{"id":28521,"date":"2022-09-16T15:43:45","date_gmt":"2022-09-16T19:43:45","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=503018"},"modified":"2022-09-19T09:11:49","modified_gmt":"2022-09-19T13:11:49","slug":"cyber-security-today-week-in-review-for-friday-september-16-2022","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-september-16-2022\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday, September 16, 2022"},"content":{"rendered":"<p data-ar-index=\"0\">Welcome to Cyber Security Today. From Toronto, this is the Week in Review edition for the week ending Friday, September 16th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"1\">\n<iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24378057\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\">\n<p data-ar-index=\"3\">In few minutes I\u2019ll be joined by Terry Cutler, head of Montreal\u2019s <a href=\"https:\/\/www.cyologylabs.com\/?r_done=1\" rel=\"noopener\">Cyology Labs<\/a>, to discuss what\u2019s been going on in security. But first a look back at some of what happened in the past seven days:<\/p>\n<p data-ar-index=\"4\">A private British bank last weekend <a href=\"https:\/\/www.thisismoney.co.uk\/money\/markets\/article-11204377\/Coutts-bank-warns-customers-not-update-iPhone-operating-systems.html\" rel=\"noopener\">urged iPhone and iPad customers not to install<\/a> the new iOS 16 operating system. Terry and I will discuss why, and why this could have given the bank a black eye.<\/p>\n<p data-ar-index=\"5\">More about <a href=\"https:\/\/www.apple.com\/ca\/ios\/ios-16\/\" rel=\"noopener\">iOS 16<\/a>: It has a security feature for people worried about being victims of spyware such as executives, IT leaders and reporters. Lockdown Mode reduces the attack surface by limiting functions that might be exploited by malware.<\/p>\n<p data-ar-index=\"6\">Cisco Systems released updates to fix three vulnerabilities in some of its Small Business routers. But the company made it clear it won\u2019t patch the same vulnerability in older routers. It\u2019s another warning that hardware and software from any vendor that are no longer supported are a security risk.<\/p>\n<p data-ar-index=\"7\">Microsoft <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/basic-authentication-deprecation-in-exchange-online-september\/ba-p\/3609437\" rel=\"noopener\">issued a reminder<\/a> to email administrators that at the end of this month it will start forcing organizations using Exchange Online to adopt multifactor authentication to protect logins. That\u2019s right \u2014 users won\u2019t be allowed to log into email with only a username and password. Starting October 1st random corporate users will receive seven days warning that their basic authentication process will be ending.<\/p>\n<p data-ar-index=\"8\">Alerts on two WordPress plugins were released. <a href=\"https:\/\/www.wordfence.com\/blog\/2022\/09\/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild\/\" rel=\"noopener\">There\u2019s a vulnerability in the WPGateway plugin.<\/a> It\u2019s a utility for managing WordPress sites. The hole could allow an unauthenticated user to add a malicious administrator and completely take over a site. Watch for a patch. Meanwhile, the developer of the BackupBuddy for WordPress plugin has released an updated version that fixes an actively exploited directory traversal vulnerability.<\/p>\n<p data-ar-index=\"9\">Administrators whose sites use the FishPig extensions for the Magento e-commerce platform have been warned to update or re-install the application. That\u2019s because it has been compromised by a threat actor. The malware allows hackers to get administrator access to their websites, <a href=\"https:\/\/sansec.io\/research\/rekoobe-fishpig-magento\" rel=\"noopener\">according to researchers at Sansec<\/a>. Sansec believes all paid Fishpig extensions have been compromised.<\/p>\n<p data-ar-index=\"10\">Finally, <a href=\"https:\/\/www.politie.nl\/nieuws\/2022\/september\/13\/03-man-opgepakt-witwassen-cryptovaluta.html\" rel=\"noopener\">Dutch police arrested<\/a> a man on suspicion of laundering tens of millions of euros in stolen cryptocurrencies. Police allege the man used the Bisq digital currency exchange for switching bitcoin to monero to make transactions hard to track.<\/p>\n<p data-ar-index=\"11\"><em>(The following transcript has been edited for clarity)<\/em><\/p>\n<p data-ar-index=\"12\"><strong>Howard:<\/strong> I want to start with the story about a private British bank called Coutts. Over the weekend it told customers not to install the new Apple iOS 16 operating system on their iPhones and iPads. Why? Because it wouldn\u2019t work with the bank\u2019s mobile app. Not only were customers told not to install the app, the bank gave instructions on how to turn off automatic updates on their devices. However, on Monday \u2014 as iOS 16 was released \u2014 another online notice appeared, saying the bank\u2019s Apple app was now compatible with the new operating system and customers could update the app and install iOS 16. Is it just me or was there something wrong here?<\/p>\n<p data-ar-index=\"13\"><strong>Terry Cutler: <\/strong>It\u2019s a clear case of a vendor [afraid to] release software that can break functionality. When you\u2019re a user of these services you can be faced with a choice: If I upgrade the operating system I could still continue working, but not on my banking app. But if it\u2019s not working could prevent me from upgrading? The problem is if you\u2019re not upgrading [the operating system] sometimes opens you up to various cyber risks. And, of course, if your device is linked to your company through a VPN it could allow an actor to hack in through your device and get into your company.<\/p>\n<p data-ar-index=\"14\">One of the problems we always see in healthcare is software that still requires Internet Explorer 7. You have to go back to the archives of your computer to even find this application. But you see it very often because the vendors that created certain mission-critical software are out of business, or the developers have moved on, and no one\u2019s there to take care of the software. There could be all kinds reasons for application upgrade delays.<\/p>\n<p data-ar-index=\"15\"><strong>Howard:<\/strong> It just strikes me that it\u2019s really unsafe for a company to say to customers, \u2018Turn off automatic updates for the operating system\u2019 because that just makes you completely vulnerable to any hacker.<\/p>\n<p data-ar-index=\"16\"><strong>Terry:<\/strong> I agree, because the critical services won\u2019t be installed. But here\u2019s the other kicker, with iOS 16 specifically. Older phones won\u2019t be able to upgrade, so they could potentially be victims of cybercrime.<\/p>\n<p data-ar-index=\"17\"><strong>Howard:<\/strong> This notice by the bank was quickly seen by a number of media outlets in England and on this side of the ocean, and I think it gave the company a bad eye. And by the way, this isn\u2019t a small bank. It reportedly has a number of members of the Royal Family as customers.<\/p>\n<p data-ar-index=\"18\"><strong>Terry:<\/strong> I think because it\u2019s got members of the Royal Family that increased the pressure on their IT department and their development team to find a solution to get this app to work.<\/p>\n<p data-ar-index=\"19\"><strong>Howard:<\/strong> This would be a lesson to all companies: You\u2019ve got to keep your apps up to date with the release of major operating systems \u2014 Windows, Android, iOS, as well as Linux if you\u2019re an organization. It just seems in this case the bank\u2019s developers were a little slow and they tried to make the best of a bad situation. Their alternative, I suppose, was to say, \u2018Temporarily if you have an Apple device don\u2019t use our app because it\u2019s not yet compatible with iOS 16\u2019 \u2014 except that wouldn\u2019t have been very good for business. But on the other hand it wouldn\u2019t have posed a security risk to their customers, which is what you do when you tell them \u2018Geez, don\u2019t upgrade the operating system at all.\u2019<\/p>\n<p data-ar-index=\"20\"><strong>Terry:<\/strong> The thing is, they\u2019ve had months to prepare for this. iOS 16 doesn\u2019t just show up out of the blue. Developers get access to beta versions and they get to see what\u2019s changed. I suspect there must have been some systems in the [bank\u2019s] back end that weren\u2019t ready for the new features of iOS 16. Maybe they had to wait for another fix to happen. Maybe they had to get hold of new developers. We can\u2019t really fully speculate, but there was time to prepare for this for sure.<\/p>\n<p data-ar-index=\"21\"><strong>Howard:<\/strong> Is there any excuse for a company that offers mobile apps for not being up to date with an expected major release of an operating system?<\/p>\n<p data-ar-index=\"22\"><strong>Terry:<\/strong> That\u2019s a great question, because as you know I came from a software vendor, Novell. Whenever we released a new operating system a lot of customers came back saying, \u2018I don\u2019t want to be the guinea pig for this new software.\u2019 There are obviously some pros and cons. Security updates help secure your devices \u2026 and you might also get is added functionality. But when things go wrong, there\u2019s a lot of inconveniences \u2014 different software won\u2019t work together properly or some of the features are no longer available. Some updates can be risky because sometimes they fail. All that has to be taken into account.<\/p>\n<p data-ar-index=\"23\"><strong>Howard:<\/strong> Okay, let\u2019s move on to item two: New ransomware numbers for Canada. Trend Micro questioned 103 Canadian IT decision makers about ransomware attacks on their organizations. There was no surprise: 60 per cent said their organization had detected a ransomware attempt in the past three years. Of those 77 per cent said that they were victimized. Which, I hope my math is right, means roughly 40 per cent of all firms surveyed were hit.<\/p>\n<p data-ar-index=\"24\">Here\u2019s more numbers: 38 per cent of the survey groups said that their supply chain partners were victims of ransomware. Of those that were hit by ransomware and had their data stolen 60 per cent said that data had been publicly leaked by the attackers.<\/p>\n<p data-ar-index=\"25\"><strong>Terry:<\/strong> I\u2019m not surprised at all. Phishing and ransomware are the number one ways that hackers are getting in [to IT networks]. And the worst part is it\u2019s very, very difficult to attribute. Who are these attackers? But consumers and clients don\u2019t care. They don\u2019t blame the hackers. They blame the company because they didn\u2019t have the proper detection technology in place \u2026 Some of these scammers are are they earning over a billion dollars a year. It\u2019s gotten easier to launch these attacks because now attackers have more ways: They can harvest infected botnets, ransomware kits can be bought and come with 24 by 7 support from cybercriminals, they\u2019ll even provide you a list of targets to go after. What\u2019s even more difficult is that if your company is not running the latest technology like EDR \u2014 endpoint detection and response \u2014 it won\u2019t catch polymorphic malware. So it\u2019s really really difficult to keep up with these threats.<\/p>\n<p data-ar-index=\"26\"><strong>Howard:<\/strong> The thing when I asked a Trend Micro executive what companies are doing wrong, he said the same thing experts have been saying for years: Organizations still aren\u2019t following the basic rules of cyber security \u2014 employees and customers are allowed to use weak passwords, employees don\u2019t have to use multifactor authentication to to protect logins, there\u2019s poor patch management and they aren\u2019t locking down the attack surface, especially allowing misconfiguration of servers routers and the like.<\/p>\n<p data-ar-index=\"27\"><strong>Terry:<\/strong> This has been a problem for years. If you go back and look at interviews I did in 2006 I was preaching about the same stuff about the basics not being done. A lot of companies are still thinking, \u2018Who\u2019s going to want to attack me? I\u2019m small fish.\u2019 But they don\u2019t realize that small businesses are the number one target for cybercriminals.<\/p>\n<p data-ar-index=\"28\">Let\u2019s talk about what you could do before, during and after a ransomware attack. The one thing you want to do before any ransomware attack is to test your backups and restore procedures. How fast can you get your data back up and running? How fast can you get your company back up and running? But if you\u2019re dealing with cyber insurance they want to know how this happened, so that investigation piece will hold you back at least a hundred hours. The IT guy wants to try and get you back up as quickly as possible, but when he does that he risks destroying evidence \u2014 and if you destroy the evidence you\u2019re not going to get a payout from cyber insurance. You also want to make sure all of your systems are updated and patched. Definitely train your users in cybersecurity, because they\u2019re ground zero. Look for technologies like EDR, network and cloud security monitoring. And of course the number one thing to do is get a security audit done. Get a penetration test done, get a gap assessment done.<\/p>\n<p data-ar-index=\"29\">Before a cyber attack make sure all hardware and software assets are inventoried. Make sure you have a law firm on call and work with a breach coach. When a breach is detected your cyber insurance will, hopefully, have an incident response firm that\u2019ll come in and start deploying EDR agents to try and collect evidence to see how it started. A ransomware negotiator will to try and lower the payment demand. And once a dust settles and you\u2019ve lost hundreds of thousands of dollars, that\u2019s when you\u2019re really going to see where all the vulnerabilities are in your network and what to improve on.<\/p>\n<p data-ar-index=\"30\"><strong>Howard:<\/strong> Meanwhile every week there are new reports about successful ransomware attacks. Microsoft issued a report about a group it gives the nickname \u2018Nemesis Kitten,\u2019 which is looking for vulnerabilities that haven\u2019t been patched in Exchange Server, in Fortinet\u2019s Fortigate VPN and in Apache Log4j and and like. Security updates and patches have been issued for for all of these products, but they\u2019re still being exploited. This again shows how vital patch management is.<\/p>\n<p data-ar-index=\"31\">Terry: Vulnerability scans and searches [by attackers] are happening all the time, and if your system is internet-facing It will be attacked \u2014 and if it\u2019s vulnerable it will be exploited. So it really comes back to the basics of cybersecurity. The other thing is cybersecurity and IT are two separate divisions. But they have to work together to help ah protect your network. You have to have an inventory of what\u2019s running. There\u2019s patch management. You need to heavily invest in cyber security training because your users are on the front line. Employees need to know how to create a strong password and to spot social engineering attacks. The need password managers. There are a lot of moving parts.<\/p>\n<p data-ar-index=\"32\"><strong>Howard:<\/strong> One of the things that Canadian listeners may not have heard was that over the Labour Day weekend the Los Angeles public school district suffered a big ransomware attack. This week ah the district gave its superintendent authority to enter into support contracts with cybersecurity and remediation experts without public bids because they they have to keep dealing um with the residue from this attack. Among other things that happened the school district had to reset more than 600,000 usernames and passwords of of employees and students. But then technicians discovered the password reset system had been partially compromised by the attackers and that slowed down the reset process. By now 92 per cent of middle and high school students have successfully changed their passwords and all elementary students have been issued temporary passwords. This goes to show it\u2019s not a matter of you\u2019re going to be hit by ransomware and within 48 hours the company can be back up and running. The effects can stretch out into months.<\/p>\n<p data-ar-index=\"33\"><strong>Terry:<\/strong> This is where I\u2019m so happy I\u2019m no longer working on an IT help desk. I can just feel the stress that these guys would be going through right now. We had to deal with a similar incident in the middle of last year where 400 school computers got ransomed \u2026 The hackers were charging $40,000 per computer to sell the decryption keys.<\/p>\n<p data-ar-index=\"34\"><strong>Howard:<\/strong> Item 3: With the economy slowing down in many countries, what should IT leaders do if they\u2019re asked to cut spending? This comes after Forester Research issued a report saying IT leaders need to be prepared for this. For example I noticed a recent story saying a software company got rid of the application security team that vetted its software, with the security functions of that team now being folded into the existing development team. Are you hearing about companies doing similar things or cutting back on their it security spending?<\/p>\n<p data-ar-index=\"35\"><strong>Terry:<\/strong> I am. That\u2019s probably one of the reasons why our managed security services has been growing because it\u2019s so much cheaper to outsource now. Companies are dealing with continuous attack surface expansion. There\u2019s so many ways that attackers can get in now that the in-house staff can\u2019t keep up\u2026 There\u2019s been a lot of pressure on IT budgets because the management team thinks they\u2019re covered because they have one cyber security expert on staff. Well, that\u2019s why on a Saturday at 2 a.m. he\u2019s looking at logs. It\u2019s far more cost effective to outsource some things.<\/p>\n<p data-ar-index=\"36\"><strong>Howard:<\/strong> The report says cost-cutting risks reversing advances in an organization\u2019s security culture in addition to risking its cyber security posture. I think the suggestion is if you as an IT leader can show how IT security leads to customer satisfaction and therefore presumably increased business then the CEO won\u2019t lean on you too much for cost savings. Would you agree with that argument?<\/p>\n<p data-ar-index=\"37\"><strong>Terry:<\/strong> Not really, because it\u2019s there\u2019s no real clear return on investment for cybersecurity.<\/p>\n<p data-ar-index=\"38\"><strong>Howard:<\/strong> Or the executives don\u2019t perceive that there\u2019s ROI.<\/p>\n<p data-ar-index=\"39\"><strong>Terry:<\/strong> Correct.<\/p>\n<p data-ar-index=\"40\">Howard: Another thing that this report says is that money can be saved by reducing the number of security vendors an organization buys products from. In fact, a Gartner survey released this week said it\u2019s already seeing that. Seventy-five per cent of the companies it surveyed earlier this year said that they\u2019re cutting back on the number of security companies they deal with as a way for to save money.<\/p>\n<p data-ar-index=\"41\"><strong>Terry:<\/strong> I agree, but here\u2019s the issue I\u2019m seeing: They\u2019re trying to find the lowest price. So they\u2019ll buy endpoint protection from Microsoft for desktops, and for the servers use another vendor and another for network monitoring. I\u2019ll tell you a real story that happened in healthcare. This institution had three different groups monitoring their respective endpoints. When an attack happened they had to engage three different groups who may have different sets of logs. Things were dropped. It\u2019s not co-ordinated. It doesn\u2019t tell the full story. It\u2019s very, very important that you have full visibility into your network, so it helps to have one vendor.<\/p>\n<p data-ar-index=\"42\"><strong>Howard:<\/strong> So what\u2019s your advice to IT security leaders if they\u2019re told they have to find savings?<\/p>\n<p data-ar-index=\"43\"><strong>Terry:<\/strong> If you don\u2019t have the time or money, outsource. An outsourced team can look at threat hunting, make sure there\u2019s protection against your Windows, Linux and Mac systems.<\/p>\n<p data-ar-index=\"44\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-september-16-2022\/503018\">Cyber Security Today, Week in Review for Friday, September 16, 2022<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode features a discussion on ransomware, how IT security leaders can deal with having to cut costs and why a UK bank told\u00a0 mobile customers not to install iOS 16 on their App<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-28521","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=28521"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28521\/revisions"}],"predecessor-version":[{"id":28650,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/28521\/revisions\/28650"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=28521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=28521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=28521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}