April 19, 2022

Good morning, everyone!

The latest critical vulnerabilities: Microsoft released its biggest Patch Tuesday since September 2020, fixing more than 140 vulnerabilities, including ten marked “critical” and at least one being actively exploited Apache has released an update to fix a Struts vulnerability that wasn’t fully corrected earlier Elementor plugin for WordPress has released an update to fix a critical flaw Patch All the Things!

Anatomy of an Attack

A series of poor cybersecurity decisions meant the victim didn't notice intruders on their network - until more sophisticated attackers arrived.

Boy, this story is chock full of “lessons learned.”

Novice hackers who didn't know what they were doing spent months inside a government agency network without being detected – before higher-skilled attackers came in after them and launched a ransomware attack.

It turns out that:

• The initial attack happened through open RDP ports on the Internet (don’t do this)
• The breached RDP account wasn’t just a standard user but a domain administrator
• Multi-factor authentication wasn’t in use (always do this)
• Apparently there was no Intrusion Detection System (IDS) in use
• No one was monitoring network activity
• No one was auditing user accounts

Log data suggests that the attackers were regularly disappearing for days at a time before returning to look around the network, occasionally creating new accounts to gain access to other machines. [...] But after four months, the attacks suddenly became more focused and more sophisticated. […] The intruders repeatedly dumped new account credentials and created new accounts in order to continue their attacks. The logs were also wiped repeatedly, in what could have been an attempt to cover their tracks.

More lessons learned from the SolarWinds breach

SolarWinds just lost a key point in the lawsuit against it for last year’s breach. The Court stated, in part:

1. While organizations must have fundamental security measures in place, it is also important that an organization have a security culture, that employees understand ... this "security mindset," and have a real awareness of the Company's efforts around security.

2. Organizations should ensure that their public statements related to security are accurate, not misleading, and regularly updated in response to relevant events.

3. It is important for boards and management to heed the advice of their own security advisors.

Wow. Lots to think about.

Go forth and be secure! and have a great week.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺