Can you believe the third week of cybersecurity awareness month is already here? This week’s theme: Explore. Experience. Share.
In honor of this spirit, let’s explore some of the latest issues, learn how to avoid some negative experiences, and share in the latest information available.
From newly released patches to issues recently surrounding ransomware, there’s certainly a lot to consider.
As always, cybersecurity remains an ever-changing environment. This makes sharing and learning from one another’s experiences is as important as ever.
So, without further ado, here’s the latest on everything you need to know.
October Patches and Updates
Recently, Microsoft released their updated patches.
And although you might be used to clicking “Remind me later,” with at least one new actively-exploited vulnerability, you don’t want to delay patching.
Specifically, these patches address 74 identified vulnerabilities, including three rated “Critical,” along with one actively exploited zero-day in the Windows Win23k kernel.
This month’s patches also include security fixes for the May 2021 Update, October 2020 Update, and May 2020 Update. Some of these bugs also affect the newly released Windows 11, so if you’re an early adopter, you’ll definitely want to make sure you’re on top of things.
But, Microsoft is not alone. Adobe, Android, Apache, Apple, Cisco, SAP, and VMware also released security updates for various products.
While not highlighted in their release notes, the Apple patch includes a fix for an iOS zero-day vulnerability, actively seeking to steal data and install malware on iPhones and iPads.
Before patching, ensure the availability of good backups so that any encountered issues can be reversed.
Also, keep in mind that some types of patching (Apple, SAP, etc.) may not be actively managed by IT departments or Patch Management Agreements. Because of this, they might need special attention.
Secondary Ransomware Consequences
Each unpatched vulnerability opens a new window to exploit, and attackers are never shy about punishing exposed organizations.
Making matters even worse, unless you move quickly, the attacks also affect your partners, with the effects lingering on.
As recently as a week ago, a ransomware attack forced the largest private bank in Ecuador, Banco Pichincha, to prevent their systems from running ATMs and online banking.
Although the bank refused to disclose details, the attack could be related to another cyberattack suffered in February. That one started through a partner company providing marketing services to the bank.
In September, Olympus suffered a ransomware attack that forced IT system shutdowns, and affected their operations in Europe, the Middle East, and Africa.
Only a few weeks later, attackers forced the company to take down IT systems in North and South America!
In both of these cases, businesses were hit with an initial ransom attack, and then later, a second attack.
While these second waves of attacks might be unrelated, it’s certainly quite a coincidence to ignore.
More than likely, internal IT teams failed to fully address the first attack, leaving cybersecurity issues unresolved.
Whether the attackers were related or not, there’s a good chance they at least used a similar vulnerability.
Hopefully, your business is never a victim of ransomware even once.
But, in the unfortunate event you are, make sure you enlist expert help to track and completely solve the problem, as well as monitor for other signs of suspicious activity.
Avoiding Ransomware in Evolution
Ransomware attackers originally focused on encrypting local systems, preventing you from accessing your data.
Later, they evolved to exfiltrate these encrypted files and extort your business by threatening to release sensitive data.
Now, a new attacking gang, SnapMC, skips the encryption step and goes straight to extorsion. Making matters worse, they can execute attacks in less than 30 minutes.
Amazingly, this new ransomware attack relies entirely upon known vulnerabilities. That means that with available patches, only negligent organizations should fall victim to SnapMC.
However, as with any ransomware attack, you should expect any success with this method to quickly transform into more sophisticated attacks.
Meanwhile, ransomware activities became so prominent that the Australian and US governments began to officially address the issue.
The US invited 30 countries, notably not including Russia and China, to form a Counter-Ransomware Initiative. The goal? To disrupt ransomware attackers, increase resilience, leverage international cooperation, and improve tracking for cryptocurrency money laundering.
US congressional members also drafted a Ransom Disclosure Act seeking to improve available information for the Department of Homeland Security (DHS) to understand and fight ransomware gangs.
The new bill proposes to force disclosure of all paid ransoms and related information within 48 hours. The DHS would then publish anonymized information about ransomware attacks, along with the use of cryptocurrency.
Critics worry that this bill will primarily punish victims and vilify cryptocurrency, without addressing any of the root causes or future techniques of attackers.
However, Australia already enacted an aggressive Ransomware Action Plan that
- Requires victims to report the details of all ransomware incidents (beyond just ransom demands).
- Funds awareness programs.
- Increases punishments on Australian ransomware actors.
- Calls out home governments for ransomware gangs.
- Actively tracks and intercepts cryptocurrency ransomware payments.
In the future, this plan may be further strengthened by the Surveillance Legislation Amendment Act. This adds the ability for the Australian government to actively delete or remove data linked to criminal activity.
Closing Thoughts
It may take time for governmental action to affect these criminal organizations, so you must remain vigilant and prepared to avoid ransomware.
Your organization needs to stay current with your patching, and keep up with the latest trends in methods of attack.
For those seeking expert assistance or an outsource partner in patching, managed IT services, or security monitoring, call Ideal Integrations at 412-349-6680 or fill out the form below.
We will provide a prompt, free consultation about the options that best fit your situation.