Sergey Nivens – Stock. Adobe. com
Following the Russian invasion of Ukraine, governments around the world imposed economic sanctions against Russia. As a result, it became clear that private organizations had to act, leading many corporations to boycott Russia by terminating their local facilities, evacuating workers, and refusing industry in the country. Although this article focuses on sanctions against Russia, it also applies to similar sanctions against Russia’s best friend, Belarus.
The desire to boycott Russia was motivated by both pragmatism and ethics. It was noticeable that organizations did more than just send “thoughts and prayers. “However, in the rush to boycott Russia, and to be perceived to do so, there is a significant threat that organizations have become vulnerable to attack by inappropriately shutting down their regional assets.
“Multinational organizations faced demanding situations when they left Russia, from the evacuation of their personnel to the evacuation of their buildings,” says Ran Nahmias, co-founder and chief advertising officer of Cyberpion, a specialist in attack surface management.
“They also had to shut down their on-premises IT operations, eliminate virtual assets, and cut off virtual supply chain connections. This requires attention and a detailed action plan.
To perceive the magnitude of the problem, Cyberpion conducted studies earlier this year, finding that the length of the external attack surface is exponentially greater than the company’s internal environment.
The report demonstrated the threat point involved: 60% of Fortune 500 corporations had a known vulnerability that threat actors can simply infiltrate sensitive worker or visitor data. Of these, a significant proportion of the vulnerabilities had already been exploited. With Russia’s immediate departure, this has only exacerbated the problem.
“We checked fortune global 1000 and 60% had active connections to the Russia-based infrastructure,” nahmias says.
One of the major disruptions for personal corporations and government organizations is that they have become massively distributed entities. Some of the largest multinational organizations will have multiple cloud platforms and online domains, as well as regionalized resources for the other theaters in which they operate.
The distributed nature of online infrastructure means that organizations have necessarily abandoned virtual assets within Russia’s borders, which can pose a significant threat to organizations if those assets have been tightly closed.
“The domain call formula [DNS] is the foundation of Internet interactions and is overlooked by security groups,” Nahmias says. theme. “
Instead of degrading or cutting off those regional assets, they have simply put them to sleep. The assumption is that eventually the scenario will calm down and the industry with Russia will be viable again. Therefore, making plans for the revival of existing regional assets, rather than creating them again, makes economic sense.
However, given the interruptions caused by their immediate departure from the country, the question arises whether companies have been able to close and adequately protect all their localized virtual assets.
The risks posed by these abandoned assets are manifold. Local virtual assets can be stolen and used for malicious purposes, such as identity theft and credit card fraud. related reputational damages caused by those incidents.
“The threat depends on where the connection is headed and what authentication or security measures are in place,” Nahmias says. “Security groups tend to be more lenient with connections to internal resources than with connections to external resources. “
The dispersed nature of fashion businesses means that networks are no longer cobwebs, but complex meshes. While this is a much more physically powerful form of network connectivity, there are also many more connections that want to be managed. threat that the network connections of the abandoned assets will remain active, which will necessarily allow the rest of the corporate network. In many ways, this is a much greater threat to the organization, as malicious actors can download sensitive information through insecure ones. Connections
“Companies exploit a lot of spaces, in some cases, even millions, so tracking them manually is rarely an option,” Nahmias says. “There’s a lot of complexity at stake: those are DNS SPAGHETTI. erase your Russian computer connections, in most cases they haven’t been successful. “
There is also a danger that abandoned regional resources could be accessed and hacked before they are reactivated. This would necessarily act as a backdoor, allowing malicious actors to traverse network security to deploy malware within a corporate network. These tactics can simply be exploited through local criminals as well as hackers sponsored through nation-states.
“If a global customer logo based in the U. S. While the US left Russia and shut down its Russian site, but did not do it well, a malicious actor can revive it and potentially abuse innocent customers, damaging the reputation of the global logo,” says Nahmias.
Organizations want to ensure that all of their abandoned local assets are absolutely inactive and that they continue to retain ownership of their virtual domains.
Similarly, organizations read about the connections between those abandoned local resources and the wider corporate network to make sure they are well linked, either by totally cutting off those connections or by sending the connections to a landing page that leads nowhere. , the number of connections that exist now is such that it is no longer manageable by traditional means.
“If you have a million domain names or credentials, or 100,000 PCs, it’s no longer human work. AI [artificial intelligence] will have to intervene,” says Nahmias. Someone has to provide a way to tell when something breaks. The time it takes to stumble and react will be the key to success.
From a broader perspective, especially for multinational organizations that have a massively distributed network, this scenario has demonstrated the need for an independent oversight role. Instead of having a series of network administrators and their teams, focusing on their spaces of expertise with limited coordination between them. In themselves, the events of recent months have highlighted the need for an independent oversight function, capable of coordinating and controlling the entire virtual infrastructure.
“PKI, cloud, DNS, and the Internet are usually controlled through other groups that only link to the CIO level. This means that there are 4 other people in an organization who analyze relations with Russia and then collaborate on the results,” says Nahmias.
Some may wonder if organizations are abandoning regional assets and reducing the number of regions in which they operate, centralized network models will once again predominate. get the benefits of a physically powerful distributed hybrid network. So, instead of minimizing the attack surface, organizations will want to focus on securing connections.
“I don’t think turning it off is the way to solve the problem,” Nahmias says. attack surface, giant or small.
Instead of destroying their assets by boycotting Russia and Belarus, the organizations took a long-term view and instead degraded them. Once the scenario has calmed down, if organizations are in a position to resume operations, they will need to reactivate their past ones. abandoned assets to allow a quick return to market.
“The link between DNS and security is something we see evolving in many business spaces today,” Nahmias says. able to devote all its attention to possible threats. Part of the threat is fast and present, but there is another big piece which is a Pandora’s box in Russia, which will be opened one day.
A proper examination of an organization’s abandoned domain names will highlight any potential vulnerabilities in its network’s security posture. For example, it can be an automated procedure that reports all discrepancies, along with their related network connections, for human review. The scenario has also highlighted the desire for a network tracking function, which relies on collaboration between a number of specialized network teams, to ensure that the overall objectives of the company are achieved.
“Security will want to identify anomalies across a much broader spectrum,” Nahmias concludes. “Safety will want to evolve to solve safe hazards and identify failures when they occur to minimize the effect. “
Digitization and virtual transformation seem similar, but they couldn’t be more different in what they require from CIOs, Array.
Communities of practice, agile forms, cross-functional teams, and platform are among the forms used by IT leaders for Array.
Companies that are preparing to send workers to technical meetings have a protection plan against COVID-19 and are preparing for the option that. . .
In DEF CON 30, Eclypsium researchers detailed 3 new vulnerabilities in third-party Windows bootloaders signed with Array.
While several of the vulnerabilities were reported to Cisco in February, they remained unpatched until Thursday, when Rapid7’sArray.
Researchers from Palo Alto Networks spoke at Black Hat about how to formulate configurations and privileges in Kubernetes. . .
Distributed COMPUTing environments require automated networks, and AIOps can provide the answer for network operations. . .
Vendors are providing personal 5G in a box, a condensed and optimized form of standalone 5G, to simplify Array complexity.
With AI and device learning, Wi-Fi detection detects motion in the Wi-Fi environment. While this looks promising, theArray. .
Blockchain has largely contributed to the global chip shortage. Discover the role this emerging generation has played.
Congress has passed the CHIPS Act and billions more for clinical trials for the United States to compete more with China inArray.
From the partnership of Infineon and Oxford Ionics to the merger of Cambridge and Honeywell and QCI’s new Entropy Quantum Computing, explore. . .
The use of cloud databases is booming, there are still reasons for on-premise. Here’s a comparison between cloud and on-premise. . .
Nikita Ivanov mainly points to the origin of her company and evokes the growing need of organizations for a real-time database. . .
The co-creator of the open source task at Facebook recalls 10 years of expansion as he helps lead one of his resulting teams.