Tag Archive for: battle

Battle of the Botnets: How MSSPs Play the Game

/in


In this article, MSSP Alert examines the tactics and technologies MSSPs and MSPs use to spot and stop botnets. Read part one of the two-part series: “What are Botnets and Why are MSSPs So Concerned?

Any time an MSSP or MSP signs up a new customer it’s an expedition into the unknown, an exploration on day one into a potentially under-managed and vulnerable cyberspace environment.

As you begin this journey, you’re wondering who had been watching the customer’s endpoints (hopefully, but not likely, all of points of entry) and what might have already slipped through detection (perhaps years ago) and infected its IT systems — like a botnet or some type of covert malware.

MSSPs and MSPs surely know the potential of a botnet finding its way into their own IT network or devices. Why wouldn’t the bad guys go after those who would prevent them from laying the track to a ransomware attack?

The tools and techniques of the cybercrime trade are not unsurprising inasmuch as the evolving sophistication of the instruments and tactics of today’s threat actors. For instance, AI is now being used by cybercriminals typically operating out of China, Russia and North Korea.

Waging the Botnet Battle

Jim Broome, president and chief technology officer at DirectDefense, said his MSSP employs a robust endpoint detection and response (EDR) solution with their customers.

“For us, it’s a two-fold answer,” he said. “The more traditional botnet activity that people are associated with is just malware. So we have a managed security services solution built around managed EDR, partnered with CrowdStrike and Cylance BlackBerry (and others). You have to put the two together to look for signs of infection.”

DirectDefense also has a dedicated practice around application security, largely penetration testing, red teaming, software development and lifecycle review. Essentially, these activities are delivered within a professional services package that complements its managed security services.

“This is how we’re helping organizations deal with the struggle of protecting their applications against botnet activity,” Broome said. “Time and time again we’re being called in either for incident response…

Source…

South Korea’s Battle Against North Korean Hackers

/in


In the dimly lit corridors of digital warfare, a new chapter unfolds as South Korean authorities mount a determined response to a series of cyberattacks that bear the hallmark of a familiar adversary. This isn’t just a skirmish in the nebulous realm of cyberspace; it’s a direct assault on the country’s judicial backbone, compelling the National Police Agency to take unprecedented action against a threat that’s as intangible as it is insidious.

The Frontline: Supreme Court Servers Under Siege

The serene city of Seongnam, merely a stone’s throw from the bustling capital of Seoul, found itself at the epicenter of this cyber confrontation. Here, within the premises of the Supreme Court’s digital data bureau, police initiated search and seizure operations aimed at reclaiming sovereignty over servers that fell victim to the cyberattacks orchestrated by the Lazarus Group, a notorious entity with indelible ties to North Korea. The operations, marking a significant escalation in the fight against cyberterrorism, commenced on February 13th, signaling a clear intent to safeguard national security interests.

A Persistent Threat: The Lazarus Group’s Shadow

The Lazarus Group isn’t a new player on the global stage of cyberterrorism. Known for its sophisticated attacks and elusive operations, this North Korean-affiliated collective has cast a long shadow over international cybersecurity efforts. The breach of the Supreme Court servers is but the latest in a series of provocations that underscore the group’s audacious approach to digital espionage and sabotage. By targeting the judicial system, the attackers not only compromise sensitive legal information but also challenge the very integrity of South Korea’s governance structures.

Securing the Digital Frontier: Response and Repercussions

In response to this brazen incursion, the National Police Agency’s cyber terror division has not only intensified its efforts to recover and secure the compromised servers but also to assess and mitigate the impact of the breach. These efforts are emblematic of a broader struggle to protect critical infrastructure from the increasingly sophisticated…

Source…

Digital Avengers: Five Unifying Factors Shaping the Battle Against Global Cybercrime

/in


As cyber threats evolve, our most potent weapon is collective action. Governments, industries, and international partners must join forces against digital adversaries to proactively navigate this dynamic cybersecurity realm.

There are five key factors shaping the ongoing battle against cybercrime. Together, they outline a shared framework for collective defense, drawing inspiration from the National Cybersecurity Strategy’s goals and integrating best practices and lessons learned from Microsoft’s Digital Crimes Unit (DCU). By uniting the efforts of law enforcement, security firms, researchers, non-governmental organizations (NGOs), and individuals, we can enable better transparency and information exchange against unprecedented cyber threats. 

Factor One: United in Threat Intelligence 

Shared threat intelligence is the bedrock of a robust cyber defense strategy. This requires information sharing, continuous vigilance in tracking adversarial activities, revealing undisclosed threat actors, and ensuring unwavering protection for on-premise servers. 

Microsoft aims to play a central role in this collective endeavor by fostering deep relationships with our customers and their security teams. Since 2008, Microsoft’s DCU has been at the forefront of battling cybercrime, including timely victim remediation, regularly publishing security intelligence reports, and engaging in various threat information-sharing platforms. These efforts serve to empower organizations, security professionals, and the broader community to stay informed, well-protected, and ahead of the ever-evolving landscape of cyber threats.

Take the collective support of Ukraine against the cyber war launched by Russia. Industry leaders collaborated with Ukrainian government agencies and their security teams to offer technical assistance, threat intelligence, and cybersecurity resources that provided timely insight into threat actors and their tactics — enhancing the nation’s cyber defenses. Efforts like these showcase the growing need to share threat intelligence at speed and scale for better cyber security. 

Factor Two: United in Innovation

New technologies are transforming cybersecurity by enhancing threat detection…

Source…

AI and cybersecurity: locked in an ongoing battle – TechHQ

/in



AI and cybersecurity: locked in an ongoing battle  TechHQ

Source…