Author: Garret F. Grajek

Comment on NFT Giant OpenSea Reports Major Email Data Breach by Garret F. Grajek

“The world of crypto is already know for massive fraud and theft. The practice and procedures enacted on the Web2 world simply are not operating practices in the web 3/crypto world. Until practices like system hardening, device and user review and identity governance are practiced – the NFT, crypto world will continue to be a hackers paradise.”

Comment on Kubernetes API: Over 900,000 Exposures Found Across The Internet by Garret F. Grajek

Misconfigurations are the key attack vector in which hackers are penetrating and staying resident in our systems. In fact, the Palo Alto Unit 42 security group posted that 98% of cloud identity permissions were “misconfigured and/or over-permissioned.” It is imperative that enterprises professionally and best w/ a 3rd party tool or resource or both – check their identities and configurations.

Comment on Russian Botnet Disrupted In International Cyber Operation – Expert Comments by Garret F. Grajek

Botnets are a major international concern – and one of the major problems facing internet availability and internet security today – with the Barracuda network investigation revealing 39% of all traffic is malicious bots. These bots are scanning our machines, looking for vulnerabilities, and then deploying to our systems and communicating back to their designated C2s (hacker command and control centers). Enterprise must be aware that this is occurring and acknowledge that vulnerabilities and zero day hacks WILL be discovered. Secure identity governance is needed, since hackers will exploit compromised identities and raise privileges.

Comment on 24 Billion Usernames And Passwords Found On The Dark Web by Garret F. Grajek

Identities are the true hackers objective. A username/password tuple can be attempted at not just the resource that is discovered but at multiple targets: banks, credit cards, health care and business accounts. It’s these business accounts that enterprises must concern themselves with. It’s not difficult for a hacker to pivot a username/ID w/ OSINT and discover the place of work. From there it’s just a matter of logging onto the users account in some form, dropping in a RAT (Remote Access Trojan) and then begin the cyber kill chain of lateral movement and privilege escalation. It is imperative that an enterprise practice Zero Trust and strong identity governance which help identify anomalies in user privileges.

Comment on API Calls Expose 770M Logs With GitHub, AWS, Docker Tokens In Travis CI Logs by Garret F. Grajek

It is a false assumption that code and agents we implement in our enterprises are safe from malware. Colonial Pipeline and other hacks have shown us that this is a fallacy. Just as zero trust has shown us that all network and session traffic cannot be trusted – so must we feel about sources. The same guards of re-authenticate, re-authorize that we do for ZTN – we must conduct for our software. We have to have a resilient enterprise that practices rigid identity governance which can stop the threat actor when they begin their kill chain of attacks.

Comment on IRS “Dirty Dozen” Warns Tax Pros And Businesses Of Spear Phishing by Garret F. Grajek

Phishing has become the #1 way to penetrate both user and corporate devices. The ease with which the hackers deliver their payload to these systems cannot be underestimated. Every enterprise should assume the devices that their users utilize are infected. This is the zero trust mentality. Once this reality is assumed, then security personnel can start taking the right steps to mitigate the inevitable. Proper identity governance, knowing who has access to what – and what identity permissions have changed is crucial.

Comment on What Are Top Threats To The Cloud Computing? by Garret F. Grajek

There is no question there is a crisis in cloud administrative privileges. The Palo Alto Unit 42 survey showed that 99% of cloud administrative rights are overly permissive. And now we are seeing the results of these poorly managed resources – with ransomware and exfiltration attacks occurring daily – with the Shields Health Care Group just recently reporting a breach of 2 million records . The cloud is not a panacea – the concepts of least privilege (NIST 800-53 AC.6) must be adhered to in all resources – especially publicly accessible clouds.

Comment on Malware Injected Into Every JavaScript File Controlling Thousands Of Sites by Garret F. Grajek

Good reminder of just how much our enterprises are being constantly scanned and the level of nefarious traffic. It was sited that that bot traffic may be over50% of the internet. The bots are scanning our systems and looking for vulnerabilities and an ability to stay persistent. Once they have a hold – the bots can inject their malware for ransomware, lateral movement, and data exfiltration. Enterprises have to assume their sites are being attacked and practice diligent identity governance to insure that their accounts are not being manipulated. And now that so many enterprises are managed by 3rd party MSSPs, they have to inquire and demand what mechanism are being use to watch their identities.