Peter A Clarke

Red Canary has released its 122 page 2021 Threat Detection Report.  It is useful in identifying the most prevalent techniques and threats and considers best ways to detect and mitigate specific threats and techniques. It is a highly technical document.

The top techniques are:

• T1059 Command and Scripting Interpreter (24%)
  
• T1218 Signed Binary Process Execution (19%)
  
• T1543 Create and Modify System Process (16%)
  
• T1053 Scheduled Task / Job (16%)
• T1003 OS Credential Dumping (7%)
  
• T1055 Process Injection (7%)
• T1027 Obfuscated Files or Information (6%)
• T1105 Ingress Tool Transfer (5%)
  
• T1569 System Services (4%)
  
• T1036 Masquerading (4%)
  

The report also noted:

• Command-line parameters are by far the most efficacious for detecting
  potentially malicious PowerShell behavior
• attackers use Windows Command Shell One by the use of  cmd to call native commands and redirect the output of those commands to a file on the local admin share.
• to detect adverseries it is necessary to focus on the uncommon patterns of execution and patterns of execution  commonly associated with malice

It is a comprehensive report and worthy of a close read by not only technical operators but those who get involved with cyber security issues.

The Thales report is more a strategic overview Read the rest of this entry »

In today’s Age the National Children’s Commissioner in TikTok: Time’s up to protect children’s privacy highlights the alarming privacy invasive practices of Tik Tok as well as the cumulative data collecting on children through social media and other sources.  While the impetus of the story was on Tik Tok’s focus on children there is not much new to Anne Hollands’ piece.  Social media sites have been in the business of collecting personal information since their inception. Google’s business model is predicated on collecting and aggregating data through alogorithms so as to sell targeted advertising.

Hollands’ concern about Tik Tok and other sites collecting personal information without proper consent is well placed.  The ACCC has similar concerns.  The potential problem is part of her solution, to have provisions in the Privacy Act requiring anyone collecting children’s data to have some form of best interests of children provision relating to the collection and use of that data. The problem with this approach is that it creates additional protections for specific types of data.  The resulting danger is that there will be silos of strong protection amidst weak protection overall.  That is what happens in the United States of America.  There the Children’s Online Privacy Protection Act (“COPPA”).  COPPA sets stringent requirements on websites or services directed at children,  strong health records protections with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and even protections over records of video renting with the Video Privacy Protection Act of 1988.  But many other areas of activity in the USA have weak privacy protections at the Federal level.

The chronic problem is weak privacy protections Read the rest of this entry »

The UK Information Commissioner’s office has fined Mermaids £25,000 for failing to keep personal information secure.  The nature of the breach was personal information found in emails and documents created by staff at Mermaids or its clients were publicly available on line.  Mermaids were advised by a newspaper of this fact in June 2019.  Mermaids contacted the Commissioner that day.

Mermaids is a charity that offers support to young people and their families regarding gender non comformity.  As such the nature of discussions and personal information were very sensitive.

The media release provides:

The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.

The ICO’s investigation began after it received a data breach report from the charity in relation to an internal email group it set up and used from August 2016 until July 2017 when it was decommissioned. The charity only became aware of the breach in June 2019. Read the rest of this entry »

On 13 July 2021 the Federal Government released a comprehensive discussion paper titled Strengthening Australia’s cyber security regulations and incentives as part of its attempts to make the digital economy more resilient.  The focus is on cyber security.  It summarises the issues and raises options across the broad subject headings of:

• Governance standards for largebusinesses
• Minimum standards for personal information
• Standards for smart devices
• Labelling for smart devices
• Responsible disclosure policies
• Health checks for small businesses
• Protecting consumers
• Clear legal remedies for consumers
  

As papers go it is comprehensive and a good resource in itself as it sources US, UK and European actions (which are far ahead of Australia’s) in cyber security.  But there is nothing stated in the report which hasn’t been written before.  It is candid enough to state that the primary current regulatory framework of the Privacy Act 1988, the Australian Consumer Law and the Corporations Act as well as other more specialised acts are not effective in this area.  Refreshingly the Paper highlights the dissatisfaction with the Information Commissioner’s approach to enforcement of the Privacy Act stating Read the rest of this entry »