Cyber Oregon https://cyberoregon.com Keeping Oregon Safe Online Fri, 22 May 2020 00:19:32 +0000 en-US hourly 1 https://cyberoregon.com/wp-content/uploads/2020/02/cropped-Cyber_Oregon_logo_favicon-32x32.jpg Cyber Oregon https://cyberoregon.com 32 32 Cyber News Roundup: Protecting the castle, $42M ransomware attack, cybersecurity spending up https://cyberoregon.com/2020/05/22/cyber-news-roundup-protecting-the-castle-42m-ransomware-attack-cybersecurity-spending-up/ Fri, 22 May 2020 15:00:00 +0000 https://cyberoregon.com/?p=6322 How do you protect the castle when your employees aren’t working from a centralized office space? Sowmyanarayan Sampath, president of global enterprise for Verizon Business Group, advises, “Protecting company computer networks when so many are working from home requires ‘a major mindset change.’ Whereas companies have long thought of enacting cybersecurity measures as building a…

The post Cyber News Roundup: Protecting the castle, $42M ransomware attack, cybersecurity spending up appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

How do you protect the castle when your employees aren’t working from a centralized office space? Sowmyanarayan Sampath, president of global enterprise for Verizon Business Group, advises, “Protecting company computer networks when so many are working from home requires ‘a major mindset change.’ Whereas companies have long thought of enacting cybersecurity measures as building a moat around a castle, when employees aren’t working from a centralized office space, it’s even harder to identify where the ‘castle’ is. Companies should adopt a ‘zero trust’ approach to security. Everyone touching your network has to be authenticated. Every application, every bit of data that comes in, you verify it…You just have to do a lot more to check, (including) multi-factor authentication, identity management, encryption.”

The latest data is in from Verizon’s 2020 Data Breach Investigations Report. What’s new this year?

  • 86% of the data breaches it analyzed from 2019 were for financial gain — up from 71% in the year prior
  • Many data breaches were conducted by organized criminal groups. Other motivators include espionage, ideology and so-called “secondary” motivators, such as a desire to steal intellectual property or trade secrets.
  • 67% of breaches were caused by one of three common issues: credential theft, social attacks such as phishing, and human errors like leaving a password written somewhere others can see.

As CNN reported, “Credential theft is often easy because people have poor “password hygiene,” using weak passwords or the same password across multiple websites,” says Sampath. “If you have common passwords for many sites, and one site gets exposed and that information is available on the dark web, (bad actors) will go through and try different sites to see what opens up.”

Latest ransomware attack demands $42 million

Last week’s attack on New York-based law firm Grubman Shire Meiselas & Sacks to infiltrate the law firm’s network resulted in the theft of up to 756GB of data including contracts, nondisclosure agreements, phone numbers, email addresses, music rights, and personal correspondence of a large number of well-known American celebrities. The latest news is the group is now demanding $42 million and threatening to release controversial information on U.S. President Donald Trump, according to a Teiss news report.

Teiss author Jay Jay reports that the hackers initially demanded a ransom of $21 million and gave the law firm a week’s time to pay the ransom. The firm agreed to pay $365,000, resulting in the ransom doubling to $42 million. The hacker group is now threatening to release “dirty laundry” on U.S. President Donald Trump. The FBI is currently investigating this incident.

“This is why businesses or organisations no matter what size, must prepare for the eventuality of a ransomware attack. Implementing strong resiliency measures will put businesses in the best position to recover should the worst happen. Failing to do so can have disastrous reputational impact, in this case, on a presidential re-election campaign. As the number of ransomware attacks continues to rise, organisations must start thinking about implementing effective contingency plans and network security solutions now, rather than later,” comments Carl Wearn, head of e-crime at Mimecast.

Dark web resurfaces with “access for sale” exploits

Lance Whitney with TechRepublic reports on the Dark Web and the latest exploits. There has been an increase in software, exploits, and credentials to allow hackers to illicitly control one or more remote computers. “Such access allows attackers to directly target business networks or hire skilled ‘professionals’ to hack into networks to infect machines with malware. Privileged access to a company’s entire network infrastructure is around $5,000, but Whitney writes that the asking price can range from $500 to $100,000. Again, the COVID-19 pandemic prompting the shift to remote working is exacerbating the problem. “Hackers are hunting for any weaknesses in network security, including unprotected web applications, non-updated software, and incorrectly configured servers with weak administrator passwords,” writes Whitney.

“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network,” says Vadim Solovyov, senior analyst with Positive Technologies. “Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time. Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”

Cybersecurity spending expected to rise post-COVID 19

Companies are rethinking their technology and cybersecurity budgets and cybersecurity spending is expected to be on the rise, post-COVID-19 pandemic. A new report by LearnBonds finds that 70% of major organizations plan to increase cybersecurity spending. According to a TechRepublic article, companies worldwide spent $34 billion on cybersecurity solutions in 2017. Before COVID-19, this amount was projected to hit $42 billion in 2020, indicating that cybersecurity concerns were already growing even before the outbreak. The pandemic has created a “bevy of opportunities for cybercriminals [and] this number is predicted to inevitably increase,” according to the report. The top threats these past few months are phishing and malicious websites, according to Check Point. “The Coronavirus pandemic has brought perhaps the fastest, starkest change to working patterns around the world in living memory,” says Check Point in a blog post.

The company surveyed IT and security professionals and found that 95% of security professionals say they are facing added IT security challenges due to the spread of coronavirus and 71% have noticed an increase in security threats or attacks since the beginning of the coronavirus outbreak. The leading threat cited is phishing, malicious websites purporting to offer information or advice about the pandemic, increases in malware and ransomware attacks. Check Point recommends organizations ensure business continuity by protecting themselves with a holistic, end-to-end cyber architecture. “This means ensuring accessible and reliable connections between corporate networks and remote devices, 24/7, promoting collaboration and productivity between teams, networks and offices, and retaining robust security against evolving threats and cybercrime techniques.”

Best cybersecurity practices are basic

The best cybersecurity practices, according to IBM’s Security Intelligence, are to refocus on the most basic security hygiene steps:

  • Make sure that all systems are properly patched and current
  • Make sure that all endpoints have up-to-date malware and antivirus protection
  • Make sure only the necessary firewall ports are open

Srini Tummalapenta, CTO, security services at IBM, reiterates that it’s never too late (or too early) to practice effective IT security hygiene. “Chief information security officers (CISOs) need to reinforce and reteach that connecting insecure, unhygienic home-based machines to your corporate network is highly risky behavior that can result in an infection or a breach,” he says. “Keeping your IT infrastructure secure need not be complicated — but it does require effort, the right technology and expertise.”

Partner blog of interest: Symantec: Text-Based COVID-19 Spam Wants Your Information, Money

The post Cyber News Roundup: Protecting the castle, $42M ransomware attack, cybersecurity spending up appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Remote work challenges, cyber shortage, and a sinkhole? https://cyberoregon.com/2020/05/08/cyber-news-roundup-remote-work-challenges-cyber-shortage-and-a-sinkhole/ Fri, 08 May 2020 13:30:00 +0000 https://cyberoregon.com/?p=6297 Amidst the COVID-19 pandemic, the shift to remote working has increased exponentially, as have security vulnerabilities. TechRepublic reports that this shift has left many businesses more exposed to cybersecurity threats, with nearly half saying they’ve encountered at least one scare. Reporter Owen Hughes covers a recent study by Barracuda Networks that indicated that 46% had…

The post Cyber News Roundup: Remote work challenges, cyber shortage, and a sinkhole? appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Amidst the COVID-19 pandemic, the shift to remote working has increased exponentially, as have security vulnerabilities. TechRepublic reports that this shift has left many businesses more exposed to cybersecurity threats, with nearly half saying they’ve encountered at least one scare. Reporter Owen Hughes covers a recent study by Barracuda Networks that indicated that 46% had experienced at least one security incident since the start of the COVID-19 lockdown, with 51% recording an increase in the number of email phishing attacks. Furthermore, 49% said they anticipated a data breach or similar cybersecurity incident within the next month. Many believe their workforce is not adequately educated in the security risks associated with working from home. Fleming Shi, CTO of Barracuda Networks, says, “Inevitably, the switch to a complete remote-working model in such a short space of time brings with it a myriad of security challenges, particularly with many employees using personal devices to exchange and share data.”

One of the simpler protection steps individuals can implement – and organizations can enforce – is multi-factor authentication. Here’s a quick walkthrough of how to set up two-factor authentication for Gmail in Outlook.

Cyber workforce shortage: critical condition

In a Security Magazine article, Kurt John writes that human strategy is the best cyber defense to combat COVID-19, “Before the pandemic, recruiting for cyber jobs was a critical challenge for many companies. Fast-forward to where we are now and the need for a highly-skilled cyber workforce is even more paramount.” John reinforces the need to tap into our best defenses: the human strategy. He reiterates that security is central to every business strategy, and that while digital analytics might detect something strange, the human expert is essential to decide if there’s really a cybersecurity problem. “People will always be central to cybersecurity and will need organizational support and investment. In a post-COVID world, our workforce will be dramatically different. So, as we emerge as a changed society and workforce, it is critical that we focus on meeting the needs of the challenges and priorities of today, by cultivating a highly-skilled cyber workforce, ready and able to secure a modern, remote and digital world,” states John.

Web skimming hack, China espionage campaign brought to light

The latest hacking campaign is one of the most complex and innovative hacking campaigns detected to date. ZDNet reports that a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites. This is called a web skimming, e-skimming, or a Magecart attack, in which “hackers breach websites and then hide malicious code on its pages, code that records and steals payment card details as they’re entered in checkout forms,” according to the article.

Meanwhile, hackers in China have been carrying out a five-year cyber espionage campaign against governments in the Asia Pacific region, according to a CNBC news report. The group, called Naikon, “targets ministries of foreign affairs, science and technology, as well as government-owned companies with the aim of gathering geo-political intelligence.” The group used spear-phishing techniques to elicit information – such as contacts and documents – to attack other departments within the government, according the report.

“What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills and introducing a new cyber-weapon with the Aria-body backdoor,” said Lotem Finkelsteen, manager of threat intelligence at Check Point.

The cybersecurity sinkhole quandary

In unrelated news – or maybe related news – the U.S. Department of Defense issued a bulletin about a Chinese-linked hacking group responsible for suspicious activity aimed at defense contractors in the U.S. According to CyberScoop, the bulletin highlights concerning activity coming from a “sinkhole.” The article explains that sinkholes are used by researchers to capture bad internet traffic, mostly coming from botnets, and block infected machines from carrying out their orders. “While the sinkhole’s stated purpose is to conduct security research, the actual traffic going through the sinkhole and emanating from it is likely malicious in nature. Data may be leaking, not only outside the company, but outside the country,” the article reports.

Many cybersecurity experts are speculating on possible causes of the sinkhole leaking information, possible hacks, and origins of the bulletin. In the meantime, a National Security Agency official stated that users should continue to patch and be running two-factor authentication.

Partner blog of interest: PKI Solutions: Our Advanced PKI Training Course is Now Online

The post Cyber News Roundup: Remote work challenges, cyber shortage, and a sinkhole? appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber Crime Spikes During Pandemic; Hospitals at Great Risk https://cyberoregon.com/2020/04/24/cyber-news-roundup-cyber-crime-spikes-during-pandemic-hospitals-at-great-risk/ Fri, 24 Apr 2020 15:00:00 +0000 https://cyberoregon.com/?p=6285 The FBI has seen a spike in cybercrime reports since the onset of the COVID-19 pandemic. “We’ve seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion,” says FBI assistant director Tonya Ugoretz, a ZDNet article reports. Additionally, foreign hackers continue to target U.S.-based COVID-19…

The post Cyber News Roundup: Cyber Crime Spikes During Pandemic; Hospitals at Great Risk appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

The FBI has seen a spike in cybercrime reports since the onset of the COVID-19 pandemic. “We’ve seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion,” says FBI assistant director Tonya Ugoretz, a ZDNet article reports. Additionally, foreign hackers continue to target U.S.-based COVID-19 research, mainly targeting the national healthcare sector and medical research institutes. The National Counterintelligence and Security Center (NCSC) cautions about who you do business with, “With supply chains in turmoil during COVID-19, many organizations are turning to alternate vendors and suppliers. Some vendors may be insecure or compromised by threat actors seeking to access your data. Adversaries increasingly use third-party suppliers as attack vectors.”

The healthcare sector is getting hit from all angles. The temporary hospitals and medical centers are “rife with cybersecurity vulnerabilities,” according to Healthcare IT News, due to the fact that they are remote and sit outside of a defense-in-depth architecture. Tom Burt, corporate vice president of Microsoft Customer Security & Trust, concurs, “They are being set up quite quickly with constrained budgets, and the budget for those is not on IT, it’s on PPE, patient care, getting testing set up, everything a center should be focused on during this crisis.” State actors are looking for the most vulnerable point in a communications network. Burt encourages that healthcare organizations take some immediate steps:

  1. Make sure software is updated and fully patched
  2. Enable two-factor authentication for every account to the center’s system
  3. Ensure the system is backed up offline

Reporter Nathan Eddy makes the point that “hospital administrators already fight on a daily basis to patch, upgrade, and maintain physical systems within predefined facilities, and these systems are available 24/7, 365 days a year, which means there is a constant routine to maintain security hygiene.” Natali Tshuva, CEO and cofounder of Sternum, said it’s the rapid deployment of these temporary medical units that concerns her the most. “Because we are establishing these units so quickly, there simply is not enough time to build the proper IT infrastructure to protect the overall network, either via an effective firewall or through other cybersecurity measures.”

“The novel coronavirus has created a raging contest between cybercriminals piggybacking on the disease for scams and defenders trying to protect a populace more reliant on the Internet than ever,” write Washington Post reporters Joseph Marks and Tonya Riley in a pandemic-meets-cybersecurity article. The U.S. Department of Justice has disrupted hundreds of websites that were exploiting the virus to commit fraud. The FBI’s Internet crime center is urging people to be on guard against strangers requesting personal or medical information.

Increase in phishing scams

Coronavirus phishing scams are taking advantage of employees working from home for the first time. According to ZDNet, there has been a string of attacks designed to exploit confusion, with the goal to steal passwords and login details or steal corporate information. Just this last month, “more than 2,000 online scams related to coronavirus in the last month, including 471 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites, 200 phishing sites and 832 advance-fee frauds, where a large sum of money is promised in return for a set-up payment.”

Individuals and organizations of all sizes can double-check these six tips from the UK’s National Cyber Security Centre, detailed in full on the NCSC website:

  • Turn on two-factor authentication for important accounts
  • Protect important accounts using a password of three random words
  • Create a separate password that you only use for your main email account
  • Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
  • Save your passwords in your browser
  • To protect yourself from being held to ransom, back up important data

With an increased remote workforce, individuals need to be aware of the latest Skype phishing attacks that are targeting passwords. According to ThreatPost, reporter Lindsey O’Donnell writes that the campaign is one of many looking to leverage the wave of remote workers who now rely on online conferencing tools such as Webex, Skype, and Zoom. “With this upward spike in online meetings, compromised Skype credentials could be sold on underground forums, or used to log into accounts where sensitive files and data are shared,” she writes. “With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures,” said Cofense researchers, who issued the report.

New email security vulnerabilities have also surfaced around Apple iPhones. TechCrunch’s Zack Whittaker writes that researchers say that hackers have already used this vulnerability to steal data from victims’ devices. The bug is in the iPhone default Mail app. “By sending a specially crafted email to the victim’s device, an attacker can overrun the device’s memory, allowing the attacker to remotely run malicious code to steal data from the device,” said Zuk Araham, chief executive with ZecOps. Until Apple issues a patch, high-risk users should disable the Mail application for now.

Partner blog of interest: Zscaler: 30,000 Percent Increase in COVID-19-Themed Attacks

The post Cyber News Roundup: Cyber Crime Spikes During Pandemic; Hospitals at Great Risk appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Guidance Through the Pandemic https://cyberoregon.com/2020/04/10/cyber-news-roundup-guidance-through-the-pandemic/ Fri, 10 Apr 2020 14:00:39 +0000 https://cyberoregon.com/?p=6277 “The current pandemic is not only a serious health issue, but potentially a major cybersecurity risk,” said Ajay Bhalla, president of cyber and intelligence for Mastercard.  Fear and stress are on the rise amidst the COVID-19 pandemic. New research from Microsoft indicates that every country in the world has seen at least one COVID-19-themed attack –…

The post Cyber News Roundup: Guidance Through the Pandemic appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

“The current pandemic is not only a serious health issue, but potentially a major cybersecurity risk,” said Ajay Bhalla, president of cyber and intelligence for Mastercard. 

Fear and stress are on the rise amidst the COVID-19 pandemic. New research from Microsoft indicates that every country in the world has seen at least one COVID-19-themed attack – these attacks, including the increase of phishing lures, are capitalizing on fear. What can defenders and protectors of information do? According to Microsoft, “defenders require visibility across each of these domains and automated correlation across emails, identities, endpoints, and cloud applications to see the full scope of compromise.” Many solutions are found in the products, software, and services organizations use every day, including anti-malware software and multi-factor authentication.

COVID-19-themedattacks across the world. Source: Microsoft

The newest COVID-19 phishing attack is based on emails coming from the White House. As a Security Boulevard article reports, INKY CEO Dave Baggett said these phishing attacks appear to be coming from Russia. He said, “These COVID-19 phishing attacks represent a new low for cybercriminals in that they prey on the anxieties of individuals working at home to compromise credentials and spread malware.”

Two agencies, the U.S. Cybersecurity and Infrastructure Agency and Britain’s National Cyber Security Centre reinforced that hackers of all varieties are leveraging anxiety around the outbreak to push people into clicking links and downloading attachments, according to the article in Venture Beat. “The cybersecurity industry has been sounding the alarm for weeks over the threat of coronavirus-themed malicious software and booby-trapped emails.”

“Bad actors are using these difficult times to exploit and take advantage of the public and business,” Bryan Ware, CISA’s assistant director for cybersecurity, said in a statement.

Industries with critical infrastructure are at greater risk during the pandemic

Critical infrastructure industries, such as oil and gas, manufacturing, and utilities, are at a bigger risk, according to a TechRepublic article. Dave Weinstein, chief security officer at Claroty, reinforces that  IT security teams need to make sure there is an identity management solution in place, especially as employees have to access systems remotely. He recommends:

  1. Amp up remote access management security protocols, such as not sharing passwords in plain text and unique IDs
  2. Use VPN technology and ensuring you have the latest patches
  3. Have secure passwords on wireless routers
  4. Run up-to-date equipment

Don’t cut cybersecurity spending

Now is the time for companies of all sizes to pause and look at the security of their network, and take inventory and assess tools and vendors. A new study by Ponemon Institute, The Economic Value of Prevention in the Cybersecurity Lifecycle, shows that preventing cyberattacks strengthens organizations’ security posture, yet the majority of organizations are focused on detection and containment. “This study shows that the majority of companies are more effective at containing cyberattacks after they happen because it is perceived to be more accountable,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions.”

Best practices for a remote workforce

Chief human resources officer at Verizon, Christy Pambianchi, is working from home with 134,000 colleagues due to the pandemic and has these best practices to share, according to an article by Larry Dignan in ZD Net:

  • It’s hard to plan for a pandemic and moving 135,000 people remote so you have to just leap. Verizon moved telesales, customer care, solutions specialists and staff functions remote. IT also went remote as did a lot of retail associates.
  • Remote work means remote training. In the last week, Verizon put 25,000 workers through virtual training on how to perform their roles.
  • Be patient and flexible. There will be distractions, there will be barking dogs and there will be kids on your video calls. Move on.
  • Gear has to get to the front lines. Pambianchi said Verizon allowed front line folks to “home garage” instead of coming to a central office to batch tickets, tools, and equipment for the day. Verizon also had to get laptops and cameras to folks to enable online work and support from home.
  • Hold office hours and take questions. Pambianchi has an “Ask Christy” inbox and executives film a video for employees on key topics.
  • This move to remote work can speed up digital transformation. “I’m kind of excited about looking at this as an innovation opportunity, versus just a disruption,” said Pambianchi. “We’re learning a lot of new things.”
  • Video is “not as bad of a substitute” for face-to-face meetings. That said, Pambianchi expects a premium to be placed on in-person connections once the pandemic is over.
  • Orthodox rules will be rethought. These orthodoxies are all over the place within corporations, but the move to remote work will likely enable a more decentralized Verizon and create more of an internal skills market for expertise, she said.
  • Be patient. “People are scared right now,” said Pambianchi. “We’re just encouraging our coworkers to be patient with each other because stress and anxiety come out in different ways. And as everybody’s flipping to this new normal, while also facing what may be some personal risks, we’re trying to make sure we just all exercise patience with each other.”    

Partner blog of interest: Crowdstrike: Communication Is Key to Keeping Remote Workers Safe and Secure

The post Cyber News Roundup: Guidance Through the Pandemic appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Taking Cybersecurity Precautions Amidst Coronavirus Pandemic https://cyberoregon.com/2020/03/20/cyber-news-roundup-taking-cybersecurity-precautions-amidst-coronavirus-pandemic/ Fri, 20 Mar 2020 19:38:25 +0000 https://cyberoregon.com/?p=6274 If your life hasn’t already been turned upside down as a result of the COVID-19 pandemic, you will want to add cybersecurity precautions to your staying healthy list, in order to further protect yourself and your data. Hackers are exploiting the coronavirus and cyber experts are urging people to take extra precautions to when it…

The post Cyber News Roundup: Taking Cybersecurity Precautions Amidst Coronavirus Pandemic appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

If your life hasn’t already been turned upside down as a result of the COVID-19 pandemic, you will want to add cybersecurity precautions to your staying healthy list, in order to further protect yourself and your data. Hackers are exploiting the coronavirus and cyber experts are urging people to take extra precautions to when it comes to clicking links. According to an article in Fortune, the latest hacking techniques are coronavirus-themed phishing campaigns that when clicked, could prompt malicious malware on your system that could be used to steal victims’ personal data or freeze computers. Cybersecurity firm Nocturnus issued a report with these key findings about these new cyberattacks:

  • Coronavirus-themed Attacks: Multiple types of campaigns are occurring that specifically target regions most heavily impacted by the coronavirus with coronavirus-themed files and domains.
  • Leveraging Anxiety: Attackers are abusing the pandemic for their benefit by manipulating people’s anxiety over the virus to trick them into downloading malware.
  • Taking Advantage of Remote Workers: Attackers are taking advantage of the shift to remote work by promoting malware masquerading as VPN installers. This is particularly dangerous as businesses make the transition to remote work and suggest best practices to employees, including the use of VPNs.
  • Using Mobile Malware: Attackers are creating malicious mobile applications posing as legitimate apps developed by the World Health Organization to help individuals recover from coronavirus. Instead, the application downloads the Cerberus banking trojan to steal sensitive data.
  • Targeting Healthcare Organizations: Attackers are using ransomware to target healthcare organizations, arguably the most vital and overworked among us at this time.

Here are security precautions to take especially now, courtesy of Nocturnus:

  • Be Careful: To significantly reduce the likelihood of falling victim to a phishing attack, it is best to be careful while browsing online and checking email. Check the authenticity of the sender for any email you download information from, and check if the content makes sense to you. If there is any doubt, do not click on it and report it to your security team immediately.
  • Watch Out for Shortened Links: If you have any doubt about the validity of a link, open a new browser window and type the URL into the address bar. Examine the URL and make sure it is authentic.
  • Be Wary of Emails Asking for Confidential Information: Emails that ask for information such as credentials, credit card information, and other sensitive data are usually not legitimate. Legitimate organizations, including and especially banks, will never request sensitive information via email and will always redirect you to a secure website or other channels.
  • Only Download Files from Trusted Websites: Double check that a website you are using is legitimate and trusted. To download specific VPNs, search for the company’s official website and install directly from there. Avoid downloading cracked versions, since they are usually bundled with other software or malware and can cause damage to the machine.

In fact, just this week the U.S. Health and Human Services Department was hacked. Sarah Coble, covers the news in Infosecurity Magazine, writing that “the attack was thought to have been motivated by a desire to slow the agency down and spread misinformation among the public.” Jake Moore, cybersecurity specialist at ESET said, “Suffering a cyber-attack in the midst of a pandemic adds salt to the wound when organizations are already at full stretch. We all need to be more vigilant at the moment and take even more caution when communicating remotely.”

Working remotely imposed worldwide: Empowering workers, but precautions are prudent

In an interview with European cybersecurity agency ENISA, ZDNet highlights ENISA’s security recommendations while remote working taking place around the world is skyrocketing around the world. ENISA warns “Attackers are exploiting the situation, so look out for phishing emails and scams,” ENISA said. The agency warns remote workers to be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source.

“Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments.”

ENISA says employers should:

  • Provide initial and then regular feedback to staff on how to react in case of problems. That means info on who to call, hours of service and emergency procedures.
  • Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities.
  • Provide virtual solutions. For example, the use of electronic signatures and virtual approval workflows to ensure continuous functionality.
  • Ensure adequate support in case of problems.
  • Define a clear procedure to follow in case of a security incident.
  • Consider restricting access to sensitive systems where it makes sense.

In the Forbes article, Cybersecurity When It Comes To Remote Work Means Zero Trust, author Jun Wu interviews Alex Willis with Blackberry who says, In today’s world, the remote worker needs to be able to do everything they can do from their desk if you want your organization to remain productive and competitive. Users won’t accept anything less, so it’s also a retention strategy. But, allowing employees to access critical business systems and data from machines and networks you don’t manage or trust means the risk grows exponentially.” What are immediate things medium-sized and small companies can do related to cybersecurity to enable their employees to work from home? Wu writes that regardless of organizational size, cybersecurity planning and response readiness is critical and achievable. NIST is a good resource for published cybersecurity frameworks. “One of the key things about developing a good cybersecurity process isn’t about the resources or the team. Cybersecurity is everyone’s job,” says Willis.

Partner blog of interest: Fortinet: CSO Strategies for Navigating Challenging Times

The post Cyber News Roundup: Taking Cybersecurity Precautions Amidst Coronavirus Pandemic appeared first on Cyber Oregon.

]]>
Special Edition: A Recap of RSAC 2020 https://cyberoregon.com/2020/03/03/a-recap-of-rsac-2020/ Tue, 03 Mar 2020 15:43:46 +0000 https://cyberoregon.com/?p=6245 Another RSA Conference is in the books! Big topics ranged from supply chain security, AI for Good, U.S. election security, and the coronavirus. With more than 40,000 people attending the world’s leading information security conference in San Francisco this year, what were Cyber Oregon sponsors and Oregon companies up to? In our Cyber News Roundup…

The post Special Edition: A Recap of RSAC 2020 appeared first on Cyber Oregon.

]]>
Another RSA Conference is in the books! Big topics ranged from supply chain security, AI for Good, U.S. election security, and the coronavirus. With more than 40,000 people attending the world’s leading information security conference in San Francisco this year, what were Cyber Oregon sponsors and Oregon companies up to? In our Cyber News Roundup RSAC 2020 Preview, we highlighted those companies that had a presence at last week’s mega conference.

Our own Charlie Kawasaki, vice chair of the Oregon Cybersecurity Advisory Council, and PacStars CTO, was onsite at RSAC 2020 to provide highlights:

CrowdStrike

At RSAC 2020, Crowdstrike won SC Media Excellence Award for best security company. SC Media states that the primary reason for this honor “is the company’s latest outstanding efforts at protecting the user community The solution defends customer workloads across on-premises, virtualized and cloud-based environments running on a variety of endpoints, on- or off-network.” For a complete list of the company’s product and service announcements, please read this Crowdstrike blog post.

Charlie explores a Crowdstrike dashboard to detect threats.

Eclypsium

Eclypsium was onsite to showcase its enterprise firmware protection platform. At the conference, it was named a winner in the Info Security Products Guide’s 2020 Global Excellence Awards, recognized as Best Security Startup for delivering the industry’s first enterprise firmware protection platform. Read the announcement here. In recent Wired coverage, Hundreds of Millions of PC Components Still Have Hackable Firmware, Eclypsium’s research was featured. “When I look at the industry at large, the PCs and servers being shipped, there isn’t a single device in the market that is entirely secured,” says Rick Altherr, principal engineer at Eclypsium. “If you look at any laptop, I guarantee there will be some unsigned component inside of it.”

Charlie with Ron Talwalker, vice president of products, Eclypsium, Inc.

Fidelis Cybersecurity

Ahead of RSAC 2020, Fidelis announced significant enhancements to its Elevate Platform to help organizations proactively defend their cyber terrain. Read the press release here. At RSAC 2020, Fidelis was named one of the 25 Hot Risk, Operations and Threat Intelligence Platforms. In CRN’s coverage, “Fidelis extends the platform’s capabilities to enable security operations teams to move quickly and accurately detect threats and anomalous behavior while also allowing incident responders to remotely bring an endpoint to their fingertips.”

Charlie gets a Fidelis demo about how to think like an attacker.

Fortinet

Fortinet showcased its Fortinet Secure SD-WAN, deployed by more than 21,000 customers globally. According to the company, “the ongoing creation and refinement of a WAN solution designed to support Fortinet’s rapidly expanding internal network of data centers, branch offices, and later, cloud-based services led to the development of a sophisticated, purpose-built SD-WAN solution built on the back of Fortinet’s market-leading FortiGate appliances for ultimate security.” It’s designed to maintain high network performance demands and processing massive amounts of data, and business-critical services such as streaming video. In the CSO article, 5 standout products from RSA 2020, Fortinet’s FortiAI security appliance was included as one to look into, since it can find and identify threats in real time.

Charlie “secures” a demo at Fortinet.

McAfee

McAfee highlighted cloud managed endpoint security: defend all devices, deploy your way. McAfee’s cloud security solutions offer data and workload protection across the entire cloud spectrum: “to enable rapid collaboration and a more responsive, elastic business.” McAfee just announced that it was named a 2020 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers for its MVISION Cloud solution. Read more here. McAfee had a plethora of theater sessions at RSAC 2020 including Improve Your Cloud Security Risk Posture in Real Time, 5 Key Considerations for Cloud Native Threats, and Cloud Security: Reimagine Your Perimeter. Read all of the sessions here.

Charlie at McAfee’s booth, a core, cloud security player at RSAC 2020.

Palo Alto Networks

“Secure the enterprise, secure the cloud, secure the future.” Palo Alto Networks discussed several big issues, including the role of identity access management (IAM) in cloud security. Did you know that 84% of organizations use a multi-cloud strategy, according to RightScale. For more on getting IAM security right, read here. The company also showcased how groundbreaking AI systems are being used to tackle the fast-merging threat of deepfakes. The company featured entertainment A-listers, a fireside chat with CEO and chairman Nikesh Arora and actor Jake Gyllenhaal. More here. And a concert with Sheryl Crow.

Charlie navigates the Palo Alto Networks booth.

PKI Solutions’ president and founder, Mark Cooper, gave multiple presentations, including “The Secrets to Secret Management” and “Quantum Preparedness: Take Action Now Before the Crypto Sky Falls” in standing-room only partner booths. Lots of discussions generated with The PKI Guy!

Mark Cooper, aka The PKI Guy, gave several presentations.

Splunk

Splunk was just named a leader for the seventh consecutive time in Gartner’s 2020 Magic Quadrant for Security Information and Event Management. According to Splunk, “organizations around the world are going through a time of unprecedented change, driven by an explosion of new technologies and innovations. This change creates more data than ever imagined, which in turn creates wider attack surfaces and increasing security risk for organizations of all sizes.” Read the press release here. Additionally, the company discussed SOAR technology, the Security Orchestration Automation and Response, that enables the automation of work that security analysts would typically perform manually. “Automation targets many routine tasks to free up analysts to perform more proactive, higher-order activities,” says Oliver Friedrichs, vice president of security products at Spunk via an interview by SiliconANGLE.

Charlie in front of Splunk’s booth before a discussion about attack surfaces.

Zscaler

Zscaler was onsite with the message “eliminate your attack surface with Zscaler.” In recent research, the company shines a light on the IoT threat landscape. According to Deepen Desai, vice president of security research for Zscaler and director of ThreatLabZ, “the IoT threat landscape is continuously expanding and changing as manufacturers bring devices to market for consumers and businesses alike. With the space completely unregulated and devices being pumped out like candy, organizations are scrambling to gain an understanding of what is actually transpiring on the corporate network, what types of devices are communicating and transporting data, and how to secure the IoT ecosystem as a whole.” Desai believes that the U.S. is in a prime position to lead efforts toward improving IoT manufacturing security policies. “By creating visibility into your IoT devices, implementing sound zero trust network access policy, and helping to enact change in the way the world creates and regulates IoT devices, you can shine a light on shadow IoT to protect your organization and customers. More about this research can be found here.

Zscaler proclaims “eliminate your attack surface.”

The post Special Edition: A Recap of RSAC 2020 appeared first on Cyber Oregon.

]]>
Cyber News Roundup: RSAC 2020 Preview https://cyberoregon.com/2020/02/21/cyber-news-roundup-rsac-2020-preview/ Fri, 21 Feb 2020 15:00:00 +0000 https://cyberoregon.com/?p=6207 The industry is heading to the world’s leading information security conference, RSA Conference, taking place February 24-28, 2020 in San Francisco. What will be hot at this year’s conference? According to Mirko Zorz, editor-in-chief of Help Net Security, in an interview with Mark Cooper, aka The PKI Guy in The PKI Guy’s Q&A Series, “I’ve…

The post Cyber News Roundup: RSAC 2020 Preview appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

The industry is heading to the world’s leading information security conference, RSA Conference, taking place February 24-28, 2020 in San Francisco. What will be hot at this year’s conference? According to Mirko Zorz, editor-in-chief of Help Net Security, in an interview with Mark Cooper, aka The PKI Guy in The PKI Guy’s Q&A Series, “I’ve been coming to RSAC for nearly 20 years and it’s definitely the place where you can find out what industry leaders are thinking.” Zorz anticipates these topics will get a lot of attention this year:

  • Voting, election security and the impact of disinformation campaigns
  • Using machine learning and artificial intelligence
  • IoT, the insecurity of medical devices, car hacking
  • The implications of GDPR and the introduction of CCPA
  • The insecurity of Industrial Control Systems and the increased convergence of IT and OT
  • The impact of open source tools on product security

Oregon companies will at RSAC 2020 in full force. Here are Cyber Oregon sponsors that will have a presence:

CrowdStrike, Booth 5345 (North Hall)

CrowdStrike continues to expand its CrowdStrike Falcon platform, adding new capabilities and gaining important new partnerships. CrowdStrike will present throughout the conference, including a keynote, “Hacking Exposed: Global Threat Brief” on Wednesday, February 26. For details about presentations, please visit the blog post: CrowdStrike’s Approach Echoed in RSA 2020 Theme, “Human Element.”

Eclypsium, Booth 29 (Early Stage Expo)

Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today. At the conference, it will showcase its enterprise firmware protection platform.

Fidelis Cybersecurity, Booth 1441 (South Hall)

Fidelis Cybersecurity will be presenting the APT28 attack simulation. APT28 is the advanced persistent threat that targeted the Democratic National Committee email system in the 2016 Presidential Election. According to the Fidelis blog post, “APT28, commonly referred to as “Fancy Bear,” employs sophisticated methods consistent with the capabilities of nation-state sponsored threat actors.”

Source: Fidelis Cybersecurity

The human element is the overarching theme at this year’s RSA Conference. Fidelis offers these 5 tips for putting the human element front and center; read more on the blog post:

  1. Enable your Cyber Warriors to know the terrain better than your adversary.
  2. Understand the attacker’s motives and objectives.
  3. Engage the attacker prior to impact.
  4. Decide and act faster than the attacker.
  5. Shape the attacker’s experience.

Fortinet, Booth 5855 (North Hall)

Fortinet will discuss secure SD-WAN and the need to protect branch connectivity, building Zero-Trust network access, and the latest innovations in AI-driven security operations, and dynamic cloud security. Ken Xie, Fortinet’s founder, chairman, and CEO will deliver a keynote “On the Edge of Something Big: Security’s Next Frontier,” on Thursday, February 27. For more information on presentations and activities, please visit the blog post Fortinet at RSA 2020: Building the Secure Network of Tomorrow.

McAfee, Booth N-5745 (North Hall)

McAfee has extensive presentations planned, including a keynote, “Obvious and Not-So Obvious Lessons Learned on the Path to Cloud-First IT,” on Monday, February 24. McAfee’s senior principal engineer and chief data scientist, Celeste Fralick, says that AI and humans have equally important roles in cybersecurity. “There are tasks that humans currently excel at that AI could potentially perform someday. But these tasks are ones that humans will always have a sizable edge in, or are things AI shouldn’t be trusted with.” For a schedule of presentations, please visit the blog post.

Palo Alto Networks, Booth N-5995

Palo Alto Networks has worked with tens of thousands of organizations to prevent cyberattacks. It will be showcasing its Security Operating Platform that combines the latest breakthroughs in security, automation, and analytics. Greg Day, vice president and CSO, EMEA at Palo Alto Networks, is on the committee that selects presentations for the conference. In his blog post, What the Cybersecurity Industry Needs to Discuss at the RSA Conference 2020, he outlines key topics that will be discussed – or should be – at this year’s conference:

  • Fakes and deep fakes are the new buzzwords.
  • Smartphones are being used in surveillance attacks.
  • Ransomware is getting more sophisticated as companies pay out.
  • Supply chain attacks are on the rise.
  • DevOps speeds up software development but increases security risks.
  • Emulation and decoy environments must be credible.
  • Cloud incident response requires new tools and skills for in-house security teams.
  • Artificial intelligence and machine learning.
  • Hardware and firmware attacks are back.
  • Power users need protection.
  • The security industry is finally taking action on DNS spoofing.

PKI Solutions will be crypto adventuring throughout RSAC. Mark Cooper, president and founder of PKI Solutions, aka The PKI Guy, will be presenting “Quantum Preparedness: Take Action Now Before the Crypto Sky Falls” and “The Secrets to Secret Management” in partner booths. Read the blog post, The PKI Guy’s Next Crypto Adventure, for details. You can participate in the RSAC 2020 contest, “Name The PKI Guy’s Next Adventure Contest and Win!” whether you are attending in person, or in spirit. Simply fill in the blank, “The PKI Guy and ________” and submit to thepkiguy@pkisolutions.com and post on social media and tag #ThePKIGuyAdventure for your chance to win two complimentary online PKI courses taught by The PKI Guy himself. Contest details are available here: https://www.pkisolutions.com/the-pki-guys-next-crypto-adventure/

Source: PKI Solutions

Splunk, Booth N-5865

Splunk will be showing its Security Operations Suite (SOC) that can spot fraudsters, malicious insiders, and APTs with machine learning-based detection. The company will be showcasing a variety of use cases through demos and theatre presentations; for a full list, please visit the blog post: Security is Everything at RSAC 2020. Splunk will be presenting “Modernizing the Security Operations Center: A Security Leader Panel.” For a complete listing of presentations and activities, please visit: https://www.splunk.com/en_us/about-us/events/rsa.html

Zscaler, Booth 1143 (South Hall)

Zscaler believes the perimeter has expanded and that security teams must now look at ways to provide secure access to apps across hybrid environments — and ensure that data remains protected as they do so — without getting in the way of transformation and without introducing risk. Read the blog post, “Zscaler at RSA: They Can’t Attack What They Can’t See,” for more information.

Charlie Kawasaki, vice chair of the Oregon Cybersecurity Advisory Council, and PacStars CTO, will be onsite at RSAC 2020 next week as Cyber Oregon’s roving reporter.

Stay tuned for more news and updates next week!

The post Cyber News Roundup: RSAC 2020 Preview appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber Attacks on Critical Infrastructure, Small Towns https://cyberoregon.com/2020/02/07/cyber-news-roundup-cyber-attacks-on-critical-infrastructure-small-towns/ Fri, 07 Feb 2020 18:37:30 +0000 https://cyberoregon.com/?p=6186 Our country’s critical infrastructure in the energy sector is vulnerable, with increased risks for cyber threats and shutdowns, especially with the increase of global attacks. Federal Computer Week reports that three federal agencies are taking action to improve our energy infrastructure, with more collaboration on defenses and cyberattack responses. The U.S. Department of Energy (DOE),…

The post Cyber News Roundup: Cyber Attacks on Critical Infrastructure, Small Towns appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Our country’s critical infrastructure in the energy sector is vulnerable, with increased risks for cyber threats and shutdowns, especially with the increase of global attacks. Federal Computer Week reports that three federal agencies are taking action to improve our energy infrastructure, with more collaboration on defenses and cyberattack responses. The U.S. Department of Energy (DOE), U.S. Department of Homeland Security (DHS), and U.S. Department of Defense (DOD) signed a new memorandum of understanding this week. “Through this agreement, we will strengthen the partnership between DOE, DHS, and DOD to enable intergovernmental cooperation and bolster our ability to proactively address cyber threats to critical energy infrastructure, and to respond effectively should those threats materialize,” said Karen Evans, DOE’s assistant secretary of cybersecurity, energy security and emergency response, in a February 3 statement.

Sharing threat information among government agencies and critical infrastructure providers has increased in urgency, states editor Mark Rockwell, especially because of recent military confrontations and cyber threats from Russia, China, and Iran. “In an increasingly dangerous global cyber environment, privately owned U.S. energy infrastructure could bear the brunt of a possible Iran-backed retaliatory cyberattack,” writes Rockwell. “The U.S. government is a keystone in defense of the mostly commercially-owned energy sector infrastructure.”

Ransomware attacks in manufacturing

Hackers are attacking not only the critical infrastructures, such as energy and power grids, but operations in manufacturing and utilities – referred to as industrial control systems (ICS). “The ICS-specific nature of the targeted processes indicates an evolvement brazenness,” states Joe Slowik, principal adversary hunter at Dragos, in a ZDNet article. What happens when a manufacturer is attacked? Attackers can take over critical systems and demand ransoms for the unlocking keys. Any outage or downtime to these environments could have a serious impact.

Small communities: big target

Local governments – especially those in small communities – are another big target for hackers looking to access personal data for ransom. What are they looking for? Social Security numbers, tax records – any personal informational that they can hold you hostage. A recent ransomware attack took place in Western North Carolina. According to the news report ABC WLOS, hackers broke into the Eastern Band of Cherokee Indians’ network, shutting down 1,000 computers across the police department and public health – and interrupting 911 communication. Bill Travitz, who works in the IT Department for the Eastern Band of Cherokee Indians, said, “It’s like lobbing a grenade into the network and letting it just hit everything.” John Barnard, co-founder of Know Network Risk, says small governments are increasingly the targets because they lack big IT budgets, they lack people resources – they are “the soft underbelly that is easier to attack.”

Latest report on cyberattacks: malware is skyrocketing

There are 1,200 malware variants discovered daily – that’s 440,000 malware variants in 2019 alone. So reports SonicWall in its latest cyber threat report. “Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner. Report findings include:

  • Cybercriminals change approach to malware: “Spray-and-pray” tactics that once had malware attack numbers soaring have been abandoned for more targeted and evasive methods aimed at weaker victims.
  • Targeted ransomware attacks cripple victims: Highly targeted attacks left many state, provincial, and local governments paralyzed and took down email communications, websites, telephone lines, and even dispatch services.
  • The Internet of Things (IoT) is a treasure trove for cybercriminals: Bad actors continue to deploy ransomware on ordinary devices, such as smart TVs, electric scooters and smart speakers, to daily necessities like toothbrushes, refrigerators and doorbells.
  • Cryptojacking continues to crumble: The volatile shifts and swings of the cryptocurrency market had a direct impact on threat actors’ interest to author cryptojacking malware.
  • Fileless malware targets Microsoft Office/Office 365, PDF documents: Cybercriminals used new code obfuscation, sandbox detection, and bypass techniques, resulting in a multitude of variants and the development of newer and more sophisticated exploit kits using fileless attacks instead of traditional payloads to a disk.
  • Encrypted threats are still everywhere: Cybercriminals have become reliant upon encrypted threats that evade traditional security control standards, such as firewall appliances that do not have the capability or processing power to detect, inspect and mitigate attacks sent via HTTPs traffic.
  • Side-channel attacks are evolving: These vulnerabilities could impact unpatched devices in the future, including everything from security appliances to end-user laptops. Threat actors could potentially issue digital signatures to bypass authentication or digitally sign malicious software.

Could it be that process, not technology, is a big reason behind information getting exploited and breached? The latest research from Forrester suggests that failure to perform due diligence is behind the top cybersecurity threats. Says Forrester principal analyst, Josh Zelonis, “Security products can’t save you from broken processes.”

Partner blog of interest: McAfee: Top 10 Cloud Privacy Recommendations for Businesses

The post Cyber News Roundup: Cyber Attacks on Critical Infrastructure, Small Towns appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Phishing, Malware, Foreign Cyber Threats https://cyberoregon.com/2020/01/24/cyber-news-roundup-phishing-malware-foreign-cyber-threats/ Fri, 24 Jan 2020 16:38:19 +0000 https://cyberoregon.com/?p=6171 “Lost ring” or “Add me to your LinkedIn network.” Those could be the email subject lines for a phishing campaign that could trick employees in clicking, according to a recent phishing report.  No doubt that 2019 was a big year for successful phishing attacks. In fact, the report states that 55 percent of organizations surveyed…

The post Cyber News Roundup: Phishing, Malware, Foreign Cyber Threats appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

“Lost ring” or “Add me to your LinkedIn network.” Those could be the email subject lines for a phishing campaign that could trick employees in clicking, according to a recent phishing report.  No doubt that 2019 was a big year for successful phishing attacks. In fact, the report states that 55 percent of organizations surveyed dealt with a phishing attack last year. An InfoSecurity Magazine article reports that infosecurity professionals reported a high frequency of social engineering attempts across a range of methods including spear-phishing attacks, business email compromise (BEC), and social media attacks. Joe Ferrara, senior vice president and general manager of security awareness training for Proofpoint recommends “taking a people-centric approach to cybersecurity by blending organization-wide awareness training initiatives with targeted, threat-driven education. The goal is to empower users to recognize and report attacks.” A Financial Post article says that “management has to build a culture of security, figure out who is being attacked and the types of attacks they face, and be ready to adapt if your threat climate changes.”

If it isn’t phishing, it’s malware

Security companies are seeing a resurgence in malware, specifically Emotet, a powerful email malware that is used to attack U.S. government and military targets, according to an article in TechRepublic,. How it works is “the malware attacks email accounts and spreads by infiltrating other contacts in the inbox and responding to threads with malicious links or attachments.” Researchers from Cisco Talos, a security intelligence and research group, say that Emotet has the ability to mimic email language, even adding previous email threads to a message, making it difficult for anti-spam systems to stop. According to the researchers’ blog post, “one of the most vivid illustrations…can be seen in Emotet’s relationship to the .mil (U.S. military) and .gov (U.S./state government) top-level domains (TLDs). Talos saw a rapid increase in the number of infectious Emotet messages directed at the .mil and .gov TLDs in December 2019.”

How to prepare your employees

With constant cybersecurity threats – including in your inbox – what can organizations do? Bob Bruns, chief information officer with Avanade, writes that there are two doors that malicious actors will use to gain entry to your environment and data. In his Forbes article, he says that door one is your technology and door two is your people. He recommends strengthening your technology. Sounds easy enough, but what specifically? Bruns outlines the importance of focusing on the foundational pillars of your cybersecurity program: multifactor authentication, information protection tools, and trust but verify as a mandate. As for employees, Bruns encourages a comprehensive and consistent training and education program. Here’s what he suggests to get started:

  • Understand your unique needs, strengths and weaknesses. You need to have input to build your program and focus your efforts. You can get this input through security behavior surveys or any other security metrics you may have. This valuable data can help you understand where you need to grow and build the program’s short- and long-term goals.
  • Create a culture of shared responsibility. This objective should be part of the goals of your employee cybersecurity program. The general idea is to develop an employee culture committed to protecting your company, clients, work, data and assets. Shared responsibility means the onus isn’t just on the company to protect against cyberattacks; it’s also on each employee.
  • Educate continuously. It’s vital to make good security behavior understandable and consumable. Make participation creative and fun, not tedious. Look at your efforts as an internal marketing campaign. Activities must be compelling and creative. Security quizzes or apps, mock phishing campaigns, incentive programs and ways to introduce a little friendly competition will motivate and engage your employees to be the best cybersecurity champions in their departments.
  • Integrate cybersecurity training with onboarding. This includes security behavior training to help employees build secure behaviors from day one. This could include 30-, 60- and 90-day check-ins to reinforce training and behavior further.

Government taps cybersecurity companies for information

As covered in the last Cyber Oregon News Roundup, the U.S. government is on high alert for global cyber threats and cyberattacks from foreign countries. The latest NPR piece covers the fact that private cybersecurity firms have often been the ones sounding the alarm and selling their services to the U.S. intelligence community. “The U.S. government says it welcomes help from tech companies,” says Shelby Pierson, who works for the acting director of national intelligence, Joseph Maguire. “FireEye and CrowdStrike, for example, have done really good work, where based on the analysis, expertise and information analysis that they do, those are products and services that they can sell to the U.S. government.”

Partner blog of interest: CrowdStrike: CrowdStrike Services Report Focuses on Trends Observed in 2019 and the Outlook for 2020

The post Cyber News Roundup: Phishing, Malware, Foreign Cyber Threats appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber Threats on the Horizon https://cyberoregon.com/2020/01/10/cyber-news-roundup-cyber-threats-on-the-horizon/ Fri, 10 Jan 2020 19:35:20 +0000 https://cyberoregon.com/?p=6160 Welcome to 2020! Welcome to a new decade already rich in global cyber threats. The biggest news of the year has been the Iran-U.S. crisis. Though the two nations ratcheted back physical attacks, the FBI and Department of Homeland Security warn that Iran poses an ongoing cyber threat to the U.S. According to a CNN…

The post Cyber News Roundup: Cyber Threats on the Horizon appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Welcome to 2020! Welcome to a new decade already rich in global cyber threats. The biggest news of the year has been the Iran-U.S. crisis. Though the two nations ratcheted back physical attacks, the FBI and Department of Homeland Security warn that Iran poses an ongoing cyber threat to the U.S. According to a CNN report, the intelligence bulletin issued by the FBI and Department of Homeland Security outlines that Iran is continuing to prepare for cyberattacks against the U.S. and its allies that could cause “temporary disruptive effects.” CNN states that the Department of Homeland Security issued a separate alert to American cybersecurity teams, urging them to “enhance monitoring of network and email traffic,” including email phishing attempts.

A Washington Post article reports that pro-Iranian hackers have launched a series of digital strikes including spreading misinformation through hacked Twitter accounts. Sen. Gary Peters (Mich.) remains “very concerned about possible retaliatory cyberattacks on the U.S.” He warns that “a major incident could severely disrupt our energy, financial, and telecommunications networks.” The New York Times writes that “cybersecurity experts and government officials are already monitoring an uptick of malicious activity by pro-Iranian hackers that they believe are harbingers of more serious computer attacks from Tehran, including possible efforts aimed at destroying government databases.” Warns Christopher C. Krebs, the director of the Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s computer security arm, “You need to get in the head space that the next breach could be your last.”

Electric grid cybersecurity needed; bipartisan effort proposed

Public utilities remain vulnerable to foreign operatives and attacks on the U.S. electric grid could compromise the country’s electric supply. A recent report from the Ponemon Institute found the rate of cyberattacks is worsening. Fifty-six percent of those surveyed reported at least one shutdown or operational data loss per year, and 25% were impacted by a mega attack, reports Pittsburgh Business Times. The article states that regulators are already on high alert and “hardening cybersecurity defenses is an absolutely critical step utilities must take to protect themselves and the grid from being compromised by malicious actors.” Recently, the PROTECT Act, a bill passed by the Senate Energy Committee, will direct the Federal Energy Regulatory Commission (FERC) to give incentives to electric utilities to encourage them to boost their cybersecurity technology, states the article. The intention of the bill is to “stimulate the considerable investment in technology, human resources, and training needed to address this ever-evolving threat.”

2020: The year for small businesses to wake up

Big or small, we know that all businesses are a target for cyberattacks. According to a Forbes article, 2020 will be the year for small businesses to wake up to increased cyberattack by implementing much more stringent and disciplined cybersecurity defenses. The author, Paul Lipton, CEO of BullGuard, believes that ransomware will become more sophisticated and that there will be an increase of blackmail attacks and phishing scams by which attackers will use information as a “springboard for accessing supplier/client networks.” Lipton stresses the importance of religiously applying upgrades of antivirus software on endpoint devices, “critical to nullify zero-day threats, quarantine infected devices and proactively monitor for breaches.”

Partner blog of interest: PKI Solutions: A look back at conversations with the brightest minds in cybersecurity

The post Cyber News Roundup: Cyber Threats on the Horizon appeared first on Cyber Oregon.

]]>