Cybersecurity Roundup: School Attacks, Kaspersky, Juniper Networks, SafeBreach

School districts are being targeted because of minimal funding and technology.

Edward Gately, Senior News Editor

August 2, 2019

10 Min Read
Security Roundup
Shutterstock

In addition to cities and towns, school districts increasingly are finding themselves under attack by malicious hackers.

Cybercriminals have attacked four school districts in Louisiana, prompting Gov. John Bel Edwards to declare a state of emergency. In South Carolina, the personal information of more than 24,000 current and former Greenville County School District students was exposed by a data breach.

James Slaby, Acronis‘ director of cyberprotection, tells us school districts absolutely are being targeted, as well as municipal governments in general and certain private-industry sectors, notably health care, manufacturing and financial services. The reason that public-sector institutions are an inviting target for ransomware gangsters is twofold, he said.

Slaby-James_Acronis.jpeg

Acronis’ James Slaby

“One, they’re often cash-strapped and unlikely to be well-staffed in the tech and cybersecurity departments, so they’re likelier to have the kind of unpatched security vulnerabilities that many ransomware variants like to exploit,” he said. “Two, cybergangsters love these sectors for the unique pressures on them to pay up quickly. In the public sector, officials face embarrassment and voter outrage if they do not respond swiftly and effectively to restore citizen-facing services and the education of children, both of which are increasingly reliant on online applications.”

Municipal governments across the United States have garnered humiliating headlines in recent months for being caught unprepared for expensive, destructive ransomware attacks, notably Atlanta, Baltimore and several Florida cities, Slaby said.

Terry Ray, senior vice president and fellow at Imperva, tells us because school is about to start, the urgency behind getting them working well is greater than it would be at other times of the year.

Ray-Terry_Imperva.jpg

Imperva’s Terry Ray

“There was a WhiteHat Security statistic from 2012 that I think is still relevant, that ranked industries by their ability to timely correct vulnerabilities in the application code,” he said. “Heavily regulated industries like financial services corrected code quickly. WhiteHat found that 100% of all tested websites in educational institutions had vulnerabilities and more importantly, it took those institutions as many as 340 days on average to fix the vulnerabilities. You might call these vulnerable systems low hanging fruit to the hackers.”

George Anderson, Webroot’s director of product marketing, tells us phishing attacks are becoming more sophisticated and targeted, and it only takes one click to put an entire network at risk. To mitigate future attacks, IT teams must properly audit all machines connected to their networks and the data they hold.

“Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinizing the types of emails they receive,” he said. “This should be underpinned by cybersecurity technology such as email filtering, antivirus protection and sensible password policies. A tricky issue is that very valuable data is on individual students’ laptops/desktops as well as university servers, and the monitoring of access and the high benefit of stolen credentials pose real difficulties for the IT departments — a highly tied-down environment doesn’t match …

… with the knowledge sharing culture of universities. Insider attacks, too, are difficult to stop. So avoiding all the different attack vectors is difficult and expensive and almost counterproductive.”

There’s money to be made from these attacks on both sides of the law, Slaby said. Cybercriminals caused $8 billion worth of damage with ransomware attacks last year, according to Risk Based Security, and a big chunk of that was in ransoms collected.

The rise of ransomware-as-a-service – where smart criminals create the malware, and enlist an “army of dumber criminals” to distribute it – has yielded $250 ransomware kits on the dark web, a pretty low startup cost for the bad guys, Slaby said.

“That means that ransomware is going to continue to grow and hit vulnerable targets like schools and city governments, and rich ones with big stakes in maintaining uptime like banks, hospitals and factories,” he said. “From the good guys’ perspective, there is a lot of value to deliver in helping defend customers against ransomware and other surging malware types. The channel is in a great position to manage this problem; you can attract and retain better security people (by offering them a more interesting variety of projects and a better career path than the typical school district, for instance), and you have scale advantages that let you deliver cyberprotection services more cheaply. It’s a shame that cybercrime is booming this way, but if you’re going to profit from it in any way, better to be on the side of the heroes.”

There’s a huge opportunity for VARs, MSPs and MSSPs to deliver a suite of services that combine all the best anti-ransomware defenses – backup, disaster recovery, leading-edge antimalware defense, secure file sync and share services, and blockchain-based file authentication services, to name just a few — into a “very profitable and sticky” offering, Slaby said.

“And they can wrap other services around them, too, like security awareness training, design and deployment, pen testing [and so on],” he said. “It’s a very ripe time to get into that business, or stretch into it from your existing footprint.”

More and more SMBs, as well as state and local governments, will realize that cybersecurity is something that cannot be covered with a small internal team — and this includes for their school districts, Ray said.

“Organizations that have a web presence, databases, file servers, e-mail, collaboration tools [and so on], simply will not be able to hire experts for all of these security needs,” he said. “They must outsource much of their security to companies that provide the expertise via security professionals that deal with cyberthreats across many companies daily. There has been and will continue to be a lack of skilled cybersecurity professionals available in the industry. Those that can pay the most and provide the best benefits will get the best talent. Much of that talent will be in the business of providing that expertise as a service.”

Financial Malware Reaches 430,000 Users

Kaspersky researchers have discovered 430,000 users faced malware aimed at stealing finances, cryptocurrencies and web-money services in the first half of 2019, 7% more than in the same period last year. More than one-third of those affected were …

… corporate users, double the same figure in the first half of 2018.

Financial malware, commonly identified as banking trojans, is aimed at stealing finances and financial data, as well as providing threat actors with access to user and financial organizations’ assets and machines, making it one of the most lucrative threats for cybercriminals.

Rob Cataldo, Kaspersky’s vice president of U.S. enterprise sales, tells us since phishing emails remain the most common vector of financial malware infection, there are two main complications to consider.

Cataldo-Rob_Kaspersky-Lab.jpg

Kaspersky’s Rob Cataldo

“The first is that cybercriminals are becoming increasingly more sophisticated at creating believable emails that appear to be coming from trusted sources,” he said. “They are spending additional time and resources to eliminate obvious mistakes made in previous cyberattack attempts that instantly tipped off most corporate users into knowing an email was fraudulent. The second challenge is that many users are more concerned with productivity at work than employing a zero-trust mentality that can sometimes require taking an extra step to validate legitimate email sources.”

As is the case with most threats, financial malware’s key motivator is monetary gain, Cataldo said. While governments and business organizations have been investing in new methods to protect financial service providers, malicious users have been investing in sophisticated techniques on how to bypass them, he said.

“As such, so long as these financial malware campaigns continue to siphon funds into the pockets of the criminals or organized crime rings behind them, we can’t expect them to slow down,” he said. “Only organizations who invest in the training, tools and processes necessary to make the cost of breaching their defenses more expensive than the adversaries’ potential payout will dramatically curb this trend.”

To protect businesses from potential financial malware attacks, Kaspersky suggests the following tips for MSSPs and cybersecurity vendors with competencies in these areas:

  • Provide effective cybersecurity awareness training platforms for their customers’ employees, especially those handling financial assets and transactions.

  • Deliver endpoint security platforms that enable customers to identify and implement updates and patches for all software- and forbid the installation of programs from unknown sources.

  • For endpoint level detection, investigation and timely remediation of incidents, the delivery of endpoint detection and response (EDR) solutions can catch even unknown banking malware.

  • Provide timely and comprehensive threat intelligence that can feed into security information and event management (SIEM) and security controls in order to detect modern financial threats.

“We believe employers can also do their part in minimizing successful phishing attacks by incentivizing employees for good behavior rather than penalizing them for oversights,” Cataldo said. “For example, companies could look to formally recognize or even financially reward employees who successfully pass ongoing security awareness trainings or those who report a relevant amount of suspicious emails to their security team over a given time frame.”

Juniper Networks Unleashes Enhanced Connected Security Platform

Juniper Networks has unveiled enhancements to its Connected Security platform, extending security to wherever an application resides — in private or public data centers, as well as IoT deployments.

These upgrades add …

… layers of security to extend the line of sight for security teams to better protect users, applications and infrastructure against advanced threats, according to the company.

Oliver Schuermann, Juniper’s senior director of enterprise product marketing, tells us the enhancements give partners a new opportunity with Juniper Connected Security.

Schuermann-Oliver_Juniper-Networks.jpg

Juniper Networks’ Oliver Schuermann

“First, it gives them opportunity to address customers who have Juniper infrastructure and help them use Connected Security in their security strategy, taking advantage of features such as the SecIntel feeds on the MX Series routers and container security features with the cSRX,” he said. “Second, with our technology alliances, they can differentiate themselves by building true solutions and services around what they consider best of breed, rather than just selling boxes.”

The enhanced platform gives Juniper and its partners a competitive advantage because their products work together, Schuermann said.

“Point players have to rely on other vendors’ integration efforts, as well as protocol support to allow them to block at the port level,” he said. “This means integration, quality assurance and development efforts with many vendors. This is difficult, in particular when other vendors have competing products. Next, the larger players have solutions that sometimes work together, but often have to rip and replace their solutions in certain situations to achieve different feature sets. We work with our own technology, strive for investment protection, as well as work with other infrastructure and security vendors’ equipment. Our partners can offer unique value-added services to their customers by creating solutions with Juniper’s Connected Security.”

SafeBreach Releases New Platform Capabilities

SafeBreach has launched the latest version of its SafeBreach GRID platform, a breach and attack simulation application that uses correlative analytics to identify security gaps and link them to their potential business impact.

SafeBreach GRID provides the data required for mitigation by correlating data from many multistage simulations that run continuously to produce an impact score for each security gap found. Second, GRID ranks exploitable security gaps by potential business impact in a single recommendation matrix. This helps security teams prioritize which gaps to address, and provides recommendations on how to improve security product configurations to minimize the potential business impact of a breach.

GRID also includes a set of risk indicators to help teams track and report on their progress.

“The general idea – both for partners and for customers – is that GRID provides the ability to tackle the most relevant items first and also provides the data needed to remediate them,” said Yotam Ben Ezra, SafeBreach’s vice president of products. “This capability is unique for SafeBreach. For MSSPs, it means a more efficient service and better time to value for their customers. For customers, simply more efficient mitigation.”

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like