Archive for April 20, 2020

Too Many Companies, Agencies “Wide Open” To Hacker Attacks: IAITAM

Posted in Commentary with tags on April 20, 2020 by itnerd

Today, the International Association of IT Asset Managers (IAITAM) is warning that breaches of corporate and government data appear to be running at a level even higher than experts had feared going into stay-at-home orders due to COVID-19.

Last month, IAITAM repeatedly warned of “nightmare data risks” for unprepared government agencies & companies, especially as end-of-the month billing procedures were being carried out remotely. 

Based on its preliminary analysis of early published reports, IAITAM is breaking down the biggest problems into four categories:  

  1. Assets left unsecure  –  An intentional decision to make devices less secure to allow for work from home (WFH) use.  One example would involve removing admin permissions so that employees can complete the task without administrator oversight. Another would be allowing the use of “unpatched” business computers that allow hackers to load malicious files with admin privileges.  In some cases, companies with high-end virtual private networks (VPNs) pre-loaded on business computers are allowing people to work from home on personal devices either with no VPN or with a lower-end virtual private network that may be less hacker resistant.
     
  2. “New” assets created –  More and more reports are emerging of companies purchasing new devices or technology to account for employees working from home.  In one case reported directly to IAITAM a national health care company ordered 9,000 new laptop computers from a major online company and gave its IT department less than a week to prep the new machines and deliver them to users, who had little or no time for training and other security-related instructions. The concern:  The more corporate assets that you have, the higher risk of intrusion. Each asset becomes a doorway or entry point for a breach, particularly when it (or its user) are underprepared. IT Asset Managers help with this by providing the data necessary for corporate security teams to know what exists, where it exists, and what is on the device.
     
  3. Assets now unsecure in at-home environments –  Many company devices were deployed into a WFH situation quickly, leaving little time to ensure that they would be secure via a virtual private network (VPN) or other means. Just last week, school districts in Oakland and Berkeley, California unwittingly became an accomplice in their own data breach by accidentally making Google Classroom documents public, which contained access codes and passwords for Zoom meetings, as well as student’s names and comments.  
     
  4. Employees unwittingly inviting in the intrusion –  Human error allows for mistakes and creates a vulnerability (i.e. clicking on phishing emails or downloading malware). Google reported last week that it is stopping 18 million coronavirus scam-related emails every day, many of them targeting cash strapped businesses looking for loans or other capital. An internal memo from NASA on April 6th revealed that increased cybersecurity attacks had been directed at their employees working remotely. These phishing attempts were disguised as appeals for help, disinformation campaigns or new information about COVID-19, to gain login credentials or install malicious software. This is a prime example of how an employee could unwittingly invite in an intrusion. IT Asset Managers are at the forefront of education and communication campaigns within organizations to help teach end users what they should and should not be doing.


Even companies that do not make a mistake themselves could still find themselves the victim of a coronavirus-related breach. Earlier this month, The Small Business Administration experienced a glitch with a coronavirus loan relief fund platform that publicly leaked the personally identifiable information of business owners across the nation.  

The good news is that most or all of these issues can be mitigated with proper IT asset management (ITAM). Professionals in the ITAM industry facilitate corporate asset protection. Uncovering the vulnerabilities now, and then putting an action plan into place will save companies money in the end. If companies and businesses act now, they can turn today’s crisis into tomorrow’s opportunity.

IAITAM President and CEO Dr. Barbara Rembiesa recently went on camera to share more about what companies and government agencies should be doing:

WhistleOut Releases New Research On Working From Home

Posted in Commentary with tags on April 20, 2020 by itnerd

You might be interested in these new stats about working from home that the team at WhistleOut just released. 

Key findings include:

  • More than ⅓ (35%) of people working or schooling from home say that weak Internet has prevented them from doing their work at some point during the Coronavirus crisis
  • 65% say they’ve had video calls cut out, freeze, or drop because of a weak Internet connection
  • 43% say they have had to use their phone as a hotspot during the crisis
  • 83% say they need the Internet to be productive, indicating they couldn’t work offline for more than just half a day

You can check the full report out here: https://www.whistleout.com/Internet/Guides/weak-internet-a-problem

You Can Check To See If Your ISP Properly Implements BGP To Protect You

Posted in Commentary with tags on April 20, 2020 by itnerd

Is BGP Safe Yet” is a new site that names and shames internet service providers that don’t tend to their routing in a secure manner. This is important because of this reason laid out by Wired:

For more than an hour at the beginning of April, major sites like Google and Facebook sputtered for large swaths of people. The culprit wasn’t a hack or a bug. It was problems with the internet data routing standard known as the Border Gateway Protocol, which had allowed significant amounts of web traffic to take an unexpected detour through a Russian telecom. For Cloudflare CEO Matthew Prince, it was the last straw. BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack.

That’s where “Is BGP Safe Yet” comes in:

On Friday, the company launched Is BGP Safe Yet​, a site that makes it easier for anyone to check whether their internet service provider has added the security protections and filters that can make BGP more stable. Those improvements are most effective with wide adoption from ISPs, content delivery networks like Cloudflare, and other cloud providers. Cloudflare estimates that so far about half of the internet is more protected thanks to heavy hitters like AT&T, the Swedish telecom Telia, and the Japanese telecom NTT adopting BGP improvements. And while Cloudflare says it doesn’t seem like the Rostelecom incident was intentional or malicious, Russian telecoms do have a history of suspicious BGP meddling, and similar problems will keep cropping up until the whole industry is on board.

Now out of interest, I tested this with Rogers who is my telco. Unsurprisingly they failed:

The reason why I said “unsurprisingly” is that there are a bunch of reasons why an ISP like Rogers might fail a test like this. The biggest one is that infrastructure equipment companies may not properly implement BGP protections. And it is said that 50% of ISPs worldwide may fail this test. But by highlighting the ISPs that do fail, it may motivate them to do something about it and make the Internet a better place for all. Thus I encourage you to use this test with your ISP and place the result on Twitter, which is made easier by the button that they have on the site allowing you to do that with the following result:

There’s nothing like bad press on Twitter to get the attention of those who run ISPs.

Hackers Attacked Businesses 22 Million Times In The Last 7 Days: Atlas VPN

Posted in Commentary with tags on April 20, 2020 by itnerd

According to data compiled and analyzed by Atlas VPN, hackers attacked businesses more than 22 million times during the last week worldwide. Over 63% of these hacking attempts were malware attacks.

On average, there were 3.26 million cyberattacks daily throughout last week. From the chart, we can see that hackers carried most cyberattacks on April 15, with a total of over 3.6 million intrusion attempts. Interestingly, most of these cyberattacks were malware attacks.

There were around 2,070,297 malware attacks per day during last week. Malware attacks comprised 63% of the total attacks.

In comparison, phishing attacks and C&C attacks comprised 11% and 26% of total attacks, respectively.

We estimate that hackers could be attacking corporations 20 million times per day globally, and breaches will exceed the 8 billion record figure we saw in 2019.”

A broader perspective – last 30 days 

During the last 30 days, cybercriminals tried to infiltrate corporate networks nearly 100 million times. Hackers attacked businesses using malware over 57 million times.

Moreover, C&C attacks were the second most common type used by hackers, with over 27 million attacks in the last 30 days. In other words, C&C amounts to over 27% of all attacks on enterprises.

Finally, phishing scams are the least common type of attacks used by hackers, with a total of over 15 million attacks in the same time-frame. This accounts for over 15% of the total volume of attacks.

To read the full report, head over to: https://atlasvpn.com/blog/hackers-attacked-businesses-22-million-times-in-the-last-7-days-globally/