Author: Garret F. Grajek

“The world of crypto is already know for massive fraud and theft. The practice and procedures enacted on the Web2 world simply are not operating practices in the web 3/crypto world. Until practices like system hardening, device and user review and identity governance are practiced – the NFT, crypto world will continue to be a hackers paradise.”

Read more →

Misconfigurations are the key attack vector in which hackers are penetrating and staying resident in our systems. In fact, the Palo Alto Unit 42 security group posted that 98% of cloud identity permissions were “misconfigured and/or over-permissioned.” It is imperative that enterprises professionally and best w/ a 3rd party tool or resource or both – check their identities and configurations.

Read more →

Botnets are a major international concern – and one of the major problems facing internet availability and internet security today – with the Barracuda network investigation revealing 39% of all traffic is malicious bots. These bots are scanning our machines, looking for vulnerabilities, and then deploying to our systems and communicating back to their designated C2s (hacker command and control centers). Enterprise must be aware that this is occurring and acknowledge that vulnerabilities and zero day hacks WILL be discovered. Secure identity governance is needed, since hackers will exploit compromised identities and raise privileges.

Read more →

Identities are the true hackers objective. A username/password tuple can be attempted at not just the resource that is discovered but at multiple targets: banks, credit cards, health care and business accounts. It’s these business accounts that enterprises must concern themselves with. It’s not difficult for a hacker to pivot a username/ID w/ OSINT and discover the place of work. From there it’s just a matter of logging onto the users account in some form, dropping in a RAT (Remote Access Trojan) and then begin the cyber kill chain of lateral movement and privilege escalation. It is imperative that an enterprise practice Zero Trust and strong identity governance which help identify anomalies in user privileges.

Read more →

It is a false assumption that code and agents we implement in our enterprises are safe from malware. Colonial Pipeline and other hacks have shown us that this is a fallacy. Just as zero trust has shown us that all network and session traffic cannot be trusted – so must we feel about sources. The same guards of re-authenticate, re-authorize that we do for ZTN – we must conduct for our software. We have to have a resilient enterprise that practices rigid identity governance which can stop the threat actor when they begin their kill chain of attacks.

Read more →

Phishing has become the #1 way to penetrate both user and corporate devices. The ease with which the hackers deliver their payload to these systems cannot be underestimated. Every enterprise should assume the devices that their users utilize are infected. This is the zero trust mentality. Once this reality is assumed, then security personnel can start taking the right steps to mitigate the inevitable. Proper identity governance, knowing who has access to what – and what identity permissions have changed is crucial.

Read more →

There is no question there is a crisis in cloud administrative privileges. The Palo Alto Unit 42 survey showed that 99% of cloud administrative rights are overly permissive. And now we are seeing the results of these poorly managed resources – with ransomware and exfiltration attacks occurring daily – with the Shields Health Care Group just recently reporting a breach of 2 million records . The cloud is not a panacea – the concepts of least privilege (NIST 800-53 AC.6) must be adhered to in all resources – especially publicly accessible clouds.

Read more →

The key to remember here is the collaboration and integration of hacking components and groups. One group discovers the vulnerability, another creates the exploit and yet another mans the C2 (command and control) center to receive the communicatio…

Read more →

Source code attacks are some of the most effective and long reaching attacks on the IT ecosystem. The Solarwinds attacked showed us the level of damage and the magnitude of threat that embedded malware can have in our vital s/w components. By atta…

Read more →

Good reminder of just how much our enterprises are being constantly scanned and the level of nefarious traffic. It was sited that that bot traffic may be over50% of the internet. The bots are scanning our systems and looking for vulnerabilities and an ability to stay persistent. Once they have a hold – the bots can inject their malware for ransomware, lateral movement, and data exfiltration. Enterprises have to assume their sites are being attacked and practice diligent identity governance to insure that their accounts are not being manipulated. And now that so many enterprises are managed by 3rd party MSSPs, they have to inquire and demand what mechanism are being use to watch their identities.

Read more →

Health care enterprises have traditionally been behind other sectors that are heavily dependent on IT technologies, e.g., their counterparts in insurance and finance. The attackers target them because they have less developed security controls and are …

Read more →