Tuesday, May 31, 2016

The flourishing field of e-discovery

Anything Cyber Community,

Know of any recent high school graduates looking for a maturing field with a shortage of talent, forensics and e-discovery is the answer. Social media, text messages, and email result in an enormous amount of data that is fair game come litigation time. If you thought the shortage of Cybersecurity professionals was an issue, I'd bet that the shortage of forensics and e-discovery professionals is even more pronounced. These professionals are needed to guide forensics software to cull through vast amount of data to find pertinent information for court cases.

Barriers of entry into the forensics and e-discovery field are plenty. How many colleges out there offer forensics and e-discovery as an undergrad degree? If you're lucky, 1 or 2 classes are devoted to the subject. Next, companies want professionals to be certified in e-discovery and forensics which means someone needs: access to software that costs thousands of dollars; and access to thousands of dollars to pay for training to become certified. To get more involved in the field, colleges need to catch up with the private industry and incorporate forensics and e-discovery into the curriculum and offer training in forensics software such as Encase and Access Data.

Jimmie Walker, CISSP-ISSMP

Monday, April 25, 2016

Expensive Forensics software can Neutralize Ransom ware

Anything Cyber Community,

Ransom ware has grown in visibility and impact the last few years. Serving as malware that can encrypt chucks of data on a hard drive deemed important to a victim, ransom ware is primarily dealt with by either paying a ransom or having a recent backup of your hard drive. My prior posts from 2015 go into further detail on ransom ware. Recent victims of ransom ware include police precincts, hospitals, and various small businesses. One hospital in California just a few months ago paid a ransom of approximately $17,000 to have their encrypted data recovered.

While working in a previous career, I came across a few instances of hard drives encrypted by Crypto Wall ransom ware. With thousands of dollars worth of Forensics software at my disposal and an ultra powerful Mac Pro, I figured there must be a way for me to retrieve some plain text data off of the encrypted drives with the tools at my disposal. After making an image of the encrypted hard drive and processing the image though the forensics software (which can take a day or two), I was pleasantly surprised to recover a substantial portion of plain text data that the victim had not backed up and thought was lost forever. While I used forensics software from Access Data, software from EnCase may work just as well.

Since most of us (including me in my new career) do not have access to expensive Forensics software, the best advice to reduce the chance of ransom ware infection is to be on the look out for phishing emails, frequently backup your hard drive to a device that's only connected while performing the backup, and to scrutinize clicking on website advertisements that could potentially be malicious. If you do fall victim to ransom ware, contact your local FBI field office which is equipped with the Forensics expertise to potentially recover data off of your encrypted hard drive.

Regards and enjoy your week,
Jimmie Walker, CISSP-ISSMP, GREM, GPEN

Friday, March 18, 2016

No Internet facing IP address is immune from Hackers

Hi Anything Cyber community,

While hacks of the big companies and high profile celebrities usually make the news, don't think small businesses and ordinary citizens get a pass from Cyber criminals. If you have an IP address that's used to access the Internet, you're a target.

It's important for small businesses to realize that while they may feel there company contains data of no value to hackers, computing resources is just as valuable than the data itself. For example, hackers can use small business resources as a hop point to attack a bigger company that contains valuable data. Once the hacked company discovers the attack which could take 6 or more months to detect per the current statistics, the hacked company will investigate the hack and guess who's IP address will look like the culprit? The hacker's IP? Nope. The small business serving as a hop point? Yes. The same logic applied to small businesses can also apply to individuals.

To mitigate the risk of being used as a pawn by Cybercriminals, work on securing your home network or small business. Some of my previous blogs go into how to accomplish that feat. If you have specific questions, post them.

Enjoy the weekend!

Jimmie Walker, CISSP-ISSMP,GPEN,GREM
Cyber/Information Security Expert

Sunday, January 31, 2016

The Cloud is coming whether you like it or not

Hi Anything Cyber Community,

The cloud is all around us. If it's not iCloud (my personal cloud of choice) or cloud offerings from other big players like Microsoft, Google, and Amazon, the cloud plays a role in both our personal and professional lives. In my current role as an InfoSec Advisor, I come across numerous proposals to use different cloud vendors that can help my employer better achieve their goals in a more cost effective manner.

Cloud vendors provide us with the dog and pony show trumpeting all the great benefits of moving to the cloud. Of course, they seldom mention the cons such as data security or data loss concerns. That's why it's on the client or cloud buyer to ask those tough questions to verify that the cloud vendor of choice does take data security serious and has tangible safeguards in place. Like in life, you just can't take the vendor's word for it. We also must request written evidence that vulnerability scans are periodically performed by requesting a copy of scan results to document existing vulnerabilities and how the cloud vendor is mitigating or eliminating the vulnerability.

Jimmie Walker

Tuesday, November 24, 2015

LOCK those screens!

Hi Anything Cyber community,
Whether I'm at work or waiting for an hour to be seen by my Doctor, I'm getting tired of running into a hackers gold mine, unlocked computer screens. When I see it, I'm immediately compelled to lock the screen myself. However, I have to do it fast since I don't want the computer owner coming up and wondering why I'm invading their space.

Just the other day while waiting on my Doctor, I noticed not only was the computer screen unlocked, the now unsupported ( for over a year) Windows XP was the operating system. Not only would a hacker have direct access to my Doctor's account, they also have a vulnerable operating system to hack. Being a seasoned Ethical hacker by formal training ( not all night hackathons staying wired on caffeine),I couldn't help but see some of the potentially ripe with sensitive PII data file shortcuts displayed on my Doctor's computer Desktop.

Lucky for my Doctor, I'm not one of those dreaded Black Hats.

Bottom line, with all of the threats of terrorism, identity theft, and cyber crime, we must do our part and don't forget to control-alt-del before you go out for that lunch break.

Jimmie Walker

Wednesday, September 16, 2015

A true Life Saver

Hi Anything Cyber community,

With Apple's keynote last week announcing multiple new products for Apple fanboys like myself to lust, I'd like to discuss one overlooked iOS feature that many might not know about or take for granted. That feature is called Medical ID. It's found in the Health app which is the one with the heart and white background that the controlling Apple will not let you delete. The Medical ID allows the owner of an iPhone to display information such as age, medical conditions, medications, and 1 or more emergency contacts. The emergency contact option allows the first responder to call the contact directly from the iPhone. This feature has multiple use cases. For example, if you have a chronic illness which leads to fainting in a public place, a first responder can access your Medical ID on the lock screen and know exactly what might have caused you to faint and who to contact. Another use case involves those unfortunate times when you leave your iPhone behind at a meeting, bathroom, etc.

Earlier this year I presented Cyber threats and best practices in front of an audience of business executives. After the event, a left behind iPhone 6 was discovered. Since I had knowledge of Medical ID, I tried to access the feature on the lost phone so that we could contact the owner. Unfortunately, the owner had not set up their Medical ID so we had no way to know who owned the phone.

Although security concerns are valid, you can include as much or as little information to match your comfort zone. I feel the benefits outweigh the security risks especially in the case of a life or death situation.

I'm making it a mission to tell all the iPhone owners I know about the Medical ID feature. I'd put the same challenge out to you as well.

Jimmie Walker

Monday, August 31, 2015

Account for IoT

Hi Anything Cyber following,

I'd like to discuss a topic that I just can't seem to avoid, Internet of Things. Today I saw an advertisement for IoT transportation. Not only are we equipping our fridges to be Internet connected with an increased risk of being hacked, we're also hooking vehicles weighing tons to IoT devices not knowing or in many cases caring if security is maintained on an ongoing basis.

Believe me, black hat hackers out there are studying the vulnerabilities of IoT devices even if IoT manufacturers are not. Hackers will make use of found vulnerabilities to own the IoT device and in turn compromise connected devices of even more value. Before you or your company acquire that next 'got to have' IoT device, inquire about the security measures in place and whether or not the device will be maintained for the long haul. If the manufacturer doesn't maintain it, who will and at what enormous expense?

Jimmie