Microsoft Warns of Active Exploitation of the “Zerologon” Bug in Windows Server

Microsoft Warns of Active Exploitation of the “Zerologon” Bug in Windows Server

Information Security
Microsoft Warns of Active Exploitation of the “Zerologon” Bug in Windows Server Over the last two weeks, Microsoft has warned that the security vulnerability in Windows Server operating systems called “Zerologon” has been actively exploited. What Is Zerologon? The security vulnerability dubbed as Zerologon was first discovered by Tom Tervoort, Senior Security Specialist at Secura. This vulnerability designated as CVE-2020-1472 is a vulnerability in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory – referring to Microsoft’s proprietary directory service that allows IT administrators to authenticate computers within a network. The vulnerability in Netlogon Remote Protocol allows an unauthenticated attacker with existing network access to a Windows Server operating system with the Active Directory domain controller role to completely compromise all Active Directory identity services. In…
Read More
MFA Adoption: Benefits and Risks

MFA Adoption: Benefits and Risks

Information Security, IT Support
MFA Adoption: Benefits and Risks The global pandemic which forces many organizations to adopt the work from home model has led to the dramatic adoption of multi-factor authentication (MFA) as a cybersecurity measure. While MFA has its benefits, it also presents some risks. What Is MFA? MFA, short for multi-factor authentication, is another route to account security. Traditionally, accounts are protected by single-factor authentication composed mainly of the username and password combination. Single-factor authentication has shown to be easily compromised, for instance, through brute force attack – guessing the correct username and password combination through automated means. MFA promises to secure an account by requiring multiple forms of verification to prove one’s identity when signing into an application. There are many forms of MFA. One form is through the use…
Read More
Access to Corporate Network: Why It’s Important to Secure This Entry Point

Access to Corporate Network: Why It’s Important to Secure This Entry Point

Information Security, IT Support
Access to Corporate Network: Why It’s Important to Secure This Entry Point A hacker group specializing in gaining and maintaining access to corporate networks has been observed selling access to compromised corporate networks to other threat actors on underground forums. This highlights the importance of securing access to your organization’s network. An actor assessed to be associated with the hacker group behind the malicious campaign called “Pioneer Kitten”, also known as “Parisite” and “Fox Kitten”, has begun selling access to compromised corporate networks on underground forums since late July of this year, this according to the recent report released by CrowdStrike Intelligence. Access to Corporate Networks COVID-19 has forced many companies to open access to their corporate networks to remote workers. This opening unleashed a Pandora’s box of new cyberthreats, especially…
Read More
Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack

Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack

Information Security
Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack The Government of Canada recently confirmed that thousands of Canadian Government accounts had been hacked. In a statement issued last August 15th, the Treasury Board of Canadasaid that the attackers zeroed-in the government's GCKey system – a single sign-on (SSO) system used by 30 Canadian federal departments for the public to access different government services, including employment, citizenship, social services such as access to Covid-19 relief programs. GCKey is also used as an alternative access route to login to the Canadian Revenue Agency (CRA) systems. Credential Stuffing Attack In the August 15th statement released by the Treasury Board of Canada, out of 12 million GCKey accounts, 9,041 accounts were compromised via the cyberattack called "credential stuffing". In a credential…
Read More
How to Secure Remote Access for Your Employees

How to Secure Remote Access for Your Employees

Information Security, IT Support
How to Secure Remote Access for Your Employees The restrictions that come along with the COVID-19 pandemic have forced many organizations to adopt the work from home model. One key component of the work from home model is remote access – the ability to connect to another computer or network over the internet. Remote Desktop Protocol (RDP) Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft that enables a computer user to access another computer over the internet. While this protocol was initially released for most Windows operating systems, this protocol can now be used with Mac operating systems. A remote desktop user can access another desktop, open and edit files, and use applications of this desktop no matter where this desktop is geographically located. In the context…
Read More
NetWalker Ransomware Earns $25 Million in Just 5 Months

NetWalker Ransomware Earns $25 Million in Just 5 Months

Information Security
NetWalker Ransomware Earns $25 Million in Just 5 Months In the last 5 months, when most people were sheltering in place and working from home due to COVID-19 restrictions, the group behind the ransomware called “NetWalker” earned US $25 million by extorting organizations for large amounts of money. In the blog post "Take a 'NetWalk' on the Wild Side" published on August 3, 2020, researchers at McAfee reported that between March 1, 2020 and July 27, 2020, victims of NetWalker ransomware paid to the group behind the ransomware 2,795 bitcoin, valued at US $25 million. “Even though we do not have complete visibility into the BTC flow before NetWalker started ramping up, one thing is certain, this quarter alone it has been highly successful at extorting organisations for large amounts…
Read More
Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Information Security, IT Support
Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says The Canadian Centre for Cyber Security recently revealed that in recent months several Canadian organizations' computer networks have fallen victim to cyberattackers via unpatched devices and inadequate authentication. "In recent months, the Cyber Centre [Canadian Centre for Cyber Security] has been made aware of several compromises of computer networks in Canada," the Canadian Centre for Cyber Security said. "In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version." Inadequate Authentication Inadequate authentication refers to the insecure process of accessing a device. According to the Canadian Centre for…
Read More
How to Protect Remote Workforce from Web Application-Based Attacks

How to Protect Remote Workforce from Web Application-Based Attacks

Information Security
How to Protect Remote Workforce from Web Application-Based Attacks The on-going pandemic has changed the way people work. Organizations around the globe have turned to cloud applications for better collaboration and productivity for their remote workforce. Microsoft has warned that today’s malicious actors are leveraging malicious web applications in gaining access to legitimate cloud services such as Office 365. In the blog post "Protecting your remote workforce from application-based attacks like consent phishing", Agnieszka Girling, Partner Group PM Manager at Microsoft said, "While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services." Consent phishing, Girling said, is an example of a web application-based attack that "can target the valuable data your…
Read More
Ransomware Attacks Are Now Being Reported as Data Breaches

Ransomware Attacks Are Now Being Reported as Data Breaches

Information Security
Ransomware Attacks Are Now Being Reported as Data Breaches Ransomware victims are now starting to report ransomware attacks as data breaches. Health care company Magellan Health is one of the companies that recently acknowledged that ransomware attack constitutes data breach. In May of this year, Magellan Health filed a breach notification with the office of the Attorney General of California stating that it fell victim to a ransomware attack and attackers exfiltrated a subset of data from a single Magellan corporate server. Magellan Health's notification to its customers and employees states that the notification was done "out of an abundance of caution." In April of this year, Cognizant, one of the Fortune 500 companies, admitted that its internal systems fell victim to Maze ransomware which caused service disruptions. Cognizant said,…
Read More
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Information Security
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common Cyberattacks involving the theft of personal information coupled with ransom demand are becoming prevalent. The cyberattack on LifeLabs exemplifies the trend of data theft coupled with ransom demand. In November 2019, LifeLabs informed the Office of the Information and Privacy Commissioner of Ontario and the Office of the Information and Privacy Commissioner for British Columbia that cybercriminals penetrated the company’s systems, extracted data and demanded a ransom. LifeLabs is Canada's largest provider of general and specialty laboratory testing services. The company reported that it supports 20 million patient visits each year and conducts more than 100 million laboratory tests each year. In December last year, Charles Brown, president and CEO of LifeLabs, said in a statement that information relating…
Read More