#NSBCS.033 - From the desk of the CEO | Cyber is a team game, and it needs the whole team!
From the desk of the CEO | Cyber is a team game, and it needs the whole team!
Cyber isn’t hard. There…… I said it, and some people won’t like it. But hear me out.
There are hundreds, no thousands of people (just in Australia) who are experts in the different aspects of cyber and who have made their careers out of specialising in it, protecting businesses from cyber threats and helping them manage information security risks.
Cyber appears hard if it is not your specialisation, but so does law, medicine, accounting, engineering, sports coaching, graphic design, being on TV …… you get what I am saying.
I’m not saying that it isn't a complicated discipline, it is. But there is plenty of help available.
So why do we keep on saying “cyber is hard”? Why don't we get more specific about what is actually hard, so that people understand what we mean and more importantly, where we need their help?
Which is, I hear you ask?
Getting the whole team to the game, not just the right players on the field.
Why?
Because they are not just “cyber” people that are needed for game day, and some people just don’t want to join the team.
Ask any CISO.
For me, I break it down into two main challenges (I am sure you could list plenty more, but let’s go with two for now!):
1. “Cyber influence” is hard. No this isn’t getting your cyber Tik Toks out there! This is the art of communicating cyber in the upper echelons of business (or Government) so that people understand it. Convincing them to listen, acknowledge and then commit to something that takes time, will require change, will possibly be disruptive in the short term and will most definitely cost money. That is hard. Many people simply choose to ignore it.
2. Execution is hard. Not finding good Cyber people to execute a program, that bit isn't the hard part. Getting adequate budget, being given the mandate to make changes, adjusting minds to prioritise security over user experience, convincing people to tell you about the software and technologies that they use so that you can help them protect important data, knowing all of your 3rd parties and who has access to your data to mandate an acceptable standard, sifting through all the cyber “vendor noise” (of which there is plenty!) to streamline an approach that is fit for purpose, finding the right partners to help you execute and then measuring ROI on cyber. That is all hard. Many people who choose to sit in the ‘hot seat’ burn out trying to achieve this.
So why am I writing this?
Because the next time you are in a conversation and you hear the CISO, the InfoSec team or the IT team, the MSP or the MSSP, attempting to “cyber influence” or garner support to be able to “execute”, help them out.
Cyber is a team game and it needs the whole team to be successful, not just the players on the field.
For info on NSB Cyber’s Cyber Resilience or Governance capabilities, or to book a meeting with our team, click here.
What we read this week
ViperSoftX Malware Covertly Runs PowerShell Using AutoIT Scripting - The ViperSoftX malware has evolved to use the Common Language Runtime (CLR) to run PowerShell commands within AutoIt scripts, enhancing its stealth capabilities. This malware, active since 2020, is typically distributed through torrent sites disguised as eBooks containing malicious RAR archives. Once executed, it loads PowerShell scripts that run covert commands and maintain persistence via Task Scheduler. ViperSoftX steals system data, cryptocurrency wallet information, and clipboard contents. It employs heavy obfuscation and encryption techniques to evade detection. Researchers emphasise the need for comprehensive defense strategies to counter this sophisticated threat.
China’s ‘Velvet Ant’ Hackers Caught Exploiting New Zero-Day in Cisco Devices - Chinese state-sponsored hackers known as Velvet Ant exploited a zero-day vulnerability in Cisco's NX-OS software, used in Nexus-series switches. This attack was identified during a forensic investigation by cybersecurity firm Sygnia. The hackers used administrator credentials to deploy custom malware, enabling remote access and malicious code execution. Cisco responded by releasing updates to patch the vulnerability, though no workarounds are available. Velvet Ant is noted for its sophisticated and stealthy operations, primarily aiming for long-term network access for espionage. This incident underscores the ongoing threats from state-sponsored cyber activities.
Australia Instructs Government Entities to Check for Tech Exposed to Foreign Control - The Australian government has mandated all its entities to review their technology for foreign control risks. This directive follows rising threats from state-sponsored and financially motivated cyber activities, notably by Chinese hackers targeting Australian networks. More than 1,300 government bodies must identify and report Foreign Ownership, Control, or Influence (FOCI) risks by June 2025. Additionally, a comprehensive inventory of all internet-facing systems is required, with specific risk management plans. Government entities must also connect with the Australian Signals Directorate's threat intelligence platform by month-end. This initiative aims to enhance visibility and security of the Australian Government’s technology estate.
Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike - A global police operation codenamed MORPHEUS shut down nearly 600 cybercrime servers linked to the Cobalt Strike tool, used by cybercriminal groups for various malicious activities. The crackdown, involving authorities from several countries including the UK, US, and Germany, targeted unlicensed versions of Cobalt Strike between June 24 and 28, 2024. The operation disabled 590 out of 690 flagged IP addresses across 27 countries. Cobalt Strike, a legitimate penetration testing tool, has been heavily abused by cybercriminals and nation-state actors for espionage and ransomware attacks. The action underscores the ongoing misuse of such tools in cybercrime. The operation also highlighted the need for international cooperation in combating cyber threats.
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol - A critical vulnerability in the 30-year-old RADIUS protocol, identified as CVE-2024-3596, has been exposed by security researchers, leading to significant concerns in the cybersecurity community. The vulnerability, dubbed the BlastRADIUS attack, allows attackers to bypass authentication processes, potentially compromising networks that rely on this protocol for secure access. This flaw affects the integrity of the RADIUS protocol, widely used for remote authentication in various systems. Security experts stress the urgency for organisations to assess their use of RADIUS and implement necessary patches or mitigation strategies to protect their networks. This incident underscores the risks associated with long-standing protocols that may not have been designed with modern security threats in mind.
References
https://www.bleepingcomputer.com/news/security/vipersoftx-malware-covertly-runs-powershell-using-autoit-scripting/
https://therecord.media/cisco-velvet-ant-hackers-china
https://therecord.media/australia-government-agencies-check-technology-foreign-control
https://thehackernews.com/2024/07/global-police-operation-shuts-down-600.html
https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/