Tuesday, February 14, 2017

When you get the Ransom note, it’s already too late to secure your databases.  
I’ve reported on this concern before, but Tom Spring has a nice write-up on ThreatPost that begins:
Recent attacks against insecure MongoDB, Hadoop and CouchDB installations represent a new phase in online extortion, born from ransomware’s roots with the promise of becoming a nemesis for years to come.
“These types of attacks have grown from ones of opportunity to full-scale automated and systematic assaults targeting misconfigured servers containing sensitive data that can be easily hijacked,” said Zohar Alon, co-founder and CEO, security firm Dome9.
First spotted on Dec. 27 by Victor Gevers, an ethical hacker and founder of GDI Foundation, attacks in the past two months shot up from 200 to near 50,000.
Security researchers at Rapid7 estimate that 50 percent of the 56,000 vulnerable MongoDB servers have been ransomed.  When it comes to similar misconfigured databases; 58 percent of the 18,000 vulnerable Elasticsearch servers have been ransomed and of the 4,500 CouchDB servers vulnerable 10 percent have been ransomed.
“It’s about the path of least resistance for hackers interested in the biggest potential reward,” said Bob Rudis, chief data security officer at Rapid7.  “Hackers have decided it’s easier to end-run an enterprise’s multi-million dollar security system and instead simply target an open server.”
But these servers are NOT being ransomed even though there are “ransom demands.”  What researchers from GDI Foundation have found is that the servers are just being wiped and a ransom note left in their place.  But if entities pay the “ransom,” they still don’t get the database back because it appears that the databases are not being copied and exfiltrated.
Read more on ThreatPost.  And read GDI Foundation’s warning on Hadoop, as Hadoop installations have also been attacked.

Perhaps we can get a better understanding?
DHS Uses Cyber Kill Chain to Analyze Russia-Linked Election Hacks
   On Dec. 29, 2016, the DHS and FBI published an initial Joint Analysis Report (JAR) detailing the tools and infrastructure used by Russian hackers designated by DHS as “GRIZZLY STEPPE” in attacks against the United States election.  The previous report, however, didn’t deliver on its promise, security experts argued.  
While the original report included a series of IOCs, some said that they were of low quality, had limited utility to defenders, and were published as a political tool attempting to connect the attacks to Russia.
The new report is described by DHS as an Analytical Report (AR) providing a “thorough analysis of the methods threat actors use to infiltrate systems” in relation to the GRIZZLY STEPPE hackers.  The report provides additional details on IOCs, along with analysis along phases of the cyber kill chain, and suggests specific mitigation techniques that could be used to counter GRIZZLY STEPPE attackers.
DHS analysts leveraged the Cyber Kill Chain framework created by Lockheed Martin that describes the phases of an attack.  The report summarizes the activity of the campaign using each phase of the Cyber Kill Chain, which are Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on the Objective.

It’s why I make my students give presentations.
Gartner and industry experts on the booming market for security awareness training
Andrew Walls, research vice president for security, risk and privacy at analyst firm Gartner, estimated the security awareness training market at more than $1 billion in late 2014.
   A new report from Cybersecurity Ventures states that training employees how to recognize and defend against cyber attacks is the most underspent sector of the cybersecurity industry - a sector that can be worth $10 billion by 2027. 
   Training the world's employees on how to detect and respond to spear phishing and other hacks aimed at users will cost billions of dollars.  But it may be the world's best ROI in the war against cybercrime - which is predicted to cost organizations $6 trillion annually by 2021.

My students need to understand that businesses do not make decisions like this based only on the technology. 
Woolworths shifts infrastructure to Azure
   "To cater for the [business'] extensive growth, the team made the decision that rather than continue to host the service internally, we would seek a cloud alternative," Rana said.
"The series of unique requirements we had made our decision to move to Microsoft Azure clear cut."
At last count Woolworths’ technology environment spanned 550 major applications supporting 25,000 point-of-sale (PoS) units, 7000 self-service checkouts, and 11,000 back-office workstations.  It relies on an SAP system for its core merchandising activities.
Three data centres with 6500 servers supported its applications, alongside 3200 in-store servers and 250 servers across its distribution centres.
   Woolworths would only consider a locally-based, multi-region, active-active cloud solution that could guarantee its uptime and availability, Rana said.
"Trying to replicate this internally would have been far too costly."
   The Woolworths IT team now no longer needs to manually scale its environment to deal with periods of peak load, Rana said - something that was previously impossible.

Just a thought, but do you suppose Jeff Bezos designed this for his own use and amusement? 
Amazon Is Challenging Microsoft and Cisco With a Yet Another Service

I wonder if I could do something like this for my students. 
Apple Shows Off Sneak Peek of Original Series 'Planet of the Apps'
   In the clip shown to attendees of the Code Media conference, app developers have 60 seconds to get Planet of the Apps' group of advisors — Jessica Alba, Will.i.am, Gwyneth Paltrow and Gary Vaynerchuk — excited about their projects.  Those picked work directly with their advisors, preparing them to pitch in front of a group of venture capitalists from Bay Area firm Lightspeed Venture Partners. 

My students will be amused. 
Dubai To Put Autonomous Taxi Drones In The Skies 'This Summer'
When the ruling family decrees that a quarter of all journeys in a city state will be autonomous by 2030, someone somewhere is obliged to make that start happening as soon as possible.
   The flying taxis are being manufactured by Chinese drone-making firm EHang and can carry a person weighing up to 100 kilograms (about 220 pounds) along with a small suitcase.  Passengers don’t need to learn how to fly the drones, EHang's co-founder Derrick Xiong told FORBES staff writer Aaron Tilley in an interview this time last year.
“They just need to press a button and then it vertically takes off, flies from point A to point B, and lands.”

(Related).  Where are we, here in the US?
Fix self-driving car rules or face needless deaths, GM warns government

Okay, believe it or not but the old fuddy-duddy that I am missed the fact that Playboy had stopped running pictures of nude girls.  Here’s the interesting bit: they think they have a way to compete against Internet nudes! 
Playboy Is Naked Again And It Is Awesome
Just in time for Valentine's Day, Playboy has announced its 63-year-old magazine will return to publishing naked women.
In 2015, the magazine, faced with competition from the internet where anything goes when it comes to sex, stopped running images of unclothed young ladies.
By all accounts, including my own, the results were terrible.
Now, Playboy Enterprises is back in the skin game with its March/April 2017 issue.
I took the liberty of downloading a copy. (Want one? It's $5.99.)

For the gamers at school.
Humble Bundle
This special one-week bundle features over $600 in incredible games and books for just $30.  100% of your payments will go to the American Civil Liberties Union, the International Rescue Committee, and Doctors Without Borders/Médecins Sans Frontières (MSF).  
Redeem the games on Steam.  All of the games in this bundle are available on Steam for Windows, and some for Mac and Linux too.  A number of the games are available DRM-free as well.
Take the books anywhere.  The ebooks are available in PDF, ePUB, and MOBI formats, meaning you can read them anywhere at any time.  Instructions and a list of recommended reading programs can be found here.  The audiobooks are available in MP3 and FLAC format, meaning you can listen to them anywhere, too!  Instructions can be found here.

No comments: