SSL.com

Cybersecurity Roundup September 2022

Many US Airport Websites Have Been Hit with Distributed-Denial-of-Service Attacks

Fortunately, flight safety and logistics do not appear to be affected. The DDoS attacks were allegedly launched by the Russian Hacker group KillNet. Multiple major airports throughout the United States have been affected. Some were without service for more than 9 hours after the hack was discovered.  Killnet is a pro-Russian group that came together after Russia invaded Ukraine. Using DDoS as its attack methodology, the group was successful with its intent. DDoS attacks are where websites get flooded with thousands of requests in a short time. Unable to manage the onslaught of requests, websites become overwhelmed and ultimately freeze up.  Services affected appear to be held to general airport information, parking assessments, location of services, and general scheduling. However, it is looked at by cybersecurity professionals as a wake-up call in light of the war. Click here for additional information. 

SSL.com Response

One way to offset the effects of a DDoS attack is through a CDN, better known as a Content Delivery Network. The SSL.com CDN offering allows customers to disperse their data throughout multiple servers and locations, staging it for faster and more efficient data delivery.  A CDN achieves all of these feats by caching a site’s content (such as images, videos, JavaScript, CSS, and HTML) on proxy servers distributed all over the globe. Content is delivered to end users geographically close to a particular server. Additional information is available here

Uber is in the News for Two Unassociated Incidents: Both of Which are Critical

Uber was recently hacked. The threat actor gained network access through social engineering techniques, including communications with an employee via Slack.  Once inside the network, there was little standing in the hacker’s way, who validated his presence by sending screenshots of email logs, cloud storage reports, and copies of code to known cybersecurity researchers and the New York Times. Uber is known for having some of the best cybersecurity protection. The fact that hackers could penetrate via a social engineering tactic indicates that there is always a vulnerability to be exploited. Companies can tighten this up by increasing employee security awareness, adding red team penetration testing, and more robust system logging and functional analysis. While there is no known solution for total prevention, steps can be taken to harden the company’s defensive posture.  Additional information can be found here.

An Earlier Uber Attack Rears Its Head

One of Uber’s earlier Chief Security Officers – Joe Sullivan, has been found guilty of obstructing a security breach investigation, tampering with a witness, and withholding information from the Federal Trade Commission. The information withheld is part of a massive Uber hack attack that affected the personal information of over 57 million customers in 2016. Sullivan went as far as to reward those responsible by paying them $100,000 to destroy the evidence and keep quiet. The seriousness of this case has reverberated amongst the cybersecurity industry. The U.S Government mandates full disclosure of attacks and data breaches under the Data Breach Notification Act.  Additional information can be found here SSL.com Response: There are many factors involved with Uber and its security posture and many organizations involved in defense-in-depth security architectures.  SSL.com highlights the role of digital identity and trust, along with helping organizations maintain privacy through encryption. Our S/MIME Certificates help protect against debilitating cyber attacks, including email tampering, phishing, pharming, identity fraud, corporate impersonation, and sensitive data leaks. At the same time, our ClientAuth Certificates can be part of a Single Sign On (SSO) solution.  Additional information regarding our solutions can be found here

Protect your personal and organizational email communications with SSL.com’s S/MIME certificates.

CLICK HERE TO BUY YOUR S/MIME CERTIFICATE

CommonSpirit, The Second Largest Hospital System in the United States, Has Been Hacked

Details are slowly emerging regarding a recent cybersecurity attack on the nation’s second-largest healthcare group, CommonSpirit Health. Reported as a security incident, member hospitals are reporting limited use of their EHR Systems and are resorting to maintaining paper files. At the same time, appointments have been canceled, ambulances in some situations have been rerouted, and surgeries postponed. Information is being disclosed on hospital websites per regulations. However, the industry is concerned that the attack is worse than initially thought.  Hospital CIOs quickly point out that this situation is dire for patient safety and care. The technicalities will eventually get resolved and some changes to the system’s security will be implemented. But the eminent problem is ensuring that current and prospective patients’ health is not in jeopardy.  This story is rapidly evolving; we expect more information to be available within the next few weeks. Additional information can be found here.   

SSL.com Response

Cybersecurity action is critical, especially when health and safety are at stake. While the details of this situation are evolving, many hospitals in the CommonSpirit Health network are working with alternate backup systems and using paper files to document patient health and diagnoses. SSL.com products are designed to solidify digital trust for individuals accessing networks. The solution suite is focused on preventing or deflecting security intrusions through encryption, digital trust, and digital signatures. For example, our ClientAuth certificates shield sensitive data and digital assets from malicious actors by ensuring that only verified individuals or organizations are granted secured network access.  Additional information can be found here.

SSL.com ClientAuth Certificates readily protect an organization’s critical systems.

CLICK HERE TO BUY YOUR CLIENT AUTH CERTIFICATE

Microsoft Exchange Servers – Zero Day Threats Being Used to Attack Customer Systems.

Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker,” Microsoft said. While these are bug-related vulnerabilities, it is essential to manage patch updates promptly. 

SSL.com Response:

Maintaining updates to all systems is critical to IT and security infrastructures. It is also good IT hygiene to manage expiration dates and the visibility of licenses and certificates. SSL.com makes it easy to manage an organization’s certificates with SSL.com Manager.  The latest release allows for detailed views of certificates and the ability to create, renew, or delete certificates, regenerate CSRs, update the Windows server root store, and convert certificate formats.

Samsung Hacked, and It’s the Second Time This Year

It’s now coming to light, that in July 2022, Samsung suffered a significant data breach. By Federal regulations regarding disclosure, Samsung indicates personal information may have been compromised, such as name, birthdate, and product registration information. Samsung does not believe that any consumer device code was compromised. However, Samsung has done its diligence in notifying customers through email and a dedicated website of the breach. Here is the link to the Samsung security response page However, in March of 2022, Samsung suffered a more sophisticated breach whereby the source code for authenticating Samsung accounts, algorithms for biometric authentication, bootloaders, and complete source for authenticating accounts were breached. The LAPSUS$ hacking group claimed the attack. The group found a way to bypass Multi-Factor Authentication through social engineering or keylogging. Once inside a network, they typically have undeterred access.

SSL.com Response:

Security policies and ongoing training are critical components of a security architecture. A layered approach provides the best protective shell if there is continuing end-user security education and training. SSL.com is a vital ingredient in a defense-in-depth architecture.  In addition, our email S/MIME Certificate provides encrypted and authenticated communications for both private and public entities. Their use promotes email vigilance amongst users. Our Client Authentication Certificate offers an alternative to two-factor authentication and can be integral to a Single Sign On initiative. ClientAuth Certificates. supports controlled access, shielding sensitive data and digital assets from malicious actors.

SSL.com ClientAuth Certificates readily protect an organization’s critical systems.

CLICK HERE TO BUY YOUR CLIENT AUTH CERTIFICATE

SSL.com Reminders

Did you know that October is Cybersecurity Awareness Month? 

Established 18 years ago, it is a collaboration between government and private industry to raise awareness about digital security. Information can be found here.

OV & IV Code Signing Key Storage Requirements are Changing

With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. The change date is June 1, 2023. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service. Additional information on this change can be found on the  CA/Browser Forum website. Learn more about the SSL.com eSigner solution: https://www.ssl.com/esigner/

Organizational Unit Field for SSL/TLS Certificates is Being Deprecated

August 1, 2022, SSL.com discontinued the use of the Organizational Unit field. This is in response to new guidelines ratified by the CA/Browser Forum. Learn more about this announcement:  https://www.ssl.com/article/organizational-unit-ou-field-to-be-deprecated-by-ssl-com/
Exit mobile version