August 10, 2020
Good morning, everyone!
|This week’s critical vulnerabilties: Many more devices vulnerable to Ripple20 have been identified, including popular printers and phones. Cyber criminals have released server passwords for more than 900 systems vulnerable to the Pulse Secure VPN exploit (for which patches have been available more than a year!) Twitter fixed a high severity flaw in their app for Android users. Patch your systems, folks! Keep all software and firmware up to date.|
FBI Warning re Windows 7, and a primer on how to protect older systems from attack
Last week the FBI released a warning over Windows 7 devices, which are running an unsupported operating system at this time. "The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status."
While the ideal solution is replacing older systems, the FBI recommends in the meanwhile that you:
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
Honestly, keeping all your software up-to-date is one of the easiest and yet most effective ways to secure your systems.
- Audit network configurations and isolate computer systems that cannot be updated.
If you have a legacy system that cannot be updated (a common problem in manufacturing and healthcare environments), use network segmentation and/or firewall settings to block Internet access to those devices.
- Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
They are singing my song, eh? In previous newsletters, I’ve talked about the importance of closing RDP ports and using 2FA whenever and wherever possible.
The FBI PIN doesn’t mention that it is possible to purchase extended support licenses for Windows 7 Pro, Enterprise and Ultimate (not Home) versions. You can read this article for details.
|People often ask me "how can I get into cyber security?" It's a wide and diverse field, and last week CISA released a Cyber Career Pathways Tool to help you find your niche.|
Secure Your Stuff
As we bring more and more “smart” devices into our home and work environments, the importance of securing them properly grows. I want to briefly answer two questions: “why?” and “how?”
Why is it important to secure your stuff?
There are basically three reasons that cyber criminals attack:
- To steal your information and sell it on the dark web. Whether it’s your personal identity, login credentials for online accounts or credit card data, your information is valuable.
- To get money from you directly, often by encrypting your data and demanding a ransom for its release.
- To use your devices as an attack point for other systems. The Mirai botnet and its variants have been using home wireless routers and CCTV systems to attack various points on the Internet since at least 2016.
How can you secure your stuff?
I could write an entire newsletter just on that topic! But for now, there are three things that will thwart the vast majority of attacks:
- Change default passwords. When you purchase any electronic device, it has a default administrator password set. Typically this password is on a sticker on the bottom of the device, or on a card inside the box. It can also be found on the manufacturer’s website. You should immediately change this default password to a good password of your own. (What’s a good password? Maybe that will be next week’s newsletter!)
- Disable remote administration. Most devices will have a checkbox somewhere in the settings with some variation of “remote administration” on its label. Disable this option (or enable “block remote administration” if that’s your label). Without remote administration, your device can only be configured by a computer on your home network, not from the Internet at large.
These two steps alone would protect your devices from most botnets, as that’s how they gather their victims: using the default administrative password to log onto the device from the Internet, and then installing malware on the device to control it through the botnet.
- Register your product. I know it’s old school, and most people don’t think to register their products because warranties don’t mean that much these days, but there is one other good reason to register your product: if a security flaw is found, the manufacturer can notify you. For example, in the case of Mirai‘s massive DDoS attacks in 2016, many of the cameras used were from a single manufacturer, and exploited a vulnerability in the firmware. The manufacturer released a firmware upgrade for the newer cameras, and offered free replacements for older cameras that couldn’t be upgraded. Many people were completely unaware of the situation, however, and the manufacturer had no way of knowing who had purchased their products. Accordingly, many of those compromised devices remained in use by botnets until they died and were replaced.
Security Awareness Training Goes Virtual
Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.
Contact me to schedule your employee training sessions. They're fun! ☺
Adding “cyber” to your disaster recovery plan
Have you been thinking about your disaster recovery plan? If your current plan only covers hurricanes, tornadoes and fire -- you need to add "cyber" to assure business continuity. This is the subject of my August 25 work(fromhome)shop and I’d love to “see” you there!
Talk to you again soon!