Get Cyber Security Experience

Good morning!

In today’s line up:

• How to get cyber security experience

• Learn about Apple security

• Apple’s iOS zero-day flaw

• iOS surveillanceware, LightSpy

• Useful AI resources

• PLUS, 3 security career tips!

How to get Cyber Security Experience

I have no doubt you’ve seen the headlines about cyber security skills shortages and there being thousands of job openings. It confuses most because there appears to be thousands of people interested in working in cyber security…

So, what’s the issue?

There appears to be lots of newbies and generalists, but a huge lack of technical talent. This applies to almost all areas of security from third party assessments to penetration testing. There is a shortage of people who truly understand domains on a deep level.

Getting the right experience is often what stops newbies and generalists from getting a deeper understanding of a domain. I therefore propose creating your own experience.

Here is a Permissionless Experience idea…

Organisations seek to improve their security capabilities across domains. I suggest selecting 2-3 areas of security e.g. endpoint protection, SIEM, email security etc. and look at the best technologies / solutions available in the market, and do the following:

1. Discovery: Figure out who the main players are in the space, so you can understand what the capabilities are.

2. Capture Requirements: Figure out what makes a good solution, what are the key factors for this domain area.

3. Create a Scoring System: Rate the vendors / products you’ve found based on your requirements.

4. Deep Dive: For the top 2-3 vendors, see if you can find product demos or free trials to further explore the solutions and consider the value they would bring.

5. Analysis: Write a review summarising the above process and how you reached your conclusions.

6. Interviews: When an interviewer asks about your experience or thoughts on these domains, you’ll be able to share a deep understanding of key players in the space, the capabilities they offer and even propose a best way forward for the organisation based on their needs.

Learn about Apple Security

In a survey of IT leaders in organisations with 1,000 or more employees, 76% said that the use of Apple devices in their companies increased over the past year.

The main reason being Apple devices improve productivity, particularly for hybrid and remote workforces.

Whilst Windows remains most used across markets, Apple continues to steal market share. For example, back in 2009 Windows held 92.37% of the US market, compared to 57.37% today.

Apple offers great solutions around:

• Hardware security

• System security

• Encryption and data security

• Malware removal

• System integrity protection

• Mobile device management

• Compliance

• Cloud based internet isolation

It is security’s responsibility to ensure end user device protection, through secure configuration, monitoring oversight and compliance tracking.

Being well informed of macOS security presents a great opportunity to stand out in the market.

Learn more here:

• Apple Platform Security

• Apple Enterprise Security

• macOS Security Compliance Guidance

• Shell scripting in macOS

Apple’s iOS Zero Day Flaw

Seeing as I’m talking about Apple’s Security, it seems silly to not mention that they’ve been in the news for a zero-day flaw…

• On Wednesday 4th October, Apple rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild.

• The kernel vulnerability could be abused by a local attacker to elevate their privileges.

• While additional details about the nature of the attacks and the identity of the threat actors perpetrating them are currently unknown, successful exploitation likely hinges on an attacker already obtaining an initial foothold by some other means.

• With the new development, Apple has addressed a total of 17 actively exploited zero-days in its software since the start of the year.

• It also arrives two weeks after Cupertino rolled out fixes to resolve three issues (CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993), all of which are said to have been abused by an Israeli spyware vendor named Cytrox to deliver the Predator malware onto the iPhone belonging to former Egyptian member of parliament Ahmed Eltantawy earlier this year.

• Users who are at risk of being targeted are recommended to enable Lockdown Mode to reduce exposure to mercenary spyware exploits.

Read more here.

iOS Surveillanceware - LightSpy

But wait, there’s more!

• New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy.

• Details about LightSpy came to light in March 2020 as part of a campaign dubbed Operation Poisoned News in which Apple iPhone users in Hong Kong were targeted with watering hole attacks to install the spyware.

• The core module of LightSpy (i.e., DragonEgg) functions as an orchestrator plugin responsible for gathering the device fingerprint, establishing contact with a remote server, awaiting further instructions, and updating itself as well as the plugins.

• Some of the notable plugins include a locationmodule that tracks victims' precise locations, soundrecord that can capture ambient audio as well as from WeChat VOIP audio conversations, and a bill module to gather payment history from WeChat Pay.

• LightSpy's command-and-control (C2) comprises several servers located in Mainland China, Hong Kong, Taiwan, Singapore, and Russia, with the malware and WyrmSpy sharing the same infrastructure.

Learn more here.

Useful AI Related Resources

1. LLM Security - Scripts and related documentation that demonstrate attacks against large language models using repeated character sequences.

2. OpenAI Cookbook - Guides on how to do common tasks with LLMs.

Cyber Security Career Tips

1/ Know your career goals

• Having a clear aim will help you narrow down your new job search

• Not having a clear direction may appear indecisive to employers

• Clear goals will help you land the right job for you, do better work and go further in your career

• Make a list and prioritise them

2/ Strategic job search – go niche!

• Don’t be like every other candidate. There are dozens of interesting and shiny things in cyber security. Once you’ve covered the fundamentals, develop deep knowledge in a domain to help you stand out from the crowd and boost your personal brand.

• I once missed out on a role because another applicant had positioned themselves as a ‘Network Security Specialist’ and that was a skill gap they had in their team.

3/ Network 

• Applying for roles at companies where you have no contacts means you’re going in blind. Building a network allows you to have candid conversations about places of work – culture, pay, working hours etc.

• It also presents opportunities before them hit the job sites.

Wisdom

In the next 12 months, I expect cyber security job specifications to include a requirement relating to being proficient with basic AI tooling.

We’re seeing innovations every day that will massively boost the productivity and effectiveness of security personnel.

Staying up to speed on the latest developments and getting hand on experience with the latest tooling will pay huge dividends in terms of career opportunities.

www.cyberproclub.com