October Security Update: It’s Cybersecurity Awareness Month

Don Boxley, CEO and Co-Founder of  DH2i, points out, “While VPNs have historically been the data access and security solution of choice, more recently they have proven to be less than reliable. In fact, research conducted before the COVID-19 pandemic — during which ransomware and other malware become even more rampant — showed that of those already utilizing VPNs, 62 percent cited inadequate security as their number one VPN pain point. And a disturbing 40 percent of those responsible for keeping ransomware and other malware from penetrating their network believed that in fact, it already had.”

Action Items:

• Boxley suggests considering a software-defined perimeter solution (SDP) to replace an outdated VPN.
• SDPs allow users to create scalable “secure-by-app” connections between on-premises, remote, edge or cloud environments.

Corey Nachreiner, Chief Security Officer at WatchGuard Technologies, comments, “Phishing attacks are becoming increasingly sophisticated as hackers take advantage of automation. Sure, they’ve used automated tools for a while to help send malicious email in volume, but now they can also automate the intelligence-gathering they need to personalize and target spear-phishing emails.”

Action Items:

Nachreiner suggests using:

• DNS firewalls that can neuter links to hosted malware or command and control servers or known credential phishing sites
• Anti-malware engines that can detect and isolate malicious payloads
• User training to teach employees how to avoid falling victim to dangerous phishing attempts

“We recommend every individual user do their part by focusing on the awareness aspect, as that’s something everyone can do to help,” Nachreiner says.

Surya Varanasi, CTO of StorCentric, says that IDC research revealed that over the past year, more than one-third of global organizations experienced one or more ransomware attacks or breaches that successfully blocked access to systems or data.

To avoid becoming one of the victims that will share the projected cybercrime costs of $10.5 trillion annually by 2025, Varanasi advises companies to take a different approach to data storage. “Traditionally, the game plan has been to maintain production data storage on-site, snapshot the data, replicate to an off-site location, store it to a disk, and then move it to tape storage or the cloud. Unfortunately, cybercriminals know this and have engineered their technology to behave accordingly. Bad actors can now rather easily use ransomware to infiltrate your network and render all forms of traditional backup useless,” he says.

Action Items:

• In response to today’s ransomware threat, you need to make backed-up data immutable, thereby eliminating any way it can be deleted or corrupted.
• Also, layer a backup solution that has built-in verification.

JG Heithcock, General Manager of Retrospect, a StorCentric company, points out, “Today’s cybercriminals are attacking backups first, and then once under their control, coming after production data. This means that many enterprises are feeling a false sense of security until it is already too late.”

“I like to say, ‘backup is one thing, but recovery is everything,’” Heithcock comments.

Action Items:

• Choose a backup solution that ensures recovery.
• Backup solutions should provide broad platform and application support and protect every part of your IT environment, on-site, remote, in the cloud and at the edge.
• Backup solutions should auto verify the entire backup process, checking each file in its entirety to ensure the files match across all environments and you can recover in the event of an outage, disaster or cyberattack.
• At least one backup copy should be immutable — unable to be altered or changed in any way, at any time.

Bleeping Computer reports that after Microsoft issued September Patch Tuesday security updates, it fixed the last remaining PrintNightmare vulnerability but set off wide-scale printing problems.

Action Items

• Follow Microsoft for guidance and future updates.

According to a CISA alert, Zoho’s password management service, used by infrastructure companies, defense contractors, academic institutions, and others, has a vulnerability documented as CVE-2021-40539. When exploited, the vulnerability allows an attacker to deploy malware to access credentials and other files.

Action Items:

• Update to AdSelfService Plus build 6114.
• Ensure that AdSelfService Plus isn’t connected to the internet
• Enact a domain-wide password reset.

A third vulnerability joins two that were previously determined to allow Netgear smart switches to be fully compromised.  The Hacker News reports this flaw could enable a forced restart, following which a post-authentication shell injection can take control of the device. Netgear released a patch addressing these vulnerabilities on 3 September 2021.

Action Items:

• Download Netgear patches.
• Review the full list of impacted models.

The FBI and the CISA warn about an increase in attacks around holidays, especially holiday weekends. Alert (AA21-243A) provides awareness about recent attacks, such as those that occurred around the Fourth of July 2021, and reminds people to stay vigilant.

Jim McGann, Vice President of Marketing and Business Development at Index Engines, says, “Cybercriminals want businesses to cease operations and pay exorbitant ransoms to recover. Their method of shutting down business operations is to encrypt or corrupt critical infrastructure, like Active Directory, product databases or key user content and intellectual property. This is their target. The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with.”

Action Items:

McGann comments, “ The only way to ensure reliable recovery is to continually check the integrity of the backup data; this will allow for a confident and rapid recovery process.”

For more security updates and insights, visit DevPro Journal’s Security resources page.