The Ivanti Threat Thursday Update for September 14, 2017: Been All Around This World
Greetings. This week, some select examples of the cybersecurity threats challenge companies large and small across the planet every week. Your opinions, reactions, and suggestions always welcome – feel free to share, and thanks in advance.
Australian Small and Midsized Businesses: Insecure and Unaware
In August, Australian accounting software provider MYOB surveyed 394 of its customers. As ZDNet reported, many small and midsized enterprises (SMEs) are far less secure than their decision makers think.
- “87 percent of small and medium-sized enterprises (SMEs) in Australia consider their business to be safe from cyber attacks, mainly because they use antivirus software.”
- “32 percent said they do not need to improve their organisation's cybersecurity, because they do not have a strong online presence, and 28 percent find the whole issue ‘too complex’, the report details.”
- “Around half of the SMEs surveyed are planning to improve their business' cybersecurity over the next 12 months, while 40 percent said they are unlikely to.”
- “13 percent said they intend to hire an IT professional to improve the organisation's cybersecurity position, and 31 percent have plans to throw more money into defensive tactics or software. However, the biggest barrier to improving the cybersecurity of the business is not having sufficient expertise, with 38 percent of those surveyed telling MYOB they are out of their depth.”
What We Say: Respected industry bodies, from the Center for Internet Security (CIS) to the Australian Signals Directorate (ASD), agree that antivirus software alone cannot provide sufficient cybersecurity protection. And as recent high-profile breaches have made clear, hackers often go after larger enterprises by first attacking their smaller, less-well-protected business partners. You and your team should use proven recommendations and guidelines to craft and deploy multi-layered protection strategies for your enterprise, and share these with your connected business partners wherever possible. (See “Your Threats Are Evolving. Are Your Defenses?”)
The European Union (EU) Plans More Efforts — and More Money — for More Cybersecurity
In 2016, the European Commission (EC) announced plans to spend 1.8 billion Euros by 2020 to improve cybersecurity across the EU. As Reuters reported, continuing cybersecurity threats have persuaded the EC to build upon that planned investment.
- This week, the EU’s executive has proposed to strengthen the EU’s dedicated security agency, and to develop and adopt “a common plan to coordinate the bloc’s response in case of a large-scale attack.” “The revamped cyber security agency would work on annual pan-European exercises and contribute to the improvement of EU and national public authorities’ capabilities and expertise.”
- “The Commission also proposed a Cybersecurity Research and Competence Centre to gather expertise and support new technologies, such as assessing encryption methods. The proposal includes an EU certification framework to evaluate the cyber security level of products and services.”
- The EC also proposed to ease trans-border data flow among EU member states. “Under the proposed law national governments will not be able to require that companies store data within their borders except for justified public security reasons. However authorities will be able to access data stored in another member state, for example tax data.”
- The EC also announced plans to “work with industry to have more transparency on portability conditions in cloud providers’ contracts.” The goal here is to make it easier for companies to switch cloud computing service providers and avoid “vendor lock-in practices.”
What We Say: While these new proposals must be approved by the European Parliament and member nations to become laws, they signal a significant and continuing commitment by the EC to improve cybersecurity across the EU. This should be welcome news to all enterprises that do business with EU companies, citizens, or both, especially given the imminent advent of the General Data Protection Regulation (GDPR). If yours is such an enterprise, now is the time to do all you can to assure protection of personally identifiable information (PII) and GDPR compliance in advance of that law taking effect in 2018. (See “Going Global: Is Your IT Ready?” and “Is GDPR More About PR Than Data Protection? Ivanti Chief Technologist EMEA Simon Townsend Responds.”)
Old Techniques Enable New Threats to Critical Infrastructure in Europe and the U.S.
Since 2011, Symantec cybersecurity researchers have been tracking a group of hackers known collectively as Dragonfly who primarily targeted pharmaceutical firms. More recently, Symantec has identified new campaigns they have dubbed “Dragonfly 2.0.” These campaigns are apparently focused on industrial control system (ICS) elements and supervisory control and data acquisition (SCADA) networks, such as those used to manage power grids in Europe and North America.
- In a blog post, Symantec said that it “has strong indications of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries.” “As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software.”
- “The earliest activity identified by Symantec in this renewed campaign was a malicious email campaign that sent emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015. The group conducted further targeted malicious email campaigns during 2016 and into 2017. The emails contained very specific content related to the energy sector, as well as some related to general business concerns. Once opened, the attached malicious document would attempt to leak victims’ network credentials to a server outside of the targeted organization.”
- “As well as sending malicious emails, the attackers also used watering hole attacks to harvest network credentials, by compromising websites that were likely to be visited by those involved in the energy sector. The stolen credentials were then used in follow-up attacks against the target organizations.”
- “The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations. The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.”
What We Say: The latest Dragonfly attacks eschew zero-day exploits in favor of good, old-fashioned phishing and watering hole techniques for stealing legitimate credentials. These techniques only work because users, even those in highly sensitive environments, can still be persuaded to open bogus emails and click on malicious web links. Your multi-layered cybersecurity defenses must include comprehensive user training and frequent reminders to those users of their critical role in protecting your networks, your enterprise, and themselves. (See “User Education for Cybersecurity: Yes, It’s Worth It” and “Three Things You Can Do Now to Increase User Contributions to Cybersecurity at Your Enterprise.”)
Better Cybersecurity, Wherever You Are, with Ivanti
Wherever your business does business, it needs to best available cybersecurity to continue to do business. Ivanti solutions can help your enterprise to combat and remediate malware attacks more effectively, control user applications, devices, and admin rights, patch your client and server systems faster and more consistently, and improve IT reporting and analytics.
Through September, you can get select combinations of Ivanti cybersecurity offerings at discounts of up to 30 percent. Check out the offer details. Then, contact Ivanti. Let us help you to deliver the best possible cybersecurity to your enterprise and your users, wherever they may be. (And keep reading and sharing our Patch Tuesday and Threat Thursday updates, to keep yourself and your colleagues current as threats continue to evolve around the world.)