Tag Archives: Security

New Geekwire Article: How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks

My latest article is up on Geekwire: How hacked is hacked? Here’s a ‘hack scale’ to better understand the SolarWinds cyberattacks.

In this article I apply my “Five Stages of Hacked” to the ongoing SolarWInds event to help people better understand how serious the impact of the SolarWinds hacks against various organizations are.

The Five Stages of “Hacked”

[Note: This scale is now posted on its own page here.]

While doing some work around the SolarWinds hacks, I realized that there’s just no simple triage scale that we in the industry can use to simply and succinctly characterize the severity of hacks.

This is my proposal for a simple scale to enable simple but meaningful comparisons of the severity of hacks.

Since the most important thing in hacks is the spread and severity, the cancer staging system gives a good model for measuring these kinds of things so this is adapted from that.

  • Stage 0: The attackers have found or made an entry point to systems or the network but haven’t used it or took no action.
  • Stage I: Attackers have control of a system but haven’t moved beyond the system to the broader network.
  • Stage II: Attackers have moved to the broader network and are in “read-only” mode meaning they can read and steal data but not alter it.
  • Stage III: Attackers have moved to the broader network and have “write” access to the network meaning they can alter data as well as read and steal it.
  • Stage IV: Attackers have administrative control of the broader network meaning they can create accounts and new means of entry to the network as well as alter, read and steal data.

(Also posted on Medium)

New Geekwire Article: How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack

In my latest Geekwire article “How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack, I continue looking at the SolarWinds event, this time digging into the SAML token angle that’s not been covered very well. Others have either ignored it entirely or touched on it in a light, technically unclear/inaccurate way all leading to confusion and a lack of appreciation for how serious this angle is.

New Proofpoint Blog Post: Back to School Online: 5 Steps to Better Protect Your Children

As we get ready for back to school, I just posted a new blog on the Proofpoint blog: “Back to School Online: 5 Steps to Better Protect Your Children“.

This posting covers five things you can do to help better protect your children, especially if you’re doing remote or mixed in-person/remote schooling.

Interview on Hacker Valley Studio

I had the pleasure of being interviewed by Ronald Eddings and Chris Cochran with Hacker Valley Studio talking about crisis communications and lessons learned from “making awful news just bad” in their episode “Communicating in a Crisis with Christopher Budd”.

Enjoy!

“Hackback”: A New Approach

Today we read about the likely death in a drone attack of an ISIS hacker/warrior/cyber-jihadist:

http://www.forbes.com/sites/seanlawson/2015/09/12/with-drone-strike-on-isis-hacker-u-s-escalates-its-response-to-cyber-attacks/

In the infosecurity world, we’ve heard for years about the idea of “hackback“, basically an offensive response to an offensive action. Every couple of years this idea comes back around as someone gets frustrated with feeling like the attackers have all the advantages (and fun) and wants to take the fight back to them.

It’s an understandable idea. And, in some measured cases may even make sense. But as a blanket rule, no it’s not a good idea.

This latest development shows that “hackback” doesn’t need to be contained to computer tactics: a physical or kinetic response is just as (if not more) effective.

The bigger story though is how this shows that the idea of “infosecurity” is more and more an empty concept and that it’s all just “security”.

Comment Article on the Clinton Email Server Issue

My latest posting over at Geekwire is my analysis and commentary on why Hillary Clinton using a “homebrew” email server is a major security problem.

http://www.geekwire.com/2015/why-the-clinton-email-server-story-matters-and-why-it-may-be-worse-than-you-think/

Comments on the Stratos Digital Wallet Card

I got to talk with KIRO Radio here in Seattle recently about some of the risks with new, untested digital wallet cards like the new offering from Stratos. Plus, my comments on how cash may make a comeback.

http://mynorthwest.com/11/2723041/Digital-payment-is-waiting-in-line-for-when-credit-cards-die