Prepare for Increasing Frequency of “Nation-State” Cyberattacks with Strategy, not Technology

Chase Cunningham

Let me pose a question: “Is it a bad thing to give the average person a hand grenade with the pin pulled?” I think most of us would respond to that question with an emphatic “YES!”  No one in their right mind would think it's a good idea in any possible reality to allow anyone without extensive military or professional training to access an explosive--especially not one that is live and has no safety device in use. Bad things would happen, and people would probably lose their lives; at the very least, there would be damage to property. No matter what, this scenario would be a very bad thing and should NEVER happen.

OK, now let me change that question a bit: “Is it a bad thing for every person with a network connection to have access to extremely powerful nation-state-level cyber weapons?”  Hopefully you would respond similarly and say “YES!”

Just as the hand grenade juggling is a problem, so is the proliferation of nation-state-level exploits. These malicious tools and frameworks have spread across the world and are presenting a very complicated problem that must be solved. Unfortunately, the solution that we've currently been offered amounts to a variety of vendors slinging solutions and tools that, without good strategy, cannot effectively combat the myriad cyber artillery shells now being weaponized against every system that touches the World Wide Web. The bad guys have now officially proven that they can “outdev” the defensive technologies in place in many instances and have shown that it's highly likely that many installed legacy technologies are wide open to these weaponized attacks (anti-virus be darned) across the planet.

Read more

Exploring The IoT Attack Surface

Jeff Pollard

Merritt Maxim and I just published our research on the IoT Attack Surface. This report gives a realistic, but not sensationalized, view of how enterprises need to think about IoT. Three factors motivated our research for this topic - attacks on IoT will transcend the digital-physical divide, the sheer scale of IoT will challenge security teams, and IoT devices collect massive amounts of data.

The following methodology allowed us to hone in on concrete enterprise scenarios:

  • We went for offense first. We started by interviewing prominent security researchers that spend their days thinking about how to attack IoT devices and systems. Our outside in approach allowed us to develop a threat model for intrusions, as well as identify weak points in the defenses of IoT makers, users, and operators.
  • We explored the ramifications of an attack. We wanted to understand what an attacker would - or could - do when successful. We also wanted to understand the amount of friction that existed for whatever came next - credential harvesting, persistence, or disrupting operations.
  • We examined existing security practices to understand what works, and what doesn't when defending IoT devices. This step highlighted that while IoT is different, defending IoT looks similar to other security problems S&R pros have dealt with. You can bring security lessons forward and apply them to IoT without having to learn them all over again.
Read more

Introducing The Forrester Wave™: Digital Risk Monitoring, Q3 2016

Nick Hayes

We recently published our Forrester Wave™: Digital Risk Monitoring, Q3 2016 report. We evaluate nine of the top vendors in this emerging market that offer solutions to continuously monitor “digital” -- i.e., social, mobile, web, and dark web -- channels to detect, prevent, and mitigate any type of risk event posing a threat to organizations today.

 

Why now

It’s almost 2017 and yet companies are more exposed and less equipped to handle the slew of risks that run rampant across countless digital channels today. Digital risk monitoring (DRM) solutions are increasingly valuable for organizations because:

  • Digital channels are now ground zero for cyber, brand, and even physical attacks. Cybercriminals use a variety of tactics to weaponize social media, impersonate or embed malware into mobile apps, deface websites, collude in dark channels, and cause financial, reputational, or physical harm. Digital risk monitoring tools combat these methods by deploying a variety of data-gathering and advanced risk analysis techniques. They aggregate data via open-source intelligence (OSINT), technical intelligence (TECHINT), human intelligence (HUMINT), and even covert human intelligence (CHIS). Then they analyze the collected data with data classifiers, machine learning, and risk scoring algorithms to determine the most likely and most threatening risk events in a quick and efficient manner.
Read more

Facebook, LinkedIn, Twitter: The New Cyberweapons Of Choice

Nick Hayes

New social media scams and marketing #fails are common fodder for water cooler banter today – even a recent episode of HBO’s Veep ran a joke where the President blames a Chinese cyberattack for sending an ill-advised tweet.

But social media cybersecurity issues are far from a laughing matter, and it’s time we all take notice. Our new report Four Ways Cybercriminals Exploit Social Media proves this.

Poor social media security practices put you, your brand, your customers, your executives, and your entire organization at serious risk. According to Cisco, Facebook scams were the most common form of malware distributed in 2015, and in its most recent annual internet crime report, the FBI highlighted that social media-related events had quadrupled over the past five years. Social media is also increasingly an effective tool for terrorist groups like ISIS, even as Twitter and other social networks work around the clock to remove associated accounts.

Read more