Information Technology

The use of cloud computing applications has grown significantly in the last two years as the Covid-19 pandemic forced many organisations to adapt to remote working.Many of those businesses may never go back to being fully on-premises, either because they are switching to a permanently remote model or a hybrid model where employees balance their time between working remotely and working from the office.

Special Report

Managing the Multicloud

It’s easier than ever for enterprises to take a multicloud approach, as AWS, Azure, and Google Cloud Platform all share customers. Here’s a look at the issues, vendors and tools involved in the management of multiple clouds.

Read More

While this has brought benefits, the increased use of cloud applications and services also brings security risks. Employees can now access corporate applications from anywhere — and that can be exploited by cyber criminals.A successful phishing email attack, or a leaked or easily-guessed username and password, could provide an attacker with access to a user account and a gateway to the entire network. And because the user is remote, potentially malicious activity might not get picked up until it’s too late, if at all.Hybrid cloud is becoming increasingly common in enterprises, because using multiple different public and private clouds can provide benefits when it comes to agility and combining different providers to optimise environments and workloads throughout the organisation. There’s also the benefit that if one cloud service suffers an outage, the business can keep operating, because there’s the ability to keep running from multiple services.But just as cloud usage brings additional security risks if not managed correctly, this is multiplied in a hybrid cloud environment.”This complexity and these differences can lead to the opportunity for adversaries,” says Kevin Bocek, VP Security Strategy and Threat Intelligence for Venafi. 

SEE: A winning strategy for cybersecurity (ZDNet special report)The ease of setting up cloud computing accounts means it can be done by anyone — developers, administrators or other IT staff. This can be often be done without the involvement, or even knowledge, of security teams.”We’re dealing with this new environment where security teams don’t have control, and they have to really change the way that we’ve been trained for the last 20 or 30 years,” says Bocek.Some organisations, when deploying cloud based services, may believe that the security element is handled entirely by the vendor, when this often isn’t the case.

That can lead to misunderstandings about configuration and issues surrounding the security of potentially internet-facing services — and the data that could be exposed if such services aren’t secured properly.”What we’ve observed during our investigations is also a lot of misconfiguration in the cloud, and it’s coming back to the lack of skills, and ability for the people to really understand what they are doing. They are just clicking ‘next’, and they are not really looking at what they’re doing. At the end of the day, they might expose interesting information for the attacker,” says David Grout, EMEA CTO at Mandiant,  As a cybersecurity company, Mandiant is often called to investigate security incidents, a quarter of which involve public cloud assets. Like any other software, cloud-based platforms need their security managed — and that starts with applying patches and security updates as soon as possible after they become available. That’s because, just like other software and applications, vulnerabilities can be uncovered in cloud suites. And once they’ve been disclosed, cyber criminals and other malicious attackers will attempt to exploit unpatched instances — and it’s the responsibility of the cloud user, not the vendor, to actually apply these updates.”People think that they will be covered by the cloud providers, but at the end of the day, the applications are yours and you need to manage the patching,” says Grout.In order to manage and patch, security needs to be aware of what software and services are being used. If IT is procuring multiple cloud services, it can be difficult to keep track, but knowing the extent of the infrastructure is key when it comes to keeping it secure. This applies to cloud services too.”If you have a multi cloud platform — or even a single cloud strategy — at the end of the day, you need to find a way to collect all the information in one single platform,” says Grout.One of the most important things that can be done to stop attacks is to apply multi-factor authentication to all users of all cloud services. That additional barrier can protect against the vast majority of attacks that attempt to steal identities required to access cloud services.MORE ON CYBERSECURITY More

Cybersecurity companies Presidio and Crowdstrike are partnering with Amazon Web Services (AWS) for a new Ransomware Mitigation Kit designed to provide organizations with tools to deal with attacks before and after they occur. 

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The kit combines the security capabilities of Presidio, CrowdStrike, and AWS’ company CloudEndure, addressing the five pillars of the NIST Cybersecurity Framework.Sandy Carter, a vice president at AWS, said there is no one silver bullet when it comes to mitigating ransomware attacks and other cyber incidents but explained that protection “requires a layered approach and a team that is on top of emerging threats and capable of maximizing the benefits of industry-leading security technology such as the combination of Presidio, CrowdStrike and AWS.”The companies said the kit will provide “end-to-end white-glove service to identify and protect against cyber threats, detect, and respond to risks as they occur and recover all critical data and applications prior to the breach.”Leveraging technology from CrowdStrike and CloudEndure, the kit offers enterprises visibility and breach protection across a range of digital assets, a beefed-up cloud security foundation, detection and attack prevention capabilities, as well as response and attack mitigation tools. The kit also has backup recovery features that help organizations restore lost or compromised data. “The ability for an organization to identify and respond to cybersecurity incidents could mean the difference between a minor disruption and a potentially catastrophic event. Tens of thousands of cybersecurity events occur on a daily basis that have the potential to cripple an organization for weeks or months at a time,” said David Trader, field CISO at Presidio. 

“It’s not a matter of if your organization will experience a crippling cyber event; it’s a matter of when. Preparation is critical.”

AWS re:Invent More

Leveraging its threat analysis team’s expertise and broad visibility, VMware’s Carbon Black is rolling out a new service that helps organizations respond and contain cybersecurity threats or breaches. The new Carbon Black Cloud Managed Detection and Response (MDR) for endpoints and workloads is supported by analysts with decades of experience. They monitor and analyze data for customers in the VMware Carbon Black Cloud using advanced machine learning and algorithmic toolsets. The threat analysis team “has not only expertise derived over many years but also the ability to watch the threat landscape over a broad spectrum,” Kal De, VP and GM of VMware’s Security Business Unit, said to ZDNet. “We have approximately a million endpoints under active monitoring at any given point in time… versus an individual [at a customer organization] — their visibility is limited to what’s happening in their particular environment.”The new offering builds on the managed detection capabilities Carbon Black has offered since 2017. Now, if there’s an incident, analysts can proactively reach out to the affected customer and initiate a two-way conversation. They’ll respond to questions regarding alerts and offer recommendations for policy changes customers can take to remediate the threat. Analysts can maintain visibility on a compromised endpoint even after isolating and securing it, and they’ll continue communications until the threat is contained. MDR analysts provide around-the-clock monitoring, which Carbon Black says will help reduce security staffing pressures.”What we’re trying to do is combine machine intelligence with expert eyes that can offer a much higher degree of accuracy in responding to the signal quickly and effectively,” De said. Compared to competing for security products, he said Carbon Black offers a “much more unified boots on ground, human response.” More

Insecure cloud-computing services can be a huge risk for organisations because they’re a regular target for cyber criminals. Researchers have demonstrated how vulnerable or misconfigured cloud services can be, after deploying hundreds of honeypots designed to look like insecure infrastructure, some of which lasted just minutes before being compromised by hackers. Cybersecurity researchers at Palo Alto Networks set up a honeypot compromised of 320 nodes around the world, made up of multiple misconfigured instances of common cloud services, including remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB) and Postgres databases. 

ZDNet Recommends

The honeypot also included accounts configured to have default or weak passwords — exactly the sort of things that cyber criminals are looking for when trying to breach networks.  SEE: Cloud security in 2021: A business guide to essential tools and best practices And it wasn’t long before cyber criminals discovered the honeypot and looked to exploit it — some of the sites were compromised in minutes while 80% of the 320 honeypots were compromised within 24 hours. All of them had been compromised within a week.  The most attacked application was secure shell, which is a network communication protocol that enables two machines to communicate. Each SSH honeypot was compromised 26 times a day on average. The most attacked honeypot was compromised a total of 169 times in just a single day.  Meanwhile, one attacker compromised 96% of the 80 Postgres honeypots within a single 90-second period. 

“The speed of vulnerability management is usually measured in days or months. The fact that attackers could find and compromise our honeypots in minutes was shocking. This research demonstrates the risk of insecurely exposed services,” said Jay Chen, principal cloud security researcher at Palo Alto Networks.  Exposed or poorly configured cloud services like those deployed in the honeypot make tempting targets for cyber criminals of all kinds.   Several notorious ransomware operations are known to exploit exposed cloud services to gain initial access to the victim’s network in order to eventually encrypt as much as possible and demand a multi-million dollar ransom in exchange for the decryption key.   Meanwhile, nation state-backed hacking groups are also known to target vulnerabilities in cloud services as stealthy means of entering networks in order to conduct espionage, steal data, or deploy malware without detection.  SEE: A winning strategy for cybersecurity (ZDNet special report) And as the research demonstrates, it doesn’t take long for cyber criminals to find exposed internet-facing systems.  “When a vulnerable service is exposed to the internet, opportunistic attackers can find and attack it in just a few minutes. As most of these internet-facing services are connected to some other cloud workloads, any breached service can potentially lead to the compromise of the entire cloud environment,” said Chen.   When it comes to securing accounts used to access cloud services, organisations should avoid using default passwords and users should be provided with multi-factor authentication to create an extra barrier to prevent leaked credentials being exploited.   It’s also vital for organisations to apply security patches when they’re available in order to prevent cyber criminals from taking advantage of known exploits — and it’s a strategy that applies to cloud applications, too.   “The outcome [of the research] reiterates the importance of mitigating and patching security issues quickly. When a misconfigured or vulnerable service is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service. There is no margin of error when it comes to the timing of security fixes,” said Chen. 
MORE ON CYBERSECURITY More

Twitter has announced the expansion of its private information policy to include the sharing of private media, such as photos and videos, without permission from the individuals that are depicted in them, as the social media platform aims to improve user privacy and security.”Sharing personal media, such as images or videos, can potentially violate a person’s privacy, and may lead to emotional or physical harm,” Twitter shared on a blog post. “The misuse of private media can affect everyone, but can have a disproportionate effect on women, activists, dissidents, and members of minority communities. When we receive a report that a Tweet contains unauthorized private media, we will now take action in line with our range of enforcement options.”Under its existing policy, publishing other people’s private information, such as phone numbers, addresses, and IDs, or threatening to expose a person’s private information and incentivising others to do so is already not allowed on Twitter.The company took the opportunity to also outline the actions it would take when it is notified by individuals that they did not give permission to have their private image or video shared. “We will remove it,” the company wrote. It noted, however, the policy would not apply to media featuring “public figures or individuals when media and accompanying Tweet text are shared in the public interest or add value to public discourse”.

The company added that in instances where account holders share media of individuals to help someone in a crisis situation, it would “try” to assess the context in which the content is shared.”In such cases, we may allow the images or videos to remain on the service,” Twitter said. “For instance, we would take into consideration whether the image is publicly available and/or is being covered by mainstream/traditional media (newspapers, TV channels, online news sites), or if a particular image and the accompanying tweet text adds value to the public discourse, is being shared in public interest, or is relevant to the community.”The expansion of the policy comes a day after Twitter founder and CEO Jack Dorsey announced his resignation, telling employees in a letter that CTO Parag Agrawal would be taking over the position. Twitter has been rolling out a slew of features in a bid to mitigate harmful content on its platform. In September, it rolled out a feature called Safety Mode that temporarily blocks certain accounts for seven days if they are found insulting users or repeatedly sending hateful remarks.Prior to that, Twitter said it was conducting a test that would allow users in the United States, South Korea, and Australia to report misleading tweets.More Twitter News More

A DNA testing company has reported a data breach that leaked the personal information — including Social Security Numbers and banking information — of more than 2 million people, according to a notification letter the company is sending out to those affected. Bleeping Computer, which first reported the breach, said 2,102,436 people had their information exposed by DNA Diagnostics Center, an Ohio-based DNA testing company. In a notice shared on the company’s website, DNA Diagnostics Center said that on August 6, officials with the company discovered “potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database that contained personal information collected between 2004 and 2012.”Further investigation revealed that hackers had removed files and folders from portions of the database between May 24 and July 28. “The impacted database was associated with a national genetic testing organization system that DDC acquired in 2012. This system has never been used in DDC’s operations and has not been active since 2012. Therefore, impacts from this incident are not associated with DDC. However, impacted individuals may have had their information, such as Social Security number or payment information, impacted as a result,” the company said in a statement. “Upon learning of this issue, DDC proactively contained and secured the threat and executed a prompt and thorough investigation in consultation with third-party cybersecurity professionals. DDC has also coordinated closely with law enforcement following the discovery of this incident. Our investigation determined that the unauthorized individual(s) potentially removed certain files and folders from portions of our database between May 24, 2021 and July 28, 2021. DDC has been and remains fully operational, and the systems and databases that are actively used by DDC were not infiltrated. The in-depth investigation concluded on October 29, 2021, and DDC has begun notifying individuals potentially affected by this incident.”DDC added that the archived system was never used directly by the company and that anyone whose personal information was accessed is being offered Experian credit monitoring. 

They noted that if you were forced to get a relationship DNA test as a part of court proceedings or got independent, individual testing between 2004 and 2012 but have not received a mailed letter from DDC, you should call 1-855-604-1656 for more information.DDC claimed it is working with cybersecurity experts to “regain possession” of the stolen information but is recommending anyone who thinks their information may be involved to put in place a 1-year “fraud alert” on their credit files. DDC did not respond to requests for comment but noted that it conducts more than one million DNA tests each year. Chris Clements, a vice president at Cerberus Sentinel, criticized DDC for “disingenuously attempting to deflect responsibility for the breach” due to their comments about the system not being associated with their company directly. “It doesn’t matter what organization ‘started’ with the data, once you acquire it, it becomes your responsibility. I might be more forgiving if the data was only recently obtained by DDC, but by now they’ve had it nearly a decade,” Clements said. “If you aren’t aware a given asset exists, you can’t begin to properly secure it. A second observation is the almost three-month delay between the beginning of the breach and first detection. DDC has not revealed what triggered the realization that they had suffered a cyberattack, but most organizations discover a compromise has occurred only when contacted by a third party such as security researchers that have traced a stolen dataset on the dark web back to their company, or when contacted by the threat actor themselves with extortion demands.” More

Cybersecurity firm Zscaler reported fiscal Q1 revenue and profit that topped Wall Street analysts’ expectations Tuesday afternoon.Revenue in the quarter rose 62% year over year to $230.5 million, yielding a profit of 14 cents per share. Analysts had been modeling $208.43 million in revenue and 12 cents per share.Non-GAAP net income reached $21 million in the quarter. The report sent Zscaler shares up more than 4% in late trading. Zscaler CEO and Chairman Jay Chaudhry said CISOs and CIOs are looking to phase out legacy network security in favor of Zero Trust architecture, due to increasing cyber and ransomware risks and accelerating digital transformation. “This architecture shift continues to drive strong demand for our Zero Trust Exchange platform,” Chaudhry says in the report. “We delivered outstanding results for the first quarter.”For the current quarter, the company expects revenue of $240 million to $242 million and an EPS around 11 cents. For the full-year fiscal 2022, the company predicted revenue in a range of $1 billion to $1.01 billion and EPS ranging from $0.50 to $0.52. 

Tech Earnings More

The rise of technologies like artificial intelligence (AI) and quantum computing is changing the world — and intelligence services must adapt in order to operate in an increasingly digital environment, the head of MI6 has warned.

ZDNet Recommends

In his first public speech since taking the role of “C” in October 2020, Richard Moore, chief of the UK Secret Intelligence Service (MI6), discussed the challenges posed by the rapid evolution in technology.While developments in computing like AI and quantum computing can provide society with what he described as “revolutionary advances,” Moore warned that they also lead to additional security threats which MI6 will need to face.”Others would speak to you about the benefits of these new discoveries — and they are myriad — but I’m paid to look at the threat side of the ledger. MI6 deals with the world as it is, not as we’d like it to be — and the digital attack surface that criminals, terrorists and hostile states seek to exploit against us is growing exponentially,” he said, in a speech at the International Institute for Strategic Studies (IISS).Moore warned that China, Russia and Iran are the most significant nation-state threats to the UK who could exploit technology to meet their aims, citing the SolarWinds cyber attack, which has been attributed to the Russian foreign intelligence, as a key example of this.Also: Hackers could steal encrypted data now and crack it with quantum computers later, warn analystsIn order to confront the challenges posed by the growing global digital environment, MI6 needs to ensure that it has the human intelligence capabilities to analyse and understand data which could help provide insights, keep agents in the field informed and ultimately help protect the UK from threats.

“There is no longer such a thing as an analogue intelligence operation in this digital world,” said Moore. “All of this requires insights from data, the tools to manipulate data and, most importantly, the talent to turn complex data into human insight. The combination of technological prowess and insights from human intelligence gives the UK a powerful edge.”He warned: “Our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology because they know that mastering these technologies will give them leverage.”Moore warned that MI6 “needs to be at the vanguard of what is technologically possible” in order to stand the best chance of protecting the UK from security threats.But while MI6 has traditionally worked in the shadows, now it’s stepping out of them in order to ensure it has access to have the people required to help solve the problems faced by new technologies.”We can’t match the scale and resources of the global tech industry, so shouldn’t try. Instead, we should seek their help. Through the National Security Strategic Investment Fund, we are opening up our mission problems to those with talent in organisations that wouldn’t normally work with national security. Unlike Q in the Bond movies, we cannot do it all in-house,” said Moore.By looking to outside experts in emerging technologies, the aim is to help improve MI6 operations and innovate faster than the UK’s adversaries – and it represents a significant shift from the secretive operations of the past, one he stressed also requires increased diversity to represent better the population MI6 serves.”I cannot stress enough what a sea-change this is in MI6’s culture, ethos and way of working since we have traditionally relied primarily on our own capabilities to develop the world-class technologies we need to stay secret and deliver against our mission,” said Moore, adding “We must become more open, to stay secret,” he added.By adapting MI6 to be able to bring in expertise to help work with emerging technologies, it’s hoped that it’ll allow the intelligence service to keep the UK safe from threats, no matter where in the world they come from. “My mission as Chief is to ensure the successful transformation and modernisation of our organisation: extending MI6’s secret human relationships to reflect the changing nature of power and influence in the world; investing in the skills a global intelligence agency needs in the digital age and meeting the technological challenge head-on by opening up — to an unprecedented degree — to partners who can help us master the technologies we need for our operations, and enable us to innovate faster than our adversaries,” Moore said. More on cybersecurity: More