More
GET STARTED

Unspoken Battle: The Cybersecurity Imperative For Protecting Executives

In our digital era, the seamless flow of information is a double-edged sword. As businesses shift more of their operations to the cloud, a worrisome pattern has taken shape: cyberattacks meticulously designed to target senior executives. These individuals, who effectively hold the “keys to the kingdom,” are increasingly vulnerable. Recent reports reveal how cybercriminals breached executive Azure accounts, exploiting weaknesses in Multi-Factor Authentication (MFA) mechanisms. This alarming trend underscores the critical need for enhanced cybersecurity measures, including at the highest levels of leadership. This issue demands the attention of board members as well, emphasizing the collective responsibility to safeguard the organization’s digital fortress.

The Prime Targets: Why Executives?

The stakes are particularly high for executives, whose positions amplify the potential fallout from security breaches. This is because executives have access to a variety of sensitive information, including:

  • Corporate secrets
  • Pricing strategies
  • Competitive data
  • Financial reports
  • Administrative controls
  • Critical, irreplaceable company data

Their privileged access makes them attractive targets for cybercriminals looking to exploit valuable data and corporate networks. This access not only positions them as custodians of the organization’s most sensitive information, but also as prime targets for cybercriminals aiming to leverage data against the corporate network.

The threat goes beyond data access, extending to the inherent authority that executives command. Their directives are often executed without question, especially by those new to the organization or in entry-level positions, which magnifies the potential impact of compromised executive accounts. This blend of access and authority underscores why protecting executives from cyber threats is paramount.

Personalized Attacks: From Spoofing to Spear Phishing

The digital footprints of executives, readily available through public records and social media, can be weaponized in sophisticated social engineering campaigns. Consider the deceptive simplicity of “Fake Boss” email scams, where criminals, impersonating CEOs, dupe new employees into purchasing gift cards. These scams have siphoned billions of dollars, and the Anti-Phishing Working Group reports over 241,324 unique phishing attacks globally that cost businesses approximately $1.8 billion annually.

The advent of Artificial Intelligence (AI) has also raised the stakes, making it even more challenging to distinguish between legitimate communications and impersonations crafted by cybercriminals. There is often a notable gap in cybersecurity training among executives compared to their IT department counterparts, making them even more vulnerable to these sophisticated attacks.

The Perils of Compromised Executive Accounts

The recent breach of executives Azure accounts due to vulnerabilities in Multi-Factor Authentication (MFA) showcases the sophisticated strategies employed by cybercriminals. These incidents not only reveal the startling simplicity with which attackers can gain unauthorized access, but also underscore the formidable challenges in reclaiming control over compromised accounts. The ramifications of such breaches can be profound, and lead to significant operational disruptions, financial devastation, and, in some cases, push companies to the brink of insolvency—a dire outcome for both the businesses and their stakeholders.

One striking illustration of this is the bankruptcy of Petersen Health Care, one of the largest nursing home operators in the U.S., in the aftermath of cyberattacks in October 2023. The company suffered the loss of crucial business records, creating substantial hurdles in their billing processes and interactions with customers and insurers. This event illustrates the profound impact and long-term consequences of cyberattacks on corporate operations and financial health.

Cultivating a Security Culture: The Keystone of Defense

A robust security culture led – and participated in – by executives is fundamental to effective cybersecurity. This involves:

  • Fostering an environment where cyber threats are well understood and proactively managed by experts
  • Regular cybersecurity training within all levels of the organization
  • Adoption and funding of advanced security measures that protect company assets

The escalation of executive-targeted cyber threats is a clarion call for urgent, comprehensive cybersecurity measures. Organizations must prioritize rigorous training and sophisticated defenses and cultivate a strong culture of security awareness. By taking proactive steps to safeguard their leaders and assets, businesses can navigate the complexities of the digital age with confidence.

If you would like to learn how to attain proactive cybersecurity, send us a consultation request.

 

This article was originally published in Forbes.

Beyond Fiction: ‘Leave The World Behind’ And The Urgent Call For Cybersecurity Vigilance

In late 2023, a fascinating film titled ‘Leave the World Behind’ emerged on Netflix, creating considerable buzz with its cybersecurity-related themes. The film boasts major stars such as Julia Roberts, Mahershala Ali, and Kevin Bacon. Former U.S. President Barack Obama and First Lady Michelle Obama served as executive producers of the film, which was based upon a novel Obama included on his 2021 summer reading list.

Mainstream films often reflect our society and the issues we face, a topic I’ve explored with a past post on cyber movie favorites. One of the standout aspects of this latest film is its technology-themed transitions from paranoia and Big Brother scenarios to cyber fantasy and cyberattack plotlines. Paranoia, uncertainty, and isolation form the core of this movie, but it all begins with a debilitating, existential cyberattack on the US. In today’s cyber age where we frequently hear about cyber failures and incidents, this fictional attack represents a total impact event that exposes interdependent fragilities that may not have a foundation in reality.

A “What If?” Scenario

Those expecting precise depictions of cybersecurity events may find themselves underwhelmed by the film’s superficial treatment of technical details, and enthusiasts eager for even a rudimentary understanding of the technology involved might feel the film falls short. It’s important to recognize, though, that the general populace, often the victims of significant cyber incidents, typically do not delve into the complexities behind these attacks.

The movie prompts us to consider a range of ‘what if’ and ‘is that realistic?’ questions. A theme previously broached is the potential for a cyberattack to escalate into an actual kinetic conflict. The narrative explores this scenario, depicting a multinational cyber onslaught against the US, a nod to the nation’s intricate and sometimes contentious international engagements. While state-sponsored cyber activities aimed at financial gain, leverage, and strategic advantage are rampant, full-scale existential digital attacks as the film suggests are simply overstated. The global interdependence of economies, investment flows, supply chains, and the looming threat of significant US retaliation make such an all-out digital assault less likely.

Stirring the Pot of Paranoia

The film utilizes paranoia as a crucial element of its emotional allure, underscoring the critical importance of security across all aspects of our lives, from essential utilities to the digital realms we frequent. Echoing the insights from the Colonial Pipeline attack, it highlights how the infrastructure of power stations and water facilities is meticulously designed to deter unauthorized access, along with the rigorous protocols in place at core facilities aimed at thwarting actions that could have a profound impact on society.

‘Leave the World Behind’ serves as a broad appeal, what if scenario that reignites our collective memory of the nuclear age’s fascination with potential apocalyptic events. This movie sidesteps logistical and technical specifics, diving straight into societal fears and reflections on technology. While it may not be a landmark cybersecurity film, it provides a decent measure of entertainment through painting a picture of a hypothetical disaster. In reality security is multifaceted, covering everything from human factors and identity protection to redundancy strategies and political measures. Comprehensive security was a missing factor from this film, and for good reason; without it, it was possible to build the unimaginable scenario depicted.

A Poignant Reminder for Comprehensive Security

‘Leave the World Behind’ not only serves as a thrilling exploration of societal collapse in the face of a catastrophic cyberattack, but also a poignant reminder of the vulnerabilities that pervade our interconnected digital world. While the film delves into the realm of the speculative and pushes the boundaries of what might be technically plausible, it inadvertently underscores the critical necessity for robust, comprehensive cybersecurity measures. The scenarios depicted, though dramatized, highlight the potential consequences of neglecting cybersecurity and in doing so make a compelling case for the importance of concerted efforts to strengthen our defenses against cyber threats. Although an attack of the magnitude portrayed in the movie is unlikely, the underlying message is clear: the need for vigilance, innovation, and collaboration in cybersecurity is more pressing than ever to safeguard our society.

This article was originally published in Forbes, please follow me on LinkedIn.

The Imperative Of Patching: A Resolution For Cybersecurity In 2024

Recent cybersecurity events, highlighted by a major breach at ICBC bank, have cast a glaring spotlight on the importance of patching as a vital component of cybersecurity. This recent incident, involving a malicious exploit known as Citrix Bleed through an unpatched Citrix server, underscores the urgency for organizations to reimagine patching. As we step into 2024, let patching be one of our key resolutions, and move from a routine IT task to a strategic, proactive security service.

Unseen Vulnerabilities in Unpatched Systems

Unpatched systems have become the Achilles’ heel of organizations, offering gateways for destructive cyberattacks. Even the smallest unpatched flaw can be exploited and pose significant risks. The ICBC ransomware attack illustrates the devastating ripple effect of such oversights, underscoring the need for vigilance in patch management.

Patching as a Proactive Security Service

Breaking the cycle of reactive cybersecurity practices starts with redefining patching as a proactive security service. Consistent and timely patch application is crucial in reducing an organization’s vulnerability, and proactive patching should be part of any comprehensive cybersecurity strategy. As we embrace 2024, it’s vital to adopt this proactive mindset and take initiative to secure digital assets.

The ICBC incident is a stark reminder of the need to elevate patching within cybersecurity strategies. As we make our resolutions for the new year, let’s view patching as not just fixing vulnerabilities, but as a proactive measure to change the cybersecurity game. Diligent patching, as part of a comprehensive strategy, transforms operations from reactive scrambles to calculated, anticipatory defense mechanisms.

The Human Element

Addressing the human element in cybersecurity is imperative for success. A lack of awareness or urgency often leads to delayed patching, and organizations must bridge this gap. Employee education, automated patch management systems, and a culture that values security are all ways to empower teams to prioritize patching.

Patching should be a collaborative effort between organizations and software vendors and involve transparent communication about vulnerabilities. In 2024, consider partnering with a managed services provider that specializes in both patching and overall security. Such partnerships provide a single point of accountability and enhance an organization’s ability to manage cyber threats effectively.

Elevating Patching to Cybersecurity Strategy

As we enter 2024, the imperative of patching in cybersecurity is clear. In an era where digital threats are constantly evolving, patching is not a choice but a necessity. The new year calls for a reevaluation of how businesses perceive and prioritize patching, in order to transform it from a reactive response to a proactive measure. Let’s rise to this challenge and secure our digital futures by resolving to make patching a central part of our security strategies this year.

This article was originally published in Forbes, please follow me on LinkedIn.

Under Siege: Cybersecurity Failures Sound the Alarm

The public has been aware of cyber incidents for a long time, but recent high-profile cybersecurity breaches have ignited fresh concerns and garnered elevated attention. These incidents underscore the persistent threats that exist to businesses across industries, hospitals, and even the cryptocurrency market. What valuable lessons can we extract or re-emphasize from these events as we close out Cybersecurity Awareness Month?

Money Alone Can’t Buy You Security: MGM Resorts

The most conspicuous incident in recent memory was the substantial cyberattack on MGM Resorts, a global leader in hospitality and entertainment. MGM boasts generous IT and security budgets, essential for maintaining their seamless gambling operation around the clock. However, despite substantial investments in IT resources and attention to cybersecurity, this attack forced the company to take the drastic step of shutting down its highly sophisticated IT systems completely. While the precise nature of the attack’s origins will become clearer over time, the immediate impact was disruption of the company’s operations — and the raising of critical questions about customer data security. Financial implications of the attack are beginning to appear, as well.

The MGM incident highlights the paramount importance of cybersecurity in the hospitality industry, where customer trust and data protection are non-negotiable. An attack can ripple across multiple operational facets, including financial operations, physical security, planning and client services. It serves as a stark reminder that no organization, regardless of its size or reputation, is immune to cyber threats. To safeguard their operations and customer data, companies must make continuous investments in cybersecurity measures and build robust incident response plans.

Target on Crypto Funds: North Korean Hackers

In a daring cyber heist, North Korean hackers reportedly siphoned off $41 million in cryptocurrency to finance their ongoing cyber activities. Their target was a cryptocurrency exchange, where they exploited vulnerabilities in the security infrastructure to pilfer the digital assets. While criminal activity has long plagued crypto operations, financial threats have also become a persistent concern.

This incident involving North Korea underscores the audacious and relentless nature of cybercriminals. Cryptocurrency exchanges are particularly attractive targets due to the potential for substantial financial gains. To shield against such attacks, exchanges must prioritize security, conduct regular audits, and educate users about best practices for securing and accessing their digital assets.

Healthcare Sector Vulnerabilities: Prospect Medical Cyberattack

This year has witnessed a surge in healthcare cyberattacks, an unsettling reality confirmed by emerging reports. These attacks are especially dangerous, as they can jeopardize sensitive patient data and essential medical services. In a recent attack, Prospect Medical, a healthcare management company in California and Pennsylvania, fell victim to a cyberattack that disrupted its operations. Beyond these operational hindrances, Prospect Medical encountered billing issues with Medicaid and is grappling with an extensive recovery process. Reports also suggest the financial toll and implications of the breach could affect a planned sale of various hospitals, extending the impact to future business operations.

This incident underscores the life-threatening consequences of cyberattacks targeted toward healthcare organizations. They can disrupt patient care, compromise sensitive medical records and even impact the organization’s future business plans. The lesson here is clear: robust cybersecurity measures, regular staff training and investments in technology that guard against threats are imperative.

Key Takeaways

These recent cyber incidents offer several vital takeaways that can be applied more broadly:

  • No Entity is Immune: Cyber threats can impact any organization, from global corporations to local hospitals. Acknowledging this reality is the first step in developing a proactive cybersecurity strategy.
  • Invest in Cybersecurity: Investing in cybersecurity infrastructure, regular updates and employee training is not an option; it’s a necessity in today’s digital landscape.
  • Rethink and Reset on Cyber: Major incidents provide an opportunity to reevaluate cybersecurity programs and strategies from top to bottom, and to extract insight from tough lessons learned.
  • Comprehensive Security is a Must: Whether through outsourcing, partnerships or in-house measures, comprehensive security, 24/7 monitoring, early detection, incident response and actionable insights are non-negotiable.
  • Ransomware Preparedness: Robust backup and recovery solutions are essential to minimize disruption and data loss in the face of ongoing ransomware attacks.
  • Investing Wisely in Cybersecurity: While financial resources are essential, effective cybersecurity goes beyond budget size; it requires a holistic approach to protection and readiness.

Cybersecurity: A Continuous Imperative for Safeguarding the Digital Future

The recent cyberattacks on MGM Resorts, cryptocurrency exchanges and healthcare organizations serve as stark reminders that the cybersecurity landscape is continually evolving with high stakes. In the spirit of Cybersecurity Awareness Month, let’s remember that readiness is not a choice. Organizations must take proactive measures to protect their digital assets and customer data. Safeguarding the digital future is a collective responsibility that demands continuous improvement, collective action and the latest tactics and technologies to address evolving risks.

This article was originally published in Forbes, please follow me on LinkedIn.

HTTP and the Rapid Reset Vulnerability

The History of HTTP (HTTP/0.9)

The bedrock for data communication on the World Wide Web, a term that’s still valid yet rarely used today, is HTTP (Hypertext Transfer Protocol). HTTP is an Application Layer (OSI layer 7) protocol in the internet protocol suite. First released in 1991, the original version, HTTP, is now referred to as HTTP/0.9.  

Although crude by today’s standards, HTTP was effective enough to launch what would become a revolution in human communication. HTTP/0.9 was written as a plain document under 700 words and had one simple job, or in World Wide Web vernacular, one method: GET. Simply stated, the protocol could only request an HTML document:

GET /htmlpage.html 

General responses were extremely simple as well:

<html> 

 An old and simple html page. 

</html> 

It’s interesting to note that in these GET parameters, there is no indication of a server IP address or protocol port. In 1991, this information was simply not needed once connected to the server; there were no headers to convey session metadata and there were no status codes or error codes.  

HTTP Today: The HTTP/2 Flaw 

Fast forward to today, four iterations later, where the standard is now HTTP/2. HTTP/2 was released in 2015 and offers major advancements, making it more efficient and responsive to the demands of today’s web. While it’s a notable improvement over previous versions, as with many things, along with the good comes some bad. HTTP/2 has a flaw which provides malicious actors a simple method to create a Distributed Denial-of-Service (DDoS) attack against any web server, in an attempt to render network resources unavailable and disrupt operations.  

DDoS attacks against web servers are certainly not new, however a recent DDoS attack method, known as “HTTP/2 Rapid Reset,” leverages a flaw in the implementation of the protocol. For official information on this flaw see CISA’s alert on CVE-2023-44487. 

The flaw is nestled in the added ability for HTTP/2 to multiplex, which is a major advancement over HTTP/1.1. With multiplexing, HTTP/2 can initial multiple requests in parallel over a single TCP connection. The result means webpages containing several elements are now delivered over one TCP connection. It’s important to note that this flaw, by itself, does not lead to server or data compromise. It could, however, be used to divert attention while threat actors attack other areas in the target networks.  

In Figure 1 below, the HTTP/1.1 attack shows the serial nature of the previous protocol version and the limitation it causes in being able to rapidly establish Requests and Responses. The HTTP/2 attack shows how the multiplexing feature of HTTP/2 allows for a parallel attack, consuming more resources on the web server as it works to produce Responses more quickly. Finally, the HTTP/2 Rapid Reset attack demonstrates how the pervious parallel attack can be amplified by continuously sending the web server a Request followed by a Reset, which allows for an infinite number of Requests to be in flight. Here the webserver will have to do significant amounts of work creating and canceling requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource, eventually consuming available server or network resources, whichever occurs first.   

Rapid reset vulnerability.

Figure 1 – Image Source: thehackernews.com 

With some simple Python code utilizing the hyper library, a threat actor can use multiple threads and repeatedly sends a series of HTTP/2 requests with headers and RST_STREAM frames to generate a high volume of traffic. How simple might this be? We’ll first create a ‘send_requests’ function that might look something like this:  

def send_requests(): 

    conn = hyper.http20.h2.H2Connection() 

    conn.initiate_connection() 

    conn.connect(target_host, target_port) 

 

    for _ in range(num_requests): 

        headers = [ 

            (‘:method’, ‘GET’), 

            (‘:scheme’, ‘https’), 

            (‘:authority’, target_host), 

            (‘:path’, ‘/path/to/ resource’), 

        ] 

 

        conn.send_headers(1, headers) 

        conn.send_rst_stream(1, hyper.http20.errors.ErrorCodes.CANCEL) 

From here, we only need to initiate the request in multiple threads to amplify the effect: 

threads = [] 

for _ in range(10):   

    t = threading.Thread(target=send_h2_requests) 

    threads.append(t) 

So, with under 20 lines of code, it’s possible to create something that can be used as a base to create a DDoS attack against a web server. *Please note that the code in the example above is not complete and cannot, and certainly should not, be used or referenced to perform any type of DDoS attack. 

Mitigating Risks

While this flaw is known, vendors have been working to mitigate the risk. Organizations should also, as a rule, take proactive steps to mitigate risk and reduce the effects of DDoS attacks in general. This means organizations should have controls in place, including: 

  • Consistent application of patches to web servers/proxies 
  • Restricted internet access to web applications where possible 
  • Use of a Web Application Firewall (WAF) with rate limiting rules and geographic restrictions 

Organizations can also consider migrating to a hardened Platform as a Service (PaaS) provider like Microsoft Azure App Service, a managed service with built-in infrastructure maintenance, security patching, and scaling.  

Resource availability is critical in IT Security. Applications and data that are not readily available to authorized users can have a cascading effect on organizations, resulting in loss of productivity, loss of revenue, and loss of reputation. A DDoS attack like the threat described above can impact this availability. Organizations should – must – have a comprehensive security posture which allows them to protect their assets while actively monitoring and responding to alerts and incidents. If you want to create a comprehensive security program or bolster an existing program, the experts at Ntirety can help. Get started today by visiting us at ntirety.com.

CFO Focus on Cybersecurity: Why NIST Cybersecurity Frameworks Matter

From the moment any data system comes online, it is at risk of breach. Modern workloads and data reside, change, and grow in a medium of capabilities and simultaneous risk. In the wild, more than a million cyberattacks occur on the web on average each day. The odds of avoiding becoming a target are simply not very good. The need for continual cybersecurity measures is extremely prevalent, and there is a call for programs that feature heightened vigilance and performance in the face of modern threats.

Threats to Financial Teams

Financial teams are in an especially exposed position. Their data is a high-value target treading in a mass of computing largesse, and any leak could pose an existential threat to their careers, not to mention the company itself. The implications of just one successful attack could cost millions, and thus CFOs have grown to be shared custodians of cybersecurity initiatives. CFO executives have started to focus on cybersecurity solutions with more emphasis than ever before, and to explore the depths of current cybersecurity threat conditions. What this exploration has revealed is that the familiar benefits of frameworks can be applied towards solutions.

The Familiarity of Frameworks

Framework systems build on basic concepts and controls, and work as scaffolding systems that guide efforts through reporting, analysis, and workflows. Financial professionals are familiar with frameworks, as the framework is the core of financial operations. Without it, a business would lose control over finances and ultimately fail to succeed.  

Over the years, as threat and risk conditions have escalated, the setting for advanced cybersecurity measures has moved out of the server room (and the hands of information technology teams) and to the executive table. Championed by the CFO and other executives, this change demands direct access to the board and the budget planning process. Cybersecurity investments are critical and significant, and along with those characterizations the familiar standards of frameworks have proven to provide valuable measurement of risks, controls, and performance.

The NIST Standard 

One of the most accepted cybersecurity frameworks is the NIST standard known as the “NIST Cybersecurity Framework.” The NIST Cybersecurity Framework covers five key functions:

  • Identify
  • Protect
  • Detect
  • Respond 
  • Recover

Organizations are leveraging this framework as an anchor to build an approach that is repeatable, flexible, prioritized, cost-effective, and based on performance. In other words, the NIST framework checks all the boxes as it offers guidance and assistance toward the management of cybersecurity risks. Prevention, ruling measures, and the ability to recover in the event of an attack are all rolled into the framework.  

The NIST framework has gained merit with C-suites, boards, and CFOs, and it’s important to recognize its value in the cybersecurity conversation – and in providing a high-level overview of the business and its protections. Digging deeper, specific NIST publications (SP 800-171 and SP 800-53, as examples) offer more than 100 controls and measures and provide a roadmap to a better secured, lower risk future. These serve as the vehicle of justification for cybersecurity initiatives, creating greater success in the mission and for the business. 

Cybersecurity as Business Imperative 

Once relegated to information technology teams, cybersecurity has taken on an appropriate scope of enterprise-wide focus. Financial executives have stepped up to the risks and challenges of an age where traditional security mindsets cannot meet the standards of acceptance. Due to its existential nature and massive financial implications, cybersecurity has become the most significant risk to the business. Security frameworks have created a consumable channel at the executive table, providing valuable guidance towards better security practices and technologies.  

With any framework in place, the business begins to gain insight into and confidence in its measures. This applies in both financial matters and cybersecurity. With cybersecurity frameworks, organizations can leverage the virtual blueprints that emerge to create effective actions that feed directly into their cybersecurity infrastructure. These frameworks can take their place in technology decisions, as planning plus action equals results and improvements. Cybersecurity frameworks such as NIST help organizations assess and build actionable plans and determine exposure to risks.  

Cybersecurity guidance that is derived from a framework approach offers the most value when tactical points are matched up to actions. Organizations can pragmatically build out on a custom cyber-resilience strategy that aligns with the extremely individual context of an organization’s assumption of risks.  

How Ntirety Can Help 

Ntirety Compliance Services provide a comprehensive and reliable solution for ensuring your business remains compliant with industry regulations and NIST standards. Our team of experienced compliance experts will work closely with you to assess your current compliance posture, identify any potential gaps, and develop a customized plan to help your organization achieve and maintain compliance. With Ntirety services, you can feel confident your business is meeting all the necessary requirements and avoid costly penalties or other negative consequences. By choosing Ntirety Compliance Services, you can focus on running your business while we take care of the complicated compliance issues.

Ready to get started?

Get in touch with our experts today.

CONTACT US Request an Assessment