Weekly CyberTip: USB Security
While secure cloud storage has taken a bite out of the USB flash drive market, many people still use those handy thumb drives for quick data storage or transfer. Here are some tips to make sure you are cyber safe when using a flash drive:
• Think twice before storing personal or confidential information on a thumb drive, as you may be putting that data at risk (not to mention potentially violating your workplace security policy) due to the increased risk of loss or theft of the portable device.
• When choosing a drive, consider a model that has hardware encryption built in – this provides easier and stronger data protection. If this is not available, use third-party encryption software and passwords to lock down your information.
• Make sure to handle the drive with care – it’s easy to leave a drive behind or lose track of it: treat the device as you would your phone or wallet and secure it at all times.
• Never use a thumb drive that you have found, or has been out of your control for a period of time, as it may contain malware.
• Finally, once you are finished with the data, delete it from the device or reformat the drive to avoid leaving stray copies of information behind.
Town of St. Mary’s recovering from cyber attack
The town of St. Mary’s, Ontario is continuing to respond to a double-extortion cyber attack discovered on July 20. The town’s internal team is working with the Stratford police, the OPP, the Canadian Centre for Cyber Security (CCCS), and other resources to recover internal services and conduct an investigation into the incident. Meanwhile, the July 30 deadline published by ransomware gang LockBit – who allegedly stolen 67GB of “financial documents, plans, department and confidential data,” – has come and gone with the town still reportedly refusing to pay the undisclosed ransom demands. The town is publishing regular updates on the progress of their response.
Council agendas published on the St. Mary’s website suggest that the town had been preparing for the potential of a cyber attack by implementing MFA, sourcing a new firewall, and securing additional cyber insurance coverage earlier this year.
“No More Ransom” project celebrates its sixth anniversary
On July 26, Europe’s No More Ransom project celebrated its sixth anniversary. The online portal is a public-private partnership created by Europol, the Dutch National Police, and a number of supporting cybersecurity companies. Today, No More Ransom is available in 37 languages and “offers 136 free tools for 165 ransomware variants, including Gandcrab, REvil/Sodinokibi, Maze/Egregor/Sekhmet and more. Over 188 partners from the public and private sector have joined,” according to a press release.
In the last six years, it is estimated that the project has helped nearly 1.5 million people and organizations decrypt files that were locked by ransomware, saving around $1.5 billion (USD).
One of the most effective defenses against cyber attack? European law enforcement has seen proof that MFA can stop some attackers in their tracks. “We’ve done investigations where ransomware criminals were monitored. In certain investigations, we saw them trying to access companies – but as soon as they would hit two-factor authentication in this process, they would immediately drop this victim and go to the next,” said Marijn Schuurbiers, head of operations at Europol’s European Cybercrime Centre (EC3), at an event recognizing the sixth anniversary of the No More Ransom program.
“This is really crucial information that companies can use for their counter strategies. Know that if you implement two-factor authentication for your systems in general – or maybe specifically, your crown jewels – you will significantly reduce your chances of falling victim to a ransomware group, which uses double extortion,” continued Schuurbiers.
Implementing 2FA is just one of several recommendations from No More Ransom to defend against ransomware attack. Others include regular backups, checking links and attachments before clicking, keeping security software and operating systems up to date, and implementing data leakage controls.
Report: ransomware and BEC behind nearly 70% of cyber incidents
A new report from Palo Alto Networks suggests that ransomware and business email compromise are involved in nearly 70% of cyber incidents. The 2022 Unit 42 Incident Response Report draws this and many other insights from the analysis of over 600 cyber incidents seen by Palo Alto over the past twelve months, helping organizations understand risk trends and security teams understand the greatest security risks they face, and where to prioritize security investments.
According to the report, the top three initial methods of system access used by threat actors were phishing, exploitation of previously-documented software vulnerabilities, and brute-force credential attacks: these three attack vectors alone factored into over ¾ of the incidents in the study.
The report identifies finance, professional and legal services, manufacturing, healthcare, high tech, and wholesale and retail as the most heavily targeted sectors. Finance and real estate were among the industries that received the highest average ransom demands at nearly $8 million and $5.2 million respectively (all figures USD). While the highest ransom demand in the report approached $30 million, the actual payouts peaked at $8 million.
The report illustrated the importance of dark web monitoring, suggesting that a new alleged victim of ransomware is posted on a data leak site every four hours. The report also provided sobering insights about “dwell time” – the time that hackers spend lurking on a victim’s systems before launching a full-blown attack. The median dwell time seen in ransomware attacks was four weeks; the median dwell time for BEC incidents was even longer at 38 days.
In a blog post elaborating on their findings, Unit 42 documents the top seven contributing factors to compromise and the top six defensive strategies to help prevent cyber attack.