Tag: Environments

Testing Environments Help DHS S&T and CISA Secure Transportation Infrastructure

December 13, 2022/in Computer Security

Strengthening and protecting our nation’s critical cyber infrastructure is a monumental task, one that the Science and Technology Directorate (S&T) takes seriously. Together with the Cybersecurity and Infrastructure Security Agency (CISA), S&T is developing and testing new technologies and tools that will help combat daily threats, both physical and online.

“All critical infrastructure sectors—including the energy, manufacturing, and transportation sectors—rely heavily on sophisticated technologies like industrial control systems, cellular networks, and artificial intelligence,” said S&T program manager Alex Karr. “These are all accessed, monitored, and controlled via the internet, which, in turn, makes them susceptible to hacking, malware attacks, and other malicious activities.”

Our critical infrastructure and associated online networks and technologies play a vital role in ensuring that the most essential services of our government and private sectors can do their job. Because of this, any potential weaknesses that can be exploited, disrupted, or damaged represent a significant threat to the safety of our citizens and our country. “This is why it’s crucial that we do everything we can to boost our online security and make sure we’re ready to respond to any attempts to compromise these crucial services and related systems,” Karr said.

S&T is working with a multi-agency team to do just that, collaborating with CISA, the Idaho National Laboratory (INL), Pacific Northwest National Laboratory (PNNL), and other government and private stakeholders to design and implement two state-of-the-art training tools, both a part of CISA’s Control Environment Laboratory Resource (CELR) test environment. These CELR test environments, one designed by INL and the other by PNNL, will eventually be integrated into CISA’s existing suite of internet security tools.

“CELR test environments are miniaturized test environments that emulate crucial facilities and their associated technologies and physical components,” explained Tim Huddleston, INL program manager for Infrastructure Assurance and Analysis. “They are designed to provide first responders and security…

Source…

Federal Identity Cards Must Adapt to Changing Security Environments

October 10, 2022/in Mobile Security

PIV Cards Are Compatible with Cloud-Based Web Applications

Federal IT managers who have been thinking about zero trust and how it relates to existing FICAM compliant authentication systems need to know about advances in the commercial space that may affect them.

Let’s take a few seconds to review how PIV cards work. PIV cards contain digital certificates and, more important, private keys assigned to each user.

The digital certificate, issued by some certification authority (CA) within the federal PKI tree, describes the user’s identity. The private key is used with public/private cryptography to prove that the user is in control of the PIV card and has it at the moment of authentication.

This certificate-based authentication is widely supported in most enterprise web applications, desktop and laptop operating systems, and VPN applications.

As any PIV user knows, this method of authentication is extremely resistant to credential theft, which makes it very secure.

The main issue with PIV-based authentication is that it is based on a walled garden within the federal PKI tree. This makes enrollment in PIV a cumbersome and time- consuming process, and one which is not friendly to contractors or other third parties.

PIV cards have other limitations that affect both usability and security. They are poorly supported on mobile devices, require some additional reader hardware, and the physical user must be present.

EXPLORE: How agencies are implementing zero trust and modernization.

FIDO2: If PIV Had Been Invented 20 Years Later

While PIV is dominant in the federal private infrastructure, cloud and enterprise application vendors are exploring new ways to combine the passwordless security of certificate-based authentication with other enrollment models.

The FIDO2 standards, coordinated by the Fast Identity Online (FIDO) Alliance, and their interoperability with , coordinated by the World Wide Web Consortium, are the most important new technologies to know about.

The FIDO Alliance made a big splash earlier this year when Microsoft, Apple and Google, along with the Cybersecurity and Infrastructure Security Agency, announced their commitment to pushing FIDO2 into desktop and mobile…

Source…

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

July 23, 2022/in Computer Security

The latest confirmations of the growing attacker interest in VMware ESXi environments are two ransomware variants that surfaced in recent weeks and have begun hitting targets worldwide.

One of the malware tools, dubbed Luna, is written in Rust and can encrypt data on ESXi virtual machines (VMs) in addition to data on Linux and Window systems. The other is Black Basta, a rapidly proliferating ransomware variant written in C++ that, like Luna, targets ESXi VMs and also works on Windows and Linux systems as well.

They add to a collection of ransomware variants aimed at ESXi, VMware’s bare-metal hypervisor for running virtual machines. Numerous organizations use the technology to deploy multiple VMs on a single host system or across a cluster of host systems, making the environment an ideal target for attackers looking to cause widespread damage.

“Infrastructure services like networking equipment and hosting infrastructure like ESXi can’t easily be patched on demand,” says Tim McGuffin, director of adversarial engineering at Lares Consulting. “Attacking these services provides a one-stop shop for impact since a large number of servers can be encrypted or attacked at once.”

Other recent examples of malware targeting ESXi environments include Cheerscrypt, LockBit, RansomEXX, and Hive.

The Cross-Platform Ransomware Threat

Researchers from Kaspersky first spotted Luna in the wild last month. Their analysis
shows the malware to fall into the trend of several other recent variants that are written in platform-agnostic languages like Rust and Golang, so they can be easily ported across different operating systems. The researchers also found the malware to employ a somewhat rare combination of AES and x25519 cryptographic protocols to encrypt data on victim systems. The security vendor assessed the operator of the malware to be likely based in Russia.

Kaspersky’s analysis of a recent version of Black Basta — a ransomware variant it has been tracking since February — shows the malware has been tweaked so it can now encrypt specific directories, or the entire “/vmfs/volumes” folder, on ESXi VMs. The malware uses the ChaCha20 256-bit cipher to encrypt files on victim systems. It also…

Source…