Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

Russian Hackers of SolarWinds also Breached eMail Security Company. The fallout from the enormous SolarWinds security breach continue to come to light—as will likely be the case for a long time to come. The Wall Street Journal reports that email security provider Mimecast, was separately hacked by the same Russian team the U.S. government has identified as the source of the SolarWinds breach. Important here is that the breach of Mimecast wasn’t directly related to the SolarWinds breach, meaning that the Russian hackers were using multiple methods against multiple targets. The Wall Street Journal reports: “The attack potentially adds thousands of victims to the years long intelligence operation and likely aimed at gaining access to email systems, security experts say. Mimecast, in a Tuesday blog post, said the hackers were able to obtain a digital certificate used by the company to access its customers’ Microsoft 365 office productivity services.”

Notes on a Different Form of Security: U.S. Ranks 3rd in the World for Active Military Manpower. Having spent six years in the U.S. Navy, as a Weapons Systems Technician, I retain a keen interest in our military readiness. So, I was surprised to see the 2021 release from Global Firepower, ranking the active military personnel for 138 countries. The top five countries, and their active service members, being defined by Global Firepower as “those being ready-to-fight” at any given moment are:

1) China: 2,185,000

2) India: 1,445,000

3) United States: 1,400,000

4) North Korea: 1,300,000

5) Russia: 1,014,000

Taiwan, which is seeing increased tension with China, ranks 33rd with a force of 165,000.

Tell the Kids at Home . . . and At Work . . .  to Beware of TikTok Scams. If you’ve got kids . . . or young employees at work . . . remind them that caution is needed when dealing with TikTok (and every other social media platform).  A recent headline in CyberNews tells the story: “This fake TikTok service promises free followers but gives you free malware instead,” which underscores why work computers should be used for work and personal computers used for personal computing. As far as getting free followers, CyberNews says: “Don’t try to buy fake followers on TikTok or anywhere else, especially if it’s free. If it’s too good to be true, especially online, it usually is.”

Know Your Trojan Horses. CSO Online has an important article that bears sharing with employees: “17 types of Trojans and how to defend against them.” The story provides a good review of 17 types of trojan attacks, which in turn provides a timely reminder of the many ways that social engineering and other entry points can be used to install a range of malicious software. Trojans described range from backdoors that allow criminals to take control of computers remotely, to DDoS trojans used to launch denial of service attacks, to mailfinders that steal email address, to password stealing, to ransom trojans and a whole lot more. One of the best defenses against trojans and other forms of malicious software is a user base that is well on educated (and frequently reminded of) the many ways social engineers seek to trick them into allowing the enemy through the digital gates.

A Weekend Trip to the Mall Malware. In past roundups, I’ve written about hackers who have taken advantage of security weak points that emerged as workforces were shifted from office to home. Dark Reading carries an article on a report from cloud security firm Wandera that notes: “As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks.” Two major elements cited were 1) a general loosening of security to make it easier for employees to work from home . . . and 2) the increased use of computers for combined business and personal use. The article quotes Michael Covington, a vice president at Wandera, as saying: “Because personal time and work time blended together, a single device had a greater blend of business and personal applications.” This opened the door for malware. “More than half of organizations, 52%, experienced a malware incident on a remote device, up from 37% in 2019,” according to the report.

Cybercrime Damages Expected to Reach $6 Trillion by 2021 … 7% of World GDP.  Leave it to The CPA Journal to report the cost of cybercrime in terms of World GDP. The Journal cites studies finding a 43% year-over-year increase in the cost of cybercrimes, and notes that “cybercrime will represent approximately 7% of worldwide GDP and will be the third largest component of the world economy, just behind the GDPs of the United States and China.” The article “Auditing for Cybersecurity Risk,” recommends regular security audits, and warns: “Companies must learn to live with cyberattacks as a normal part of daily business. That said, they can significantly reduce the impact of these attacks and protect the digital assets that have more value to businesses than cash in the bank.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.