Hacking can be a dirty word. It evokes images of a person sitting in the dark with a black hoodie on, hunched over a keyboard, in front of multiple screens, attacking an innocent business, or individuals, online. It automatically generates thoughts of terrible ransomware attacks and cyber criminal gangs with names such as Evil Corp.
But cyber criminals have a foe – ethical hackers. We hack companies to show them their weaknesses so they can fix them before they are breached.
Companies are aware that cyber attacks are increasing by 50% year on year. With organisational spending on cyber security at an all-time high, firms are spending significant amounts on their security infrastructure. I’m often asked: How can we know that our cyber security is working effectively?
My advice to companies is simple – invest in a red teaming test.
Red teaming is the practice of simulating a multi-layered cyber attack that tests the effectiveness of every aspect of an organisation’s security. Rather than running the risk of financial and reputational damage after being hit by a ransomware attack, hire ethical hackers to simulate an attack to unearth vulnerabilities, so that they can be addressed before it’s too late.
“The only real way you can determine the effectiveness of your security is by getting hacked. Red teaming tests employ both virtual and physical methods to probe for weakness, exactly as a cyber criminal would” Rob Shapland, Falanx Cyber
For a company to be put through its paces, it needs to be tested through active and proactive attacks of both its virtual and physical systems, using the same tactics, techniques and procedures as cyber criminal groups are using right now. My team typically carries out a red teaming mission in five steps:
We always begin with open source intelligence gathering (OSINT). As with the first stage of any operation, we begin an attack by investigating a company and its employees,…
https://spinsafe.com/wp-content/uploads/2022/12/eye-scan-id-security-hero-getty.jpg4001200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-12-29 06:30:052022-12-29 06:30:05How does red teaming test the ultimate limits of cyber security?
Editor’s Note: Drones are often heralded as revolutionizing warfare, but recent experiences in Ukraine and elsewhere suggest that these systems have many vulnerabilities. Drawing on their longerresearch, Antonio Calcara, Andrea Gilli, Mauro Gilli, and Ivan Zaccagnini argue that drones are highly vulnerable to air defenses and that highly-trained humans are vital for drones to be their most effective.
Daniel Byman
***
After two decades of hype, the war in Ukraine is prompting a reevaluation of the utility of military drones. Ukrainian forces used Turkish Bayraktar TB2 drones to great effect in the early days of the conflict, and the United States has discussed selling Ukraine MQ-1C Gray Eagles. But as the war has progressed, these platforms have become less effective. According to a Ukrainian air force pilot interviewed by Foreign Policy magazine, Turkish TB2s “were very useful and important in the very first days [of the war], stopping those columns [of armored vehicles], but now that [the Russians have] built up good air defenses, they’re almost useless.” Another Ukrainian air force pilot echoed this sentiment, telling Breaking Defense, “[I]t’s very dangerous to use such expensive drones [like the Gray Eagle], in our case, because of [the] enemy’s air defense …. It’s not Afghanistan here.” Along the same lines, military analysts writing for The Drive note that U.S. defense planners have a similar assessment. “[T]he U.S. Army has reached many of the same conclusions about the [Gray Eagle]’s ability to survive even in environments with relatively limited threats,” they write. “The U.S. Air Force has been looking to move away from the MQ-9 Reaper, the Gray Eagle’s larger cousin, for the same reasons.”
These assessments contradict the dominant narrative that military drones are a war-winning weapons system. Early on during the Russian invasion of Ukraine, for instance, some observers cheered Turkish drones as a decisive weapon, so much so that there have been popular fundraising initiatives to purchase more TB2s for Ukraine. Similar narratives emerged during the 2020 Nagorno-Karabakh war between Armenia and Azerbaijan and during the battle for…
https://spinsafe.com/wp-content/uploads/2022/07/388521.jpg5691024SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2022-07-31 13:00:062022-07-31 13:00:06Air Defense and the Limits of Drone Technology
Today, computer hacking and ransomware are common occurrences. Just this week, the U.S. managed to seize back $6 million paid in a ransomware attack against multiple companies. However, there was a time before organized groups of hackers operated out of windowless offices around the world seeking financial or political gains; this was a time when most hacking was conducted by lone teenagers working out of bedrooms in their parents’ houses, whose only goal was the sheer joy of accessing information.
Below, we’re going to take a look at some of the most famous — or, depending on your viewpoint, infamous — hackers of all time. But first, let’s delve into the history of hacking a little bit.
You could argue that the idea of hacking began at the Massachusetts Institute of Technology during the 1950s and 60s, when the term “hack” was used for elegant or inspired solutions to problems. Many of these “hacks” were actually practical jokes. One of the most extravagant saw a replica of a campus police car erected on top of the Institute’s Great Dome. Over time, the term became associated with the early computer programming scene, at MIT and elsewhere.
From MIT, the term spread out into the general computing lexicon.
Hacking as we know it began in the early 1970s with the increase in the use of mainframe computers and distributed computing. Early adopters of those technologies were government organizations and the military, and the Air Force conducted the first-ever penetration test of their systems in 1971, using what became known as “Tiger Teams”.
In 1980, theNew York Timesdescribed hackers as, “technical experts; skilled, often young, computer programmers, who almost whimsically probe the defenses of a computer system, searching out the limits and possibilities of the machine”. Early hacker groups included the 414s — a group of six Milwaukee teenagers who, between 1982 and 1983, broke into computers at US institutions ranging from the Los Alamos National Library to the Security Pacific Bank, using cheap PCs, analog modems, and simple password-hacking techniques.
By 1982, groups like the Legion of Doom, Masters of Deception, and Cult of the Dead Cow had turned hacking into a…
https://spinsafe.com/wp-content/uploads/2021/11/hackers_md.jpg486864SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-11-17 12:00:052021-11-17 12:00:05Here’s How the Most Famous Hackers Pushed Computing to the Limits
The Illinois General Assembly recently passed Senate Bill 672 (“SB 672” or the “Bill”), which codifies Illinois common law standards for enforceability for covenants not to compete or solicit and imposes several additional statutory limitations on employers’ ability to enter into and enforce post-employment restrictive covenants. The Bill, which is expected to be signed into law by the end of the year, follows a nationwide trend among Democratic state legislatures enacting laws designed to limit the use or utility of various restrictive covenants in the employment setting.
Under SB 672, a covenant not to compete or solicit is void and unenforceable, subject to judicial reformation, unless: (1) the employee receives adequate consideration; (2) the covenant is ancillary to a valid employment relationship; (3) the covenant is no greater than is required for the protection of a legitimate business interest of the employer; (4) the covenant does not impose undue hardship on the employee; and (5) the covenant is not injurious to the public. The Bill codifies the holding of Fifield v. Premier Dealer Services, 2013 IL App (1st) 120327, by defining “adequate consideration” as (a) two years of continuous employment after signing the agreement; or (b) alternative consideration, such as “a period of employment plus additional professional or financial benefits or merely professional or financial benefits adequate by themselves.” This is noteworthy as some courts applying Illinois law have declined to apply Fifield’s holding taking the position that it does not correctly state Illinois law. Following SB 672’s enactment, it is likely that Fifield will be followed by courts across the board, even when interpreting restrictive covenants entered into before the Bill’s effective date.
Likewise, the Bill incorporates the holding of Reliable Fire Equipment Co. v. Arredondo, 965 N.E.2d 393 (Ill. 2011), by adopting its “totality of the facts and circumstances” standard for determining an employer’s legitimate business interest. The Bill further provides a non-exclusive list of factors to be considered by courts when determining the employer’s…
