Hello and welcome to TechSimplify, today we are going to look at one of the most important aspect in IT industry, it doesn’t matter which domain or technology you work in, you have to deal with security and as we are moving towards more digital world, well terminologies like Cyber-Security will come up a lot. I’m sure you all guys working as IT professional must have found yourself in long hours meeting dealing security with the product or service you provide. The major reason for this is that security is never given enough time or effort or the actually work done on security is when the product or service is completed or is at near completion stage. Well to be honest introducing security at that time is very difficult.
The other reason why we always find yourself in security loophole is because there might be separate teams for developing the product and another team responsible for security of the product. So the gap between these 2 teams along with incomplete or even inaccurate information been hand over to security team can be a big vulnerability in the product itself. Well the above reason is what I’ve seen and had to deal with personally, there may be a lot more reason some can be preventive, others might not be prevented. The goal of this blog post is to dive into security vulnerabilities that can be prevented in order to reduce the chances of someone breaking into the application or system. Always remember “The only system that is truly secure is the one which is not connected to any network at all and can be accessed to limited individual (ideally one) only.” Security is never absolute. The goal should be implement multiple layers of security.
Worst security breaches in 2017
Cyber criminals penetrated Equifax, one of the largest credit bureaus, in July and stole the personal data of 145 million people. It was considered among the worst breaches of all time because of the amount of sensitive information exposed, including Social Security numbers. The company only revealed the hack two months later. It could have an impact for years because the stolen data could be used for identity theft. The Equifax breach raised concerns over the amount of information data brokers collect on consumers, which can range from public records to mailing addresses, birth dates and other personal details. Former Equifax CEO Richard Smith, who stepped down after the breach was revealed, testified to Congress and blamed the security failure on one person who had since been fired. The public still doesn’t know who is responsible for the hack.
WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May 2017. After infecting a Windows computers, it encrypts files on the PC’s hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them. The WannaCry ransomware consists of multiple components. It arrives at the infected computer in the form of a dropper, a self-contained program that extracts the other application components embedded within itself. Those components include:
– An application that encrypts and decrypts data.
– Files containing encryption keys.
– A copy of Tor.
The program code is not obfuscated and was relatively easy for security pros to analyze. Once launched, WannaCry tries to access a hard-coded URL (the so-called kill switch); if it can’t, it proceeds to search for and encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s and MKVs, leaving them inaccessible to the user. It then displays a ransom notice, demanding $300 in Bitcoin to decrypt the files.
Ironically, the patch needed to prevent WannaCry infections was actually available before the attack began: Microsoft Security Bulletin MS17-010, released on March 14, 2017, updated the Windows implementation of the SMB protocol to prevent infection via EternalBlue. However, despite the fact that Microsoft had flagged the patch as critical, many systems were still unpatched as of May of 2017 when WannaCry began its rapid spread.
Another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised. Once the ransomware infected a machine, it scanned the network for shared folders with common names and attempted to steal user credentials to get on other computers. The ransomware, which hit in October, mostly affected Russia, but experts saw infections in Ukraine, Turkey and Germany. It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don’t belong to the software company.
While all of you (well at least most of you) guys still getting over partying for new year 2018, 2 CPU vulnerabilities surfaced in IT world — CPU Meltdown and Spectre. International researchers have discovered two severe vulnerabilities in the design of many recent CPUs. The vulnerabilities exist in CPUs from most major vendors, including Intel and AMD, and have been lingering there for over a decade. Microsoft has released an update which is also compatible with G DATA solutions. Researcher Anders Fogh of G DATA Advanced Analytics laid the groundwork for the discovery of the CPU vulnerabilities which became known as “Meltdown” and “Spectre”. By abusing a CPU design concept called speculative execution, malicious software can access privileged on the affected machine.
The concept was originally designed to improve performance trying to load certain information before it is actually requested by a process. In a worst-case scenario, this would enable attackers to steal passwords and other sensitive data. While Spectre and Meltdown certainly harbor some risks for home users, the flaws are especially dangerous for operators of cloud services, who rely on servers that use susceptible hardware. The risk here is in the veritably large attack surface this offers and which potentially affects millions of customers and their data. For example, a malicious individual might purchase a regular subscription for a cloud service and use that legal access to the servers to steal data from other paying customers. Microsoft and Apple rushed to update their operating systems, with other platforms such as Linux and Android following suit.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
So what can you do as an individual to overcome all these vulnerabilities? The answer is quite simple actually, whether you are a part of a Large Organization or working in a Startup, You all can simply implement one or more solutions mentioned below as per your requirements –
Yes, ensure awareness. As simply or stupid it may sound, but lack of awareness can lead to breach in Cyber-Security. Awareness reduces the biggest threat to Security — Humans. Believe it or not, Humans are the weak links in security, hence as an individual or a small or even big organization need to make sure the importance of security especially Cyber-Security and if possible enroll them in Cyber-Security basics training which will help them understand the risks and possible breaches that can do lot of damage to the organization.
- Backup & Encryption
Compartmentalize Access of users to your data. No single user should have access to all the data. Access should be given based only on requirement. Do not give access to resources until requested, once the access request is received process it, if everything checks out, then grant access. Always have multiple backups (use RAID), implement DR site (Disaster Recovery) in remote location, so if there is security breach in primary site then you can switch to DR site until the breach in primary site has been resolved. Always encrypt your data, so in case of a breach, even if the data is exposed to unauthorized users, data would be unreadable and can only be decrypted using a key. In today’s world data is the new currency, so we need to take some serious measure to protect it.
- Secure Password
Password is one of the keys that could unlock or decrypt your data. No matter how much of security you may have implemented, but even if a user mishandled his credentials, which can and will lead to some serious breach in your infrastructure. So while spreading awareness within the organization, make sure that everyone should understand the importance of their credentials. You should only used secure passwords which does not include date of birth or name of you and your family friends etc. Password policy should be enforced. Passwords should be changed after a predefined number of days, old passwords should not be reused. Never share your credentials with anyone and never ever write down your password on paper.
- Use Firewall – Restrict or Limit use of internet
This may seem a bit odd, since most of the business today need internet access at all time. True, but internet is not at all secure, hence you should implement firewall between your private network and internet to filter out traffic, spams and malicious sites which secretly installs spyware etc. Only allow access to website which is required for work.
- Hire a Professional
You can always hire a professional to perform analysis of your infrastructure and implement proper security protocols. The main reason to hire someone who is not part of your organization is that, you can never find weak links in your security. It’s same like a developer who can never truly test the code or programs he has written, but a tester can identify at least few things in the code or program which can be improved. Hiring a professional security team will provide similar perspective.
I hope today’s topic was relevant to all readers, and i hope it gave you at least some perspective about Cyber-Security and importance of it. If you have any additional protocol implemented in your organization, please do share (if you can share). If you have anything to add or any queries, please connect with me via this blog or my LinkedIn page. Well that’s it for today folks, hope you liked it and more importantly learned at least 1 new think after reading my post. Take care and see you soon.