January '22 Corvus Policyholder Update

Advanced malware trends, VMWare Horizon Log4j fallout, and more.

We’ve got chills. It could be the freezing temperatures outside, or we’ve been thinking a little too much about bad patch management. Either way, curl up by the fire (or your favorite radiator) and catch up on last month’s Bird’s Eye here. For the latest security tips and vulnerability updates from the experts, keep reading.

Risk + Response Tips

Security tips and service updates from VP of Risk + Response Lauren Winchester

Underwriters often require certain steps to be made before a cyber insurance policy can be bound to reduce the risk for both parties. We’ve covered a lot of those “subjectivities” in this newsletter before, like implementing multi-factor authentication (MFA), endpoint detection response (EDR), and others. While all of these controls are helpful for obtaining cyber insurance, we’d highlight that their most pivotal role is reducing your chances of experiencing an incident. Mitigating risk is always our fundamental goal.

If you’re looking to get some answers on these common subjectivities (like why do we encourage backups? Or where can I find helpful resources on data encryption?) we’ve collected that all in one easy-to-navigate guide here.

Questions about hiring and managing cyber talent as you work to improve security measures? We spoke to experts including Corvus’s CISO, our VP of People, and a recruiter specialized in cybersecurity to get three unique perspectives on hiring (and retaining) employees in a competitive market. You can read our full blog post here.

CISO Corner

Noteworthy trends in cybersecurity from Chief Information Security Officer Jason Rebholz

Historically, malware has been considered a “Windows problem.” Threat actors go where the money is, and for malware authors, that comes down to market share of potentially exploitable systems. So for a long time, the popularity of PCs meant Linux and MacOS were less appealing targets. But as Macs have gained considerable market share and Linux continues to grow in popularity for servers, malware authors are starting to branch out.

Researchers from security firm Intezer discovered backdoor malware “SysJoker” on a Linux-based web server, with versions for both Windows and MacOS as well. It’s uncommon for malware to be written for multiple operating systems, but this discovery shows why you need to protect your endpoints regardless of the platform you’re using. (Endpoint security applies to all endpoints, regardless of the operating system). Yes, there will still be operating systems that are more secure than others. But we must remember that no operating system is immune to malware. This also reinforces that simple antivirus software isn’t always going to cut it against more sophisticated malware. We’ve covered the best practices to protect your organization against advanced attacks through EDR, which you can read here.

Threat Report

What to watch for this month.

The Corvus Scan is a powerful asset that enables us to identify which policyholders are at risk for new vulnerabilities. You’ve probably already heard from us about the following if your organization is at risk, but we’ve gathered the monthly round-up of alerts and updates below:

VMWare Horizon Vulnerability Advisory (January ‘22)

On January 19, 2022, VMware Security Solutions issued an advisory in response to attackers actively targeting VMware Horizon servers that are vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell). Threat actors are leveraging the Log4j vulnerability on unpatched VMware Horizon Servers to gain full access and control of systems and install web shells. Learn more about the VMWare Horizon vulnerability and determine if your organization is vulnerable.