Crypsis … periodically | November 2017

NSA Hack

There has been a lot of attention focused on the data breach at the U.S. National Security Agency, reportedly by a group known as the Shadow Brokers. The New York Times reported that the NSA had been deeply infiltrated by the group, with the damage already exceeding that done by Edward Snowden in 2013. Reportedly, some evidence points to an inside job, perhaps someone simply walking out of the NSA offices with a thumb drive. This theory, reportedly, is supported by the belief that there was no way that outside hackers could have penetrated one of the most secure of government agencies. But, according to the Times story, other experts think that skilled, persistent hackers could have done it – because, they say, “we’ve done it to other countries.” It appears that stopping the intrusions and identifying the source of the breach have yet to be accomplished, and outside observers have surmised that the damage to the NSA will be severe. But, as noted in this Bloomberg editorial, the FBI and the CIA have been able to recover from their own catastrophes – and that a key part of the solution is changing the agency’s organizational culture to make cyber defense every bit as important as cyber offense. This is a good lesson for any organization. We advise our clients that in order to fully mitigate the risk of an attack, the process of hardening your network’s defenses needs to include efforts to fully ingrain cyber security deeply into the culture of the organization, involving all of an organization’s own employees and partners.


OfNote@Crypsis …

Crypsis Opens West Coast Office – In response to the increasing demand for our cyber security services, The Crypsis Group has opened a new office in Los Angeles and has expanded our operations in Chicago. The opening of the Los Angeles office brings to four the number of locations where Crypsis has operations to serve our rapidly growing roster of clients. In addition to the L.A. and Chicago offices and our Washington, DC area headquarters, we also have an office in New York City. Read more about it.

We’ve done an overhaul of The Crypsis Group’s website Now it’s easier than ever to learn about how our growing team of cyber security experts helps enterprises and organizations strengthen their defenses against today’s threats – and stay ahead of new threats as they emerge.  Check it out!   

The Crypsis team of experts continues to grow.  Jeffrey Chan has been hired as a senior consultant working out of Austin, Texas. He comes to us from the security company Rapid7, where he was a senior incident response consultant. With a Master’s degree in security informatics from Johns Hopkins, Jeff has also worked as a consultant for Mandiant and Enterprise Risk Management (ERM), and as a cyber security intern at Honeywell Aerospace. He is fluent in Spanish and can also speak Mandarin Chinese.  Jessica Ho joins Crypsis in our New York City location after eight years as a senior computer forensic analyst in the Manhattan District Attorney’s Office. She has extensive experience investigating computer crimes, having testified as an expert witness in more than 60 cases as well as assisting other witnesses in their testimony and in the execution of search warrants. Jessica holds more than a half dozen IT certifications including ACE, CCME, GCFA, and GCFE.  And joining us as a consultant at our McLean, VA headquarters is Izegbua Oikeh, who has more than four years of experience in incident response and forensic investigations. She most recently worked in cyber crime and breach response for PricewaterhouseCoopers, where she was hired after receiving her Master’s degree in computer forensics and counter-terrorism from George Mason University.


What We’re Reading …

A lot of buzz recently about why the U.S. government has it in for Kaspersky Lab software.  As first reported in the Wall Street Journal and also detailed here in the Washington Post, intelligence sources are saying that a theft at the National Security Agency in 2015 has been tied to Kaspersky software and enabled the Russian government to more easily detect and evade U.S. government cyberespionage operations, thwart defensive measures and track U.S. activities.  The theft was enabled by an NSA employee putting classified documents on his personal laptop – which was running Kaspersky antivirus – so he could work on them at home.  Kaspersky, for its part, has responded that the NSA worker’s home computer was hacked by others and when they (Kaspersky) realized what had happened they deleted the sensitive files.

A report that came out of the DEFCON 25 hackathon, held in Las Vegas in July, has further raised alarms about the vulnerability of the U.S. voting system.  As summarized in this Newsweek story, the event featured a Voting Machine Hacking Village in which participants sought to highlight cyber vulnerabilities in U.S. election infrastructure – including voting machines, voter registration databases, and election office networks.  According to the report, the DEFCON hackers found machines with weaknesses such as “an unchangeable, universal default password—found with a simple Google search—of “admin” and “abcde.”  The Atlantic Council, an international affairs think tank, noted that “by the end of the conference, every piece of equipment in the Voting Village was effectively breached in some manner. Participants with little prior knowledge and only limited tools and resources were quite capable of undermining the confidentiality, integrity, and availability​ ​of​ ​these​ ​systems.”


Webinars

Our most recent webinar, the Cyber Check-Up with Nathan Kottkamp of the law firm McGuireWoods and Alec Randazzo of The Crypsis Group, is now available for viewing on-demand.  The program covers cyber security breaches in the healthcare industry, in which millions of patient records were exposed and potentially compromised in incidents so far this year.  Nathan and Alex discuss the specific cyber security challenges and concerns that healthcare organizations should be aware of.   You can register and view the webinar here.

Go to the webinars page to browse our other archived webinars that are available for on-demand viewing.

 


Best Practice of the Month …

Maintain Incident Response Playbooks – Organizations should maintain a repertoire of playbooks that detail how to respond to a variety of incidents. Playbooks enable rapid response to incidents because they have already fleshed out escalation processes, points of contact (both internal and external vendors), and actions that must be taken. If your organization is unsure what to include in a playbook, consider performing a tabletop exercise related to the scenario. Walking through an incident in a tabletop exercise from start to finish allows you to identify pain points and responsibilities in an incident, and you can develop your playbook based on the results. Some example incidents organizations should consider developing playbooks for are:

  • Single host ransomware infection
  • Whole network ransomware infection
  • Unauthorized access to sensitive data such as Personally Identifiable Information (“PII”), Protected Health Information (“PHI”), cardholder data, and email compromise.

Crypsis On the Road

On December 4, Crypsis Vice President Sam Rubin will moderate a panel on The Year in Data Breach and Privacy Litigation at the ALM cyberSecure 2017 conference. The panel will cover how to effectively partner with outside counsel during litigation and the key factors to consider during breach reporting, disclosure notifications, insurance claim submission, and restoration of services. View the full conference agenda here.