Women in Cyber Day, weekend cyberattack warning, worst IT practices and beware of proxyware.
Welcome to Cyber Security Today. It’s Wednesday September 1st. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Today has been dubbed International Women in Cyber Day in several jurisdictions, including three Canadian cities: Vancouver, Ottawa and St. John’s, Newfoundland. It might have been declared nationally had a federal election not been called. There was a petition before the House of Commons asking Parliament to declare September 1st International Women in Cyber Day. However, all business before Parliament dies when an election is called. Paper petitions that were on the agenda before the election can be re-introduced when the new Parliament starts. The goal of Women in Cyber Day is to recognize women’s achievements in the industry, and to give young women and girls the confidence to chose a career and succeed in cybersecurity.
The annual Labour Day long weekend starts Friday in Canada and the U.S. Time to kick off your shoes and relax, right? Not if you’re an IT department. A joint advisory issued this week by the FBI and the U.S. Cybersecurity and Infrastructure Security Agency is a reminder that cyberattacks often occur on regular and holiday weekends. That’s because hackers hope IT security staff aren’t alert then. It’s not uncommon for malware and ransomware planted during the week to be set to detonate on a Friday night or early Saturday morning. So weekends are not a good time for everyone to be off. At the very least have some information security staff on call, just in case.
Speaking of the CISA, it’s started a list of the bad practices IT departments must avoid to make sure they’re not hit by cyber attacks. The first three so far are:
–the use of unsupported or end-of-life software. Some employees love downloading things on company-owned or managed computers and smartphones. They think these gems will improve their productivity. They have to be taught unapproved software is forbidden. As for having expired software on IT systems, that’s inexcusable;
–another no-no is the use of either fixed or default passwords in software and hardware. Hackers try these first;
–third is using only a username and password when logging into applications. Always use multi-factor authentication if it’s available.
It’s bad enough that hackers try to steal and sell valuable corporate data. Now they’re trying to steal and sell the internet bandwidth of organizations and home users. According to a report from Cisco Systems’ Talos threat intelligence service this use of what is called proxyware is risky. Proxyware isn’t a secret. Some consumers use proxyware as a way of getting around bans that streaming or gaming platforms put on using their applications in certain countries. Or they install proxyware on the promise of getting money for the resale of their bandwidth. Companies may buy and use proxyware to improve network performance. However, threat actors are using legitimate proxyware applications to secretly attack victims’ computers by installing malware for data theft, and to hide attacks on other computers. Cisco warns organizations to deploy comprehensive logging and alerting applications to detect abnormal use of their IT networks.
Speaking of logging, last week the U.S. president issued an executive order to government departments on things they have to do to improve their ability to investigate and respond to cybersecurity incidents. One of them is having a process for logging, managing and analyzing IT events. Logs show what’s normal in an IT environment, and what’s abnormal and might be a sign of hacking. The presidential order tells departments to meet certain deadlines for having logging processes. Experts at the SANS cybersecurity training institute say it’s a good yardstick for any organization. IT events are automatically recorded by Windows, cybersecurity software and network equipment. The presidential order says departments have to report where they stand on a four-level scale within 60 days. Within one year they have to reach level one maturity, level two maturity within 18 months and level three maturity within three years. There’s a link to the standard here. There’s also a link to a U.K. cybersecurity centre how-to-start project here. If your IT department doesn’t do rigorous event logging now, take a look at these resources.
That’s it for now. Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.