Skip to content

CISAnalysis – June 20, 2022

It’s Monday and time to take a gander at CISA’s Known Exploited Vulnerabilities Catalog.

The only new addition to the list is the Follina Zero-Day Vulnerability, CVE-2022-30190, but it’s a doozy as we are all well-aware.

Follina is a remote code execution vulnerability within the Microsoft Windows Support Diagnostic Tool that can be exploited through a malicious MS Office document. The method of exploitation for this vulnerability involves malicious email attachments and social engineering. A successful exploitation allows an attack to run arbitrary code with the privileges of the calling application – install programs, view, modify and destroy data, etc.

Although Follina has been actively exploited by malicious, state-backed actors like Chinese APT actor TA413, Microsoft has continually downplayed the vulnerability’s severity. Many exploit attempts have been noted to have targeted EU and US government workers.

How Does It Work?

A malicious document attached to some sort of urgent sounding email is opened. This infected file contains a link to an HTML file that uses the ms-msdt MSProtocol URI scheme to execute PowerShell code without directly launching powershell.exe.

Mitigation

A patch for CVE-2022-30190 was released with Microsoft’s June 2022 cumulative Windows Updates. While the update doesn’t prevent msdt.exe from automatically spawning, it does prevent PowerShell injection.

Though Microsoft is downplaying Follina, It’s important to make sure your systems are patched as this vulnerability is being actively exploited in the wild. We would be happy to assist you in deploying the updates in your environment. Click here to get started.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Differences between SaaS DLP and legacy on-prem Data Loss Prevention solutions

It can be too complex and heavyweight for small and midsized companies handle legacy DLP solutions. But SMBs with limited IT capacities also face the same risks of internal data leakage, and the resulting incident impacts can be devastating. Luckily there’s an alternative – cloud-native SaaS DLP.


If you run an SMB company or work for one, you usually have limited to no in-house hardware infrastructure, because there’s usually no reason to manage your own servers.


SMBs also have minimal IT capacities, and due to the broad scope of IT admin or manager responsibilities, there’s little room for increasing their security expertise.


That’s why it can be almost impossible to implement a legacy DLP solution, even though it could help prevent sensitive or confidential data from leaking outside of the company.

The main barriers usually are: 

  • Requirements for available hardware infrastructure (servers and databases)
  • Lengthy and costly implementation projects (quarters/years to implement)
  • Labor- and skill-intensive administration with dedicated specialists needed

Legacy DLP alternative: Next-gen SaaS DLP

The cloud is the way to go when you don’t have or don’t want to have your own servers. With cloud/SaaS you can use the solution as a service, so you don’t need to worry about keeping it up and running. The vendor’s SLA ensures DLP availability. The advantage of a cloud-native DLP solution is that it’s designed from scratch to run in the cloud efficiently and reliably. It’s also multi-tenant by design so that it can be provided and managed by MSPs (Managed Service Providers). The “cloud-native” and “multi-tenant” architecture also means that it can be deployed in minutes. There’s no need to install servers, databases, or a management console. The only installation required is the remote deployment of “clients” to endpoint devices.

Ease of use comes with next-gen solutions

Whether a DLP solution is centrally managed by a MSP or by an IT manager in a SMB organization, it needs to be easy to use and as simple to manage as possible. In other words, it should be straightforward and semi-automated, with pre-configured settings and out-of-box templates. We in Safetica think that next-gen DLP, which is primarily “risk-driven”, must employ smart analytics to evaluate both the risk of data operations and individual users. Because knowing your risk level can help you anticipate potential incidents that could be difficult to secure using only DLP policies.

Cloud-native but still endpoint DLP

Some vendors provide “Cloud DLP” solutions that mainly protect data stored in the cloud or SaaS applications. You may have also heard about CASBs (usually agentless Cloud Access Security Brokers), which protect data from being transferred to and from the cloud. These solutions require an internet connection to protect data.

For Safetica, next-gen cloud or SaaS DLP is a solution managed from a cloud console (via a web browser) that provides data security and risk assessment directly on endpoint devices.

Safetica’s SaaS DLP is agent-based, meaning the client must be hosted on the computer that classifies the sensitive or confidential data, enforces the DLP policies, and collects data for risk evaluation.

One of the main advantages of an endpoint DLP is that it always works, even when the device is offline.

With endpoint DLP managed from the cloud, you can still prevent data from being uploaded to an unsecured cloud and classify (and protect) data downloaded from cloud services.

When combined with CASB, the endpoint DLP provides complete protection against data leakage.

SaaS – DLP as a Service

When using DLP solution as a service you should have transparent and convenient subscription options – either monthly or annually.

The main benefit of a monthly subscription is that you can increase and decrease the number of protected users on a monthly basis.

Also, a monthly subscription may be more attractive in terms of cash-flow management. On the other hand, annual subscriptions are usually cheaper.

In Safetica we offer a pay-as-you-go model with a “per-user policy”. Customers pay based on the number of users they need to protect.

TCO of SaaS DLP vs. legacy on-prem DLP

When considering which solution to choose it’s important to calculate the total cost of ownership. If you simply compare the license/subscription price per user, an SaaS can appear more costly.

However, with a legacy on-premise DLP solution, you need to consider the cost of buying, operating, and maintaining servers and databases (including possible hosting or datacenter costs). You usually also hold full responsibility for keeping the server with the management console available.

Administration of complex DLP solutions also require more experienced specialists with a significantly larger time capacity. In our experience, the difference could be 1+ man-day per week in the case of legacy on-prem DLP vs. a couple of hours per week with next-gen SaaS DLP.

And what do our customers think of the future of business? Vladimír Püschner, IT PMO & Innovation Director at Direct Parcel Distribution CZ considers SaaS and cloud applications as the way to go.

If you’d like to learn more about Next-Gen SaaS DLP, read about Safetica NXT, book a quick call with our solution expert, or try our free web trial.

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors.

As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work, generating vulnerabilities to IT structures.

Moreover, the action of malicious actors impacts companies of all sizes and industries, whether stealing confidential data and damaging their credibility or causing the interruption of their operations.

To protect themselves from the damage caused by cybercrime, institutions have started to hire cyber insurance. However, in order to reduce the costs of this solution and ensure the risk is accepted by insurers, it is essential to take some measures listed below. 

5 Tips for Reducing the Amount of Cyber Insurance 

Here’s what you should do to be able to hire cyber insurance and reduce its costs:

1. Develop and Implement Cybersecurity Policies

Among the actions that impact cyber insurance costs, we can highlight the adoption of security standards, including the implementation of the Principle of Least Privilege.

This measure ensures each user in an organization receives only the necessary permissions to perform their functions, which reduces the attack surface. 

2. Create and Test Incident Response and Disaster Recovery Plans

Creating incident response and disaster recovery plans is also indispensable for those who want to reduce cyber insurance costs.

After all, this allows it to recover data and restore the activities of a company whenever problems such as breakdowns, cyberattacks, and natural phenomena cause the interruption of operations, avoiding financial losses.

3. Conduct Periodic Cybersecurity Assessments

To reduce cyber insurance costs, it is also recommended to assess the company’s cybersecurity regularly in order to identify possible threats early on and combat them.

4. Develop Training Programs to Increase Cyber Awareness

If you want to ensure the cybersecurity of your organization in order to reduce the costs of cyber insurance, it is not enough to invest in cutting-edge technology. It is also necessary to raise awareness and train your employees on the need to prevent malicious attacks.

In this sense, they should be aware of the risks involved in breaches of the organization’s and its customers’ data. 

5. Implement Cybersecurity Solutions Such as MFA and PAM 

According to information extracted from the Verizon Data Breach Investigation Report, 61% of cyberattacks are related to privileged credentials.

This justifies the need to invest in cybersecurity solutions, such as multifactor authentication (MFA) and Privileged Access Management (PAM) solutions, such as senhasegura

While the former applies at least two types of mechanisms to identify who tries to access a given online system, the latter controls the use of generic and privileged credentials, providing secure storage, access segregation, and full usage traceability.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Simple Certificate Enrollment Protocol (SCEP): What It Is & Why Should Network Engineers Care About It

There are several factors to consider when distributing certificates to managed devices, making it a massive undertaking. These include public key infrastructure (PKI), integration, gateway setup, configuration settings, certificate enrollment, device authentication, and more. 

Thanks to the Simple Certificate Enrollment Protocol (SCEP), administrators can quickly and easily enroll all managed devices for client certificates without any action from the end-user.

Here we will discuss what exactly the Simple Certificate Enrollment Protocol (SCEP) is and why network engineers should care about it. 

What Is The Simple Certificate Enrollment Protocol (SCEP)?

Digital certificate issuance in big enterprises is simplified, secured, and scalable with an open-source protocol called Simple Certificate Enrollment Protocol (SCEP).

SCEP servers utilize this protocol to give users a one-time password (OTP) through an asynchronous, out-of-band mechanism (OOB). After creating a key pair, the user submits the OTP and certificate signing request to the SCEP server for verification and signature. As soon as the certificate is ready, the user may request it from the SCEP server and then install it.

Digital certificate issuing was labor-intensive until the advent of SCEP and related protocols like Certificate Management Protocol and Certificate Management via CMS. SCEP is widely used in big organizations since it is supported by products from major vendors like Microsoft and Cisco.

After its creators left SCEP inactive in 2010, the project was dormant until it was revitalized in 2015. Apart from that, it is presently a draft that anybody may see as part of the work of the open-source community – the Internet Engineering Task Force (IETF).

Why Should Network Engineers Care About SCEP?

The public key infrastructure provides the most secure and user-friendly authentication and symmetric encryption solution for digital identities. Yet, the ambiguity and scale of certificate deployment for most businesses can challenge their already overworked network engineers.  

Manual deploying and maintaining certificates is tedious and error-prone. Whether an organization delivers a single certificate for a Wi-Fi router or holds several certifications across all networked devices and user identities, the whole process may take up to several hours. It leaves companies vulnerable to breaches, Man-in-the-Middle (MITM), and other forms of network disruption.

Certificates managed manually are more likely to be lost, overlooked, or expire without being replaced, putting businesses at high risk. Therefore, enterprises need the automated and well-organized certificate enrollment standard – the Simple Certificate Enrollment Protocol (SCEP) – due to the many risks associated with administering PKI certificates manually.

The significant benefits of the Simple Certificate Enrollment Protocol (SCEP) include:

  • Hassle-free certificate issuing.
  • Ensuring that certificates are correctly issued and configured across various devices.
  • A fully automated procedure for the issuance of certificates. As a consequence of this, it involves very little to no human participation.
  • A protocol that saves time, lowers operating expenses, and boosts productivity by enabling network engineers to concentrate on other duties rather than doing those chores themselves.

SCEP is a flexible solution that can meet all your network management requirements since it is compatible with most devices and server operating systems. These include Windows, Apple iOS, macOS, and Linux, as well as directory systems such as Active Directory.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

“When it comes to ransomware attacks, it’s a matter of when, not if.”

Ransomware attacks are on the rise — in the first half of 2021, the average amount paid by organizations to perpetrators of was $570,000, an increase of 171% over the previous year. (1)

Last year also saw a 93% increase in the overall number of ransomware attacks (2) – a trend that is only likely to continue. While such attacks were once limited to outlandish movie plots, they’ve become an all-too-real problem for organizations of all sizes. In fact, when it comes to ransomware attacks, it’s more likely to be a question of when, not if.

Our concern at Keepit is that the regularity of ransomware attacks may lead to them eventually being dismissed as just a cost of doing business. But by choosing to pay the ransoms demanded, companies are powering a vicious cycle where the proceeds fuel increased cybercrime. (And paying a ransom does not guarantee getting your data back, as documented in the report ‘The Long Road Ahead to Ransomware Preparedness’ from ESG)

It’s vital for the sake of commerce – and for society – that companies, governments, and law enforcement agencies come together to find long-term solutions to ransomware attacks.

In the short-term, we encourage companies to invest in a third-party backup and recovery service to minimize the threat posed by encrypted malware. The more secure your data is—and the quicker you’re able to recover it—the less worried you need to be about ransomware attacks.

At best, an attack won’t affect business continuity – it’ll just be a nuisance rather than a crisis. If you know your data is safe, you don’t have to pay the bad guys’ ransom. Problem solved.

Summing Up 

The disruptive power of ransomware attacks in 2022

An increasingly common threat, ransomware attacks are forecast to cost victims around $265 billion annually by 2031. (3) With conventional data recovery times often taking weeks or even months, the disruption to companies can be catastrophic in terms of financial costs to your business. But the damage goes beyond the bottom line. Additional impacts of ransomware attacks in 2022 are likely to include:

  • Intellectual property cost – temporary or permanent loss of sensitive or proprietary information can be enormously damaging. 
  • Business continuity – disruption is frustrating and costly as companies struggle to restore data and operations 
  • Reputational cost – a ransomware attack can damage customer perception of the company and impact digital trust. 

Why Keepit is the answer

Keepit backs up to an independent cloud, separate from your SaaS vendor’s environment, which means your data can be accessed completely independent from SaaS application availability. True backup—immutable and tamperproof on a separate logical infrastructure — is your answer to ransomware attacks. 

 

For more details about Keepit’s dedicated SaaS data protection, read about our security on our website 

References

  1. Research from Palo Alto suggests the average ransom in the first half of 2021 is $570,000 USD, an increase of 171% over the year prior; see Average Ransomware Payment Hits $570,000 in H1 2021 [Dark Reading] 
  2. Research from Check Point reports that ransomware incidents increased 93% year over year; see Ransomware attacks increase dramatically during 2021 [Computer Weekly] 
  3. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×