Comments input

During the course of compliance assessments, auditors inevitably record a certain number of violations.

The main mistakes that can be made at this stage are:

– Treating a violation/issue as one of the fields to be filled in with text during the audit.

– Treating issue input as the ultimate goal of the audit.

Why should all detected issues be treated as a separate entity within the audit framework? First of all, for proper monitoring, the comment must have at least the following attributes:

– Status

– Creation date

– Elimination date

– Author

– Responsible staff

– Completion date.

This is already more than something that will comfortably be stored within one, two, or three fields. However, the list of required attributes does not end there. With respect to the comment, it is also important to record:

– For which asset was it initiated?

– In the context of which audit?

– What requirement was violated?

– What evidence was attached ref the violation?

With an elaborate audit process, the list of attributes can be much longer. The organization may introduce a classification of comments as well as a record of recurring comments.

The Defensys company updated its platform for digital imitation of IT infrastructure components Defensys Threat Deception Platform (TDP). The vendor added SCADA and Linux FullOS traps to the list of existing ones and also expanded the list of current lures templates.

There was a high increasing of the total number of cyberattacks focused on critical infrastructures in 2022. And consequences of such attacks can be very serious: leaks of confidential information, financial and reputational losses. Considering this statistics, the Defensys company developed the SCADA trap and added it to the latest TDP version. It helps to detect threats in infrastructures of industrial companies. Now users can create fake PLCs (programmable logic controllers) – crucial automation elements in the technological processes management. This way Defensys TDP now detects attacks focused on very specific assets that belong to IT and OT segments.

One more trap added by the vendor is Linux FullOS. It helps to create an emulated full operating virtual machine working under Linux based operating systems in the chosen network. Thus trap type can be the base for creating a lot of fake network elements tuned for customers’ specific needs. Furthermore, users now get lures in the form of saved browser credentials in MS IE and MS Edge Legacy.

Cybersecurity news

• A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks.
• Cybercriminals are abusing Adobe Acrobat Sign, an online document signing service, to distribute info-stealing malware to unsuspecting users. The service is being abused to send malicious emails that originate from the software company to bypass security protections and trick recipients into trusting the received email.
• Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER can leak data from air-gapped computers to a nearby smartphone at a rate of 20bits/sec.
• The European Central Bank will conduct cyber stress for top banks across the region to determine their resilience against cyberattacks.

Compliance

Audit management is the most classic application of SGRC systems. It answers the question:

What is going on with information security now?

Conducting compliance audits is both an obligation and a right of organizations.

It is not for nothing that the presence of functions, implemented by systems of this class, is present in almost every standard/framework, which regulates the construction of cybersecurity systems.

Compliance as an obligation

On the one hand, organizations are always subject to a number of normative legal documents and regulations. They are the driving factor for the birth of an organization’s audit management process. The problem that comes to mind first is the need to generate reporting documents on the results of audits. However, it is only the tip of the iceberg.

The audit process includes four basic steps, which generally correspond to Deming’s PDCA (Plan – Do – Check – Act) cycle:

Let us analyze each of these steps.

Today most organizations fortunately no longer face the question “is it worth implementing information security solutions?” The importance of information protection has become an axiom, and there are many offers in the cyber security market that cover the needs in various fields – SOAR, SIEM, etc.

At the same time, information security solutions implemented in organizations usually line up in the following pyramid:

However, with the disparate implementation of the entire variety of security tools and solutions, companies face the following challenges:

• Lack of a single tool for centralized collection of information security information from multiple sources.
• Lack of transparency in the information security management process.
• Lack of resources in the information security department to coordinate all products.
• The difficulty of communicating the importance of information security to the business.

Thus over time, organizations realize that the mere availability of a wide range of software does not guarantee a well-functioning information security management process.

Challenge

All IT security audits in the Bank were handled in a big famous corporate GRC system. But every time a new cybersecurity standard was published, retuning of the process was frequently connected with issues on the GRC side.

Lack of convenient user tools for managing of different standards requirements and especially of the similar ones, made the team to lose a lot of time for the double work when users had to conduct a new audit campaign with a particular standard.

Defensys technologies

The initial process of dealing with a huge number of requirements was held via electronic tables with all related to such an approach cons. One of the main requirements from the customer’s side was to have the most of the standards, they should be compliant with, available and structured out-of-the-box. After a series of meetings and the PoC project, the Defensys SGRC was chosen as a core solution for the cyber security requirements management system of the Bank.

Implementation

As the first step, the Defensys SGRC had to be integrated with the Bank’s GRC solution. As a result, the whole structure of assets incl. all relations between them and additional fields was imported.

Cybersecurity news

• Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. The flaws impact Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways.
• Cybersecurity researchers Bitdefender have released a new decryptor for the MortalKombat ransomware which can help save precious files, free of charge.
• A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape.
• The U.S.

For the purposes of building the effective Cyber Intelligence process relevance and completeness of the received data plays the crucial role. In most of the cases the work with the Threat Intelligence (TI) data starts with the adding of open source feeds. Regarding the 2021 SANS Cyber Threat Intelligence (CTI) Survey 66.3 % of the companies use open sources for the collecting of indicators of compromise (IoC) data and they strive to work with multiple sources in parallel.

On one hand using several sources seems the most simple and obvious way to start collecting data quickly but on the flipside there is a big issue in numerous detections when you upload these indicators to the security tools. And it makes the process of the data processing by the analyst almost impossible. We’d like to note also that if you want to create block lists for security tools from IoCs or a collection for search queries on the side of EDR solutions there will be a limitation by the number of entities. This means that anyway there has to be the manual work to prepare such collection of IoCs. Besides you have to keep in mind that only indicators itselves are useless.

For the purposes of building the effective Cyber Intelligence process relevance and completeness of the received data plays the crucial role. In most of the cases the work with the Threat Intelligence (TI) data starts with the adding of open source feeds. Regarding the 2021 SANS Cyber Threat Intelligence (CTI) Survey 66.3 % of the companies use open sources for the collecting of indicators of compromise (IoC) data and they strive to work with multiple sources in parallel.

On one hand using several sources seems the most simple and obvious way to start collecting data quickly but on the flipside there is a big issue in numerous detections when you upload these indicators to the security tools. And it makes the process of the data processing by the analyst almost impossible. We’d like to note also that if you want to create block lists for security tools from IoCs or a collection for search queries on the side of EDR solutions there will be a limitation by the number of entities. This means that anyway there has to be the manual work to prepare such collection of IoCs. Besides you have to keep in mind that only indicators itselves are useless.

Cybersecurity news

• Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea.
• A new Mirai botnet variant tracked as ‘V3G4’ targets 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS (distributed denial of service) attacks. The malware spreads by brute-forcing weak or default telnet/SSH credentials and exploiting hardcoded flaws to perform remote code execution on the target devices. Once a device is breached, the malware infects the device and recruits it into its botnet swarm.
• A new stealthy malware named ‘Beep’ was discovered, featuring many features to evade analysis and detection by security software.