As I read the “we solve ransomware” emails in my inbox and saw comments on Twitter and Slack, I started to think about how to solve ransomware once and for all. It sounds like a difficult task, but I think it is all about an architecture: an architecture that uses modern ideas. A solution needs to combine security with data protection. I have written about detecting ransomware before, but now we need to find a way to include everything we know to ensure institutions can recover quickly from a new attack while preventing known attacks. This concept came to fruition at VeeamON 2017, and I briefly spoke about it on The Cube. Now it is time to put everything together.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
In one of my more recent articles, I brought attention to the release, or better yet, the data dump, of exploits and hacking tools targeting Microsoft’s Windows OS, Linux, firewalls, and others. One of the main purposes of my post was to bring attention to the grave dangers that these exploits bring to the world. As such, I really hoped that there would be enough interest from individuals in the industry for them to get a copy of the exploits and contribute to the countermeasures needed to better protect and defend the companies and corporations we all represent. I was absolutely sure that there would be many individuals around the world who would reverse engineer the exploits for more devious purposes. We have just experienced the first of what I believe will be multiple attacks unleashed across the globe.
I had a debate with a fellow technologist at Dell EMC World this year about whether the cloud is more secure than any given data center not used by a cloud provider. The argument put forth was that cloud service providers often have better security controls in place, they can auto-patch systems, etc. All in all, it is a valid argument. However, if I as the tenant cannot prove that security, then whatever the cloud does is not necessarily good enough. With the infrastructure of seventy-four countries impacted by the latest ransomware attack, this debate is placed in stark contrast to reality. Were it not for one researcher, the spread might have been worse. At the moment, the only solution for preventing such widespread ransomware is to upgrade and patch. This does not validate the argument that the cloud will patch for you. It does not do so for many Windows systems (depending on the cloud).
Have you ever heard of the “Shadow Brokers?” Until recently, I had not heard the term, but it appears the Shadow Brokers are a group of hackers who have really put a new spin on the phrase “lost in translation.” On Good Friday, and ahead of the Easter holiday, the Shadow Brokers dumped a new collection of files, which they called “Lost in Translation,” containing what appear to be exploits and hacking tools targeting Microsoft’s Windows OS, Linux, firewalls, and others. At the same time, they presented evidence that the Equation Group had gained access to servers and targeted the SWIFT banking system of several banks across the world.
The latest Virtualization and Cloud Security Podcast featured a conversation about the recent Congressional repeal of FCC regulations governing privacy. Internet Service Providers (ISPs) could collect, mine, and sell your search and browser history without your knowledge. This bill has not been signed into law yet. Some would see it as opening the doors on competitiveness with Google. Others would see it as making it easier to get your data. Outside of law enforcement, which already has its means, could others buy this data from your ISP? What is the impact on a business? More importantly, what can you do about it? We were joined by fellow Tech Field Day delegate Jody Lemoine, an independent network engineer who happens to live in Canada, to shed some light from a viewpoint outside the United States.
I was reading a Reddit request for help regarding ransomware. The title was “Got hit BAD tonight.” That title describes the catastrophe simply and to the point. The ransomware in question attacked the hypervisor. Then, it proceeded to encrypt all backups and other systems connected to the hypervisor. This is the exact issue that virtualization and cloud security folks talk about daily with others. This is the ultimate in admin escape. This was not an escape-the-VM; this was an admin escape. The rule for accessing the hypervisor directly is DO NOT. The rule for using administrator credentials to do anything is DO NOT. Admin escape counts on those mistakes being made. Even so, there is a ton we can learn from this episode. I feel for the target, but it is time to quickly learn and implement better protections within your own environments. They are targets as well.