Happy Friday wonderful people. It’s been a busy week in infosec with a flurry of activity, so let’s jump right in.
The 100 Billion Dollar Infosec Question
If someone gave you 100 billion dollars to improve information security, how would you spend it?
No, seriously, please. Give it some thought.
This question spurred Dan Klinedist to pen his thoughts in a thought-provoking post that will probably leave you with more questions than answers.
- The 100 Billion Dollar Infosec Question | Dan Klinedinst, Medium
- IT Security Spending to reach $96 billion in 2018 | Dark Reading
Putting the bug in bounty
I’m a big fan of bug bounties, I think that they have a lot of benefits. But, as with any emerging service, there will be issues. One of them is differentiating between Bug Bounty and Security Consulting or Testing. And that can cause some problems, which are very well articulated by John Carroll.
- BugBounty != Security Consulting | CTU Security
- Inside Uber’s $100,000 Payment to a Hacker, and the Fallout | NY Times
Mirai Okiru botnet targets ARC-based IoT devices
For those of you who don't know, ARC (Argonaut RISC Core) processors are the second most widely used processors in the world and can be found in all manner of unassuming connected devices, from car tech to storage, home and mobile devices.
The new Mirai botnet, known as Mirai Okiru, is going after them with the aim knock them offline with distributed denial of service (DDoS) attacks.
- Mirai Okiru botnet targets for first time ever in the history ARC-based IoT devices | Security Affairs
- Mirai Okiru is a botnet that's going after ARC-based IoT gadgets | The Inquirer
- Mirai Okiru: New DDoS botnet targets ARC-based IoT devices | CSO
Mental Models & Security: Thinking Like a Hacker
Is it weird that I’m including one of my own articles from this week? Is that the equivalent of someone liking their own facebook posts?
I’ve been reading up on mental models lately a lot and thought a lot could be applied to security, or as is often said, to think like a hacker. I listed seven of my favourite models in this Dark Reading contributed article.
- Mental Models & Security: Thinking Like a Hacker | Dark Reading
LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials
Canadian authorities have arrested and charged an Ontario man for operating a website that collected 'stolen' personal identity records and credentials from some three billion online accounts and sold them for profit.
According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com—a major repository that compiled public data breaches and sold access to the data, including plaintext passwords.
- LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials | The Hacker News
- Canadian Police Charge Operator of Hacked Password Service Leakedsource.com | Krebs on Security
What exploits are prevalent in the wild?
I contributed to my colleague Chris Doman’s blog which is the first of a three part series where we took a look at telemetry gathered from our customers, and from other security vendor reports.
In this first part, we looked at which exploits attackers are using the most in the wild.
- OTX Trends Part 1- Exploits | AlienVault
“A small, rarely used special character is potentially helping criminals trick people into falling prey to all sorts of online scams, and businesses -- including some of the world's leading media companies and financial institutions -- appear to be woefully unprepared.”
Some good observations and recommendations by Joseph Steinberg on the use of Latin characters to create hard-to-spot phishing sites.
Ex-employee destroys and corrupts data
Edward Soybel, a former contractor for W.W. Grainger, Inc. maintained the computer servers for Grainger’s network of industrial vending machines from November 2014 through February 2016, when his services were terminated. Upon termination, Soybel, lost his trusted insider status — and his access to those Grainger servers.
That didn't stop him from getting back in, though.
Soybel successfully hacked into the Grainger servers in July 2016 and gained unfettered access to the Grainger inventory management program that supports some 18,000 customers throughout the U.S. and intentionally damaged the data within.
- US District Court document (PDF) | Justice.gov
- Contractor hacks former employer, destroys and corrupts data | CSO
- Chicago man charged with hacking company’s servers after termination | Chicago Sun Times
The impromptu Slack war room where ‘Net companies unite to fight Spectre-Meltdown
When Spectre and Meltdown hit, it was a surprise for anyone that wasn’t a Tier1 company.
It was a full-on panic for most companies, so, to overcome the chaos, these companies did something kind of novel: they decided to work side by side. A group of second-tier service providers banded together to formally share information about patches from various vendors, metrics on their impact, and best practices for rolling them out.
For many companies, security is a non (or mildly) competitive area. Incidents like this showcase the importance of collaboration and sharing to help one and other get better.