Q1 2021 Security Update

Here are the latest cybersecurity threats targeting you and your customers.

security-update

UCaaS Security and Privacy Concerns Grow

Research from Storyful Intelligence into more than 1 million mentions on social media and online forums found that conversations around Unified Communications as a Service (UCaaS) security and privacy increased last year.

Concerns include Zoombombing and the platform’s struggle to regain users’ trust after those intrusions, UCaaS security concerns growing beyond hacking to employee privacy in their home offices, and a Microsoft 365 outage that impacted Teams.

Action Items:

IT experts weighing in on those conversations focused on:

  • The need for integration between systems, phones and devices
  • Balancing cost and security–especially with video conferencing platforms

CISOs at Companies with Small Security Teams

Cynet surveyed 200 companies, focusing on medium and large organizations of 500 to 10,000 employees, but security teams with five or fewer members.

Key Findings:

  • 79 percent of these companies take more than 4 months to deploy and become proficient with new security tools.
  • 63 percent of these CISOs feel their risk is higher than companies with the budget for larger security teams.
  • 47 percent say they don’t have the skills and experience to protect against cyberattacks.

Action Items:

The survey also revealed the opportunity for solutions and service providers to work with these companies:

  • 53 percent outsource managed detection and response, and 47 percent use an MSSP.
  • 80 percent say they would like to invest more in automation.

For more information, see the full 2021 Survey of CISOs with Small Security Teams.

SafeBreach Announces New Vulnerability Discoveries

SafeBreach Labs discovered vulnerabilities in:

New Spear-Phishing Exploit: Operation BlockChain Gang

Prevailion has identified a sophisticated email phishing scam that first exploited Mac OS X users over the summer and broadened in scope at the end of the year. “Operation BlockChain Gang” uses an organization’s own domain and engages them in typical interactions while they are exploited. After making contact, the cybercriminals sent a new email with the malicious link. If the user opened it in a Firefox browser, their computers were exploited by CVE-2019-11707 or CVE-2019-11708.

Action Items:

  • Prevailion advises large organizations that store and retain significant volumes of data, which are the targets of this campaign, to be on the defensive.
  • Users can mitigate risks by using NoScript, a plugin that blocks Javascript, Java, and Flash unless they permit them.
  • Organizations should have a comprehensive and rehearsed incident response plan.
  • See Prevailion’s report for samples that a system has been compromised.

Advice for Businesses and Organizations Targeted by Ransomware

Ransomware surged in 2020, continuing the startling fact that it is growing at a rate of more than 300 percent each year.

Tyler Reese, Senior Product Manager at One Identity, believes that ransomware victims shouldn’t pay the ransom. He shares actionable steps on how they can avoid ransomware attacks in the future:

“It’s important for companies to know that even if they pay the ransom, which they shouldn’t, it doesn’t mean they’ll get the information back. Hackers have been increasingly turning to Ransomware as a Service, which means that the attacker may not have the ability to release the information allowing it to be available on the dark web forever. Instead of paying the ransom, organizations should look towards malware removal or executing a recovery plan. However, malware removal isn’t always possible, and a recovery plan could cause more downtime than an organization simply can afford. The only option to avoid paying the ransom would be to prevent the attack altogether by having the right security measures in place,” Reese says.

Reese says, “The first step of an effective security strategy is to know your enemy. Ransomware attacks find their way around internet security suites, commonly through phishing, to gain access to privileged credentials.”

He says to combat this strategy by protecting data with a strong privileged access management (PAM) strategy. “PAM strategies protect companies’ data even if hackers can successfully execute a phishing attack by leveraging password vaults, monitoring and recording privileged sessions, using behavioral biometrics and following the principle of least privilege,” Reese says.

For more security updates and insights, visit DevPro Journal’s Security resources page.