Crypsis … periodically | December 2017

U.S. Government Blames N. Korea for WannaCry

Earlier this month, the U.S. government formally accused North Korea with carrying out the WannaCry cyber attack, a ransomware virus that disrupted computers and networks around the world and caused billions of dollars in damage earlier this year. In an op-ed in the Wall Street Journal, Thomas P. Bossert, assistant to the president for homeland security and counterterrorism, confirmed previous conclusions by the U.K. government and by Microsoft that Pyongyang was responsible for unleashing WannaCry. “The world is increasingly interconnected with new technologies, devices, networks and systems creating great convenience,” he wrote. “Unfortunately, that provides bad actors opportunities to create mayhem with the hope of anonymity, relying on the complex world of ones and zeros to hide their hand. They have stolen intellectual property and done significant damage in every sector.”

Some experts are warning that North Korea will likely step up attacks in the wake of the U.S. government announcement. In Forbes, Comae Technologies chief Matthieu Suiche said: “If now governments are officially acknowledging North Korea as a threat, and denouncing the lack of consequences, we can definitely expect a desperate surge of attacks from them in 2018 until an official government response happens.” For its part, Bossert’s op-ed called on the private sector to “increase its accountability in the cyber realm by taking actions that deny North Korea and other bad actors the ability to launch reckless and destructive cyberattacks.”


Of Note@Crypsis …

Preeti Misra has joined the Crypsis team as a consultant in our New York office. She is a digital forensics expert who comes to us from the global consulting firm Protiviti, where she worked with clients on data breaches, malware analysis, and internal investigations involving theft of intellectual property, fraud, and litigation support. Preeti previously served as an intern in the Kings County (Brooklyn, NY) District Attorney’s office, handling data acquisition and forensic analysis on devices involved in criminal cases.

All of us here at The Crypsis Group wish you the very best for the holidays.  If you were the lucky recipient of a new mobile device this year, our friends at Robinson+Cole have some good tips for staying secure.


What We’re Reading …

Referencing a U.S. Securities and Exchange Commission report that 60 percent of small businesses fail within six months of a data breach, the startup-oriented news site Tech.Co writes on the importance of employee training to the success of a business’ cyber security policy.  Read more.


Webinars

2017 was a great year for Crypsis Group webinars, which covered topics ranging from cyber security planning to the trade-craft used by threat actors and the hacking tools they are procuring via the notorious Xdedic online marketplace.  All of our webinars are available for streaming in the archive on our website.  Just go to the resources page and scroll down to the webinar section, and select the one you would like to view on-demand.


Best Practice of the Month …

Log Retention – Logs such as network logs, system logs, web logs, and application logs are crucial for investigations. Organizations often don’t realize their log retention is inadequate until they experience an incident that requires the availability of certain logs. For instance, we routinely observe organizations having no retention policy for firewall logs, which means the only firewall logs available are ones retained on the appliances themselves. Unfortunately, firewall logs often roll within a day, sometimes even hours, which means investigators do not have network visibility to that incident that occurred earlier in the week. We recommend retaining network logs, system logs, web logs, and application logs in a searchable medium that covers at least six months and in a recoverable medium that covers at least a year. Log aggregation tools such as Splunk are popular for maintaining log data in formats that are quickly searchable.


Crypsis on the Road …

The Crypsis Group will be a sponsor at ShmooCon 2018, to take place in Washington, DC January 19-21 at the Washington Hilton.  ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It, and Bring It On.