June 2020 Newsletter | Privacy vs. Gov't & Honda Ransomware Attack
Bryce Austin, CISM
Cyber Security Expert & Risk Consultant, Keynote Speaker, Fractional CISO / CIO, Author | Incident Response, Ransomware
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
You can have this newsletter delivered straight to your inbox each month by subscribing here.
This Month's News in Review
Privacy vs. Government
For those that are frequent readers of my newsletter, it’s no surprise to you that I am a fan of privacy. I believe that people should have the ability to communicate with each other with reasonable assurance that no one else is listening in. People should not be profiled by automated facial recognition technology when walking down the street. We have choices for private communications -- the app called Signal is a great solution for encrypted messaging. Issues with facial recognition are harder to deal with. Many public areas are under constant video surveillance, and as such, automated facial recognition represents an incredibly powerful tool. Could facial recognition be considered a weapon? I’m not prepared to answer that question, but interesting developments in this space occurred in the last month. Amazon has announced that they are banning the use of their facial recognition tools by law enforcement groups for one year. IBM has announced that they are abandoning facial recognition technology altogether, citing concerns that mass surveillance and racial profiling are too easy to accomplish with this technology. While I applaud both companies for realizing that just because they can do a certain thing does not mean that they should do that thing, I’m concerned that the genie is already out of the bottle here. As facial recognition technology improves, the issue of not being able to move freely in public will grow. The only real solution I can think of is legislation, but normally such legislation exempts the government that writes the legislation from following it (think of the California Consumer Protection Act (CCPA) that criminalizes selling citizen data without consent, but exempts California’s DMV from that law because they make $50 million dollars per year doing it). In addition, criminalizing a thing often just pushes that thing underground. The war on drugs is a good example. Revelations from the Snowden papers are good examples. Having said that, Amazon and IBM are taking a stand on the issue, and again, I applaud them both for it.
Note: Both opinions and facts were expressed in the previous paragraph.
Honda Hit with Ransomware
Honda has been hit with a ransomware attack that impacted major areas of the company. While specifics are hard to come by, this much is known: manufacturing plants in the UK, North America, Turkey, Italy and Japan were halted. The ransomware variant used was “SNAKE”, also known as “Ekans”. It appears that the ransomware was customized specifically for Honda in that it checked for the presence of internal Honda network names (domains) before it started encrypting files. Honda has released information such as the tweet below regarding the cyberattack.
Regarding how much this attack will cost Honda, it’s too early to tell. That being said, it’s likely going to be a big number. The keys to defending against ransomware are as follows:
· Strong general cybersecurity hygiene (password complexity, patching of computers, good antivirus software on all computers, etc.)
· Multi-factor authentication on all “administrator” level accounts
· Offline backups that have been tested to ensure they work
· Retiring end-of-life applications that cannot be kept patched against new vulnerabilities
· A documented and tested Business Continuity Plan, or BCP, that details how to recover systems from attacks such as ransomware.
I’m guessing that Honda really wishes they had invested more in cybersecurity before this attack hit. They may have been able to prevent it.
Patching
Patching computers is not a new topic, but sometimes it takes on new importance. In the past month, Microsoft has released their biggest “Patch Tuesday” in history for all current Windows operating systems. In addition, an update for a particularly nasty vulnerability last March (CVE-2020-0796, or SMBGhost for the techies reading this) has now been weaponized in the wild – that is, cybercriminals have published a program that lets people take control of computers that are not patched against CVE-2020-0796. This is bad for those that have not patched their computers.
· It is critical to set your home computers to auto-patch themselves, both Windows and Macs.
· It is critical to set your mobile device to auto-patch themselves and their applications, both Apple and Android devices.
· It is critical to retire computers that are so old that they have end-of-life operating systems (Windows 7 and older for PCs, Mac OS 10.12 “Sierra” for Macs).
· It is critical to retire mobile devices that cannot run the latest iOS or Android version.
Until next month, stay safe!
Cybersecurity Tip of the Month: Setting Devices to Auto-Patch
With the number of cybersecurity vulnerabilities being found in recent days and the subsequent patches released for these, I thought it would be helpful to re-share a tip from my October 2019 newsletter on setting various devices to auto-update. This simple practice can help keep you secure and your devices protected.
How to Enable Automatic Updates for Mac Computers:
1) Launch the Mac App Store on your computer.
2) Click on App Store in the menu bar.
3) Click on Preferences in the dropdown menu.
4) Check the box to the left of Automatic updates.
How to Enable Automatic Updates for Windows 10:
By default Windows 10 will update your computer automatically. You can also choose to receive updates for other Microsoft products automatically with Windows updates by following these steps:
1) Go to Settings and choose Update & Security from the start menu.
2) Select Advanced Options.
3) Turn on Receive updates for other Microsoft products when you update Windows.
How to Enable Automatic App Updates for iPhone and iPad:
1) Open the Settings app on your iPhone or iPad.
2) Go to iTunes & App Store.
3) Under the ‘Automatic Downloads’ section, look for Updates and turn that switch to the ON position.
How to Enable Automatic iOS Updates for iPhone and iPad:
1) Go to Settings > General > Software Update.
2) Tap Automatic Updates.
3) Your device will automatically update to the latest version of iOS or iPadOS. Some updates might need to be installed manually.
How to Enable Automatic App Updates for Android Phones:
1) Open Google Play Store.
2) Touch the hamburger icon in the top-left, swipe up and choose Settings.
3) Under General, tap Auto-update apps.
4) If you want updates over Wi-Fi only, choose the third option: Auto-update apps over Wi-Fi only.
5) If you want updates as soon as they become available, choose the second option: Auto-update apps at any time.
6) Remember, as Google informs you with the latter one, app updates will be downloaded over mobile data, which will eat into your cellular plan. Be sure that’s what you want.