Posts

The File Data Factor in Ransomware Defense: 3 Best Practices

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Aside from the pandemic, ransomware has become one of the gravest threats to the global economy.  It is no longer a matter of “if” an organization is going to be attacked but “when,” according to Gartner.

The research firm predicts that 75% of organizations will face one or more attacks by 2025. National Security Institute found the average ransomware payout was $200,000 in 2020, up from just $5,000 two years ago as ransomware gangs resort to more aggressive tactics to get what they want.

Large-scale attacks on enterprises—the latest being one against Accenture—are creating regular headlines. The U.S. is the largest region for such attacks, and ransomware accounted for 30% of all U.S.-based cyberattacks in 2020, more than double the rate globally.

Why is ransomware worse now?

The word among security experts is that the Covid-19 pandemic, with its resulting lockdowns and work-from-home mandates, created an enticing new opportunity for hackers.

Employees sometimes use insecure personal devices and networks, accessing desktops over the easily-compromised Remote Desktop Protocol (RDP) software and connected by VPNs which aren’t always configured or secured properly. This has led to a perfect storm of vulnerability at even the largest corporations with massive IT budgets and large teams in place. Ransomware attacks are also becoming more sophisticated.

Ransomware software is now attacking in multiple stages, from penetrating the network, to stealing credentials, to attacking the backup systems. Over this entire time period, which can take weeks to months, companies typically don’t know they are under attack until finally someone suddenly notices files becoming encrypted and unusable.

How does this affect data storage?

Ransomware players are attacking all IT infrastructure, not just servers and applications. In 2021, the network attached storage (NAS) appliance maker QNAP alerted its customers that eCh0raix ransomware was attacking its NAS devices, especially those with weak passwords, as reported in this ransomware paper by ESET.

This is a disastrous prospect, since data growth is…

Source…

NetWitness® Ransomware Defense Cloud Services Helps Enterprises Avoid and Mitigate the Impact of Ransomware Attacks | Business

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


BEDFORD, Mass.–(BUSINESS WIRE)–Aug 4, 2021–

NetWitness, an RSA business ( @RSAsecurity ), a globally trusted partner for some of the world’s largest and most security sensitive organizations, today unveiled NetWitness ® Ransomware Defense Cloud Services, a managed cloud service that monitors endpoints without traditional deployment and administration requirements. Ransomware Defense Cloud Services also includes detection intelligence developed from in-depth ransomware research and development, combined with experienced threat hunting in enterprise environments. This unique offering enhances both prevention and preparedness for organizations concerned about the scourge of ransomware.

Ransomware has become an expensive and disruptive force within organizations. Increasingly, the industry is seeing businesses suffer loss of data, a halt to business operations and damages to reputation. These incidents are costly and labor-intensive to remedy if not detected quickly. At the same time, businesses are looking to streamline their IT processes and infrastructures. Security teams specifically require forensic value from technology solutions without bearing full administrative workload. NetWitness Ransomware Defense Cloud Services addresses these needs by providing expert intelligence in a cloud solution backed by ransomware specialists, experienced threat hunters, and ongoing research and development.

“The ransomware threat is becoming more persistent and sophisticated with every passing day. New ransomware variants, novel attacks, and ransomware-as-a-service (RaaS) mean that no organization can ignore the potential for attack or delay taking proactive steps to prepare for when they happen,” said Dr. Zulfikar Ramzan, Chief Technology and Product Officer of NetWitness. “Preventing and limiting damages from these attacks require a mix of technology, research, analysis, and threat hunting. NetWitness Ransomware Defense Cloud Services combine various areas of NetWitness expertise to help enterprises avoid headline-making ransomware incidents and are delivered through the cloud for rapid deployment.”

NetWitness Ransomware Defense Cloud…

Source…

Proposed ‘Hack-Back’ Bill Tells DHS To Study Allowing Companies To Retaliate – Breaking Defense Breaking Defense

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


A new bill could be the first step in companies being able to “hack back” at bad actors – but doing so could come with major risks, experts say. (File)

WASHINGTON: Two members of the Senate Finance Committee have introduced a bipartisan bill that instructs the Department of Homeland Security to study the “potential consequences and benefits” of allowing private companies to hack back following cyberattacks.

Sens. Steve Daines, R- Mont., and Sheldon Whitehouse, D-R.I., have introduced the legislation as frustration over repeated cyberattacks against US companies has led to growing calls across the national security community and the private sector for retaliatory actions. Some, including military legal advisors, are now calling for the US to revisit its policy on military offensive cyber operations, especially in response to increasing ransomware attacks targeting the public and private sectors.

The draft Study on Cyber-Attack Response Options Act tells DHS to study “amend[ing] section 1030 of title 18, United States Code (commonly known as the Computer Fraud and Abuse Act), to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency.”

DHS’s report would provide recommendations to Congress on the “potential impact to national security and foreign affairs.” Specifically, the report would address the following issues:

  • Which federal agency or agencies would authorize “proportional actions by private entities;”
  • Level of certainty in attribution needed to authorize such acts;
  • Who would be allowed to conduct such operations and under what circumstances;
  • Which types of actions would be permissible; and
  • Required safeguards to be in place.

“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” Whitehouse said in a statement to Breaking Defense. “This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow.” (A request for comment to Daines’s office was not returned by…

Source…

Aviation, Defense, Health Care Targeted in Global Chinese Spying, Hacking Scheme

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The four hackers named in an indictment alleging a conspiracy to hack computers in order for China to gain a competitive advantage. Photo credit: justice.gov

Federal prosecutors in San Diego announced charges Monday against four Chinese nationals accused of hacking computer systems across the globe to steal information to benefit the Chinese government.

The defendants allegedly belonged to and worked for the Hainan State Security Department. The indictment described the agency as a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security.

According to prosecutors, the alleged thefts occurred between 2011 and 2018, involved victims in a dozen countries, and mainly centered “on information that was of significant economic benefit to China’s companies and commercial sectors.”

Authorities allege the goal was to install malware and other hacking tools in computer systems in order to steal data from foreign governments, universities and companies.

The hacks targeted a wide range of industries, including aviation, defense, health care and infectious disease research, prosecutors said.

Source…