Insights Archives - Ward Solutions

I love that rainbow flag momma!

June 21, 2022
by Women@Ward

Sharon Walsh, Enterprise Account Manager

“I love that rainbow flag Momma” came the chirpy little voice of my 5-year-old son from behind me in his car seat on our morning drive to playschool. Head tilted, admiring the flag in front of the secondary school on our route. “Me too Ben” I reply. Then the question “What’s it for? Which country?, “Oh, it’s not for any country Ben” I reply ”Its, eh…it stands for equality…you know, that everybody is equal and we all deserve to be treated fairly”. “Haha that’s funny Momma, I just like the colours anyway”, His bemused little face quickly moving on to the next pressing topic of the day, why his bagel got more toasted on one side than the other!

Long after he had run off happily with his friends however his question was still swirling around my head, something about my answer really niggling and irritating me a few hours into my work day. He asked me a direct question, why did I not give him a direct answer? My internal chatter was now on overdrive, with the volume up. I didn’t lie, the flag does represent equality but it was not the answer to the question. The answer was ‘It’s the Gay Pride flag’. I’m a gay woman, married to another woman and since our two boys were babies we’ve told them the story of how they came to be, we’ve explained about all of the different family dynamics that exist and the fact that they have two Mums doesn’t cost them a thought. They are blissfully and beautifully unaware that our family dynamic might be considered unusual or different to others. So again, I wonder, why I answered him in a roundabout way earlier that morning. Like a politician swerving the actual question. Giving a bland and ‘safe’ answer. And I realised eventually that it’s a habit that I’ve become so adept at over the years that I don’t even realise I’m doing it at times- circling around an answer, being vague, not correcting someone on their presumption- not lying but not always telling the truth.

I have not experienced a lot of homophobia in my life, at least not the aggressive sort. The odd leery comment in a bar or a jeer walking down the street if holding hands with someone. Nothing that has kept me awake at night luckily. I know not all gay people in this country are so fortunate and that horrendous abuse and hate crimes still go on sadly. Overall, though, Ireland has come a long way in the last 20 years, the vast majority of gay people can live their lives openly and freely without fear or prejudice, and I’m so grateful to those who have gone before me and paved the way. I am grateful to work for an organisation where diversity is valued and people are absolutely treated fairly and with respect. However, I do think, at least for me, that sometimes from a place of fear and self-preservation that you might not even be aware of, comes a mental toll you pay. That is in the unsaid. The younger me who didn’t exactly lie to my parents but didn’t tell the truth either. The me who didn’t correct the person who presumed I had a husband and not a wife. The me who swerved the work event where significant others were invited… I’m laughing internally at the level introspection that one little question this morning has caused for me! For me though, that moment of clarity…probably combined with that thing that happens as you get older where you don’t care as much about what anybody thinks has made me more conscious of the importance of being honest with yourself, of answering the question you’re asked. By not doing so, in ways that may even seem irrelevant, you are denying part of you and over a long period of time that causes wounds. Not lying is not the same as telling the truth.

So if you’ve managed to read this far without dying of boredom, well done and a reminder for all, not least myself this Pride month –

Be Proud. Be honest. Speak your truth. Be you!

Careers

I still get nervous when I interview

May 31, 2022May 31, 2022
by Women@Ward

Verona Daly, People & Talent Partner

I still get nervous when I interview.

I thought that when I was the one doing the interviewing, I wouldn’t be nervous anymore, that for some magical unknown reason, I’d suddenly be super cool and confident. I guess I assumed that once I had done it enough, it wouldn’t make me nervous anymore.

I do have a couple of theories as to why I felt this way. Maybe it was the theatre kid in me – once I was off book, had my scripted memorised and I stepped on stage, I wasn’t nervous. Maybe mistakenly, I thought that recruitment would be similar to that. I suppose in some ways it is, recruitment is a performance. It’s not quite the same as playing a fictional character, but it’s a performance nonetheless and a performance I’m still nervous for.

Now obviously, I’m not nervous for myself these days, but that doesn’t mean I don’t remember how those nerves felt. I’m a big believer that nerves are good, and we should appreciate them for what they are. Nerves are not a sign of weakness or insecurity; nerves are a sign of passion. Of genuine interest, of a desire to have something go well. It all depends on what you do with those nerves that make or break you.

In order to not break with the nerves, I dance. I’d really like to stress here that I am in no way coordinated, rhythmic or a talented dancer, nor am I claiming to be. What I mean when I say ‘I dance’ is that I dance it out. If you’ve ever seen Grey’s Anatomy, you’ll understand what I’m talking about. Meredith and Christina – when things get tough – they dance it out. I have to say, it works. It works spectacularly well, because for however long you’re dancing it out, your mind is not thinking about what’s to come.

I’m not talking about a perfectly choreographed dance either, I really mean just mean shaking it off, being messy and just moving your body to get that blood flowing, and it’s something you can do anywhere. For my final interview for this very role, I was in work. I couldn’t get the time off, couldn’t book a private room anywhere, so I ended up doing my final interview with my now manager, surrounded by shoe boxes in the corner of a stockroom. I still danced it out, even in that tiny space, sitting in an office chair I’d taken with me. Our Stockroom Manager saw me dance for 4 minutes and 21 seconds to ‘August’ by Taylor Swift, just before I hopped onto a final round interview for a job I really wanted.

Even now, six months into my job, I still dance it out when I get nervous. If I have a candidate moving to a final round interview, if I have a screening call with someone that I’ve been trying to get, I’ll still shake it off, because I still get nervous in these situations. If you thought I was nervous when I was interviewing for my own job, you should’ve seen my first ever screening call. I could feel the nerves in my stomach waiting for the moment I could call my candidate. What did I do? I set aside a few minutes, and I danced around my room. Similarly, to when I was on the other end of the phone, it worked; I was less nervous and felt I gave my candidate a better screening call because of it.

I would really like to stress, my dear reader, that I’m not saying that I got a job because I danced to Taylor Swift just before a final round interview (although, I have managed to work her in to every project I’ve done since). I’m not even attempting to say that I got this job because I was relaxed in the interview and not stressed. It’s not a fool proof method, I’ve used it many times and didn’t get the job I wanted, but I’ve always felt that I’ve given a better interview after it, and felt like a better interviewer because of it.

Being honest, it very well could be a placebo effect of sorts. In my mind though, I was much more relaxed while doing my interview, I was much less nervous than I would have been, and I was able to concentrate more on being in the moment instead of fretting over what I had just said and immediately wishing I could swallow my own words.

No one is confident and cool all of the time. No one is above nerves. No one has the right to take your nerves are use them against you. You should be in control of your own nerves, and embrace them. Use them as motivation, as a lesson, or break them. Maybe for you, it won’t be dancing, it could be meditating, it could be deep breathing exercises, it could be going for a walk. It could be anything in the world that isn’t just sitting still, 5 minutes before an interview, letting your mind wander into what if’s and overly rehearsed answers.

So, to circle back to my original point, I still get nervous when I interview and that’s okay! That’s what separates me from a robot; it’s me, a real person, sitting behind the screen. It makes me flawed and human, it makes me invested into my candidates. I want the candidate I’m talking with to do well. I want them to succeed, I want them to have the perfect interview experience / candidate journey (whether or not that exists is a topic for a different blog) and want them to walk away from our interview thinking that they could be happy here. That they can tell the kind of people we are and the kind of environment we work in, and it’s one they want to join.

The best thing about these nerves? I have the ability to feel this way at Ward, to be emotional, to be nervous, to advocate for my candidates, ask ridiculous questions (like how to pronounce SIEM!) and dance it out, and never once feel judged or look down upon. It’s scary to do an interview, from both sides of the interview table, so do what you need to make it more comfortable for you.

Careers

Challenge Your Mindset

April 14, 2021April 14, 2021
by Women@Ward

Ciara Fitzgerald – Head of Legal, Ward Solutions

When I was in primary and secondary school, I struggled with maths. I was told consistently by grown-ups in my family that this was to be expected; my whole family struggled with maths. I listened, believed this and always saw spending time on anything mathematical as a waste of energy. I steered clear of any optional subjects that involved figures while in education. I figured I just did not have the aptitude for it. It was genetic. How could I possibly fight genetics?! So I became a barrister and did my absolute best to avoid anything that required “an ability” for maths in my professional life.

In 2019/2020, I undertook a business and innovation course (a new departure for me!) and as part of the reading, we were advised to read Mindset: The Psychology of Success by Dr. Carol S. Dweck. I had never heard of the book or of the author but I am not exaggerating when I say the content of that book entirely changed my perception of my own ability and capacity and that of everyone around me. For those who have not read this book, very briefly, Dweck argues that people have, broadly, one of two mindsets – a fixed mindset or a growth mindset. Those with a fixed mindset believe that your traits and abilities are fixed and you are either born smart or talented (generally or in relation to a specific area) or not. People have no capacity to change their abilities. Those with a growth mindset, however, believe that ability is not static and can be improved with effort, through failure and learning.

Dweck suggested that fixed and growth mindsets spanned a spectrum and most people would not fall entirely within either camp across every facet of his/her life. As I listened to this book however, I realised that with respect to my professional abilities and educational abilities, I very much had a fixed mindset. I believed I was good at certain things but would not and could not succeed at other things. Again, how could I fight genetics?! When I scratched the surface of that persistent truth however, I realised I had not even thought to generate a counter argument – something lawyers should be able to do in their sleep! Fair enough, I did not like maths, but that was not the same as having no ability. In addition, when I looked at my siblings I realised that two of them run successful businesses (something that indicates to me they must be good with figures) and another is actually studying for a financial qualification. Really interestingly, Dweck suggested that failure is something that those with a fixed mindset fear and I have always hated to fail – so much so that I would just not take on challenges that I did not think I could succeed in (Ward’s Head of People and Talent wrote a fantastic piece about learning to fail through Olympic weightlifting earlier in this series!). This was certainly more pronounced during my adolescence and early twenties but I won’t deny it, I still hate to fail at something!

Since finishing the book and in both my personal and professional life, I have consciously made an effort to challenge my inclination towards a fixed mindset. I have two young daughters, one of whom recently started school, and I find myself trying to ensure that I never tell her she is has no talent (or conversely, she has bundles of talent) for any of her subjects. Rather, I try and encourage her for just trying, for failing and trying again and for putting effort in.

This is more difficult to do for myself and at work! I am the sole legal counsel in an information and cyber security company and therefore, I can be a bit a sea sometimes when some of my more technical colleagues start talking! Instead of passively listening now however and assuming that I cannot and will not ever understand what they are talking about because “I’m just not technical”, I ask them to explain or I take notes and later look up terms that were used during meetings and conversations. As a result, I have learned a huge amount (relatively speaking) about the technical sides of this business that do not necessarily impact on my specific legal function. In an earlier blog by my colleague, Alicja Quinn, she advocated for people to embrace change and become a “change champion” and I suppose, this is my quiet way of doing just that.

So what is my point? First of all, if you haven’t come across Dr. Dweck’s book, I would highly recommend it! If nothing else, it is a really interesting read. Secondly, as my growth-minded colleagues suggest, embrace failure and change in both your personal and professional life. Easier said than done perhaps, but try small changes at first. Finally, allow yourself to believe that you can be something different than what you are today or have been in the past with a little bit of effort, hard work and trial and error.

Insights

Is COVID-19 pandemic an end of privacy?

May 29, 2020May 29, 2020
by Vincent Naughton

Written By; Ivica Stipovic

In this article, I will outline some potential impacts of the current Covid-19 pandemic on privacy.
There are two interesting provisions that the Irish Data Protection Commission formulated on the following link: https://dataprotection.ie/en/news-media/blogs/data-protection-and-covid-19.

1. “Data protection law does not stand in the way of the provision of healthcare and the management of public health issues; nevertheless there are important considerations which should be taken into account when handling personal data in these contexts, particularly health and other sensitive data.”
Also
2. “In circumstances where organisations are acting on the guidance or directions of public health authorities, or other relevant authorities, it is likely that Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018 will permit the processing of personal data, including health data, once suitable safeguards are implemented”

Thus, the above provisions seem to make perfect sense – if the science (epidemiology, mass health data analytics, etc.) have established that measuring body temperature, keeping social distance and tracking the movement of citizens can help contain the current Covid-19 pandemic, then it is only logical to implement those measures. After all, is human health not the most important priority, even if it assumes processing of personal data that would be considered excessive under “normal” circumstances?
It is also reasonable to believe that these surveillance measures should be enforced only to a justifiable extent, while the pandemic continues to threaten society.

However, this intention raises a few important questions – under what circumstances will these measures be kept in place? Who will decide when the threat is decreased sufficiently to relax these measures? Who are the “…other relevant authorities” from the above provision? Will those authorities be scientific advisories, governments, cybersecurity experts, economic analysts…?
It is becoming obvious that the definitive date when we can proclaim the world “Covid-19 free zone” will be very difficult to determine. There are different challenges across the globe. In some countries, political establishments seem to overpower scientific advisories. Some countries are facing higher mortality rates than others. Some cultures accept the mandatory behavior imposed by government easier than others.

Democratic values of Western cultures that guarantee protection of personal data (or at least try to do so) could be undermined. Future initiatives and laws might use the threat of a returning pandemic as a justification to fortify the extensive personal surveillance over an indefinite period of time.
These laws might have strong foundations in scientific evidence that Covid-19 behaves as a seasonal flu virus, therefore, it will continue coming in the waves every year. Will such a situation justify violation of privacy over a long period of time, and if so, will this setup be sustainable?

And even more importantly – are we ready to give up privacy protection if scientific evidence indicates that extensive surveillance is a way to protect peoples’ lives?

As always, Ward Solutions will continue to Assess, Protect, Detect & Respond to your cyber security needs. If you need to contact Ward Solution on any matter, then:

Contact your normal account manager for sales or sales@ward.ie
Contact our orders department at orders@ward.ie
Contact our service delivery office at servicedeliveryoffice@ward.ie
Contact our Security Operations centre at SOC@ward.ie
Contact our Network Operation centre at NOC@ward.ie
Contact our finance department at Finance@ward.ie

Insights

What does 'Right To Access' actually mean under GDPR?

November 14, 2017February 3, 2020
by Vincent Naughton

Our #WardGDPR series continues!
Ward’s subject matter experts can help you with a step by step guide in meeting the GDPR requirements which come into effect on May 25th, 2018.
There’s so much talk around GDPR but let’s break it down for you one step at a time. Join us here, to learn how we can help you in your GDPR journey-
As Aisling says in the above video “It’s really important obviously for organisations to ensure that they update their policies and procedures as they will be under the GDPR and also ensure all staff are trained in relation to them.”
GDPR is a lengthy process. You are not alone in this, let us help you in your journey.
If you have any questions related to GDPR, e-mail gdpr@ward.ie and we will be in touch with you shortly or call our Ireland or Northern Ireland office +353 1 6420100/ +44 (0) 749 666 3221 to discover our range of information security solutions and discuss your unique requirements.
To keep up to date with what you exactly need to know about GDPR, download our whitepaper here:
[lab_subscriber_download_form download_id=2]

By providing the contact information above, I agree that Ward Solutions Limited may collect, use, disclose and retain my personal data, which I have provided in this form and share it with third party organisations through which Ward carries out it’s marketing further details of which can be accessed at our website www.ward.ie, for providing marketing material, in accordance with the Data Protection Acts 1998 – 2003 and our privacy/data protection policy (available at our website www.ward.ie).
If you do not wish to receive this information please e-mail us at privacy@ward.ie.

Insights

Latest security updates from Ward Solutions

November 13, 2017February 3, 2020
by Vincent Naughton

We want to keep you updated on all the latest cyber news that we are in at the moment. From our latest case study on how Ward Solutions helped Motech secure their business with ISO 27001, to our latest blog on pen-test and if you’ve been following us on social, you would have seen the number of events our CTO, Paul Hogan was speaking in, about ‘AI in Cyber Security’.
Ward Solutions is Irelands leading information security company, we believe in educating every business about the dangers in the dark web and how to make sure you are secure in this space.
Ward Solutions recently worked closely with Motech, a leading developer of mobile and digital solutions that support mobile care and assisted living, to guide the company towards becoming ISO 27001 certified.
Ward Solutions helps Motech Devices secure data and boost business with ISO 27001
Ward’s team performed an audit of Motech’s security processes and provided comprehensive advice on how to achieve compliance. The company is now ISO 27001 certified, which will give it a significant advantage in the increasingly competitive MedTech industry. Read more
6 signs that you need to conduct a pen-test
Ward Solutions’ expert team have identified six signs that highlight the need for your organisation to conduct a pen-test. Remember, pen-testing should be a key tool to verify your organisation’s security posture and could be the difference between staying secure and suffering a harmful data breach. Read More
AI in Cybersecurity – Should we trust the machines?
Paul Hogan, Ward Solutions’ CTO, recently presented at both the ISACA and Dublin Infosec conferences on the impact that AI could have on the cybersecurity industry. Paul sought to provide his audience with an understanding of the requirements for and drivers of AI and ML, while also illustrating how developments in this technology can aid in building digital trust.
The majority of SOCs today have a heavy reliance on human involvement and manual processes, however, this approach, allied with the continued shortage of security professionals makes it very difficult to keep pace with the rising volume and variety of cybersecurity attacks. To bridge this gap the industry has responded with a range of AI and ML-based solutions. Is this all hype, do these offer hope – can we trust the machines with our security?
Listen to Paul’s interview with Irish Independent journalist Ailish O’Hora to find out more about how artificial intelligence could be the future for the information security industry. Read more
To speak to any one of our experts in Ireland or Northern Ireland on a consultancy of your security infrastructure, e-mail: grainne@ward.ie or call +353 1 6420100 or +44 28 90 730 187 to discover our range of information security solutions and discuss your unique requirements.

Insights

Security Advisory Notice – WordPress Vulnerability

November 1, 2017February 3, 2020
by Vincent Naughton

On October 31st 2017 WordPress announced the release of version 4.8.3, a security update for all previous versions of WordPress. It is strongly advised that all WordPress sites be updated immediately, as this release includes fixes for recently disclosed vulnerabilities in versions 4.8.2 and earlier.
The security update fixes an issue in all previous versions where the $wpdb->prepare() can create unexpected and unsafe queries which may lead to potential SQL injection (SQLi) ,
and if exploited by an attacker could allow them to take control of WordPress-powered websites. WordPress have stated that their core offering is not directly vulnerable to this issue, and that as part of the latest release, hardening has been added to prevent site plugins and themes from accidentally causing a vulnerability.
Note: This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change however
there is a blog post which can provide further information on the WordPress website.
Our Recommendation
Ward Solutions strongly recommends that all customers using WordPress immediately review their websites for vulnerability to the above-listed exploit, and to patch to 4.8.3 as soon as possible.
Details on how to upgrade WordPress are available on the advisory notice issued by the company. For those sites whose WordPress instances are set to auto update, Ward would recommend due to the criticality of the vulnerability that administrators manually confirm the update was completed successfully.
If you have any concerns regarding WordPress or other potential weaknesses in your IT security, talk to the experts. E-mail: grainne@ward.ie and a member of our experienced team will help.
Further reading:
1 https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
2 https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
3 https://make.wordpress.org/core/2017/10/31/changed-behaviour-of-esc_sql-in-wordpress-4-8-3/
⁴https://www.cvedetails.com/cve/CVE-2017-14723/

Insights

Security Advisory Notice – BadRabbit Ransomware

October 27, 2017February 3, 2020
by Vincent Naughton

A series of ransomware attacks starting on October 24^thhave been recently disclosed. With the continued trend of global Ransomware outbreaks this year, it is ever more clear that decisive and responsive action is needed to protect organisations. This particular ransomware outbreak is being referred to as ‘BadRabbit.’
At the time of this advisory, the ransomware has mainly affected Russia, with similar attacks seen in Ukraine, Turkey, and Germany. No attacks have been identified in Ireland as yet however, this could change quickly, with organisations in other regions expected to be identified as victims in the coming days.
How Does ‘BadRabbit’ Work?
The initial infection is via a ‘Dropper’ used during a ‘drive-by attack’. A victim visits an infected website and the ransomware is dropped (that is downloaded without the user’s request) onto their system as they browse. Websites that have been observed as vehicles in this attack are generally legitimate; unconfirmed reports indicate that news media sites have been specifically targeted.
The malicious file which is downloaded onto the victim’s system is named install_flash_player.exe and requires the user to manually launch it. The ransomware virus requests elevated administrative permissions to run via the Windows User Account Control (UAC) prompt. Once the ransomware runs with the elevated permissions it saves malicious .dlls as C:\Windows\infpub.dat or C:\Windows\cscc.dat. These will then be called and run by run32.dll. Both malicious .dlls search for and encrypt files on the machine using 2048-RSA encryption.
Infpub.dat and cscc.dat will also install and run a malicious executable C:\Windows\dispci.exe.
dispci.exe is used to install a modified bootloader and interrupt the normal boot-up process of the victim machine.
It should be noted that BadRabbit will attempt to spread across the network using a list of usernames and password embedded in its code – for this reason, it is vital that secure passwords are in use across your organisation’s network.
Infected users are asked to pay 0.05 bitcoin (approx. $280) to recover the encrypted files.
How Do I Protect My Organisation?

Keep your antivirus active and up to date, and always update your AV software from valid sources.
Ensure you have a reliable and well configured backup solution, keeping at least one of those backups offline
Ensure the minimum appropriate level of administrative privilege is allocated. This can assist in prohibiting propagation should your organisation be attacked
To stop the spread from the WMIC, administrators should block the files C:\Windows\dispci.exe, C:\Windows\cscc.dat and C:\Windows\infpub.dat from running.
McAfee has confirmed that the BadRabbit signature will be added to the production DAT 8695. In the meantime, Ward Solutions highly recommends creating a new custom Access Protection rule in VSE to stop the creation and execution of the 3 mentioned file names above.

My Organisation is Infected, What Now?
Firstly, Ward Solutions would advise organisations impacted to not attempt to pay the ransom as there is no guarantee that the attackers will decrypt the data. Also, refusal to pay the ransom can aid in the discouragement of future attacks.
Secondly, isolate any infected machine from the network until it can be ‘cleaned’ and confirmed free of the ransomware. Currently, there is no known way to decrypt the data, however, in the past, ransomware tools have been released to decrypt files. Ward will provide further updates on any toolsets as they are released.
How Can Ward Solutions Help?
For SOC Managed Service customers, Ward has been receiving IBM Threat Intel feeds, which have been updated with BadRabbit IOCs (below). The SOC will take any appropriate action required for each customer.
For Managed Service customers, the Ward Support team will be reviewing individual environments to ensure all recommendations are implemented.
For all other customers, if you would like additional information or would like support in implementing preventative measures in your environment, please contact support@ward.ie or your account manager, as appropriate.
Further reading:
http://www.bbc.com/news/technology-41740768
https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/
https://blog.qualys.com/news/2017/10/24/bad-rabbit-ransomware
Indicators of Compromise (IOCs):

The ransomware dropper is distributed from hxxp://1dnscontrol[.]com/flash_install.php
install_flash_player.exe [SHA256]: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
C:\Windows\dispci.exe [SHA256]: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93
C:\windows\infpub.dat [SHA256]: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
C:\windows\cscc.dat [SHA256]: 8d63e37aa74ca33a926bec7c7aa8fda0f764ffbb20e8f64bb9c3999b5975f9a6

Known infect websites (Non exhaustive):

hxxp://argumentiru[.]com
hxxp://www.fontanka[.]ru
hxxp://grupovo[.]bg
hxxp://www.sinematurk[.]com
hxxp://www.aica.co[.]jp
hxxp://spbvoditel[.]ru
hxxp://argumenti[.]ru
hxxp://www.mediaport[.]ua
hxxp://blog.fontanka[.]ru
hxxp://an-crimea[.]ru
hxxp://www.t.ks[.]ua
hxxp://most-dnepr[.]info
hxxp://osvitaportal.com[.]ua
hxxp://www.otbrana[.]com
hxxp://calendar.fontanka[.]ru
hxxp://www.grupovo[.]bg
hxxp://www.pensionhotel[.]cz
hxxp://www.online812[.]ru
hxxp://www.imer[.]ro
hxxp://novayagazeta.spb[.]ru
hxxp://i24.com[.]ua
hxxp://bg.pensionhotel[.]com
hxxp://ankerch-crimea[.]ru

Insights

Security Advisory Notice – WPA2 Protocol Vulnerability

October 25, 2017February 3, 2020
by Vincent Naughton

Attacks crafted to exploit this vulnerability have been dubbed Key Reinstallation Attacks (KRACKs) and a proof of concept attack has been successfully executed by Vanhoef which allowed the attacker to decrypt all data transmitted by the targeted user.

How Do KRACKs Work?

Essentially a KRACK allows the attacker to perform a Man in the Middle attack which tricks targeted users into re-installing an already in-use key through the manipulation of and replaying of cryptographic handshake messages¹. Once this re-used key is in place, the attacker can then decrypt packets potentially exposing sensitive information such as passwords, credit card details, cookies etc. It is currently believed however, that this attack can only be conducted if the attacker is in wifi range; no evidence as yet indicates that attacks can be carried out remotely. We would still urge all customers to take immediate action to mitigate vulnerability as this may change as more details come to light.

On the website where Vanhoef disclosed the vulnerability, he notes that this ability to decrypt packets can also be utilised to hijack TCP connections and as a result allow the attacker to inject malicious data such as malware to unencrypted HTTP connections. ¹

Further Reading on the Attack Vector: https://www.krackattacks.com/

See bottom of advisory for full listing of CVE IDs associated with this vulnerability

Break-Down of Vulnerable Devices

The recommendation is to patch all routers and all wifi devices as and when vendors release patches. It is recommended to continue using WPA2 protocol as WPA1 is similarly affected.

The following vendors have been confirmed as affected however, the majority of vendors have yet to release a statement;

RedHat, Android, Aruba Networks², Cisco, Juniper Networks, Samsung Mobile

US-Cert has compiled a list of vendors and their current status here, it is recommended that organisations check for updates over the coming hours and days.

How Can Ward Help?

For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.

For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.

CVE Listings:

CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Re-association Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunnelled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

Insights

Security Advisory Notice – WPA2 Protocol Vulnerability

October 16, 2017February 3, 2020
by Vincent Naughton

A major vulnerability to the Wifi Protected Access II (WPA2) protocol was announced on Monday October 16^th, 2017. Discovered by Mathy Vanhoef, this critical flaw in the widely used wifi protocol can be exploited to expose sensitive data which would previously have been believed to be safely encrypted. The exploit is not tied to any specific vendor or hardware but rather affects any device using the WPA2 protocol.
Attacks crafted to exploit this vulnerability have been dubbed Key Reinstallation Attacks (KRACKs) and a proof of concept attack has been successfully executed by Vanhoef which allowed the attacker to decrypt all data transmitted by the targeted user.

How Do KRACKs Work?

Most modern wifi networks use the WPA2 protocol to encrypt traffic; this protocol has been around since 2003 and thus far has been believed to be secure. The specific vulnerability in this cases lies in the four-way handshake used as part of the protocol to generate new session keys. In order to guarantee security, keys should be only ever used once.
Essentially a KRACK allows the attacker to perform a Man in the Middle attack which tricks targeted users into re-installing an already in-use key through the manipulation of and replaying of cryptographic handshake messages¹. Once this re-used key is in place, the attacker can then decrypt packets potentially exposing sensitive information such as passwords, credit card details, cookies etc. It is currently believed however, that this attack can only be conducted if the attacker is in wifi range; no evidence as yet indicates that attacks can be carried out remotely. We would still urge all customers to take immediate action to mitigate vulnerability as this may change as more details come to light.
On the website where Vanhoef disclosed the vulnerability, he notes that this ability to decrypt packets can also be utilised to hijack TCP connections and as a result allow the attacker to inject malicious data such as malware to unencrypted HTTP connections. ¹
Further Reading on the Attack Vector: https://www.krackattacks.com/
See bottom of advisory for full listing of CVE IDs associated with this vulnerability

Break-Down of Vulnerable Devices

Various vendors have started to release patches to mitigate against vulnerability to this attack vector. While all wifi devices are to some degree vulnerable, initial reports indicate that Linux and Android are especially vulnerable as they use a wpa_supplicant (v2.4 and above) client which allows the attacker to install an all-zero key rather than an already-used key. This means minor effort is required to intercept a targeted user’s traffic once they’re using this client.
The recommendation is to patch all routers and all wifi devices as and when vendors release patches. It is recommended to continue using WPA2 protocol as WPA1 is similarly affected.
The following vendors have been confirmed as affected however, the majority of vendors have yet to release a statement;
RedHat, Android, Aruba Networks², Cisco, Juniper Networks, Samsung Mobile
US-Cert has compiled a list of vendors and their current status here, it is recommended that organisations check for updates over the coming hours and days.

How Can Ward Help?

For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.
For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.

CVE Listings:

CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Re-association Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunnelled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

Talk to a specialist

How Do KRACKs Work?

Break-Down of Vulnerable Devices

How Can Ward Help?

Further reading:

CVE Listings:

How Do KRACKs Work?

Break-Down of Vulnerable Devices

How Can Ward Help?

Further reading:

CVE Listings: