Canadian Centre for Cyber Security reports that Canadian Companies Attacked Using Unpatched Devices
The Canadian Centre for Cyber Security has reported that several Canadian companies’ networks have recently been compromised due to inadequate security and unpatched devices. They state that in both cases, the network was compromised as a result of insecure 2 factor authentication policies, or servers that were running software with known vulnerabilities.
According to the Canadian Centre, these cyberattackers were able to gain access to the company network due to the fact that they were not properly secured with 2 Factor Authentication (2FA). This is a layer of extra security which requires unfamiliar logins to provide an additional identity verification method – often a code sent to a phone or email address. When active, 2FA would prevent an unauthorized individual from accessing your account with just a password. Furthermore, 2FA prevents a cyberattack method called brute force attacks, which attempts to gain access to your account by guessing all possible password combinations systematically. Incidentally, brute force attacks target commonly used password such as “123456” to reduce the time needed to hack accounts.
According to the Microsoft Defender ATP Research Team, cyberattackers often target Remote Desktop Protocol (RDP) connections that have not been secured with 2FA. This is because hijacking an RDP connection provides a direct connection for an attacker into a company’s network. After infiltration, attackers can continue their attack with malicious activities such as cryptojacking or launching ransomware attacks.
Unpatched Devices are Major Security Vulnerabilities
Another major factor in recent cyberattacks is unpatched devices. In September of 2019, Canadian companies were urged to update their VPN products by the Canadian Centre for Cybersecurity. Several vulnerabilities in products including Palo Alto GlobalProtect, Pulse Secure, and Fortigate were discovered. Due to the nature of VPN devices being points of connection into a network, they are the first line of defense, as well as primary target, for cyberattacks. Therefore, it is imperative that they are kept up-to-date and protected.
In a similar vein, the UK National Cyber Security Centre and US Cybersecurity and Infrastructure Security Agency issued a statement urging for companies to stop using legacy QNAP backups due to threats against their old code bases. “Legacy” refers to outdated systems that no longer received security updates from developers.
The QSNATCH malware targets vulnerable NAS devices that have not been patched with the latest security software. Network Attached Storage drives (NAS) are hard drives for storing data that are connected to the internet. Due to this, they have the potential to be hit by cyberattack.
After infection, QSNATCH can be used for several malicious actions, including stealing user credentials, blocking malware removers, and preventing further software updates. Below are some strategies to mitigate the risk of QSNATCH malware infection:
1) Ensure that the QNAP devices are sourced from a legitimate source.
2) If a QNAP device is purchased from a source that cannot be verified, ensure to factory reset the device and fully update the firmware prior to using it.
3) If a QNAP device is being used for internal storage only, ensure that it is disconnected from external connections.
In June 2020, it was reported that over 60 000 devices worldwide were infected with the QSNATCH malware. Roughly 75% of these are located in Western and Eastern Europe. Because this malware blocks future updates to infected devices, it is recommended that a device that is compromised is fully factory reset to ensure that it can be updated in the future.
Do not fall victim to cyberattack. Call us at +1 888 366 4443 or email firstname.lastname@example.org for a consultation today.