Being Sued for Not Caring – The implications of failing to secure your data

I recently spoke about the FTC’s lawsuit against Chegg, a major education tech firm, in one of the weekly tech tips interviews I provide our local TV news station. In this lawsuit, one of the first of its kind, the FTC is accusing Chegg of willfully neglecting their cybersecurity responsibilities resulting in 4 significant breaches of Chegg related data and systems in the last 3 years. This situation reentered my consciousness this week after the FS-ISAC included an article link in one of their recent weekly bulletins discussing this same situation. This topic deserves a little bit more conversation.

For far too long, organizations have been playing with fire when it comes to the safety and security of their data, both internal and customer related. Far too many businesses play the game of security by obscurity or sleep well at night assuming their organization is too small to be attacked. Others know there are legitimate threats facing their IT infrastructure and still choose to roll the dice with the misplaced comfort that cyber insurance will soften the blow to their bottom line in the event of a breach. Still others suffer through a significant compromise, but then fail to plug the holes in their infrastructure or add the necessary layers of defense to keep their organization’s IT resources safe in the future. The question we have to ask is “Why?”.

Is it all about cost? Is it arrogance? Is it apathy? Is it a lack of knowledge and understanding? It is probably yes to several of these questions for most organizations. We cannot stop shining the spotlight on these situations. We need to encourage good cyber hygiene, and if that fails, we need to add a good dose of guilt and constructive criticism. Because at the end of the day, it very well could be our data breached in the next attack or our money lost due to the failure of another organization. We are all truly in this together!

The following is a link to the WCYB tech tip article:

https://wcyb.com/news/local/tech-tips-know-who-you-do-business-with-on-the-web-burk-it-ben-lawson-federal-trade-commission-chegg-multi-factor-authentication#

Cisco Network Compromise – No one is immune to the human factor

Multiple sources have reported the breach of Cisco’s own network, purportedly via a Cisco employee’s personal Google account. According to multiple sources, the employee in question was saving and syncing both personal and Cisco business credentials to the Google Chrome browser for ease of access. Once the employee’s personal Google account was compromised, the bad guys accessed the Chrome password history, harvested the Cisco business credentials, and were off to the races.

This situation further enforces the need for better, more frequent end user awareness education and the monitoring of employees to ensure bad practices are not in play. At the end of the day, we are all human and we will all make mistakes. We can only get better if we train more, talk more, and monitor effectively.

The following article from ThreatPost is a great overview of the situation and provides an interesting recap of how the bad guys overcame the Cisco VPN MFA controls. Enjoy the read and beware of these threats! TRAIN YOUR PEOPLE!!

https://threatpost.com/cisco-network-breach-google/180385/

Rethinking Software in the Organizational Hierarchy

I very much enjoyed this article from Pieter Danhieux via Dark Reading and this creative approach to the management of applications and hierarchical security. The concept of least privilege and the dangers of API controls are often discussed but frequently forgotten when developing and revising an overall security framework for an organization. Enjoy the read!

https://www.darkreading.com/attacks-breaches/rethinking-software-in-the-organizational-hierarchy

Follina Vulnerability – Microsoft Office Zero Day Threat

A zero-day vulnerability in Microsoft Office was discovered and reported over the weekend that involves remote code execution simply through the opening of a Word document, even in preview.  Microsoft has issued CVE-2022-30190 in response to this flaw, though this bug is generally being referred to as the Follina vulnerability.   When the malicious Word document is opened even in preview, the file executes malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT).  This code works without elevated privileges and is currently evading Microsoft Defender detection.

The following are several blog posts and updates concerning this vulnerability, its functionality, and workarounds in the absence of a patch:

https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/

Microsoft Identifies new Sysrv-K Botnet Variant

Given the recent tanking of bitcoin value in the open market, you might think that the criminal exploitation of private computers for coin mining might start to slow, but I guess the cyber bad guys in the world need to compensate for their value loses and mine new coins.

This article from the great team over at InfoSecurity is a great overview. Enjoy and beware!

https://www.infosecurity-magazine.com/news/microsoft-botnet-variant-windows/

Space: The New Warfare Frontier – The conflict in Ukraine and its effect on all things space related

All large, modern military operations are heavily reliant on satellites to provide a variety of logistics and planning information related to battlefield operations. That information includes GPS coordination and navigation, topographic imaging, drone command & control, and many other surveillance functions. Threats to Russia’s satellite infrastructure by those in opposition to the invasion and ongoing conflict in Ukraine have prompted Russian officials to respond and to respond harshly.

The following article from the great team at InfoSecurity details the Russian response / denial to hacking attempts against their satellite infrastructure:

https://www.infosecurity-magazine.com/news/russia-denies-satellite-hacking/

Simply put, military conflicts are not what they used to be. So far during the conflict in Ukraine, we have seen the Russian space authority make a less than vailed threat against the safety of the International Space Station. We have also seen the delay and/or cancellation of satellite launches from Russian space facilities for agencies, governments, and organizations that oppose Russian activity in Ukraine. There are many factors to take into consideration, both short term and long term, when considering orbital resources and the effect this ongoing conflict can and will have on national and international assets in space.

Russia is still a primary partner in the ISS program and still provides the primary transportation and recovery services for the space station. Those services will most likely be on hold for the foreseeable future. The Russian space agency also provides satellite launch services for many nations and private agencies around the world. Those services have become a bargaining chip for international negotiations moving forward.

It will be very interesting to watch these situations develop over the weeks and months to come. We are seeing the Cold War rekindle and acts of fiction from recent TV shows and movies begin to come to life as scenarios play out on the “final frontier”.

The Ever Evolving Nature of Warfare: The Conflict in Ukraine and Cyberattacks

As strange as this may sound, military attacks are no longer simply about soldiers and tanks and planes and bombs. Needless to say, there is nothing simple about war, but thanks to state sponsored hacking and the connected nature of critical infrastructure, cyber warfare has become a new front for every new military conflict. The conflict brewing in Ukraine is no different.

Threat levels have been raised by numerous national and international cybersecurity organizations, and malicious cyber activity is already being monitored related to this current conflict. Please remember that the types of attacks associated with these nation state conflicts are not perfectly crafted and restricted to only military targets. They can overflow into civilian networks that can quickly spread around the world in a matter of hours. NotPetya is a wonderful example of targeted cyber warfare run amuck.

Take the time to prepare your environments and make sure all your controls are in place and up to date. The Internet is staged to see quite a bit of malicious cyber activity in the days and weeks to come.

https://www.infosecurity-magazine.com/news/russia-prepositioning-attacks/

Disaster Recovery Testing is Much More Than Technical Controls

This article from the team at Dark Reading is an excellent overview of the challenges and approaches to DR testing as well as great reminder of the value and influence of the human factor. All successful disaster recovery planning starts with people – its all about teamwork, collaboration, and communication during an event.

Enjoy the read!

https://www.darkreading.com/dr-tech/test-your-team-not-just-your-disaster-recovery-plan