November 10, 2020

Good morning, everyone!

This week’s critical vulnerabilities: Google's Chrome has zero-day flaw that is being exploited in the wild. Update all your Chrome installations (computers & mobile devices) now. Apple has released patches for critical vulnerabilities in iOS and macOS. Update now. Adobe has released more patches for Flash so be sure you are running the very latest version (or better yet, uninstall it everywhere). A critical vulnerability in the WordPress Welcart eCommerce Plugin was patched last week. The NSA has released a comprehensive list of vulnerabilities that are being actively exploited. Make certain you have installed the patches. Patch all the things!!

Business Email Compromise still causes the highest out-of-pocket losses incurred from any class of cybercrime

Recent convictions of two cyber criminals in New Jersey bring this subject to the forefront of discussion once again:

According to the conviction, one corporate victim was found to have transferred approximately $3.8 million dollars into the bogus bank account after receiving a seemingly legitimate email from the company’s vendor, bearing the name and domain of an actual employee. The email stated that the vendor’s typical beneficiary bank had ‘been placed on hold indefinitely due to an impromptu auditing.’ Therefore, the corporate victim was directed to transfer the balance of any accounts receivable from the typical bank to a bank account that was controlled by Mr. Espaillat and his co-conspirators.

What’s the best defense against this type of fraud?

PICK UP THE PHONE!

It’s that simple. Have a policy that no bank account changes are made based on email alone; voice verification (or some other form of secondary authorization) is required. Train your employees in this policy. Enforce this policy.

Secure your Operational Technology (OT) devices against attack

What are "Operational Technology" devices? Wikipedia says OT is "hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events. The term has become established to demonstrate the technological and functional differences between traditional IT systems and Industrial Control Systems environment." Examples of OT include SCADA systems, building automation systems, "smart" systems that control lights, irrigation, safety monitoring systems, robotics, etc.

According to this article, a recent survey shows that cyber criminals are shifting their attacks from IT resources to OT resources:

67% of respondents seeing a shift in tactics cybercriminals are employing to launch cyberattacks…. most of the shift in tactics is focused on stealing credentials that provide access to OT systems. With more IT staff working from home, he said, cybercriminals are launching attacks intended to capture passwords for OT systems that IT personnel are now remotely logging into to manage.

Yet another side effect of the COVID pandemic. What’s the answer?

Back to Basics!

• use secure (encrypted) solutions for remote access
• require two-factor authentication (2FA) for all remote access
• segment your networks! VLANS, DMZs, sandboxing – there are a variety of ways to keep your OT network(s) separate from your IT network(s)

Protect yourself from a Man-in-the-Middle (MitM) Attack

What’s that? you may be thinking. A MitM attack is when a cybercriminal positions himself between your device and the Internet resource your are attempting to access. There are basically two types, snooping and spoofing.

In a simple snooping attack, the MitM intercepts traffic in order to gain valuable information – for example, your login credentials to a website you are accessing on an unencrypted connection (or a compromised connection).

In a spoofing attack, the MitM pretends to be each party to the other, and may actually alter the transaction. For example, if a MitM gets in between you and your bank, he will present a login screen to you that looks exactly like your bank, he gets your login credentials and then logs into the bank for you. When you direct “your bank” (actually the MitM server) to transfer money from checking to savings, for example, the MitM actually changes the transaction to transfer from YOUR checking to HIS savings!

How do you protect yourself against this type of attack?

Back to Basics! Again. I know I keep repeating myself, but honestly the absolute best ways to protect yourself from virtually any online attack are neither difficult nor expensive:

• Keep software up to date (patch early, patch often!)
• Use trusted, encrypted connections
• Use 2FA whenever it’s available
• Avoid public wifi (your cellular connection is safer)
• Use a VPN for remote access when necessary

You can read more about MitM attacks in this article.

As always, I could talk a lot more about this stuff! Come back next week for the next installment. :)

• December 3: Ethical Duties: Practical Strategies for Safeguarding Client Information (1 hr ethics CLE)
• December 10: Ethical Duties: How Technology is Undermining Attorney-Client Confidentiality (1 hr ethics CLE)
  
  
• December 15: "An Introduction to Preparing for the CMMC

Security Awareness Training Goes Virtual

Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.

Contact me to schedule your employee training sessions. They're fun! ☺

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!