Are SIEMs useless? 

The unhackable phone is here; The adversary takes aim at food production; The only thing to stop a bad guy with a computer is a good guy with a computer; Are SIEMs useless? 

By Austin Miller

The unhackable phone is here 

According to reports, China Telecom has launched a new smartphone that uses quantum encryption, apparently rendering it unhackable.  The Tianyi no. 1 2022 was created by the Shenzhen Tianyi Company and is also 5G ready. 

Reports on the phone are apparently non-existent in Western media sources, but a range of Asian news networks such as the Maldives News Network are reporting that the QuantumCTeck team that was behind the Micius quantum satellite have managed to create a version of the technology that will allow quantum encryption and decryption of the specially-made SIM card, data on the phone, and voice calls. 

Although technical information about how the phone actually works is scant at the moment (and will likely stay that way for the foreseeable future), the phone offers an insight into the world of quantum products that humanity is approaching. If these devices are truly unhackable (which I am saying with a healthy dose of cynicism), security professionals could be looking at an incredible breakthrough in the battle against the adversary. Well, and possibly a lot less demand for their skillset! 

The adversary takes aim at food production 

Smart products sounded like such a good idea when they first appeared, but continuing failures to secure them are leading to the adversary taking aim at one of the most basic necessities of modern human existence – the food supply chain. Although supply issues were already expected this year due to the ongoing Russia-Ukraine conflict in the “breadbasket of the world” and heatwaves in India causing issues with wheat production, it seems like cybercriminals will be turning the knife even more. 

Flaws in the hardware of agricultural smart products such as automatic crop sprays, drones, and robotic harvesters are all at risk, a recent report from the University of Cambridge says. Although the usual concerns about data security are a top concern for the British government and the FBI, there is a potentially larger worry about the continued operability of the machines themselves. 

Attacks on the food supply chain aren’t exactly new, either. Meat processing company JBS was targeted last year and paid threat actors $11 million to open up the supply chain again. Just like when WannaCry hit hospitals, the victim has very little choice but to pay the ransom as people are relying on this necessary function of society to survive. As certain conditions around the world create a more precarious food situation, we could see the idea of the cybercriminal “honor among thieves” – that is, refusing to target hospitals, schools, and other necessary functions – could be a myth that doesn’t reflect the type of attacks the cybersecurity world is going to face. 

The only thing to stop a bad guy with a computer is a good guy with a computer 

Unless you’ve refused to look at the cybersecurity world since the start of 2022, you will have probably noticed that more and more high-profile “good guy hacker” cases are appearing. Seemingly a central part of the growing cyber-Cold War, hackers such as P4x have used their skills to combat overseas adversarial forces. 

The good news for people like this is that the United States Justice Department has decided that “good-faith hackers” are no longer breaking the law. The Computer Fraud and Abuse Act (CFAA) will now no longer prosecute actors who use their skills “in a manner designed to avoid any harm to individuals or the public” as long as the investigations are “used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.” You can read the full report here

Although this both applies to security researchers and other cybersecurity professionals who are penetration testing domestic and international services, there is a big black-hat question mark over this ruling – what precisely does “good faith” entail? As with many laws which are vague in their wording, there is a concern about who will be considered a good faith actor and who might be considered acting in bad faith. Hopefully, it will reduce the number of people being brought up on false charges, like the Missourian journalist who reported that over 100 thousand social security numbers were exposed on a state website when you played around with Inspect Element for a while. 

Are SIEMs useless? 

Do you want to make people using Splunk, Microsoft Sentinel, IBM QRadar and other SIEMs angry? Recent research from CardinalOps shows that up to 80% of all MITRE ATT&CK techniques are being missed by popular SIEMs, meaning that the adversary already has the upper hand as long as they choose the correct tactics. 

Analyzing data from SIEM instances in production environments, CardinalOps put together the largest known recorded sample of SIEM data that any organization has analyzed and the findings have been damning. As well as the catastrophic failure rate to identify techniques as they are happening, the investigation also showed that only five of the top fourteen MITRE ATT&CK techniques are actually being successfully intercepted. It’s always good to start with the most dangerous threats, but can we really excuse such a huge rate of failure? 

But blaming the SIEMs themselves isn’t entirely fair – security professionals should also take some of the blame as a concerning 15% of all SIEM rules are broken due to misconfiguration and missing fields. We know there’s a skills gap, but this level of negligence can’t go on if companies expect to defend sensitive data against the adversary. 

“What is to be done?”, you ask? Well, CardinalOps suggests using their alternatives instead (an entirely predictable conclusion), but a deep introspective look at the way your company operates is now a necessity for security pros. If you don’t understand what your tools do or don’t do, how can you say that understand how you are establishing a strong security posture?  

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.