Articles of interest from the week of February 1, 2021

Board Members Aren’t Taking Cybersecurity As Seriously as They Should

A recent study reveals systemic challenges with security integration into business processes. The report includes the top ways to drive engagement and agreement around cybersecurity strategies within an organization. The study found that only 23% of organizations prioritize the alignment of security with key business initiatives. (By Help Net Security) Ingalls: 82% of survey respondents claimed that cyber risk has increased in the past two years, thanks primarily to a rise in threats, an expanding corporate attack surface and the fact that business processes are more dependent than ever on technology. At a time when cyber risks have increased more than ever before, determining one's cybersecurity risk management strategy is crucial. Our Master Risk Control: Pick A Cybersecurity Risk Management Strategy blog post provides some valuable insight into the different options.

Ransomware Gangs Are Abusing VMware ESXi Exploits To Encrypt Virtual Hard Disks

Two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, reported as abused in the wild. At least one major ransomware gang is abusing vulnerabilities in the VMWare ESXi product to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives. The attacks, first seen last October, have been linked to intrusions carried out by a criminal group that deployed the RansomExx ransomware. (By Catalin Cimpanu, ZDNet) Ingalls: Enhancing your patch management process to include vulnerability scanning, a robust remediation workflow, and metrics-based decision support from data collection can do a lot more for your risk management than simply plugging holes whenever a software vendor produces a patch. In our downloadable “8 Effective Cybersecurity Controls For SMBs” guide, we discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program.

Phishing Campaign Lures US Businesses With Fake PPP Loans

Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a Paycheck Protection Program (PPP) loan to keep their business going during the COVID-19 crisis. (By Sergiu Gatlan, BleepingComputer)  Ingalls: Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, and response guidance. Unlike a traditional Managed Security Service Provider (MSSP), our service is geared toward proactive prevention. This includes our in-house Phishing Email Helpdesk (PEH) where we analyze your suspicious email and provide you with detailed recommendations.

Health Care Remains a Prime Target for Ransomware Attacks

It’s easy to be distracted by the flood of other distressing news each day, but the FBI, CISA and HHS recently urged the health care industry to stay on high alert for malware; especially ransomware attacks. The FBI’s warning included the statement, “We found that 66 percent of hospitals do not meet the minimum security requirements as outlined by the NIST.” The latest ransomware strikes hit more hospitals than previously known, and the culprit in almost every case appears to have been Ryuk. (By Satya Gupta, Security Boulevard) Ingalls: Protecting your organization from being attacked used to involve a fairly straightforward set of technical controls that kept customer computer networks secure and data backed up in the event of a system failure. To do this 10 years ago, an organization needed to setup firewalls, antivirus, patch management, and data backup. Today, organizations of all sizes need Managed Detection and Response (MDR) to defend against malicious network traffic. Our MDR service delivers threat monitoring, detection and response leveraging a combination of technologies, advanced analytics, threat intelligence, and human expertise in incident investigation and response. How does MDR work?

Microsoft 365 Becomes Haven for BEC Innovation

Two new phishing tactics use the platform’s automated responses to evade email filters. Two fresh business email compromise (BEC) tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters. In one case, scammers are targeting victims by redirecting legitimate out-of-office (OOO) replies from an employee to them; and in the other, read receipts are being manipulated. Both styles were seen being used in the wild in the U.S. in December, when auto-responders were more prevalent due to holiday vacation. (ByTara Seals, Threatpost) Ingalls: We offer targeted education and awareness to improve your security posture. Combine a social engineering test with a follow up employee training session. Employees are the weakest link in your security posture and we will test and train them to be more aware. Contact us today to learn more about how we can help secure your company's information in a personalized and efficient way.