Cybersecurity Monthly Newsletter January 2024

In this issue:

• 2024: Perform a Cybersecurity Audit

• Cybersecurity Shorts

• Software Updates

Welcome to your January Savvy Cybersecurity newsletter. Read on to learn more about:

• AI tools being used by US spies
• The importance of two-factor authentication on social media accounts
• And more

2024: Perform a Cybersecurity Audit

The beginning of the year is a great time to make sure your cybersecurity is in check. While you may have already taken the actions laid out in the Savvy Cybersecurity program, it is good to review certain aspects of your cybersecurity every year to ensure your security.

Check Your Passwords

Strong passwords are an important line of defense against hackers. Take some time to review all your key passwords for email, banking, social media, and other important accounts. Make sure they are long and complex with a mix of letters, numbers and symbols. Avoid easy-to-guess passwords based on names or birthdays. We recommend using a password manager to store unique passwords for each account. You should also enable two-factor authentication where available for an extra layer of security.

Update Your Software

Maintaining current software and operating systems is critical for strong cybersecurity. Set your devices and applications to automatically install major updates. These often contain vital security patches to fix newly discovered vulnerabilities. Check that your computers, phones, apps and internet-connected devices are running the latest versions. If you have older devices that are past their support lifecycle, it’s safest to retire them. Outdated software is prone to unpatched flaws that criminals can exploit.

Check Your Credit Report

Get a free copy of your report annually from the major credit bureaus (Experian, Equifax, and TransUnion) and check for any suspicious activity. Look for accounts you don’t recognize, address changes you didn’t authorize, or credit checks from companies you haven’t applied to. Dispute any errors you find and report anything suspicious to the credit bureau and authorities. If you have not already, freeze your credit report at the three major bureaus. Freezing your credit will make it more difficult for a thief to open a new credit in your name.

Making cybersecurity a regular habit is the best way to protect yourself online. Start with these simple audits of your passwords, software and credit reports. Being proactive about security makes you a harder target for online criminals.

Cybersecurity shorts

CISA and FBI partner to warn operators of Chinese-manufactured drones. In a new guidance that was issued, CISA and the FBI warned that Beijing could use drones to obtain sensitive information from critical infrastructure sites. This guidance is meant to assist critical infrastructure owners and operators to reduce risk from those drones and encourages buying from US companies. You can read more about the warning and new guidance here.

Social media platform, X, accuses SEC of failing to use two-factor authentication. The social media platform X, formally known as Twitter, has accused the SEC of failing to implement strong security features after the agency’s account on the platform was hijacked and used to announce false claims. The social media platform announced that the breach was not a compromise to its systems but due to an unidentifiable individual and that the SEC had failed to enable two-factor authentication for its account on X.

Russian hackers gain access to top Microsoft officials. Hackers who are working on behalf of Russia’s foreign intelligence service have successfully penetrated a limited number of Microsoft corporate email accounts which has led to them stealing some emails and attached documents. Microsoft detected the attack from a hacking unit tied to Russia’s External Intelligence Service (SVR) on January 12^th. These attackers used a password spray attack – a process where multiple usernames are tried against a constant password for a given account – to compromise accounts. Upon further investigation, the company suggested that the attackers were “initially” targeting email accounts for information related to themselves.

Professionals are now unsure of whether or not Sandworm was behind Danish cyberattack. In November 2023, SektorCERT, a Danish nonprofit cybersecurity center for critical infrastructure, warned the public of a series of cyberattacks against energy companies that they described as “the most extensive cyber-related attack we have experienced in Denmark to date.” Around 22 companies were impacted by two campaigns; one in May of 2023 that exploited a vulnerability in a Zyxel firewall and was linked to Sandworm; and another campaign weeks later that used infrastructure associated with the Marai botnet. You can read more about these attacks here.

Artificial intelligence tools are helping US spies catch Chinese hacking ops. Artificial Intelligence and other machine learning technologies are helping the National Security Agency and other US government agencies detect malicious Chinese cyber activity, a US official explained when speaking in remarks that indicate how US security agencies are using technology to improve their computer defenses. Recent Chinese operations have not relied on traditional or known malware that might be easily flagged. Instead, the hackers have been taking advantage of architecture implementation flaws or misconfigurations, or default passwords to get into networks. Here, you can read more about how AI/ML tools are helping assist security issues.

Software updates

Adobe: Adobe released an update for six vulnerabilities in the Adobe Substance 3D Stager. You can learn more here.

Microsoft: Nearly 50 security vulnerabilities were closed in this month’s Microsoft update. Two of the flaws are labeled as critical. Your devices should prompt you to update automatically. You can learn more here.

SERVICES WE OFFER RELATED TO THIS TOPIC

The information contained in this post is for general use and educational purposes only.  However, we do offer specific services to our clients to help them implement the strategies mentioned above.  For specific information and to determine if these services may be a good fit for you, please select any of the services listed below.