Enterprise information security teams had their hands full battling fires on several fronts in 2020. Application and data security became top priorities as organizations moved more core workloads to the cloud and accelerated digital transformation initiatives in response to the changes triggered by the COVID-19 pandemic.
Security leaders had to contend with attacks by state-backed threat actors, challenges related to secure software development, data privacy issues, container security, and a slew of other problems.
TechBeacon's top 10 security articles for 2021 touch upon many of these issues and highlight the challenges that executives faced in navigating them. The articles offer best practices and guidance on topics of key importance for security leaders as they help support cloud and digital-first initiatives at their respective organizations.
1. APT team attacks white hats: Google fingers North Korea
North Korea's notorious Lazarus group (a.k.a. APT38, DarkSeoul, ZINC, etc.) has presented a threat to organizations worldwide for several years. In January 2021, it surfaced again, as it periodically does, this time with a campaign targeted at members of the security researcher community.
Researchers at Google's Threat Analysis Group spotted APT38 using a combination of social engineering, zero-day exploits, and weaponized Visual Studio bundles to try to steal exploits for vulnerabilities that the researchers might have discovered. Here, blogwatcher Richi Jennings presents a curated list of stories and reports from around the Web on the campaign, who got hacked, and why it mattered.
2. FBI warrant and patch for Exchange hack raises serious questions
Early last year, multiple attack groups exploited a set of four zero-day vulnerabilities in Microsoft's widely used Exchange Server to deploy web shells on systems belonging to thousands of organizations worldwide. The attacks triggered widespread concern and prompted a federal court to authorize the FBI to proactively remove the web shells without requiring the prior consent of the system owners.
The unprecedented action prompted numerous questions about the government's authority, the propriety of using that authority and the limits of that authority. Security researcher N4nk3r ph3193 examines the implications of the FBI's actions and potential unintended consequences.
3. Starting with SAST: 4 reasons code analysis remains king
Despite the heightened focus on application security in recent years, the number of vulnerabilities in applications has skyrocketed over the past decade. Software vulnerabilities continue to be the biggest cause for compromises at many organizations, and security and development teams still often struggle to get along with each other.
James Rabon, senior product manager at Synopsys, explains how, when DevOps teams take the correct approach, static application security testing can help alleviate the situation. Here he draws upon his own experience to highlight four lessons he learned about doing SAST right.
4. What you need to know about KVKK data-privacy requirements
Turkey's data protection law, called Kişisel Verileri Koruma Kurumu (KVKK), went into effect in 2016 and predates the European Union's General Data Protection Regulations (GDPR). The law applies to all Turkish organizations as well as those outside that collect and process data belonging to the country's residents.
Though the mandate provides for penalties and fines for noncompliance, most covered entities are still not compliant with the law. Cumhur Keles, data security evangelist at CyberRes, explains how KVKK impacts organizations and the issues they are likely to encounter when complying with the mandate. He offers guidance on the best approaches for addressing the challenges.
5. We can make software secure, but not at a price you'd be willing to pay
The SolarWinds data breach focused attention on the need for organizations to increase the security of their software and development environment. It motivated the creation of many new processes and oversight mechanisms at software engineering organizations. The efforts are likely to result in incremental improvements to the security of software.
However, major changes in software security are unlikely to happen anytime soon, says security researcher N4nk3r ph3193. This article explains how the complexity of modern software development and procedural hindrances make it hard for organizations to make secure commercial software that is inexpensive enough to be sold.
6. Scraped Parler data is truly revealing
Days before the Parler microblogging and social networking site went offline permanently last year, a free-speech advocate in Austria scraped millions of posts, videos, and photos—including deleted ones and metadata such as location information—that had been published to the site.
The 50TB of data that the advocate scraped provided a potential treasure-trove of evidence for US law enforcement authorities investigating the people involved in the events leading up to and including the breach of the US Capitol on January 6, 2021. Blogwatcher Richi Jennings presents a collection of articles that summarize what happened and highlight the security lapses on Parler's part that allowed the data to be scraped.
7. Old macOS component defeats malware researchers for 5 years
Malware that has been obfuscated using so-called run-only scripts or "bytecode" can be hard to detect and analyze. One example is OSAMiner, a malware tool used in a cryptocurrency mining campaign since at least 2015. The malware evaded security researchers for years because it embedded a run-only AppleScript feature designed to compress scripts into pre-compiled form and use URLs in public websites to download the payload.
Here, blogwatcher Richi Jennings has rounded up a set of stories that describe OSAMiner and delves into the details of why the malware could evade researchers for so long.
8. 17 open-source container security tools
Plenty of open-source tools are available to help organizations address challenges related to container security. Many of them are designed to help IT and security administrators audit and track vulnerabilities in the Common Vulnerabilities and Exposures (CVE) databases and to scan container images for those vulnerabilities.
The tools can help organizations catch container security issues early in the build process. The key lies in knowing which open-source container security tools to choose, says Bill Doerrfeld, consultant at Doerrfeld.io. Here he lists 17 of the most mature and widely used open-source container security tools.
9. Secure your value chain: Emerging trends and best practices
Many organizations have accelerated digital transformation initiatives to position themselves better in the rapidly emerging digital-first world. The shift—triggered by the global COVID-19 pandemic—has caused a growing number of organizations to move core operations to the cloud and to invest in technologies for making their business processes more agile.
Providing anywhere, anytime access to enterprise resources and data has become a critical need for organizations looking to deliver new products and experiences for customers and to extract key business insights for faster decision making. Satyavathi Divadari, chief cybersecurity architect at CyberRes, highlights some of the emerging trends and best practices around data and application security.
10. INSPIRE 20 Podcast: Vandana Verma Sehgal, Infosec Girls
Vandana Verma Sehgal, president of Infosec Girls, was one of 20 security executives from around the world who took part in INSPIRE 20, a new podcast series showcasing individuals whose efforts to foster inclusion and diversity are making a difference in the industry.
Seghal launched Infosec Girls to try to get more women interested in the field of cybersecurity. Though most Infosec Girls chapters are based in India, a few have been launched in the United States and Italy as well. Freelance writer Linda Rosencrance focuses on the main takeaways from Seghal's podcast at INSPIRE 20.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
