Sunday, May 14, 2017

Hackers don't make mistakes. It is all part of the plan!

Hackers that uses tools allegedly stolen from the NSA and uses it set a 
ransomware do not make mistakes. 
The fact that one have noticed that WannaCry ransomware had a turnoff switch, I assume that it was deliberately planned like that. Waiting to see if and when someone will reverse engineer the code to find it.  Why? I can just guess that they wanted to see how fast one will "catch" them, or better, to understand how they need to react to make it more sophisticated.  
So they did. I have learned today that WannaCry 2.0 is out there without the kill switch, so it is on the loose again.
According to officials that ransomware has affected some 75000 PCs in just 24hrs, that is 22,500,000$ reasons why to try and improve it. You got it right, the profit potential after 24 hours were twenty-two million US dollars (paid with untraceable Bitcoin). How many paid? No one knows...   
when it will end? for sure the epidemic infection will be reduced once IT organizations will patch and block the SMB protocol in their networks, as it carried this virus.

Friday, April 21, 2017

Corporate Cyber Protection Methodology

Earlier this week the Israeli CERT (CERT-IL) have issued a final draft for a "Civilian Corporate Cyber Protection Methodology." in this publish they are asking for comments before making this paper official, and releasing it.  This 160-page long paper was written for providing a professional solution for the entire marketplace. The organization's protection plan derived from this document adapted to the extent of the body's dependence on cyber.

The central principle of which this defense doctrine paper was written is the organization as a whole recognizing that it is necessary to protect the continuity of the organization's functioning and to support its business objectives.
This concept is expressed in the document as follows:

A. Management Responsibility - The responsibility for protecting the information lies first and foremost with the management of the organization.

B. Protection Depending on the potential damage - the investment in the protection of each asset will be per its critical level to the functioning of the organization.

C. Defense based on Israeli knowledge and experience - the theory of defense enables the focus on the relevant risks to all
Organization and organization. As part of the activities of the National Authority for Cyber ​​Defense, periodic intelligence audits and assessments are conducted to the economy. These actions enable organizations to target specific areas of the various defense circles.

D. Proactive protection - The security controls were defined with the understanding that the organization must invest additional efforts The passive defense. This is expressed through the definition of protective controls for the stages of prevention, identification, and reaction and return to routine.

E. Multilayered Protection - Protection is a process that combines three main components: people, technology and processes (3 P's - People & Products & Processes) Defense theory defines a defensive response that is required on all these levels.

The original published document can work in for any organization. Regardless the locale of your office, I think that the third concept, mentioned above (translated from the original paper) should be read "Defense based on LOCAL knowledge and experience." The intel and assessments which are applicable for Israel might not be right for India, Mozambique or Brazil. In an organization that it is multinational and the organization's CSO need to handle with cyber aspects in each country, it is important to pay attention to the local recommendations for each branch as it was it was the only location in the network. 

There is nothing new there in this document that we don't know by now as it is based on NIST CSF (Cyber Security Framework). The ingenuity here is that this paper adjusting the standard and making it accessible to the Israeli market.  

Recently I have looked for web hosting services for one of my customers that needed some dedicated servers some ware on the WWW cloud.  I have found this site HostMonk to be VARY useful for comparison (and easy access to) of many new vendors and plans that I didn’t found them on regular search engines. Try it, it might save you some money.