Articles of interest from the week of April 12, 2021

Number of US Breach Victims Jumps 564% in Q1 2021

The number of publicly reported breach victims in the US has soared by 564% from the end of 2020 to the first three months of this year, according to the latest data from the Identity Theft Resource Center (ITRC). (By Phil Muncaster, Infosecurity Magazine) Ingalls Information Security understands cybersecurity attacks and how to respond effectively. Since 2010, we’ve been in war rooms and boardrooms, investigating computer networks targeted and attacked by criminals and nation-state-sponsored hackers. This experience gives us a powerful edge in preventing and responding to cyberattacks. Ingalls helps businesses large and small manage security risks and defend against cyberattacks. If you’d like to learn more please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be under active exploitation, allowing attackers to elevate privileges by running malicious code on a target system. (By Ravie Lakshmanan, The Hacker News) Ingalls: Enhancing your patch management process to include vulnerability scanning, a robust remediation workflow, and metrics-based decision support from data collection can do a lot more for your risk management than simply plugging holes whenever a software vendor produces a patch. In our downloadable “8 Effective Cybersecurity Controls For SMBs” guide we discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program. If your business or a client needs expert cybersecurity risk management that includes Vulnerability Lifecycle Management, please contact us today to schedule an engagement with Ingalls Information Security!

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

For security teams, there was a lot more of everything to defend against in the final quarter of 2020 compared to previous months. PowerShell threats grew 208%; Microsoft Office malware increased by 199%, while malware targeting mobile devices rose 118% between the third and fourth quarters of 2020. And COVID-19 related malware and threats surged 114%. (By Jai Vijayan, DarkReading) Ingalls: Our Managed Detection and Response (MDR) service extensively monitors for malicious PowerShell usage within our client’s environment. And, more importantly, our analysts do root cause analysis on PowerShell usage attempts that are blocked by the tools we have deployed to protect their computers.

7 New Social Engineering Tactics Threat Actors Are Using Now

It’s been a boom time for social engineering. Pandemic panic, desperation as income concerns grew, and worry over health and wellness made it easier for criminals to tap into fear. Social engineering, of course, means attacking the user rather than the computing system itself, trying to extract information or incite an action that will lead to compromise. It's as old as lying, with a new name for the computing age—and that's a perfect metaphor for how social engineering tactics evolve. (By Derek Slater, CSO) Ingalls: In any organization, the weakest link in the security chain is often the level of security awareness of the people who work thereCriminals and malefactors know this, and exploit these tendencies to great success. Ingalls Information Security provides services that expose an organization’s employees to scenarios that test their ability to successfully respond to social engineering attacks. Additionally, our information security services provide training that raises employee awareness of social engineering activities as well as the proper procedures to defeat them. Please contact us today if you would like to speak to one of our cybersecurity experts about how we can help secure your company's information in a personalized and efficient way with our cybersecurity services.

Malware Variants: More Sophisticated, Prevalent and Evolving in 2021

A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. (By The Hacker News) Ingalls: A few years ago, a senior Vice President for a big anti-virus firm stood up and admitted that existing antivirus products work less than half of the time against malware⁴. This was under-reported, but it's something that we, as Incident Responders, had known for some time. There continue to be serious gaps in legacy antivirus product capabilities due to how they work, and how much the malware ecosystem has evolved over the last few years. We've written a helpful blog post that discusses the current situation with legacy anti-virus endpoint technology, some ways that malware is currently able to defeat it, and how the advanced endpoint protection that we use is effective.