Overview:
In this episode of the State of Enterprise IT Security podcast, Brad Bussie addresses three pressing cybersecurity issues. First, he explores the security expertise gap in cloud expansion, highlighting a Tenable report that reveals many companies are eager to grow their cloud capabilities but struggle with a significant skills shortage. This gap poses serious risks, making it challenging for organizations to implement robust cloud security measures effectively.
Brad also discusses the U.S. government's $50 million investment to enhance healthcare cyber resilience through the ARPA-H initiative. This program aims to develop automated cybersecurity solutions to protect hospitals from cyber threats. Lastly, he examines how YouTube has become a hotspot for phishing and deepfake scams, with threat actors exploiting the platform to deceive users. Brad emphasizes the importance of staying informed and vigilant in the face of these evolving cyber threats.
Listen to the Episode:
Watch the Episode:
Key Topics Covered:
Zoom's implementation of post-quantum encryption to secure digital communications: Zoom is the first unified communications company to offer post-quantum encryption, safeguarding against future quantum threats.
Rockwell Automation's advisory to disconnect vulnerable ICS devices amid cyber threats: Rockwell Automation emphasizes the critical need to disconnect ICS devices from the public internet to minimize cyber risks.
How multi-factor authentication helped the Library of Congress prevent a cyberattack: The Library of Congress effectively used MFA to prevent a potential cyberattack, highlighting the importance of robust security measures.Read the Transcript:
Ep. 22: Zoom Preps Post-Quantum Encryption, Rockwell: ICS Devices & Cyber Threats, Thwarted cyberattack at Library of Congress
[00:00:00] Brad Bussie: The same computational power that makes quantum computers a threat to encryption also holds immense potential for advancements in AI and other fields.
[00:00:13] Brad Bussie: Hey everyone, I'm Brad Bussie, Chief Information Security Officer here at e360. Thank you for joining me for the State of Enterprise IT Security Edition. This is the show that makes IT security approachable and actionable for technology leaders. I'm happy to bring you three topics this week.
Zoom's Post Quantum Encryption: A New Era in Security
[00:00:35] Brad Bussie: First, Zoom prepares for quantum world with post quantum encryption.
[00:00:41] Rockwell advises disconnecting internet facing industrial control systems devices amid cyber threads. And a Library of Congress MFA thwarts cyber attack. And with that, let's get started. Zoom has announced it's implementing post quantum encryption, becoming the first unified communications as a service company to offer this advanced security feature.
[00:01:12] For video conferencing. Let's dive into what this means and why it's so important. Now Zoom's new post quantum end to end encryption, or E2EE, is now available worldwide for Zoom meetings and soon for Zoom phone and Zoom rooms. This means that when users enable E2EE only the meeting participants have access to the encryption keys, making the data completely secure and indecipherable, even to Zoom's own servers.
[00:01:49] And, Michael Adams Zoom's Chief Information Security Officer emphasized that since they introduced E2EE in 2020 for Zoom [00:02:00] meetings and in 2022 for Zoom phone, customer use has shown just how crucial these security features are. So what exactly is post quantum encryption in simple terms? It's a proactive approach to protect digital communications from future quantum computers that could potentially break traditional encryption methods.
[00:02:29] And quantum computers are incredibly powerful. and work differently from classical computers by using quantum bits, or qubits which can exist in multiple states simultaneously. This allows them to perform complex calculations much faster than classical computers, posing a significant risk to current encryption protocols.
[00:02:58] To defend against this, Zoom uses an algorithm called Kyber 768, part of a new generation of encryption methods designed to be resistant to both classical and quantum computer attacks. This is crucial because while we might still be a few years away from having quantum computers capable of breaking current encryption, The threat is real and growing.
[00:03:27] Interestingly, industry leaders are already taking steps to prepare for quantum threats. Microsoft, for example, is advising organizations to start preparing now. And Honeywell has integrated quantum hardened encryption keys into smart meters for utilities. While the rise of quantum computing brings significant security challenges, It's not all doom and gloom.
[00:03:54] The same computational power that makes quantum computers a [00:04:00] threat to encryption also holds immense potential for advancements in AI and other fields. Companies like Microsoft are expanding their presence in quantum computing to fuel their AI ambitions.
[00:04:16] Brad Bussie: . And Zoom's move to implement post quantum encryption highlights the importance of preparing for future threats now.
[00:04:26] It's a bold step in ensuring that our digital communications remain secure in a rapidly evolving technological landscape.
Rockwell's Advisory on Industrial Control Systems
[00:04:36] Brad Bussie: Second topic, Rockwell advises disconnecting internet-facing industrial control system devices Amid cyber threats. Now, Rockwell Automation urges its customers to take critical steps to secure their industrial control systems.
[00:04:56] If you're in the industrial or manufacturing sector, this one's especially for you. Now, Rockwell Automation has issued a strong warning to disconnect all ICSs that aren't meant to be connected to the public-facing Internet. For This advisory comes in response to heightened geopolitical tensions and adversarial cyber activity globally.
[00:05:24] The company is stressing the need for immediate action to check if any devices are accessible over the internet, and if so, to disconnect them right away if they don't need To be exposed. The message from Rockwell is clear. Never configure your assets to be directly connected to the public internet. disconnecting them is a proactive step that significantly reduces the attack surface and minimizes the risk of unauthorized and malicious cyber activity [00:06:00] from external threat actors.
[00:06:02] In addition to disconnecting vulnerable systems, Rockwell also advises ensuring that all necessary mitigations and patches are applied to secure against several critical vulnerabilities. They named about seven, ranging from a five out of ten in severity to several ten out of ten. And this alert has been echoed by.
[00:06:31] the U. S. Cybersecurity and Infrastructure Security Agency, CISA, which also recommends following the outlined measures to reduce exposure to threats. And a significant part of this advisory relates to a broader concern about web-based PLC malware. Recent research from the Georgia Institute of Technology highlighted the potential for Stuxnet-style attacks.
[00:07:03] by compromising the web applications hosted by embedded web servers within PLCs. These attacks could involve falsifying sensor readings, disabling safety alarms, and manipulating physical actuators. Now for the good part. To counter these threats, organizations are advised to limit exposure of system information, audit and secure remote access points, Restrict access to network and control systems.
[00:07:37] Tools, to legitimate users conduct regular security reviews, implement dynamic network environments. the NSA has also noted that advanced persistent threat APT groups have targeted OT/ICS systems for political gains, economic [00:08:00] advantages, and potentially destructive outcomes. This highlights the critical need for robust cybersecurity measures in industrial environments.
[00:08:10] So if you're managing industrial control systems, take Rockwell's advisory seriously, disconnect non-essential internet connections. Apply necessary patches and stay vigilant against emerging threats. It's all about keeping our critical infrastructure safe from cyber threats.
Library of Congress Thwarts Cyber Attack with MFA
[00:08:33] Brad Bussie: Third topic, the library of Congress thwarts cyber attack with MFA.
[00:08:40] So multi-factor authentication prevented hackers from accessing the U. S. institution systems. Attackers attempted a cyber attack on the Library of Congress that fortunately didn't succeed. This incident occurred around the same time as a major breach at the British Library. So let's break down what happened and how LOC managed to stay secure.
[00:09:07] So cyber criminals targeted the Library of Congress. Coinciding with that attack on the UK's National Library, which experienced significant technical issues. The hackers were unable to penetrate the LOC systems. Thanks to multi-factor authentication. It was in place at the entry point. MFA is a security measure that verifies a user's identity through multiple forms of validation, making unauthorized access much more difficult.
[00:09:43] So upon detecting the attack, LOC's IT staff quickly shut down the targeted services. further preventing any potential breach. And since then, they've been upgrading their security by decommissioning outdated [00:10:00] equipment and integrating new security tools into their networks. In contrast, the British library was not so lucky.
[00:10:10] The ransomware gang, I don't want to say their name as it acknowledges them, and I don't want to do that, claimed responsibility for the attack demanding a ransom of 20 bitcoin, and that's approximately 600,000. Euro at the time when the library refused to pay, the hackers released around 500,000 stolen files, including personal information of employees, and this attack was considered one of the worst in British history and has caused ongoing service disruptions.
[00:10:48] And, interestingly, it's not confirmed if the same group tried to breach the LOC. Alan Liska, a ransomware threat intelligence analyst, Suggests that an initial access broker, it's a hacker who gains access to systems and then sells this entry to other groups, likely probed the LLC and retreated when they couldn't get in.
[00:11:16] Liska likened this to locking your car to deter casual thieves. It just makes them move on to easier targets. the hacker group, possibly linked to Russia, has been active since May of 2023, targeting various sectors including government, education, healthcare, IT, and manufacturing. If they had successfully breached the LOC, The consequences would have been severe, affecting not only the library's internal systems, but also the US. Copyright Office, which works closely with the library. This would have disrupted copyright [00:12:00] processes, impacting many people beyond just the library's users. A similar situation occurred with United Health Change Healthcare Unit, where hackers exploited a system without multi-factor authentication, leading to a successful breach.
[00:12:19] This underscores the importance of robust cybersecurity measures, like MFA, in protecting against cyber threats.
[00:12:30] Brad Bussie: Thank you again for joining me, and I look forward to the next time on the State of Enterprise IT Security Edition.
