STE WILLIAMS

The task of constantly keeping up with new threats and regulatory requirements has made cybersecurity something of a high-pressure career field for technology professionals in recent years. There are no signs that will change anytime soon.

A global survey of 1,600 IT professionals by Trustwave shows that a majority of cybersecurity executives and practitioners believed they were under more pressure at their jobs in 2017 compared with the year before. They expect 2018 to be no different.

Trustwave has conducted the same survey for five consecutive years, and each time survey respondents have reported increased pressure over the previous year. If the trend persists, expect one of two things to happen, says Chris Schueler, senior vice president of managed security services at Trustwave.

Either the pressure will push people to improved performance or it is going to cause them to crash. “Pressure to perform creates an overwhelming feeling that causes people to turtle up or become burned out quickly,” Schueler says.

In the latest survey, 54% of the respondents reported experiencing more security pressures in 2017 compared to 2016, and 55% expect 2018 to be worse than last year. More cybersecurity professionals in the US (61%) feel that way than professionals in any other country, the Trustwave survey showed.

Advanced malware and zero-day vulnerabilities are the top cause for the pressure that security people feel on the operational side of things, with 26% citing that as a reason. Other top concerns include budget constraints at 17% and a lack of security skills at 16%.

The Trustwave survey also showed that phishing attacks and social engineering became more of a pressure-inducer last year, with 13% identifying that as a stressor compared with 8% who said the same in 2016. Somewhat surprisingly (considering all the concern over data breaches and attacker dwell time), only 11% of the respondents in Trustwave’s survey identified malicious activity detection and compromise detection as contributing to their stress levels.

For cybersecurity professionals, a lot of the pressure comes from the constant reminder that peer industries and major brands are being breached daily and that they need to improve to stay ahead, Schueler says. “It’s the only job in IT where there are people who are constantly trying to make your day bad,” he notes. It’s daunting to wake up every day with the constant worry of not knowing if your efforts have been enough, he says.

Adding to the pressure is the fact that many organizations are moving to a governance model that puts more pressure on security leaders and measures their effectiveness at reducing organizational risk, Schueler says.

One welcome result from the survey is the relatively bigger role that those closest to the security function appear to be playing these days. Thirty-nine percent identified board members, directors, the CEO, the CIO and other C-level executives as putting the most pressure on them. But that proportion is actually smaller than the 46% who said the same in 2017 and the 69% in 2016.

At the same time, a bigger proportion of respondents (27%) in Trustwave’s most recent survey said pressure from direct managers had increased compared with 2016 (18%). “This is a very positive view because it indicates that the board has made cybersecurity a priority year over year and has shifted the ownership more to the people who are closest” to the function, Schueler says.

A 2017 survey by Enterprise Strategy Group (ESG) and the Information Security Systems Association (ISSA) shows that burnout is becoming a problem in the cybersecurity field. The perpetual battle to keep the enterprise safe against a constant barrage of attacks using suboptimal resources is wearing security professionals down, according to the report.

ESG and ISSA surveyed a total of 343 cybersecurity professionals. Sixty-eight percent strongly agreed that a cybersecurity career could be taxing on the balance between an individual’s professional and personal life. Thirty-eight percent said the skill shortage in the industry had resulted in high employee attrition rates and burnout. The situation is made worse by the fact that there are far more security jobs than there are people to take them, according to the ESG-ISSA report.

“If you’re a C-level executive, you should be thinking about the pressures on your security team and how you are managing that pressure,” Schueler notes. Among the things you need to consider is your security maturity level, the partners that you might have on board to help you, and how effective that help might be.

Related Content:

• Thinking about a Career Move in Cybersecurity?
• Automation Exacerbates Cybersecurity Skills Gap
• Road Map to a $200,000 Cybersecurity Job
• 8 Steps for Building an IT Security Career Path Program

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/careers-and-people/growing-job-pressures-increase-risk-of-burnout-for-cybersecurity-professionals/d/d-id/1331889?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Chip cards are paying off in terms of reduced fraud. That’s the conclusion of a new Visa report on transactions since the shift to EMV (named after original developers Europay, MasterCard, and Visa) cards in 2015.

According to Visa, merchants that have completed the shift to EMV cards have seen their fraud level drop by 76% from December 2015 through December 2017. Of particular note, Visa says that EMV cards have been very effective in reducing counterfeit fraud, which it calls the most common type of credit card fraud committed in the US.

By March of 2018, 97% of total credit card transactions took place using EMV cards. Since the formal shift to EMV cards, the number of cards with chips has risen from 159 million in September 2015 to 483.6 million in March 2018.

Visa says that more than 2.9 million merchant locations are now accepting EMV cards.

For more, read here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/risk/fraud-drops-76--for-merchants-using-emv-says-visa-/d/d-id/1331891?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Image Source: Ryzhi via Shutterstock

Security practitioners are being told that they have to get smarter about how they use data. The problem is that many data scientists are lost in their world of math and algorithms and don’t always explain the value they bring from a business perspective.

Dr. Kenneth Sanford, analytics architect and sales engineering lead at Dataiku, says security pros have to work more closely with data scientists to understand what the business is trying to accomplish. For example, is compliance the goal? Or is the company looking to determine what it might cost if they experienced a ransomware attack?

“It’s really important to define the business problem,” Sanford says. “Something like what downtime would cost the business, or what the monetary fine would be if the company were out of compliance.”

Bob Rudis, chief data scientist at Rapid7, adds that companies need to take a step back and look at their processes and decide what could be done better via data science.

“Companies need to ask themselves how the security problem is associated with the business problem,” Rudis says.

Sanford and Rudis created a six-step process for how to build a model to analyze internal DNS queries – the goal of which would be to reduce or eliminate malicious code from the queries. 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: https://www.darkreading.com/analytics/6-steps-for-applying-data-science-to-security/d/d-id/1331840?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A snapshot of the enterprise remote access space in 2017 reveals a few interesting trends: more businesses have adopted Windows 10 and Apple products, nearly all Android devices are out-of-date, and chances are good their browsers are no longer running Flash.

To learn more about users’ authentication behavior and device health, the security research team at Duo Labs dug into data from 10.7 million devices and nearly 0.5 billion monthly authentications. Researchers wanted to see where people authenticate from, how they respond to phishing, and the devices, operating systems, browsers, and plugins they use. 

There are obvious security implications in these trends. The researchers found a majority shift in Windows 10 adoption, which jumped from 27% in 2017 to 48% in 2018. Devices running Windows 7 also decreased from 65% in 2017 to 44% this year. Duo researchers attribute the spike to WannaCry, which prompted Windows 10 downloads.

“It was one of the bigger drivers in Windows 10 adoption,” says Duo data scientist Olabode Anise. “After the first 30- to 60 days after WannaCry there was an uptick, then it started to level out and decrease” after the companies that wanted to upgrade completed the process.

Industries slowest to adopt Windows 10 were healthcare (29%), transportation and storage (31%), and insurance (33%). Those fastest to adopt the latest Windows OS were computers and electronics (82%), wholesale and distribution (70%), and nonprofit (56%).

Anise says these trends fluctuated depdnding on the applications running on particular endpoints. Since apps are affected by OS changes, people in industries more at the forefront of new technologies would utilize and adopt Windows 10 more quickly.

Researchers point out that it’s not always possible to update operating systems in large enterprises with complex IT environments without rendering certain devices inoperable. Connected medical devices and healthcare software, for example, may not be designed to run Windows 10. In healthcare, Anise notes, “mission-critical applications are hardest to port over.”

While Windows 10 adoption may be up, Windows usage declined overall. Researchers noticed Windows users dropped from 68% to 65% between 2017 and 2018. At the same time, they saw an uptick in macOS, which grew 27% to 30%, and iOS, which jumped from 10% to 12%.

Mobile Security Could Use a Major Update

Most endpoints are not running the latest version of their operating system, says Kyle Lady, senior information security engineer at Duo. However, iOS and macOS devices are generally more up-to-date than those running Android or Chrome OS. By the end of March 2018, only 8% of Android phones had been patched with the latest security fix released 26 days prior.

Ninety percent of Android devices are out-of-date, researchers found. The same can be said for 85% of ChromeOS devices, 74% of macOS devices, and 56% of iOS devices.

Users lagging on Android security updates “is not new, and it’s not necessarily getting worse,” says Lady, noting that this has been a problem for years. Android updates have to come from the manufacturer, which pushes them to the carrier, which sends them to users.

“If there’s a slowdown anywhere along the way, it results in the user being at risk,” he explains. While Google has done a lot of work to structure Android so it can receive mission-critical updates faster, it often doesn’t help users running versions ineligible for security updates. Android is great for an open-source mobile OS, Lady says, but it’s tough to update.

“I think we’ve seen a lot of businesses take notice of the Android security problems, and the difficulties in updating Android devices,” Anise adds. “iOS has a much more clear-cut picture as to whether a given phone can update or not.”

Android has dozens of manufacturers and hundreds of versions, and it can spiral out of control if you’re trying to come up with restrictions that let users access data while keeping company assets secure, he adds. It’s easier to create these policies for iOS and, in some cases, macOS.

Browser Security and the Fall of Flash

Firefox Mobile is the most out-of-date browser based on Duo’s research, which found 93% of endpoints using it hadn’t updated to the most recent version. Chrome came in next at 53%, followed by Firefox desktop (49%), Safari (42%), Edge (33%), Chrome Mobile (31%), and Internet Explorer, which was the most up-to-date with only 5% of users behind.

To put these numbers in context, there hasn’t been a new version of Internet Explorer released since 2013. Chrome was last updated on March 6, 2018. While it appears Chrome browsers are more out-of-date, the browser is more frequently updated by its vendor than others.

Researchers also noticed Adobe Flash Player is rapidly disappearing from browsers. Less than one-quarter (24%) of browsers had Flash uninstalled in 2017; by 2018, that number had jumped to 69%. “Uninstalled” includes browsers with Click to Play or other forms of Flash blocker implemented, meaning browsers won’t run arbitrarily run Flash unless users opt in.

“A lot of the driving factors rely around users switching to models that have Flash disabled by default,” says Anise. “Extensions for Web browsers let you do this, or you can configure Google Chrome to not run Flash by default.” Chrome, he says, has forced its content creators to adopt new technologies and has been a major driver in the move away from Flash, which will no longer be shipped with Chrome starting in 2020. Adobe will end-of-life Flash later that year.

Authenticating More Remote Workers

Both Anise and Lady speak to the importance of updates and two-factor authentication as people increasingly work remotely and log on from different networks. While mobility brings additional security risks, Lady says companies see the benefits of letting workers go remote.

From 2017 to 2018, Duo’s data showed a 10% increase in the average number of unique networks that customers and businesses are authenticating from. More than one-quarter (26%) log in from two or more networks in 2018; eight percent log in from at least three.

If workers are going to work remotely, it’s essential to keep their devices updated and provide a second factor to verify their identity. An analysis of phishing simulation attacks found 62% captured one set of user credentials, and 64% involved one out-of-date device.

Related Content:

• 7 Tools for Stronger IoT Security, Visibility
• US Senator to DOD CIO: ‘Take Immediate Action’ on HTTPS
• New Spectre Variants Add to Vulnerability Worries
• North Korean Defectors Targeted with Malicious Apps on Google Play

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/endpoint/windows-10-adoption-grew-75--adobe-flash-plummeted-188--in-2017-report/d/d-id/1331877?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Threat intelligence sounds like something security professionals should like — automation has a lot of potential. Artificial intelligence is increasingly making our lives more efficient, and technological solutions could help cybersecurity teams decrease the amount of mundane, repetitive tasks they need to perform on a daily basis.

In reality, however, most security professionals are not yet fans of threat intelligence. For example, the Ponemon Institute, an independent research group that studies information security and privacy, recently released a report about companies’ attitudes toward threat intelligence. Seventy percent of the security industry professionals it surveyed said they believe threat intelligence is either too complex or cumbersome to provide usable insights.

Mahendra Ramsinghani, founder of cybersecurity seed fund Secure Octane, included threat intelligence among falsehoods professionals should ditch in a TechCrunch piece. Specifically, she mentions a Black Hat talk titled “Lies and Damn Lies,” and provocatively writes that the presenters “spent five months digging into various endpoint offerings and concluded that threat intelligence simply does not work.”

This may all come as a surprise to you, particularly if you follow the hype about threat intelligence. You may be wondering if giants like Google and Amazon are investing in threat intelligence-adjacent solutions, then why are so many cybersecurity professionals suspicious of these offerings?

Feeds vs. Platforms
Before we go further, let’s understand the difference between a threat intelligence feed and a threat intelligence platform. Put simply, a threat intelligence feed is an ongoing, third-party stream of information, or “feed,” about current or potential threats to a company in a particular category. As Recorded Future explains, a feed can solely focus on domains, hashes, or IPs known to be associated with malicious activity, for example. There are also six main sources of threat intelligence feeds, which are all valuable: open source, customer telemetry, honeypots and darknets, scanning and crawling, malware processing, and human intelligence.

There are several challenges to analyzing threat intelligence feeds. First, the reliability of each feed varies tremendously. Many feeds are open source and free, and, thus, not tailored to your company’s needs. These need to be monitored heavily to ensure they are even worthwhile. Feeds coming from industries closer to yours will likely be more useful, but, not surprisingly, they are often expensive. Also, you are the only expert who knows exactly what information is applicable to your organization. So, as much as paid feeds may provide high-quality data, you will need to monitor their relevance closely. It might make sense to work closely with vendors in creating tailored feeds, though that is obviously an investment of time and money.

The other key obstacle with threat intelligence feeds is triaging so much information. For every threat intelligence feed you add, the more data you need to analyze, and the higher the chance you’ll encounter false positives. Additionally, none of these feeds come with context, which is crucial in determining whether or not you should act upon their alerts.

Threat intelligence platforms are increasingly hailed as a solution to organize and make sense of various feeds. In a recent report, “Hype Cycle for Threat-Facing Technologies, 2017,” Gartner‘s Greg Young writes that threat intelligence platforms “collect, correlate, categorize, share and integrate security threat data in real time to support the prioritization of actions and aid in attack prevention, detection and response. They also integrate with and complement existing security technologies and processes like SIEM, IPSs and firewalls.” He asserts that current threat intelligence solutions are most useful for large, sophisticated cybersecurity outfits. However, he notes that threat intelligence is only moderately helpful compared with a string of approaches he deems to be highly beneficial. He prefers enterprise firewalls, operational technology software, and user and entity behavior analytics, among other solutions.

Although threat intelligence platforms would be a lovely silver bullet to the feed aggregation and insight problem, at this point most threat intelligence solutions — both feeds and platforms — fail to measure up. At some point, the higher-end products may be useful beyond large-scale companies. Until then, we recommend using feeds that are helpful and focusing on less sexy but beneficial ways to streamline your operations, such as hiring the right security professional to analyze your organization’s unique needs.

Related Content:

• 6 Steps for Sharing Threat Intelligence
• Breakout Time: A Critical Key Cyber Metric
• Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules

Chris McDaniels is Chief Information Security Officer of Mosaic451, a cybersecurity service provider and consultancy with expertise in building, operating, and defending some of the most highly secure networks in North America. McDaniels is a US Air Force veteran with over 14 … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/is-threat-intelligence-garbage/a/d-id/1331862?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

As quantum computing starts barreling away from the theoretical world and into the  realm of reality, the security community is on a timer. Most experts say that once quantum computers come online, they’ll have the computational powers to easily break modern cryptography. A new report out today from the Cloud Security Alliance’s Quantum Safe Security Working Group says that security researchers, vendors and enterprises need to start working now if they want to beat quantum’s cryptographic buzzer.

Considering how long it takes for the IT world to transition to new encryption measures when old ones wear thin, the CSA report warns that the window until quantum reaches widespread adoption – about 10 to 15 years – might not be as long as it seems right now. 

“Cryptographic transitions take time, often a very long time,” the report explains, pointing to the decade-long transition it took to get from 1024- to 2048-bit RSA key sizes, or the move to elliptic curve-based cryptography (ECC). “The transition to quantum-resistant cryptography is likely to take at least ten years. It is therefore important to plan for transition as soon as possible,” according to the report.

The good news is that researchers have been working on this problem for a long time and they’ve got some good ideas on where cryptography should be headed. For example, NIST just last month held a workshop that featured some 80 research submissions in its Post Quantum Crypography Standardization initiative. The CSA report offers a breakdown of five of the most promising categories of cryptographic methods that could stand as post-quantum cryptography alternatives.

The five major contending algorithmic classes are:

• Lattice-based cryptography,
• Hash-based schemes,
• Elliptic curve isogenies,
• Multivariate cryptography, and
• Code-based cryptography.

According to Roberta Faux, lead author of the CSA report, there are pros and cons for each class of algorithm and it’s going to take some time for researchers, and later, security engineers, to figure out which is best for a workable standard. 

For example, she says the community is going to have to have a lively debate to balance out three big trade-offs, namely key size, bandwidth and confidence level. 

If you consider code-based schemes, they’ve got a fast computational speed and they’ve been around so long that they’ve got a high degree of confidence from many in the security community. But their key size is large – some might say impractically so, Faux says. Meanwhile, isogeny-based cryptography has got small key sizes but the computation is still expensive and it’s relatively new so there’s less confidence there.

“I think the community agrees that we still need more time  to investigate the wide range of post-quantum cryptographic algorithms,” Faux says, “and [to] understand the issues involved in migrating from existing public key cryptography to post-quantum cryptography.”

Related Content:

• What CISOs Should Know About Quantum Computing
• Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
• How Quantum Computing Will Change Browser Encryption

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Article source: https://www.darkreading.com/endpoint/what-should-post-quantum-cryptography-look-like/d/d-id/1331878?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A newly unearthed novel and destructive cyberattack infrastructure made up of more than a half-million home and small office routers and network-attached storage devices worldwide has security and equipment vendors, Internet service providers, government officials, and law enforcement scrambling to help clean and patch the infected devices before they’re weaponized in an attack.

But given the nature of these typically insecure IoT consumer devices sitting exposed on the public Internet, cleanup and protection won’t be simple or even realistic in some cases. 

The so-called VPNFilter is a stealthy and modular attack platform that includes three stages of malware. The first establishes a foothold in the device and unlike previous Internet of Things botnet infections can’t be killed with a reboot; the second handles cyber espionage, stealing files, data, as well as a self-destruction feature; and the third stage includes multiple modules including a packer sniffer for nabbing website credentials and Modbus SCADA protocols, as well as a Tor anonymization feature.

VPNFilter can be used to both spy on and aggressively attack a target nation’s network infrastructure, according to researchers at Cisco Talos, who first found the threat. The initial target appears to be Ukraine, where the majority of the infected IoT devices reside, and where the attackers have constructed a subnetwork aimed at that nation, complete with its own command and control server recently placed there.

The malware also includes “an exact copy” of Black Energy, according to Craig Williams, senior threat researcher and global outreach manager for Cisco Talos. Black Energy was used in the game-changer attacks that ultimately shut out the lights in western Ukraine in 2015, thought to be the handiwork of Russia.

So far, the infected devices that make up the backbone of VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link home routers and QNAP network-attached storage (NAS) devices.

Cisco stopped short of naming Russian state-sponsored hackers as the attackers behind VPNFilter, but also didn’t rule it out, especially with the BlackEnergy connection and Ukraine-specific attack network. “The code overlap we saw was an exact copy, including even an error,” Williams says. “It certainly could be a false flag [pointing to Russia]. But when you combine that [malware] with other factors, such as it appears to be specifically targeting Ukraine, with destructive malware and appears to be preparing for an attack on Constitution Day [June 28] … With all those facts we have high confidence they are not acting in Ukraine’s interests.”

Meanwhile, Ukraine’s state security service, SBU, called out Russia as the perpetrator of the threat and warned of the possibility of an attack on its infrastructure in the runup to the UEFA Champions League final soccer match in Kiev this Saturday. “Security Service experts believe that the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation, aimed at destabilizing the situation during the Champions League final,” the SBU said in a statement reported in Reuters.

‘Attribution-less’ Network

Cisco’s Williams describes VPNFilter as “almost like a VPN tunnel designed to be used by the attacker for separate attacks.”

VPNFilter allows the attacker to remain anonymous because it uses infected home and SOHO devices as its weapons, and the victims act as unknowing participants. “It’s basically a modular, attribution-less network to attack other networks without any blame being cast on them [the attackers],” Williams says. “This is what a nation-state uses to attack another nation-state and not get blamed.”

While Ukraine appears to be an initial target, VPNFilter has victim devices in 54 countries, including the US, and can be used to attack any nation, he says. The built-in self-destruction module also wipes the firmware of the devices, rendering them inoperable for the users: that could both knock users and companies offline.

Cisco in early May first noticed infected devices scanning ports 23, 80, 2000, and 8080, ports typically associated with Mitrotik and QNAP NAS systems, across more than 100 countries. But things escalated on May 8, when VPNFilter infections jumped dramatically – mainly in Ukraine, and then again on May 17. That led to Cisco going public with its findings even before it had full understanding of the infections and the vulnerabilities exploited.

The company has been working with the affected vendors and fellow members of the Cyber Threat Alliance to alert customers and lock down devices, and has been blacklisting domains associated with the attacker infrastructure for its customers.

“The attackers could turn loose another NotPetya … DDoS, literally anything. They are only limited by their own creativity,” Williams says.

What to Do

Users of the infected devices should reboot them as soon as possible, which will kill off the stage 2 and 3 malware. That’s a temporary fix, however, since the persistent first-stage malware isn’t removable with a reboot and the attackers could come back and reinstall the stage 2 and 3 malware again. The devices also should be updated with the latest patches and default credentials should be changed to new strong credentials, according to Symantec. 

Updates from the various equipment vendors are rolling in. Netgear said in addition to firmware updates and password resets for its routers, users should turn off remote management in its devices.

“Hopefully, we caught it in time,” Williams says of the VPNFilter campaign. Ensuring the actual patching and securing the infected IoT devices mostly will fall on the ISPs, small businesses, or even large businesses who have these devices installed, he says.

Cisco is urging ISPs to “work aggressively” with customers to get the device patched and up-to-date, and to assist users in rebooting their routers.

Security experts meanwhile have been warning that Russia and other nation-states could ratchet up more aggressive cyberattacks against the US, likely posing as other nations and attack groups for plausible deniability. Russia has been honing its skills on that front for the past year or so, with its destructive NotPetya attack campaign targeting Ukraine, its election-meddling operation during the 2016 US presidential election, and most recently, the false flag operation in its hack of the Winter Olympics systems.

“This is an alarming variant of malware, as it can destroy infrastructure and take western allies back to the Stone Ages,” says Tom Kellermann, chief cybersecurity officer with Carbon Black. “This will spread to NATO members’ [countries] this week, and I feel that Putin has taken his gloves off.” 

Cisco’s Williams echoes the sentiment that VPNFilter is another level of nation-state threat. “This is not an everyday threat,” he says. “It took a lot of time and effort to design, with the purpose of coordinated attacks around the globe.”

Related Content:

• 7 Tools for Stronger IoT Security, Visibility
• Destructive and False Flag Cyberattacks to Escalate
• Russian APT Compromised Cisco Router in Energy Sector Attacks
• Nation-State Hackers Adopt Russian ‘Maskirovka’ Strategy

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/destructive-vpnfilter-attack-network-uncovered/d/d-id/1331886?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple