The Ivanti Threat Thursday Update for June 15, 2017

Greetings. This time out, new patches for old Windows versions, malware as a service, and the high costs of executive emails that aren’t. Let me know your thoughts, please.

Microsoft: New Vulnerabilities, New Patches for Windows, Old and New

In response to “vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures,” Microsoft this week released several statements and security updates. Notably, an update for a newly discovered critical vulnerability was released for all current Windows version, and for Windows XP and Windows 2003.

What We Say: As Ivanti’s Chris Goettl wrote in his Patch Tuesday post for this month, “For Microsoft to review and release several updates for ‘end of lifed’ platforms you can be sure there was good cause. For those on outdated platforms this should not be construed as the new norm. In fact, this should reinforce the need to migrate off these legacy platforms as soon as possible to avoid future risk.” Make sure to read Chris’ post, this and every month.

“Crimeware as a Service:” Cyber Attacks from the Cloud Grow

The Shadow Brokers is the group of “threat actors” that stole the U.S. National Security Agency (NSA) code that led to the WannaCrypt/WannaCry attacks and their descendants. The group is now offering a “monthly data dump service for customers to access exploits, zero-days, and hacking tools stolen from the U.S. government. The asking price: US$23,000 per month.”

A number of malefactors also offer botnet subscription services, priced based on the rental period and the number of devices to be compromised. Botnets use malware to infect and enslave large numbers of computers or connected devices to generate distributed denial-of-service (DDoS) attacks, such as the one that took down Domain Name Service (DNS) provider Dyn in 2016. (IDC forecasts that Internet of Things (IoT) spending will exceed $800 billion this year, with hardware the largest spending category. Which likely means there will soon be many more connected devices potentially highly vulnerable to DDoS and other attacks.)

What We Say: The above examples are just some of the ways malware as a service is growing the number and sophistication of cybersecurity threats. There are also subscription services easy-to-use kits for launching phishing and ransomware campaigns. So you can bet your enterprise’s cybersecurity that threats will continue to be fruitful and multiply. To avoid risking your enterprise’s cybersecurity, however, you need multi-layered defense in depth—the ability to prevent, detect, and remediate threats and to recover quickly and comprehensively from those that are successful.

Study: Impersonation Attacks: Up 400 Percent—This Quarter

Mimecast, a provider of cloud-based email security services, analyzed more than 40 million emails over 287 days to produce its latest Email Security Risk Assessment. That research discovered that impersonation attacks increased by some 400 percent this quarter, according to the company.

Such attacks use emails that pretend to be from legitimate senders, such as company executives. Those emails usually carry no malware or malicious Web links, making them difficult for most traditional defenses to detect. Instead, they use clever social engineering to induce unwary recipients to do things they shouldn’t, such as initiating wire transfers of funds or sending sensitive corporate or private personal information.

The U.S. Federal Bureau of Investigation (FBI) refers to these attacks as “business email compromise” or “BEC.” According to a Public Service Announcement the FBI issued in May, between October 2013 and December 2016, BEC incidents generated more than US$5.3 billion in losses.

What We Say: Cybersecurity solutions alone cannot defeat BEC attacks. Perhaps more than any other threat type, defense against impersonation and BEC attacks relies heavily upon user intervention. Which makes user education at least as critical to effective cybersecurity as any technologies or solutions.

Whatever the Threat, Ivanti Can Help

Ivanti has comprehensive, effective solutions for server and endpoint patch management, Windows 10 migration, and defense against ransomware and malware. Ivanti offers training for your admins, so they can better help and educate your users. And Ivanti blog posts, Webinars, an online community, and other resources to help you make your users better contributors to your enterprise’s cybersecurity. Contact Ivanti today, and let us help you make your enterprise more secure, today and tomorrow.

ransomware attack