“You don’t know what you don’t know.” It sounds trite, but it’s true. You probably don’t realize that a dormant crypto-locker malware file is sitting quietly, undetected, on a computer or server. All it needs is the right moment or the right command. Like Clint Eastwood’s Dirty Harry character said in the movie Magnum Force: “A man has got to know his limitations.” Organizations – no matter the size – need to determine their limitations from a security standpoint.
Organizations that have not checked their overall cybersecurity posture are effectively asking for trouble. Broader vulnerability assessments and more targeted penetration tests are effective starting points from which to shore up cyber defences. Besides ransomware, which hit new heights during the COVID-19 pandemic, a major problem facing organizations is data breaches. Data breaches often lead to irrecoverable financial losses, reputation hits, business losses, talent losses, and general stress and embarrassment. There are many more reasons, but this list focuses on six reasons an organization should assess its security (in no particular order).
1. Identifying Risk Within the Organization
This should be a common practice for your IT team. It easy to be lulled into a false sense of security just because nothing bad has happened yet. It is foolish at best, and negligent at worst to take immunity from cyber threats for granted. Conducting yearly or semi-annual security risk assessments either internally or through a trusted partner will provide an extra layer of security insights, which can be used to protect against data breaches. Many of the threats affecting small and medium businesses aren’t even targeted. Like Covid-19, attacks move from one person or organization to another. No organization is immune to a talented hacker who is determined to infiltrate your systems for fun or profit, hackers look for security gaps, and you should do the same. By understanding and knowing what gaps you have, you can make most of the necessary fixes and take the low hanging fruit out of harm’s way.
To put it simply, there are two methods to assess security risk. The first is called a Penetration Test – more commonly known as a Pen Test. Pen Tests are an active attempt to hack or access networks, websites, applications, conducted by an ethical hacker – one of the good guys. It is a real cyber-attack that targets a specific area, or it can be broad and open ended. From this test, IT managers or chief security officers will get a detailed look at how well the security systems, networks and applications in place are performing along with identifying vulnerabilities within the system. It also informs the organization of their strengths and whether they are adhering to current compliance and security policies, which is also quite valuable.
The second method is called a vulnerability scan, and these tests are meant to be fast, passive, high, and wide across the organization. This approach compares a current state to accepted minimum standards, leading to a grade of how good your security is. These assessments take into account the currency and completeness of patching, availability of easily exploitable ports, scanning for known malicious applications, and susceptibility to common attack methods like SQL injections.
2. Avoid Security Breaches
Data breaches are expensive. According to the annual Cost of a Data Breach Report, conducted by the Ponemon Institute and sponsored by IBM Security, the average total cost of a data breach is just under $4 million US. For an SMB business, this would sound the death-knell. For mid to large enterprises, it can lead to a severe disruption in business that could have lasting effects. But depending on the type of organization, it could be worse. Ponemon found that for healthcare providers, a data breach averages $6.45 million. The average data record size for data breaches is an outstanding 25,575 records per incident, which would lead to a massive hit on any organization’s reputation and brand.
By conducting a security risk assessment and following through with the recommendations, you can better protect data and avoid the costs associated with a hack. A security assessment will focus on malware analysis, reverse engineering, cryptography, exploit development, offensive and defensive security. A well-crafted assessment will lead to a report laying out clear, actionable insights coupled with effective remediation steps to help organizations lower risk and identify areas requiring improvement.
3. Protecting Your Reputation
According to the Harvard Business Review, an extra star in a restaurant’s Yelp rating increases business between five and nine percent. On the flip side, negative reviews keep customers away in droves. A hit to an organization’s reputation because of a data breach or hack will have a similar, lasting impact, especially if it becomes public. In most cases, companies have to legally announce the breach based on PIPEDA and GDPR laws and regulations. Many organizations aren’t aware that they are subject to laws based on where their customers reside, not just where their corporation is physically or legally registered. The bottom line is that customers will avoid you, or worse, leave you.
Rebuilding a tarnished brand is expensive. By foregoing annual security risk assessments, organizations are gambling with their own future, and more broadly, risking their stakeholders – staff, suppliers, business partners, and company shareholders. It isn’t unheard of for direct and indirect victims to take legal action seeking compensation for their own damages. The fallout continues to staff and the ability to find and retain talent – nobody wants to work for an organization that shows itself to be somewhere between incompetent and ignorant. Share prices have been known to take a hit, which only serves to prolong and aggravate the pain of the original hack. One security breach can put an organization into permanent “Damage Control” that can take years to overcome.
4. Maintaining IT Budgets
Any good CFO should easily conclude that the cost associated with Pen Tests or Vulnerability Scans are a drop in the bucket compared to the wide-ranging losses stemming from a data breach. For example, Canadian businesses are now mandated to reveal if they have succumbed to a data breach if determined that the data under the control of the organization has the potential to fall into the wrong hands. A failure to report these breaches, even seemingly innocent violations, can lead to fines of up to $100,000 under the Personal Information Protection and Electronic Documents Act (PIPEDA). The majority of organizations do not budget for PIPEDA fines and the such. Potential lawsuits are also a factor and recovering data also eats into the budget. While some might be tempted to think that cyber security insurance will pick up the tab, think again. Merck & Co found out the hard way when their insurance company turned down their claim for $1.5 billion. By scheduling a security assessment, you can build that into your budget and avoid surprises. Your organization’s budget and cash flow are more at risk if you don’t invest in proactive systems and programs like; security monitoring, security identification and event management system (SIEM), or Layer 7 firewalls, and often most overlooked, user education.
5. Avoid Violating Privacy and Data Laws
As in the previous reason, six-figure fines can be avoided by an annual security risk assessment. The PIPEDA fine is a six-figure sum, and penalties from other compliance/privacy acts are not cheaper. Violators of the GDPR (General Data Protection Regulation for the European Union) can risk fines of up to 20 Million Euros. Then there’s SOX (Sarbanes-Oxley Act), HIPAA (the US Health Insurance Portability and Accountability Act), and there are even state-run laws such as CCPA (California Consumer Privacy Act). Then, there is the LGPD, a new act that comes into effect next month from Brazil. LGPD stands for Lei Geral de Protecao de Dados Pessoais) or Brazil’s General Data Protection Law. LGPD, like the EU’s GDP protects Brazilians’ data, no matter where that data is stored. Think about a Brazilian tourist shopping at a store using a credit card, then the store being hacked leading to credit card fraud against the tourist. In theory, the store is liable for those damages. The efficacy and implementation of these laws remain to be seen, but there are other punitive measures countries can take against offenders such as blocking their websites at a country level.
6. Increase Productivity Levels
Finally, if your organization is infected with a virus or hit with ransomware your employees’ overall performance and productivity will suffer. Take a minute to think about how effective your business is during a power or internet outage. Now multiply that by the number of days and add some indirect costs and future losses for good measure. By doing a security assessment and implementing up-to-date security protocols, you ensure productivity levels, while reducing risks. According to a Ponemon, the most significant impact of an attack may be in end-user productivity losses because the IT systems are not functioning. As organizations embrace digital transformation and cloud-based systems along with the rise of the remote worker because of the COVID-19 pandemic, this risk only increases. SaaS models mean businesses are now subject to multiple sources of failure in their operations and activities. Imagine if a cloud hosted accounting suite were taken offline by hackers – no invoices, no cash tracking and much more.
Jolera has a variety of assessment options available to help identify possible weaknesses and exploits and determine possible real-life outcomes of a successful attack. If you’re interested in learning more contact usfor more information.
Researchers released new information of a vulnerability in the Integrated Dell Remote Access Controller. iDRAC is designed to allow IT administrators to remotely deploy, update, monitor and maintain Dell servers without installing new software. Path Traversal vulnerability CVE-2020-5366 has a 7.1 score which reflects a high degree of danger. Although the vulnerability was fixed earlier in July, by exploiting the flaw, remote attackers could take over control of server operations.
To monitor threats against company servers, it’s crucial to have a managed security program in place. With services like Secure IT – SIEMyou can rely on a team of security experts who perform remediation, root cause analysis and provide security recommendations to help you defend against malicious threats.
A high-severity vulnerability in Cisco’s network security software could comprimise sensitive data. The flaw exists in the web services interface of Cisco’s Firepower Threat Defense (FTD) software, and its Adaptive Security Appliance (ASA) software. The vulnerability (CVE-2020-3452) allows attackers to conduct directory traversal attacks, which is an HTTP attack enabling bad actors to access restricted directories and execute commands outside of the web server’s root directory.
The vulnerability affects products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software, with a vulnerable AnyConnect or WebVPN configuration. To eliminate the vulnerability, Cisco users are urged to update Cisco ASA to the most recent version.
North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets. VHD ransomware samples were found between March and May 2020 during two investigations, being deployed over the network with the help of an SMB brute-forcing spreading tool and the MATA malware framework (also known as Dacls). The ransomware tool creeps through the drives connected to a victim’s computer, encrypts files, and deletes all System Volume Information folders.
Organizations must have 24/7 monitoring and remediation solutions in place to defend against VHD Ransomware and similar threats. Secure IT – Endpoint Protection and SIEM help to avoid, or at least isolate these attacks from spreading.
In this digital rich world, it’s hard to believe that the majority of Canadian households – with at least one child under 18 – only have one Internet-enabled device available to them. Compounding the problem further is that 13.5 percent of this group relies on a mobile device for their Internet, according to Statistics Canada.
This shortage is creating a digital divide in Canada. If the IT industry does not act soon, it could lead to many young Canadians falling behind other countries and negatively impact digital transformation.
Lenovo Canada’s Executive Director and GM, Colin McIsaac has been running the subsidiary for the past seven years and in that time has successfully introduced many innovative products from the Yoga, the Tiny, the Twist, the X1 Carbon, and state-of-the-art workstations for the oil and gas sector that are also used to design cars for Austin Martin.
But despite the business achievements, conquering the digital divide in Canada has turned into a passion project for McIsaac. During an interview for the Jolera Interview Series program, McIsaac said the digital divide, specifically in the education sector, worries him because a lack of access to current technology can severely impact the quality of education a student receives. “This is sobering, and you compound that with the COVID-19 pandemic, and there’s a byproduct with schools not getting back to classrooms or staggering that experience and asking people to engage from home without a device or broadband or they are not comfortable with the environment, and this creates a much bigger gap between those that have and have not,” he said.
In comparison, McIsaac has more than 100 devices connected to the Internet in his home, and certainly, the narrative believed by most is that Canada is a totally connected community. But McIsaac believes there is a much more significant gap in Canada, and one of the pitfalls of the digital divide is the loss of potential.
“If someone is not able to learn properly, you can create a much bigger gap among the classes. Secondarily, we may miss out on some of the best ideas this generation has to offer because they don’t have access to technology. This is something we have to address, and, in my mind, it can’t happen fast enough,” McIsaac said.
SMARTER TECHNOLOGY FOR ALL
Lenovo operates with a guiding philosophy of “Smarter Technology for All”, and this viewpoint works to ensure that everyone can take advantage of technology. Under McIsaac’s leadership, Lenovo Canada is trying to provide a standardized technology experience for classrooms across Canada and in the home. Lenovo has already contributed more than $5 million in donations for Quebec’s back-to-school initiative, a co-sponsored plan with Best Buy to support the Boys and Girls Club of Canada. Most recently, the company made a significant Chromebooks donation to the Government of Alberta’s school initiative.
More needs to be done, according to McIsaac, from the government and the business community to address the digital divide in low-income areas of Canada since they have the highest percentage of mobile-only device usage.
“Technology has an impact on business, and you can draw parallels on the impact it has on consumers in their daily lives. If they do not have the opportunity to embrace technology’s competitive advantage, they will fall behind, and the longer they are unable to leverage technology, the worse it becomes. There are two ends of the spectrum here with people at one end engaging technology to their great benefit and learning experience and the other end, where people are not,” he added.
Watch the Jolera Interview Series featuring Lenovo Canada’s Colin McIsaac to learn more about how Lenovo deals with the digital divide along with its innovation strategy and how the company is embracing the as-a-service market.
Before the COVID-19 pandemic and subsequent lockdown, IT budgets were on the rise. According to a Spiceworks’ State of IT 2020 Report, IT budgets were rising as businesses began to replace outdated technology to the tune of 44 percent, up from 38 percent previously in 2019. The survey results were based on 1,000 IT professionals interviewed throughout North America.
The Outlook for 2020 and Beyond
But that was then, and this is now. Those same budget drivers are now held into question because of the economic realities brought upon us by COVID-19. Many technology leaders were forced into survival mode and asked to review non-essential IT spending to see if those actions could be deferred, altered, or eliminated. A new study from online research firm Pulse Inc. found that 23 percent of CIOs have had their budgets frozen, while 20 percent saw a significant cut of more than 10 percent. With this sudden cut to their budgets, they had to make every cybersecurity dollar count quickly.
Several organizations have turned to the essentials, virtualizing their company’s applications, securing connections through Virtual Private Networks and locking down permissions. However, now that companies are through the pandemic’s initial panic, leaders need to see where they can fill the gap with affordable but effective solutions. Gartner Research predicted that more than 40 percent of employees plan to work away from their offices post-COVID-19 pandemic. Lawrence Pingree, Gartner’s Managing Vice President, said some security segments benefit this new future, such as cloud-based offerings and as-a-service subscriptions.
So how do I make our Cybersecurity Dollars count?
There are two areas IT leaders should look to for affordable and effective cyber security solutions during this time in lockdown:
Email Security & User Training
Since most attacks are delivered through email, remote workers will be vulnerable to spear phishing, ransomware, and other emerging threats. Protecting inboxes with a simple, low-cost monthly solution that protects against these threats is essential. However, the risk of data loss and legal compliance are to be of concern as well. Several companies offer solutions in this area; however, be wary of long contracts and pricing agreements determined by user count, since this will most likely be changing throughout the next while. Users must also be trained to keep an eye out for suspicious emails since a lot of devices still aren’t fully managed. Your users will be your first line of defence in an endless uphill battle. There are several free and paid solutions out there to get your users trained.
As companies rush to equip remote workers with technology to continue their work away from the office, IT leaders should not forget to secure endpoints connected to the network. This is one area of the IT budget that cannot be left behind as each Endpoint can be opened by hackers and exploited. There are several solutions out there to protect endpoints, but companies should focus on solutions that are fully managed and automated to reduce the risk to their company and reduce costs. Also, one thing to consider when looking into endpoint security is encryption of their devices. Jolera talks about this in further detail in our article “3 Ways to Secure Remote Workers for the Future”.
The thing to note is that there are several solutions out there in the market to protect your organization. However, careful consideration needs to be taken as the new normal is trending towards remote work. This means that these solutions aren’t band-aids but permanent solutions to help transform your organization.
Jolera has multiple affordable but effective solutions for partners to distribute to their clients worldwide. These solutions are built with remote workers in mind. Our services like Secure IT Mail and Secure IT Endpoint can be deployed quickly and scale to the ever-changing business environment as companies reduce users and gain new ones. These solutions are integrated into our sophisticated Security Information & Event Management system (SIEM) and are monitored and managed by security specialists in our 24x7x365 Security Operations Center.
Transforming a business at any stage is tremendously challenging and faced with the COVID-19 lockdown Toronto-based My Blue Umbrella (MBU) used this time as an opportunity to not only implement several business continuity measures but also push a new digital transformation plan that will support and empower its customers for the future.
Company founder and CEO Michael Contento did admit that this plan was “aggressive” but added that quick action was necessary because of the unique circumstances regarding the COVID-19 pandemic.
This new transformation plan was part of an overall umbrella strategy Contento called Triple S dot T (Survive, Stabilize, Strive, and Transform). This effort involved enabling MBU customers with new cloud-based infrastructure that supports collaborative business automations.
The major part of Contento’s transformation strategy had its own branding: WORKanyPLACE. This cloud-based solution features several artificial intelligence tools resulting in cost and time savings for the customer while significantly improving teamwork and collaboration. WORKanyPLACE is a home-grown offering from MBU that is essentially an Oﬃce-in-a-Cloud, backed by the company’s technical support resources.
More importantly, WORKanyPLACE delivers business outcomes, such as:
Access to ﬁles anywhere
The ability to create calendar invites on the fly that sync seamlessly with videoconferencing apps.
Sharing data becomes a frictionless experience with WORKanyPLACE since its available inside and outside the organization.
Finally, vital data is secure, and automatically backed up, while allowing users access at a moment’s notice.
To get to the transform stage, the team at MBU moved quickly through each stage of the Triple S dot T plan.
When the news broke that a lockdown was coming because of the COVID-19 pandemic, Contento’s only thought was: “How do I survive this?”
Stuck out of the country, Contento understood he needed to act fast. On his way back home, Contento – who has been running MBU for more than 25 years – began to analyze what the pandemic was doing to banks, governments and other entities and realized the exceptional situation he was now saddled with needed a unique solution.
In this short amount of time, Contento developed the “Triple S dot T” plan.
Launching the Triple S dot T plan required a quick but thorough review of available programs and funding.
“I was in Florida. It was March 20th, and my first instinct was to get into survival mode, and I began to talk to the bank for help; get my credit line extended, so MBU had a buffer. That got us some breathing room to build this kind of road map,” Contento said.
Then other issues need to be resolved, such as the best way to support the MBU staff, while setting up new security measures.
To stabilize MBU, Contento and his team enacted a work-from-home program, and the company launched its Business Continuity Program (BCP). MBU staff were equipped with access to data via VPN plus the necessary computer equipment and other tools to operate safely and productively.The company then added extra layers of security to ensure hackers would be blocked from stealing data.
Putting this in place enabled MBU to stabilize is operation. From there, Contento shifted to the Strive portion of the plan.
In Strive mode, the MBU team were empowered to go to a new level of performance in the face of the COVID-19 lockdown. Contento’s message was to not allow COVID-19 to prevent them from doing regular business duties. He asked his team to contact customers to find out if there was anything they can do to help immediately.
This stage saw the MBU team craft new product solutions and support methods for clients. One of the savvier moves MBU made was to resource computer equipment from Rent-to-Own operations.
“The key thing here is to train the staff to communicate in phases and talk in a way to learn how to assess customer needs quickly, provide support and understand the initial need because some may by thinking of how they make payments, while others are thinking about security,” he said.
Lessons learned from the crisis
The perception of MBU during this time of crisis was also very important to Contento.
“We did not want clients to think we were calling to grow our business; we wanted to stay relevant to them. Not sell something extra, but to service them by offering extended financing, cutting costs, help them migrate from on-premise to the cloud and if we had to take a hit and not get billed for 120 days, we would.”
COVID-19 has brought out the best in a lot of Canadians, according to Contento. He has been impressed by how Canadians have dedicated themselves to protecting their neighbour, collaborating with each other, and supporting each other.
“COVID-19 came in as a big negative, but it has pushed true camaraderie…and we need that now. Sometimes our patriotism is questioned in Canada, and I think with COVID-19 it has elevated it a bit.”
Another change caused by COVID-19 has been the reality check to business leaders.
“Business can be quite simple. There is revenue and cost and the difference could be making you a profit or putting you in trouble. What COVID-19 has done is take the complexity out of business. Business leaders are running at 100-miles an hour, and COVID-19 has come in, and it has stopped giants in this industry and forced everyone to do the math really quickly. We are now month-to-month, and it has made people dumb down their math to see if their business expenses make sense and look at how healthy the profit is. Is the revenue sustainable down the road, or do I need to recalibrate it? This has forced everyone to go back to basics,” he added.
As crises go, COVID-19 draws a fine line between personal and business, and it has made decision making much harder for Contento.
“The decisions I make during this crisis have tripled in terms of impact because families are dealing not just with their finances but their health with this virus. It’s not just about the financials, but life and death and in a roundabout way, leaders have been forced to look at not just the math, which is what we would normally do, but the health perspective too”.
Android mobile device users are being infected with the FakeSpy infostealer. The attack is part of a ‘smishing’ campaign from the Roaming Mantis threat group. The malware is disguised as legitimate global postal-service apps, and ends up stealing SMS messages, financial data, and other sensitive information from the users’ devices. The attacker sends text messages with information about a package delivery, prompting the recipients to click on a malicious link.
Users are recommended to ignore text messages from contacts they don’t recognize and be suspicious of any message about deliveries or other postal services. To avoid being scammed users should double-check the info received through trusted links to local delivery carriers.
Employees who browsed the news on one of these websites could have their computers compromised and then used as a stepping point into their companies’ enterprise networks.
Companies must have proper security measures in place to defend against WastedLocker Ransomware and similar threats. Secure IT – Endpoint protection provides an advanced, comprehensive threat detection and defence solution for an organization’s computer endpoints.
CVE-2020-1425 | CVE-2020-1457
Microsoft has released two emergency security updates to address remote code execution vulnerabilities affecting the Microsoft Windows Codecs Library on several Windows 10 and Windows Server versions. The two vulnerabilities are tracked as CVE-2020-1425 and CVE-2020-1457, the first one being rated as ‘critical’ while the second received an ‘important severity’ rating. After successfully exploiting these vulnerabilities, attackers could obtain information to further compromise the user’s system, and lead to arbitrary code execution on vulnerable systems.
According to Microsoft, the two security patches address the vulnerabilities “by correcting how Microsoft Windows Codecs Library handles objects in memory.” According to Microsoft it wasn’t identified any mitigating measures or workarounds for these two vulnerabilities.
Now that workplaces around the world are – more or less – functioning under some combination of remote work tools, a new set of security challenges has manifested itself. Cybersecurity risks like phishing scams, man-in-the-middle attacks, ransomware, evil twin attacks, passive sniffing, and many more cause even more sleepless nights for IT personnel tasked with maintaining their company’s security. But there might be light at the end of the tunnel with the concept of ‘Zero Trust’.
What is Zero Trust Security?
The Zero Trust concept focuses on the idea that an organization systematically refrains from automatically trusting anything inside or outside its perimeters. It might seem at first like this isn’t a great idea, but it is the foundation on which traditional security and access have been built. With a Zero trust strategy in play, everything must go through a rigorous verification process before any connection to its internal networks and programs can be permitted.
According to Charlie Gero, CTO of Enterprise, and Advanced Projects Group at Akamai Technologies, quoted in a 2018 CSO magazine article: Zero Trust boils down to “do not trust anyone.” In a nutshell, a Zero Trust solution creates “trust zones” that continuously identify, test and authenticate devices or users whenever they try to access resources on the internal company network. In a Zero Trust scenario, a hacker is barred from taking advantage of vulnerabilities.
Zero Trust was created by John Kindervag in 2010 when he was a principal analyst at research firm Forrester Research. Kindervag was part of Forrester’s security and risk team when he developed the Zero Trust model to expose the myth that internal networks were safe. One of Kindervag’s examples of how internal networks were vulnerable was with the American National Security Agency (NSA) whistleblower, Edward Snowden. Snowden had unfettered access to internal systems and stole classified documents, Kindervag said during a security roundtable hosted by Palo Alto Networks. Kindervag currently works for Palo Alto Networks. Snowden, as an IT contractor, did not ‘game’ or cheat the system. He simply used the access the (fundamentally flawed) system granted him.
Besides the Zero Trust strategy’s apparent data protection gains, one of the most significant benefits of the concept is that organizations can provide remote users with protected access to their organization’s applications with confidence. The converse applies equally, too – organizations can shut down access in a similarly efficient way.
An added advantage to Zero Trust is that organizations can significantly reduce the load on the VPN. It also increases the speed and ease of access to data, since Remote Desktop connections slow users down. During this COVID-19 pandemic with so many individuals working remotely, this could be a reliable solution to ease the stress on the system.
Zero Trust Deployment
Zero Trust may sound like an ideal solution during COVID-19 however, it is not an easy solution to implement. Organizations must adjust their IT budgets to accommodate a Zero Trust strategy since their current infrastructure may not be ready for it. A potential weak spot for Zero Trust maybe when a workforce uses personal computer equipment for business. The lack of endpoint security on those devices may trip up a Zero Trust environment. This will inevitably leave workers defenseless against a cyber-attack opening vital data to theft. However, solutions like Mobile Device Management facilitate a greater degree of control and will go some way to achieving a more secure position. These solutions, provided by Microsoft or JAMF, for example, solve this by automatically managing devices and deploying endpoint protection and encrypting the machines and assessing the devices for conditions of compliance before enabling further access.
Regardless if we’re in the middle of a pandemic or not, it’s never too late to get started formalizing a plan for Zero Trust. Implementing Zero Trust will take time, but organizations should consider starting with isolated trust zones, developing a pilot program, and selecting essential organization applications for remote access. As always, Jolera is here to help our partners on the journey to Zero Trust with our professional services and managed services like Manage IT and Secure IT Endpoint, offering 24/7 security and uptime for an organization’s environment.
A new variant of malware is attacking Windows systems. Dubbed Lucifer, this malware identified by security experts has cryptojacking and DDoS capabilities that leverage old vulnerabilities to perform malicious attacks. The vulnerabilities targeted by Lucifer malware include Rejetto HTTP File Server (CVE-2014-6287), Oracle Weblogic (CVE-2017-10271), ThinkPHP RCE (CVE-2018-20062), Apache Struts (CVE-2017-9791), Laravel framework CVE-2019-9081), and Microsoft Windows (CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464).
Besides applying patches and increase password safety, it is important to manage these updates to guarantee protection from any potential vulnerabilities. Manage IT and Secure IT – Endpoint combined provide clients with 24/7/365 IT management service, which includes monitoring, support/troubleshooting, maintenance, reporting and asset management of their IT infrastructure (servers, storage, networking, applications, desktop/laptops).
New ransomware with peculiar features, named Thanos, is being promoted as a Ransomware-as-a-Service. According to a new report by Recorded Future, Thanos is enlisting hackers, and other threat actors, to distribute the ransomware in exchange for a revenue share of the ransom payments. Thanos ransomware is considered a serious threat because of its advanced features, like the use of a researcher-disclosed RIPlace anti-ransomware evasion technique.
Businesses are increasingly becoming the most popular targets for ransomware. Consequently, it is important that companies take measures to improve their security posture. Secure IT offers a wide range of services to protect organizations against evolving security threats.
‘COVID-19 Employee Training’ Phish
Security experts are advising companies of a new phishing attack that exploits COVID-19 pandemic. The campaign targets employees using Office 365, by sending them alleged training resources regarding returning to work policies, as COVID-19 lockdowns lift. Users are then directed to a malicious URL, where they need to provide their credentials.
Users should be cautious of suspicious email links. Services like Secure IT – Mail help scan emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.
Millions of internet of things (IoT) devices are affected by dozens of vulnerabilities. Cyber-security experts exposed a total of 19 vulnerabilities (4 of them considered critical) in a small library widely used and integrated into innumerous products over the last 20 years. These vulnerabilities affect both enterprise and consumer-grade products, from printers to insulin pumps.
Treck has issued a patch for use by OEMs in the latest Treck stack version (184.108.40.206 or higher).
Linkedin ‘Job Offers’ Malware
A recent malware campaign targeting aerospace and military firms has been discovered. Victims in Europe and the Midle East received Linkedin spear-phishing messages, supposedly from Collins Aerospace and General Dynamics, with a job offer. Besides the offer being fake, the message also included malicious documents that eliminate data from the device.
Users should be cautious whenever opening files from an email. Services like Secure IT – Mail help scan the files within emails to detect if they are legitimate or not. If they are not legitimate, these tools will block users from even visiting the malicious website.
Customers of U.S. banks and financial institution are the target of an ongoing campaign using “Qbot malware”, a banking Trojan active since 2008. Trough Qbot payloads, attackers are able to steal financial data from these clients, and spread malware on compromised devices. According to specialists, “Qbot malware” is being used with updated worm features.
Cybersecurity awareness training is highly recommended to defend against evolving malware threats. Secure IT – User Defence is a suite of security services specifically tailored to empower employees to become the first line of defence against cyber attacks.
The COVID-19 pandemic has disrupted our global economy and forced businesses to change the way they operate. The evolution of this virus and its socio-economic impact has made it difficult for many businesses to adapt their operations. However, through it all, Jolera has managed to maintain consistent and successful operations. We asked Jolera’s very own Chief Operating Officer, Manish Govindaraj, how the company managed to adapt and thrive during the global crisis while staying true to its people-first core values. Manish describes his team’s approach to enacting the company’s Business Continuity Plan (BCP), as well as their coordinated return to work strategy.
“For a business to continue operating under these situations of duress or crisis, you have to have an active and tested Business Continuity Plan. For us, as a SOC II Type II certified entity, we have been testing our BCP on a quarterly basis, not just because SOC II demands it, but also because it’s good business practice.”
– Manish Govindaraj
According to Manish, the organization’s transition to remote operation meant balancing the safety of employees with the ideal productivity levels necessary to satisfy customers’ expectations. With hundreds of staff members operating globally, Jolera was identified as an essential service and aimed to “challenge ourselves to provide a seamless experience to our customers, as if nothing had changed,”. With hundreds of channel partners, thousands of end clients, and such depending on their services, company stakeholders recognized the importance of honouring commitments to both customers and employees alike.
“We are a true 24/7/365 entity, and that had to be held true while we were remote with all of our staff members. At the forefront of all of this was the importance to keep our employees safe, and as a result, keep our business safe.”
– Manish Govindaraj
The company made the transition to total remote operation at the beginning of March, even before the government of Ontario declared a state of emergency. “We acted early, reducing the risk of exposing our staff members to the virus at the workplace; that was very important to us,” Manish reflected. In the best interest of employees, Manish led the initiative to remote operation with Jolera Inc’s Pandemic Response Team.
Together, they identified four key aspects to protect their people and their business:
1. Keep everyone safe
2. Deliver on customer mandates
3. Ensure operational security
4. Build a stronger Jolera community
Once employees safely transitioned to remote operation, the company introduced rigours to maintain and further improve productivity. Manish reported, “Through daily active management, collaboration and transparency through better reporting, we saw a Jolera community bond even closer together and a total rise in productivity.
As government-mandated restrictions began to ease around the world, businesses once again were challenged to transition their operations and safely re-open their doors. Before building any plan to re-open, Manish’s main objective was to create a sense of normalcy for workers in the physical office. With this goal in mind, Manish teamed up with Jolera’s Pandemic Response Team to build and execute a re-opening plan.
“We kept it somewhat simple. If you look at the government of Ontario’s plan, there are multiple phases, and we just distilled it down to two phases. In Phase 1, we begin operating our offices with a limited number of staff per location. This was to test physical distancing and safe practices at work. We did not put a number or target into play, simply because it was an elective approach where employees chose to be part of that phase and wanted to join back in the office. Phase 2 is going to be about returning to a sense of normal in alignment with guidance from our government.”
– Manish Govindaraj
It was essential, to Manish, to source information from reliable government agencies when making decisions about opening the various offices across the globe. “Because we are so spread out and geographically dispersed, we had to factor in the diverse needs that existed based on where we were located geographically. The reality in Porto, Portugal, is very different from that of Toronto, Calgary or even Winnipeg.”
In addition to geographical diversities, local considerations unique to each building or operating site also had to be considered. Manish identified challenges associated with each operating site; “We needed to coordinate with building security and building management to ensure that our people could come in and start working.” Although prerequisites such as PPE, cleaning equipment and sanitization requirements were identified to ensure the offices were equipped to operate safely, individual employee considerations also needed to be accounted for.
“We made the decision not to include people who relied on public transit during Phase 1. Instead, we chose a subset of employees who would drive into work to limit their exposure to the public.”
– Manish Govindaraj
Taking all of these factors into account, Manish identified, “the most important thing was to start building confidence among our people that we’ve taken the right actions in order to re-open our offices in a limited capacity.” Open communication and reviewing the plan with department leaders gave staff a full debrief of all the considerations that had been factored into building an executable return to work plan. Physical distancing and other new behaviours at the office have since been adopted to ensure that people are kept safe.
“When COVID-19 started surfacing as a distant threat, there was a lot of media hype about what it was, what it could be and where things could be heading. The narrative was morphing every day. As a leadership team, we agreed that we would look to government agencies and sources from within the governments of where our offices are located to guide our decisions and actions. We’ve been monitoring all of those sources for direction on what we needed to do relative to every point in time throughout this crisis. Whether it was before we invoked our BCP and Pandemic Plan or as we continue to monitor our evolving coordinated return to work plan, one size does not fit all – we had to tailor our plans according to the information that we were getting from the different government agencies.”
– Manish Govindaraj
Manish credits Jolera’s readiness and resilience to the immensely talented and committed people within the organization.
“We had the comfort level going in [to remote operation] that our people can perform well remotely. We have a great team, and we have the right oversight and collaboration mechanisms in play. The team came together; they just fell right into the groove and delivered on their mandate. Overall, we are delivering on all the things that we need to deliver on, keeping both our customers and our teams satisfied.”