CDM Cyber Warnings December 2017

Cyber Defense eMagazine – September 2017 Edition
1
Copyright © Cyber Defense Magazine, All rights reserved worldwide
CONTENTS
From the Editor’s Desk _______________________________________ 4

Congratulations to the Cyber Security Leaders of 2017 ____________ 6
Why Deception Technology Will Change the Game in Our Favor

Against Cybercrime and Breaches ____________________________ 17
Raising Your Threat IQ: The Importance of Democratizing Threat
Intelligence _______________________________________________ 24
‘Tis the season to prepare your e-commerce business to effectively
fight fraud ________________________________________________ 27
How to secure your network traffic? ___________________________ 30
Ten Key Enterprise Endpoint Security Best Practices with Andy
Malone ___________________________________________________ 34
Bitcoin, BlockChain and Breaches ____________________________ 39
CyberSecurity in 2018 – Fighting An Evolving Threat _____________ 41
How Will The Changes In The GDPR Work? ____________________ 43
Nonprofits Cannot Ignore CyberSecurity _______________________ 51
The Internet Without Net Neutrality ____________________________ 55
Cyber Defense eMagazine – December 2017 Edition

2
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
CONTENTS (CONT')
Penetration Testing Certification – How To _____________________ 58

US Agency Security Doubts Hinder Move to Hybrid Cloud ________ 64
White House Release of Vulnerabilities Equities Process Validates
Industry Concerns _________________________________________ 67
Cyber Defense Perspectives for 2018 __________________________ 70
Reviewing Last Month’s Ransomware _________________________ 74
Top Twenty INFOSEC Open Sources __________________________ 90
Job Opportunities __________________________________________ 90
Free Monthly Cyber Defense eMagazine Via Email _______________ 99

3
FROM THE EDITOR’S DESK
CYBER DEFENSE eMAGAZINE
Dear Readers,
Published monthly by Cyber Defense Magazine
and distributed electronically via opt-in Email,
HTML, PDF and Online Flipbook formats.
Five years have gone by. In
PRESIDENT
2018, we’ll be entering our Stevin Miliefsky
stevinv@cyberdefensemagazine.com
sixth year of publication. We
EDITOR
could not have done it Pierluigi Paganini, CEH
without you. Reflecting on 2017, the pace of breaches Pierluigi.paganini@cyberdefensemagazine.com
has not slowed. As more and more businesses move ADVERTISING

Sarah Brandow
sarahb@cyberdefensemagazine.com
to the ‘cloud’ more and more cybercriminals find new
Interested in writing for us:
opportunities to commit crime without ever leaving marketing@cyberdefensemagazine.com
their geolocation. This transformation of crime into CONTACT US:

Cyber Defense Magazine
cybercrime has now officially outpaced all other forms Toll Free: +1-800-518-5248
Fax: +1-702-703-5505
of crime. It means that in 2018, we’re going to have to SKYPE: cyber.defense
http://www.cyberdefensemagazine.com
start listening and learning from the Innovators. New
Copyright (C) 2017, Cyber Defense Magazine, a
technologies such as Deception-based Cybersecurity division of STEVEN G. SAMUELS LLC
848 N. Rainbow Blvd. #4496, Las Vegas, NV
and Artificially Intelligent and inspired Threat 89107.
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
detection as well as Time-based Security will be a
FOUNDER & PUBLISHER
heavy focus on how we are going to start to get ahead Gary S. Miliefsky, CISSP®
of the latest threat – the next breach. We have some

amazing writers covering incredibly important topics
and It’s always free so tell your friends to subscribe.
Spread the word, with our appreciation. See you in
2018!
To our faithful readers, Learn more about our founder at:

http://www.cyberdefensemagazine.com/about-
Pierluigi Paganini
our-founder/
Providing free information, best practices, tips

and techniques on cybersecurity since 2012,
Cyber Defense magazine is your go-to-source
Editor-in-Chief, CDM for Information Security.

4
5
CONGRATULATIONS TO THE CYBER
SECURITY LEADERS OF 2017
Apcon “Apcon offers state of the art network tapping and

failover technology that should be at the heart of
every IT security team’s portfolio”
Aperio Aperio systems innovative Data Forgery

Protection™ (DFP) Technology provides the last line
of defense for protecting industrial control systems
and increasing resilience against cyberattacks”
Attivo Networks “Attivo Networks changes the game on the

modern-day human attacker leveraging advanced
deception technology and traps designed to
deceive attackers into revealing themselves. It’s
truly impressive”
Barkly “The Barkly Endpoint Protection Platform blocks

today’s most sophisticated attacks without adding
complexity. It’s an incredibly powerful endpoint
protecton tool for your arsenal”

6
Belarc “The Belarc products take software licensing,
network, asset and configuration management to a
new level”
BUFFERZONE “The BUFFERZONE solution is a unique, transparent

Security virtual container that protects any application that
you define as insecure including web browsers,
email, Skype, FTP and even removable storage. It’s
an impressive solution to help get one step ahead
of the next threat”
Chaitin Tech. “Chaitin Tech Safeline is an innovative Web

Application Firewall worthy of serious
consideration”
Coalfire “Coalfire is the cybersecurity advisor that helps

private and public sector organizations avert
threats, close gaps, and effectively manage risk”
Cronus Cyber “Cronus CyBot is the world’s first patented

automated pen testing solution and we applaud
them for turning this heavy lifting process into a
point and click event”
Cyber Observer “Cyber Observer is a high-level management &

awareness software solution designed for CISOs,
CIOs, SOC & Senior IT managers to specifically
address their pain points, delivering comprehensive
and near-real time understanding into the posture
and maturity of their entire cybersecurity

7
ecosystem”
CyberSift “CyberSift allows you to leverage your existing

security deployments while applying Artificial
Intelligence to reduce detection times and is easily
deployed on premise or in the cloud”
CyberVista “CyberVista delivers comprehensive, well

structured training for boards and executives so
they can begin to think critically about the
significant cyber issues facing their organizations”
Cylance “It’s time we go beyond traditional antivirus to fight

ransomware, advanced threats, fileless malware
and malicious documents – enter Cylance with
powerful artificial intelligence to help solve
endpoint security risks”
DarkOwl “DarkOwl’s data platform allows companies to see

in real-time the theft, breach, or other compromise
of their proprietary data on the darknet”
EdgeWave “EdgeWave reduces the risk of fraudsters stealing

your customer identities by continuous online id
verification using behavioral intelligence”
Edgewise “Edgewise Networks is a leader at trusted

Networks application networking by protecting application
workloads with machine learning based network
security which can even stop the most advanced
lateral movement of malicious actors “

8
Egress “Egress solves the data security issue for file,
workspace and email to protect shared information
throughout the data lifecycle”
Erkios “Erkios Systems delivers an innovative solution to

physically protect hardware ports on a critical
infrastructure device while providing auditing
capabilities through the logging, monitoring and
alerting”
Exabeam “Exabeam’s machine learning for advanced threat

detection is a powerful cyber defense weapon for
an cyber defense and incident response arsenal”
Fenror7 “Fenror7 uses a brilliant model of time-based

security to reduce TTD (Time To Detection) of
hackers,malwares and APTs in enterprises and
organizations by 90%, which is a breakthrough in
our industry”
FFRI “FFRI delivers one of the most innovative, light-

weight and powerful multi-layered endpoint
security solutions that actually works. It’s brilliant”
HackerArsenal “HackerArsenal’s tiny WiMonitor device makes Wi-

Fi penetration testing and packet sniffing incredibly
fast and easy”

9
Indegy “The Indegy platform secures Industrial control
systems (ICS) networks with real-time situational
awareness effective security and change
management policies to prevent unauthorized
activities on critical infrastructure”
Inky “Inky’s Phish Fence is one of the most advanced

anti-phishing solutions on the marketplace. Most
attacks are delivered by spear phishing and Inky is
one step ahead of these new threats”
Jumio “Jumio delivers the next-generation in digital ID

verification designed to help businesses reduce
fraud in an innovative, cost-effective solution”
KnowBe4 “KnowBe4 is a very powerful and popular

integrated platform for awareness training
combined with simulated phishing attacks”
LastLine “Lastline Breach Defender is a breach protection

system that uniquely provides a dynamic blueprint
of a breach as it unfolds in your network. This
blueprint provides your security teams with
complete breach visibility, displaying movement of
the attack across your network.”
HelpSystems “We’re extremely impressed with the GoAnywhere

managed file transfer solution which enables
organizations to automate, secure and audit all of
their file transfers from a single, centralized
location”

10
MindedSecurity “Minded Security helps businesses and
organizations to build secure products and services
both in the web on the server side as well as on the
client”
Mon-K “Secure-K Enterprise is a revolutionary encrypted

Secure Operating System tuned for enterprise
compliance and fitted in a robust USB body for data
protection, privacy and security. Very impressive”
Nehemiah “NehemiahSecurity enables near real-time

Security situational awareness of the entire IT environment
and the state of the organization’s risk posture and
defenses, including the exploitability of its critical
business systems”
NuData “NuData reduces the risk of fraudsters stealing your

customer identities by continuous online id
verification using behavioral intelligence”
Nyotron “Nyotron’s threat-agnostic defense finds threats

that traditional endpoint protection solutions
cannot detect, letting you secure the data on your
endpoints and critical systems and closing major
security gaps”
PacketSled “PacketSled delivers real-time, continuous

monintoring for advanced threats and policy
violations missed by other defenses, then analyze
and remediate in record time”

11
PerimeterX “PerimeterX prevents automated attacks by
detecting and protecting against malicious web
behavior. By analyzing the behavior of humans,
applications and networks, PerimeterX catches in
real-time automated attacks with unparalleled
accuracy”
PFPCyber “Power Fingerprinting (PFP) is a unique approach to

cybersecurity that utilizes analog signals (AC, DC,
EMI) to detect whenever unauthorized
modifications have compromised the integrity of an
electronic system. It’s brilliant”
PlainID “PlainID offers a simple and intuitive way for fast-

paced organizations to create and manage their
authorization policies with best practices in policy-
based access control”
Qualys “Qualys delivers one of the most robust and cost-

effective vulnerability management and
compliance solutions available on the marketplace
today”
Remediant “Remediant’s SecureONE provides agentless

continuous monitoring & protection at scale
for privileged/service accounts. Reduce the time
required to implement and operate a “zero trust”
access model. Couple two-factor authentication
with “Just In Time Administration” for protection
against stolen administrator credentials used to
exfiltrate sensitive data.”
ReversingLabs “ReversingLabs delivers in-depth file analysis with

distributed YARA rules processing for identifying
threats and data spillage, policy violations and

12
regulatory risks in real-time”
RiskVision “RiskVision is the world’s first enterprise risk

intelligence platforms specifically designed to help
organizations throughout the entire risk
management lifecycle”
(S4URC) “MalwarePot uses android container technology to

build an environment similar to the real device to
MalwarePot deliver in-depth analysis results for the most
advance android malware”
Scram Software “Scram Software secures the cloud against a

constant barrage of hacking, intellectual property
theft, sabotage, accidental deletion, copyright
infringement and identity theft”
SonicWall “SonicWall provides cost effective next-generation

firewalls and award-winning network security
solutions to prevent breaches “
Stormshield “Stormshield is a very impressive European leader

in digital infrastructure security that offers smart,
connected solutions in order to anticipate attacks
and protect digital infrastructures”
ThinAir ThinAir is a very unique and purpose-built insider

detection & investigation platform designed to
address one of the biggest security problems – the
hidden risk of the trusted yet malicious insider”

13
ThreatBook “ThreatBook is able to take on the latest zero-day
malware and share the latest zero-day threat
intelligence”
Titania “Titania is the standard for helping you find your

network and security gaps before the hackers,
malware or malicious insiders with powerful
security & compliance configuration auditing tools”
TriagingX “TriagingX provides complete protection for

endpoint systems and datacenter servers against
zero-day attacks without requiring any patches. It’s
game changing”
Ziften “Ziften empowers IT operations and security

teams to monitor and act quickly to repair user
impacting issues, improve endpoint risk posture,
speed threat response, and increase operations
productivity”
www.ziften.com

14
At RSA Conference 2018, Cyber Defense Magazine
will be celebrating our 6th year as a media partner.
Thank you to the RSA Conference team.
Thank you to CDM readers!
“See you at RSA…”

15
16
WHY DECEPTION TECHNOLOGY WILL CHANGE THE GAME
IN OUR FAVOR AGAINST CYBERCRIME AND BREACHES
As I said in my recent presentation on Time-based Security, which was first discovered

and written about by Winn Schwartau in his book of the same title, either we find a way
to make breaches go slower or we must be able to detect and respond to them much
faster. On one side of the coin, we have the concept of honeypots and encryption and
on the other side we have real-time threat intelligence through A.I., machine learning
and human intelligence.
I’ve looked into honeypots for many years. I love http://www.honeynet.org because it is
the first open source concept on deception technology that made it mainstream.
However, many of us want to buy a commercial solution, just like, while it’s fun to deploy
IP Tables, none of us really want to build our own firewall from scratch.
Then, I heard about Attivo and as one of the four CDM judges on our Infosec Awards
from 2017, with them being one of our winners, receiving an overwhelming positive vote
from the judges, I wanted to dig into what they are up to a little further and look at them
within the purview of the Time-based Security model – could a solution like the Attivo
ThreatDefend™ Deception and Response Platform actually deliver a way to slow down
the breaches, because, frankly, we’re not yet going fast enough to stop them?
With over 1500 breaches reported throughout the USA in 2017 alone, one has to
wonder how attackers are able to bypass and remain undetected by security solutions
that are available from over 3000 security technology providers. One could point to
sophisticated automated and human attacks that are leveraging an evolving attack
surface to penetrate perimeter defenses. However, most security professionals have
come to accept that attackers can and will get into the network based on targeted
attacks, human error, insiders, contractors or suppliers.

17
If you are willing to accept this, then the center of focus shifts to detection or the
concept of time-based security. Time-based security is derived from what we will call
exposure time (Et), which is compiled based on detection time (Dt) plus response time
(Rt). Typically, security teams have been unable to react fast enough to stop the attack.
The exposure time is too great meaning hackers are afforded a dwell time to complete
their attack.
Early identification and response times need to improve to a tipping point above the
exposure time (Et). When executed effectively, the attack is halted before data
exfiltration or other damage can occur.
Deception technology plays a critical role in changing the asymmetry of the attack and
is designed to provide the threat intelligence, counter intelligence, and adversary
intelligence required to decrease exposure time. The Mandiant M-Trends 2017 report
states that time to detection averages 99 days. Typical time-to-compromise continues to
be measured in minutes, while time-to-discovery remains in weeks or months. Attivo
Networks has developed an innovative deception-based solution to tackle the issue of
exposure time head on. The Attivo ThreatDefend™ Deception and Response Platform

18
provides a globally scalable security control for early threat detection and accelerated
incident response against attackers.
Detection Time (Dt)
Dynamic traps and lures essentially turn the network attack surface into a “hall of
mirrors”, altering an attacker’s reality and increasing their costs as they are forced to
decipher what is real versus fake. The solution operates differently than IDS or other
database lookup or pattern matching solutions. It isn’t reliant on known signatures nor
does it require time to learn or “get good” to add value. Endpoint deceptions also serve
to close the gap on credential based detection and ransomware attacks by planting
deception drives to misdirect the attacker to a deception server and keep them
distracted while security teams are afforded the time to respond.
Key to early detection is the authenticity and attractiveness of the deception to the
attacker. The Attivo deception decoys are built for the highest authenticity with real
operating systems, a wide variety of application and data deceptions, along with the
ability to run the same “golden image” software as production assets. The Attivo
solution is designed for the evolving attack landscape, as you never know which point of
entry an attacker will take.
The ThreatDefend™ platform has been proven at scale in global installations that
include deployments in user networks, data centers, cloud, remote office, and in
specialized environments such as POS, ICS-SCADA, IOT, SWIFT, telecommunications,
and network infrastructure devices. Deception is notably designed to work throughout
the phases of the Kill Chain and detect regardless of attack vector. Setting in-network
traps and endpoint lures work to attract and detect the attacker during reconnaissance
and lateral movement, when harvesting credentials for reuse, when conducting man-in-
the-middle attacks, or when attempting to compromise an Active Directory server. The
combination of network and endpoint deceptions detects attacks early and efficiently
throughout the entire network.

19
Deception files that contain fake sensitive data already provide value by misleading
attackers. New technologies like HoneyDocs (real or decoy files) with beaconing
technology that provides call back when accessed by attackers are also being adopted
for adversary- and counter-intelligence. Knowing what types of files are being targeted,
by whom, and having insight into where the data ends up can be crucial in knowing
where to focus additional security.
Maintaining attractiveness is critical to luring and detecting attackers. In addition to

authenticity, deception must constantly refresh and reset the attack surface, so
attackers cannot fingerprint and avoid deception. The Attivo deception campaigns use
machine-learning to collect data on user information and network behavior. This
information is then used to build new deception campaigns that can be easily and
quickly deployed. Going one step further, Adaptive Deception campaigns automate the
process and empower organizations to reset the attack surface on-demand as part of
security hygiene or during an attack. The use of deception campaigns is highly effective
to further delay and deter attackers as they become confused and are forced to start
over or else reveal themselves.
Gartner has openly recognized the efficiency of deception for APT detection,
recommended it as a 2018 initiative, and acknowledged Attivo Networks for having the
most comprehensive deception platform.
Response Time (Rt)
A recent SANS survey indicates that only around 50% of companies can respond to a
discovered compromise in 24 hours or less, while remediation can take months. High-
interaction deception technology plays a key role in not only detecting threats quickly,
but also in identifying potential exposed attack paths. It can also accelerate incident
response by analyzing attacker tactics, techniques, and procedures (TTP), identifying
indicators of compromise (IOC), and automating incident response through 3rd party
integrations.

20
The Attivo ThreatDefend platforms provides in-depth threat intelligence, which saves
time by automating the gathering of TTP, attack analysis, and correlation of IOCs that
can then be used to accelerate incident response. Threat intelligence and forensic
evidence capture and catalogue attack activity to support understanding the attacker's
objectives, which can be used to strengthen overall security defenses. Integrations with
firewalls, security and event management systems, network access control products,
and endpoint detection solutions empower the sharing of attack information to automate
blocking and isolation of infected endpoints, as well as threat hunting. The ThreatOps™
solution can create repeatable playbooks, simplifying incident response and negating
the need for additional resources to mitigate an attack.
Protection Time (Pt) and Exposure Time (Et)
As you now know, either we must go fastter in our Detection Tim and Response Time or
we must make breaches go slower. So think about this, the amount of protection you
have on your network, to keep the prying eyes and cyber criminals from stealing the
data, the best chance you won’t be robbed, just like having a strong vault at the bank.
However, a strong vault is not enough. If someone steals the keys to the vault
(keyloggers, malicious insiders, spear phishing dropping remote access trojans –
RATs), where does that leave you? Extremely vulnerable from the inside out. So we
need to increase our Protection time (how long it takes to breach us) and it must be
greater than our Detection time plus Reponse time, or we lose and the cyber criminals
win.
Pt must always be greater than Dt plus Rt, or:
Pt > Dt + Rt
and if we can’t find ways to speed up our detection and response to be faster than the
cyber criminals, we’re completely exposed. That’s why I’m so excited about Honeypots
and the commercialization of Deception technology by Attivo. Expect this to be an

21
explosive market in the coming years, and I’m telling you about the first vendor on the
block to get it right.
Exposure Time (Et) = Detection Time (Dt) + Response Time (Rt)
Deploying the Attivo deception platform will play a critical role as both a detection and
incident response security control, ultimately tipping the scale on exposure time and
putting the balance of power back into the security team’s hands.
Many organizations have deployed it and are realizing the benefits of the platform, such
as early detection of advanced threat actors, delaying and disrupting their activities, and
accelerating incident response to mitigate their activities. Attacks will continue to
happen at ever-increasing rates, and organizations seeking to avoid being the next
breach headline would do well to implement deception technologies.

22
In summary, this is a solution to checkout – we’ve made this our opening article in this
December edition of our eMagazine because we want it to be first on mind for 2018 –
it’s so promising – to slow down the breaches. While our next article is about speeding
up Dt – detection rates, using A.I., you’ll need do both if you wish to manage your
InfoSec risk dilemma by thinking about Time-based Security as a forward thinking
model. On increasing your Pt – Protection time or reducing Et, your Exposure time, this
is something you simply must look into if you consider yourself a forward thinking,
proactive, offensive infosec professional who is tired of the breaches and tired of being
victimized. Get Deception technology into your 2018 budget cycle and you’ll be pleased
with the results.
About the Author
Gary S. Miliefsky is the Publisher of Cyber Defense

Magazine, a globally recognized cybersecurity expert,
inventor with issued ecommerce and cyber security
patents and founder of numerous cybersecurity
companies. He is a frequent invited guest on national
and international media commenting on mobile privacy,
cyber security, cybercrime and cyber terrorism, also
covered in both Forbes and Fortune Magazines. He has
been extremely active in the infosec arena, he is an
active member of Phi Beta Cyber Society
(http://cybersecurityventures.com/phi-beta-cyber/), an
organization dedicated to helping high school students
become cyber security professionals and ethical
hackers. He is a Founding Member of the US Department of Homeland Security
(http://www.DHS.gov), the National Information Security Group (http://www.NAISG.org)
and the OVAL advisory board of MITRE responsible for the CVE Program
(http://CVE.mitre.org). He also assisted the National Infrastructure Advisory Council
(NIAC), which operates within the U.S. Department of Homeland Security, in their
development of The National Strategy to Secure Cyberspace as well as the Center for
the Study of Counter-Terrorism and Cyber Crime at Norwich University. Gary is a
member of ISC2.org and is a CISSP®. Reach him at
http://www.cyberdefensemagazine.com/about-our-founder/

23
RAISING YOUR THREAT IQ: THE IMPORTANCE OF
DEMOCRATIZING THREAT INTELLIGENCE
By Travis Farral, director of security strategy at Anomali
Threat intelligence continues to become a more ubiquitous feature of information

security programs as its value in detecting and preventing attacks becomes more clear.
Whether organizations have a full threat intelligence team, ingest threat feeds, or simply
leverage threat intelligence features found in common security tools, they are benefiting
from threat intelligence in one way or another.
From the prior article, by the Publisher of Cyber Defense Magazine, you can see how
important speeding up Detection time and Response time is to successfully mitigating
breaches. With better, faster, democratized sharing of threat intel, we may have a
chance to start winning the battle and stopping the breaches. Until systems in the
marketplace are fast enough to defeat the latest threat, we lose as seen in the graphic,
below, provided by Gary Miliefsky from his Time-based Security presentation:

24
Part of the core value proposition of threat intelligence is its collectiveness––the more
it’s shared, the more valuable it becomes. When an attacker targets one business that
is leveraging comprehensive threat intelligence, it is battling the combined knowledge of
multiple organizations, giving it an advantage.
However, many organizations using intelligence still hesitate to share their own
intelligence more broadly. A recent study from the Ponemon Institute found that only 50
percent of organizations currently participate in industry-centric sharing initiatives such
as Information Sharing & Analysis Centers (ISACs), which provide industry-relevant
intelligence, a place to collaborate with peers and network with other security teams. Of
those organizations, the majority (60 percent) only receive threat intelligence through
ISACs but do not contribute intelligence.
Many organizations cite a variety of concerns and hesitations that prevent them from
actively sharing their own intelligence more broadly, but a lot of these fears are myths
that can be easily dispelled. For instance, some organizations cite privacy and liability
concerns as a key reason for not contributing to threat sharing initiatives. However, it is
possible to keep sensitive information private while still contributing to threat sharing
initiatives. In addition to protective provisions from the Cybersecurity Information
Sharing Act of 2015 (CISA), one way to avoid these concerns––and a good practice in
general––is to scrub threat data for any sensitive corporate information before sharing.
Even if this limits the amount you’re able to contribute, a little bit can go a long way in
helping other organizations spot attackers.
Many small organizations believe their cybersecurity programs are too little or their
budget is too limited for them to share anything that would be of value to other
organizations––but this is never the case. Even for big corporations that are frequently
targeted by attackers, there are additional details that can be missed. For example, no
organization sees every possible variant of phishing emails that comes through their
business. Sharing whatever you can, even if it seems insignificant, can add critical
context and visibility that complements other shared intelligence.

25
There are also some organizations that fear the possibility of revealing a breach, which
makes them reluctant to contribute to threat sharing initiatives. The reality is that while it
may not be ideal for other organizations to know you’ve been compromised, it’s
important that you spot a breach sooner rather than later, even if that comes through
intelligence sharing. Pushing out breach details quickly can help bring quicker answers
to incident response challenges thanks to the additional resources from other
organizations adding their skills and expertise to the event.
For organizations that are hesitant to share intelligence but are looking for simple ways
to contribute, there are a wide variety of options. A simple first step is identifying tools
and communities you can leverage. ISACs are easy to get involved in and typically have
mechanisms in place to ease threat sharing. You can also establish partnerships
beyond your vertical through localized entities such as Fusion Centers or use standards
like STIX and TAXII to streamline the process of sharing. There are a number of free
tools available that can help you to both contribute to and receive from common threat
feeds.
By democratizing threat intelligence, organizations can pass information more quickly,

make better judgements and deliver more insightful analysis to stakeholders and
intelligence consumers. Changes to malware, infrastructure, new tools, new techniques,
actor behaviors, campaigns, and other intelligence-related details can all become
quickly known across a multitude of organizations. Ultimately, the bad guys may be
trying to compromise single organizations but are battling a collective in the process.
About the Author
Travis Farral is the Director of Security Strategy at

Anomali. He has a degree in Electrical Engineering
Technology from Devry Technology Institute. He holds
numerous security certifications including CISSP GPEN
GSEC GCFA GCWN GCIA GCIH MCITP - Enterprise
Administrator MCITP - Server Administrator and can be
reached either at Anomali or on LinkedIn here:
https://www.linkedin.com/in/travisfarral/

26
‘TIS THE SEASON TO PREPARE YOUR E-COMMERCE
BUSINESS TO EFFECTIVELY FIGHT FRAUD
With the holiday shopping season fast approaching, e-commerce companies are once
again planning for and preparing to profit from the increasing numbers of shoppers who
purchase their gifts online. While etailers anticipate heavenly profits, they’re also wary of
the earthly reality of CNP fraud. Does the increased opportunity of the holiday season
also contain an equally increased risk of fraudulent orders and costly chargebacks?
While this fear might seem logical, the reality is the Grinch of fraudulent orders is
unlikely to steal the yuletide bounty. This is because e-commerce fraud rates actually
significantly decrease during the holiday shopping season - not because fraudsters are
taking a break, but because of the huge influx of legit shoppers during this time. This is
especially true for the three kings of Cyber Monday, Black Friday, and New Year’s Eve.

27
Change your fraud prevention focus
Since the percentage of all orders which are fraudulent drop during this time, online
merchants face a higher risk of turning down legit orders unless they adjust their fraud
prevention systems. Declined legit orders mean lost revenue, not only for that particular
order, but also any future online orders which will now be diverted to your competitors
because your crude fraud filter seriously dampened that shopper’s holiday spirits by
mis-labeling them as a criminal. This is precisely why many etailers are switching to
more advanced e-commerce fraud protection solutions, like the machine learning-based
service offered by Riskified.
Not only is there a danger in overreacting to the actual fraud risk, e-commerce
companies can also make costly mistakes when it comes to manual review of
suspicious orders. The huge surge of shoppers during this time results in a large
volume of orders which need to be manually reviewed by analysts who then accept or
decline the order. This in turn forces online merchants to add seasonal hires to their
fraud review team as well as increase the workload on permanent staff, both of which
can result in inaccurate, rushed decisions (especially if the seasonal hires are new to
fraud prevention).
Help bring joy to the world: don’t falsely decline international orders
Rushed decisions and fear of chargebacks often result in more false declines and thus
lost revenue. What compounds this problem of false declines during the holiday
shopping season is not only the already discussed quantity of orders, but also their
quality, because perfectly legitimate holiday e-commerce shopping can have one or
more indications of a fraudulent order.
One of these is a mismatch between the billing address of the card used and the
shipping address of the gift, which can indicate a fraudulent order. It can also indicate,
however, a consumer shopping for friends or family and choosing to have the

28
merchandise shipped directly to them. The fact that many online merchants offer gift
wrapping before shipping makes this all the more convenient.
Another example is an international shopper using their non-US card (with an overseas
billing address) for payment, but requesting a US shipping address. This could be a
fraudulent order from a criminal in a foreign country using a reshipping service to
conceal their location.
This could also be a legitimate international shopper using a reshipping address

because the merchant doesn’t ship products globally, but they still want jump on a great
deal. This example combines the billing/shipping address mismatch of the previous
example with international factors - foreign card and use of a reshipper—which often
raise red flags and thus can get falsely declined.
By responding to the actual size of e-commerce fraud risk, switching to more

sophisticated fraud prevention solutions, and optimizing their manual review policies,
online merchants can both boost their revenue and minimize their losses from
fraudsters this holiday season.
About the Author
Nathan Sykes loves to write about all things technical

and especially about electronic commerce. He is a Tech
and Business Writer at Finding an Outlet, located here:
http://www.findinganoutlet.com and his LinkedIn profile is
found here: https://www.linkedin.com/in/nathan-sykes-
83719a151/
Please visit his website or LinkedIn profile for more

information or to reach him directly or visit his Twitter
feed located here: https://twitter.com/nathansykestech

29
HOW TO SECURE YOUR NETWORK TRAFFIC?
By Milica D. Djekic
The computer network is a group of devices being connected to the internet and forming
a big web entity out of them. It’s quite good to mention that the computer or device
network – in case of the Internet of Things (IoT) – would deal with the devices getting
assigned different IP addresses and each machine in that group would have so unique
IP address. This is quite helpful to know to better understand how such a network works
and how its traffic goes. Dealing with the organization’s network means – getting a
chance to configure so many computers being supported with the network’s gadgets
such as modems, routers, hubs and switches.
There are several network’s configurations being applied in the practice and at this
stage – let’s say – that’s the task to network administrators and engineers to decide how
they could define their networks. So many organizations would use wireless internet
and some of them would rely on a broadband connection requiring a lot of wires and
cables. From the network’s administration point of view – there are some advantages
and disadvantages in applying some of those solutions. For instance, the wireless
30
internet is more cost-effective as it would not use so many cables and wires as wired
web would consume, but – on the other hand – it would deal with some drawbacks such
as the electromagnetic field interference that could slow down the information
exchange.
The experience would suggest that many people would use the combination of these
two solutions and they would be satisfied with the outcomes getting from such a
configuration. Also, we would want to mention that the point of this review would be on
the network’s security and for such a reason – we would talk about tactics and
approaches you could apply to make your network experience being more suitable.
It’s quite well known that devices being connected in the computer’s network would
communicate with each other as well as with the external web. In order to avoid the
cyber-attacks – you should know that if one computer in the network gets infected with
the viruses, worms, spyware or ransomware – there is the quite huge risk that within the
very short period of time the entire network could get infected as well and in such a
case – you should try to apply the well-known disaster recovery and business continuity
procedures. Sometimes it’s not that easy to repair your computers from some sort of
hacker’s attacks and in the practice – it would require lots of skills and experience. In
other words, you should always get aware that the cyber diversion may occur and for
such a purpose – you should create the role within your enterprise that would be
responsible for IT security.
As your business is getting bigger and bigger – you would need more IT security
professionals that would maintain the risk within your organization’s network at the
lowest possible level. In the practice, many big organizations would deal with the
security operation centers (SOCs) and at such a place – you would find so many IT
security professionals, analysts and cyber geeks that would watch after your critical
asset. The current situation would indicate that we need more experts in the area of
cyber defense – especially in the private sector which would pull the entire economy of
any country. Many developed societies in coordination with their governments would
create so useful documents suggesting how the good practice should appear in a
reality. Intentionally, we would not say the best practice as many people would call
31
those procedures and policies because they should always be improved and that’s way
we would believe they got the quite good and not the best ones.
Some researchers would suggest

that we should try to avoid the
hacker’s tools getting remotely
connected to our devices. The
recommended way to do so is to
set up your Firewall – either being
software or hardware by its
configuration. Through our
research, we would find some
sources that would claim we
should follow the quite good
practice of disabling the inbound connections within our Firewall protection. In other
words, those researches would indicate that most of publicly available hacking tools
would use our inbound ports in order to obtain the access to our devices. If we block
those connections – we could reduce the risk from being hacked. In addition, we would
get the information that the entire web traffic could get transferred from inbound to
outbound ports and if we do so – we should count on less threatening network’s
communications. On the other hand, if you use some messenger tool for – let’s say –
chatting purposes – you should define its inbound port being opened because in
opposite – your messenger would not work at all. Well, let’s say that we have defined
some inbound port for the messenger communications and we have assured that we
could take advantage over that tool. In such a case, the hackers could try to exploit that
vulnerability attempting to access your computer and the entire network through that
port. Finally, you would agree that configuring the network’s traffic is the quite trickery
job and it seeks a lot of knowledge to get obtained.
One more suggestion we could make regarding the secure network’s traffic is that we
should try to get the difference between public and private IP address. The private IP
address is the IP address that would belong to your physical device, while the public IP

32
address is the one that would get recognized from the web. Many cybersecurity experts
would agree that if you make your public IP address being different from your private IP
address – you could make your network’s communications being more reliable and
secure. For such a purpose, people would use many different tools and the most
applied in such a case is a Virtual Private Network (VPN) gadget. That application
would hide your private IP and possibly the entire location and make your internet
experience being more convenient. Maybe this could be the good tip to many network’s
administrators and engineers doing the configuration of your network.
In conclusion, putting the group of devices in the network is the task that would look for
so many skills. On the other hand, making such a network being secure is the real
challenge. In other words, you need to manage the feasible risk every single day and
even if you are fully concentrated on that task – you could get the victim of cyber
breach. The purpose of this review is to suggest some of the examples of the good
practice and not to provide the silver bullet to all existing concerns. In this case, the
silver bullet would not exist and the only thing we can rely on is the hard work.
About the Author
Milica Djekic is a well-read and frequent

contributor to Cyber Defense Magazine. Since
Milica Djekic graduated at the Department of
Control Engineering at University of Belgrade,
Serbia, she’s been an engineer with a passion for
cryptography, cyber security, and wireless
systems. Milica is a researcher from Subotica,
Serbia. She also serves as a Reviewer at the
Journal of Computer Sciences and Applications
and. She writes for American and Asia-Pacific
security magazines. She is a volunteer with the American corner of Subotica as well as
a lecturer with the local engineering society.

33
TEN KEY ENTERPRISE ENDPOINT SECURITY BEST
PRACTICES WITH ANDY MALONE
By Bill Bernat, Director and Technology Evangelist, Adaptiva
I recently invited security expert Andy Malone to join me and co-host Ami Casto for an
episode of the Enterprise Endpoint Experts (E3) podcast. Andy is a Microsoft MCT and
MVP, popular security author, consultant, and speaker. He’s also a sci-fi author, which
you can learn more about by listening to the podcast at
www.adaptiva.com/blog/2017/enterprise-endpoint-security-windows-10-andy-malone. In
this blog, I pick out 10 of the important security configuration management best
practices he shared with us.
1. Keep Windows Up to Date
The most important thing for any company to do to stay secure is to apply OS updates
to all systems as quickly as possible. Andy puts it this way, “Patch, patch, patch. And
when you finish patching, patch some more.”
While some companies force users to update, some give them more leeway. Microsoft
used to make this a lot easier, with less frequent updates on Patch Tuesdays. Now, it’s
more of a drip, drip, drip. Part of the issue is that updates can require a reboot, which

34
users tend to disable. Microsoft is helping by allowing users to schedule their updates
and delivering other enhancements to the process.
Delivering updates to all users quickly also challenges businesses. In a recent survey of
IT pros by Adaptiva, over half of respondents indicated it can take a month or more for
IT teams to execute Windows OS updates. That ultimately leaves systems vulnerable,
and companies should work to patch much more quickly.
2. Switch Off Any Services You’re Not Using
This seems like a no-brainer, but a number of companies don’t fully lock this down. Do
you know which services your company is allowing and disallowing? Are you monitoring
endpoints for rogue services and cracking down on it? If not, you should be.
3. Disable Any Ports That You Don’t Need
Open ports are a red carpet welcome for a variety of cyberattacks. Every company
knows this. Yet many companies still don’t lock ports carefully. Or they do it once and
then don’t verify compliance on an ongoing basis. Every Windows endpoint should be
port-restricted to use only what’s needed—at all times.
4. Don’t Forget Your VMs!
Andy says it’s amazing how many people do their physical systems and overlook the
VMs when it comes to applying updates and other security configuration management
policies. Your virtual machines are just as vulnerable a target as physical computers.
Cyberattackers don’t discriminate.

35
5. Stay on Top of Third-Party Patching
In the cybersecurity industry, the focus has moved away from attacking operating
systems. It’s shifted to applications and mobile as well. So, application updates are no
longer about functionality, they’re also about security. Antivirus is critical, but it’s just
one of many third-party applications.
With tools like Configuration Manager or Intune, you can actually download the updates
from the vendors and then push them out to your users. However, both products are
limited to specific software vendors in different ways. That means administrators have to
do a lot of heavy lifting or find some other solution to keep third-party patching current.
You can learn more about the challenges in the E 3 third-party patching podcast with
Duncan McAlynn at soundcloud.com/adaptiva/e3-podcast-duncan-mcalynn.
6. Office 365 Shops Should Check Their Secure Score
In a corporate environment, companies really are paying more attention to how they
lock down Office 365. They need to make sure data isn’t leaked and that business units
aren’t sharing data to other business units. Microsoft data loss prevention can help, but
it’s just another tool to configure. The question is: are your systems configured
correctly?
To this end, Microsoft has a piece of software called Secure Score. It analyzes the
security of Office 365 across your entire organization. The solution analyzes things like
users’ regular activities and security settings. Then it gives you a sort of “credit score for
security.”
You as an administrator can run Secure Score on your Office 365 portal. The higher the
score, the more secure you are. Microsoft gives you all of the security tools but doesn’t
necessarily configure them for you. You might go in and find that you have a horrible
score. At least you’ll know what to do to fix it!

36
7. Make Sure You Have a Documented Desktop Configuration Policy
Make sure you’ve got a good security policy for dealing with access to your common
desktop. Is the user allowed to do anything they like? Or is it cut down? Do you have a
VPN access policy, and what is it? What is your policy for identity and authentication?
There’s a whole world of things that you could do—far too many to mention here.
However, if you don’t document the policy as a starting point, you will almost certainly
have vulnerabilities.
8. Use Multi-Factor Authentication
Definitely consider multi-factor authentication (MFA). MFA is very practical now, with
fingerprints, facial scans, etc. Biometrics really has changed the game, though other
forms of secondary authentication are fine. The main thing is don’t rely exclusively on
usernames and passwords anymore.
9. Have an Incident Response Plan in Place
Your company should have a set of procedures in place for the “what if” scenario. This
way, you are prepared if you get hit with malware, if there’s a disaster, or if there’s some
kind of data breach. If you have a plan already, “you don’t run around like a headless
chicken,” as Andy puts it. You need to flip over to “Okay, right, there’s a procedure for
that; let’s deal with it.”
Remember that you might need to restore data. When talking about security, we often
talk about computer security. For a company, however, the topic of information security
looms large. A company needs to be prepared to bring back data if and when an
incident occurs.

37
10. Have Them Sign a Security Awareness Agreement
Social engineering is the biggest hammer cyberattackers have. Over 80 percent of

breaches come from within a company. It’s not that employees are evil, they don’t
usually mean harm. Andy jokes, “Stupidity. There’s never a patch for stupidity.” But,
really, he knows all the people at your company are smart—just lacking training.
Training an entire company on cybersecurity is a massive undertaking but will make a

huge difference. Your company should conduct security awareness training and take
users through it. Once they have passed, have them sign an awareness agreement.
The agreement says, more or less, “Okay, we have a web access policy, and I know
what it is. Same for our email access policy, VPN policy, etc.” Then, there really is no
excuse.
Learn more!
The podcast goes into more detail about MDM, the cloud, and other security topics.
Plus, Andy answers the question, “Would you rather be able to see 10 minutes into your
own future or 10 minutes into the future of everybody else?” You can also follow Andy at
andymalone.org and on Twitter @andymalone.
If you’d like to learn more about automating verification of security policy and all the
items we’ve mentioned here, visit www.adaptiva.com/client-health.
About the Author
Bill Bernat, director and technology evangelist at Adaptiva,

has worked in the technology industry for over 25 years.
Before joining the team at Adaptiva, Bill was the web
publisher at OpenText and a technical editor for Penton’s
Streaming Media Magazine. He spent many years as a
programmer and engineering manager for a variety of
organizations including NASA, Union Bank of California, and
Banc of America Securities. For more information, please visit www.adaptiva.com and
follow the company on LinkedIn, Facebook, and Twitter.

38
BITCOIN, BLOCKCHAIN AND BREACHES
From Bitcoin to Blockchain from Ethereum to Wallet software and from Online Trading
sites to Litecoins, we’re covering it all here. Right now at CDM, we are VERY
CONCERNED with many people jumping into the Crypto-currency world and getting
ripped off, like in the early days of the Forex, which sparked the Office of Comptroller of
Currency (OCC.gov) and others to get involved and regulate the Forex trading
exchanges due to so much rampant fraud.
Some of the top reasons we have concerns are:
▪ Computers and mobile devices are infected with zero-day key-loggers from cyber
criminals and nation states;

39
▪ Electronic Wallets for storing bitcoin related information will be run by novices
who don’t understand strong crypto, strong password management, multi-factor
authentication and good computer hygiene including patch management,
vulnerability remediation, next generation antivirus cleanup, advanced firewalls,
host-based intrusion prevention and even daily backups. Wallets will be easily
compromised and crypto-currencies stolen;
▪ Few online trading sites and platforms will be 100% trustworthy and none will be
100% secure. Expect online trading fraud, theft of online cryptocurrency accounts
and online hacking to run rampant in this space.
Stay tuned for our upcoming articles that will shine a light on this dark area of
commerce. When regulators jump in due to fraud it can be a good thing but for a
crypto-currency it will most likely cause the bubble to burst and we’ll see the Internal
Revenue Service (IRS.gov) push for it to be treated as a form of currency when, for
now, they and the US Treasury (treasury.gov) call it an ‘asset’ like a book or your
house. It won’t take much for the growth of crypto-currency tied to the attraction of a
soft-underbelly hacking target to make this a reality. Bookmark this page and keep an
eye on it: http://www.cyberdefensemagazine.com/bitcoin-blockchain-and-breaches/

40
CYBERSECURITY IN 2018 – FIGHTING AN EVOLVING
THREAT
INSIGHTS
Cybersecurity: Fighting a Threat That Causes $450B of Damage Each Year
With recent high profile hacks of companies such as Uber, Equifax, and HBO, it’s safe
to say that cybersecurity is already top of mind for many of the world’s biggest
companies.
However, as billions of more devices get connected to the internet every year –
including many that are not properly secured – this cybercrime threat is evolving quickly,
and the stakes are rising as well. Experts estimate that cybercrime caused $450 billion
of damage to the economy in 2016, and that number is expected to increase to $6
trillion by 2021.
Today’s infographic, which comes to us from Evolve ETFs, covers the growing threat of
cybercrime along with the associated boom in global cybersecurity spending.
SITUATION: CODE RED
The potential impact of a large-scale cyber attack is bigger than ever, and today
cybersecurity is a number one concern for businesses, governments, and individuals.
Since 2013, over nine billion records have been lost or stolen globally, and nearly two
billion of those were breached in the first half of 2017 alone.
With 80% of the value of Fortune 500 firms stemming from intellectual property (IP) and
other intangibles, this means that the digitization of assets comes with massive risks.
According to a joint report by Lloyd’s and Cyence, a single large-scale attack could

41
cause up to $53 billion in damages, which is comparable to the size of a natural
disaster.
The potential firepower behind today’s cyber threats are enough even to catch the
attention of top defense officials. In a survey of 352 national security leaders, the
greatest threat facing the United States is not terrorism (26.3%) – it’s actually
cyberwarfare (45.1%).
FIGHTING CYBERCRIME
Businesses are more focused than ever on protecting themselves and their data from
increasingly advanced and complex threats.
In a recent survey by Marsh LLC and Microsoft, of the many global companies that are
subject to new privacy rules in Europe, 78% of senior executives are planning to
increase spending on cyber risk management in the next 12 months.
Reducing the cost of security breaches by only 10% can save global enterprises $17
billion annually.
– MORGAN STANLEY
As a result, the cybersecurity sector continues to be one that is on the rise. Spending is
increasing particularly in four key areas: security analytics (SIEM), threat intelligence,
mobile security, and cloud security – and global cybersecurity spending is expected to
grow at a 9.5% CAGR to hit $182 billion in 2021.
Interested in finding out more? Have INSIGHTS that you wish to share? We’re building
up an entirely fresh and new content area at CDM to help the infosec industry gain new
INSIGHTS. Please email chrish@cyberdefensemediagroup.com for more information.

42
HOW WILL THE CHANGES IN THE GDPR WORK?
Sources: Investopedia and ExigentNetworks
First, let’s get the basics on GDPR and then we’ll go through a really well done
infographic to cover the changes in the GDPR.
DEFINITION of 'General Data Protection Regulation (GDPR)'
The General Data Protection Regulation (GDPR) is a legal framework that sets
guidelines for the collection and processing of personal information of individuals within
the European Union (EU). The GDPR sets out the principles for data management and
the rights of the individual, while also imposing fines that can be revenue based.
The General Data Protection Regulation covers all companies that deal with the data of
EU citizens, so it is a critical regulation for corporate compliance officers at banks,
insurers, and other financial companies. GDPR will come into effect across the EU on
May 25, 2018.
BREAKING DOWN 'General Data Protection Regulation (GDPR)'
The GDPR adds to the EU’s general policy of protecting citizen’s data. In addition to the
notifications of collection and legal ramifications for misuse, there is also a requirement
to obtain explicit consent, notify in cases of a hack or breach, appoint dedicated data
protection officers and much more. For financial institutions, the new rules will require
significant investments in compliance to ensure continuing access to the EU market.
The new rules are also pushing firms to pseudonymize personally identifiable
information (PII) prior to processing it, meaning that the data can’t be attributed back to
a particular person. The pseudonymization of data allows firms to do some larger data
analysis - such as assessing average debt ratios of its customers in a particular region -

43
that would otherwise be beyond the original purposes of data collected for assessing
creditworthiness for a loan.
GDPR Versus Big Data
The GDPR has effects beyond lending, insurance and other firms where sensitive
personal data is collected and processed as a matter of course. The rules apply to the
human resources record of employees and even the IP addresses of people using
online services. The GDPR builds upon data rights that the EU has been pushing for,
such as the right of an individual to be forgotten and the right to data portability.
As such, it is expected that the GDPR will lead to data minimization where companies
willingly prune down the amount of information they collect to the functional essentials
needed to complete a transaction. This could be a reversal of one of the big data trends
where companies seek to collect and analyze as much data on their customers as
possible in order to gain new insights.
This analysis can still take place after appropriate pseudonymization, but other data
rights prevent those insights from being used to profile customers in a way that could be
discriminatory or put them at a financial disadvantage. As the GDPR is a new
regulation, there will no doubt be a period of adjustment where gaps and thorny issues
like profiling are addressed.
Thanks to our friends at ExigentNetworks for the great infographic that follows….

44
45
46
47
48
49
50
NONPROFITS CANNOT IGNORE CYBERSECURITY
By Chloé Messdaghi, Digital Marketing Manager, Kenna Security
Prior to joining Kenna Security, I worked with many nonprofits around the world. Each
focused on providing shelter, education, health services, and food to children in need.
The mission was clear and critical.
Executing that mission wasn’t so easy. Nonprofits run on donated money. Though our
goal was to save children, the strategy to drive the mission forward was to focus on
donations, extending our reach, and improving services at the lowest possible cost. We
hardly considered IT security as an issue because, well, we were focused on helping
kids, not fighting hackers. We not only ignored the danger, we were oblivious to it.
I recently joined the Kenna Security Team. Since joining, I quickly realized that the
nonprofits (and kids that benefited from it) were actually placed in very real danger. One
successful data breach could have brought down the organizations and ended their
missions, which in return risks the lives of millions of children and their families around
the world.
In a revealing study The Global Cybersecurity Index (GCI) 2017 Report published
alarming statistics that unveiled that severe vulnerabilities are prevalent in the nonprofit
technology infrastructure. While virtually every large nonprofit “has” security, a recent
survey by CohenReznick, showed that more than 70% of nonprofits have not run even
one vulnerability assessment to evaluate their potential risk exposure. Even more, 69%
do not even have a cybersecurity response plan in place. These stats are particularly
frightening when you consider that nonprofits are more than likely to use free open
source solutions with well known vulnerabilities and weaponized exploits hackers will
use to efficiently effect a breach.
There are “good” reasons for this rather dangerous situation. Limited budgets, staff and
expertise are several. Single minded focus on the mission may be another. Whatever

51
the reason, the result is that nonprofits have become an easier mark for hackers than
their corporate brethren.
This is alarming given that most nonprofits run on donations transacted using
particularly sensitive and valuable information. Accepting money and providing receipts
alone requires (legally) sensitive credit card numbers and tax IDs. Even more,
anonymous donors to, for example, nonprofit political organizations, will consider their
names and other typically “non sensitive” information extremely sensitive, adding even
more value to the data. Hackers like high value information.
Worse still, few consider that the personally identifiable information of the affected
population is valuable to hackers as well. Sometimes, the same information is used in
micro-grants or to fund SIM cards that provide access to basic needs, which can easily
be diverted. Other times, hackers are interested in selling the locations of aid workers
for distributing malicious reasons.
This makes data privacy existentially important to a nonprofit. Nonprofits depend on a

population of hopeful and willing donors to trust them. These donors assume that not
only will money they donate be utilized efficiently, but that their act of goodwill won’t be
punished because of a data breach. Once that trust is lost, funds will certainly flow to
more trusted organizations, ending the nonprofit’s mission, which may, in fact, be the
hacker’s aim.
So with the lack of resources and funds, what should nonprofits do? Corporate forprofits
typically focus on detecting and responding quickly to attacks. These measures often
need to be in place for compliance reasons. For all of the reasons outlined above,
nonprofits can’t afford to react to a breach. Of course defenses should be in place, but
first they need to predict and prevent successful attacks before they happen.
How? These three steps are a good start:
1. Assess your risk

52
Risk assessment can be conducted within the organization or use an outside specialist.
From the assessment, one can then determine how vulnerable their IT security is and
identify the sensitive data that may be targeted. Due to the constant attack on
vulnerabilities, cyber assessments should be updated and reassessed as often as
possible to make sure one remains protected from the latest threats. Better still if the
assessment can be at-a-glance understood by non-technical users, so well-intentioned
staff can take action to reduce the risk.
2. Build awareness & educate yourself and team
Make cybersecurity a top priority and security awareness part of the organization’s
culture, for example all employees should attend cyber security trainings. There are six
ways that the majority of cyber criminals enter a nonprofit’s database.
• Absence of Password Policy – Always make sure that every team member has
two-factor authentication on. As well as, enforce a comprehensive password policy,
which includes how long passwords need to be and how often passwords need to be
changed.
• Unsecured software – Never skimp on software. Still to today there are nonprofits
using out of date software and sometimes so old that it’s no longer supported by
Microsoft. Make sure your computers and network operating system is always updated.
The older the system is the more susceptible to data breaches.
• Open-source software – Saving money by using open source software is asking
to be attacked since they tend to be extremely vulnerable.
• Online payment processors – Invest in a reputable online payment processor.
• Not using cloud-based platforms – Cloud-based products are usually free or low
cost to nonprofits. By using the cloud, it allows nonprofits to outsource a big part of their
security needs to leaders in the market, which then leverages technologies from those
who have the budgets and resources to combat evolving threats.
• Your employees (or former employees) – Make sure that when an employee
leaves, there are measures to make sure that all devices are wiped clean and access is
denied, along with changing passwords and placing a two-factor authentication as well.
For current employees, they should be educated on not clicking on unfamiliar emails or
attachments since 70-80% of cyberattacks are carried out through email.

53
3. Institute a cybersecurity breach response plan
Should a cyber attack occur, having a plan ready to go will ensure that all appropriate
members are noted and react instantly to be able to work together faster and more
strategic. When dealing with an attack, it is important to note that timing is critical to
whether hackers can cover their tracks or steal more data from your systems.
By utilizing the above three preventive measures, it should assist with creating policies.
Cyber threats are increasing and evolving, such as Wannacry, BadRabbit, and
NotPetya. By being proactive, nonprofits will be better equipped for the upcoming
security threats should it face a cyber attack. In return, nonprofits can continue doing
the incredible work that they do and increase their services by fulfilling their impactful
mission.
About the Author
Chloé Messdaghi is the Digital Marketing Manager at

Kenna Security. She also provides advising as a UN
Volunteer, and serves as a board member for RUDEC
in Cameroon and Simuka Africa in Zimbabwe. Both
nonprofits' mission is for children's rights and equality.
In her free time, she travels the world, mentors change

makers, and volunteers locally or abroad. Chloé holds
a Master of Science in Politics and International
Relations Research degree from University of
Edinburgh. Chloé can be reached online at
chloe.messdaghi@kennasecurity.com and at our
company website https://www.kennasecurity.com/

54
THE INTERNET WITHOUT NET NEUTRALITY
‘Absence of Net Neutrality Would Bring Multiple Challenges For Americans.’
Internet Regulations got Fired under Trump’s Presidency
A week before, the Federal Communications Commission (FCC) gathered and voted to
eliminate net neutrality, though Americans are overwhelmingly against the idea. The
most immediate consequence is the increasing prices, let’s see how the flow of
accurate information would affect devastatingly.
Can you recall the old days of dial-up, when a video used to load online in hours? Well,
you may experience that again, as this is going to be the reality because net neutrality
regulations are abolished in US. For the novice, net neutrality is making a web just like a
public utility, means internet traffic created equally for all the surfers and surfing is as
quickly as possible; no restrictions and no delays while surfing internet. Net neutrality is
another word for freedom of expression that enables users to share their ideas, rally
together around, and speak truth to power to evade conventional media gatekeepers;
ISPs would be more potent than other stakeholders.
Absence of net neutrality would bring multiple challenges for Americans, the most
immediate ones are;
The Rise in Online Content Censorship
The war between fake and accurate information started back when internet replaced the
traditional media; as per the report, only 17% of Americans consider news media, very
accurate. Lack of net neutrality would worsen this fight, ISPs like Comcast and AT&T
would utilize their power and limit the dissenting opinions using paywalls and throttling
speeds. The paradigms of sharing information would be transformed when 77% of
Americans with a smartphone would be unrestricted to access the internet freely.

55
The Price Hikes!
Internet providers are always in need to make money and unfortunately abolishing net
neutrality is the long-run lobby created by giant internet providers. With no net neutrality,
Internet providers can easily squeeze websites, charge for faster and/or exclusive
services. Video on demand services like Netflix and Amazon would also be forced to cut
down their exclusive deals with internet providers and charge from customers of
competing service providers more.
Which internet service provider hold up for money, is not arguable, it’s all going to fall
back on customers, who will have to pay to get the content accessibility. Without net
neutrality, ISPs would rule the granting or denying accessibilities, and slow down the
speed of sites that can’t afford to pay. Netflix raised voice to take a step against net
neutrality abolishment and it looks like it’s becoming imminent that Netizens should start
using a Netflix VPN to bypass speed throttling as long as the VPNs itself gets banned.
End of Freedom Of Expression?
The technological evolution has made two-way communication model possible, where
not only large organizations can share information, but individuals also practiced their
freedom to share their knowledge. Whether it’s a #OscarSowhite or #MeToo campaign,
two-way communication model enabled multicultural millennials to play their part in all
such online movements.
If you remember, so many pressing issues were ignored by the major media outlets but
highlighted by the silence breakers; individuals. Lack of net neutrality would possibly
allow ISPs to truncate or obstruct this model by restricting accessibilities.
This restriction compounded by de facto that few of the most significant ISPs have
financial ties with their news outlets; this would restrict unconventional news and
sources to access quickly. Media literacy encourages multiple sources to be used to
check the authenticity; sadly it’s quite tricky in a post-net neutrality era.

56
The flexible internet allows youngsters to pursue their dreams, finding new ways to
distribute information, market themselves, build businesses, and forge connections and
what not, would all at risk with ending net neutrality. The internet has transformed
multiple societies due to widespread availability bod versatilities, life without net
neutrality would hamper such progress especially marginalized voices.
So, The Future Is All Gloomy?
Well, the real repercussions would be observed once ISPs start implementing the
clauses they come up with and revised packages they’ll offer from now on. The ball is
solely in their court now. Massive online and offline movements have already started
against this menacing Net Neutrality law and many influencers and personalities have
joined the movement, but the current situation doesn’t look very favorable.
About the Author
Jane Collen is a new writer to Cyber Defense

Magazine and she is the Tech Analyst of the
ReviewsDir. She is a tech-geek and loves to
explore new opportunities.
She is currently dedicated to Reviewsdir.com.

While Jane is not writing or ranting about newest
tech industry gossip, you can find her practicing
her yoga and photography, making
documentaries.

57
PENETRATION TESTING CERTIFICATION: HOW TO GET &
WHY GO FOR IT
ScienceSoft’s certified ethical hacker Uladzislau Murashka dwells on CEH certification
by Uladzislau Murashka, Certified Ethical Hacker, ScienceSoft
As cyber security threats grow in sophistication, a need for advanced approaches to

penetration testing grows as well. At the same time, security professionals capable of
implementing these approaches are in short supply. So, thousands of companies hunt
for them, ready to pay quite a sum for qualified penetration testing services.
CEH certification has gained a distinguished reputation for being an indicator of a

pentester’s proficiency. Let’s find out what stands behind these three letters: CEH.
CEH (Certified Ethical Hacker) is an advanced penetration testing certification issued

by International Council of Electronic Commerce Consultants (EC-Council), an
internationally recognized professional certification body. InfoSec Institute
acknowledged this credential as number one among top security certifications in 2017,
as it gives a recognized validation that a pentester complies with the standards of
information security in ethical hacking measures.

58
CEH CERTIFICATION PATH
WHAT IS TESTED
Prospective certificate holders are tested in the following knowledge areas:
• System Development & Management

• System Analysis & Audits
• Security Testing/Vulnerabilities
• Reporting
• Mitigation
• Ethics
PREPARATION
A pentester has two options how to prepare for a CEH examination: official training and
self-study.
The EC-Council offers instructor-led and online training sessions. The instructor-led
training is conducted in accredited training centers, and the online version is based on
iClass platform. The five-day course includes 18 modules covering 270 attack scenarios
and costs either $850 (for US citizens) or $885 (for international students). After the
course, an applicant continues self-education with the access to EC-Council
laboratories. The overall preparation for CEH certification lasts for one year since the
enrollment.
To take CEH examination without attending a dedicated training session, the candidate
should have 2+ years of information security-related experience and a relevant
educational background. In addition, such candidates are required to pay a non-
refundable application fee of $100.

59
EXAMINATION
The CEH penetration testing certification exam lasts for four hours, during which
candidates answer 125 multiple-choice questions. They have to demonstrate a wide
range of skills, which include not only different types of web application and network
penetration testing, but also social engineering, cryptography, malware threats, cloud
computing, mobile platforms hacking, and more.
RESULTS
The pass mark for the exam is 70%. Successful candidates are issued a CEH
credential, and receive a CEH welcome kit within 4-8 weeks after the exam completion
date. The kit includes a hard copy of an EC-Council certificate and a welcome letter
from EC-Council. Digital versions are available on the Aspen portal.
A sample of CEH certificate

60
A sample of exam transcript
VALIDITY
The CEH credential is valid for three years. However, in order to keep the certificate
updated and have the ability to renew it later, a certificate holder has to achieve 120
credits per certification within the three-year period. Credits can be gained by attending
conferences, writing research papers, reading materials on related subjects and
attending webinars.

61
FEE POLICY
CEH penetration testing certification requires an $80 annual membership fee. This
makes the certificate holders eligible to the following benefits:
• Continued support from the EC-Council community.

• One free certification voucher.
• Exclusive discounts on EC-Council events, certification programs and materials.
WHY BECOME AN ETHICAL HACKER?
The terms penetration testing and ethical hacking are often interchangeable; however,
there is a difference. The former is a more narrow term for the process of finding
vulnerabilities in a target IT system. Penetration testers should be skilled in a specific
area (for example, network penetration testing) and are not required to possess any
formal proficiency credentials. Ethical hacking, in its turn, can be called advanced
penetration testing. It encompasses application and network penetration testing,
together with DDoS testing and social engineering. Ethical hackers should possess
CEH certification, while penetration testers are not required to have any certificates.
It pays to be a certified ethical hacker for several reasons:
• To get better salary. According to the InfoSec Institute, the average payout to a
Certified Ethical Hacker in US is $71,331 per year (non-certified pentesters are
paid $50,000 a year on average) and reaches $132,322.
• To be highly valued on the professional market. Customers consider CEH
certification among the key factors in their hiring decisions.
• To discover more career opportunities. A certified ethical hacker is not limited
to penetration testing and may take on the roles of a security engineer,
application security manager, IT security administrator, information security
consultant, security compliance engineer and network security analyst.

62
WHAT’S NEXT?
The CEH penetration testing certification alone is sufficient to validate a pentester’s

skills, no matter whether it is application and network penetration testing, vulnerability
assessment, DDoS testing or social engineering. Besides, it may serve as a foundation
for advanced EC-Council certification programs. So, if you are looking for further
opportunities in the information security domain, it’s worth considering the following
certification programs:
• Advanced penetration testing

• Licensed penetration tester
• Advanced securing windows infrastructure
• Advanced mobile forensics & security
• Advanced hacking & hardening of corporate web apps
• Advanced network defense.
For more information, visit the official website of EC-Council.
About the Author
Uladzislau Murashka is thrilled to be a guest writer

to CDM, is a Certified Ethical Hacker at ScienceSoft
with 5+ years of experience in penetration testing.
Uladzislau’s spheres of competence include reverse
engineering, black box, white box and gray box
penetration testing of web and mobile applications,
bug hunting and research work in the area of
Information Security. Uladzislau can be reached
online on LinkedIn and at our company website
https://www.scnsoft.com/

63
US AGENCY SECURITY DOUBTS HINDER MOVE TO HYBRID
CLOUD
For the past seven years, the U.S. Office of Management and Budget has been pushing
Federal agencies to move much of their computing workloads to the cloud. And yet,
progress has been slow, with only about $2 billion of the Federal government’s $80
billion in annual IT spending going to cloud services as of 2016.
Years after OMB began its cloud push, Federal agencies still face significant challenges
to adoption, with security identified as one of the main issues holding back cloud
adoption. In fact, the number one concern of Federal IT managers is how to expand
their security measures and policies to cover the cloud, according to a recent survey by
MeriTalk.
In the meantime, pressure on agencies to move to the cloud isn’t going away. The U.S.
Department of Homeland Security’s new Continuous Diagnostics and
Mitigation cybersecurity program is pushing small agencies to use cloud-based security
tools. Cloud security doesn’t get the highest marks from the Federal IT managers who
responded to the MeriTalk survey, sponsored by Fortinet. A minority of them rate their
security as excellent in cloud environments; only 35 percent for the private cloud; 21
percent for the public cloud; and 27 percent when moving between physical and virtual
environments in a hybrid cloud arrangement.
Even so, many of the survey respondents see a mix of physical infrastructure and cloud
computing in their future. The ideal mix, they said, includes 39 percent physical servers
and 61 percent cloud.
But even as Federal IT managers seek to deploy the hybrid cloud, they feel unprepared,
with security. Control and compliance are again coming to the forefront. A big part of
the cloud adoption woes is the complexity of Federal IT environments. Eighty-five
percent of the surveyed Federal IT managers described their current infrastructure as

64
“complex,” and only 34 percent said they have a high level of visibility into their IT
environment.
This complexity and lack of visibility puts agencies at a significant risk of a security
breach, the survey respondents said. More than half agreed that the complexity adds to
the risk, and nearly the same percentage said the same thing about the lack of visibility.
Still, many Federal IT managers see value in a move to the cloud, including a significant
security benefit. Seven out of ten said they believe a successful hybrid cloud adoption
will reduce their agencies’ security spending, and 69 percent said they believe it will
improve their overall security posture.
Even with the challenges of complexity and a lack of visibility, there is a path forward to
the cloud.
Take it slow: While there’s mounting pressure for agencies to move IT workloads to the
cloud, that doesn’t mean it needs to be an all-or-nothing transition. Agencies can – and
probably should – make a slow transition to the cloud by running a few select workloads
in a cloud service. By moving slow, agencies can test the applications on a cloud
service, while ensuring the proper security is in place.
Plan the journey to the cloud, don’t just jump in.
Some security products are now designed to enable a strategic migration to the cloud.
Careful planning and use of security tools that enforce security rules across hybrid cloud
environments allow agencies to avoid taking an all-at-once or an all-or-nothing
approach to migrations.
Increase the visibility first: Before moving to the cloud, agencies should get their IT
houses in order. With major concerns about visibility voiced by survey respondents, one
of the first steps should be to increase the visibility into their applications, using a
security information and event management (SIEM) or similar product.

65
There’s an old saying, “If it can’t be measured, it can’t be managed,” and software
security isn’t exempt from the rule. Agencies worried about visibility should look for
ways to measure their critical assets.
If agencies have the visibility they need, they can keep a close eye on their workloads
as they move to the cloud. And if the cloud transition is done right, agencies can
increase visibility into their IT infrastructure through new tools available in the cloud.
Federal agencies can move into hybrid cloud environments with broad visibility and
granular controls that weren’t available with traditionally isolated security resources.
Use a trusted partner: As more companies move workloads to the cloud, third-party
consultants and technology vendors can assist with the transition. Cloud providers have
certified partners, including security vendors, that specialize in assisting with the
transition.
It’s important for agencies to contract the right folks to get the job done.
Security is an important element of this transition, and a trusted security partner can
help agencies establish effective security integration between their physical and virtual
environments.
About the Author
Felipe Fernandez, is a new guest writer to CDM and is a

Systems Engineering Manager at Fortinet. In addition to his
role as a team manager, Felipe also oversees the US
Federal product strategy and certification process at
Fortinet, such as the UC APL. Felipe has over 16 years’
experience deploying, operating, and auditing security
solutions, the majority of which were spent at the DoD in
various roles both CONUS and abroad. Visit him online at
http://www.fortinet.com

66
WHITE HOUSE RELEASE OF VULNERABILITIES EQUITIES
PROCESS VALIDATES INDUSTRY CONCERNS
by Willis McDonald, Threat Research Manager and Senior Threat Research, Core
Security
When the U.S. Government discovers an unpatched vulnerability, it has a choice:

disclose the vulnerability to the vendor so that it can be patched, or exploit the
vulnerability for its own purposes. It’s not an easy call. Disclosure may eliminate an
opportunity to gather valuable intelligence, while keeping an exploit secret can put both
the public and private sectors at risk, as demonstrated by the WannaCry ransomware
outbreak.
To assist the government in its efforts, the Obama Administration established the
Vulnerabilities Equities Process (VEP), a set of rules used for determining whether the
U.S. Government should disclose a zero-day security vulnerability. The VEP has long
been criticized for its lack of transparency and oversight. Last month, the Trump
administration released the charter to the public.

67
According to The White House, “[Trump] promised to strengthen America’s
cybersecurity capabilities and secure America from cyber threats. The release of this
Charter and adherence to the rigor it demands follows through on that commitment to
the American people.”
It’s worth repeating that the VEP isn’t new. The policies of the Trump administration with
regards to vulnerability disclosure are no different from the previous administration. VEP
is just a rehash of previous policies and councils that were in place to appease public
perception on government-curated vulnerabilities—it does nothing to strengthen
cybersecurity.
The fact of the matter is, the White House’s move to release the VEP validates what the
industry has been concerned about all along. There are a number of loop holes and a
lack of industry oversight, both of which are troublesome. Let’s start with the lack of
industry oversight. In its press release, the White House claims that the VEP represents
the interests of “commercial equities; and international partnership equities.” However,

68
the VEP council does not include any representation from either commercial or
international entities.
Under the VEP, vulnerabilities are reviewed by the Equities Review Board. The Board is
comprised of folks from the Departments of Homeland Security, Energy, State,
Treasury, Justice, Defense, and Commerce. The CIA and FBI are also on the Board,
and the National Security Agency serves as the Board’s executive secretariat.
Commercial and international entities are noticeably missing from this list.
This is an obvious exclusion for national security purposes. However, it also closes the
door on external oversight of decisions deemed in the interest of national security.
Commercial and international entities should have a place on the council if vulnerability
disclosure decisions are being made on their behalf.
The loopholes are also cause for concern. The VEP charter limits the scope of
vulnerabilities addressed by the council to certain classes, thus allowing reporting
entities to report as they see fit any vulnerabilities that fall outside the scope of the VEP.
In addition, the VEP does not address vulnerabilities that are discovered and shared by
international partners. Granted, this so-called non-disclosure agreement (NDA) loophole
is necessary for the U.S. government to continue operations with its allies. Without it,
our allies would fear that sharing vulnerability information with us could compromise
their own national security operations. However, like the previous loophole, this could
allow participating entities to bypass the controls of the VEP and report a vulnerability
as they see fit.
While the push for transparency is great, we shouldn’t hold our breath waiting for
change. Legislation like the Protecting Our Ability to Counter Hacking Act of 2017
(PATCH Act) and, now, the VEP charter are intended to appease the public rather than
cause change. And, to some extent, it has done just that.
It is worth noting that vulnerabilities such as those used in WannaCry never would’ve
been released through VEP due to their usefulness in providing access to remote
systems for collection purposes. And we all know how that turned out.
About the Author
Willis McDonald, is Threat Research Manager and Senior Threat Researcher at Core
Security, a leader in Vulnerability, Access Risk Management and Network Detection
and Response.

69
CYBER DEFENSE PERSPECTIVES FOR 2018
By Milica D. Djekic
The 2017 is at its end and we are easily approaching the 2018. Many people would
happily wait for a New Year, but is that the case with a cybersecurity? What would be
new in that area with the coming period of time and are there any concerns we should
get scared of?
In our opinion, the cyber defense marketplace would keep growing and there would
appear so many new solutions, advancements and improvements. We also believe
there would be many novel stuffs that would promise the better security as the previous
year gave to us an opportunity to learn from the existing threats. Also, we believe as the
positive things would continue developing – there would be the space for the rise of
malware, spyware and ransomware. So, what’s important to mention here is that we
need to make a good balance between our consumer’s needs and security
70
requirements. In other words, if we are developing the new solution – we should always
think how to protect our users from the malicious consequences. For instance, it’s well
known that the Internet of Things (IoT) marketplace is so fast growing one and so soon
it would worth trillions of dollars. The quite good field for investments, you would agree
with? The main question here would be how secure those solutions are. From a today’s
perspective, it would seem that the security would become the ultimate imperative for
the coming year. It’s quite undifficult to connect so many devices on the internet and
make the quite robust IoT network out of them, but could anyone promise to you that
you would remain physically and cyber safe? The security got the supreme demand
being one of the biggest challenges for tomorrow and we are not quite sure that 2018
would bring anything revolutionary regarding so. By so many sources, the 2018 would
stay about the same as the previous period of time. Well, let’s discuss all the questions
that could get open for the next year.
The huge concern with a today’s world is that it’s not equally developed everywhere. As
the consequences to that we have somehow present terrorism, organized crime and
human trafficking in some parts of the world. As it’s known – the crime would not
recognize the borders and so many malicious
actors would circulate around the globe looking
for a new target of their harmful action. Doing
so – those folks would rely on cyber
technologies and so frequently they would
succeed in their missions for a reason the good
practice would still deal with the quite weak
security countermeasures. As we said – it’s all
about the balance. In the ancient China, the
people would say it’s all about the harmony
between the Yin and Yang – the force of defense and the force of attack.

71
Once we make a balance between those two opposite forces, we would get the peace.
As we would mention that the IoT landscape is getting bigger and bigger and such a
technology is becoming available even in the developing societies – it’s getting clear
that the force of attack is increasing its
capacities and making a disbalance at the
global scale. So, could we do anything to
reduce that amount of threat being present
worldwide? The answer to this question
would seek a deep thinking from us and as
the impact we would get advices that would
mainly look for the better practice and more
reliable security solutions.
Unluckily to all of us, there are still a lot of open questions that would require the
accurate answers from us. For example, many experts would get concerned about the
security of IoT technologies, cloud’s systems or production of new malware and creation
of the more serious phishing attacks. We are quite feared that the coming 2018 would
not offer such a sufficient amount of time to resolve all those worries. The encouraging
thing here would be if we could find some sort of the right approach that would support
us in tackling such an issue.
We do not want to sound somehow pessimistic, but if we review the current situation
realistically – we would notice that today’s cybersecurity is dealing with lots of
challenges that would need time and effort to get handled appropriately. In our opinion,
the one year is not enough to get all these concerns being tackled, but let’s say it could
be a good starting point for making better decisions and defining the new tracks for
research and development. Every single mistake in this world could cost us a lot and
our opponents would know how to take advantage over our weaknesses, so we should
get ready to respond to such a situation.
Finally, the 2018 could be a good year to re-think everything and try to make new
strategies that would lead us to new directions. We are aware of that the world is so fast
changing marketplace and every single day being lost in such a competition could cost
72
your business greatly and significantly. Our point would be that the defense including
the cybersecurity would need more deep thinkers who would see things
comprehensively and applying some sort of strategical approach tries to indicate which
course we should take. The main rationale to this suggestion would be that many cyber
industry professionals would repeat same and same routine on a daily basis and those
guys would not notice that they are not changing anything essentially. On the other
hand, the change could be from a great significance to the progress and if we do not
empower our capacities – we cannot expect that we would make any step forward. In
other words, if we are not progressing with anything – we would not come to such a
wanted balance that would harmonize our world and bring so desired peace to all.
The point of this review is to indicate to some ideas that we could get thinking about
more balanced and secured environment. No one got immune to today’s threats and we
are quite concerned that those security challenges could take full advantage over
modern cyber technologies. The tendency would suggest that every single day those
advancements would get cheaper and cheaper and more accessible to everyone. At the
end, if we do not make a deep think about the current situation, we could face on the
quite unpleasant impacts.
About the Author
Milica Djekic is a well-read and frequent

contributor to Cyber Defense Magazine. Since
Milica Djekic graduated at the Department of
Control Engineering at University of Belgrade,
Serbia, she’s been an engineer with a passion for
cryptography, cyber security, and wireless
systems. Milica is a researcher from Subotica,
Serbia. She also serves as a Reviewer at the
Journal of Computer Sciences and Applications
and. She writes for American and Asia-Pacific
security magazines. She is a volunteer with the American corner of Subotica as well as
a lecturer with the local engineering society.
73
REVIEWING LAST MONTH’S RANSOMWARE
There was a lot more ransomware activity in November compared to the previous
month. The infamous ACCDFISA Trojan literally rose from the ashes after years of hiatus.
A destructive specimen called Ordinypt was wreaking havoc in Germany with attacks
leading to irreversible loss of data. Another city suffered the consequences of a defiant
crypto onslaught. The highlights below will give you a better idea of how things went on
the ransomware battlefield last month.
Nov. 30, 2017. A ransomware strain called ACCDFISA v2.0 is spreading on a large
scale in Brazil. Its legendary prototype emerged at the dawn of the cyber extortion
plague back in 2012. It was a screen locker and file encoder pretending to emanate from
Anti Cyber Crime Department of Federal Internet Security Agency that doesn’t even
exist. Present-day crooks have reanimated the culprit in this new campaign.

74
Nov. 27, 2017. Malware analysts come across a sample that stands out from the rest.
Dubbed StorageCrypter, it targets online-accessible Western Digital My Cloud NAS

(network-attached storage) devices that usually hold a plethora of data. This infection
blemishes encoded files with the .locked extension and drops

READ_ME_FOR_DECRYPT.txt rescue note. The size of the ransom is 0.4 Bitcoin.
Nov. 23, 2017. A blackmail virus called Scarab is being heavily distributed via a
malspam wave originating from Necurs, one of the world’s most powerful botnets. For
the record, this particular botnet gained notoriety for pushing the notorious Locky
ransomware. The perpetrating program stains encrypted files with the

.[suupport@protonmail.com].scarab extension.
Nov. 22, 2017. The new qkG ransomware, or qkG Filecoder, exhibits a few quite
interesting characteristics. Its activity inside an infected host resembles that of a

computer worm as it utilizes a self-replication mechanism. Furthermore, it contaminates
Normat.dot (Microsoft Word global template) so that every Word document opened by
the victim gets encrypted.
Nov. 20, 2017. The CrySiS ransomware lineage spawns one more variant as part of its
authors’ dynamic update strategy. The newcomer concatenates the .java extension to
ransomed data entries and drops a combo of ransom notes named info.hta and ‘Files
encrypted!!.txt’. Unlike some of the older versions, there is no free decryption tool
supporting this particular edition.
Nov. 17, 2017. A widespread species of ransomware called CryptoMix undergoes
another update. The latest variant adds the .0000 extension to hostage files and replaces
filenames with strings consisting of 32 hexadecimal characters. This way, a victim is
unable to work out which encoded entry corresponds to a specific file. The ransom
notification file is named _HELP_INSTRUCTION.txt.
75
Nov. 15, 2017. Students of J. Sterling Morton school district, Illinois, become targets in
an unordinary ransomware campaign. An uncatalogued blackmail virus has been trying

to attack them via a counterfeit student survey propped by professionally tailored
phishing emails. Although this piece of malicious code doesn’t go with a working crypto
module thus far, it demonstrates how successful this type of infection vector can get.
Nov. 14, 2017. Security services provider Dr.Web comes up with a cure for a relatively
new ransom Trojan that uses the .kill or .blind extension to speckle hostage files. The
vendor’s tool called Dr.Web Rescue Pack is reportedly capable of decrypting these files
so that victims don’t have to cough up the ransom. In order to use this software’s
recovery feature, though, it’s necessary to pay a subscription fee.
Nov. 13, 2017. The authors of CryptoMix, one of the most prolific ransomware samples
around, continue their prosaic filename tweaking routine. The most recent version of
this baddie smears encrypted data items with the .XZZX extension token. This iteration
invariably sticks with the same ransom note named _HELP_INSTRUCTION.txt.
Nov. 10, 2017. The evolution of the LockCrypt ransomware illustrates how dynamic this
cybercriminal ecosystem is. It was originally spotted in June as part of a RaaS
(Ransomware-as-a-Service) network called Satan. This type of distribution implies

revenue sharing with the proprietor of the malign affiliate platform.
The crooks behind LockCrypt apparently chose to depart from this scheme. They appear
to have written their own code from the ground up and no longer use the Satan RaaS
for proliferation. The culprit is infecting computers via brute-forced RDP services.
Nov. 9, 2017. A new ransomware specimen dubbed Ordinypt raises a red flag as it is
more dangerous than the average crypto infection. This one zeroes in on German users
and organizations. The bad news for all the victims is that Ordinypt completely cripples

76
files instead of making them inaccessible through encryption. This means that there is
absolutely no way to get the hostage data back.
Nov. 7, 2017. Another ransom Trojan is discovered that exploits Microsoft Word macros
to contaminate computers. It’s called Sigma. The payload arrives with a booby-trapped
email attachment. Sigma appends every encrypted file with a random extension
composed of four alphanumeric characters and drops a rescue note named ReadMe.txt.
The ransom amounts to a Bitcoin equivalent of $1,000.
Nov. 4, 2017. Security experts unearth some details about a new high-profile
ransomware species called GIBON. It turns out to have been circulating in the
cybercriminal underground since May this year. It’s not until early November, though,
that the pest started making the rounds via massive spam campaigns. It provides data
recovery steps in a file named Read_Me_Now.txt. Shortly after the breakout,

MalwareHunterTeam’s leader Michael Gillespie was able to create a free decryption
toolfor the infection.
Nov. 3, 2017. It’s amazing how a single email attachment can get a whole city’s
payment infrastructure paralyzed. That’s what happened to Spring Hill, Tennessee. One
of the employees opened a toxic file received via spam, thus unknowingly allowing a
ransomware contagion to take root. The perpetrating code badly affected Spring Hill’s
computer servers, effectively knocking down the online payment processing systems.
The adversaries demand $250,000 worth of Bitcoin for data decryption.
Nov. 2, 2017. Magniber, a ransomware sample spreading via the Magnitude exploit
kit, hit the headlines in mid-October as it resembled the abominable Cerber infection in
many ways. Based on clues in its code, security analysts concluded it was a new variant
of this year’s most widespread ransomware program mentioned above. Several weeks

77
afterward, Magniber underwent the first major update. The biggest change is the new
.skvtb suffix being concatenated to encrypted files.
In summary, the ransomware epidemic is still around and it’s getting nastier.
Unfortunately, there is no vaccine for this cyber menace, so data backups continue to be
the best thing since sliced bread when it comes to preventing the worst-case scenario.
So back it all up and stay safe. Keep up with a year in review of Ransomware, here:
http://www.cyberdefensemagazine.com/ransomware-news/
About the Author
David Balaban is a frequent writer for CDM, a

computer security researcher with over 15 years
of experience in malware analysis and antivirus

software evaluation. David runs the Privacy-
PC.com project which presents expert opinions

on the contemporary information security
matters, including social engineering, penetration

testing, threat intelligence, online privacy and
white hat hacking. As part of his work at Privacy-

PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs
and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a
strong malware troubleshooting background, with the recent focus on ransomware
countermeasures.

78
79
80
81
82
83
84
85
86
87
88
89
TOP TWENTY INFOSEC OPEN SOURCES
OUR EDITOR PICKS HIS FAVORITE OPEN SOURC ES YOU CAN PUT TO W O RK TODAY
There are so many projects at sourceforge it’s hard to keep up with them. However, that’s not where we are going
to find our growing list of the top twenty infosec open sources. Some of them have been around for a long time
and continue to evolve, others are fairly new. These are the Editor favorites that you can use at work and some at
home to increase your security posture, reduce your risk and harden your systems. While there are many great
free tools out there, these are open sources which means they comply with a GPL license of some sort that you
should read and feel comfortable with before deploying. For example, typically, if you improve the code in any of
these open sources, you are required to share your tweaks with the entire community – nothing proprietary here.
Here they are:
1. TrueCrypt.org – The Best Open Encryption Suite Available (Version 6 & earlier)
2. OpenSSL.org – The Industry Standard for Web Encryption
3. OpenVAS.org – The Most Advance Open Source Vulnerability Scanner
4. NMAP.org – The World’s Most Powerful Network Fingerprint Engine
5. WireShark.org – The World’s Foremost Network Protocol Analyser
6. Metasploit.org – The Best Suite for Penetration Testing and Exploitation
7. OpenCA.org – The Leading Open Source Certificate and PKI Management -
8. Stunnel.org – The First Open Source SSL VPN Tunneling Project
9. NetFilter.org – The First Open Source Firewall Based Upon IPTables
10. ClamAV – The Industry Standard Open Source Antivirus Scanner
11. PFSense.org – The Very Powerful Open Source Firewall and Router
12. OSSIM – Open Source Security Information Event Management (SIEM)
13. OpenSwan.org – The Open Source IPSEC VPN for Linux
14. DansGuardian.org – The Award Winning Open Source Content Filter
15. OSSTMM.org – Open Source Security Test Methodology
16. CVE.MITRE.org – The World’s Most Open Vulnerability Definitions
17. OVAL.MITRE.org – The World’s Standard for Host-based Vulnerabilities
18. WiKiD Community Edition – The Best Open Two Factor Authentication
19. Suricata – Next Generation Open Source IDS/IPS Technology
20. CryptoCat – The Open Source Encrypted Instant Messaging Platform
Please do enjoy and share your comments with us – if you know of others you think should make our list of the
Top Twenty Open Sources for Information Security, do let us know at marketing@cyberdefensemagazine.com.
JOB OPPORTUNITIES
Send us your list and we’ll post it in the magazine for free, subject to editorial approval
and layout. Email us at marketing@cyberdefensemagazine.com

90
91
92
93
94
95
96
97
98
FREE MONTHLY CYBER DEFENSE EMAGAZINE
VIA EMAIL
ENJOY OUR MONTHLY ELECTRONIC EDITIONS OF OUR
MAGAZINES FOR FREE.
This magazine is by and for ethical information security professionals with a twist on
innovative consumer products and privacy issues on top of best practices for IT security
and Regulatory Compliance. Our mission is to share cutting edge knowledge, real
world stories and independent lab reviews on the best ideas, products and services in
the information technology industry. Our monthly Cyber Defense e-Magazines will also
keep you up to speed on what’s happening in the cyber crime and cyber warfare arena
plus we’ll inform you as next generation and innovative technology vendors have news
worthy of sharing with you – so enjoy. You get all of this for FREE, always, for our
electronic editions. Click here to signup today and within moments, you’ll receive your
first email from us with an archive of our newsletters along with this month’s newsletter.
By signing up, you’ll always be in the loop with CDM.

99
WE OFFER SOME OF THE BEST HIGH TRAFFIC OPPORTUNITIES
FOR INFOSEC INNOVATORS: LEARN MORE BY EMAILING US
at marketing@cyberdefensemagazine.com for more information.
Copyright (C) 2017, Cyber Defense Magazine, a division of STEVEN G. SAMUELS

LLC. PO Box 8224, Nashua, NH 03060-8224. EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide. marketing@cyberdefensemagazine.com Cyber Defense
Published by Cyber Defense Magazine, a division of STEVEN G. SAMUELS LLC.Cyber
Defense Magazine, CDM, Cyber Defense eMagazine, Cyber Defense Test Labs and
CDTL are Registered Trademarks of STEVEN G. SAMUELS LLC. All rights reserved
worldwide. Copyright © 2017, Cyber Defense Magazine. All rights reserved. No part of
this newsletter may be used or reproduced by any means, graphic, electronic, or
mechanical, including photocopying, recording, taping or by any information storage
retrieval system without the written permission of the publisher except in the case of
brief quotations embodied in critical articles and reviews. Because of the dynamic
nature of the Internet, any Web addresses or links contained in this newsletter may
have changed since publication and may no longer be valid. The views expressed in
this work are solely those of the author and do not necessarily reflect the views of the
publisher, and the publisher hereby disclaims any responsibility for them.
Cyber Defense Magazine

PO Box 8224, Nashua, NH 03060-8224.
EIN: 454-18-8465, DUNS# 078358935.
All rights reserved worldwide.
marketing@cyberdefensemagazine.com
www.cyberdefensemagazine.com
Our New Office Addresses coming soon: NEW YORK (US HQ), LONDON, HONG KONG
Cyber Defense Magazine - Cyber Defense eMagazine rev. date: 12/27/2017

100
101
102
103

CDM Cyber Warnings December 2017

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CDM Cyber Warnings December 2017

Transféré par

Droits d'auteur :

Formats disponibles

Cyber Defense eMagazine – September 2017 Edition

From the Editor’s Desk _______________________________________ 4

Why Deception Technology Will Change the Game in Our Favor

Cyber Defense eMagazine – December 2017 Edition

Penetration Testing Certification – How To _____________________ 58

Cyber Defense eMagazine – December 2017 Edition

without you. Reflecting on 2017, the pace of breaches Pierluigi.paganini@cyberdefensemagazine.com

has not slowed. As more and more businesses move ADVERTISING

their geolocation. This transformation of crime into CONTACT US:

of the latest threat – the next breach. We have some

To our faithful readers, Learn more about our founder at:

Providing free information, best practices, tips

Cyber Defense eMagazine – December 2017 Edition

Apcon “Apcon offers state of the art network tapping and

Aperio Aperio systems innovative Data Forgery

Attivo Networks “Attivo Networks changes the game on the

Barkly “The Barkly Endpoint Protection Platform blocks

Cyber Defense eMagazine – December 2017 Edition

BUFFERZONE “The BUFFERZONE solution is a unique, transparent

Chaitin Tech. “Chaitin Tech Safeline is an innovative Web

Coalfire “Coalfire is the cybersecurity advisor that helps

Cronus Cyber “Cronus CyBot is the world’s first patented

Cyber Observer “Cyber Observer is a high-level management &

Cyber Defense eMagazine – December 2017 Edition

CyberSift “CyberSift allows you to leverage your existing

CyberVista “CyberVista delivers comprehensive, well

Cylance “It’s time we go beyond traditional antivirus to fight

DarkOwl “DarkOwl’s data platform allows companies to see

EdgeWave “EdgeWave reduces the risk of fraudsters stealing

Edgewise “Edgewise Networks is a leader at trusted

Cyber Defense eMagazine – December 2017 Edition

Erkios “Erkios Systems delivers an innovative solution to

Exabeam “Exabeam’s machine learning for advanced threat

Fenror7 “Fenror7 uses a brilliant model of time-based

FFRI “FFRI delivers one of the most innovative, light-

HackerArsenal “HackerArsenal’s tiny WiMonitor device makes Wi-

Cyber Defense eMagazine – December 2017 Edition

Inky “Inky’s Phish Fence is one of the most advanced

Jumio “Jumio delivers the next-generation in digital ID

KnowBe4 “KnowBe4 is a very powerful and popular

LastLine “Lastline Breach Defender is a breach protection

HelpSystems “We’re extremely impressed with the GoAnywhere

Cyber Defense eMagazine – December 2017 Edition

Mon-K “Secure-K Enterprise is a revolutionary encrypted

Nehemiah “NehemiahSecurity enables near real-time

NuData “NuData reduces the risk of fraudsters stealing your

Nyotron “Nyotron’s threat-agnostic defense finds threats

PacketSled “PacketSled delivers real-time, continuous

Cyber Defense eMagazine – December 2017 Edition

PFPCyber “Power Fingerprinting (PFP) is a unique approach to

PlainID “PlainID offers a simple and intuitive way for fast-

Qualys “Qualys delivers one of the most robust and cost-

Remediant “Remediant’s SecureONE provides agentless

ReversingLabs “ReversingLabs delivers in-depth file analysis with

Cyber Defense eMagazine – December 2017 Edition

RiskVision “RiskVision is the world’s first enterprise risk

(S4URC) “MalwarePot uses android container technology to

Scram Software “Scram Software secures the cloud against a

SonicWall “SonicWall provides cost effective next-generation

Stormshield “Stormshield is a very impressive European leader

ThinAir ThinAir is a very unique and purpose-built insider

Cyber Defense eMagazine – December 2017 Edition

Titania “Titania is the standard for helping you find your

TriagingX “TriagingX provides complete protection for