AccumeView: Executive Cybersecurity Pulse

May 2020 AccumeView: Executive Cybersecurity Pulse Newsletter

Covid-related social engineering attacks continue to make headlines, as most businesses shift work to a stay-at-home model for continued operations. There are numerous articles about attack types and vectors, so make sure your users are aware and informed.

A new zero-day vulnerability has been announced that impacts all supported versions of the Windows operation system. Both vulnerabilities reside in the Windows Adobe Type Manager Library, a font parsing software that not only parses content when open with a 3rd-party software but also used by Windows Explorer to display the content of a file in the ‘Preview Pane’ or ‘Details Pane’ without having users to open it. No patch is yet available, but there are some workarounds that have been published.

Covid-19 still dominates the news and continues to add to the security woes of companies. Of interest is a new study that states that 3 in 4 CFOs plan to shift at least 5% of newly remote workers permanently post-pandemic. I think this is the first of several major shifts in how business will operate moving forward.

A new report finds that there is a 47 percent jump in insider threats in the past two years. To make things worse, the average cost has increased 31% as well. With the rush to expand operations to a work from home posture, many companies may have left security gaps open, allowing for a surge in insider threat incidents. Ensure that your organization is not left exposed.

And finally, the Emotet botnet is back – “New and Improved.” It was the most dangerous malware botnet of 2019, and its new feature lets it spread inside the network once it’s infected a system. It’s dangerous because it delivers malware of a variety of types. Be patched. Be vigilant.

~Stay Secure

February 2020 AccumeView: Executive Cybersecurity Pulse Newsletter

27% of IT managers believe that attacks against their network can be attributed to nation states. This figure is up significantly from a year ago, and it should wake up anyone involved in Risk and Security. Ensure that you have properly adjusted the risk to your organization for the possibility of a sophisticated attack from a Nation State and calculated for the type of damage that they could inflict.

A new study shows that attackers, once inside your network, are able to stay in longer (aka “dwell time”) in order to get to know your business, processes and technology. The longer they stay in your network, the more damage they can do to you, your clients and your data. Most security systems are designed to monitor the perimeter, not the inside systems, so ensure that you have security controls and alerting for critical internal systems to detect unusual behavior and lateral movement.

January 2020 AccumeView: Executive Cybersecurity Pulse Newsletter

With tension rising between Iran and the United States, cyber warfare is on the rise. Many government agencies are releasing statements advising company’s and governments to stay protected and aware of potential threats. This past week we have seen pro Iran targets deface government websites and launch multiple attacks. Some of these are effecting entire cities and states. Both the state of Texas and the city of Las Vegas were targets for cyber attacks that believe to either be initiated by Iran or Pro Iran attackers. Thankfully, some of these attacks have been prevented but it is expected that these attacks will continue to rise in numbers. Texas Governor Greg Abbott warned Texans to be vigilant regarding cyberterrorism from Iran. The Texas Department of Information Resources released a statement advising that as many as 10,000 attempted attacks per minute from Iran had been detected over the past 48 hours on state agency networks. This number is especially startling when considering the normal occurrence of these attacks, about 420.

September 2019 AccumeView: Executive Cybersecurity Pulse Newsletter

This month we have seen mobile and smart devices become a key topic of discussion. With the Chinese company Tencent exposing flaws in the Qualcomm chipsets found in most android devices today, we must remember to stay vigilant in monitoring who and what our devices are connected to. The QualPwn bugs flaws, as they are known collectively, allow hackers to compromise these devices remotely by sending malicious packets over-the-air with no user interaction required.

May 2019 AccumeView: Executive Cybersecurity Pulse Newsletter

April 2019 AccumeView: Executive Cybersecurity Pulse Newsletter

Computer hardware manufacturer ASUS was the victim of a sophisticated attack that left backdoor malware embedded in their update software. The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses, reached out to a command-and-control server the attackers operated, and installed additional malware on those machines. Supply-chain attacks are starting to grow in number and complexity – make sure that you have a plan to address them.
A recent survey of the 22,000 new vulnerabilities that were discovered in 2018 indicates that 1/3 have public exploits and 50% can be exploited remotely. Ensure that you have total visibility into all of your endpoints and that they are patched and up to date.

March AccumeView: Executive Cybersecurity Pulse Newsletter

California is proposing an update to their data breach notification law. When California State Bill 1386 went into effect in 2003, it was country’s first data breach notification legislation. California’s data breach notification rules continue to be among the strongest in the U.S. New changes proposed will include notification if passport numbers were exposed as well as government-issued identification numbers and biometric data. The bill would update California state’s definition of personal information as constituting “an individual’s first name or first initial and last name” in combination with any of the following, when either the name or these data elements have not been encrypted.

February AccumeView: Executive Cybersecurity Pulse Newsletter

Perspective: Time for a Better Mouse Trap

If your institution uses Microsoft Exchange 2013 or newer, be aware that there is a new vulnerability that requires attention.   Hackers have been able to leverage an NTLM authentication function to perform relay attacks using the Exchange Web Services (EWS) interface.   A successful attack could gain domain user administrator privileges.  There is NO PATCH, but Microsoft does have some work-arounds.

January AccumeView: Executive Cybersecurity Pulse Newsletter

Automation is constantly evolving, and recent advancements in attack tools and methods are demonstrating that malicious automation can be expected to have significant ramifications. Researchers have proven that automated tools can successfully predict a user’s new password based on analyzing older stolen passwords, which makes the probability of a data breach infinitely higher. A recent test had a malicious bot infiltrate a network, scan all systems and exfiltrate all of the available data within 15 seconds. There is a good chance that 2019 will be the year that these types of attacks become real. Make sure that your protections are in place.

December Accumeview: Executive Cybersecurity Pulse Newsletter

At least eight Eastern European banks were hacked using rogue devices planted inside the network.  These devices included cheap laptops, homemade network appliances and usb “Bash Bunnies” to intercept data and provide remote access.  Most institutions are not capable of detecting rogue devices and specialized tools such as the bash bunnies, which are usb devices are designed to emulate trusted USB devices so that they can bypass USB port restrictions that many companies use.  Once installed, they discretely exfiltrate documents, Install backdoors and perform a variety of exploits.