For the final week of Cybersecurity Awareness Month, there’s an important reminder: put cybersecurity first.
Ideally, your organization adopts a secure philosophy. Unfortunately, widespread cybersecurity awareness still remains elusive for some.
The full weight of protecting the organization falls often upon the IT security team, who must also make up for other users’ errors.
To stay ahead of attacks, you need to constantly monitor the evolving landscape of cybersecurity.
Recently, Microsoft released new versions of PowerShell: 7.0.8 and 7.1.5, to correct certain issues.
These vulnerabilities allowed attackers to bypass the Windows Defender Application Control (WDAC) allowlist and steal plain-text credentials. With such a dangerous flaw, you’ll want to update your systems as soon as possible.
In the future, Microsoft will include PowerShell updates in the Microsoft Update service for both Windows 10 and Windows Server customers.
Until then, you’ll need to manually update the software, or ensure your outsourced patching provider can perform this non-standard update.
In the second quarter of 2021, researchers analyzed a variety of malware and noticed disturbing trends:
- 91.5% of malware was delivered via HTTPS encrypted connections.
- Fileless malware is increasing.
- PowerShell is being used to bypass security protection.
- Ransomware attacks continue to increase, up to 150%.
Many administrators don’t bother setting up firewalls to inspect HTTPS traffic, since they assume HTTPS connections will be made with legitimate websites. They might also neglect doing so to protect user privacy, or to avoid capturing regulated information.
Unfortunately, attackers are well aware of this, and abuse the oversight at every chance.
A similar problem exists for fileless malware, because classic antivirus software requires a file to match against their signature list.
As a result, you might want a more modern endpoint-protection software or monitoring (firewall, network, and endpoint), in order to catch these more modern attacks.
The use of PowerShell also skirts typical antivirus software and monitoring.
Considering the risk to your organization and the lack of utility for regular users, many administrators block access to PowerShell for non-admin-level accounts.
When it comes to ransomware, it never hurts to remind yourself to take the basic precautions: maintain good backups, train users to avoid phishing, and use a layered security approach to prevent an attack from spreading.
Common Cyberattacks Keep Evolving
The rise of ransomware reflects the changing structure and dynamics of cybercriminal organizations.
Security analysts note that gangs have adopted cloud migration to become decentralized, nimble, harder to track, and smaller.
This reduced size allows attackers to become profitable, even with lower payouts. Newer cybercriminal groups are less interested in attacking big banks, and more interested in attacking bad security in corporate, non-profit, and government targets.
This means that you don’t need to be a major million-dollar corporation to be targeted by an attack. More likely, you only need to have poor security in place.
Faked Executives & Sloppy Processes
Nobody strives for bad security, yet a wide variety of failures stem from sloppy processes –not all of them technical.
Sometimes, all it takes to evade security is to appeal to human nature, using urgency and the voice of authority. Basically, it’s the work of digital con artists.
For example, one United Arab Emirates company transferred $35 million to fraudsters in a Business Email Compromise (BEC) scam. Notably, the attackers combined fake emails and, more alarmingly, deepfake audio to impersonate a director in the company on a phone call.
It’s common for executives, presidents, and CEOs in your business to appear in legitimate marketing videos or public conferences.
However, these events also provide attackers with audio and video resources needed to create deepfakes.
To counter this type of cyberattack, you need to maintain a rigid process for any important business function (money transfers, security password resets, employee HR setup, etc.) that can’t be bypassed by one executive’s say-so.
Since it’s only natural for an employee to avoid saying “No” to such an authority figure, you’ll want to make sure you have clear, written procedures in place, and that everyone understands why it’s important to follow.
Lax Server Patching
Sure, you know the importance of patching whenever software vendors release updates for notable vulnerabilities.
And hopefully, you’re not one of the businesses that contribute to the 50% of internet-connected servers maintaining weak security. Where did that stat come from, you’re wondering?
Recently, researchers performing non-intrusive scans detected unpatched operating systems, unsupported software, and old and vulnerable protocols or remote access tools.
Common cyberattacks thrive on weaknesses like these, and attackers gladly exploit servers missing several-year-old patches.
You also need to share information between offices and IT teams as quickly as possible.
Tech giant Acer learned the hard way that if an attacker finds a vulnerability in one server, you should assume widespread failure, and shutdown your servers before attackers compromise the next one.
Wrapping it up
As security continues to improve, cyberattacks continue to evolve. But, that doesn’t mean you should make it easy with bad processes.
The foundation of good security remain the basics:
- Strong and enforced password policy
- Rigorous and timely patching
- Layers of effective security
- Penetration testing to ensure proper defense
- Monitoring for the inevitable zero-day or overlooked error
Cyberattacks continue to change and evolve as time goes on. Are you doing the same with your security measures?
Ideal Integrations and Blue Bastion have experts to help organizations of all sizes achieve strong security. We can help verify security measures for internal and compliance purposes.
Call Ideal Integrations at 412-349-6680 or fill out the form below for a free consultation about how we can help your organization with patching, penetration tests to check for vulnerabilities, or constant security monitoring.