OTX Partners

OTX Roundtable GRC News

June 2024

Microsoft Answers Security Concerns Over Its New Recall Feature

On May 20 Microsoft introduced its new line of windows 11 Copilot+ PCs. These new AI enabled PCs include an Neural Processor Unit (NPU) providing optimized processing power for AI functions. As a component of the Windows 11 Copilot+ operating system a new feature, Recall, will be released on June 20. Recall takes a screenshot of everything you do on your computer every few seconds. This allows users to retrace their steps to retrieve items they would like to revisit but do not remember where or when they accessed the information. The data is stored locally and not stored in the cloud.

Almost immediately, security experts sounded the alarm on the privacy ramifications of capturing every action a user takes on their PC. What if that data could be retrieved by an unauthorized party? Microsoft assured the community that adequate security had been built into the product to prevent that from happening.

However, that was quickly put to the test by others in the security community. Kevin Beaumont published a blog on May 31 digging into Microsoft's claims and debunking many of them. In the article he claimed to be able to access the local database and the screenshots easily. He used an off the shelf info stealer to scrape the database. Although Microsoft Defender found the info stealer, it had already completed its task before detection. Additionally, a group uploaded code to Github for a simple program called "Total Recall" which can parse the Recall database and extract interesting artifacts.

One aspect of the tool that has critics upset is that, in the initial preview, Recall is on by default. Users cannot easily disable the feature, although users can access the settings after install and disable the feature.

Well, Microsoft has responded to the blowback. On June 7, Microsoft released an update providing information on new features being implemented into Recall. First and foremost, Recall will now be disabled by default. Users will need to actively enable Recall to use it. Secondly, Windows Hello authentication will be required to enable Recall. Finally the image data will encrypted at all times until the users decides to access it with "just in time" decryption. Windows Hello Enhanced Sign-In Security (ESS) will be required to for the decryption. Likewise, the search index database is now encrypted.

Additional security features are being included in the Windows 11 Copilot+ PCs such as the MS Pluton security processor providing zero trust principles at the core.

With less than a week to go before release we'll see what the reaction to updated features will be.

FBI Has Over 7000 Lockbit Keys, Urges Organizations to Work Together to Combat Cyber Crime

On June 5, at the FBI's 2024 Boston Conference on Cyber Security, Assistant Director Bryan Vorndran discussed the recent takedown of a large portion or the Lockbit ransomware-as-a-service "gang". This included revealing the identity of the mastermind, 31 year-old Dimitri Khoroshev, a Russian citizen. Vorndran describes the malware-as-a-service operation as a full-fledged business including assistance to customers on selecting targets, optimizing ransom demands, and offering discounts to high-volume customers. In February, the FBI, in concert with 10 other countries, seized major parts of the infrastructure and imposed sanctions on Khoroshev and his affiliates. He has now been indicted on 26 counts and the FBI is working to bring him to justice in the United States.

 However as part of the raid, the FBI has confiscated thousands of LockBit keys. According to Vorndran "…from our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online. We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov."

 Vorndran also urged American business to think of each other as "peers" rather than "competitors". They must share information and best practices more in order to better protect all organizations. Vorndran concluded with this:

 "We should also remember that 85-90% of the most powerful cyber-threat intelligence lies in the hands of those other than the United States government, which brings me to a final point about partnerships: Not one of our past—or future—disruptions is possible without exceptional partnerships. We have to realize, and execute upon this theme, that we are in this together. We are stronger together.

 My ask of each of you today is this: Please be an ambassador for this message. We need everyone—private industry, nonprofits, academia, the U.S. government—in the boat, rowing in the same direction. This is how we will be most effective."

CISA releasing a Series of PSAs

For those of us who came of age in the 70's, CISA's new PSA, We Can Secure Our World, will seem very familiar. Taking a cue from the old Schoolhouse Rock series that used to play during Saturday morning cartoons, CISA is using a musical cartoon to help teach people how to stay safe on line. This is the second in a new Secure Our World series of PSA's CISA began launching in September 2023. The campaign is designed to bring cyber security awareness to the masses. The videos aim to educate and empower to users to take proactive steps to protect their personal information and  avoid scams.

 

At a recent OTX Roundtable offsite one member asked when are we going to start seeing ads during the Superbowl aimed at cyber security awareness. It appears CISA has already stated that process airing a video at the NFL Experience in Las Vegas in February. The PSA did not air on the national broadcast but were seen at the week's event and inside the stadium. MSPs are working hard to educate their clients on the risks associated with cyber threats and the investments that need to be made to remain safe. This type of assistance from the federal government will help reinforce the message. Hopefully we will see additional promotion of these ads during key sporting events, popular prime-time shows, and on streaming platforms. The More You Know…  

Featured Recorded Event

National Society of IT Service Providers

Fireside Chat: Practical Application for MSPs for CMMC

Mark Jennings(OTX Partners), Joy Beland (Summit 7), and Andrew Crawford (Compliance Specialists), discuss how MSPs can prepare for CMMC.

Featured Blog

Recent Lawsuits: Important Lessons Learned

Litigation has always been a risk in the MSP industry. Often the allegations made by the plaintiff are based on an assumption the MSP was providing services that they, in fact, were not. Two recent events provide lessons for MSPs to be very clear with their clients on the services they are providing, the services they are not providing, and the responsibilities the client holds. In this article, the names of the MSPs are being withheld so as not to throw unnecessary  shade, however a quick Google search will identify them easily if you are so inclined.

 MSP Sued by Client Over Ransomware Attack

The first event involves a law firm in Sacramento, California that suffered a ransomware attack in February of 2023. In a lawsuit filed in February 2024, the law firm Mastagni Holstedt claims their IT Service Provider failed to adequately protect their data from attack. According to the lawsuit, the law firm initially experienced connectivity issues and contacted the MSP. The MSP serviced the issue and indicated it was resolved but they provided no additional information regarding cyber security risks. Three days later the law firm was hit by major outage whereby their data was completely inaccessible. A ransom demand was made to the firm by a group known as Black Basta to restore the data.  The law firm then attempted to restore the data from their Acronis backups only to find that the backup had been deleted. The ransom was allegedly ultimately paid. The firm is now seeking more than $1M in damages. But other details paint a grim picture for both parties. Read More…

Next OTX Roundtable Meeting

July TBD

Virtual

OTX Partners LLC

OTX Roundtable GRC is a peer group helping MSPs build and maintain a security and compliance-focused culture. Find out more here

 © 2024 OTX Roundtable, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners.