
The U.S. Department of Homeland Security has designated October as National Cybersecurity Awareness Month. This month, the department will “emphasize personal accountability and the importance of taking proactive steps to enhance cybersecurity at home and in the workplace.” The overarching message, “Own IT. Secure IT. Protect IT.” will focus on key areas including citizen privacy, consumer devices, and e-commerce security.
Take this opportunity to help raise awareness among your clients and your own team to keep networks and data secure.
The “National Security Risk” of VPNs
Don Boxley, CEO and Co-Founder of DH2i points out that some of today’s more popular data security options actually introduce more security risk than they eliminate.
“A prime example would be virtual private networks (VPNs),” says Boxley. “Most consumers and IT professionals alike consider virtual private networks a trustworthy means to secure their data transmissions and overall privacy. Unfortunately, that is no longer the case. Which led to U.S. Senators Marco Rubio’s and Ron Wyden’s letter earlier this year to the Director of the Cybersecurity and Infrastructure Security Agency (a subset of the Department of Homeland Security) about the ‘national security risk’ of VPNs.”
He points out that legacy connectivity and security solutions were not intended for the ways data are now created, shared across multiple clouds and IoT. They also weren’t designed with respect to the current threat landscape, which can leave them vulnerable.
Action items:
-
-
- Evaluate how your clients and your team connect remotely to your network and upgrade solutions and refine processes as necessary.
- Consider software-defined perimeter solutions to reinforce security and privacy requirements.
-
Cyberthreats Originating in North Korea
The United States Computer Emergency Readiness Team (US-CERT) has issued new information on cyberattacks originating in North Korea. Malicious cyber activity by the North Korean government, dubbed “HIDDEN COBRA” by the U.S. government, is growing more sophisticated. New alerts deal with Trojan malware variant BADCALL and proxy malware ELECTRICFISH.
In addition to these alerts, cybersecurity compromise management firm Prevailion has determined the existence of a coordinated threat campaign. Threat actors obtained documents written by industry experts and then appended their malware to the Microsoft Word files. Prevailion has dubbed the campaign “Autumn Aperture” and has associated it with the Kimsuky, a.k.a. “Smoke Screen,” threat actors. Business email compromise is the traditional document delivery method. Prevailion presented its research at an International CISO conference in September.
Action items:
Prevailion advises organizations to:
-
-
- Assess existing risk profiles
- Review emergency response plans
- Ensure employees know to contact IT or network security resources if prompted to enable macros on any document.
-
The MasterMana Botnet is Still Active
Prevailion has also uncovered details of the MasterMana Botnet campaign, which targets corporations of all sizes worldwide with low-cost methods. Researchers have linked the campaign to the Gorgon Group, which targets business email addresses via phishing and uses various tactics to steal information associated with cryptocurrency wallets. Victims who open emails and then their infected document attachments initiate a multi-pronged kill-chain that evades detection.
Action items:
-
-
- Use a defense-in-depth strategy with multiple security solutions including firewalls, email protection and antivirus solutions
- Learn more from Prevailion’s post “The MasterMana Botnet: Anatomy of the $160 Hack.”
-
Security Automation Isn’t An Option
Don Closser, Chief Product Officer at FireMon, says there are several trends driving the need greater security solution automation, including “the lack of skilled resources, increased complexity and expansion of heterogeneous cloud virtual environments in conjunction with companies digital transformations as well as the need to meet compliance and regulatory needs are all key drivers.”
Closser adds, “At the same time, SLAs time pressure is increasing and the criticality for security is not going away. Our position is that customers should not have to make a tradeoff between moving at the speed of the business needs and security of their network environments.”
Action items:
Closser advises automation solutions that have:
-
-
- The flexibility to enable IT teams to automate at their own pace and confidence level
- Continuous enforcement since global policy change management cannot end after deployment — just push deployments are not enough
- The ability to transparently adapt and recalibrate global security policy based upon dynamic network, platform and infrastructure changes, allowing customers to focus on what matters most – staying secure
-
For more news and insights, visit DevPro Journal’s Security page.