Tag: virtual appliance

Where cyber criminals store their data?

Tracking hackers is not a fast and straightforward activity these days. Yes, most governments’ monitoring and data analytics capabilities are indeed becoming better and better. However, the privacy tools are becoming better and better, as well. There is a constant debate whether people must give more of their online privacy for safety. On the other side giving more power to centralized authorities can lead to dystopian states and not functional societies.

One scientific branch helping the governments to catch cybercriminals is cyber criminology. As a discipline, cyber criminology encompasses a multidisciplinary field of inquiry – criminology, sociology, psychology, victimology, information technology, and computer/internet sciences. But in short, its primary goal is to standardize the way we catch cybercriminals. As we can see, most of these disciplines are coming from the social criminology world, and they are primarily used to make a psychological profile of the attacker. On the other side, the technical aspects are crucial if we want to catch the hacker and how he/she managed to hack the system. Without cyber forensics and, most notably, computer science, we don’t have a proper way to understand what happened and how to catch hackers.

One of the main ways to hit criminal organizations properly is to target and track their infrastructure. Without a decent infrastructure, one can not do much in cyberspace. Sure, a hacker attack can steal a lot of data and create havoc, but they need computers, servers, and other equipment for all of this. The stolen data must be stored somewhere, analyzed, and eventually used for blackmail or released to the public. Like cloud providers, hackers need backup and retention plans for the stolen data, and nothing is for free.

One interesting case for such infrastructure is a former NATO bunker used to host Dark Net websites. The German police stormed the place allegedly used to host websites offering drugs, child pornography, and devices to breach computers. Over 600 police personnel were involved in the raid on what they termed a “cyber bunker data center” in the western German city of Traben-Trarbach. Seven people were arrested, with 13 more sought, although none were taken into custody at the site. The arrests occurred at a local restaurant and in the town of Schwalbach, near Frankfurt. Other raids co-occurred in Poland, the Netherlands, and Luxembourg.

This case is quite interesting because cybercriminals usually do not have so many resources to create a whole data center. Hacking has an asymmetric nature, and most of the time, attackers have fewer resources than the defenders. And these smaller criminal cells are targeting SMEs. In that case, a significant criminal group, most probably part of the mafia, owned a whole data center.

You can see how a standard privacy-oriented user would store their data in the cloud on the diagram. Criminals use the same techniques to ensure everything stored in the cloud is adequately encrypted and hard to track

In conclusion, we should track and hit cybercriminals by finding their data infrastructure and destroy it. Acquiring infrastructure is one of the most expensive parts of a hacker operation. It can take months to years to accumulate it. And here comes the cyber criminology value. We can use this interdisciplinary field to find where the infrastructure is located and destroy it.

How Secure are the Virtual appliances?

A recent report raises questions about the software vendors’ responsibilities and claims that detected more than 400,000 Vulnerabilities across software vendors. The virtual appliances often get used to providing IT security functions like firewalls, encryption, and secure gateways. It aims to eliminate the need for dedicated hardware and can get deployed on cloud platforms.

Virtual appliances often reach consumers ready to be deployed to public and private cloud environments. Most consumers believe that virtual devices are safe and secure, free from security risks, but Orca’s report proves otherwise.

The research, conducted in April-May 2020, shows that 2,218 virtual appliances from 540 vendors got scanned and checked for known vulnerabilities and risks. The researchers ranked every appliance according to a scoring system designed for this research.

It is a good idea to encrypt your data before sending it to any virtual appliance. On the diagram you can see the standard hybrid encryption protocol using symmetric and asymmetric cryptography schemes. It offers good level of additional security.

The number of total discovered vulnerabilities is just over 400,000. The appliances received grades from A+ (exemplary) to F (failure). Only a mere 8% of products scored an A+, while 24% got an A as ‘well-maintained,’ 12% received a B as ‘above average,’ 25% were ‘mediocre’ with a C, 16% got a D as ‘poor,’ and 15% ‘failed’ with an F.

Interestingly enough, some vendors had products with an A and A+ and landed an F mark.

Correlation quality/price

Another exciting discovery by the report was that price doesn’t directly correlate with security. More expensive products don’t necessarily offer more protection. 1,489 of the products charged an average of $0.3/hour, while 510 were free, many of which were also open-source. The highest charge for appliances, which got tested in the report, was $3.00/hour. Free products received an average security score of 77.58, while fee-based ones got a 77.38.

Updates

It should come as no surprise that, as products get outdated, their vulnerability increases. Updates are essential as they can fix vulnerabilities when done regularly. The report discovered that 110 products received no updates for at least three years, 1,049 in the last year and only 312 got updated over the previous three months. Only 64 had received updates in the past month.

Feedback

Upon finishing the scans and grading process, the vendors received emails with the findings. All the vendors got contacted, but only 80 responded. Though the responses ranged, many confirmed they had taken remedial action. As a result, 287 products have received updates, and 53 got removed from distribution. Even though these numbers may seem unimpressive, that meant 36,938 (out of 401,571) discovered vulnerabilities got addressed. After a rescan, products that initially received an F ranking had improved their ranking to an A or A+.

The report also presents a few recommendations to help organizations reduce risks posed by virtual appliances. Among them are asset management and vulnerability management tools. Asset management helps to keep track of virtual devices, while vulnerability management tools assist in finding weaknesses.

Orca made sure to include in its report that all the data presented is a mere guide. A vendor’s top score doesn’t equate to a risk-free guarantee on all its virtual appliances. As already mentioned, some vendors have products with both the top and the lowest scores.