Cybersecurity expert: After Russian hack, common security tools, including cloud-based multi-factor systems, shown to be less effective in preventing…

Bertrand Cambou, a professor of nanotechnology and cybersecurity at Northern Arizona University, is available to discuss what went wrong in the Russian hack attack revealed this week and what organizations, including the U.S. government, can learn from the attack. Cambou is a senior member of the National Academy of Inventors and is an invention ambassador of the American Association for the Advancement of Science.

Bertrand Cambou

Media coverage has mentioned two specific methods the hackers used:

According to Cambou:

The use of these products is inherently risky; cloud-based email services should not be trusted for security andsensitive operations. In general, software tools with mandatoryupdates can be used as Trojan malware. These updates are forced on the client devices without authentication, and the servers havethe upper hand and are able to shortcut security.

The weak link for massive attacks is the server or cloud having the authority to infect terminal devices at large scale. Tools like MS Duo have the objective to block malicious users, not malicious cloud services.

It was reported that SolarWind customers often use Microsoft'sDUO multi-factor authentication, which did not prevent the attack.

Due to the recent attack, the information already stored on the cloud is as suspicious, and all government personal computers with the monitoring system should be quarantined, with the assumption that worms were potentially planted in the software stack. In both cases the users were interacting with contaminated networks. This is a really bad situation.

Recommendation:

Implementtwo-way authentication, which is much more secure than cloud-based multi-factor.The objective should be both to prevent a bad server to play and block malicious users.

Earlier this year, Cambou hosted industry and military partners on a multimillion-dollar cybersecurity project. Learn more about the grant from the U.S. Air Force.

More here:
Cybersecurity expert: After Russian hack, common security tools, including cloud-based multi-factor systems, shown to be less effective in preventing...

Related Posts

Comments are closed.