Those who know – rarely speak. Those who speak – rarely know. But those who know and speak – are rare. I had the honor and pleasure of being in the company of such a rare person last Thursday,listening to him speak about the threats and dilemmas of cyber warfare on a global scale with applicability to the single corporate CISO.
His name is Haim Tomer, and he’s a Mossad veteran carrying the weight of 30 years of secrets in service of the Mossad. During his career, he served as the Chief of Counter-Terrorism, Chief of Intelligence and Chief of International Operations. For obvious reasons, it is difficult to find a picture of him online.
Mr. Tomer was the keynote speaker at the Pcysys Security Seminar, for CISOs, in Tel Aviv discussing the ways CISOs should manage their budgets and resources to stay afloat with the growing threat landscape and attack surface, yet not get fumbled with the many options of building their cybersecurity technology stack.
Haim has somewhat of a miracle-memory; his knowledge of the details of every attack or hack in the past decade (as much of the truth that has surfaced) was outstanding. He reviewed cyber attacks on each sector of the globe covering political elections, banks & financial markets, law firms, retailers, and critical power plant infrastructure.
At the same time, I was captivated by a great deal of detail and stories regarding who was behind what attack and the different kinds of attacks, players and motivations, but I was struggling to put together the full picture. Mr. Tomer read the crowd and set it off right then and there saying “many people ask themselves, what is really going on? Where is all of this going? Is it man or machine? State-level or simple cyber-crime? What is the story behind what seems to be an intensely increasing “all you can hack” global frenzy?
His modest answer was that no one really knows- even in the inner circles of the intelligence community, there are differences in opinion of where the attack vectors are going to hit next. However, there is a thesis that this is all training day; different parties are training and flexing their “cyber muscles” towards a type of conflict we have never seen. A “World War cyber” conflict on a scale we have not experienced in the history of mankind. We all know that electronic warfare and cyber-warfare are part of any modern warfare campaign, but it never crossed my mind of it being “the campaign”. Would it get bloody? How would the upper hand be determined? Who would be the winners and losers? Can we even imagine the reality of all the hacks from this decade happening in one day? What would happen if within 24 hours we got a combination of the equivalent of Stuxnet 2010’, Saudi Aramco 2012’, JPMC 2014’, Anthem medical data 2015’, WannaCry 2017’, Equifax 2017, Facebook 2018’ and the recent Marriott-Starwood breach 2018’? Would we all go back to the stone age as a result?
One thing is certain, the cyber arms race continues. Enterprises and corporates need to automate every aspect of the cybersecurity defense mechanisms of prevention, detection, and response – and without any less importance – the ability to measure their cybersecurity posture daily, automatically and continually pen-testing all their defenses to reveal and heal the real business vulnerabilities.
Why Gartner is Calling External Attack Surface Management (EASM) a Critical Functionality
External Attack Surface Management (EASM) tools are not new, but only this year has Gartner named this category as a top trend to keep an eye on in 2022. So, why does the top research & consulting firm think its time has come? The main reason is the relentless expansion of the digital footprint of...
The Good, Bad and Compromisable Aspects of Linux eBPF
2022 discoveries of new privilege escalation techniques Reading this blog will allow you to understand the eBPF mechanism and how a fairly small bug can lead to the compromise of the entire system. Executive summary Modern hacking techniques often use legitimate operating system tools for bad purposes. Such is the potential case with the common...
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter
New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Organizations should evaluate risk and apply vCenter client patches immediately. Executive Summary Pentera Labs’ Senior Security Researcher, Yuval Lazar, discovered an Information Disclosure vulnerability impacting more than 500,000 appliances running default vCenter Server deployments. This finding is...