Saturday, 24 April 2021
Sunday, 18 April 2021
Current State of DevSecOps Metrics
Data Generated by DevSecOps Practices
DevSecOps replaces practices that in the past have been labor-intensive and error-prone. CI is the automated process by which developers integrate code then build, test, and validate new applications. Its success was not practical until compilers (and the underlying compute hardware) evolved to be able to compile code quickly. Also needed were robust version control, configuration management, and test suites.
CD is the automated process of creating releasable artifacts. Its success depends on the ability of today's tools to automate not only the building of programs, but execution of system tests and delivery of validated code into production. Infrastructure as code—the scripting or virtualization of infrastructure that replicates the operational environment and optimizes computing resources—depends on the availability of encapsulated virtual environments, another recent technological innovation.
The automation that makes these DevSecOps practices possible in turn spawns a large amount of data as a by-product. This data can be made available to enable stakeholders to assess the health of a project including its development performance, operational performance, whether it is sufficiently secure, and how frequently upgrades are being delivered.
What Are Metrics, and Why Do We Need Them?
Software metrics enable stakeholders in the development of software—developers, security personnel, operations personnel, development teams, and executives—to know key things they need to know about software projects, answering such questions as the following:
- Is the service delivering value to the users?
- Is the service operating properly?
- Is the organization achieving its business goals?
- Is the service secure?
- Is the infrastructure able to support throughput, memory constraints, and other requirements?
- Is the service being attacked?
- Can future needs be supported?
- What will be the cost and risk of adding new features?
Data that is generated by the DevSecOps methodology can help provide answers to these and similar questions.
Metrics are measurements of system properties or performance that inform decisions. They can be used to understand what happened or what might happen in the future. They help to determine such things as
- if the process is stable
- if the process is capable
- if goals are being met
- how alternative processes, tools, or products compare
- how to manage change
Limitations of Existing DevSecOps Metrics
Studies have identified four key metrics that support software development and delivery performance. Two relate to tempo and two to stability.
Tempo
- deployment frequency
- lead time from commit to deploy
Stability
- mean time to recover from downtime (mean time to restore [MTTR)]) or mean time between failures (MTBF)
- change failure rate or percentage
Saturday, 10 April 2021
Wednesday, 7 April 2021
LinkedIn Fake Jobs for Spear Phishing
Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times.
Hence, targeting such unsuspecting people to carry out Spear Phishing attacks on LinkedIn with fake job offers to infect them with a sophisticated BACKDOOR TROJAN - MORE_EGGS is the latest modus operendi.
Crafting the fake job offer based on the the target’s job position from LinkedIn increases the odds that the recipient will successfully detonate the malware. To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.For example, if the LinkedIn member's job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the 'position' added to the end), cybersecurity firm eSentire's Threat Response Unit (TRU) said in an analysis. Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. It uses normal Windows processes to run so it is not going to typically be picked up by anti-virus and automated security solutions so it is quite stealthy.
The below three elements make more_eggs, and the cybercriminals which use this backdoor very lethal -
Once installed, more_eggs maintains a stealthy profile by hijacking legitimate Windows processes while presenting the decoy "employment application" document to distract targets from ongoing background tasks triggered by the malware. Furthermore, it can act as a conduit to retrieve additional payloads from an attacker-controlled server, such as banking trojans, ransomware, credential stealers, and even use the backdoor as a foothold in the victim's network so as to exfiltrate data.
Reference links:
https://thehackernews.com/2021/04/hackers-targeting-professionals-with.html
The InfoSec Wheel
1) The Red Team, employees or contractors hired to be Attackers, ethical hackers that work for an Organization finding security holes that a malicious individual could exploit.
2) The Blue Team, the Organization’s Defenders, who are responsible for protective measures within an Organization.
While it is good to have people dedicated to secure an Organization through defense or attack methods, Organizations and their systems do not stay static. Additional processes, automations, products and being built constantly — with the potential attack surface area growing with each new change or integration.
Only having Red and Blue Security Teams is not enough. The people building what must be defended need to be included.
Sunday, 4 April 2021
Automating threat actor tracking
The model enriches targeted attack notifications with additional context on the threat, the likely attacker and their motivation, the steps the said attacker is likely to make next, and the immediate action the customer can take to contain and remediate the attack. Below we discuss an incident in which automated threat actor tracking translated to real-world protection against a human-operated ransomware attack.
Read the full article by Microsoft 365 Defender Research Team - https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/
Saturday, 3 April 2021
Thursday, 1 April 2021
Forrester 2021 Predictions
Provided below are some of the predictions for 2021 by Forrester.
In 2021, Remote Work will rise to 300% of pre-COVID levels
Most companies will employ a hybrid work model, with fewer people in the office and more full-time remote employees. As a major portion of the workforce develops the skills and preference for effective remote work, they will come to expect a work-fromanywhere strategy from their company rather than an exception-driven remote-work policy. Expect this to reshape talent acquisition, moving right into talent poaching, as the most desirable workers seek location agnostic work opportunities.
33% of data breaches in 2021 will be caused by insider incidents, up from 25% in 2020
Remote work drives uptick in insider threats. Three major factors that will produce an uptick in insider threats:
1) the rapid push of users, including some outside of companies’ typical security controls, to remote work as a result of the COVID-19 pandemic;
2) employees’ job insecurity;
3) the increased ease of moving stolen company data.
Combined, these will produce an increase of 8 percentage points in insider incidents, from 25% in 2020 to 33% in 2021
30% of firms will increase spend on cloud, security and risk, networks and mobility
Leading CIOs will embrace cloud-first and platform strategies for speed and adaptiveness, eschewing stovepipes for end-to-end solutions. Interviews with leading CIOs found that they are collaborating more across organizations, objectives, and budgets, extending IT-business partnerships into enterpriselevel shared accountability. They will also invest aggressively in employees, breaking down old ideals and resolving resistance within the organization.
CIOs focused on employee experience (EX) will help their firms attract, develop, and retain talent that can provide competitive advantage in a critical year.
CIOs who are slow or unable to adapt will have at least two problems on their hands:
1) massive attrition
2) getting mired in short-term fixes, like tech modernization, simplification, and consolidation, that achieve only digital sameness through peer-comparison strategies by the end of 2021
The global public cloud infrastructure market will grow 35% in 2021
The impact of the global pandemic reinforced the tremendous value and necessity of cloud computing to the world’s economy and workforce. Without cloud apps, tools, and services, businesses could not have sent millions of workers home, maintained global supply chains, or shifted entire industry business models in a matter of weeks.
The changes brought about by COVID-19 forced companies to prioritize speed and customer experience over cost savings and efficiency — and they flocked to public cloud services faster than ever. It is predicted that the global public cloud infrastructure market will grow 35% to $120 billion in 2021.
Regulatory and legal activity related to employee privacy infringements will double
Forrester predicts that in 2021, regulatory and legal activity regarding employee privacy will double. While European regulators are already enforcing privacy rules to protect employees’ personal data, countries such as Brazil, India, and Thailand will soon do the same. Companies must take a “privacy by design” approach when handling employee personal data. Doing this entails identifying and following all relevant requirements, including and beyond privacy; assessing specific privacy and ethical risks; and communicating transparently with employees.