Roger Halbheer on Security
We have seen ransomware and other vectors for the bad guys to make money. Additionally, the criminals are trying to make money from stolen data, wherever they can. That’s the latest one: Cosmetic surgery hacked. Nude photos and data exposed on the dark web, as hackers blackmail patients Nasty if you are one of them……
The 2017 Data Breach Investigations Report by Verizon was just recently published and it contains a few interesting data points: 75% of the breaches were conducted by outsiders. So, the outsider threat is by far bigger than the insider. However, if you would assume breach, you kind of kill both attacks with one approach 51%…
As you might know, I am deeply convinced that better threat intelligence allows us to take better security decisions – and I am not the only one making this statement. I am trying to get my head around threat intelligence since a while now and realized that depending on with whom I talk, they have…
A few years ago, we saw a clear difference between state actors and criminals looking at the technologies and procedures they applied attacking an environment. Over time we have seen these two groups coming closer together. In the meantime, criminals seem to have caught up. They started to use more sophisticated and targeted malware and…
We always talk about it, right? Security is a top management responsibility but who is really taking this responsibility? Typically the CSO gets under pressure, once incidents happen. Well, Marissa Mayer – the CEO of Yahoo – does, now: Yahoo CEO Loses Bonus Over Security Lapses And with GDPR just around the corner with fines…
I made this statement often: To me a good and sound threat intelligence, which is linking to the business will be absolutely key in the future. Therefore we entered into agreement to acquire iDefense – so read on. A study we published last autumn made it clear: We are investing more and more money in…
Most of us most probably think that people committing Cyber Crime make a lot of money. The contrary seems to be the case. Looking at Report: Most cybercriminals earn $1,000 to $3,000 a month it seems that the income is fairly minimal. There is one statement in there, which I would challenge: In many ways,…
First of all I have to apologize: I had quite some technical issues with my blog and therefore had some time between now and the last post…. Today I would like to tap your brains: It is close to Christmas and therefore a typical time to hand your wish list to Santa (in our case…
Nobody actually would argue with the challenge regarding IoT and security. There are plenty of examples out there proving how easy it is to compromise devices connected to the Internet, especially as security is really not at the forefront of companies developing these devices. We often talk about the impact this development could have when…
One of the key challenges on the Internet is that law enforcement does hardly work on the Internet. This has different reasons: The legal frameworks – if they exist – are hardly aligned internationally but the criminals are. Law enforcement, even though they made great progress still has a hard time to work across the…
Since quite some years, governments are building Cyber forces – either within the military or within national intelligence. This is a normal trend and was expected even back then. When I met these governments, I typically asked them how they see the risks that the people they train actually leave the government (or get fired)…
I mean, we all knwo that security in the context of the Internet of Things is a challenge but would you have thought of a light bull being your attack vector?
I would not….
Osram ‘Smart Light’ Bugs Could Allow Corporate Wi-Fi Access
Roger
Basically the whole discussion about Hillary Clinton’s private mail server and whether it was accurately protected or not has nothing to do with the Internet of Things, right? Almost. Based on this article Did the Clinton Email Server Have an Internet-Based Printer? it seems that a printer accessible through the Internet was attached to the…
That I think that your supply chain will become one of your key risks is not new. Typically, however, I raise it in the context of a bad guy being able to inject into the supply chain – say the products you buy – and therefore you already install the attack kit. I just read…
This is an interesting question about human behavior. Today, most online fraud is refunded by the banks. So rarely, users (victims) have to pay for their behavior. Up to a given point, this makes sense as you do not want to have too many people visiting your physical branches – it is less expensive covering…
Remember the prediction we have seen in a lot of “what security brings us in 2016” that we will see failure of critical infrastructure due to security incidents. Well, it seems that news just waited for the year to turn 2016 to appear (not exactly, the US news appeared late December): The US Power grid…
No, they are still not coming from me but this article is actually really interesting: Top 15 security predictions for 2016. A few of them are remarkable: At your criminal service (Kaspersky/Seculert) The profitability of cyber-attacks means sophisticated criminal gangs with modern organizational models and tools will replace common cyber criminals as the primary threat.…
A lot of articles are looking into the Morgan Stanley breach case, which is definitely an interesting story all by itself. An employee illegally accesses information and stores it on his home server. Obviously not a very smart thing to do but initially it rested there. It would be interesting to understand what he planned to…
This seems to be hot at the moment. In Thoughts on Responsible Disclosure and Wasenaar I gave some ideas, what I would expect from a vendor in how they will handle security vulnerabilities in their products. Now, I read HackerOne launches free Vulnerability Coordination Maturity Model tool which is very interesting from my point of…
One thing I was always worried about when we talked about biometry: What do you do if the database which stores your credentials gets compromised? Well, it happened: Stolen OPM Fingerprints: What’s the Risk? I am not aware of any successful and active attack so far as I guess nobody tried to replay the…
