Week in Review

So it turns out “The Story” is a lot more work than there is time available at the moment so it hasn’t yet come to fruition. However, what we do for some clients is a little bit of OpSec in the form of an update on what transpired throughout the week. These updates contain major stories that either impact the client, or have general information helpful to evaluating current risk levels. In lieu of “The Story”, we’re going to start posting a more “genericized” version of that update here. This one is a little delayed (they are usually prepared for Friday) but watch for another coming on Friday this week.

Start the Patch Cycle

The item of most significance this week is that it was “Patch Tuesday” for Microsoft and other vendors. Microsoft released a number of security patches (about 75 for various platforms). Adobe also released critical patches for Flash and Shockwave. Also in the last couple of weeks patches for VMWare and Google Chrome have been released.

Canadian Targets

There was a report released regarding a number of Canadian mining and casino companies that were hit with what appears to be a single extortion-style campaign. Casinos and mining seem like an odd combination though everything that I’ve read leads me to believe that these may have been industries with consistently bad security practices combined with information someone might find damaging to the company’s reputation. This should be a bit of a wakeup call for some that, clearly, Canadian companies are not immune to attack, particularly if their security practices are weak.

http://www.cbc.ca/news/technology/canada-mines-casinos-hacked-ransom-extortion-fireeye-fin10-1.4162940

https://www.fireeye.com/blog/threat-research/2017/06/fin10-anatomy-of-a-cyber-extortion-operation.html

Attackers are coming for SMB’s
Another report released this week (U.S. centric) documents how malware incidents at business with <1000 users are up on average 165% in Q1 2017. Experts have long been warning of the fact that companies of that size are ripe targets. Not sure if this is a trend yet but it is an interesting statistic and there are a lot of signs pointing to the fact that criminals are turning their focus to this market.

https://www.darkreading.com/threat-intelligence/malware-incidents-at-us-smbs-spiked-165–in-q1/d/d-id/1329143?

Mistakes Also Lead to Breaches
An interesting article came out late last week focused on the subject of user error and its impact on security. Errors such as misconfiguration of firewalls (something Gartner predicts will be the cause of 99% of firewall breaches through 2020), companies inadvertently posting confidential information in public locations, and databases incorrectly exposed to the internet are a few examples. Look to the 20 Critical Controls framework for controls that help reduce this risk.

https://www.darkreading.com/perimeter/your-information-isnt-being-hacked-its-being-neglected/a/d-id/1329077?

Brush-up on Your Security Concepts
Lastly, here’s a good quick read with key terms and concepts that everyone needs to be aware of. If you, or someone in your organization, need a primer (or reminder) of the key terms and concepts in Info Sec today, this is a good quick read.

https://www.tripwire.com/state-of-security/security-data-protection/know-enemy-adware-worms-whats-hows-common-cyber-attacks/

Share this:

Like this: