Information Technology

You’ve heard it before, you’ll hear it again. Once more with feeling, the internet is having real trouble as we move into July 22’s early afternoon on the US East coast.  According to reports on the Outages list, which is the central mailing list for ISP and network operators to report and track major internet connection problems, and numerous Reddit threads, the major Content Delivery Network (CDN) Akamai is the root of the problem. Specifically, people are reporting that when they try to reach sites that use Akamai to host their DNS CNAMEs they can’t reach them. The sites are fine. But, thanks to trouble on Akamai’s DNS edge servers, your web browser, game application, whatever, can’t reach the sites. They’re not getting the right addresses so your local program doesn’t know how to find them. Akamai has admitted it’s having trouble. In a notification, Akamai stated: We are aware of an emerging issue with the Edge DNS service. We are actively investigating the issue. If you have questions or are experiencing impact due to this issue, please contact Akamai Technical Support. In the interest of time, we are providing you the most current information available, which is subject to changes, corrections, and updates.Oops. Akamai only has 9.6% of the CDN market. But, its share is a very important one. Sites that depend on Akamai include Amazon Web Services, Microsoft, Delta Airlines, Oracle, Capital One, and AT&T. Yeah, you’ll notice when those sites and the services they provide are offline. There are reports that Akamai has a handle on the problem now. The status page site itself, as of 1:02 PM Eastern time, states that “This incident has been mitigated.” Since it takes time for both problems and fixes to appear in the global DNS service, you may still have trouble reaching some sites or services. For example, I’m still having trouble using my Delta airlines app.

So, be patient. By the end of the business day, Akamai, and your internet connection should be back to normal. Related Stories: More

Credit: Microsoft
On July 22, Microsoft began rolling out version 92 of its Chromium-based browser to the Stable Channel, meaning mainstream users. The new version includes a number of new features, including a new Password Health Dashboard. The Password Health Dashboard is meant to help users refrain from using the same password across multiple sites and to identify whether their passwords are strong enough. Microsoft already has a Password Monitor feature for detecting whether their credentials saved to autofill have been detected on the dark web and Password Generator, an option for auto-generating passwords . Edge 92 also will allow users to bring their saved credentials into other apps and browsers on their phones when using Edge on Mobile. Saved login information from the browser can be used to log into mobile apps like Instagram and Pinterest. According to Microsoft’s Edge release notes, other features that will be part of Edge 92 include natural language search for browser history on the address bar; MHTML files opening in default in Internet Explorer mode; synchronization of payment information across devices; the ability to manage extensions from the toolbar; and an option to navigate from HTTP to HTTPS on domains that support HTTPS. Officials also touted the availability of a new Microsoft Outlook Extension that will allow them to see  their most recent personal and/or work emails, to-do lists and calendars without having to open a new tab or app.  More

(Image: StackCommerce)
Ransomware extortion demands, as well as the downtime they cause, continue to steadily increase. Unsurprisingly, the result is that digital security costs are rising, as well. But there are regulations in place now that make the privacy and security of your data a matter of compliance which means the strongest protection is essential. A lifetime subscription to the Encrypt Office Business Plan will help you take control of your company’s data before someone gets to it.

see also

Best VPN services

Virtual private networks are essential to staying safe online — especially for remote workers and businesses. Here are your top choices in VPN service providers and how to get set up fast.

Read More

Encrypt Office is a SAAS solution that is fast and easy to implement. It will turbocharge your company’s productivity, compliance, and security. It surrounds all of your data with a wall of encryption. FIPS 140-2 compliant TLS encryption is used when data is in transit, while data at rest is protected by AES 256 bit encryption with 1,024-bit key strength.Not only are your email and large file transfers encrypted, but you also get encrypted vaults that require three-factor authentication. These can be used to store files and receive files securely from anyone via a web browser.Data compliance is ensured because all of the sensitive digital assets that are stored and transmitted by your company are protected against theft, misuse, and loss. Encrypt Office also provides the full audit trail of all data interactions that are required for HIPPA compliance.This plan includes encrypted file transfers of up to 5GB. It offers cloud integration, as well, so you can use it with Google Drive, Dropbox, OneDrive, and more. Encrypt Office is customizable so that your administrators are able to set specific policies that are most appropriate for your company.Don’t pass up this opportunity to get strong protection that will permanently keep your business data safe. Get a lifetime subscription to the Encrypt Office Business Plan while it is on sale for just $59.99.

ZDNet Recommends More

Tech analyst firm Gartner reckons that hackers will have turned computer systems into weapons to the point that they could injure or kill humans by 2025, and that beyond the human tragedy it will cost businesses $50 billion to remediate across IT systems, litigation and compensation.  Past malware attacks, such as Stuxnet, which is believed to have been the work of the NSA, have demonstrated that malware create real world damage, not just scramble data. And cyber-attacks have long had real-world implications such as the ransomware attacks on organizations like Colonial Pipeline and hospitals in the US and Europe. The UK’s NHS struggled for days after the 2017 WannCry ransomware attack, which was blamed on North Korean state-sponsored hackers. Gartner reckons that by 2025, hackers will have weaponized operational operational technology (OT) environments to “successfully harm or kill humans”. By OT, Gartner means “hardware and software that monitors or controls equipment, assets and processes.” It also calls them cyber-physical attacks (CPS): examples of that might be attacks on electronic medical equipment or physical infrastructure.”In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft,” says Wam Voster, a senior research director at Gartner. More worrying Voster went on: “Inquiries with Gartner clients reveal that organizations in asset-intensive industries like manufacturing, resources and utilities struggle to define appropriate control frameworks.”Gartner breaks down OT and cyber-physical threats into three categories: actual harm; commercial vandalism, which reduces output; and vandalism against an organization’s reputation, which renders unreliable and untrustworthy as a manufacturer.

Gartner expects that the financial impact of CPS attacks that kill or injure people will reach over $50 billion by 2023. The costs to organizations will be significant and include compensation, litigation, insurance, regulatory fines and reputation loss, Gartner says. However, it should be noted that this figure is small compared to overall global spending on IT, which Gartner expects to reach $4.2 trillion in 2021.  Fortunately, Gartner does have some practical advice for organizations that control operational technology, such as appointing an OT security manager for each facility, security training and awareness for staff, and testing incident response capabilities. Given the perennial threat of ransomware, it also urges organizations to implement adequate backup, restore and disaster recovery capabilities. It also recommends managing portable media, such as USB sticks, that may be connected to OT systems: “Only media found to be free from malicious code or software can be connected to the OT,” it says. Companies need to have a current inventory of IT and OT assets; real-time logs and detection capabilities; secure configurations, and a formal patching process.  More

More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cybersecurity firm Digital Shadows. Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1. The report chronicles the quarter’s major events, which included the DarkSide attack on Colonial Pipeline, the attack on global meat processor JBS, and increased law enforcement action from US and European agencies. But Digital Shadows’ Photon Research Team found that under the surface, other ransomware trends were emerging. Since the Maze ransomware group helped popularize the data leak site concept, double extortion tactics have become en vogue among groups looking to inflict maximum damage after attacks. Digital Shadows tracks the information posted to 31 Dark Web leak sites, giving them access to just how many groups are now stealing data during ransomware attacks and posting it online. Data from companies in the industrial goods and services sector were prevalent on Dark Web leak sites, according to the report. Construction and materials, retail, technology, and healthcare organizations also dominated the list of attacked organizations. The retail sector saw the biggest increase in ransomware attacks, with Digital Shadows researchers finding a 183% increase between Q1 and Q2. 

In terms of activity, the Conti group led the way followed by Avaddon, PYSA, and REvil.”This is the second consecutive quarter that we have seen Conti as the most active in terms of victims named to their DLS. Conti, believed to be related to the Ryuk ransomware, has consistently and ruthlessly targeted organizations in critical sectors, including emergency services,” the report said, noting the group’s devastating attack on Ireland’s healthcare system. But the report notes that on the wider ransomware market, a number of groups disappeared or emerged out of nowhere. In Q2, Avaddon, Babuk Locker, DarkSide, and Astro Locker ransomware groups all closed operations while groups like Vice Society, Hive, Prometheus, LV Ransomware, Xing, and Grief ransomware operations emerged with their own Dark Web leak sites, according to Digital Shadows.The report also notes that 60% of the victim organizations are based in the US, with only Canada seeing a reduction in ransomware attacks from Q1 to Q2. More than 350 US organizations were hit by ransomware in Q2 compared to 46 from France, 39 from the UK, and 35 from Italy. The researchers behind the report questioned whether Q3 would see more attacks resembling the Kaseya ransomware attack, where REvil operators used a zero-day vulnerability to compromise more than 40 Managed Service Providers. “Ransomware operations will likely continue to operate brazenly into the third quarter of 2021, giving limited thought to who they are targeting and more to how much money they might make,” the researchers wrote. More

Saudi Aramco — one of the largest oil companies in the world — has denied that their systems were breached by hackers after cybercriminals contacted ZDNet with a trove of files from the company. A threat actor going by ZeroX told ZDNet on Telegram that it had stolen 1T of “sensitive data” ranging from 1993 to 2020. The group said it hacked Saudi Aramco’s network, stealing information on refineries in Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran. The cybercriminals also contacted other news outlets like Bleeping Computer, which first reported the hack. The group provided samples of the data, which included documents covering project specifications, electrical and power systems, machinery at the refineries, analysis reports, unit prices, business agreements, network documents, company clients, invoices, and more.The group also said it stole information from about 14,254 employees, including names, photos, passports, emails, phone numbers, family information, ID numbers, and more. ZeroX shared the data through an “onion dark web link.”But in a statement to ZDNet, Saudi Aramco denied that they had been hacked.”Aramco recently became aware of the indirect release of a limited amount of company data which was held by third party contractors,” the spokesperson said. “We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cybersecurity posture.”Saudi Aramco has more than 270 billion barrels of crude oil reserves, the second largest in the world, and produces more oil on a daily basis than any other company in the world. 

The company brought in $204 billion in 2020. Bleeping Computer reported that ZeroX was auctioning the entire data dump for $5 million while also offering 1GB samples for about $2,000.Saudi Aramco dealt with a cyberattack in 2012 that damaged 30,000 workstations and the oil giant has routinely faced attacks ever since.  More

More than 1,000 GB of data and over 1.6 million files from dozens of municipalities in the US were left exposed, according to a new report from a team of cybersecurity researchers with security company WizCase. 

ZDNet Recommends

All of the towns and cities appeared to be connected through one product: mapsonline.net, which is owned by a Massachusetts company called PeopleGIS. The company provides information management software to local governments across Massachusetts, New Hampshire and Connecticut. Ata Hakçıl and his team discovered more than 80 misconfigured Amazon S3 buckets holding data related to these municipalities. The data ranged from residential records like deeds and tax information to business licenses and job applications for government positions. Due to the sensitive nature of the documents, many of the forms included people’s email address, physical address, phone number, driver’s license number, real estate tax information, license photographs and photos of property. The researchers shared redacted photos of the data available. “The data of these municipalities was stored in several misconfigured Amazon S3 buckets that were sharing similar naming conventions to MapsOnline. Due to this, we believe these cities are using the same software solution,” the report said. “Our team reached out to the company and the buckets have since been secured.”

Not every municipality had the same information exposed, and the report said the types of files leaked varied. The researchers were not able to provide an estimate on the number of people affected by the exposure because of how varied the forms were. The security company deployed a scanner that found 114 Amazon Buckets connected to PeopleGIS and named similarly. According to the report, 28 were configured correctly while “86 were accessible without any password nor encryption.”The researchers did not have a definitive reason for why some buckets were properly secured and others were not. They suggested that PeopleGIS simply “created and handed over the buckets to their customers (all municipalities), and some of them made sure these were properly configured.”Another theory involved a potential situation where different employees at PeopleGIS — without clear guidelines — created and configured each bucket. The third theory was that the municipalities themselves created the buckets with basic guidelines from PeopleGIS “about the naming format but without any guidelines regarding the configuration.”The researchers said this “would explain the difference between the municipalities whose employees knew about it or not.””The breach could lead to massive fraud and theft from citizens of those municipalities. The highly-sensitive nature of the data contained within a local government’s database, from phone numbers to business licenses to tax records, are highly susceptible to exploitation by bad actors,” the report said. “Much of this information is supposed to be only accessible by the government and the citizens, meaning someone could potentially defraud an individual by posing as a government official.”PeopleGIS did not respond to requests for comment.  More

Cloud computing services have become a vital tool for most businesses. It’s a trend that has accelerated recently, with cloud-based services such as Zoom, Microsoft 365 and Google Workspace and many others becoming the collaboration and productivity tools of choice for teams working remotely.While cloud quickly became an essential tool, allowing businesses and employees to continue operating from home, embracing the cloud can also bring additional cybersecurity risks, something that is now increasingly clear. Previously, most people connecting to the corporate network would be doing so from their place of work, and thus accessing their accounts, files and company servers from inside the four walls of the office building, protected by enterprise-grade firewalls and other security tools. The expanded use of cloud applications meant that suddenly this wasn’t the case, with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools. Cloud computing security threats

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

While positive for remote workers – because it allows them to continue with some semblance of normality – working remotely also presents an opportunity for cyber criminals, who have quickly taken advantage of the switch to remote working to attempt to break into the networks of organisations that have poorly configured cloud security. SEE: IT Data Center Green Energy Policy (TechRepublic Premium)Corporate VPNs and cloud-based application suites have become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do is get hold of a username and password – by stealing them via a phishing email or using brute force attacks to breach simple passwords – and they’re in. 

Because the intruder is using the legitimate login credentials of someone who is already working remotely, it’s harder to detect unauthorised access, especially considering how the shift to remote working has resulted in some people working different hours to what might be considered core business hours. Attacks against cloud applications can be extremely damaging for victims as cyber criminals could be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information; sometimes they might use cloud services as an initial entry point to lay the foundations for a ransomware attack that can lead to them both stealing data and deploying ransomware. That’s why it’s important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services – no matter where they’re working from – while also being able to use them efficiently.Use multi-factor authentication controls on user accountsOne obvious preventative step is to put strong security controls around how users log in to the cloud services in the first place. Whether that’s a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services.  “One of the things that’s most important about cloud is identity is king. Identity becomes almost your proxy to absolutely everything. All of a sudden, the identity and its role and how you assign that has all of the power,” says Christian Arndt, cybersecurity director at PwC.  Whether it’s software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer, multi-factor authentication (MFA) provides an effective line of defence against unauthorised attempts at accessing accounts. According to Microsoft, MFA protects against 99.9% of fraudulent sign-in attempts.  Not only does it block unauthorised users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers. Use encryption The ability to easily store or transfer data is one of the key benefits of using cloud applications, but for organisations that want to ensure the security of their data, its processes shouldn’t involve simply uploading data to the cloud and forgetting about it. There’s an extra step that businesses can take to protect any data uploaded to cloud services – encryption. Just as when it’s stored on regular PCs and servers, encrypting the data renders it unreadable, concealing it to unauthorised or malicious users. Some cloud providers automatically provide this service, employing end-to-end protection of data to and from the cloud, as well as inside it, preventing it from being manipulated or stolen.  Apply security patches as swiftly as possible Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products work better. These updates can also contain patches for security vulnerabilities, as just because an application is hosted by a cloud provider, it doesn’t make it invulnerable to security vulnerabilities and cyberattacks. Critical security patches for VPN and RDP applications have been released by vendors in order to fix security vulnerabilities that put organisations at risk of cyberattacks. If these aren’t applied quickly enough, there’s the potential for cyber criminals to abuse these services as an entry point to the network that can be exploited for further cyberattacks. Use tools to know what’s on your networkCompanies are using more and more cloud services – and keeping track of every cloud app or cloud server ever spun up is hard work. But there are many, many instances of corporate data left exposed by poor use of cloud security. A cloud service can be left open and exposed without an organisation even knowing about it. Exposed public cloud storage resources can be discovered by attackers and that can put the whole organisation at risk. 

In these circumstances, it could be useful to employ cloud security posture management (CSPM) tools. These can help organisations identify and remediate potential security issues around misconfiguration and compliance in the cloud, providing a means of reducing the attack surface available to hackers to examine, and helping to keep the cloud infrastructure secure against potential attacks and data breaches. “Cloud security posture management is a technology that evaluates configuration drift in a changing environment, and will alert you if things are somehow out of sync with what your baseline is and that may indicate that there’s something in the system that means more can be exploited for compromise purposes,” says Merritt Maxim, VP and research director at Forrester. SEE: Network security policy (TechRepublic Premium)CSPM is an automated procedure and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast and having to manually comb through the services to find errors and abnormalities would be too much for a human – especially if there are dozens of different cloud services on the network. Automating those processes can, therefore, help keep the cloud environment secure. “You don’t have enough people to manage 100 different tools in the environment that changes everyday, so I would say try to consolidate on platforms that solve a big problem and apply automation,” says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company. Ensure the separation of administrator and user accountsCloud services can be complex and some members of the IT team will have highly privileged access to the service to help manage the cloud. A compromise of a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action the administrator privileges allow, which could be extremely damaging for the company using cloud services.It’s, therefore, imperative that administrator accounts are secured with tools such as multi-factor authentication and that admin-level privileges are only provided to employees who need them to do their jobs. According to the NCSC, admin-level devices should not be able to directly browse the web or read emails, as these could put the account at risk of being compromised.It’s also important to ensure that regular users who don’t need administrative privileges don’t have them, because – in the event of account compromise – an attacker could quickly exploit this access to gain control of cloud services.Use backups as contingency planBut while cloud services can – and have – provided organisations around the world with benefits, it’s important not to rely on cloud for security entirely. While tools like two-factor authentication and automated alerts can help secure networks, no network is impossible to breach – and that’s especially true if extra security measures haven’t been applied. SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chiefThat’s why a good cloud security strategy should also involve storing backups of data and storing it offline, so in the event of an event that makes cloud services unavailable, there’s something there for the company to work with. Use cloud applications that are simple for your employees to useThere’s something else that organisations can do to ensure the security of cloud – and that’s provide their employees with the correct tools in the first place. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, or organisations run the risk of employees not wanting to use them.  A business could set up the most secure enterprise cloud suite possible, but if it’s too difficult to use, employees, frustrated with not being able to do their jobs, could turn to public cloud tools instead. This issue could lead to corporate data being stored in personal accounts, creating greater risk of theft, especially if a user doesn’t have two-factor authentication or other controls in place to protect their personal account.  Information being stolen from a personal account could potentially lead to an extensive data breach or wider compromise of the organisation as a whole. Therefore, for a business to ensure it has a secure cloud security strategy, not only should it be using tools like multi-factor authentication, encryption and offline backups to protect data as much as possible, the business must also make sure that all these tools are simple to use to encourage employees to use them correctly and follow best practices for cloud security. MORE ON CYBERSECURITY  More