Startup Cyber Security Mistakes, Splunk Exits Russia, and Cyber Career Mentorship
CyberWeekly Newsletter: Weekly Edition
Startup Cyber Security Mistakes
Starting a business is challenging. That’s true doubly for technology startups. As most founders don’t have backgrounds in cyber security, it’s not surprising that cyber risk wouldn’t be at the front of their minds. I suspect there’s a lot of “Why would anyone want to hack me?” going around. But as we know, security-through-obscurity is not a valid strategy.
StartupNation has enumerated 5 common mistakes that entrepreneurs make:
Complacency
Relying solely on endpoint security
Ignoring the people problem
Failing to fully invest in security
Device management
I applaud StartupNation for providing practical cyber security advice to entrepreneurs that is manageable for their current level of sophistication. After all, a 5-10 person startup has very different needs, than a 5,000-person firm or a multinational company. StartupNation’s description of how startups and small businesses are targeted was appropropriate for their audience. They basically described attacks from run-of-the-mill cybercriminals and script kiddies.
The question I’ll pose to CyberWeekly’s audience of cyber professionals (and aficionados) is why would an APT want to target a startup or small business? Personally, I would answer the question in one word: infrastructure.
We’re all familiar with supply chain attacks, but consider the risk of advanced threat actors using compromised small business websites as infrastructure to launch their attacks. A small business’s compromised website, which has already been categorized by reputation-based whitelisting services, can provide a less suspicious and cleaner URL for phishing emails or C2 traffic. When you’re reviewing proxy logs, the domain of a dry cleaner just down the road from your company’s location would undoubtedly look less suspicious, than wstbeknz[.]badguydomain[.]com. Bottom line: Secure startups and small businesses benefit us all.
DrainerBot Drains Smartphone Batteries
Cyber criminals are a selfish bunch to begin with, but there’s something about smartphone malware that drains your battery and runs up your data usage that seems especially rude. Oracle recently announced the discovery of DrainerBot, “a major mobile ad fraud operation distributed through millions of downloads of infected consumer apps.” According to Oracle, the DrainerBot code was distributed via an infected Software Development Kit (SDK) integrated in hundreds of Android apps and games. Looks like it’s been downloaded more, than 10 million times.
DrainerBot is an app-based fraud operation that uses infected code on Android devices to deliver fraudulent, invisible video ads to the device.
The infected app reports back to the ad network that each video advertisement has appeared on a legitimate publisher site, but the sites are spoofed, not real.
The fraudulent video ads do not appear onscreen in the apps (which generally lack web browsers or video players) and are never seen by users.
Infected apps consume significant bandwidth and battery, with tests and public reports indicating an app can consume more than 10 GB/month of data or quickly drain a charged battery, even if the infected app is not in use or in sleep mode.
If you have an Android, it may be worth checking out the detailed information and mitigation resources for DrainerBot at info.moat.com/drainerbot.
Splunk Bids Russia Farewell
Splunk Inc, which produces software for searching, monitoring, and analyzing machine-generated big data, announced on its blog this week that it is exiting the Russian market. Not only will Splunk no longer directly sell its software to organizations headquartered in Russia, but it will also forbid indirect offerings through third-parties, including technical partners, resellers, distributors and vendors.
While Splunk provided little explanation for the new policy, CyberScoop pointed out the recent scrutiny that foreign security companies have been under from the Russian government. CyberScoop highlighted that “technology companies often must obtain a certification from the [Russian] government, and source code review could be included as part of that process.”
Undoubtedly, the departure from the Russian market will be a greater loss for the Russian Federation, than for Splunk. According to Splunk’s most recent annual report only 26% of its revenue comes from outside of the United States, while it counts 85 of the Fortune 100 companies as its clients. While Russia is a world leader in cyber warfare and cyber espionage, but its economy isn’t quite as boastworthy. Russia’s total GDP (at current prices) is smaller, than that of South Korea. On a per capita-basis Russia’s economy falls in just behind the Maldives, Lebanon, and Costa Rica. Oh well. Russia’s loss.
Cyber Career Mentorship
I’m a big supporter of professional mentorship. It’s ingrained in the culture of the US military, but can be almost more valuable in the private sector. It is invaluable in cyber security, which as a rather new career field, has less well-defined career paths and trajectory. Mentorship provides tangible improved career outcomes as mentees:
Receive higher compensation
Receive a greater number of promotions
Feel more satisfied with their career
Feel more committed to their career
Are more likely to believe that they will advance in their career
Mentorship should be a two-way street. Personally, I mentor a couple cyber professionals, who are junior to me, and receive mentorship from more senior professionals. Don’t hold your breath on your company to develop a corporate mentorship program though. Get out there an find your own mentors. The Muse recommends that everyone should have at least three career mentors:
Mentor #1: You in One Year
Mentor #2: Your Five-Year Guide
Mentor #3: Your Career Planner
If you want a mentor to help navigate your career path and aid in your professional development, figure out where you want to be in the near-term and long-term, then find those mentors to help you get there.
Cool Job of the Week
Activision — Cyber Security Internship (Location: Sherman Oaks, CA)
Veteran-Preferred Job of the Week
The House of Representatives — Cybersecurity Support Specialist [Wounded Warrior Fellowship Program] (Location: Washington, DC)
Hope you’ve enjoyed this week’s edition of the CyberWeekly Newsletter. Please share with a friend or colleague.
Click here to subscribe to the CyberWeekly Newsletter.
Stay vigilant,
Oritse J. Uku, Editor-in-Chief
Disclaimer: The opinions expressed in this newsletter are my own.