Cybersecurity Snapshot: CISA Breaks Into Agency, Outlines Weak Spots in Report, as Cloud Security Alliance Updates Cloud Sec Guidance
2024-7-19 21:0:0 Author: www.tenable.com(查看原文) 阅读量:8 收藏

CISA Breaks Into Agency, Outlines Weak Spots in Report

CISA’s red team acted like a nation-state attacker in its assessment of a federal agency’s cybersecurity. Plus, the Cloud Security Alliance has given its cloud security guidance a major revamping. Meanwhile, a Google report puts a spotlight on insecure credentials. And the latest on open source security, CIS Benchmarks and much more!

Dive into six things that are top of mind for the week ending July 19.

1 - CISA’s red team breaches fed agency, details lessons learned

A new, must-read report from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) outlines how the agency’s red team probed a large federal agency’s network and quickly found a way in – without being detected for months.

The 29-page report details the so-called SilentShield assessment from CISA’s red team, explains what the agency’s security team should have done differently and offers concrete recommendations and best practices you might find worth reviewing.

Mimicking the modus operandi of a typical nation-state attacker, CISA’s red team exploited a known vulnerability on an unpatched web server, gaining access to the agency’s Solaris environment. Separately, the red team also breached the network’s Windows environment via a phishing attack. 

CISA’s red team breaches fed agency, details lessons learned


Once inside, the red team was able to exploit other weaknesses, such as unsecured admin credentials, to extend the scope of the breach, which went undetected for five months. At that point, CISA alerted the agency about the SilentShield operation.

CISA has authorization to conduct SilentShield assessments, whose purpose is to work with the impacted agency and help its security team strengthen its cyberdefenses.

Here’s a brief sampling of the assessed agency’s security weaknesses:

  • Lack of sufficient prevention and detection controls, including an inadequate firewall between its perimeter and internal networks; and insufficient network segmentation
  • Failure to effectively collect, retain and analyze logs, which hampered defensive analysts’ ability to gather necessary information
  • Bureaucratic processes and siloed teams
  • Reliance on flagging “known” indicators of compromise (IOCs) instead of using behavior-based detection
  • Lack of familiarity with the identity and access management system (IAM), which wasn’t tested against credential-manipulation techniques nor were its anomalous-behavior alerts monitored

Recommendations include:

  • Deploy internal and external firewalls
  • Implement strong network segmentation
  • Enroll all accounts in the IAM system, and make sure it’s not vulnerable to credential manipulation
  • Centralize logging and use tool-agnostic detection

To get more details, read the report, titled “CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth.”

For more information about the threat from nation-state cyberattackers:

2 - Cloud Security Alliance’s cloud sec guide gets revamped 

The Cloud Security Alliance (CSA) has given a major makeover to its “Security Guidance for Critical Areas of Focus in Cloud Computing,” including adding new topics like artificial intelligence (AI), and boosting coverage of areas like data security and IAM.

The guide is aimed at helping organizations understand cloud computing components and cloud security best practices. Version 5, released this week, replaces version 4, which was published in 2017.

“We have completely revamped this updated 5th version to align with modern technologies and challenges,” reads the CSA blog “New Cloud Security Guidance from CSA.

Cloud Security Alliance’s cloud sec guide gets revamped


Here’s some of what’s new:

  • Increased coverage of cloud workloads, application security, CI/CD, data security and DevSecOps
  • New topics such as AI and zero trust
  • Less emphasis on laws and regulations

The guide is organized into 12 sections, including:

  • Cloud computing concepts and architectures
  • Cloud governance and strategies
  • Risk, audit and compliance
  • IAM
  • Cloud workload security
  • Data security

For more information about cloud security, check out these Tenable resources:

3 - Google: Credential gaps top initial-access vectors for cloud breaches

When it comes to gaining an initial foothold in a cloud environment, attackers’ best friends are weak or simply non-existent credentials. That’s according to the latest “Google Cloud Threat Horizons Report,” which is based on data gathered during the first half of 2024.

Specifically, weak or no credentials accounted for 47.2% of initial-access vectors in cloud compromises observed by Google Cloud in customer environments.

Google: Credential gaps top initial-access vectors for cloud breaches

(Source: Google Cloud Threat Horizons Report, July 2024)

Meanwhile, using the compromised system for cryptomining ranked as attackers’ top intrusion motivation (58.8%).

Google: Credential gaps top initial-access vectors for cloud breaches2

(Source: Google Cloud Threat Horizons Report, July 2024)

For more information about identity and access management security:

4 - CISA working on OSS security framework, assessment tool

As part of its efforts to help improve the security of open source software (OSS), CISA is crafting a framework and backing the development of an automated tool for assessing whether an OSS component is trustworthy.

“As work on both the framework and supporting tools continue to progress, we will improve our capability to assess OSS trustworthiness at scale,” reads CISA’s blog “Continued Progress Towards a Secure Open Source Ecosystem.”

The assessment framework will evaluate four aspects of the development of an OSS component:

  • Its project, including the number of active contributors and unexpected ownership changes
  • The product, including whether it contains known vulnerabilities or outdated dependencies
  • Its protections, such as whether developer accounts require MFA
  • Its policies, such as requirements for code reviews and vulnerability disclosures

“Taken together, the collected measurements can be grouped into these four categories to provide software users and choosers a consistent way to evaluate the trustworthiness of a particular OSS component,” wrote blog author Aeva Black, CISA’s Section Chief of Open Source Software Security.

To automate the framework’s measurement process and combine the measurement results, CISA is funding the development of an open source tool called Hipcheck, which is designed to “automatically assess and score software repositories for supply chain risk,” according to its Github page.

For more information about open source software security:

5 - Banks get guidance on secure cloud adoption

Banks and other financial services institutions looking for fresh guidance on adopting cloud securely can check out new best-practices documents published this week.

The documents, published by the U.S. Treasury Department and the Financial Services Sector Coordinating Council (FSSCC) industry non-profit group, seek to accomplish goals such as:

  • Establishing a common cloud-computing terminology for banks and regulators.
  • Crafting best practices for reducing cloud-related third-party risk
  • Improving transparency and monitoring of cloud services
  • Creating a framework for cloud services adoption

“Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes,” Acting Comptroller of the Currency Michael J. Hsu said in a statement. “These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system.”

Banks get guidance on secure cloud adoption

To get more details, check out the Treasury’s announcement “Treasury and the Financial Services Sector Coordinating Council Publish New Resources on Effective Practices for Secure Cloud Adoption.”

For more information about cybersecurity in the financial sector:

6 - CIS updates Benchmarks for Apple, Google, Red Hat products

Apple’s macOS. Microsoft’s Windows Server. Red Hat’s Enterprise Linux. Google’s Kubernetes Engine.

Those are among the products included in the latest round of updates for the popular CIS Benchmarks from the Center for Internet Security.

Specifically, these new secure-configuration recommendations were updated in June:

CIS updates Benchmarks for Apple, Google, Red Hat products


In addition, CIS released brand new Benchmarks for AWS storage services, including Amazon Simple Storage Service (S3), and for Microsoft Azure database services, including Azure SQL.

Organizations can use the CIS Benchmarks’ secure-configuration guidelines to harden products against attacks. Currently, there are more than 100 Benchmarks for 25-plus vendor product families. Categories include cloud platforms; databases; desktop and server software; mobile devices; operating systems; and more.

To get more details, read the CIS blog “CIS Benchmarks July 2024 Update.” For more information about the CIS Benchmarks list, check out its home page, as well as:

Juan Perez

Juan Perez

Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.

Related Articles

  • Cybersecurity Snapshot

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a Demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
In Action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management In Action

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/cybersecurity-snapshot-cisa-breaks-into-agency-outlines-weak-spots-in-report-as-cloud-security
如有侵权请联系:admin#unsafe.sh