Network Security News | Ingalls Information Security

Articles of interest from the week of June 29, 2020

Written by John Frasier | Jun 29, 2020 4:00:00 AM

Turn on MFA Before Crooks Do It For You

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident. (By Krebs on Security) Ingalls: The massive growth in Work From Home (WFH) teleworking has been sudden and companies like Zoom have seen usage explode. In addition to business and government organizations, school systems, churches, families, and friends all over the world are now using laptops and smartphones to stay in touch with one another. Our blog post provides some work from home (WFH) teleworking best practices like MFA and Virtual Private Network (VPN).

 


Research Shows Malware Is Easy to Buy, Own, and Deploy

With just a few Bitcoins and a quick search of Dark Web marketplaces, bad actors can become the owners of powerfully malicious tools. While malware deployments have grown in sophistication over the years, the number of attacks has also risen, signaling a democratization of tools allowing less-experienced cybercriminals to take advantage of widespread information. The report found that through underground message boards and Dark Web marketplaces, bad actors can easily find "incredibly low cost" widely available "off-the-shelf malware and ransomware." (By Jonathan Greig, TechRepublic)  Ingalls: The four pillars of traditional IT Risk Management (firewalls, anti-virus, patch management, and backup) are no longer enough to mitigate the risk from today’s cybersecurity threats. Our cybersecurity experts can help secure your company's information in a personalized and efficient way with our cybersecurity and Managed Detection and Response services.


200% Increase in Invoice and Payment Fraud BEC Attacks

There has been a 200 percent increase in BEC attacks focused on invoice or payment fraud from April to May 2020. During invoice and payment fraud BEC attacks, attackers pose as vendors, suppliers or customers in order to steal money using tactics such as initiating fraudulent wire transfers or hijacking vendor conversations to redirect vendor payments. These types of attacks typically involve much larger dollar amounts compared to other types of BEC attacks since they target business to business transactions. (By Help Net Security) Ingalls: Phishing is one of the most widely used cyber-attack vectors. Your organization's security is only as strong as your employees' awareness. Strengthen your defenses against social engineering attacks with our Our Phishing Email Helpdesk.


Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

Microsoft, earlier this week, quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. (By Swati Khandelwal, The Hacker News) Ingalls: Enhancing your patch management process to include vulnerability scanning, a robust remediation workflow, and metrics-based decision support from data collection can do a lot more for your risk management than simply plugging holes whenever a software vendor produces a patch. In our downloadable “8 Effective Cybersecurity Controls For SMBs” guide, we discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program. 


40% of Consumers Hold CEO Personally Responsible for Ransomware Attacks, Research Shows

Two-fifths (40%) of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to global research. Furthermore, research shows the public often wants restitution from businesses that fall foul of ransomware - with 65% of respondents wanting compensation, and 9% even wanting to send the CEO to prison. (By Business Wire) Ingalls: Our Managed Detection and Response (MDR) solution can help businesses to stay out of this situation by fending off the attacker in the first place.