Tag Archives: Work from home

Security News for the Week Ending September 4, 2020

Centurylink Routing Issues Lead to Massive Internet Outage

Last Saturday night/Sunday morning, Centurylink had a bit of a problem, either taking down or severely impacting web site such as Cloudflare, Amazon, Steam, Twitter and many more. Just because a system was designed to stay operating in case of a nuclear attack does not mean that it is immune to human error or software bugs. Centurylink has not explained what happened. This particular attack nullified many business continuity strategies. If staying online is important to you, this would be a good time to review your DR-BC program. Credit: Bleeping Computer

The New Normal: Dell Says 60% of Their Staff Will Not be Going Back to the Office Regularly

We are seeing more companies saying that they do not plan to return to office life ever. Dell says that the majority of it’s 165,000 member workforce will never return to the office again or regularly. Dell says “work is something you do, an outcome, not a place or time”.

Ignore for the moment what this means for the commercial real estate market if this becomes the new normal.

That means a significant leap for your cybersecurity practices going forward. When the majority of your work is being done on a network, via unencrypted wireless through a router that was last patched in 2013, what does that mean for security? If that thought keeps you up at night, call us. Credit: The Register

Users’ Browsing Can Be De-Anonymized With Little Work, Researchers Say

Mozilla (Firefox) collected two 1-week browsing history datasets from 50,000 volunteers and were able to re-identify anonymous browsing data to the individual successfully. With users who only visited 50 web sites during that period, they were able to re-identify up to 80% of them. The odds improve when the researchers have more data. After all, who visits only 50 web sites in a two week period. Therefore, assume claims of data being anonymized with great skepticism. Credit: Help Net Security

US Federal Appeals Court Rules NSA’s Mass Surveillance Disclosed by Edward Snowden is Illegal

Seven years after Edward Snowden disclosed the existence of NSA’s mass surveillance program a federal appeals court said the program is illegal. In defending the program, the NSA pointed to one case where NSA surveillance data was used, but the judge overseeing that case says that the NSA’s information was not material. However, the same court said that the folks convicted in that case are still guilty so no getting off the hook based on that. Given the hundreds of millions of dollars spent on this program, the fact that the NSA can only point to one court case where the program had any effect should kill the program on effectiveness grounds anyway, but that it not the job of the court. I am sure the Republican administration will appeal this up to the Supremes, but they may or may not take the case, so stay tuned. Credit: Threatpost

Republican Plan to Ban Huawei Will Cost Americans $2 Billion

Now that the Republicans have decided (it is an election year) that Huawei is a national security threat (but wasn’t for the last three years), they have created a requirement to rip out and replace all of the existing Huawei (and ZTE) equipment that carriers are already using. The first step in this process was to ask the carriers well, how much will it cost to replace all that stuff. The carriers have come back with that initial estimate and it is $1.8 billion and change. Carriers are notoriously bad at estimating costs like this, so make it $2.5 billion or so.

BTW, I am not saying that the FCC is wrong, I just don’t understand why this wasn’t considered a problem in 2017 vs. two months before the elections.

Where is that money going to come from? There are really only two options – higher prices to customers and a taxpayer subsidy.

Curiously, the Republicans are complaining about a Chinese law that requires Chinese companies to comply with requests from the intelligence services and not tell anyone. If I was wearing a blindfold, that would sound exactly like the U.S. Foreign Intelligence Surveillance Act or FISA.

I have said for a long time that when it comes to telecom, the U.S. is basically a third world country (according to Wikipedia, we rank 30th in the world for mobile Internet connection speed). What the carriers will do in the short term is, except for really densely populated downtown cities, slow down the rollout of 5G Internet (Verizon, for example, only covers 5% of the population with high speed 5G – high speed means that a user can tell the difference when connecting over a 5G connection vs. connecting over a 4G connection). Other carriers cover more of the US, but with virtually no speed difference over 4G, but now, even that rollout will likely slow down.

Cybersecurity and Work from Home

Reports are that reported breaches are down. This is likely not due to the fact that there are less breaches, just less reports.

Wait six months and see what the breach reports look like.

Security firm Tessian released their State of Data Loss report and here are some of the things they found.

  • 52 percent of employees feel they can get away with riskier behavior at home like sharing confidential files by email.
  • Part of the reason for not following safe practices is that many employees are using their own computers rather than a company issued one.
  • Another reason is that security and IT are not watching them.
  • Employees have more distractions at home, making it difficult to concentrate. Distractions include kids, roommates and not being in their normal office environment.
  • Some employees say they are being forced to cut security corners because they are under pressure to get the job done.
  • Half of the people said that they had to find workarounds to the rules in order to work efficiently.

None of this is news.

Employers are the ones that will get to pay for this in the long run. If an employee causes a breach by cutting corners you may fire them (and you may also get sued by them because they may say that you forced them to cut corners – whether true or not), but even if you do, you will get to write that check for thousands or millions of dollars. And suffer the reputation damage.

Many companies do not have good (or any) real time security monitoring and alerting systems in place. The effect of this is that even if you are breached, you won’t know about it.

Do you know the most common way companies find out about a breach?

YUP, it is when some third party like the POLICE, FBI or CREDIT CARD COMPANIES tell them they have been breached.

So while no one really wants to spend the time and money right now, now is the time that you have to spend time and money.

Alternatively, you can spend that money in breach response.

At least 10 times more money.

Assuming you don’t get sued.

or you don’t lose customers.

Credit: ZDNet

WARNING: Covid-19 Increases Security Risk

While the subject line shouldn’t surprise anyone, we are beginning to see more data on the subject.  Here are some examples:

Threatpost surveyed their readers about their “comfort level” regarding remote work preparedness.   52 percent – roughly half – said that they “feel” prepared for the transition.  20 percent admitted they were struggling.  Given the fact that in normal times we hear about breaches every day, feeling prepared doesn’t give me a lot of comfort.  40 percent say they are seeing an increase in cyberattacks as the move to work from home.  That, of course, doesn’t address the VAST majority of small and medium sized businesses that have no monitoring in place to detect such activity beyond traditional anti-virus software, which isn’t really up to the task.

13 percent of the respondents said that they were only ready to move a small part of their workforce to work from home and 5 percent weren’t ready at all.

For 70 percent of the responders, enabling remote work is new for them.  I suggest this means that they don’t even know what the attacks will look like, so the 52 percent who “feel” prepared are likely optimists.

In fairness, at least 28 percent said there were “extremely” worried about cyberattacks as they move to more work from home activity.

A different Threatpost article talked about some of the issues facing organizations as they move to major remote work status.

Organizations have traditionally assumed that their perimeter security provided a strong line of defense and, historically, it has been important.  Unfortunately, the rapid move to remote work doesn’t give organizations time to plan for the security implications of the move.

Already researchers are seeing an uptick in corona virus themed attacks.  This includes remote access trojan (RAT) attacks that quietly take over a user’s system and silently steals their data.

As people work from home, they mix personal and business use of their systems, users get distracted or forget.  The hackers take advantage of that.

Then we have a lack of IT resources.  It is much easier to support users when they are located in a company office, on a company network and using company computers.  Users will try to figure out how to “fix” things themselves when the help desk is not down the hall.

Home WiFi is, for the most part, a dumpster fire, as are home firewalls – if they exist at all.  After all, when was the last time YOU patched your OWN home firewall or WiFi access point?  When was the last time you checked the security configuration of those devices?

Any company using legacy, proprietary software is also probably at greater risk.  Those systems are often designed to work in a closed environment.  The software configuration might have to be changed to even work remotely.

Cyber crooks, however, get to take advantage of everything that they have used in the past to try and trick businesses and employees who are operating in a new environment that no one is prepared for and for which no one had time train employees on new and different practices.

Working from Home Security Challenges / Coronavirus

The bad guys did not waste any time using the Coronavirus pandemic to attack folks who are suddenly Working From Home (WFH) or Studying From Home (SFH).  Here is some information to help those of you who are WFH to navigate the perilous path.

Given that many WFH programs were created out of nothing in almost zero time or scaled up from zero to 60, it is no surprise that there might be a security hole or two.

This applies not only to employees working from home but also to students attending school from home.

First of all, hackers are pumping out tons of malicious emails themed around Coronavirus.  The malicious emails are compromising systems with password stealing malware and remote access back door software, among other goodies.  And don’t forget that old favorite – ransomware.  More on that later in this post.

Given how stressed people are, they are likely to forget their security training.

Another challenge for WFH/SFH – making sure that all devices are fully patched.  That is going to fall more on the end user now.  Companies who have fully automated that are in better shape, but lots of organizations are not set up for that.  THIS INCLUDES PHONES AND TABLETS!

Another problem is home and public WiFi.  At work, the company can control the setup of company WiFi, but at home it is a bit of the wild west.

For example, when was the last time you patched your WiFi server and your Internet router, modem or firewall?

When did you last have a security expert check the security configuration of those devices?

If your company uses older, in the office systems, they likely do not work very well for remote workers.  There is no quick fix for this.  It is fixable, but the fix requires new hardware and employee training.

Companies who are in regulated industries such as healthcare, finance or defense have additional problems.  How do you continue to comply with the security laws and regulations that these industries have to comply with?  In fact, in many of these industries employees are not allow to work remotely by regulation or law.

To make matters worse, in many cases, IT doesn’t have the right tools to securely assist workers who are no longer at the office.  If an employee uses a virtual private network (VPN) to connect to their work network, it usually makes it even more difficult for IT to securely connect back to them in order to provide tech support.  Even in cases where it does work technically, many times the company has not bought the right support tools to make this possible.

Of course employees who are using their mobile devices more open up yet another attack vector.  Many phones and tablets are horribly out of date when it comes to security patches.  Many phone manufacturers do a crappy job or releasing patches and for older phones – say more than 2 years old – many times the manufacturer says they are no longer supported and leave the user wide open to a whole raft of attacks.

Companies need to conduct a risk assessment of the remote work environment to make sure that they understand what new risks the company is accepting.

Companies need to consider whether they even have enough security software licenses such as VPN connections.  Employees will create unsafe workarounds if the company can’t provide them tools that are secure.

Here is a screenshot of a malicious email.  It pretends to be from the CDC, but the email address in the red box shows that this is not the real CDC.  The URL in the second red box looks like it is from the CDC, but if you hover over it, it turns out that it is not.

Cybercriminals sent this coronavirus phishing email, which was designed to look like it came from the U.S. Centers for Disease Control and Prevention. Courtesy of Kapersky.

The spam emails might claim to provide information on the Coronavirus or perhaps provide a way for people to contribute to those who need help.  Unfortunately, the only one these people are helping are themselves.

KnowBe4 published a picture of an email containing a QR bar code asking for donations (see below).  If you want to make the folks in China or North Korea rich, you should donate.

coronavirus_donation-1

This piece of spam, also from KnowBe4, asks you to watch a Coronavirus video.

covid19_spam-scam-1a

It promises secret information that the government isn’t telling you.  If you buy their book for $37.00.

That is actually good because some of them tell you that you need to update your software in order to view this secret video.  In fact the update is software that infects your computer, steals your passwords, empties your bank account, encrypts all of your data or some combination of the above.

In the following email, if you just click on the link, some  dude will tell you everything you need to know about the Coronavirus and how to stay alive.  NOT!

coronavirus_info-1a

Suffice it to say, this is a bit of a mess and it is not likely to get any better soon.

Companies will, unfortunately in this time of uncertainty, need to up their security spending.  The alternative might be a bit of a train wreck.

If you do need help or have security questions.  Please reach out to us.  After all, we are staying home to stay safe :).

Information for this post came from Threatpost, GCN, the US Secret Service and KnowBe4.