Technical Support: 412-349-6678 | Incident Response

This Week in Cybersecurity: Patches and Attacks You Should Know About

Cybersecurity updates for August

From the largest IT consultants to the home office worker, hackers look for vulnerabilities to exploit wherever they can. As recent attacks prove, no one is immune.

With new patches recently released for Windows, SAP, and other commonly used software programs, IT teams must move quickly to minimize the risk to your systems.

Keep in mind that although applying these patches is important, it’s not always enough on its own. Connected resources must be secured, and you’ll also need to monitor your systems for malicious activity.

Here are the latest attacks and updates you need to know about.

Attacks on Accenture

The billion-dollar IT consulting firm, Accenture Consulting, has been one of the largest IT consulting companies for decades.

However, their size and expertise didn’t stop the LockBit ransomware gang from recently seizing data and demanding a $50 million ransom.

Accenture hasn’t yet revealed how the LockBit gang gained access. However, it’s possible the gang received help from someone enticed by their recent insider recruitment efforts.

Ever since the gang advertised an offer to split ransoms with insiders, LockBit attacks have surged, leading to warnings from the Australian Cyber Security Centre.

You already know to train your employees to avoid phishing scams, but when it’s done intentionally, it’s a gut-wrenching experience.

LockBit’s recruitment tactics should motivate us all to implement strong cybersecurity monitoring to deter insiders with bad intent.

What to do once you detect a data breach
What to do once you detect a data breach - click the image to read more.

No Victim Too Small

At the other end of the spectrum, attackers seek ransoms as low as $500 from individuals.

For example, attackers focused the eCh0raix ransomware strain on an improper authorization vulnerability on Synology and QNAP’s network-accessible storage devices.

Although patches are available, there are a quarter-million of these devices connected to the internet – and not all are updated.

Additionally, these tiny ransoms may only be a side benefit for attackers, not the main goal itself. If they locate a home office connected to a larger organization, they gain access to larger, more lucrative attacks.

Keep in mind that weak security and lax patching is common in small home offices, and provides easy targets for attackers.

While you’re used to scanning your own networks for vulnerable devices, these types of attacks show that you might need to consider extending IT support into your employees’ homes.

Patches From Microsoft, SAP, and More

Microsoft’s August patches fix a relatively small number of vulnerabilities, including three zero-day and seven listed as critical.

However, while Microsoft patched 33% fewer vulnerabilities than average, they did fix some notable issues,such as PrintNightmare.

Just as important, SAP released 19 updates for various products, including patches for nine critical vulnerabilities. Not to be outdone, Adobe, Cisco, and VMware also released security updates this month –  IT teams remain busy as usual!

Beyond the Usual Suspects

IT teams usually focus on PCs, servers, and network equipment when applying patches and updates. However, technological advances continue to expand the scope.

Operational technology (OT) devices used to be run “air-gapped,” or disconnected, from our networks. But now, vendors implement 5G, WiFi, and other connections, to monitor and extract data from our OT.

While your engineers enjoy the flow of information, your IT teams needs to know about new pumps, saws, or shrink-wrap machines that join your network from the factory floor.

Unfortunately, these machines can be just as vulnerable as traditional IT, but more difficult to update. Recently, researchers located 14 vulnerabilities in the TCP/IP stack deployed in a wide range of such devices.

For example, hackers at Def Con 29 presented research showing how their team could have taken over remote-controlled tractors, or even gained access to the Operations Center for John Deere or Case!

Attackers can use these flaws to hijack devices, or as an entry point into your main network. To fix this issue, HCC Embedded has released patches. Alternatively, devices can be upgraded to NicheStack 4.3 or higher.

With each chip added to our cars, trucks, and tractors, the attack surface grows wider and more complex for security teams.

The Takeaways

If you’re using any of these programs or devices, you’ll want to make sure you address them as quickly as possible.

But, keep in mind that not all devices can be patched quickly, or without consequences. As always, you’ll want to make sure to perform and test backups, prior to applying new patches.

Hackers are very good at finding and exploiting any weaknesses that exist, so make every effort to stay up-to-date. It’s not always easy to stay secure, but it’s always important!

The IT experts at Ideal Integrations and Blue Bastion can isolate problematic devices to provide better protection, and to contain the damage in the event of an attack.

If your team would like help with isolation, patching, or cybersecurity monitoring, call 412-349-6680 or fill out the form below for a risk-free consultation.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.