Cyber Events vs Incident vs Attack

Cyber Events

Yesterday I was asked about “attack volumes” I see in the PwnDefend HoneyNet and it reminded me about what people think an “ATTACK” is and therefore spring my brain into thinking about how we as an industry communicate. Far too often I see “number of ATTACKS” being used my marketing/sales etc. where the numbers are simply ridiculous and not reflective of how offensive cyber operations actually work.

Let’s look at some examples:

“Gov. Greg Abbott warns Texas agencies seeing 10,000 attempted cyber attacks per minute from Iran”
Gov. Greg Abbott – article in the Texas Tribune by CASSANDRA POLLOCK

Leadership

Tabletop: “you have 400 servers; 800 users and your…

CISO Tabletop Scenario Intro

I thought it would be fun to explore what people do with regards to Cyber Securityleadeship, budgets, contraints and realities of business change. So here’s a blog post to supliment my thread on twitter:

MrR3b00t | #StandWithUkraine #DefendAsOne on Twitter: “Tabletop: you have 400 servers, 800 users and your cyber security budget is 100K…. what do you do? https://t.co/Nw0Pd7rH8L” / Twitter

please note: the list below is based on experiance, it’s also a list I made whilst drinking about half a cup of tea so it’s not complete or “the answer” it’s just some observations about an approach I advocate.

Leadership

Why do “we” suck so badly at digital security…

Everything is fine until it’s not

I’ve been travelling to different organisations and visiting different networks for a while and whilst each organisation is unique (they really are) their operating models, technology challenges and weak security postures generally aren’t as unique as the organisational itself.

One thing that does spring to mind however is that there is a massively common pattern we find with organisations.

Those that invest well have better postures, better technology experiences and an improved security posture.
Those that don’t historically invest well, well they have quite the opposite:
- They don’t train staff
- They have very weak postures
- They carry an extraordinary volume of business risk

One thing that is common though, is that all of this tends to link to financial investments, so executives and boards usually have some idea if they are spending or not in this space, what they commonly don’t have a good view on is they getting what they “thought they were buying”. Sadly, too often what they assumed was “in the box” with the “IT provision” with regards to quality and cyber security just simply isn’t the case. Everything is fine, until you look… then it’s less than fine! So, what can we do about it?

Defense

CVE-2022-26809 – Critical Windows RPC Vulnerability

Vulnerability Information

Rating	Critical
CVE	cve-2022-26809
MITRE	CVE – CVE-2022-26809 (mitre.org)
CVSS	CVSS:3.1 9.8
Impact	Remote Code Execution (RCE)
Exploit in the wild	Currently not observed
Difficulty to Exploit (if PoC available)	Very Low
Network Position	TCP/IP Routable or Network Adjacent
Authentication Required to Exploit	No
Affected	Windows Client/Server OS
Typical Service Ports	TCP 135,139,445
Vendor Patch Available	Yes
Exploitable in Default OOB (out of the box) configuration	Unknown
Exploitable Client/Server	Believed to be client and server side exploitable

Leadership

Cyber Realities: Impacts of Cyber to Business

Introduction

This post stated out as a technical post about commonalities found in the field that vary based on business operating model, IT capability and vectors used by threat actors. Whilst writing this it led more into business leadership, governance and investment risks. How do these two subjects’ interface? Well to be honest they are the same thing from a different lens.

In this post we are going to look at:

Common Technology Deployment Models and the associated threats/risks/vulnerabilities
Common challenges I find in organisations
And finally, a question… is this the business outcome that you want