Post thumbnail
As we look at what’s happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a lesson we can apply to threat modeling. An example of asset-driven thinking leads the article Hack may have exposed deep US secrets; damage yet unknown. And I don’t want…
Read More The Asset Trap[Update: 3 comments] Fireeye’s announcement of their discovery of a breach is all over the news. The Reuters article quotes a ‘Western security official’ as saying “Plenty of similar companies have also been popped like this.” I have two comments. First, it’s easy for anyone to label attackers “sophisticated.” Fireeye certainly has more data and…
Read More Fireeye Hack & CultureMark Rasch, who created the Computer Crime Unit at the United States Department of Justice, has an essay, “Conceal and Fail to Report – The Uber CSO Indictment.” The case is causing great consternation in the InfoSec community partly because it is the first instance in which a CSO or CISO has been personally held…
Read More The Uber CSO indictment
Post thumbnail
I want to call out some impressive aspects of a report by Proofpoint: TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware. There are many praise-worthy aspects of this report, starting from the amazing lack of hyperbole, and the focus on facts, rather than opinions. The extraordinary lack of adjectives…
Read More Threat Research: More Like This
Post thumbnail
Understanding the way intrusions really happen is a long-standing interest of mine. This is quite a different set of questions compared to “how long does it take to detect,” or “how many records are stolen?” How the intrusion happens is about questions like: Is it phishing emails that steal creds? Email attachments with exploits? SQL…
Read More How Are Computers Compromised (2020 Edition)Alexandre Sieira has some very interesting and actionable advice from looking at the Capital One Breach in “Learning from the July 2019 Capital One Breach.” Alex starts by saying “The first thing I want to make clear is that I sympathize with the Capital One security and operations teams at this difficult time. Capital One…
Read More Actionable Followups from the Capital One Breach
Post thumbnail
I’m happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance. They asked us to look at the value of DNS security, such as when your DNS provider uses threat intel to block malicious sites. It’s surprising how effective it is for…
Read More DNS Security
Post thumbnail
The House Oversight Committee has released a scathing report on Equifax. Through the investigation, the Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to Mandiant, the forensic firm hired to conduct an investigation…
Read More House Oversight Committee on EquifaxI have regularly asked why we don’t know more about the Equifax breach, including in comments in “That Was Close! Reward Reporting of Cybersecurity ‘Near Misses’.” These questions are not intended to attack Equifax. Rather, we can use their breach as a mirror to reflect, and ask questions about how defenses work, and learn things…
Read More GAO Report on EquifaxWell, Richard Smith has “resigned” from Equifax. The CEO being fired is a rare outcome of a breach, and so I want to discuss what’s going on and put it into context, which includes the failures at DHS, and Deloitte breach. Also, I aim to follow the advice to praise specifically and criticize in general,…
Read More It’s Not The Crime, It’s The Coverup or the Chaos