Follow ISA on LinkedIn to get notified of the latest cybersecurity news.
Microsoft Exchange Server vulnerability update
According to a Check Point report, hacking attempts related to the recently-announced Microsoft Exchange server vulnerabilities are still increasing dramatically, nearly two weeks after the announcement of the flaws in the widely-used email platform. This past weekend alone, the number of exploits multiplied sixfold, with the greatest numbers of targets reported in the United States, the Netherlands, and Turkey. As late as March 10, Palo Alto Networks still estimated that there were 100,000 to 125,000 unpatched Exchange servers visible on the Internet, over a week after the disclosure. A new report in Security Boulevard suggests that some researchers have found at least ten APT groups using Exchange Server exploits as part of their attack, and there is now ransomware nicknamed “DearCry” using the Exchange Server vulnerabilities as part of its deployment.
It is imperative that you evaluate your Microsoft Exchange platforms and patch your servers immediately. On-premise versions of Exchange Server 2019, 2016, 2013, and 2010 may be affected. However, the four vulnerabilities do not affect cloud services like Office 365 or Exchange Online.
Note that merely patching your servers is not a complete solution: it is vital that you scan your system for indicators of compromise (IOCs) in order to confirm that your system was not breached and hackers aren’t lying in wait for an opportunity to do more damage using malware deployed during the two months since the vulnerability was identified.
Microsoft has published complete instructions and guidance on their blog, and security news outlet ZDNet has published an “all-you-need-to-know” guide for the Exchange Server incident. You can also contact ISA directly for further advice and assistance if necessary.
Ontario Government announces funding boost for programs with ties to cyber education
In a statement released March 10, the Ontario government pledged $39.5 million (CDN) of support to non-profit, national research organization Mitacs to “create up to 8,000 paid innovative research internships and upskilling opportunities for postsecondary students, postdoctoral fellows and recent graduates”.
Mitacs internships are paid learning placements that last four months and may be online, on-site or a combination of both. “There are tens of thousands of well-paying, high-skilled jobs going unfilled across the province every day. This funding will help young people who are ready to roll up their sleeves and find their dream careers,” said Monte McNaughton, Minister of Labour, Training and Skills Development in the statement.
This exciting news comes on the heels of the announcement that the University of Guelph has signed a memorandum of understanding (MOU) with Mitacs to establish up to 100 positions over the next five years to provide hands-on training with private industry and government partners for students in Guelph’s Master of Cybersecurity and Threat Intelligence (MCTI) program.
The university is holding an information session about the MCTI on March 26. ISA is proud to sponsor the program with guidance and funding, and provided the charter scholarships for the MCTI program in 2019, committing financial support for one female and one male student each year.
MCTI application deadlines for studies in September 2021 are May 1, 2021 for international students, and June 1, 2021 for domestic students in Canada.
Verkada video surveillance systems breached
Video surveillance services company Verkada was the victim of an ethical hack on March 8, with a small group of hackers gaining administrative access to their internal systems.
According to a Bloomberg report, the breach was carried out by an international hacker collective based in Europe. According to Tillie Kottmann, one of the hackers involved in the breach, the hack was reportedly an effort to demonstrate the dangers of excessive video surveillance, and to raise awareness of alleged over-provisioning of admin access to Terkada staff. According to Kottmann, had its motivation been for sabotage or financial gain, the hacking group could have used its control of the video/IoT equipment to access other parts of some of Verkada’s customers’ networks.
The hackers reportedly found online, publicly-available login information for Verkada’s administrative tools last week, and used it to gain to access to a so-called super-admin account that gave them access to over 150,000 live customer feeds, plus extensive archival footage from Verkada customers.
Customer data exposed in the breach included feeds belonging to schools, healthcare facilities, jails, fitness clubs, and technology companies like Cloudflare and Okta, and electric car manufacturer Tesla.
Kottman claimed responsibility for the breach by posting shared screenshots of Verkada’s customer video feeds on Twitter. Two days after the breach was made public, law enforcement raided her apartment in Lucerne, Switzerland, and confiscated electronic equipment. According to the report, the search warrant was apparently related to an alleged hack from last year, and not the Verkada breach.
Verkada acknowledged the breach in a statement on March 9: “This morning we were made aware of a potential security incident involving unauthorized access of some of our products. Our internal security experts are actively investigating the matter. Out of an abundance of caution, we have implemented additional security measures to restrict account access and further protect our customers.”
Most recently, Verkada followed up with a security update from co-founder and CEO Filip Kaliszan on March 12, outlining the company’s current tactics, next steps, and a 100-day plan to regain customer trust.