TOP 10 (ISC)² WEBCASTS OF 2017

(ISC)² webcasts are a great source for insight into all areas of security. From the Internet of Things to malware and compliance, the topics vary. Here are the top 10 (ISC)² webcasts for 2017 so far as ranked by cybersecurity professionals:

  1. Part 1: Future of SIEM – Why Static Correlation Fails Insider Threat Detection
    Hackers stealing credentials and operating in your corporate network…disgruntled employees collecting customer lists and design materials for a competitor…malware sending identity information back to random domains…these common threats have been with us for years and are only getting worse. Most organizations have invested large amounts in security intelligence, yet these solutions have fallen short. Simply put, security intelligence and management, in the form of legacy SIEM technologies, have failed to keep up with complex threats. Sponsored by Exabeam.
  2. Visibility and Security – Two sides of the Same Coin
    You can’t secure what you can’t see and not knowing what’s on your network can be damaging. While security is about proactively detecting and mitigating threats before they cause damage, it is also about gaining deep visibility into today’s complex networks, which may include diverse platforms and architectures. A truly enterprise grade DNS, DHCP and IPAM (DDI) platform can provide that visibility because of where it sits in networks. On the downside, DNS is a top threat vector, but can be used as strategic control points to block malicious activity and data exfiltration. Sponsored by Infoblox.
  3. Scaling Up Network Security: Shifting Control Back to the Defenders
    Network threats and data breaches continue to grow in number, sophistication and speed, overwhelming current defensive capabilities. Security teams, limited in staff, resources and time, suffer from diminished effectiveness and enterprise protection. To stay ahead, organizations must create an adaptive ecosystem of network defenses; much like the body leverages its immune system. A Defense Lifecycle Model speeds threat identification and mitigation by incorporating machine learning and artificial intelligence into these security processes. Sponsored by Gigamon.
  4. GDPR – Now’s the Time to Plan for Compliance
    The EU’s new General Data Protection Regulation (GDPR) is around the corner, and it’s time to prepare for it. The GDPR, specified in an 88-page document, can be confusing and tedious to put into practice. Understanding and complying is critically important, however, as non-compliance carries significant risk, with stipulated penalties exceeding $20M. This webcast will examine why the GDPR should be a priority – now; discuss the global and technological implications of GDPR, and review how technology can address some of the GDPR data security requirements. Sponsored by Imperva.
  5. Cross Talk: How Network & Security Tools Can Communicate for Better Security
    Working in silos, while never a good idea, is a reality in many organizations today. Security and network operations teams have different priorities, processes and systems. Security teams use various controls and tools to mitigate different kinds of threats which provides them with thousands of alerts on a daily basis. They often find it difficult to prioritize the threats to address first. What they may not know is that there is a whole piece of the puzzle they could be missing – core network services like DNS, DHCP and IPAM. These can provide a wealth of information and context on threats, which can help prioritize response based on actual risk and ease compliance. Sponsored by Infoblox.
  6. Future of SIEM – Remediate Malware & Spear Phishing w/Automated Playbooks
    It’s not uncommon for security teams to see upwards of 17,000 malware alerts per week and only investigate a third of them. Each incident detected requires investigation and eventually remediation before it can be laid to rest. Unfortunately, the security talent capable of performing these tasks is scarce, which leaves most security operations teams spread thin, a symptom of sparse coverage compounded by the drain of low fidelity security alerts and false positives. Sponsored by Exabeam.
  7. CA Briefings Part 5 – Trends and Predictions
    2016 was a blockbuster year for cybersecurity – from a hacker influenced national election to a landmark breach into the Internet of Things that caused the largest botnet attacks in history. What’s in store for 2017? Join CA Technologies’ Nick Nickols, Security CTO, as he examines what you can expect in 2017. In this webcast, Nick will discuss: key areas to focus your attention and investment – from access governance to threat analytics to IDaaS; the changing landscape of regulations and consumer behavior; technology transformations and new innovations that will influence the way you prepare for 2017. Sponsored by CA Technologies.
  8. Briefing on Demand – Getting it Right – Security & the Internet of Things
    The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within an existing internet infrastructure. However, securing it can be difficult. Join Gemalto and (ISC)² for a discussion on the Internet of Things and how it will play a role in your future and what changes will be happening in security. Sponsored by Gemalto.
  9. Building a Blueprint for an Insider Threat Program
    While infosecurity teams are playing defense against external threats, they cannot lose sight of the threat that insiders at their organization pose. Employees, contractors and business associates can all have accounts which provide them legitimate access to systems within the enterprise, but that access can carry significant risk. Detecting, monitoring and preventing such unauthorized access and exfiltration is critical. Building an insider threat program to manage such functions can help an organization get visibility into the problem and streamline these efforts. But where does an organization start when building such a program? What underpinnings need to be in place in order to have success with a program? Get the inside scoop on what it is really like to build and run these types of programs; what are insiders really doing and what are they stealing. Join Code42 and (ISC)² for a discussion on how to construct an effective insider threat program. Sponsored by Code42.
  10. Reimagine Your Identity Strategy
    First offered at the RSA Conference this past February, RSA and (ISC)² offer our members an exclusive opportunity to hear from the identity and access assurance experts at RSA to learn what it takes to manage identity at the speed of business and deliver convenient and secure access.  In this webcast, we’ll examine how to deliver access to the modern workforce, addressing the identity risk factor and future-proofing your identity, and access management program. Sponsored by Sophos.

Sign up for more (ISC)² webcasts by visiting https://www.isc2.org/News-and-Events/Webinars/ThinkTank. What topics would you like to learn more about on the (ISC)² Blog? Let us know!

[(ISC)² Blog]

Threat Brief: Patch Today and Don’t Get Burned by an Android Toast Overlay

Today, Palo Alto Networks Unit 42 researchers are announcing details on a new high- severity vulnerability affecting the Google Android platform. Patches for this vulnerability are available as part of the September 2017 Android Security Bulletin. This new vulnerability does NOT affect Android 8.0 Oreo, the latest version; but it does affect all prior versions of Android. There is some malware that exploits some vectors outlined in this article, but Palo Alto Networks Unit 42 is not aware of any active attacks against this particular vulnerability at this time. Since Android 8.0 is a relatively recent release, this means that nearly all Android users should take action today and apply updates that are available to address this vulnerability.

What our researchers have found is a vulnerability that can be used to more easily enable an “overlay attack,” a type of attack that is already known on the Android platform. This type of attack is most likely to be used to get malicious software on the user’s Android device. This type of attack can also be used to give malicious software total control over the device. In a worst-case attack scenario, this vulnerability could be used to render the phone unusable (i.e., a “brick”) or to install any kind of malware including (but not limited to) ransomware or information stealers. In simplest terms, this vulnerability could be used to take control of devices, lock devices and steal information after it is attacked.

An “overlay attack” is an attack where an attacker’s app draws a window over (or “overlays”) other windows and apps running on the device. When done successfully, this can enable an attacker to convince the user he or she is clicking one window when, in fact, he or she is actually clicking another window. In Figure 1, you can see an example where an attacker is making it appear that the user is clicking to install a patch when in fact the user is clicking to grant the Porn Droid malware full administrator permissions on the device.

Figure 1: Bogus patch installer overlying malware requesting administrative permissions

You can see how this attack can be used convince users to unwittingly install malware on the device. This can also be used to grant the malware full administrative privileges on the device.

An overlay attack can also be used to create a denial-of-service condition on the device by raising windows on the device that don’t go away. This is precisely the type of approach attackers use with ransomware attacks on mobile devices.

Of course, an overlay attack can be used to accomplish all three of these in a single attack:

  1. Trick a user into installing malware on their device.
  2. Trick a user into giving the malware full administrative privileges on the device
  3. Use the overlay attack to lock up the device and hold it hostage for ransom

Overlay attacks aren’t new; they’ve been discussed before. But until now, based on the latest research in the IEEE Security & Privacy paper, everyone has believed that malicious apps attempting to carry out overlay attacks must overcome two significant hurdles to be successful:

  1. They must explicitly request the “draw on top” permission from the user when installed.
  2. They must be installed from Google Play.

These are significant mitigating factors and so overlay attacks haven’t been reckoned a serious threat.

However, our new Unit 42 research shows that there is a way to carry out overlay attacks where these mitigating factors don’t apply. If a malicious app were to utilize this new vulnerability, our researchers have found it could carry out an overlay attack simply by being installed on the device. In particular, this means that malicious apps from websites and app stores other than Google Play can carry out overlay attacks. It’s important to note that apps from websites and app stores other than Google Play form a significant source of Android malware worldwide.

The particular vulnerability in question affects an Android feature known as “Toast.” “Toast” is a type of notification window that “pops” (like toast) on the screen. “Toast” is typically used to display messages and notifications over other apps.

Unlike other window types in Android, Toast doesn’t require the same permissions, and so the mitigating factors that applied to previous overlay attacks don’t apply here. Additionally, our researchers have outlined how it’s possible to create a Toast window that overlays the entire screen, so it’s possible to use Toast to create the functional equivalent of regular app windows.

In light of this latest research, the risk of overlay attacks takes on a greater significance. Fortunately, the latest version of Android is immune from these attacks “out of the box.” However, most people who run Android run versions that are vulnerable. This means that it’s critical for all Android users on versions before 8.0 to get updates for their devices. You can get information on patch and update availability from your mobile carrier or handset maker.

Of course, one of the best protections against malicious apps is to get your Android apps only from Google Play, as the Android Security Team aggressively screens against malicious apps and keeps them out of the store in the first place.

[Palo Alto Networks Research Center]

Creating CyberCulture

When growing up, many of us probably heard warnings from our parents to be careful in certain environments—the local woods, a busy side street, or at the beach.  Our parents cautioned us out of concern for our well-being, and it served a purpose.

Their warnings were meant to raise our awareness of our surroundings, and ensure we would exercise care when appropriate. They reminded us that the safety of our environment depended upon the decisions we made. Today, we would be well-served to add one more domain to those dangers areas drilled into us: the world of cyber.

Like the woods and the beach where we played when we were young, cyber offers a great amount of reward, tempered with significant risk if we’re not prepared.

How do we evolve to a CyberCulture, though? How do we convince people that, for all the positive potential of technology, there is a dark side as well? How do we especially reach today’s digital natives, who have grown up largely responsible for their own security in cyberspace, and take security somewhat for granted?

It starts with an initial decision: at what level should cyber security be a part of our daily lives? For a CyberCulture, in which security is a top-of-mind concern, the answer is simple—cyber security should be as prevalent in our lives as possible. There is one security measure that comes to mind that’s prevalent anywhere we look, from shopping carts, to cars, to airplanes, regardless if we are in Kenya, Kolkata, or Kentucky.

Seatbelts.

Cyber security needs to become the modern-day equivalent of seatbelts that can keep us protected when we are navigating down new roads at high speeds.   Yes, cyber security is a ‘security’ issue—but it’s a safety issue as well, for all of us. Nations, enterprises and individuals need strong cyber security—and all these entities need it for both safety and security. Most significantly, cyber security needs to become pervasive at all of those levels, and no one level is more important than another. To create a safe, secure CyberCulture, people, enterprises and nations needs to function in as complementary and synergistic a manner as possible.

For nations and governments, cyber security must be a prime concern, across the breadth of government, at all levels, and in all functions of government. Last month’s DefCon 2017 gave us an object lesson in protecting the entirety of governmental operations, when conference attendees hacked various election equipment in a matter of hours. Assessing the capabilities—and vulnerabilities—of that equipment should be as regular an activity in government as ordering office supplies. It should be part of a CyberCulture.

For individuals, the journey towards a CyberCulture should begin as early as possible.  We need to make cyber security and good ‘online hygiene’ part of core curricula at the pre-university level, to imbed the concept of security online at the earliest possible levels, and ensure that tomorrow’s digital (and eventually cognitive) natives don’t make cyber security an afterthought. Much like many universities already include humanities or similar courses as graduation requirements, we need to give similar importance to cyber security courses at the university level.

And, just like we would subject potential candidates for a cyber security post to an evaluation of their abilities, maybe it’s time to start evaluating all potential hires—regardless of where they will work in the enterprise—on their abilities to assist in securing the enterprise through sound personal security habits. Likewise, the enterprise should be evaluated on a regular basis for how cybersecure its operations are, not merely from a technical standpoint, but from a cultural standpoint as well. In today’s digital economy, everything is connected; a hack of the cyber infrastructure of one enterprise imperils all with whom they work.

Creating a CyberCulture in which cyber security is as pervasive and commonplace as seatbelts isn’t a ‘nice goal’—it’s a necessity. We are all part of the digital economy now; our digital footprints span continents, borders and time zones. We’ve all helped to make cyberspace what it is today, contributing to its awe-inspiring power and frightening vulnerabilities.  It’s up to all of us to make cyber security what it can be, tomorrow, and to ensure that future digital natives continue to enjoy the positive potential of technology.

Buckle up… it promises to be a thrilling ride!

Editor’s note: This blog post by ISACA CEO Matt Loeb originally appeared in CSO.

Matt Loeb, CGEIT, CAE, FASAE, Chief Executive Officer, ISACA

[ISACA Now Blog]

English
Exit mobile version