Recent Posts

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information.
The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild inMicrosoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information.
The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild inRead More

Ransomware Rise Pushes Organizations to Prepare for Attack

Ransomware attacks continue to grow in number and severity, data shows, but organizations are stepping up to prepare for the threat.Ransomware attacks continue to grow in number and severity, data shows, but organizations are stepping up to prepare for the threat.Read More

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline

The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what’s the latest action taken by governments to disrupt the lucrative ecosystem.
The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with theThe Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what’s the latest action taken by governments to disrupt the lucrative ecosystem.
The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with theRead More

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in “UAParser.js,” a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library.
<!–adsense–>
The supply-chain attack targeting the open-source library saw threeThe U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in “UAParser.js,” a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library.
<!–adsense–>
The supply-chain attack targeting the open-source library saw threeRead More

Zero Trust and the Federal Government: Feedback for Progress

On May 12, President Biden signed a cybersecurity Executive Order (EO) aimed at improving efforts to “identify, deter, protect against, detect, and respond to these actions and actors”.

The order aims to improve federal security practices and threat intelligence sharing amongst federal agencies and the private sector; enhance software supply chain security, and improve federal security incident response. The impact of this order will ultimately extend beyond federal agencies, impacting vendors who directly support the government, and then passing on those requirements and features to their customer base. Central to the order is the implementation of zero trust security measures in all Federal agencies.

Cisco is proud to be a member of the Joint Cybersecurity Defense Collaborative, and is committed to improving the security of our entire community. We believe that zero trust principles and technologies will have positive impacts on the federal cybersecurity posture. We have reviewed and provided feedback to the draft documents that have been produced by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA), including:

OMB: Zero Trust Strategy
CISA: Zero Trust Maturity Model
CISA: Cloud Security Technical Reference Architecture

Each document serves a different purpose, with a different audience. Taken together, they form the basis of a zero trust foundation that agencies can use to implement and accelerate their zero trust strategies. Cisco has made enhancement suggestions to the authoring agencies, and there are some common themes across the three documents:

Consistency: Although each document speaks to a different primary audience, they should work in concert, adding to a common understanding of how and why to implement zero trust. In their current form, there are inconsistencies between them, for example the maturity model has different pillars than the strategy document. Variations like this will only serve to confuse implementers and delay progress. The final documents should be rationalized against each other.

Metrics and Measures: Our experience both internally and with customers shows that the zero trust journey is never complete, but instead becomes a way of operating. Leadership will need ways to measure not only the implementation of zero trust technologies, but also how effective the zero trust strategies are in mitigating and responding to threats over the long run. Each document should provide guidance on what and how to measure agency zero trust efforts. Consideration should be given to align these metrics to Federal Information Security Modernization Act (FISMA) and other existing security guidance requirements.

Risk-Based Approach: Zero trust cannot be imposed on an agency immediately, so choices must be made as to where to begin, and in what order to apply architectural elements. Given the current threats facing federal agencies, we recommend CISA be more prescriptive, based on known threats, as to where to focus first. This should be reflected in all three resources, and particularly the Strategy and Maturity Model documents. For example:

Ransomware: Evaluating zero trust controls through the cyber kill chain, and requiring those controls be implemented first.Calling out MFA is a good first step, but items such as continuous monitoring of device health to detect malicious software, as well as securing email security architectures, would go a long way to minimizing the impact of ransomware first.
Misuse of Legitimate credentials: Malicious insiders or not, the misuse of legitimate credentials remains a high risk area for government agencies. Leveraging least principle philosophies along with zero trust architectures such as network segmentation and east-west traffic monitoring will support controlling for this kind of threat.

Use Cases: Readers of these documents will benefit from having real world examples on which to model their own strategies. The maturity model begins to introduce use cases, but more can be done there, and use cases should be added to the other documents as well. Guidance should also be provided for use cases of assets that cannot be integrated into a zero trust architecture. Using practical examples of zero trust implementation will assist agencies to better define the architectures they need and to prioritize their deployments.

Leadership: All three documents are targeted at IT and Security teams within federal agencies. For security programs to be successful, full engagement is required from agency leadership. Additionally, implementation of zero trust principles will result in changes to the way the entire agency works, and will change risk tolerance for all agency employees. This effort must be visibly supported by non-technical agency leadership. These documents, particularly the strategy document, should make this clear.

Cisco is encouraged by the progress being made by the Federal government to strengthen their cybersecurity posture. The draft documents listed above are a tremendous addition to the existing cybersecurity resources available to agencies and their supply chain partners. We look forward to continuing our partnership with CISA, OMB and other agencies, and appreciate the opportunity to provide recommendations to improve these resources.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

The Federal Government has published a number of guidance documents for Zero Trust. Cisco has provided comments to these drafts.Read More

Friday Squid Blogging: Squid Eating Maine Shrimp

Squid are eating Maine shrimp, causing a collapse of the ecosystem. This seems to be a result of climate change.

Maine’s shrimp fishery has been closed for nearly a decade since the stock’s collapse in 2013. Scientists are now saying a species of squid that came into the Gulf of Maine during a historic ocean heatwave the year before may have been a “major player” in the shrimp’s downturn.

In 2012, the Gulf of Maine experienced some of its warmest temperatures in decades. Within a couple of years, the cold-water-loving northern shrimp had rapidly declined and the fishery, a small but valued source of income for fishermen in the offseason, closed.

Anne Richards, a biologist at the Northeast Fisheries Science Center in Woods Hole, Massachusetts, and Margaret Hunter, a biologist with the Maine Department of Marine Resources, studied the collapse and found that it coincided with an influx of longfin squid, a major shrimp predator.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Squid are eating Maine shrimp, causing a collapse of the ecosystem. This seems to be a result of climate change.
Maine’s shrimp fishery has been closed for nearly a decade since the stock’s collapse in 2013. Scientists are now saying a species of squid that came into the Gulf of Maine during a historic ocean heatwave the year before may have been a “major player” in the shrimp’s downturn.
In 2012, the Gulf of Maine experienced some of its warmest temperatures in decades. Within a couple of years, the cold-water-loving northern shrimp had rapidly declined and the fishery, a small but valued source of income for fishermen in the offseason, closed…Read More

aDolus Raises $2.5M to Secure Critical Infrastructure and Grow Sales and Marketing Team

Software supply chain security experts to drive aggressive go-to-market strategySoftware supply chain security experts to drive aggressive go-to-market strategyRead More