A quiet week in terms of news and threat advisories, but a busy week for vendor security landscape reports. The reports have expected common themes (phishing is effective) but also some significantly different views by industry and techniques used. By definition, the data reflects their customer base not real world industries which really should not be a surprise. If you read just one report, go with CrowdStrike.
In the news
Research, reports, opinions
An interesting description on how researchers used fake Facebook groups, and targeted Facebook advertising to infiltrate the military of an unnamed country. The approach could equally be used to compromise commercial targets.
Ring Doorbell is a popular home security device acquired by Amazon. Researchers with BullGuard discovered a way to launch a man-in-the-middle hack against the smart doorbell app, enabling arbitrary surveillance and even inject counterfeit video traffic.
An interesting description of hackers phishing high traffic Instagram accounts by using flattery.
CrowdStrike has released their 2019 Global Threat report. Two interesting data points; the first is the “breakout time” or time from initial compromise to lateral movement varied between just under 19 minutes and nearly 10 hours. Admittedly these were for nation state hackers. Irrespective the key takeaway is response time, or at least having additional measures to slow down attackers is key to effective defence. The second data point, is the type of technique used; compromise of valid accounts is the most popular technique across initial compromise, persistence, privilege escalation and defence evasion. Perhaps of no surprise that of all the fancy possible techniques, the most simple is the most popular.
Microsoft has released their Security Intelligence Report (SIR). The report does not contain any unique insights but that in itself is of interest.
Rapid 7 has released their Quarterly Threat Report with nice breakdowns by industry (have a look at the Transportation industry data!)
IBM has released their Threat Intelligence Index.
Microsoft has released a public preview of a cloud based SIEM solution called Azure Sentinel. Includes various connectors and an approach for playbook automation.
Microsoft has released a “Threat Experts” service which provides a managed threat hunting service add on to Windows Defender Advanced Threat Protection providing two key services, “Targeted attack notifications” and “Experts on demand”.
Cisco has released an advisory to address vulnerability in its wireless VPN and wireless router products that could allow an unauthenticated, remote attacker to execute arbitrary code.
UK industry events
- 7-8 March 2019, London, Identity and Access Management Summit
- 12-13 March 2019, London, Cloud and Cyber Security Expo
- 27-28 March 2019, London, The World Cyber Security Congress
- 14 March 2019, London, CRESTCon
- 24-25 April 2019, Glasgow, CYBERUK
- 25-26 April 2019, London, Cyber Security and Cloud Expo
- 9 May 2019, London, GovSec
- 4-6 June 2019, London, Infosecurity Europe
- June 2019, London, Security BSides
- 9 July, London, The Cyber Security Summit
- 23-24 September, Windsor, Information Security Network
- 9-10 October, London, Cyber Security Europe (part of IP Expo)
- October 2019, London, FT Cyber Security Summit Europe
- 20 November 2019, London, Cyber Security Summit