ISA Cybersecurity Partnerships in the News
This week, ISA Cybersecurity was named 2020’s Canadian Regional Partner of the Year by Tenable, leaders in the IT vulnerability and cyber exposure management markets. ISA Cybersecurity has earned Platinum status as an authorized reseller and MSSP of Tenable solutions in both the commercial and government sectors, making them the best choice to collaborate on your implementation.
ISA Cybersecurity is also proud to have been named as a FireEye Platinum partner, demonstrating our commitment and expertise with the award-winning infrastructure security platform.
These announcements come on the heels of the news earlier this year that ISA Cybersecurity was named Proofpoint’s Fastest Canadian Growing Regional Partner in 2020. ISA’s “Trusted Partner” status confirms a reputation of success in working with customers on their Proofpoint implementations, notably with Proofpoint’s industry-leading secure email solutions.
By combining ISA Cybersecurity’s experience and expertise with our Partners’ award-winning technologies, we ensure a tailored, adaptive cybersecurity program built to fit your business and industry needs.
Check Point releases annual cybersecurity report
This week Check Point announced the release of their annual Cyber Security Report. The 2021 edition provides a comprehensive look at how various threat actors have used the COVID-19 pandemic to launch advanced “fifth-generation” attacks against all business sectors.
The report highlights how remote workers were particularly vulnerable targets for threat actors looking to extort or steal data – and often both. Meanwhile, rapid expansion of services to the public cloud is creating increasing dangers as well.
The report covers trends seen in the threat landscape over 2020, presents global malware statistics, reports on several high-profile attacks during the year, and provides a convenient glossary of the most common varieties of malware seen in the wild.
U.K. government releases cybersecurity breach survey and skills gap reports
The U.K. Department for Digital, Culture, Media & Sport recently released its sixth annual cybersecurity breach survey. The report reveals that nearly 40% of businesses and over 25% of charities involved in its survey reported a cybersecurity breach or attack in 2020.
The wide-ranging report suggested that cybersecurity awareness and the use of cyber insurance appeared to be increasing across those surveyed, but confirmed that many organizations are reporting challenges in maintaining threat intelligence, keeping up with patch/inventory management, and balancing the demands of “immediate service continuity” against a backlog of cybersecurity initiatives during the pandemic era.
In an accompanying report released in March, the department revealed its analysis of the skills gap in cybersecurity. This report estimated that 50% of the over 1.2 million businesses surveyed may be deficient in basic cybersecurity competencies; they are lacking the skills, resources, and/or personnel to manage fundamental activities like storing data securely, configuring firewalls, and handling malware incidents effectively.
Over 1/3 of businesses surveyed reported an “advanced skill” gap, and are not conducting important cybersecurity functions like penetration testing, data forensics, and maintaining a sound cybersecurity architecture. A third of businesses also reported a skills gap in incident response capabilities.
Lessons learned from latest home appliance IoT security flaw
In a blog this week, the Cisco Talos Intelligence Group revealed their discovery of two code execution vulnerabilities in an unlikely threat target: a Cosori-brand Smart Air Fryer.
The Cosori fryer is WiFi-enabled, allowing users to control the appliance through an app on their smartphones. Tech-savvy chefs can use the app to start, monitor, and stop cooking; look up recipes and cooking guides; and even track meals over time.
The two documented vulnerabilities (CVE-2020-28592 and CVE-2020-28593) involve remote code execution flaws that could allow an attacker to remotely inject malware code into the appliance. This could – theoretically – allow a threat actor to make unauthorized changes to temperature, time, or operating settings on the fryer.
Since at least one of the two vulnerabilities require physical access to the fryer, the real-world dangers of the bugs are fairly slim. But they do serve as a reminder of the potential for abuse held by IoT devices, providing threats and exposures that are not immediately obvious and could be exploited by a determined attacker.
Indirect threats are also presented by devices like these. The installation and troubleshooting guides for the deep fryer encourage the user to shut off one’s VPN during installation, disable WiFi portal authentication, disable URL filtering, disable MAC address filtering, and open a variety of firewall ports beyond the usual 443 for HTTPS traffic. Adjusting these settings in service of getting the air fryer to work may create more serious security vulnerabilities on other devices or across your WiFi network. Users should proceed with caution when changing any home network security settings, and evaluate whether Internet-enabled air frying is truly a top priority.
Cosori has advised that a firmware patch for the vulnerabilities will be available by April 25, through the VeSync app which is used to manage the air fryer.
Passwordstate password locker app hacked
Click Studios has advised that some patches to their password app Passwordstate have been compromised by unidentified threat actors.
In a series of bulletins posted on their website, the Adelaide, Australia-based software firm advised that any customer that performed an in-place upgrade between April 20, 2021 at 8:33 p.m. UTC and April 22, 2021 at 00:30 a.m. UTC may have unknowingly downloaded a malformed upgrade file. Only the Windows version of the patch process for the application appears to have been affected.
During that 28-hour window, the upgrade processor contained a compromised version of the “Passwordstate_upgrade.zip” file. This zip file contained a DLL file named “moserware.secretsplitter.dll”: after installation of the patch, this DLL file would contact a remote “command and control” server, from which it would request new commands and retrieve additional downloads. With this unauthorized access, the unidentified threat actors had the ability to deploy malware and/or gain full access to the contents of the password store on a client’s site.
Click Studios has released an emergency package that is designed to remove the malware deployed by the attackers. However, since the password caches may have been disclosed, any customer affected is strongly urged to change passwords to any devices or services stored in the application (as well as to the application itself).
Click Studios advises that the number of clients reporting compromise is still fairly low (likely due to the short window of opportunity for compromise), but conceded that infections may climb as customers continue to react to the bulletin.
While there is no indication how many customers were affected, Click Studios website claims “an install base spanning from the largest of enterprises, including many Fortune 500 companies to the smallest of IT shops,” and that its software is used by more than 29,000 customers and 370,000 security and IT professionals.
Danish security firm CSIS has published a detailed analysis of the malware deployed, nicknamed Moserware.