InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Network Penetration Testing determines vulnerabilities on the network posture by discovering Open ports, Troubleshooting live systems, services, port scans and grabbing system banners.
Port Scanner is an application used to perform an open port scan with server or hosts. Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.
It is Command-line utility for exploitation websites which will perform Open port scan on your behalf. This tool helps early stages of a penetration testing to run an open port scanner on a bunch and have it not come back from your IP address.
Port Scanners Supported
yougetsignal
viewdns
hackertarget
ipfingerprints
pingeu
spiderip
portcheckers
t1shopper
Open Port Scanner
It is simple and easy to use the tool, can get results in minutes and also it to stay Anonymous. you can download the tool from github.
Uber Downplays Data Breach Impact, Claims No Sensitive Data Stolen – Uber is downplaying a data breach that occurred on Thursday, saying that no sensitive data was exposed.
The Flexlan FXA3000 and FXA2000 series LAN devices made by the Japan-based firm contain two critical vulnerabilities tracked as CVE–2022–36158 and CVE–2022–36159.
Necrum Security Labs’ researchers Samy Younsi and Thomas Knudsen have discovered two critical vulnerabilities in the wireless LAN devices manufactured by Contec. The company specializes in industrial automation, computing, and IoT communication technology.
Research Details
Reportedly, the Flexlan FXA3000 and FXA2000 series LAN devices made by the Japan-based firm contain two critical vulnerabilities tracked as CVE–2022–36158 and CVE–2022–36159.
For your information, these devices are used in airplanes to offer internet connectivity. The abovementioned series of devices offer WiFi access points in airplanes to ensure uninterrupted high-speed internet communication so that passengers could enjoy music, movies, and even purchased goodies during the flight. Hence, these vulnerabilities can allow an adversary to hack the inflight entertainment system and more.
FXA2000 (left) and FXA3000 (right)
Researchers discovered the first vulnerability (CVE–2022–36158) while performing the firmware’s reverse engineering. They identified a hidden page, which wasn’t listed in the Wireless LAN Manager interface. This page facilitates the execution of Linux commands on the device with root privileges. They could then access all system files and open the telnet port to gain complete access to the device.
The second vulnerability (CVE–2022–36159) entailed the use of hard-coded, weak cryptographic keys and backdoor accounts. While investigating, they also learned that the shadow file contained the has of two users, including root and user, and within a few minutes they could access them through a brute-force attack.
How to Fix the Issues?
In their blog post, researchers explained that the device owner could change the account’s user password from the web admin’s interface, which is the primary reason behind the emergence of these flaws. The root account is reserved for Contec for maintenance purposes.
Therefore, an attacker armed with the root hard-coded password can conveniently access all FXA2000 and FXA3000 series devices.
In order to fix the first issue, the hidden engineering web page must be removed from the under-production devices because the default password is weak and makes it easy for an attacker to inject a backdoor into the device using this page.
Furthermore, the company needs to generate a unique password for each device during the production phase for the second issue.
As pointed out by Eduard Kovacs of SecurityWeek, in its advisory, Contec explained that the vulnerabilities are connected to a private webpage created for developers to execute system commands and the page isn’t linked to other pages available to users. These vulnerabilities have been addressed in versions 1.16.00 for the FX3000 series and 1.39.00 for FX2000 series devices.
On Monday, 12th September 2022, cybersecurity firm Akamai mitigated a distributed denial of service attack (DDoS Attack), which has been declared a record-breaking attack in terms of packets-per-second compared to the attack Akamai recorded in July.
For your information, cybercriminals bombard servers with fake requests and traffic to prevent legit visitors from accessing their services in a DDoS attack.
The primary targets of the attack Akamai recorded recently were European companies. It peaked at 704.8 million packets per second, marking the second attack on such a massive scale against the same customer within a short span of three months.
According to Akamai’s Craig Sparling, prior to June 2022, this customer only saw attack traffic against its primary data center. However, unexpectedly, the attack campaign expanded, hitting six different global locations, from Europe to North America.
Akamai Prolexic’s DDoS specialization culture, focus on customer infrastructure designs, and history are rooted in defending the most complex, multifaceted attacks, and our platform is equipped with purpose-built tooling for rapid threat mitigation, even in the ‘fog of war.
Sean Lyons, Senior Vice President and General Manager of Infrastructure Security
The attack was thwarted on the same day it was identified. Though not the largest DDoS attack ever, this one raised eyebrows because it was the largest attack against European organizations. The attackers used UDP as their DDoS vector and ICMP, SYN, RESET floods, TCP anomaly, PUSH flood, etc.
Attackers managed to target more than 1,800 IP addresses of a single organization, and the attack was dispersed at six different locations. Akamai noted that this attack originated from the same threat actor that targeted it previously, while the target is also the same unnamed customer based in Eastern Europe.
Previously, the attacker targeted the company’s primary data; this time, they could target 6 data center locations in North America and Europe.
As shown above, Akamai recorded a humongous 659.6 MPPS DDoS attack back in July. The latest attack was 7% higher than the one in July. The company received 74 DDoS attacks before July, and around 200 attacks afterward. The company stated that this campaign indicates attackers continuously improve their attack techniques to evade detection.
Researchers at threat intelligence company Group-IB just wrote an intriguing real-life story about an annoyingly simple but surprisingly effective phishing trick known as BitB, short for browser-in-the-browser.
You’ve probably heard of several types of X-in-the-Y attack before, notably MitM and MitB, short for manipulator-in-the-middle and manipulator-in-the-browser.
In a MitM attack, the attackers who want to trick you position themselves somewhere “in the middle” of the network, between your computer and the server you’re trying to reach.
(They might not literally be in the middle, either geographically or hop-wise, but MitM attackers are somewhere along the route, not right at either end.)
The idea is that instead of having to break into your computer, or into the server at the other end, they lure you into connecting to them instead (or deliberately manipulate your network path, which you can’t easily control once your packets exit from your own router), and then they pretend to be the other end – a malevolent proxy, if you like.
They pass your packets on to the official destination, snooping on them and perhaps fiddling with them on the way, then receive the official replies, which they can snoop on and tweak for a second time, and pass them back to you as though you’d connected end-to-end just as you expected.
If you’re not using end-to-end encryption such as HTTPS in order to protect both the confidentiality (no snooping!) and integrity (no tampering!) of the traffic, you are unlikely to notice, or even to be able to detect, that someone else has been steaming open your digital letters in transit, and then sealing them again up afterwards.
This book is the hands-on and methodology guide for pentesting with Kali Linux. You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.
Build a modern dockerized environment
Discover the fundamentals of the bash language in Linux
Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
Apply practical and efficient pentesting workflows
Learn about Modern Web Application Security Secure SDLC
If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.
First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:
Cover your tracks by changing your network information and manipulating the rsyslog logging utility
Write a tool to scan for network connections, and connect and listen to wireless networks
Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
Write a bash script to scan open ports for potential targets
Use and abuse services like MySQL, Apache web server, and OpenSSH
Build your own hacking tools, such as a remote video spy camera and a password cracker
In this book you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You’ll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances.
This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.
For more information about this book, we have a video with the author you can watch here.
This is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.
Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks.
Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.
Through careful examination of which ports, services, and software are most prevalent on the internet and the systems and regions where they run, the research team discovered that misconfigurations and exposures represent 88% of the risks and vulnerabilities across the internet.
“Assessing the state of the internet is crucial in understanding an organization’s own risks and exposures,” said Zakir Durumeric, Chief Scientist of Censys.
Key findings
Misconfigurations – including unencrypted services, weak or missing security controls and self-signed certificates – make up roughly 60% of observed risks. When analyzing the risk profile of organizations across industries, missing common security headers accounted for the primary security error.
Exposures of services, devices, and information represent 28% of observed risks. This includes everything from accidental database to device exposures.
Critical vulnerabilities and advanced exploits only represent 12% of observed risks. When analyzing organizations by industry, the Computer and Information Technology industry had the widest spread of different risks, while Freight Shipment and Postal Services had the second widest.
Researchers also conducted a holistic assessment of the internet’s response to three major vulnerabilities – Log4j, GitLab and Confluence – to understand mitigation strategies based on how a vulnerability is perceived. From this analysis, Censys learned how the internet responds differently to vulnerability disclosures.
Three distinct types of behavior in response to vulnerability disclosures
Near-immediate upgrading: Systems vulnerable to Log4j acted quickly based on the widespread coverage of the vulnerability. By March 2022, Censys observed only 36% of potential vulnerable services were left unpatched.
Upgrading only after the vulnerability is being actively and widely exploited: While the GitLab vulnerability was being exploited, the remediation process acted slower than others until researchers discovered a botnet composed of thousands of compromised GitLab servers participating in DDoS campaigns.
Near-immediate response by taking the vulnerable instance off the internet entirely: Rather than upgrading, users chose to remove assets entirely from the internet after Confluence’s vulnerability became public between June 2021 and March 2022.
The internet constantly evolves as new technologies emerge, vulnerabilities are discovered, and organizations expand their operations that interact with the internet. Security teams have the responsibility to protect their organizations’ digital assets and need proper visibility into the entire landscape to do so.
Although vulnerabilities often garner the bigger headlines, it’s undetected misconfigurations and exposures that create the most risk for an organization, making it important to regularly assess any new hosts or services that appear in your infrastructure. Regardless of vulnerability type, providing organizations with the visibility and tools needed to strengthen their security posture introduces a proactive, more vigilant approach to digital risk management.
The purpose of this document is to define the methodology for assessment and treatment of information risks, and to define the acceptable level of risk.
The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you.
There are 3 appendices related to this document. The appendices are not included in the price of this document and can be purchased separately
The purpose of this table is to list all information resources, vulnerabilities and threats, and assess the level of risk. The table includes catalogues of vulnerabilities and threats.
The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you.
This document is an appendix. The main document is not included in the price of this document and can be purchased separately
The purpose of this table is to determine options for the treatment of risks and appropriate controls for unacceptable risks. This table includes a catalogue of options for treatment of risks as well as a catalogue of 114 controls prescribed by ISO 27001.
The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you.
This document is an appendix. The main document is not included in the price of this document and can be purchased separately
The purpose of this document is to define which controls are appropriate to be implemented in the organization, what are the objectives of these controls, how they are implemented, as well as to approve residual risks and formally approve the implementation of the said controls.
The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you.
The purpose of this document is to determine precisely who is responsible for the implementation of controls, in which time frame, with what budget, etc.
The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you.
Data security issues, continuous data breaches, and advanced cyber-criminal activity make it harder for businesses to stay updated with the latest strategy to keep their accounts and customer data protected.
We continue to see companies small or large being targeted by cybercriminals, according to Nexor, the UK experienced a 31% rise in cyber-attacks during the height of the pandemic in May and June 2020.
Cybercrimes from malware, insider threats, and stolen data to hacked systems will always be a threat so how can companies ensure they are prepared for security risks as technology and cyber criminals continue to advance? We take a look at the top 3 data security risks business are facing.
1) Lack of resources to deter cyber threats
Hackers and companies are aware of issues concerning IT infrastructures and computer systems, but it is the responsibility of the business to ensure systems are guarded and secure from unauthorised access and that they are not vulnerable to cybercriminal threats through unsecure internal networks and software.
As the pressure for cyber professionals rises, panic in business also increases as there is a shortage of IT security professionals with skills in IT and cyber security. The ISC 2021 Cybersecurity Workforce Study states that the global cybersecurity skills shortage has fallen for the second consecutive year, but the size of the workforce is still 65% below what it needs to be. CEO, Clar Rosso at ISC shares her thoughts:
“Any increase in the global supply of cybersecurity professionals is encouraging, but let’s be realistic about what we still need and the urgency of the task before us…The study tells us where talent is needed most and that traditional hiring practices are insufficient. We must put people before technology, invest in their development, and embrace remote work as an opportunity. And perhaps most importantly, organizations must adopt meaningful diversity, equity, and inclusion practices to meet employee expectations and close the gap.”
A UK government report published last year found that 48% of organisations lacked the expertise to complete routine cyber security practices, and 30% of organisations had skills gaps in more advanced areas, such as penetration testing, forensic analysis, and security architecture.
With a high demand for security professionals and a shortage in skills, could cyber criminals be a few steps ahead?
Many businesses, especially most small businesses lack the capability and expertise to withstand a cyber security attack. Finding the right talent and investing in the skills can be a challenge, but there are consultants that specialise in working with various types of businesses that can add value and help place the right data protection strategies and provide businesses with the best tools and training.
Guard Wisely are independent data security specialists that are trusted by organisations to solve their biggest compliance, security, operations, and BAU challenges. They have delivered many successful security projects to a large variety of Enterprise Customers Globally and over 180,000 employees.
2) Technology continues to accelerate
The pandemic fast-forwarded the need for digitalisation, and the sudden change to remote working meant that more data was being shared across unsecure cloud environments, kept on networks and employee desktops. This meant an increased risk for businesses as they figured out how to maintain data security in a hybrid work environment.
We have seen that everything and everyone is connecting through the Internet, and wireless capabilities are bringing innovation to all areas of business and general life at unprecedented speed.
With remote and hybrid working being a part of the future of work, data needs to be regularly monitored and controlled. Large enterprises need to manage their customers’ and employees’ data to remain compliant, to do this they need to understand where that data resides to secure it.
Across the world, there are now nearly two billion internet users and over five billion mobile phone connections; every day, we send 294 billion emails and five billion SMS messages; every minute, we post 35 hours of video to YouTube, 3,000 photos to Flickr and nearly 35,000 ‘tweets’ according to this report .
Over 91 percent of UK businesses and 73 percent of UK households have internet access and £47.2 billion was spent online in the UK alone in 2009.
The issue arises for data security as the embedded operating system in any device is deployed in its firmware, and these operating systems are rarely designed with security as their prime focus. This means that many systems have flaws and vulnerabilities, which is a gateway for many hackers and cybercriminals.
3) Weak passwords encourage cyber-attacks and “insider breaches”
With so many passwords to remember for a variety of devices, sites, and networks, we will continue to see a security risk in passwords. In most cases, hackers do not find it difficult to figure out corporate passwords and, employee passwords tend to be easier to work out.
Not only this, but once you know the password for a device, you’ll most likely be able to have access to other accounts. People tend to keep the same password across many of the accounts they hold, for the ease of remembering but this as much as we know it, is a security issue that needs to be addressed.
Unsecure passwords could increase ‘insider’ breaches at the workplace. Organisations often overlook the threats residing inside their ecosystems which can have devastating effects. These companies, although they are aware of threats don’t usually have an insider threat program in place, and are therefore not prepared to prevent, detect, and respond to internal threats.
Having access to anyone’s computers or devices at work can mean that systems will be at a higher risk of attack from insider threats. Hackers are always looking for opportunities to steal passwords and break them into private and corporate accounts.
To minimise these risks, companies must evaluate and introduce measures to ensure access to certain files and folders is in place. They will have to make sure individuals have unique passwords to enter their computers so that other people cannot access or abuse computer activity.
Tracking which files and folders are being used and accessed on individual machines will also be beneficial in a lot of cases. As a short-term fix, they can also ensure they turn on two-factor authentication (2FA), also known as multi-factor authentication where possible for important accounts, as a secondary method of authentication.
A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021.
Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021.
“A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries.” reads an analysis published by Symantec Threat Hunter team, part of Broadcom Software. “The attacks, which have been underway since at least early 2021, appear to have intelligence gathering as their main goal.”
The attackers employed a broad range of legitimate tools to deliver malware in attacks aimed at government institutions related to finance, aerospace, and defense, as well as state-owned media, IT, and telecom firms.
The attackers used Dynamic-link library (DLL) side-loading to deliver the malicious code. The technique sees threat actors placing a malicious DLL in a directory where a legitimate DLL is expected to be found. Then the attacker runs a legitimate application that loads and executes the malicious payload.
The attackers target old and outdated versions of security solutions, graphics software, and web browsers that lack of mitigations for DLL side-loading attacks.
“Once a malicious DLL is loaded by the attackers, malicious code is executed, which in turn loads a .dat file. This file contains arbitrary shellcode that is used to execute a variety of payloads and associated commands in memory. In some cases, the arbitrary shellcode is encrypted.” continues the report.
The attackers also leverage these legitimate software packages to deploy additional tools (credential dumping tools, network scanning tools such as NBTScan, TCPing, FastReverseProxy, and FScan, and the Ladon penetration testing framework), which are used to perform lateral movement.
Once the attackers have established backdoor access they use Mimikatz and ProcDump to harvest credentials and obtain deeper access to the target network. In some instances, threat actors also dump credentials via the registry.
Experts also observed attackers using PsExec to run old versions of legitimate software to load off-the-shelf RATS.
The cyberspies also use a number of living-off-the-land tools such as Ntdsutil to mount snapshots of Active Directory servers in order to gain access to Active Directory databases and log files and the Dnscmd command line tool to enumerate network zone information.
Experts also shared details about an attack against a government-owned organization in the education sector in Asia. The intrusion lasted from April to July 2022, during which the adversary accessed machines hosting databases and emails, before accessing the domain controller.
The attackers also use of an 11-year-old version of Bitdefender Crash Handler (“javac.exe”) to run a Mimikatz and the Golang penetration testing framework LadonGo.
The experts did not attribute the cyber espionage campaign to a specific threat actor, however, they noticed the use of the ShadowPad backdoor which is commonly used by China-linked APT groups.
“The use of legitimate applications to facilitate DLL side-loading appears to be a growing trend among espionage actors operating in the region. Although a well-known technique, it must be yielding some success for attackers given its current popularity. Organizations are encouraged to thoroughly audit software running on their networks and monitor for the presence of outliers, such as old, outdated software or packages that are not officially used by the organization.” concludes the report that includes Indicators of Compromise (IoCs).
Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies:
“RESTON, Va., March 8, 2022 – Mandiant, Inc. (NASDAQ: MNDT) today announced that it has entered into a definitive agreement to be acquired by Google LLC for $23.00 per share in an all-cash transaction valued at approximately $5.4 billion, inclusive of Mandiant’s net cash.” reported the press release.
Mandiant is considered a leading cyber security firm, in 2013 FireEye acquired it, but FireEye separated Mandiant Solutions in 2021 as part of a $1.2 billion private equity transaction.
The cybersecurity firm will join Google Cloud, but despite the acquisition, Google will maintain the Mandiant brand.
Google is expanding its offer adding cybersecurity services to its portfolio, as part of this strategy the company also acquired the Israeli Israeli startup Siemplify which has developed a SOAR (security orchestration, automation and response) technology.
“Today we’re excited to share the next step in this journey with the completion of our acquisition of Mandiant, a leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant shares our cybersecurity vision and will join Google Cloud to help organizations improve their threat, incident and exposure management.” reads the Google’s announcement.
“Combining Google Cloud’s existing security portfolio with Mandiant’s leading cyber threat intelligence will allow us to deliver a security operations suite to help enterprises globally stay protected at every stage of the security lifecycle. With the scale of Google’s data processing, novel analytics approaches with AI and machine learning, and a focus on eliminating entire classes of threats, Google Cloud and Mandiant will help organizations reinvent security to meet the requirements of our rapidly changing world.”
State of the Hack discusses the latest in information security, digital forensics, incident response, cyber espionage, APT attack trends, and tales from the front lines of significant targeted intrusions.
The FBI on Monday warned that hundreds of vulnerabilities in widely used medical devices are leaving a door open for cyberattacks.
In a white notice from the FBI’s Internet Crime Complaint Center (IC3), the law enforcement agency said it has identified “an increasing number” of vulnerabilities posed by unpatched medical devices that run on outdated software and devices that lack adequate security features.
The FBI specifically cited vulnerabilities found in insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps, noting that malicious hackers could take over the devices and change readings, administer drug overdoses, or “otherwise endanger patient health.”
“Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity,” the alert said.
“Medical device vulnerabilities predominantly stem from device hardware design and device software management. Routine challenges include the use of standardized configurations, specialized configurations, including a substantial number of managed devices on the network, lack of device embedded security features, and the inability to upgrade those features.”
The FBI noted that medical device hardware is often used for more than 30 years at some healthcare facilities, giving cybercriminals and state actors ample time to discover and exploit bugs.
Many legacy devices used by hospitals and clinics contain outdated software because they do not get manufacturer support for patches or updates, the FBI said, adding that many devices are not designed with security in mind.
The white notice then quotes several reports from cybersecurity firms that highlighted the magnitude of the problem, most notably that about 53% of all connected medical devices and other internet of things (IoT) devices in hospitals had known critical vulnerabilities.
One report found an average of 6.2 vulnerabilities per medical device and reported that more than 40% of medical devices are at the end-of-life stage, offering little to no security patches or upgrades.
Last year, German healthcare giant B. Braun updated several faulty IV pumps after McAfee discovered vulnerabilities allowing attackers to change doses.
Healthcare organizations continue to face a barrage of ransomware incidents and cyberattacks. Cybersecurity firm Proofpoint released a report last week that found 89% of healthcare professionals surveyed experienced at least one cyberattack in the last 12 months.
More than 20% of those attacked saw an increase in mortality rates and over half said the attacks caused longer patient stays, delays in procedures and overall decreases in the quality of care.
The European Agency for Cybersecurity (ENISA) each October promotes cybersecurity among EU citizens and organizations, and is partnering with Anima People, specialists in behavioral science related to security, in a critical project to evaluate cybersecurity awareness campaigns in behavior change among employees. Organizations worldwide will benefit by the intelligence they need to design successful campaigns in the future, helping to drive long-term behavior conducive to a cyber-secure world. Please participate by completing this survey:https://
ISO 27001 is a widely-known international standard on how to manage information security.
In this Help Net Security video, Nicky Whiting, Director of Consultancy, Defense.com, talks about the challenges of achieving ISO 27001, a widely-known international standard.
ISO 27001 certification is not obligatory. Some organizations choose to implement it in order to benefit from the best practice it contains. Others decide they want to get certified to reassure customers and clients.
HP Secure Erase; HP Sure Click; HP BIOSphere Gen6; HP Sure Admin; Hood Sensor Optional Kit; HP Client Security Manager Gen6; HP Sure Start Gen7; HP Sure Recover Gen4; HP Sure Sense Gen2; HP Sure Run Gen5[19,20,21,22,23,24,25,26,31]
The global cybersecurity workforce gap is estimated at 2.7 million people, with the problem particularly acute when it comes to entry-level roles.
Cybersecurity nevertheless promises an interesting and potentially lucrative career. Even though the profession is open to people with any degree or none – providing they have the aptitude to learn – it can still be daunting to make the initial first steps and difficult to know where to begin.
The talent pool might potentially be expanded through more inclusive and broader hiring strategies. Against this, unrealistic hiring practices sometimes create barriers to entry for those looking to enter the profession, especially those seeking a career change.
The path into a career in information security is, however, eased by a growing number of entry level training schemes and courses. The Daily Swig has surveyed this landscape to chart some promising routes offered by various reputable training providers.
For example, cybersecurity skills training organization (ISC)2reports that more than 1,400 individuals have undertaken its entry-level infosec certification pilot exam since the program launched at the end of January 2022.
The qualification is designed to support industry entrants embarking on cybersecurity careers, ranging from recent university graduates, to career changers, to IT professionals looking to switch roles and focus on infosec. In all cases, the certificate offers a means to validate their foundational security skills.
Laying down foundations
For employers seeking to fill entry-level roles, the qualification offers evidence that newcomers have the foundational knowledge, skills, and abilities necessary to thrive in the sector. According to (ISC)2, the qualification shows that candidates for junior roles are familiar with technical concepts whilst having an aptitude for on-the-job learning.
The (ISC)2 entry-level pilot exam evaluates candidates across five domains; security principles; business continuity, disaster recovery, and incident response concepts; access control concepts; network security; and security operations.
Within the cybersecurity education market, however, (ISC)2 is far from the only game in town.
World of choice
The SANS Institute offers a five-day, in-person Introduction to Cyber-Security course that covers a mix of technical and business issues. SANS Institute courses are well regarded but not inexpensive.
GIAC Information Security Fundamentals, for example, retails at $6,600.
Other paid-for SANS Institute introductory courses focusing on specific areas of cybersecurity – such as cloud computing, digital forensics, and incident response – are also available.
SANS also offers free-of-charge security workshops and other content, though this material is more geared towards the professional development needs of those who have already established a cybersecurity career.
eLearning
Coursera offers access to online courses from leading universities and companies.
The Coursera platform provides routes that run the gamut from short online classes and hands-on projects that teach job-relevant skills in less than two hours, to job-ready certificates and degree programs. Short courses cost up to $99 while professional certifications run between $2,000-$6,000 and degrees between $9,000-$45,000.
A yearly subscription to Coursera’s online courses costs $399.
Coursera offers a variety of entry-level cybersecurity courses, each affiliated to universities or technology companies.
For example, Introduction to Cyber Security Specialization from New York University includes four courses aimed at beginners. It can be completed in about four months with four hours of learning per week.
There’s also an Introduction to Cyber Security course from the UK’s Open University that is particularly suitable for those looking for a flexible course aimed at beginners. The course doesn’t lead to a formal qualification but is available online and is accredited by several reputable organizations in the UK cybersecurity sector.
“Over eight weeks, the course will take on average three hours a week to complete,” an Open University (OU) spokesperson told The Daily Swig.
“The course is accredited by APMG International, the Institute of Information Security Professionals, and the (UK) National Cyber Security Centre. The Certificate of Achievement for this course demonstrates awareness of cybersecurity issues across 12 of the IISP skills groups, and demonstrates that participants have completed a course that meets the awareness level requirements of NCSC Certified Training.”
Another option from the Open University involves a part-time degree course that offers a BSc in Cyber Security at the end of six years. There’s also a postgraduate micro-credential in Cyber Security Operations.
Quite a few well established and respected infosec professionals got their start in the field by simply picking up a book and getting stuck in.
There’s no better example of this than noted bug bounty hunter David Litchfield, who 25 years ago passed his Certified Novell Administrator (CNA) exam courtesy of a related CNA guidebook, thus certifying his ability to maintain networks running the then ubiquitous but since obsolete Novell NetWare networking software.
Fast forward to the 2020s and you’ll find PortSwigger’s* Web Security Academy offering a free-of-charge service that explains key concept and vulnerabilities in web security. This learning exercise is reinforced through a series of labs graded ‘Apprentice’, ‘Practitioner’, or ‘Expert’.
Practice in the labs gives learners proficiency with Burp Suite, a web security testing tool that’s the industry standard for pen testers and bug bounty hunters alike.
Next, The Daily Swig’s own John Leyden plans to try his hand at modules from the (ISC)2 entry level qualification to see how he fares. Stay tuned for a follow-up feature this autumn.
The cybersecurity skills shortage continues to present multiple challenges and have repercussions for organizations. The skills gap can be addressed through training and certifications to increase employees’ education.
The talent shortage and a variety of specialized fields within cybersecurity have inspired many to reskill and join the industry. One way to get more knowledge is to take advantage of online learning opportunities. Below you can find a list of free online cybersecurity courses that can help further your career.
Cryptography I
Stanford University
Instructor: Dan Boneh, Professor
In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. You will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. Throughout the course participants will be exposed to many exciting open problems in the field and work on optional programming projects.
DDoS Attacks and Defenses
University of Colorado
Instructor: C. Edward Chow, Professor
In this course you will learn the history of DDoS attacks, analyze Mirai IoT malware, and perform source code analysis. You’ll learn about the intrusion tolerance paradigm with proxy-based multipath routing for DDoS defense. By developing and deploying such a new security mechanism, you can improve the performance and reliability of the system at the same time and it does not have to be just an overhead. By the end of this course, you should be able to analyze new DDoS malware, collect forensic evidence, deploy firewall features to reduce the impact of DDoS on your system, and develop strategies for dealing with future DDoS attacks.
Hardware Security
University of Maryland
Instructor: Gang Qu, Associate Professor
In this course, you will study security and trust from the hardware perspective. Upon completing the course, students will understand the vulnerabilities in current digital system design flow and the physical attacks on these systems. They will learn that security starts from hardware design and be familiar with the tools and skills to build secure and trusted hardware.
Software Security
University of Maryland
Instructor: Michael Hicks, Professor
This course explores the foundations of software security. You will learn about software vulnerabilities and attacks that exploit them, and consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, you’ll take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other “managed” program language (like ML or Java), and have prior exposure to algorithms.
Web Security Fundamentals
KU Leuven University
Instructor: Philippe De Ryck, Founder, Pragmatic Web Security
This course provides an overview of the most common attacks, and illustrates fundamental countermeasures that every web application should implement. Throughout the course, you will gain insights into the threats that modern web applications face. You’ll build an understanding of common attacks and their countermeasures; not only in theory, but also in practice. You’ll be provided with an overview of current best practices to secure web applications. Although no previous security knowledge is necessary to join this course, it will help to be familiar with the basic concepts behind web applications, including HTTP, HTML, and JavaScript.
Security Governance & Compliance
University of California, Irvine
Instructor: Jacob Horne, Cybersecurity Consultant
In this course, students are introduced to the field of cyber security with a focus on the domain of security & risk management. Topics include the fundamental concepts and goals of cybersecurity (the CIA triad), security governance design, the NIST cybersecurity framework, relevant laws and regulations, and the roles of policies, strategies, and procedures in cybersecurity governance.
Windows Server Management and Security
University of Colorado
Instructor: Greg Williams, Director of Networks and Infrastructure
This course explores what it takes to design and build the server side of Windows in an enterprise environment. This course will explore everything from Windows Server installation to configuring users, to hardening the server operating system itself. The first week of this course provides an overview of how Windows operates in an enterprise environment and what it may look like in the real world. Week 2 will show you how Windows users interact with the system. Week 3 will explore authorization in a Windows environment. Week 4 explores built in security features of Windows and demonstrates how to use each technology effectively and in what circumstances you would use what technology for what purpose.
More docked ships bring a new challenge. The longer a ship is docked, the more vulnerable the port is to a cyberattack.
Source: Hans-Joachim Aubert via Alamy Stock Photo
Evidence indicates that the world’s ports are returning to pre-pandemic levels. During the first 11 months of 2021, the value of US international freight increased by more than 22% (PDF) compared with the same 11 months in 2020. More freight means more ships docking at port. And not only are more ships docking, but their dwell times are increasing as well. The average container vessel dwell time at the top 25 US container ports was estimated at 28.1 hours in 2020. In the first half of 2021, average container vessel dwell times increased to 31.5 hours.
While this increase in activity is undoubtedly welcome, more docked ships bring a new challenge. The longer a ship is docked, the more vulnerable the port is to a cyberattack.
The Cyber-Risk to Ships
The maritime industry is especially vulnerable to cyber incidents. There are multiple stakeholders involved in the operation and chartering of a ship, which often results in a lack of accountability for the IT and OT system infrastructure and the ship’s networks. The systems may rely on outdated operating systems that are no longer supported and cannot be patched or run antivirus checks.
Going forward, this threat is expected to increase. Critical ship infrastructure related to navigation, power, and cargo management has become increasingly digitized and reliant on the Internet to perform a broad range of legitimate activities. The growing use of the Industrial Internet of Things (IIoT) will increase the ships’ attack surface.
Common ship-based cyber vulnerabilities include the following:
Obsolete and unsupported operating systems
Unpatched system software
Outdated or missing antivirus software and protection from malware
Unsecured shipboard computer networks
Critical infrastructure continuously connected with the shore side
Inadequate access controls for third parties including contractors and service providers
Inadequately trained and/or skilled staff on cyber-risks
Troubled Waters?
Maritime cybersecurity has become a significant issue affecting ports around the world. According to the firm Naval Dome, cyberattacks on maritime transport increased by 400% in 2020. Cybersecurity risks are especially problematic to ports around the globe since docked ships regularly interact digitally with shore-based operations and service providers. This digital interaction includes the regular sending of shipping documents via email or uploading documents via online portals or other communications with marine terminals, stevedores, and port authorities.
For example, many port authorities require a Port State Control (PSC) survey to be completed by foreign ships docking in their ports. Among other activities, this survey verifies several ship certificates and approximately 40 different documents required by international maritime authorities.
Some past examples of port-based cyber breaches:
Port of Rotterdam: In June 2017, the port of Rotterdam was hit with a ransomware attack that paralyzed the activities of two container terminals operated by APMT, a subsidiary of the Møller-Maersk group. Note that the port of Rotterdam had completely automated its operations as part of a Smart Port strategy.
Port of Shahid Rajaee: In May 2020, the port of Shahid Rajaee, Iran, suffered a cyberattack that almost totally shut down its operations. The Washington Post reported that the “computers that regulate the flow of vessels, trucks and goods all crashed at once, creating massive backups on waterways and roads leading to the facility.” This cyberattack was presumed to be Israel’s response to an attack on its water network.
Port of Kennewick: In November 2020, the port of Kennewick, Wash., was hit with ransomware that completely locked access to its servers. Even with the small size of this port, it took nearly a week for port authorities to access their data. Malware injected via a phishing email is thought to be the cause of this attack.
Knowing that they are vulnerable to cyber breaches does not help alleviate the challenge to ports that have no choice but to accept documents originating from these ships. If ports block these documents, the ships cannot dock, and this ultimately causes delays in global logistics and the supply chain.
The Danger
Ports have no choice but to accept the ships’ documents. Refusal to accept these documents means loss of port revenue and blockages in the smooth flow of the supply chain. Document sending must proceed. But file-borne threats pose a significant challenge for ports. Malware is designed to access or damage a computer without the owner’s knowledge. Hackers embed malicious code into seemingly innocent files. When those files are opened, the malware automatically executes and allows the hackers to gain access to valuable data or cause damage to the maritime industry.
Many of these threats first enter the ship through email phishing schemes — attempts to fool employees and individuals into opening and clicking on malicious links or attachments in emails or uploading malicious documents to website portals. These “hacks” often exploit vulnerabilities in the ships’ networks, using the vessel to gain access to the ship’s partners, including the port.
