Friday, June 2, 2017
Of the more than 400 North American cybersecurity professionals who participated in the survey, 87 percent rated their patching processes as "very mature to moderately mature," and 79 percent called their patching approval processes "significantly manual." Respondents also expressed concern about a lack of transparency and improper prioritization.
David Monahan, Security and Risk Management Research Director at EMA, called for unflinchingly honest assessments of network security frameworks. "When security professionals paint a rosier picture than reality, every role above them is falsely insulated, leading to poor program decisions," he said. "That's why transparency is essential. Everyone should have access to the same set of data at any moment in time."
Ryan Stolte, co-founder and Chief Technology Officer at Bay Dynamics, said manually compiling information to prioritize critical vulnerabilities is an insufficient protection against imminent threats. Security teams need a "system of record that automatically prioritizes threats and vulnerabilities based on financial impact to the organization, delivers that information to the individuals responsible for action, and provides updates of their mitigation status," he said.
Criminals borrow from retail and ecommerce playbooks, productizing a variety of attack vectors and exploits on websites that resemble Amazon.com. Catalin Cimpanu, Security News Editor for Bleeping Computer LLC, reported that The Shadow Brokers, who recently launched the WannaCry attack, are promoting data-and-exploits-as-a-service on the Dark Web.
Cimpanu's May 30, 2017 post titled "The Shadow Brokers Announce Details About Upcoming Monthly Dump Service," indicated the criminal group is offering a range of exploits and attack vectors for about $28,000 per month. Offerings include web browser and router exploits; mobile handset exploits and tools, items from newer Ops Disks; exploits for Windows 10; and compromised network data from SWIFT providers, central banks, and Russian, Chinese, Iranian, or North Korean missile programs.
Despite doubts about the authenticity of the compromised data, cybersecurity professionals said government and private sectors need to enforce strict permission levels across networks and remain vigilant. "Whatever the truth is, it is clear now that the governments should handle their cyberweapons in ways similar to the handling of their weapons of mass destruction," said Csaba Krasznay, Product Evangelist at Balabit, a Hungarian security firm. "Otherwise, perhaps a disgruntled privileged administrator might steal one, or perhaps someone may simply forget to delete it after use in an operation. Those codes shouldn't get to a Shadow Broker-like group, and this is a governmental responsibility."
Gabriel Gumbs, Vice President of Product Strategy at Stealthbits Technologies, questions why the Shadow Brokers would promote exploits that are widely available on the Dark Web. Zero-day attacks are commonplace in the Dark Web and open market, but SWIFT network data can be worth millions "to both black hat hackers and the impacted organizations," he stated. "So why would a group of hackers need to peddle exploits and the like if they have, at their disposal, the means to steal untold amounts of money? I for one am very skeptical of the group and their motives."
A free, downloadable Shadow Brokers Vulnerability Utility, is available from Stealthbits. Company representatives said the utility can help organizations identify vulnerabilities and risk exposure and verify that systems have been successfully patched.
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
