This past month, we’ve received five times the questions we typically receive. That is awesome! Here are just a few of the ones we received.
Q: Can someone run a ransomware operation from your domain, system, website or wi-fi? I heard someone on a podcast make this claim. That’s scary if true!
A: Yes, this is absolutely possible. If the admin accounts at the domain, on the website, in the system or within wi-fi routers are not secure, cyber crooks can gain access to them and launch ransomware attacks from them. For example, consider a domain that is not effectively secured. Cyber crooks would be able set up ransomware operations under the business domain and use them to attack targeted victims. All the while, it will look like the legitimate business domain is the ransomware originator.
Cyber crooks take advantage of vulnerabilities within webservers associated with domains. One cybercriminal group known as Parinacota took over domains and used the associated services to launch not only ransomware, but other criminal activities, including cryptocurrency mining, email and text spamming and using servers as a proxy for other attacks.
To guard your web servers, systems and routers against being infiltrated by cybercriminals, make sure layers of strong security controls are implemented on them. Use strong authentication that involves multi-factor authentication, encryption and intrusion detection systems. Implement monitoring tools and procedures to make sure you are aware of all the activities and changes going on under your primary domain. Also, provide regular training to admins to ensure they are aware of the latest tactics for taking over webservers.
Q: Are old viruses, such as Michelangelo and Melissa, still a threat?
A: Absolutely. In fact, the Michelangelo virus still activates each year on March 6, and not just on older or previously infected computers. Newer computers that contain files or other data copied from old computers or downloaded from infected websites are also at risk. Melissa, too, is still out there and spreading, but not nearly to the breadth it did originally.
Interestingly, Michelangelo was the inspiration for Rebecca's 1992 work to design and establish the first organizational anti-virus program on record for a Fortune 500 corporation. At the time, Michelangelo, then called the "master of disaster" by information security pros (before the term “cybersecurity” was used) was a huge concern for corporations. The virus threatened to trash hard drives when computers were turned on during the famous artist's 517th birthday. Back then, virus infections occurred largely through hard drives sold by PC stores, infected disks sold by software companies and sneaker-net (people loaning others their discs with the malware, unbeknownst to them).
Melissa is a macro virus that began spreading seven years after Michelangelo on March 26th, 1999. It was the first virus to spread widely and quickly via email and is thought to have caused losses of more than $80 million in the US. In 1999, it was the fastest spreading computer virus ever seen.
According to
F-Secure, “Melissa works with Microsoft Word 97, Microsoft Word 2000 and Microsoft Outlook 97 or 98 email client. You don't need to have Microsoft Outlook to receive the virus in email, but it will not spread itself further without it. Melissa will not work under Word 95 and will not spread further under Outlook Express. Melissa can infect Windows 95, 98, NT and Macintosh users. If the infected machine does not have Outlook or internet access at all, the virus will continue to spread locally within the user's own documents.” When the virus is activated, it completes a variety of actions. One such action is modifying the email recipient’s documents by adding comments from "The Simpsons" TV show. It may also send confidential information from the victim’s computer to subsequent virus victims. It is estimated that Melissa caused losses of more than $80 million just in the USA.
The best thing you can do is make sure the anti-malware tools you use check for all types of malware, including "old" computer viruses.
Q: I’ve been hearing the term “Operational Technology (OT)" a lot recently. I'd never heard it before 2020. Does the popularity of OT have something to do with COVID-19?
A: OT is hardware and software usually found within Industrial Control Systems (ICS), though not exclusively. A typical ICS would be a supervisory control and data acquisition (SCADA) system. OT is used to manage a variety of processes, such as detecting or initiating a change through monitoring and/or controlling physical devices, processes and events within enterprise networks.
OT has been around for many years, but it is being discussed more often and in more mainstream places, including major news outlets. This is due largely to the ways in which IoT systems and devices (often called "smart devices") are being implemented within enterprise networks.
Q: What is the “Industrial Internet of Things?”
A: The industrial internet of things (IIoT) is related to the OT. It is, quite simply, the implementation of IoT devices within OT networks used to support the functions and activities of the OT. IIoT typically involves a large amount of machine-to-machine interactions. Artificial intelligence (AI), big data analytics and machine learning processes are often used within IIoT systems.
IIoT works to streamline operations, such as by determining where improvements need to be made and then measuring the impact of subsequent changes. It is often used to determine the reliability and accuracy of emerging operations, such as robotics, innovative assembly lines, medical devices and a wide range of industrial devices.
It is important to have strong security built into the IIoT to ensure accuracy of results and to prevent physical, financial, reputational and other harms.
Q: What is “cyber liability insurance”? Do individuals need this? Businesses? Does it cover ransomware?
A: There are many types of cyber liability insurance, often called cyber insurance coverage packages.
Rebecca and guest Judy Selby will discuss the emergence of these products on the September episode of
Data Security & Privacy with the Privacy Professor. Selby is a highly regarded and well-known cyber insurance expert. Give that show a listen. It will definitely be worth your time to hear what Judy advises.
Q: I heard a comedian joke about the internet and “zero trust.” I didn’t get it. Is there such as term as “zero trust," and if so, what does it mean?
A: “Zero trust” is a cybersecurity model designed to protect resources within the digital ecosystem. The model generally makes the assumption that trust of software, hardware and firmware for resources in networks and systems should never be implicitly granted. Instead, trust for components must be continuously assessed.
Zero trust architecture and data security is applied to a range of things, including identity (person and nonperson entities), credentials, access management, operations, endpoints, hosting environments and the interconnecting infrastructure. Resources are restricted to only those identities and other things that need access. Only the minimum necessary privileges are provided to support the associated task.
Zero trust represents a paradigm change. It moves security away from a place of dependency on perimeter defense, in which authenticated entities are given authorized access to a collection of resources after authentication occurs.
Rebecca will be on a panel at the ChannelPro SMB New England Forum on September 2 to discuss zero trust security. See more in the events section below.