Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Supply Chain Incident Response
Even the most secure infrastructure can be susceptible to attack if third parties or supply chain entities are compromised. Be sure to design your incident response plans and procedures to anticipate breaches that affect you, as well as the implications of an attack on your suppliers or providers.
McAfee releases quarterly threat report
McAfee has released their McAfee Labs Threat Report June 2021, reporting their findings on the cyber threat landscape in Q1/2021.
The complimentary, downloadable report describes the latest threats seen by McAfee experts, including “detailed research and analysis of ransomware campaigns and detections threatening public and private organizations worldwide. This edition reveals prevalent ransomware families and techniques, daily, weekly, and monthly detections of current campaigns,” according to the report introduction.
McAfee’s report indicates a 3% increase of the volume of malware threats in Q1 over Q4/2020, clocking in at 688 threats per minute. McAfee also presents interesting insights on the changing focus of attacks by sector, suggesting that the tech, education, and finance/insurance industries all faced significantly heightened threats in Q1.
McAfee also focused on the changing threats recorded in early 2021. They observed that Coin Miner malware increased 117%, while an increase in Mirai malware variants caused Internet of Things (IoT) attacks to increase by 55%, and Linux attacks to increase by 38%.
McAfee also observed that “smaller” ransomware campaigns decreased in Q1, while larger organizations and companies faced increased threats. “The number of Q1 samples dropped as more attackers shifted from mass-spread campaigns, toward fewer, but more lucrative targets. Most of these larger, targeted victims received a custom created variant of the ransomware family at a low volume,” according to the report.
The full report is available from McAfee at https://www.mcafee.com/enterprise/en-us/lp/threats-reports/jun-2021.html.
CISA releases new ransomware self-assessment tool
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new self-assessment tool called the Ransomware Readiness Assessment (RRA). The RRA is designed for organizations to evaluate their preparedness to defend against and recover from ransomware attacks. RRA walks users through a series of questions about their cybersecurity policies and presents reports on their security posture.
“This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories,” according to the release notes on CISA’s Github page for the new tool.
RRA, which is presented as a new module for CISA’s Cyber Security Evaluation Tool (CSET), helps organizations assess their information technology (IT), operational technology (OT), and industrial control system (ICS) readiness. Best of all, the tool is appropriate for use by security rookies and experts alike: “[We have] tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity,” according to CISA.
Instructions for the installation of CSET and the operation of the RRA utility are available on Github.
Zero-day exploit of Windows print spooler vulnerability
Confusion around patch release timing has resulted in the inadvertent early disclosure of the technical details and a proof-of-concept exploit of a vulnerability in the Windows print spooler. The vulnerability, coded CVE-2021-34527 and nicknamed “PrintNightmare”, affects all versions of Windows.
While the exploit does require authentication, the vulnerability is considered critical as threat actors can exploit the flaw in the print spooler for remote code execution. Where the print spooler process is enabled on a domain server, for example, it becomes easy for hackers to deploy malware throughout a corporate network.
Unconfirmed reports suggest that the bug has already been exploited in the wild, so action is recommended as soon as possible. A patch for the vulnerability is expected shortly; in the meantime, administrators are strongly advised to stop and disable the spooler service on domain controller systems. Note that Microsoft’s June 2021 security updates have no effect against the PrintNightmare zero-day vulnerability.
Microsoft has issued additional guidance on mitigating the threat of this new vulnerability, clarifying that it is “similar but distinct from the vulnerability that is assigned CVE-2021-1675,” and that it existed before the recent June updates. A patch already exists for CVE-2021-1675 – also a vulnerability in Windows printer services – which caused the confusion in the security research community.