Volume 4 | Issue 08 | August 2020

XDR
IS
HERE Threats are evolving. EDR is not enough.
The latest threats have been engineered to hide from your standard detection and response
security.
Security and SOC teams are suffering from alert fatigue, lack of visibility, and difficulty with
integration from siloed solutions.

We’re staying one step ahead.

Trend Micro™ XDR gives your organization the ability to detect and respond to threats faster,
across email, endpoints, servers, cloud workloads, and networks.
When you can correlate alerts and information from multiple vectors to effectively secure
your organization - That’s The Art of Cybersecurity.

AI Security Analytics Beyond the Endpoint Complete Visibility

Unknown threats detected and automatically

stopped over time by Trend Micro. Created
with real data by artist Brendan Dawes.
Learn more at Trendmicro.com/XDR
 EDITOR’S NOTE

ESTABLISH A SECURITY
BASELINE FOR IoT

The saying that Internet connectivity is the

“electricity of the 21st century” is truer than
ever today as we are all locked away in our
homes. Yet, we are on the cusp of another In-
ternet revolution that connects “things” and
not people or their computers. In 2010, Hans
Vestburg, the former CEO of Ericsson, de-
clared that 50 billion things would be con-
nected to the Internet by 2020. With the rate at
Volume 4 | Issue 8 which digital transformation is happening to-
August 2020 day, I think this number could be much more
than that. The introduction of 5G networks will
see a further jump in IoT devices in the next
Editorial Management
International Editor Executive Director two years.
Amber Pedroncelli Apoorba Kumar*
amber.pedroncelli@eccouncil.org apoorba@eccouncil.org Things with embedded sensors — smart home
Principal Editor Deputy Business Head devices, industrial machinery, agricultural
Brian Pereira Jyoti Punjabi soil probes, modern health care equipment,
brian.p@eccouncil.org jyoti.punjabi@eccouncil.org
even cars, spacecraft, and airplanes — are
Senior Feature Writer Head of Marketing all connected to the Internet. Further, critical
Augustin Kurian Deepali Mistry
augustin.k@eccouncil.org deepali.m@eccouncil.org infrastructure such as energy grids, nuclear
Feature Writer Marketing Manager
power plants, transportation networks, com-
Rudra Srinivas Riddhi Chandra munications networks, are systems and assets
rudra.s@eccouncil.org riddhi.c@eccouncil.org essential for the functioning of a society or an
Technical Writer Digital Marketing Manager economy and they are vulnerable to attack
Mihir Bagwe Jiten Waghela just like anything else in the digital age.
mihir.b@eccouncil.org jiten.w@eccouncil.org
Feature Writer International Sponsorship Manager We all know that the security of Critical Infra-
Pooja Tikekar Mir Ali Asgher Abedi
pooja.v@eccouncil.org mir.ali@eccouncil.org
structure (CI) and any connected device can
be compromised. There are many stories of CI
Media and Design Publishing Sales Manager
Media Director Taruna Bose vulnerabilities and breaches, some of which you can read in the articles within this issue. In fact, a research
Saba Mohammad taruna.b@eccouncil.org group called the X-Force at IBM have monitored attacks on industrial systems and reports a 2,000% increase
saba.mohammad@eccouncil.org since 2018.
Publishing Sales Manager
UI/UX Designer Vaishali Jain
Rajashakher Intha vaishali.j@eccouncil.org IoT devices’ compromised security puts the economy at risk. Back in 2015, it was predicted that machine-to-ma-
rajashakher.i@eccouncil.org
Executive – Marketing and Operations chine communications alone would generate approximately US$900 billion in revenues by 2020.
Sr. Graphics Designer Munazza Khan
Sameer Surve munazza.k@eccouncil.org
sameer.s@eccouncil.org But it is not only the economy that could be impacted. Nations are also targeting the CI of other countries
Technology through IoT attacks. Policymakers, business leaders, and governments must recognize this and realize that the
Director of Technology
Raj Kumar Vishwakarma IoT landscape is a highly lucrative target for bad actors and rogue nations.
rajkumar@eccouncil.org
Read our Cover Story and other IoT articles in this issue to put all this in perspective.

We hope you are safe and well.

Image credits: Shutterstock
Cover & Layouts by: Rajashakher Intha Please write to us at editorial@cisomag.com.

* Responsible for selection of news under PRB Act. Printed & Published by Apoorba Kumar, E-Commerce Consultants Pvt. Ltd., Editor: Brian Pereira.
The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not
necessarily those of the publisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & July not Jay Bavisi
be appropriate for the readers’ particular circumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof July be reproduced,
stored in a retrieval system, or transmitted in any form without the permission of the publishers in writing. Editor-in-Chief
 INDEX

10 BUZZ 30 INSIGHT
Cybersecurity - Top 5 Lessons IoT Security Trends & Challenges
Learned from COVID-19 in the Wake of COVID-19

58 COVER STORY
Understanding the IOT Threat Landscape

20 UNDER THE 36 TABLE TALK

SPOTLIGHT Security Patching Should be a Part 68 REWIND<<
of a System’s Basic Maintenance
Dr. Rishi Mohan Bhatnagar, Top Newsmakers and the
Procedure Says Ashish Thappar,
President, Aeris on How Hottest Cybersecurity News of
Managing Principal,
BIoTs Can Alleviate Security the Month.
Verizon’s Threat Research Advisory
Concerns.
Center (VTRAC).

46 KNOWLEDGE HUB
Securing Industrial IoT
Infrastructures
Detect, investigate and
hunt at Google speed Get a free TCO impact analysis
Chronicle, now part of Google Cloud, is a security In 15 minutes we will produce a detailed cost comparison
analytics platform that works at planet-scale. Redefine between your legacy SIEM and Chronicle that you can
your SIEM with zero-management security analytics from download and use for your own internal analysis.
Chronicle and let us ensure perfect fidelity, no matter how
much data you generate. Sign-up today:
https://chronicle.security/unwind-your-siem
Modernize your enterprise security with Chronicle.
 BUZZ

Cybersecurity
TOP 5 LESSONS LEARNED
FROM COVID-19

- Hemanta Swain,
VP, & CISO at TiVo Corp

10 - August 2020 - CISO MAG Vol

Vol 44 -- Issue
Issue 08
08 Vol 4 - Issue 08 August 2020 - CISO MAG - 11
 BUZZ

A
t last, I went to a grocery Through my personal experiences and learning from important ways to stop the spread of diseases in avoided breaches. Moreover, we tend to overlook
shop with enough precau- COVID-19, I realize that this pandemic resonates 2020. the basic health of our infrastructure, systems,
tions after using multiple closely with my Infosec professional life. This may and applications. This becomes evident during a
online delivery services not be new for cybersecurity professionals, but I will As for cyber security, we should be reminded security breach.
for weeks. And I found that outline a few of my experiences here. that basics cannot be ignored in our industry
most people are following In the minds of many people, this transition from either. It’s not uncommon to see security pro- In my view, both are needed, but there should
health advice and keeping physical to digital is inevitable, unstoppable, and ir- fessionals lagging behind in the adoption of the be a continuous effort to keep basic security hy-
safe distances, although it revocable, even though cash is still used for most re- latest technologies that address challenges (ad- giene intact. This is essential to build a sustain-
makes it hard to recognize anyone wearing a mask. tail purchases globally (COVID-19 influence aside). vanced threats) and support business priorities. able security posture. One can and should follow
This was, and still is, an unusual experience for every- We are also reminded of the number of breaches CIS top 20 controls and OWASP top 10 list with
one. COVID-19 is the biggest challenge that we face 1. Basic (Health/Security) Hygiene: that happen because of haphazard patching and secure access using multi-factor-authentication,
today. The COVID-19 pandemic has forced us to stay  The pandemic has reminded us all that the most other basic requirements not being met. Just like regular patching, vendor risk assessment, email
home to save lives and has given us time to rethink basic of hygiene strategies, handwashing, first with handwashing, all cybersecurity profession- security, and endpoint security protection. But
our actions and prepare for a healthier future. to be discovered to be effective against spread- als know that keeping up to date with patches basic security hygiene is the key.
ing disease in the 1850s, is still one of the most is key to protecting the organization from easily

12 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 13
 BUZZ 2. Segmentation (Shelter-in-place and Isolation):
 During this pandemic, we’ve seen, perhaps for
the first time, the entire world sheltering in place
simultaneously. We’ve seen how isolating people
from their networks of friends and extended fam-
ily drastically helps contain infection rates.

The parallels in cybersecurity are obvious: un-

derstand your business, infrastructure, applica-
tions, and the most valuable assets. Appropriately
segment your network, systems, and applications
to allow access to only those who require it. This
is beneficial to minimize impact during a crisis,
allowing you to contain any breaches, and will be
a foundation for your zero-trust framework.

3. Security (Health) Leadership and Culture:

If this pandemic has taught us anything, it’s that
when health leaders, politicians, and local cul-
ture are in line with best practices for limiting the
spread of the disease, the effects of COVID-19 are
minimized more quickly and with fewer deaths.
When messaging to the public is unclear, valu-
able time is lost and local culture doesn’t shift
quickly enough to impact results.

For cybersecurity, it’s imperative to clearly define

roles and responsibilities to take appropriate ac-
tion in a timely manner, especially during a cri-
sis. Security leadership helps to build a securi-
ty-aware culture, which is essential to reduce risk
and cost related to security.Yes, there is no infinite
budget, and this will impact your bottom line and
resource requirements, but it is crucial to present
the risks with impacts to senior leadership and
come to agreements on the next steps.

Security professionals recommend options based

on the risks they discover, but if senior manage-
ment cannot make quick decisions, there can be
significant impacts on handling crises. Security
leadership reporting is very important, not only
to enable a quick decision-making process but
to build a security aware culture. Employees will
follow not only the CISO but also senior manage-
ment because they highlight the importance of
security. To be successful, create an executive se-
curity leadership council consisting of business
and IT senior executives for business alignment
and continuous risk management to build a secu-
rity-aware culture.

4. Quick Action and Communication:

Infectious disease experts have long known that
quick action at the first sign of a pandemic is key
to mitigating its impact. In order to act quickly,
adaptable plans must be in place and teams must

14 - August 2020 - CISO MAG Vol

Vol 44 -- Issue
Issue 08
08 Vol 4 - Issue 08 August 2020 - CISO MAG - 15
 BUZZ

be trained and kept on standby in the case of a cri-

sis. Attempting to piece together an ad-hoc plan in
the middle of an active pandemic wastes critical
time. Having plans in place allows leaders to accu-
rately communicate to the public what steps have
been taken, what they should expect next, and what
they need to do to avoid infection. Communicating
on the progress of the response to the pandemic
and successes and failures in a transparent way is
very important to ensure public compliance with
any measures they are being asked to take.

It’s obvious that this is just as true in cybersecuri-

ty. Processes should be in place to facilitate quick
action in a timely manner. Security councils, senior
leadership, and Boards of Directors communication
protocols should be in place. Upper management
must make quick decisions to minimize the impact
based on security leadership recommendations.
Unfortunately, security breaches are unavoidable
and security professionals should be prepared to
handle breaches when they occur.

The most important action while handling a breach
is communication. Communication with customers,
partners, and supply chain networks should be
considered in the planning process. Additional
help from industry experts inside and outside
the company should be called in to help during a
crisis.

5. Quick Recovery:
 We’ve seen successful and botched re-openings
around the world and the difference between the
successes and failures seems to be how much plan-
ning and data went into each decision to re-open.
Those locations that rush to re-open in order to get
back to business have risked more infections and
more deaths, which further hamper economic re-
covery. A balance must be struck in order to ensure
that any re-opening is safe and appropriate for the
level of recovery of the state or country.

In a breach or other cyber incident, business conti-

nuity and service recovery is extremely important
to minimize the impact and return business back to
normal. However, rushing to get back to business
can have similar effects if the incident has not been
properly remediated or fully understood. Continu-
ously review your preparedness, including current
disaster recovery plan, and backup and restore
capabilities. Have frequent tabletop exercises with
stimulated security breach situations to test your
recovery plan.

16 - August 2020 - CISO MAG Vol

Vol 44 -- Issue
Issue 08
08 Vol 4 - Issue 08 August 2020 - CISO MAG - 17
 BUZZ

A summary of the Top 5 Lessons learned from

COVID-19 for Cybersecurity professionals About the Author

Top 5 Social life Professional life Hemanta Swain is VP & Chief

Information Security Officer at
TiVo Corp, headquartered in
Basic security hygiene to build San Jose, California. TiVo is a
a strong foundation. CIS Top 20 global leader in entertainment
controls and OWASP top 10 list technology and creator of Digital
Video Recorder. Hemanta leads
Health hygiene including fre- will help, including Multi-factor a global team of security professionals to manage
Basic Hygiene quent hand washing, cleaning, authentication, Single-Sign-On, Cybersecurity, Regulatory Compliance, Privacy &
and other healthy habits. minimize time to patch, vulner- Risk Management initiatives across the company.
ability management, business Hemanta has 24+ years IT experience including 18+
asset inventory and vendor risk years of Cybersecurity & Risk Management expertise.
Prior to joining TiVo, Hemanta performed various
assessment. security technical leadership role for companies like
GE, Wipro & few early stage startups.
Hemanta holds multiple Industry standard technology
Segment your network, systems,
certifications including CISM and CISSP.
and applications to protect your
Segmentation Shelter-in-place and isolation
valuable assets and minimize
impact during a security breach.
Disclaimer: CISO MAG did not evaluate/test the
products mentioned in this article, nor does it
Senior leadership and CISO re- endorse any of the claims made by the writer. The
Leadership and Health officials, political leaders, porting. Senior executive secu- facts, opinions, and language in the article do not
Culture and local culture rity council to build a security reflect the views of CISO MAG and CISO MAG
does not assume any responsibility or liability
aware culture.
for the same. CISO MAG does not guarantee
the satisfactory performance of the products
mentioned in this article.
Quick action to contain the
breach and communication to
Quick action is a key to mini- customers, partners and supply
mize the impact of this pandem- chain network is very essential.
Quick Action
ic. Frequent communication from Processes and protocols should
and Communi-
leadership and health officials. be in place including internal
cation
Information sharing between and external experts to achieve
different localities/countries. it. A cybersecurity vulnerability
information sharing network is
very important.

How to reopen the business and Recovery is the key. Business

Business Conti-
economy – starting with essen- continuity and service recovery
nuity and Ser-
tial workers to non-essential in a planning with up-to-date docu-
vice Recovery
phased approach. mentation and testing is needed.

18 - August 2020 - CISO MAG Vol

Vol 44 -- Issue
Issue 08
08 Vol 4 - Issue 08 August 2020 - CISO MAG - 19
 UNDER THE
SPOTLIGHT

BIoTs CAN ALLEVIATE

SECURITY CONCERNS
FOR BOTH OWNERS
AND TENANTS

Dr. Rishi Mohan Bhatnagar is an international

speaker and thought leader in the Internet of
Things and digital space. He co-authored the
book “Enterprise IoT” along with a team from
Bosch. He is the recipient of the “ET Now Business
Leader of the Year 2019,” Voice&Data “Leadership
I NT ERVI EW
Recognition Award” – India 2019, Indian ISV “IoT
CEO of the Year 2018” and BTVI “Business Leader

DR. RISHI MOHAN of the Year 2018.” Currently, as President of Aeris

Communications India Private Ltd. (100 % subsidiary

BHATNAGAR of the privately held, Silicon Valley headquartered

Aeris Communications Inc., pioneers in the m2m/
PRESIDENT IoT business since 1992), Dr. Bhatnagar is leading the
Aeris business in the Indian subcontinent, MEA, and
AERIS the APAC region.
In an exclusive interview with Augustin Kurian from
CISO MAG, Bhatnagar talks about his journey, the
future of Building Internet of Things, integrating IoT
with farming in India, and also addresses the threats
and concerns surrounding 5G.

20
20- -August
August2020
2020- -CISO
CISOMAG
MAG Vol 4Vol
- Issue 08 08
4 - Issue Vol
Vol 44 -- Issue
Issue 08
08 August2020
August 2020- -CISO
CISOMAG
MAG- -21
21
 UNDER THE
SPOTLIGHT
It has been nearly three decades since joint go to market engagements, we have successful-
the inception of Aeris. Aeris evolved ly established an end-to-end IoT ecosystem, cracked
the IoT monetization code and today we provide flex-
from being a cellular network to now ible business and commercial models for IoT, for the
a world renowned IoT enabler. How price conscious markets, going beyond India, and,
has your journey with Aeris been creating our presence in SAARC, APAC, Middle East
and what were the key milestones for and the APAC region.
the company?
With no hardware choke points and sev-
Aeris was founded in 1992 and is a cellular network eral small-cell antennas relying on 5G’s
designed and built exclusively for machines. Be- Dynamic Spectrum Sharing feature en-
cause it was made for machines, Aeris delivers the
abling multiple data streams to share
most reliable, flexible, and efficient global cellular
network for M2M data transmission available today. bandwidth partitioned in slices that may
The growth of Aeris mirrors each introduce cyber
the development and growth risk, do you feel with
of M2M communications and 5G technology comes
the Internet of Things (IoT). It
the emergence of tens
has operational reach in over
180 countries and has offic- of billions of smart de-
vices susceptible to cy-
es in the Americas (Chica-
go & San Jose), Europe (U.K.)
5G comes with the berthreats related to
and India (Delhi NCR). We promise of download IoT networks?
announced our joint venture
with Softbank in Japan in 2016 speeds of up to 10
5G comes with the promise of
known as Aeris Japan K.K., to times faster and there download speeds of up to 10
provide IoT and telematics
services globally using the is a huge concern times faster and there is a huge
concern over this for security
Aeris IoT solutions platform.
We are also part of Ventic LLC,
over this for security perspective as faster speeds
a joint venture that is the result perspective as faster may present an opportunity
for hackers to target more de-
of a long-term commitment
between Volkswagen and Ae- speeds may present an vices and launch bigger cy-
berattacks.
ris in the development and opportunity for hackers
operations of connected ve-
hicle platform technologies. to target more devices But let’s not forget that we wit-
nessed similar concerns and
Today we have 14 million de-
and launch bigger threats when the Internet was
vices managed on our IoT cyberattacks. growing and maturing to gain
the critical mass and adoption.
Platform, worldwide. Aeris is
Similar concerns were raised
at the forefront of technology
when cloud technology was at
industry, building networks
its hype. Therefore, it is quite
and applications to enable
natural that any new and ad-
Fortune 500 clients fundamen-
vanced technology will bring
tally improve their businesses.
with it a gamut of new security challenges. We need
We offer global connectivity for machines as well as
to remind ourselves that the security of the “thing” is
IoT solutions and services to multiple sectors which
only as secure as the network in which it resides. This
include Automotive, Finance & Insurance, Telecom,
includes the people, processes and technologies in-
Utilities, Manufacturing, Agriculture and more. From
volved in its development and delivery. Managing
telematics to medical devices to remote machines,
the security of 5G networks and services requires a
Aeris’ customers enjoy solutions tuned for high per-
new approach, where security is an integral part of
formance and mission-critical reliability.
the end-to-end architecture and ‘security by design’
We entered the Indian market in 2016, and with our
is a must.

22- -August
22 August2020
2020- -CISO
CISOMAG
MAG Vol 4Vol
- Issue 08 08
4 - Issue Vol 44 -- Issue
Vol Issue 08
08 August
August2020
2020- -CISO
CISOMAG
MAG- -23
23
 UNDER THE
SPOTLIGHT

You have spoken about integrating IoT Farmers adopting connected technology can tie up by BIoT has the potential to widen the lens on value
with agriculture to revolutionize the with IoT solution and service providers who allow creation beyond location, and associated benefits of • Define clear responsibilities for the players in the
them to securely provision and connect their devices low-hanging fruit such as cost savings and operation- ecosystem and institutionalize data governance.
landscape. What is the feasibility of that? to the cloud with minimum (near zero) effort and help al efficiency through improved energy management,
What is your response to the apprehen- them do this securely with identity and access man- increased level of efficiency with enhanced building • Selection of secure communication pro-
sions surrounding cyberthreats that may agement best practices being deployed during the performance and effectiveness that could distinguish tocol is required for building automa-
arise to unsuspecting farmers? entire device deployment lifecycle. buildings within a marketplace from a desirability tion systems, which can help integrate
and profitability standpoint. with enterprise management solutions.
For IoT deployments, irrespective of the industry ver- When it comes to the concept of Building
tical whether it is manufacturing or finance or agri- Internet of Things (BIoT), it is often said BIoTs can alleviate security concerns for both owners When all these systems are unified to work together,
culture or even a social sector engagement, security and tenants. Real-time monitoring can bolster inter- we have a resilient Building Internet of Things (BIoT).
that immaturity and poor definition of nal security, and specialized weather sensors provide
should never be an afterthought. In the security industry, the integration of the three
the concept are a few of the biggest risks advance warnings of adverse weather events. As the major segments has been successful to a large ex-
Keeping connected devices and their data safe starts in smart buildings. Do you think there is frequency and severity of hurricanes, floods, and tor- tent. Physical Security Management Systems (PSIM)
during device design and at device provisioning still a need for a more comprehensive un- nadoes increase under a changing climate, so does have been used for interoperability between safety &
and deployment. Deploying IoT programs at scale derstanding of threats posed on BIoT? the value of disaster preparedness and resilience. security systems including fire detection, extinguish-
calls for simplifying device onboarding processes ing, evacuation, mass notification in both large and
and reducing manual steps. A common goal is to set The Commercial Real Estate (CRE) industry is per- From a security point of view, CRE companies can small projects.
up each deployed device to immediately be able to haps uniquely positioned to implement the latest minimize the security and privacy risk that IoT tech-
communicate over networks to the right destination technologies using IoT-enabled building manage- nology presents by taking several measures men-
in the cloud. But doing that securely requires exam- ment systems (BMS) or BIoT to make building per- tioned below to become secure, vigilant, and resilient:
ining all the steps in the process and setting the right formance more efficient and also use sensor-gen-
parameters for those devices. erated data to enhance building user experience. • Use purpose-built BIoT devices or add-
The value created from the information generated ons, rather than generic IoT solutions.

24 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 25
 UNDER THE
SPOTLIGHT

BIoTs
can alleviate
security concerns
for both owners
and tenants.
Real-time
monitoring
can bolster
internal security,
and specialized
weather sensors
provide advance
warnings of adverse
weather events.

26 -- August
26 August 2020
2020 -- CISO
CISO MAG
MAG Vol 4Vol
- Issue 08 08
4 - Issue Vol 44 -- Issue
Vol Issue 08
08 August
August 2020
2020 - CISO
- CISO MAG
MAG - 27
- 27
 UNDER THE
SPOTLIGHT

With COVID-19 and employees working the post-COVID-19 world? Has the lock-
from home, there are even bigger threats down period been an enabler for security
from the IoT landscape. What are your advancements in the IoT space or has it
thoughts surrounding that? been an obstacle?

It is true that while the underlying network is rela- Having proper security in place makes common
tively easy to secure, like the internet, smart devices sense but too often this has been an afterthought. The
and sensors create an ecosystem that is complex and outbreak of COVID-19 mandated remote working of
widespread. IoT devices vary widely in their uses, and the employees with country-wide lockdowns leading
so do their security needs, which means it’s very easy to an upsurge in the Bring Your Own Device (BYOD)
to either overspend or underspend on the necessary trend, and, thus, higher vulnerability. The demand for
precautions. Each component is vulnerable, and their endpoint security rose during the lockdown period.
internetworked communication is instantaneous. That COVID-19 has accelerated the demand for managed
means a hacker can take down an entire system in a IoT security services to safeguard the data of employ-
second, long before any human or network fail-safes ees as well as organizations. In addition, regulations
can respond. A disgruntled worker could sabotage are now forcing device and sensor manufacturers to
devices during design or manufacturing. Criminals take security into account and not to ship without it –
could steal a device shipment, reprogram the devic- security by design.
es, and return the devices on their journey. A hacker
could fake a device malfunction in an existing system,
alter the device software, and then bring the device
back online — security personnel would simply as-
sume it was a minor glitch. In every case, the breach-
es might never be detected. Augustin Kurian is part of the editorial team at CISO
MAG and writes interviews and features.
Knowledge and preparedness are key determinants
for how successful any IoT security implementation
will be, even when facing the unknown. By building
comprehensive security measures into the ecosys-
tem first, before a single device is activated, you can
create a secure foundation that will last well into the
future.

With increasing cyberattacks during the

COVID-19 crisis, what are your thoughts
on the need for asset inventory manage-
ment?

For many enterprises, tracking an asset at every step

of its journey, in real-time, is a business-critical re-
quirement and the COVID-19 crisis reinforced this
hard fact to enterprises of all sizes - big and small!

Connected asset tracking solutions provide compli-

ance oversight, enhances owner / operator behav-
iors, improves productivity, and reveals granular in-
sights for optimizing operational efficiencies. With
remote tracking and monitoring, managers can make
smart decisions based on factual data, driving per-
formance, and creating significant competitive ad-
vantages for their companies.
Finally, what changes do you foresee in

28 - August 2020 - CISO MAG VolVol

4 -4Issue
- Issue
0808 VolVol
4 -4Issue
- Issue
0808 August2020
August 2020- -CISO
CISOMAG
MAG- -29
29
 INSIGHT

IoT SECURITY TRENDS &

CHALLENGES IN THE WAKE OF
COVID-19
Vikas Bhonsle
CEO, Crayon India

30 -- August
30 August 2020
2020 -- CISO
CISO MAG
MAG Vol 4Vol
- Issue 08 08
4 - Issue Vol
Vol44--Issue
Issue08
08 August 2020
August - CISO
2020 MAG
- CISO - 31
MAG - 31
 INSIGHT

F
inally, we have
arrived in the
age of an Inter-
net of Things
(IoT) ecosys-
tem, with con-
nected devic-
es deployed
in our homes,
workplace, and
public places. According to research an-
alyst Omdia’s most recent “IoT Devices
Market Tracker,” the global IoT installed
base is expected to reach 27.5 billion
in 2020, growing to 45.9 billion in 2025.
With that number of devices deployed
and even more on the way, it is anticipat-
ed that the volume of cybercrime or at-
tempts to thwart cybersecurity will only
increase. With threats from both criminal
and rival nations evolving, it is important
that defensive strategies are put in place
to protect IoT systems, especially with
threats to the digitalscape looming large.

This is again, a pre-pandemic world’s

observation. Omdia believes that indus-
trial markets will continue to drive IoT
demand, but growth in the communica-
tions and medical fields will accelerate.
Overall, only a few markets are project-
ed to remain strong amid COVID-19, and
IoT security is one of them. COVID-19
has accelerated the security trends in the
direction of integration, consolidation,
and cloud transformation. According to
an April 2020 report from IoT Analytics,
since the early months of 2020, there has
been an increase in cyberattacks that
has raised the importance of IoT secu-
rity considering the growing demand.

Securing an IoT infrastructure requires

a precise in-depth strategy that includes
securing cloud data, data integrity, data
devices, any device or system connect-
ed to a network, or that is online and
has the potential to reveal personal in-
formation to cybercriminals. Hence it is
important to ensure the security of the
IoT network of devices or appliances.

32 - August 2020 - CISO MAG Vol

Vol44--Issue
Issue08
08 Vol
Vol44- -Issue
Issue08
08 August
August2020
2020- - CISO
CISOMAG
MAG- -33
33
 INSIGHT
Cloud security tools with other cloud-hosted appli- Conclusion
cations can help scale new assets quickly, remotely
apply software patches, and integrate with other tools COVID-19 has led to a hike in cyberattacks that have
through standardized APIs with ease. Cloud connec- in turn led to a surge in the need for IoT and IoT se-
tions can on the other hand, face increasing risk of curity adoption. It is high time organizations come to
data breaches. It is, therefore pivotal for IT and se- acknowledge that pandemic or not, adoption of tech-
curity departments to do a thorough risk assessment nology has increased multi-fold, and we have now
to decide which apps should be on cloud and which moved from an also-digital to an only-digital phase.
should be on-premise. Cybersecurity must include best practices for a ro-
bust and healthy IoT ecosystem to flourish.
Security Automation with AI

There has been a huge improvement in Machine About The Author

Learning and AI technology, including AI-based se-
curity tools, which deliver better and often faster Vikas Bhonsle is the Chief Executive
outcomes. It is therefore advised that organizations Officer (CEO) at Crayon Software Experts
look for a predictive and detective strategy when it India Pvt. Ltd and has been leading it
comes to IoT security. With AI, applications can now across India since June 2014. Vikas is
be programmed to automatically trigger a reaction to an alumnus of the University of Mumbai
specific abnormalities, which is helpful when a rapid where he completed his graduation in
response is needed. The traditional Security Informa- the field of physics and did his MBA. He is
tion & Event Management (SIEM) solutions are also well versed with the disciplines of Business Management,
witnessing AI-enhancement by models that provide Sales, Marketing, Strategy Formulation, Operational
streaming data analysis and threat modelling. Management and Relationship Management with over 20
years of experience.

Procrastination towards security Shadow IoT Devices

There is a general attitude of procrastination among The COVID-19 crisis has led to another issue known
enterprises about employing security measures for as shadow IoT devices, which is when employees
their digital network and devices. When deploying working at home introduce unauthorized IoT devices
data systems in any environment, security teams tra- to the enterprise. This increases a significant level of
ditionally look for three things: speed, security, and vulnerability for the organization and its data as these
budget-friendliness. Unfortunately, organizations devices are not layered with security measures and
tend to choose only two, leaving security out of the can easily give access to an enterprise network.
equation while cost and convenience remain the
bane of data protection efforts for years to come. A leading cloud security provider reported that
during the early months of 2020, there was a 1500%
increase in IoT devices usage at enterprises. These
Strengthening Assent Inventory are unauthorized IoT devices that include digital
Management home assistants, TV set-top boxes, IP cameras, smart
home devices, smart TVs, smartwatches, and even CISO MAG did not evaluate/test the products
automotive multimedia systems. Each of these assets mentioned in this article, nor does it endorse
Organizations must prioritize to strengthen the secu-
can be used as a point of exposure to get access to an any of the claims made by the writer. The facts,
rity measures of their devices and the network, es-
enterprise network. Hence, it is crucial that IT and se- opinions, and language in the article do not
pecially during the pandemic. As data and devices
curity professionals pay heed to the digital security reflect the views of CISO MAG and CISO MAG
are getting scattered with remote working in prac-
hygiene practices of the workforces. does not assume any responsibility or liability
tice, it is vital to review corporate security strategies
for them. CISO MAG does not guarantee the
and ensure a decent overview of inventory of assets
Cloud Security satisfactory performance of the products
and IoT devices. It’s recommended to build a broad
mentioned in this article.
review of asset inventory with a much deeper knowl-
edge of individual assets including asset tracking, As most people have moved their work off-premise
traffic pattern analysis, updating the assets, and rap- since COVID-19, experts conclude that there will be
id-response in the case of a cyberattack. a massive rate of cloud adoption during this period.

34 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol

Vol44
- Issue 0808
- Issue August
August2020
2020- CISO MAG
- CISO - 35
MAG - 35
 TABLE TALK

Security patching should

be a part of a system’s
basic maintenance
procedure

A well-rounded and seasoned leader in the field of IT

& Information Security, Ashish Thapar is the Managing
I NT ERVI EW Principal leading the APJ region for Verizon’s Threat
Research Advisory Center (VTRAC). In this role he is

ASHISH THAPAR leading an expert team handling customer-facing

cyber incident response, digital forensics, electronic
Managing Principal, discovery, threat intelligence, and IT investigations.
Prior to this role, he was responsible for the business
Verizon’s Threat Research Advisory
and portfolio management of Verizon’s professional
Center (VTRAC). services (T&V, GRC, PCI) team within the APJ region.
Thapar has a long history of serving countless high-
profile clients across multiple business verticals,
assisting them with their cyber security strategy,
governance, and risk management needs.

In an exclusive interview with Augustin Kurian

from CISO MAG, Thapar talks about his journey,
cybersecurity trends across the world, ransomware
attacks, attacks against the health care sector, and
more.

36 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 37
 TABLE TALK

1. In a career spanning two decades,

you have held several key security
roles. Were you a part of security when
the security sector was at a nascent
stage in India or the APJ region? What
was the journey like? How far has the
region and its adoption of cybersecurity
evolved?

Yes, it has been almost two decades of learning,

practicing, and advising in the cybersecurity field
for me and I can say that the journey has been ex-
hilarating, challenging, and very rewarding. Specif-
ically, with respect to India, I have seen a tremen-
dous amount of positive change. I have seen a lot
of difference in the way Indian companies used to
see security many years ago compared to how they
treat security in the present times. That whole com-
pliance mind set to ensure a tick-in-the-box and
a single-track product/box centric approach has
thankfully transitioned into a more comprehensive
one focusing on all three aspects (i.e. people, pro-
cess and technology) while elevating importance
of cybersecurity as a business enabler. Cyberse-
curity is now not a function that used to struggle to
get the funding and support from the management;
instead it now enjoys board level visibility in sev-
eral companies.
In my opinion, India’s story is not very different
from many other regions, apart from some plac-
es where data security and privacy regimes have
been more mature from a legal/regulatory/in-
dustry standpoint. The RBI in particular should be
given due credit as they have done tremendous
amount of work in driving cybersecurity maturity
in the financial sector. As a practitioner in the field,
I can say that the kind of services we used to en-
gage in earlier were typical vulnerability assess-
ment, penetration testing and some assessment/
certifications. Today we support our customers on
threat hunting, advanced SOC services, cyber risk
monitoring, red/purple teaming exercises, incident
response readiness assessments, tabletop testing
and data breach investigations. The advancements
in digital adoption, organizational maturity, cyber-
security service offerings and the changes in le-
gal/regulatory landscape that have taken place in
the last decade have been phenomenal. Today we
have many countries that have enacted stringent
data security or privacy laws/regulations not only
in the APJ region but globally.

38 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 39
 TABLE TALK

2. The latest Data Breach Investigation this year we see ransomware doubling up since Janu- 3. What else were the biggest takeaways 4. In the North American region, stolen
Report (DBIR) suggests a rise in attacks ary. We do expect financial motives to move upwards from the latest DBIR? Did any trends credentials account for over 79% of hack-
or hover around the same level. Another important in- from the report come as a shock to you? ing breaches with 33% of breaches being
motivated by financial gain, up from 71% sight to look at is the espionage related cases, which
in 2019 to 86% in 2020. With the world now associated with either phishing or pretex-
are very specific/targeted and are often under-re- I would not say shock, but it did come as a surprise as
dealing with the COVID-19 situation, do ported because most of the attacks are covert and ting. Why do you think industries are still
“Errors” definitely win the award for best supporting not evolved to handle this common threat
you feel the trend will only move upward? complex in nature. Due to the sheer number, most of “action”—refer to the schema of VERIZ (Vocabulary
What does that mean for the security the times, gullible users and companies are targeted for Risk and Incident Sharing) on Github—this year. vector?
with cyber extortion, ransomware, even card holder
community? data breaches. Looking at the current social-distanc-
They are now equally as common as social breaches
I wouldn’t say that this a crisis with every industry or
and more common than malware and are truly ubiqui-
ing scenario a lot of countries will be moving very tous across all industries. Only hacking remains high- company in North America, but yes, it is the problem
DBIR is an annual publication from Verizon with inci- swiftly towards digital currency, China being the first with the laggards. The laggards are still dependent on
dents and breach data from 81 contributors global- er, and that is due to credential theft and use, which
one to launch such state-run digital currency. With we have already touched upon. Misconfiguration er- single authentication, using passwords and usernames
ly. While the DBIR 2020 is based on a 2019 dataset, this development and forced digital shift for many to authenticate their users, which is just a basic hy-
we’ve already started seeing in recent months that rors have been increasing. This can be, in large part,
companies in the unplanned work-from-home situa- associated with internet-exposed storage discovered giene measure. We need to understand that just using
the phishing attacks are leveraging the COVID-19 tion, we can expect the number of cybercrimes in- credentials is not going to sufficiently secure your crit-
chaos and have increased significantly. With refer- by security researchers and unrelated third parties.
creasing as everything will start moving towards a While publishing errors appear to be decreasing, we ical systems or data. Also, some of the industries are
ence to the DBIR report from a financial gain perspec- digital world. The data today can live anywhere, in an still not regulated and the need to adopt stringent se-
tive, we can say that activities like ransomware, social wouldn’t be surprised if this simply means that errors
end-user system, data center servers or in the cloud. formerly attributed to publishing a private document curity controls is not felt by several companies. Having
attacks, malware were already on the rise in the past Hence, the cybersecurity community should be care- said that, I think the onset of the global legislations like
few years. We are observing a mix of trends with both on an organization’s infrastructure accidentally now
ful about implementing the data-centric perspective get labelled “Misconfiguration” because the system the GDPR and other data security and privacy man-
direct and indirect financial motive gains. Currently and not only be focused on the data center security. dates have started to make a difference.
admin set the storage to public in the first place.

40 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 41
 TABLE TALK 5. DBIR also stressed that the on-going • Data Protection (CSC 13): Control access to sen-
patching has been successful against sitive information by maintaining an inventory of
sensitive information, encrypting sensitive data,
a lot of vectors with fewer than one in and limiting access to authorized cloud and email
20 breaches exploiting vulnerabilities. providers.
Should patching be the part that the in-
dustry should focus on? What else can be • Account Monitoring (CSC 16): Lock down user ac-
improved? counts across the organization to keep bad guys
from using stolen credentials. Use of multifactor
Security patching should be a part of a system’s ba- authentication also fits in this category.
sic maintenance procedure as there are numerous
amounts of vulnerabilities that get disclosed every • Implement a Security Awareness and Training
week. Patching helps in protecting where you are Program (CSC 17): Educate your users on mali-
completely exposed against known vulnerabilities. cious attackers and on accidental breaches.
Hence, patching should be a major focus and it should
be done on a timely basis as part of regular mainte- 6. The attacks on cloud continue. Now,
nance of a system/platform. But remember, patching small and medium business are becom-
would only help where the vulnerabilities are known, ing the biggest targets of the recent cloud
and the patches are available. Next level of maturity
attacks. How can you empower small and
comes when you start limiting your attack surface by
disabling services or features that are not required, medium business against cyberattacks?
disabling users that are not needed and hardening
systems with best-practice security benchmarks. There is an inherent problem seen in the way SMBs
handle cybersecurity. They do not have the same lev-
The focus would be the CIS Critical Security Controls el of management support and funding that you get
(CSC). Here are the top controls that our DBIR data to see in large organizations and if the SMB belongs
suggests will be worthwhile for most organizations: to one of the unregulated sectors, then even the worst
scenario can be expected. From that perspective,
• Continuous Vulnerability Management (CSC 3): the SMBs should at least follow the 80/20 rule, where
Use this method to find and remediate things like 80% of the protection can be built with just 20% of
code-based vulnerabilities; also great for finding the safeguards and with minimal financial invest-
misconfigurations. ments. These safeguards can be spread across the
three key focus areas, namely protect, detect and re-
• Secure Configurations (CSC 5, CSC 11): Ensure sponse. SMBs can also look at adopting “security by
and verify that systems are configured with only design,” which may not require very expensive tech-
the services and access needed to achieve their nology but can surely leverage inherent procedural/
function. governance security controls. Simple but effective
counter-measures such as, but not limited to imple-
• Email and Web Browser Protection (CSC 7): Lock menting robust security policy, segregation of duty,
down browsers and email clients to give your us- least privilege principle controls and not storing data
ers a fighting chance when facing the Wild West that is not needed, can go a long way in securing an
that we call the internet. SMB. They can also look at other emerging avenues
like cyber insurance where they can get some level of
• Limitation and Control of Network Ports, Protocols in-built security protection controls as part of the pol-
and Services (CSC 9): Understand what services icy coverage. SMBs should also leverage government
and ports should be exposed on your systems, provided cybersecurity expertise, public/private ex-
and limit access to those. pertise and evaluate some of the niche open source
security tools available in the market.
• Boundary Protection (CSC 12): Go beyond fire-
walls to consider things like network monitoring,
proxies, and multifactor authentication.

42 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 43
 TABLE TALK

7. During ransomware attacks there is an upward

trend where hackers are targeting backups and
even NAS devices. How can there be a tighter
airgap?

The aim of a ransomware attack is to destroy data and its

copies so that the organization possessing the data gets
crippled completely. Health care and educational institutions
are increasingly being attacked with ransomware. The
digital adoption in the health care sector that was meant to
save human life, is now under attack, which could be life
threatening as encrypting data belonging to patients in
critical condition could hamper their timely treatment. There
is a simple defense mechanism to such attacks. The first
obviously being, implementing the CISCSC and second is
to actually make sure that you have very robust backup and
disaster management strategies in line with your recovery
time objective and recovery point objectives. Thirdly, make
sure that the ‘write’ access to your file servers and NAS storage
locations is not open to everyone and is marked “read only”
as per strict least privilege principle. Lastly, segregation of
network is important to make sure that you aren’t operating
in a wide-open playground lateral movement of any threat is
restricted to some extent.

8. With the COVID-19 situation upon the world,

there is an alarming amount of attacks on the
health care sector. How can we change this
trend? Because at the end of the day, we need
our hospitals to be safe.

We see that health care sector is increasingly coming

under attack. As per DBIR 2020, Miscellaneous Errors, Web
Applications and Phishing or Business Email Compromises
represent 72% of breaches in the health care sector. Majority
of the data under attack in the health care sector is personal
data followed by medical data and credentials. Unless you
really protect data at its core, no matter how many network
level protection or endpoint level protections you put in,
it won’t really keep you secured for too long. Further, the
organizations must conduct a proper risk assessment to
prioritize your investments and focus on the issues that matter
the most—and accordingly mitigate the risk or bring the risk
to an acceptable level. I would also recommend that health
care organizations follow the defense-in-depth approach to
safeguard their critical systems and data. Our research shows
that increasing the number of layered controls—in essence
the number of steps that an adversary has to clear—could be
very effective in decreasing the probability of occurrence of
a data breach.

44 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 45
 KNOWLEDGE
HUB

Raghunath Venkat Thummisi

Founder & CEO, Cannon Cyber

46 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 47
 KNOWLEDGE
HUB

I
ndustries across the spectrum are em-
bracing the emerging possibilities of IoT
and the connected device ecosystem.
The benefits of IoT include unlocking the
potential of analyzing real-time, historical
behaviors of the edge devices for effec-
tiveness, better management, and pro-
ductivity by connecting edge traffic to
the cloud. The recent innovation in increasing the
“bandwidth of the pipe” has enabled bulk uploads
through networks and begins a new chapter in de-
ciphering the Internet of Everything. In the past,
the focus has been on enabling the faster move-
ment of edge data to the cloud, however, not much
focus has been laid upon two very important as-
pects of data: the quality of the data ingested and
the potential vulnerabilities that can present itself
as backdoors.
Critical Industrial Automation systems stand apart
in terms of the complexity, associated legacy
technologies, and the established governance
when it comes to monitoring and management.
Critical infrastructure grids such as utility, power,
and nuclear don’t push data at the same intervals
as other IoT systems do. Moreover, legacy
protocols are still in use for communication in
many industries, one example being the industrial
automation space where we grapple with ModBus,
ProfiBus, and Fieldbus communication technology.
This opens up a large surface for security attacks
across endpoints. The increasingly mandated
regulatory compliances for IoT security aim to
pre-empt the threats posed by cybercriminals who
take advantage of the legacy, siloed technology
stack, and protocols to launch network-based
endpoint attacks and threaten large asset bases
of organizations. IoT and connected devices need
to reassess methods by which the attack surface
can be minimized, which is the focus of the ISA99/
IEC622443 security standards for Industrial
Automation Systems.
Breaching IoT devices allows attackers to build
networks across an army of connected devices that

48 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 49
 KNOWLEDGE
HUB
can be used to launch massive Distributed Denial-
of-Service attacks to bring down large omnichannel
platforms. The above example represents only the
tip of the iceberg in terms of the challenges that
IoT security practitioners face; creating the need
for all the associated entities in an IoT security data
chain to come together and build a robust security
infrastructure that reassesses North-South traffic.
The paradigm changes taking place in designing
an effective and secure IoT infrastructure has to
explore an IoT-native architecture and not merely
transpose tools from typical software architectures.
As an example, network firewalls are a critical
security gatekeeper in traditional infrastructures.
However, the same doesn’t hold true when we
explore the Industrial Automation devices or
Industrial IoT (IIoT). Connected devices in industrial
automation have been there for decades, however,
the know-how needed for managing completed
critical Infrastructure grids and nuclear installations
has been the responsibility of operational teams.
The IT and operational teams have been brought
together to build effective and high-response teams,
but they come with a price of negatively affecting
the decision-making of cybersecurity teams staffing
the security infrastructure and hence delaying
an effective response to the incoming attacks.
Management of the edge devices requires a different
approach that prioritizes securing each connected
endpoint, to protect against the possibility that the
breach of a single device opening a backdoor into
other systems.
Traditional designs of deploying a combination of
firewall policies, access control lists, and virtual pri-
vate network nodes complicates an IoT infrastruc-
ture, rendering it suboptimal. Excessively intricate
IIoT infrastructures with a dynamic network flow may
create additional junction points that necessitate the
deployment of additional firewall points, sometimes
numbering in the hundreds or thousands. A better
approach may be to explore endpoint segments and
access management.
The above scenarios call for better management,
mandates, and regulations to explore holistic design
and deployment.

50 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 51
 KNOWLEDGE
HUB

Manageability - A driving factor in the

effective design of IIoT security

Given the increasing vulnerabilities, patch man-

agement, hotfixes, and upgrades as we know them
in the traditional software world prove much more
critical in IIoT infrastructures. Also, given the re-
mote deployments, production instances, and
complex environments governed by underlying
dependencies, “re-fueling in-flight” essentially
figuring out a hybrid approach on rolling the up-
grades as soon as possible, must be achieved. For
example, the time for deploying a hotfix for a par-
ticular CVE is much more cumbersome depending
on how far apart the endpoint devices are located
and if they are within the realm of online patch up-
dates.

Better Support and User Experience

We see that often, most devices are shipped

with default, factory-set passwords that can’t be
changed, while some IoT vendors make it harder
for customers by not having a simple UI to navi-
gate. Product support is another area of challenge,
especially with smaller vendors, which makes it
harder for customers to have a secure perimeter.
Hence, it is imperative for IoT vendors to have a
mechanism to better deploy authentication using
unique credentials on every device, including de-
signing an organization, specific passwords, and
secrets management system while enabling their
customers to better utilize the product features
through ongoing device security and management.

Now, let’s focus on some of the most prominent IIoT

Security Attacks:
1. Firmware Hijacking: Firmware vulnerabilities
and a lack of consistency in frequent updates
presents an opportune moment for an attacker
who may leverage vulnerabilities to hijack de-
vices and launch a more coordinated attack.

52 - August 2020 - CISO MAG Vol

Vol444---Issue
Vol Issue 08
Issue08
08 Vol 4 - Issue 08 August 2020 - CISO MAG - 53
 KNOWLEDGE
HUB
2. Distributed Denial of Service (DDoS): DDoS attacks
present a serious risk of critical applications being com-
promised by attackers and losing access to key control
systems governing the critical infrastructures. While
these types of attacks might not necessarily steal data,
the possibility of losing access to critical systems may
yield catastrophic results. Some of the largest known
DDoS attacks in history were based on IoT devices
3. Botnets: Cybercriminals devise botnets by hijacking
IoT devices, infecting them with malicious code, and
using them as a command center to launch attacks
across the device ecosystem and expose the entire net-
work. The largest known Botnet attack that occurred in
2016 when the Mirai botnet literally brought down the
internet including a host of businesses across different
geographies was a result of the botnet launch leverag-
ing unsecured security cameras
4. Port 7547 : Attacks targeting this port are well known
and there are millions of devices with this flaw. This
trend continues despite high visibility through several
recent incidents that were targeted at a leading tele-
com provider’s routers, debilitating the network for a
long time.
5. Malicious packets: Injecting malicious snippets of code
or packets and taking control of important applications
isn’t new, but this presents a much larger challenge in
IIoT ecosystems where attacks in a similar situation
might lead to a complete, dangerous override of our
critical infrastructures.
6. Network packet sniffing: In this type of attack, a hacker
intercepts network traffic in order to steal sensitive in-
formation via a weakened connection between an IoT
device and a server. Eavesdropping typically occurs
by listening to digital or analog voice communication
or via the interception of sniffed data. The attacker
could walk away with sensitive, corporate data using
this method. Taking advantage of the legacy Layer 7
level communication protocols, attackers can secretly
intercept messages by deceiving either party.
7. Brute Force: Scripting and guessing password patterns
and increasing the attack surface upon gaining control
presents endless opportunities to cause harm. While
there are ways to mitigate them with multi-factor au-
thentication and key management systems, it is import-
ant to propagate this technique into IIoT ecosystems.

54 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 55
 KNOWLEDGE
HUB

About The Author

And then there is the advent of 5G… Virtualized 5G ecosystems provide an opportunity
for new services that can be delivered with no in- Raghunath Venkat Thummisi is a
Quantum speeds and versatility in data traffic through
stallation or upgrading required at the subscriber’s passionate product builder, Security
5G Networks presents a generational set of oppor-
premises, quite literally moving the upgrade and practitioner and Evangelist focused on
tunities for making enterprise systems faster and building the next generation Security
monitoring to a real-time delivery mode. Hence,
smarter. However, this comes with risks in terms of Products for businesses who are
there is a big opportunity for security solutions oper-
dealing with newer adversaries through cybersecu- experiencing a rapid change in their
ating at the network tier to discreetly sniff suspected Security perimeter. Venkat’s experience
rity. As 5G is now quickly shaping up to be a global
packets and block using behavioral patterns driven is in building scalable Infrastructure Cloud Native SaaS
reality and already in action in select countries, it is
by Artificial Intelligence and Deep Learning. These Products with focus on Security across the landscape from
now possible that it will completely disrupt IoT con-
services can be managed by service providers to Core to Edge. In doing so, he has built strategic ecosystems
nectivity, and more specifically, IoT security. of Customer and Channel partnerships. His experience
deliver an additional layer of security for their edge
spans big companies such as EMC, RSA, Trizetto as well as
devices.
his current startup (Cannon Cyber). He is a contributing
5G security - an unknown proposition IoT based cyber-attacks continue to grow and the lev- member of Forbes Technology Council and CISO MAG,
el of malware signals continues to grow at thrice the he loves to be in the midst of action advising emerging
5G’s bandwidth and speed give rise to the prospect
startups to foster innovation.
of new threat vectors within networks which could re- pace. This is a challenge and opportunity to innovate
sult in increased sophistication in security attacks. It ground-breaking security products more rapidly and Disclaimer: Views expressed in this article are personal.
is a great opportunity for telecom service providers keep pace with the attack engine if not overpower The facts, opinions, and language in the article do not
to think about enhanced security frameworks em- them. Remember, Cybersecurity is probably the only reflect the views of CISO MAG and CISO MAG does not
space where both the problems and solutions are assume any responsibility or liability for the same.
bedded in the 5G service delivery network to pro-
vide better security hygiene for their customers. equally funded!

56 - August 2020 - CISO MAG Vol

Vol 44 -- Issue
Issue 08
08 Vol 4 - Issue 08 August 2020 - CISO MAG - 57
 COVER STORY

UNDERSTANDING THE IoT

THREAT LANDSCAPE
Dick Wilkinson
Chief Technology Officer,
New Mexico Judicial Information Division

5858
- August 2020
- CISO MAG - CISO MAG
- August 2020 Vol 4 - Issue
Vol 08 08
4 - Issue Vol
Vol44
- Issue 0808
- Issue August 2020 - CISO MAG - 59
T
he Internet of Things has Home users will find that popular devices come with remote devices that control water and electricity. Re- to current global cellular subscriptions but will in-
thoroughly permeated our known vulnerabilities. Items such as remote-con- mote Operational Technology devices pose signifi- crease as the networks expand. The devices on these
lives. This ever-expanding trolled door locks have been shown to allow attackers cant threat even while simply being turned off and networks will increasingly become vehicles, medical
attack surface presents to disengage the lock with fake credentials. In 2019, not producing readings. The research group called equipment, and remote sensors. Remotely controlled
some unique challenges the Ring doorbell company faced continuous scrutiny the X-Force at IBM have monitored attacks on indus- surgical procedures and medical devices create an
to security professionals. as videos of unsuspecting victims started to appear trial systems and report a 2000% increase since 2018. entirely new security concern. Autonomous vehicles
This secondary network online. Ring devices in people’s homes were hijacked In May of 2020, German officials claimed that a Rus- will use 5G to direct themselves on the road along-
has suffered the same remotely, and the attackers spoke to the homeown- sian hacking group had compromised the networks side human-driven vehicles. The blazing fast speed
neglect as our primary ers through their security systems. One disturbing of energy, water, and power companies in Germa- of 5G will enable hundreds of everyday items to be
devices when it comes instance saw an attacker trying to convince a child to ny by exploiting IT supply chains. The end game of digitally connected and monitored. Ericsson states,
to security and controlling risk. The devices lend leave their bedroom through the window, by speak- this type of infiltration is likely targeted at disrupting “5G is the foundation for realizing the full potential
themselves to poor security in both design and the ing to them through an IoT camera installed in the the functions of IoT devices in critical infrastructure. of IoT.” Attacks on these remote devices are sure to
way we use them. When you turn on your TV, you do bedroom. Always-on listening devices raise privacy Gaining a foot hold in an OT network can be difficult follow quickly. In our current pre-5G networks, at-
not wonder how secure it is; you just watch TV. The concerns, as smart speakers and televisions have for attackers due to heavy segregation present in tacks on these devices usually require close access
awareness of any security threat these devices may been shown to respond to incorrect commands and these networks but persistence and stealth can lead within the range of any radio frequency aspect of the
present is lacking because you do not see a comput- make recordings of conversations without the user’s to compromise that is not detected for years. device, such as Wi-Fi or Bluetooth. 5G will enable
er; you see a classic electronic device that has been consent. Inaudible commands have also been found similar attacks with a significant difference, a global
enhanced. Even in the industrial end of this market, to turn on some listening devices and enable func- The rise of 5G networks around the world will see reach through high-speed data networks. Developers
the devices are “set and forget” — you turn on a sen- tions to be executed without the owner’s knowledge. an explosion of connected devices, many of which and manufacturers have the chance to act now and
sor and if it doesn’t fail, you may never touch it again. Many consumers are still unaware of these risks. will not be cell phones (they could be sensors, for build security with these devices before something
As a consumer and a security professional, it is easy instance). Mobile device manufacturer Ericsson pre- catastrophic happens. Security will become a sales
to overlook the threat associated with an IoT device. The attacks that have grown out of this space are not dicts 550 million 5G subscriptions will be in place enhancement to these 5G connected products.
Unfortunately, malicious actors have realized that IoT simply a nuisance to home users. The most danger- by 2022. That number may seem small compared
devices are a prime target for some unique attacks. ous critical infrastructure attacks are focused on the

60 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 61
 The rise of 5G
networks around
the world will see
an explosion of
connected devices,
many of which will
not be cell phones
(they could be
sensors, for instance).

Vol 4 - Issue 08 Vol

62 - August 2020 - CISO MAG
62 - CISO MAG - August 2020 Vol 4 - Issue 08 Vol 4 -4Issue
- Issue
0808 August
August 2020
2020 - CISO
- CISO MAGMAG
- 63- 63
 COVER STORY
Establishing a security baseline
ture. Look for ways to make sure the device does not
Specific security concerns respond to an unsolicited handshake or paging calls An emerging trend in the IoT manufacturing market
from Wi-Fi or Bluetooth devices. These tips are very is seeking an independent product verification to
As a security professional in your organization, you device-dependent and may not be available in every bolster the security profile of new devices. Groups
have the task of not losing sight of your IoT devices setting, but you should strive to implement them and such as the IoT Alliance Australia bring key industry
and making sure they are considered in every part make security a priority when choosing the type of stakeholders together to establish a security base-
of your risk control plan. The most critical item is un- device you will use. line and technical benchmarks. In coordination with
derstanding how these devices change your attack
academia and electronic test facilities, a vendor can
surface. Your network now includes light endpoints
seek a Trust Mark to show customers they are serious
that rarely have a human interacting with them. These
about security. Watch your local market for develop-
endpoints have some degree of permission and cre-
ing these testing groups and explore products that
dentials on your network and have multiple ways to
have gone through the rigor of independent verifi-
communicate with other devices. The risk associated
cation.
with this cannot be understated. If a malicious actor
takes control of this device, they may leave it func-
Now that you have controlled your attack surface and
tioning correctly and masquerade on your network
made sure to pick the best device, consider the rest
as this device. This traffic will be lateral movement
of the picture for your network security controls. Your
and may be hard to detect because it is coming from
deployment may consist of 2 or 3 remote sensors, or
an authorized endpoint device. If anomalies or dis-
100 new smart streetlights in your smart city grid, and
ruptions happen, you are unlikely to suspect that the
management techniques you’ll want to implement
electronic badge reader exploits your Wi-Fi to sniff
will be determined by both the use case and the size
and export packets. That scenario is last on the trou-
of the footprint on your network. IoT devices can be
bleshooting checklist for most organizations, and at-
managed in an identity-based method by assigning
tackers know this is the case.These devices must be
them a specific type of limited access credential to
included in your asset management plan and your
your overall network. Traffic management schemes
threat-focused attack surface evaluation. Don’t forget
could limit the overall bandwidth allowed for use on
about them and keep them inventoried and main-
this network segment. That technique could throttle
tained.
Denial of Service attacks that IoT devices are some-
times used for because if you notice a bandwidth ex-
Once you are confident that you can control your ex-
cess, something is probably wrong. When possible,
panded attack surface, you should then focus on the
limit these devices’ ability to connect to other devic-
features in the devices themselves. The computing
es autonomously. Do not use IoT devices in secure
power in most IoT devices is at an absolute minimum;
or classified environments as the risk usually cannot
this means you probably won’t have much user inter-
be mitigated enough to ensure that vulnerable net-
face. You may have a separate software application
works are not threatened. If possible, turn off all radio
that controls the device, or it may have only two or
communications and hardwire the device. One basic
three necessary buttons on the hardware, and no user
example would be making sure your smart TV has a
interface at all. The low computing power and lack of
cabled connection instead of Wi-Fi. The most crucial
basic interface can lead to security concerns. Some
aspect, in the end, is not to forget that these items are
devices come out of the box with no ability to perform
out there on your network.
a software update or patch. Most devices come with a
default password or pin code that can’t be changed.
Do schedule maintenance checks on this equipment.
Very basic devices may not support any type of en-
Physically inspect the devices for tampering, and
cryption on their radio links such as Wi-Fi or Blue-
check the vendor’s website or materials to see if a
tooth — or may be stuck at an older standard with
new software version is available. IoT devices may
no ability to update. These limitations pose an equal
require additional steps to load any software updates
risk for your organization. The benefit of the device
and may not support remote uploads. Test your se-
needs to be weighed against the risk it may present.
curity controls internally by trying even the most
You do have some ways to control the device-based
basic penetration tests against them; you don’t need
risk. You can place a premium on your purchase de-
special skills to make a Wi-Fi connection. With some
cisions by making sure you buy modern IoT devices
planning and periodic checking, IoT devices can
that support at least the basic user control level, such
add significant benefits to your organization. Con-
as changing a pin code or password to access the de-
venience features and limiting travel to remote sites
vice. If a device has a secondary control application,
can save you time and money. The security manager
you have confidence that the application can incor-
should not be afraid to deploy IoT systems but must
porate more security features and updates in the fu-
do so carefully and with the right controls.
64 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August2020
2020- -CISO
CISOMAG
MAG- 65
- 65
64 - CISO MAG - August 2020 Vol 4 - Issue 08 Vol 4 - Issue 08 August
 COVER STORY

RIPPLE 20 ADVISORY
A group of 19 vulnerabilities has been recently published describing a series of problems
lurking in a significant portion of the Internet of Things and remote device products on
the market today. The cybersecurity research group JSOF (https://www.jsof-tech.
com/ripple20/) based in Jerusalem, published their findings that covered a group
of zero-day threats and some further developed, but acknowledged vulnera-
bilities. While the CVE list is 19 items long, the name Ripple 20 comes from
the year 2020, and the long ripple effect expected from the supply chain
dispersal these vulnerabilities have enjoyed.

The vulnerabilities are found in the software code that controls how
many IoT devices communicate via TCP on the network. The origi-
nal code library was produced by the company Treck and is used
extensively as a code base for many different products. As the
code was passed around from various vendors and devices,
over the course of 20 years, the code library has found its way
into every industry sector. This code is present in Industrial
Control Systems, medical equipment, home use IoT devices,
critical civil infrastructure, and unfortunately, the list contin-
ues. The supply chain reusing this code makes sense. If you
have object-oriented software development and know the
TCP block works, why would you rewrite it? Reusing reli-
able code is standard practice, and Ripple 20 certainly will
not be the last example of how this practice could lead to
problems.

The current impact is the IoT industry playing catch up

and discovering just how many ways this impacts different About The Author
customers. Some devices have already seen software patches
released, and the various vendors are still researching how Dick Wilkinson is the Chief
best to remedy these vulnerabilities in their products. Older Technology Officer on staff
products are less likely to support patching, and mitigation with the Supreme Court of New
may require other security controls. Threat vectors and potential Mexico. He is a recently retired
risk scenarios are also still being identified. Research is ongoing Army Warrant Officer with
to determine how different industries face different levels of risk 20 years of experience in the
associated with Ripple 20. JSOF is presenting at BlackHat in August intelligence and cybersecurity
of 2020 to discuss their own new research into the vulnerabilities field. He has led diverse technical
missions ranging from satellite operations, combat
with additional whitepapers covering attack scenarios forthcoming.
field digital forensics, enterprise cybersecurity as
well as cyber research for the Secretary of Defense.
Network scanning tools have added the Ripple 20 label and can effective-
ly search your network for this vulnerability group. Scanning to discover the
Disclaimer: Views expressed in this article
problems and use-based mitigation factors will be needed to assess your own
are personal. The facts, opinions, and language
organization’s risk thoroughly. Do not assume you don’t have any of these devices;
in the article do not reflect the views of CISO
IoT devices have saturated most modern workspaces in the form of HVAC and ther-
MAG and CISO MAG does not assume any
mostats, badge readers, electronic parking garage gates, security cameras, etc. The only
responsibility or liability for the same.
way to know for sure is to scan, assess your risk, and react.

66 - CISO MAG
August - August
2020 - CISO2020
MAG Vol
Vol44
- Issue 0808
- Issue Vol
Vol 4
4 -- Issue
Issue 08
08 August
August2020
2020- -CISO MAG
CISO - 67
MAG - 67
 REWIND << JULY

Top Newsmakers and the Hottest Cybersecurity News of the Month.

68 -- CISO
68 August 2020
MAG - CISO2020
- August MAG Vol
Vol44
- Issue 0808
- Issue Vol 4
Vol 4 -- Issue
Issue 08
08 August
August 2020
2020 - -CISO
CISO MAG
MAG - 69
- 69
 REWIND << JULY

A
lthough metamorphically, many However, cybersecurity company Virus Total claimed
cybersecurity experts believe that that it had certain evidence which clearly points out
“there is a Snake under Honda’s hood.” that Honda’s internal server has been encrypted
Yes, you read it right! Operations of with Snake ransomware and the cybercriminals have
the Japanese automobile giant, Honda, demanded a ransom in exchange of the encryption
were reportedly disrupted in parts across Europe, key. At this point, it is unclear as to how many systems
Japan, and the U.S. due to Snake ransomware (also were exactly being affected, but Snake ransomware
dATA breach known as EKANS). operators are notoriously known to copy critical data
before encrypting it for leveraging negotiations with
A report from NBC News stated that the ransomware the victim.
attack was first discovered in the late hours of Sunday

IS THERE A “SNAKE”
night (June 7). Owing to the security crisis, the Earlier this year, a threat intelligence report from
operations on certain production units of Honda in security firm Dragos uncovered that the Snake is
Europe was put on hold. ransomware targeting industrial control systems
(ICS). Researchers said, Snake was the first of its

UNDER HONDA'S HOOD?

Honda Confirms Disruption kind file-encrypting malware customized to infect
Honda’s spokesperson confirmed the security the network systems that control operations in
incident but did not exactly mention the type manufacturing environments.
and motive behind the cyberattack. He said, “On While investigating, researchers found a list of
Sunday, June 7, Honda experienced a disruption command processes linked to ICS operations. This
in its computer network that has caused a loss of disrupted the ICS processes on victims’ devices and
Mihir Bagwe, connectivity. We have canceled some production allowed cybercriminals to deploy the ransomware
today (Monday, June 8) and are currently assessing and compromise the targeted devices asking them
Techninal Writer, CISO MAG the situation. At this point, there is no effect on either for a ransom.
Japanese production or dealer activities, and no
customer impact. In Europe, we are investigating to
understand the nature of any impact. We can confirm
some impact in Europe and are currently investigating
the exact nature.”

70 -- CISO
70 August 2020
MAG - CISO2020
- August MAG Vol
Vol44
- Issue 0808
- Issue Vol 4
Vol 4 -- Issue
Issue 08
08 August
August 2020
2020 - -CISO
CISO MAG
MAG - 71
- 71
 REWIND << JULY

K
ELA, a darknet intelligence firm
discovered that a hacker group
“KelvinSecurity” compromised the
personal information of 384,319 BMW
customers in the U.K. and put them for
dATA breach sale on various darknet forums, SC Magazine reported.

The hacker group claimed that they got the BMW

database from a call center that handles customers’

DATA BREACH AFFECTS

information of various automobile brands. The stolen
database contains over 500,000 customer records
dated between 2016 and 2018, affecting U.K. owners of
other car manufacturers, including Honda, Mercedes,

384,319 BMW SEAT, and Hyundai in the U.K.

The exposed BMW owners’ information included

CUSTOMERS IN THE U.K.

sensitive information such as surnames, email iDs,
vehicle registration numbers, residential address,
dealer names, car registration information, names of
dealerships. KELA also discovered multiple databases
exposed by KelvinSecurity, including data related
to the U.S. government contractors and the Russian
Rudra Srinivas military weapons development. The hacker group also
Feature Writer, CISO MAG exposed over 28 databases on various darknet forums
for free, affecting organizations in Iran, Australia,
Mexico, U.S., Sweden, Indonesia, and France.

OceanLotus Targets BMW

Earlier, a notorious APT hacker group “OceanLotus”
compromised the network systems of BMW and
installed a hacking tool known as “Cobalt Strike” to
spy and control its systems. According to a research
report from Bayerischer Rundfunk, the attack was
traced back to state-sponsored hackers from Vietnam.
Security analysts from BMW stated that they identified
the hacker’s penetration into their company’s network
system.

BMW took down the compromised computers and

blocked the path that was used by hackers to penetrate
the network. To get access to other computers, hackers
created a fake website that gave the impression of
belonging to the BMW branch in Thailand, as they
can monitor networks and find out which folders and
files that users logged in. The report also claimed the
hackers behind the BMW attack targeted the South
Korean automotive manufacturer Hyundai.

72 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4

4 -- Issue
Issue 08
08 August
August 2020
2020 - -CISO
CISO MAG
MAG - 73
- 73
72 - CISO MAG - August 2020 Vol 4 - Issue 08 Vol
 REWIND << JULY

T
hreat actors are finding innovative “Cofense observed the use of several compromised
methods to phish people into clicking/ accounts used to send this campaign. Using a
downloading malicious links or entering compromised real account originating from Office
sensitive information on fake forms. 365 allows the email to bypass email filters that rely
phishing In a recent security discovery, the
Cofense Phishing Defense Center (PDC) found that
on DKIM/SPF. The story in this phish is a version of
a classic lure: “suspicious activity on the user’s bank
cybercriminals are using calendar invitations to account.” This attachment, however, does not jibe
launch phishing attacks. with the ruse considering it’s a calendar invite. A
more fitting lure would have been something like: “I
Researchers at Cofense found a new phishing attached a meeting invite; can you please attend,” the

HACKERS HIDE
campaign to target enterprise email environments researchers said in a statement.
that deliver .ics calendar invitations, which contain
phishing links in the email body with the subject Google Calendar Scam
“Fault Detection from Message Center,” from a sender

PHISHING LINKS
named “Walker”. The hackers used a compromised Threat intelligence and cybersecurity firm Kaspersky
email account of a school district to bypass email stated that scammers made phishing attacks, by
filters. abusing Google Calendar services, to trick users into
giving away sensitive information like passwords,

INSIDE .ICS
The Phishing Page card details, and other financial data. Several
unsolicited pop-up calendar notifications were sent
The fake calendar invitation contains a malicious to Gmail users by cybercriminals as a sophisticated
URL, hosted on Microsoft’s SharePoint site, and also spam email attack. The calendar phishing emails

CALENDAR
displays another link that redirects the user to a exploit the automatic addition and notification of
phishing site. When a user clicks on the calendar calendar invitations feature for people using Gmail
invitation, it redirects them to a document hosted on their mobiles.
on the SharePoint site, which contains yet another

INVITATIONS
malicious link. In case the victim clicks on the second
link, they are redirected to a phishing website hosted
by Google that looks like a legitimate Wells Fargo
banking login page. The bogus page asks the users
to enter their sensitive information like login details,
account numbers, PIN, and email credentials. After
entering all the sensitive information, the user will
Rudra Srinivas be redirected to the actual Wells Fargo login page to
make the user believe that their account is secured.
Feature Writer, CISO MAG

74 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4

4 -- Issue
Issue 08
08 August
August 2020
2020 - -CISO
CISO MAG
MAG - 75
- 75
74 - CISO MAG - August 2020 Vol 4 - Issue 08 Vol
 REWIND << JULY

S
ecurity researchers from cybersecurity
firm Wizcase discovered misconfigured
databases leaking millions of records
belonging to five dating service providers
in the U.S. and East Asia. Wizcase stated that
the leaky databases were hosted on the Elasticsearch,
MongoDB, and AWS bucket servers that are made
available online without password protection.

Breaches Found
A 17 MB database of the U.S.-based dating service
CatholicSingles.com exposed 50,000 user records
including names, contact details, email addresses, billing
addresses, age, gender, occupation, and education
details. Another U.S.-based dating site Yestiki exposed
43,000 records (352 MB) that contained users’ names,
contact details, addresses, GPS location data, user ratings,
and activity logs.
The South Korean dating app SPYKX.com leaked over
data breach 37,000 users’ records (600 MB) via an unprotected
Elasticsearch server. The exposed data included emails,
phone numbers, cleartext passwords, dates of birth,
gender, education, and location data. Japan-based dating

DATA
apps Charincharin.net and kyuun-kyuun.com owned
by the same company exposed 102 million user profiles
including users’ mobile device details, email addresses,

BREACH
and search preferences.
One more U.S.-based dating app Blurry leaked around
77,000 users’ private messages (3667 MB), including

AFFECTS social media and contact details.

In addition, WizCase’s security team discovered six more

MILLIONS
unsecured servers that contain information from different
dating apps and sites. However, the researchers stated
that the owners of the servers are yet to be found. “This

OF DATING
information could have been collected through a process
known as web scraping, but this could only explain some
of the data, as parts of it do not appear to be from internet-
facing web pages,” the researchers said.

APP USER Security Incidents from Dating Apps

RECORDS
Dating apps have been a prime target of hackers. A
research by Kaspersky Lab revealed that dating apps
transmit unencrypted user data over the insecure HTTP
protocol risking user data exposure. According to the
researchers, the reason for the vulnerability was because
the applications used third-party ready-to-go advertising
Software Development Kits (SDKs), popular among
advertising networks. Attackers also used dating apps
Rudra Srinivas to infiltrate smartphones used by military personnel.
Feature Writer, CISO MAG Earlier, hackers honey-trapped the U.K.’s Royal Air Force
(RAF) personnel by hijacking an RAF airwoman’s Tinder
profile. They also reached out to another RAF serviceman
to get details of the F-35 stealth fighter from him.

76 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4

4 -- Issue
Issue 08
08 August
August 2020
2020 - -CISO
CISO MAG
MAG - 77
- 77
76 - CISO MAG - August 2020 Vol 4 - Issue 08 Vol
 REWIND << JULY

U.s. elections
Even though elections have been at the forefront

BIDEN UPS THE of cyberattacks, lately, the concept of a CISO for

a campaign is still a novelty. This was even after
Russian hackers exposed emails of Hillary Clinton
in the 2016 elections.

CYBERSECURITY GAME The upcoming election has already witnessed a slew

of cyberattacks targeted against it. A recent survey
stressed that 70% of cybersecurity professionals

AHEAD OF ELECTIONS most likely believe their local governments cannot

defend election infrastructure against cyberattacks
from domestic and foreign threat actors.
The majority of cyberattacks targeting election
Augustin Kurian campaigns come from automated machines that
inevitably spread information and direct attacks on
Sr. Feature Writer, CISO MAG the vote-counting systems. Industry experts opine
that the ongoing pandemic brings additional security
hurdles to the election season. It is suspected that
cybercriminals might take advantage of the crisis to
spread false information and initiate cyberattacks,
making security experts concerned about election
data protection.
“When we think about threats to the upcoming
elections, I would break them up into two groups.
For undermining the election, disinformation
operations supported by cyber operations pose
the greatest threat,” said Marcus Fowler, Former
CIA executive, and currently Director of Strategic
Threat at AI security firm Darktrace, in an exclusive
interview with CISO MAG. “Adversaries looking to
hack a campaign to get the upper hand will likely be
going after the information that could reputationally
damage a candidate. This is less about broad

W
disruption or undermining trust, and more about
ith four months toward the cybersecurity positions with the State of Michigan, swaying individual voters and out-maneuvering a
Election Day, and several the Department of Homeland Security, and Ford campaign. One would hope that we don’t see this
state-sponsored cyberattacks Motor Co. Chang was a senior engineer on Hillary type of targeting between campaigns, as we have
already targeting the 2020 Clinton’s 2016 presidential campaign and worked enough to worry about from foreign actors”
election, cybersecurity for the Democratic National Committee’s voter
has taken the center stage. The presumptive protection team during the 2018 midterms. He added,“As for best practices, the most immediate
Democratic nominee for President, Joe Biden, hired step that needs to be taken is that state and federal
former White House cybersecurity official Chris “Biden for President takes cybersecurity seriously agencies and municipalities need to review their
DeRusha as the CISO for his election campaign and and is proud to have hired high-quality personnel processes and communication plans around a
Jacky Chang as Chief Technology Officer. with a diverse breadth of experience, knowledge, ransomware event, especially one conducted around
and expertise to ensure our campaign remains the election that could have an impact on voting. I
DeRusha is a credible cybersecurity executive secure,” the campaign said in a statement. “Jacky think State, Local, and Federal agencies need to
with experience in managing federal and state and Chris will be central to strengthening the be more strategic–resourcing their cybersecurity
government programs, coordinating cybersecurity infrastructure we’ve built to mitigate cyberthreats, teams more efficiently and more in-line with the
operations, and developing and implementing bolster our voter protection efforts, and enhance current threats, and leveraging technology that will
strategy and governance. Prior to this, he was the overall efficiency and security of the entire help buy back time for their security teams through
an advisor to the White House and also held campaign.” autonomous response and investigation.”

78 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 79
78 - CISO MAG - August 2020 Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 79
 REWIND << JULY

I
n a lethal strike to Twitter, Bitcoin scammers
successfully hacked official accounts of many
known personalities and brands to scam people
into believing their money was soon going to
be doubled. As many as 300+ transactions were
recorded in the public ledger of bitcoin with the
address mentioned in the Tweets. This consisted of a
total transfer of 12 BTC that accounted for more than
$100,000 (1 BTC valued at $9,200, as of July 15, 2020).
Such online scams are commonly observed on
a daily basis, however, the extent of the number
Hack of accounts hacked and simultaneously used for
scamming people has not been seen earlier. The
list of individuals and brands whose official Twitter
accounts were hacked include:
• Jeff Bezos (Amazon CEO)

BITCOIN SCAMMERS HACK •

•
Bill Gates (Microsoft Co-Founder)
Elon Musk (Tesla and SpaceX CEO)

TWITTER ACCOUNTS OF •
•
Warren Buffet (Berkshire Hathaway CEO)
Barack Obama (The Former U.S. President)
wanted to make sure whether any additional user
information was compromised and if any backdoors
were created for future account takeovers. It has also

JEFF BEZOS, BILL GATES,

reported that significant steps were taken to keep
• Michael Bloomberg (The Former New York internal systems and tools running with restricted
Mayor) access as the investigation is still on-going.

APPLE, AND MANY MORE

• Joe Biden (presumptive Democratic nominee for “In separate but probably related attacks, several
President) notable Twitter accounts in the cryptocurrency space
• Benjamin Netanyahu (Israeli Prime Minister) were also hacked in a mass coordinated attack.”

• Kanye West (Rapper) and wife Kim Kardashian – Satnam Narang, Staff Research Engineer at Tenable
(T.V. Celebrity) Satnam Narang, a Staff Research Engineer at Tenable,
• Wiz Khalifa (Rapper) said that this was probably much bigger than it’s
seen. He revealed that: “In separate but probably
• Apple (Corporate Account)
Mihir Bagwe related attacks, several notable Twitter accounts
in the cryptocurrency space were also hacked in a
• Uber (Corporate Account) and many more.
Technical Writer, CISO MAG mass coordinated attack. These included crypto
exchanges like Coinbase, Binance, Gemini, KuCoin,
Bitfinex, CEOs and founders like CZ_Binance,
Twitter was quick to follow-up on the incident and JustinSunTron, SatoshiLite, cryptocurrency accounts
tweeted that they were “aware of a security incident like TronFoundation, to promote a similar COVID-19
impacting accounts on Twitter” and were taking steps cryptocurrency giveaway scam.”
to fix it.
He further advised, “Users should never participate
As a temporary measure, Twitter had locked and in so-called giveaways or opportunities that claim to
suspended all operations of the affected accounts to double your cryptocurrency because they’re almost
investigate the cause and extent of the breach. It always guaranteed to be a scam.”
To stay updated on the ongoing investigation follow
the Twitter Support account.

80 -- CISO
80 August 2020
MAG - CISO2020
- August MAG Vol
Vol44
- Issue 0808
- Issue Vol 4
Vol 4 -- Issue
Issue 08
08 August
August 2020
2020 - -CISO
CISO MAG
MAG - 81
- 81
 REWIND << JULY

G
oogle kicked off its virtual event Google Delivering the keynote address at Google Cloud Next
Cloud Next ’20: OnAir, a free, nine-week, ’20: OnAir, Thomas Kurian, CEO, Google Cloud said
in-depth digital event series, on July 14, Confidential Computing will ensure that Google’s
2020. The tech giant announced new customer data is not only encrypted at rest or in
solutions across its smart data analytics transit but also while it is being processed. Kurian
and security portfolios, to help accelerate customers’ said Google has also developed other solutions to
ability to digitally transform with cloud computing. protect customer data and to give threat visibility –
The announcements concerning cloud security and for intrusion monitoring and for zero trust access to
compliance include a new Confidential Computing apps that are web-based and which reside on Google
portfolio and Assured Workloads for Governments. cloud and on other clouds.
A major concern for enterprises is how to process Google is also introducing Assured Workloads
sensitive data while keeping it private. To get around for Government, which is currently in Private
this, Google Cloud encrypts data-at-rest and in-transit. Beta. Google says the product will help serve
But customer data must be decrypted for processing, government workloads without the compromises
opening up a possibility of a confidentiality breach. of traditional “government clouds.” This service
Technology That concern may have just been addressed with simplifies the compliance configuration process and
Confidential Computing, which Google believes is a provides seamless platform compatibility between
“breakthrough technology.” government and commercial cloud environments.
Google spokespersons said Assured Workloads
Confidential Computing encrypts data in-use — for Governments will first be launched for the

GOOGLE ANNOUNCES NEW while it is being processed. Confidential Computing

environments keep data encrypted in memory and
elsewhere outside the central processing unit (CPU).
U.S. Government and later be extended to other
global governments. The tech giant also announced
BigQuery Omni solution, which is a multi-cloud

CLOUD SECURITY AND

Google says this technology will transform the way analytics solution that enables customers to bring the
organizations process data in the cloud, maintain power of BigQuery to data stored in Google Cloud,
control over their data, and preserve confidentiality. Amazon Web Services (AWS) and Azure (coming

ANALYTICS SOLUTIONS Confidential VMs is the first product in Google Cloud’s

Confidential Computing portfolio. Google Cloud
already employs a variety of isolation and sandboxing
soon).
These new products (especially Confidential VMs)
will bring more confidence to organizations who are
techniques as part of its cloud infrastructure to help skeptical about data privacy and compliance on the
make its multi-tenant architecture secure. Confidential cloud.
Brian Pereira VMs, now in beta, take this to the next level by offering
memory encryption so that customers can further
Principal Editor, CISO MAG isolate workloads in the cloud.
Confidential VMs are available on AMD CPUs and
take advantage of the secure encrypted virtualization
supported by 2nd Gen AMD EPYC CPUs.

82 - CISO MAG
August - August
2020 - CISO2020
MAG Vol
Vol44
- Issue 0808
- Issue Vol
Vol 4
4 -- Issue
Issue 08
08 August
August2020
2020- -CISO MAG
CISO - 83
MAG - 83
 REWIND << JULY

T
he world today is increasingly digital.
And with rapid digital transformation
and technology adoption, hackers are
misusing the situation with more targeted
attacks. A report from cyberthreat
intelligence provider Check Point Research stated
that threat actors exploited Google Cloud to host
malicious payloads and launch phishing attacks.
Technology “Investigating prvtsmtp[.]com showed that it resolved
The Google Cloud Phishing Journey
to a Ukrainian IP address (31.28.168[.]4). Many other
• A PDF was uploaded to Google Drive

HOW THREAT ACTORS

domains related to this phishing attack resolved to
the same IP address, or to different ones on the same
• The PDF was disguised to resemble a Microsoft
netblock,” the report added.
SharePoint notice, which contained a link to an

EXPLOITED GOOGLE CLOUD

MS Access Document Google has a zero-day tolerance policy; hence
it suspended the phishing URL and all the URLs
• Once clicked, it redirected the user to a phishing
associated with it. In the past, the hackers used
page, which was hosted on googleapis.com/

TO LAUNCH PHISHING
Dropbox and Microsoft Azure to host phishing pages.
asharepoint-unwearied-439052791/index.html
• The user was then prompted with a popup to Precautionary Measures

ATTACKS
login with their Microsoft Office 365 credentials To stay protected against phishing attacks, Check
or organizational e-mail ID and password Point suggested the following practical precautions:
• Once the login credentials were entered, the user 1. Beware of lookalike domains and double check
was led to a real PDF report published by renowned spelling errors in emails and websites.
Pooja Tikekar global consulting firm. The final PDF left little or
no suspicion in the mind of the user because 2. Be cautious with files received via email from
Feature Writer, CISO MAG he was tricked into viewing useful information unknown senders, especially if they prompt for a
certain action you would not usually do.

Security professionals find it difficult to identify or 3. Do not click on promotional links or emails. Order
detect such phishing campaigns as they are hosted goods from authentic sources.
on public cloud services.
4. Beware of “special” offers. “An exclusive cure for
“During all these stages,the user never gets suspicious coronavirus for $150” is usually not a reliable or
since the phishing page is hosted on Google Cloud trustworthy purchase opportunity.
Storage. However, viewing the phishing page’s source
5. Do not reuse passwords between different
code has revealed that most of the resources are
applications and accounts.
loaded from a website that belongs to the attackers,
prvtsmtp[.]com:,” the report stated.

84 -- CISO
84 August 2020
MAG - CISO2020
- August MAG Vol
Vol44
- Issue 0808
- Issue Vol 4
Vol 4 -- Issue
Issue 08
08 August
August 2020
2020 - -CISO
CISO MAG
MAG - 85
- 85
 STAY VISIBLE!
reach out to the ever growing
global infosec community

Advertise with us

for more info write to 230,000 30,000+ 90,000

marketing@cisomag.com Readership Reach
EC-Council & CISO MAG Combined
Registered Readership
EC-Council & CISO MAG Combined
New Page Views

86 - August 2020 - CISO MAG Vol 4 - Issue 08 Vol 4 - Issue 08 August 2020 - CISO MAG - 87
 www.cisomag.com

SCAN AND STAY UPDATED WITH

REAL TIME CYBERSECURITY NEWS

88 - August 2020 - CISO MAG Vol 4 - Issue 08