Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.  Insider threat edition.

Quote of the Week

Insider threats are not viewed as seriously as external threats, like a cyber attack. But when companies had an insider threat, in general, they were much more costly than external incidents… The insider that is smart often has the right skills to hide the crime, sometimes forever.

— Dr. Larry Ponemon, on the impact of IT security threats from company insiders

IT Security Director Jailed for Theft as Insider Threat Costs on the Rise

Terry Petrill was supposed to be working on cybersecurity for his employer. But according to court documents, he was working on his personal financial security instead—and now he is headed to jail. Petrill was the IT security director for Horry County, South Carolina. His sentencing records say he got into a criminal routine that made him a successful insider threat for more than three years. “Petrill ordered 41 Cisco 3850 switches that were to be installed on the Horry County Network. When the switches would arrive, Petrill would maintain custody of the switches and advised that he would handle the installation.” But instead of installing them, he advertised them for sale… Read more

It Was the High School Junior, with the Botnet, that Knocked School Offline

Remember the old days when high school kids came up with creative ways to get out of taking a test? Some of them would pull the fire alarm. Then came the “phone in a bomb threat” trick, which led to criminal charges in a few cases. And now, with many schools going virtual, the get out of school tactics are moving into the cybercrime realm. Just ask the Miami-Dade County Public School District… Read more

Former Cisco Engineer Pleads Guilty to WebEx Attack

Sudhish Ramesh was an engineer at Cisco. Like engineers at a lot of companies, he resigned and moved on. But a few months later, he gained unauthorized access to Cisco’s cloud environment and caused more than $2.4 million in damage. Ramesh just pleaded guilty to the crime in a Silicon Valley courtroom. The U.S. DOJ published details of his plea which specifically targeted Cisco’s WebEx Teams app… Read more

DoS and DDoS Attacks against Multiple Sectors

Original release date: September 4, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide. A DoS attack is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. In a DDoS attack, the incoming traffic originates from many different sources, making it impossible to stop the attack by blocking a single source. These attacks can cost an organization both time and money while their resources and services are inaccessible.

If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance.

  • Contact your network administrator to confirm whether the service outage is due to maintenance or an in-house network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
  • Contact your internet service provider to ask if there is an outage on their end or if their network is the target of an attack and you are an indirect victim. They may be able to advise you on an appropriate course of action.

For more information, see CISA’s Tip on Understanding Denial-of-Service Attacks.

Botnets: A cheat sheet for business users and security admins

Almost anything with an internet connection can be hijacked and used in a malicious botnet attack–IoT devices are especially popular targets. Learn how to spot and prevent this malware threat.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.