Network Security News | Ingalls Information Security

Articles of interest from the week of May 10, 2021

Written by John Frasier | May 10, 2021 4:00:00 AM

85% of Data Breaches Involve Human Interaction: Verizon DBIR

Web application attacks, phishing, and ransomware increased over the past year, emphasizing a shift as attackers took advantage of people working from home and spending more time online amid the COVID-19 pandemic. Most (85%) attacks seen in 2020 involved human interaction. (By Kelly Sheridan, Dark Reading) Ingalls: Ingalls’ tailored Managed Detection and Response (MDR) and Cybersecurity Risk Management Services enable a defense-in-depth approach so organizations of all sizes can rest easier knowing their environments are safe from criminal threats. Defense-in-depth is our blueprint, we use next-generation antivirus (NGAV) that employs artificial intelligence and machine learning to monitor, detect, and respond to criminals’ tactics, techniques, and procedures (TTPs). Our experienced analysts use multiple layers of customized and proprietary tools to provide context and actionable information, simplifying enhanced security so you can rest easier. Download our white paper to learn more about our defense-in-depth approach to information security through our Managed Detection and Response (MDR) services.


Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one is listed as Moderate in severity. Three of the vulnerabilities are publicly known, although, unlike last month, none of them are under active exploitation at the time of release. (By Ravie Lakshmanan, The Hacker News) Ingalls: Enhancing your patch management process to include vulnerability scanning, a robust remediation workflow, and metrics-based decision support from data collection can do a lot more for your risk management than simply plugging holes whenever a software vendor produces a patch. In our downloadable “8 Effective Cybersecurity Controls For SMBs” guide, we discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program.


Colonial Pipeline was using vulnerable, outdated version of Microsoft Exchange

A forensic report of the Colonial Pipeline noted that the "most likely culprit" within the company’s IT infrastructure was the vulnerable Microsoft Exchange services, as noted by New York Times reporter Nicole Perlroth, though there were several other issues that researchers characterized as an overall "lack of cybersecurity sophistication." (By Subir Kathuria, Neowin) Ingalls: After the Microsoft patches are implemented, it is a good idea to have a cybersecurity expert look for indicators of compromise on your Exchange servers to see if they were compromised. Cybersecurity teams have found that prior to the patch being applied if a server was compromised, there was likely a backdoor uploaded to the server. The patch is not going to prevent the backdoor from being accessed. The backdoor is completely separate from the vulnerability. Our incident responders have the expertise and forensic knowledge to remediate your environment and restore your organization to normal operations with an improved security posture! Please contact us today if you would like to speak to one of our cybersecurity experts about how we can help secure your company's information in a personalized and efficient way with our cybersecurity services. For more information please check out the cybersecurity advisory we issued on March 3rd that contains our recommended actions with links to additional resources.


Opportunistic vs. Targeted Ransomware Attacks

The critical infrastructure systems we rely on to deliver water, electricity, fuel, and other essential services are under siege. Increasingly, ransomware is becoming cyber criminals’ attack method of choice, for they understand that even short periods of downtime can cause far-reaching disruption and damage. This puts extreme pressure on victim organizations to pay up in order to decrypt data and restore operations quickly. While industrial systems may be top-of-mind today, the threat of ransomware knows no boundaries, and no individual or industry is safe from its reach — especially in the age of cloud, mobile, and highly distributed workforces. (By Vadim Sedletsky, CyberarkIngalls: Unfortunately, ransomware remains a serious threat to all industries and accounts for nearly a quarter of all malware-based attacks. Ransomware has become so widespread and commonplace that a normal attack garners neither the shock of security professionals nor the attention of the media. Are You Prepared To Defend Against Ransomware?


Pipeline Update: Biden Executive Order, DarkSide Detailed, and Gas Bags

CISA and the FBI said that DarkSide affiliates leveraging DarkSide have recently been targeting organizations in industries including manufacturing, legal, insurance, healthcare, and energy. Prevention is the best cure for this ransomware plague, the agencies said. They urged potential targets to use best practices in the resources mentioned in this article to strengthen their cybersecurity posture. (By Lisa Vaas, Threatpost) Ingalls: Remember, whether you’re facing a data exposure incident, a business email compromise, or a dreaded ransomware attack, there are steps that you can take to help your organization respond and, hopefully, recover from this incident. For more information please read our blog post, How To Respond When You’ve Been Breached.