BTH News 11October2020
This Week In Cybersecurity
This week on Between the Hacks, week two of Cybersecurity Awareness Month, 61% of Exchange servers unpatched, governments want encryption backdoors, new Android ransomware, and tips to avoid ransomware.
Happy Cybersecurity Awareness Month!
Last week, Between The Hacks provided some Cybersecurity Awareness Month tips both in the Between The Hacks blog and on social media. If you missed any of it, here is a quick recap.
Also, every day, Between The Hacks posts tips on social media. Follow us on Twitter, LinkedIn, Facebook, and Instagram to learn more and get email updates by subscribing to Between The Hacks.
61% Of Microsoft Exchange Servers Unpatched After 8 Months
On Feb. 11, 2020, Microsoft released a security updates to patch a high severity vulnerability in Microsoft Exchange that could allow an attacker to remotely take over a vulnerable Exchange server using any stolen user account.
In March, “both CISA and the NSA urged organizations to patch their servers against the CVE-2020-0688 flaw as soon as possible given that multiple APT groups were already actively exploiting it in the wild” according to BleepingComputer.
Fast forward almost eight months from the release of the patch and Rapid7 research found that more than 247,000 Microsoft Exchange servers have not yet been patched against CVE-2020-0688.
5-Eyes, India and Japan Want Encryption Backdoors
“Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications”, according to ZDNet.
The alliance continues to try and get tech companies to agree to install encryption backdoors. On the surface, this may seem like a reasonable request to most people. However, there are two main problems with what they are requesting.
Encryption is basically just math and freely available for anyone to use. This makes it easy for a threat actor to create and use an encryption tool with strong encryption that does not include a government backdoor. That means that the government will be able to look at everyone’s communication who doesn’t use illegal encryption and thus, does not solve the problem that they are trying to solve.
Every threat-actor and nation state hacker will be working to find a way to access the backdoor. So not only will the government be looking at all of your communications, so will those with malicious intent. And we still won’t catch the bad guys because they won’t use backdoored tools to communicate.
I don’t expect politicians to understand the technology but they should be listening to the technology experts who continue to raise this issue. Unfortunately it seems to fall on deaf ears. If you want to take action, visit the Electronic Frontier Foundation’s (EFF) Action Center.
Microsoft warns of Android ransomware that activates when you press the Home button
Mobile ransomware is not new, but this week Microsoft wrote about a, “piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms.”
As with most Android ransomware, this ransomware doesn’t actually encrypt the files, rather, it locks the screen with a ransom note so the the device is unusable. “Once installed, the ransomware takes over the phone's screen and prevents the user from dismissing the ransom note — which is designed to look like a message from local law enforcement telling users they committed a crime and need to pay a fine”, reports ZDNet.
Tip of the Week
Tips To Avoid Ransomware
Ransomware is a rapidly growing problem that we see impacting servers, desktops and mobile devices in homes, businesses and governments. As part of Cybersecurity Awareness Month, the National Cybersecurity Alliance created a tip sheet on how to avoid ransomware.
Backups - The first and most important thing that you can do is to back up your devices. Check out the Between The Hacks article on backing up your computer.
Patching - Keep your system up to date. That means installing patches as soon as they are released and set automatic patching where available.
Multi-factor authentication - Enable MFA where available to better protect your accounts and devices. This also protects against credential stuffing attacks.
Create strong, unique passwords for every account. This likely means that you need to use a password manager.
For more tips, and to learn what you should do if you become the victim of a ransomware attack, read the tip sheet at staysafeonline.org.