What are SIEMs and what do they do?

For cyber security experts, network security is one of the most important they must monitor on a day to day basis. Now, more than ever, we are seeing more targeted threats to networks than ever before. However, there are many tools that can help a cyber security expert keep a network secure and safe. One of those tools is called Security Information and Event Management or SIEM for short. What a SIEM does is help security professionals see what actions and activities are going on. It will also log activities as well so security professionals can see them as well. SIEMs have been around for a little while in the industry, but SIEMs have been changing over those years to help protect against ever changing threats. Newer models are introducing threat intelligence. The SIEM will look at both user and network behavior to gather more intelligence whether the actions are malicious or not. Newer SIEMs can also allow network security professionals to define how systems behave.  Continue reading

The WannaCry Attacks

In May of 2017, a worldwide cyberattack occurred. This attack was a ransomware crypto worm called WannaCry. Before we dive into the specifics of WannaCry, we must understand what ransomware and crypto worms are.  Ransomware is a malicious software that threatens the user that it will make their sensitive information public or will display a fake FBI threat. The attacker will demand payment from the user so that the software can be removed from the computer. However, the attackers will get the victim’s information either way. Another technique an attacker will use is called a crytoriral extortion. This attack encrypts the user’s files to make them inaccessible and demands that the victim pays them money to decrypt their information. A crypto worm is another name for a worm. A worm is malware that can replicate itself without user intervention.

Continue reading

BIOS and UEFI firmware attacks

Attacks can come from anywhere. You will see viruses, ransomware, spyware, worms, Trojans and many more on the internet daily. Of course, some of them are more harmful than others, but there are general ways that you can get rid of them on your computer. You could erase the operating system and then reinstall it back onto your device, or you could reformat your hard drive. As we progress into the future, attacks are becoming more and more sophisticated. They are now harder to detect and figure out how they work. Thus, making them harder to deal with. Fortunately, there are still ways to deal with these threats. However, there has been one attack that has been always lurking in the shadows. Something that has been around for a while that many people are unaware of. This attack is called BIOS and UEFI attacks. The fact of the matter is, these attacks have been around for a long time. It has just been over looked by so many cyber security experts. 

Continue reading

The Panama Papers Leak

In 2015, a personal information leak took place that affected over 214,488 entities and over 19 countries. This event is regarded as the Panama Papers leak. This leak released over 11.5 million documents that dealt with the e-mails, pdf files, photo files, and excerpts of an internal Mossack Fonseca database. Mossack Fonseca was a Panamanian law firm and a corporate service provider that used to be the fourth largest provider of offshore financial services. This leak gave detailed personal client-attorney information and personal financial information. One would think that a huge event like this would have a person who is responsible; however, the source remains anonymous. The attacker remained anonymous because he contacted a well-known German newspaper known as the Süddeutsche Zeitung (SZ). The SZ, along with the Consortium of Investigative Journalists (ICIJ), are responsible for breaking this story to the public. So, this begs the question; why did the attacker do such a thing like this? Well, as reported by the SZ, it is said that the anonymous hacker’s motives simply because was he “understood enough about their contents to realize the scale of the injustices they described.” This is because Mossack Fonseca dealt with shell companies which are companies that have no office or employees so that they can be used as money laundering and tax evasion. Mossack Fonseca also dealt with tax havens. The Panamanian government have denounced the name since it deals with more of the company Mossack Fonseca.

Continue reading

The Deep Web and the Dark Web

The Internet, something that we all think we know. We think we know how it works, what all is on the internet and the uses of it. I mean, we use it every day, shouldn’t we know all about it?  However, you may not know as much as you should about the internet. The truth is, the internet that we use only makes up about 4%. Yes, this includes all our social media, search engines, and gaming sites. You may think that these websites are so big, why do they only take up so little of the internet? This is because the for rest of it we do not have access. The other 96% is known as the deep web and the dark web. This is where business and government agencies have their information. The reason why the deep web is so large is because of how extremely large business and government data bases are. They span several years long and an incredible amount of data in them. However, a small part of the deep web is the dark web. On the dark web, there is more sinister items stored there. In this post we will look at both the deep web and the dark web respectively. Will see what kinds of threats come from both. We will look at how we must be more aware what we share on the internet.

Pyramid Graphic

We will first talk about what the deep web is all about. As I said before, this part of the internet is inaccessible to you and me. This part of the web cannot be indexed by regular search engines or methods. This is where big companies like IBM and Google store all their data. It is estimated that 54% of the world’s data bases are stored there. The deep web also holds private intranets for colleges and universities. These intranets hold private message boards, personal files and so on. It is estimated that these take of 13% of the deep web. The deep web also includes online banking, video on demand and email applications. It may seem like you do have access to things while using a browser, but you don’t.  The only way you have access to these places is that you have a password and user name that accepts you onto the private network. You cannot have access without these things and just get on and see the information. This brings us to how these places can be hidden from people on the internet. These sites on the deep web use special routers. These special routers reject traffic that is coming from an unauthorized device, or the device does not meet certain requirements, or they do not present the correct user name and password assigned to that device. Another way these places stay hidden is with private intranets. These networks are only accessible at a certain site or you must have login information to be able to join.

The darker part of the deep web is called the dark web. The dark web is inaccessible to you and I like the deep web, but it uses different methods to stay hidden from the public. The dark web is like the black market of the internet. This is where people sell drugs, credit card numbers, social security numbers and much worse. These sites use something called an onion router. The onion router works only with other onion routers. The routers are all over the world and the owners are unknown. These routers are accessed by special search engines. These search engines will use strong encryption software so that transmissions are secure. The dark web is most likely the place where stolen data ends up. Like mentioned before, people will sell this stolen information to the highest bidder. This is yet another reason why we must protect our data.

Speical Routers

As we roam the internet, we must be careful of what we share. The internet is a big place and it is ever- expanding like our universe. So, as we spend hours on social media or visiting different sites, we must realize that we never know where our data will end up. Maybe they will go into a large data base where a company is collecting data to see what trends young people present the most or, it could fall into the hands of a person who will impersonate you to get even more of your personal information and sell it on the dark web. As we go through our day to day lives, we must always be cautious of who is lurking in the shadows in the real world and the cyber world.

Interested in discussing the challenges and solutions on this topic? Please contact us at bizdev@sdsolutionsllc.com or call 540-860-0920.


Mobile Security

We all have them, resting there in our pockets, laying around close to you or even in your hand right now. That’s right, it’s your mobile devices. These devices seem essential now. It seems like we can’t live without them anymore. They seem to dictate what we do daily. Mobile devices are clearly an important innovation and a token of the forward progress of technology. As it may seem, mobile devices can be a person’s best friend, but also their worst nightmare. You might ask “why are they our worst nightmare if you have said all of these great things about them?” Well, as you see, technology that is created always has a good positive side to it, while it also has a negative side to it as well, and mobile devices are no different. What we have on us is potentially a life changing device or a diamond mine for attackers. As we do more and more things on our devices like online banking, sending corporate emails, using our devices to pay for items because we stored our credit card information on it, etc., we find ourselves less protected than ever before. This is because of the amount of personal data found on our mobile devices are not protected as much as they should. After reading this article, I hope to help you be more aware of the security of your mobile device, how you can protect your device and what to stay away from.

Continue reading

Continuous Diagnostics and Mitigation

Every day, we connect to networks to get into databases, different webpages and other such things without us even knowing it. For example, when we start up our phones and use the internet on them, send text messages, and make calls, we use a network that has been set up by a mobile carrier. Another example is when we go to work and use a computer located in the work place. The computers all located in our workplace are connected to a network. You can access information from the workplace’s data base or communicate to other computers that are connected to this network. These instances aren’t any different when we move up into the government level. The government uses networks to do about the same thing we do and more. These government networks are highly protected and secured because they hold sensitive information. Since we all use networks, they need to be protected highly just like our data. There are many ways one could secure a network. A business could use firewalls, strong encryption and so on. However, the government uses all those basis ways, but they also have a method to securing their network. The government uses Continuous Diagnostics and Mitigation (CDMs) to secure networks and the systems in their position.

Continue reading

Security Information and Event Management

Target, Equifax, Wendy’s, what do all these companies have in common? They are different yet, they all have experienced the same thing. That is right, all these companies have experienced a breach in their security resulting in millions of credit cards, social security numbers and other personal information being exposed on the internet. I am sure that many of you have heard of these security breaches on the news, in a paper, or on other social media outlets. The breaches were the top headliner on many different news outlets for days on end and rightfully so. After each type of these incidents reported, I am always left wondering to myself, “could they have possibly done more to protect our information?” As are living in the aftermath of what is regarded as the digital explosion, more and more of our personal information is being stored in big data bases and not in locked filing cabinets. Our world has changed and so have we. We have accepted the fact that our information will be on the internet whether it being our choice to put it there or not. Because of this reality, our businesses today must continue to be progressive in cyber security. This could be installing the latest version of an OS, or making sure that they use strong encryption methods, or following good password creation. However, one of the best ways to improve this area is with Security Information and Event Management.

Continue reading

Collaborative solutions for Cybersecurity challenges

Gone are the days when a cybersecurity threat was mostly aimed at an unsuspecting individual or a group of gullible people. For example, if an individual’s bank account and credit cards were compromised, the impact was mostly financial and it was felt by the affected individual and their families. In one study by the US Government Accountability Office (GAO), the number of incidents experienced by federal agencies increased by 680 percent in a 6 year period. If Government systems with reasonable controls and security measures see such a drastic rise in threats, it is a no-brainer to guess the increase in the volume of attacks on individual computer systems. Nowadays it is not uncommon for large corporations and government agencies to be relentlessly targeted by hackers to gain access to sensitive information, to conduct large scale fraudulent financial transactions or control computer systems in a way that could harm millions of people.

Continue reading