The Changing Face of Malware
and a Modest Proposal: Create Your Own Primer for the Study
of Cyber Security
source:
https://cdn.vanderbilt.edu/vu-wp0/wp-content/uploads/sites/59/2019/03/27124326/Blooms-Taxonomy-650x366.jpg
If you own a small business, all statistical analyses say you are very
likely to be a victim of a cyberattack. In 2021,
"61% of SMBs were the target of a Cyberattack." Another
study showed that
"60 Percent Of Small Companies Close Within 6 Months Of Being
Hacked." These statistics are just some of the
accumulated knowledge that prove that small to medium sized businesses are increasingly
the target of cyberattacks.
One major change in cyber security is
that SMBs might be a target of some nation-state actor, but SMBs are
actually more likely to be victimized by a "Rookie
Hacker." Today's hackers only need to order up a
slice of
Ransomware-as-a-Service (RaaS). To be a hacker today
does not really require that much technical knowledge or skill at all.
Want to initiate an email phishing campaign against that pizza joint
that forgot the anchovies? According to
Microsoft, Cybercrime as a Service (CaaS) now leads
to ever more dirty deeds done dirt cheap. The hyperlink opens up a
114 page pdf file, Microsoft Digital Defense Report
2022, Illuminating the threat landscape and empowering a digital
defense. A deep dive, indeed.
One CaaS seller offers phishing kits with increased layers of
complexity and anonymization features designed to circumvent detection
and prevention systems for as little as $6 USD per day
A 17 page Executive Summary can be had here.
And just the gist can be had here.
So, the point here is that any Small Business Person, or actually any
unlucky user, who does not professionally manage their own computers
and/or small networks, has a 60% chance of facing the following
scenario. You come to your SMB location; fire up your box; hit
Outlook to start the day's work, and the slide down the Rabbit Hole
begins.
Since a non-working computer pretty much shuts down a
business today, you decide to call in a Technical Specialist, or
whatever title a Geek might want to lay on themself. In walks some
creature who looks; acts; and talks like he or she just might come from
another world. Then the Space Alien looks at you with a serious
demeanor and says, "It's the Follina Exploit."
Now I get it; I really do. You are Jane or Joe Small
Business Person. You get up in the morning. Get the kids
dressed; fed; and off to school. You open your shop. Take
care of business and your customers as best you define those. At
the end of the day, you collect the Tribe; get everyone feed; and ready
for bed. Then maybe you have a couple of hours of downtime staring
at some mindless entertainment on the flat screen hanging on the wall.
And all you can think of when you hear "Follina Exploit"
is: "Wasn't that an episode of that
show about the grifters,
Leverage."
And, you
maybe right, I dunno. But the
Follina Exploit is a very dangerous vulnerability
that impacts the
Microsoft Click to Run application that makes
Microsoft 356, formerly called Office 365, work.
Follina has been found to be the entry point for many different types of
cyberattacks, from destroying your Office app, all the way to
Domain Hijacking. As you will learn if you do
take up this mantle, just because a vendor patched any one
vulnerability, which MS did do over the summer of 2022, Follina and so
many other software vulnerabilities keep coming back like every monster
in every monster movie since Dracula. I am convinced that a client
experienced an instance of Follina in December 2022, months after MS
patched.
Since you won't know any of this when the Space Alien
pitches a cure, how will you know if the pitched cure will fix the problem?
There is more snake oil sold under the guise of antimalware than in any
other aspect of computing. So Ms. or Mr. SMB, I suggest you
educate yourself.
One place to gain an entry level understanding
of the magnitude of the problem is the
Department of Justice and the
F.B.I. websites. One good thing about all
material produced by Uncle Sam is that that material is already in
the public domain and free to use. Click here to
download a 24 page "Fact sheet"
with easy to understand text and graphics concerning
issues of cyber security
Much as the historian must sometimes learn a vocabulary long
since out of use, a study of
cyber security must also begin with learning a new vocabulary. For
"learning these languages,"... allows a learner to.. "recognize when it
appears on the page"... "and can follow, and sometimes predict,
where it will lead.” See
Bloom's
Taxonomy above.
There exists several websites
that can serve as an always available dictionary of cyber security
terms.
A good place to start might be, "Top
35+ Cybersecurity Terms You Need to Know." The list
of terms listed is far from complete, but is, nonetheless, a good
starting off point. Just offers the most common used terms.
Coming from the same perspective, but more complete, is "Top
Cybersecurity Terms" over at Allot.com. Did your
Alien mention something about some fool in the middle? Well, here
you get a pretty clear definition of what is a MITM attack.
Man-in-the Middle Attack A man-in-the-middle attack (MITM) is
an attack where the attacker secretly relays and possibly alters the
communications between two parties who believe they are directly
communicating with each other. For example, a victim believes he’s
connected to his bank’s website and the flow of traffic to and from the
real bank site remains unchanged, so the victim sees nothing suspicious.
However, the traffic is redirected through the attacker’s site, allowing
the attacker to gather any personal data entered by the victim (login,
password, PIN, etc.).
Once you become familiar with basic terminology, and you wish to advance
and gain a better understanding of cyber terms, then these two sites
below are
recommended. At one time it seemed that The SANS Institute
was the only authoritative site on the web concerning issues of cyber
security. The SANS Institute website offers an in-depth
Glossary of Security Terms. Along the same
vein as herein, SANS invites anyone to "Become your company’s
cyber security thesaurus."
Over at Uncle Sam's NIST
site, is its
Glossary of Cyber Terms. What sets this
Glossary apart is that Uncle Sam is one of the most authoritative
sources of information about cyber security. As NIST says:
"This Glossary only consists of terms and definitions extracted verbatim
from NIST's cybersecurity- and privacy-related publication."
So, buckle up, Buttercup.
I also suggest you make a shortcut to what I call
The Oracle for the 21st century,
Wikipedia. No better destination on the web
for a quick run down on just about anything.
After you learn some
lingo, you will be better prepared to evaluate and understand the day's
cyber news. That is the goal. So you can use the daily cyber
news sites to stay on top of the trends that might well affect you.
See Bloom's Taxonomy
above.
The first site I recommend for staying on top of the daily
happenings in the world of cyber security is
The Hacker News. A simple scrolling Contents
page will help you navigate to what you think you might want to learn about in depth.
Concentrating more on events than mitigation techniques, The Hacker News
is often first to announce crashing cyber news. All articles contain links
to its sources.
Taking a deeper and more technical dive into
what will often be the same issues as The Hacker News, is
BleepingComputer. BleepingComputer offers
deeper looks at proposed mitigations of cyber attacks, for instance. It's not that BleepingComputer is too opaque to be easily understood. BleepingComputer
is,
nonetheless, a bit more technical and a bit more heavy a lift.
To get a more cultured take on
the cyber security news, is
Ars Technica, from Across the Pond. Besides
the usual depressing news of cyber attacks, Ars Technica also looks at
issues beyond security, and offers more articles about Cyber Culture than the rest reviewed herein.
Some time from now, when you are the smartest
cybergal or guy around, and you feel up to it, just get a taste of the REAL WAR
over
at
MalwareMustDie.
Of course, this short
list and review of sites from where to begin your own education in cyber
security barely scratches the surface of the subject. After you
become lucid, cogent, and comfortable with the language of cyber
security you can branch out and perform your own searches. Your
newly acquired knowledge will help you better discern what is worth your
time to read and digest, and what are just wasted cycles. You
might want to lookup what "wasted cycles" means. It will be a worthwhile
exercise in narrowing and refining your search techniques. See
Bloom's Taxonomy above.
Good Luck.
Up in
the mornin' and out to school
The teacher is
teachin' the golden rule
American history
and practical math
You studyin' hard
and hopin' to pass
Workin' your
fingers right down to the bone
And the guy behind
you won't leave you alone
—
School Days, Chuck Berry
pure poetry
¯\_(ツ)_/¯
|