Stephen Gates, chief research intelligence analyst for NSFocus, says that while drive-by ransomware attacks are a real and growing problem, extortion happens in other ways, and partners need to keep their eyes on the full panoply of extortion methods — including attackers threatening companies with DDoS attacks unless they pay up and demanding payment for not dumping data online.
“Attackers are still stealing data,” he says. While the value of a username and password combination is low on the black market, it could give an attacker access to other systems due to password reuse.
One answer: More use of two-factor authentication.
Gates has insight into global attack trends and defenses. In addition to its Santa Clara U.S. location, NSFocus has offices in Sao Paulo, Singapore, Tokyo and Uxbridge, UK. The company provides a variety of security products to global carriers including China Telecom, data-center hosting firms, four of the five largest global financial services companies, cloud service providers, MSSPs and large enterprises. It recently celebrated a hat trick, winning the Microsoft Bug Bounty Program for three consecutive years.
Gates says the United States is not alone in too little use of multifactor systems. However, he says the Obama administration’s Cybersecurity National Action Plan, which among other recommendations calls for combining a strong password with a fingerprint or a single-use code delivered in a text message, could be impetus to help customers add this layer of security.
“However, without regulation forcing organizations to move beyond simple username/passwords, recommendations only go so far,” says Gates.
For partners, the opportunity is twofold.
Solution providers can help develop policies for use of multifactor systems among end users. Working with a customer to enable it to issue one-time passcodes to its own customers or employees is more specialized, but worthwhile for financial services and hospitality firms, where the capability is becoming standard. He says a text message is usually the easiest and least expensive way to implement two-factor authentication for users.
Gates recommends requiring anyone with an administrator account to use two-factor authentication along with a strong password to log on to the network. Customers should also evaluate employee use of work computers with personal accounts that may be compromised. He cites the Dropbox hack, which gave attackers a trove of 68 million username/password combinations — which are now for sale on the dark web.
Why is that a problem for businesses?
“People tend to use the same passwords multiple times,” he says. And, if a worker logs in to a hacked accounts while at work, it puts the entire organization at risk.
“They’re just one click away from a potential compromise that can easily lead to breach,” he says. “That’s why parts of the U.S. government banned employee access to certain online email services earlier this year. Other organizations should seriously consider doing the same.”
Channel-centric providers including Centrify, Okta and Ping Identity offer multifactor authentication systems – Okta’s Adaptive MFA product starts at $3 per user per month – but Gates warns that partners should check the customer’s data plan.
“Even though almost everyone has free texting, sending hundreds of codes by text message could get expensive,” he said.
Moreover, customers that have not installed web application firewalls should do so.
“They’re specifically designed to keep attackers out of databases,” he says.
NSFOCUS works with its customers and partners on an intelligent hybrid security approach that involves not only cloud and on-premises defenses but real-time access to threat intelligence. The goal is to shorten the window from measure to countermeasure.
“Look at the Wendy’s hack,” he said. “All indications are that someone hung out for six months and planted malware on point-of-sale units to capture credit and debit card data.”
Even so, he says the PCI DSS guidelines have improved and are not just for retailers. Customers without security policies could do worse.
“It’s a good idea for anyone to follow the guidelines in PCI DSS,” says Gates. “We’re not hearing about massive financial institution attacks anymore. Attackers have moved on to easier targets, like health-care facilities. If you look at the statistics, I think it has made a tremendous impact.”
The Other Dell Merger: RSA also joins Dell as part of the EMC buy, and RSA CEO Amit Yoran wants to assure partners and customers that it’s business as usual. In a blog, Yoran promised continued investments in R&D and a renewed channel focus. “It is important to note that Dell Technologies is focused on ensuring the strongest relationship with the partner that our customers prefer to do business with and that each Dell Technologies’ business has an independent partner program and technology ecosystem,” he wrote.
In a related Q&A, RSA refused to speculate on whether it would follow SecureWorks to the IPO stage and said any RSA channel partners that are not part of the Dell reseller program can apply. It added that the merger broadens RSA’s reach and that partners could benefit from cross promotions.
Yoran will stay in his post and report to David Goulden, CEO of the EMC Infrastructure group.
Get Your Mojo for K-12 Wireless: Partners serving the education vertical may want to check out Mojo Networks’ Mojo Enforce, a cloud-based service that transfers credentials and policies for network access and device management from a customer’s Google for Education cloud to its Wi-Fi network, potentially saving time and money.
With the system in place, only devices registered in the school’s Google domain are able to connect to the school Wi-Fi network. Enforce and the integration into Google for Education will be available in Q4 2016, with other integrations coming in 2017. The open beta will begin shortly, and Mojo is signing up beta users now.
Note that the system requires Mojo cloud-managed access points, but as we discuss in this free report, there are worse moneymakers than a managed Wi-Fi offering.
Got WordPress? Unless it’s Version 4.6.1, released Wednesday, it’s vulnerable to several attacks, say researchers. Upgrade now.
2016 Cybersecurity Index: If you have customers (or friends and family) who could use a reality check about the cyber-threats they face, you may want to direct them to a new interactive 2016 Cybersecurity Index site, based on a detailed survey carried out in last month by Kaspersky Labs in 21 countries across the globe.
The index takes three key indicators that are measured every six months and combined estimate the degree of risk to the average internet user: The Concerned Indicator shows the percentage of people who believe they may be targeted by a cyberattack. The Affected Indicator identifies how many people have actually fallen victim during the reporting period. The Protected Indicator shows the number of users who have installed a security solution on the device they use to access the internet.
According to the data, only 21 percent of respondents think they have anything to worry about.
Zero-Day Alert: If you resell Veritas Infoscale and run the Operations Manager software, note that Digital Defense disclosed this week two new vulnerabilities that may allow a cybercriminal to potentially take control of the managed hosts, gaining access to sensitive data and causing significant disruption to operations. Veritas has issued patches; for instructions on how to obtain and apply the updates, contact Veritas technical support.
DDI notes that it offers a free 21-day trial of its vulnerability scanner.
Rapid7 Spots SNMP Flaws: Meanwhile, Dark Reading reports that Rapid7 has discovered that many of the network-management systems partners use to discover and monitor customer gear are vulnerable to attacks via SNMP. The affected vendors are Spiceworks, Ipswitch, Castle Rock, ManageEngine, CloudView, Paessler, Opmantek, Opsview and Netikus.