March 30, 2021
Good morning, everyone!
I started out planning to write more about "smart things" because I'd read this really interesting report about the rise of botnets, but then I read this ransomware story and decided to pivot this week. More "things" later! Meanwhile ...
Ransomware Best Practices: A Case Study in Success
It isn’t often that a business hit by ransomware will talk about it afterwards, which is why this story is such a great read. In May of last year, Spectra Logic, a data storage company based in Boulder, Colorado, was hit with ransomware. They refused to pay up, they called in the FBI for help, and they had their critical systems back up in 8 days. I highly recommend reading the entire story, but I will point out what I consider to be the key takeaways:
- If you are prepared BEFORE an attack happens, you can survive without paying ransom. As the article says, this is the right way to do it. Don’t pay. You only encourge the bad guys to keep doing it.
- Practice your incident response plan. What’s the first thing you do? UNPLUG.
"When it hit, we ran to our server room and data centre and started pulling plugs out so it couldn't propagate itself”
- Backups, more backups, offsite backups, offline backups. If your backups are accessible from the network, the bad guys can encrypt them too. For home PCs, have an external hard drive for backups. Plug it in,
run a manual backup, unplug it. That puts it out of reach of the ransomware
when it starts to encrypt everything it sees. Can’t see that hard
drive that isn’t plugged in!
“the company had backups, which were separate from the rest of the network and safe from the incident.”
- Engage cybersecurity experts immediately, to help you get the bad guys out of your system. No point in restoring backups until you are sure your network is clean.
"Our cybersecurity team provided us with the expertise and tools, monitoring and logging to get the threat out of our system. Monday morning they give us a green light; it's done, they've stopped it and removed it," Mendoza remembers.
- How did this happen, anyway?
Analysis of the incident revealed a phishing email sent to an employee working from home was how hackers gained their initial access to the network.
- How do you prevent this? Build a culture of security. Train and support your employees.
In the aftermath of the ransomware attack, Spectra Logic has worked to improve its cybersecurity culture, both on-site and for remote workers in an effort to learn from the incident. […] "We were kind of complacent before," he says: now staff will notify him if a phishing email isn't picked up by the malware system. "There's more awareness now."
Attackers seeking out companies with ransomware coverage
Well, this is pretty awful! CNA Financial was hit by a cyber attack last week. Because CNA is a leading provider of cybersecurity insurance, there is concern that cyber criminals were trying to get data on policyholders, compiling a list of those who have ransomware coverage. It’s important to identify your target market, right? That’s just good business practice!
QNAP warns of attacks targeting NAS devices
Network Attached Storage (NAS) devices should never be exposed directly to the Internet, and this is why: The devices are being targeted in brute force attacks. Change default passwords, use strong passwords, disable direct Internet access. Make certain you are running the latest firmware! In 2018, several popular NAS devices were found to have critical security flaws that gave attackers full access to data on the devices. We've seen in the past that data on backup drives and local NAS devices can be indexed by Google if not properly configured. Protect all the things.
Update all the things
As usual, there is no shortage of critical security patches coming out!
Thrive Themes for WordPress being actively exploited
If your website uses Thrive Themes “legacy” themes and/or Thrive Themes plugins for WordPress, please make certain you are running the very latest versions. Attackers are actively exploiting known vulnerabilities in both, and patches are available – but you have to install them!
Cisco fixes flaws in Jabber, issues patches for routers
Cisco recently released security fixes for several critical vulnerabilities in its Jabber collaboration platform. Earlier, Cisco had released security fixes for small business routers including models RV132W ADSL2+ Wireless-N VPN routers running a firmware release prior to 220.127.116.11; and RV134W VDSL2 Wireless-AC VPN routers running a firmware release prior to 18.104.22.168.
Adobe Coldfusion receives critical security updates
Adobe has issued an emergency update for ColdFusion 2016 (update 17), ColdFusion 2018 (update 11) and ColdFusion 2021 (update 1). The flaw could lead to arbitrary code execution.
Virtual learning software Netop has bugs, releases fixes
Netop, remote learning software used by schoolteachers to view students’ computers, has been found to have critical security flaws that could enable attackers to hijack school networks, deliver malware, determine IP addresses of students, eavesdrop and more. Netop has applied fixes to everything reported by McAfee, except the network encryption bit, which is in the works.
I think that's enough for this week. Go forth and apply your patches, enable 2FA and think before you click!
Talk to you again soon!
Security Awareness Training Goes Virtual
Thanks to COVID-19, lots of things are going virtual, and that includes my employee Security Awareness Training. I've set up a small studio in our conference room (nobody there but me) so I can provide live training (almost) just like before! You can see me wave my hands and make faces while a wall of fascinating facts and practical tips slideshow across your screens, wherever you and your employees may be.
Contact me to schedule your employee training sessions. They're fun! ☺