Cyber News Roundup: Feds Warn of Cyber Threats, Zero-Day Hacks, How SMBs Can Survive a Ransomware Attack

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive regular updates here.

Federal agencies continue to warn about Russian cyber threats that could target critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory that includes information regarding “malicious cyber operations” and stated that it is “the most comprehensive view of the cyber threat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine in February,” as reported in The Hill.

The Latest on Zero-Day Hacks

The latest report from Google’s Project Zero division reveals that the most complex and time-consuming cyberattacks are still far too easy to pull off, according to The Washington Post. “Cyberattackers continue to have an advantage over defenders — even at the very top of the hacking food chain.” The report examines cyberattacks that use zero-day vulnerabilities. Zero-day hacks are when sophisticated hackers discover a vulnerability and exploit it before the developers are aware of the vulnerability. “Zero-day exploits can be quite damaging and have been at the root of some of the cybersecurity’s most important and troubling developments over the years,” reports CyberScoop. Recently, zero-day attacks have included an exploit from Israeli spyware firm, NSO Group, and built into software that it has sold to governments.

Can SMBs Survive a Ransomware Attack? Yes!

A recent CyberCatch survey reports that 75% of small to medium-sized businesses (SMBs) could only survive three to seven days following a ransomware attack, reports TechRepublic. A third of SMBs surveyed don’t have a written incident response plan to respond to cyberthreats. Additionally, 20% of respondents said they don’t have offline backups of their critical data that could be encrypted in an attack.

“Ransomware is an existential threat to SMBs who are a critical part of the supply chain,” said Sai Huda, CyberCatch founder and CEO. “Foreign adversaries and criminal gangs will increasingly attack SMBs with ransomware to not only extort ransom payments but also use as the entry point upstream to the eventual target, a large company, critical infrastructure, government agency, healthcare organization or other high value target.”

Fortunately, there are ways for companies to take action, regardless of their size. CyberCatch offers these tips, as reported in TechRepublic:

  • Establish a written incident response plan. As threats typically change and evolve quickly, make sure you test and update the plan at least every six months.
  • Scan internet-facing assets. Regularly scan your internet-facing IT assets for security vulnerabilities and patch them as soon as possible so that attackers can’t exploit them.
  • Test employees. Regularly give your employees simulated tests on phishing and social engineering attacks so they know how to avoid downloading malware and providing account access to attackers.
  • Segment your network. Segment your network into different portions, each one separate from the other. Also, be sure to air gap critical IT assets to prevent any ransomware from spreading across your entire network.
  • Require MFA. Require multi-factor authentication on all users or at least on all privileged users. MFA is still one of the best ways to stop attackers from using stolen credentials to launch ransomware.
  • Store backups offline. Make sure you save backups of critical files offline so that attackers can’t find and encrypt those backups.
  • Test your cybersecurity defenses. Finally, regularly test your cybersecurity tools and technologies from the outside and inside so you can discover any flaws or problems before attackers exploit them.

Frederic Kerrest, COO of Okta, a large cloud-based identity and access management company, offers cybersecurity insights for companies of all sizes and in all industries. In an interview with Yahoo! Finance, Kerrest reinforces the need to level up security across the entire organization — including public and private sector. He states that having simply good cybersecurity hygiene is a good place to start. His biggest piece of advice is “multifactor authentication, two-factor, and using it on all your key applications, both in business, but also at home, on your email, on your bank accounts, and ensuring that you have the right level of security and in a very basic way.”

Cyber Oregon sponsor blog post of interest: Zscaler: Uncovering new techniques and phishing attack trends from the cloud