Meet my friend, Cyber Rob!

My co-worker, Rob Sloan, is an expert is the cybersecurity world (and an awesome guy to boot). He publishes a weekly cyber newsletter for us (still in beta) and I thought you might benefit from it:

WHAT HAPPENS IN VEGAS…
Like thousands of other cybersecurity professionals this week, I made the annual pilgrimage to Las Vegas for the Black Hat cybersecurity conference. The presentations provide a snapshot of the problems we face in protecting data: unidentified or perhaps even unquantifiable risk, insecure hardware, software vulnerabilities, sophisticated adversaries, and myriad reasons not to trust anything connected to the internet.
 
Presenters have been beating the same drums since the dawn of the web and the first Black Hat conference way back in 1997. The technologies have changed (the Internet of Things, mobile as we know it now and the cloud were not around back then), but the issues have not. The founders of Black Hat could never have known that their hacker get-together would turn into a multi-million dollar annual event attracting 10,000 attendees, provide dozens of training courses and expand into Europe, the Middle East and Asia.
 
The conference also highlights some of the industry’s biggest problems: the vendor hall is full of promises to fix security that cannot be fulfilled; diversity in general is poor and women in particular continue to be under-represented, both on-stage and in the audience; and the cost of solutions and a shortage of skilled professionals conspire to hamper improved cybersecurity.
 
Black Hat briefings also serve to remind me of one more thing: those who understand and practice security are not always the most appropriate people to present its importance and potential impact. This is especially true when considering how cybersecurity is reported to senior executives or the board. A spot of comms training for some of us would not go amiss to ensure the message is not lost in the delivery.
WHITE HAT HACKER HELD
The Wall Street Journal reported on the detention of Chinese security researcher Fang Xiaodun. Mr Fang is a well-known white hat hacker who ran an online platform for sharing research on security and publicizing vulnerabilities that vendors had failed to fix in a specified period. The forum was taken offline on 19 July and Mr Fang, who was due to present at Black Hat, was detained the following day. Details of his detention and his current circumstances are unclear.
 
China has been tightening its control over the internet in recent months. It is quite possible the Chinese government believes publishing software vulnerabilities could threaten national security, resulting in Fang’s arrest. Some years ago the US and UK research community were regularly threatened with legal action for disclosing vulnerabilities, but the private sector quickly learned that engaging the community was far more conducive to improving internet security.
SUSPICIOUS MINDS
InfoSecurity Magazine reported on an announcement by the FSB that Russia had been the victim of a targeted cyber attack. The attack compromised ‘around 20 critical infrastructure, military and other organizations’ and had been ‘professionally planned and executed’.
 
Russia, like China, often responds to accusations of being a cyber aggressor by claiming it is, in fact, a victim of cyber attacks. Skeptics suggest that the timing of the announcement is a way to deflect from the negative media coverage over the hacking of the Democratic National Committee. Some have even questioned whether there really was an attack at all.
KEEPING WATCH ON NORTH KOREA’S CYBER FRONT
The Washington Times reported that a breach of personal data belonging to 10m South Koreans is being blamed on North Korea’s General Bureau of Reconnaissance. The National Police Agency said names, email addresses, telephone numbers and other information were taken in the attack. The attackers tried unsuccessfully to demand a ransom in virtual currency in return for not publicizing the breach.
 
Trying to understand North Korea as a threat actor and predict its next move is tricky. Pyongyang has been blamed for the Sony attacks and numerous incidents of espionage activity against the South Korean government and private sector networks, as well as being linked to the Bangladesh bank heist. North Korea’s role in cyber attacks is every bit as unpredictable as its political and military strategies, but its proven success suggests large organizations should conduct a threat assessment on North Korea as a priority.
A BLOW FOR PRIVACY
SC Magazine reported on a government crackdown on the use of VPNs in the United Arab Emirates. This represents a massive step backwards for security and privacy and has likely been implemented to allow the government to better monitor online communications. Anyone found guilty of using a VPN can receive a fine of (up to) around $500,000 and/or a jail sentence.
 
Ars Technica reports that the Russian security service (FSB) has also tried to find ways to gain access to encrypted communications (potentially including SSL and VPNs) in order to comply with a new surveillance law. The FSB states it has found a way to decrypt communications, though the extent of their capabilities in unclear. The new laws in the UAE and Russia should cause CISOs and CIOs whose organizations have a presence in the country to question how it affects the security of corporate information.
PHISHING FOR FUNDS
Venture Beat reported on Series C investment for PhishMe of $42.5m. That brings the total amount of funding raised to $58m since the company was founded in 2011. PhishMe is known for its phishing simulations and employee awareness training.
 
Chris Wallis, co-founder of UK based security company Intruder, questioned the actual value of phishing assessments in a blogpost this week, given that organizations will always be vulnerable.  My concern is that successful phishing attacks are all too often viewed solely as a failure of the user and not as a failure of multiple security controls such as email filtering, anti-virus software and unpatched operating systems or applications.
 
Rob Sloan is Head of Cyber Content and Data at Dow Jones Risk and Compliance. His role focuses on providing thought leadership and advising internally on cyber risk. Rob is also a Certified Anti-Money Laundering Specialist (CAMS).
 
Previously, Rob has worked as Response Director for a specialist IT security consultancy in London and built a team focused on detecting, investigating and protecting against cyber intrusions and responding to incidents, especially state sponsored attacks. 
 
Rob started his career working for the UK Government, looking at some of the earliest cyber attacks against the critical national infrastructure. Rob’s main interest is the requirements, motivations and technical capabilities of threat actors.
 
 
Link:

Cybersecurity newsletter

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s