FEED Autumn 2021 Newsletter

Dinah Davis Arctic Wolf VP of R&D operations

What are the biggest cybersecurity threats now?

SUPPLY CHAIN ATTACKS ARE DANGEROUS – THEY CAN HAVE A HUGE BLAST RADIUS

Supply chain attacks are the biggest threat we face today. There are four main entities: the supplier, the supplier assets, the customer and the customer assets. It occurs when a threat actor attacks the supplier to launch a second attack on the customer, taking advantage of the trusted relationship between them. Supply chain attacks are dangerous because they can have a huge blast radius. The SolarWinds incident is a great example of this. The attackers targeted the Orion software built by SolarWinds. Orion is a network management system product, which allows its customers to manage their networks, giving Orion a huge amount of access to the customer network. The first attack used social engineering to gain unauthorised access to the SolarWinds network. Threat actors then injected code into the Orion product (the supplier asset) that was unknowingly sent as part of an Orion software update to all customers in March 2020. The threat actors could then use the malicious code in the Orion software to launch other malicious software, allowing the threat actors to exfiltrate user data (the customer asset). Customers should manage their supply chain cybersecurity risk by identifying their suppliers, determining the hazards of each – and how to measure and monitor them. The relationship with suppliers can be actively maintained by defining the security requirements they need to conform to. It’s also important to find out what suppliers have access to, and define relevant procedures for their access and handling. Customers should also review their supplier contracts to see what recourse they may have if the supplier is compromised, which leads to being compromised yourself. Suppliers should secure the development of the products and services they provide. Ensure that the infrastructure and code are developed with the best security practices in mind, build secure engineering processes, get SOC 2 and other security certifications, and guarantee you have

a strong patching program in your own company, to avoid being the victim of a different supply chain attack.

reasons, avoid public Wi-Fi, and am very careful about what I click on! What is the scariest cybersecurity story you’ve ever heard? They are all pretty scary. However, I do have a favourite that I hope will be turned into a movie one day. It is a win for the good guys! Operation Ironside started in 2018, after the FBI and Australian Federal Police (AFP), took down the secure chat app Phantom Secure. The story goes that some AFP and FBI officers were having beers after the takedown, when they mentioned there was a void in the market for secure chat applications. One of them said they should build one and put a backdoor in to spy on criminals. This is how the Anom app was created. Anom is a stripped-down burner phone with only text messaging, and what appears to be a calculator app. If a criminal was arrested and authorities looked at it, they would assume it was a basic phone. However, the calculator app is a secure messaging app. To log in, you input the right sequence of numbers. The FBI used a contact to start selling Anom to criminals, and it became a viral tool for Australian biker gangs and others. To fund the investigation, the FBI and AFP even charged a monthly service fee! There is a backdoor in Anom that sends all messages back to the AFP and FBI. Over the next few years, they monitored it, and were able to foil many of the criminals’ plans. In the spring of 2021, it became apparent to the FBI and AFP that their cover was close to being blown. They made some final arrests based on their intel, then announced the success to the world. In the three years it ran, the AFP arrested 224 suspects on more than 500 charges, with the seizure of 3.7 metric tonnes of drugs and almost $35 million in Australia alone.

How well-informed are your customers on cybersecurity issues?

Our customers run the gamut, from being very informed, to being new to the space. We meet customers where they are, and work diligently to help them improve security posture. Who is in charge of cybersecurity in your organisation? We are all responsible for the company’s security and its assets, but our VP of information security drives the programme. What best practices do you have in place to defend yourself? As a cybersecurity company, we do everything to protect ourselves. We use our own service to manage our security operations. The entire company completes security awareness training weekly, using what we provide to customers. We have implemented secure coding practices, and are both SOC 2 and ISO 27001 certified. Regular disaster recovery scenarios and a strong patching program ensure our software always has the latest fixes. My personal experience is a prevalent one – phishing. Threat actors have tried to phish me via email, SMS, phone, LinkedIn and pretty much every social media platform. It is the easiest way for them to gain information or access. To avoid being phished, I never use the same password twice (password keepers are your friend), use two- factor authentication wherever I can, never open unexpected attachments or use company email for personal Have you been the victim of a cyberattack?

@feedzinesocial

Powered by