Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

“Careless Love? 15% of People use Pet Names as Password.” That’s the headline for a recent CyberNews report on weak passwords, which notes: “Human affection for animal companions knows no bounds. But maybe it should, as research shows that thousands of people put their online security at risk by easily allowing outsiders to guess passwords to their digital locks.” While people might think a pet’s password is private, they can easily forget that their pet’s name was made public in an online post, picture, or mentioned otherwise. The CyberNews investigative team analyzed over 15 billion passwords leaked from multiple data breaches. The research shows that most common passwords are laughably easy to crack, with all-time hits like ‘123456’ topping the list. The article includes a pointer to how to create strong  passwords.

“How to Secure Your Google Account.” That’s the headline of a must-read article in Popular Science.  An important section of the story covers checking the “My Account” screen within Google, and clicking on the “Data & Personalization” tab to make an audit of what Google knows about you. The story reads in part: “You’ll find lots to explore here: You can wipe your Google search history (even if you regularly clear your browser history, Google logs your searches independently), stop Google from tracking your location, and even personalize the sorts of ads you see on Google services.” All of this is good advice. I never log into my Google account from my phone; often clear my Google history in my cache; and if I sign in on my PC, I immediately logout and clear all browser cache. Originally Google had a motto of “Don’t be evil,” but this ethos seems to have been lost along the way. For example, I’ve noticed that the iPhone app of Google continuously re-enables the slider from Off to On for the “Signed-Out Search Activity.” Business owners who advertise should beware that Google Adwords may re-enable you into the Google Partner network displaying paid Google ads on third-party websites, which can cost you hundreds of dollars a week in click fraud, which makes Google even richer. You should check both multiple times per week.

Looks Like the Chinese May Be Hacking the Russians, Too. Some days it feels as if the whole world is trying to hack into our country’s computing infrastructure—government and private sector. So, it was interesting to spot this recent headline in Bleeping Computer: “Suspected Chinese State Hackers Target Russian Submarine Designer.” The article says hackers suspected to be working for the Chinese government have used a new malware called PortDoor to infiltrate the systems of the engineering company that has designed most of Russia’s nuclear submarines. The attackers, apparently searching for submarine designs and other intellectual property, reportedly “used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document.”

Task Force Calls for Aggressive US ‘Anti-Ransomware’ Campaign. A task force attached to the Institute for Security and Technology (IST) has released its report titled “Combating Ransomware – A Comprehensive Framework for Action.” Security Week reports the document represents the work of a coalition of more than 60 experts from various industries, public and private, large and small, including software, government, cybersecurity, financial services, civil society, and education. Security Week notes: “In 2020 alone, roughly 2,400 government organizations, healthcare facilities, and schools fell victim to ransomware in the United States alone. More than $350 million is believed to have been paid in ransom throughout the year, but the actual cost of an attack is far greater than the ransom itself.”

“Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices.” That’s the headline for a recent Threatpost report on vulnerabilities discovered by Microsoft’s Azure Defender security team. Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash. Protecting IoT and industrial devices is essential to preventing attacks on critical infrastructure in both the public and private domains. Fortunately, Microsoft says it hasn’t detected attacks against the vulnerabilities yet. But as Microsoft and other vendors prepare security updates, the company suggests that administrators implement more careful and continuous monitoring of devices on networks “for anomalous or unauthorized behaviors, such as communication with unfamiliar local or remote hosts.”

“Cybersecurity in 2021: Stopping the Madness.” That headline in CSO Online certainly caught my eye. Would sure be nice if 2021 could actually be the year in which the madness of cybersecurity hacks and breaches came to an end. The article begins with a partial summary of the madness: “Just look at the past few months. The SolarWinds caper—the ‘largest and most sophisticated attack the world has ever seen’ according to Microsoft president Brad Smith—gave its Russian perps months of free reign across untold US government agencies and private companies.  . . . Meanwhile, miscreants bearing ransomware have made hospitals their favorite target; in October 2020, six US hospitals fell prey within 24 hours.” The article goes on to declare “Cybersecurity wins the award for Most Dismal Science,” before providing several links to resources that can help better secure our mission critical cyber resources.

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. He is a member of the Florida Police Chiefs Association, and advises law enforcement agencies on cyber security. Pownall serves on several boards and committees and has a strong affiliation with various arts and education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He’s served as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.