NSA Shares Guidance on how to Secure Your Home Network
Article Link: https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-on-how-to-secure-your-home-network/
- The U.S. National Security Agency (NSA) has issued guidance to help remote workers secure their home networks and defend their devices from attacks. The guide published includes a list of recommendations such as ensuring that devices and software are up to date, regularly backing data up, and disconnecting devices that don’t require active internet connections.
- Other topics include maintaining an up-to-date personal router, using secure passwords, and limiting the amount of elevated access used on devices.
- Link to the NSA’s Full Report: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3304674/nsa-releases-best-practices-for-securing-your-home-network/
Defenders on High Alert as Backdoor Attacks Become More Common
Article Link: https://www.helpnetsecurity.com/2023/02/24/ibm-x-force-threat-intelligence-index-report-2023/
- According to a report by IBM, ransomware incidents declined slightly between 2021 and 2022 and defenders were more successful in detecting and preventing ransomware. However, attackers continue to innovate with the average time to complete a ransomware attack dropping from 2 months to less than 4 days.
- Additionally, it was observed that the deployment of backdoors, which allow remote access to systems, emerged as the top action by attackers last year. About 67% of those backdoor cases related to ransomware attempts, where defenders often were able to detect the backdoor before ransomware was deployed.
- The report from IBM offers several key findings as well. Specifically, extortion remains a go-to method for threat actors, cybercriminals weaponize email conversations, and legacy exploits still work effectively against targets.
- Link to IBM’s Full Report: https://newsroom.ibm.com/2023-02-22-IBM-Report-Ransomware-Persisted-Despite-Improved-Detection-in-2022
Microsoft tells Exchange Admins to Revert Previously Recommended Antivirus Exclusions
- Microsoft is advising Exchange Server administrators to remove some endpoint antivirus exclusions that the company’s own documentation recommended in the past. The rules are no longer needed for server stability and their presence could prevent the detection of backdoors deployed by attackers.
- In the past, the settings led to program locks and eventually severe failures. However, the stability issues have recently been fixed on Exchange 2019 and possibly Exchange 2016 and Exchange 2013.
- Link to Microsoft’s Blog Post: https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
Phishing Fears Ramp Up on Email, Collaboration Platforms
Article Link: https://www.darkreading.com/remote-workforce/phishing-fears-ramp-up-on-e-mail-collaboration-platforms
- According to Mimecast, phishing and other messaging-based attacks continue to be a pervasive threat, with 97% of companies seeing at least one email phishing attack in the past 12 months and three-quarters of firms expecting significant costs from an email-based attack.
- The increased concern about cyberattacks via email and collaboration platforms comes as companies have shifted to hybrid work environments, making tools like Slack and Microsoft Teams popular avenues of exploitation by opportunistic cybercriminals.
- Link to Mimecast’s Full Report: https://www.mimecast.com/state-of-email-security/
Why Are My Employees Integrating with So Many Unsanctioned SaaS Apps?
Article Link: https://www.darkreading.com/application-security/why-are-my-employees-integrating-with-so-many-unsanctioned-saas-apps-
- On many business applications, such as Zoom, the ability for users to adopt, configure, and manage SaaS applications without a proper security review has become easier to do. While this process may be convenient and conducive to fast business enablement, by design it also bypasses any internal security review processes or inventorying.
- Many SaaS vendors are not only touting their application’s brilliant new features, but also they’re constantly telling your business users and security teams their applications are secure, their infrastructure is secure, that 24/7 uptime is 99.999% assured, and they guarantee that their employees won’t have access to user’s data. However, many of these solutions fail to share the entire picture, leaving users at risk during security incidents, misuse, and misconfigurations.
- Additionally, security is often just assumed. Take application marketplaces operated by well-known brands, for example. Vendors have neither the desire, nor the financial incentive or capacity, to vet the security posture of every third-party application being sold on their marketplaces.
Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Article Link: https://thehackernews.com/2023/02/majority-of-android-apps-on-google-play.html
- According to an investigation by the Mozilla Foundation into data safety labels for Android apps available on the Google Play Store, there are “serious loopholes” that allow apps to provide misleading or outright false information.
- Apps can be exempted from disclosing data sharing provided they have sought users’ consent, if the data is being shared with a developer’s service provider, or if the data is fully anonymized.
- Link to Mozilla’s Full Report: https://foundation.mozilla.org/en/blog/mozilla-study-data-privacy-labels-for-most-top-apps-in-google-play-store-are-false-or-misleading/
Stress Pushing CISOs Out the Door
Article Link: https://www.csoonline.com/article/3689148/stress-pushing-cisos-out-the-door.html
- According to a report from Gartner, nearly half of CISOs will change jobs and 25% will shift to different roles altogether by 2025 due to stress caused by the risk of being breached while trying to retain staff.
- Companies that do not view cybersecurity risk management as critical face higher attrition. With CISOs constantly trying to balance high expectations against an absence of the tools needed to meet those expectations, good organizational culture can make a difference in retaining professionals.
- As a result of this employee burnout, Gartner predicts that the lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025.
- Link to Gartner’s Full Analysis: https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybersecurity-leaders-will-change-jobs-by-2025
NIST Working on ‘Potential Significant Updates’ to Cybersecurity Framework
Article Link: https://fedscoop.com/nist-working-on-potential-significant-updates-to-cybersecurity-framework/
- Recently, NIST published a concept paper outlining significant changes to the Cybersecurity Framework, first developed in 2014, and has opened the document up to public feedback over the next several weeks.
- The framework is a voluntary guide to help organizations in all sectors to better understand, manage, reduce, and communicate cybersecurity risks. It is used widely, along with NIST’s Risk Management Framework, by federal agencies to plan their own cybersecurity approaches.
- Several proposed changes noted in the concept paper include broadening the scope of the framework beyond solely critical infrastructure use cases, emphasizing the importance of cybersecurity governance, and the importance of cybersecurity supply chain risk management.
- Public responses to the concept paper are due by March 3rd. As the document notes, feedback and comments should be directed to the cyberframework@nist.gov email address.
- Link to NIST CSF 2.0 Website: https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20
