Use a Vault Before Ransomware Does It For You
Don’t get held ransom by ransomware! Remember to balance your production and your security. This week there are ways to keep it all secure across the systems. Ransomware isn’t a joke folks! Tune in to see useful ways to keep yourself secure.
In the news: is cybersecurity insurances worth it? More useless laws for cybersecurity, NSA rings the warning bells on Russia, and more from security and the cloud!
Links:
- Cyber insurance isn’t helping with cybersecurity, and it might be making the ransomware crisis worse, say researchers: https://www.zdnet.com/article/ransomware-has-become-an-existential-threat-that-means-cyber-insurance-is-about-to-change/
- House lawmakers introduce bill to increase American awareness of cyber threats: https://thehill.com/policy/cybersecurity/560077-house-lawmakers-introduce-bill-to-increase-american-awareness-of-cyber
- 5 Mistakes that Impact a Security Team’s Success: https://www.darkreading.com/edge/theedge/5-mistakes-that-impact-a-security-teams-success/b/d-id/1341470
- Google Working on Patching GCP Vulnerability that Allows VM Takeover: https://www.itsecuritynews.info/google-working-on-patching-gcp-vulnerability-that-allows-vm-takeover/
- NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs: https://www.darkreading.com/attacks-breaches/nsa-and-cisa-issue-warning-about-russian-gru-brute-force-cyberattacks-against-us-global-orgs/d/d-id/1341458
- $70 Million Demanded as REvil Ransomware Attackers Claim 1 Million Systems Hit: https://www.forbes.com/sites/daveywinder/2021/07/05/70-million-demanded-as-revil-ransomware-attackers-claim-1-million-systems-hit/?sh=7517b8f957c0
- How to monitor and track failed logins for your AWS Managed Microsoft AD: https://aws.amazon.com/blogs/security/how-to-monitor-and-track-failed-logins-for-your-aws-managed-microsoft-ad/
- Six ways businesses can reduce their cyber security risk as incidents rise: https://www.newshub.co.nz/home/money/2021/06/six-ways-businesses-can-reduce-their-cyber-security-risk-as-incidents-rise.html
- How to get a lucrative job in cybersecurity: https://www.bbc.com/news/business-57663096
- Why MTTR is Bad for SecOps: https://threatpost.com/mttr-bad-secops/167440/
- What is the dark web? How to access it and what you’ll find: https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html
Transcript
Jesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.
Announcer: If your mean time to WTF for a security alert is more than a minute, it’s time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you’re building a secure business on AWS with compliance requirements, you don’t really have time to choose between antivirus or firewall companies to help you secure your stack. That’s why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That’s lacework.com.
Jesse: What? Your backups are really just diversified pools of production data across multiple cloud provider regions, or stores with no space wasted on offline or non production data? That’s awesome. You are a beautiful target for ransomware. Best practices from a production infrastructure view don’t always match up to best practices for security.
However, there are ways to provide data protection and redundancy as ransomware impact mitigation while still providing dynamic operational systems. Once again, this solution is to shift left and design security into every single interaction and layer of your systems and infrastructure.
Meanwhile, in the news. Cyber insurance isn’t helping with cybersecurity, and it might be making the ransomware crisis worse, say researchers. I know of organizations that have purposefully reduced spending on their cybersecurity programs in favor of hefty cyber breach insurance. It seems at first like a great balance sheet move, but in the long run it doesn’t pay. Just build adequate security programs, please.
House lawmakers introduce bill to increase American awareness of cyber threats. Wow, so now the whole nation will be subjected to useless clickthrough CBT experiences that don’t change their behavior? Excellent. I’m sure the APTs of the world are shaking in their VR headsets already.
5 Mistakes that Impact a Security Team’s Success. Call them fiefdoms, silos, or something else, whatever name you use, operating in any way but cooperatively is horrible and unprofessional. If you are frustrated by other people doing this to you, think about the ways you can bridge the divide and draw them into a shared success model where everyone wins by working together.
Google Working on Patching GCP Vulnerability that Allows VM Takeover, AWS users rejoice. Finally a cloud security problem you can ignore. GCP users, it’s your turn to panic and question your choices. Now, you know what it feels like to be everyone else using cloud services. Being in the cloud doesn’t reduce your risks inherently; it merely shifts the focus of some of your risks.
NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs. Cyber attacks are becoming more frequent and more automated. Even the human-driven APT attacks are using scalable cloud technologies to do their dirty work. Monitor your cloud and service or system usage for anomalous behavior, as well as known attack profiles.
$70 Million Demanded as REvil Ransomware Attackers Claim 1 Million Systems Hit. Ransomware is no joke. If you don’t already have easily recoverable systems and data, ransomware can be the end of you. Also, if the supply chain for your software includes outside libraries or packages of any kind get assurance in writing, with details, from your vendors on how they are both securing and monitoring for these attacks.
Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That’s goteleport.com.
Jesse: How to monitor and track failed logins for your AWS Managed Microsoft AD. If you need to make AWS send you custom-crafted alerts about failed logins, you aren’t doing something right. If you don’t have proper log management and a SIEM of some sort, spend your precious little resources slapping something together for broader monitoring instead of crafting bespoke little jewels of highly specialized AWS magic for very narrow use cases. There are so many turnkey solutions for log monitoring and alerting, why would we waste time building our own? Don’t be stupid.
Six ways businesses can reduce their cyber security risk as incidents rise. I’m sure regular readers will know this list isn’t anything new, but maybe one or two of you will finally implement a few things. Use any multi-factor authentication scheme, combined with a proper password manager for all your users, employees and customers alike. Even a tiny business struggling to make ends meet can afford $6 to $10 per month on a password vault servers for employees.
How to get a lucrative job in cybersecurity. I swear this isn’t a Ponzi scheme advert. The opener has the usual kid hacker to security pro story we’ve all seen in the movies, though many of us in cybersecurity today had that type of journey to our roles. The modern era generally isn’t conducive to opportunities for self-taught hacker kids, however there is hope for people who have not gotten computer science or other related security or engineering degrees.
Why MTTR is Bad for SecOps. Oh, I love me some data and metrics, but I love me some useful information and insights from data and metrics even more. Too many people get caught up in dashboards of metrics without understanding which numbers are useful. Efficacy reports in IT or SOC operations drive behavior of both management and individual contributors. Make useful reports instead of screenfuls of dials and graphs that are meaningless.
What is the dark web? How to access it and what you’ll find. Want to see things you can’t unsee? Want to risk venturing to sites your HR department will be calling you about? Want to see if your organization’s data is for sale? Here’s a way to meet all your stupid desires. Pro tip: don’t go following this stuff in this article on your precious computer with your private personal or organizational data on it.
And now for the tip of the week. Implemented organizational password manager; do it today. There are so many options it’s difficult to choose between them, but you can quickly find numerous sources that show the most popular for enterprise usage. Whichever one you choose, ensure it allows for central management of passwords, multiple vaults with various permission options, and personal vaults for each user. The top providers are all cloud-based services with various local front ends or caching methods. Find one that’s cross-platform of course.
Most cloud vault providers have options in the sub-ten-dollar per user price range with higher-end enterprise features for not much more than that. There is an incredible amount of return on your investment in a standardized vault system. It’s stupid not to do this. Also, you must require use of the vault for access to organizational resources and shared accounts. And that’s it for the week. Securely yours, Jesse Trucks.
Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.
Announcer: This has been a HumblePod production. Stay humble.
Join the newsletter
Cloud Security For Humans
Meanwhile in Security is a production of The Duckbill Group. Check out our other publications, Last Week in AWS, Screaming in the Cloud, and AWS Morning Brief.
© The Duckbill Group, 2021