The Korean DoS Attacks, Securing the Sofware Supply Chain and More

I will take potpourri for $200 Alex…

• Triumfant CEO John Prisco is quoted in the July 10 post of Byron Acohido’s The Last Watchdog blog regarding the Korean DoS attacks. These attacks have taken an interesting turn as the botnets created by attackers are now literally turning on the infected machines, deleting files and ultimately corrupting the system until it will not boot.  I have read a lot about this attack from many respected members of the IT security community.  Some have assessed the attacks as unsophisticated and poorly executed while others like Acohido and Brian Krebs of Security Fix (which was targeted in the actual attack) are speculating on if is a practice run – a war game – for more targeted attacks down the road.  Either way, it is one of the most interesting story lines since we were all gripped with Conficker fever in the early spring.  I suspect there will be more intrique to come.  If it was a war game, it will be interesting to see how the good guys grade themselves. 
• I posted a blog entry in June about Securing the Software Supply Chain and how Triumfant can help manage that important part of any organization’s security strategy.  The white paper on the subject is now available on the Triumfant web site for your reading pleasure.  Since many defensive products do their monitoring as malicious software is inbound to the machine, attacks imbedded in what appears to be legitimate software may evade protection.  Because Triumfant looks for changes on endpoint machines, it will detect the event where the imbedded malware “wakes up” and begins its malicious activity.
• I recently was away at the beach for a week with my family.  I mention that because I did not tweet or blog about the fact that I was gone as there have been reports that people have been robbed after letting the world know through social media outlets that they would be away from their home for extended periods. Which brings me to two points.  First, never underestimate the speed in which the bad guys will find and exploit new paths – in this case social media – to do their criminal work.  Second, security, whether it is IT security or physical security, requires an element of good old prudent thinking to succeed no matter how much technology is deployed.  Human factor eengineering (or stopping stupid as I call it) has been and will always be the biggest failure point in security.
• Isn’t it time for someone in the Obama Administration to tell us why we do not have a cyber czar yet? I mean really.  I agree with our CEO John Prisco completely and join him in wondering why they would first make the announcement without a person in the spot much less go six weeks after the announcement without a nomination.  The claims of IT Security being a priority are starting to sound very hollow.

Securing the Software Supply Chain

I just finished the draft of a white paper on the software supply chain and how Triumfant addresses some of the problems presented in that chain.  The white paper explores how to protect organizations from the subversion of third party software to create security problems in the form of exploits to be used later for malicious activity, or actual malicious code baked into the software.  The growing global economy, the demand for new applications, and the pressure to get those new applications to market quickly are all factors that are driving the problem.  The research brought into clear view that we are in an interesting conundrum because as security threats become increasingly complex and persistent, we are going the exact opposite way in our development processes and methodologies. 

Think about the gold rush to build iPhone applications – just how much time do you think was spent on securing those applications?  The software being developed today is neither designed nor built to be secure.  Today’s developers have had very little exposure to secure development methodologies, and therefore do not integrate sound security practices into their coding and engineering.  Rapid development, iterative design, and the growing use of mash-ups all point to the fact that there can be presumption that security is baked in.  Combine this lack of security rigor with the overt threats of baking exploits or malware into an application and we have a serious security problem.

So back to the conundrum – as the cyber criminals have become more organized and find new and innovative ways to attack our systems, we are countering by rolling out software across our computer populations that is increasingly less prepared from a security perspective.  After all, how much easier is it for a cyber criminal to subvert application software that is willingly distributed by the targeted organization rather than go through all the problems of infiltrating machines one at a time?

Up to the point where I started this paper, I was focused on the more direct acts of infiltration and had not fully considered the implication of the software supply chain.  I actually was pointed that way by someone steeped in IT security who, after getting the three minute malware challenge demo at RSA, noted that Triumfant was uniquely capable of addressing much of the software supply chain issues because of its change detection capabilities.  After my research I have a better appreciation of the problem and now understand that the software supply chain must be considered in any defense in depth strategy.  And not just the normal processes of testing applications before they are deployed, but the vigilance of testing applications post-deployment.  There was actually a great article in PC World about how DISA continues rigorous testing post-deployment. I would also note that the subject of the software supply chain was noted in the White House Cybersecurity Policy Review.

I will address how Triumfant addresses this problem in a future post and provide the link to the white paper as soon as it is ready for prime time.