Enter The Blockchain 2.0

As the world becomes ever more data-driven, data breaches become more intense and more frequent with data records exposed on an almost daily basis with potentially devastating consequences. Everyone is at risk. Today’s organizations have to shift their focus toward technologies that inherently protect and secure data. Enter the Blockchain technology.

The Blockchain technology was introduced as a way to store and send the cryptocurrency Bitcoin. However, it now has the potential to radically secure data ensuring that it is verifiable, auditable, and tamper-proof.

Blockchain effectively cuts out the middle-man

At its core, Blockchain technology is not stored on a central database; instead, it’s stored in a “distributed ledger of blocks.” As its name suggests, Blockchain is a linked set of records that includes a hash-based data structure used in distributed systems for efficient data verification that links it directly to the previous block, a timestamp for authorship and the transaction data. These blocks are then distributed across the entire network, with each node, holding a complete copy of the ledger.

The Blockchain technology eliminates a single point of failure, even if several nodes were disabled, it would not result in any data loss. You no longer have to engage a third-party vendor or service provider when you can depend on the Blockchain decentralized, inflexible ledger.

Blockchain offers reliable, independent data verification.

Data held in traditional networks and single storage repositories are vulnerable to insider-threats and other insidious cyber-attacks. In contrast, data recorded in Blockchain technology is inherently inflexible; thus, it can not be changed retroactively without the changes occurring in all of the all subsequent blocks and a consensus of the network majority. Utilizing decentralized, serialized data verified with cryptographic proofs would remove any doubt about the integrity of the data.

Public vs. Private 

Public

The most well-known examples of public Blockchains include Bitcoin and Ethereum. They are open, transparent, distributed ledgers, that allows anyone to participate in the network as either anonymous or pseudonymous participants. 

Public Blockchains are dependant upon the number of participants for its success and encourages greater public participation through an incentivization mechanism known as a “miners fee.” However, to reap the reward, participants in the network must solve a “proof of work” algorithm or in other words a very very complex cryptographic problem. According to Block Explorer, “the probability of solving one of these proofs of work complex math problems on the underlying Bitcoin Blockchain was about 1 in 5.8 trillion in February 2019.”

The participant who solves the problem first will reap the reward and more importantly, the right to create the next block. Sounds straightforward, but there is a considerable drawback-In order to solve this complicated math problem requires a substantial amount of computational power; hence, limiting the scalability.

Private 

In a private Blockchain, you continue to benefit from a decentralized peer-to-peer network; however, to access a private Blockchain, users must authenticate their identity to gain access privileges to restricted transactions.  Linux Foundation’s Hyperledger Fabric is a prime example of a private blockchain designed for the enterprise. It is limited to only entities participating in particular transactions to have access to it. Outsiders not only have zero access, but they also do not have knowledge of the transactions. In addition to enhanced security, the transactional throughput magnitude is more significant than in public Blockchains allowing it to be faster and more scalable.

The interest from large enterprises in private Blockchains is evolving at quite an alarming pace, creating paths for the development of additional private Blockchains that could introduce the Blockchain into use-cases not yet discovered.

The Blockchain makes attacking the data virtually impossible.

To successfully attack the Blockchain, the attacker(s) would not only have to solve the complicated math problems against incredible odds, but they would have to replicate them across the entire network, concurrently. The unimaginable cost of coordinating an attack of this magnitude would almost certainly outweigh any benefits gained.

In Conclusion

The complex structure of the Blockchain technology provides one of the most innovative tools to protect our data as we head into the Fourth Technical Revolution. Blockchain introduces a level of trust that could be leveraged as a core technology for highly regulated industries including Space Travel; Health Care; Financial Markets; Supply Chains; Presidential Voting and The Internet of Things (IoT) networks to name a few.

Do Not Fear Subnetting Your Network. Embrace it!

The growth of your business has increased substantially over the last several months; however, the rapid growth has also increased the network congestion resulting in slower speeds and reduced performance which are affecting end-users directly; While maintenance and problem resolution have become extremely time consuming and arduous.
Do not fear; there is a solution- ‘Subnet Your Network.’
Often, the mere mention of subnetting evokes the ‘fight or flight’ response in many individuals or is dismissed too quickly because it is considered ‘too time-consuming,’ or ‘too complicated,’ ‘the math is too difficult,’ or ‘it is only useful for extensive networks.’
In reality, the benefits are wide-ranging for a subnetted network; From the troubleshooting of network issues to having a birdseye-view into the utilization of bandwidth, traffic patterns, network efficiency and atypical activity that can drain resources, it allows for more streamlined allocation of critical resources to vastly improving network security by applying more granular access controls in logical groups.
In contrast, a poorly designed network has higher support costs, diminished services and fewer solutions that can be supported, in addition to less than ideal performance. These issues can quickly become unruly creating a domino-effect potentially resulting in a network outage, which is not only costly and frustrating for your end-users, it can be exceedingly costly for your business as well.

Subnetting is the process of dividing up an extensive network into two or more smaller networks. By doing so, subnetting reduces broadcast traffic by having different devices communicate with different networks rather than all the devices on one network trying to communicate at the same time.
Smaller networks can be efficiently designed to represent logical groups for example as different departments – sales, marketing, and development. Alternatively, they can be divided into hardware devices – VoIP, servers, and workstations. These designs allow for the ability to isolate individual devices within the logical groups which are critical when troubleshooting issues within the network.
Also, a subnetted network allows for better control of the flow of traffic including Quality of Service (QoS) which can be considered the backbone of any successful business. QoS is increasingly vital across today’s’ networks. Not only is it a requisite for voice and video streaming, but it’s also an indispensable element in supporting the ever-expanding domain of the Internet of Things (IoT).
When it comes to security on a subnetted network, the benefits are extensive and extremely underrated.

First, by breaking the network up into multiple smaller networks, it is by far faster and easier to isolate compromised networks thus, containing and targeting current threats, preventing further damage to the remainder of the network. Secondly, today, data is the most critical asset to any company, and the loss or defilement of that data could be devastating to any business. Rather than having all resources on one network, it is safer to have a network with the critical business data isolated, secured from internal users who attain access into areas of the network that they don’t belong in addition to other potential bad actors. Even an unsophisticated attack could not only incapacitate the entire network but could also allow for a data breach with estimates that more than half of small to medium businesses never recover.
In conclusion, subnetting is a cornerstone of a well-defined strategy, an approved best-practice, and a comparatively easy and inexpensive way to reduce risk, gain profitability, improve adaptability and increase security.

Really? Haha, No…

Over the weekend, I participated in GoogleCTF2017, my first Capture The Flag (CTF) event. It was both humbling and exciting.  

If you asked me three days ago what was the absolute worst thing someone could say to me, I would have given a completely different answer than today, but today, my answer is ‘Really? Haha, no…’ a phrase I heard way too many times as I worked through the challenges trying to find flags.

In a CTF, each team has a set of challenges that needs to be solved in order to find the flag and grab the points. The flag is usually a piece of code =>CTF{this-is-a-flag}<=.  

CTF competitions touch on many aspects of information security including cryptography, steganography, reverse engineering, forensics, and other topics.

There are three common types of CTFs 

• Attack and Defend
  • Red Teams (Offense) vs. Blue teams (Defence) actively attacking and defending network infrastructures.
• Jeopardy.
  • Challenges are broken up into multiple topics ranging from easy to difficult, to insane. 
• Mixed.
  • Varied formats. Depends upon the host of the event.

GoogleCTF2017 was set up as a Jeopardy-style event, and it turns out that I knew more than I thought; Moreover, it was a wonderful experience competing against peers and picking up mad new skills while expanding upon my security knowledge.

In order to increase my skills in preparation for this CTF (and many others to follow), I used the websites below to practice and train.

• Root Me
• CTF Field Guide
• Game of Hacks
• Hack This Site (War Game)

As a Front-end developer, knowing how to exploit your own web applications before a cyber criminal can is critical and Google Gruyere is an invaluable resource. You ‘learn by doing’ and in that process, you come to understand how applications can be attacked using cross-site scripting vulnerabilities (XSS) and cross-site request forgeries (XSRF). Additionally, it allows the user(s) to find, fix, and avoid vulnerabilities and other bugs that have an impact on security including

• Denial-of-service (DoS)
• Information disclosure.
• Remote code execution.

However, the greatest part of the weekend I have neglected to mention so far was the elation you feel when you use tactics and exploits to find a flag, and it works, i.e., ‘you have successfully hacked something, and you captured a flag.’ Today, I realized, I belong in this field.

Results:

995 points, six challenges, ten hours, two days.

• 1 Miscellaneous
  • Start Here (FAQ)
• 3  Crypto Challenges
  • Crypto Backdoor
  • Introspective CRC
  • Shake it
• 1 Pwn
  • Inst Prof
• 1 Web
  • Joe

You don’t have to be an expert in order to compete in a CTF. You just need an unrelenting curiosity and passion to never quit!  The purpose of the competition, besides capturing the flag,  is to recognize your strengths and more importantly your weaknesses. CTFs require a great deal of work and dedication but are highly rewarding. Strive for excellence.

The Threat From Insiders Is Real and Growing.

“Amateurs attack machines; professionals target people.” – Bruce Schneier

When we think of cybersecurity attacks, we conjure up images of all the bad actors trying to break into our systems and stealing our data. However, what is often overlooked is that one of the biggest threats to our organizations is already lurking inside.

Employees can carelessly compromise your data and cost your organization huge losses including monetary, future profits and reputational loss.

Evidence suggests that the majority of data breaches and leaks occur due to employee negligence or unawareness of standard security practices that they should be following, and/or they do not fully comprehend how violations of policies can affect the organizations’ bottom line.

Often, the lack of unawareness can lead to employees not taking security seriously and even sometimes disregarding it all together it in the name of ease of use, performance, or convenience which can ultimately allow ransomware, RATs and other dangerous malware to infect your system.

Case in point is the data breach at Target. The evidence suggests that an employee at an HVAC vendor of Target opened a phishing email infected with malware and due to the lack of internal controls, the malware was able to spread throughout Target. Security was not a priority, including employees using default passwords and they kept login credentials stored on unprotected servers where they were easily accessible.

Then there are the malicious insiders who pose the greatest threats, in part because it is incredibly easy for employees who have access to the organization’s network to misappropriate data, use data extrusion or destroy/alter the data.

More often than not they are able to use legitimate credentials and permissions in order to access the data, consequently evading detection.

According to the 2017 Crowd Search Partners Insider Threat findings,

• 56% of security professionals say insider threats have become more frequent in the last 12 months.
• 71% Inadvertent data breaches top the list. With 68% Negligent data and 61% malicious data breaches come in a close second and third.
• 60% privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations followed by 57% contractors and consultants and 51% of regular employees
• More than 75% of organizations estimate insider breach remediation costs could reach $500,000 while 25% believe the cost exceeds $500,000 and can reach in the millions.

Well-known malicious insider security breaches

• Dejan Karabasevic was an employee of American Superconductor (AMSC). Karabasevic stole Intelectual property in which he then sold to Sinovl, a Chinese competitor. AMSC filed for bankruptcy, forcing the company to lay off more than 450 employees.
• Edward Snowden is a former NSA subcontractor who leaked thousands of top secret information about NSA surveillance activities.
• Bradley Manning disclosed US Army documents to WikiLeaks and was convicted of violations of the Espionage Act.

The psychology behind malicious insider threats can be perplexing to organizations, as the individuals’ motives or actions cannot always be easily identified. The primary drivers of the malicious insider behavior often combine a lack of conscious, distrust or empathy plus organic stressors including financial trouble and job disillusionment; resulting in disgruntled employees, who can steal data; leak it online or corrupt it as payback for a perceived injustice. Espionage, which is a very real thing, where data is sold to the highest buyer. Finally, there are the most trustworthy employees who can and do fall victim to blackmail and/or bribery. In a previous blog last week,  I wrote about a blatant security violation.  What Is Really At Stake With The People Part Of The Cyber Equation?

The demand for sensitive data, i.e., credit card, personally identifiable, and/or proprietary information is snowballing on the ‘DarkNet,’ and cyber criminals stand to haul in huge financial paydays if they can collect that data. Moreover, evidence suggests that cyber criminals have begun collecting this valuable data by recruiting employees and turning them into malicious insider threats. According to new research from IBM, the health care sector’s IT suffered from malicious insider attacks at a rate far higher than other industries.

All staff needs to be held accountable for their actions because anyone can become corruptible. However, several groups require additional security including

• Former Employees. If accounts are not disabled, ex-employees can take data with them.  What is worse, they often can access your data even after termination, either via Logic Bombs, Trojans, and Trap Doors or by just retaining their access because the audit controls were not in place to disable their access.
• Privileged users. The most trusted users in a company are privileged users, and they have the greatest opportunities to misuse your data.
• Third parties. Subcontractors, vendors, consultants and partners who have access to your systems should be treated as a risk to your security.

Insider threats are hard to remediate if the proper controls are not in place. The longer it takes an organization to detect a breach, the more remediation costs go up. Without the proper controls in place, it can be difficult to distinguish harmful actions from regular work.

There are differences between ‘regular users’ and ‘insider threats.’ Be aware of the indicators (This is not a complete list, but it is a good start)

• Repeated violations of the Organizations Security Policies.
• Failed access attempts after hours to unauthorized areas.
• Failure to report bankruptcies or travel outside the country on your SF86 or U4.
• An unusual amount of communication with competitors using social media.
• A high number of files transferred from an endpoint to removable media.
• A high amount of data emailed to a personal email account or file hosting site.
• An unusual amount of browsing of watch-list websites with a lack of regard.
• IT Administrator(s) are performing excessive file deletions.
• Password harvesting, unauthorized access to co-workers computers.
• Encrypting and renaming file extensions.
• Password protecting Zip files.
• The increase of trouble tickets for computers.

Alerts in real-time enable organizations to defend themselves against insider threats including

• Auditing, monitoring, and logging of printing jobs, queries, downloads and emails containing unusually large amounts of data particularly sensitive information.
• Host-based agents to log activity on desktops, laptops and the use of removable media.

Business organizations with effective security controls will be better able to mitigate suspicious employee behaviors and ultimately minimize the risk and impact of the theft of sensitive information and malicious insider disruption.