Recent Blog Posts

Stealing Certificates to Sign Malware will be the Next Big Market for Hackers

Danger 2.jpgHackers are always on the lookout for new ways to monetize their activities.  We know cyber attackers have the first-move advantage and are currently outpacing security capabilities and implementations.  Even now, they run undetected and unabated through the networks of many large and respected companies and government sites.  When they are detected or choose to show their position, what makes news is the breach, data loss, and potential financial liabilities.  What is rarely spoken of is how such incidents on trusted organizations can be used to greatly amplify broader cyber-attacks across the systems of other entities and their respective customer base.


As attackers are rummaging and shopping around compromised networks, one of the highly valued targets are the certificates of the host.  These are used when communication, updates, and applications are sent to customers and partners to validate content is coming from a legitimate and trustworthy source.  Certainly not as sexy as credit card numbers, but in the wrong hands it can be a much more powerful tool to professional attackers.  These stolen credentials are being used to ‘sign’ malware which will get past typical defenses and then infect and compromise the computers of the host’s customer base.


Say for example you have a media or game company that requires end-users to install an application to access news, movies, songs, games, entertainment, or anything really.  The content pushes, program updates, and even security patches are electronically signed by the host, to ensure they are legitimate.  This is good security practice that is often used by app stores, anti-malware software, network filters, etc.  If this host company is compromised and their certificates are then used to ‘sign’ a malicious update, one which will compromise the target system and open it to the attackers, the entire community is at a heightened risk of these slipping past the security controls.  Chances are very good that recipients will receive and install code designed to hack their systems.  Now imagine that such users have this app on their phone, home system, and most worrisome their work computer.  All could be quickly compromised, at the speed of updates.  Most security defenses will not stop such an attack until it becomes known the certificates have been stolen.  Even then, it is not such a simple process to revoke usage across an entire community.  It can take years to close the vulnerability on all the potential targets.


Welcome to the 3rd Level of future cybersecurity attacks.  Here is my prediction: the broader community of attackers will soon realize the value of these certificates and begin to regularly harvest them as a resource for resale to discrete buyers, much like how vulnerabilities are being sold today.  Additionally, we will see more darknet services emerge where a malware writer can pay to have their software ‘signed’ with a stolen certificate for propagation to targeted communities.  This will be the next big market for hackers and will become a standard practice for cyber warfare teams worldwide.


Hold on, this is going to be a bumpy ride.


Twitter: @Matt_Rosenquist

IT Peer Network: My Previous Posts


My Blog: Information Security Strategy

Read more >

HP Discover 2014 – A Recap from Barcelona

HP Discover 2014 has officially come to an end, but we’re still basking in the glow of the exciting three days when IT leaders from across the globe gather to discuss the future of technology. Join us as we examine the highlights and takeaways from HP Discover’s second annual event in Barcelona.

Day 1 – Disruptive Innovation


“This is a time of relentless disruptive change for businesses and for governments. Think about it — ceaseless information flows, threats and uncertainty, constant connectivity, instant gratification, new channels, new markets, and new business models. No company survives without adapting. Without the ability to question, to rethink, to change, and to renew. Not your companies and not us.”


HP president, chairman, and CEO Meg Whitman kicked off the event with an impactful keynote on the shift from traditional IT to a new style of IT. She emphasized the need for an infrastructure designed to support the needs of the business, as well as the necessity for agile, scalable technology solutions. With the converging forces of big data, cloud, and mobility, consumerization is poised to revolutionize operations and permanently change the way IT supports the business.


Day 2 – Intelligent Business Transformation


HP had several key product unveilings that reiterated the current focus on a new IT. New servers, storage, converged systems, and services were evidence of HP’s focus on re-imaging old technology while embracing emerging technology and future disruptors. Discussions ranged from HP Haven (currently the sole big data platform on the market) to The Machine, a computing model that will bear tremendous weight in the evolution of data processing and analysis. “Computers have basically been built the same way for the past 60 years. At HP Labs we want to rethink computing,” said Martin Fink, CTO and director of HP Labs. “This Machine, our goal — in effect — is to allow us to run Haven on steroids.”


Day 3 – A New Style of IT


The Intel booth remained a mainstay for event participants for the duration of the event; luckily Ivana Jordanova, HP sales business development manager for Intel EMEA, was there to give those not in attendance a tour.

This year’s HP Discover was an enthralling look into the progress of IT in business. The overall focus on big data, cloud innovation, cybersecurity, and mobility in the enterprise was very much a reflection of the SMAC stack — social, mobile, analytics, cloud — we’ve been prioritizing at Intel. Great things lie on the horizon for IT, and we’re happy to be a part of that.


Until next year, adiós de Barcelona!

Read more >

From Entry Point to Exit Point: A New Security Strategy

lockitdown.jpgThe concept of user-centered IT isn’t exclusive to the CIO; the CISO should be focusing on it too. As security has evolved with technology, threats have shifted and grown at an even greater rate. Initially, it was us vs. them. Safeguard everything inside the castle and fend off all the invaders trying to scale the walls. But times have changed.


Today some of the greatest threats lie inside the castle walls. Any CISO will tell you that the greatest vulnerabilities often revolve around users. And as the barrier to entry has fallen, the potential for disaster has skyrocketed.


The key is empowerment — enable your users to be smart and secure.


User Knowledge is Power for Your Enterprise


Brett Hansen, executive director marketing end user computing software and mobility solutions at Dell, recently wrote:


Clearly, the business must focus on using encryption to secure devices, particularly at the file level. Malware protection is also essential so that experimentation does not result in a widespread infection or serious hack. Beyond that, changing paradigms mean that businesses must refocus on user security. This requires a joined up approach, where users are aware and educated in the potential complications of using Bring Your Own Device (BYOD), or Bring Your Own Cloud (BYOC), and aware of the need to manage devices correctly, in line with business policy.


The convergence of social, mobile, analytics, and cloud has significant implications for end users, and promoting internal awareness can build a proactive security culture where it means the most.


Intel IT’s Security Approach: Protect to Enable


When Intel IT began focusing on the “three C’s” — cloud, collaboration, and choice — they had to confront the security concerns inherent to each initiative. So they developed a three-pronged strategy called “Protect to Enable.”

  1. Identity and Access Management (IdAM): “We are currently building a new foundational infrastructure that will support a more holistic identity and access strategy. Instead of multiple tools and policies, we will have a single IdAM hub through which all of our applications flow.”
  2. Cyber Security Center: “[T]he command post for threat prevention, detection, and response. The Cyber Security Center is responsible for analyzing events in our environment, identifying security issues, and initiating a response.”
  3. Security and Privacy by Design (PbD): “We are driving our risk mitigation philosophy and privacy principles upstream into our application and service development. By working with our design teams to build greater security and risk awareness into our applications, we can move the needle from reactive to proactive, develop stronger products, and deliver a better user experience. To integrate privacy into our applications and services, we are focused on applying the principles of PbD. These principles help guide our development teams on privacy considerations at each phase of a product’s or service’s lifecycle. In essence, we want the latest security intelligence, criterion, and privacy principles built into our applications and services, not bolted on.”


We’re closing in on 2015; what will your security strategy entail in the new year?


To continue the conversation, please follow us at @IntelITCenter or use #ITCenter.

Read more >

Mobility — Taking BI Beyond the Boardroom

Business Intelligence (BI) has long empowered enterprise decision makers by providing a data-driven framework for making fast, informed decisions. With the development of advanced analytics, BI is now better and more essential to the enterprise than ever before. Revolutionary new cloud services handle computations of large data sets with ease and fast, portable devices allow easy remote access to just about anything; business intelligence has fully evolved into the mobile realm.


According to Kaan Turnali, Global Sr. Director, BI, SAP, “mobile BI is more prevalent and more relevant today because the gap between the experience of traditional BI content consumed on a desktop PC and that accessed on a mobile device is disappearing rapidly.”


With new studies showing that 55 percent of business intelligence users engage in self-service business intelligence tasks, it’s clear that BI has transcended its executives-only shackles and transformed into a much more utilitarian tool to be leveraged by contributors throughout the enterprise.


Seamless BI Access


Reliance on visual representations of data have become commonplace throughout the enterprise. Every business unit from supply chain to marketing has a dashboard for their analytics and increasingly need unfettered access to this information. This means undisrupted mobile access to BI information is critical. As strong as your BI strategy might be, it all comes down to how easily your team can access crucial dashboards.

SSg---Intel-and-IBM-Image-5 (1).png


A recent Prowess Consulting study examined how popular mobile devices stacked up when accessing features of IBM’s market-leading Cognos BI platform. The study compared the performance of a Lenovo ThinkPad Yoga, Lenovo Miix 2, Apple iPad Air, and Samsung Galaxy Note 10.1 when running IBM Cognos reports.


Advanced Features


While the iPad and Galaxy Note were able to access the limited mobile app version of Cognos, the Lenovo devices offered full-featured access to Cognos Workspace Advanced, which allows users to create custom reports rather than accessing existing reporting tools. Not only did the Lenovo devices with an Intel architecture offer a deeper feature set, the devices featuring an Intel Xeon processor E7 v2 family coupled with IBM DB2 with BLU Acceleration offered 148x better performance than previous generations.


The Right Devices For Decision Makers


BI is only as valuable as the people using it to advance the business and the devices they use to access this information. Organizations that take their BI seriously should take device speed and compatibility seriously because devices don’t make business decisions — the people who use them people do.


Read the full study to learn about IBM Cognos and mobile Intel-powered devices optimized for business intelligence.

Read more >