Why Governments Should Invest in Cybersecurity

CyberSecurity

Photo by Field Engineer from Pexels

Cybersecurity is on the minds of every decision-maker in major organizations on the planet. Digital transformation, identity transformation, zero-trust security, and identity and access management are terms you hear talked about by IT and C suite level professionals all the time.

It is not just the private sector that is concerned about cybersecurity. The government also is investing in cybersecurity. There are several reasons why this investment is a must.

Cybersecurity Threats Are Increasing

Cybersecurity threats are increasing at a rate that has never been seen before. One reason for these increases is the changes in work environments due to the COVID-19 pandemic. More government employees are working from home than ever before. Bad actors are taking advantage of the fact that people are working from home to breach their systems, thereby gaining access to government systems.

Cyber attacks are not being carried out by just a random person in their basement. There are government organizations that are actively backing cyber attacks against other governments. These cyber-attacks have led to lost information, disruption of utilities, and potential national security breaches.

Cybercrime not only means big money for cybercriminals, but it is also giving them away to strike at major government organizations they would not be able to attack otherwise. The financial and reputational consequences of data breaches on governments are difficult to calculate. It is expected that the number of cyberattacks that target the government will rise drastically over the next few years.

This will lead to loss of productivity, theft of intellectual property, fraud, government disruption, and hacked data. This is why governments must invest in cybersecurity.

Cyber Attacks Are Increasing in Severity

It is not just the number of cyber attacks that are growing in intensity. It is also the degree of attacks. They are becoming progressively more destructive and impacting greater attack vectors.

It is not just government institutions that are at risk. Politicians are at risk. In the 2016 election, one of the biggest talking points was that one of the candidate’s emails was hacked and became front-page news during her presidential campaign. This is just one example of politicians who have access to sensitive information becoming the victims of cybercriminals.

Webmethods is one of several platforms designed to help government agencies secure important data while simultaneously allowing those with the right provisions to access data when and where they need it. It allows governments to leverage information to improve service levels. It allows increased transparency between agencies and improves digital and online services.

The threat posed by cyber attacks on the government has not been lost on those tasked with keeping the country safe. In 2018, the chief of homeland security said that cybersecurity was the biggest threat the country faced. In that same year, the government released a defense policy bill that focused on cybersecurity. It called for stronger security measures to protect against cyber threats.

In 2020, a bipartisan group of senators introduced the 2021 National Defense Authorization Act. According to this act, the US Department of Homeland Security will appoint cybersecurity coordinators for each state. The thought behind this is that state governments need to have the same protection and cybersecurity coordination as seen in federal governments. Unfortunately, state governments lack the know-how and the financial resources to secure their cyber landscape adequately.

Is Cybersecurity Important for Governments?

The answer is unquestionable: yes. The private sector is investing billions of dollars every year in cybersecurity because they know that it impacts customer trust. Governments are doing the same thing because they want to increase the trust and confidence of their constituents.

Recently, ransomware brought the flow of gas the certain parts of the United States to a halt. The result was that gas prices skyrocketed to a level that has never been seen before. There was panic, fear, and frustration. The news was full of images of people hoarding gasoline. There were gas stations with signs on the pumps declaring that they were out of gas. It was an unprecedented and harrowing situation.

Conclusion

Cybersecurity is a must for governments. If governments do not immediately take steps to improve security awareness and shore up cybersecurity vulnerabilities, the results for the governments and their constituents could be catastrophic.

Read more >

Windows Update April 2021 Edition

Patches

Patch Tuesday includes updates patching 110 vulnerabilities, of which 88 are important and 19 critical. There are 19 Elevation of Privilege, 17 Information Disclosures, 55 Remote Code Executions, 9 Denial of Service, 6 Security Feature Bypass, and 2 Spoofing Vulnerabilities patched with this update.
Some of the most interesting patches are yet another update of the Microsoft Exchange server. Some of these vulnerabilities were brought to you courtesy of the NSA rating the high end of the CVSS rating system at 9.8 each. The other two rank 8.8 and 9.0 respectively. All Four of the vulnerabilities that affect the Microsoft Exchange server are considered critical Remote Code Execution vulnerabilities, but also are labeled to include High Compromise in Confidentiality, Integrity, and Availability of the affected product. These Microsoft Exchange server vulnerabilities are addressed in CVE-2021-28480(9.8), CVE-2021-28481(9.8), CVE-2021-28482(8.8), and CVE-2021-28483(9.0). These affect Microsoft Exchange server versions 2013, 2016, and 2019.
The CISA has issued an alert to Patch Microsoft Exchange Servers Immediately and wishes to clarify these patches are in ADDITION to the Patches from last month and are just as dangerous, but just have not been exploited yet.
The update patch for Windows 10 does have some interesting updates. One update includes a patch which “(a)ddresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers … This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerformTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, “KRB_GENERIC_ERROR”, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.”
Another patch resolves an issue in CVE-2020-1036 brought up by a security researcher concerning the RemoteFX vGPU feature and this patch actually deprecates the feature. Microsoft if wanting to use vGPU use the Secure vGPU feature that is included in the Discrete Device Assignment (DDA) in Windows Servers 2016 and 2019.
An elevation of privilege vulnerability addressed in CVE-2021-27092 This is an Azure Active directory Web sign-in vulnerability which “allows arbitrary browsing from the third-party endpoints used for federated authentication”.
CVE-2021-28310 is a “Win32k Elevation of Privilege Vulnerability” in the Windows Desktop Manager discovered by Boris Larin of Kaspersky which is currently being exploited in the wild with a CVSS score of 7.8. This vulnerability is an out of bounds write vulnerability in the Desktop Windows Manager that allows an attacker “to write controlled data at a controlled offset using DirectComposition API. DirectComposition is a Windows component that was introduced in Windows 8 to enable bitmap composition with transforms, effects and animations, with support for bitmaps of different sources (GDI, DirectX, etc.) ”. Full writeup of this vulnerability is in Boris’ blog post here.
There are a total of 27 Vulnerabilties in the Remote Procedure Call Runtime with 15 Important and 12 Critical Impacts listed. All of these vulnerabilities are remotely exploitable and all have a CVSS score of 8.8. A remote attacker maybe able to make a specially crafted RPC request that allows for Remote Code Execution on the targeted machine. It is possible that the higher Criticality levels of these RPC vulnerabilities are for higher privileged access, though it is unclear due to the description of these vulnerabilities provided by Microsoft. Microsoft has listed Yuki Chen as the security researcher who found 26 of the 27 vulnerabilities.

Important Critical
CVE-2021-28434CVE-2021-28343
CVE-2021-28358CVE-2021-28339
CVE-2021-28357CVE-2021-28338
CVE-2021-28356CVE-2021-28337
CVE-2021-28355CVE-2021-28336
CVE-2021-28354CVE-2021-28335
CVE-2021-28353CVE-2021-28334
CVE-2021-28352CVE-2021-28333
CVE-2021-28346CVE-2021-28332
CVE-2021-28345CVE-2021-28331
CVE-2021-28344CVE-2021-28330
CVE-2021-28342CVE-2021-28329
CVE-2021-28341 
CVE-2021-28340 
CVE-2021-28327 
Remote Procedure Call Vulnerabilities

A couple of Windows Media decoder vulnerabilities in CVE-2021-27095 and CVE-2021-28315 allow for an attack to host a specially crafted website and trick a user into visiting it to exploit these vulnerabilities. These vulnerabilities rank a 7.8 on the CVSS rating system. These Vulnerabilities were discovered by yangkang(@dnpushme)
There is an Azure Active Directory Web Sign-in vulnerability addressed in CVE-2021-27092 “Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication.” This vulnerability has been assigned a CVSS score of 6.8.
Other windows component updates include Microsoft Office, SharePoint, DNS Server, Microsoft Edge (Chromium), Windows Speech, Windows Diagnostics Hub, Visual Studio, AppX Deployment Extensions, Event Tracing, Windows Installer, Windows Kernel, Windows Resource Manager, Portmapping, Registry, Remote Procedure Call Runtime, NTFS, Network Files System (NFS), SMB, and TCP/IP.
Microsoft removed the old Microsoft Edge web browser in this update, if it hasn’t already been removed and installed the new Microsoft edge in its place.
Also a note, if you are using Windows 10 version 1909 it goes end of life next month at the next windows update Patch Tuesday. So, may be a good time to upgrade your version 1909 to the latest version of windows 20H2.

Sources:
https://krebsonsecurity.com/2021/04/microsoft-patch-tuesday-april-2021-edition/


https://www.zdnet.com/article/microsoft-april-patch-download-covers-114-cves-including-new-exchange-server-bugs/


https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr


https://msrc.microsoft.com/update-guide/


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28481


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28480


https://www.ghacks.net/2021/04/13/microsoft-windows-security-updates-april-2021-overview/


https://support.microsoft.com/en-us/topic/april-13-2021-kb5001330-os-builds-19041-928-and-19042-928-cead30cd-f284-4115-a42f-d67fec538490


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28315


https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27095


https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/


https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617


https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/

https://us-cert.cisa.gov/ncas/current-activity/2021/04/13/apply-microsoft-april-2021-security-update-mitigate-newly


https://securityaffairs.co/wordpress/116767/uncategorized/exchange-server-flaws-nsa.html


https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/


https://www.computing.co.uk/news/4029847/microsoft-patches-zero-day-bugs-april-2021-patch-tuesday-update


https://www.tomsguide.com/news/microsoft-patch-tuesday-april-21

Read more >

533 Million Facebook accounts exposed Phone numbers, Facebook ID, and other sensitive data

Data Breach

Data from FaceBook Hack Re-emerges its ugly head with free give-a-ways of the data on the Dark Web / Hacker Forums

On April 3, 2021, Alon Gal, the CTO of Hudson Rock (which is a cyberintelligence firm), reported via twitter that 533 Million records of Facebook users Is posted in a Hacker forum for free.

According to Facebook via a Bleeping Computer Article, this is a hack from August 2019.

Facebook told Bleeping Computer “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019”.

Facebook responded to this news stating that the hack is not new and they have already fixed the problem with the “Add a Friend” feature that allowed the phone #s and other data out.

It is unknown at this time if this “Add a Friend” feature gathered all the information, or if the phone #s were just added to an already existing scrape of Public Profile data. The hacker used to sell the information via a bot using Telegram messaging for just a few dollars a record. The data maybe from 2019, however, most people have not changed or cannot change the information that is in Facebook such as FaceBook ID, Birth Dates, Full names, Locations, Previous Locations, Phone numbers, Employers, some email addresses, and provided Bios from the user.

Even the Facebook Founders Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz are also included in the breach showing most of the above information. But, now the Hacker is offering the information for free.

Hacker claims 106 countries were affected including the Egypt with 44 million, Italy 35 million, United States with over 32 million, United Kingdom 11.5 Million, India 6 million, Turkey 19.6 Million, Tunisia 39 Million, Mexico 13.3 Million, Germany 6 million, Saudi Arabia 28.8 million and many more records stolen from many other countries.

If you would like to see if you have been affected by this breach, Haveibeenpwned also has the information. HaveIBeenPwned is a good site to find if your information is included in a breach or not. The site also gives pertinent information about the breach and what information was exposed and when. However, the site was recently only searchable by email address. Since only 2.5 million email addresses were included in this breach, HaveIBeenPwned has now added international phone numbers to the search for breaches so you can see if you have been affected by this breach by phone or by email.

Sources / More Information

https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/

Data of 533 million Facebook users leaked in a hacking forum for free

https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T

Facebook’s response to Saturday’s news of a huge data leak was so awful

https://www.msn.com/en-us/news/technology/how-to-check-if-your-facebook-account-was-hacked-in-the-massive-breach/ar-BB1fjIHM

https://www.vice.com/en/article/xgz7bd/facebook-phone-numbers-bot-telegram

https://haveibeenpwned.com/PwnedWebsites#Facebook

Previous Breach Information

A huge database of Facebook users’ phone numbers found online
Read more >