Traps 4.0: Install, Configure, and Manage (EDU-181) – Certificate of Completion
New PCNSE Exam Now Available
Our Palo Alto Networks Education and Certification team is pleased to announce the availability of the new Palo Alto Networks Certified Security Engineer (PCNSE) exam. This new role-based certification replaces the previous technology versioned certifications to better prepare you for your career leveraging Palo Alto Networks Next Generation Security platform.
The exam covers topics related to PAN-OS 8.0 software, Panorama, GlobalProtect, and other aspects of the Palo Alto Networks network security platform that a firewall administrator needs to know to design, install, configure, maintain and troubleshoot the vast majority of Palo Alto Networks implementations. (Note: This exam does not cover Aperture, Traps or AutoFocus.)
The PCNSE Study Guide and Blueprint supplies an overview of the exam and explains its scope as well as how a candidate can register and prepare for it. The study guide also shows the objectives covered by the exam, and provides sample questions and resources for candidate preparation.
Why Certification From Palo Alto Networks Matters
A gap in cybersecurity skills and the needs of the industry rank among the top issues facing organizations today. As the fastest-growing security vendor, we realize that training and certifying skilled resources helps our customers tackle their cybersecurity goals confidently.
The majority of Palo Alto Networks customers are moving from legacy technologies to our Next-Generation Security Platform to consume the most advanced features and ensure maximum protection against digital attacks. This transformation to network, endpoint and cloud protection is best achieved with properly skilled resources. The certification program from Palo Alto Networks validates that credentialed individuals possess the Next-Generation Security Platform knowledge necessary to prevent successful cyberattacks and safely enable applications.
There are several other notable benefits of certification from Palo Alto Networks, including having:
- Projects done right the first time
- Consistency of implementation
- Improved team performance and productivity
- Faster identification, investigation and remediation of issues
Palo Alto Networks certification benefits not only organizations but also the individuals by showcasing their knowledge of the Next-Generation Security Platform. It provides an immediate improvement to their professional profile and, for those with their sights on the future, aligns them with the fastest-growing security company.
For more information, visit the PCNSE Certification page or join us for CERT FEST, our upcoming PCNSE exam preparation workshop.
[Palo Alto Networks Research Center]
Threat Brief: Information on Bad Rabbit Ransomware Attacks
This Unit 42 blog post provides an update on the threat situation surrounding the Bad Rabbit ransomware attacks.
Attack Overview
Bad Rabbit is a ransomware attack that, at the time of this writing, appears to primarily be affecting countries in Eastern Europe. While not spreading as widely as the Petya/NotPetya attacks, reports indicate that where Bad Rabbit has hit, it has caused severe disruption. The Ukrainian CERT has issued an alert on Bad Rabbit.
As detailed below, Bad Rabbit gains initial entry by posing as an Adobe Flash update. Once inside a network it spreads by harvesting credentials with the Mimikatz tool as well as using hard coded credentials.
Bad Rabbit is similar to Petya/NotPetya insofar as it encrypts the entire disk.
We are not aware of any reports of successful recovery after paying the ransom.
Because the initial attack vector is through bogus updates, Bad Rabbit attacks can be prevented by only getting Adobe Flash updates from the Adobe web site.
Reconnaissance
This attack does not appear to be targeted. Therefore, there appears to be little reconnaissance as part of this attack.
Delivery/Exploitation
According to ESET, the initial infection vector for Bad Rabbit is through a fake Adobe Flash update that is offered up from compromised websites. Proofpoint researcher Darien Huss has reported this fake update was hosted at 1dnscontrol[.]com. Reports differ on whether this is delivered through social engineering that convinces the user to install the fake update or if it is delivered silently through unpatched vulnerabilities (i.e. “drive-by” installs).
Lateral Movement
Once inside a network, Bad Rabbit propagates itself to other systems. Reports indicate that it harvests credentials using Mimikatz and Maarten van Dantzig reports it also uses common hardcoded credentials to spread.
Command and Control (C2)
At this time, we have no information on command and control for Bad Rabbit.
Conclusion
Bad Rabbit is not as widespread of an attack as Petya/NotPetya but is causing severe disruptions where it is occurring. It is similar to Petya/NotPetya in terms of the impact of a successful attack. However, it is a different attack with different malware.
We will update this blog with new information as it becomes available.
For information on how Palo Alto Networks products prevent Bad Rabbit, please see our Palo Alto Networks Protections Against Bad Rabbit Ransomware Attacks blog post.
As always if you have any questions, please come to the Threat & Vulnerability Discussions on our Live Community.
Version Summary
October 24, 2017 2:30 p.m. PT
- Initial Publication
[Palo Alto Networks Research Center]
Credible Risk Assessment Establishes Foundation for an Enterprise Cyber Security Program
Security is only as strong as the weakest link. Organizations must ensure that they are on a regular basis performing a comprehensive risk assessment exercise to discover vulnerabilities that can be exploited. The immediate lesson from the Equifax breach is about ensuring organizations review their patch management and configuration management practices. Any policy and process must be influenced by standards such as PCI DSS, ISO 27001, and NIST Special Publications. However, organizations must view this area of challenge as an opportunity to review and improve the full scope of the enterprise cyber security program. Think of the Japanese word, “kaizen,” that means continuous improvement.
Establish an active cyber defense program
The bottom-line recommendation for senior executives is to set the tone for cyber security as an enterprise priority. These seven areas are critical to address on a continual basis:
- Develop a credible and an approved cyber security strategy that resonates across the enterprise
- Implement a cyber security framework
- Conduct a comprehensive and thorough security risk assessment, at least annually
- Ensure a technical vulnerability assessment is performed quarterly, and a penetration testing, annually, on mission critical assets
- Perform a Business Impact Analysis (BIA)
- Develop a detailed IT Disaster Recovery Plan (DRP); test it regularly
- Create a cyber incident response plan
Cyberattacks may not just disrupt, but potentially destroy valued data. 2018 will witness cyber events of the past repeated. We must be prepared now. We must bake in cyber security in the enterprise DNA. It always starts with a credible enterprise risk assessment. Ensure it is comprehensive and thorough.
Editor’s note: Ali Pabrai will discuss this topic in more detail during his CSX Europe session, titled “The Art of Performing Risk Assessments.” Pabrai is a renowned cyber security expert and member of Infragard (FBI). He is a top-rated dynamic speaker and chief executive of ecfirst – a compliance and cyber security company. Pabrai also serves on the HITRUST Assessor Council, and is the author of several published works.
[ISACA Now Blog]
Cloud Security Alliance Releases Updates to ‘The Treacherous 12: Cloud Computing Top Threats in 2016’
SEATTLE, WA – October 20, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced an updated ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights,” a refreshed release to the 2016 report that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.
“It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” said Scott Field, partner architect with Microsoft Corp. and chair of the CSA Top Threats Working Group.
The anecdotes and examples mentioned in this document include:
- Yahoo breach – Data Breaches
- LinkedIn failure to salt passwords when hashing – Insufficient Identity Credential Access Management
- Instagram abuse of account recovery – Insufficient Identity Credential Access Management
- OAuth Insecure implementation – Account Hijacking
- Zynga ex-employees alleged data theft – Malicious Insiders
- Yahoo breach – Insufficient Due Diligence
- MongoDB Mexican voter information leak – Insufficient Identity Credential Access Management
- Dyn DDoS attack – Denial of Service
- Dirty Cow Linux privilege escalation vulnerability – System Vulnerabilities
- T-Mobile customer information theft – Malicious Insiders
- MongoDB unprotected, attacked by ransomware – Insufficient Identity Credential Access Management
- Malware using cloud services to exfiltrate data and avoid detection – Abuse and Nefarious Use of Cloud
- Australian Bureau of Statistics denial of service – Denial of Service
- Virlock ransomware – Data Loss
- Zepto ransomware spread and hosted on cloud storage services – Abuse and Nefarious Use of Cloud
- CloudSquirrel malware hosting command and control (C&C) in Dropbox – Abuse and Nefarious Use of Cloud
- CloudFanta Malware using cloud storage for malware delivery – Abuse and Nefarious Use of Cloud
- Moonpig insecure mobile application – Insecure Interface and APIs
- Cloudflare/Cloudbleed buffer overrun vulnerability – Shared Technology Vulnerabilities
- NetTraveler advanced persistent threats – Advanced Persistent Threats (APTs)
The Treacherous 12 report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in the CSA community about the most significant security issues in the cloud.
The CSA Top Threats Working Group is responsible for providing needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. The CSA Top Threats Working Group is led by Scott Field, along with long-time cloud security professionals Jon-Michael Brook, a principal/Security, Cloud & Privacy at Guide Holdings, and Dave Shackleford, a principal consultant with Voodoo Security.
The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit the Top Threats Working Group page.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security- specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
Media Contact
Kari Walker for the CSA
ZAG Communications
703.928.9996
kari@zagcommunications.com
[Cloud Security Alliance Research News]
