June 22, 2021
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Bad News: Google is not your friend
Did you know that cyber criminals buy online advertising? Yep, they actually pay for Google AdWords so that their malware-infested and/or scamming websites come up high in search results. This has been happening for years! In 2018, Google took down 2.3 billion fradulent advertisements representing nearly 60 million phishing scams. Unreal!
The latest take is SolarMarker, a backdoor malware (RAT: remote access trojan) that steals data and credentials from browsers, being spread via SEO poisoning:
SEO poisoning is an old-school technique that uses search engines to spread malware. In this case, the attackers are using thousands of PDFs filled with keywords and links that redirect the unwary across multiple sites towards one that installs the malware.
The advertisements seen recently are offering free office forms (invoices, receipts, questionnaires, insurance forms, contract templates, etc.) that are commonly sought by business professionals. When you open that infected form, the RAT is installed
What is your best defense? Consult original sources of information:
- Scroll past the paid advertisements that show up first in the search results.
- Inspect links carefully before clicking. Looking for tax info? Make sure you are actually going to irs.gov before you click on that link.
- Bookmark important sites that you visit regularly: banks, investment accounts, insurance, school, church, professional organizations.
Using network segmentation to secure your data
Last week, the National Security Agency (NSA) released a Cybersecurity Technical Report describing best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. The very first recommendation is:
Place all network devices not specifically used to support UC/VVoIP—such as PCs, file servers, and email servers—on data VLANs. UC/VVoIP devices should be placed on different VLANs according to their role in the network. Limiting each VLAN to groups of similar devices and protocols makes the development, implementation, and management of security features much easier. [...] Configure the access control lists (ACLs).
Okay, that’s a bunch of jargon that I’m going to explain, because (once you get past all the acronyms) it’s actually a very simple concept that can be applied to both home and office networks.
VoIP is just another “Smart Thing” on your network
First, what is a UC/VVoIP system? Old-fashioned telephone systems carry analog voice traffic over copper wires. It’s like a radio signal. New phone systems carry voice traffic as data packets, just like a computer network, using the same Internet Protocol that we use to surf the Web. Because phone systems are often not as well secured as computer networks, commingling voice and data traffic is a significant security risk.
Home networks typically don’t have UC/VVoIP systems, but they do have lots of smart devices – thermostats, security systems, camera systems, listening devices like the Amazon Echo, and more. Because these devices in the home, like UC/VVoIP systems in the business environment, typically don’t have good security baked-in, having all these Things on the same network as your computers (especially if you work from home!) is a security risk for your data. What to do?
Network segmentation is the answer
So, what is a VLAN? Virtual Local Area Network. A Local Area Network (LAN) is basically the network in your home, all the interconnected devices behind your router or firewall. A VLAN is a way of separating certain traffic from others, without having to run separate cables and switches. VLANs work very well on wireless networks also.
What is an access control list? This is a way of keeping the devices in different VLANS from "seeing" one another, and restricting traffic to each VLAN by type.
Most newer routers and firewalls have the ability to set up VLANs, and it’s not terribly difficult. Using VLANs to segment voice & data traffic is critical in a business environment, and it’s a great way to protect personal data at home. Put your computers on one VLAN, and all your connected toys on another. You could even have a third for security devices like cameras and smart home systems. The configuration may be different for everyone, but the basic concept is the same: protect important data (computers) from the risk of being compromised via smart device by segmenting the traffic.
And I do believe that's enough to think about for this week!
Talk to you again soon!
Security Awareness Training Goes Live Again!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Thankfully, live training is making a comeback! So wherever you and your employees may be, I can deliver a fun and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺