Tag Archive for: defense

Going from defense to offense against China’s Volt Typhoon APT group


What do the Super Bowl and cybersecurity have in common?

To win the big games, teams need both offense and defense. On Jan. 31, the U.S. Government did just that when they disrupted the KV Botnet used by China-sponsored Volt Typhoon.

For far too long, cybersecurity has been considered “preventive” or “reactive.” The industry was developed around defending and protecting assets. The concept of active defense gained interest, but it was misinterpreted and thought of instead as hacking back.

The National Institute of Standards and Technology (NIST) has defined active cyber defense as “synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities.” Active defense still means playing defense.

So, how do we go on offense? As an industry, our approach has become littered with legal pitfalls, significant risks and a lack of ongoing capability. Military organizations are uniquely designed to create and sustain long-term offensive cyberspace operations. As sexy and enticing as that sounds, it’s restricted to operations against foreign adversaries and nation-states as a matter of law. But that’s not the only option we have for a good offense.

Enter the FBI

The FBI operates as the primary federal investigative organization tasked with responding to cyberattacks and intrusions. We are now witnessing the rise of offensive cyber operations by a domestic law enforcement agency that has demonstrated a significant ability to identify, penetrate, and dismantle criminal and nation-state networks. What once was an anomaly has matured to become a standard part of the investigative arsenal available to actively engage and disrupt transnational criminal groups and nation-state actors.

In November 2022, I had the opportunity to participate in a panel discussion with the FBI Supervisory Special Agent, who led the investigation into the takedown of the Hive ransomware group. What was striking for me was how far the FBI had come since the days 23 years prior when I spent a year conducting in-service training for their Computer Analysis Response Team: CART. The student had become the master.

The dismantling of Hive was directed at a transnational criminal group,…

Source…

A Defense Against Ransomware Attacks


Fulton County, Georgia, found itself in the crosshairs of a ransomware attack that left its critical services in chaos for weeks. LockBit, a notorious cybercrime group, claimed responsibility for the attack, causing disruptions in the District Attorney’s office and leaving residents unable to pay property taxes and water bills electronically. As of February 15, 2024, phone lines remain down, and the county’s recovery efforts continue.

LockBit’s Ransomware Reign

LockBit, the cybercriminal collective behind the Fulton County attack, has become a major player in the ransomware landscape. With a penchant for exploiting vulnerabilities in unmanaged devices, LockBit has managed to infiltrate systems at local, state, and federal levels, causing widespread chaos and financial losses.

The group’s modus operandi involves using compromised endpoints to encrypt data on other devices connected to the same network. This strategy enables them to bypass security stacks and strike at the heart of targeted organizations, making detection and recovery an arduous task.

Rubrik’s Defense against the Ransomware Onslaught

In response to the growing threat of ransomware attacks, Rubrik has introduced its Anomaly Detection and Sensitive Data Monitoring services. These solutions help customers identify and recover from cyberattacks more effectively, ensuring minimal disruption to essential services.

Rubrik’s Anomaly Detection uses machine learning algorithms to identify unusual patterns in data access and usage, enabling administrators to pinpoint potential threats and take swift action. The Sensitive Data Monitoring service, on the other hand, helps organizations classify and protect sensitive data, making it more difficult for cybercriminals to exploit.

Air-Gapping and Other Data Center Protections

Data centers can employ additional strategies to safeguard against ransomware attacks compared to other environments. These measures include air-gapping, maintaining offsite backups, digital twinning, and enhanced physical security.

Air-gapping involves disconnecting resources from the internet, providing an extra layer of protection for data…

Source…

This Defense ETF Combines Defense, Cybersecurity, and AI


You might not expect to find stocks like Broadcom (NASDAQ:AVGO) or Crowdstrike (NASDAQ:CRWD) in a defense ETF, but the SPDR S&P Kensho Future Security ETF (NYSEARCA:FITE) is a unique defense ETF that takes a differentiated, forward-looking approach to national security and the defense industry.

The concept of warfare is rapidly evolving and now increasingly encompasses cyber warfare, drones, space, and other new arenas. That’s why the FITE ETF goes beyond tanks, fighter planes, and missiles and expands the definition of defense to include companies involved in software, cybersecurity, drones, robotics, and more.

I’m bullish on FITE because this differentiated ETF enables investors to capitalize on this nascent theme.

What is the FITE ETF’s Strategy?

FITE invests in an index called the S&P Kensho Future Security Index. According to fund sponsor State Street (NYSE:STT), the index is comprised of “companies whose products and services are driving innovation behind future security, which includes the areas of cybersecurity, advanced border security, and the following areas for military application: robotics, drones and drone technologies, space technology, wearable technologies and virtual or augmented reality activities.”

Thus, the ETF allows investors to “invest in a portfolio of companies involved in the future of warfare and a nation’s security.”

A Portfolio Built for the Future of War

FITE holds 60 stocks, and its top 10 holdings account for just 20.8% of the fund, so FITE is fairly diversified and does a good job of limiting concentration risk.

Below is an overview of FITE’s top 10 holdings using TipRanks’ holdings tool.

While war is still fought on the battlefield, it is increasingly moving into new fronts, and FITE’s portfolio capitalizes on this shift.

One key arena is cyberspace. The Heritage Foundation states, “No threat facing America has grown as fast, or in a manner as difficult to understand, as the danger from cyberattacks.” It reports that the most dangerous cyberattacks come not from lone hackers in a basement but sophisticated nation-state hackers who view cyber warfare as a new avenue to attack the United States. Terrorist organizations and…

Source…

Rising ransomware attacks on education demand defense readiness


Key points:

Ransomware attacks continue to wreak havoc on the education sector, hitting 80 percent of lower education providers and 79 percent of higher education providers this year. That’s a significant increase from 56 percent and 64 percent in 2022, respectively.

As “target rich, cyber poor” institutions, schools store massive amounts of sensitive data, from intellectual property to the personal information of students and faculty. Outdated software, limited IT resources and other security weaknesses further heighten their risk exposure. In a ransomware attack, adversaries exploit these vulnerabilities to infiltrate the victim’s network and encrypt their data, effectively holding it hostage. After encryption, bad actors demand ransom payment in exchange for the decryption key required to retrieve their files.

But the ramifications of ransomware extend beyond the risk of data exposure and recovery costs; attacks can also result in downtime that disrupts learning for students. The impact of ransomware has grown so severe that the Biden Administration has even committed to providing ongoing assistance and resources to support schools in strengthening their cyber defenses.

So, while ransomware in the education sector isn’t a new phenomenon, the stakes remain high. And with both higher and lower education institutions reporting the highest rates of attacks among all industries surveyed in a recent study, the need for increased defense readiness in the education sector has never been more evident.

3 ransomware trends disrupting classrooms in 2023

Cybercriminals have refined the ransomware-as-a-service (RaaS) model in recent years, enabling adversaries to specialize in different stages of attack. Amid the current ransomware surge, IT and security leaders in education must remain aware of the evolving threat landscape so they can effectively safeguard their networks and systems.

Here are some trends from The State of Ransomware in Education 2023 report that demand attention now:

1. Adversaries are leveraging compromised credentials and exploited vulnerabilities. More than three-quarters (77 percent) of attacks against higher education…

Source…