www.lastwatchdog.com Open in urlscan Pro
35.242.224.42  Public Scan

URL: https://www.lastwatchdog.com/
Submission Tags: phishingmalicious
Submission: On September 13 via api from US — Scanned from NL

Form analysis 1 forms found in the DOM

GET https://www.lastwatchdog.com

<form role="search" method="get" id="searchform" action="https://www.lastwatchdog.com">
  <div> <input type="text" value="Search Last Watchdog" name="s" id="s" onblur="if (this.value == '') 
 {this.value = 'Search Last Watchdog';}" onfocus="if (this.value == 'Search Last Watchdog') {this.value = '';}"> <input type="hidden" id="searchsubmit" value="Search"></div>
</form>

Text Content

Home Podcasts Videos Guest Posts Q&A My Take Bio Contact ☰


THE LAST WATCHDOG

 
 
Byron Acohido · MSSPs can help companies meet 'CMMC' cybersecurity benchmarks


SHARED INTEL: THE CYBERSECURITY SEA CHANGE COMING WITH THE IMPLEMENTATION OF
‘CMMC’

BY BYRON V. ACOHIDO

Finally, Uncle Sam is compelling companies to take cybersecurity seriously.

Related: How the Middle East paved the way to CMMC

Cybersecurity Maturity Model Certification version 2.0 could  take effect as
early as May 2023 mandating detailed audits of the cybersecurity practices of
any company that hopes to do business with the Department of Defense.

Make no mistake, CMMC 2.0, which has been under development since 2017,
represents a sea change. The DoD is going to require contractors up and down its
supply chain to meet the cybersecurity best practices called out in the National
Institute of Standards and Technology’s SP 800-171 framework.

I sat down with Elizabeth Jimenez, executive director of market development at
NeoSystems, a Washington D.C.-based supplier of back-office management services,
to discuss the prominent role managed security services providers (MSSPs) are
sure to play as CMMC 2.0 rolls out. For a full drill down, please give the
accompanying podcast a listen. Here are my takeaways: (more…)



2 Comments | Read | September 7th, 2022 | Best Practices | For technologists |
My Take | Podcasts | Steps forward | Top Stories

Byron Acohido · The supplanting of VPNs by ZTNA


BLACK HAT FIRESIDE CHAT: REPLACING VPNS WITH ZTNA THAT LEVERAGES WWII
BATTLEFIELD TACTICS

BY BYRON V. ACOHIDO

The sunsetting of Virtual Private Networks is underway.

Related: VPNs as a DIY tool for consumers, small businesses

VPNs are on a fast track to becoming obsolete, at least when it comes to
defending enterprise networks. VPNs are being replaced by zero trust network
access, or ZTNA.

VPNs encrypt data streams and protect endpoints from unauthorized access,
essentially by requiring all network communications to flow over a secured pipe.
VPNs verify once and that’s it. This was an effective approach when on-premises
data centers predominated.

By contrast, ZTNA never trusts and always verifies. A user gets continually
vetted, per device and per software application — and behaviors get continually
analyzed to sniff out suspicious patterns.

Guest expert: Rajiv Pimplaskar, CEO, Dispersive

This new approach is required — now that software-defined resources scattered
across hybrid and public clouds have come to rule the day.

I had the chance at Black Hat 2022 to visit with Rajiv Pimplaskar, CEO at
Dispersive,  an Alpharetta, GA-based supplier of advanced cloud obfuscation
technology. We discussed how ZTNA has emerged as a key component of new network
security frameworks, such as secure access service edge (SASE) and security
service edge (SSE)

We also spoke about how Dispersive is leveraging spread spectrum technology,
which has its roots in World War II submarine warfare, to more effectively
secure modern business networks. For a full drill down on our forward-looking
discussion, please give the accompanying podcast a listen.

8 Comments | Read | August 19th, 2022 | Black Hat Podcasts | For technologists |
New Tech | Podcasts | Top Stories

Byron Acohido · The going-forward role for full-service MSSPs


BLACK HAT FIRESIDE CHAT: MSSPS ARE WELL-POSITIONED TO HELP COMPANIES ACHIEVE
CYBER RESILIENCY

BY BYRON V. ACOHIDO

Network security is in dire straits. Security teams must defend an expanding
attack surface, skilled IT professionals are scarce and threat actors are having
a field day.

Related: The role of attack surface management

That said, Managed Security Services Providers – MSSPs —  are in a position to
gallop to the rescue.

MSSPs arrived on the scene 15 years ago to supply device security as a
contracted service: antivirus, firewalls, email security and the like.

They’ve progressed to supplying EDR, SIEM, threat intel platforms and numerous
other advanced network security services on an outsourced basis.

Guest expert: Chris Prewitt, CTO, Inversion6

 

Today, big IT services companies, as well as legacy cybersecurity vendors, are
hustling to essentially give shape to the next-gen MSSP, if you will. The
leading players are partnering and innovating to come up with the optimum
portfolio of services.

I had the chance to visit at Black Hat 2022 with Christopher Prewitt, CTO at
Inversion6, a Cleveland-based supplier of managed IT security services. We
discussed how far MSSPs have come since the early 2000s, when the focus was on
helping companies do check-the-box compliance. For a full drill down on our
forward-looking discussion, please give the accompanying podcast a listen.

Going forward, MSSPs seemed destined to play a foundational role in enabling
digital commerce. They could help enterprises and SMBs overcome the IT skills
shortage, truly mitigate cyber risks and comply with audit requirements, to
boot.

7 Comments | Read | August 17th, 2022 | Black Hat Podcasts | For technologists |
Podcasts | Top Stories

Byron Acohido · The intricacies of overlapping cyber attacks


BLACK HAT INSIGHTS: GETTING BOMBARDED BY MULTIPLE RANSOMWARE ATTACKS HAS BECOME
COMMONPLACE

BY BYRON V. ACOHIDO

The top ransomware gangs have become so relentless that it’s not unusual for two
or more of them to attack the same company within a few days – or even a few
hours.

Related: How ‘IABs’ foster ransomware

And if an enterprise is under an active ransomware attack, or a series of
attacks, that’s a pretty good indication several other gangs of hacking
specialists came through earlier and paved the way.

In short, overlapping cyber attacks have become the norm. This grim outlook is
shared in a new white paper from Sophos. The report paints a picture of
ransomware gangs arriving on the scene typically after crypto miners, botnet
builders, malware embedders and initial access brokers may have already profited
from earlier intrusions.

I had the chance to discuss these findings last week at Black Hat USA 2022, with
John Shier, senior security advisor at Sophos, a next-generation cybersecurity
leader with a broad portfolio of managed services, software and hardware
offerings. For a drill down on our discussion, please give the accompanying
podcast a listen. Here are the key takeaways:

Common infection paths

Security teams face a daunting challenge. They must detect and remediate
multiple cyber attacks by numerous, determined hacking groups, sometimes coming
at them simultaneously and quite often seeking different objectives.

6 Comments | Read | August 15th, 2022 | Black Hat Podcasts | For technologists |
Podcasts | Top Stories


GUEST ESSAY: HOW TO DETECT IF A REMOTE JOB APPLICANT IS LEGIT — OR A ‘DEEPFAKE’
CANDIDATE

BY ZAC AMOS

Technology provides opportunities to positively impact the world and improve
lives.

Related: Why facial recognition ought to be regulated

It also delivers new ways to commit crimes and fraud. The U.S. Federal Bureau of
Investigation (FBI) issued a public warning in June 2022 about a new kind of
fraud involving remote work and deepfakes.

The making of Deepfakes

The world is on track to see around 50% of workers transition to sustained,
full-time telecommuting. Conducting job interviews online is here to stay, and
deepfakes may be part of that new normal.

The term refers to an image or video in which the subject’s likeness or voice
was manipulated to make it look like they said or did something they didn’t.

The deepfake creator uses “synthetic media” applications powered by machine
learning algorithms. The creator trains this algorithm on two sets of videos and
images. One shows the target’s likeness as they move and speak in various
environments. The second shows faces in different situations and lighting
conditions. The application encodes these human responses as “low-dimensional
representations” to be decoded into images and videos.

The result is a video of one individual convincingly overlaid with the face of
another. The voice is more difficult to spoof.

6 Comments | Read | August 10th, 2022 | For consumers | For technologists |
Guest Blog Post | Top Stories


Q&A: HERE’S HOW THE ‘MATTER’ PROTOCOL WILL SOON REDUCE VULNERABILITIES IN SMART
HOME DEVICES

BY BYRON V. ACOHIDO

After years of competitive jockeying, the leading tech giants have agreed to
embrace a brand new open-source standard – called Matter – that will allow
consumers to mix and match smart home devices and platforms.

Related: The crucial role of ‘Digital Trust’

After numerous delays and course changes, the Matter protocol, is set to roll
out this fall, in time for the 2022 holiday shopping season. To start, seven
types of smart home devices will be capable of adopting the Matter protocol, and
thus get affixed with a Matter logo.

Matter is intended to foster interoperability of smart home devices – so a
homeowner can stick with just one voice assistance platform and have the freedom
to choose from a wide selection of smart devices sporting the Matter logo.

What this boils down to is that a consumer living in a smart home filled with
Matter devices would no longer be forced to use Amazon’s Alexa to control some
devices, while having to switch to Apple’s Siri, Google’s Assistant or Samsung’s
SmartThings to operate other devices. No surprise: Amazon, Google, Apple and
Samsung are the biggest names on a list of 250 companies supporting the roll out
of Matter.

The qualifying types of smart home devices, to start, include light bulbs and
switches; smart plugs; smart locks; smart window coverings; garage door openers;
thermostats; and HVAC controllers. If all goes smoothly, surveillance cams,
smart doorbells and robot vacuums would soon follow.

5 Comments | Read | August 1st, 2022 | For consumers | For technologists |
Privacy | Q & A | Steps forward | Top Stories

Byron Acohido · A primer on the importance of 'attack surface management'


FIRESIDE CHAT: ‘ATTACK SURFACE MANAGEMENT’ HAS BECOME THE CENTERPIECE OF
CYBERSECURITY

BY BYRON V. ACOHIDO

Post Covid 19, attack surface management has become the focal point of defending
company networks.

Related: The importance of ‘SaaS posture management’

As digital transformation continues to intensify, organizations are relying more
and more on hosted cloud processing power and data storage, i.e. Platform as a
Service (PaaS,) as well as business tools of every stripe, i.e. Software as a
Service (SaaS.)

I had the chance to visit with Jess Burn, a Forrester senior analyst, about the
cybersecurity ramifications.

Guest expert: Jess Burn, Senior Analyst, Forrester Research

We discussed how the challenge has become defending the cloud-edge perimeter.
This entails embracing new security frameworks, like Zero Trust Network Access,
as well as adopting new security tools and strategies.

This boils down to getting a comprehensive handle on all of the possible
connections to sensitive cyber assets, proactively managing software
vulnerabilities and detecting and responding to live attacks.

A new category of attack surface management tools and services is gaining
traction and fast becoming a must-have capability. To learn more, please give
the accompanying Last Watchdog Fireside Chat podcast a listen.



Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to
fostering public awareness about how to make the Internet as private and secure
as it ought to be.

(LW provides consulting services to the vendors we cover.)

6 Comments | Read | July 27th, 2022 | For consumers | For technologists |
Podcasts | Steps forward | Top Stories

Byron Acohido · How a new SaaS ransomware protection leverages SASE platform


FIRESIDE CHAT: NEW ‘SASE’ WEAPON CHOKES OFF RANSOMWARE BEFORE ATTACK SPREADS
LATERALLY

BY BYRON V. ACOHIDO

It’s stunning that the ransomware plague persists.

Related: ‘SASE’ blends connectivity and security

Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump
greater than the past  years combined; Sophos’ State of Ransomware survey shows
victims routinely paying $1 million ransoms.

In response, Cato Networks today introduced network-based ransomware protection
for the Cato SASE Cloud. This is an example of an advanced security capability
meeting an urgent need – and it’s also more evidence that enterprises must
inevitably transition to a new network security paradigm.

Guest expert: Etay Maor, Senior Director of Security Strategy, Cato Networks

I had the chance to visit with Etay Maor of Cato Networks. We discussed how
Secure Access Services Edge – SASE – embodies this new paradigm. In essence,
SASE moves the security stack from the on-premises perimeter far out to the
edge, just before the cloud.

This gives security teams comprehensive visibility of all network activity, in
real time, which makes many high-level security capabilities possible. For a
full drill down on my conversation with Etay Maor, please give the accompanying
podcast a listen.

Network security developments are progressing. I’ll keep watch and keep
reporting.



Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to
fostering public awareness about how to make the Internet as private and secure
as it ought to be.

(LW provides consulting services to the vendors we cover.)

2 Comments | Read | June 21st, 2022 | For technologists | Podcasts | Steps
forward | Top Stories

Byron Acohido · RSAC 2022: Jupiter One's mantra: 'Know what you have; focus on
what matters'


RSAC INSIGHTS: ‘CAASM’ TOOLS AND PRACTICES GET INTO THE NITTY GRITTY OF CLOSING
NETWORK SECURITY GAPS

BY BYRON V. ACOHIDO

Reducing the attack surface of a company’s network should, by now, be a top
priority for all organizations.

Related: Why security teams ought to embrace complexity

As RSA Conference 2022 convenes this week (June 6 -9) in San Francisco, advanced
systems to help companies comprehensively inventory their cyber assets for
enhanced visibility to improve asset and cloud configurations and close security
gaps will be in the spotlight.

As always, the devil is in the details. Connecting the dots and getting everyone
on the same page remain daunting challenges. I visited with Erkang Zheng,
founder and CEO of JupiterOne, to discuss how an emerging discipline — referred
to as “cyber asset attack surface management,” or CAASM – can help with this
heavy lifting.

Based in Morrisville, NC, JupiterOne launched in 2020 and last week announced
that it has achieved a $1 billion valuation, with a $70 million Series C funding
round.

For a full drill down, please give the accompanying podcast a listen. Here are
my takeaways:

3 Comments | Read | June 6th, 2022 | For technologists | Podcasts | RSA Podcasts
| Steps forward | Top Stories

Byron Acohido · RSAC 2022: ReversingLabs granularly checks code to discover
tampering


RSAC INSIGHTS: SOFTWARE TAMPERING ESCALATES AS BAD ACTORS TAKE ADVANTAGE OF
‘DEPENDENCY CONFUSION’

BY BYRON V. ACOHIDO

It’s not difficult to visualize how companies interconnecting to cloud resources
at a breakneck pace contribute to the outward expansion of their networks’
attack surface.

Related: Why ‘SBOM’ is gaining traction

If that wasn’t bad enough, the attack surface companies must defend is expanding
inwardly, as well – as software tampering at a deep level escalates.

The Solar Winds breach and the disclosure of the massive Log4J vulnerability
have put company decision makers on high alert with respect to this
freshly-minted exposure. Findings released this week by ReversingLabs show 87
percent of security and technology professionals view software tampering as a
new breach vector of concern, yet only 37 percent say they have a way to detect
it across their software supply chain.

I had a chance to discuss software tampering with Tomislav Pericin, co-founder
and chief software architect of ReversingLabs, a Cambridge, MA-based vendor that
helps companies granularly analyze their software code. For a full drill down on
our discussion please give the accompanying podcast a listen. Here are the big
takeaways:

‘Dependency confusion’

Much of the discussion at RSA Conference 2022, which convenes this week (June 6
– 9) in San Francisco, will boil down to slowing attack surface expansion. This
now includes paying much closer attention to the elite threat actors who are
moving inwardly to carve out fresh vectors taking them deep inside software
coding.

The perpetrators of the Solar Winds breach, for instance, tampered with a build
system of the widely-used Orion network management tool.

2 Comments | Read | June 3rd, 2022 | For technologists | New Tech | Podcasts |
RSA Podcasts | Steps forward | Top Stories


MY TAKE: LOG4J’S BIG LESSON – LEGACY TOOLS, NEW TECH ARE BOTH NEEDED TO SECURE
MODERN NETWORKS

BY BYRON V. ACOHIDO

Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the
security of modern networks has become.

Related: The exposures created by API profileration

Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of
attack vectors arising from enterprises’ deepening reliance on open-source
software.

This is all part of corporations plunging into the near future: migration to
cloud-based IT infrastructure is in high gear, complexity is mushrooming and
fear of falling behind is keeping the competitive heat on. In this heady
environment, open-source networking components like Log4j spell opportunity for
threat actors. It’s notable that open-source software vulnerabilities comprise
just one of several paths ripe for malicious manipulation.

By no means has the cybersecurity community been blind to the complex security
challenges spinning out of digital transformation. A methodical drive has been
underway for at least the past decade to affect a transition to a new network
security paradigm – one less rooted in the past and better suited for what’s
coming next.

Log4j bathes light on a couple of solidifying developments. It reinforces the
notion that a new portfolio of cloud-centric security frameworks must take hold,
the sooner the better. What’s more, it will likely take a blend of legacy
security technologies – in advanced iterations – combined with a new class of
smart security tools to cut through the complexities of defending contemporary
business networks.

One Comment | Read | March 29th, 2022 | Best Practices | For technologists | My
Take | Steps forward | Top Stories


GUEST ESSAY: EMBRACING ‘ZERO TRUST’ CAN HELP CLOUD-NATIVE ORGANIZATIONS OPERATE
SECURELY

BY JAWAHAR SIVASANKARAN

Some 96 percent of organizations — according to the recently released 2021 Cloud
Native Survey — are either using or evaluating Kubernetes in their production
environment, demonstrating that enthusiasm for cloud native technologies has, in
the words of the report’s authors, “crossed the adoption chasm.”

Related: The targeting of supply-chain security holes

It’s easy to understand why a cloud-native approach elicits such fervor. By
using flexible, modular container technologies such as Kubernetes and
microservices, development teams are better equipped to streamline and
accelerate the application lifecycle, which in turn enables the business to
deliver on their ambitious digital transformation initiatives.

However, despite cloud-native’s promise to deliver greater speed and agility, a
variety of legitimate security concerns have kept IT leaders from pushing the
throttle on their cloud-native agenda.

According to the most recent State of Kubernetes Security report, more than
half (55 percent) of respondents reported that they have delayed deploying
Kubernetes applications into production due to security concerns (up 11 percent
from the year prior) while 94 percent admitted to experiencing a security
incident in their Kubernetes or container environment in the past year.

It’s clear that until we can deliver security at the same velocity in which
containers are being built and deployed that many of our cloud-native
aspirations will remain unfulfilled.

Cloud-native requirements

Traditionally, developers didn’t think much about application security until
after deployment. However, as DevOps and modern development practices such as
Continuous Integration and Continuous Delivery (CI/CD) have become the norm,
we’ve come to appreciate that bolting security on after the fact can be a recipe
for future application vulnerabilities.

Security must be ‘baked in’ rather than ‘brushed on’—and this current ethos has
given rise to the DevSecOps movement where security plays a leading role in the
DevOps process. However, it’s not enough to simply shoehorn these practices into
the dynamic cloud-native development lifecycle.

One Comment | Read | March 28th, 2022 | Best Practices | For technologists |
Guest Blog Post | Steps forward | Top Stories


SHARED INTEL: CAN APPLE’S PRICEY ‘BUSINESS ESSENTIALS’ TRULY HELP SMBS SECURE
THEIR ENDPOINTS?

BY APU PAVITHRAN

Today’s operating system battleground has long been defined by the warfare
between the top three players—Microsoft’s Windows, Google’s Android, and Apple’s
iOS.

Related: Cook vs. Zuckerberg on privacy

While each of them has its distinguishing features, Apple’s privacy and security
are what makes it the typical enterprise’s pick. Tim Cook, CEO of Apple, could
be heard stating in the virtual Computers, Privacy, and Data Protection
Conference, “Privacy is one of the top issues of the century and it should be
weighed as equal as climate change.”

In June 2020, Apple’s intention of expanding in the enterprise space was made
evident by the acquisition of Fleetsmith, a Mobile Device Management (MDM)
solution for Apple devices. What would unfold next with Fleetsmith on their team
was the most anticipated question.

In effect, Apple launched Apple Business Essentials (ABE). Let’s take a look at
whether ABE will suffice enterprises’ demands.

Apple eyes SMBs

In recent years, we have seen diverse initiatives, including the Apple Business
Manager (ABM) app launched in spring 2018 and Apple Business Essentials (ABE) in
2021, clearly showing Apple’s desire to conquer the enterprise market.

2 Comments | Read | February 8th, 2022 | For technologists | Guest Blog Post |
New Tech | Top Stories

Byron Acohido · The genesis of NTT's Health & Wellbeing initiative


MY TAKE: WHAT IF BIG DATA AND AI COULD BE INTENSIVELY FOCUSED ON HEALTH AND
WELLBEING?

BY BYRON V. ACOHIDO

Might it be possible to direct cool digital services at holistically improving
the wellbeing of each citizen of planet Earth?

Related: Pursuing a biological digital twin

A movement aspiring to do just that is underway — and it’s not being led by a
covey of tech-savvy Tibetan monks. This push is coming from the corporate
sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and
Wellbeing initiative – an ambitious effort to guide corporate, political and
community leaders onto a more enlightened path. NTT, in short, has set out to
usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed
to rally decision makers from all quarters to a common cause. The blue-sky
mission is to bring modern data mining and machine learning technologies to bear
delivering personalized services that ameliorate not just physical ailments, but
also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO
of NTT Application Security, about the thinking behind this crusade. I came away
encouraged that some smart folks are striving to pull us in a well-considered
direction. For a full drill down, please give the accompanying podcast a listen.
Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to
diagnosing and treating severe illnesses. Even so, for a variety of reasons,
healthcare sectors in the U.S. and other jurisdictions have abjectly failed over
the past 20 years leveraging Big Data to innovate personalized healthcare
services.

One Comment | Read | January 11th, 2022 | For consumers | For technologists | My
Take | New Tech | Podcasts | Steps forward | Top Stories


GUEST ESSAY: 5 TIPS FOR ‘DE-RISKING’ WORK SCENARIOS THAT REQUIRE ACCESSING
PERSONAL DATA

BY ALEXEY KESSENIKH

Working with personal data in today’s cyber threat landscape is inherently
risky.

Related: The dangers of normalizing encryption for government use

It’s possible to de-risk work scenarios involving personal data by carrying out
a classic risk assessment of an organization’s internal and external
infrastructure. This can include:

Security contours. Setting up security contours for certain types of personal
data can be useful for:

•Nullifying threats and risks applicable to general infrastructural components
and their environment.

•Planning required processes and security components when initially building
your architecture.

•Helping ensure data privacy.

Unique IDs. It is also possible to obfuscate personal data by replacing it with
unique identifiers (UID). This de-risks personal data that does not fit in a
separate security contour.

Implementing a UID system can reduce risk when accessing personal data for use
in analytical reports, statistical analysis, or for client support.

One Comment | Read | January 10th, 2022 | Best Practices | For technologists |
Guest Blog Post | Privacy | Top Stories


SHARED INTEL: LOG4J VULNERABILITY PRESENTS A GAPING ATTACK VECTOR COMPANIES MUST
HEED IN 2022

BY BYRON V. ACOHIDO

As we close out 2021, a gargantuan open-source vulnerability has reared its ugly
head.

Related: The case for ‘SBOM’

This flaw in the Apache Log4J logging library is already being aggressively
probed and exploited by threat actors — and it is sure to become a major
headache for security teams in 2022.

“This vulnerability is so dangerous because of its massive scale. Java is used
on over 3 billion devices, and a large number of those use Log4j,” says
Forrester cybersecurity analyst Allie Mellen, adding that crypto miners and
botnet operators are already making hay.

“We can expect more devastating attacks, like ransomware, leveraging this
vulnerability in the future,” Mellen adds. “This vulnerability will be used for
months if not years to attack enterprises, which is why security teams must
strike while the iron is hot.”

This Log4j vulnerability was disclosed to Apache on Nov. 24 by the Alibaba Cloud
Security team. Then on Dec. 9, the vulnerability, formally designated
CVE-2021-44228, was disclosed on Twitter; meanwhile a  proof-of-concept exploit
got posted on GitHub.

This flaw in an open-source web server software used far and wide  puts
open-source risks in the spotlight – yet again. Companies will have to deal with
Log4J in much the same manner as they were compelled to react to the open source
flaws Heartbleed and Shellshock in 2014.

One Comment | Read | December 14th, 2021 | For consumers | Imminent threats |
Top Stories


ROUNDTABLE: CYBERSECURITY EXPERTS REFLECT ON 2021, FORESEE INTENSIFYING
CHALLENGES IN 2022

BY BYRON V. ACOHIDO

Privacy and cybersecurity challenges and controversies reverberated through all
aspect of business, government and culture in the year coming to a close.

Related: Thumbs up for Biden’s cybersecurity exec order

Last Watchdog sought commentary from technology thought leaders about lessons
learned in 2021– and guidance heading into 2022. More than two dozen experts
participated. Here the first of two articles highlighting what they had to say.
Comments edited for clarity and length. The second roundtable column will be
published on Dec. 27th.

Paul Ayers, CEO, Noetic Cyber

In 2021, large supply chain attacks successfully exploited critical
vulnerabilities.  Patching is hard and prioritization is key. By mapping cyber
relationships to business context, security teams can focus on a smaller number
of critical assets and vulnerabilities.

The cyber industry swings back and forth between prevention and response. A
renewed focus on preventative approaches, like security posture management,
cyber hygiene and cyber asset management shows organizations are trying to
anticipate these problems. Forward thinking security teams working to unlock
siloed telemetry and generate a wider cybersecurity view of the organization.

Dr. Darren Williams, CEO, BlackFog

We’re seeing ransomware gangs morph into savvy businesses, with one going so far
as to create a fake company to recruit talent. In 2022, we’ll see this trend
continue to pick up steam, with greater coordination between gangs, double
extortion evolving to triple extortion, and short selling schemes skyrocketing.

Additionally, we will see a shift in threat actors coming from Southeast Asia
and Africa. As cyber criminals look to find cheaper labor and technical
expertise, we’ll see activity pick up in these regions in 2022 and beyond.

One Comment | Read | December 13th, 2021 | Best Practices | For consumers | For
technologists | Top Stories


SHARED INTEL: HERE’S WHY IT HAS BECOME SO VITAL TO PRIORITIZE THE
SECURITY-PROOFING OF APIS

BY BYRON V. ACOHIDO

Application Programming Interface. APIs. Where would we be without them?

Related: Supply-chain exposures on the rise

APIs are the snippets of code that interconnect the underlying components of all
the digital services we can’t seem to live without. Indeed, APIs have opened new
horizons of cloud services, mobile computing and IoT infrastructure, with much
more to come.

Yet, in bringing us here, APIs have also spawned a vast new tier of security
holes. API vulnerabilities are ubiquitous and multiplying; they’re turning up
everywhere. Yet, API security risks haven’t gotten the attention they deserve.
It has become clear that API security needs to be prioritized as companies
strive to mitigate modern-day cyber exposures.

Consider that as agile software development proliferates, fresh APIs get flung
into service to build and update cool new apps. Since APIs are explicitly used
to connect data and services between applications, each fresh batch of APIs and
API updates are like a beacon to malicious actors.

Organizations don’t even know how many APIs they have, much less how those APIs
are exposing sensitive data. Thus security-proofing APIs has become a huge
challenge. APIs are like snowflakes: each one is unique. Therefore, every API
vulnerability is necessarily unique. Attackers have taken to poking and prodding
APIs to find inadvertent and overlooked flaws; even better yet, from a hacker’s
point of view, many properly designed APIs are discovered to be easy to
 manipulate — to gain access and to steal sensitive data.

Meanwhile, the best security tooling money can buy was never designed to deal
with this phenomenon.

One Comment | Read | November 30th, 2021 | For consumers | For technologists |
My Take | Steps forward | Top Stories


MY TAKE: LASTWATCHDOG.COM RECEIVES RECOGNITION AS A TOP 10 CYBERSECURITY WEBZINE
IN 2021

BY BYRON V. ACOHIDO

Last Watchdog’s mission is to foster useful understanding about emerging
cybersecurity and privacy exposures.

Related article: The road to a Pulitzer

While I no longer concern myself with seeking professional recognition for my
work, it’s, of course, always terrific to receive peer validation that we’re
steering a good course.

That’s why I’m thrilled to point out that Last Watchdog has been recognized,
once again, as a trusted source of information on cybersecurity and privacy
topics. The recognition comes from Cyber Security Hub, a website sponsored by
IQPC Digital. We’ve been named one of the Top 10 cybersecurity webzines in 2021.

Here is their very gracious description of what Last Watchdog is all about:

“Founder, contributor and executive editor of the forward-thinking Last Watchdog
webzine, Byron V. Acohido is a Pulitzer-winning journalist and web producer.
Visit Last Watchdog to view videos, surf cyber news, gain informative analysis
and read guest essays from leading lights in the cybersecurity community. Expect
content that is always accurate and fair, with recent posts exploring the
monitoring of complex modern networks, telecom data breaches that expose vast
numbers of mobile users, efforts to make software products safer and ransomware
attacks on global supply chains.”

Comment | Read | November 3rd, 2021 | For consumers | For technologists | My
Take | Top Stories


MY TAKE: FOR BETTER OR WORSE, MACHINE-TO-MACHINE CODE CONNECTIONS NOW FORM MUCH
OF THE CASTLE WALL

BY BYRON V. ACOHIDO

Managing permissions is proving to be a huge security blind spot for many
companies.

Related: President Biden’s cybersecurity order sets the stage

What’s happening is that businesses are scaling up their adoption of multi-cloud
and hybrid-cloud infrastructures. And in doing so, they’re embracing agile
software deployments, which requires authentication and access privileges to be
dispensed, on the fly, for each human-to-machine and machine-to-machine coding
connection.

This frenetic activity brings us cool new digital services, alright. But the
flip side is that companies have conceded to a dramatic expansion of their cloud
attack surface – and left it wide open to threat actors.

“The explosion in the number of human and non-human identities in the public
cloud has become a security risk that businesses simply can’t ignore,” observes
Eric Kedrosky, CISO at Sonrai Security.

I’ve had a couple of deep discussions with Kedrosky about this. Based in New
York City, Sonrai is a leading innovator in a nascent security discipline,
referred to as Cloud Infrastructure Entitlement Management (CIEM,)

One Comment | Read | November 2nd, 2021 | Best Practices | For technologists |
Imminent threats | New Tech | Top Stories


MY TAKE: CAN PROJECT WILDLAND’S EGALITARIAN PLATFORM MAKE GOOGLE, FACEBOOK
OBSOLETE?

BY BYRON V. ACOHIDO

Most of the people I know professionally and personally don’t spend a lot of
time contemplating the true price we pay for the amazing digital services we’ve
all become addicted to.

Related: Blockchain’s role in the next industrial revolution

I’ll use myself as a prime example. My professional and social life revolve
around free and inexpensive information feeds and digital tools supplied by
Google, Microsoft, Amazon, LinkedIn, Facebook and Twitter.

I’m productive. Yet, I’m certainly not immune to the clutter and skewed
perspectives these tech giants throw at me on an hourly basis — as they focus
myopically on monetizing my digital footprints. I don’t know what I’d do without
my tech tools, but I also have a foreboding sense that I spend way too much with
them.

Technologically speaking, we are where we are because a handful of tech giants
figured out how to collect, store and monetize user data in a singular fashion.
Each operates a closed platform designed to voraciously gather, store and
monetize user data.

Comment | Read | October 19th, 2021 | For consumers | For technologists | My
Take | Privacy | Steps forward | Top Stories

Byron Acohido · How 'observability' helps secure, optimize hybrid cloud networks


SHARED INTEL: REVIVING ‘OBSERVABILITY’ AS A MEANS TO DEEPLY MONITOR COMPLEX
MODERN NETWORKS

BY BYRON V. ACOHIDO

An array of promising security trends is in motion.

New frameworks, like SASE, CWPP and CSPM, seek to weave security more robustly
into the highly dynamic, intensely complex architecture of modern business
networks.

Related: 5 Top SIEM myths

And a slew of new application security technologies designed specifically to
infuse security deeply into specific software components – as new coding is
being developed and even after it gets deployed and begins running in live use.



Now comes another security initiative worth noting. A broad push is underway to
retool an old-school software monitoring technique, called observability, and
bring it to bear on modern business networks. I had the chance to sit down with
George Gerchow, chief security officer at Sumo Logic, to get into the weeds on
this.

Based in Redwood City, Calif., Sumo Logic supplies advanced cloud monitoring
services and is in the thick of this drive to adapt classic observability to the
convoluted needs of company networks, today and going forward. For a drill down
on this lively discussion, please give the accompanying podcast a listen. Here
are the main takeaways:

One Comment | Read | September 20th, 2021 | Best Practices | For consumers | For
technologists | Podcasts | Top Stories


ROUNDTABLE: WHY T-MOBILE’S LATEST HUGE DATA BREACH COULD FUEL ATTACKS DIRECTED
AT MOBILE DEVICES

BY BYRON V. ACOHIDO

TMobile has now issued a formal apology and offered free identity theft recovery
services to nearly 48 million customers for whom the telecom giant failed to
protect their sensitive personal information.

At the start of this week, word got out that hackers claimed to have seized
personal data for as many as 100 million T-Mobile  patrons.

Related: Kaseya hack worsens supply chain risk

This stolen booty reportedly included social security numbers, phone numbers,
names, home addresses, unique IMEI numbers, and driver’s license information.

Once more, a heavily protected enterprise network has been pillaged by data
thieves. Last Watchdog convened a roundtable of cybersecurity experts to discuss
the ramifications, which seem all too familiar. Here’s what they had to say,
edited for clarity and length:

Allie Mellen, analyst, Forrester

According to the attackers, this was a configuration issue on an access point
T-Mobile used for testing. The configuration issue made this access point
publicly available on the Internet. This was not a
sophisticated attack. T-Mobile left a gate left wide open for attackers – and
attackers just had to find the gate.”

T-Mobile is offering two free years of identity protection for affected
customers, but ultimately this is pushing the responsibility for the safety of
the data onto the user. Instead of addressing the security gaps that have
plagued T-Mobile for years, they are offering their customers temporary identity
protection when breaches happen, as if to say, ‘This is the best we can do.’

Chris Clements, VP of Solutions Architecture, Cerberus Sentinel

2 Comments | Read | August 19th, 2021 | For consumers | For technologists | My
Take | Top Stories


AUTHOR Q&A: IN MODERN CYBERWARFARE ‘INFORMATION SECURITY’ IS ONE IN THE SAME
WITH ‘NATIONAL SECURITY’

BY BYRON V. ACOHIDO

What exactly constitutes cyberwarfare?

The answer is not easy to pin down. On one hand, one could argue that cyber
criminals are waging an increasingly debilitating economic war on consumers and
businesses in the form of account hijacking, fraud, and extortion. Meanwhile,
nation-states — the superpowers and second-tier nations alike — are hotly
pursuing strategic advantage by stealing intellectual property, hacking into
industrial controls, and dispersing political propaganda at an unheard-of scale.

Related: Experts react to Biden’s cybersecurity executive order

Now comes a book by John Arquilla, titled Bitskrieg: The New Challenge of
Cyberwarfare, that lays out who’s doing what, and why, in terms of malicious use
of digital resources connected over the Internet. Arquilla is a distinguished
professor of defense analysis at the United States Naval Postgraduate School. He
coined the term ‘cyberwar,’ along with David Ronfeldt, over 20 years ago and is
a leading expert on the threats posed by cyber technologies to national
security.

Bitskrieg gives substance to, and connects the dots between, a couple of
assertions that have become axiomatic:

•Military might no longer has primacy. It used to be the biggest, loudest
weapons prevailed and prosperous nations waged military campaigns to achieve
physically measurable gains. Today, tactical cyber strikes can come from a
variety of operatives – and they may have mixed motives, only one of which
happens to be helping a nation-state achieve a geo-political objective.

•Information is weaponizable. This is truer today than ever before. Arquilla
references nuanced milestones from World War II to make this point – and get you
thinking. For instance, he points out how John Steinbeck used a work of fiction
to help stir the resistance movement across Europe.

Steinbeck’s imaginative novel, The Moon is Down, evocatively portrayed how
ordinary Norwegians took extraordinary measures to disrupt Nazi occupation. This
reference got me thinking about how Donald Trump used social media to stir the
Jan. 6 insurrection in … more

4 Comments | Read | August 16th, 2021 | Book Excerpts | For consumers | For
technologists | Privacy | Q & A | Steps forward | Top Stories

Byron Acohido · The coming impact of SBOM: software bill of materials


BLACK HAT INSIGHTS: HOW TO SHIFT SECURITY-BY-DESIGN TO THE RIGHT, INSTEAD OF
LEFT, WITH SBOM, DEEP AUDITS

BY BYRON V. ACOHIDO

There is a well-established business practice referred to as bill of materials,
or BOM, that is a big reason why we can trust that a can of soup isn’t toxic or
that the jetliner we’re about to board won’t fail catastrophically

Related: Experts react to Biden cybersecurity executive order

A bill of materials is a complete list of the components used to manufacture a
product. The software industry has something called SBOM: software bill of
materials. However, SBOMs are rudimentary when compared to the BOMs associated
with manufacturing just about everything else we expect to be safe and secure:
food, buildings, medical equipment, medicines and transportation vehicles.

An effort to bring SBOMs up to par is gaining steam and getting a lot of
attention at Black Hat USA 2021 this week in Las Vegas. President Biden’s
cybersecurity executive order, issued in May, includes a detailed SBOM
requirement for all software delivered to the federal government.

ReversingLabs, a Cambridge, MA-based software vendor that helps companies
conduct deep analysis of new apps just before they go out the door, is in the
thick of this development. I had the chance to visit with its co-founder and
chief software architect Tomislav Pericin. For a full drill down on our
discussion please give the accompanying podcast a listen. Here are the big
takeaways:

Gordian Knot challenge

The software industry is fully cognizant of the core value of a bill of
materials and has been striving for a number of years to adapt it to software
development.

One Comment | Read | August 5th, 2021 | Black Hat Podcasts | For consumers | For
technologists | Podcasts | Steps forward | Top Stories


FIRESIDE CHAT: ALL-POWERFUL DEVELOPERS BEGIN STEERING TO THE PROMISE LAND OF
AUTOMATED SECURITY

BY BYRON V. ACOHIDO

Software developers have become the masters of the digital universe.

Related: GraphQL APIs pose new risks

Companies in the throes of digital transformation are in hot pursuit of agile
software and this has elevated developers to the top of the food chain in
computing.

There is an argument to be made that agility-minded developers, in fact, are in
a terrific position to champion the rearchitecting of Enterprise security that’s
sure to play out over the next few years — much more so than methodical,
status-quo-minded security engineers.

With Black Hat USA 2021 reconvening in Las Vegas this week, I had a deep
discussion about this with Himanshu Dwivedi, founder and chief executive
officer, and Doug Dooley, chief operating officer, of Data Theorem, a Palo Alto,
CA-based supplier of a SaaS security platform to help companies secure their
APIs and modern applications.

For a full drill down on this evocative conversation discussion please view the
accompanying video. Here are the highlights, edited for clarity and length:

LW:  Bad actors today are seeking out APIs that they can manipulate, and then
they follow the data flow to a weakly protected asset. Can you frame how we got
here?

Dwivedi: So 20 years ago, as a hacker, I’d go see where a company registered its
IP. I’d do an ARIN Whois look-up. I’d profile their network and build an attack
tree. Fast forward 20 years and everything is in the cloud. Everything is in
Amazon Web Services, Google Cloud Platform or Microsoft Azure and I can’t tell
where anything is hosted based solely on IP registration.

So as a hacker today, I’m no longer looking for a cross-site scripting issue of
some website since I can only attack one person at a time with that. I’m looking
at the client, which could be an IoT device, or a mobile app or a single page
web app (SPA) or it could be an … more

Comment | Read | August 3rd, 2021 | Black Hat Podcasts | For consumers | For
technologists | Imminent threats | Q & A | Top Stories | Videos


NEW TECH: HOW THE EMAILING OF VERIFIED COMPANY LOGOS ACTUALLY STANDS TO FORTIFY
CYBERSECURITY

BY BYRON V. ACOHIDO

Google’s addition to Gmail of something called Verified Mark Certificates (VMCs)
is a very big deal in the arcane world of online marketing.

Related: Dangers of weaponized email

This happened rather quietly as Google announced the official launch of VMCs in
a blog post on July 12. Henceforth companies will be able to insert their
trademarked logos in Gmail’s avatar slot; many marketers can’t wait to
distribute email carrying certified logos to billions of inboxes. They view
logoed email as an inexpensive way to boost brand awareness and customer
engagement on a global scale.

However, there is a fascinating back story about how Google’s introduction of
VMCs – to meet advertising and marketing imperatives — could ultimately foster a
profound advance in email security. Over the long term, VMCs, and the underlying
Brand Indicators for Message Identification (BIMI) standards, could very well
give rise to a bulwark against email spoofing and phishing.

I had a chance to sit down with Dean Coclin, senior director of business
development at DigiCert, to get into the weeds of this quirky, potentially
profound, security development. DigiCert is a Lehi, Utah-based Certificate
Authority (CA) and supplier of Public Key Infrastructure services.

Coclin and I worked through how a huge email security breakthrough could
serendipitously arrive as a collateral benefit of VMCs. Here are the main
takeaways from our discussion:

One Comment | Read | July 26th, 2021 | Best Practices | For consumers | For
technologists | New Tech | Privacy | Steps forward | Top Stories


ROUNDTABLE: KASEYA HACK EXACERBATES WORRISOME SUPPLY-CHAIN, RANSOMWARE EXPOSURES

BY BYRON V. ACOHIDO

It was bound to happen: a supply-chain compromise, ala SolarWinds, has been
combined with a ransomware assault, akin to Colonial Pipeline, with devasting
implications.

Related: The targeting of supply chains

Last Friday, July 2, in a matter of a few minutes,  a Russian hacking
collective, known as REvil, distributed leading-edge ransomware to thousands of
small- and mid-sized businesses (SMBs) across the planet — and succeeded in
locking out critical systems in at least 1,500 of them. This was accomplished by
exploiting a zero-day vulnerability in Kaseya VSA, a network management tool
widely used by managed service providers (MSPs)  as their primary tool to
remotely manage IT systems on behalf of SMBs.



REvil essentially took full control of the Kaseya VSA servers at the MSP level,
then used them for the singular purpose of extorting victimized companies —
mostly SMBs —  for payments of $45,000, payable in Minera. In a few instances,
the attackers requested $70 million, payable in Bitcoin, for a universal
decryptor.

Like SolarWinds and Colonial Pipeline, Miami-based software vendor, Kaseya, was
a thriving entity humming right along, striving like everyone else to leverage
digital agility — while also dodging cybersecurity pitfalls. Now Kaseya and many
of its downstream customers find themselves in a  crisis recovery mode faced
with shoring up their security posture and reconstituting trust. Neither will
come easily or cheaply.

Comment | Read | July 8th, 2021 | For technologists | Imminent threats | My Take
| Privacy | Top Stories

Byron Acohido · A primer on attribute-based encryption


MY TAKE: WHY MONETIZING DATA LAKES WILL REQUIRE APPLYING ‘ATTRIBUTE-BASED’
ACCESS RULES TO ENCRYPTION

BY BYRON V. ACOHIDO

The amount of data in the world topped an astounding 59 zetabytes in 2020, much
of it pooling in data lakes.

Related:  The importance of basic research

We’ve barely scratched the surface of applying artificial intelligence and
advanced data analytics to the raw data collecting in these gargantuan
cloud-storage structures erected by Amazon, Microsoft and Google. But it’s
coming, in the form of driverless cars, climate-restoring infrastructure and
next-gen healthcare technology.

In order to get there, one big technical hurdle must be surmounted. A new form
of agile cryptography must get established in order to robustly preserve privacy
and security as all this raw data gets put to commercial use.

I recently had the chance to discuss this with Kei Karasawa, vice president of
strategy, and Fang Wu, consultant, at NTT Research, a Silicon Valley-based think
tank which is in the thick of deriving the math formulas that will get us there.

They outlined why something called attribute-based encryption, or ABE, has
emerged as the basis for a new form of agile cryptography that we will need in
order to kick digital transformation into high gear.

For a drill down on our discussion, please give the accompanying podcast a
listen. Here are the key takeaways:

Cloud exposures

Data lakes continue to swell because each second of every day, every human, on
average, is creating 1.7 megabytes of fresh data. These are the rivulets feeding
the data lakes.

A zettabyte equals one trillion gigabytes. Big data just keeps getting bigger.
And we humans crunch as much of it as we can by applying machine learning and
artificial intelligence to derive cool new digital services. But we’re going to
need the help of quantum computers to get to the really amazing stuff, and that
hardware is coming.

As we press ahead into our digital future, however, we’ll also need to retool
the public-key-infrastructure. PKI is the authentication and encryption
framework … more

Comment | Read | June 2nd, 2021 | For consumers | For technologists | My Take |
Podcasts | Steps forward | Top Stories


GUEST ESSAY: ‘CYBERSECURITY SPECIALIST’ TOPS LIST OF WORK-FROM-HOME IT JOBS THAT
NEED FILLING

BY SCOTT ORR

Even before the COVID-19 pandemic turned many office workers into work-from-home
(WFH) experts, the trend toward working without having to commute was clear.

Related: Mock attacks help SMBs harden defenses

As internet bandwidth has become more available, with homes having access to
gigabit download speeds, a whole new world of career paths has opened for those
who want to control their work hours and conditions. Maybe you want better pay,
to be home near your kids or you just like the idea of avoiding the daily drive
to an office. Whatever the reason, you can likely find work online.

One of the hottest fields right now on the WFH radar is the information
technology (IT) sector. But you’ll first need to learn the specifics to get to
work. Fortunately, there are online classes you can take to get that knowledge –
and best of all, you can take them for free.  Let’s look at what’s available and
how you might jumpstart a new career.

Most IT jobs require you to have some sort of experience before you can start
charging enough to make them viable as full-time employment. And some are more
like a side hustle or temp job.

Having said that, here are some examples of IT careers you can learn online
through free courses:

Security specialist

The more we do online, the more criminals want to take advantage of us. That
makes fighting cybercrime a definite growth industry. A wide range of companies,
in just about every field, are adding computer security specialists. In fact,
these jobs are expected to increase a whopping 31% by 2029. This job involves
planning and implementing security measures for large and small companies that
rely on computer networks. You will need to develop the ability to anticipate
techniques used in future cyberattacks so they can be prevented.

3 Comments | Read | March 29th, 2021 | For consumers | For technologists | Guest
Blog Post | Top Stories


MY TAKE: APPLE USERS SHOW STRONG SUPPORT FOR TIM COOK’S PRIVACY WAR AGAINST MARK
ZUCKERBERGER

BY BYRON V. ACOHIDO

Like a couple of WWE arch rivals, Apple’s Tim Cook and Facebook’s Mark
Zuckerberg have squared off against each other in a donnybrook over consumer
privacy.

Cook initially body slammed Zuckerberg — when Apple issued new privacy policies
aimed at giving U.S. consumers a smidgen more control over their personal data
while online.

Related: Raising kids who care about their privacy

Zuckerberg then dropped kicked Cook by taking out full-page newspaper ads
painting Apple’s social responsibility flexing as bad for business; he then
hammered Cook with a pop-up ad campaign designed to undermine Apple’s new
privacy policies.

But wait. Here’s Cook rising from the mat to bash Z-Man at the Brussels’
International Privacy Day, labeling his tormentor as an obsessive exploiter who
ought to be stopped from so greedily exploiting consumers’ digital footprints
for his personal gain.

This colorful chapter in the history of technology and society isn’t just
breezing by unnoticed. A recent survey of some 2,000 U.S. iPhone and iPad users,
conducted by SellCell.com, a phone and tech trade-in website, shows American
consumers are tuned in and beginning to recognize what’s at stake.

Fully 72 percent of those polled by SellCell said they were aware of new privacy
changes in recent Apple software updates, not just in a cursory manner, but with
a high level of understanding; some 42 percent said they understood the privacy
improvements extremely well or at least very well, while 21 percent said they
understood them moderately well.

Another telling finding: some 65 percent of respondents indicated they were
extremely or very concerned about websites and mobile apps that proactively
track their online behaviors, while only 14 percent said they were not at all
concerned.

Comment | Read | March 8th, 2021 | Best Practices | For consumers | For
technologists | My Take | Privacy | Top Stories


GUEST ESSAY: THE DRIVERS BEHIND PERSISTENT RANSOMWARE — AND DEFENSE TACTICS TO
DEPLOY

BY ERIC GEORGE

The internet has drawn comparisons to the Wild West, making ransomware the
digital incarnation of a hold-up.

Related: It’s all about ‘attack surface management‘

However, today’s perpetrator isn’t standing in front of you brandishing a
weapon. They could be on the other side of the globe, part of a cybercrime
regime that will never be discovered, much less brought to justice.

But the situation isn’t hopeless. The technology industry has met the dramatic
rise in ransomware and other cyber attacks with an impressive set of tools to
help companies mitigate the risks. From sharing emerging threat intelligence to
developing new solutions and best practices to prevent and overcome attacks,
it’s possible to reduce the impact of ransomware when it happens.

Prevalence

The FBI’s Internet Crime Complaint Center (IC3) received 3,729 ransomware
complaints in 2021, representing $49.2 million in adjusted losses. Healthcare
and public health, financial services, and IT organizations are frequent
targets, although businesses of all sizes can fall victim to these schemes.

One Comment | Read | September 6th, 2022 | For consumers | For technologists |
Guest Blog Post | Top Stories


NEW TECH SNAPSHOT: THE ROLE OF ‘MSSPS’ IN HELPING BUSINESSES MANAGE
CYBERSECURITY

BY BYRON V. ACOHIDO

Network security has been radically altered, two-plus years into the global
pandemic.

Related: ‘Attack surface management’ rises to the fore

The new normal CISOs face today is something of a nightmare. They must take into
account a widely scattered workforce and somehow comprehensively mitigate new
and evolving cyber threats.

Criminal hacking collectives are thriving, more  than ever. Security teams are
on a mission to push network defenses to the perimeter edges of an open, highly
interconnected digital landscape; the defenders are under assault and running
hard to stay one step ahead.

Managed Security Services Providers have been steadily evolving for two decades;
they now seem poised to help large enterprises and, especially, small to
mid-sized businesses manage their cybersecurity.

The global market for managed security services is estimated to be growing at a
compound

One Comment | Read | September 6th, 2022 | Best Practices | For technologists |
New Tech | Steps forward | Top Stories

Byron Acohido · Taking a wartime approach to defending networks.


BLACK HAT FIRESIDE CHAT: TAKING THE FIGHT TO THE ADVERSARIES — WITH CONTINUOUS,
PROACTIVE ‘PEN TESTS’

BY BYRON V. ACOHIDO

Penetration testing – pen tests – traditionally have been something companies
might do once or twice a year.

Related: Cyber espionage is on the rise

Bad news is always anticipated. That’s the whole point. The pen tester’s
assignment is to seek out and exploit egregious, latent vulnerabilities – before
the bad guys — thereby affording the organization a chance to shore up its
network defenses.

Pen testing has limitations, of course. The probes typically take considerable
effort to coordinate and often can be more disruptive than planned.

These shortcomings have been exacerbated by digital transformation, which has
vastly expanded the network attack surface.

Guest expert: Snehal Antani, CEO, Horizon3.ai

I had the chance at Black Hat 2022 to visit with Snehal Antani and Monti Knode,
CEO and director of customer success, respectively, at Horizon3.ai, a San
Francisco-based startup, which launched in 2020. Horizon3 supplies “autonomous”
vulnerability assessment technology.

Co-founder Antani previously served as the first CTO for the U.S. Joint Special
Operations Command (JSOC)  and Knode was a commander in the U.S. Air Force 67th
Cyberspace Operations Group. They argue that U.S. businesses need to take a
wartime approach the cybersecurity. For a full drill down, please give the
accompanying podcast a listen.

Horizon3’s flagship service, NodeZero, is designed to continuously assess an
organization’s network attack surface to identify specific scenarios by which an
attacker might combine stolen credentials with misconfigurations or software
flaws to gain a foothold.

5 Comments | Read | August 29th, 2022 | Black Hat Podcasts | For technologists |
New Tech | Podcasts | Steps forward | Top Stories


GUEST ESSAY: STOLEN LOGONS, BRUTE FORCE HACKING GET USED THE MOST TO BREACH WEB,
EMAIL SERVERS

BY DAWID CZARNECKI

Web application attacks directed at organizations’ web and mail servers continue
to take the lead in cybersecurity incidents.

Related: Damage caused by ‘business logic’ hacking

This is according to Verizon’s latest 2022 Data Breach Investigations Report
(DBIR).

In the report’s findings, stolen credentials and exploited vulnerabilities are
the top reasons for web breaches. This year, these were the top reasons for web
breaches.

•A whopping 80 percent were due to stolen credentials (nearly a 30 percent
increase since 2017!)

•Exploited vulnerabilities were the second leader at almost 20 percent

•Brute forcing passwords (10 percent) came in third

•Backdoors or C2 (10 percent) were the fourth runner-ups

Poor password practices are responsible for most incidents involving web
applications and data breaches since 2009. Password security may seem like a
simple solution for a huge problem, but it may be difficult to successfully
implement in practice. Ignoring it, on the other hand, can lead to complications
such as an unwarranted data breach.

Without strong, secure passwords or two-factor authentication (2FA) enabled in
an organization or startup, it becomes easy for attackers to access stolen
credentials on their web and email servers.

Consequently, sensitive data can become compromised, ending up in the wrong
hands. In 2022, 69 percent of personal data and 67 percent of credentials became
compromised in a web breach. This data strongly indicates that password
management and 2FA are crucial for any organization or startup to become more
secure from web attacks.

We’ve shared some helpful guidance on password security at Zigrin Security blog.

Comment | Read | August 29th, 2022 | Best Practices | For consumers | For
technologists | Guest Blog Post | Top Stories

Byron Acohido · Addressing the yin and yang of APIs


BLACK HAT FIRESIDE CHAT: DOING DEEP-DIVE API SECURITY — AS SOFTWARE GETS
DEVELOPED AND DEPLOYED

BY BYRON V. ACOHIDO

APIs have come to embody the yin and yang of our digital lives.

Related: Biden moves to protect water facilities

Without application programming interface, all the cool digital services we take
for granted would not be possible.

But it’s also true that the way software developers and companies have deployed
APIs has contributed greatly to the exponential expansion of the cyber-attack
surface. APIs have emerged as a go-to tool used by threat actors in all phases
of sophisticated, multi-stage network attacks.

Upon gaining a toehold on a targeted device or server, attackers now quickly
turn their attention to locating and manipulating available APIs to hook deeply
into company systems. APIs provide paths to move laterally, to implant malware
and to steal data.

Guest expert: Sudeep Padiyar, founding member, Traceable.ai

The encouraging news is that API security technology has advanced quite a bit
over the past five years or so.

I had the chance at Black Hat 2022 to visit with Sudeep Padiyar, founding member
and director of product management, at Traceable, a San Francisco-based supplier
of advanced API security systems. Traceable launched in 2018, the brainchild of
tech entrepreneurs Jyoti Bansal and Sanjay Nagaraj; it provides deep-dive API
management capabilities — as software is being developed and while it is being
used in the field.

We discussed the Gordian-knot challenge security teams face getting a grip on
the avalanche of APIs hooking into their organizations. For a full drill down,
please give the accompanying podcast a listen.

7 Comments | Read | August 25th, 2022 | Black Hat Podcasts | For technologists |
New Tech | Podcasts | Steps forward | Top Stories


GUEST ESSAY: A BREAKDOWN OF THE CYBER RISKS INTRINSIC TO UBIQUITOUS SOCIAL MEDIA
APPS

BY MARK STAMFORD

More than half of the world—58.4 percent or 4.62 billion people—use social
media.

Related: Deploying human sensors to stop phishing.

And while that’s incredible for staying connected with friends, organizing
rallies, and sharing important messages, it’s also the reason we are facing a
cyber security crisis.

A record 847,376 complaints of cyber-crime were reported to the FBI by the
public, according to the FBI’s Internet Crime Report 2021—a 7 percent increase
from 2020. This is now catching the attention of elected leaders like Senator
Mark Warner and Senator Marco Rubio.

They recently called on the Federal Trade Commission (FTC) to investigate TikTok
and parent company Byte Dance over its data handling. But why is social media
such a catalyst for nefarious behavior?

As the founder of the leading cyber security firm OccamSec, I’ve seen first-hand
how and why social media is such a weak point, even for the most careful people
and companies. Here are the three main reasons.

5 Comments | Read | August 23rd, 2022 | For consumers | For technologists |
Guest Blog Post | Top Stories

Older Articles »
 
 

The Last Watchdog © 2022
Privacy Policy | Terms of Use

�