Cyber News Roundup: Protecting the castle, $42M ransomware attack, cybersecurity spending up

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

How do you protect the castle when your employees aren’t working from a centralized office space? Sowmyanarayan Sampath, president of global enterprise for Verizon Business Group, advises, “Protecting company computer networks when so many are working from home requires ‘a major mindset change.’ Whereas companies have long thought of enacting cybersecurity measures as building a moat around a castle, when employees aren’t working from a centralized office space, it’s even harder to identify where the ‘castle’ is. Companies should adopt a ‘zero trust’ approach to security. Everyone touching your network has to be authenticated. Every application, every bit of data that comes in, you verify it…You just have to do a lot more to check, (including) multi-factor authentication, identity management, encryption.”

The latest data is in from Verizon’s 2020 Data Breach Investigations Report. What’s new this year?

• 86% of the data breaches it analyzed from 2019 were for financial gain — up from 71% in the year prior
• Many data breaches were conducted by organized criminal groups. Other motivators include espionage, ideology and so-called “secondary” motivators, such as a desire to steal intellectual property or trade secrets.
• 67% of breaches were caused by one of three common issues: credential theft, social attacks such as phishing, and human errors like leaving a password written somewhere others can see.

As CNN reported, “Credential theft is often easy because people have poor “password hygiene,” using weak passwords or the same password across multiple websites,” says Sampath. “If you have common passwords for many sites, and one site gets exposed and that information is available on the dark web, (bad actors) will go through and try different sites to see what opens up.”

Latest ransomware attack demands $42 million

Last week’s attack on New York-based law firm Grubman Shire Meiselas & Sacks to infiltrate the law firm’s network resulted in the theft of up to 756GB of data including contracts, nondisclosure agreements, phone numbers, email addresses, music rights, and personal correspondence of a large number of well-known American celebrities. The latest news is the group is now demanding $42 million and threatening to release controversial information on U.S. President Donald Trump, according to a Teiss news report.

Teiss author Jay Jay reports that the hackers initially demanded a ransom of $21 million and gave the law firm a week’s time to pay the ransom. The firm agreed to pay $365,000, resulting in the ransom doubling to $42 million. The hacker group is now threatening to release “dirty laundry” on U.S. President Donald Trump. The FBI is currently investigating this incident.

“This is why businesses or organisations no matter what size, must prepare for the eventuality of a ransomware attack. Implementing strong resiliency measures will put businesses in the best position to recover should the worst happen. Failing to do so can have disastrous reputational impact, in this case, on a presidential re-election campaign. As the number of ransomware attacks continues to rise, organisations must start thinking about implementing effective contingency plans and network security solutions now, rather than later,” comments Carl Wearn, head of e-crime at Mimecast.

Dark web resurfaces with “access for sale” exploits

Lance Whitney with TechRepublic reports on the Dark Web and the latest exploits. There has been an increase in software, exploits, and credentials to allow hackers to illicitly control one or more remote computers. “Such access allows attackers to directly target business networks or hire skilled ‘professionals’ to hack into networks to infect machines with malware. Privileged access to a company’s entire network infrastructure is around $5,000, but Whitney writes that the asking price can range from $500 to $100,000. Again, the COVID-19 pandemic prompting the shift to remote working is exacerbating the problem. “Hackers are hunting for any weaknesses in network security, including unprotected web applications, non-updated software, and incorrectly configured servers with weak administrator passwords,” writes Whitney.

“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network,” says Vadim Solovyov, senior analyst with Positive Technologies. “Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time. Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”

Cybersecurity spending expected to rise post-COVID 19

Companies are rethinking their technology and cybersecurity budgets and cybersecurity spending is expected to be on the rise, post-COVID-19 pandemic. A new report by LearnBonds finds that 70% of major organizations plan to increase cybersecurity spending. According to a TechRepublic article, companies worldwide spent $34 billion on cybersecurity solutions in 2017. Before COVID-19, this amount was projected to hit $42 billion in 2020, indicating that cybersecurity concerns were already growing even before the outbreak. The pandemic has created a “bevy of opportunities for cybercriminals [and] this number is predicted to inevitably increase,” according to the report. The top threats these past few months are phishing and malicious websites, according to Check Point. “The Coronavirus pandemic has brought perhaps the fastest, starkest change to working patterns around the world in living memory,” says Check Point in a blog post.

The company surveyed IT and security professionals and found that 95% of security professionals say they are facing added IT security challenges due to the spread of coronavirus and 71% have noticed an increase in security threats or attacks since the beginning of the coronavirus outbreak. The leading threat cited is phishing, malicious websites purporting to offer information or advice about the pandemic, increases in malware and ransomware attacks. Check Point recommends organizations ensure business continuity by protecting themselves with a holistic, end-to-end cyber architecture. “This means ensuring accessible and reliable connections between corporate networks and remote devices, 24/7, promoting collaboration and productivity between teams, networks and offices, and retaining robust security against evolving threats and cybercrime techniques.”

Best cybersecurity practices are basic

The best cybersecurity practices, according to IBM’s Security Intelligence, are to refocus on the most basic security hygiene steps:

• Make sure that all systems are properly patched and current
• Make sure that all endpoints have up-to-date malware and antivirus protection
• Make sure only the necessary firewall ports are open

Srini Tummalapenta, CTO, security services at IBM, reiterates that it’s never too late (or too early) to practice effective IT security hygiene. “Chief information security officers (CISOs) need to reinforce and reteach that connecting insecure, unhygienic home-based machines to your corporate network is highly risky behavior that can result in an infection or a breach,” he says. “Keeping your IT infrastructure secure need not be complicated — but it does require effort, the right technology and expertise.”

Partner blog of interest: Symantec: Text-Based COVID-19 Spam Wants Your Information, Money