NTSC Technology Security Roundup

Weekly News Roundup: December 18, 2017

Likely Nation State Hacker Shut Down Operations at Critical Infrastructure Organization

Reported in The Hill, a likely nation state hacker was able to shut down operations at a critical infrastructure organization. Security company FireEye said:

“Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation state preparing for an attack.”

CyberArk Report Says Half of Respondents Did Not Inform Customers About a Data Breach

The latest CyberArk Global Advanced Threat Landscape Report 2018 reveals that “Half (50 percent) of respondents say their organizations did not fully inform customers when their personal data was compromised in a cyber attack.” CyberArk notes this survey result is concerning considering the requirements of current data breach notification laws and the effects of a data breach on customers. Additional findings quoted in the report include:

  • 52 percent of business leaders and 34 percent of security professionals do not understand what they should do if a cyber security incident occurs.
  • More than half (51 percent) of all survey respondents reported that they give third-party vendors remote access to their internal networks and, of this group, 23 percent fail to monitor remote vendor activity.
  • Nearly half (49 percent) of line of business owners say they do not have adequate knowledge of their organization’s security policies. Surprisingly, the security professionals we surveyed did not have much more confidence in what are presumably their own policies; a third (33 percent) said they did not have adequate knowledge.

Pretty Much All Your Employees Open You Up to the Risk of a Data Breach

According to a report from Intermedia, “Almost all (99 percent) of the professionals surveyed admitted to conducting at least one potentially dangerous action, from sharing and storing login credentials to sending work documents to personal email accounts.” This suggests that employees remain a high risk for opening companies up to a data breach—despite many CISO efforts to lock down security. Other findings include:

  • “Despite nearly one quarter (23 percent) of employees worrying that someone outside of their company could hack or access files due to an email breach, they continue to ignore best practices opting instead for more convenient, and therefore more detrimental, practices.”
  • “96 percent of office workers automatically save work passwords on their work computer, instead of routinely entering login credentials.”
  • “64 percent of office workers email a work document to their personal email at least weekly, exposing confidential data to even more threats.”

Acquisition Updates

In cybersecurity acquisition news, there are reports (including from Axios) that Amazon plans to acquire Sqrrl, which features a cyber threat hunting platform as its main product. According to Axios, “Sqrrl analyzes big data to hunt cyber-threats, helping companies identify and address them faster. Word is that the purchase price would be a bit north of $40 million, although there are still some final details to iron out.”

Also, in a bit of acquisition drama, Thales Group (known for its work in the aerospace, transport, and defense industries) outbid IT services and consulting company Atos to acquire digital security company Gemalto. According to Bloomberg, “Both Thales and Atos were drawn by Gemalto’s security products that help protect companies and governments against data hacks and identity theft in an increasingly connected world. Thales is the bigger of the two interested companies and has a powerful shareholder in the French state, which owns about 25 percent and is also the single largest investor at Amsterdam-based Gemalto.”

Study: 69 Percent of Financial Services Organizations Do Not Rotate SSH Keys After Employees Leave

Machine identity protection company Venafi recently released results of a study of how financial services organizations manage and implement Secure Shell (SSH). According to a press release, “69 percent of respondents from the financial services industry admit they do not actively rotate keys, even when an administrator leaves their organization. This allows the former employee to have ongoing privileged access to critical and sensitive systems.” Venafi also reports that “85 percent of respondents say they do not have a complete and accurate inventory of all SSH keys. Without a comprehensive inventory, organizations in the financial services industry cannot determine if keys have been stolen, misused or should not be trusted.”