Here you will find Shearwater’s latest security advisories, security updates and expert insights.

Shearwater Security Report | July 2019


Our monthly Security Report highlights some of the recent cybersecurity threats making headlines around the world.

Compiled by Shearwater’s experienced cybersecurity professionals, this report identifies new attack vectors used by cybercriminals, and helps you stay one step ahead of the attackers.

In this report we feature:

· Firefox – critical vulnerability uncovered by targeted attacks

· BlueKeep – could it be the next WannaCry?

· Up to 57% of email at risk 

· Cisco patch to stop online forgery

· Not so sunny in the Sunshine State

· Threats from within can be devastating too

· LooCipher – doing the work of the devil 

· Now criminals adopt security measures too 

Current Threats and Exploits

· Firefox critical vulnerability uncovered by targeted attacks

firefoxUncovering a bug that can be exploited to provide attackers with remote code execution, Mozilla moved quickly to address the critical vulnerability by issuing a patch. The bug, which would still require a separate sandbox escape, could also be exploited for universal cross site scripting.

According to Mozilla, the vulnerability (CVE-2019-11707) “can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.”

The vulnerability has been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1.(1)

· BlueKeep – could it be the next WannaCry?

bluekeepIt’s been two years since WannaCry. The indiscriminate virus spread like wildfire, infecting almost one quarter million computers globally back in 2017. It all started when someone unwittingly opened an infected email attachment.

Now there’s the potential for an even more devastating attack.

A vulnerability, known as BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows operating system. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.

While Microsoft has already issued a patch to repair the vulnerability, it is believed many systems are still at risk.

According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled. After successfully sending the packets, the attacker would have the ability to perform a number of actions including:

    • Adding accounts with full user rights;
    • Viewing, changing, or deleting data; or
    • Installing programs.

This exploit, which requires no user interaction, must occur before authentication to be successful.

BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems. Thus, there’s a very real risk a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.(2)

· Up to 57% of email at risk 

email“Return of the WIZard” is a vulnerability allowing hackers to send malicious email to Exim software. Exim is a popular email server software, or message transfer agent (MTA), used to send and receive email. With an estimated 57% of email servers operating Exim software, there is an acute risk to email disruption from the vulnerability.

According to Microsoft, an active Linux worm is targeting Exim. The worm allows attackers to remotely execute commands on a vulnerable server.

It is known there are at least two groups of hackers seeking to exploit the vulnerability to run malicious code. Hackers have also downloaded and installed a cryptocurrency miner on compromised servers.

While a mitigation is already in place to block the worm, Microsoft states that Azure servers with Exim software can still be infected or hacked.

The vulnerability (CVE-2019-10149) was discovered in Exim 4.87 to 4.91.

If not stopped, the worm would use the infected server to search for other vulnerable hosts to infect. Anyone using an email server with Exim software should install the latest patches as soon as possible.(3)

· Cisco patch to stop online forgery

ciscoWe all login to a variety of online accounts daily.

Whether it’s email, online banking, e-commerce, or any other type of online account we access through a web page or app, we expect that once we enter our username and password, we can transact safely.

However, hackers can leverage a “cross-site request forgery” (CSRF) flaw to force the execution of unwanted actions in web pages or apps, even once we have already been authenticated by logging in.

These attacks can be deployed via a malicious link and the action is executed with the same privileges of the logged in user.

Cisco recently identified a vulnerability (CVE-2019-1904) that affects outdated versions of Cisco IOS XE. The vulnerability exists in the web-based user interface of the product and exists due to insufficient CSRF protections on an affected device.

To rectify the problem, Cisco released an updated version of its IOS XE software to patch the CSRF vulnerability.(4)

 


Recent Breaches

· Not so sunny in the Sunshine State

floridaFlorida may be America’s Sunshine State, but recently things have been looking pretty gloomy.

Lake City, Florida is finally recovering from a devastating Triple Threat ransomware attack that knocked out its email and online payment systems on June 10, according to City Manager, Joe Helfenberger.

Cloud cybersecurity company, AppRiver, initially reported the Triple Threat back in January.  However, at the time they only mentioned it was a phishing scheme designed to gather credentials and did not indicate there was a ransomware component to it.

Lake City updated its status on June 12, saying that while most systems were still down, progress was being made to restore the network and regain access to the locked data.

Luckily, systems used by the city’s police, fire and other emergency services were not impacted.

Eventually, city authorities reportedly paid $460,000 in Bitcoin to the attackers to recover their data and systems. This attack serves as yet another warning why backups are so important for recovery after a ransomware attack.(5)

· Threats from within can be devastating too

Desjardins-GroupDesjardins Group is the largest federation of credit unions in North America.

As custodians for so much confidential information, including the personal and financial records of roughly 2.9 million Desjardins Group members, data security is paramount.

Yet despite systems in place to prevent unauthorised intrusions, data was leaked by an employee who disclosed it to people outside the organisation without permission.

According to a statement by Desjardins, the information disclosed includes:

  • First and last names;
  • Dates of birth;
  • Social insurance numbers;
  • Addresses;
  • Phone numbers;
  • Email addresses; and
  • Details of banking habits and Desjardins products.

Awareness of the data leak emerged on June 14, when local police “provided Desjardins with information confirming that the personal information of more than 2.9 million members (including 2.7 million personal members and 173,000 business members) had been disclosed to individuals outside the organization.”

This is a timely warning that measures to prevent outside intrusion may not do anything to protect you from malicious actions undertaken by those inside your organisation.(6)

 


Other News

· LooCipher – doing the work of the devil 

loocipherLooCipher, the newly discovered ransomware that encrypts all files on an infected computer and demands a ransom payment of 300 Euros within five days, is pure evil.

The ransomware is spread by a spam campaign that delivers a Word document called Info_BSV_2019.docm. Opening the document causes macros to be enabled, links to a Tor server and downloads an .exe file.

During this time, all the computer’s files are encrypted and cannot be read, but they are not deleted. If the ransom is not paid via Bitcoin within five days, all your documents will be permanently destroyed.

This is another reminder that you should never open attachments in emails that you do not recognise.(7)

· Now criminals adopt security measures too 

httpsThe “S” in “HTTPS” stands for “SECURE”.

That letter signals to visitors that the site is secure for communications and that the privacy and integrity of data exchanged on the site is protected. It helps prevent “man-in-the-middle” attacks.

However, as attackers become more sophisticated, they too are beginning to use HTTPS sites for their malicious activities.

With the adoption of cryptographic protocols for secure website communications, cybercriminals are moving to HTTPS to keep their operations afloat.

Over half of phishing websites detected in the first quarter of this year used digital certificates to encrypt the connections from the visitor. This is a trend that has been growing since mid-2016.

HTTPS is designed to protect user privacy by encrypting the traffic between a server and the browser. This prevents third parties from viewing the data that’s exchanged. As web browsers began warning users that their connection was not secure if the site wasn’t HTTPS, phishing scammers began following the HTTPS trend.

Nowadays, impersonating an HTTPS website is virtually impossible without a Transport Layer Security (TLS) certificate, a cryptographic protocol designed to provide communications security over a computer network. While obtaining a TLS certificate was complicated and expensive in the past, these days they can be obtained for free.

With TLS certificates now more easily accessible, scammers are accessing them to give their websites the appearance of being secure.

It’s another reminder that when transacting online, all is not what it seems.(8)

 

To stay secure, you need to be proactive.

Cybercriminals are constantly looking for ways to exploit vulnerabilities and will use any opportunity to circumvent your security systems.

Keep on top of the latest advances in cybersecurity and ensure your organisation stays ahead of the threats with Shearwater’s team of expert consultants.

Together, we’ll develop a comprehensive security roadmap for your organisation that takes into account your specific needs and circumstances.

Take the first step towards enhancing your security and speak with us today.

 

(1) https://www.darkreading.com/attacks-breaches/critical-firefox-vuln-used-in-targeted-attacks/d/d-id/1335011
(2) https://www.us-cert.gov/ncas/alerts/AA19-168A
(3) https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-about-worm-attacking-exim-servers-on-azure/
(4) https://www.bleepingcomputer.com/news/security/cisco-ios-xe-software-receives-fix-against-high-severity-flaw/
(5) http://www.scmagazine.com/home/security-news/ransomware/lake-city-recovering-from-ransomware-attack/
(6) https://www.bleepingcomputer.com/news/security/desjardins-group-data-leak-exposes-info-of-29-million-members/
(7) https://www.bleepingcomputer.com/news/security/new-loocipher-ransomware-spreads-its-evil-through-spam/
(8) https://www.bleepingcomputer.com/news/security/phishing-websites-increase-adoption-of-https/


 

This Information Security Report is brought to you by Shearwater Solutions

The Information Security Report is a monthly summary, compiled by Shearwater’s experienced cybersecurity professionals, to highlight the vulnerabilities and new attack vectors in some of the latest active threats, exploits and breaches and share recommendations to help you protect your data and stay a step ahead.

Whatever your Information Security challenge, we’re here to help you find the right solution.

3 Pillars for Security Awareness Success


“Are your staff going to be your greatest risk, or your greatest assets?”

That was the question posed by Damian Grace, General Manager of Phriendly Phishing – the comprehensive email security awareness program developed by Shearwater Solutions.

The modus operandi of those intent on harming your organisation has changed.

With the focus shifting away from hacking into network or web applications, principally due to significant advances in cybersecurity over recent years, human error is now the soft underbelly of many organisations.

Recently we’ve witnessed a marked uptick in email phishing, ransomware and malware, all designed to trick your staff into opening the wrong attachment or clicking the wrong link. Never have people been so under attack as they are now, with cyber-attacks ramping up across the board.

All it takes is one mistake and hackers, with the intent of stealing your confidential data assets, will have compromised your computer systems.

The impact on any organisation can be devastating – which is why every organisation requires a security awareness culture.

Only by inculcating your staff with a deep understanding of the threat profiles your organisation faces, and crucially, the role they need to play in mitigating those threats, will you begin to ensure your protection.


Change starts from the TOP

As an IT Manager, CTO or CISO, it’s imperative you persuade upper management to embrace a change in corporate culture. To achieve that, you need to understand what it takes to become an influencer within your organisation.

We know change is never easy. Especially the sort of long-lasting change that’s required to cultivate a security awareness culture. Grace likens it to pushing a big rock. At first the challenge seems insurmountable. But once you begin pushing and momentum builds, the task becomes easier.

While many stakeholders may initially be reluctant to embrace the sort of behavioural adjustment required to achieve a more robust cybersecurity posture, the task will be made easier if everyone involved understands the context.

Your entire staff, from top to bottom, needs to understand the reasoning behind the changes you’re seeking to implement and why it’s of critical importance to the organisation.

That’s why your most important initial task is to get upper management embracing your initiatives and leading the way.


Assess your current Learning Culture

Begin with a frank assessment of the learning culture currently existing in your organisation.

Even before commencing, you can determine how successful your attempts at cultural change will be based on existing attitudes. Our experience with Phriendly Phishing shows that non-mandatory training completion rates vary dramatically based on the learning culture that exists within an organisation.

TYPICAL NON-MANDATORY COMPLETION RATES BY LEARNING CULTURE

Learning Culture Completion Rate
Low or No Interest 40%
Indifferent 55-70%
Highly Engaged 80% +

If there is little to no interest in learning and acquiring new skills, unfortunately your task will be challenging. Luckily, among respondents to our poll, only 4% reported having a “no interest” culture.

By contrast, if your staff tends to be highly engaged and eager to expand their knowledge and embrace new strategies, your task will be much easier. With 27% of our poll respondents reporting a highly engaged workforce, that’s definitely good news.

However, by far the largest cohort of our poll respondents, in excess of two thirds, report an indifferent culture when it comes to change. This indicates the workforce will embrace change if required, but don’t seek it out otherwise. Whilst you will experience challenges changing the culture in such an organisation, you shouldn’t expect to receive too much intransigence or resistance. With a bit of effort, you should be able to achieve the results you want.

3 Pillars for Security Awareness Success Poll01

Whether your workplace shows no interest, is highly engaged or indifferent to learning, none of this is set in stone. With the right leadership, spearheaded by senior management, everything can change for the better.


Three Pillars to Create Strong Foundational Change

When considering how you can best enhance cybersecurity awareness in your organisation, it helps to focus on the following three pillars to ensure the new culture you’re cultivating is built on strong foundations:

Pillar 1: LEAD
Be a route or means of access to a particular place, or in a particular direction.

Real change starts from the top.

While you understand the importance of cultural change in reducing the organisation’s exposure to risk, upper management may not be sufficiently technologically literate to grasp the significance of what you’re proposing. However, it is vital to get their full support if your initiative is to succeed. This is to ensure your initiatives aren’t stymied by those within the organisation who may be resistant to change.

Following these 4 steps, you’ll stand a good chance of successfully persuading upper management of the necessity of your initiatives:

  1. Drive awareness by providing evidence to senior executives of the impact an organisation’s culture has on its bottom line.
  2. Demonstrate the impact your changes will have on the organisation by focusing on outcomes. By learning to translate “IT-speak” into “business-speak”, you’ll be able to align your initiatives with business metrics in a way that will be highly persuasive to upper management.
    Emphasise the costs of inaction. Ransomware attacks have the capacity to shut down business for multiple days, costing millions in lost data.
  3. Push to get agreement on moving forward with your change agenda.
  4. It’s vital to get firm commitments, preferably in writing.

While this process of persuasion won’t necessarily be easy, it is absolutely vital you lead the internal conversations within your organisation to get the commitment and support from upper management to succeed.

Engage by winning hearts and minds.

Traditional training methods are notoriously ineffective. Periodically pushing out highly technical information is not the way to engage people. That’s why it’s crucial you develop an effective plan that encourages people to embrace the project.

The training modules you use need to interests learners and be enjoyable. Importantly, you want to make sure people feel like winners.

Don’t make training too complex. Remember, every person has a unique comfort zone. Your goal should be to nudge them slightly beyond their comfort zone for long enough to enable them to absorb a new concept. This concept will then become part of their new, expanded comfort zone.

Through gradual, incremental training, you’ll achieve long-term cultural change.

This is what we’ve achieved with Phriendly Phishing. While we use challenging emails for our initial risk assessments, when it comes to raising awareness and achieving behavioural change, we use phishing emails that are more easily identifiable. This encourages people to learn, grow and build confidence. It makes them feel like winners.

We’ve also found that when testing behaviour, it’s best to send test emails randomly. There’s little point sending out test emails according to a pre-determined cadence, when the individual knows they’re being tested. By randomising your testing, you’ll gain a clearer insight into the effectiveness of your training.

Some other factors to consider when fostering engagement:

  • Whenever possible, focus on the personal benefits they will experience from the training. When it comes to email security, the awareness they develop through the training will assist them and their families stay safe online.
  • Ensure you map out training modules to align with your goals and communicate your timelines with participants. Long-lasting change may require a learning path over multiple years.

3 Pillars for Security Awareness Success Poll02

 

Pillar 3: CHANGE
An act or process through which something becomes different.

Long-lasting change requires ongoing training.

Don’t try to effect substantial cultural change overnight. It will take time. Start with small, bite-sized chunks, then progressively educate your staff about what changes they should make.

Crucially, staff need to understand the reasons behind the push for change.

This is why context is critical. When staff understand why they are being asked to change, and why it’s important for the organisation, you’ll generally achieve greater success.

Without this context and understanding, staff will be more likely to demonstrate resistance and your attempts to achieve cultural change will unlikely succeed.

We recommend focusing on the three R’s:

  • Repeat – Maintain ongoing, consistent and gradual approaches to achieving change.
  • Repair – Always seek to identify areas of weakness, where change hasn’t been achieved, and focus on those areas for improvement.
  • Report – Constantly monitor your progress and report back to stakeholders regularly.

In our experience, ongoing computer-based training (CBT) is the best model to follow. In the poll we conducted, almost half of respondents stated their organisations implement CBT strategies. A further 32% implement ad hoc training initiatives. While certainly this is a great start, it’s important to bear in mind that not all CBT is created equal. To be successful, CBT strategies need to be engaging and tailored to the individual requirements of different staff members.

3 Pillars for Security Awareness Success Poll03

 


Follow the Phriendly Phishing Model to Achieve Cultural Change

By implementing these three pillars, Phriendly Phishing is successfully changing the culture in many organisations surrounding email security awareness.

Phriendly Phishing’s engaging and interactive modules gradually progress learners through various pathways tailored to their individual levels of awareness. With incremental learning delivered this way, staff gradually build up their understanding of the threats posed by email phishing, and how they can play a crucial role in identifying such threats.

Importantly, staff are also made aware of the ways in which email security awareness can benefit them personally. The lessons learned are equally relevant for personal email. In this way, cultural change is more successful because it can personally benefit each staff member, as well as their families.

Ready to begin implementing cultural change in your organisation?
CLICK HERE to watch our webinar for more tips on how you can succeed.

Skills Shortage Demands Fresh Thinking


With cybersecurity strategies constrained by staffing challenges, Managed Security Services helps your organisation stay safe.

After investing many valuable hours training your cybersecurity team, few things are as frustrating as seeing staff up and leave to pursue job opportunities elsewhere.

Yet, as IT Managers and cybersecurity leaders across Australia will attest, retaining top quality tech talent is an increasingly common challenge when there is a pronounced skills shortage.

According to 160 Australian CISOs surveyed by specialist IT recruitment agency, Robert Half, the race for talent has become so competitive that tech firms are out-bidding each other to attract the right candidates by boosting salary offers to over 70% of new hires.

Despite this, 88% of surveyed CISOs are experiencing more difficulty attracting the right employees compared to five years ago.

Additionally, 71% of CISOs face rising staff turnover rates, which is unsurprising given that 31% of IT employees change jobs within less than two years.

Clearly, current market conditions favour employees, with demand for key cybersecurity skills substantially outstripping supply. While remuneration levels are driving heightened employee mobility, there are numerous strategies you can implement to boost retention rates while cutting the costs associated with continually hiring and training new staff.

 

Optimise Your Workplace Culture to Retain Cybersecurity Staff


Optimise-Your-Workplace-Culture-to-Retain-Cybersecurity-StaffThe obvious solution to rising staff attrition rates is to increase remuneration levels.

However, this assumes that salary is the only factor motivating your employees to seek opportunities elsewhere.

Increasingly, HR experts understand that whilst salary is a key factor in retaining staff, it is not the only consideration.

According to Andrew Chamberlain, Chief Economist at jobs site Glassdoor, employees are increasingly motivated by other factors:

“The top predictor of workplace satisfaction is not pay: It is the culture and values of the organization, followed closely by the quality of senior leadership and the career opportunities at the company.

Among the six workplace factors we examined, compensation and benefits were consistently rated among the least important factors of workplace happiness.”

So, beyond simply upping remuneration rates, here are some practical strategies you can implement as a CISO or IT Manager to retain your key cybersecurity staff:

Long-Term Focus 

Filling skills gaps within your department’s capabilities may be the reason you’re looking to employ additional staff. However, when it comes to selecting the right candidates for your team, it pays to look beyond what skills they can offer you.

Staff are motivated to join an organisation by a variety of factors. Salary is one reason, however, so too is career progression.

If your goal is to select the right candidates, and nurture them to become long-term employees, take time at the outset of the recruitment process to enquire into the applicant’s own career objectives.

Make the effort to understand where candidates see themselves in the next three years. Enquire as to what cybersecurity sub-sectors they’re keen to specialise in. By identifying a clear trajectory that includes on the job training, formal educational opportunities and a pathway to career success, you could significantly boost staff retention rates.

When staff experience the benefits of an employer committed to investing in their career success, remaining with that organisation for the long-term becomes a much more attractive proposition.

Cultivate a Supportive Culture

Creating a supportive culture is not always easily achieved within a cybersecurity team.

Cybersecurity staff are known for often working long hours independently. Opportunities for interpersonal communication may be rare. With limited staff interaction and engagement, cultivating a supportive workplace culture can be a challenge.

However, if you want to retain staff for considerably longer than an average of two years, it’s a challenge worth pursuing.

One strategy is to aim for a mix of team members at different stages of their career progression.

By blending your team with a mix of recent graduates, mid-career professionals and more experienced senior staff, you’ll be well placed to implement a mentoring system.

The more experienced staff can take ownership of guiding and training your newer team members.

According to a study of Millennial workers conducted by Deloitte, staff intending to stay with their organisation for more than five years are twice as likely to have a mentor (68 percent) than not (32 percent).

To help facilitate mentoring of junior staff, you can incorporate it into the job descriptions of the more senior staff.

At Shearwater, we pride ourselves on offering many fresh graduates their first employment opportunity in cybersecurity. We cultivate a nurturing and mentoring workplace culture, where graduates work alongside more experienced staff, enabling them to gain invaluable hands-on experience. 

By fostering a supportive culture in your workplace, you too can encourage staff to stay with your organisation for the long term.

Benefits Beyond Salary

In markets where certain skills are in short supply, companies will outbid each other to secure the skilled employees they need.
Such circumstances make retaining your valued staff more challenging, especially if they are being approached on a regular basis by head-hunters.
Remuneration levels need to be competitive with industry standards, however there are a range of other perks you can offer to incentivise your staff to stay for the long term:

    • Place and Time Flexibility
      By offering your staff the flexibility to work remotely at certain times, staff intuitively understand that the organisation trusts them, and they develop a sense of ownership over how they manage and successfully complete their tasks. This also provides your staff with the ability to spend more time with family and less time commuting to and from the office.
    • Educational Opportunities
      We spoke before about long-term career pathways. While on-the-job training and mentoring are vital, so too are more formal educational opportunities. With incessant technological change comes the need to have the people who can manage that change. Investing in your staff’s education can be a win-win situation. Your organisation acquires the new skills and knowledge required to manage changing technologies, while your staff benefit from career advancement that comes with additional qualifications.
    • Employee Wellbeing Schemes
      Staff who are healthy, both physically and mentally, will be more engaged and productive. So, it’s in your interests to invest in your team’s wellbeing. Gym memberships, sporting classes, fitness devices such as Fitbit or relaxation therapies such as massages or meditation, are all examples of ways your organisation can invest in the wellbeing of your employees. And with increasing concerns surrounding mental health, many organisations now engage professional counselling services that employees can turn to should the need arise.

Be Open and Transparent

Does your company foster open communication and transparency?

Openness and transparency are key ingredients if staff are to have a sense of ownership and emotional connection to an organisation.

Openness involves sharing information, so your staff are aware of what’s happening within the organisation. More importantly, they require a sense that their views and concerns are heard and respected.

Your department or team should try to accommodate, where possible, different ways of working. Everyone has their own working style. Your staff can be a source of invaluable feedback which can feed into improving business processes.

In short, it requires being open to change.

 

How Shearwater can help you


How Shearwater can help youOrganisations are increasingly turning to managed security service (MSS) providers to help address the range of threats they face daily, thereby alleviating their need to maintain large in-house IT teams to cover all the skills comprehensive cybersecurity now requires.

A comprehensive cybersecurity strategy includes anticipating threats, fine-tuning security infrastructure, regularly addressing compliance requirements, taking measures to stop threats when they emerge and much more.

It’s clear that managing cybersecurity requirements is no small task.

Threats are increasingly pernicious, with attackers becoming more sophisticated and determined. The costs associated with a significant breach of your cybersecurity systems can cripple your business.

It is incumbent upon every organisation to mitigate this risk. However, doing so often requires navigating a complex web of technologies and procedures.

Having the right team of people, with the right skills, is critical.

The difficulty many organisations experience today is two-fold:

  1. How do you put together and maintain the right IT team, with the right skillsets, when there is an industry-wide skills shortage?
  2. How do you prevent regular staff turnover impeding your organisation’s capacity to maintain ongoing security requirements?

One answer is to expand your organisation’s internal IT capabilities, and deal with all the difficulties associated with recruiting, training and retaining the right mix of skilled staff.

Another answer is to rely on the experts to manage the burden for you.

With Shearwater’s Managed Security Services your organisation can achieve the comprehensive security systems you need, including ongoing monitoring and management, without the stress or cost associated with doing it all yourself.

This frees you to focus time and limited resources on other important matters, such as more strategic IT initiatives.

By tapping into Shearwater’s extensive expertise in mitigating the risks to your IT systems and infrastructure, you’ll be reducing the load on your IT team, and limiting the in-house skillset you require.

With Shearwater Managed Security Services you’ll be able to:

    • Reduce the high costs associated with hiring, training, and managing security personnel.
    • Save resources by ensuring that your staff responds only to validated incidents.
    • Reduce costs through implementing effective standardisation. Our operational efficiencies ensure that we continuously drive costs down through improved processes and procedures.
    • Free key staff and direct senior skills towards higher level activities.
    • Gain access to certified and experienced staff with broad and extensive expertise across complex environments, and who are ready to augment your information security team when the need arises.

Discover for yourself how relying on Shearwater can be a cost-effective solution for your organisation, CONTACT US today and discuss your requirements with our Managed Security Services team.

 

SWOT Analysis Preview PDF

Your staff is the front-line in your security strategy


“Every organisation is a custodian”.

That was the message delivered by Shannon Lane, Director of Shearwater Solutions when he addressed the team at ARC Student Life at the University of New South Wales.

We’re all entrusted to hold confidential information on behalf of our customers, staff and stakeholders. That’s just as true for a private business as it is for a university.

It’s a significant responsibility.

With others so reliant on us to safeguard their data, it’s incumbent upon each of us to do everything possible to maintain the highest levels of cyber security.

Large organisations, such as UNSW, maintain databases containing a vast array of private information. From financial reports, to student records and confidential staff information, any compromise could be extremely costly for both the university, as well as the individuals effected.

Data breaches can also be detrimental to an organisation’s reputation, undermining trust in its capacity to fulfil its role as a reliable custodian of other people’s records.

While most organisations understand the need to invest in data-protection technology to prevent hacking, malware or ransomware, those who are motivated to breach these defences are constantly on the lookout for new ways to circumvent security systems.

Unfortunately, human error by those within an organisation can be a weak link. By clicking on the wrong link in an email, or opening the wrong attachment, staff can inadvertently open the back door to hackers, enabling them to gain access to an organisation’s IT systems and steal confidential data.

That’s why it’s imperative for all organisations to provide staff with ongoing training in identifying potential risks.

In line with ARC Student Life’s strong commitment to data protection, it adopts a proactive approach to maintaining stringent cyber security measures, including staff-awareness campaigns.

Give your team the tools & skills they need to block phishing emails

Shearwater has developed Phriendly Phishing, a proprietary software system with training modules that makes it easy for any organisation to enhance its online security.

Phriendly Phishing Awareness Training


A key component of Shearwater’s approach is ongoing staff awareness and training.

The Phriendly Phishing S.C.A.M. framework makes it easy to educate staff in identifying and blocking phishing emails:

  • S – Sender: Who is really sending the email?
  • C – Content: What’s the email’s content?
  • A – Action: What action does the attacker want me to take?
  • M – Manage: What do I do with the scam email?

With this 4-step approach to email security, Lane helped arm the ARC Student Life team with the awareness they need to enhance their security posture.

How can Shearwater help you?

Visit us for further information about Shearwater’s Phriendly Phishing software, so your organisation will be best placed to prevent email being used as a tool to compromise the confidential data you’re entrusted to protect.

 


PhriendlyPhishing by Shearwater Solutions

Phishing Awareness Training & Simulation Program 

Phishing awareness training is a scaleable, cloud-based phishing awareness and simulation program developed by certified cybersecurity professionals at specialist information security services provider Shearwater Solutions. Phriendly Phishing benchmarks employees’ existing phishing knowledge (before deploying educational modules), tests improvements and supports re-education. This journey-based approach encourages users to reach milestones and includes an option to gain practical experience with simulated phishing campaigns. It is these features that make Phriendly Phishing both engaging and extremely effective, and through ongoing research and practical experience in the field, Phriendly Phishing developers ensure that training remains current with real-world phishing threats and techniques.

April 2019 Security Report | Shearwater Solutions


Featured this security report: ASUS release a critical software update to combat “ShadowHammer” Trojan Malware, CISCO’s RV320 and RV325 small business routers are vulnerable to attack, Zero-day vulnerabilities found in Google Chrome and Microsoft Windows are being exploited simultaneously, the recent WinRaR vulnerability is being abused en-masse by threat actors, Adobe patches Cold Fusion to alleviate vulnerability and Apple also patches up a number of serious vulnerabilities in its iOS platform. The latest data breach news includes; between 6TB and 10TB of data extracted from Citrix’s internal network and a second Toyota data breach has leaked up to 3.1 million pieces of customer data. In other news, Windows 7 and Windows Server 2008 R2 support will cease in January 2020.

Current Threats and Exploits


  • ASUS malware software update:
    A critical software update has been released from ASUS to combat a known Trojan malware attack called “ShadowHammer,” the attack itself was disguised as a “critical” software update. Although ASUS stated that “only a small number of a specific user group was found to be targeted,” Kaspersky Labs predicts that the attack could have been distributed to nearly 1 million machines and installed on hundreds of thousands. Along with the software patch, ASUS also introduced a “Live Security” program that users can use to scan their device to see if it has been involved in any known malware attacks. (1)
  • CISCO vulnerability patching:
    Cisco Systems issued 24 patches tied to vulnerabilities in its IOS XE operating system and warned customers that two small business routers (RV320 and RV325) are vulnerable to attack and that no patches are available for either. A total of 19 of the bugs were rated as “high severity” by Cisco, with the others rated as medium. The two router vulnerabilities are rated as “high severity” and are part of Cisco’s Dual Gigabit WAN VPN RV320 and RV325 line of small business routers. Both router flaws were first patched in January, however Cisco said that both patches were “incomplete” and that both routers were still vulnerable to attack. Firmware updates that address these vulnerabilities are not currently available. Cisco also says that there are no workarounds that address either vulnerability. (2)
  • Google Chrome Zero Day Exploit:
    Google has reportedly patched two previously publicly-unknown vulnerabilities – one affecting Google Chrome and another in Microsoft Windows, both were being exploited together. Google released an update for all Chrome platforms that was delivered through the auto-update feature. This vulnerability leverages a memory mismanagement bug that could allow an attacker Remote Code Execution, allowing unauthorized users to inject malicious code. Google has encouraged all Chrome users to verify that Chrome auto-update has applied the 72.0.3626.121 update. (3)
  • WinRaR ACE file extension:
    WinRAR is a file archival tool that is widely used. Users should update to the latest version of WinRAR, or remove it from their computer, as there is no automatic update feature in the software. Shearwater recommends checking if WinRAR is installed on devices in the network. If WinRAR is discovered and it’s verified that it is required, it is critical that the latest version is installed. If WinRAR Is not required, the software should be removed. (4)
  • Adobe Cold Fusion Exploits:
    Adobe’s “Cold Fusion” website development platform has released a patch to remove a vulnerability that could allow a remote attacker to execute arbitrary code. The vulnerability allows a malicious attacker to upload a file of their own choosing and then cause any code within the file to be executed by issuing a HTTP request. All previous versions of Cold Fusion are reported to be vulnerable to the attack and it is recommended that anyone using Cold Fusion updates to the latest version as soon as possible. Additionally, it has also been observed that attacks against the vulnerability are already being conducted. (5)
  • Apple Patches a Number of Serious Vulnerabilities in iOS
    Apple recently released a patch to fix a number of serious vulnerabilities that were discovered in its WebKit framework, which is used by browsers on the iOS platform. The vulnerabilities range in severity, however at their worst they allow for a specially crafted web page to execute arbitrary code. It is recommended that all users of iOS devices update to the latest version of iOS as soon as possible. (6)


It is important that all users install the latest updates to stay protected from security threats.

Recent Breaches


  • Major Citrix Data Breach:
    Citrix recently released information indicating that they had undergone a major data breach where malicious actors were able to gain access to their internal network. After forensic analysis, the breach was determined to have been performed by a sophisticated attacker and it is thought they were able to extract between 6TB and 10TB of data from the internal Citrix network. Furthermore, this data included business documents with details of several of Citrix’s clients. It was also revealed that the attackers likely gained access into the environment by brute force, several employee’s accounts secured with weak passwords were compromised. This breach, like a number of other recent breaches, re-enforces the need to ensure all users have strong passwords and two factor authentication enabled on their accounts. (7)
  • Second Toyota Data Breach:
    Toyota has apologized to customers after a large data breach at its Tokyo area sales network was discovered on 21st March. Toyota said unauthorized network access to a server used by sales subsidiaries may have leaked up to 3.1 million pieces of customer data outside the company. Toyota is still investigating the extent of the data breach, and whether or not the information was exfiltrated. In late February this year, Toyota Australia suffered a cyber-attack that took out its email service and other systems. Toyota has not attributed either of these hacks to any particular actor or group, or advised whether the two are connected. (8)

Other News


  • End of Windows 7 and Windows Server 2008 R2 support:
    Starting on 18th April 2019, users running Windows 7 will start seeing pop-ups reminding them that support for the aging operating system will end in mid-January 2020. Reasons users may have for not upgrading to Windows 10 include concerns about applications not working and computers that cannot run Windows 10. Users with an enterprise license can arrange continued support for some business Windows 7 installations, and users with embedded Windows 7 may have different life cycle dates. (9)

References

  1. Asus software updates were used to spread malware, security group says
  2. Cisco Releases Flood of Patches for IOS XE, But Leaves Some Routers Open to Attack
  3. Disclosing vulnerabilities to protect users across platforms
  4. ‘100 unique exploits and counting’ for latest WinRAR security bug
  5. Security updates available for ColdFusion | APSB19-14
  6. Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities
  7. Citrix discloses security breach of internal network
  8. Millions of customers’ data accessed in second Toyota hack
  9. Windows 7 Update Support Ends One Year From Today

This Information Security Report is brought to you by Shearwater Solutions

The Information Security Report is a monthly summary, compiled by Shearwater’s experienced cybersecurity professionals, to highlight the vulnerabilities and new attack vectors in some of the latest active threats, exploits and breaches and share recommendations to help you protect your data and stay a step ahead.

Whatever your Information Security challenge, we’re here to help you find the right solution.

What is the difference between vulnerability assessment and penetration testing?


There is often confusion around the role of a vulnerability assessment versus a penetration test. This is compounded by unscrupulous security vendors presenting (and pricing) a vulnerability assessment as a penetration test. Aside from poor ROI, this can give an organisation a false sense of security, when in fact they have only received a basic level service. In the following blog article, we explain the difference, and how regular vulnerability assessments and penetration testing should work together to enhance an organisation’s security posture.

What is a Vulnerability Assessment?

A vulnerability assessment is the process of identifying if an organisation’s systems/applications have potential known security vulnerabilities. It is an automated scan(s) followed by the generation of a report containing a prioritised list of the vulnerabilities found, the severity and generic remediation advice. This is a useful auditing tool for the security team to remediate any errors that could allow a cybercriminal to gain access to the organisation’s systems and sensitive data. The quality of the results is dependent on the quality/recency of the vulnerability scanning software and the ability of the security professional interpreting the results.

How is it different from Penetration Testing?

Penetration testing has much greater potential breadth of scope (e.g. social engineering) and depth than a vulnerability assessment. It should only be conducted by certified cybersecurity professionals who use their experience and technical abilities to mimic multiple types of attack used by cybercriminals, targeting both known and unknown vulnerabilities. Vulnerability assessments are often used to scope a penetration test or as a research tool during the reconnaissance phase of a penetration test. Unlike a vulnerability scan, where identified vulnerabilities are not exploited, in a penetration test, the tester will modify their approach until they can provide proof of vulnerability through exploitation and gain access to the secure systems or stored sensitive information that a malicious attack could compromise.

A penetration test report is customised to the organisation and the scope of the engagement and provides the data that is critical to secure an organisation’s systems and stored sensitive information. It supplies the management team with a fast and proven benchmark of the organisation’s level of risk, at a given moment in time, and prioritises the vulnerabilities found, in order of severity, with detailed and customised advice to expediate remediation. This then provides the IT security team with the information they require to fast-track remediation work, demonstrates the ROI of existing security tools and facilitates the management team’s confident approval of security expenditure.


A penetration testing report supplies the management team with a fast and proven benchmark of the organisation’s level of risk, at a given moment in time, and prioritises the vulnerabilities found.

The Difference Between Vulnerability Assessment and Penetration Testing

The key characteristics of a vulnerability assessment and penetration test are compared in the table below.

Vulnerability Assessment

Penetration Test

Purpose

To scan systems to identify potential ‘known’ vulnerabilities and provide generic remediation advice to improve the security of scanned target(s).

Purpose

To identify and demonstrate proof of exploit and provide customised remediation advice to improve the security of the scoped target(s).

Characteristics

  • Automated process

  • Scanning software scans the entire target(s).

  • Scanning software includes networks, web applications, source code and ASV for PCI DSS

  • Scanning software has signatures to identify unpatched or out-of-date software updates, incomplete deployment of security software, bugs and open ports.

  • Scanning software is limited to identify only vulnerabilities it has signatures for. It cannot find vulnerabilities that are unknown.

  • Results may include false positives and negatives. Results identify potential vulnerabilities.

Characteristics

  • Largely a manual process – using a mix of penetration testing software and custom written exploits

  • The tester may use a vulnerability assessment in the reconnaissance phase of a penetration test and then go on to exploit chosen prioritised vulnerabilities.

  • Demonstrates actual risk by emulating a cybercriminal

  • Types of penetration testing include: networks (external, internal, mobile, wireless), applications (mobile, Web, Web service/API), physical security, social engineering and phishing, secure code reviews and red teaming.

  • Able to exploit known and unknown vulnerabilities

  • Testing is rarely exhaustive – tester focuses attention within the scope of the engagement

Results

An automated report with a prioritised list of the vulnerabilities found, the severity and generic remediation advice.

Results

A hand-written report listing the vulnerabilities and exploits, categorised according to risk level and recommendations for remediation based on key insights into the cyberthreat landscape.

Recommended frequency

Outside of meeting a specific compliance requirement, vulnerability scans should be performed externally to the network and from within at least quarterly, or more frequently for organisations with a high-risk profile.

Recommended frequency

Outside of meeting a specific compliance requirement, penetration tests should be performed at least annually, or more frequently for organisations with a high-risk profile.

 

Together, vulnerability assessments and penetration testing enhance an organisation’s security posture. Both are essential components for achieving a strong cybersecurity and information security program – and a requirement for achieving and maintaining compliance.

We hope you’ve found this blog article useful. For more information about penetration testing, download A Guide for First-time Penetration Testing Buyers here >>  In this free guide we answer the questions commonly asked by first-time penetration testing buyers and provide guidance to help you achieve a successful penetration testing experience.

Penetration Testing Complete Guide


Questions & More Information 

Do you have a question about penetration testing? Contact Us today to speak to one of Shearwater’s certified Ethical Hackers. They have extensive experience in providing penetration testing services and assisting clients to achieve and maintain accreditation. 

Demonstrating the ROI of Security Penetration Testing to Management


How do you demonstrate the ROI of Security Penetration testing ? From the management team’s point of view, making the decision to commit to an ongoing cybersecurity budget may be seen as adding yet another expense, with little visibility of a return on investment (ROI). This is particularly true for organisations who are not involved in the riskier areas of application development or ecommerce – perhaps they are a mid-sized manufacturing, transport or construction business – and think they’re not an attractive enough target for a cybercriminal. Think again!

High profile cybersecurity breaches regularly make national and even international news, and are often the result of a targeted attack. What is less well publicised are the more pervasive, lower profile breaches which are more opportunistic in nature and increasingly impact small and medium-sized organisations. This trend can be linked to the sophisticated way in which cyberattacks can now be automated and the introduction of new vulnerabilities resulting from the adoption of new technology and working practices (remote working and BYOD, such as laptops, tablets and phones).


Lower profile breaches which are more opportunistic in nature can impact small and medium-sized organisations.

In a rapidly changing technological landscape, organisations must not only keep pace with the speed of innovation, but also the resulting risks to information security.

Increasingly, organisations are incorporating cybersecurity into their overall risk management policy and business objectives into their security programs, with cybersecurity and information security management fast becoming the domain of management teams, not just the internal IT team. These organisations recognise that cybersecurity and information security are, ultimately, just like any other risk that they face in their business and therefore need to be managed like all those other risks, be they legal, operational, financial etc. They understand not only that they can’t afford a ‘head in the sand’ approach, but that good security practices (and compliance) is a competitive advantage.

For the organisations (predominantly SMEs), who are yet to adopt a more proactive approach to cybersecurity, complacency can be disastrous. With the increase in automated cyberattacks, you can no longer hope that cybercriminals won’t take an interest in your business.

From February 2018, the amended Australian privacy act made the disclosure of cyber breaches to regulators and shareholders mandatory. The penalty for not doing so can be up to $1.8 million for organisations and, with the inclusion of additional fines of up to $360,000 for each board member, the message is clear; take cybersecurity seriously.

Read how specialist web solutions provider The Reach Agency uses regular penetration testing to increase their competitive advantage >>

So what value does a penetration test provide?


A penetration test provides your management team with an extremely fast and proven benchmark of the organisation’s level of risk, at a given moment in time, and prioritises the vulnerabilities found, in order of severity, with advice to expedite remediation. This then provides your IT security team with the information they require to fast-track remediation work, demonstrates the ROI of existing security tools and facilitates the management team’s confident approval of security expenditure.

Explain to management that you can acquire this data in one of two ways, either proactively or via incident post-mortem and, put simply, investing in penetration testing is preferable to responding to a breach from a malicious hacker. The decision of whether to invest in penetration testing is as simple as asking: “Do you want to choose your hacker?”

The difference between an Ethical Hacker and Malicious Hacker


The below is a simple comparison between controlled expenditure on security penetration testing and the uncontrolled chaos that results from having your systems compromised by a malicious hacker. Download this infographic in PDF format here>>

 

Ethical Hacker

Malicious Hacker

 Intention is to help your organisation to succeed

Intention is to extort money or damage your organisation

 Known, proven, highly trained IT professional has access to your IT infrastructure in partnership with your IT department

 Unknown hacker has access to your IT infrastructure

 Careful with your IT infrastructure

 Careless with your IT infrastructure

  You control:

  • Cost (average cost of a pen test $7,000+)

  • Scope and methodology – non-disruptive

  • Timing – convenient

They control:

  • Cost (average cost of a breach US$3.86 million)

  • Scope and methodology – disruptive 

  • Timing – inconvenient

  At the conclusion of testing you are provided with:

  • A comprehensive report listing the vulnerabilities and exploits categorised according to risk level (or at time of discovery for critical/high risk vulnerabilities) and recommendations for remediation to improve your organisation’s IT security.

  • Debriefing for Executives and IT team.

Any data obtained during the test will be treated as confidential and will be returned or destroyed at the conclusion.

 At the conclusion of a malicious breach you could face:

  • A potential ransom

  • Exploited intellectual property

  • Exploited customer data

  • Potential fines and legal ramifications

  • Damaged IT infrastructure and code that takes time/money to investigate and remediate

The whereabouts of any data obtained during the breach is unknown.

Outcome:

Proactive and empowering experience, Improved IT security/compliance is achieved, maintain customer confidence and brand loyalty, security stakeholders have peace of mind.

Outcome: 

Reactive and disempowering experience, damaged IT systems, lost customer confidence, damage to brand loyalty, loss of revenue, loss of share value, security stakeholders have sleepless nights/potential job losses. May bankrupt SMEs.

 

 

When compared in this way, the benefits of investing in penetration testing are self-evident.

We hope you’ve found this blog article useful. For more information about penetration testing, download A Guide for First-time Penetration Testing Buyers here >>  In this free guide we answer the questions commonly asked by first-time penetration buyers and provide guidance to help you achieve a successful penetration testing experience.

Penetration Testing Complete Guide


Questions & More Information 

Do you have a question about penetration testing? Contact Us today to speak to Shearwater’s certified Ethical Hacking Team. They have extensive experience in providing penetration testing services and assisting clients to achieve and maintain accreditation.

December 2018 Security Report | Shearwater Solutions


Featured this month: Exposed Remote Desktop connections create a soft target for attackers, email distribution platforms are increasingly being hijacked to facilitate mass phishing campaigns, several Self Encrypting Drives have multiple vulnerabilities, a VirtualBox Zero Day vulnerability, breaches that caused inconvenience for Dell, created danger and disruption for an Ohio hospital and exposed over 500,000 guests’ data in a breach dating back to 2014 for the Marriott hotel chain. In other news, a Windows 10 (1703 and newer) update allows Windows Defender to operate in a sandboxed environment and Google’s Quic protocol will replace TCP, to offer both compression and encryption, in the next revision of the HTTP protocol.

Current Threats and Exploits


  • Exposed Remote Desktop connections create soft target for attackers:
    Remote Desktop provides a convenient tool for remote administration and for users to access internal resources. It’s also commonly scanned for, and targeted by, attackers attempting to gain unauthorized access to internal networks. Typically (via brute forcing of accounts or through the use of known credentials harvested via phishing or breach data) an attacker will look to gain access to the remote desktop host before launching subsequent attacks internal to the network (e.g. ransomware, cryptomining or data exfiltration).
    In order to avoid falling victim, it’s important that exposed Remote Desktop Protocol (RDP), and other services are appropriately hardened. Simple steps such as geoblocking, good password practices and monitoring of external facing hosts can significantly increase the difficulty of entry for attackers trying to take over your RDP host this holiday season.
  • Marketing email campaign hijacking leads to mass distribution of phishing:
    Shearwater has identified a number of incidents where a company’s marketing or email distribution platforms have been compromised in order to facilitate mass phishing campaigns. Through the use of Business Email Compromise (BEC attack), attackers are frequently looking to gain access to platforms such as MailChimp, that are prepopulated with recipient lists. This provides an easy opportunity to further phish unsuspecting victims.
    If you are unsure of the source of an email, a simple phone call to the sender or your IT security team can help validate the contents in a timely fashion. And if you identify a phishing campaign of this nature, contacting the mail platform and sender to alert them to the incident is also recommended.
  • Self-Encrypting Drives have multiple vulnerabilities:
    There are multiple vulnerabilities in implementations of ATA Security or TCG Opal Standards in Self-Encrypting Disks (SEDs), which can allow an attacker to decrypt contents of an encrypted drive. There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This allows an attacker to access the key without knowing the password provided by the end user, allowing the attacker to decrypt information encrypted with that key. According to the National Cyber Security Centre – The Netherlands (NCSC-NL), the following products are affected by CVE-2018-12037:

    • Crucial (Micron) MX100, MX200 and MX300 drives
    • Samsung T3 and T5 portable drives
    • Samsung 840 EVO and 850 EVO drives (In ATA high mode these devices are vulnerable, in TCG or ATA max mode these devices are not vulnerable.)

The vendors have issued patches to address the vulnerabilities. We recommend that you update to the latest patches as soon as possible.

  • VirtualBox Zero Day vulnerability:
    A new vulnerability has been discovered in VirtualBox’s Intel E1000 NIC driver code when it is operating in NAT mode. The vulnerability, which affects all versions of VirtualBox up to and including 5.2.20, allows malicious code running in a guest VM to gain application level control over the host. To make matters worse, the vulnerable code is shared between a number of different guest operating systems, meaning that it can be exploited from almost any guest. The vulnerability was not responsibly disclosed, and therefore there is currently no patch available.
    We recommended that users of VirtualBox change the type of virtual network adapter to something other than the Intel E1000 or place it into a mode other than NAT. (1)

Recent Breaches



A data breach at Marriott hotel chain has exposed personal details of up to 500,000 guests.

  • Dell resets all customer passwords after cyberattack:
    Dell suffered a security breach on November 9, 2018. Hackers succeeded in breaching the company’s network but were detected and stopped. Investigators found no evidence that the hackers succeeded, but they have not ruled out the possibility that some data was stolen. Analysis of the attack concluded the attackers were seeking customer names, email addresses and scrambled passwords.
    We recommend that Dell customers are vigilant for suspicious emails or account activity. (2)
  • Ransomware attack forced Ohio hospital system to divert ER patients:
    A malware infection and ransomware attack that hit computer systems at the East Ohio Regional Hospital and Ohio Valley Medical Centre over the Thanksgiving weekend reportedly disrupted the hospitals’ emergency rooms causing ambulances to be diverted to other area hospital emergency rooms. The attack hit on the evening of Friday, Nov. 23, leaving the hospitals temporarily unable to accept ER patients via emergency responders.
    A spokesperson for the hospitals said that there has been no patient information breach. (3)
  • Marriott’s massive data breach:
    The Marriott hotel chain has reported a massive data breach that was discovered to be related to a cyberattack dating back to 2014. The breach affected personal details of up to 500,000 guests of its Starwood branch, such as Westin, Sheraton, Le Meridien, St Gegis and W Hotels. It’s believed that personal information for around 327,000 reservations was exposed, including name, address, phone number, passport number, details of the stays, etc. Credit card numbers and expiry dates of some guests may also have been taken. (4)

Other News


  • Windows Defender sandboxed:
    Current versions of Windows 10 (1703 and newer) have received an update which will allow Windows Defender to operate in a sandboxed environment. As anti-malware software requires complete visibility over the whole system to provide effective protection, they need to run with very high privileges. As a result of these high privileges, they have become a common target for malware and malicious actors, as a successful compromise could give them control over the system. To reduce the risk, Microsoft have isolated Windows Defender in a sandboxed environment, making it harder for a compromise in Windows Defender to take over the system.
    Sandboxing is not currently enabled by default in Windows. However, if users wish to enable it on their system, they can issue the following command from an administrator command prompt and restart their system “setx /M MP_FORCE_USE_SANDBOX 1”. (5)
  • HTTP 3 using UDP:
    The Internet Engineering Task Force (IETF) has stated that the next revision of the HTTP protocol will not use Transmission Control Protocol (TCP) for its transport layer connections, but Google’s QUIC (Quick UDP Internet Connections) protocol instead. QUIC, which itself operates using UDP, was originally designed by Google and provides both compression and encryption.
    When the new protocol becomes more widely used, firewall rules will need to be permitted to allow UDP 443 connections. (6)

References

  1. Zero-Day Exploit Published for VM Escape Flaw in VirtualBox
  2. Dell.com resets all customer passwords after cyber attack: statement
  3. Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
  4. Massive data breach at Marriott’s hotels exposes private data of 500,000 guests
  5. Windows Defender Antivirus can now run in a sandbox
  6. HTTP-over-QUIC to be renamed HTTP/3

 


This Information Security Report is brought to you by Shearwater Solutions

The Information Security Report is a monthly summary, compiled by Shearwater’s experienced cybersecurity professionals, to highlight the vulnerabilities and new attack vectors in some of the latest active threats, exploits and breaches and share recommendations to help you protect your data and stay a step ahead.

Whatever your Information Security challenge, we’re here to help you find the right solution.