Blog

The latest in Dark Rhino Security news

Reduce Risks Associated with Ripple20 (R20)

Reduce Risks Associated with Ripple20 (R20)

By: Tyler Smith

Ripple20, CVE-2020-11896 – CVE-2020-11914, is a group of 19 exploitable flaws discovered by researchers Moshe Kol and Shlomi Oberman. Both researchers are of an independent security research group, JSOF, in code created by a company named TreckAccording to Treck’s website, the firmspecializes in “designing, distributing and supporting real-time embedded internet protocols for worldwide technology leaders.” 

This collection of associated vulnerabilitieslikely earned its name from two key factors. Firstthe ‘20’. Simply put, the code library behind it was created roughly twenty years ago. Secondly – the ‘Ripple’ comes from the fact that it is estimated the library containing the vulnerabilities has been licensed for modification and reuse as a dynamic or linked libraryin the code that runs network and internet-connected devicesat a rate that consistently increased year over year. Both the aforementioned factors combined make the moniker apropos in the way it vividly encompasses the associated impact of the vulnerability which is massive and difficult to accurately determine.

According to Carnegie Mellon University Software Engineering Institute CERT Coordination Center’s Vulnerability Note VU#257161, released 16 June, 2020, 

Treck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse, and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. Historically-related KASAGO TCP/IP middleware from Zuken Elmic (formerly Elmic Systems) is also affected by some of these vulnerabilitiesThese vulnerabilities likely affect industrial control systems and medical devices.

Treck’s website, which has added a page called “Vulnerability Response Information”,has already created patch fixes for the vulnerabilities. They are also working with customers to help determine what devices are impacted by the issues.

The specific impact of these vulnerabilities is dependent on several factors including the build versions and runtime options used in the creation of the device in question. More specifically, many of the impacted manufacturers have presented mitigation solutions to combat Ripple20. Directives for mitigations outlined in the CERT advisory recommend users update their products with patches from Treck. Manufacturers like Schneider Electric, Rockwell, and Caterpillar have created pages that specifically address the Ripple20 vulnerabilities.

To help reduce risks associated with Ripple20 (R20):

  • Ensure R20 impacted devices are on isolated networks separate from networks used for regular business and especially ensure they are not accessible from the internet.
  • Use dedicated laptops or tablets to perform any activities on the isolated network designated for R20 impacted devices, ensure those laptops/tablets are only used for servicing devices and not general use
  • Scan all computing devices and digital media/storage, such as DVD or USB, with Anti-virus before addition to the isolated network or use or interaction with R20 impacted devices
  • Control physical access to impacted devices
  • Work with your vendors to identify systems impacted by R20 and patch them as soon as possible 
Quantum Computing Concerns and Race to the Top

Quantum Computing Concerns and Race to the Top

Written by: Giovanna Sunseri 

Concerns with Cybersecurity

The development of quantum computing goes hand in hand with the development of growing concern about the future of cybersecurity. Quantum computing is predicted to change drug discovery, the stock market, gene sequencing, and cryptography (Sham, 2019). Quantum computing is based on the binary number concept of translating the computer’s instructions into 0s or 1s but allows this to be done at the same time allowing for computations to occur at an exponentially faster rate than conventional computers are able. Cybersecurity is built on cryptography, tools, and algorithms that add security layers allowing for secure communication along with keeping the secrecy and integrity of the data being exchanged. The unknown area of quantum computing security can be a cause of concern in regard to the CIA triad. The confidentiality and integrity of information are two-thirds of what embody the fundamentals of security and can become easily compromised due to current cryptographic algorithms becoming superannuated (Stallings and Brown, 2015).  Current cryptographic algorithms are heavily built of prime factorization to create public-private key parts. The most common cryptographic algorithms are AES-256, RSA, and SHA-256. The cryptographic algorithms relying on prime factorization bring many concerns in terms of cybersecurity with respect to quantum computing which allows the prime factorization to be broken down aggressively faster than conventional computers. Additionally, secret keys can be calculated or searched considerably quicker than a conventional computer would ever have the capability to do. This presents an uncertain landscape because even the strongest cryptographic algorithms will be considered obsolete due to this innovation. This influx of cryptographic technologies could lead to widespread security leakages. The growing new territory of quantum computing causes almost a sense of fear and it is predicted, “within the next decade, these machines [quantum computers] will be available to government agencies and large companies around the world, giving them unprecedented access and power,” (Sham, 2019). 

While defense and new security tactics are relatively unknown in regard to quantum computing as the realm of cybersecurity is relatively new itself, tech companies like Google and government agencies are continuously working on new cryptographic ways to increase security against quantum computing attacks. These include lattice-based algorithms, advanced cryptography, and white hat quantum hacking (Sham, 2019).  An advantage of all of these defense methods is that they also will work with conventional computers. Lattice-based algorithms can replace the current cryptographic algorithms altogether and are more secure because they assume the worst-case hardness of certain lattice problems. Advanced cryptography is the development of new algorithms which will be harder for quantum computers to break. Additionally, white hat quantum hacking is a continuous process of tests to find and exploit the weaknesses in emerging algorithms before they are applied in the real world. 

Another unknown with quantum computing is what functions will be created after its inception. Some hypothesize that the computers will be able to work in unison with an AI to systematically evolve the current landscape of encryption. This means we would be able to develop quantum encryption, to be used to hide the actions of these computers and prevent them from accessing secure systems. Though this is largely theory-based, it does have serious plausibility, especially one a firm understanding of the process algorithms is established. 

Race to Quantum Dominance

While there is currently no cyber warfare in quantum computing, there is an arms race between who will be the first to perfect it and put it into production. The current race for dominance is between China and the United States, who ranked second and fourth respectively for the countries with the highest technological expertise (Radu, 2020). Google has been making large advances and their quantum computer completed a mathematical equation in 3 minutes and 20 seconds that a supercomputer would not be able to complete in under 10,000 years (Metz, 2019). This advancement along with the advancements being made by IBM and Microsoft are colossal progressions for the United States, however, there are obstacles due to the millions of dollars it costs to produce these machines. On the other hand, China has spent $400 million on quantum computing and has double the patents as the United States (Metz, 2019).  The winner of this race can prove a lot as it goes further than quantum computing, due to the effects quantum computing will have with artificial intelligence. China is already leading the way on 5G technologies. For any American company to win the title of the supreme quantum machine, it could allow the United States to move ahead of China as the technological leader of the world. 

Works Cited

Metz, C. (2019, October 23). Google Claims a Quantum Breakthrough That Could Change Computing. Retrieved from https://www.nytimes.com/2019/10/23/technology/quantum-computing-google.html 

Sham, S. (2019, July 12). The Impact of Quantum Computing on Cybersecurity. Retrieved from https://www.okta.com/security-blog/2019/07/the-impact-of-quantum-computing-on-cybersecurity/ 

Stallings, W., & Brown, L. (2015). Computer security: principles and practice (Third). Boston: Pearson.

How To Keep Work Efficiency Up With A Remote Workforce

How To Keep Work Efficiency Up With A Remote Workforce

 

In this time of social distancing, it is essential to have high efficiency with a remote workforce. Central to the success of a remote workforce is that employees are self-reliant. Employee enablement has been a term that has been extensively sited in much business literature. If you have to enable employees by definition it means they are not enabled and thus, may not be as self-reliant. The following are some ideas that stem from my personal experience in running an organization that has a substantial amount of its’ function performed with remote operations.

In the cybersecurity business most of the adversaries, we are entrusted by our customers to protect against, operate remotely. As evidenced by the many articles in the press, these adversaries, do it with an efficiency leading to devasting legal, financial, and reputational losses. This is asymmetric electronic warfare and it is mind-boggling to people how very large organizations with numbers of experts in IT Cybersecurity get hacked. Unfortunately, the answer would take a book and is left better for another day.

However, one central theme we can take from the hacker's guide is to have a solid tangible outcome in mind. Hackers, for the most part, want money and secondarily to operate with impunity. This outcome drives all aspects of their behavior and makes them efficient in the exploitations of vulnerabilities. Translated to all of us, all the employees must know and understand the tangible outcomes expected of them, in the short term. In military speak, it is known as the commander's intent. All members of the team know the intent and can fulfill the mission, even if some members of the team are incapacitated.

Re-organize and re-distribute job functions and responsibilities so that they form a layered redundancy for critical functions. In our firm, Dark Rhino Security, one of the key items is ensuring that all clients are made aware of any potential cybersecurity-related incident. Normally, we would have several analysts in our securities operations center (SOC) monitoring a plethora of screens. The Coronavirus epidemic has forced us to reduce the numbers of the people in the physical SOC and enable secure remote access and verification protocols.

These protocols ensure that remote employees can connect securely in a verifiable manner into the SOC and support the customer environments and supplant personnel that may become incapacitated. We are further training up our existing team members to become cross-functional and more generalized from specialized to ensure all critical functions maintain continuity. In your own companies look at establishing multi-layered cross-functional redundancy for critical operations.

Over-communicate, with social isolation, in-office communications are greatly reduced or stopped altogether. It is essential to hold small daily team meetings. This promotes a strong sense of team. A strong sense of team is essential to understanding and fulfilling the commander's intent. Also, over-communicate with your clients. Make sure they know you are continuing to accomplish for them as you work remotely. This may seem obvious, but it is often "the obvious" that gets overlooked. Leverage the technologies of virtual groups to create channels in which your customers and employees can communicate on general needs and topics in near real-time.

 If you do the above you will likely discover gaps in your customer and employee engagement processes. Gaps that may not otherwise have been noticed or addressed. Closing these gaps will make for better customer and employee experience. It will increase the efficiency of delivery and thus revenue. It provides a lasting competitive advantage long after the Coronavirus has faded into memory.

Healthcare Companies & MSSPs: Achieve Your Goals

Healthcare Companies & MSSPs: Achieve Your Goals

Healthcare organizations can utilize MSSPs like Dark Rhino Security to achieve business goals while also reducing legal, reputational and financial risk. This can be done through the prevention of ransomware, assistance with certification requirements and protection of valuable data.

About two years ago, we began working with a healthcare data analytics firm. We implemented our security solutions and part of that suite was Next-Gen Anti-Virus (NGAV) protection. Within two weeks, we received an alert from our NGAV tool; a user attempted to download a file that matched the behavior characteristics of ransomware. Within minutes, our analysts confirmed the file was blocked outright on the user’s device. Additionally, we ensured the cyber threat was quarantined from the rest of the organization and reported the incident to the CEO.

Due to our efforts, the threat was blocked. However, if we had not stepped in, the healthcare firm could have been at the mercy of cybercriminals. They may or may not have recovered from the attack. 

Healthcare companies also leverage MSSPs to fully comply with needs such as HIPAA and Hi-Trust certifications. Based on our past experience, achieving the Hi-Trust certification leads to more business and more incentives from Blue Cross and Blue Shield. I personally assisted one of our healthcare partners to utilize our security offerings and meet the necessary Hi-Trust controls. I also provided written proof of where our technologies met the necessary control. After achieving Hi-Trust, our client said the incentives they’ve received have helped shape their business drastically.

Moreover, Healthcare companies can utilize MSSPs to protect company data and client/patient information. The most interesting case I had experienced with a healthcare partner was an insider threat. One of the company’s employees was attempting to exfiltrate company data. Although in this scenario the data in question did not include any patient information, any attempt made to leak company secrets poses a huge risk to a company’s reputation. Luckily, with our data loss tool, I was able to see the exact data being exfiltrated. I was also able to see the exact USB drive that was conducting the data extraction. We worked with the company’s legal representatives and HR department to send the necessary documentation to the user and recover the designated corporate files. We also informed the user that if this company’s intellectual property ever showed up at a future employer in a product offering, a cease and desist would be sent to the user and to the new employer. After the whole fiasco, we conducted a full recovery of all the extracted files and the user never posed as a threat to the healthcare firm at their future employer. 

Overall, more and more small to medium-sized healthcare firms are becoming larger targets for cybercriminals. Therefore, the need for cybersecurity continues to grow. This dilemma gives healthcare companies two options, they can either invest $250,000 - $500,000 in cybersecurity professionals and security software or utilize an MSSP to serve as a cost-effective means to achieve a solid cybersecurity posture. If you’re interested in reducing company risk and optimizing your business, feel free to email me back at This email address is being protected from spambots. You need JavaScript enabled to view it.

Cyber Basics: Training the End-User

Cyber Basics: Training the End-User

 

Imagine you invest millions in cybersecurity technology. Then, an untrained employee clicks on a link in an email. He just rained on your cyber parade and completely negated every measure you implemented. This scenario would be awful. However, it is not uncommon.

The most vulnerable part of any organization is its end-user.  “Knowing is half the battle,” says Nathan Horne, a senior security engineer.” If you properly train your users, a decent portion of your concern goes away.

Typically phishing or malware occurs because an employee opens an email or goes on a website a CIS admin didn’t block. Unfortunately, you cannot stop the employee from checking their emails or surfing the web on their time off. There is no 100 percent block.

“You can’t protect people from themselves,” Horne says. “Honestly what a good portion of these appliances do is attempt to protect the end-user from themselves, but there is no such thing; You need to train,” he continues.

Start strategically training and watch the incidents drop. People that have the ability to control or direct funds are the most targeted. Therefore, they should be at the top of the training priority list.

Training comes in several forms; To start you can add cybersecurity to yearly corporate compliance training. Tyler Smith, a senior software engineer, recommends educating users that violate company policy.

For example, Smith was previously the head of a DLP program for an enterprise and he would see 200-300 hits on violation of policy. His co-workers suggested staying quiet because the violators were very important and busy people. Smith did the opposite and within 90 days that number dropped by two thirds.

Smith says most of the people violating the company policies were doing so because of broken business practices.

“People want to do the right thing. They just need to know what that is,” Smith says.

The Rundown on Ransomware

The Rundown on Ransomware

 

Tyler Smith, a senior security engineer, was on his way to Kentucky when he received an urgent phone call – one of his clients suffered from a ransomware attack. The backup files. The network storage files. Everything was encrypted. The client was backed into a corner and had to pay the ransom.

Less than two weeks later, the same client was hit again. The attackers humorously offered them a discount because it was their second attack. Luckily, Smith and his team were able to find the key in the code to decrypt all the files. His client would not have to pay the ransom fee again. It took such a horrific set of incidents to get the client to finally take cybersecurity much more seriously.

This occurred in the early 2010s. Since then, ransomware attacks have only become more sophisticated.

Essentially, a ransomware attack happens when a team member clicks on a bad link and their machine becomes compromised. The virus jumps from machine to machine and encrypts the team’s files. Typically, a sum of money is demanded in exchange for the return of the files.

“Paying the ransom is never recommended,” Tyler says. It does not guarantee that it will solve your problem. For example, there could be bugs in the malware, causing the data to be unrecoverable. 

However, there are certain scenarios in which there is no choice but to pay the ransom. For example, companies working in areas such as health care cannot afford to have the patient data lost or compromised. When vital information or millions of dollars are at stake, paying the ransom feels as if it is the only way out.

The best defense is to train the end-users in an organization. 

“Human beings are notorious for overcoming all security efforts because they don’t understand the why behind the security measures,” Tyler says.

You can also detect these attacks by ensuring that next-generation end-point detections and response software is deployed on all the endpoints of users in your cyber environment; You should segment the networks and limit the connects between the segments in a way that makes sense for your business.

With ransomware it does not matter what line of business you are in. Ransomware is not going away. Rather it is advancing quite rapidly. Companies are even built upon customizing attacks for clients.

News

Subscribe to Our Newsletter

Image
Image

Address (United States)

5695 Avery Road
Dublin, OH 43016

Address (United Kingdom)

31 Sapphire Rd
Bishop's Cleeve
Cheltenham
Glos GL52 7YT

Talk to us

+1 (614)-401-3025

Support