Dark Ivy Consulting

11/01/2021

We can improve upon the default security of our cloud assets. Remote Desktop Protocol should be secured, and I examine some options.

We can improve upon the default security of our cloud assets. Remote Desktop Protocol should be secured, and I examine some options.

09/27/2021

You've heard that older operating systems are insecure. Check out my video on attacking windows 7 see why:

See how a vulnerability scan can lead to exploitation using Nessus Professional and Metasploit.

09/13/2021

Private and public sector are suffering from a lack of qualified cybersecurity talent. We're outnumbered and we lack diversity.

If you're considering moving into this industry and would like guidance, training, or a mentor, I would be happy to help you begin this journey of continuous learning.

08/20/2021

Excited to share my new website for Dark Ivy Consulting:

http://www.darkivy.io

08/01/2021

If you put data into the cloud, who's responsibility is it to secure it?

It's your responsibility. The cloud providers protect the cloud as if it is a single entity. Their terms of service protect them, not you.

Take control of your own encryption with an open source tool, by watching my instructional video.

07/28/2021

A memo was released by President Biden today on securing Operational Technology by creating a baseline for cybersecurity standards.
In the memo, the President states, "the Secretary of Homeland Security shall issue sector-specific critical infrastructure cybersecurity performance goals within 1 year of the date of this memorandum. These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services."

Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure.  The cybersecurity threats posed to the systems that control and operate the critical infra...

07/21/2021

Yesterday, Industry-Leader Robert M Lee of Dragos provided testimony to the Subcommittee on Oversight and Investigations of the Committee on Energy and Commerce of the House of Representatives, with regards to countering ransomware in critical infrastructure. In the testimony, Mr. Lee identifies five key ways that private and public sector can work together to muster a defense against state actors.

Mr. Lee also points to a consistent lack of visibility into the OT environment that creates a false sense of security, and inhibits the detection of intrusions.

There are technological controls available to us to bolster the security of the built environment. If you are responsible for the operation of a facility and have questions, please reach out.

Mr. Lee's entire testimony can be read here:

https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Witness%20Testimony_Lee_OI_2021.07.20.pdf

07/07/2021

I was asked to share my thoughts with OfficeSpace on how facility managers can take control of their BAS security. Check out what they wrote!

David Brunsdon explains the risks of an insecure BAS and how facility managers can maintain security in their building automation systems.

07/05/2021

The infosec community has had a bad Independence Day weekend. A mass-ransomware event began on Friday around 1pm EST, initiated by the Ransomware as a Service (RaaS) threat actor, REvil. The ransomware deployment was embedded into network management software made by an American company called Kaseya.
Kaseya’s software is used by Managed Service Providers (MSP), who work like outsourced IT departments, to handle the patching of workstations and servers. Its a supply chain attack, because the actual victims were the hundreds of companies that were the clients of these MSP.
The attack was extremely sophisticated and utilized a zero-day vulnerability in Kaseya’s software that there is currently no fix for. The network management systems, which are allowed complete access to their user’s networks, were altered to deploy ransomware software, rather than security patches.
Victims are directed to an online store where they can purchase decryption software for $45,000 per endpoint. REvil has come forth and said that they have encrypted over 1 million endpoints, and they will post a mass decryption tool that can restore everyone if they are paid $70 million dollars.
This attack is ongoing, and many businesses are inoperable. It’s essential that we rethink how we secure our systems, and begin to assume our defenses have already been breached.
If you need assistance developing your ransomware plan, or are concerned about your online exposure, please reach out.

06/21/2021

Ransomware has progressed beyond the simple formula, and attackers will now monetize your data in numerous ways.

bleepingcomputer.com describes how data exfiltrated can now end up for sale on an online marketplace, and even brokered to your competition.

https://www.bleepingcomputer.com/news/security/data-leak-marketplace-pressures-victims-by-emailing-competitors/

The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data.

06/10/2021

Hackers use a variety of methods to find a target.

I demonstrate how passive footprinting can be used to identify targets through their building automation system.

06/08/2021

Establishing a good cyber hygiene routine will reduce your risk of an incident. This includes applying security updates regularly, using unique passwords, and the proper handling of data at rest, and in transit.
Conversely, when an attacker identifies a target as having poor cyber hygiene, they will recognize the possibility of exploitation.

The Government of Canada offers a variety of cyber hygiene resources through their public awareness campaign, Get Cyber Safe.