BeyondTrust’s Morey Haber addresses the use of legacy systems by federal agencies, repeal of net neutrality rules, shortage of cybersecurity experts and the WannaCry ransomware attack.
FCC Votes to Reverse Net Neutrality Rules
The removal of net neutrality by the FCC would allow for favoritism, and is not indicative of an open internet. If you don’t want to sit in traffic in some states, you can go to the high-speed lane and bypass the traffic. The removal of net neutrality would make E-ZPass part of the internet. If you want to go faster and avoid traffic, you pay. Cable TV providers may cut off channels if they can’t negotiate rates to carry coverage. That means Netflix or Amazon, compared to Spectrum or Comcast, may have to pay the cable companies more, to get more bandwidth to deliver their services. Net neutrality stops this from happening. The removal of net neutrality is a vehicle for the cable companies to bill the providers on the internet to have bigger bandwidth, the same way E-ZPass works for driving your car on the highway.
WannaCry: 47 Percent of Agencies Use Outdated Windows XP – BeyondTrust Survey
The WannaCry ransomware attack is unique, but not from a ransomware perspective. When the Shadow Brokers released Eternal Blue and Double Pulsar to the public, they revealed a type of vulnerability that has not been publicly disclosed in about 10 years. The last vulnerability and exploit combination that was that severe was in 2008 with Conficker.
The reason this one was so unique is because it was completely remotely exploitable, with no user intervention, allowed privileged escalation, and was wormable. We have not seen anything as severe in the Microsoft operating system in the past 10 years.
Prior to WannaCry, there were a variety of attacks occurring, using this same exploit combination developed by the NSA, that was leaked. The most notable one was attacking machines in the same way, installing a program in memory, and basically making them zombie computers. It did not affect the runtime operation of the servers and workstations that were affected. They were just using CPU power to do bitcoin mining. The aim was simply to make money.
Hackers took the same exploits and made WannaCry wormable, meaning that once it’s infected, it finds other machines to infect, propagating outwards, and ushering us onto a whole new level we have not seen since Code Red and SQL Slammer. That is what made WannaCry so bad.
Patching fixed it, but when you have end-of-life operating systems like Windows XP, there are no patches. There will be other attacks. They may not be wormable, and may be like Mirai botnets which were talking to IoT devices and compromising them, all from a central source. The high risk that we have now is that Shadow Brokers have said that they will release one stolen NSA exploit a month for next couple of months. This implies that the NSA has had these tools for quite some time, for attacking or surveying adversaries, but are now publicly available, and may or may not have patches or zero days. If there are zero days, or they were recently patched, then we could see more worms, bots and such, just as severe. The fact that the NSA lost control of these tools only aided in the spread of WannaCry. Without that loss, WannaCry would have just been another type of ransomware.
Shortage of Competent Cybersecurity Professionals: Myth or Reality?
Cybersecurity professionals are in some ways like doctors – they can all have various specialties. The base is massive, so the training can vary a lot. When you think of cybersecurity professionals, what easily comes to mind is CISSP, which is the core of best practices. That is still the general education, just as a doctor would receive during the first couple of years in school. Then you start learning how to use specific tools, whether from BeyondTrust, Cisco, FireEye or others, and you become an expert in it. Now you become the anesthesiologist, the radiologist, the brain surgeon and so on. That specific expertise is very finite, which is why experts in their fields get poached all the time, and it is also the reason why it seems like it is so hard to find somebody.
This situation is made worse by the fact that someone who is doing work in a specific field every day burns out eventually, because they are not challenged. These are incredibly talented people who are becoming repetitive in their actions. If someone offers them more money to do something similar, or to even start up a whole new practice, they will jump at the offer. The fact is that commercial will always pay more than federal, which is why top talent from the federal sector gets enticed to the private sector all the time. Unless the person likes a comfortable job with the promise of a pension, you can poach someone with Cisco expertise from the federal sector. You can tell them that you’ve helped set up an agency and you tell them that you’re revamping your whole Cisco infrastructure, and are willing to pay X amount of money, certainly more than they currently earn.
It doesn’t matter if it is vulnerability management, endpoint management, log management, antivirus, forensics, pen testing — once you start going down that specialty route, you will become a very prized commodity. You can become the expert in that area with the assurance that you can perform the needed functions with your eyes blindfolded.
Profile
Speaker: Morey Haber, VP of Technology, BeyondTrust
With more than 20 years of IT industry experience, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition, and currently overseas strategy for both vulnerability and privileged identity management.
About Beyond Trust
BeyondTrust is a global cyber security company that believes preventing data breaches requires the right visibility to enable control over internal and external risks. We give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your organization goes. BeyondTrust’s security solutions are trusted by over 4,000 customers worldwide, including over half of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com.