The U.S. Department of Homeland Security has named October National Cybersecurity Awareness Month (NCSAM), providing solutions providers with the opportunity to discuss security with their clients and help educate their teams.
“Since the mainstreaming of computers in the workplace, I can’t think of a single time when someone’s online behavior impacted a company’s security posture as much as it does today,” says Rob Chapman, Director of Security Architecture at Cybera. “It’s a tough landscape to navigate. You can warn colleagues, but at the end of the day, there’s only so much reasonable reach you can have with company policy.”
Chapman’s advice is to limit an organization’s “blast radius.” “It’s something we don’t talk as much about, but it’s probably one of the most important architectural efforts you can make,” he says. “It starts simply with the question, ‘If the worst happens, how can I minimize the impact?'”
- Enabling multifactor authentication on everything.
- Removing unnecessary administrative rights.
- Designing networks to limit access to only what’s needed.
- Planning for the worst and practicing that plan.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) has issued information on Emotet, a trojan that downloads or drops other malware. The agencies report that Emotet resurged in July after minimal activity since February.
The agencies recommend taking steps to prevent vulnerabilities to Emotet, including:
- Deploy solutions that block suspicious attachments.
- Implement Group Policy Object and firewall rules.
- Implement antivirus and a formal patch management program.
- Follow the principle of least privilege.
- Segment networks and functions.
- See the brief for technical details and additional recommendations.
CISA and MS-ISAC have also provided information on an increase in LokiBot attacks since July. LokiBot uses credential- and information-stealing malware, often deployed when a victim opens an attachment.
The agencies recommend taking security measures, including:
- Maintaining updated antivirus solutions
- Staying current with patch management
- Disabling file and printer sharing services
- Enforcing multifactor authentication and a strong password policy
- Training users on best practices regarding email attachments and keeping login credentials private
Russian Hackers Target Linux Systems
A joint statement by the United States National Security Agency (NSA) and Federal Bureau of Investigation (FBI) warns that Russian hackers are using malware called Drovorub to spy on Linux systems. The statement explains that Drovorub is “a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server.” When a system is infected with Drovorub, it enables direct communications, file download and upload, execution of commands, and port forwarding of traffic to other hosts on the network.
Robert Meyers, Channel Solutions Architect at One Identity, comments, “One of the largest problems in the Linux community is that people tend to believe the hype that Linux is secure. This tends to leave people not updating Linux as often as they should, or not completing the installations of kernel updates when they should. When you add the lack of privileged access management that is common through the industry, this type of attack is going to be more common than people realize. In other words, this is just one of many.”
Meyers suggests taking action to keep Linux systems safe, including:
- Keep systems updated and patched in a timely manner. “If you already patch and protect your systems, this should not be anything more than an announcement to keep your eyes open. If you do not, it is time to change your practices,” he says.
- Limit access. “If hackers can’t get direct access to a system, they can’t infect it. This is something people forget and is the reason why privileged access management is so successful in protecting systems,” Meyers says.
Retailers Are Falling Behind on Keeping Mobile Applications Safe
Guardsquare recently released a report based on their research that shows that most retail mobile apps aren’t adequately protected from reverse engineering and attacks. The research revealed that 23 percent of retail apps have no security protection, and 63 percent use only one or two security measures. Moreover, the risk to payment data will be multiplied as more consumers rely on digital channels during the pandemic.
Guardsquare recommends that #CyberSecMonthretail mobile apps have:
- Code hardening techniques such as name obfuscation, string encryption and removing visible APIs
- Runtime application self-protection (RASP) measures, including root or emulator detection, encryption of data at rest, and app attestation.
Guardsquare also recommends apps with security by design and taking a layered approach to security, using the above security measures as well as real-time mobile threat intelligence tools to detect and stop threats as soon as possible.
The Cybersecurity Skills Gap Is Impacting Effectiveness
Cybrary surveyed IT and security professionals to learn the current challenges the skills gap is having on their teams. Cybrary’s research revealed that about three-quarters of respondents report skill gaps on their teams, and 65 percent of managers say these deficits have negative impacts on effectiveness. (See infographic for more findings)
- Assess your team’s skills
- Break down barriers, including time constraints, to continuing education for security teams
For more security updates and insights, visit DevPro Journal’s Security resources page.