The data breach was the result of unauthorized access to Cathay Pacific’s servers that dated back to October of 2018.  In a statement on the breach, Cathay Pacific stated that it would like to “sincerely apologize for this incident”.

The UK’s Information Commissioner’s Office discovered that the  data breach had resulted in the records between October 2014 and May 2018 to be leaked.

This incident illustrates the importance of applying security patches to protect organization server. Cathay stated that it suspects the data breach occurred due to a known security vulnerability being exploited by cyberattackers. In its investigation, the UK Information Commissioner discovered that the company did not apply the security update fixing the patch, which was released over a decade prior to the attack. The vulnerability, which was not publically named, was in fact discovered in February 2007. It is known that attackers exploiting this vulnerability does not need technical skills and is able to get administrative access to a victim’s computer. Cathay pacific admitted that its regular vulnerability scans, which are used to detect potential security flaws in the company’s network, was not able to detect the vulnerability for over 10 years. It was discovered that one of the systems that was compromised had 16 security updates that were pending.

Another reason that the Cathay Pacific data breach occurred was that one if its servers was running an operating system that was no longer supported by its developer. Operating systems (O.S.), like many other software, requires constant updates to repair new security vulnerabilities that are discovered. After an operating system becomes end-of-life, however, the developer no longer releases software updates for it, leaving computers still running the operating system vulnerable to cyberattack. The most recent instance of this occurring is the Windows 7 End of life, which occurred on January 14^th of 2020. You can read more about operating system patches in our article here.

It is clear from the Cathay Pacific data breach that proper patch management is an important facet of keeping your organization’s IT safe from cyberattack. GIGE IT solutions’ network experts help you organization identify vulnerabilities in your organizations’ network. We audit and provide consultation and remediation strategies to help you stay protected from data leaks and cyberattacks.

The post Lessons Learned From The Cathay Pacific Data Breach appeared first on GIGE IT Solutions: IT Services Mississauga.

The ransomware malware strain, called “Clop ransomware”, encrypted 267 of the university’s Windows servers, including backups. The University’s full infrastructure consists of 1647 servers running either Linux or Windows, and 7307 workstations. The university reported that it has several network security measures in place including firewalls, antivirus, and spam filters, but that the ransomware was able to bypass these measures through two phishing emails on October 15^th and 16^th 2019.

The university stated that despite the IT department constantly receiving alerts on security threats, there is still a need for more education on avoiding phishing techniques to help alleviate the constant pressure of cyberattack. For tips on how to detect phishing emails, read our article on the topic here.

Nick Bos, VP of Maastricht university, discussed the decision to pay the ransom to the attackers. He stated that while the University does not ethically stand by the act of succumbing to ransomware extortion, it ultimately made the decision to pay the ransom due minimize the damage that the attack would have on its students’ education, staff, and researchers.

What can we learn from this attack?

1. Phishing attacks are as prevalent as ever, and can lead to significant financial damage to an organization. Any organization’s firewall is only as strong as its weakest link. As shown in the Clop Ransomware attack, even a network that is protected by antivirus and spam filter software can be penetrated if a malicious link is accidentally clicked on by an employee. Therefore, employee education on common phishing methods and signs to look out for should still be a top priority for your organization’s cybersecurity strategy.
2. Following the attack, Maastricht University employed Fox-IT to conduct an independent investigation on the incident. In their audit, Fox-IT discovered that the malware was able to leverage a server that was missing critical patches that fixed known vulnerabilities. Exploiting this single security hole allowed the attackers to spread the malware to 267 Windows servers. This highlights the importance of keeping your organization’s server OS up-to-date.

GIGE IT Solutions can keep your organization protected from ransomware. We manage all your servers and workstations to ensure that they are always up-to-date and protected from malware such as ransomware. Call us at +1 888 366 4443 or email us at info@gige.ca to get started.

The post Maastricht University Hit By Clop Ransomware, Pays $220 000 USD for Decryption appeared first on GIGE IT Solutions: IT Services Mississauga.

BACK

Operating System (OS)

The most fundamental computer software that allows for its basic operations, and bridges people to components with a user interface

OS Updates

Software patches that repair security flaws and bugs for operating systems.

Patch Support

Patches are software used to update programs and operating systems, improving stability and fixing security flaws

Server Rack Setup

The physical setup of server systems on their shelves

Virtualization of Physical Servers

The division of a single physical server into multiple individual environments

Why do companies need to update their servers?

Operating systems like Windows 10 and MacOS are, like any other software, vulnerable to cyberattack. Cyberattackers are constantly discovering new vulnerabilities that can be exploited. To counter this, once a new exploit has been discovered, software developers work to repair them with updates to the software’s code. These updates can only be rolled out to end users through security patches. Therefore, neglecting these updates will leave your organization’s computers vulnerable to cyberattack.

While it seems, on paper, that keeping your organization’s servers and computers up to date is a simple task, in reality it is actually tedious and time consuming. Not only do you need to constantly monitor and stay on top of cybersecurity news to be informed about current threats and new patches, but it is common for software incompatibility or failed installations to plague the patching process. Patch management needs to be diligently managed to ensure that patches are always applied in a timely manner.

OS updates are essential to your company’s cybersecurity. don’t leave yourself vulnerable. GIGE’s cybersecurity experts can audit and identify out-of-date software in your company’s servers, and help you rectify its vulnerabilities.

Call us at +1 888 366 4443 or email us at info@gige.ca to get started with our network experts today.

The post Server OS Update Key Terms appeared first on GIGE IT Solutions: IT Services Mississauga.