05 June 2019
BlueKeep Vulnerability - Patch, Don’t Delay.
There is increasing concern that many organisations still have not applied a patch that fixes a vulnerability in the Remote Desktop Protocol (RDP). The vulnerability known as BlueKeep, or more formally called CVE-2019-0708, can be applied to any internet facing systems running Windows XP or Windows 7, and Windows server versions 2003 and 2008. A hacker can exploit these systems if they are unpatched, by executing malicious code and installing malware without the need for any user authentication. As the vulnerability is “wormable” Microsoft have expressed concern that the impact of BlueKeep could be as serious as the WannaCry malware outbreak 2 years ago.
We strongly recommend you act to apply the necessary patches.
To obtain further information:
Australian Cyber Security Centre
Office 365 Account Compromises on the Increase
Have you had an Office 365 (O365) account compromise yet? – it is more common in the ANZ region than you might think. The approaches being applied are - using a Brute force attack to guess a password(s), or sending a Spear phishing email with the objective of harvesting user credentials.
Once an O365 account is compromised an attacker can then access any documents in applications such as SharePoint (where enabled), and an intruder also has a staging point to carry out further compromise activity within the environment.
Some of the ways in which a compromised O365 account can then be used to adversely impact an organisation and its users are -
- The intruder impersonates the compromised account owner in an effort to gain access to information and endeavours to set things in place to steal money.
- Sensitive commercial information is stolen and possibly leaked or sold causing reputational damage.
- The intruder uses the account to generate spear phishing emails in an effort to capture the credentials of other users in the organisation, their customers or suppliers.
- Forwarding rules for email are applied so that the compromised account covertly forwards copies of incoming email to the intruders’ email account.
The level of compromise activity has seen the US Government issue warnings recently. If not already in place, then it is highly recommended that your organisation implements a Multi Factor Authentication (MFA) solution.
Read the informative US Cert report on Office 365 security.
MFA Fundamental
Cloud computing has added further complexity to maintaining a secure computing environment, however fundamentally multi factor authentication is a straightforward approach to improving security by adding an extra layer of protection over the top of your user name and password. With authentication enabled, a user when signing in to something such as a web application will be prompted for their user name and password - classed as the first factor or “something they know” and thereafter must provide the second factor or “something they have” - a pin code generated by an authenticator which comes in a range of form factors.
Kaon Security does not sell MFA solutions. Our Consultants however, have over several years provided a range of different entities with advice and assistance around deploying this security control. Contact us if you would like to set up a discussion to determine the most appropriate MFA options to suit your business requirements.