CYBER SECURITY CONSULTING SERVICE AWARDS AND RECOGNITIONS
CyberSecOp's comprehensive managed security services, cyber security consulting, professional services, and data protection technology are recognized as industry-leading threat detection and response solutions by major analyst firms, key media outlets, and others.
NSA Reported a Critical Flaw in Microsoft Windows 10
The National Security Agency recently discover a vulnerability in Microsoft’s Windows 10 Operating System, NSA worked with Microsoft to issue patches and publicly raise awareness instead of using the flaw for its intelligence gathering.
On January 14, Microsoft released a set of patches for the Windows platform. While all of the issues addressed in the patch release are serious, this article will discuss one of them: CVE-2020-0601. Above anything else, we urge everyone to take action and patch their systems.
(CVE-2020-0601) affecting Microsoft Windows®1 cryptographic functionality.
The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. The exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples, where validation of trust may be impacted, include:
HTTPS connections
Signed files and emails
Signed executable code launched as user-mode processes
Vulnerability
CVE-2020-0601 is a serious vulnerability because it can be exploited to undermine Public Key Infrastructure (PKI) trust. PKI is a set of mechanisms that home users, businesses, and governments rely upon in a wide variety of ways. The vulnerability permits an attacker to craft PKI certificates to spoof trusted identifies, such as individuals, web sites, software companies, service providers, or others. Using a forged certificate, the attacker can (under certain conditions) gain the trust of users or services on vulnerable systems, and leverage that trust to compromise them.
Microsoft explanation of the vulnerability
Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.
Microsoft Windows Crypto API fails to properly validate certificates, which may allow an attacker to spoof the validity of certificate chains. This vulnerability may not seem flashy, but it is a critical issue. Trust mechanisms are the foundations on which the Internet operates.
Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA’s involvement. Microsoft and the NSA both declined to say when the agency privately notified the company.
Mitigation Actions
NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems. In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services. Examples include:
Windows-based web appliances, web servers, or proxies that perform TLS validation.
Endpoints that host critical infrastructure (e.g. domain controllers, DNS servers, update servers, VPN servers, IPSec negotiation).
Prioritization should also be given to endpoints that have a high risk of exploitation. Examples include:
Endpoints directly exposed to the internet.
Endpoints regularly used by privileged users.
Administrators should be prepared to conduct remediation activities since unpatched endpoints may be compromised. Applying patches to all affected endpoints is recommended, when possible, over prioritizing specific classes of endpoints. Other actions can be taken to protect endpoints in addition to installing patches. Network devices and endpoint logging features may prevent or detect some methods of exploitation, but installing all patches is the most effective mitigation.
Cyber Attack Bulleting
1) FBI, DHS issue bulletin warning of potential Iranian cyberattacks.
The FBI and Department of Homeland Security (DHS) issued a bulletin to law enforcement groups last week Wednesday warning of the potential for Iran to target the U.S. with cyber attacks in the wake of raised tensions following the death of Iranian General Qassem Soleimani.
2) 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete. According to the same survey, 80% of hackers say “humans are the most responsible for security breaches”.
3) Traditional perimeter-based security is not enough for cyberattacks.
According to CyberSecOp Data Breach Investigations Report, over half — and trending toward 100% — of recent data breaches were due to compromised credentials.
4. There is a cyber attack every 39 seconds.
By the time the average person takes a selfie and uploads it to Instagram, the next hacker attack has already taken place.
FBI, DHS, DFS, & NFA Information Security Alert
There is a current heightened risk of cyber attacks from the Iranian Government, which has vowed to retaliate against the United States for the death of Qassem Soleimani. Given Iranian capabilities and history, U.S. entities should prepare for the increased possibility of cyber-attacks.
What is most concerning about Iran's cyber-attack history, is that it particularly targets the U.S. financial services industry. In June 2019, the U.S. government advised that it observed a “recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” Iranian attackers are increasingly using highly destructive attacks that delete or encrypt data.
Dept. of Financial Services (DFS), Dept. Of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) strongly recommend that all U.S. entities heighten their vigilance against cyber attacks. All entities should be prepared to respond quickly to any suspected cyber incidents. Historically, Iranian-sponsored hackers have primarily relied on common hacking tactics such as email phishing, credential stuffing, password spraying, and the targeting of unpatched devices.
DFS, DHS, and the FBI recommend that all entities ensure all vulnerabilities are patched/remediated (especially publicly disclosed vulnerabilities). It is also important to ensure that employees are adequately trained to deal with phishing attacks; implementation of multi-factor authentication; disaster recovery plans are reviewed and updated, and prompt response to further alerts from the government or other reliable sources is provided. It is particularly important to ensure that any alerts or incidents are given a prompt response (even outside of regular business hours). Iranian hackers are known to prefer attacking over the weekends and at night - precisely because they know that weekday staff may not be available to respond immediately.
Cyber Security Bulletin
1) FBI, DHS issue bulletin warning of potential Iranian cyberattacks.
The FBI and Department of Homeland Security (DHS) issued a bulletin to law enforcement groups last week Wednesday warning of the potential for Iran to target the U.S. with cyberattacks in the wake of raised tensions following the death of Iranian General Qassem Soleimani.
2) 73% of black hat hackers said traditional firewall and antivirus security is irrelevant or obsolete.
According to the same survey, 80% of hackers say “humans are the most responsible for security breaches”.
3) Traditional perimeter-based security is not enough for cyberattacks.
According to Verizon’s Data Breach Investigations Report, over half — and trending toward 100% — of recent data breaches were due to compromised credentials.
4. There is a cyber attack every 39 seconds.
By the time the average person takes a selfie and uploads it to Instagram, the next hacker attack has already taken place.
For more information or if you have any concerns over heightening cybersecurity at your firm, please contact us at Support@cybersecop.com