Cyber Oregon https://cyberoregon.com Keeping Oregon Safe Online Fri, 09 Oct 2020 02:06:08 +0000 en-US hourly 1 https://cyberoregon.com/wp-content/uploads/2020/02/cropped-Cyber_Oregon_logo_favicon-32x32.jpg Cyber Oregon https://cyberoregon.com 32 32 Cyber News Roundup: Cyber Safety Tips, Beefing up Cybersecurity at Work, The Future of Hackers https://cyberoregon.com/2020/10/09/cyber-news-roundup-cyber-safety-tips-beefing-up-cybersecurity-at-work-the-future-of-hackers/ Fri, 09 Oct 2020 14:30:00 +0000 https://cyberoregon.com/?p=6525 Cyber Safety Tips, Beefing up Cybersecurity at Work, The Future of Hackers

The post Cyber News Roundup: Cyber Safety Tips, Beefing up Cybersecurity at Work, The Future of Hackers appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

It’s officially Cybersecurity Awareness Month. Launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security in 2004, it’s another way for each and every one of us to do our part to make sure that our online lives are kept safe and secure.

While we know that cybersecurity is important every month, now is a good time to promote and implement good security hygiene tips and #BeCyberSmart, especially amidst the increased remote workforce and heightened scams around the pandemic. Why not get a little refresher with industry-wide tips and best practices?

The NCSA is advocating that we get the word out to protect users and connected devices, and offers these tips to be cyber smart:

  • If You Connect It, Protect It. The line between our online and offline lives is indistinguishable. This network of connections creates both opportunities and challenges for individuals and organizations across the globe. Internet-connected devices have impacted our lives and will empower all users to own their role in security by taking steps to reduce their risks.
  • Securing Devices at Home and Work. 2020 saw a major disruption in the way many work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working from home, these two Internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of.
  • Securing Internet-Connected Devices in Healthcare. The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain has created many benefits but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit.
  • The Future of Connected Devices. The future brings technological innovations, such as 5G, might impact consumers’ and business’ online experiences (e.g. faster speeds and data transmission, larger attack surface for hackers), as well as how people/infrastructure can adapt to the continuous evolution of the connected devices moving forward. No matter what the future holds, however, every user needs to be empowered to do their part.

Editor Ben Canner, in his Solutions Review article on Cybersecurity Awareness Month 2020, talks with several information security people on how the threat and work landscape has changed. This quote from Steve Preston with TrapX Security sums it up:

“The COVID-19 pandemic has instigated a huge shift toward remote work, cloud adoption, and a more digital lifestyle. This is new territory for many who are accustomed to working from the office, shopping in stores, and teaching in a classroom. As part of this shift, we are simultaneously sharing more information about ourselves and our work while we live and work in a more vulnerable state – uncertain, alone, eager. As a result, phishing and ransomware attacks have skyrocketed. Individual cyber-awareness is needed now more than ever. We need to slow down and live our digital lives with more caution. People and organizations must operate under the assumption that bad actors are in their network ready to attack. Those responsible for the security posture of their organization must take active measures now to deny attackers free rein in their networks before it’s too late.”

The FBI offers these cyber safety tips this month and every month:

1. Keep software systems up to date and use a good anti-virus program.
2. Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.
3. If an unsolicited text message, email, or phone call asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the phone numbers provided in the message. Go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
4. Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
5. Scrutinize all electronic requests for a payment or transfer of funds.
6. Be extra suspicious of any message that urges immediate action.
7. Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.

Make security part of your overall strategy

As companies of all sizes are continuing to manage a remote workforce, things might be changing permanently. In a recent survey, Gartner found that 82% of business leaders plan to allow their employees to continue to work from home in some capacity, while nearly half, or 47% will let their employees do so permanently, according to a TechRepublic article.

By now, many organizations have work-from-home practices in place. NordVPN Teams recommends these security tips:

  • Content storage should be allowed in the cloud only. Use cloud-based or web-based storage software that allows for sharing and editing of documents.
  • Enhance endpoint security through two-factor authentication. This adds a second layer of security when logging in to important applications. Multi-factor authentication uses OTP (one-time password) technology, certificate-based USB tokens, smart cards, and additional advanced security technologies.
  • Connections to the company’s network should be performed through a VPN. A Virtual Private Network uses either SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote worker’s machine. This safeguards both the end user and the corporate environment, ensuring that no one is able to decipher sensitive data traffic.
  • Adopt a risk management contingency plan. As one example, make sure you can track a laptop or wipe it remotely in case a remote worker loses one with sensitive business information on it.

“The goal is to not only secure your remote devices and endpoints but to make that security part of your overall strategy,” advocates NordVPN Teams.

What is the future focus of attacks? 
When it comes to hacking, what do we need to worry about? Pretty much everything according to an article in The Wall Street Journal. What gadgets and things and tools and infrastructure are susceptible to assaults by hackers in the coming years?

  • Implanted medical gadgets. The chance of criminals focusing on these gadgets is anticipated to extend as extra of them come outfitted with GPS trackers, Bluetooth and web connectivity.
  • Smartphones. Their ubiquity and significance make them ripe for assaults. As smartphones are more embedded in our lives, changing into our passports, automobile keys, etc. Corporations that mix information generated by cell apps and linked gadgets are additionally targets.
  • The house workplace. The pandemic-related shift to distant work has created more opportunities for cyber attackers.
  • Good-home gadgets. Smart-home gadgets, such as doorbells, locks, lights, ovens and low makers, will be highly vulnerable to cyberattacks. Many lack fundamental security measures, comparable to the flexibility to alter the default password.
  • Automobiles. The concern is that vehicles may turn out to be a goal for ransomware.
  • Cities. Cities are additionally susceptible as they join extra infrastructure to the web.
  • Trains. Trains are like “computer systems on rails.” They communicate with one another and with stations, and sometimes have their own Wi-Fi networks.
  • Airplanes. Techniques managing ground-crew personnel, air-traffic management, airport kiosks, plane catering, baggage declare and plane-to-ground communication may all be attacked — all of which may stop flights from taking off.
  • 5G networks. The distributed nature of 5G networks offers fewer alternatives to implement cybersecurity measures.
  • Colleges. The surge in distant studying in the course of the pandemic is escalating ransomware assaults on colleges.
  • Hospitals. Assaults on hospitals have largely targeted on ransomware, primarily holding the hospital’s information hostage by encrypting it, after which releasing it upon cost. Attackers may take management of the hospital’s online techniques to govern machines and information.
  • The power grid. The U.S. power grid is susceptible to cyberattacks that might destroy turbines, transformers, and oil and gasoline pipelines.

Congratulations to Peggy Miller, CEO of PacStar and Ganesh Shankar, co-founder of RFPIO, recipients of this year’s EY Entrepreneur of the Year award in the Pacific Northwest region! PacStar and RFPIO are both sponsors of Cyber Oregon.

Partner blog of interest: Eclypsium: Applying Lessons from CISA to Your Firmware

The post Cyber News Roundup: Cyber Safety Tips, Beefing up Cybersecurity at Work, The Future of Hackers appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber Risks on the Rise for Students, Presidential Election, Small Businesses https://cyberoregon.com/2020/09/11/cyber-news-roundup-cyber-risks-on-the-rise-for-students-presidential-election-small-businesses/ Fri, 11 Sep 2020 15:00:00 +0000 https://cyberoregon.com/?p=6451 Welcome September, time for a litmus test! Our students are back to school, we are on the brink of a presidential election, and our small businesses continue to struggle. Add in cyber risks, hackers, malicious attacks, ransomware, and COVID-19 scams and it’s clear that we continue to face disruption in all sectors. With remote learning…

The post Cyber News Roundup: Cyber Risks on the Rise for Students, Presidential Election, Small Businesses appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Welcome September, time for a litmus test! Our students are back to school, we are on the brink of a presidential election, and our small businesses continue to struggle. Add in cyber risks, hackers, malicious attacks, ransomware, and COVID-19 scams and it’s clear that we continue to face disruption in all sectors.

With remote learning in full force across the state and country, as students “return” to school, cybersecurity threats are more prevalent. Just as criminals preyed on the increase of remote workers, students are also a target. Beth Anne Steele, spokesperson for the FBI Portland office, said that students remain a target for criminals because of their identities, according to KATU. “[Criminals] will take over their Social Security number and take a bunch of credit out in their child’s name, and then that destroys the child’s credit history before they’re at an age where they would even think of those things,” said Steele.

The FBI has a list of do’s and don’ts for parents to help protect their children:

Do:

  • Closely monitor children’s use of edtech and online services.
  • Research edtech service user agreements about data breach notifications, marketing, and/or selling of user data, data retention practices, and whether users and/or parents can elect to have student data deleted by request.
  • Conduct regular internet searches of children’s information to monitor the exposure and spread of their information on the internet.
  • Consider credit or identity theft monitoring to check for any fraudulent use of their child’s identity.
  • Research parent coalition and information-sharing organizations available online for those looking for support and additional resources.
  • Research school-related, edtech, and other related vendor cyber breaches, which can further inform families of student data and security vulnerabilities.

Don’t:

  • Provide exact information on children when creating user profiles (e.g., use initials instead of full names, avoid using exact dates of birth, avoid including photos, etc.)

Malicious activity directed at presidential campaign; ransomware could be major threat

As we lead up to the Nov. 3 election, it’s no surprise that hackers are once again “injecting chaos,” targeting political parties, advocacy groups, and consultants, according to Microsoft in The Washington Post. Russia, China, and Iran are attempting to penetrate the Microsoft email accounts of those affiliated with the political campaigns.

“We think Russian military intelligence poses the greatest foreign threat to the elections,” said John Hultquist, director of intelligence analysis for the cybersecurity firm FireEye. “It’s concerning to find them targeting organizations associated with campaigns again.”

Hacking into campaigns is not new. “Moscow and Beijing have long sought to compromise the networks of presidential campaigns to glean insights into the plans and policies of the potential next president,” according to the article. Since the hacker troubles around the 2016 presidential election, there is more awareness now of the threat and coordination with federal cybersecurity agencies has increased.

Ransomware could also pose a significant threat to the U.S. election, according to Infosecurity Magazine, due to aging software and vulnerable voting machines. Editor Dan Raywood writes, “Ransomware could be deployed and lay in wait to be activated on election day, or once voting machines are activated, and could pose a significant threat to voting processes and procedures, potentially bringing voting operations to a halt.”

What are the threats to pre-election activities?

  • Attacks of voter registration information could involve tampering with or deleting voter registration details so that the potential voter is unregistered and thus unable to vote
  • Malware planted on a voter registration system could compromise the integrity of that data
  • Voters’ data could be mined for personal identifying information and held for ransom, or it could be sold for criminal profit on the dark web

New COVID-19 scams targeting small businesses

Ransomware attacks are increasingly targeting smaller businesses, according to Insurance Business. “Small businesses often times don’t have incident response plans, so if their employees are working remotely and an employee has been breached, it’s very difficult for them to respond, in terms of what policies, procedures, and incident response plans that they should follow,” said Robert Pizarro, vice president of commercial specialty at AmTrust Financial Services.

Business News Daily warns that fraud schemes targeting small businesses is also surging. It highlights four popular scams to watch out for:

1. Unemployment scam

With the pandemic shutting down businesses across America, the federal government stepped in to help with added unemployment benefits. That enhancement was too much for the scammers to ignore, and they are now filing fake unemployment insurance claims.

In this scheme, the scammer gets a hold of names, Social Security numbers and other personal information and then files claims for benefits. The person being defrauded only learns of this when they receive a letter from the unemployment office in their state or the employer is notified of the claim.

2. SBA spoofing

Scammers hoping to capitalize on COVID-19 relief loans are tricking borrowers by sending emails purporting to be from the SBA. The emails include a link to a spoofed SBA website, which is used to steal the credentials of unsuspecting borrowers.

3. SBA loan scams

In one SBA loan scam, fraudsters claim that business owners must pay an upfront fee if they want their SBA loan approved quickly. The unscrupulous callers may even offer a bridge loan with a high interest rate while the business owner awaits federal aid.

4. Scam donation sites

Everyone wants to do their part to help others survive the pandemic, including small Scammers prey on that generosity by creating fake charities. They reach out to business owners and get them to donate to what they think is a pandemic-related cause, but really all the business owner is doing is lining the scammers’ pockets.

What SMBs — and others — can do to take action:

  1. Check the email source
  2. Maintain good records
  3. Avoid untraceable payment methods
  4. Secure your computer systems and devices
  5. Train your staff to spot scams

“You just have to be hypervigilant,” said Andrea McGrew, chief compliance and legal officer at USA Financial. “Most people are good and want to believe the other person has good intentions, but that’s not always the case. You have to be really cautious in who you let into your life at this time.”

Rising exposure of passwords

Passwords are a source of debate and contention, as we wrote last month. They continue to be a source of risk, facing a greater risk of being exposed, according to the latest report. Fox News cites that the average person uses 191 services that require them to enter passwords or other credentials. “More than 15 billion credentials are in circulation, up 300% since 2018.”

Warns Digital Shadows, the issuer of the report, “Credential lists are widely sold and traded on cybercriminal forums and marketplace, and full accounts for various services can be bought for even a few dollars.” Account takeover has never been easier for cybercriminals. The most sought-after credentials are:

  • Access to organizations’ key systems
  • Bank and other financial accounts
  • Account accesses for antivirus programs
  • Accounts for media streaming, social media, file sharing, virtual private networks (VPNs) and adult-content sites

Partner blog of interest: Zscaler: Working from Home: Greater Efficiency Brings Productivity

The post Cyber News Roundup: Cyber Risks on the Rise for Students, Presidential Election, Small Businesses appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Exploiting Weaknesses, Cybersecurity Best Practices for Remote Workforces, Going Passwordless https://cyberoregon.com/2020/08/14/cyber-news-roundup-exploiting-weaknesses-cybersecurity-best-practices-for-remote-workforces-going-passwordless/ Fri, 14 Aug 2020 15:00:00 +0000 https://cyberoregon.com/?p=6415 Corporate networks are at risk. A hacker can get into an organization’s internal network in 30 minutes, according to a ZDNet article. Add to that the growing and possibly more permanent remote workforce — with more attack surfaces — and you’ve got a recipe for cybersecurity challenges. As companies shift employees to permanent remote positions,…

The post Cyber News Roundup: Exploiting Weaknesses, Cybersecurity Best Practices for Remote Workforces, Going Passwordless appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Corporate networks are at risk. A hacker can get into an organization’s internal network in 30 minutes, according to a ZDNet article. Add to that the growing and possibly more permanent remote workforce — with more attack surfaces — and you’ve got a recipe for cybersecurity challenges. As companies shift employees to permanent remote positions, “organizations need to rethink how they approach security with working from home being the normal,” says Mike C. Wilson, founder and CTO of PasswordPing in an Infosecurity Magazine article. Indeed. Gartner reinforces that 41% of employees will work remotely even post-pandemic.

“[Companies] need to adopt a mindset that assumes that all employees are working on networks with the equivalent security of the local coffee shop. They then need to implement strategies that reflect this new dynamic, or they run the risk that the blending of personal and professional results in laying out the red carpet for cyber-criminals,” cautions Wilson. He offers key steps to take to reduce the security vulnerabilities that come with a distributed workforce:

  • Zero-Trust Approach. Enterprises must adopt this mindset now that there is no security perimeter. All systems need to be appropriately secured and require additional identity verification before remote employees can access corporate resources.
  • Educate Employees on How to Set Up a Home Network. IT departments should encourage and educate employees on how to set up an isolated Wi-Fi network solely for work usage. Employees need to be aware that every device and service, including those belonging to their family, can open up the business to a host of security-related issues.
  • Prioritize Password Policy. With the widespread adoption and reliance on digital services, the risks from password reuse are rapidly spiraling. Companies need to deploy a layered approach to password policy to ensure that only strong, unique passwords are in use.
  • Make Multi-Factor Authentication Mandatory. Sensitive systems and data require more than a simple login layer for security. Organizations need to add additional layers rather than hoping that one will suffice.
  • Evaluate Security Vulnerabilities Before Adding Tools. With employees remote, IT needs to put in place a process to vet apps and software before they can be integrated into the corporate environment. Otherwise, employees are likely to add tools that they already use in their personal lives.

CNN also covers the growing cybersecurity threats as a result of remote working, with the rise of cyberattacks, external and insider breaches accelerating, and a 100% rise in SMS phishing attacks. Gary Steele, CEO of Proofpoint offers insights about the risks:

  • Remote users migrating data to the cloud
  • Use of personal email, apps from corporate devices
  • Logging on from unsecured Wi-Fi networks

Proofpoint outlines these cybersecurity best practices that are important for organizations to think about before pulling the plug during a prolonged crisis:

  1. Threat actors and cybercriminals are opportunistic. Fear, curiosity, and uncertainty run high among individuals during a time of crisis (like a widespread natural disaster or pandemic). Fraudsters take all opportunities to exploit these emotions among end users. It’s critical that employees be made aware of the lengths attackers will go to, and the ways threat actors will attempt to fool them.
  2. Users may end up in unfamiliar working environments. Crisis situations might force employees to shift to temporary worksites or other remote working situations. Users likely need to consider an expanded set of cybersecurity best practices in these settings. Don’t make assumptions about the security of remote networks, and don’t expect employees to figure things out on their own.
  3. People often seek certainty in times of uncertainty. This point builds on the prior two. The average person wants to feel as empowered and centered as possible during times of uncertainty. If you take your voice out of the mix, you will give threat actors more power. It’s critical that, from a cybersecurity perspective, a trusted authority remain the voice of reason and provide guidance on what to do to stay more secure — and how to do it.
  4. Your coworkers may be willing and able to assist you. During times of crisis, many individuals are willing to stretch beyond regular skillsets and/or responsibilities in order to support the “greater good.” Don’t discount the role that direct managers, HR, legal/ compliance, and even marketing teams may be willing to take on in order to communicate important messages related to cybersecurity best practices. Others may be able to keep a program running while information security and IT resources are tied up on other things.
  5. Doing something is better than doing nothing. There could be situations in which you have to temporarily suspend formal phishing and training exercises because of an ongoing emergency environment. But we encourage you to go into “awareness mode” rather than completely stopping a security awareness training program. You can do this by focusing on information-sharing tools.

Cybersecurity Tips for Small Businesses

In an Entrepreneur article, Imran Tariq states that 15% of small businesses do not expect to survive the recession, and that a cyber-attack could be devastating. Tariq offers these cybersecurity tips:

  • Train staff on security protocols. Because startups have leaner budgets, it’s essential to implement the right security protocols that mitigate most of the risk. Employee training should be at the top of the list. Knowledgeable workers make it difficult for con artists to gain unauthorized access to networks, files and bank information. 
  • Make your devices and platforms hacker proof. “In certain situations, it’s better to store valuable items off the grid and to minimize online connection possibilities as these are all potential attack vectors for hackers or scammers,” says Ruben Merre of NGRAVE.
  • Install anti-virus and anti-malware software. Low-cost solutions that have major impact is the way to go. Entrepreneurs should install the latest anti-virus and anti-malware software that find and identify threats. 

Going Passwordless?

“Stolen passwords are behind 80% of attacks,” writes Mary Branscombe in a TechRepublic article. What are passwordless options and when will they come into play? Authenticator apps and biometrics could replace passwords. “Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working,” Branscombe states. “Usernames and passwords are just inherently not secure,” says Joy Chik, CVP of Microsoft’s Identity Division says. “The better way to protect the user is to provide a more intuitive, more friendly experience and a more secure way through passwordless.”

Remote workforces will continue for the foreseeable feature. This puts security, identity and mulit-factor authentication in the top five investment areas for security leaders to improve security for remote workers without reducing their productivity, says Branscombe.

Partner blog of interest: Splunk: From Feeding Families to Empowering Students: How Data Is Fueling Amazing Outcomes During COVID-19

The post Cyber News Roundup: Exploiting Weaknesses, Cybersecurity Best Practices for Remote Workforces, Going Passwordless appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Twitter Hack, Cyber Threats, Cyberwar Heating Up – Just the Tip of the Iceberg https://cyberoregon.com/2020/07/17/cyber-news-roundup-twitter-hack-cyber-threats-cyberwar-heating-up-just-the-tip-of-the-iceberg/ Fri, 17 Jul 2020 15:00:00 +0000 https://cyberoregon.com/?p=6383 Twitter hacked: worst cybersecurity disaster to hit a social media company Several high-profile, verified Twitter accounts were hacked this week, as part of a coordinated social engineering attack to promote a bitcoin scam, reports ZDNet. Accounts included Bill Gates, Elon Musk, Barrack Obama, Joe Biden, Kim Kardashian, Apple, and Uber. Twitter responded with an investigation…

The post Cyber News Roundup: Twitter Hack, Cyber Threats, Cyberwar Heating Up – Just the Tip of the Iceberg appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Twitter hacked: worst cybersecurity disaster to hit a social media company

Several high-profile, verified Twitter accounts were hacked this week, as part of a coordinated social engineering attack to promote a bitcoin scam, reports ZDNet. Accounts included Bill Gates, Elon Musk, Barrack Obama, Joe Biden, Kim Kardashian, Apple, and Uber. Twitter responded with an investigation that revealed that a hack occurred to gain access to its backend and use internal tools to send out tweets on behalf of verified high-user-count profiles, writes a follow-up ZDNet article.

As CNN reports, this “could merely be the tip of a very large iceberg with vast security implications…the attack is a stark reminder, in the middle of a pivotal election year, about the power of social media…to destabilize America and the world.” The FBI is investigating and the Federal Trade Commission is likely to investigate.

Lawmakers say Twitter must do a better job to stop this from happening again, writes Sara Morrison in her Vox article. She quotes Oregon Sen. Ron Wyden, who expressed concern over the security of direct messages in the attack and said he felt let down by Twitter and its executives, especially as they promised him they would improve their security. In a statement, Wyden writes:

“In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter’s CEO Jack Dorsey. During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages. It has been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access. While it still isn’t clear if the hackers behind yesterday’s incident gained access to Twitter direct messages, this is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms. If hackers gained access to users’ DMs, this breach could have a breathtaking impact, for years to come.”

The New York Times reports that the problem was caused by a security flaw in Twitter’s service. “This demonstrates a real risk for the elections. Twitter has become the most important platform when it comes to discussion among political elites, and it has real vulnerabilities,” states Alex Stamos, director of the Stanford Internet Observatory and the former chief security officer at Facebook.

Cyberwar heating up

Iran. Hackers. Military. Google. All collide in the latest leak, unveiling a hack to the U.S. government. According to Forbes, IBM cyber intelligence researchers uncovered “a simple misconfiguration of a server that left the data wide open,” which led Iranian government hackers to breach Google accounts of U.S. State Department officials. Hackers were using a number of fake online personas to get access, according to the article. This is concerning because, as reporter Thomas Brewster states, the hackers could gain enough information to “help Iran map out military bases or even gain information about sensitive government operations.”

IBM senior cyber threat analyst, Allison Wikoff, warns “It was alarming just how quickly they were able to navigate through these different flavours of account…[this indicated] they’ve been doing this a really long time and they’re really good at it.” Case in point: this same hacker group had previously tried to break into the Gmail accounts of President Trump and his staff, according to the article.

“American and Iranian spies have been fighting a cold war from behind their keyboards for over a decade,” writes Brewster. “Since the death of Iranian general Qassem Soleimani in an American airstrike in January this covert cyberwar has heated up.”

COVID-19: increased risk of security threats

Cyberthreats and financial risks have increased in the first half of 2020. Not surprising, given newly remote workforces and budget issues. TechRepublic covers the research findings of the latest report from Exabeam, who surveyed 1,000 IT security professionals at small and midsized companies. Of those,

  • 80% said they experienced slightly to considerably more cyberattack attempts in the first half of the year
  • 70% of respondents in the U.S. said their companies deferred all security hiring from March through June
  • 75% were impacted by furloughs of security team members
  • 68% said that security staffers were laid off

“Companies are grappling with the security fallout from an unexpected shift to remote work, but it’s business as usual for cybercriminals and foreign adversaries with unprecedented opportunity. The rise in attempted cyberattacks while companies experience staff reductions is a harsh reminder of the security and financial challenges created by the pandemic,” said Steve Moore, chief security strategist at Exabeam.

Six steps to cybersecurity resilience

As COVID-19 continues to fuel so many changes in companies of all sizes in all industries, resilience has been a key word for success. “No business is too small to face a security crisis,” writes Jamie Zajac in StartupNation. To keep data safe in the new normal of a remote-working world, Zajac suggests these steps to build a solid cyber resilience strategy:

  1. Create a culture of cybersecurity through education. Education is the first stepping stone in any resilience plan. Your team has to know and understand the potential threats they could face from things like deceptive emails, attachments and web links. Cyberattack methods are becoming more sophisticated, so it’s important to educate your team members on what to watch out for and what kinds of malicious behaviors to avoid.
  2. Advanced threats require advanced Internet security and threat intelligence. Your security and IT teams should start by auditing your company’s current antivirus platform. Then, take it to the next level with endpoint security to protect all devices and applications used to access network data.
  3. Backup and disaster recovery. Know your data, including its value and what is most important. An audit should be the first step. Know what critical information your team members have, where it lives, and how it is organized and accessed.
  4. Keep the lights on: The 3-2-1 golden rule. To keep your startup’s data safe and accessible at all times, we recommend the following 3-2-1 golden rule:
    • Keeping three copies of your data, one original file and two backups.
    • Choosing two different storage types to mitigate the failure of one of them.
    • Maintaining one copy of your data offsite.
  5. Test and adapt. Testing the procedures you’ve set in place is the best way to know if there are any issues, making sure your plan will function in the event of a potential disaster. As a best practice, test your procedures once every quarter or, at a minimum, once a year.
  6. Move beyond the pandemic into full cyber resilience. Many lessons learned during the pandemic will be applicable to other potential crises, from natural disasters to cyberattacks, and organizations need to be ready to face these attacks head on in order to keep the lights on.

Partner blog post of interest: Eclypsium: Screwed Drivers Open ATMs to Attack

The post Cyber News Roundup: Twitter Hack, Cyber Threats, Cyberwar Heating Up – Just the Tip of the Iceberg appeared first on Cyber Oregon.

]]>
Cyber News Roundup: CIA Info Leaked, Ransomware Gangs, Business Email Compromises https://cyberoregon.com/2020/06/19/cyber-news-roundup-cia-info-leaked-ransomware-gangs-business-email-compromises/ Fri, 19 Jun 2020 15:10:00 +0000 https://cyberoregon.com/?p=6334 The ultimate irony: the CIA’s top-secret hacking tools were breached. The Washington Post reports that an elite CIA unit in charge of developing top-secret hacking tools failed to secure its own systems. The article covers the breach, which occurred in 2016, and discovered a year later via WikiLeaks. Reporters Ellen Nakashima and Shane Harris write,…

The post Cyber News Roundup: CIA Info Leaked, Ransomware Gangs, Business Email Compromises appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

The ultimate irony: the CIA’s top-secret hacking tools were breached. The Washington Post reports that an elite CIA unit in charge of developing top-secret hacking tools failed to secure its own systems. The article covers the breach, which occurred in 2016, and discovered a year later via WikiLeaks.

Reporters Ellen Nakashima and Shane Harris write, “U.S. officials have said it was the biggest unauthorized disclosure of classified information in the CIA’s history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the spy agency’s techniques.” The CIA’s WikiLeaks Task Force says that security procedures were “woefully lax” within the special unit that designed and built the tools.

The office of Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, provided the task report, pressing for stronger cybersecurity in the intelligence community.

Ransomware gangs

Ransomware gangs? Data “leaking as a service?” Crypto-locking malware? Auctioning off data to the highest bidder? An article in BankInfoSecurity reports on the latest ransomware trends, including continuing to “pummel the healthcare sector and its suppliers” amidst the COVID-19 pandemic:

  1. Maze Offers “Data Leaking as a Service.” The Maze ransomware gang was the first to begin not just crypto-locking systems, but also stealing and leaking data, to try and force victims to pay. Just this week, Maze has expanded its leaking syndicate using RagnarLocker’s leak site to host the data.
  1. Fresh Shakedown Play: Auctioning Stolen Data. Another innovation that’s come to light in recent days is not leaking data, but instead auctioning it for sale to the highest bidder. the operators behind the ransomware-as-a-service operation REvil began auctioning data that the gang claims was stolen from Canadian agricultural company Agromart Group.
  1. Targeted Ransomware Attacks Continue. Ransomware attacks typically fall into one of two buckets. Some attackers practice “smash and grab,” gaining access to a network, infecting a bunch of endpoints, and then moving on. But other attackers are more advanced, and spend their time conducting reconnaissance, gathering credentials, studying potential avenues for hitting business partners and more, according to David Stubley, incident response expert David Stubley, with 7 Elements.
  1. Healthcare Keeps Getting Hit. Despite the pandemic, and some ransomware gangs pledging to try and not hit healthcare organizations, security experts say they’ve seen no cessation in attacks targeting the sector. In fact, the healthcare sector may be getting hit more than ever before.  
  1. Unfixed Flaws Get Exploited by Others. Many breaches do not begin or end with ransomware. Before infecting systems with crypto-locking malware, attackers may have gained remote access to the network via brute-forced remote desktop protocol credentials or a phishing attack. Then they may have spent weeks or months leapfrogging to other systems, conducting reconnaissance, potentially stealing administrator-level access credentials for Active Directory as well as stealing sensitive data to potentially leak it later if victims do not immediately pay.
  1. Gangs May Still Be Camped Out. Sometimes, attackers remain camped out in victims’ networks after hitting it with ransomware. For victims, one challenge can be that attackers can eavesdrop on their post-breach response plans.

Business email compromise threatens organizations

While not as thrilling as ransomware gangs, business email compromise (BEC) attacks pose great financial risks to organizations, according to a TechRepublic article by Lance Whitney. The way BECs work is by impersonating a specific individual within an organization or a trusted external contact. The FBI says that BECs accounted for more than half of all cybercrime-related losses in 2019.

In its Abnormal Quarterly BEC Report Q1 2020, Abnormal Security finds that BEC attacks have changed their focus to spoofing employees working in finance and those who work as external vendors. Whitney writes that cybercriminals have shifted from targeting individuals to groups, and attacks using invoice fraud are soaring, with attackers impersonating vendors, suppliers, or customers. He cites an example of an attacker masquerading as the billing department of a vendor asking for a payment information update. The attacker convinced the target’s accounts payable team to change bank routing information from the valid bank to the bank used by the criminal.

Tips for organizations to better defend against business email compromise, from Ken Liao, vice president of cybersecurity strategy for Abnormal Security:

  • To protect against BEC attacks, it’s important to be extra careful with familiar sender names (e.g., executives or fellow employees) that originate from Gmail or other well-known general domains.
  • You must also watch for out-of-domain impersonation techniques such as 1) swapping ‘i’ and ‘l’, 2) adding an ‘s’ to the end of a known domain (which will still look legitimate), 3) adding ‘int’ or ‘inc’ to the end of a known domain (which will still look legitimate).
  • Don’t let your guard down if you receive an email with an ask that seems low risk and low consequence. Slow and measured engagement by an attacker is a common technique and can often be the early stage of an attack.

Zoom to feature end-to-end encryption

Zoom is building in end-to-end encryption functionality into its videoconferencing software, starting with a beta next month, according to The Verge. This will be available for both free and paid users. According to reporter Nick Statt, “Zoom has been facing harsh criticism since the beginning of the COVID-19 pandemic for failing to beef up its security despite huge surges in user growth as Zoom and similar services became virtual hangout tools during lockdowns.”

The next normal

As employers are moving towards bringing employees back to work during the COVID-pandemic, they are focused on safety and technology. A new report covered by a TechRepublic article outlines what the next normal will look like: a digitization of the workplace and will include accelerating digital transformations and working and collaborating from anywhere.

“The pre-COVID-19 workplace no longer exists,” states Pat Wadors, chief talent officer with ServiceNow, the issuer of the report. ServiceNow’s CIO, Chris Bedi, says the pandemic has exposed organizations’ flaws. He advocates that “the focus needs to be on digitizing workflows… When it comes to protecting revenue, creating digital services to create new revenue streams, pursuing productivity, scaling operations, optimizing financial models, and prioritizing business continuity — all of that can be achieved with digital platforms.” Bottom line, they recommend accelerating, not slowing digital transformations and working and collaborating from anywhere.

Partner blog of interest: McAfee: Time to Move from Reactive to Proactive Endpoint Security

The post Cyber News Roundup: CIA Info Leaked, Ransomware Gangs, Business Email Compromises appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Protecting the castle, $42M ransomware attack, cybersecurity spending up https://cyberoregon.com/2020/05/22/cyber-news-roundup-protecting-the-castle-42m-ransomware-attack-cybersecurity-spending-up/ Fri, 22 May 2020 15:00:00 +0000 https://cyberoregon.com/?p=6322 How do you protect the castle when your employees aren’t working from a centralized office space? Sowmyanarayan Sampath, president of global enterprise for Verizon Business Group, advises, “Protecting company computer networks when so many are working from home requires ‘a major mindset change.’ Whereas companies have long thought of enacting cybersecurity measures as building a…

The post Cyber News Roundup: Protecting the castle, $42M ransomware attack, cybersecurity spending up appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

How do you protect the castle when your employees aren’t working from a centralized office space? Sowmyanarayan Sampath, president of global enterprise for Verizon Business Group, advises, “Protecting company computer networks when so many are working from home requires ‘a major mindset change.’ Whereas companies have long thought of enacting cybersecurity measures as building a moat around a castle, when employees aren’t working from a centralized office space, it’s even harder to identify where the ‘castle’ is. Companies should adopt a ‘zero trust’ approach to security. Everyone touching your network has to be authenticated. Every application, every bit of data that comes in, you verify it…You just have to do a lot more to check, (including) multi-factor authentication, identity management, encryption.”

The latest data is in from Verizon’s 2020 Data Breach Investigations Report. What’s new this year?

  • 86% of the data breaches it analyzed from 2019 were for financial gain — up from 71% in the year prior
  • Many data breaches were conducted by organized criminal groups. Other motivators include espionage, ideology and so-called “secondary” motivators, such as a desire to steal intellectual property or trade secrets.
  • 67% of breaches were caused by one of three common issues: credential theft, social attacks such as phishing, and human errors like leaving a password written somewhere others can see.

As CNN reported, “Credential theft is often easy because people have poor “password hygiene,” using weak passwords or the same password across multiple websites,” says Sampath. “If you have common passwords for many sites, and one site gets exposed and that information is available on the dark web, (bad actors) will go through and try different sites to see what opens up.”

Latest ransomware attack demands $42 million

Last week’s attack on New York-based law firm Grubman Shire Meiselas & Sacks to infiltrate the law firm’s network resulted in the theft of up to 756GB of data including contracts, nondisclosure agreements, phone numbers, email addresses, music rights, and personal correspondence of a large number of well-known American celebrities. The latest news is the group is now demanding $42 million and threatening to release controversial information on U.S. President Donald Trump, according to a Teiss news report.

Teiss author Jay Jay reports that the hackers initially demanded a ransom of $21 million and gave the law firm a week’s time to pay the ransom. The firm agreed to pay $365,000, resulting in the ransom doubling to $42 million. The hacker group is now threatening to release “dirty laundry” on U.S. President Donald Trump. The FBI is currently investigating this incident.

“This is why businesses or organisations no matter what size, must prepare for the eventuality of a ransomware attack. Implementing strong resiliency measures will put businesses in the best position to recover should the worst happen. Failing to do so can have disastrous reputational impact, in this case, on a presidential re-election campaign. As the number of ransomware attacks continues to rise, organisations must start thinking about implementing effective contingency plans and network security solutions now, rather than later,” comments Carl Wearn, head of e-crime at Mimecast.

Dark web resurfaces with “access for sale” exploits

Lance Whitney with TechRepublic reports on the Dark Web and the latest exploits. There has been an increase in software, exploits, and credentials to allow hackers to illicitly control one or more remote computers. “Such access allows attackers to directly target business networks or hire skilled ‘professionals’ to hack into networks to infect machines with malware. Privileged access to a company’s entire network infrastructure is around $5,000, but Whitney writes that the asking price can range from $500 to $100,000. Again, the COVID-19 pandemic prompting the shift to remote working is exacerbating the problem. “Hackers are hunting for any weaknesses in network security, including unprotected web applications, non-updated software, and incorrectly configured servers with weak administrator passwords,” writes Whitney.

“To stay safe, companies should ensure comprehensive infrastructure protection, both on the network perimeter and within the local network,” says Vadim Solovyov, senior analyst with Positive Technologies. “Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time. Regular retrospective analysis of security events allows teams to discover previously undetected attacks and address threats before criminals can steal data or disrupt business processes.”

Cybersecurity spending expected to rise post-COVID 19

Companies are rethinking their technology and cybersecurity budgets and cybersecurity spending is expected to be on the rise, post-COVID-19 pandemic. A new report by LearnBonds finds that 70% of major organizations plan to increase cybersecurity spending. According to a TechRepublic article, companies worldwide spent $34 billion on cybersecurity solutions in 2017. Before COVID-19, this amount was projected to hit $42 billion in 2020, indicating that cybersecurity concerns were already growing even before the outbreak. The pandemic has created a “bevy of opportunities for cybercriminals [and] this number is predicted to inevitably increase,” according to the report. The top threats these past few months are phishing and malicious websites, according to Check Point. “The Coronavirus pandemic has brought perhaps the fastest, starkest change to working patterns around the world in living memory,” says Check Point in a blog post.

The company surveyed IT and security professionals and found that 95% of security professionals say they are facing added IT security challenges due to the spread of coronavirus and 71% have noticed an increase in security threats or attacks since the beginning of the coronavirus outbreak. The leading threat cited is phishing, malicious websites purporting to offer information or advice about the pandemic, increases in malware and ransomware attacks. Check Point recommends organizations ensure business continuity by protecting themselves with a holistic, end-to-end cyber architecture. “This means ensuring accessible and reliable connections between corporate networks and remote devices, 24/7, promoting collaboration and productivity between teams, networks and offices, and retaining robust security against evolving threats and cybercrime techniques.”

Best cybersecurity practices are basic

The best cybersecurity practices, according to IBM’s Security Intelligence, are to refocus on the most basic security hygiene steps:

  • Make sure that all systems are properly patched and current
  • Make sure that all endpoints have up-to-date malware and antivirus protection
  • Make sure only the necessary firewall ports are open

Srini Tummalapenta, CTO, security services at IBM, reiterates that it’s never too late (or too early) to practice effective IT security hygiene. “Chief information security officers (CISOs) need to reinforce and reteach that connecting insecure, unhygienic home-based machines to your corporate network is highly risky behavior that can result in an infection or a breach,” he says. “Keeping your IT infrastructure secure need not be complicated — but it does require effort, the right technology and expertise.”

Partner blog of interest: Symantec: Text-Based COVID-19 Spam Wants Your Information, Money

The post Cyber News Roundup: Protecting the castle, $42M ransomware attack, cybersecurity spending up appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Remote work challenges, cyber shortage, and a sinkhole? https://cyberoregon.com/2020/05/08/cyber-news-roundup-remote-work-challenges-cyber-shortage-and-a-sinkhole/ Fri, 08 May 2020 13:30:00 +0000 https://cyberoregon.com/?p=6297 Amidst the COVID-19 pandemic, the shift to remote working has increased exponentially, as have security vulnerabilities. TechRepublic reports that this shift has left many businesses more exposed to cybersecurity threats, with nearly half saying they’ve encountered at least one scare. Reporter Owen Hughes covers a recent study by Barracuda Networks that indicated that 46% had…

The post Cyber News Roundup: Remote work challenges, cyber shortage, and a sinkhole? appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Amidst the COVID-19 pandemic, the shift to remote working has increased exponentially, as have security vulnerabilities. TechRepublic reports that this shift has left many businesses more exposed to cybersecurity threats, with nearly half saying they’ve encountered at least one scare. Reporter Owen Hughes covers a recent study by Barracuda Networks that indicated that 46% had experienced at least one security incident since the start of the COVID-19 lockdown, with 51% recording an increase in the number of email phishing attacks. Furthermore, 49% said they anticipated a data breach or similar cybersecurity incident within the next month. Many believe their workforce is not adequately educated in the security risks associated with working from home. Fleming Shi, CTO of Barracuda Networks, says, “Inevitably, the switch to a complete remote-working model in such a short space of time brings with it a myriad of security challenges, particularly with many employees using personal devices to exchange and share data.”

One of the simpler protection steps individuals can implement – and organizations can enforce – is multi-factor authentication. Here’s a quick walkthrough of how to set up two-factor authentication for Gmail in Outlook.

Cyber workforce shortage: critical condition

In a Security Magazine article, Kurt John writes that human strategy is the best cyber defense to combat COVID-19, “Before the pandemic, recruiting for cyber jobs was a critical challenge for many companies. Fast-forward to where we are now and the need for a highly-skilled cyber workforce is even more paramount.” John reinforces the need to tap into our best defenses: the human strategy. He reiterates that security is central to every business strategy, and that while digital analytics might detect something strange, the human expert is essential to decide if there’s really a cybersecurity problem. “People will always be central to cybersecurity and will need organizational support and investment. In a post-COVID world, our workforce will be dramatically different. So, as we emerge as a changed society and workforce, it is critical that we focus on meeting the needs of the challenges and priorities of today, by cultivating a highly-skilled cyber workforce, ready and able to secure a modern, remote and digital world,” states John.

Web skimming hack, China espionage campaign brought to light

The latest hacking campaign is one of the most complex and innovative hacking campaigns detected to date. ZDNet reports that a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites. This is called a web skimming, e-skimming, or a Magecart attack, in which “hackers breach websites and then hide malicious code on its pages, code that records and steals payment card details as they’re entered in checkout forms,” according to the article.

Meanwhile, hackers in China have been carrying out a five-year cyber espionage campaign against governments in the Asia Pacific region, according to a CNBC news report. The group, called Naikon, “targets ministries of foreign affairs, science and technology, as well as government-owned companies with the aim of gathering geo-political intelligence.” The group used spear-phishing techniques to elicit information – such as contacts and documents – to attack other departments within the government, according the report.

“What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills and introducing a new cyber-weapon with the Aria-body backdoor,” said Lotem Finkelsteen, manager of threat intelligence at Check Point.

The cybersecurity sinkhole quandary

In unrelated news – or maybe related news – the U.S. Department of Defense issued a bulletin about a Chinese-linked hacking group responsible for suspicious activity aimed at defense contractors in the U.S. According to CyberScoop, the bulletin highlights concerning activity coming from a “sinkhole.” The article explains that sinkholes are used by researchers to capture bad internet traffic, mostly coming from botnets, and block infected machines from carrying out their orders. “While the sinkhole’s stated purpose is to conduct security research, the actual traffic going through the sinkhole and emanating from it is likely malicious in nature. Data may be leaking, not only outside the company, but outside the country,” the article reports.

Many cybersecurity experts are speculating on possible causes of the sinkhole leaking information, possible hacks, and origins of the bulletin. In the meantime, a National Security Agency official stated that users should continue to patch and be running two-factor authentication.

Partner blog of interest: PKI Solutions: Our Advanced PKI Training Course is Now Online

The post Cyber News Roundup: Remote work challenges, cyber shortage, and a sinkhole? appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Cyber Crime Spikes During Pandemic; Hospitals at Great Risk https://cyberoregon.com/2020/04/24/cyber-news-roundup-cyber-crime-spikes-during-pandemic-hospitals-at-great-risk/ Fri, 24 Apr 2020 15:00:00 +0000 https://cyberoregon.com/?p=6285 The FBI has seen a spike in cybercrime reports since the onset of the COVID-19 pandemic. “We’ve seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion,” says FBI assistant director Tonya Ugoretz, a ZDNet article reports. Additionally, foreign hackers continue to target U.S.-based COVID-19…

The post Cyber News Roundup: Cyber Crime Spikes During Pandemic; Hospitals at Great Risk appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

The FBI has seen a spike in cybercrime reports since the onset of the COVID-19 pandemic. “We’ve seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion,” says FBI assistant director Tonya Ugoretz, a ZDNet article reports. Additionally, foreign hackers continue to target U.S.-based COVID-19 research, mainly targeting the national healthcare sector and medical research institutes. The National Counterintelligence and Security Center (NCSC) cautions about who you do business with, “With supply chains in turmoil during COVID-19, many organizations are turning to alternate vendors and suppliers. Some vendors may be insecure or compromised by threat actors seeking to access your data. Adversaries increasingly use third-party suppliers as attack vectors.”

The healthcare sector is getting hit from all angles. The temporary hospitals and medical centers are “rife with cybersecurity vulnerabilities,” according to Healthcare IT News, due to the fact that they are remote and sit outside of a defense-in-depth architecture. Tom Burt, corporate vice president of Microsoft Customer Security & Trust, concurs, “They are being set up quite quickly with constrained budgets, and the budget for those is not on IT, it’s on PPE, patient care, getting testing set up, everything a center should be focused on during this crisis.” State actors are looking for the most vulnerable point in a communications network. Burt encourages that healthcare organizations take some immediate steps:

  1. Make sure software is updated and fully patched
  2. Enable two-factor authentication for every account to the center’s system
  3. Ensure the system is backed up offline

Reporter Nathan Eddy makes the point that “hospital administrators already fight on a daily basis to patch, upgrade, and maintain physical systems within predefined facilities, and these systems are available 24/7, 365 days a year, which means there is a constant routine to maintain security hygiene.” Natali Tshuva, CEO and cofounder of Sternum, said it’s the rapid deployment of these temporary medical units that concerns her the most. “Because we are establishing these units so quickly, there simply is not enough time to build the proper IT infrastructure to protect the overall network, either via an effective firewall or through other cybersecurity measures.”

“The novel coronavirus has created a raging contest between cybercriminals piggybacking on the disease for scams and defenders trying to protect a populace more reliant on the Internet than ever,” write Washington Post reporters Joseph Marks and Tonya Riley in a pandemic-meets-cybersecurity article. The U.S. Department of Justice has disrupted hundreds of websites that were exploiting the virus to commit fraud. The FBI’s Internet crime center is urging people to be on guard against strangers requesting personal or medical information.

Increase in phishing scams

Coronavirus phishing scams are taking advantage of employees working from home for the first time. According to ZDNet, there has been a string of attacks designed to exploit confusion, with the goal to steal passwords and login details or steal corporate information. Just this last month, “more than 2,000 online scams related to coronavirus in the last month, including 471 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites, 200 phishing sites and 832 advance-fee frauds, where a large sum of money is promised in return for a set-up payment.”

Individuals and organizations of all sizes can double-check these six tips from the UK’s National Cyber Security Centre, detailed in full on the NCSC website:

  • Turn on two-factor authentication for important accounts
  • Protect important accounts using a password of three random words
  • Create a separate password that you only use for your main email account
  • Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
  • Save your passwords in your browser
  • To protect yourself from being held to ransom, back up important data

With an increased remote workforce, individuals need to be aware of the latest Skype phishing attacks that are targeting passwords. According to ThreatPost, reporter Lindsey O’Donnell writes that the campaign is one of many looking to leverage the wave of remote workers who now rely on online conferencing tools such as Webex, Skype, and Zoom. “With this upward spike in online meetings, compromised Skype credentials could be sold on underground forums, or used to log into accounts where sensitive files and data are shared,” she writes. “With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures,” said Cofense researchers, who issued the report.

New email security vulnerabilities have also surfaced around Apple iPhones. TechCrunch’s Zack Whittaker writes that researchers say that hackers have already used this vulnerability to steal data from victims’ devices. The bug is in the iPhone default Mail app. “By sending a specially crafted email to the victim’s device, an attacker can overrun the device’s memory, allowing the attacker to remotely run malicious code to steal data from the device,” said Zuk Araham, chief executive with ZecOps. Until Apple issues a patch, high-risk users should disable the Mail application for now.

Partner blog of interest: Zscaler: 30,000 Percent Increase in COVID-19-Themed Attacks

The post Cyber News Roundup: Cyber Crime Spikes During Pandemic; Hospitals at Great Risk appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Guidance Through the Pandemic https://cyberoregon.com/2020/04/10/cyber-news-roundup-guidance-through-the-pandemic/ Fri, 10 Apr 2020 14:00:39 +0000 https://cyberoregon.com/?p=6277 “The current pandemic is not only a serious health issue, but potentially a major cybersecurity risk,” said Ajay Bhalla, president of cyber and intelligence for Mastercard.  Fear and stress are on the rise amidst the COVID-19 pandemic. New research from Microsoft indicates that every country in the world has seen at least one COVID-19-themed attack –…

The post Cyber News Roundup: Guidance Through the Pandemic appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

“The current pandemic is not only a serious health issue, but potentially a major cybersecurity risk,” said Ajay Bhalla, president of cyber and intelligence for Mastercard. 

Fear and stress are on the rise amidst the COVID-19 pandemic. New research from Microsoft indicates that every country in the world has seen at least one COVID-19-themed attack – these attacks, including the increase of phishing lures, are capitalizing on fear. What can defenders and protectors of information do? According to Microsoft, “defenders require visibility across each of these domains and automated correlation across emails, identities, endpoints, and cloud applications to see the full scope of compromise.” Many solutions are found in the products, software, and services organizations use every day, including anti-malware software and multi-factor authentication.

COVID-19-themedattacks across the world. Source: Microsoft

The newest COVID-19 phishing attack is based on emails coming from the White House. As a Security Boulevard article reports, INKY CEO Dave Baggett said these phishing attacks appear to be coming from Russia. He said, “These COVID-19 phishing attacks represent a new low for cybercriminals in that they prey on the anxieties of individuals working at home to compromise credentials and spread malware.”

Two agencies, the U.S. Cybersecurity and Infrastructure Agency and Britain’s National Cyber Security Centre reinforced that hackers of all varieties are leveraging anxiety around the outbreak to push people into clicking links and downloading attachments, according to the article in Venture Beat. “The cybersecurity industry has been sounding the alarm for weeks over the threat of coronavirus-themed malicious software and booby-trapped emails.”

“Bad actors are using these difficult times to exploit and take advantage of the public and business,” Bryan Ware, CISA’s assistant director for cybersecurity, said in a statement.

Industries with critical infrastructure are at greater risk during the pandemic

Critical infrastructure industries, such as oil and gas, manufacturing, and utilities, are at a bigger risk, according to a TechRepublic article. Dave Weinstein, chief security officer at Claroty, reinforces that  IT security teams need to make sure there is an identity management solution in place, especially as employees have to access systems remotely. He recommends:

  1. Amp up remote access management security protocols, such as not sharing passwords in plain text and unique IDs
  2. Use VPN technology and ensuring you have the latest patches
  3. Have secure passwords on wireless routers
  4. Run up-to-date equipment

Don’t cut cybersecurity spending

Now is the time for companies of all sizes to pause and look at the security of their network, and take inventory and assess tools and vendors. A new study by Ponemon Institute, The Economic Value of Prevention in the Cybersecurity Lifecycle, shows that preventing cyberattacks strengthens organizations’ security posture, yet the majority of organizations are focused on detection and containment. “This study shows that the majority of companies are more effective at containing cyberattacks after they happen because it is perceived to be more accountable,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions.”

Best practices for a remote workforce

Chief human resources officer at Verizon, Christy Pambianchi, is working from home with 134,000 colleagues due to the pandemic and has these best practices to share, according to an article by Larry Dignan in ZD Net:

  • It’s hard to plan for a pandemic and moving 135,000 people remote so you have to just leap. Verizon moved telesales, customer care, solutions specialists and staff functions remote. IT also went remote as did a lot of retail associates.
  • Remote work means remote training. In the last week, Verizon put 25,000 workers through virtual training on how to perform their roles.
  • Be patient and flexible. There will be distractions, there will be barking dogs and there will be kids on your video calls. Move on.
  • Gear has to get to the front lines. Pambianchi said Verizon allowed front line folks to “home garage” instead of coming to a central office to batch tickets, tools, and equipment for the day. Verizon also had to get laptops and cameras to folks to enable online work and support from home.
  • Hold office hours and take questions. Pambianchi has an “Ask Christy” inbox and executives film a video for employees on key topics.
  • This move to remote work can speed up digital transformation. “I’m kind of excited about looking at this as an innovation opportunity, versus just a disruption,” said Pambianchi. “We’re learning a lot of new things.”
  • Video is “not as bad of a substitute” for face-to-face meetings. That said, Pambianchi expects a premium to be placed on in-person connections once the pandemic is over.
  • Orthodox rules will be rethought. These orthodoxies are all over the place within corporations, but the move to remote work will likely enable a more decentralized Verizon and create more of an internal skills market for expertise, she said.
  • Be patient. “People are scared right now,” said Pambianchi. “We’re just encouraging our coworkers to be patient with each other because stress and anxiety come out in different ways. And as everybody’s flipping to this new normal, while also facing what may be some personal risks, we’re trying to make sure we just all exercise patience with each other.”    

Partner blog of interest: Crowdstrike: Communication Is Key to Keeping Remote Workers Safe and Secure

The post Cyber News Roundup: Guidance Through the Pandemic appeared first on Cyber Oregon.

]]>
Cyber News Roundup: Taking Cybersecurity Precautions Amidst Coronavirus Pandemic https://cyberoregon.com/2020/03/20/cyber-news-roundup-taking-cybersecurity-precautions-amidst-coronavirus-pandemic/ Fri, 20 Mar 2020 19:38:25 +0000 https://cyberoregon.com/?p=6274 If your life hasn’t already been turned upside down as a result of the COVID-19 pandemic, you will want to add cybersecurity precautions to your staying healthy list, in order to further protect yourself and your data. Hackers are exploiting the coronavirus and cyber experts are urging people to take extra precautions to when it…

The post Cyber News Roundup: Taking Cybersecurity Precautions Amidst Coronavirus Pandemic appeared first on Cyber Oregon.

]]>
Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

If your life hasn’t already been turned upside down as a result of the COVID-19 pandemic, you will want to add cybersecurity precautions to your staying healthy list, in order to further protect yourself and your data. Hackers are exploiting the coronavirus and cyber experts are urging people to take extra precautions to when it comes to clicking links. According to an article in Fortune, the latest hacking techniques are coronavirus-themed phishing campaigns that when clicked, could prompt malicious malware on your system that could be used to steal victims’ personal data or freeze computers. Cybersecurity firm Nocturnus issued a report with these key findings about these new cyberattacks:

  • Coronavirus-themed Attacks: Multiple types of campaigns are occurring that specifically target regions most heavily impacted by the coronavirus with coronavirus-themed files and domains.
  • Leveraging Anxiety: Attackers are abusing the pandemic for their benefit by manipulating people’s anxiety over the virus to trick them into downloading malware.
  • Taking Advantage of Remote Workers: Attackers are taking advantage of the shift to remote work by promoting malware masquerading as VPN installers. This is particularly dangerous as businesses make the transition to remote work and suggest best practices to employees, including the use of VPNs.
  • Using Mobile Malware: Attackers are creating malicious mobile applications posing as legitimate apps developed by the World Health Organization to help individuals recover from coronavirus. Instead, the application downloads the Cerberus banking trojan to steal sensitive data.
  • Targeting Healthcare Organizations: Attackers are using ransomware to target healthcare organizations, arguably the most vital and overworked among us at this time.

Here are security precautions to take especially now, courtesy of Nocturnus:

  • Be Careful: To significantly reduce the likelihood of falling victim to a phishing attack, it is best to be careful while browsing online and checking email. Check the authenticity of the sender for any email you download information from, and check if the content makes sense to you. If there is any doubt, do not click on it and report it to your security team immediately.
  • Watch Out for Shortened Links: If you have any doubt about the validity of a link, open a new browser window and type the URL into the address bar. Examine the URL and make sure it is authentic.
  • Be Wary of Emails Asking for Confidential Information: Emails that ask for information such as credentials, credit card information, and other sensitive data are usually not legitimate. Legitimate organizations, including and especially banks, will never request sensitive information via email and will always redirect you to a secure website or other channels.
  • Only Download Files from Trusted Websites: Double check that a website you are using is legitimate and trusted. To download specific VPNs, search for the company’s official website and install directly from there. Avoid downloading cracked versions, since they are usually bundled with other software or malware and can cause damage to the machine.

In fact, just this week the U.S. Health and Human Services Department was hacked. Sarah Coble, covers the news in Infosecurity Magazine, writing that “the attack was thought to have been motivated by a desire to slow the agency down and spread misinformation among the public.” Jake Moore, cybersecurity specialist at ESET said, “Suffering a cyber-attack in the midst of a pandemic adds salt to the wound when organizations are already at full stretch. We all need to be more vigilant at the moment and take even more caution when communicating remotely.”

Working remotely imposed worldwide: Empowering workers, but precautions are prudent

In an interview with European cybersecurity agency ENISA, ZDNet highlights ENISA’s security recommendations while remote working taking place around the world is skyrocketing around the world. ENISA warns “Attackers are exploiting the situation, so look out for phishing emails and scams,” ENISA said. The agency warns remote workers to be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source.

“Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments.”

ENISA says employers should:

  • Provide initial and then regular feedback to staff on how to react in case of problems. That means info on who to call, hours of service and emergency procedures.
  • Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities.
  • Provide virtual solutions. For example, the use of electronic signatures and virtual approval workflows to ensure continuous functionality.
  • Ensure adequate support in case of problems.
  • Define a clear procedure to follow in case of a security incident.
  • Consider restricting access to sensitive systems where it makes sense.

In the Forbes article, Cybersecurity When It Comes To Remote Work Means Zero Trust, author Jun Wu interviews Alex Willis with Blackberry who says, In today’s world, the remote worker needs to be able to do everything they can do from their desk if you want your organization to remain productive and competitive. Users won’t accept anything less, so it’s also a retention strategy. But, allowing employees to access critical business systems and data from machines and networks you don’t manage or trust means the risk grows exponentially.” What are immediate things medium-sized and small companies can do related to cybersecurity to enable their employees to work from home? Wu writes that regardless of organizational size, cybersecurity planning and response readiness is critical and achievable. NIST is a good resource for published cybersecurity frameworks. “One of the key things about developing a good cybersecurity process isn’t about the resources or the team. Cybersecurity is everyone’s job,” says Willis.

Partner blog of interest: Fortinet: CSO Strategies for Navigating Challenging Times

The post Cyber News Roundup: Taking Cybersecurity Precautions Amidst Coronavirus Pandemic appeared first on Cyber Oregon.

]]>