attack

Article Dean Dorton

Cyber criminals are exploiting a previously unknown remote code execution vulnerability (CVE-2021-40444) in Windows 10 and many Windows Server versions that may allow a remote attacker to take control of an affected system when users open a malicious document or browse a malicious website. This vulnerability has been detected in exploits in the wild.

There is no patch available yet but Microsoft has published a work around until a patch is released.

Dean Dorton encourages users and administrators to review Microsoft’s advisory and to implement the mitigations and workarounds.

For a direct link to Microsoft’s Advisory, visit the link below:

Learn More

Gui Cozzi
Cybersecurity Practice Lead

Article Dean Dorton

Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, also known as, PrintNightmare. This security update is meant to patch a hole in the Windows Print Spooler service, which allows multiple people to access the same printer.

To summarize the threat, per Microsoft, a remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The PrintNightmare flaw lets any attacker with a domain account easily take over Active Directory. Microsoft itself said “domain controllers are affected if the print spooler service is enabled.” All client systems and servers that are not domain controllers are impacted too. Failure to update systems against PrintNightmare can result in a total loss of confidentiality, integrity, and availability. Security updates released on and after July 6, 2021 contain protections for the remote code execution exploit.

What should you do? We recommend that you urgently install the July 2021 Out-of-band updates on all supported Windows client and server operating systems, starting with devices that currently host the print spooler service.

Ransomware threat actors will (probably already are) going to take advantage of this flaw. The likelihood that an organization will have their entire network/domain compromised (and ransomed) is more likely in the event of an intrusion if these emergency patches are not applied promptly.

Ransomware is one of the most significant business threats facing most organizations (and a threat that is on everyone’s radar due to recent events). I would recommend emphasizing that being disregardful of this issue will result in a much higher likelihood in complete domain compromise and significant disruption to the business.

Bottom line up front: If you don’t patch this as soon as possible, your entire organization’s network is very likely to be compromised quickly and easily in the event of an intrusion; unless you patch your most critical systems, starting with Domain Controllers, then Member Servers, and then end user Workstations. Need help? Contact us about our cybersecurity services.

For more information on this urgent cybersecurity news, see Microsoft’s cybersecurity update at the link below:

Learn More

Gui Cozzi
Cybersecurity Practice Lead

Article Dean Dorton

An advisory has been released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.

Dean Dorton recommends the implementation of a strong information security program that includes ongoing security risk assessment to assess and remediate any weaknesses that might be exploited by threat actors and to minimize the risk of Ransomware and other cyber threats. Preparedness is critical and incident response playbooks specific to Ransomware should be developed, tested, and updated on a regular basis.

Dean Dorton strongly recommends all Healthcare organizations to review the recommendations included in the link below and to contact us if you need any assistance.

These recommendations include:

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for organization-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multi-factor authentication where possible.
  • Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
  • Implement application and remote access allow listing to only allow systems to execute programs known and permitted by the established security policy.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Audit logs to ensure new accounts are legitimate
  • Identify critical assets; create backups of these systems and house the backups offline from the network.
  • Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.
  • Set antivirus and anti-malware solutions to automatically update.
  • Conduct ongoing security risk assessments. Scan for open or listening ports and mediate those that are not needed.

Cybersecurity Advisory

Gui Cozzi
Cybersecurity Associate Director
gcozzi@ddaftech.com • 859.425.7649

Article Dean Dorton

What does a compliant, secure business look like? The reality is that a compliant, secure business is going to look different based on industry, size of business, type of regulatory environment the organization operates in, and the organization’s risk appetite.

Each organization has the ability to lay the groundwork for future compliance and security. Simple steps facilitate the building of the desired culture. These include:

  • Development of a defined organizational chart.
  • Written policies and procedures for key processes and controls to facilitate consistency and continuity.
  • Routinely educating staff and leadership on the current regulatory environment for your industry.
  • Identifying the key risks to the organization’s continuity and business model.
  • Defining the organization’s risk appetite by specifying what level of risk is acceptable and what level of risk is too high.
  • Defining the information technology environment in which the organization will operate.
  • Identifying disrupters which may materially impact the operational effectiveness of the organization.

Each of the above elements become part of the whole picture of the organization, and are the foundation upon which a compliant organization should be built.

One area which many organizations fail to consider when establishing the above building blocks are the cyber risks to the organization. As technology becomes more prevalent across all industries, and networked devices become the norm, there is an increased risk of cyber incidents.

As noted in the 2018 IBM/Ponemon Cost of Data Breach report, the average cost of a data breach in the U.S. is $7.91 million, but can vary widely depending on the industry in which you operate. As an example, the cost of a single breached healthcare record is at its highest point ever – $408 per record. The cost includes items such as legal fees, incident response, notification costs, loss of reputation, loss of business, remediation costs, etc.

The reputational harm; harm to your clients or customers and other distractions caused by a cybersecurity incident, can devastate the operations of any organization. Cybersecurity is about maintaining the confidentiality of sensitive information, whether that be healthcare data, manufacturing trade secrets, student, or donor data.  Cybersecurity is not just about confidentiality, it is also about maintaining the integrity of your information and maintaining system operations.

Looking to learn more?

Join us for our annual Board Oversight and Risk Management seminar on Wednesday, October 3, 2018 at the Olmsted in Louisville, Kentucky. During the seminar, you will gain a firm grasp of common financial and operational risks that companies and nonprofit organizations are confronted with daily. You’ll learn what you need to do, beyond insuring against the risks, to properly identify and navigate the most serious risks threatening you and your organization. This seminar is ideal for executive nonprofit and private company board members, corporate executives, senior compliance and risk officers, and in-house counsel.

Register Today

For more information on how to build a compliant business, while integrating cyber security and fraud considerations, contact Shawn Stevison or Gui Cozzi at 502-589-6050.

As originally featured in Louisville’s Business First

Article Dean Dorton

By: Jason Miller

“Cybersecurity” has become a buzzword over the last couple of years, especially with more cybersecurity attacks against large companies or corporations that are recognizable by name, but have you really taken the time to sit down and assess your organization’s IT security position?

Many organizations quickly punt the topic of cybersecurity to the IT department. While IT plays a huge role in cybersecurity, it is the responsibility of those charged with organization governance to ensure compliance. Board members and senior leadership should be asking the questions and confirming that the organization is devoting the proper resources and attention to cybersecurity.

“One and done” doesn’t work here

It is critical to understand that cybersecurity is not a one-time project. It is a continual evolution and initiative.

Leadership needs to also recognize there can be substantial costs associated with cybersecurity activities and for some organizations such as colleges and universities, they are not optional. Across the public and private sectors, it is imperative that organizations continue to enhance cybersecurity in order to meet evolving threats to controlled unclassified information and challenges to the security of such organizations.

With the ongoing focus on your organization’s bottom line, it might be tempting to defer projects related to cybersecurity to reduce budgets. However, doing so could put your organization in a position where you are not prepared, or even worse, in noncompliance with certain regulations specific to your industry. Cutting corners on cybersecurity compliance could wind up costing your business more in the end.

The “I’m covered already” approach

When evaluating your cybersecurity preparedness, there are several factors to consider. Let’s take a step back – right now, your priority is your business. You’re buying new technology, investing in new infrastructure and most likely trying to adapt to changing business models like cloud. It’s all good work but it takes time and effort.

Hackers desperately want access to your customer data, employee data, or intellectual property because it’s worth a lot. A single theft could cost your company severe financial damage. And sometimes, in the case of ransomware, all they have to do is lock it down and force you to pay to get it back as you’ve heard about in some of the latest attacks.

Why do you hear terms like “dynamic threat landscape” these days? Because you aren’t facing a group of hacktivists in a basement anymore – you are now facing professionals with a lot to gain.

Your business and the threat landscape around you are ever changing.  It is imperative that your organization conducts an annual cyber risk assessment. This allows the entire organization to consider current and future risks and put forth a plan to mitigate the identified risks.

Some businesses will run out and acquire every new solution they hear about for protecting their organization against cyber risks. While having a multi-layered approach to cybersecurity is important, it is also equally important to have an organized approach and to use tools that are designed to work together.  If your solution is designed properly, you could end up with what we call the security effectiveness gap. As you add more solutions that don’t work together, the complexity exponentially increases. So, every time you add another solution or another vendor, you add another gap – another vulnerability.

A robust cybersecurity solution will:

  1. Stop threats at the edge
  2. Protect users where they work (especially when team members are working remotely or on a personal device)
  3. Find and contain problems fast
  4. Control who gets on your network and from where
  5. Simplify network segmentation
  6. Provide compressive monitoring and detection

…But I have cyber security insurance

That insurance probably doesn’t cover anywhere near what you think it does. Should you invest in cybersecurity insurance? That’s a topic for a different day.

Your business, no matter what size or type, needs to be prepared to handle a cyberattack at a moment’s notice. It is important to work with credentialed professionals with cybersecurity expertise and experience to help you maximize your investment and make sure you have all the appropriate measures in place to keep hackers at bay.

Learn more about Dean Dorton’s cyber security services and solutions for your organization.

As originally featured in Louisville’s Business First

Article Dean Dorton

Are your defenses as resilient as your digital ambitions?

Digitization – creating business value through digitized assets and expanded connectivity – is increasing exposure to cyber attacks. As a result, cyber-risk strategies are under the microscope.

New threat intelligence and trend analysis in the Cisco 2016 Annual Security Report explains advances by the security industry and by criminals. Gain insights into how to effectively combat these threats with increased collaboration, communication, and coordination, and by investing for resilience. You’ll also learn how your security peers assess the state of security preparedness in their organizations.

Report highlights include:

  • How industry efforts have crippled major attacks
  • Shifts in tactics by cybercriminals to make money
  • Expert insights into top vulnerabilities
  • How adaptive, integrated solutions can quicken time to detection
  • An update about the state of enterprise security preparedness

Cisco 2016 Annual Security Report: Achieving Attack Resilience in a Digital Age

Contact Jason Miller (jmiller@ddaftech.com) or David Rice (drice@ddaftech.com) for more information.


View Jason Miller’s Bio