Tag Archive for: Defend

13 Expert Tips To Defend Against And Respond To Ransomware Attacks

/in


In February 2023, the city of Oakland was forced to take multiple systems offline for several days after being hit with a successful ransomware attack; the hackers also released the personal data of city employees online a few weeks later. While notable for its severity, the Oakland attack was not the first high-profile successful ransomware attack, and it almost certainly won’t be the last.

While it’s important for all organizations that deal in data to establish robust cyber defense postures, that’s not enough—many tech experts assert that most organizations will be successfully breached by hackers at some point, so it’s also essential to have an incident response plan ready. Below, 13 industry leaders from Forbes Technology Council share defensive practices and response protocols every public and private entity should have in place to be better prepared for ransomware attacks.

1. Invest In Multi-Location Backups And Data Protection

In 2023, infiltration is inevitable. Damage control falls into two main areas. First, ensure you can bring systems back up quickly. Have multi-location backups (both onsite and offsite), preferably using sharding. This allows a company to recover quickly from a ransomware attack without having to pay the ransom. Second, protect your data. Have an ongoing plan to protect unstructured data, as this is usually where all the damage occurs. – Jo Webber, AtlasJobs

2. Have A Disaster Recovery And Incident Response Plan In Place

Having a robust and regularly tested backup and disaster recovery and incident response plan in place is crucial for businesses and governmental organizations to be better prepared for ransomware attacks. In the event of an attack, having backups of critical data and systems can enable organizations to restore operations quickly and effectively, minimizing disruption and potential financial losses. – Jagadish Gokavarapu, Wissen Infotech

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

3. Develop A Comprehensive Software Patching Process

Ensuring all networked systems have all current software patches applied is an essential element for…

Source…

KnowBe4 Finds State and Local Governments Struggle to Defend Against Ransomware and Business Email Compromise

/in


KnowBe4 releases The Economic Impact of Cyber Attacks on Municipalities report and finds sectors struggle to defend themselves against cyber attacks due to lack of support

TAMPA BAY, Fla., March 29, 2023–(BUSINESS WIRE)–KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, released a new report showing the continued impact cyber crime is having on state and local governments entitled “The Economic Impact of Cyber Attacks on Municipalities”.

KnowBe4’s report details the financial costs, reputational effects, level of public trust and other impact cyber attacks have on municipalities. The report breaks down the impact cyber attacks have into five target areas: the average financial loss from state and local governments, the denial of service to citizens due to financial loss, the frequency/types of attacks and the risk of recurring attacks, the challenge of allocating capital to prevent attacks and the decline of economic investment in municipalities.

Additionally, the new reports revealed ransomware continues to plague municipalities in all industry sectors. Business email compromise (BEC) attacks were also proven to be one of the most lucrative forms of cyber attacks in 2022, generating billions of dollars lost across all sectors and increasing across all sectors by 175%, with an 81% surge in 2022. State and local governments are particularly vulnerable to these attacks due to government transparency laws which allow cyber criminals to more easily tailor their attack to the victim.

Key findings from the report include:

  • Many municipality cybersecurity budgets are underfunded or do not exist at all. According to the National Association of State Chief Information Officers (NASCIO), most state cybersecurity budgets are between 0% and 3% of their overall IT budget. Additionally, only 18 states have a cybersecurity budget line-item and only 16% of states reported a budget increase of 10% or greater since 2018.

  • The 2022 IC3 Report reveals that in 2022, BEC attacks generated a total of $2,742,354,049 in losses across sectors, an increase of $346 million from 2021, and $875 million from 2020.

  • There are 1.7 million…

Source…

A Digital Red Cross: What Would It Defend Against?

/in


On November 18, 1991, after enduring a three-month artillery assault, the city of Vukovar in Croatia fell to what was then known as the federal Yugoslav People’s Army (JNA) and Serb paramilitary forces. After JNA units took control of a hospital where hundreds of sick and wounded were located, they removed approximately 300 men of whom at least 200 were later murdered at the nearby town of Ovcara. Years later, the Prosecutor at the International Criminal Tribunal for the former Yugoslavia charged those responsible for this atrocity with war crimes.

For over 150 years, the Red Cross, Red Crescent, and later the Red Crystal symbol have endured as indelible images of protection during warfare. We reserve these emblems for people and places that are entitled to a rare privilege of safety and security while providing medical and humanitarian assistance during armed conflicts. The urge to expand their protection to other realms is understandable but requires caution and attention to technical, political, and operational challenges.

A Digital Protected Emblem

Recently, the International Committee of the Red Cross (ICRC) announced an innovative proposal to identify the digital presence of certain humanitarian and healthcare organizations during armed conflict. The hope is that identifying protected digital infrastructure “would make it easier for those conducting cyber operations during armed conflict to identify and spare protected facilities – just as a red cross or crescent on a hospital roof does in the real world.”

The proposal is a creative attempt to protect the digital presence of those humanitarian organizations entitled to the protections afforded by the Red Cross. The digital health of those organizations is essential to their ability to provide services, such as life-saving medical care. Malicious cyberattacks could, among other things, potentially deprive a facility of critical medical information that is necessary to treat patients. The Digital Red Cross proposal represents an attempt to bridge the gap between how International Humanitarian Law (IHL) applies in the physical world with the unique dimensions of the cyber domain. But if a Digital Red Cross system is…

Source…

Types of cloud malware and how to defend against them

/in


Malware is a fact of life today. And that isn’t likely to change anytime soon.

Cloud malware adds another category to the worms, viruses, spyware and other malevolent software the industry battles every day. The phenomenon isn’t new; it has been growing for more than a decade. The SpyEye banking Trojan, for example, was hosted in Amazon Simple Storage Service buckets back in 2011. Cloud security provider Netskope reported that 68% of all malware downloads originated in cloud apps.

Let’s take a look at the types of cloud malware and how to defend against them.

Types of cloud malware

Any discussion around cloud malware needs to focus on two specific categories:

  1. malware that uses the cloud for delivery and communications (command and control); and
  2. malware that explicitly targets cloud assets and resources.

Modern malware gains a foothold through cloud services via various means. First, many types of malware are hosted in cloud storage environments, either in dedicated services, such as Dropbox or Box, or in storage nodes within IaaS or PaaS clouds. These publicly exposed storage accounts, or nodes, are often within well-known cloud service provider (CSP) environments to minimize the chances that content filtering software blocks the hosting domain. Ransomware, in particular, is often cited as a cloud-hosted threat.

Second, many malware variants host their command-and-control infrastructure in the cloud, as most organizations don’t explicitly block traffic to AWS, Azure, Google Cloud Platform and other large CSPs.

Third, some types of malware may be used in DDoS campaigns, where cloud-hosted systems under an attacker’s control are then used to send large quantities of traffic to victims. These attacks may also be a result of compromised systems in cloud tenant accounts.

At the same time, new variants of malware target cloud services and workloads. Among the most well known are cryptocurrency miners who target cloud-based VMs and container workloads. These types of malware scan exposed APIs to determine whether any of them can be exploited to permit installation and execution on workloads. Once that’s accomplished, attackers mine cryptocurrency for profit.

Trend Micro reported…

Source…