This is yet another example of the cybercriminal bad guys taking advantage of a crisis situation and attempting to catch us with our collective guards down. I know many in the business world are now nearly completely reliant upon Skype, Teams, WebEx, and Zoom to function on a daily basis, but that need to stay connected cannot supersede the sound security practices that protect data and keep us safe.
Remember this simple truth – if you get an email message regarding an issue with an online service or tool, stop and don’t click any email links. Go directly to the website you know and trust from a browser. Any messages or alerts sent via email will be there on the website waiting for you. President Reagan’s montra is applicable and not cliché, Trust but verify.
This is the logical evolution of the ransomware threat in terms of data loss. No longer is the fear only the loss of access to data. Now we need to fear data being stolen and sold or leveraged in new and frightening ways. Please be aware!
We often want to approach IT security from a detached and somewhat clinical position, evaluating threats and vulnerabilities with an objective logic devoid of an understanding of the motivations employed by the cyber criminals involved. Now is not the time to take that approach to IT security.
Our nation faces a very real and immediate threat in the form of cyberattacks from foreign nations motivated by anger and revenge. As IT security professionals, we cannot prepare and defend our networks and computer resources in a vacuum. We must remain aware of the sociopolitical situation in order to understand the potential nature of the attacks to come and timing of those attacks relative to political decisions and military actions taking place around the world.
Financial institutions has begun to receive alerts from the Federal Reserve based on information provided by the Department of Homeland Security concerning potential threats from Iran and Iranian proxies motivated to disrupt networks, services and social feeds in the United States. Specific IP address information is being provided as a first step to content filtering and threat identification.
Please remain diligent in your defensive posture during this period of immanent threats. Educate your users as to the situation and the possibility of social engineering attacks associated with these threats. Stay abreast of the situation and monitor multiple news sources. Be cognizant of the fact that a week from now, Windows 7 and Windows Server 2008 will reach end of life and security patching for those products will cease. Devices running those operating systems will, for all practical purposes, have large targets painted on their chassis. If you find yourself with devices that you have not been able to update yet, take steps to properly isolate these devices and restrict access to the Internet.
Now is not the time to assume that you or your organization will not be a target. Be prepared and aware.
Given the nature of these vulnerabilities, please review your environment and make sure your version of Chrome is up-to-date.
This post is intended to be a little more than simply a stroll down memory lane in the IT security world of 2019. Take a moment to consider each one of these incidents and how each could affect you and your organization. Have you executed on any lessons learned? Have you mitigated or remediated all associated vulnerabilities? Are you monitoring for future activity? We need to learn from these types of incidents and strive to continually get stronger. Enjoy the read.
This is not unexpected. Cybercriminals are fairly smart and they are motivated to target the resources with the greatest and/or most effective access. As more and more of the world moves their respective Exchange and Active Directory resources to the cloud, O365 and Azure administrators move up the valued target list.
This article simply points out something we have known for some time. We must take phishing threats and associated awareness training seriously. This must become a priority for every organization, large and small. This issue also places a brighter spotlight on the security associated with service providers and 3rd party administrators. Make sure your security controls take those resources into consideration as well.