Archives for June 2019

CISA Statement on Iranian Cybersecurity Threats

June 24, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
June 24, 2019

Release Date:
June 22, 2019

WASHINGTON – In response to reports of an increase in cybersecurity threats, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs issued the following statement:

“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.

“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.

“In times like these it’s important to make sure you’ve shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident – take it seriously and act quickly. You can find other tips and best practices for staying safe online here.

“Anyone who has relevant information or suspects a compromise should immediately contact us at [email protected]”

Riviera Beach Florida City Council Agrees to Pay Cybercriminals Nearly $600K Malware Ransom

June 20, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
June 20, 2019

Riviera Beach Florida just became the newest member of a club no city or local government hopes to join. Taking only a few minutes and by a unanimous vote of 5-0 on Monday night the board authorized Riviera Beach’s insurer to pay 65 bitcoins valued at approximately $592K USD. Paying off a malware ransom that has crippled all of the city’s information technology infrastructure since May 29th after someone in the police department clicked on a malicious email.

But unlike the 2000 action flick Proof of Life, there’s no guarantee paying the ransom will unlock the affected computer network and all the encrypted files, and while its 2019, Its not likely Cyber-Insurance companies have former 22nd SAS and 75th Ranger Battalion types running around the world with machine guns blazing for a successful hostage rescue of a malware-infected network.

The council held a special meeting earlier in June to authorize $941,000 for 310 new desktop and 90 laptop computers and other hardware. Much of the existing hardware was a half-dozen-years old and vulnerable to another malware attack, so it was time to replace it anyway, Riviera Beach Councilwoman Julie Botel said.

In a 2016 survey, CIO’s for local governments across the country said more than a third of them were using outdated technology, making them more vulnerable to attacks. Riviera Beach will also spend an additional $25,000 coming out of their budget, to cover its insurance policy deductible.

With rising deficits and pension obligations, its understandable how a city like Riviera Beach or Baltimore Maryland can be compromised so easily when there isn’t the budget to hire a full-time information security professional and institute security awareness training for topics like not clicking on shit or scanning random QR codes.

Chad Loder, Founder & CEO of security awareness training firm Habitu8 posted on Twitter recently.

I’m astounded that some companies still purchase the cheapest security awareness training content “to save money”, but will put 2,000 employees each through an hour of terrible training.

You’re not saving money – you’re wasting it.

Chad Loder (@chadloder) – 19 Jun 2019

Cities across the United States and around the world will now have to decide, what is cheaper? hiring a full-time security professional, a part-time person, a managed service provider, or just paying the ransom and hope the files recover completely. However, hope is not a strategy.

With additional reporting from The Palm Beach Post

NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows

June 5, 2019 By William Knowles

FORT MEADE, Md., June 4, 2019 —

The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008, and although Microsoft has issued a patch, potentially millions of machines are still vulnerable.

This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.

NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches. Please refer to our advisory for additional information. This is critical not just for NSA’s protection of National Security Systems but for all networks. In order to increase resilience against this threat while large networks patch and upgrade, there are additional measures that can be taken:

Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.