had been finding the impacted software rather than fixing it. This particular logging piece of open-source software is extensively used and deeply rooted in consumer and enterprise IT environments. Because it is so popular and code re-use is so common throughout the software development ecosystem, most vendors could not determine how many of their products use Log4j. At the same time, organizations were forced to scour their own IT environments for signs of the vulnerable version and exploitation. That lack of visibility and the indicators that malicious hackers were also racing to exploit the vulnerability has prompted a massive, collaborative effort across government and industry to determine the scope of collective exposure. It led to concerns among policymakers about the long tail potential of Log4j and its impact for years to come. This particular vulnerability is an eye-opener for most of us to have the Software Bill of Materials (SBOM) - basically, an ingredient list that can detail the origin of various pieces of code from where they came and their associated version to determine whether they’re vulnerable similar to Log4j. After the disclosure of the Log4j flaw, the Cybersecurity and Infrastructure Security Agency (CISA) swiftly moved to put together a GitHub page listing software products that contain the underlying vulnerable Log4j code as well as those where it was absent. Leveraging the CISA data, two members of the cybersecurity community, Beau Woods and Adam Bregenzer, have developed a new open-source search tool to help cybersecurity professionals navigate an increasingly cumbersome list of software products affected by the Log4j vulnerability. This search-based tool is a boon for people to identify the vulnerable version of Log4j and fix them accordingly. Another notable open-source project helps companies run the detection rules to identify the Remote Code Execution on vulnerable Log4j instances. Check the
detection rules consolidated in Florian Roth’s GitHub page across various operating system flavours. A searchable repository helps analyze your current possibly impacted products and aids to remediate them with proper fixes. The repository also contains notes, references, and links to the vendor advisory/fix guidance, which will come in handy for your patch management cycle. About the Author Vinoth is a cybersecurity professional by heart with over two decades of experience in Information Technology and Cybersecurity. He is an Australian Computer Society (ACS) Senior Certified Professional in Cybersecurity and holds various industry-leading cybersecurity credentials. Vinoth loves to write about the latest cybersecurity happenings and blockchain-related articles.
Cyber Risk Leaders Magazine | 13
CYBER SECURITY
Open source is dying, and the critical infrastructure bill could be the finishing blow By Jack Lindsay
R
ecently there was a massive vulnerability found in a critical Java ecosystem package. When fully weaponized the vulnerability allows attackers to manipulate Java servers into executing arbitrary code that is fetched from an LDAP server. It is an entirely reasonable solution to a real-world problem and accidentally created a massive hole in countless networks. This microcosm of the Open source ecosystem demonstrates why the Open source community may soon vanish.
If you want me to make you useful software, pay me. The ‘Log4j’ project is so beneficial it is essentially in the standard library for Java users. As of December 11, 2021, there was three sponsors for the author’s work. A day later, after it compromised a significant number of systems, the number had increased to 14. It is the yet unresolved – and possibly unresolvable – conundrum of Open source. Developers are put in a situation where software they create as a passion project on the side can end up as a critical component within a company’s stack. Ultimately, as is the case with Log4j, these developers find themselves in the precarious position where they’re not being paid for their efforts but are suddenly held responsible for significant disruption. The idea that Open source is a pool of free labour – or
14 | Cyber Risk Leaders Magazine
‘leech culture,’ as it has become known – has accelerated technologists well beyond the efficiency levels capable previously. It has also put the sector in a vulnerable state where a random smattering of volunteers have become critical for the business continuity of some of the largest enterprises in the world. It makes sense. The Open source community build valuable software. The vulnerability that created the #Log4j twitter storm is actually a great way to get a shell whenever you want. Which is why it is used so widely. As a result, there is a strong push within the community for companies that rely on Open source projects to recognise their ‘moral obligation’ and support projects by making donations.
The fallacy of Open source software development “Open source software is developed in a decentralised and collaborative way, relying on peer review and community production. Open source software is often cheaper, more flexible, and has more longevity than its proprietary peers because it is developed by communities rather than a single author or company” says Redhat when explaining what open source software is. This is the essence of open source, of which all projects are merely imitations. Something the community aspires to achieve but ultimately falls short. A recent example of this is the code-js debacle. This JavaScript library gives JavaScript’s standard library a lot
CYBER SECURITY
more core primitives that make it so programmers do not need to reach out to other libraries. Of greater significance, it is a core dependency of React. In early 2020, this project had a single administrator, was contributed to by this person alone and had 25 million weekly downloads. The author is infamous for letting programmers know they are looking for a new job every time you install the project in CI. The author was then incapacitated for one and a half years, causing chaos in the community. The project is key to the success of almost all JavaScript companies and was maintained by a single developer. It is one of countless Open source projects of its kind that form landmines scattered throughout the information technology industry.
Open source is to information technology as Wikipedia is to academia Confronting, yes, but this shouldn’t come as a surprise to anyone. The market rate for a developer who would maintain a project like Apache Log4j is between $200,000 and $300,000/yr. Meanwhile, the most you are likely to see any Open source developer rack up on Patreon and/or GitHub is ~$1,000/month. Understandably, the developers then choose to spend
their time working on changes that are of most interest to them. Not running sprints of bug fixes following a thorough security audit. This, at a time when the first rule of being a good programmer is "don’t reinvent things." Instead, re-use code libraries and packages of previously written code that can be used in your own program to accomplish a task. It’s the rational thing to do when building something complex. Developers have been commoditized; And with every commodity the key to profitability is velocity. The culture this has created within the information technology industry is one that encourages, demands, and rewards developers for grabbing tools like Log4j as an easy way to handle a problem as someone else has already done the work. It is in this world of copy-paste programming, where policymakers have struggled to keep pace and layers of management demanded higher returns, that the Open source community has thrived. Log4j has shown the world what this ecosystem can do. Corporations understandably encourage cost-saving and efficiency. But given the dangers, strict policies requiring rigorous analysis and proof of safety and security are necessary. Unless these are created and enforced, there is simply too great a risk that financial pressures will systematically bias decision making in favour of time- and cost-savings. Of course, some decisions should have shorter timelines than others, and a full-blown security risk review is not always practicable. However, without protections, in the world of copy-paste programming, it is inevitable that development teams will globally distribute CVEs. In practice, Open source projects are volunteer-run. Issues remain unnoticed for days, weeks, months or even years. It should be expected that these projects will compromise systems. It is evident why a government auditor would question any project maintained by a random person in Nebraska within your stack. Suddenly, the great ideas and passion projects that once formed the pool of free labour technologists used to stitch their software stacks together represent vulnerabilities. Expecting projects – typically maintained by a single developer – to maintain a professional level of DevSecOps is unrealistic. It would require a significant philosophical shift in the way developers approach Open source projects. Nonetheless, if companies want to include an Open source project in their stack, they need to be capable of evidencing the appropriate controls.
Regulating against software vulnerabilities Countries are taking steps to ensure these controls are in place. Australia's Critical Infrastructure (Amendment)
Cyber Risk Leaders Magazine | 15
CYBER SECURITY
'These assessors will ensure a day comes where it is no longer possible for an organisation to take software someone wrote for free, and put it into production, without robust security controls. ' Bill 2020 is the nation's most significant step toward such controls. Similar regulation from the United States and United Kingdom is also being implemented. Affirming that governments will intervene to ensure IT practices meet necessary safety and security controls for the industry. The most well-established attempt is the Cybersecurity & Infrastructure Security Agency’s (CISA) assessment evaluation and standardisation (AES) program. A newly introduced federal government initiative that is training ‘assessors’ nation-wide to standardise assessment and introduce a performance baseline. These regulatory ‘assessors’ are tasked with evaluating and reporting on the workforce, operational resilience, cybersecurity practices, organisational management of external dependencies, and other key elements of a robust and resilient cyber framework. These assessors will ensure a day comes where it is no longer possible for an organisation to take software someone wrote for free, and put it into production, without robust security controls. Changing the essence of Open source from collaborative software development to a community of ideas that require industrialisation. At the same time making the developer dream of working full-time on a community funded Open source project almost impossible.
16 | Cyber Risk Leaders Magazine
About the Author Jack Lindsay’s primary focus is on management, sales, and technology issues in industry focusing on software and security. Jack brings expertise in learning, coaching, and software options at every level to ensure companies are successful at people, strategy, execution, and finance. Jack is co-founder of Upward Spiral, an innovative solution to the recruitment issues facing the infosec community. Their mission is to help 1 million cyber security professionals find their dream job and measurably improve the job-seeker and hiring experience. When Jack isn’t working, he is a Board member at the women’s international cycling union (The Cyclists’ Alliance), contributor to various cycling websites, hockey player in the Bundesliga, and involved in various InfoSec and FinTech conferences.
17-19 AUGUST 2022 | ICC SYDNEY
A New Way to Connect
The inaugural Security Industry Forum this 22 September 2022, offers you a unique opportunity to get your brand exclusive exposure to Victoria’s key security buyers and maintain your brand presence year-round. FIND OUT MORE AT:
securityexpo.com.au/exhibit/ security-industry-forum/
Grow your brand potential at Australia’s leading industry event For over three decades the Security Exhibition & Conference has been the most established and respected trade event for the security industry in Australia, bringing together the full spectrum of manufacturers, distributors, security professionals and end users. Position your business and amplify your brand among the industry’s most powerful influencers. Network with the most established names, discover the latest technology and create profitable opportunities.
CONTACT THE TEAM P 1300 DIVCOM (1300 348 266) E securityexpo@divcom.net.au W securityexpo.com.au
SCAN TO FIND OUT MORE
BOOK A STAND securityexpo.com.au
#Security2022 Cyber Risk Leaders Magazine | 17
Ransomware’s attacks increase 232%
S
onicWall has released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021 including: ransomware, encrypted threats, IoT malware and cryptojacking. “Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases,” said SonicWall President and CEO Bill Conner. “Securing information in a boundless world is a near impossible and thankless job, especially as the boundaries of organizations are ever-expanding to limitless endpoints and networks.”
Ransomware’s savage reign continues SonicWall Capture Labs threat researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105% increase. Ransomware volume has risen 232% since 2019. High-profile ransomware attacks impacted businesses, state and federal governments, schools, hospitals and even individuals. Attacks hit supply chains, causing widespread system downtime, economic loss and reputational damage. Following global trends, all industries faced large increases
18 | Cyber Risk Leaders Magazine
of ransomware volume, including government (+1,885%), healthcare (755%), education (152%) and retail (21%). Ransomware has developed into a massive and systemic threat that is forecasted to get worse. Across the globe, U.S. and U.K. climbed a staggering 98% and 227% respectively. In Asia, ransomware attacks also leapt in 2021 with a 121.682% increase YoY, with India and Japan also saw alarming rises of 981% and 63.55% respectively, in IoT malware volume. Debasish Mukherjee, Vice President, Regional SalesAPAC at SonicWall adds, “With threats of almost every type on the rise, is it imperative that we have strategies and resilience systems in place to respond almost instantaneously. Especially in Asia Pacific where many have been the target of these malicious attacks in a new paradigm for cybercrime, all the more our findings in the 2022 SonicWall Cyber Threat Report will help us to find the right security measures to protect our greatest assets and be a step ahead to prevent unwanted and damaging attacks.”
As cyberattack vectors expand, malicious assaults climb The frequency and variety of cyberattacks continue to expand every year, with an increasing cost to organizations
worldwide. SMBs and enterprises are progressively threatened by an assortment of cyberattacks, and without knowing what they are, or how cybercriminals operate, protecting business-critical data from cyberattacks becomes unmanageable. “Attacks on networks rose to a fever pitch in 2021,” said SonicWall Vice President of Platform Architecture Dmitriy Ayrapetov. “Ransomware, cryptojacking, vulnerably exploitation, phishing and other attacks continue to plague organizations around the world and overwhelm security teams. It’s important to understand the breakdown of these attacks and why they continue to be successful, as well as the drivers and trends behind them.”
Insight on additional cyber threats include: Apache Log4j vulnerabilities were quickly exploited, with threat actors logging 142.2 million exploit attempts between Dec. 11 and Jan. 31 — an average of 2.7 million each day. Within three days of the public disclosure, exploit attempts had already passed the 1 million mark. Malware volume was slightly down again in 2021, marking both a third-straight year of decrease as well as a seven-year low. However, an uptick in attacks during the second half of 2021 almost completely erased the 22% drop in malware that SonicWall had recorded at the mid-year
point, bringing the total decrease for 2021 to just 4% — suggesting malware numbers may rebound in 2022. Encrypted threats increased 167% year-over-year. In August, the number of encrypted attacks broke the 1 million mark for the first time, then continued to rise, reaching nearly 2.5 million by year’s end. Cryptojacking continued to surge last year, rising 19% globally to 97.1 million, which is the most attacks that SonicWall Capture Labs threat researchers have ever recorded in a single year. IoT malware volume rose 6% in 2021, totaling 60.1 million hits by year’s end. While this isn’t good news, it’s at least better than it has been: In 2019 and 2020, IoT malware volume rose 218% and 66%, respectively. With no corresponding slowdown in the proliferation of connected devices, this suggests that attack volumes may be leveling off. SonicWall’s patented Real-Time Deep Memory InspectionTM (RTDMI) technology identified a total of 442,151 never-before-seen malware variants in 2021, a 65% year-over-year increase and an average of 1,211 per day. In Q4, RTDMI found more never-before-seen malware variants than in any quarter since its introduction in 2018.
Cyber Risk Leaders Magazine | 19
CYBER SECURITY
Way to secure your inactive Google account and data - Even when you’re not around By Vinoth Venkatesan
D
o you know what happens to our digital accounts when we stop using them? This is a crucial question in the digital age because we are no longer keeping tabs on what’s happening with our dormant accounts; they can become targets for cybercrime. Recent high-profile breaches targeted inactive accounts to steal data or generate money through ransomware. The Colonial Pipeline ransomware attack came from an inactive account that didn’t use multifactor authentication. Similarly, last year T-Mobile breach occurred from an inactive prepaid account accessed through old billing files. In summary, inactive accounts can pose a severe security risk. This is where Google helps its users through the Inactive Account Manager. Here you can set up a timeline around when Google should consider your account inactive and whether Google should purge your data or share it with a trusted contact.
How does it Work? Once you’re on the Inactive Account Manager screen under the My Account settings in Google, you need to set up below things: 1. When the account should be considered inactive - You can choose 3, 6, 12, or 18 months of inactivity before Google can take action on your account. Google will inform a month before the designated time through an SMS message and an email sent to the address you provide. 2. Who to notify and what to share - You can choose up to 10 people for Google to communicate once your Google account becomes inactive (they won’t be informed during setup). You can also decide what type of data you want to share with your trusted contacts. The data can consist of photos, contacts, emails, documents, and other information you specifically choose to share with your trusted contact(s). There is also an option to configure Gmail AutoReply, with a custom subject and message explaining that you’ve ceased using the account.
20 | Cyber Risk Leaders Magazine
3.
How to clean up your account - Google can delete all its content or send it to your designated contacts after your account becomes inactive. Suppose you’ve decided to allow someone to download your content. In that case, they’ll be able to do so for three months before it gets deleted.
If you want to know what data is associated with your Google account, then head to the Google Dashboard, where you will be able to see the services consuming your data. If you use Gmail with the same account, you’ll no longer be able to access that email once your account becomes inactive. You’ll also be able to reuse that Gmail username. Setting up an Inactive Account option is a simple step in protecting your data. Secure your account with this feature to ensure that your digital legacy is shared with your trusted contacts if you become unable to access your account.
WATCH NOW
AUSSIE CYBER SECURITY INNOVATION SECURES OVER US$10M FOR US EXPANSION PLANS Interview with
David Maunsell CEO of Haventec
Haventec, a Sydney-based award-wining cyber security company founded in 2015, has secured US$10M in capital and launched their expansion into the US market after tremendous demand for their passwordless authentication and data storage solutions. Macquarie Group and Future Now Capital led the raise which will predominantly fund Haventec’s growth plans in the financial services, government and health sectors handling sensitive data. We speak with CEO of Haventec David Maunsell who outlines the recent hires in the US and the strategy for the next couple of years as the company continues to grow and expand beyond Australian shores.
CYBER SECURITY
How will we stop the march of cybercrime? By Alex Tilley, Head of Threat Intelligence Asia Pacific & Japan for Secureworks
I
t may seem obvious, but cybercrime must constantly evolve to survive. Not only are cybersecurity veterans like me constantly working to uncover, understand and counter new crime techniques, but technology itself is always evolving. This means cybercriminals are constantly creating new attacks to fit current trends, whist adjusting existing attacks to avoid detection. To understand how cybercrime could evolve in the future, I have looked at its colourful past as I have lived and breathed it for more than 20 years.
What is cybercrime? Although seen by many as “secret magic” Cybercrime needs to be thought of as “just another crime type” like drugs, illegal firearms trade and money laundering. It is complete full spectrum criminality that uses technology as it’s vehicle. Extortion, theft, property damage and fraud are amongst an extensive list of “traditional” crimes that are committed under the umbrella of “Cybercrime”. Where it does have some differences is in its often anonymous and sometimes “impersonal” nature (although some Cybercrimes are deeply damagingly personal). And although law enforcement agencies are trying to tackle this problem, investigations can be more difficult and time consuming than some traditional crime investigations involving new and specialised skills that Law Enforcement is working to acquire. On the whole Cybercrime continues to grow exponentially, and many people have become victims
22 | Cyber Risk Leaders Magazine
of identity theft, hacking and ransomware.
When did cybercrime emerge? Cybercrime has been around for decades, if there have been computers connected you can be sure that someone was thinking of a way to misuse their access, even if just to get free time on old university computer systems! Cybercrime as we know it now has really been maturing rapidly since the late 90s and early 2000s with criminals who started young with minor offences graduating to increasingly serious criminal activity as their abilities and criminal networks grew. In the 2020s cybercrime is a major threat that earns the criminals involved millions of dollars without as many of the risks of other traditional crime types.
The rationale behind cybercrime • • • •
Financial gain is the number one! Politically motivated – nation state attacks and espionage To access confidential information to cause reputational damage Vandalism/property damage
Financial gain To try and show this constant exponential loss per event amount as it relates to financially motivated cybercrime, I have called on my personal experience in working to try and
CYBER SECURITY
counter the threat posed over the years as the criminals got better and better and the losses per criminal act climbed and climbed starting in the early 2000s.
The loss amount per event is climbing every year • o o
In 2002/03 the average loss amount was $500 for a dumb phishing attack Responders were basically begging “please take this down” Action a takedown in the first four hours or almost don’t bother Compromised site owners quite helpful (harvest kits, learn) Internal code simple (it still is!) “Wack-a-mole” but manageable.
o o o o
Has learned from all previous mistakes Business banking focus due to international transfer and no limits (Dyre) Hooked in with professional mule crews (YMCO et al.) The mules are the bottleneck Ability to move six figures in single transactions (Experience breeds sophistication)
The impact of cryptocurrency on cybercrime
“Throw product at the problem” /rock/ /r/ /r1/ One host, 3-400 phishing sites (dozens of banks) Tiered transparent reverse proxy setup Takedown efforts focus on compromised sites and now IP takedown Rarely get anything but the nginx or openVPN config
In 2014 the proceeds had climbed to over $5,000,000 for a large-scale ransomware attack and since then the emergence of Cryptocurrency has made the historically most difficult aspect of cybercrime, moving the money a lot simpler effectively removing much of the need for traditional money laundering infrastructure. Crypto currency removes the need for attacks on banks and their customer accounts, which makes traceability a real challenge. This move away from attacks focusing on banks and bank customers has also shown that for too long we have relied on banks to work and spend to secure our finances, whereas now the criminals are attacking individuals and organisations directly and many organisations are not prepared for this “Head on” attack.
In 2006 - Fast Flux and Avalanche appeared with the average loss at $5000
In 2021 and beyond the drivers behind the growth of cybercrime are:
o o
1. 2. 3. 4.
o o o
In 2004 Rockphish emerged, and the average loss was $5000 o o o o o
o o o o
Dedicated criminal hosting (no more nice site owners) Fast flux (round robin DNS) makes IP takedowns (more) useless Double and triple flux “Pay to play” bulletproof hosting Bank defences like dummy account injection become effective Automated defence systems built in house at banks
In 2007-8 - Enter the “banker trojans” and the losses climbed as high as $50,000 with Zeus, Bugat, Nethel and Gozi et al o o o o o o
Load and hook web browser (initially BHO) Wait until punter visits bank or another specified site Web injects are the warhead on the missile Social engineering web inject (Best I ever saw) Incredibly effective Bank detections initially non-existent but improve (JS, browser DOM query)
In 2010 operation Trident breach occurred resulting in Jabber Zeus arrests for an automated fraud o o o o o
ACH fraud and Leprechaun automated fraud system Arrest of more than 50 people across multiple countries Mostly mules Some key mule handlers It’s always mules!
In 2011-2014 – It was Game Over Zeus and Dyre featuring prominently with losses rising to $500,000 o o
Fully automated Massively distributed
5. 6.
Ransomware Cyber criminals getting better and better More and more criminals muddy the waters Nation state attacks that look like cybercriminal activity Lower barrier of entry to move more money Mobile phones and mobile finance transactions
Looking into the future Given everyone is so dependent on their powerful mobile devices these days, increasingly n criminals are enacting the same types of cybercrime that used to be on computers to mobile platforms on mobile phones and tablets, theft tools such as Marcher, Exobot, Anubis and now FLUBOT, are maturing quickly which can be devastating for individuals and organisations that fall victim. To slow the march of cybercrime, what’s needed is a globally coordinated action involving Law Enforcement and the private sector effort to tackle things like ransomware, data theft and extortion, which will all march on and on if we don’t continue to act to stop these attacks. Cybercrime crosses borders and jurisdictions, so it needs to be investigated and mitigated as a joint effort and this will involve good old fashioned investigative police work as well as more “creative” disruption operations involving non-Law Enforcement entities (both public an private) as well. However, organisations must take responsibility for much of their own security as have we have seen with the march of cybercrime; we can’t continue to think of it as “the banks problem” that we don’t need to put effort into addressing ourselves.
Cyber Risk Leaders Magazine | 23
CYBER SECURITY
Faking it: Deepfake crime exposing cyber security ER COAV TURE FE
C
yber security experts share their insight into how
businesses can protect themselves against a growing risk. Deepfakes are exposing businesses’ cyber security skills gaps. Deepfake crime is a real and present danger for businesses. Last year, it cost one bank alone $35 million in a single scam, yet many businesses are still ignoring the risks, partly thanks to a lack of cyber security skills at leadership level. With Deepfake technology becoming more sophisticated – and readily available to criminals – businesses need to see the technology as a current threat and not a future concern. Here, cyber security professionals based in the UK and Singapore, look at the steps that every business needs to take now to protect themselves against Deepfake intrusions before it’s too late.
Understanding the Deepfake threat Unlike established cyber-security threats – eg malware, SQL injections and database hacking – Deepfakes are still easy to dismiss from cyber security strategies. A relatively new technology, their introduction as a fun, viral video phenomenon hasn’t helped businesses to realise the severity of the threat they now pose to security. Yet several high-profile cases have emerged in recent years that
24 | Cyber Risk Leaders Magazine
illustrate just how dangerous Deepfake can be. In 2019, a UK-based CEO was conned into transferring $243,000 to a malicious actor, thanks to advanced Deepfake voice technology convincing them that they were speaking to their parent company’s chief executive. Different types of Deepfake known to be used against businesses currently include ghost fraud (where the criminal steals a deceased person’s identity), identity imitation (like the examples above), new account fraud, and virtual identity fraud (where criminals ‘create’ a new identity by combining information and images from multiple people). Highlighting growing concerns at government level, the FBI last year released a stark warning of the dangers of Deepfake in a six-page report, while the UAE’s National Programme for Artificial Intelligence and the Council for Digital Wellbeing issued guidance to raise public awareness of the security threat.
How cyber security teams need to respond to Deepfake While technology is at the fore-front of most businesses fight against cyber crime, there is no software or system that businesses can ‘buy-in’ to seal their business against Deepfake threats. While they are a cyber security concern, their success currently relies on ‘human error’: namely, using
CYBER SECURITY
Any time someone asks you to do something like transfer money or share data on a phone or video call, verify it elsewhere. Email them directly, drop a note to their PA, just get that extra verification. There’s no guaranteed method to spot a Deepfake, as the technology is changing all the time, so the key thing is changing your culture to educate everyone about the risks.” Cyber security needs people, not just technology
technology to trick individuals into taking action. James Foster, Client Partner, Cyber Security at global tech recruitment firm RP International, advises: “The key to protecting your business against Deepfake risks is educating your employees on how to spot a Deepfake in action – and knowing when they need to be extra vigilant. At present, most Deepfakes do have tell-tale signs that something isn’t quite right with a call or video if you know what to look for, but these technologies are becoming more sophisticated. You need to make sure you keep evolving your armour against it. Having the right cyber security skills in your business, at both support and leadership level, is the best way to ensure that you are staying ahead of scammers.” However, thanks to ongoing advances in the technology, Deepfakes could soon pose a risk to automated activity, too, with the potential to help cyber criminals pass video and audio security protocols. Cyber Security specialist James Bore CSyP, comments, “Any time someone asks you to do something like transfer money or share data on a phone or video call, verify it elsewhere. Email them directly, drop a note to their PA, just get that extra verification. There’s no guaranteed method to spot a Deepfake, as the technology is changing all the time, so the key thing is changing your culture to educate everyone about the risks.”
With cyber security threats constantly evolving, businesses need to have the right people on board to track threats and develop defences against them. Zero-trust policies are a big step towards educating every individual on the risks posed by cyber scams (Deepfake or otherwise) but they need to be led by people with the right tech knowledge and soft skills to engage employees across the business – especially at board level. Deepfake fraud is perhaps disproportionately aimed towards senior professionals compared to other cyber crime methods, as these high risk, high value targets can provide a more significant return to criminals who have invested in the technology. Jaqueline Chaw, RP International’s cybersecurity specialist based in Singapore, comments, “Many organizations haven't recognized "Deepfake" as a cyber security risk, so technology to detect it isn’t as prevalent as conventional cyber security tools. Educating your cyber security team, as well as business users, on Deepfake technologies is crucial to protect your organization. It's also essential to have a robust team of cyber security talents that are trained and combat-ready for modern-day security threats.” With cyber security leadership talent in high demand and short supply across every sector, businesses need to act now to educate their employees and secure the skills they need to face Deepfake security threats – or risk falling foul of synthetic content attacks in the near future.
Cyber Risk Leaders Magazine | 25
ER COAV TURE FE
Open Networking – Agility and control for a new era of connectivity By Guy Matthews, Editor of NetReporter
26 | Cyber Risk Leaders Magazine
T
he idea of open networking goes from strength to strength. More and more organisations are deploying one or other network operating system (NOS) based around open source programming, leaving them able to select associated hardware and software solutions from their choice of vendor. Those CIOs who have not yet taken the open network road are likely, at the very least, to be interested in finding out more about what it offers. Does it really confer promised dividends, from agility and control through to OPEX and CAPEX savings? Is it the route to greater efficiencies, and better alignment with application pipelines? Brad Casemore, VP Research, Datacenter and Multicloud Networking with independent analyst firm IDC has an informed view on the topic having done research into open networking and its benefits: “We know what it should do,” he says. “It should provide openness and flexibility, it should provide choice through disaggregation of the various components and layers in the network throughout the network stack. And it promises to reduce costs and provide greater efficiencies.” One drawback that he has noted is that vendors have somewhat varied definitions of what open networking entails: “Does it mean having an open API? Does it mean having openness from one part of the network to the other? Does it mean network disaggregation? Does it entail the use of open source software and open source hardware? The challenge for the industry and certainly for
enterprise customers is to figure out exactly what it means and to eliminate, or at least mitigate, any ambiguity and potential confusion.” A general drift towards greater openness and away from the rigidly proprietary is undeniable. Enterprises today, believes Casemore, are striving to provide modern digital infrastructure that is more cloud-like in its architecture and operational model, and that involves the use of open source APIs and a greater degree of automation throughout the lifecycle: “We're seeing more use cases that involve open networking and open source, and we're moving to more software-driven processes that are aligned to how developers work and to the needs of the application. The interesting thing that we're seeing at IDC is not only is this changing what networking does, but it's also beginning to change who does networking and basically who operates the network.” No talk of open networking is complete without mention of the SONiC network operating system, created by Microsoft and open sourced in 2017: “Our market forecasts show that SONiC-based Ethernet data center switches will be worth approximately $2.5 billion in 2025,” says Casemore. “This is quite something when you consider that a few years ago there were no SONiC switches on the market. The interesting thing is these aren't just going to hyperscalers but are making their way into a broad range of customers. They’re moving to Tier 2 and 3 clouds, and out to large enterprises in verticals such as financial services. There
really is tremendous growth occurring there.” To help define open networking with greater precision, and understand where the market is heading, Casemore turns to a panel of prominent, high-profile names with a stake in the rapidly evolving sector. Ihab Tarazi is SVP & Chief Technology Officer, Integrated Products & Solutions with Dell Technologies: “We have been pushing open networking for the last five years or more, and it represents a key critical piece of our overall infrastructure, especially for data centers,” he says. For us, open networking’s importance lies in its ability to abstract protocols away from the operating system. It’s about using open standards to configure your network and configure your switches. It’s also about the ability to deploy protocols as needed, and mix and match them. And to have a containerized cloud native architecture that allows you to add more containers on top so you can expand the number of protocols. And the third thing is being able to customize everything.” Dave Maltz, Technical Fellow & CVP Azure Networking with Microsoft agrees, and gives credit to Dell for joining the SONiC initiative early. He sees open source as important in enabling full visibility into what's going on in a network: “Disaggregation is also key,” he notes. “And the ability to bring different software to a particular hardware platform, to be able to choose which of the various protocols that you want to run so that you can assemble a solution out of the pieces you need. We’re also seeing a decoupling
Growing Popularity of Open-Source Networking Projects • • • •
IDC forecasts that SONiC-based Ethernet datacenter switches will be worth approximately $2.5 billion 0 2025 IDC also forecast the service mesh market, powered by our open-source projects, will generate more than $800 million in revenue in 2025 eBPF/Cilium has considerable market potential and is spawning a growing community and ecosystem Open-source networking projects continue to proliferate up and down the staucske sc :Vann% aand iSrce:saas1 including telco cloud, 5G/MEC IF lDC The popularity of open networks
with public APIs being introduced at critical portions in the network stack that then enable innovation above and below the switch abstraction interface side. We're creating APIs that will let us open up parts of the SDN data plane. Plus end users need to have more control over what's going on underneath them.” Rebecca Weekly, Chair and President of the Board of the Open Compute Project (OCP), recalls the early origins of open networking at the end of 2013: “Traditionally, networking was very appliance based, really just a box with software on top,” she recollects. “Open networking was trying to separate the network hardware from the network software, so that there was an opportunity to integrate and work across different solution spaces. It was also about being able to disaggregate at the hardware level, looking at devices which were closed but had common APIs that could
Cyber Risk Leaders Magazine | 27
CYBER SECURITY
be leveraged across different switch vendors, networks and even networking cards. Then it was about standardizing some aspects of the overall stack to allow people to get more innovative at the programming level.” Pere Monclus, VP/CTO, Networking with software vendor VMware remembers the input of standard bodies like the IETF, helping to look for a way to open up the definition of protocols and packet formats so networks could interoperate: “Now, fast forward 20 years, the meaning of openness has changed,” he says. “From an open source point of view we now have operating systems, abstraction, interfaces of size, contributing to a much more open ecosystem from open standards to open ecosystems.” So are we now seeing an evolution in the very purpose of networking? And in this new paradigm exactly how should networks be providing value to enterprises? “Our world is becoming ever more distributed,” says Maltz of Microsoft. “One of the important things that open networking is doing is making the network more of an active participant in, for example, securing the surfaces that are being posted on there. We see that happening at the virtualization layer, where there may be a shared physical infrastructure which is now being virtualized and made specific to the policies of each of the tenants and services hosting on that. That's exactly what's happening in our cloud hosting facilities. In the enterprise space, we see the need to put security boundaries inside even onprem facilities, or wherever they're offering services from, so that they can make sure they have good defence. Open Networking is going to enable service architects to have much better visibility, much deeper integration of the layers of their network.”
The concept of distributed computing requires more innovative solutions in the networking stack, argues Weekly of the OCP: “Accurate timekeeping is really happening within the domain space to help drive efficiencies when you're trying to coordinate across thousands of servers,” she says. “There's so much to disaggregate across the software layers, and the need to manage distributed compute, whether it's in a core data center or out at the edge. That’s been the most interesting aspect of how everything has evolved over the last eight plus years. We'll continue to see this world of software become more diverse, more specialized.” Tarazi of Dell Technologies believes it is very clear now that open networking is not just about open source: “It's a combination of open source and non-open source and it's becoming obvious that you need both,” he says. “SONiC has created standard protocols and management layer and site interfaces to normalize the different hardware options. It also created an enormous business opportunity for many companies to create software on top - storage services, encryption, security, zoning. All that is deployed on top and then there’s management layers and orchestration fabrics, and AIOps with its ability to automate your whole infrastructure. I still would say that we're halfway through on being able to make the hardware completely agnostic. This is something that the open source community will keep working on over time to enable more transparency.” Weekly says the OCP is constantly learning as new community members join: “We’re learning what we need to change, and how we need to go forward together,” she explains. “It's that combined market synergy that allows us to solve the big problems, and bring people to the table so we can break down barriers and have new aspects of innovation. We've talked a lot about SONiC and I think that's a perfect example of an area where hyperscalers led an innovation path which we’ve been able to broaden out to a large set of end users through the open source community environment. Even in that domain space, there's constant innovation that's happening both in open source and in the different vendors and suppliers in order to be able to ensure that those different end users can come together and continue to innovate.” Featured Speakers: Analyst Chair: Brad Casemore, VP Research, Datacenter and Multicloud Networking, IDC www.idc.com Ihab Tarazi, SVP & Chief Technology Officer, Integrated Products & Solutions, Dell Technologies https://www.delltechnologies.com Dave Maltz, Technical Fellow & CVP Azure Networking, Microsoft https://azure.microsoft.com Rebecca Weekly, Chair and President of the Board, Open Compute Project (OCP) https://www.opencompute.org Pere Monclus, VP/CTO, Networking, VMware www.vmware.com
28 | Cyber Risk Leaders Magazine
WATCH NOW
CYBER MAYDAY AND THE DAY AFTER – INTERVIEW WITH AUTHORS DAN LOHRMANN AND SHAMANE TAN Interview with
Dan Lohrmann and
Shamane Tan
We speak with authors Dan Lohrmann and Shamane Tan following the recent release of Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing, and Recovering from Inevitable Business Disruptions. From the Inside Flap Digital transformation and cyber insecurity converged spectacularly in recent years, leading to some of the highest profile network security failures in modern history. From the SolarWinds hack to the Colonial Pipeline ransomware event, these incidents dramatically highlighted the need for impactful and effective leadership through a crisis. In Cyber Mayday and the Day After, a team of veteran cybersecurity leaders delivers an incisive collection of stories, strategies, tactics, lessons, and outlooks from some of the top C-executive leaders around the world. Packed with insights from former FBI agents, NASA professionals, government Chief Information Security Officers, and high-profile executives, this book offers the practical examples and workable solutions that leaders need to succeed in the 21st century.
Cyber Risk Leaders Magazine | 29
AI With Everything – The future of artificial intelligence in networking ER COAV TURE FE
By Guy Matthews, Editor of NetReporter
30 | Cyber Risk Leaders Magazine
A
I is, say the experts, set to revolutionise every aspect of connectivity. The zero-touch, softwaredefined, self-healing, threat-aware networks of tomorrow will be light years from the clunky, hardwareheavy, manually-driven connections of the recent past. We are currently at a transition point between these worlds. AI-driven change is clearly needed if mounting challenges are to be addressed, argues Mark Leary, Research Director for Network Analytics and Automation with independent consulting firm IDC: “The recent Google Cloud outage is still being investigated, but it was identified as a networking issue,” he notes. “The Facebook problem a month ago, same thing, another networking matter. We've seen a wealth of these problems over the last few years. This is Facebook, Google, AWS, people with a lot of sophisticated expertise available to them. And yet they're having trouble with the complexity that networks present to them.” Pressure on network professionals is building: “The reality for most networking staff these days is that they're faced with new kinds of responsibility,” believes Leary. “They are no longer simply deploying routers and switches, changing configurations and making minor tuning adjustments. They're worried about the digital experience of the user, and getting involved in business outcomes. They’re doing more evangelism for the network with line of business units, talking about what the network can do for
digital transformation.” The drive is on to make networks better, but also simpler: “For that, we really have to turn to smarter systems that are driven by AI and machine learning,” he believes. “We need systems that take care of themselves so they can avoid the kind of problems we've seen in the last month. Da Vinci really did say it best when he said ‘Simplicity is the ultimate sophistication’.” And yet while AI is riding a wave of popularity and recognition in multiple use cases across the enterprise, its role behind the scenes in the network is, says Leary, somewhat undercelebrated: “It’s not thought of like, say, robotics on the manufacturing floor, or the kinds of automation we're seeing in healthcare and retail. Those draw a lot of attention from the press.” But the reality for most organisations is not just about looking for the next high profile, cutting-edge AI application, it’s more about using AI to do better with the technology they already have: “IT and network automation is a top concern for senior execs,” says Leary. “It’s a tremendous opportunity for AI to bring its smarts, not only in areas like development and governance but also the triggering of automated events and directing of automated activities.” “AI offers a more dynamic network infrastructure,” he explains. “One that's easier to manage, that's more secure and that is better at adapting to requirements as they develop. It’s not focused in on smart speakers and robots
“It’s not thought of like, say, robotics on the manufacturing floor, or the kinds of automation we're seeing in healthcare and retail. Those draw a lot of attention from the press.”
and all of that kind of thing. It’s about trying to figure out how to get better at delivering an infrastructure that's truly resilient. Whether you're small, medium or large, AI should be infused within your IT infrastructure. AI infusion is something that you don't really see, but you realize the benefits soon enough.” To broaden the discussion around AI and networking, Leary calls on a panel of expert names. What trends are these industry leaders noting? Andrew Coward, GM, Software Defined Networking with IBM has noted among customers a trend towards gathering lots of networking data from different sources, perhaps WiFi or the wide area network, or possibly the cloud: “But then they find they can’t quickly solve problems,” he says. “The paradox is that the more information they've collected, the less clarity they seem to get. Attention is now switching to how how to use AI to separate out the noise and focus on what's the real problem.” Kevin Deierling, Senior Vice President with NVIDIA senses a sea change: “Enterprises want to be able to operationalize data by using machine learning to write a program that can then do inferencing to guide activities,” he says. “We're seeing the atomization of the network, the breaking up of monolithic applications, the rise of containerized micro services. The impact is massive. Suddenly you've got a thousand times more eastwest traffic inside of the network. And instead of being
Figure 1: Today’s AI use cases
embedded into a single software program, you have connections between all these micro services and the zero trust environment.” He also sees AI as critical in other areas, like natural language processing: “All of that is incredibly dependent on the network,” he says. “For someone to engage with an AI device and get human response times means that the network needs to be operating flawlessly. It all has to happen in real time, and there's so much data being processed.” But AI must not be seen as infallible, or the human element discounted, warns Gaurav Rastogi, Senior Director, R&D with VMware: “When decisions are built on AI, there
Cyber Risk Leaders Magazine | 31
CYBER SECURITY
“The attack vectors you see are like 70% to do with credentials and 30% about misconfigurations. AI will build out solutions to protect web applications, protect the network and figure out if there is malware installed.” Figure 2: Solving big problems
will be false positives,” he says. “There needs to be a way to measure the efficacy of what AI is doing, and be able to test the waters. AI will never be black and white or offer 100% accuracy in decisions. There will always be times when it can be wrong and humans need to come in and help that out. Decisions must be in tune with what security or network admin intuition says.” Coward of IBM is seeing some customers address this issue by building digital twins to test out what changes to their infrastructure might mean: “If the digital twin survives, then you know that you're probably in a good place to post that to the rest of the network,” he explains. “There are some interesting ways of understanding a new model.” When it comes to AI and networking, many enterprises are underestimating the possibilities open to them, fears Deierling of NVIDIA: “They’re expecting much too little,” he says. “I think that AI is going to be much bigger than people realize. In fact it’s the most powerful technology force of our time. And companies that realize that and embrace AI and infuse it into their businesses are going to succeed and companies that don't are going to fall behind. I think in five years, or in a decade, every business will be an AI business.” And when it comes to ideas like the digital twin, people again need to be thinking bigger than they are right now, he believes: “I don't think people understand how large the virtual world is going to be. It's much larger than the real world. We just announced a digital twin of Earth. People will define and build products in the virtual world. The key is to fail fast in the virtual world so that you can succeed in the real world. This is one of the ways in which AI is going to transform businesses. After all, you wouldn't build a car or a plane without simulating. In data science, people will build a digital twin using AI to detect anomalous behaviour and network hotspots, everything modelled accurately and precisely.” Rastogi of VMware also notes that customers are looking to AI for simplicity and automation: “They are expecting systems to take care of the fine tuning. And that is not going to be possible without AI. AI is going to be a core piece of how to figure out what is your baseline what are the optimizations in the system.” He also see better security in the network as a critical AI-driven benefit: “Web application attacks are on the rise,” he points out. “The attack vectors you see are like 70% to
32 | Cyber Risk Leaders Magazine
do with credentials and 30% about misconfigurations. AI will build out solutions to protect web applications, protect the network and figure out if there is malware installed.” In conclusion, Deierling of NVIDIA calls for a secure framework to build any AI application on top of. He gives the example of 5G: “We see a ton of use cases where people are using AI-enabled 5G for robotics and smart factories, and you need low latency and slicing for that. If you have a real platform that does 5G, then it really supports all those AI workloads whether that's a kiosk in an airport that's using natural language processing or avatars and visual analytics.” Panel Acknowledgment Analyst Chair: Mark Leary, Research Director for Network Analytics and Automation, IDC www.idc.com Andrew Coward, GM, Software Defined Networking, IBM https://www.ibm.com/topics/automation Kevin Deierling, Senior Vice President, NVIDIA www.nvidia.com Gaurav Rastogi, Sr. Director, R&D, VMware www.vmware.com
#TOPWOMENINS ECURITYAS EAN www.womeninsecurityaseanregion.com #TOPWOMENINS ECURITYAS EAN
NOMINATIONS CLOSE 30TH MAY 2022 NOMINATIONS CLOSE 30TH MAY 2022
This initiative has been established to recognize women who have advanced the security industry within the ten countries of the Association of Southeast Asia Nations (ASEAN). This initiative has been established to recognize women who have advanced the security Women’s Day. Nominations opened Tuesdayof March 8th, 2022, coordinating industrywere within the tenoncountries the Association of Southeastwith AsiaInternational Nations (ASEAN). Nominations were opened on Tuesday March 8th, 2022, coordinating with International Women’s Day. SPONSORS SPONSORS
SUPPORTERS SUPPORTERS
ASEAN REGION
WOMEN IN SECURITY NETWORK
ASEAN REGION
WOMEN IN SECURITY NETWORK
MED IA PARTNERS MED IA PARTNERS
RUSSIA INVADES UKRAINE
Ukraine cyberattack prior to Russian invasion By MySecurity Media
34 | Cyber Risk Leaders Magazine
A
s the Russian invasion was starting in Ukraine, ESET researchers discovered two new wiper malware families targeting Ukrainian organizations. The first cyberattack started a few hours prior to the Russian military invasion as ESET Research reported on its Twitter account, and after the distributed denial-of-service (DDoS) attacks against major Ukrainian websites earlier that day. These destructive attacks leveraged at least three components: HermeticWiper for wiping the data, HermeticWizard for spreading on the local network, and HermeticRansom acting as a decoy ransomware. Malware artifacts suggest that the attacks had been planned for several months. As the Russian invasion started, a second destructive attack against a Ukrainian governmental network started, using a wiper that ESET Research has named IsaacWiper. “With regard to IsaacWiper, we are currently assessing its links, if any, with HermeticWiper. It is important to note that it was seen in a Ukrainian governmental organization that was not affected by HermeticWiper,” says ESET Head of Threat Research Jean-Ian Boutin. ESET researchers assess with high confidence that the affected organizations were compromised well in advance of the wiper’s deployment. “This is based on several facts: the HermeticWiper PE compilation timestamps, the oldest being December 28, 2021; the code-signing certificate issue date of April 13, 2021; and the deployment of HermeticWiper through the default domain policy in at least one instance, suggesting the attackers had prior access to one of that
victim’s Active Directory servers,” says Boutin. IsaacWiper appeared in ESET telemetry on February 24. The oldest PE compilation timestamp found was October 19, 2021, meaning that if its PE compilation timestamp was not tampered with, IsaacWiper might have been used in previous operations months earlier. In the case of HermeticWiper, ESET has observed artifacts of lateral movement inside the targeted organizations and that the attackers likely took control of an Active Directory server. A custom worm that ESET researchers named HermeticWizard was used to spread the wiper across the compromised networks. For the second wiper – IsaacWiper – the attackers used RemCom, a remote access tool, and possibly Impacket for movement inside the network. Furthermore, HermeticWiper wipes itself from disk by overwriting its own file with random bytes. This antiforensic measure is likely intended to prevent the analysis of the wiper in a post-incident analysis. The decoy ransomware HermeticRansom was deployed at the same time as HermeticWiper, potentially in order to hide the wiper’s actions. Just a day after the deployment of IsaacWiper, attackers dropped a new version with debug logs. This may indicate that the attackers were unable to wipe some of the targeted machines and added log messages to understand what was happening.
WATCH NOW
MITIGATING GLOBAL DISRUPTION AND PREDICTIONS 2022 – INTERVIEW WITH CISO OF KASEYA Interview with
Jason Manar
Chief Information Security Officer, KASEYA.
We speak with Jason Manar, Chief Information Security Officer, Kaseya. In October, 2021, Kaseya announced that it hired Jason Manar as Chief Information Security Officer (CISO). Manar, who was most recently named Assistant Special Agent in Charge for the Federal Bureau of Investigation (FBI) overseeing all cyber, counterintelligence, intelligence and the language service programs for the San Diego office, will play a pivotal role in further solidifying Kaseya’s security stance. Manar will oversee information security and compliance for Kaseya, leading the company’s cybersecurity division to identify the industry’s latest threats and vulnerabilities and intercept them. Additionally, as CISO, he will ensure compliance with security requirements associated with government regulations, which vary by global region.
Cyber Risk Leaders Magazine | 35
MARKETINVADES RUSSIA HIGHLIGHT UKRAINE
Data wiping malware HermeticWiper targets Ukraine
T
hreat actors are using data wiping malware named HermeticWiper to attack government and nongovernment organisations inside Ukraine. The online attack coincides with Russian troops moving into the country. Cybersecurity firm ESET Research discovered the malware on Wednesday. ESET telemetry revealed that the attackers have installed the malware on hundreds of machines in Ukraine. The discovery followed a distributed denial-of-service (DDoS) attack earlier in the day that targeted government and banking organisations inside the country. ESET says the wiper abuses legitimate drivers from the EaseUS Partition Master software to corrupt data. The malware works to corrupt the master book record of physical drives and every partition on those drives. The cybersecurity firm adds that the wiper was dropped via the default (domain policy) GPO in at least one of the targeted organisations, meaning that attackers had likely taken control of the active directory server. While ESET uncovered the malware mid-afternoon on Wednesday (UTC time), they note the portable executable (PE) compilation timestamp of one of the malware samples is December 28, 2021, indicating a substantial timeline and level of planning for this attack. This is the second significant malware attack aimed at Ukraine this year. In January, threat actors used wiper malware called WhisperGate to deface Ukrainian government websites. Lavi Lazarovitz, Head of Security Research, at CyberArk Labs says Hermetic Wiper isn’t your average piece of malware. “Our team has identified a few specific characteristics that make this malware unique, including that the attacks so far have been very targeted in nature and that the infections seen to date leverage compromised identities to move laterally, all leading to the potential for strong initial
36 | Cyber Risk Leaders Magazine
foothold based on their nature,” he says. Lazarovitz notes the malware does not leverage supply chain vulnerabilities or other super-spreader techniques, suggesting that the malware will not spread quickly. He highlights the reported case where the cyber-attackers had privileged access to the target’s active directory. He says that’s relatively unusual, but has been seen before in targeted human-operated incidents like the 2021 REvil group attack on Kaseya. “It’s important to note that the wiper leverages high privileges on the compromised host to make the host “unbootable” by overriding the boot records and configurations, erasing device configurations, and deleting backups,” Lazarovitz adds. “It appears that the wiper is configured not to encrypt domain controllers – that is, to keep the domain running and allow the ransomware to use valid credentials to authenticate to servers and encrypt those. This further highlights that the threat actors use compromised identities to access the network and/or move laterally.” Cybersecurity company Symantec also came across HermeticWiper this week as it monitored the unfolding military and cyber threat situation in Ukraine. They say targets included organisations in the financial, defence, aviation, and IT services sectors. Symantec also notes there is evidence of wiper attacks in Lithuania but adds the malware does not seem to have any functionality beyond its destructive capabilities. While suspicions fall on Russia or Russian backed threat actors, HermeticWiper is yet to be attributed to a specific group. “Initial indications suggest that the attacks may have been in preparation for some time,” adds Symantec. “Temporal evidence points to potentially related malicious activity beginning as early as November 2021. However, we are continuing to review and verify findings.”
WATCH NOW
CYBER WAR TACTICS AND THE CHANGE IN THREAT LANDSCAPE Interview with
Matthew Warren Professor of Cyber Security, College of Business and Law
Director of RMIT University Centre for Cyber Security Research & Innovation
Western governments have issued warnings for organisations to protect their systems against possible Russian cyber attacks. The threat potentially impacts all tiers of governments, all organisations and individuals. So what form will the Russian Cyber attacks take, there are a number of options: •
• •
•
Denial of Service attacks – is a cyber-attack in which the attacker seeks to make a machine or network resource unavailable by flooding the site with data; Web-site Defacement – hacking web pages and replacing with an alternative web page usually with a political message; Ransomware – infecting organisations with malware that spreads across the system and locks down the system until a ransom (usually in bitcoin is paid); Hacking – stealing information that is either publicly disclosed or sold via the darknet.
Cyber Risk Leaders Magazine | 37
RUSSIA INVADES UKRAINE
Scammers take advantage of Ukrainian conflict By MySecurity Media
38 | Cyber Risk Leaders Magazine
A
vast security experts have detected scammers pretending to be Ukrainian nationals affected by the current conflict asking for Bitcoin on social media. Avast Malware analysist Michal Salát says; “As cybercriminals seek to take advantage of the chaos, we have tracked in the last 48 hours a number of scammers who are tricking people out of money by pretending they are Ukrainians in desperate need of financial help. In the past, we have seen similar scams for people stuck while traveling or looking for love. Unfortunately, these attackers do not operate ethically and will use any opportunity to get money out of people willing to help others in need. What’s suspicious is the immediate mention of Bitcoin, as well as the usernames that consist only of letters and numbers.” ESET also reported another scam of a webpage asking people for support by buying “UkraineTokens.” There also might be some legitimately troubled people who are
using cryptocurrency requests to ask for help. However, like the person in this Russian underground forum, it’s not clear which requests are legitimate requests. This poster is asking other forum users for $1.2 in BTC to help him in a dire situation and it’s interesting to note that the Bitcoin transaction fee is higher than the requested amount. There have also been reports of similar scams spreading on TikTok and other social media sites. “In general, we strongly advise not to send any money to unknown people directly, especially in any form of cryptocurrency, as it is virtually impossible to deduce if it is a person in need or a scammer. If you want to help the people of Ukraine, we recommend people only donate through official, trusted organizations and do so directly on their website rather than any links shared on social media” says Michal.
CYBER RESILIENCE
WATCH NOW
ASSESSING RISK IN ICS ENVIRONMENTS Interview with
Dr. Tom Winston Director of Intelligence with Dragos Inc
Ransomware has captured the attention of many due to its far-reaching impacts on industrial control systems (ICS). Once a problem that only affected IT infrastructure, ransomware that now targets ICS / OT can significantly impact or even shut-down control processing, logistics, distribution, and delivery of critical goods. We speak with Dr. Tom Winston, Director of Intelligence with Dragos Inc, based in Virginia. Dr. Winston is a Cyber Security subject matter expert focused on threats to critical infrastructure (ICS/SCADA) systems, as well as foreign cyber threat intelligence and threat analysis. Tom has extensive public and private sector experience in IT/OT threat environments to include hunting, detection engineering and reverse engineering. Tom has extensive experience in mobile devices, removable/fixed media digital forensics. Tom is also a seasoned manager of people, technology, projects, and programs. Multilingual, and with extensive experience in international relations, intelligence, and foreign policy analysis. Dr Winston has extensive private and public sector experience in IT/OT threat environments to include hunting, detection engineering and reverse engineering.
Cyber Risk Leaders Magazine | 39
CYBER RESILIENCE
Asia Most Cyberattacked Region By Staff Writer MySecurity Media
40 | Cyber Risk Leaders Magazine
I
BM Security has released its annual X-Force Threat Intelligence Index unveiling how ransomware and vulnerability exploitations together were able to “imprison” businesses in 2021 further burdening global supply chains, with manufacturing emerging as the most targeted industry. While phishing was the most common cause of cyberattacks in general in the past year, IBM Security X-Force observed a 33% increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry that ransomware actors relied on more than any other to carry out their attacks in 2021, representing the cause of 44% of ransomware attacks. The 2022 report details how in 2021 ransomware actors attempted to “fracture” the backbone of global supply chains with attacks on manufacturing, which became 2021’s most attacked industry (23%), dethroning financial services and insurance after a long reign. Experiencing more ransomware attacks than any other industry, attackers wagered on the ripple effect that disruption on manufacturing organizations would cause their downstream supply chains to pressure them into paying the ransom. An alarming 47% of attacks on manufacturing were caused due to vulnerabilities that victim organizations had not yet or could not patch, highlighting the need for organizations to prioritize vulnerability management. The 2022 IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns IBM Security observed and analyzed from its data – drawing from billions
of datapoints ranging from network and endpoint detection devices, incident response engagements, phishing kit tracking and more, including data provided by Intezer. Some of the top highlights in this year’s report include: •
Ransomware Gangs Defy Takedowns. Ransomware persisted as the top attack method observed in 2021, with ransomware groups showing no sign of stopping, despite the uptick in ransomware takedowns. According to the 2022 report, the average lifespan of a ransomware group before shutting down or rebranding is 17 months. • Vulnerabilities Expose Businesses’ Biggest “Vice”. X-Force reveals that for businesses in Europe, Asia and MEA, unpatched vulnerabilities caused approximately 50% of attacks in 2021, exposing businesses’ biggest struggle– patching vulnerabilities. • Early Warning Signs of Cyber Crisis in the Cloud. Cybercriminals are laying the groundwork to target cloud environments, with the 2022 report revealing a 146% increase in new Linux ransomware code and a shift to Docker-focused targeting, potentially making it easier for more threat actors to leverage cloud environments for malicious purposes. “Cybercriminals usually chase the money. Now with ransomware they are chasing leverage,” said Charles Henderson, Head of IBM X-Force. “Businesses should recognize that vulnerabilities are holding them in a
workloads, and remove threat actors’ leverage in the event of a compromise by making it harder to access critical data in hybrid cloud environments.
Vulnerabilities Become an Existential Crisis for Some The X-Force report highlights the record high number of vulnerabilities disclosed in 2021, with vulnerabilities in Industrial Control Systems rising by 50% year-over-year. Although more than 146,000 vulnerabilities have been disclosed in the past decade, it’s only been in recent years that organizations accelerated their digital journey, largely driven by the pandemic, suggesting that the vulnerability management challenge has yet to reach its peak. At the same time, vulnerability exploitation as an attack method is growing more popular. X-Force observed a 33% increase since the previous year, with the two most exploited vulnerabilities observed in 2021 found in widely used enterprise applications (Microsoft Exchange, Apache Log4J Library). Enterprises’ challenge to manage vulnerabilities may continue to exacerbate as digital infrastructures expand and businesses can grow overwhelmed with audit and upkeep requirements, highlighting the importance of operating on the assumption of compromise and applying a zero trust strategy to help protect their architecture.
Attackers Target Common Grounds Amongst Clouds
deadlock – as ransomware actors use that to their advantage. This is a non-binary challenge. The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero trust strategy.”
The “Nine Lives” of Ransomware Groups Responding to the recent acceleration of ransomware takedowns by law enforcement, ransomware groups may be activating their own disaster recovery plans. X-Force’s analysis reveals that the average lifespan of a ransomware group before shutting down or rebranding is 17 months. For example, REvil which was responsible for 37% of all ransomware attacks in 2021, persisted for four years through rebrands, suggesting the likelihood it resurfaces again despite its takedown by a multi-government operation in mid 2021. While law enforcement takedowns can slow down ransomware attackers, they are also burdening them with the expenses required to fund their rebranding or rebuild their infrastructure. As the playing field changes, it’s important that organizations modernize their infrastructure to place their data in an environment that can help safeguard it – whether that be on-premises or in clouds. This can help businesses manage, control, and protect their
In 2021, X-Force observed more attackers shifting their targeting to containers like Docker – by far the most dominant container runtime engine according to RedHat. Attackers recognize that containers are common grounds amongst organizations so they are doubling down on ways to maximize their ROI with malware that can cross platforms and can be used as a jumping off point to other components of their victims’ infrastructure. The 2022 report also sounds caution on threat actors’ continued investment into unique, previously unobserved, Linux malware, with data provided by Intezer revealing a 146% increase in Linux ransomware that has new code. As attackers remain steady in their pursuit of ways to scale operations through cloud environments, businesses must focus on extending visibility into their hybrid infrastructure. Hybrid cloud environments that are built on interoperability and open standards can help organizations detect blind spots and accelerate and automate security responses.
Additional findings from the 2022 report include: Asia Leads Attacks – Experiencing over 1 in 4 attacks that IBM observed globally in 2021, Asia saw more cyberattacks than any other region in the past year. Financial services and manufacturing organizations together experienced nearly 60% of attacks in Asia. First Time Caller, Long Time Phisher – Phishing was the most common cause of cyberattacks in 2021. In X-Force Red’s penetration tests, the click rate in its phishing campaigns tripled when combined with phone calls.
Cyber Risk Leaders Magazine | 41
CYBER SECURITY
WATCH NOW
KEY SECURITY METRICS – MEASURING & MONITORING THE CYBERSECURITY STRATEGY
Interview with
Adam DenyerHampton International Lead for the Pre-Sales Engineering team
We speak with Adam Denyer-Hampton, International Lead for the Pre-Sales Engineering team at SecurityScorecard. We discuss the key security metrics and the basis for developing a Security Strategy for the Board to Monitor. We also discuss what to measure or what can be measured, as well as real-time versus intermittent monitoring. Adam has 15 years of experience in successfully delivering large and complex IT security solutions for major global companies, across Europe and APAC, including the defence and government agencies. Prior to joining SecurityScorecard, Adam held key technical roles at companies such as SafeNet, SourceFire (part of Cisco Systems) and IT Security Experts, where he managed solution deployments and technical consultations/trainings to meet customer requirements and successfully onboard them to new solutions. For further information and insights, attend a special virtual event with MySecurity Media & SecurityScorecard on Thursday 10 February, 1:30pm SGT – Presenting the Cyber Security Strategy to the Board of Directors – Key Metrics | Third Party Risk | Cyber Insurance
42 | Cyber Risk Leaders Magazine
CYBER SECURITY
WATCH NOW
NEW RESEARCH FROM ISACA EXPLORES THE LATEST TRENDS IN ENTERPRISE PRIVACY Interview with
Jo Stewart Rattray Information Advisory Group ISACA
Interview with
Safia Kazi
ISACA Privacy Professional Practice Advisor
New research from ISACA explores the latest trends in enterprise privacy— from privacy workforce and privacy by design to privacy challenges and the future of privacy—in its new Privacy in Practice 2022 survey report, sponsored by OneTrust. The report, which examines responses from the global ISACA State of Privacy survey conducted in the third quarter of 2021, highlights the persistent understaffing that is impacting enterprise privacy teams. Respondents indicate that both legal/compliance (46 percent of respondents) and technical privacy roles (55 percent of respondents) at enterprises are understaffed, and the issue has only worsened since last year. Forty-one percent also report that the biggest challenge in forming a privacy program is a lack of competent resources. We speak with Jo Stewart-Rattray, Information Security Advisory Group, ISACA and Safia Kazi, ISACA Privacy Professional Practice Advisor.
Cyber Risk Leaders Magazine | 43
CYBER SECURITY
Exploring the Myths of Zero Trust By Guy Matthews, Editor of NetReporter
44 | Cyber Risk Leaders Magazine
Z
ero Trust is not a technology. It’s a state of mind, or perhaps a philosophical stance. So believes Rik Turner, Principal Analyst, Emerging Technologies with consulting firm Omdia: “It's a mindset, and as such it involves as much of a cultural change in a company as it does any actual technology that you're going to use to enable it,” he says. Step one of this culture change, he believes, is to move away from previous security paradigms, such as ‘trust but verify’. “You used to log on at the gate, and they would check who you were, verify you, and once you were in, that’s it,” recalls Turner. “That no longer holds. It's faulty and extremely vulnerable. The Zero Trust mentality is summed up as ‘never trust, always verify’.” Zero Trust, he says, means no trust for any employee, partner, partner’s employee or contractor, at any time: “It’s across the board, from your internal employees all the way through to the third parties that you let interact with your system. No more trust for any of them.” The future of getting on to a network lies in authenticating all parties, their identity and the security posture of their device every time they request access to any individual asset within your infrastructure: “It’s about asking for access to a particular application, to a specific asset, to a particular database, and even then only if they meet all the criteria,” notes Turner. “There may be criteria such as time of day. We don't want just anybody dialling in at two o'clock in the morning, because that's a bit strange. Equally we don't want people who normally log in from the UK to suddenly dial in from China. There will be geographic limits here and there that you yourself can choose and set
in order to frame the authentication and authorization of that individual.” It is also important, says Turner, to continuously monitor what a person does once admitted to a network in case another individual hijacks their account: “Suddenly there's somebody else who appears to have been authenticated at the entry point. So you have to keep an eye on them effectively throughout a session looking for anomalous behavior. Then you can either block them altogether, kill the session, or if you have some level of confidence that it is still them, you'd like to reaffirm that confidence.” Turner talks of Zero Trust as sometimes seeming akin to ‘institutionalized paranoia’: “It would certainly be seen as paranoia in your social life,” he notes. “But we are talking about your corporate existence, and the need to defend your corporate assets, your data, your infrastructure, even your people, and sometimes Zero Trust is going to meet resistance. There will be people within your organization who say ‘this is a bit extreme isn’t it?’” To broaden the conversation, Turner talks to a select panel of security experts from around the tech sector to find out what they are doing to help customers embrace Zero Trust. “We tell them it’s about trying to give every device, user, anything that enters your network, the absolute lowest level of privilege that you can possibly give to them,” says Jordan LaRose, Director of Consulting and Incident Response, Americas with F-Secure. “But it's not like you have to throw the baby out with the bathwater. You don't have to completely strip out everything in terms of privilege. You
CYBER SECURITY
“We tell them it’s about trying to give every device, user, anything that enters your network, the absolute lowest level of privilege that you can possibly give to them,”
really need to carefully consider how every single piece of your environment is put together.” “The first thing we do to help our customers is enable them to do what's now being called ‘shift left’, in other words build Zero Trust technology into the development and delivery lifecycle, rather than bolting it on later,” explains Galeal Zino, Founder and CEO with NetFoundry. “We're enabling developers and DevOps and NetOps to do that, which makes life much easier for end users down the line. And then the second thing is what I call ‘journey plus destination’ where we want to give customers the ability to get their organization where they need to go, not just from a security perspective but a business perspective. We need to enable them to take an iterative approach to produce tangible business benefits.” Chris Kent, Senior Director, Product Marketing with Hashicorp sees companies moving on from an on-prem world where trust was implied to more of a distributed world where there are multiple clouds and hybrid models: “We really believe that Zero Trust is predicated on the idea of authenticating and authorizing everything based on identity, the identity of the person, the identity of the machine, and that every action that is taken, everything has to be verified,” he says. Gone are those days of the hardened perimeter, points out Vivek Bhandari, Senior Director of Product Marketing, Networking & Security with VMware. “Back then everything inside was good and anybody could access anything. Now there’s the mindset of the unwelcome guest within our environment. At VMware we’ve been talking to a lot of customers and realised that the environment has become
very complex, and so what we are focusing on are some key areas where we have an intrinsic advantage with our platforms to help customers simplify and accelerate their journey to Zero Trust.” Ian Farquhar is Field CTO (Global), Director, Security Architecture Team with Gigamon which he says has been involved in a lot of Zero Trust pilots: “It’s important to talk about practical, achievable outcomes because lots of people are asking how to make it work in the real world,” he says. “It's a difficult transition and you need to troubleshoot and to diagnose and to verify the function of all the controls.” Bhandari of VMware invites the analogy of somebody breaking into your house and then staying for weeks or months, going from room to room and listening in to conversations: “It’s untenable,” says. “We can't imagine somebody doing that in our homes, but yet that is what is happening within our networks today, and that's why there is all this need is for Zero Trust,” he says. “That’s why we have built in capabilities, leveraging our Carbon Black endpoint solution that is now integrated into the hypervisor for customers. Then you have an agentless experience where you can ubiquitously deploy best of breed EDR technology for server workloads.” Kent of Hashicorp believes micro segmentation to be interesting and important: “Because one of the ways that we're seeing the world change is this idea of stepping outside of the realm of the VPNs, the SD-WANs and going more on to the service level,” he says. “That’s why we have a product called Console, both in an open source and enterprise version, which allows for service networking while securing the access between two services. Database A can talk to application B, and any other request that comes in is just blocked. You're also encrypting traffic between them.” Farquhar says that Gigamon has also done a lot of work with micro segmentation, not only in the cloud environment but in the physical environment: “When we are doing Zero Trust, we need to look at the whole network,” he notes. “A lot of people view Zero Trust only through the lens of managed devices. Real networks don't look like that. I'm sure many people heard the story of the casino in Las Vegas that got hacked through an IoT temperature thermometer in an aquarium in the foyer. The attacker got through and into the casino’s network. So how do we manage this? By looking at the network behavior of every device.” So how to achieve more widespread Zero Trust adoption in the face of all this complexity and danger? LaRose of F-Secure doesn’t see security as a problem that you can solve but only mitigate: “It's a problem that you
Cyber Risk Leaders Magazine | 45
CYBER SECURITY
can strategize around, but it's not something where you're going to find a silver bullet solution for. It's something that plays into a wider security strategy that supports a Zero Trust methodology and gives you a chance against these attackers that are coming in through your microwave or through maybe even a microchip in the back of your mainframe.” Zino of NetFoundry adds that the objective of any company is not Zero Trust, or even security: “It's delivering an awesome experience to their customers,” he says. “It's innovating. Those are the actual business goals. Modern companies with modern architectures are multi-cloud. The compute is all over the place it will increasingly be at the edge as well. We are moving to a distributed compute world where it’s all about the application, not the network. Obviously, no network should be trusted. That's not the job of the network. The job of the network is to deliver packets. When we make it about the application and we identify, authenticate and authorize based on a number of factors that have nothing to do with the network, then we can properly enable application access not just from a security perspective, but also from a business velocity, agility extensibility perspective.” Featured Speakers: Analyst Chair: Rik Turner, Principal Analyst, Emerging Technologies, Omdia https://omdia.tech.informa.com/ Jordan LaRose, Director of Consulting and Incident Response, Americas, F-Secure https://www.f-secure.com/gb-en Ian Farquhar, Field CTO (Global), Director, Security Architecture Team, Gigamon https://www.gigamon.com/ Chris Kent, Senior Director, Product Marketing, Hashicorp https://www.hashicorp.com/ Galeal Zino, Founder & CEO, NetFoundry https://netfoundry.io/ Vivek Bhandari, Senior Director of Product Marketing, Networking & Security, VMware www.vmware.com
46 | Cyber Risk Leaders Magazine
Editor’s viewpoint: Many people feel somewhat confused about exactly what is meant by ‘Zero Trust’, writes Guy Matthews, Editor of NetReporter. At NetReporter we call it a security framework that demands that all users of a network, and all devices that wish to attach to that network, be authenticated, authorized, and validated on an ongoing basis before being given access to applications and data. Initially coined in 2010 by an analyst from Forrester Research, it is a model that moves beyond the idea of a traditional network edge, acknowledging that networks can be local, based in the cloud, or a hybrid of the two, with resources and users that might be located anywhere. It is increasingly being seen as the basis for securing infrastructure and data in an era of digital transformation, addressing modern cloud-related challenges such as securing remote workers, managing complex cloud environments, and seeing off ransomware threats.
WATCH NOW
FUTURE OF ZERO-TRUST – INSIGHTS INTO THE ACQUISITION OF GUARDICORE Interview with
Chris Gibbs
Managing Director & Vice President ANZ
and
Ariel Zeitlin VP CTO Enterprise Security Group
We speak with Ariel Zeitlin, VP, CTO Enterprise Security Group at Akamai Technologies and Chris Gibbs, Managing Director and Regional Vice President, Australia and New Zealand. Ariel co-founded Guardicore, after spending 11 years as an officer in the Israeli Defense Forces (IDF), where he worked closely with Guardicore’s cofounder Pavel Gurvich. At Akamai, Ariel is focusing on building best in class Zero Trust platform. Chris joined Akamai in 2021 with more than 20 years of strategic leadership experience within the technology and telecommunications sector, across both Australia and Asia-Pacific & Japan (APJ). In September 2021, Akamai Technologies, Inc. (NASDAQ: AKAM), announced it will acquire Tel Aviv, Israel-based Guardicore. By adding Guardicore’s micro-segmentation solution into Akamai’s extensive Zero Trust security portfolio, Akamai has broadened its solution suite to provide comprehensive protections to the enterprise, defending against threat actors and the spread of malware and ransomware.
Cyber Risk Leaders Magazine | 47
CYBER SECURITY
What are the hot tech trends for 2022? By Guy Matthews, Editor of NetReporter
48 | Cyber Risk Leaders Magazine
Many organisations have spent the last couple of years battling to adapt and survive in uncertain times. With 2022 underway, the emphasis is shifting to recovery, growth and investment in the kind of transformational technology that will underpin a bold, secure and prosperous future. So what will be the hottest trends of the next 12 months? Where will tech take us? Scott Raynovich, Founder & Principal Analyst with independent consulting firm Futuriom believes that many of the most significant developments will be around cloud: “As everybody knows, there's a lot of exciting stuff going on with cloud technology,” he enthuses. “I expect multi cloud and hybrid to continue to gain momentum this year. There were some quite large cloud failures in the second half of 2021, so people will look at diversifying their cloud providers so they have a backup plan. We’re going to see a lot happening at the edge, and with 5G deployment, as well as the placing of real time intelligence closer to the user. Everybody's talking about digital transformation, and for many people that means implementing nimble, agile applications which can be delivered with the cloud.” Too many organisations, he says, are using networks that weren't originally built to handle multiple clouds: “We’re going to see more emerging solutions in multi cloud networking as well as network as a service,” he adds. “Cybersecurity is also always evolving and getting smarter, trying to keep up with the bad guys. Now we’re seeing unified cloud security models which embed intelligence
into the applications themselves so we can make sure the people talking to the applications are the right people, or things.” Raynovich also looks forward to an emerging area he calls confidential cloud: “How do you create a secure enclave on the cloud side to protect not just data at rest and data in motion, but data in use with hardware security? There are also horizontal technologies such as AI which enable many different applications.” Raynovich also foresees further movement towards open solutions and open networking, trends that are in strong demand with the end users he talks to. He’s additionally picking up a strong desire from end users to integrate their enterprise data centers with cloud provider networks. “Another area we're watching is innovation in AI at the edge,” he continues. “AI is a horizontal technology, but it's especially important at the edge because part of the edge is about bringing processing power closer to the customer, whether that's automated factories, or self-driving cars or retail and business analytics. New infrastructure is going to create all sorts of opportunities of the edge, especially the far edge.” To understand more about what is happening at the edge and with trends in AI, cyber protection and multi cloud networking, Raynovich talks to a number of experts from around the technology ecosystem. Shekar Ayyar is Chairman and CEO with Arrcus, a specialist in connected edge solutions. He notes key
CYBER SECURITY
Figure 1: Cloud networking strategies
developments in the cloud world: “The giant hyper scale clouds are starting to get fragmented and distributed out,” he observes. “We’re also starting to see the 5G environment bang heads with the compute clouds. You're going to have different compute resources coming together and being made accessible through APIs for applications. And thirdly, transport networks which have historically been monolithic in their outlook, are now getting disaggregated, fragmented and distributed. If you put these three pieces together, this defines what the universe looks like for our hybrid multi cloud existence. The old world of single siloed architectures is out.” Galeal Zino, Founder & CEO of Zero Trust networking provider NetFoundry broadly agrees with this vision: “As these monolithic applications break down into containers, microservices and lambda functions, you have to do the same thing to the network,” he believes. “This means you have an opportunity to orchestrate secure networking the way you orchestrate software. And that's really exciting.” Solving challenges in areas like security, visibility, observability of apps and micro services are among today’s most pressing CIO issues, says Chris Wolf, Chief Research & Innovation Officer with virtualisation vendor VMware: “The network plays a key part here,” he claims. “We are making significant investments also around distributed edge technologies, and in moving the network and compute platforms near to the consumer of the applications. Agility around this space is going to be
important as we start to move forward. We’re already seeing good examples of that today.” On the issue of cloud security, Ayal Yogev, CEO and Co-Founder of cloud solution vendor Anjuna Security, the developer of confidential cloud software, notes that cloud service providers are sometimes better security experts than enterprises: “Cloud is essentially somebody else managing your infrastructure, and by definition if somebody is managing your infrastructure then they have access to all of your data,” he observes. “This is a huge problem for many organizations. We need a shared responsibility model, where the customer is in charge and responsible for securing their data, but the cloud service provider has to share that responsibility.” But many organisations, especially banks, don’t care for this model: “They're saying it's our data, we're regulated, the public clouds are not regulated, and we don't want them to have any access to our data,” adds Yogev. “I think 2021 was a year of huge change where the cloud providers added concepts like confidential computing, which is essentially privacy in the cloud, the ability to completely isolate access from the infrastructure, from access to the data. That now allows clouds to go to their customers and tell them we don't have any access to your data on top of our infrastructure, which in turn allows customers to move more sensitive workloads to the cloud.” Hiro Rio Maeda is Managing Partner with investment house DNX Ventures, and he sees new security-related challenges on the horizon: “You have to build a DevSecOps practice fast, but you need to build it secure,” he believes. “This is very difficult because where once security was something that was managed by a security team, now the budget and responsibility is shifting to the line of business that is building the application. That's a big shift change and lots of automation tools are being invented to support that.” “The world won't be secure unless we can move networking and security into the heart of the development
Cyber Risk Leaders Magazine | 49
CYBER SECURITY
Featured Speakers: Analyst Chair: Scott Raynovich, Founder & Principal Analyst, Futuriom www.futuriom.com/ Ayal Yogev, CEO & Co-Founder, Anjuna Security Inc. www.anjuna.io Shekar Ayyar, Chairman & CEO, Arrcus www.arrcus.com Hiro Rio Maeda, Managing Partner, DNX Ventures www.dnx.vc
Figure 2: The edge cloud
delivery lifecycle,” agrees Zino of NetFoundry. “That's a really important difference compared to the world of 10 or 20 years ago where networking security could be put around the periphery on Day Two. The security of the future will be baked in rather than bolted on. We’re talking about security as code.” When it comes to developments at the edge, many people, points out Wolf of VMware, are wondering why things are moving so slowly, given all the talk over the years: “Why hasn’t there been more modernizing at the edge? What it boils down to in many cases is availability of apps and services that create business value. It’s also cost. We're seeing traction start to pick up now. We announced Project Santa Cruz at VMworld in October, which will combine an SD-WAN appliance with modern applications such as containers and cloud services. Now you’re saving an organization costs and giving them a way to modernize. It’s this type of simplicity that organizations want.” Ayyar of Arrcus wants more talk about what’s happening at the 5G edge, particularly in the field of retail: “It's clear that there is a transformation happening in the retail industry in terms of how distributed computing and artificial intelligence are going to weigh in with networks and with the omni channel experience. If you think about the connectivity fabric from service providers, it’s about bringing compute and connectivity down to the level of smaller form factors at the edge and making that a useful construct for enterprises to consume.” Zino of NetFoundry sees the edge as an important new paradigm that is at best a work in progress: “If you look at innovation generally, you need a new frontier,” he concludes. “On the other hand, you also need an environment where you can iterate and experiment and therefore you need a certain simplicity. I'm not sure we're there yet for edge, and I’m not sure that mainstream developers are ready to tinker at the edge. The cost and complexity issues aren't quite there. But I think we've made tremendous progress. Maybe this is the year that we start to make enough progress so that the developers can iterate and we get the killer apps. There’s an inflection point I'm looking at where, as a developer, the edge is simple enough and cheap enough so that I can experiment and innovate.”
50 | Cyber Risk Leaders Magazine
Galeal Zino, Founder & CEO, NetFoundry https://netfoundry.io/ Chris Wolf, Chief Research & Innovation Officer, VMware www.vmware.com
Next issue coming soon
Cyber Risk Leaders Magazine | 51
Search and find all upcoming featured security events
Plus many more! 52 | Cyber Risk Leaders Magazine
www.mysecuritymarketplace.com
Join us for a selection of curated online educational seminars covering the latest topics and trends from the smart city world. Check out some of the listed topics below. Build your network, gain knowledge, and meet like-minded people, business and policy experts, academic researchers, and decision makers from the smart city community
TOPICS IoT & Industry 4.0 City command centres & integration opportunities Emergency management & comminications REGISTER INTEREST
Sustainability & Net Zero Mobility & 5G Networks Policy & Governance Smart Buildings Video Analytics & Sensors
BECOME A SPONSOR
P R O U D LY P R O D U C E D B Y
Cyber Risk Leaders Magazine | 53
·.... .....-
SECON eGISEC
The One and Only Integrated Security Exhibition in Asia Concurrent Event
eGISEC2022
.00-- ......................... ,.
r. _ t
t5T;,.,�"
I:
,;,_
. I ◄
-
•.
�,i=;,.
-=•---
"��
�
Q
j
Member of the Global IFSEC Group
SECON2022 International Security Exhibition & Conference
20- 22 April 2022
KINTEX, Korea
�.,.,_
N«wotl< """ 25,000+ Physic4lf. toTood IT Soo.w,ty
J
thebn I intorma markets SECON & oGISEC Secretariat
T. +82-2-6715-5400 F. +82-2-432-5885 E. global@seconexpo.com
80% 0--0 ot total Exhibitors CB=) RETURN lN 2020
� 30,000m'
� E.xhlbitionAle.i
