Sniper Watch and the Cybersecurity & Infrastructure Security Agency (CISA) warns businesses of all sizes to be mindful of risky behaviors that leave networks exposed to cyberattacks – and should be addressed immediately!
Summary:
- Unsupported Software & Applications
- Single-Factor Authentication – Credential Theft
- End of Life | End of Support Software
Using unsupported software, allowing the use of default usernames and passwords, using single-factor authentication for remote or administrative access to systems and neglecting security patch updates to system are all dangerous behaviors when it comes to cybersecurity and should be avoided by all organizations – but particularly those supporting critical infrastructure.
Unsupported Software & Applications
Many businesses have zero visibility into how their workforce is collaborating as we continue to work through this pandemic remotely. This means, users taking it upon themselves to share sensitive, critical, and proprietary data amongst their peers through different cloud-based applications.
Unapproved application usage, or shadow IT, used by the organization’s workforce lead to unmanaged and vulnerable attacks to files and computer systems.
Fixed or default passwords is, and has always been considered risky and dangerous. Default or simple passwords are good for cyber criminals because there’s a much higher chance of them being able to simply guess passwords to compromise accounts.
Sniper Watch warns against the use of passwords that are known to have been breached previously, as that means they also provide cyber criminals with a simple means of gaining access to networks. Stolen credentials are one of the most common and most widely used forms of breach. There is a deep ocean of sold credentials out there on the dark web for millions of organization both large and small. There’s a list being sold daily of breached accounts and passwords that get re-used for personal banking and workstation logins.
Single-Factor vs. Multi-Factor Authentication
Use of single-factor authentication – where users only need to enter a username and password – is the latest risky and most dangerous behaviors at present. This type of system management can put critical infrastructure at extra risk of falling victim to cyberattacks.
Using multi-factor authentication can help disrupt over 99% of cyberattacks. For critical infrastructure, it’s therefore particularly important to have it applied in order to help prevent cyber criminals from tampering with cyber-physical systems.
End of Life or End of Support Software
End of Life or End of Support software means that the manufacturer of that equipment or software is no longer writing patch security updates for that product. Cyber criminals could exploit newly discovered security vulnerabilities that emerge because old software often doesn’t receive security patches.
“The presence of these bad practices in organizations that support critical infrastructure…is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public,” CISA said.
Sniper Watch and CISA continue to express these highly dangerous bad practices as advice for organizations involved in running or supporting critical infrastructure – but it’s also useful advice for businesses because avoiding the use of single-factor authentication, default passwords and unsupported software will also help protect them from falling victim to cyberattacks.
As we head into this long Labor Day holiday weekend, we encourage everyone to maintain high alert and awareness to imminent cybersecurity events.
To recap, here are the latest MAJOR cybersecurity breaches over the past (3) months:
- May 7, 2021: Colonial Pipeline
- May 30, 2021: JBS USA
- July 2, 2021: Kaseya
- September XX, 2021: TBD?
Have a happy and safe holiday weekend. God Bless America… and God Bless our Military, Police Officers, and Front-line Workers who keep us safe each and every day!
– Sniper Watch