Avast blog: The Verizon data breach report for 2021

This year’s report records a rise in ransomware as well as a jump in social engineering-based breaches

What a year it has been. Nothing delineates things more than reviewing the annual Verizon Data Breach Investigations Report (DBIR), which was published earlier this month. To no surprise, phishing increased from 25% of breaches in 2019 to 36% in 2020, aided by the various Covid-themed lures. Also, ransomware loomed large and doubled its frequency from 2019 to 2020 to 10% of the breaches, as you can see in the below chart.

You can read my summary of the report here on Avast’s blog.

Book review: You will remember me

This thriller is an excellent study of what happens when trust goes out the window between a couple. The phrase what you don’t know could possibly kill you comes to mind, but I don’t want to give away any plot points. Let’s just say that when a boyfriend goes missing meme is well thought out and isn’t as much of a trope as you might think. You see the novel from the perspective of the boyfriend, his girlfriend, and his stepsister, all of which have something to hide about their dark pasts. Granted, they all have their justifications about keeping the truth from the others in this novel, and as the book evolves you get to see these reasons and make some judgements about them. I found the novel a fascinating character study and well worth your reading time, and made me think about whether we really ever know anyone that we love or spend time with. And you will remember the plot of this book for some time too.

Disinformation as an instrument of the fog of war

As many of you know, my daughter has been living in Israel for the past several years. The latest round of fighting and rocket attacks has been difficult for me to watch, mainly because I have experienced exactly one of them on one of my visits. The rocket landed a few miles away and happened in the middle of the night. I woke up briefly, because the sirens sounded and then the ground shook. A house was destroyed, but the family living there survived.

Every Israeli has access to a bomb shelter or safe room, depending on when their house was built and under what circumstances they have. For the more modern residences, the shelters usually have fortified walls, a roll-down metal shutter on the windows, and a metal door to the room itself. For my daughter’s condo, I actually slept in the bomb shelter room. Some of the older buildings have basement shelters or separate buildings that you have to move into.

So that was the context for me and trying to get accurate information during the current hostilities. It isn’t easy and it is getting harder. Let’s take a few examples.

Last week this Tweet was sent out by the Israeli military public affairs office. It says that Israeli “air and ground troops are currently attacking in the Gaza Strip.” The key word in that Tweet was “in” and how the English-language press reported what was happening. This article from the NY Times covers the issues.

Do you recall the Clinton/Monica impeachment testimony when we debated the meaning of the word “is”? This single word last week was responsible for press reports citing an invasion of Gaza by Israeli grounds forces, saying that troops were inside the territory. They weren’t.

Yes, there was plenty of fighting between the two sides, but Israeli ground troops remained on their side of the border, firing missiles from tanks, drones and other aircraft at Gazan targets. But one result of these reports was that Israeli forces were able to get Hamas fighters to take to their underground tunnels and target them from the air. There were many casualties as a result.

The Lt. Col. who spoke (and Tweeted) claimed it was an honest mistake due to the fog of war. But others, including the Hebrew-language press and the Gazans themselves, called this a deliberate attempt to use the press into helping the Israeli military. Hard to say which is true.

This wasn’t the only disinformation campaign going on in last week’s fighting. The NYTimes cites a series of misinformation campaigns by mostly Israeli-based efforts in this article, all designed to inflame pro-war passions. And over the weekend, the Gaza City high-rise building that has been the home of the AP and Al Jazeera offices for many years was demolished by Israeli air strikes. Israel gave occupants an hour to leave the building before it was bombed, claiming that it was being used as offices for high-ranking Hamas leaders. It is hard to determine if that was true, or if the leaders were using the press occupants as human shields. Reporters have asked for documentation about who was actually in the buildings.

This wouldn’t be the first time that Hamas has used this tactic. If you examine the casualty reports from the fighting over the past week, you can see there are dozens of Gazan children who have been killed in the attacks. This is due to the placement of the rocket launchers atop schools and hospitals, so that when these sites are targeted they can claim Israelis are aiming at innocents. Some of the tunnels are also purposely routed near schools as well.

Getting the facts has never been harder in this part of the world.

Red Cross blog: How Debi Meeds Brought Agencies Together

Sometimes the simplest ideas are also the most powerful. One of the great innovations that came out of the response to the Joplin, MO, tornado of 2011 was the first Multiple Agency Response Center (MARC). Since then, MARCs have become the gold standard for partner cooperative efforts.

Debi Meeds, (longtime American Red Cross volunteer profiled here), deserves much of the credit.  While working a disaster back in 2008, she had noticed confusion. “People didn’t know where local resources were located, and our clients were spending a lot of time running around town to obtain assistance. The average client had to go to ten different places to obtain lost documents such as their driver’s license, family services, and things like food and clothing from various charities—and remember, folks didn’t have GPS phones back then.”

So instead of bringing people to the services, Meeds switched things and brought services to the people. Ultimately, the Joplin MARC had 48 different agencies and organizations at one location.

You can


Avast blog: what’s up with FragAttacks?

A new series of attacks against almost every Wi-Fi router has been posted called FragAttacks. Anyone who can receive radio signals from your router or Wi-Fi hotspot can use these vulnerabilities and steal data from your devices. The issue is the design of the Wi-Fi protocols themselves, along with programming errors to certain Wi-Fi devices. Some products have multiple issues and a dozen different CVEs have been posted that document them.

You can read my blog post for Avast here.

Can we really reduce ransomware attacks?

A new report from the Ransomware Task Force — what we once called blue-ribbon panel of cybersecurity experts and non-profit organizations — was released last week. It has a long list of recommended actions to try to reduce this scourge. And while it is great that the tech industry has made the effort, it is largely misplaced.

The co-chairs of the various committees say right up front that tackling this problem won’t be easy, there aren’t any silver bullets to fix it, and no single entity has the needed resources to make much of an impact. Many of the recommendations concern actions by the federal government to try to stop it, I think public/private partnerships are going to see more success here.

Here are a few of their suggestions that captured my attention.

Action #2.1.2 recommends that cryptocurrency exchanges and other operators to follow the same “know your customer” and anti-money laundering rules as regular financial institutions, and aggressively targeting those exchanges that do not. This would restrict criminals from cashing out their ransom payouts. I think this is a worthwhile goal, but not sure how it could be enforced or even identified. There is always some semi-shady operator that will skirt the rules. Still, perhaps some crypto blogger or analyst could offer a summary of those operators that make more effort and those that just pay lip service to these very basic rules.

Action #2.3.1: Increased government sharing of ransomware intelligence with the private sector.

Action #4.2.2: Create a standard format for ransomware incident reporting.

These are both good suggestions. There are already common threat reporting formats, such as STIX and Taxii, that are used to share threat intelligence that are machine-readable and easily fit into automation solutions. But there are two issues: First, will victims be required to report incidents? Many times we only hear about attacks months or years later and many never come forward at all. Or victims post some rather gauzy information-free notices. The second issue is who will act as the central repository of this information. That brings up the following:

Action #4.2.1: Establish a Ransomware Incident Response Network.

This is another good idea. The only issue is who is going to be in charge. Part of the problem in infosec is that we have far too many organizations that overlap or operate at cross-purposes. MITRE would probably be my first choice: it is the keeper of other cybersec threat data.

Action #4.1.2 Create a federal cyber response and recovery fund to help state and local governments or critical infrastructure companies respond to ransomware attacks. This approach would be similar to the Terrorism Risk Insurance Program, which was enacted after 9/11 and has been used, albeit, infrequently, since then. It provides for a shared public and private compensation for certain insured losses resulting from a certified act of terrorism that is split 90/10 between the federal government and insurers. It could be tricky to implement, because having a definition of a ransomware attack might prove to be even more difficult than having a definite terrorist incident.

One part of the report that I found helpful and instructive was an appendix that describes the cyber insurance market, including a summary of common policy components and why you might need them. There are a series of suggestions to help improve insurance underwriting standards too, I would urge anyone who is reviewing their own corporate cyber policies to take a closer look at this portion of the report.

The report concludes with these dire words: “Ransomware actors will only become more malicious, and worsening attacks will inevitably impact critical infrastructure. Future attacks could easily combine techniques in ways that cause the infections to spread beyond their intended targets, potentially leading to far-reaching consequences, including loss of life.”

Avast blog: How will advertisers respond to Apple’s latest privacy changes?

Last week, we described the privacy changes happening within Apple’s iOS 14.5. Now, in this post, we’ll be presenting the advertiser’s perspective of the situation at hand. While advertisers may think the sky is falling, the full-on Chicken Little scenario might not be happening. The changes will make it harder – but not impossible – for advertisers to track users’ habits and target ads to their devices. And as I mention in my latest blog for Avast here, digital ad vendors need to learn new ways to target their campaigns. They have done it before, and hopefully the changes in iOS will be good for everyone, eventually.


Avast blog: What Apple’s iOS update means for digital privacy and identity

This week, Apple announced the availability of iOS version 14.5 for its smartphones and tablets. The release contains an update that is a major change in direction and support for digital privacy. If you are concerned about your privacy, you should take the time to do the update on your various devices. Earlier iOS versions had the beginnings of this anti-tracking feature. If you go to Settings/Privacy/Tracking, you can turn off this tracking or selectively enable it for specific apps. When you install a new app, you will get a popup notification asking you about which tracking features you wish to grant the new app.

In my blog for Avast, I talk about what exactly is included in the new iOS, and why it is important for preserving your privacy.

FIR B2B podcast #147: Marketing Lessons From the Open Source World With Priyanka Sharma

This week we talk to Priyanka Sharma, who is the General Manager of the Cloud Native Computing Foundation. The group has assembled a massive collection of 600 vendor members, ranging from little-known startups to the biggest companies on the Internet. The foundation is the steward of more than 80 open source projects that support Kubernetes, Prometheus, Vitess, Envoy and other technologies that deal with distributed data structures, network policies and cloud orchestration. The foundation helps to put on an annual conference, which has a business value track this year, and has a library of webinars to help spread the word about the revolutionary technology called software containers. She told us during the podcast that “Life isn’t a zero sum game and we have to work together” to help market cloud tech.

Our interest in this portfolio is high — Paul has written most recently about the foundation here for SiliconAngle.  We spoke to her about her role at CNCF and the tactics the foundation has found to help mainstream IT adopt cloud and container technologies, getting her members to agree on a single standard, how to sell open source to the prototypical “pointy-haired boss” and what tech marketers can learn from the cloud evolution that they can apply to solve their own business problems. You can listen to the 20 min. interview here.

Red Cross blog: Mike DeSantis, long-time blood donor enjoys helping others

Volunteers approach the American Red Cross from many different directions. Mike DeSantis came through donating blood. And then doing it again, and again, and again. He wanted to start donating blood while he was in high school, but was born too late in the year, so he had to wait until he turned 18 when he was in college before his first visit. “I gave whole blood then, and found it wasn’t all that hard or that intimidating,” Mike said. “After a few times at the local blood center, a nurse asked me if I had considered apheresis and told me I had nice big veins.” That was the beginning of something that blossomed into a decades-long relationship. By one accounting, he has donated more than 530 units of platelets over 375 visits. He tries to come in every other Friday afternoon. “This is a lot easier to remember than the whole blood schedule,” he said. There is a lot more to his story, and you can read about him on the Red Cross blog here.