4 Common Cybersecurity Threats

4 Common Cybersecurity Threats

By: Alex Shanteau, Senior Security Consultant, MAD Security | January 3, 2019   As the untamed cyber threat landscape evolves in scope, sophistication, and reach, the risks organizations face will continue to increase not only in number, but in severity, and they are finding new ways to infiltrate your internal and external networks every day. In this blog post, we’ll take a look at some common threats you’re likely to see throughout 2019, and over the next several weeks we will go in-depth on prevention and mitigation of these types of attacks.   Sophisticated Phishing Campaigns   Most phishing attacks come in the form of email spam, tricking users out of their credentials, financial, or other sensitive information. Phishing emails have come a long way from the cliché Nigerian Prince scam. Most current phishing emails replicate an email you may think is completely normal and credible, and can come in a number of formats, from a LinkedIn request to a fraudulent invoice. These phishing emails are becoming ever more sophisticated, including the successful usage of multi-factor authentication, the inclusion of homographic domain names, and almost perfect impersonation of legitimate applications. This attack vector exploits the weakest link in the cyber defense chain – people – and can lead to devastation and sometimes catastrophic compromises for companies.   During a recent red team exercise we conducted for an enterprise-sized company, LinkedIn phishing requests were sent to targeted employees that were identified by combing publicly available information on the Internet. These users received an email asking them to join a group associated with their company on LinkedIn. When users clicked on the...
The Marriott Breach: Lessons Learned for the Hotel Industry

The Marriott Breach: Lessons Learned for the Hotel Industry

By: Alex Shanteau, Senior Security Consultant, MAD Security | December 19, 2018 The massive breach of the reservation system for Marriott’s Starwood subsidiaries is no doubt one of the largest breaches to date and highlights some of the most prevalent security challenges for the hotel industry. As consolidation continues amongst hotel chains to achieve scale across more geographies, the likelihood of these types of breaches will continue to rise. In this post, I’ll analyze what exactly happened and how other hotel chains can avoid such breaches. On November 30, 2018 Marriott announced that “On September 8, 2018, (Marriott) received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database…Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014.” Four years, that’s how long the attackers had been in their network. Technical details about the compromise were not disclosed, but I wonder if they just installed a monitoring tool and when they turned it on, they managed to finally see the indicators of compromise, or perhaps the attackers had been in the network for that long but hadn’t attempted to access or exfiltrate data. My next question is what’s the damage? “contains information on up to approximately 500 million guests” That is a lot of people, even larger than the Equifax breach at 148 million people.  So what kind of data did the attacker access? “the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date,...
NIST 800-171: Leveraging an MSSP for Compliance Frameworks

NIST 800-171: Leveraging an MSSP for Compliance Frameworks

For many businesses, compliance is becoming a way of life.  As cyber-attacks and data breaches are revealed and reported on a regular basis, new compliance requirements will continue to be implemented.  A couple of recent examples are the NIST 800-171 (Defense Federal Acquisition Regulation Supplement or DFARS) requirements for Controlled Unclassified Information (CUI) and GDPR regulations for protecting personal data of EU citizens.  In this post, we’ll focus on NIST 800-171, what we can expect from it this year, and how to maintain compliance throughout 2018 and beyond. NIST 800-171 and its Implications for 2018 Since the December 31st deadline has come and gone, many defense contractors and subcontractors may be curious as to how it will affect them. If a defense contractor currently has an existing defense contract that includes the DFARS clause, then they must already be on the road to compliance with their System Security Plan (SSP) and Plan of Actions and Milestones (POA&M) in place. Also, if a contractor plans to bid on a similar contract in the future, they must also have begun this process. However, just creating a POA&M and an SSP is not a “set it and forget it” thing.  A contractor must show continual improvement.  This is where a Continuous Monitoring Strategy (CMS) comes into play.  A contractor should be working to close the gaps identified in their initial Gap Assessment by completing tasks and fulfilling obligations on schedule within the POA&M, updating their SSP, as well as continuing to monitor their environment. DFARS consists of 14  families of controls totaling 110 controls, which can be found in the NIST Special Publication...