Rising global tensions put us a few lines of code away from a significant cyber event

Cyberthreats are dominating the news headlines. Ntirety CEO Emil Sayegh highlights the current ever-changing cyber landscape and how we can better protect our cyber infrastructures. 

Rising global tensions put us a few lines of code away from a significant cyber event 

Reflecting on the threats and targets that we are most concerned with given the Russia-Ukraine war, cybersecurity is now the front line of our country’s wellbeing. Cyber threats endanger businesses and individuals — they can affect supply chains, cause power grid failures, and much more. 

This growing environment of risks and increasingly aggressive adversaries demand our readiness, yet our national response continues to be largely reactive to threat conditions. History shows how a small event built on daisy-chained circumstances can kick off a catastrophe, or even a shooting war. 

As the war in Ukraine endures and as countries around the world align, a rising threat emerges from Russian sources, adversarial states, unscrupulous opportunists, and a shadow world of 5th column provocateurs. An 800% increase in activities was observed in the first 48 hours of the invasion alone, and scanning and probes on domestic network infrastructures are reaching historic highs. 

Cyber vs kinetic warfare 

This is a heightened condition of hostilities that will continue and extend beyond physical engagements. We must confront the fact that globally sourced cyberattacks are the essence of modern warfare. It is simpler, cheaper, and more impactful to run a cyberattack campaign than a traditional kinetic act of war. 

Cyberattack campaigns make strategic military sense since they are designed to impact communications, impact energy, cripple a population, military readiness, or make any number of dire situations worse. This is why we see intelligence agencies either directly or indirectly involved in cyberwarfare. 

As Russia becomes more isolated from the rest of the world, it is believed that even in the aftermath of current conflicts its leaders, intelligence agencies, and even rogue groups of unemployed hackers will be more apt to deploy cyberattacks, either in retaliation or simply for monetary gain. 

China has targeted the United States for decades and they have done so on every possible front. From the military, to business, to finance, to the global race for resources, China has leveraged every possible point using tools such as political influence, market manipulation, cyber intrusions, partnerships, and military threat. 

Throughout the industry, we can track countless advanced attacks and backdoors to their efforts. In the crosshairs of this force are state departments, contractors, and any organization it can hook itself into. In many cases, their aim is a lot more everlasting, as it is industrial espionage and the theft of intellectual property in addition to ransoms. 

Rebuilding Security 

We are in a position where even a minor escalation of cyberattack characteristics could cripple this nation and cause massive impacts on life and property. Our response positioning must equal and exceed the specter of the overall threats, and our readiness must be comprehensive. 

In addition to the ongoing Congressional efforts to improve our national cybersecurity, we must add the following tasks to the national cybersecurity mission: 

  • Fix the damage. We must put a priority on funding new security initiatives, with an emphasis on new technologies, the growth of intelligent protection, and services that can augment the baseline of overall security posture.
  • Training a nation Quality training systems must be made readily available that address modern kill-chain awareness, attack simulations, and advanced countermeasure techniques.
  • Greater collaboration We must expand the efforts of the Cybersecurity and Infrastructure Security Agency (CISA) to work with the community beyond early warning systems, and to help model comprehensive cybersecurity protection systems by leveraging technologies and services.
  • Pursue criminal activities We must continue to bring cases of cyber theft, cyberespionage, and cyberattack to the point of grand jury indictment. We need these cases as assets in defending our digital sovereignty, even when they will not result in fines or jail time.

Building a secure digital future is an essential task that demands success, and it should be one of our core missions as a nation. We must take measures to improve cybersecurity through increased knowledge, better technologies, and tactics that are built for the modern range of cyberthreat conditions. 

From mobile endpoints to applications, to identity, and onward to the cloud and infrastructure combined, safeguarding critical assets is a comprehensive task that requires the highest possible prioritization. The recent history of cyber-driven disruptions to critical services thus far has only been indicative of warnings of what could happen. 

We must face the threat that we are only a few lines of code away from a very significant event. Our readiness must improve immediately. 

 

Check out this piece, originally published in The Last Watchdog, here and follow me on LinkedIn. 

Cybersecurity Maturity Models Can Be Immature

Cybersecurity maturity models are a great starting point for businesses to understand their most important cyber needs. This piece from Ntirety CEO Emil Sayegh notes the importance of going above and beyond the minimum recommendations to avoid the costly consequences. 

Cybersecurity Maturity Models Can Be Immature 

Like many things in life, cybersecurity posture is a spectrum of states in maturity. Cybersecurity Maturity Model Certifications (CMMC) are all the rage now in IT departments. You can be at one end of the spectrum of cybersecurity maturity, the other end of the spectrum, or maybe somewhere in the middle. The National Institute of Standards and Technology (NIST) and CMMC have defined those security maturity models in five distinct stages. You even often hear some IT departments proudly declare that they are a level three or four or five in terms of their security maturity. We can analytically categorize the levels that compose these security states, and that is a good thing. However, some of these states assume reasonably well-known threat patterns. The challenge is that even with the best possible security posture, novel threats can bring the entire security structure crashing down. This is one of the driving conditions that make a comprehensive cyber security approach an operational and technological necessity. 

Whether it is NIST or CMMC, the five levels of cybersecurity maturity shape up like this: 

  • In the first level, the organization is vulnerable. A lack of preparedness is the most palpable description, along with a general lack of structure, documentation, or processes.
  • At the second level, an organization becomes more aware, but they are still reactive. They can repeat basic efforts, and they have basic documentation of processes available but only in a reactionary manner. This organization can respond in the timeframe of a few days, but they are vulnerable to data loss, operational gaps, and financial impact.
  • Level three marks the beginning of effective security measures. Typically constructed from security, compliance, and regulatory efforts, along with a greater establishment of tight security processes. Security policies and technologies are deployed and are available in documentations for the most critical environments. General assurance of the environment is established, typically including the existence of backups and repeatable issue mitigation. In this scenario, rapid event awareness is the vehicle for enablement, reducing response to hours and sometimes minutes while there is a significant minimization of potential financial loss.
  • The next level escalates to a continually compliant state based on external requirements and internal operational standards. The entire environment is managed, logged, and reviewed on a routine basis and continuous monitoring helps eliminate regulatory penalties and awareness of operations across each discipline.
  • The highest level in this security maturity level is the optimized proactive posture where information security processes are a model of continual improvement. These processes are tightly integrated with information from throughout the environment, offering feedback, external information, and research, and they can introduce needs-based process updates to better serve the organization. Organizations at this level are able to respond in real time, and they can significantly reduce data and application breaches.

Prepared but Still Exposed 

While these five levels sound good, there are still massive risks from novel threats that can make much of the level two and level three preparedness become obsolete, and perhaps severely compromise even a level four organization. A Zero-Day attack is an unforeseen event that bypasses previously established standard security measures. This makes it difficult for security systems and software providers alike, as they don’t know what threat signature might trigger alarms or not— leaving their products vulnerable in the process. 

During a Zero-Day attack, all that preparedness can be undermined as even a limited opportunity slips through the cracks, unknown and unopposed. Preparing for Zero-Day attacks is critical, with a foundation of: 

  • Being proactive
  • Maintaining good data backups
  • Monitoring traffic, security incidents, and accounts
  • Keeping systems up to date
  • Zero-Trust implementation

Zero-Day Blinders and Zero-Day Finders 

A key disadvantage of operating as a single organization with a single infrastructure is reduced visibility. In terms of Zero-Day vulnerabilities, a lone organization may only be subject to a single attack at a given time. This makes it easy to lose sight of looming dangers that are continuously present and just as dangerous. 

Among the benefits of leveraging a massive infrastructure, and a adopting the mission to go beyond the final level of security maturity into Zero-Day conditions, is the ability to see incoming threats across different channels, organizations, industries, and geographies. The imperative of Zero-Day threats across a scaled base requires never-ending active identification and hunting of threats throughout the infrastructure. 

When we speak of comprehensive security, it incorporates everything from process to technology to detection monitoring to recovery. It encompasses everything from designing, building and operating the entirety of the IT environments. Absent this complete approach, even proactive organizations cannot rely on their maturity model designation as a crutch against threats. When the significant risk of Zero-Day threats is unacceptable, no stone can be left unturned. 

 

Check out this piece, originally published in Security Magazine, here and follow me on LinkedIn.  

Citing cyberthreats: Why we should be worried

Complacency is not an option when it comes to cybersecurity. Ntirety CEO Emil Sayegh highlights prominent cyberthreats we are facing today in the following piece. 

 

Citing cyberthreats: Why we should be worried 

In the wake of global conflicts, significant concerns about the security of critical domestic cyber operations have dominated the news. Yet, despite all the urgent alerts and notices, after several weeks of escalated scenarios of aggression, it seems the “big one” hasn’t quite hit. On one hand, our power is still on, our water still flows, and our kids can still walk over to the campus ATM and check their balances. Have our adversaries been holding back? Or is something else happening? Threat activity levels are higher than ever, and it is more likely that cyber chaos is lying in wait. Remember the peace of the Western Front — this is the time to worry the most. 

There is little debate that the primary channel for conflicts in the world today is rooted in offensive cyber capabilities. In recent years, attacks from nation-states and state-sponsored groups have surged and include corporate espionage, ransomware schemes, supply chain software breaches, fundraising for terrorist activities, and more. At times it seems that cybersecurity is a cat and mouse epic battle. 

 The U.S. is The Target 

Let’s be clear; it is not just Russia. Even the slightest indication of undermining security is an opportunity for adversaries and foes. China, Iran, North Korea, and even other actors that claim to be technically our allies will not let an opportunity for technological chaos go to waste. This is our modern Roman arena, and we are not viewed as the lions — we are viewed as the bait, and almost everybody is coming at us. 

One simple fact of these threats is that a history of successful attacks begets continued attacks. Attack vectors, techniques, and tools are shared in private corners of the web. Successful campaigns also create digital wealth-based cryptocurrency schemes that can wage war, sponsor terrorist groups, and spawn new attacks and new attackers. 

 Russian Capability 

Russian offensive cyber operations are highly advanced, and we have seen how many experts have tracked the SolarWinds attack of 2020 to suspected Russian sources. This incident was a sophisticated infiltration of a major software supplier, and the discovery of this incident affected thousands of clients. Operations at that scale take time — incorporating full-cycle targeting, social engineering, payload, and surveillance over the course of many months. 

 From the beginning of the war in Ukraine, cyberattacks were first. A prelude to the land attack, these operations destructively took out government agencies, banking facilities, and other critical offices. These were official military actions, but Russia also wields a hidden force of citizens that will see cyber hacking as a form of patriotism and survival as the world continues to pressure economic sanctions upon the country. Attacks could persist for years beyond the cessation of violence. 

 

Attack Signals Not Stopping 

The first quarter of this year is behind us, and we are already seeing high activity in the number of novel methods emerge as well as a heightened and accelerated scale of cyber threat activities across the board. The company I lead has collected an 800% increase in threat activities since the war first started, and it is not abating in any sense of the word. We continue to work with high-level government agencies on a frequent basis to help protect the ecosystem of companies within our client base and beyond. 

We have the Okta situation, new Android malware, reports of suspected Russian and Chinese capabilities to defeat two-factor authentications, and specific failure incidents, such as the report of a major storage provider going through the permanent loss of customer data. If it isn’t clear already, it one day will be — flaws and human interaction can weaken technology, but technology combined with the commitment to thorough security practices can close significant gaps. 

 There is definitive proof that global criminal and perhaps intelligence syndicates are driving this increased activity and the day of the lone hacker is history. Such is a global cyberwar. Companies cannot withstand this escalating onslaught alone. We must take up arms to protect what is ours. This is an invasion of an entirely different kind, and we must protect the homeland in the cloud, on our keyboards, our television, and mobile devices.     

   Preparation and Targets 

We have so much to protect. First, our military and economic foundation are highly dependent on digital terrestrial and satellite technologies. The protection of the backbone is critical, and these are primary targets. However, the frontlines in this battle are everywhere we go, everywhere we live, and so right away and urgently, our national base of cyber readiness must get up to speed on security matters. 

 Only a comprehensive security strategy will solve this once and for all, but until then, we can steel ourselves from this persistent wave of threats with basic actions: 

  •       Lockdown networks and systems
  •       Implement tested and validated backups
  •       Implement Multi-Factor Authentication
  •       Patch systems and software
  •       Turn on monitoring and alerting (everywhere)

 On a personal level, pay attention to your passwords. Change them often and make them complex. Implement multi-factor everywhere possible. Keep aware of phishing attempts, malicious links, and every form of cybersecurity responsibility you bear for yourself and the companies you work for.   

 It is the natural order of things that big-name companies are going to hold a higher target value. Russia, like many other nations that wield cyber threat operations, is in a position where it can completely rely on symbolic victories in its cyber attack campaigns. You can count Coca-Cola, Exxon/Mobil, and even Tesla as organizations that are probably on heightened alert due to their very public business decisions launched in response to Russia’s attack.   

 The Silver Lining 

Industry awareness of these threats has improved, and the fact that we have survived this long ties back to the hardening throughout the industry following two years of pandemic-driven challenges. The fires of that digital chaos and the improved response are positive historical touchstones. We will find that only a complete lifecycle of comprehensive security can protect what is truly essential. 

 Eventually, the Russian crisis on the ground will pass, but another crisis is looming. Silent digital attacks are a prelude to greater actions, and the stillness is a false sign of security. Russia, China, and other global adversaries are stacked up for a global confrontation, hoping that the weakest target may precipitate our fall.  

 

 Check out this piece, originally published in Security Magazine, here and follow me on LinkedIn.  

How Climate Change Impacts IT

Whether we like it or not, our planet is facing some detrimental damage. Ntirety CEO Emil Sayegh reminds us that IT is not immune to climate change in our latest blog. 

 How Climate Change Impacts IT 

 While our heads (and data) might be in the cloud, ultimately our IT and technology infrastructure lives right here on a planet that is facing an existential crisis. Global climate change is happening, though its causes continue to be a societal debate. While we know that global climate has changed since before recorded human history, many pinpoint the source of our current pattern changes to man-made reasons, with a steady focus on greenhouse gases, carbon emissions, and energy consumption. In any case, the planet is experiencing greater weather swings and events than recent memory can extend — floods, severe heat, blizzards, hurricanes, intense rain, and droughts appear to occur more often. 

These climate events do not only have an impact on lives. Significant events can affect the continuity and survival of industries and businesses, especially when they affect information technology systems. Climate change has a tangible and increasingly critical effect on IT — it is a business continuity issue, it is a cost issue, and it is also a core strategy issue. It is high time that we consider the impact of climate change on IT. 

Elon Agrees 

Tech legend Elon Musk halted purchases of Tesla vehicles with Bitcoin last year due to the “rapidly increasing use of fossil fuels for Bitcoin mining,” which experts estimate uses more energy than entire countries such as Sweden and Malaysia. Musk is not the only one to sound the alarm on the environmental impact of Bitcoin — Treasury Secretary Janet Yellen has also warned that it uses a “staggering” amount of power. Regardless of whether Bitcoin and other cryptocurrencies are a polluters or not, the negative connotations around the impact of its enormous energy consumption on the environment has affected its valuation, and even maybe its future trajectory. 

Threats are Significant and Real 

Historical weather events such as hurricanes Sandy and Katrina continue to echo years after their arrival. However, these unstoppable and formerly outlier events occur every year with greater frequency, causing hundreds of billions in damages and massive outages. Their aftermath must always be dealt with. In February of 2021, Texas endured a weeklong flash winter storm completely out of the weather norm. Known as the Great Texas Snow Storm, “Snovid,” or the “Snowmageddon,” the economic impact of that event was a staggering $200 billion. 

Disaster preparation and recovery are just a couple of reasons why organizations must focus on continual backups, replication to offsite locations, and the drive to create zero-downtime resilience through disaster recovery plans, power backups, and nimble cloud architectures. We do this because the threats are real and becoming more frequent. With enough planning, the right partners, tools and capabilities, you can get through these incidents with a minimal interruption to the business. 

Inside a Crisis 

Rather than drive inside all the reasons why you should prepare for a crisis and how, it would be better to set the tone of what happens behind the scenes When a crisis hits, it can appear to be a frantic scene. When a severe weather event hits and creates an IT disruption, efficient operations and a return to normal operations are more critical than ever for all impacted. 

The early moments are the most critical, but recovery events include: 

  • Emergency Notifications
  • Assessment
  • Monitoring of Disaster Recovery Operations
  • Triage\Troubleshooting
  • Analysis
  • Reassessment
  • Status updates

In a pressure-filled scenario, the impact of any potential missteps is amplified, adding time to the recovery efforts. Your IT disaster recovery plan must be clear, it must be relevant, and your team must be ready to execute its well-rehearsed disaster recovery plan. This is where all the documentation, preparation, planning, and partnerships meet the road. 

Hackers Ready to Pounce 

Here’s the bad news. When a weather disaster strikes an organization or locality, it is public information. You can expect that opportunistic scammers are somewhere close behind, just like vultures. That’s where you will see the relief scams, phony fundraisers, and other schemes that follow weather events. You will also see social hack attempts and phishing attempts come through when there are known disruptions in the air. 

Unexpected disruptions and recovery efforts can open security vulnerabilities. For example, in the event where a backup or tertiary site comes online, there is an opening to take advantage of the possibility that the backup systems are exposed in any way—patches, permissions, vulnerabilities, default passwords, configuration, etc. Just as in all cybersecurity, it comes down to the weakest link in the chain. If one entry point behind the virtual security wall can be exploited during a weather-related recovery, that is all an outsider needs to find. 

Tech as Climate Readiness 

The challenge of business continuity is a core business mission, but with an increase in climate change related events around us, this challenge is more critical than ever before. Preparations, planning, and the right partnerships matter. Capabilities matter. Depending on the business in question and the locality of its IT systems, the impact that climate bears upon business continuity will vary. Almost every organization should prepare to leverage principles including offsite strategies, resiliency, security considerations, geographic strategy, and cloud technology in order to step up to this modern-day challenge. 

With one part process, another part readiness, and another part technology-focused, organizations that embrace cloud infrastructure have greater capabilities to roll through crisis scenarios because they have improved resiliency, speed, and the very nature of security is aligned with the fluid nature of cloud. We cannot know in advance the timing and arrival of every calamitous weather event, but we can prepare with better process, enabled by better tools to adapt through multiple situations. 

 Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

6 Reasons Why Entrepreneurs Should Take Security Seriously

Being an entrepreneur involves some serious hustle in order to make a dream a reality. While it can be tempting to handle everything on your own, cybersecurity requires teamwork.  Read this piece from Ntirety CEO Emil Sayegh, originally published in Forbes, to learn more about why cybersecurity should always be a part of an entrepreneur’s strategy. 

 6 Reasons Why Entrepreneurs Should Take Security Seriously 

 Of all the rules and advice available about running your own business, the best pertains to what mistakes to avoid. At the top of the list of mistakes to avoid  as an entrepreneur, you should not do everything yourself. 

 By default, when an individual chooses to do something, they are choosing not to do something else. Yet despite that simplicity, the inclination to do it all in entrepreneur mode is tempting. We want to know every brick of our business and we are willing to ascribe to the icon of hard work and high rewards. The reality is, there is too much on the line and you could be doing other things that you are much better at. It’s a powerful choice that separates leaders from the rest of the pack. In his book  Good To Great, Jim Collins calls it level V leadership, a level we all aspire to be at. 

 Choosing what your organization does and does not do is one of the most critical leadership tasks imaginable. This choice applies to our most precious digital assets as well. Information needs to get where it needs to get in a way that is safe. 

 You are not an expert at everything in technology even if you are a technologist at heart. If you try, you end up doing less than you could have done on a much more valuable task. Once you can afford it, hiring experts has tremendous advantages, especially when you regain time and opportunities in doing so. 

 When it comes to IT security, however, you just can’t face these challenges alone. Cybersecurity is not a finish line initiative where you can roll out a tool of some sort and call it a day. The threats are ever-changing and escalating, meaning that protecting your business means keeping a continual watch on your assets and you must never let your guard down towards the ever-evolving vulnerabilities. The risks are just too great to “roll your own.” 

 These are the top reasons why, as an entrepreneur, your IT security should be taken seriously. 

 

  1. Impossible Task: Across the globe, more than 30,000 websites are hacked daily. A new attack happens somewhere every 39 seconds. More than 300,000 new pieces of malware are created each day. DDoS attacks, malicious apps, phishing, zero-day attacks, and other security concerns threaten every business, even the small ones. Your adversaries are not individuals but nation states, criminal organizations, and hive-minded hackers. No entrepreneur can do this alone and just because an incident has not happened to you, it does not make you immune. 
  2. Reputation: Nobody is immune to the damage of reputation that comes in the wake of a cyber incident. Consider the value and reputation loss for companies like Solar Winds, FireEye, and others, and the association with their founders, executives, and company boards. 
  3. Financial Losses: An incident can wreck your finances for good. Between recovery efforts, penalties, and loss of income, a cyber incident can affect a small company’s bottom line significantly. A 2017 Ponemon Institute study put the average cost for small businesses at $500,000 per incident. This calculation only scratches the surface of legal costs, compliance penalties for HIPAA, GDPR, lost revenue due to downtime, etc. 
  4. Losing the Board and Investors: The Board of Directors and investors have a stake in the sanctity of the business. There is nothing like a cybersecurity incident and a chain of business ownership crisis to put one at odds with these critical business advocates. The perceived savings of executing your own security is simply not worth it. 
  5. Endanger Employees: Taking on security alone can endanger your employees, who are your most important asset, through the theft of employee data, including sensitive HR files, dates of birth, financial information, and more. 
  6. Financial Theft: Cyber thieves, in many manifestations, are out there. Whether it’s a lone hacker, a team of criminals, or a nation-state organization, there are high values placed on the extraction of financial data and the methods being used are crafty, escalating, and unpredictable. 

 At the risk of repetition, understand that entrepreneurs know their businesses, but they are not experts at everything. When the likes of security giants like FireEye fall to modern, sophisticated cyberattacks as we’ve seen in recent news, you should get a sense of how critical it is to not take on the challenge of cybersecurity alone. Focus on the things you do best, and stop doing the things you shouldn’t be. 

 Check out this piece, originally published in Forbes, here and follow me on LinkedIn

Why Security Maturity is Necessary for Your Business

A security maturity model is a set of characteristics that represent an organization’s security progression and capabilities. According to CISOSHARE, Key Processing Areas (KPAs) in a security maturity model are practices that help improve a security infrastructure 

These KPAs include:  

  • Commitment to perform  
  • Ability to perform  
  • Activities performed  
  • Measurement and analysis of the results
  • Verifying the implementation of processes  

Levels of security maturity range from 1 to 5, with the lowest level of security maturity being one and the highest level of security maturity being five. Various industries lie within these levels, depending on their security needs. The retail industry typically falls under Levels 2 or 3, manufacturing falls between 3 to 5, while Fintech and Healthcare are between levels 4 and 5 due to the high levels of compliance needed in these industries.  

Ntirety details these levels of security maturity by detection, response, and recovery times:  

  • Level 1 (Vulnerable)  
  • Time to Detect: Weeks/months  
  • Time to Respond: Weeks  
  • Time to Recovery: unknowable
  • Recovery Point: unknowable
  • Compliance: None  
  • Level 2 (Aware & Reactive)  
  • Time to Detect: Days
  • Time to Respond: Hours
  • Time to Recovery: 1-2 Days
  • Recovery Point: <2 days data loss
  • Compliance: Internal Objectives

  

  • Level 3 (Effective)  
  • Time to Detect: Hours  
  • Time to Respond: Minutes  
  • Time to Recovery: Hours  
  • Recovery Point: <24 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 4 (Compliant)  
  • Time to Detect: Minutes  
  • Time to Respond: Minutes
  • Time to Recovery: Hours
  • Recovery Point: <6 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 5 (Optimizing)
  • Time to Detect: Immediate
  • Time to Respond: Immediate
  • Time to Recovery: Immediate
  • Recovery Point: <15 min data loss
  • Compliance: Internal & 3rd party  

How Ntirety Helps With Security Maturity: 

With over 20 years of industry experience, Ntirety understands how to support a business’s cybersecurity maturity needs and follow the necessary processes to ensure a smooth transition into IT transformation.  

For a company to appraise their security maturation with Ntirety, the first step is to have a conversational assessment with our team to determine the security gaps in your business’s cyber infrastructure. Our team can see where your business lies in the security maturity framework and compare it to your goals by answering some questions. Whether it is a particular industry vertical that your company falls under, you are adopting best practices within your IT infrastructure operations, or it is a board mandate, we can help formulate a plan based on your business’s needs.  

Following an assessment, the Ntirety team can detail how to improve Protection, Recovery, and Assurance. Ntirety’s Guidance Level Agreements (GLAs) can help improve these areas by optimizing availability, security, performance, and costs. Ntirety is committed to securing the “entirety” of your environment through solutions that identify, inventory, and protect the entire target environment. Ntirety’s Compliant Security Framework covers the security process from establishing your security design & objectives through protection, recovery, and assurance of compliance to your security requirements.  

One mistake we often see with companies is the idea of doing it themselves being a safer option. While resourcing a cybersecurity solution internally may seem more manageable, it can be far more costly and take away from other essential business functions. Here are the top 7 reasons to outsource security:  

  1. Finding and maintaining a talented SIEM/SOC team is expensive
  2. The benefit of trends and detection of other customers
  3. Accessing more threat intelligence and state of the art technology
  4. Long-term Return on Investment
  5. Outsourcing lowers the Risk of conflict of interest between departments
  6. Enhancing efficiency to concentrate on your primary business
  7. Scalability and flexibility 

For more details on securing your cyber infrastructure, watch our most recent webinar and schedule an assessment with us today. 

Reflecting On The Biggest Crypto Hack Ever

Crypto has been a hot topic in recent news. It is relatively new, and security protocols unfortunately are not a high priority. Read this piece from Ntirety CEO, Emil Sayegh originally published in Forbes for more insight. 

 

Reflecting On The Biggest Crypto Hack Ever 

The gaming and crypto worlds have reacted strongly to the news of a major attack that cost one crypto-gaming network upwards of $625 million in assets. The Ronin hack is among the largest crypto heists in history and when the dust settles, the incident may wear that crown alone. The story of this crypto-gaming company holds valid lessons for any organization that is watching. 

Big Pity for Crypto 

Crypto is known to the masses as an investment vehicle and to some it is known as a payment source for scams and hacks. Since the beginning, crypto has provided a fascinating ride, but bad actors have inevitably been there all along. Along the way, they ruined some parties. 

As it stands, the yearly damage for crypto theft and fraud activity worldwide is estimated at over $10 billion per year (and growing). These statistics have created doubt over secured capabilities in the cryptocurrency industry. The Ronin hack holds clues to that uncertain crypto future. 

Breaking Down the Heist 

Parties behind the Ronin network reported that validator nodes were subverted using hacked private keys, later leveraged to forge crypto withdrawals. These nodes bridged into a popular game known as “Axie Infinity” – notable for its thorough NFT and crypto monetization. The attackers were able to exploit a back door within a node that was part of the network’s validation protections. With unfettered access, the attackers were able to withdraw 173,600 ether and 25.5 million in USDC. Now, the network must hope that government law enforcement agencies can assist in recovering the stolen assets. 

Shortcuts and Bad Decisions 

Sky Mavis, the company behind the Axie Infinity game shared that the attack was possible in part because “immense user load” drove the company to take a self-described “shortcut”. Let’s be clear. This looks like a bad decision that lost sight of the risks. Fixing this specific flaw might be a minor technical affair, but the company must now release a substantial plan that addresses how they technically and philosophically plan to prevent this sort of issue from happening again. In this matter again and again, assets became liabilities, and they were blind to recognizing when that transition occurred. 

Crypto Liabilities? 

If risks continue to be treated this way, by anyone, flawed decisions will continue to be a costly problem. The currency at risk can consist of data, crypto, passwords, cash transactions, or anything you would seemingly want to protect and provide. Let us run down specifics on why this is a growing problem for organizations that rely on crypto assets. 

1. Cyber liability insurance – It will not cover all your losses. As a matter of fact, the entire cyber insurance industry is being reborn with skyrocketing premiums as it evolves to adapt to heightened threats, ransom amounts, and costs. 

  1. Activity surge – Billions of crypto assets are stolen each year. Reports indicate that the figure is in the tens of billions and growing. Many parties are engaged in these activities, including North Korea which boasted of its $1.7 B of stolen crypto in 2021.
  2. Crypto nature – Crypto happens to be the medium of choice for online crime in part because it is difficult to trace, has no central controlling authority, yet is accessible throughout the world. It is also difficult for law enforcement to recover.
  3. The Private Key is GOLD – The possessor of a cryptocurrency account private key wields total and exclusive control. Stealing a private key is like theft of any other traditional piece of info. Scammers will use any means at their disposal to gain access, including Social Engineering, email scams, phishing, and more.

Safe Crypto for Us 

On a personal level, it makes sense to protect your assets using multi-factor authentication (MFA) for sensitive accounts and integrating your notifications correctly. Any major activities surrounding your account should be tracked, and they should alert you. You should also: 

  1. Protect your secret keys well – this means using strong passwords, combined with MFA. Never share your keys.
  2. Avoid public networks and Wi-Fi – Keep your transactions on secured and trusted networks only.
  3. Strong, unique passwords – Do not use MFA alone, or combined with weak passwords. Never share it.
  4. Keep your crypto secure – Use crypto hardware wallets and never store it on virtual storage.
  5. Make sure your apps and exchanges are secure – If you’re using mobile, review and validate every app and crypto exchange you use for security features and reputation.

Safe Crypto for Business 

When protected by constant security measures, cryptocurrency in the enterprise can be a safe and viable business feature that can be implemented in exchanges, consumer and business transactions, in application features, building a marketplace and more. 

This should not be a surprise, but it turns out that cryptocurrency security is no different than IT security, making it very secure when implemented correctly. At its core, cryptocurrency relies on the blockchain – by design, it features changes and updates that are immutable, publicly distributed, made in multiple copies, and continually validated by means of encrypted key transactions along every step. 

Blockchain alone is great – but when it comes to business, you need reassurances, and you need awareness. These are fundamental components of comprehensive security, which is the way to go in protecting crypto in the enterprise. 

Protecting crypto systems in the enterprise depends on ensuring the base platform is fully safe and secure with a comprehensive security approach. After all, not all platforms are equal. You then must make sure that the security state stays that way, assuring that the internals of your crypto foundation are continuously known. If anything goes wrong or changes, you should know immediately, leading you to another critical lynchpin in comprehensive security – monitoring systems. 

We all expect these sorts of protections to financial transactions. It makes sense for crypto as well, even in a game. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn  

The New Normal for Cybersecurity

Cybersecurity seems to be making news headlines more and more recently. Hackers are becoming more widespread and more efficient with ransomware attacks up 105% from 2020 to 2021 according to the 2022 Cyber Threat Report. With new virtual realms such as the Metaverse close within our reach, it is crucial that proper protocols are set in place. 

For a Security Operations Center (SOC), monitoring customer infrastructure activity and quickly mitigating cyber threats is always a top priority, but it is especially important right now as conflict continues between Russia and Ukraine. Current Advanced Persistent Threats (APTs) and destructive malware includes: 

  1. Disinformation, defacements, Distributed Denial of Service (DDoS) 
  2. Destructive Wiper Communities  
  3. WhisperGate 
  4. HermeticWiper 
  5. IsaacWiper 

 All of the attacks are initiated to spread propaganda or disrupt normal operations for businesses and individuals. The Destructive Wiper Communities are different destructive malware with the intention to erase computer hardware and delete data and programs having crippling results for these businesses.  

 Following the initial attacks on Ukraine, cyberthreats were heightened globally by over 800%. While the Ntirety SOC team have not seen any targeting of Ntirety customers, we know that this could change at any moment, so we remain vigilant. We are continuing to take steps to enhance cybersecurity postures and increase monitoring for cyber threats.  

 Many data breaches can be tracked back to the tiniest flaws such as a weak or stolen password. As cybercriminal groups grow, it can be difficult for security teams to seal the cracks and fix the bugs fast enough. Protecting your business should be an ongoing effort, as there will always be cyberthreats. It is important to have all the right tools and technologies in place working together. 

 Cyber attackers look for access into endpoints- these endpoints are easily readable, readily available, and easy to access. As remote work has become increasingly more common, these endpoints, which were once located in relatively secure buildings, have moved outside of the four walls of an office. From these endpoints, cybercriminals will steal data and take down critical applications. Malicious attacks can include: 

  • Phishing: Users surrender personal information by responding to fake official emails or links to fake websites 
  • Malware: “Malicious software” designed to damage or control IT systems (Example: Ransomware) 
  • Man-in-the-middle attacks: Hackers insert themselves between your computer and the web server 
  • DDoS: “Distributed Denial of Service” A network of computers overload a server with data, shutting it down 
  • Internet of Things & Edge Processing: Rogue data thefts; user error (not encrypting) 
  • SQL Injection Attack: Corrupts data to make a server divulge potentially sensitive information 
  • Cross-Site Scripting: Injects malicious code into a website to target the visitor’s browser 

Attackers are continuing to evolve their game and crowdsource their efforts. They can find vulnerabilities and exploit weak points within cyber infrastructures. With the help of Ntirety’s SOC your business will have eyes on your cyber infrastructure 24x7x365. For more information watch our recent webinar here and stay tuned for the next blog in this series. 

Ntirety’s Strategy Against Follina

Over Memorial Day weekend, a Microsoft zero-day vulnerability was discovered and found to be exploited within Microsoft and Windows applications. CVE-2022-30190 is specifically exploited through crafted Office documents, even with macros disabled. The vulnerability, dubbed “Follina”, allows attackers to run malicious code on targeted systems.   

Nao Sec, a Japanese security vendor, discovered the flaw and posted a warning on Twitter. The document discovered by Nao Sec used Word’s external link to load the HTML and then used the “ms-msdt” (Microsoft Support Diagnostic Tool) scheme to implement PowerShell code. MSDT is a tool that collects information and sends it to Microsoft Support. The ‘Protected View’ feature in Microsoft Office does prevent exploitation, but if a document is changed to RTF format, it will run without the document being open.  The abuse of MSDT is not new as found through the living-off-the-land binaries (LoLBins) technique. 

If a bad actor is able to exploit Follina, they will be able to install programs, change, view, or delete data, and create new accounts. Although there aren’t any patches for the vulnerability, Microsoft has released tools to mitigate damage.   

Follina currently affects Microsoft 2013 and 2016, as well as the most recent version of Microsoft Office. Please see the below recommendations for mitigations regarding Follina.   

 

How Ntirety is Protecting our Customers:  

  • We are implementing Ntirety’s Extended Detection and Response (XDR) as a prevention method. Our XDR is a combination of monitoring software like Ntirety’s SIEM, combined with endpoint protection.  XDR platforms enable cybersecurity through a technology focus by collecting, correlating, and analyzing event data from any source on the network. This includes endpoints, applications, network devices, and user interactions.   

 

Ntirety’s Recommendations: 

Microsoft has released workaround guidance to address “Follina”—affecting the MSDT in Windows. An unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability within their applications. 

CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.  

 

Ntirety and Microsoft recommend the following workarounds for Follina:   

  • Disable the MSDT URL Protocol to prevent troubleshooters from launching as links.    
  • Run Command Prompt as Administrator.  
  • To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“.  
  • Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.  
  • Disable Troubleshooting Wizards completely via GPO.    
  • Run this command: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics /f /v EnableDiagnostics /d 0 , with an admin prompt to set the Enable Diagnostics key to 0, disabling Microsoft Troubleshooter.   
  • For those with MS Defender Anti-Virus they should turn on cloud-delivered protection and automatic sample submission.  
  • For those with Microsoft Defender for Endpoint enable the attack surface reduction rule “BlockOfficeCreateProcessRule” that blocks Office apps from creating child processes. Creating malicious child processes is a common malware strategy.   
  • The following alert title in the Microsoft 365 Defender portal can indicate threat activity on your network:   
  • Suspicious behavior by an Office application  
  • Suspicious behavior by Msdt.exe  

 

Indicators of Compromise (IoCs): 

At this time, there are no known IoCs associated with Follina.  Ntirety SOC and threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Ntirety will disclose them as soon as possible. For more information on how Ntirety can help protect your organization, reach out to your Ntirety Customer Success Manager or Technical Account Manager.    

 

Supporting Documentation:  

https://www.google.com/search?client=safari&rls=en&q=CVE-2022-30190++Follina&ie=UTF-8&oe=UTF-8&safari_group=9 

How To Secure A Metaverse

The Metaverse is an exciting concept with seemingly endless possibilities. Before enjoying and building this virtual realm, it is critical that we learn from our past and begin with solid privacy and cybersecurity strategies. The following piece from Ntirety CEO Emil Sayegh was originally published in Forbes, and it details security steps that Meta can take. 

 

How To Secure A Metaverse 

Many are wondering about the metaverse and speculating whether it is a hard trend or a soft trend. Questions abound — what it will look like, what will its impact on us be, and how will it interact with our daily lives. At the root of the metaverse concept, physical boundaries will cease to be a limitation of how we engage with others, engage with businesses, and how we consume information. We are opening ourselves up to exposure by novel digital means to a world that will expand without limits. 

For many, the biggest concerns about the metaverse are the aspects of privacy and cybersecurity. As we embark upon this new age of digital exploration, it is critical to structure this world of virtual engagement with secure concepts, grounded principles, and privacy based technologies. We have a lot of work ahead of us to map out the principles of how the real world interacts with this virtual future. 

Rebuilding a (Mostly) Secure World 

The web today has evolved greatly from its earliest days of uncharted freedom and dial-up bound technologies. It didn’t take long, however, before malicious actors, trolls, bots, nation-states, and permutations of digital anomalies changed the game. This landscape of threats and vulnerabilities especially matured as commerce, finance, and general businesses came to adopt web-based technologies. 

We are going to have to re-envision many things all over again, including things we don’t really think about frequently anymore. Definitions, rights, laws and regulations, and our collective perspectives will all have to be re-engaged quickly as the metaverse arrives and builds out. For example, in the metaverse, legal jurisdictions and boundaries have no practical definition yet. This is a challenge we collectively worked through on cyber and web activities two decades ago, and now we get to do it all over again. 

The Foundations of Secure Metaverse 

Very few people like overreach and overregulation by governments. To avoid having regulators come down on the web3 community like a ton of bricks, we must build security considerations into the metaverse from day one. While we must preserve the user experience within the metaverse, we need to simultaneously protect individuals and businesses while also growing usage. It’s a complex balance, and the time to get started on this is now. 

Consider the fact that the metaverse will be filled with massive troves of data, exchangeable at light speed, and much of it is highly sensitive. Some of it will involve young adults, and even children, as those will be likely early adopters. We must expect that these data will be a target of opportunistic technological and social hacks. The impact on data privacy cannot be underestimated and significant focus must be placed on the tools we have to protect privacy. 

In non-chronological order we must: 

  • Define rights in the metaverse
  • Create and enforce data accountability and data protection responsibilities
  • Create a rating mechanism for age-appropriate access and use
  • Protect against malware
  • Provide awareness of cyber threats
  • Sustain audit capabilities
  • Reinforce identity and validation standards

There is enough depth of subject there to write a book (if not several) on these topics. However, the subject of identity is the most intriguing, so let us dive in. 

Identity and Blockchain Security 

We must consider how people will be able to identify themselves in the metaverse. We must consider how individuals will come to trust and know that the person or business they are interacting with is really who they say they are. Currently, the strongest anticipated solution will rely on blockchain-based mechanisms to verify identity. 

While there are obvious opportunities associated with blockchain implementation, it is notable that vulnerabilities are a possibility. Various non-fungible token (NFT) scams have already been noted, and the decentralized nature of the blockchain brings considerable concern that criminally-gained assets such as tokens, identities and transactions will not be recoverable in absence of authoritative controls,. 

Efforts to implement biometric identification such as fingerprints or facial recognition will also be required. Whatever the ultimate composition of these solutions, they all need to be secure and reliable. 

A New World of Attacks 

Before long, metaverse attackers and bots can and will come from anywhere and they will do so around the clock. Naturally, metaverse networks will have to be secure, but we must enforce security by building continuous awareness into these networks. Along with strong passwords, multi-factor authentication, advanced firewalls, and advanced threat detection technologies, we will need to implement visibility and analysis throughout the fabric of the metaverse to detect anomalies, uncover activities, and maintain experiences for all. Data will have to be encrypted and password-protected whether it is in transit or at rest. 

We will also need to keep watch for phishing, malicious URLs, and similar types of online attacks. Some of these attacks will probably not have a definition yet because they don’t exist yet. In addition to the gallery of hacking, malware, ransomware, and phishing tricks of the trade, entirely new tactics will emerge to focus on the bleeding edge of NFTs, exchanges, and cryptocurrencies. We will need a way to report and distribute the information of how these attacks came to pass. 

Making a Better Metaverse 

What we all love about the internet is the ability to get information, make exchanges, and free speech. What we need from the internet is the assurance that it is all as secure as possible, age appropriate, and that we maintain privacy. As the metaverse arrives and evolves, it will require a balanced approach to ensure the best experience for all. The metaverse must capture holistic, principle-focused protections, including awareness, technological methods, and behavior-modeling. The metaverse is part of our collective futures, but it needs to incorporate what we have learned in the past twenty years to not make the same mistakes. The foundational cybersecurity challenges ahead of us are clear, and we must act on those right now to allow the metaverse to prosper. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.