BCP & DR

Business Continuity standards (FREE)

BCP & DR If you missed this, due to COVID-19, International Organization for Standardization (ISO) shared free access to the next standards related to Business Continuity planning:
ISO 22301:2019 Security and resilience – Business continuity management systems –Requirements
ISO 22395:2018 Security and resilience – Community resilience – Guidelines for supporting vulnerable persons in an emergency
ISO 22320:2018 Security and resilience – Emergency management – Guidelines for incident management
ISO 22316:2017 Security and resilience – Organizational resilience – Principles and attributes
ISO 31000:2018 Risk management – Guidelines

Stay safe

router ico

Did you patch your Router?

As many of you, I am working from home using my private computer network. But you may remember/know that security and network teams of your company/employer scan and fix vulnerabilities to prevent network and data breach. How do they usually do it:

  1. Keep firmware and OS of their network devices updated. Not just one device, but entire network. Because the weakest element can be breached and used to attack another elements.
  2. Install security and bug fixes for servers and workstations. All devices.
  3. etc.

But now we all seem to be in the same cafeteria with a guest access. Just think how you follow same rules at your home. Perhaps, this is a good time to update OS of your router or wireless access point? When did you install updates for OS of your personal laptop or cell phone? Remember, there is one golden rule: everything can be breached. But there won’t be any chance to avoid it without personal effort.

Stay safe

how to be protected

Coronavirus quarantine best practices

Let’s be humans. There are common steps to reduce the risk being infected by any coronavirus or infect someone else:

  1. Clean your office / working place more often then once a month
  2. Wipe your keyboard and mouse with Lysol wipe twice a day.
  3. No business travel. If any, 14 days self isolation and remote work when you back.
  4. Work remotely. That’s much easier when everything is cloud and team reasonably small.
  5. Disinfection gel at every corner of the office.
  6. Signs of cough or fly, work from home, even if it is family member.
  7. Wash hands with soap 20 sec after been outside the office.
  8. Who don’t need to be at the office for meetings work from home.
  9. If you feel bad and suspect the infection, go to the doctor immediately.

Looking for more options? Web-site of the World Health Organization is here. Do not panic and be cautious.

covid screenshot

Live COVID-19 Map to Spread Malware

This morning I shared with one CIO in Canada an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University. Nothing unusual, just statistics. Since few hours, I realized that it could be a big mistake. So what’s happened?

covid screenshot

COVID-19 is pandemic now and many people naturally are under panic looking for any information to understand what’s going on. This opened doors for cybergyps to disseminate this real-time information about global infection to infect computers with malicious software. In few hours I found a confirmation that this statistics is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. So be cautious with web-sites that have completely same design and similar interactive dashboards.

There is also interesting fact for conspiracy theory enthusiasts. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit (AZORult malware) that uses the Hopkins interactive map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller’s certificate. Nation-state groups again?

Wash your hands, keep your security gears up, and avoid opening attachments sent in emails — even if they seems to come from someone you know.

 

ADP Data Breach Notice

Automatic Data Processing, Inc., commonly known as ADP confirms consumers data breach by issue an official notice about unauthorized access to customer’s accounts between January 24, 2020 and February 11, 2020.

Based on investigation, intruder(s) used consumers logins and passwords.

Information about your legal name, date of birth and SIN might have been exposed.

As you can see in the notice, personal credit monitoring, identity restoration and theft insurance offered for free. Looks like this is another (after CapitalOne breach) use case, when it is publicly offered to do someone’s job. Despite the fact that you and your employers shared your private and personal data, you and only you are responsible for any effects.

Earlier, independent agencies admitted material negative changes with network security and IP reputation controls. Multiple misconfigurations, related to SSL/TLS, DNS and internal databases were also detected through the publicly faced interfaces. Infected by malware hosts were active on March 4, 2020. Multiple web-servers still use expired or self-signed certificates.

There is also interesting fact regarding ADP security compliance status. Based on official web-site, ADP is SOC-1/2 and ISO 27001:2013 certified. SOC-2 is more technical standard against management ones SOC-1 and ISO 27001:2013. Looks like ADP follows management based requirements. But the scope is a key parameter. You can put in scope as one fully patched server, as all your environment, and certificate will be the same document. All details can be found in the attestation reports only, this is how this certification system works. That’s why it’s extremely interesting to find out investigation results and SOC-2 assessor name. You may want to ask this details, but in case of ADP “mission impossible”. Even if you are a client and have NDA signed, it’s not available for you. So this is a natural question whether ADP is really certified. And if we have serious breach reasons, I would think twice before employment of such security assessor.

soc notice

Conspiracy theory enthusiasts are also advised to read China’s TikTok Lures ADP Security Chief to Become New CISO

There are also “good” news for those, who think that they won’t have security related problems, because they have Crowdstrike Falcon deployed and they don’t need anything else – ADP has Falcon deployed either.

ADP Canada didn’t release any official statements yet. So this is yet another question whether this data breach affected Canadian ADP customers.

Stay tuned

Looking forward for other details

ADP security score over time

    

adp data breach notice

Added later…

Something tells me, we won’t know details. It was another breach 9 years ago, nothing disclosed yet.