SSL.com

Cybersecurity Roundup July 2024

SSL.com and Entrust Form Strategic Partnership 

SSL.com is proud to announce a strategic partnership with Entrust, where SSL.com will support Entrust’s public TLS certificate lifecycle, ensuring seamless, secure, and robust certificate services. Entrust customers will experience a smooth transition with no service interruptions, continuing to manage their accounts through the existing Entrust portal. To maintain trust and security, customers are encouraged to renew their certificates before October 31, 2024, using Entrust’s lifecycle solutions or automation tools. SSL.com will integrate multiple paths with Entrust, including serving as an external Registration Authority (RA) for Identity Validation, aligning with SSL.com’s policies and practices. This partnership underscores SSL.com’s commitment to excellence in digital identity and trust services, ensuring uninterrupted service and security for all customers.  

For full information on the new partnership between SSL.com and Entrust, head over to our dedicated article.  

Global Windows BSOD Crisis and Microsoft 365 Outage 

A faulty update from cybersecurity provider CrowdStrike caused widespread Blue Screen of Death (BSOD) issues for Windows machines worldwide. The problem affected banks, airlines, TV broadcasters, and other businesses, forcing affected PCs and servers into a recovery boot loop. CrowdStrike identified the issue as a defect in a single content update for Windows hosts and has deployed a fix, but resolving the problem for affected machines requires manual intervention from IT admins.  Microsoft experienced issues with its Microsoft 365 apps and services in a separate incident. The root cause was a configuration change in some of their Azure backend workloads. Microsoft is in the process of recovering from these issues.
SSL.com Insights: 

In light of the recent widespread Blue Screen of Death issue impacting crucial sectors due to a flawed software update, organizations should consider implementing robust recovery protocols that enable rapid restoration of services and data after system failures. To mitigate the risk of such incidents, companies can employ systems that automate the backup of essential data and configurations, ensuring that they can quickly revert to operational states even in the face of significant disruptions. Additionally, utilizing tools that allow administrators to manage updates and patches remotely and centrally can help prevent the deployment of faulty software across an extensive network of machines. This approach not only strengthens the resilience of IT infrastructures but also minimizes downtime and operational disruptions, safeguarding business continuity and customer trust. 

For more tailored solutions to enhance your organization’s resilience against similar incidents, we encourage you to connect with SSL.com to explore how our services can help you maintain robust and reliable systems.

Chinese APT10 Group Targets Japanese Firms with LODEINFO and NOOPDOOR Malware

Cybereason has uncovered a prolonged cyber espionage campaign dubbed “Cuckoo Spear” targeting Japanese organizations. The campaign, attributed to the Chinese APT10 group, uses malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts. In some cases, the threat actors have maintained persistence within the targeted environments for two to three years, highlighting the stealthy nature of their operations. 
SSL.com Insights: 

To defend against sophisticated spear phishing campaigns that deploy malware like LODEINFO and NOOPDOOR, organizations need to enhance their email security protocols and implement rigorous monitoring of all network traffic. Implementing digital certificates that authenticate email senders can significantly reduce the incidence of spear phishing by verifying the identity of the sender, thus preventing malicious emails from reaching their intended targets. SSL.com’s S/MIME certificates offer a robust solution by encrypting email contents and ensuring that the sender’s identity has been verified, which is critical in protecting against the types of targeted attacks described. By deploying SSL.com’s S/MIME certificates, companies not only secure their email communications but also add an essential verification step that can dramatically reduce the effectiveness of spear phishing attacks, protecting sensitive information from unauthorized access and potential data breaches.

Encrypt Emails, Enhance Security  

Secure Now

Dark Angels Ransomware Sets New Record with $75 Million Ransom Payment 

As reported by Zscaler ThreatLabz, the Dark Angels ransomware gang received a record-breaking $75 million ransom payment from a Fortune 50 company. This payment surpasses the previous record of $40 million paid by insurance giant CNA after an Evil Corp ransomware attack. Dark Angels, launched in May 2022, employs a “Big Game Hunting” strategy, targeting high-value companies for massive payouts rather than attacking numerous smaller targets.  SSL.com Insights: 
In response to the escalating threats posed by ransomware groups like Dark Angels, organizations must adopt a layered security approach that incorporates both preventive and reactive measures. By leveraging encryption technologies to secure sensitive data and employing a rigorous, automated backup system that facilitates quick recovery from data loss, businesses can significantly mitigate the impact of ransomware attacks. Implementing stringent access controls that require robust verification of user identity before granting access to critical systems can prevent unauthorized access and limit the spread of ransomware within the network. SSL.com’s Client Authentication certificates contribute effectively to this strategy by ensuring that only authenticated users or systems can access sensitive data, thereby bolstering security defenses. These certificates, particularly when integrated with Single Sign On systems, provide a strong layer of security that complements traditional password-based systems and enhances the overall security posture of the organization. 

By deploying SSL.com’s Client Authentication certificates, companies can enforce stronger access controls, ensuring that only verified entities have the ability to interact with critical infrastructure. This significantly reduces the risk of unauthorized access and limits the potential for ransomware operators to compromise significant organizational assets.

 

Secure Access, Guard Assets  

Get Certified

SideWinder APT Group Targets Maritime Facilities in New Cyber Espionage Campaign    

The SideWinder APT group, believed to be affiliated with India, has launched a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The campaign uses spear-phishing emails with emotionally charged lures to deliver malicious Microsoft Word documents exploiting known vulnerabilities. Targets include countries such as Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives. 

SSL.com Insights:

To bolster defenses against the sophisticated cyber espionage tactics employed by the SideWinder threat actor, maritime facilities must enhance their spear-phishing detection and implement secure communication protocols. Integrating advanced email security measures that scan and filter incoming communications for malicious content and known vulnerabilities can significantly reduce the risk of successful spear-phishing attacks. SSL.com’s S/MIME certificates provide a critical layer of security by ensuring that email contents are encrypted and the sender’s identity is verified, thus preventing unauthorized interception and ensuring the authenticity of communications. Additionally, these certificates can help in identifying forged emails, which are common in spear-phishing campaigns aimed at exploiting human errors and vulnerabilities in software. 

By deploying SSL.com’s S/MIME certificates, maritime facilities not only safeguard their email communications but also establish a more secure digital environment, reducing the risk of espionage and data breaches through enhanced verification and encryption techniques.

 

Fortify Email, Prevent Espionage  

Encrypt Today

SSL.com Announcements

SSL.com’s S/MIME Certificates can now be integrated with an LDAP-enabled network

LDAP (Lightweight Directory Access Protocol) is an industry-standard protocol for accessing and managing directory information services. It is commonly used for storing and retrieving information about users, groups, organizational structures, and other resources in a network environment.

Integrating LDAP with S/MIME certificates involves utilizing LDAP as a directory service to store and manage user certificates. 

By integrating LDAP with S/MIME certificates, organizations can centralize certificate management, enhance security, and streamline the process of certificate retrieval and authentication in various applications and services that leverage LDAP as a directory service.

Contact sales@ssl.com for more information on LDAP integration. 

Single Sign On (SSO) can now be enabled for SSL.com accounts 

SSL.com users can now activate Single Sign On (SSO) for their accounts. This feature allows users to link their Google, Microsoft, GitHub, and Facebook accounts to their SSL.com accounts. Once linked and logged in to any of the four service providers mentioned, there is no need for users to repeatedly login to their SSL.com accounts with their username and password.  The adoption of SSO by SSL.com represents a commitment to maintaining high security standards while providing a user-friendly environment, ultimately fostering a safer and more secure online experience for its users. 

Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees 

< p align=”justify”>Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI)  Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems.
Exit mobile version