Category: cybersecurity

Cybersecurity Speakers at PICPA 2022 Conference

Join Morefield at the Pennsylvania Institute Of Certified Public Accountants 2022 Conference

We are honored to have our Cybersecurity experts, Clinton Eppleman and Alex Thomas, participate in this year’s conference discussing cybersecurity in the financial industry. They will joining the panel with fellow industry experts from Schneider Downs and Feeding Pennsylvania to discuss the most cutting-edge tools, tips, and tricks related to digital security, preventative and risk-mitigating cyberpractices & policy implementation for protecting your business.

Learn more at – https://www.picpa.org/attend-cpe-events/conferences/picpa-cfos-and-controllers-conference 

Day 2: Thursday, March 31, 2022

8:00 a.m.

Cybersecurity

  • Pursue the most cutting-edge tools, tips, and tricks related to digital security
  • Preventative and risk-mitigating cyberpractices
  • Policy implementation for protecting your business

Clinton Eppleman
Team Lead, IT Professional Services
Morefield Communications

Alexander Thomas
Team Lead
Morefield Communications
David B. Murphy
Lead Cybersecurity Analyst
Schneider Downs
Moderator: Shea S. Saman, CPA
Chief Financial Officer
Feeding Pennsylvania

Morefield Communications Security Advisory: Log4Shell CVE-2021-44228

Morefield Communications Cybersecurity and IT Operations team have been carefully monitoring a new vulnerability in the Log4J Java library which provides logging capabilities to various software. This new vulnerability (Log4Shell) allows a remote, unauthenticated attacker to force Java-based applications and servers to log a specific string into their internal systems, if using the Log4J library. When the application or server processes the logs, the string can force the vulnerable system to download and run a malicious script from an attacker-controlled domain, effectively taking over the vulnerable application or server.

A significant number of applications are affected. We will be updating this post as new information and affected applications are discovered.

Listed below are some of the running list of all applications and/or server products affected:

  • Apache Software Foundation – Apache Struts, Apache Flink, Apache Druid, Apache Flume, Apache Solr, Apache Flink, Apache Kafka, Apache Dubbo (not limited to these products)
  • VMWare
  • ElasticSearch
  • Apple
  • Twitter
  • Amazon
  • Minecraft
  • Palo Alto
  • IBM
  • CloudFlare
  • JD
  • NetEase
  • Tencent
  • Todo
  • Baidu
  • Didi
  • Steam
  • Tenable
  • Tesla

BlueTeam CheatSheet * Log4Shell* – User community updated list of vulnerable applications

Additional Resources:

 

We expect more application vendors to report this vulnerability and we are diligently monitoring vendor responses for platforms and systems commonly deployed. We are committed to helping our clients make smart technology decisions while delivering outstanding service and expert solutions. If you have any questions, please contact your Network Administrator or Sales Representative.

Could SolarWinds Happen to Me?

TRUST.

Trust. You always have to trust someone in a digital world. The news headlines below describe a current reality: the largest cybersecurity attack in history is being unraveled in real time. To be fair, the attack was publicly disclosed a month ago in December, and experts are still trying to figure out the scope of compromise. Organizations of all sizes, utilizing the SolarWinds Orion platform, potentially installed a malicious update to this software platform. Ironically, the Orion platform is used to increase availability of resources – one of the three key pillars of cybersecurity.

Most of our clients do not have the budget or talent to develop their digital software in house, so they purchase software developed by a third party. Think about all of the different types of software you interact with on a daily basis: CRM, word processor, spreadsheet, email, etc. In each instance, some level of trust is required before you start to utilize these software packages. We likely don’t think twice about the software development process – we just care that it has the features and workflow that will move our organization forward. Perhaps we assume that these vendors make cybersecurity a priority during software development. Should we make this assumption?

Many small to mid-size organizations are not going to be able to influence the security considerations that go into an off the shelf software package. Your investment in the vendors product is a drop in the revenue bucket – take it or leave it.

In all fairness, many of the organizations that were targeted during the SolarWinds Orion compromise are very large organizations. They have a dedicated cybersecurity budget. Many take cybersecurity seriously and implement controls that make sense in their environment, and yet for months attackers went undetected in their network. The point here is that you can do all the “right” things, make the “right” technical control investments, and yet not achieve the outcome you expect.

A Security Event & Incident Management (SEIM) platform is designed to digest logging data and then analyze it in a variety of ways. Such a platform can consume logging from any number of sources: firewalls, security tools, workstations, servers, etc. These data streams are then compared against various threat intelligence feeds to alert you of events that show some degree of an indicator of compromise. This real time data can alert system administrators to potential security events that would otherwise go unnoticed. You can also conduct threat hunting exercises to review historical data in the event you learn about some form of zero-day (or novel) threat that has already happened, such as what happened with the SolarWinds incident – an attack that went undetected around the world for over six months.

Written by Clinton Eppleman, CISSP, Team Lead, IT Professional Services, Morefield Communications

Boost Your CyberSecurity With Morefield Communications

We have partnered with Perch Security to deliver a managed SEIM service in partnership with their Security Operations Center (SOC) – a team of hyper focused cybersecurity professionals that monitor the logging from you network 24/7. The Perch solution helps to monitor your network at all times, and they will escalate any actionable events to your attention for remediation. This cloud hosted solution will scale from just a few endpoints to thousands of devices.

Perch also helps organizations satisfy compliance requirements, for example: CCMC, HIPPA, SOX, PCI, etc. Many small organizations also use cybersecurity frameworks, such as the NIST Cyber Security Framework (CSF), to drive decision making and to facilitate creation of an organizational security policy. The Perch solution fits into the following CSF functions: Identification, Protection, Detection, and Response.

The outcome for a small business is clear when choosing security solutions: you can spend less of your time trying to find a needle in a haystack and more time focused on your business goals. We encourage you to reach out if you would like to learn more about the Perch Solution.

Contact Morefield Communications to learn what those network defenses are for you.

Learn more about IT security from an expert

Morefield Communications Response to SolarWinds Cyber-Attack

On December 13, 2020, the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive after discovering malware contained within a recently released software from the company Solarwinds. Solarwinds is an American company that develops software for businesses to manage their information technology. The malware has been discovered in Solarwind’s Remote Monitoring and Management platform named “Orion”.

The malicious software was implanted into the Solarwinds master servers around March of this year, from a successful attack by a sophisticated team of nation-state hackers. It is now known that this malware has affected many organizations and government entities which were utilizing the compromised Solarwinds software.

Morefield Communications does not utilize Solarwinds software in our delivery of environment monitoring and management services. In response to the recent cyber-attack, Morefield has conducted a thorough audit and review of its partners, suppliers, & distributors for any connector to SolarWinds software. We are working with all outside partners and providers to further identify any client’s connection to Solarwinds software and have proactively reached out to any of our clients known to have a connection to any version of SolarWinds software. Morefield has not sold or installed any hardware or software by the listed compromised companies. As part of our commitment to our clients, we acted quickly to ensure that none of our software providers or hardware products contained the same or similar vulnerabilities associated with the SolarWinds hack.

We continue to monitor our software and client systems diligently for all malicious or unusual activities, as well as all advisories for any similar events. We are committed to helping our clients make smart technology decisions while delivering outstanding service and expert solutions.

Additional Information:

 

Sign Up for Our Newsletter