In the inaugural live stream episode of The Cybersecurity Insider, host Yigal Behar and guest Seth Melendez, owner of WareGeeks Solutions, showcase the most pressing cybersecurity topics to date.
They discuss the REvil Ransomware Group, and other recent ransomware attacks targeting high-profile entities like the Massachusetts Steamship Authority, Fujifilm, and a Massachusetts hospital.
Seth—drawing from his extensive expertise—outlines the three basics of cybersecurity that users and businesses should know.
REvil Ransomware Group Responsible for JBS Attack
Yigal discusses a recent JBS attack. JBS, a meat processing company, paid a ransom of $11 million in Bitcoin to REvil, a Russian-based ransomware group.
While JBS claims its facilities are now operational, Seth notes that “it’s the same thing I always say. I think a lot of this, when you really look deep, is money spent, misspent in the wrong places. They don’t embrace the basics. Just embrace the basics and they wouldn’t have to go through this. Have a backup. Can somebody have a good backup?”
Yigal shares a recent conversation with a possible customer about the changing tactics of cybercriminals. Now, they not only encrypt data but also threaten to release it publicly if the ransom isn’t paid. This stolen data can be used to mount new attacks, which shows how cyber threats are getting worse.
Seth questions the trust factor when dealing with cybercriminals, saying that paying them doesn’t mean they won’t ask for more money later. He thinks it’s up to businesses to protect themselves and spend money on the right tools to stay safe.
Seth’s Low-Hanging Fruits
Yigal asks Seth where companies should allocate their cybersecurity budget. Seth suggests focusing on three low-hanging fruits: password management, patching, and backups (Seth discusses more about them below).
Seth also adds a fourth one: system management. “Because if you were able to recover your systems back to new, you know, back to pristine if necessary, it’d be easy to restore each of them quickly. But if, let’s say, for some reason you can’t restore, because, with one of the new hacks, they’re encrypting the hardware, so you’d have to wipe everything out. You have to wipe all the hardware. You have to wipe everything out,” he explains.
He also stresses the need to manage systems well, especially since there are new attacks that lock up computer parts and you need to erase everything to fix it.
Jackware
Yigal and Seth struggle to recall the name of a new ransomware that encrypts hardware. After checking their phones, they identify it as “Jackware.” Seth highlights an article claiming this new threat could be ten times more destructive than traditional ransomware.
They discuss the implications of Jackware, with Seth pointing out that if a complete system wipe is possible, recovery might be feasible. However, if the hardware itself is compromised, replacing the equipment becomes the only solution, making the attack much worse.
Seth shares a story about a company that experienced a widespread ransomware attack. The company found a solution to the problem by virtualizing all its systems, including desktops and servers. By doing so, they were able to restore operations within a day, using virtual images from their backups.
Employees accessed their virtual desktops from various devices, including laptops and home computers, allowing them to continue working while the company gradually restored the physical hardware. This approach minimized downtime and demonstrated the effectiveness of virtualization as a disaster recovery strategy.
MA Steamship Authority Hit with Ransomware Attack
Yigal and Seth move on to the next topic: a ransomware attack on the Massachusetts Steamship Authority. This attack disrupted their operations, preventing customers from booking tickets online or via phone. Yigal suggests referring to previous episodes for advice on handling such situations.
Seth shares a personal experience of receiving a data breach notification affecting his email address. He promptly changed all associated passwords, emphasizing the importance of password managers for efficiently identifying and updating compromised accounts. He explains that password managers provide better visibility into which accounts are linked to a particular email address, making it easier to mitigate the impact of a breach.
Fujifilm Shuts Down Network in the Wake of Ransomware Attack
Yigal and Seth move on to the next news item: a ransomware attack on Fujifilm. The company shut down parts of its network and external communication in response to the attack. While the success of the attack is uncertain, Yigal recalls a similar incident where a company successfully defended against a cyber attack due to a well-tested incident response plan.
MA Hospital Discloses Ransomware Attack
Yigal and Seth shift focus to a ransomware attack on a Massachusetts hospital in February 2021. The attack compromised patient medical and financial data, and the hospital ultimately paid the ransom to prevent data leakage.
Seth expresses frustration over the delayed disclosure, emphasizing the lack of transparency and the disadvantage it poses for individuals and businesses affected by the breach. He argues for regulations mandating timely disclosure, citing the Equifax breach as an example.
Seth points out that the attack also hurt other healthcare providers who worked with the hospital, showing a supply chain attack. He says it’s important to keep the whole chain of suppliers safe, reminding us how Twitter was hacked through their air HVAC system.
Update Available for WordPress Anti-spam Plugin
Yigal and Seth move on to discuss a security update for the WordPress anti-spam plugin, Akismet, by CleanTalk. This update addresses an SQL injection vulnerability that could expose sensitive data on over 100,000 websites. Users are advised to update the plugin to the latest version.
Seth explains that SQL injection isn’t a new vulnerability and suggests that the plugin creators may have overlooked essential security practices. He recommends conducting thorough web application security testing, including code reviews, to identify and address such vulnerabilities before releasing plugins publicly.
Seth adds that WordPress users should enable automatic updates for their plugins to avoid security issues. He points out that a good firewall, like Wordfence, could have prevented this particular SQL injection vulnerability.
He then talks about how WordPress plugins, while they add new features to websites, can also make them less safe. This is because they can have vulnerabilities that hackers can use.
Marketing Department Managing Website Security?
Seth shares a conversation with a potential client who revealed that their marketing department manages the company website. Seth expresses concern, as marketing departments typically lack expertise in website security. He believes the responsibility for website operations, including security, should fall under the IT department’s purview.
Yigal agrees, adding that marketing’s role should be limited to updating content, not managing the technical aspects of the website. Seth proposes a shared responsibility model where marketing handles content while IT or security personnel ensure the website’s functionality and security.
Seth reflects on his experience managing data centers, emphasizing the importance of IT control over anything with an external connection. He believes IT should handle all back-end operations, regardless of the size of the department.
Yigal then hands the floor over to Seth.
The Three Foundations of Cybersecurity, According to Seth
Seth talks about the importance of the three foundational elements of cybersecurity: password management, patching, and backups. He explains that these basics are crucial because only a small fraction of problems stem from hardware or technology issues. Most problems arise from policy, procedure, and human error.
1. Password Management
He further explains how password managers can help mitigate the human factor by allowing for unique and complex passwords across different platforms. He recounts how hackers exploit breaches, using leaked credentials from one platform to access other accounts of the same user. They test various combinations of usernames and passwords across different websites and services, attempting to gain unauthorized access to sensitive data.
Seth points out that some hackers automate this process, using tools that can test hundreds of credentials in a matter of seconds, highlighting the speed and sophistication of modern cyberattacks.
Seth explains how hackers use automated tools to exploit compromised credentials. These tools can rapidly check numerous business-related platforms, CRM systems, financial institutions, and social media accounts using the stolen credentials. This allows them to quickly identify vulnerabilities and potentially gain unauthorized access.
Seth stresses the importance of password managers in reducing the risk of compromised accounts. These tools help users identify affected platforms and change passwords quickly, minimizing the impact of a breach.
2. Patching
Seth transitions to discussing the importance of patching, highlighting the availability of numerous patching tools. He recommends a specific tool called “Patch My PC,” which offers both free and paid versions for businesses. Seth explains how the tool simplifies patching by clearly indicating which applications need updates and which are up-to-date.
He further notes the importance of patching all software, including operating systems, applications, and drivers, particularly for Windows machines.
3. Backups
Seth explains the difference between online storage (like Dropbox) and true backup services. He explains that while platforms like Dropbox offer storage, they aren’t responsible for data integrity if their service fails. In contrast, backup providers guarantee data recovery in case of failure.
For businesses, he recommends enterprise-level backup solutions like Backblaze, Datto, and StorageGuardian. These services can perform bare-bones backups, enabling restoration to a clean machine in case of a ransomware attack or other issues. This includes wiping the hardware and restoring data, ensuring a full recovery even from sophisticated threats like Jackware.
Seth puts the need for disaster recovery planning, which involves multiple layers of preparation beyond just file backups. He explains that disaster recovery addresses scenarios like site outages, natural disasters, or events like the COVID-19 pandemic, where accessing physical locations becomes impossible.
Seth stresses that disaster recovery planning is ineffective without a solid foundation. He compares securing a house to cybersecurity, where advanced security measures are pointless if basic precautions are ignored. He recommends starting with the three cybersecurity basics: password management, patching, backup and disaster recovery planning, which are cost-effective investments for any business.
Hardware-Agnostic Backups
Yigal adds to the discussion on backups and restoration, highlighting the importance of being able to restore to different hardware. He mentions the potential impact of supply chain disruptions on hardware availability, using the example of tensions between Taiwan and China affecting chip supplies. He stresses that good backup solutions should enable restoration to any available hardware, even if it’s a different brand.
He also discusses patching, emphasizing the need to enable patching within Windows and manually update drivers. Yigal points out that while automatic patching is convenient, it doesn’t cover all updates, such as BIOS updates, which can be more complex to install.
He mentions that some software, like Chrome and Adobe Acrobat, have built-in auto-update features, making it easier to keep them up to date. But, he cautions that automatic updates can sometimes cause compatibility issues. Despite this, he asserts that it’s better to experience temporary glitches due to updates than to risk a cyberattack and its potentially devastating consequences.
Virtualization for Disaster Recovery & Backup
Seth brings up the topic of virtualization as a valuable tool for backup and disaster recovery. He mentions that enterprise-level backup solutions often allow users to restore their systems to different types of equipment, providing flexibility in case of hardware failures or unavailability. Additionally, virtualization can be used as a temporary solution while waiting for replacement hardware.
He shares an example of a company that successfully virtualized their entire infrastructure after a ransomware attack, enabling employees to work from various devices while the physical hardware was being restored. He also mentions a personal anecdote about an employee whose laptop was damaged at an airport. The company quickly virtualized the laptop, allowing the employee to continue working seamlessly until a replacement arrived.
Yigal chimes in, confirming that his company also utilizes virtualization for their workstations. Sensitive information is stored within the virtual environment and encrypted, requiring multiple passwords for access. Virtualization software can have vulnerabilities, but exploiting them is difficult.
Yigal asserts the concept of layered security, comparing it to an onion. Security involves multiple layers of protection, making it harder for attackers to penetrate.
Human Factor
Seth says that the human factor is a major issue. “The reason I say that is that people can make mistakes and not realize it.”
He then tells a story about a politician who accidentally showed his secret login info while taking a picture of his computer screen. It was on a sticky note right there! This info was all over the internet in no time, which shows how bad these mistakes can be. Seth warns everyone to be careful and not do the same thing.
Seth recalls another incident he saw on a TV program where a network password was inadvertently displayed on a whiteboard in a data center during an interview. The mistake wasn’t noticed until after the program aired, by which time the password had been changed. However, he points out that the situation could have been disastrous if the program had been broadcast live.
Seth insists that businesses can do antivirus, EDR and MDR, but they can build upon the three cybersecurity basics and then go “whichever you want to go”.
Yigal agrees, adding that it’s essential to have at least two separate locations for storing backups. This ensures redundancy and the ability to access backups even if one location is compromised or inaccessible.
We invite you to join us for future episodes and livestreams of The Cybersecurity Insider, where we’ll get into more cybersecurity topics and feature expert presentations. You can catch up on past episodes and stay tuned for new ones on YouTube, Apple Podcasts, and Spotify.
FBI Says REvil Ransomware Group Responsible for JBS Attack
MA Steamship Authority Hit with Ransomware Attack
Fujifilm Shuts Down Network in the wake of Ransomware Attack
MA Hospital Discloses Ransomware Attack
Update Available for WordPress Antispam Plugin
And Seth’s three low-hanging fruit.
Yigal Behar TheCyberSecurityInsider podcast@TheCyberSecurityInsider.com
