Inflection Point: Too Much Trust in Privileged Tools
Two recent, high-profile cyber-attacks have reminded me that we probably are putting too much faith and trust in our privileged tools. At least the way we deploy and configure them today.
Things like remote system administration and malware detection.
Did you know the cyberattack on Change Healthcare was based on an exploit of a recent ConnectWise flaw?
ConnectWise’s “ScreenConnect” product is commonly used to gain remote administrative access to customer computers to provide IT support.
It lets you do things like security patching, software installation and troubleshooting, and configuration changes from a distance.
There were two flaws, and one of them (CVE-2024-1709) had the maximum Common Vulnerability Scoring System (CVSS) score of 10.
Of course, the 2020 SolarWinds exploit was against their Orion IT monitoring and management product that was used by thousands of enterprises and government agencies worldwide.
The point of exploit for SolarWinds was very different than for ConnectWise. But the end result is similar enough: Total compromise.
And more recently, cyber-attackers abused eScan AV updates, an antivirus service, for five years in order to infect end users with malware.
That attack worked because the service delivered updates over unencrypted and unauthenticated HTTP, a protocol that allows data to be viewed and tampered with as it travels over the Internet.
It’s starting to feel like a computer with remote system management and security software installed is actually less secure than computer without them.
What do you think?
Hit comment and let me know.
I read every comment you post.
-Kip
P.S. Please repost this “Inflection Point” to share with your network.
Subscribe here !
Current Podcast Episode: “Change Healthcare”
What happened in the Change Healthcare cyberattack? What are the impacts and how can cyber resilience be a competitive advantage? Let’s find out with your hosts Kip Boyle , CISO with Cyber Risk Opportunities LLC , and Jake Bernstein, CISSP, CIPP/US , Partner with K&L Gates .
领英推荐
By the way...
I just attended a lunchtime session on “AI Challenges and Opportunities”.
My role was to level set the non-technical audience on generative artificial intelligence and then we segued into an hour-long Q&A period that someone facilitated.
It was a great learning session all-around.
My biggest takeaway?
They’re so much hype going on, coupled with a profound lack of understanding of what generative AI is (and isn’t), that it’s going to take a few years before we really figure out what we can reasonably do with it.
To make matters worse, we’re trying to hit a moving target, so that just complicates everything.
Buckle up!
Kip Boyle is a husband, dad, entrepreneur, and experienced cyber risk manager. He founded Cyber Risk Opportunities LLC in 2015, after seven years as the CISO of PEMCO Insurance in Seattle. As a captain on active duty in the US Air Force, he served in the Combat Archer and F-22 Stealth Fighter programs where he was the director of enterprise network security. These days, he serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!
113 Cherry St #92768, Seattle, WA 98104-2205
Cyber Risk Analyst | Security Enthusiast | Indigenous
6 个月Rather than the software itself being vulnerable, I worry that orgs will buy overly complex systems that don't really deliver quality results (a.k.a., the blinky lights problem). If they rely solely on notifications from an automated IDS system, for example, they're going to miss a lot of fishy things on their networks.