U.S. and UK cybersecurity authorities have issued a warning of another campaign by Russian state-sponsored hackers to target network infrastructure. Targets of the alleged Russian attacks are infrastructure devices at all levels, including routers, switches, firewalls, network intrusion detection systems and other devices supporting network operations. Once they gain access, hackers masquerade as privileged users and are able to modify the devices so they can copy or redirect traffic to Russian infrastructure.
It appears the Russian intrusions into US/UK networks were relatively easy to accomplish, and fairly hard to detect. Why? Because many networks have weak security, legacy protocols and service ports intended for administration purposes.
Obviously, software updates and patches should be applied as soon as they’re available. Infrastructure equipment that can’t be updated should be replaced with equipment for which updates are available and which will be supported for a reasonable lifetime.
The US/UK cybersecurity agencies included a list of tips for potential attack targets, which means nearly any organization with a network:
- Don’t allow unencrypted management protocols, such as Telnet, enter your organization from the internet. If SSH, HTTPS or TLS encryption is not possible, use a VPN.
- Do not allow internet access to the management interface of any network device. You should allow access from inside the network only from a white-listed device.
- Disable unencrypted protocols such as Telnet or SNMP v1 or v2. Retire legacy devices that cannot be configured with SNMP v3.
- Immediately change default passwords and enforce a strong password policy.
The National Institute of Standards and Technology (NIST) released Version 1.1 of its widely known Cybersecurity Framework, which incorporates changes based on 2 years of public feedback: https://lnkd.in/gBi3sG3. The Cybersecurity Framework compiles effective cybersecurity standards, guidelines, and practices into one framework. The new version of the Cybersecurity Framework includes updates on authentication and identity; self-assessing cybersecurity risk; managing cybersecurity within the supply chain; and vulnerability disclosure.
When an organization does infosec planning, one decision involves whether to run software on-premise, in the cloud, or in a hybrid model. At a recent round-table discussion involving infosec pros from financial services organizations, a variety of opinions were proffered regarding the different deployment models, which is consistent with what we hear from bTrade customers.
For example, an infosec pro from ABN AMRO Bank said a public cloud is “a no-go” for him because he cannot “control it” and does not “know who has access to the data,” which is what we often here from large organizations in the bTrade community. Another infosec pro from AXA uses a hybrid deployment because a public cloud works best for certain situations, like “processing data quickly for real-time services,” but they “constantly check what kind of data can be stored in the cloud, even after it is anonymized.”
If you want to learn about deployment models for bTrade software solutions, please contact us at email@example.com. If you want to keep updated on developments in the world of secure file transfer and data security, follow us on Twitter, Facebook, LinkedIn, Google+, and our blog MFT Nation.
Another good tip about ransomware–an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them–from @FBI: Create/test a solid business continuity plan in the event of an attack. According to @FBI, nothing will completely protect your organization from a ransomware attack, so contingency and remediation planning is crucial to business recovery and continuity, and these plans should be tested regularly.
The U.S. federal government, thru @USCERT_gov, issued a special alert advising that it has “observed an increase in ransomware attacks across the world”: https://bit.ly/2qlcup4 . According to @USCERT_gov, the “best practices and guidance remain the same” for preventing ransomware:
1. Create system back-ups
2. Be wary of opening emails and attachments from unknown or unverified senders
3. Ensure that systems are updated with the latest patches
And @USCERT_gov encourages users and administrators to review its its Ransomware page and the the U.S. Government Interagency Joint Guidance for further information.
Congratulations to to our longtime customer/partner, Sony, on the opening of its new Digital Media Production Center near bTrade world HQ in Glendale, CA: https://bit.ly/2GJjtDc. The facility will be the company’s home to Los Angeles-based crews for gear, training and education about its latest production technologies that include 4K and high dynamic range capabilities.
A cyberattack on a natural gas service provider late last month has spilled into the electricity sector, underscoring the growing threat hackers pose to critical energy systems: . The cyber intrusion has not disrupted the flow of natural gas or electricity. Still, energy and cybersecurity experts say the case offers a cautionary tale in today’s increasingly interconnected world.
IBM recently announced its 2018 X-Force Threat Intelligence Index, revealing that the number of breached records declined in 2017: https://ibm.co/2JlJPck. But the decline is not an indication that cyber-crime has decreased, but rather that the focus of cyber-crime has shifted to ransomware and other destructive attacks.