I learned a lot from this class

Week 12
Cybr-650

This is the last post for this class. I learned a lot from this class. I appreciate the feedback from the coach and other students. It helped me to dig more into the topics that I posted. I have been working past 4 years in IT Industries but never been involved with the Threat modeling process. This class helped me to put together what I was missing when someone was requesting me to apply the patch by this time. It also helped me to understand how valuable threat modeling can be to the organization. It helps the companies to understand more about the threat, vulnerability and risk and how to address them with appropriate countermeasure in a logical order starting with the threats that present the greatest risk.


.First, 2, 3, and 4th weeks of this class was a little harder for me. I had to grasp about threat process model quickly. I knew what was threats, vulnerabilities, and risks but threat process model helped me understand more about them and how the company can benefit with it. Harry and Mae Inc. case study was a good learning experience for me. It gave me real like experience if I were to engage threat process modeling for the future employer.Looking back to this class, I wish I had spent more time to understand the whole process more for the case study. My approach to the case study would have been different. For the threat action report, I introduced layered security. which I should have incorporated from the beginning After going through all this, now I understand that I should have looked at the case study with broach spectrum than weekly assignments. I must say Security Trends forum was difficult for me. I was not engaged as much as others. I wish it was weekly postings so easier to read and respond.
I am glad this class is under my belt. I have 1 more class to go after this and it will be with Coach Ron as well. I am looking forward to next class and finally, I can say I completed the MS in Cybersecurity. 

Anthem is another recent victim of the cyber attack

Anthem is another recent victim of the cyber-attack. Anthem, second largest US health insurer, the database was compromised database on December 10, 2014. It was only discovered on January 27, 2015, and it disclosed the information to public on February 4, 2015 (Ragan, 2015). There could be 80 million records compromised and the financial consequences of the data breach could reach beyond $1000 million (Osborne, 2016). Hackers were able to gain employees and customers personal information by using Phishing attack. Customers and employees need to be cautious about their personal information.

Anthem disclosed that five tech employees’ credentials were compromised. They could have been a victim of Phishing attack and stolen password. Hackers were able to obtain personal information such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, and income data. Anthem is working closely with FBI and FireEye’s Mandiant cyber forensics team to analyze the extent of the breach and the security failure (Ragan, 2015).

Anthem customers and employees should be worried about their personal information and monitor it closely. This incident is so bad that stolen information is more valuable than a credit card and bank information and it can be used tomorrow, next week or next year down the line. They can use the information for Medicare fraud and even identity theft. Customers and employees should be checking http://www.anthemfacts.com website regularly for current information about the data breach. They should also take advantage of Identity theft repair and monitoring service Anthem is offering for two years at no cost (Bradley, 2015). Customers and employees need to be vigilant about their information and prevent identity theft.

References:

·       Bradley, T. (February 10, 2015). 5 things all Anthem customers should do after the massive data breach <<<pcworld. Retrieved from http://www.pcworld.com/article/2880611/5-things-all-anthem-customers-should-do-after-the-massive-data-breach.html

·       Osborne, C. (February 12, 2015). Cost of Anthem’s data breach likely to exceed $100 million <<< cnet. Retrieved from http://www.cnet.com/news/cost-of-anthems-data-breach-likely-to-exceed-100-million/

Ragan, S. (February 9, 2015). Anthem: How does a breach like this happen? <<< CSO. Retrieved from http://www.csoonline.com/article/2881532/business-continuity/anthem-how-does-a-breach-like-this-happen.html

learning in this class

Week-7

I learned a lot from this class. I appreciate the feedback from the coach and other students. It helped me to dig more into the topics that I posted. I have been working past 3 years in IT Industries but never been involved with the Threat modeling process. This class helped me to put together what I was missing when someone was requesting me to apply the patch by this time. It also helped me to understand how valuable threat modeling can be to the organization. It helps the companies to understand more about the threat, vulnerability and risk and how to address them with appropriate countermeasure in a logical order starting with the threats that present the greatest risk.

First 3 weeks of this class was a little harder for me. I had to grasp about threat process model quickly. I knew what was threats, vulnerabilities, and risks but threat process model helped me understand more about them and how the company can benefit with it. Harry and Mae Inc. case study was a good learning experience for me. It gave me real like experience if I were to engage threat process modeling for a future employer.

Looking back to this class, I wish I had spent more time to understand the whole process more for the case study. My approach to the case study would have been different. For the threat action report, I introduced layered security. which I should have incorporated from the beginning After going through all this, now I understand that I should have looked at the case study with broach spectrum than weekly assignments. I must say Security Trends forum was difficult for me. I was not engaged as much as others. I wish it was weekly postings so easier to read and respond.

I am glad this class is under my belt. I have 1 more class to go after this and it will be with Coach Ron as well. I am looking forward to next class and finally, I can say I completed the MS in Cybersecurity. 

Malicious Advertising

Malicious Advertising (Malvertising) is used to online advertising to spread malware. Malvertising is a big business but there is a little oversight and it is least understood online threat today. Website publishers may not know the advertising on their sites is used for malicious intent. Malvertising accounts for huge amounts of cyber fraud and identity theft. Malvertising is a good tool to attackers because it can be reached by a large number of users easily through trustworthy companies websites. I believe there needs to be consensus on who is responsible addressing these threats. 

Malvertising exploits the outdated version of applications like Java, Flash Player, and Silverlight to install malicious programs. Recently popular websites like the Huffington Post, Yahoo News, AOL, TMZ and many other were being hit with Malvertising called Neutrino Exploit Kit (Seals, 2015). The website visitors presented with advertisements that infected their computers with ransomware. Computer owners were locked down and money was demanded to get back control of their devices. The surprising with this Malvertising was that users didn't even have to click on advertisements, computers were infected just visiting the websites. It was generating an estimated US$25,000 per day for the attackers (Huang, 2014). We will see more Malvertising issues in coming years since no one is taking responsible for stopping these threats.

Malvertising is hard to protect but website owners with advertising companies can help t reduce the risk. Website owners should work closely with third-party advertising delivery companies regarding what is advertised on their websites. They should only allow advertisements that click to pay. They should also use infection monitoring and detecting solutions to protect their website visitors (Zalvaris, 2015). Their best interest should be to protect their website visitors rather than making money for long-term company viability.

References:

• Seals, T. (Jan 8, 2015). Malvertising Campaign Affects 1.8 Billion <<< InfoSecurity. Retrieved from  http://www.infosecurity-magazine.com/news/malvertising-campaign-affects-18/ 

• Zavlaris, P. (Jan 16, 2015). The Truth About Malvertising <<< dark reading. Retrieved from http://www.darkreading.com/vulnerabilities---threats/the-truth-about-malvertising---/a/d-id/1318641?

• Huang, W. (Oct 22, 2014) . Malware in Ad Networks Infects Visitors and Jeopardizes Brands <<< Proofpoint threat insight. Retrieved from http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php

Week -5

Threat model process 

Cybr-650

Identify system to be assessed – The first step of managing threats and the risk is to identify which system needs to be assessed. It needs to be done when you are assessing new assets to be added to the environment.

Gather system information: During to the first step, we identify system and on this process the information is gathered regarding the systems that need to be assessed. Information gathered document needs to be checked in a document repository. The process we can use it is called “Brainstorming” during this process to collect the information.

Identify/Review-Before we go to this process, we will identify system and gather system information, then after threat and vulnerabilities are identified from this step. This process helps to identify and provide detail information about Threat and Vulnerability. The collected information is also further reviewed. After Reviewed we can validate the threat and vulnerabilities on the database of national vulnerabilities and antivirus.

Document Information. On this process, information is collected from the previous steps and then documented properly. We can use the tool called “Microsoft Threat Modeling Tool”. This is a tool will help to retrieve the information if it is needed for review or analysis for in future.  Physical, logical and data flow system information is also documented on this tool.

Risk Categorization: On this process, we categorized the information using the security risk analysis. Companies have different policies and procedures. They need to check the risk according to the company policies and procedures and the company standard. Threat categorization will help to categorization and identify it systematically in structured. We can figure it out will the help to risk management team whether to accept the risk or transfer the risk.

Implementation and control: After risk categorization step is completed then threat and vulnerabilities countermeasures are implemented per risk category. After the threat impacts are understood by the team of the company, they should try to identify countermeasures that could be prevented threats from causing the impacts. The team, who is working on an issue, they need to ensure the suggested countermeasures work properly.

Evaluate Control: After Implementation is completed.it will require validation. After validation is made control needs to be evaluated time to time.

The process should be repeated if there are new vulnerabilities or threats, so the process won’t end.

Week -4

Car Security Threat 

CYBR-650

   I am the owner of a Toyota Prius so thought about posting car with new technology and its vulnerability. I really did not think about the security while buying the car. It seems with all the gadgets added to cars nowadays, they have become more susceptible to being hacked. Automotive industry may have focused on adding new technologies for the convenient reason but it also exposes more vulnerability to the car security systems. Silvio Cesare, an Australian security researcher, was able to unlock the car wirelessly using some radio equipment and ingenuity. He was able to trick the car into thinking that it's being unlocked with the standard wireless key fob  when actually it's being pinged with a signal from a software-defined radio attached to a laptop. He was able to unlock the car by  finding the frequency of the key fob and then cracking the encryption using a brute force attack.

            Similarly, Charlie Miller, Twitter security engineer, and  Chris Valasek, director of vehicle security research at IOActive, surprised automotive industry with the news of car hacking last year. They were able to show how they were able to hack Toyota Prius and Ford Escape from inside the car. They were able to exploit vulnerabilities in the electronic control units of the car. They were able to by connecting to the vehicle's OnBoard Data Port and was able to take control of the car's locks, headlights, horn, steering and braking system. They made the presentation at the Black Hat USA security conference in Las Vegas last year and released a list of 20 vehicles and rated them on their vulnerability to being hacked. Their vehicle ratings were based on three factors - the vehicles' network architecture, their "attack surface" via wireless access such as Bluetooth and cyber-physical systems such as autonomous braking and steering. They found vehicles' network architecture being the weakest link.

            I like the way how electric carmaker Tesla Motor is doing. They are taking aggressive and proactive strategy for securing its car technology. They brought in the renowned white hat hacker Kristen Paget to oversee vulnerability testing and security for Tesla cars. They are looking to recruit more hackers to help sniff out security vulnerabilities in its software which controls the vehicles. I am glad security engineers likes of Charlie, Chris and Silvio are testing the car security systems. We may think car hacking isn't mainstream and it is very difficult and costs lots of money today and it might change soon in future. So it is important automakers to pay more attention to the car security systems and hire more security expert to do their due diligence regarding security risks. In future, I will make sure to check the car security system rating before buying the car and you should too.

References:

·       Danigelis, A. (October 16, 2014). Is Car Hacking the Next Big Security Threat <<< LiveScience? Retrieved from http://www.livescience.com/48310-car-hacking-security-threats.html

·       Estes, A.C. (August, 04, 2014).Wirelessly Hacking--And Unlocking--Cars Is Easier Than It Should Be <<< gizmodo.com. Retrieved from http://gizmodo.com/wirelessly-hacking-and-unlocking-cars-is-easier-than-1615693270

·       Higgins, K.J. (December 11, 2014). Hiring Hackers To Secure The Internet of Things <<< darkreading.com. Retrieved from http://www.darkreading.com/vulnerabilities---threats/hiring-hackers-to-secure-the-internet-of-things/d/d-id/1318107?

Week -3 
Cybr-650
Project Zero, Google’s Secret Team of Bug-Hunting Hackers 

Project Zero is Google's new security project to dedicated to finding flaws on the Internet. Project Zero objective is to reduce the number of people harmed by targeted attacks and make the Internet safer. So far Google security team have worked hard to secure their products like Google Search, Gmail, and Drive. And with this project, it plans to look into non-Google technologies. It wants to locate and report large numbers of vulnerabilities and conduct new research into mitigations, exploitation, program analysis. Once the vulnerabilities are located, they will notify software's vendor about the bug and they will give them 60-90 days to resolve the issue. After the deadline, it will make the information public from Project Zero website. I think it's the right way to do it and this will motivate other software vendors to fix their vulnerabilities faster.

Project Zero wants to assemble the best and brightest security researchers to track down and neutering the most insidious security flaws in the world's software. The team has recruited security experts like Chris Evans who led the Google's Chrome Security Team earlier, Ben Hawkes, who has been credited with discovering dozens of bugs in software like Adobe Flash and Microsoft Office apps, and George Hotz, who was able to crack AT&T iPhone in 2007.

Project Zero is a good initiative by Google. It is recommendable their effort to improve Internet security for all Internet users. I hope other giants like Yahoo, Microsoft, Facebook will follow Google's lead to liberating Internet. Google might be spending more on this project. It also helps Google to recruit top talents. Google also benefits having more users on the internet clicking ad on Google related sites. According to Evans, "People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit." But time will tell if it was Google's PR stunt or really trying to help the Internet community.

References:

• Greenberg, A. (July 15, 2014). Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers <<< Wired. Retrieved from http://www.wired.com/2014/07/google-project-zero/