Controlling the Narrative – an Introduction to Cyber Deception
Thank you Bordeaux, and thank you to the organizers of BSidesBDX for giving the change to dicuss one of my favorite current topics – cyber deception.
Unfortunately, due to a technical error, the last 5 minutes of the recording are lost, but they were mostly the summary and the Q&A.
Bottom line – one the best defense strategies we can have is to make our honeypots look like any other machine in the network, so that adversaries don’t know that they are in a honeypot, but also make our endpoints look like badly executed honeypots, to make them unappealing for attackers.
Machine Vs. Man – Presentation in Haiti Cybercon
Last week I had the pleasure and honor to present at the first ever Haiti Cybercon conference, paving the path to a thriving infosec community in Haiti and the region.
Alongside many talented and notable guests, I talked about the rise of Machine Learning and Artificial Intelligence, how it’s used in cyber defense, but more importantly – how it’s being used by the adversaries.
Media Alert: Sputnik News
“The question is not what information they got. The question is how they got it: they got it by lying; they got it by misleading; they got it by doing something which was specifically not allowed by certain terms of services.”
Some of my thoughts on the Cambridge Analytica case, which came up during an interview with Sputnik News
Media Alert: France24’s The Debate
Last week I was invited to appear on France24’s “The Debate”, as a part of a panel of experts talking about the recent NotPetya Ransomware attack.
You are welcome to watch the full episode here.
Upcoming Presentation: The Institute of Directors
On Tuesday, June 27th, I will be hosting the Institute of Directors’ Tech Breakfast, a bi-monthly event bringing together some of Paris’s top directors and executives to discuss various topics in the tangent point between technology and business.
This talk is titled: “Cyber Security: Managing Risk, Governance & Best Practice”, and in it I will be providing the guests with a general statistical overview of the world’s current cyber security state, together with some practical recommendations.
The event will be held on June 27th at the France-Amériques building in Paris, and it begins at 08:15.
If you are interested in participating, you can register here.
Looking forward to seeing you there.
The Dxh26wam Case Study, or why Dropbox is not a proper Backup Solution
If you could take a look into the security playbook of most large companies in the world, it would probably say that in case of a serious infection, let’s say a ransomware, the first thing you should do is contain the problem – you want to disconnect the machine so the infection doesn’t spread, and rush it over to the experts that will do a forensic analysis to figure out what happened: when, how, why and hopefully who was behind the attack. The user, in most cases, will quickly get a replacement machine, and will forget all about the incident. Operations of the company, as a whole, will not be disrupted1. This is how it works for large companies, but when it happens in smaller ones, the story is completely different.
One April morning we got an urgent call from one of our clients, telling us that one of their computers had a “very scary” notification on the screen, and that the employee using that computer could no longer work. Read more →
What’s in a name? That which we call a rose…
Be on the lookout!
A newly discovered problem in the latest versions of Chrome and Firefox enables hackers to create fake websites that look exactly like real websites, right down to the address bar.
Read more about it at https://www.linkedin.com/pulse/whats-name-which-we-call-rose-yul-bahat-cissp
SSL Yourself
One of the most frequently asked questions I get from our eCommerce clients is if they should install an SSL certificate on their website. The short answer I give them is yes. The long answer is: “Yes! Please do! The sooner the better!” More than that, it’s the same answer I would give any client, eCommerce or not, or for that matter, anyone running any website. Read more about it at https://www.linkedin.com/pulse/ssl-yourself-yul-bahat-cissp
The Disappearing Server: A Case Study
One day, a couple of months ago, we were contacted by the CEO of a young startup company. This startup is an agency of sorts, connecting freelance professionals and interested clients. Through the platform, clients are able to look for professionals, view their portfolio, sign a contract and approve the results of their project before authorising final payment. Unfortunately, the reason for this call was that the CEO, along with his entire staff, woke up one morning to realise that their entire infrastructure has completely disappeared from the face of the earth (or at the very least the cloud service it was hosted on). Read the full story at https://www.linkedin.com/pulse/disappearing-server-case-study-yul-bahat-cissp
Media Alert: ITV News – The Battle to Prevent Hacking in the French Elections
In light of the upcoming French elections, I was interviewed by ITV News on the possibility of hackers, either nation-sponsored or not, to interfere.
Watch the full segment here
Ransomware ate my homework (and I don’t have a backup)
It’s your worst nightmare.
You promised the client a final version of your report yesterday, and you’ve been ignoring her calls since late last night. It’s almost done. You stayed up till 5 in the morning to finish it, but you just wanted a few hours of sleep so that you could go over it one more time before hitting the send button. You boot up your mac, open the folder, and your face goes white. You see the file, it’s there, but now after the .docx filename extension you there’s a new one, and it the scariest word you ever saw in your life:
Encrypted!
Read more at: https://www.linkedin.com/pulse/ransomware-ate-my-homework-i-dont-have-backup-yul-bahat-cissp
Ready or not, here I come (or: are you DDoS ready?)
One of the main stories the previous week in cyber security is the hacking and the leaking of information from the website vDos, leading to the arrest of its (alleged) operators – two Israeli teenagers – following an international warrant issued by the FBI.
vDos, for those of you who are not familiar with it, was a “booster” service, or in other words – A DDaaS – Distributed Denial of Service (DDoS) as a Service. For a certain fee, depending on your requirements in terms of attack length and volume, you could hire the service’s network of dummy machines to conduct a full scale denial of service attack.
Read more about it at https://www.linkedin.com/pulse/ready-here-i-come-you-ddos-yul-bahat-cissp
Nothing new under the sun
Sometime in late 2008, while I was still an undergraduate working to get my bachelor’s degree in computer science, I had one professor that spent an awful lot of time praising the rise of web services, and told us that they were “secure by nature”, as long as you properly implemented token authentication. As it happened, that professor was a co-founder in a startup company creating a cloud platform heavily relying on web services. For our final assignment in that course, my lab partners and I implemented a man-in-the-middle attack, successfully demonstrating how we could change information supposedly provided by said platform.
Read the rest of the story at https://www.linkedin.com/pulse/nothing-new-under-sun-yul-bahat-cissp
Detection is Dead
It has been said before, by me and by others, but apparently not loud enough and not clear enough. It is time somebody comes up and say it —
Detection is Dead.
If you rely solely on detection mechanisms, hoping that one of them detect malicious content before allowing it to enter your network — your network is compromised, and someone that is not supposed to is currently going through your corporate secrets.
It’s time you move on to a new way of thinking about cyber security — isolation.
Read more about it at https://www.linkedin.com/pulse/detection-dead-yul-bahat-cissp
Privacy Shield is here – let’s put everything in the cloud! (but not really…)
Earlier this month, the European Commission (EC) has announced a new agreement between itself and the US authorities concerning the protection of “transatlantic data flows”. This agreement, named Privacy Shield by its authors, is the replacement for the long standing Safe Harbor agreement, which was shut down by the EU court in October, 2015. Many companies currently ask themselves whether or not they can resume (or begin) putting data in US-operated cloud services, and some clarifications are obviously needed. Read more at https://www.linkedin.com/pulse/privacy-shield-here-lets-put-everything-cloud-yul-bahat