Celebration of Cybersecurity Awareness Month began in October 2004 to keep the public safe from cyber threats by raising awareness and sharing resources. We’re celebrating by sharing the main themes of the first two weeks and what we should focus on to protect ourselves.
Week 1 – Do Your Part, #BeCyberSmart.
The general theme for this year’s Cybersecurity Awareness Month is to be cyber smart! Because of the ever-expanding cybersecurity threat landscape, we all have to do our part to keep our systems secure. At Linode, we believe security is not just the security team’s responsibility, but everyone’s.
It’s essential to keep open communication between security teams and other teammates to ensure everyone is aware of the consequences of each action they take. Everyone makes mistakes, and human error is often a significant factor in security breaches. According to the Verizon 2021 Data Breach Investigations Report, 85% of all breaches involved a human element.
Week 2 – Phight the Phish!
Social engineering attacks like phishing continue to be a major threat to security. By running phishing campaigns throughout your company, you can educate your users and reduce the risk of being compromised by an actual phishing email.
A phishing attack consisting of a cleverly composed message can make an unsuspecting user accidentally download malware and cause a breach. FBI’s Internet Crime Complaint Center (IC3) report states that there were around 230,000 complaints related to phishing in 2020 alone.
The US Cybersecurity and Infrastructure Security Agency (CISA) published anti-phishing security tips on recognizing and resisting phishing attacks. The document is filled with helpful information and can be used to educate employees within your organization. We also recommend this phishing quiz from Google that asks you to separate legitimate emails from realistic-looking phishing emails.
Awareness is the name of the month, so we will be sharing two more topics that we think you should be aware of this week.
FontOnLake Linux Malware
FontOnLake is a new Linux malware that uses trojanized versions of built-in binaries to persist on a system. It comes with rootkits to hide its presence, and it uses backdoors to give remote access to the malicious parties on compromised systems. According to the report published by ESET, this malware’s operators are overly cautious in hiding their activities. The trojanized binaries can replace commonly used tools like cat, sshd or kill. Here’s a useful article you can check to see the indicators of compromise for this malware.
Apache Releases 2.4.51 (CVE-2021-42013)
Our previous post mentioned that Apache’s web server software version 2.4.49 was vulnerable to denial of service and path traversal attacks. They released version 2.4.50 to mitigate these issues but later found that version 2.4.50 did not eradicate these vulnerabilities. Version 2.4.51 was released to address these issues, and Apache urges its users to update to the latest version.
We stay methodically paranoid about protecting our assets and keeping our customers’ servers always available. Feel free to leave a comment down below to share your favorite posts about Cybersecurity Awareness Month! We’d love to hear your feedback.