Press "Enter" to skip to content

BlackHat stories, plus DHS’s new group and MSPs targeted

National Cyber Director Chris Inglis on Monday made the case for establishing an office within the Department of Homeland Security (DHS) to track and analyze cybersecurity incidents in order to ensure the nation has an early warning system to understand adversary efforts to target U.S. organizations.   Later in the week, DHS unveiled the Joint Cyber Defense Collaborative, initially to focus on combating ransomware and cyberattacks on cloud-computing providers.   The goal long term is to improve defense planning between the government and private sector.    Included in the group – Microsoft, Google, and Amazon.  

A Senate oversight report published this week reveals that the cyberdefenses of key US federal agencies remains inadequate.    Inspectors found essentially the same failures as the prior 10 years.     And – it’s not that the government needs cutting edge new technology.   It’s that they have not allocated the budget or organization will to implement best practices.  

IBM found that the average data breach now costs companies around $4.24 million per incident, the highest amount in the report’s 17-year history.   The average expense of a data breach rose by 10% in 2021 over the previous year. Breaches also cost $1 million more on average when remote work was revealed as a factor compared with businesses without this factor.

Accenture says there has been a triple-digit increase in cyber intrusions in the first half of 2021, compared with the same period last year.    The US accounts for more than 36% of incident volume, followed by the UK at 24% and Australia at 11%.   Consumer goods & services is the top target, at 21% of cyberattacks, then industrial/manufacturing, banking, and travel & hospitality industries at 16%, 10% and 9%, respectively.

While thinking about attacks, DDos attacks largely target the US, per data from Atlas VPN.   In June 2021 alone, more than a third of DDoS attacks worldwide targeted servers in the U.S.    Who’s targeted?  The computer and internet industry — domain providers, web hosts, ISPs, and other online services, was the recipient of 83.2% of all DDoS attacks.  The idea – take out the infrastructure to impact business services.

Also targeted – MSPs.  Reuters is reporting on statements by the Dutch Institute for Vulnerability Disclosure, indicating that having discovered how successful attacks on MSPs can be “they are already busy, they have already moved on and we don’t know where.”.  Those researchers indicated they have discovered more vulnerabilities in MSPs.. who have not yet fixed all the problems.

It’s not just Kaseya.  At a presentation this week at BlackHat, security researchers presented techniques they have developed which let them hijack Jamf, that Mac focused management tool.  

Also from BlackHat: reports from the Colaition Against Stalkerware of a surge in the use of stalkerware in intimate partner violence and gender-based violence.    Stalkerware is software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without consent and without “explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.”

Finally, directing listeners to research coming out from the Dolos Group.    They were hired to test the security of a client’s network.  They received a preconfigured Lenovo laptop with the firm’s standard security stack, and received no test credentials, configuration details, or other information about the machine… and demonstrated they were able to gain access in less than 30 minutes with no soldering, and just simple and available tools and hardware.    Ars Technica with the writeup.

Why do we care?

Did that Senate oversight report resonate?  Even the US government is not allocating resources.      

The IT industry seems to be waking up to the fact it’s a target.    Sure… ok.  Let’s go with that.      I highlighted the JAMF story to illustrate that while Kaseya got all the headlines, the more important takeaway is constantly evaluating the attack surface of you, and your customers.  

There’s specific tactical advice here too – getting the basics right is the first step, and so many aren’t doing that.  Then, examine the further repercussions, be it in understanding how to address what the Ars Technica research finds, or how to look at the implication of technology on things like stalking.     A veritable smorgasbord of opportunity… although none are “easy”.