Crime, ransomware and defence

“I rob banks because that is where the money is”, is a famous quote attributed to (in)famous bank robber Willie Sutton[1]. It is also known as Sutton’s Law. Suttons law still holds true for many things, including modern (cyber)crime. If you want to earn money from your crimes, focus on what people value most.

Ransomware is an example of just this. Criminals target what is most valuable to organisations and individuals, their data or memories.

Door |2024-02-17T06:32:39+00:00juli 25, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Crime, ransomware and defence

Cloud levels the playing field

I was at the AWS Benelux Summit in The Hague last week. I particularly enjoyed Werner Vogel’s keynote speech and want to use this column to highlight three aspects of his keynote that I felt stood out.

There is no reason anymore, not to encrypt your data.

Door |2024-02-17T12:25:00+00:00september 20, 2018|Artikel, Nederlands|Reacties uitgeschakeld voor Cloud levels the playing field

Crypto currency or ads.. Do we get to choose the lesser evil?

Since a few months now, we are confronted with a new phenomenon. Websites that are mining crypto currency using javascript and thus the processor of the person visiting the website.

As usual the vendors of security products quickly jump on this band wagon to sell their goods.

Since it is my job to keep our organisation informed of emerging security threats, I’ve also been trying to determine how much we should worry about this new trend.

To be honest. I’m not really sure…

Door |2024-02-17T12:29:15+00:00september 6, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Crypto currency or ads.. Do we get to choose the lesser evil?

Security and audit in a cloud-native world

A co-creation with my colleague Janot van Wegen, Risk Officer.

Before the cloud era, you had your own IT organization as a reliable gatekeeper to make your company a cyber fortress. With a strong gateway, your data and applications were kept in house and in good hands. Nowadays a Fort Knox stance on cyber security is unrealistic. Applications that are designed to make the best use of the functionality of all aspects of the cloud are distributed and therefore cannot be captured in the traditional Fort Knox paradigm. With the rise of cloud-native computing, expertise in security and compliance is a must for everyone in the chain

Door |2024-02-17T12:41:36+00:00mei 10, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Security and audit in a cloud-native world

Yesterday’s non-issue, todays record breaker…

How open memcached quickly escalated to a record breaking DDoS vehicle.

In my previous column I already described the amplification phenomenon that is used in modern DDoS attacks to turn a small traffic stream into a large one. In short, the criminals that launch DDoS attacks send small requests to publicly exposed services and spoof the originating IP address. These services then reply to the spoofed source address with a reply that is much larger then the original request, therefor amplifying the attack traffic.

Door |2024-02-17T12:51:50+00:00maart 22, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Yesterday’s non-issue, todays record breaker…

The cost of business vs the cost of crime…

If you live in The Netherlands you probably noticed that a series of DDoS attacks caused quite some uproar in our little corner of the world. One of the questions I get asked regularly is why we still cannot deal with these types of attacks.

We are at un unfair disadvantage, or more accurately phrased, the criminals have an unfair advantage. The cost, in terms of money, time, lost functionality, etc., of preventing a crime or attack are often higher than those the criminal or attacker needs to make to actually commit his deed.

Door |2024-02-17T12:55:40+00:00februari 15, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor The cost of business vs the cost of crime…

My take on Meltdown and Spectre

It’s not just nasty names…

Introduction

For the past few days there has been a lot of speculation on why certain Linux kernel patches were rushed through.

Somewhere last night, researchers from various origins lifted the shroud and released the so called ‘Meltdown’ and ‘Spectre’ attacks via https://meltdownattack.com.

In this blog post I will try to give you my take on these two attacks and what they mean to defenders and users of CPUs (yes, that’s you).

Door |2024-02-17T13:13:30+00:00januari 11, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor My take on Meltdown and Spectre

A tale of a compliance kettle…

This is a story that took place during SHA2017, an international hacker camp in Zeewolde. If you want to get an impression of how awesome this event was, I suggest you read Chris van ‘t Hof’s article (in Dutch) or Jenny List’s personal review (in English).
 
Even though SHA2017 is a hacker camp, and thus has an anarchistic tendency to it, it doesn’t mean that there are no rules. These rules are generally speaking there because either the camp itself has to comply to external rules (like local laws and regulations with regards to noise and safety) or to keep things safe in general. One of these rules related to ‘open fire’ was worded on the SHA2017 wiki.

Door |2024-09-30T07:49:57+00:00oktober 12, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor A tale of a compliance kettle…

Important: By reading this article you accept the conclusions ☁ + sourcing – cl / d = t

Lately I have been looking a lot into the risks and security aspects of cloud service. And to be honest, from a security perspective, cloud is not that new. Most of the risks associated with cloud services are actually exactly the same as those related to outsourcing, a subject I’m obviously quite familiar with. In that respect, the Free Software Foundation Europe is quite right.

Yet, saying that Cloud is just the same as outsourcing would not do justice to what is currently going on. There are really a few differences that set aside modern day cloud computing from classic outsourcing.

Door |2024-08-26T15:09:37+00:00augustus 17, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Important: By reading this article you accept the conclusions ☁ + sourcing – cl / d = t

Victim blaming?

Do companies that were affected by WannaCry only have to blame themselves, or is that “victim blaming”? Let’s do some soul searching.
 
Was WannaCry special? Yes, because it was based on tools allegedly stolen from the NSA and it caused significant trouble in the real world. Yes, because it got a lot of media attention. On the other hand, no, WannaCry was, for us at Schuberg Philis and many others, pretty much a non-event. It was a worm that spread via port 445 (the SMB protocol) and it used a vulnerability that was patched by Microsoft two months prior to the attack. Strict network filtering, along with rigorous patching has saved us a lot of grief. And, if we had been hit, we are confident that we would have had a sound backup strategy to prevent serious damage/data loss.

Door |2024-09-30T08:33:32+00:00juli 20, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Victim blaming?
Ga naar de bovenkant