Category Archives: Vulnerability Management

Cybersecurity in the Age of the Coronavirus: The Impact on Business Operations

Cybersecurity in the Age of the Coronavirus: The Impact on Business Operations

As the global workforce shifts to remote work, business operations and management face a number of obstacles. As mentioned in the previous article, the line between our work lives and our personal lives are blended now more than ever. Pre- pandemic predicted cybercrime will cost companies $6 trillion globally. According to research, last year, governments and government organizations were attacked most often, followed by industrial companies, healthcare, education, and finance. 

Business networks are now accessible from home, posing a risk to the security of business operations. We’ve seen changes in the way leadership makes decisions for business performance. During these unprecedented times, the movement to cybersecurity concentration is rapid, with little to no room for error. Cybersecurity is built in layers and it is impossible to protect a network forever. However, leadership must conform to a balance between risk mitigation and business efficiency.

In this day and age, business leaders are getting a daily lesson in large scale systematic failure during COVID- 19. They see and read how quickly COVID- 19 spread around the world and how it affects economic, social, political, and business systems. It is imperative to provide real- time capability and adaptability of the company’s cybersecurity defenses. The gap between cybersecurity risk and defensive effectiveness is as wide as it’s ever been for most companies, and experts warn that it could get even worse once the pandemic subsides. New cybersecurity risks will emerge and defense has to continue to be ahead of them.

Board members often ask “Are we spending enough on cybersecurity?” rather than “What do we need to protect, what is the value of what we need to protect, and how secure is it for what we’re spending?”. Digital success and failure start at the top, so they need to have a deep understanding of how cybersecurity complexities work. Some say the pandemic is actually helping companies by urging executives to focus on cybersecurity and their digital business system, calling for a structural reform for some companies. 

IT teams who once had physical access to employee machines now lack the time and accessibility to address commonplace issues. The absence of onsite diagnostic teams calls for automated threat reporting and diagnostic tools such as endpoint detection and response. Business Continuity Plans and Disaster Recovery Plans are important to the flow of business operations by ensuring that resources are available, to keep employees online, and to guarantee constant communication.

Additionally, the way employees access data is now heavily reliant on VPNs. As a result, VPN gateways are running at or near capacity. This means that corporate IT departments need to leverage all the tools at their disposal to keep loads manageable so that the VPN gateways aren’t overwhelmed and unable to provide the necessary access for remote workers. Because of this, just one DDoS attack can take down an entire company. Cybercriminals know that employees are more exposed and less cautious when working from home, so it is important that IT stays up to date with software patches and take appropriate actions to mitigate risks. 

Along with higher VPN precautions, companies have been increasing the use of advanced concepts of threat hunting, including detection and incident responses. It is not possible to keep the threat out of the perimeter forever, so it is important to seek out the target and actively address it without giving up a basic layer of protection. Organizations have also invested in educating employees on cyber threats and their impact. Organizations have reported higher victimization of phishing emails, prompting the adoption of more innovative approaches.

Security teams are now emphasizing employee security awareness and training. Doing this while providing a basic layer of protection can create a more effective prevention and defense strategy. Organizations that do not practice cyber hygine have reported higher phishing victimization.

The risks of entering networks through third- party vendors have also increased. There is more evidence of attempts to insert malicious code, exploit external suppliers and outsourced technologies, generating higher threats and more vulnerabilities. Organizations have shown a higher dependency on outsourced tools to maintain ongoing operations such as marketing and communication tools. This may result in the higher exposure of sensitive data, expanding the potentials for supply- chain attacks. There are also more consumer- oriented online services such as E- commerce websites that are open to public access. These websites are overloaded with requests, and many of the financial processes are now made as online procedures. Phishing through these E- commerce websites is aimed at victims as both individuals and professionals.

Experts urge companies to proceed with caution. Reducing reliance on office VPN and migrating to a cloud solution is a must. Also, lock down the supply chain, as they can be an entry point for hackers. Ask your suppliers what they do to maintain security. Scale up benefits of cloud migration to virtualize the workforce. CISOs must switch their focus to four main points, rather than sticking with the traditional viewpoints.

  1. Focus: Focus on supporting only those technology features and services that are critical to operations. Focus on employee safety on the frontline.
  2. Test: Test the company’s incident response plan, business continuity and disaster recovery plan, and vendor requirements right away. Eliminating risk is impossible, but you can reduce the risk associated with a poor response.
  3. Monitor: Monitor all resources, including collaboration tools and endpoints.
  4. Balance: Cybersecurity teams are likely to receive a flood of urgent requests for cybersecurity. Allow policy exceptions that will allow teams elsewhere in the organization to get work done.

Many organizations never really take cybersecurity projects seriously because they are lower priority, but the Coronavirus has pushed cybersecurity projects to the forefront. Management has acknowledged that things will not go back to the way they used to be. This transition period marks a point in time where there are distinct opportunities for a new and more aggressive type of cyberattack to damage or slow business rather than the traditional goal of attaining money from many parties.

Security and Privacy Issues with Zoom

Security and Privacy Issues with Zoom

With the increase of employees turning to remote work during the pandemic, companies have been relying on video conferencing platforms, such as Zoom, for regular meetings and communication between employees. According to Check Point, there have been 1,700 new Zoom domains registered since the pandemic began, a quarter of these domains were registered just in the past week. Attackers have noticed the spike in users, which raises concerns for businesses that use Zoom. There have also been an increase in privacy concerns due to the sensitivity of information that is now being transferred over the platform.

In Zoom conferences, anyone with the right link can enter a teleconference and share a screen, even without a Zoom account. There have been new complaints about users being Zoom- bombed, which is when unwanted guests intrude on video meetings for malicious purposes. Recently, two online classrooms in Massachusetts were interrupted by an anonymous attacker during instruction. During the online classroom meeting, an unidentified person yelled profanity during instruction before shouting the teacher’s home address. Another classroom was disturbed by an intruder who displayed his hate tattoos to all the students and the teacher.

There have been several of these intrusions on online classrooms as well as in business conferences. Users have made several reports of conferences being interrupted by graphic images and threatening language. As a result, many schools and businesses have completely switched to other platforms, such as Microsoft Teams and Google Hangouts.

This is not the first time Zoom had security flaws in their platform. In 2019, security researcher Jonathan Leitschuh found a vulnerability in the Mac Zoom Client. When a user downloaded the Zoom app, Zoom silently installed a hidden web server on the device without the user’s permission. This web server allowed websites to join in on any Zoom call when their video camera was activated, a flaw that also impacted Ringcentral. This web server remained on the device, even if the Zoom app was uninstalled. At the time, there were 750,000 companies using Zoom for business purposes that were put at risk due to this vulnerability. Apple and Zoom have since resolved this issue for Mac users.

Another vulnerability found by Check Point researchers was quickly fixed by Zoom. Zoom calls had a randomly generated ID number between 9 and 11 digits long that allowed users to locate and join a specific call. Check Point researchers were able to predict which were valid meetings and join in on them. Zoom allows video conferences to have hundreds of participants, so it was easy for an attacker to join a call unnoticed. Zoom recently changed the randomly generated numbers into a more “cryptographically strong” one, added more digits to meeting ID numbers, and made requiring passwords default for future meetings.

Allowing vulnerable servers to run on devices makes it easier for attackers to intrude on conferences. While removing the vulnerable web server was a big help, attackers are still able to access meetings over Zoom. Officials warn businesses and individuals about an increase in phishing emails for attackers to enter and exploit networks. These can be especially detrimental to remote workers, as cybersecurity and information security is often weaker at home than in the office. Check Point researchers confirmed that at least 70 of the newly created Zoom domains were being used maliciously, often as phishing websites in order to steal unsuspecting users’ personal information.

Users have also expressed concerns over Zoom’s privacy flaws. Zoom allows hosts to see if participants have been on a different screen for more than 30 seconds. Additionally, for paid subscribers, a host can record the meeting and have access to text files of any active chats that take place during the meeting. The host can then save these files to the cloud where it can be shared and accessed by other authorized users.

Earlier this week, there were questions raised about Zoom sharing customer data with Facebook, even if the users did not have a Facebook account. The Zoom app notified Facebook when the user opened the app, details on the user’s device including where the device is located and phone carrier, and a unique advertiser identifier created by the user’s device. With this information, companies could target a user with specific advertisements. This practice is not new and is fairly common with major applications. Several apps use Facebook’s Software Development Kit (SDK) to implement features on their apps, which ultimately sends information to Facebook. This concern has since been addressed and fixed by Zoom. Zoom now enables users to log in with Facebook via browser, rather than through the Facebook SDK.

The privacy of Zoom calls has particularly raised concerns for parents whose children are now using Zoom for education. However, Zoom claimed that their service for schools complies with federal laws on educational and student privacy.

Many officials are worried that Zoom has not taken any precautions when dealing with the spiked volume of users. The New York Attorney General warns that the existing security practices may not translate well with the volume and sensitivity of data now being transferred through Zoom.

Zoom’s cloud meeting app is now one of the most popular apps being downloaded on iPhones. Here are some tips to protecting your Zoom conferences:

  • Keep conferencing private rather than public and refrain from posting the links to your conferences on social media
  • Keep the screen- sharing feature only to the host
  • Lock meetings when they are in session so no new participants can join
  • Mute participants and disable the file transfer feature when it is not in use

Consumer Reports finds Samsung, Roku TVs vulnerable to hacking

You may not know exactly what your IT Security issue is. We will find it and develop and implement a solution. The more reliant on technology that we become, the more prone to hacking our society is. Listen to how easily Roku TVs can be hacked.

We’ve written in the past about how your TV is probably tracking you, and now Consumer Reports, as part of a broad privacy and security evaluation, has has found that millions of smart TVs are vulnerable to hackers and “raise privacy concerns by collecting very detailed information on their users.”

According to the report, the problems affect Samsung televisions, plus models made by TCL and “other brands that use the Roku TV smart TV platform, as well as Roku’s popular streaming devices.”

“We found that a relatively unsophisticated hacker could change channels, play offensive content or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening,” Consumer Reports said. “This could be done over the web, from thousands of miles away.”

The good news is these TVs’ security vulnerabilities apparently won’t allow hackers to spy on you or steal your information, according to Consumer Reports.

The report singled out Samsung, TCL and other Roku TVs as being vulnerable, but smart TVs from LGSony and Vizio were also evaluated. While they were cleared from a security standpoint, the testing found “that all these TVs raised privacy concerns by collecting very detailed information on their users.”

As CNET’s David Katzmaier wrote last year, Vizio was slapped with a $2.2 million fine by the FTC for failing to properly disclose how it shares its tracking information, and in previous years Samsung and LG have both faced similar scrutiny. Streamers from Roku, AppleAmazon and Google haven’t yet made any major privacy missteps, but their policies are generally less intrusive than those of TVs. Read more »