This Month in Cyber Security: Jan 2020 (1:43)

This Month in Cyber Security is back! As we continue to ring in the new year, we remember that also brings new threats. This month, Bruce Ward, VP of Business Strategy, discussed the latest threats and broke-down their applicability to SMBs, and cost-effective steps to mitigate risk.

New cyber threats emerge on a weekly basis but not all of them are relevant to your organization. January’s cyber security webinar was focused around the themes of: ransomware, identity, and vulnerability.

Ransomware, Identity, and Vulnerability

Ransomware was a major threat in 2019 and it seems to have carried on into 2020. Here’s a quick summary of the stories we discussed:

  • Snatch Ransomware: the latest threat in the cyber security world. This new form of ransomware forces your computer to reboot in Safe-Mode. In doing that, this bypasses any anti-virus from starting up and leaves your computer vulnerable.
  • Spearphishing x2: from September 2018 to September 2019, we saw a jump in spear-phishing attempts. An overwhelming amount of these emails are CEO impersonations, a classic trap. However, an even larger number of these are more deceptive, coining the term “laser-phishing.”

New Threats

We also discussed new attacks that are rising in popularity:

  • Golden Ticket Attack: which allows the attacker access to your network. They are allowed to create any credentials that they like and allow any access to any user.

Is your organization putting up a fight?

According to cyber security insurance provider, Chubb, 60% of mid-market companies rank cyber security as their #1 security concern. With our crawl, walk, run framework, its easy to track where you stand. Print the image below, check the boxes you are executing on, and find out how you stack up:

 

Internet Explorer

We also discussed Windows 7 EOS. Windows 7 entered end-of-support on January 14th, and if you are still using a Windows 7 machine you are at serious risk for a breach. To avoid this, contact us about Extended Security Updates. We are happy to help you explore that option and others!

But how does this relate to Internet Explorer?

When operating on an Windows 7 machine, the default browser is Internet Explorer. In the browser, there is a vulnerability that creates an opportunity for a “drive-by attack.”  Which happens when a user unknowingly goes to a malicious site, the site then infects the user’s computer by altering the code on the back end.

Citrix

There was a vulnerability that was identified that allows unauthorized remote access. Citrix described the vulnerability as:

A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler. ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.

To learn how to mitigate this risk click here.

Interested in learning more? Check out the recording:

Download the slide deck here.

Peters & Associates engineers are dedicated to securing your network, with 24/7 monitoring and support, our Managed Services and PULSE Alarm will never leave you guessing.  Want to put your network or employees to the test? Ask us about our free Phishing Test, Vulnerability Scan, and Weekly Security Audit. Give us a call at 630.832.0075 or send an email to info@peters.com to get started!