Federal Friday - 2.7.14 - Third-Party Problems - Olympics Edition

Blog Post created by jschim Employee on Feb 7, 2014

Happy Friday, federal friends! Welcome to February, the funniest month of them all! In all seriousness though, I am looking forward to meeting a lot of you at our DC Roadshow next week!


As you can guess from the title this week I am going to talk about some issues around the Olympics. Issues not involving water or toilets that is. No, Rapid7 did not send me to Sochi. Although it would be groundbreaking to have a once-a-week blogger be sent to the front lines of cyberterrorism. The reason I want to touch on the happenings at Sochi is because these games are a great example of the threat landscape moving forward. US-CERT released an alert about basically everything Sochi and the threats surrounding:


  1. Hacktivists
    • These folks are looking to make waves. The world is watching so this would be the perfect time for Anonymous or another organization to stir the pot.
  2. Olympic Coverage
    • With NBCUniversal offering exclusive live coverage, it's important for consumers watching the games online to make sure that the link they click matches up with an NBC domain.
  3. Purchasing Tickets/Merchandise
    • The official website is http://www.sochi2014.com for both tickets and Merchandise. While there are other ATR sites available, verify through the official site that the ATR is authorized to be selling goods,
  4. Traveling to Sochi
    • Be wary, no matter what. There are reports flying all over the place of attendees being hacked. While most of these are unverified as of yet, it's an easy assumption that the risk of attack in the area is very high. Keep in mind that aside from criminal organizations focused on information for monetary value (cc info, baking creds) the Russian FSB is allowed to operate under The System of Operative-Investigative Measures. SORM has 3 main levels that monitor, capture, or block any form of electronic communication. Part of SORM-3 is the aggregation of all this data and provides long term storage for it as well.


Why is all of this important? It's important because this is the largest international event so far this year, with more on the way. The World Cup is coming up in Brazil later this year, with the Olympics coming to Rio in 2016, so these threats aren't going away. Instead the attackers will learn more about the defenses and adjust their tactics. This is why, whether you or your employees are attending or simply watching any of these events it's best practice to do a cybersecurity refresher prior to these events kicking off. They need to understand that in addition to their accounts being compromised they could actually end up providing the backdoor to your network that an attacker loves to see.


Which segues beautifully to the recent Target hack which was found to have ultimately been caused by a 3rd party HVAC company. While it seems odd that an HVAC company would have access to target's network, Krebs highlighted that many of these large retailers give 3rd party access to find ways to save costs by monitoring power and utility consumption. Seems innocent enough, right? Well what happens when that 3rd party with network access gets breached? YOU GET BREACHED. While the Target hack in it's own right probably won't happen in the federal space, attacks that are similar in nature can. While the attackers won't be going after your "customer's" credit card info, they might be targeting the intellectual property you have stored on your network. What can you do?

  1. Segment your Network if possible
    • Keep critical information out of their reach entirely. Target did not segment their POS terminals from the rest of their network. That oversight allowed the attackers to go through the backdoor and quietly place their malware on most of their POS terminal. While one would think it makes sense to have this aspect of the network segemted, its not required via PCI. As I highlighted last week, solely focusing on checking the box ends up costing you more money.
  2. Educate your Vendors
    • If they need access to the network work with them to refine and secure their access point and corresponding information.
  3. Deploy 2 Factor Authentication Practices
    • As someone who has worked in various industries there are times where I needed access to 3rd party networks and was sent a token to get me in. While I thought this was annoying at the time the additional levels of security they forced me to adopt help limit the risk I posed to their network.


If you are joining us at the Roadshow this week make sure and come to say hi. Any positive feedback I can use to keep our overbearing community manager at bay is greatly appreciated.