Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

Ransomware has Cost the World More than $1 Billion this Year. A report from Group-IB estimates the global cost of Ransomware—including ransoms paid and the cost of recovery—exceeds $1 billion. A report in Help Net Security notes: “Late 2019 and all of 2020 were marked by an unprecedented surge in ransomware attacks. Neither private sector companies nor government agencies turned out to be immune to the ransomware plague.” The report covers more than 500 ransomware attacks in more than 45 countries—with the United States accounting for about 60% of known incidents. Help Net Security writes that the actual damage is likely to be much higher, noting “Victims often remain silent about incidents and pay ransoms quietly, while attackers do not always publish data from compromised networks.”

IoT Cybersecurity Improvement Act of 2020 Passes Congress. Both the House and Senate have approved this measure aimed at strengthening security requirements for the vast world of connected devices, known collectively as the Internet of Things. CSO Online reports that While the bill applies to IoT devices purchased by the Federal Government, it is expected to drive similar security measures for all IoT devices. This is good news for consumers who are increasingly placing IoT devices (like smart doorbells, lighting controls, and thermostats) in their home. And it should also help shore up security for the millions of IoT devices deployed throughout organizations ranging from industrial production to the realm of healthcare, where IoT devices continue to proliferate. Nokia’s Threat Intelligence Lab found that “IoT devices are now responsible for 32.7% of all infections observed in mobile networks, up from 16.17% in 2019.”

Patch Your Browsers.The browser is the main way in which most computer users interact with the outside world of digital information. This makes browsers an attractive target for bad actors. Microsoft, Google, Mozilla Firefox and other browser publishers invest heavily in continual security to identify—and then patch—vulnerabilities. However, the weak spot is often at the user level—where updates aren’t applied. Dark Reading carries an article about Researchers at Menlo Security who found that 83% of users run versions of the browser that are vulnerable to recent zero-day attacks identified by Google. The researchers wrote: “These vulnerabilities are only patched if the user updates their app. Since many people don’t have automatic updates turned on, it’s likely attackers could still find success in exploiting these vulnerabilities.” The Menlo Security researchers found that it isn’t just individuals. Dark Reading, reporting on their findings, notes: “Many enterprises have legacy applications that run on older browsers, so it’s not always easy for them to update to the latest version of Chrome.” Here’s a simple step-by-step from YouTube to show you how to check your version of Chrome, and how to update and re-launch if you aren’t up to date. You can do similar searches for Microsoft’s Edge, Mozilla’s Firefox, or whatever other browser you might use.

Windows 7 Gets a Free Security Patch. Yes, Windows 7 was retired and its support ended back on January 14 of this year, but ZDNet estimates that some 200 million PCs worldwide are still using Windows 7 (or even earlier versions). Keeping old operating systems secured can be a challenge. BetaNews writes: “Earlier this month a security researcher discovered a local privilege escalation vulnerability in both Windows 7 and Windows Server 2008 R2. There’s no indication that Microsoft will issue a patch even for organizations that paid for extended support, but the vast majority of Windows 7 users will be left vulnerable.” BetaNews reports that ACROS Security’s 0patch is offering a free patch for this, and other vulnerabilities.

The Pandemic Has Driven Up Security Attacks. Netwrix has released its 2020 Cyber Threats Report which underscores the degree to which bad actors have taken advantage of the pandemic, including attacking digital tools of those working from home. The report is based on interviews with 937 IT professionals. The report notes: “The most common incidents reported since transition to remote work were dependent on the human factor and included phishing, admin mistakes and improper data sharing by employees.” It includes some frightful statistics, including: “85% of Chief Information Security Officers admit they sacrificed cybersecurity to quickly enable employees to work remotely; 48% of organizations reported at least one phishing attack during the first three months of the pandemic; and 25% of respondents suffered a ransomware or other malware attack since transition to remote work.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with several education committees and previously served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as the Vice President on the Board of Directors for Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.