Skip to main content
Monthly Archives

January 2020

||||

Internet Explorer Has Massive Security Flaw

By Blog, Patch Management

Internet Explorer Has Massive Security Flaw

Microsoft recently released a security advisory alerting its users of an unpatched code-execution vulnerability in Internet Explorer.

What is the IE Vulnerability?

Microsoft recently released a security advisory alerting its users of an unpatched code-execution vulnerability in Internet Explorer.

The vulnerability (CVE-2020-0674), which is listed as high as critical in severity for Internet Explorer version 11 and moderate in severity for Internet Explorer versions 9 and 10, “exists in the way that the scripting engine handles objects in memory in Internet Explorer”, Microsoft stated in its advisory.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights,” Microsoft went on to explain in the advisory.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

How the IE Vulnerability was Discovered

Microsoft stated they had learned about the vulnerability by Clément Lecigne of Google’s Threat Analysis Group (TAG) and Ella Yu from Qihoo 360, which have apparently seen the weakness being exploited in limited, targeted attacks.

Google’s Threat Analysis Group has previously reported several vulnerabilities to Microsoft, including one in the Windows 7/2008R2 architecture (CVE-2019-0808) as well as another Internet Explorer exploit (CVE-2019-1367).

Managing the IE Vulnerability

Although the vulnerability sounds intense, Microsoft stated it’s not present in the supported versions of Internet Explorer (which uses Jscrip9.dll) and they instead took a firm stance on waiting until next month’s Patch Tuesday to produce remediation.

“Microsoft is aware of this vulnerability and working on a fix,” Microsoft stated at the end of their advisory. “Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.”

For those that require a quick fix, Microsoft detailed a workaround that leverages administrative commands to restrict access to the vulnerable scripting library. It should be noted that the workaround may result in reduced functionality for components or features that rely on jscript.dll.

Security professionals have also advised users to simply stop using Internet Explorer and instead switch to a more reliable and secure solution; however, this may not be easy for all as some existing web-based software still requires outdated version of Internet Explorer. Microsoft has even recently launched its own Chromium-based Edge browser to provide better compatibility to its customers.

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 22, 2020
Love0
||

Pulse Secure VPN Vulnerability Remains Open to Exploitation

By Blog

Pulse Secure VPN Vulnerability Remains Open to Exploitation

Unpatched Pulse Secure VPN servers are a critical target for exploitation and remote code execution, according to the CISA.

CISA Warns of Pulse Secure VPN Vulnerability

An alert from the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) states that unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors.

While Pulse Secure disclosed the vulnerability and provided the appropriate software patches back in April 2019, CISA says it continues to observe wide exploitation of a remote code execution (RCE) vulnerability known as CVE-2019-11510, which can become compromised in an attack.

According to a recent article in Forbes, what prompted this level of CISA interest is the ongoing Travelex foreign currency exchange cyber-attack, thought to have been facilitated by no less than seven VPN servers that were late in being patched against this critical vulnerability.

CISA expects to see “continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes.”

How Pulse Secure VPN is Being Attacked

A report on Health IT Security explains that stolen credentials could be leveraged to connect to the VPN, “giving a hacker the ability to change configuration settings or connect to other devices on the network. In a worst-case scenario, an attacker with an authorized connection could obtain necessary privileges to run secondary exploits designed to access the root shell.”

Health IT Security reported that a spokesperson for Pulse Secure warned that threat actors will continue to take advantage of the vulnerability, which is also found on Palo Alto and Fortinet VPN products.

Their goal, said the report, is to propagate, distribute, and activate the malware variant known as REvil (Sodinokibi) through “interactive prompts of the VPN interface to the users attempting to access resources through unpatched, vulnerable Pulse VPN servers.”

Sodinokibi typically targets IT managed service providers and their clients. Its hackers, noted the Health IT Security report, were behind the massive ransomware attack on CTS, an IT vendor for hundreds of dental providers.

The DHS CISA agrees that researchers expect to see continued exploits of the vulnerability, which is why organizations are being urged to upgrade their VPN servers with the corresponding fixes, noting that there are “no viable workarounds except for applying the patches… and performing required system updates.”

How Syxsense Can Help

“If Pulse Secure were installed on a device that the Syxsense solution is managing,” explained Jon Cassell, Senior Solutions Architect, “it could easily be updated by leveraging software inventory, software distribution to push executables or scripts, remote control, and even custom patches.”

However, from what is known, the vulnerability must be resolved server-side. Fortunately, no client updating needs to take place, which keeps the process simple.

“The main concern,” said Cassell, “is that the industry isn’t aware of the vulnerability and administrators might be taking too long to address it. Leveraging an insecure VPN solution defeats the purpose, so it’s best for any Pulse Secure customers to stop what they’re doing and remediate the vulnerability as soon as possible.”

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 16, 2020
Love0
||

Microsoft’s January 2020 Patch Tuesday Resolves 49 Vulnerabilities

By News, Patch Management, Patch Tuesday

Microsoft’s January 2020 Patch Tuesday Resolves 49 Vulnerabilities

The official Patch Tuesday updates have arrived for January, including 49 vulnerability fixes. Today also marks the official end-of-life for Windows 7.

Exploring the Latest Patch Tuesday Updates

For the first month of the decade, Microsoft released 49 updates.

There are 8 Critical with the remaining 41 marked Important and 2 which we would consider Zero Day / 0-Day. Of the 41 Important updates, 21 are marked as CVSS score High.

End of an Era

Windows 7 and Windows Server 2008 (including R2) has become end-of-life for general release of patches as of today.

In this release, there is a modest number of these, which we highly recommend you install as soon as possible. If you have not already done so, you should be looking at migrating to another operating systems (e.g. Windows 10 for continued support).

Zero Day Patches for Windows Remote Desktop Gateway

CVE-2020-0609 and CVE-2020-0610 have CVSS scores of 9.8. These are urgent because this vulnerability is pre-authentication and requires no user interaction—it impacts Windows Server from 2012 onwards.

There are no counter measures available for this threat, therefore deploying these updates should be your IT Security Managers highest priority.

Urgent Patch Priority

The following patches have only been ranked as Important by Microsoft, however the independent CVSS Score has ranked these between 7.8 and up to 8.1. This would indicate these are important enough to prioritize.

  • CVE-2020-0601
  • CVE-2020-0613
  • CVE-2020-0614
  • CVE-2020-0620
  • CVE-2020-0623
  • CVE-2020-0624
  • CVE-2020-0625
  • CVE-2020-0626
  • CVE-2020-0627
  • CVE-2020-0628
  • CVE-2020-0629
  • CVE-2020-0630
  • CVE-2020-0631
  • CVE-2020-0632
  • CVE-2020-0633
  • CVE-2020-0634
  • CVE-2020-0635
  • CVE-2020-0636
  • CVE-2020-0638
  • CVE-2020-0641
  • CVE-2020-0642

Based on those CVSS scores, these patches rank alongside some of Critical ones ranked by Microsoft.

Robert Brown, Director of Services for Syxsense said, “CVE-2020-0601 relates to CryptoAPI spoofing vulnerability, which has a CVSS score of 8.1. Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations install these critical patches as soon as possible.”

Latest Adobe Updates

Adobe have released only 2 Critical updates for Illustrator CC and Experience Manager today. Both Syxsense and Adobe recommend these Critical updates be deployed within the next 7 days.

January 2020 Patch Tuesday Update

Based on the vendor severity and CVSS score, we have made a few recommendations to prioritize this month. Please pay close attention to any of these which are publicly aware or weaponized.

 

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponised Syxsense Recommended
CVE-2020-0609 Windows RDP Gateway Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2020-0610 Windows RDP Gateway Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2020-0611 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0640 Internet Explorer Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0605 .NET Framework Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0606 .NET Framework Remote Code Execution Injection Vulnerability Critical TBC No No No Yes
CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability Critical TBC No No No Yes
CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability Important 8.1 No No No Yes
CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0624 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0635 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0642 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0644 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0612 Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability Important 7.5 No No No
CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability Important 5.7 No No No
CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0608 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0616 Microsoft Windows Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0617 Hyper-V Denial of Service Vulnerability Important 5.3 No No No
CVE-2020-0621 Windows Security Feature Bypass Vulnerability Important 4.4 No No No
CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability Important TBC No No No
CVE-2020-0647 Microsoft Office Online Spoofing Vulnerability Important TBC No No No
CVE-2020-0650 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0651 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0652 Microsoft Office Memory Corruption Vulnerability Important TBC No No No
CVE-2020-0653 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0654 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important TBC No No No
CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBC No No No

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 14, 2020
Love0
||||

User Scoping and Blackout Windows Highlight New Versions of Syxsense Secure and Manage

By News, Press Release

User Scoping and Blackout Windows Highlight New Versions of Syxsense Secure and Manage

Syxsense Secure and Syxsense Manage have announced an exciting new array of features, including user scoping, blackout windows, and an optimized patch scanner.

New Syxsense Features Announced

Syxsense, a global leader in IT and security management solutions, today announced new features for what was formerly Cloud Management Suite, now called Syxsense Secure and Syxsense Manage.

To the existing feature set, Syxsense has added:

  • User Scoping: Limits individual console users to only those devices their Syxsense User Account is authorized to see and manage (more on this below);
  • Blackout Windows: Provides intelligence about when updates can occur and respecting those sensitive times. Tasks ask devices if their local time zone falls within the blackout hours; if it does, no actions will start until the blackout hours have passed (more on this below);
  • HIPPA, SOX, and PCI Compliance Reports: New Reports that will document security success against compliance agency standards;
  • Optimized Patch Scanner: Performance improvements make Patch Scans run faster on target machines;
  • Security Access: The auto-logout timeframe from the console is now configurable by administrators; there is also an option to email users on every login to the console to detect unauthorized login attempts.

While these and hundreds of other enhancements and bug fixes are part of the new release, the two most importance features are User Scoping and Blackout Windows.

User Scoping

User Scoping limits individual console users to only those devices their Syxsense User Account is authorized to see and manage This ensures that users can manage, secure, and patch only those devices within their scope. Unauthorized users will not be able to act on or see devices not to their assigned scope.

How Scope is Defined

An admin user creates a GROUP in Syxsense. That group can contain queries, devices, sites or other groups and can be based on any inventory attribute.

  • Group membership can be created from specific devices, sites, other groups, or queries.
  • If a query is assigned to a group, that query is reevaluated on a refresh (5 minutes), and the managed devices can change dynamically.
  • If new devices are added to a site assigned to a group, they will be on the same refresh (5 minutes).

How Scope is Assigned

In the User Accounts module for an individual user, a drop down of available groups allows assignment of a single group to that user. Also highlighted are the two new User Account options for enhanced security (see screen shot below).

How a Scope is Filtered in Console

Similar to a query results view, the device grid is filtered by referencing a small background table containing the deviceID results for that query/group.

Actions a Scoped User Cannot Perform

  • Create, edit, or delete alerts.
  • Create, edit, or delete SCHEDULED reports (regular reports work).
  • Create Discovery tasks.

Blackout Windows

Blackout Windows give devices more intelligence about when updates can occur, respecting sensitive times. Tasks ask devices if their local timezone falls with the blackout hours. If it does, no actions start until the blackout hours are over.

Using Blackout Windows in Tasks

To understand when tasks will run, the Task Schedule step to the Wizard now has three choices:

  • Start: Time the task will run, if it is now, in a maintenance window or in the future.
  • Repeat: How often the task will run.
  • Protect: The new settings for Blackout Hours when devices are protected from change.

Take note of the illustrated timeline (see screen shot, below) that shows when the task will run, including blackout times.

Where Blackout Windows are Defined

Blackout windows can be defined at global level for all devices, on a task (overrides global), and on an individual device (overrides task).

  • Global Blackout: Set in Settings: Communications (Timers), Blackout hours. This sets general work hours for all devices across the globe during these hours. No devices will run tasks unless overwritten by a higher level of blackout window (Device or Task level).
  • Task Level Blackout: Set in the Task Create Wizard: Task Schedule Step, Protect dropdown. NOTE: Tasks have the option “No Protected Hours.” This disables all Blackout windows (even device) and allows you to deploy software or patches in an emergency.
  • Device Level Blackout: Set on the device: Choose the device, Overview, Tools (Device Config). Device level settings are for highly sensitive devices, such as servers or the CEOs computer

About Syxsense

Syxsense is the leading provider of innovative, intuitive technology that sees all and knows everything about every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen. The Syxsense Endpoint Security Cloud always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 14, 2020
Love0
||

Urgent Firefox Patch Issued for Zero-Day Under Active Attack

By Patch Management

Urgent Firefox Patch Issued for Zero-Day Under Active Attack

Mozilla is rushing out an urgent Firefox update for a new version of the browser to fix a critical zero-day flaw that is being actively exploited in the wild.

New Firefox Vulnerability Exploited in the Wild

This week Mozilla released Firefox v72.0.1, a new version of the web browser that resolves a vulnerability that has been actively exploited in the wild.

Mozilla stated in a security bulletin on Wednesday that it was “aware of targeted attacks in the wild that were abusing the flaw. A successful attack could make it possible for attackers who successfully exploit it to abuse affected systems,” according to Mozilla.

The recent disclosure came just one day after Mozilla released its latest Firefox 72 browser on Tuesday. The recent release introduced new privacy features along with patching 5 high-severity bugs. The latest release for Firefox ESR (Extended Support Release), designed for easy and large-scale deployments, is version 68.4.1 and also included a number of fixes.

How the Firefox Vulnerability Can Affect You

The critical vulnerability (CVE-2019-17026) impacts IonMonkey, which is a JavaScript JIT (Just-in-Time) compiler for SpiderMonkey, the main component at Firefox’s core that handles JavaScript operations (Firefox’s JavaScript engine).

The vulnerability is a type confusion vulnerability: a specific bug that can lead to out-of-bounds memory access and can lead to code execution or component crashes that an attacker can easily exploit. The attack can be leveraged by luring a Firefox user with an outdated browser to other web pages with malicious code.

“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” Firefox developers stated in a security advisory on Wednesday.

More Bugs in the New Mozilla Release

The major release earlier in the week also tackled a number of bugs. One of the flaws (CVE-2019-17015) is described as “memory corruption in parent process during new content process initialization on Windows.” Others include CVE-2019-17017 for a type confusion vulnerability and CVE-2019-17025 for a “memory-safety bug”.

The new 72 release also entails more cross-site tracking protections instead of dealing with notification request popups, floating video windows, and a control to request that Mozilla deletes the telemetry data collected. “Mozilla decided to hide these notifications after finding 97% of users dismissed them,” reported ZDNet. “Instead of intrusive popups, notification requests will appear as a ‘speech bubble’ in the address bar.”

Firefox 72 relies on a blacklist of companies known to conduct browser fingerprinting and that list is managed by Disconnect.

“Firefox 72 protects users against fingerprinting by blocking all third-party requests to companies that are known to participate in fingerprinting,” explained Mozilla privacy engineer Steven Englehardt. “This prevents those parties from being able to inspect properties of a user’s device using JavaScript. It also prevents them from receiving information that is revealed through network requests, such as the user’s IP address or the user agent header.”

The new version also includes a control to allow users to request Mozilla delete telemetry data as part of its efforts to comply with the California Consumer Privacy Act (CCPA). Mozilla is yet to explain where that control is located in the browser settings, but plans on enabling the feature globally.

Protect Your Environment from Future Zero-Day Vulnerabilities

Syxsense Manage and Syxsense Secure can easily resolve vulnerabilities across your entire environment. Find peace of mind by trusting your Syxsense and set up a free trial today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 9, 2020
Love0
||

Why Government Cybersecurity Matters More than Ever

By Patch Management

Why Government Cybersecurity Matters More than Ever

With the broad range of modern cyberattacks, it's more important than ever for government agencies to solidify their endpoint security and patch management strategies.

Cyber Threats are Rapidly Increasing

There is no segment of the private or public sector that can consider itself immune to cybersecurity risks, and the latter may be more vulnerable than the former. The World Economic Forum considers large-scale data breaches and cyberattacks two of the top five risks facing modern society, characterizing them as more likely — and more dangerous — than oil spills, water crises and various other man-made disasters.

With the broad range and high level of havoc modern cyberattacks are capable of wreaking, it’s more important now than ever for government agencies, particularly those at the state, county and municipal level, to solidify their endpoint security and patch management measures now. Agile and comprehensive cybersecurity solutions from Syxsense can foster the secure environment you need.

Gravity of the Situation

Consider just how vulnerable so many government departments really are. NextGov noted that proliferation of conspicuously insecure open-source software components throughout many agencies at the federal level has been widespread. In fact, many agencies probably don’t have a full and accurate inventory of every application they run.

Although it’s hardly out of the question to suggest that some states and cities might actually be better-protected from cyberthreats than the average federal agency, it also stands to reason that the majority of smaller governments are equipped as poorly — or worse — than the feds.

A Security.org assessment of FBI cyberattack records and other related data for the past several years identified the 10 most vulnerable states for maliciously executed data breaches and other cyberattacks: Hawaii, Pennsylvania, Nevada, Florida, Wisconsin, Arizona, New Jersey, Alaska, Colorado and Tennessee. All of these state governments (with a few exceptions) spend relatively little on cybersecurity and have notably vulnerable election procedures.

Aside from perhaps the biggest cities, it’s reasonable to surmise that if numerous states are extremely at risk for cyberthreats, most county and municipal governments likely are as well.

Key Threats to Monitor

Certain risks should be at the top of government officials’ list of threats to look out for (and enact comprehensive protective measures against):

  • Ransomware: According to the National Law Review, ransomware attackers relish every opportunity to cause trouble for state and local governments. In one major example, 23 separate towns in Texas were stricken with ransomware. Other states hit in recent years include Maryland, Georgia, Louisiana, Indiana and Florida.
  • Phishing: Think this type of cyberattack has fallen out of favor? Think again. BuiltIn pointed out that malicious actors have brought phishing back – and are using it as a phone- and SMS-based attack vector as well as deploying its traditional fraudulent-email format.
  • Third-party vulnerabilities: It’s impossible to deny that the cloud and the internet of things have been anything less than revolutionary in many ways. At the same time, the openness and interconnectedness they foster leads to equally undeniable security risks if considerable precautions are not taken by all organizations using such platforms.
  • Internal breaches/sabotage: More than 50% of respondents to a survey by Crowd Research Partners said they’d experienced at least one breach for which an employee was to blame. Whether by malice or negligence, it’s equally devastating when your own people bring cyberthreats upon you, and there’s no reason to think governments are any less at risk for this than private-sector organizations.
  • Election interference: Considerable evidence suggests that foreign governments aim to disrupt American elections to advance their own interests. Is it worth taking the chance that such agents will continue as low-key, psyops-style incursions and not become more overt malware attacks? This issue must be a priority for American governments at all levels.

Addressing and Managing Risk

Regardless of whether your agency has borne the brunt of a cyberattack or not, the specter of such an incident is too big a threat to ignore.

Running thorough risk analysis and penetration testing is a good place to start. From there you can begin patching any flaws you find.

Establish appropriate countermeasures including encryption, multi-factor authentication and application whitelisting/blacklisting, train staff regarding warning signs they should be vigilant for and establish an incident response plan that includes worst-case contingencies: cyberattack insurance, indemnification clauses with third-party vendors, data backups and business continuity.

Manage and Secure Your Environment

Platforms from Syxsense allow you to appropriately cover all of your endpoint security bases, whether you run Windows, Mac or Linux:

  • Syxsense Manage provides your government department with unparalleled visibility into every directly connected and IoT endpoint. Patches are automatically applied as needed throughout the entire IT infrastructure. Reporting, device inventory, end user access and endpoint security onboarding and training for new employees are all a breeze.
  • Syxsense Secure offers all of those functions and more at a greater scale that is ideal for larger institutions.
  • Both programs are also available alongside comprehensive managed services plans that provide agencies with ongoing oversight from Syxsense, meticulously designed solutions for specific needs, direct patching, vulnerability testing and numerous other services from our expert team.

Find peace of mind for your government offices today by trusting your Syxsense. Contact us to learn more or set up a free trial.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 7, 2020
Love0