Last week, the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) actively took measures to counter threats from security flaws.
With increasing resources applied by foreign governments to attack U.S. commercial and civic interests, we may have to reconsider where we draw the line between private and public interests to match the blurred interests of our foreign rivals.
In the meantime, the burden falls on our teams to keep up with the vulnerabilities and the patching requirements. Unfortunately, this April brings another large number of urgent patches.
Exchange Server Patch II
No, it’s not déjà vu.
Last week, Microsoft released patches for four more on-premises exchange server flaws that were discovered with active assistance from the NSA.
These vulnerabilities, rated between 8.8 to 9.8, will allow remote code execution upon the servers, but fortunately there are no known attackers exploiting these vulnerabilities.
However, considering the rapid development last time, we are urged to install patches quickly to avoid becoming this month’s high-profile victim.
Other Patches
Microsoft also released patches for an additional 105 vulnerabilities, including five zero-day vulnerabilities – one of which is actively being exploited.
Adobe and SAP also released new patches for a variety of their products at the same time.
While organizations using third-party services for patching (such as Ideal Integrations) — rest assured that relevant Microsoft patches will be applied — this is a good time to check on other software that’s included in your patching service.
Sometimes specialty software, such as SAP, isn’t handled by partners. Thus, the organization must take special action to apply patches.
As always, we recommend backing up your data and applications prior to applying updates. This ensures that, if anything goes wrong, you can reverse the process.
Likewise, if the patch cannot be applied safely, you’ll need to use additional resources to shield the unpatched asset.
Industries Under Attack
The fourth quarter of 2020 saw a 208% increase in PowerShell attacks, a 199% increase in Microsoft Office Malware, and a 114% increase in Covid-19 related malware.
McAfee also noted a 10% increase in enterprise network threats to 648 threats per minute.
Many attacks targeted technology, which increased 100%, or the public sector, which saw an increase of 93%. Meanwhile, in a separate report, IBM warned of aggressive spear-phishing attacks on the Covid-19 vaccine cold-storage and cold-transportation supply chain.
However, just because certain techniques and industries may be in the spotlight, you need to remain vigilant in your security efforts.
Attackers used old VPM backup devices to steal one terabyte of data in Capcom’s ransomware attack. Also, an attack on a transportation logistics company in the Netherlands led to a national cheese shortage.
Foreign Government Attacks and US Government Defense
The Office of the Director of National Intelligence reported that China, Russia, North Korea, and Iran pose significant cybersecurity threats to the U.S.
Not only do each of these countries cultivate highly skilled attacking resources, but they also blur the lines between national and private interests within their countries.
In each of these countries, the government is directly intertwined with commercial interests within their economies. Because of that, view private interests within the U.S. as fair game. Attacking US private interests or local governments provides both economic and public relations wins for these foreign governments.
While separation of governmental and private interests in the United States are typically distinct, the FBI recently started to blur that line by actively removing web shells from hacked Exchange servers … without notifying the victims.
Many web shells were installed by China’s nation-state hackers, so it’s likely that the FBI considers their activities as counter-espionage directives assigned to the agency.
However, some security professionals wonder whether or not the FBI’s actions will set a precedent. Will the U.S. government need to take action in order to protect organizations from nation-state attacks?
While there is no current initiative for cybersecurity to become a publicly supported resource, such as the highway system, this is sure to become a topic for debate over the next few years.
Still, until that becomes a reality, we are on our own to defend our organizations.
The Right Support
Whether your organization needs a software audit, support with applying specific types of patches, or full outsourcing of updates, Ideal Integrations is here to help.
In-house expertise can be costly, and not all companies need the same solution. The team at Ideal Integrations is here to give you a complete, secure solution for all of your IT and cyber security needs.
Not only will we get you the right technical solutions, we’ll also build your network and defend it 24/7/365.
No matter where you are, we’ll be by your side!
Schedule your risk-free consultation today by calling us at 412-349-6680, or by completing the form below.