Articles of interest from the week of March 15, 2021

Why the Microsoft Exchange Server Attack Isn’t Going Away Soon

On March 2, Microsoft revealed a critical cybersecurity offensive launched by a foreign adversary against organizations in the United States. The company attributed the attacks to a Chinese advanced persistent threat group it calls Hafnium. Microsoft quickly announced patches for the four previously unknown vulnerabilities in Exchange Server that the malicious actors had exploited. (By Cynthia Brumfield, CSO) Ingalls: After the Microsoft patches are implemented, it is a good idea to have a cybersecurity expert look for indicators of compromise on your Exchange servers to see if they were compromised. Cybersecurity teams have found that prior to the patch being applied, if a server was compromised, there was likely a backdoor uploaded to the server. The patch is not going to prevent the backdoor from being accessed. The backdoor is completely separate from the vulnerability. Our incident responders have the expertise and forensic knowledge to remediate your environment and to restore your organization to normal operations with an improved security posture! Please contact us today if you would like to speak to one of our cybersecurity experts about how we can help secure your company's information in a personalized and efficient way with our cybersecurity services. For more information please check out our cybersecurity advisory we issued on March 3rd that contains our recommended actions with links to additional resources.

How Email Attacks are Evolving in 2021

Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise (BEC) attacks have on victims. These type of attacks don’t garner the same attention as high-profile hacks. Why? Because BEC attacks are simple – yet potent. (By Lindsey O'Donnell, Threatpost) Ingalls: We offer targeted education and awareness training to improve your security posture. Combine a social engineering test with a follow up employee training session. Employees are the weakest link in your security posture and we will test and train them to be more aware. Contact us today to learn more about how we can help secure your company's information in a personalized and efficient way.

4 Ways Employee Home Networks and Smart Devices Change Your Threat Model

Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates. The security of employee home networks, and of the devices connected to them, are becoming increasingly important considerations for organizations that need to continue to support a large remote workforce for the foreseeable future. (By Jaikumar Vijayan, CSO) Ingalls: Our Managed Detection and Response (MDR) service can help you protect your remote endpoints. Our MDR service is designed for advanced detection, threat hunting, anomaly detection and response guidance utilizing a defense-in-depth approach which monitors and correlates network activity with endpoints, logs and everything in between.

Password Reuse Defeats the Purpose of Passwords

When a person reuses the same password across multiple accounts, one account’s exposure puts all the others at risk. To prevent this, cybersecurity awareness programs must emphasize the importance of passwords: how to create them, use them, and how to use a password manager with MFA. There are four forms of password reuse and they all are bad. (By Michael Schenck, CyZen.io, for Help Net Security) Ingalls: User names and passwords are no longer sufficient to protect accounts with sensitive information. By avoiding password reuse AND using multi-factor authentication, you can protect these accounts and reduce the risk of online fraud and identify theft. Here's a downloadable How-to-Guide for Multi-Factor Authentication that can help you better secure your information and identity online!

Ransomware Gang Plans To Call Victim’s Business Partners About Attacks

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. (By Lawrence Abrams, BleepingComputer) Ingalls: We understand the Ransomware threat.  Since 2010, we’ve been in war rooms and boardrooms, investigating computer networks targeted and attacked by criminals and nation-state sponsored hackers. This experience gives us a powerful edge in preventing and responding to cyberattacks. Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more, please check out our Blogs Are You Prepared to Defend Against Ransomware? And Ransomware, To Pay or Not to Pay?