Cybersecurity Threat Report for May 18th, 2020

Cyber Threat Report for May 18th, 2020

U.S. Center for Internet Security Alert Level

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.

Center for Internet Security (CIS) Alert Level Guarded
Current US Center for Internet Security Alert Level

From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

The New Normal: Teleworking

Briefing

Most individuals who can do so are working from home or telecommute. Amidst the COVID19 Pandemic this has become the new norm.  With the shifting of the work force to remote access comes increased security concerns. The NIST reports some statistics prior to the COVID19 outbreak.

  1. More than 26 million Americans work remotely;
  2. 43% of Americans work from home at least occasionally;
  3. 82% of American workers want to work from home at least 1 day per week;
  4. 8 million Americans worked completely from home in 2017;
  5. 42% of Americans with an advanced degree perform some work from home;
  6. 57% of American workers want to work from home at least 3 days per week;
  7. There has been a 115% increase in the remote workforce between 2005 and 2015;

NIST Teleworking Recommendations

  • Avoid using Wi-Fi;
  • If you use Wi-Fi at home, use “WPA2” or the new and more secure “WPA3”.  If you are not running WPA3 talk to a cybersecurity engineer about implementing the new and more secure technology.
  • Make sure your password is hard to guess; Use at least 4 – 5 phonetic segments.
  • Small business owners should consider using their own VPN;
  • If you are using your own computer or mobile device (something not issued by your organization) for telework, make sure you’ve enabled basic security features.
    • Enable the password or PIN
    • Enable Fingerprint scanning
    • Enable the facial ID feature
  • Keep your computers and mobile devices patched and updated.
  • If you are seeing unusual or suspicious activity on any device you are using to telework (computer, mobile device, or home network) contact your Cybersecurity team or hire a Cybersecurity company to assist.
  • Use multi-factor authentication when possible.
  • Ensure that your Written Information Security Programs have a telework policy.

NIST Conference Call Recommendations

  • Limit the reuse of access codes;
  • Use one-time PINs or meeting identifier codes;
  • Consider using multi-factor authentication;
  • Use a “green room” “or waiting room” and don’t allow the meeting to begin until the host joins;
  • Enable notifications when attendees join;
  • Use a dashboard to monitor attendees and be sure to identify each attendee;
  • Do not record the meeting unless it is necessary;
  • If it is a web meeting with video:
    • Disable features you do not need including chat, file sharing, or screen sharing;
    • Consider using a PIN to prevent someone from crashing the meeting;
    • Limit who can share their screen to avoid any unwanted or unexpected images.

Sources

From the National Institute of Standards and Technology (NIST)

From the Cybersecurity and Infrastructure Agency (CISA)

From the Federal Communications Commission (FCC)

5G Rollout in the U.S.

Briefing

As is being reported by Sacha Segan of PCMag, “US Mobile carriers continue to roll out 5G.” It’s been said that 5G speeds will range anywhere from 50 Mbps to over 2 Gbps. AT&T was able to reach 1.8 Gbps in the lab using their high-band frequency.  It appears that T-Mobile is the actual front runner as they continue to deploy their 5G service across the U.S.  They claim to have coverage that spans more than 200 million people.  T-Mobile is averaging downstream speeds of approximately 80 Mbps. 

AT&T is a close second with coverage that spans approximately 120 million people.  Their average downstream speed is a bit higher than T-Mobiles at 145 Mbps.

These deployments appear to be in the low-band and mid-band range.

Verizon is averaging a downstream data rate of over 800 Mbps.  Coverage, though, is lacking.  Verizon’s deployment is a high-band millimeter wave deployment.  Radio coverage stretches about 800 feet from a cell site and does not penetrate walls.  Sacha is estimating that Verizon has deployed their 5G service to about 10 million people.  At present, Verizon has the performance but doesn’t have the coverage.

Sprint’s mid-band speeds are reaching approximately 200 Mbps.  The sweet spot looks to be in the mid-band range for both coverage and speed.

Sacha also claims that 5G prices are coming down.  Verizon is the only one who has announced what is the availability of 5G to the home.  Albeit sparse and covering only five cities.  5G phones, however, are readily available and are being scoffed up by those who are upgrading or purchasing new phones.  The Samsung Galaxy S20+ is the only 5G phone that operates on all carriers frequencies.

The merger between T-mobile and Sprint has been finalized.  The U.S. is now a three carrier country.  The combined coverage of T-mobile and Sprint is compelling.  Sacha points out that T-mobiles 5G network maintains speeds that are slower than that of the three major Canadian carriers 4G service.

Latency continues to be an issue for 5G service and it’s been reported that the “ait latency” is adding between 8 and 12 ms.  5G is said to have applications in IoT, enterprise networking, and critical communications.  We feel the latency issue needs to be resolved first and before looking that far ahead.

In the U.S. Atlanta, Dallas, Houston, Los Angeles, New York, Newark, and Washington D.C each have coverage by all four telco’s.

Globally more than 35 countries are deploying or experimenting with 5G service.

On the cybersecurity front some researches have security concerns suggesting that it broadens the attack surface because it moves larger amounts of data in a shorter amount of time.  Some U.S.  security companies are suggesting that the mixed security deployment open the technology up for DDoS attacks.  They’ve also cited cryptojacking and other cyber-attacks

Sources

Wi-Fi WPA3

Briefing

More than two years ago, The Wi-Fi Alliance announced WPA3, the Wi-Fi security standard that is to replace WPA2. WPA3 has increased the difficulty to hack your Wi-Fi network.  WPA is an acronym for Wi-Fi Protected Access.  It is a protocol used between a Wireless client and a Wireless Access Point that encrypts your data communications. WPA2 uses secure AES encryption. This obfuscates the traffic and prevents anyone from seeing it in clear text. Much like WPA2, WPA3 is a certification that manufacturers must apply for.

There are several new features to WPA3.

  • Encryption by default on “open” networks.
  • A new passphrase handshake protects against brute-force attacks.
  • Better interoperability with IoT devices.  This is called Wi-Fi Easy Connect and uses QR codes.
  • An option for stronger 192-bit encryption aligned with the Commercial National Security Algorithm (CNSA).  This is the Enterprise version of WPA3.
  • Improved interoperability with centralized authentication services.
  • Security safeguards with misconfigured devices.
  • Supports and implements forward secrecy.

Sources

FCC Cybersecurity Guidance for Small Businesses

Briefing

  1. Train employees in security principles;
  2. Protect information, computers, and networks from cyber attacks;
  3. Provide firewall security for your Internet connection;
  4. Create a mobile device action plan;
  5. Make encrypted backup copies of important business data and information
  6. either offsite or in the cloud;
  7. Control physical access to your computers and create user accounts for each employee;
  8. Secure your Wi-Fi networks;
  9. Employ best practices on payment cards;
  10. Limit employee access to data and information, and limit authority to install software;
  11. Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication.

Hits: 171

Related Articles

Secure Data Wiping & Destruction

Data wiping is an important part of business operations and any information security program. For those that have a Written Information Security Program (WISP) it likely includes the procedures and processes for data wiping and scrubbing of files, directories, and physical storage devices.

Cybersecurity Threat Report for May 14th, 2020

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity. There are 4 other levels. There’s Low, Elevated, High, and Severe.  From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”

Responses

Your email address will not be published. Required fields are marked *

  • Sign Up
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.