Trickbot Disruption - Week 42 - SMB vCISO Security Notes

Trickbot Disruption – Week 42 – SMB vCISO Security Notes

Russell Harris

From the Cloudz Biz security and productivity desk, the vCISO Security Notes for week 42 of 2020, we focus on Trickbot Disruption, Patch Tuesday, Barnes & Noble cybersecurity event, and Cybersecurity Awareness Training.

These weekly updates provide small business owners a high level update on cybersecurity issues and productivity opportunities in the market place today.  We hope this brings more awareness to the risks and threats that potentially could effect your business.  By being more aware, your company will increase security, enhance productivity and boost the bottom-line.

vCISO Security Notes

This week for the vCISO Security Notes, we discuss Trickbot Disruption, Patch Tuesday, Barnes & Noble Cybersecurity event, and Cybersecurity Awareness Training.

Trickbot Disruption

Microsoft led a team against the Trickbot botnet which starts out as malware to deploy ransomware.  They disrupted the operation, however, don’t kid yourself.  The bad actors will be trying to come back.  So yes, great job on the Trickbot disruption but as a small business owner don’t feel like the threats are gone.

Patch Tuesday

These vulnerabilities caught our eye this month.

Adobe Flash Player (CVE-2020-9746) – in the event you are still using this.  ADV200012 resolves vulnerabilities on all Microsoft Windows OS platforms.  One thing to keep in mind Adobe Flash Player will go out of support on December 31, 2020.  If you are a small business utilizing this technology, please start looking for alternatives if you haven’t already.

Windows Hyper-V Remote Code Execution (RCE) Vulnerability – Remote code execution (CVE-2020-16891) vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.  An attacker could run an application or code on the guest operating system.

Windows TCP/IP Vulnerability (CVE-2020-16898 & 16899) – The denial of service and RCE vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets.  The vulnerability is not routable over the internet, only on a local subnet.

Windows Camera Pack RCE Vulnerability (CVE-2020-16967 & 16968) – Another remote code vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory.

Microsoft Outlook RCE Vulnerability (CVE-2020-16947) – Microsoft Outlook software fails to properly handle objects in memory.  If an attacker successfully exploits an administrative user, they can execute code to take over the system.

Again, a few of the critical vulnerabilities that caught our eye this month.  The bottom-line make sure all your Microsoft system updates get applied then you will sleep better knowing you are protected.

Barnes & Noble Cybersecurity Event

This last week, Barnes & Noble Nook service was compromised.  So far no official announcement found on their website.  Many posts exist on this event that might have been malware and ransomware event.  Per this blog post at Tripwire, Pulse Secure VPN service wasn’t updated and contained a vulnerability (CVE-2019-11510).

Cybersecurity Awareness Training

October is cybersecurity awareness month, so make sure your employees understand security risks.  The predominant attack begins with phishing via an employee.  If a bad actor can get an employee to give up their account information, they can do a lot of harm once inside the network.  Teach your employees what phishing attacks look like and other security related topics associated with your business.

Small Business listen up.  The most effective training is from within.  Training created and communicated in a fun way throughout your small business by your leadership.  First of all, it shows leadership takes this seriously.  Secondly, make this mandatory to watch the video and gamify it.  If you are using Microsoft 365, a flow can be created to document who watched and who hasn’t.

Cloudz Biz Final Notes

That is all the vCISO security notes this week.  Really assess your business overall before choosing and implementing technology solutions.  Few tips and thoughts to help against trickbot disruption against your small business:

  • First know your assets – understand what really needs to be protected and how valuable it is within your business
  • Second, understand your business processes – why they exist
  • Third, awareness training can be done without costing a fortune and it will save your company money in the long run

If you want to add anything to these vCISO Security Notes or the Trickbot disruption please leave a comment below.  Look forward to hearing from you.

Click the link below to see how Cloudz Biz will help your small business review your environment for vulnerabilities.

Vulnerability Assessment