Weekly CyberTip: Prepare for the long weekend
As we head into a double holiday weekend (Friday, July 1 in Canada and Monday, July 4 in the United States), remember that threat actors don’t take time off like we do. Be extra vigilant for phishing scams looking to take advantage of staff who may be distracted with month- and quarter-end activities, or getting out the door a bit early to enjoy the long weekend. Hackers know that when people are rushed or extra busy, they are more likely to let their guard down. Also, ensure that full cyber monitoring and alerting procedures are in place over the break, as cyber criminals like to focus on holiday periods when IT staff may not be at full complement. Do you know whom to call if a cyber incident or third-party breach is discovered over the three-day weekend?
Cybersecurity authorities encourage companies to keep PowerShell
Cybersecurity authorities from the United States, the United Kingdom, and New Zealand have released a joint Cybersecurity Information Sheet (CIS) regarding PowerShell, Microsoft’s command line shell and scripting program. Due its malicious use by hackers after gaining access to a victim’s network, many organizations have been considering disabling or removing PowerShell from their key systems. This could be a mistake: instead, the June 22 press release and CIS recommend that companies ensure that PowerShell is properly configured and monitored – not decommissioned.
“PowerShell is essential to secure the Windows operating system, especially since newer versions have resolved previous limitations and concerns through updates and enhancements. Removing or improperly restricting PowerShell would prevent administrators and defenders from utilizing PowerShell to assist with system maintenance, forensics, automation, and security. PowerShell, along with its administrative abilities and security measures, should be managed properly and adopted,” concludes the CIS.
Wadeed Mian, ISA Cybersecurity’s CTO and VP, Digital Forensics and Incident Response agrees: “PowerShell is an important part of our toolkit when performing our incident response and data forensics activities. The scripting language allows us to automate tasks, helping us to respond more quickly to crisis situations. The latest version of PowerShell has addressed some of the issues of older versions of the application, so it’s a much better idea to secure it, rather than discard such a helpful tool.”
The latest version of PowerShell is 7.2, though an earlier version – 5.1 – is still included with Windows 10 and 11. The CIS recommends “explicitly disabling and uninstalling the deprecated second version of PowerShell (i.e., Version 2) on Windows 10+”.
The CIS, entitled “Keeping PowerShell: Security Measures to Use and Embrace“, has complete details on safely configuring and using PowerShell and its security features, and should be required reading for IT administrators.
Forescout report details 56 OT vulnerabilities
A new report from researchers at Forescout provides information on dozens of recently-identified operational technology (OT) software vulnerabilities. The flaws involve equipment from 10 significant manufacturers, affecting an extensive range of customer implementations.
The June 20 report, entitled OT ICEFALL provides extensive details and CVEs for the series of exposures. The report notes that fixes for many of the vulnerabilities have not been issued, or implementation of patching for affected OT devices may be complex and time-consuming. Consequently, the report provides mitigation strategies and best practices to follow for organizations that are using any of the at-risk devices.
The report is also critical of the “insecure by design” approach taken by some OT device manufacturers, and “renew[s] renew the call to action for device manufacturers to properly secure OT devices and protocols, for asset owners to actively procure for secure-by-design products and for the wider security community to ensure that security controls are robust rather than merely functional”.
(ISC)² releases new cybersecurity recruitment report
Research firm (ISC)² has released a new report that analyzes some of the challenges of building cybersecurity teams in today’s competitive staffing market. The (ISC)² Cybersecurity Hiring Managers Guide – Best Practices for Hiring and Developing Entry- and Junior-Level Cybersecurity Practitioners summarizes interviews and insights from 1250 cybersecurity professionals from Canada, the United States, the United Kingdon, and India.
The report identifies the top five technical, non-technical, and personality traits that companies should look for in hiring junior-level cybersecurity talent, as well as the top five tips for building a cybersecurity team, including:
– invest in entry- and junior-level personnel
– look beyond traditional IT roles for new talent coming from non-technical backgrounds
– concentrate on developing effective job descriptions
– match roles and responsibilities to experience and skill level
– focus on professional development and training