Dark Ivy Consulting

We can improve upon the default security of our cloud assets. Remote Desktop Protocol should be secured, and I examine some options.
https://youtu.be/099m9dco4XU

Securing Remote Desktop Protocol connections to AWS Cloud We can improve upon the default security of our cloud assets. Remote Desktop Protocol should be secured, and I examine some options.

You've heard that older operating systems are insecure. Check out my video on attacking windows 7 see why:

https://youtu.be/xcTObep_k60

Basic Hacking - Attacking Windows 7 & EternalBlue See how a vulnerability scan can lead to exploitation using Nessus Professional and Metasploit.

Private and public sector are suffering from a lack of qualified cybersecurity talent. We're outnumbered and we lack diversity.

If you're considering moving into this industry and would like guidance, training, or a mentor, I would be happy to help you begin this journey of continuous learning.

Excited to share my new website for Dark Ivy Consulting:

http://www.darkivy.io

If you put data into the cloud, who's responsibility is it to secure it?

It's your responsibility. The cloud providers protect the cloud as if it is a single entity. Their terms of service protect them, not you.

Take control of your own encryption with an open source tool, by watching my instructional video.

www.youtube.com

A memo was released by President Biden today on securing Operational Technology by creating a baseline for cybersecurity standards.
In the memo, the President states, "the Secretary of Homeland Security shall issue sector-specific critical infrastructure cybersecurity performance goals within 1 year of the date of this memorandum. These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services."

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/

National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems | The White House Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure.  The cybersecurity threats posed to the systems that control and operate the critical infra...

Yesterday, Industry-Leader Robert M Lee of Dragos provided testimony to the Subcommittee on Oversight and Investigations of the Committee on Energy and Commerce of the House of Representatives, with regards to countering ransomware in critical infrastructure. In the testimony, Mr. Lee identifies five key ways that private and public sector can work together to muster a defense against state actors.

Mr. Lee also points to a consistent lack of visibility into the OT environment that creates a false sense of security, and inhibits the detection of intrusions.

There are technological controls available to us to bolster the security of the built environment. If you are responsible for the operation of a facility and have questions, please reach out.

Mr. Lee's entire testimony can be read here:
https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Lee_OI_2021.07.20.pdf

I was asked to share my thoughts with OfficeSpace on how facility managers can take control of their BAS security. Check out what they wrote!

https://www.officespacesoftware.com/blog/security-in-building-automation-systems/

Cyber security in building automation systems: how FMs can secure their BAS - OfficeSpace Software David Brunsdon explains the risks of an insecure BAS and how facility managers can maintain security in their building automation systems.

The infosec community has had a bad Independence Day weekend. A mass-ransomware event began on Friday around 1pm EST, initiated by the Ransomware as a Service (RaaS) threat actor, REvil. The ransomware deployment was embedded into network management software made by an American company called Kaseya.
Kaseya’s software is used by Managed Service Providers (MSP), who work like outsourced IT departments, to handle the patching of workstations and servers. Its a supply chain attack, because the actual victims were the hundreds of companies that were the clients of these MSP.
The attack was extremely sophisticated and utilized a zero-day vulnerability in Kaseya’s software that there is currently no fix for. The network management systems, which are allowed complete access to their user’s networks, were altered to deploy ransomware software, rather than security patches.
Victims are directed to an online store where they can purchase decryption software for $45,000 per endpoint. REvil has come forth and said that they have encrypted over 1 million endpoints, and they will post a mass decryption tool that can restore everyone if they are paid $70 million dollars.
This attack is ongoing, and many businesses are inoperable. It’s essential that we rethink how we secure our systems, and begin to assume our defenses have already been breached.
If you need assistance developing your ransomware plan, or are concerned about your online exposure, please reach out.

Ransomware has progressed beyond the simple formula, and attackers will now monetize your data in numerous ways.

bleepingcomputer.com describes how data exfiltrated can now end up for sale on an online marketplace, and even brokered to your competition.

https://www.bleepingcomputer.com/news/security/data-leak-marketplace-pressures-victims-by-emailing-competitors/

Data leak marketplace pressures victims by emailing competitors The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data.

Establishing a good cyber hygiene routine will reduce your risk of an incident. This includes applying security updates regularly, using unique passwords, and the proper handling of data at rest, and in transit.
Conversely, when an attacker identifies a target as having poor cyber hygiene, they will recognize the possibility of exploitation.

The Government of Canada offers a variety of cyber hygiene resources through their public awareness campaign, Get Cyber Safe.

One of the certifications I obtained focused on the tactics, techniques, and procedures of an attacker, for the purpose of defending systems. It is essential to identify the attack surface of an organization, using a variety of testing methods and tools, just as an attacker would.

We are currently living in a ransomware epidemic, and organizations of all sizes are being targeted.
Many small businesses do not yet have a plan.
What strategies can help mitigate the chances, and magnitude, of a ransomware attack?