Tag Archive for: Defenses

A Hacker’s Perspective For Building Proactive Organizational Defenses


Anshu is the founder/CEO of CloudDefense.AI—a CNAPP that secures both applications and cloud infrastructure.

The ongoing happenings in cyberspace continually underscore the concerning fact that hackers are getting super smart with their tricks and launching sophisticated cyberattacks more often. Whether it’s crippling ransomware attacks or sneaky data breaches, cybercriminals are showing off their cleverness and adaptability like never before. Hacking techniques are evolving faster than our traditional security measures can keep up with.

This is the harsh reality of cloud security, where hackers exploit the very nature of the cloud—its openness, its dynamism—to gain an edge. But what if you could think like a hacker? What if you could see your publicly exposed infrastructure through their eyes, anticipate their moves, and shore up your defenses before they even struck?

That’s the power of understanding hacker recon. As the CEO of a cloud security company, I’ve learned that when it comes to implementing cybersecurity strategies, it’s not enough to merely react to threats. To stay ahead of the curve, we need to think like attackers, not just defenders. That said, here I discuss how to adopt the hacker’s perspective and use it to strengthen your cloud security posture.

Understanding What Hacker Recon Is

Think of hacker reconnaissance (recon) as detective work done before a cyberattack is launched. It’s when hackers gather information about their target, such as a company’s computer systems and networks. Through this, they’re trying to understand the layout of the digital front, looking for any security gaps, attack vectors or potential entry points that they can exploit later.

Simply put, the more information they uncover, the more smoothly their “operation” can go—just like any good detective needs solid clues to crack a case. So, next time you hear about a cyberattack, remember that it often starts with this information-gathering phase.

There are two main ways hackers do their recon:

• Passive recon involves gathering information without directly interacting with the target system. Hackers might use search engines, social media, public records and other…

Source…

Fortifying cyber defenses: A proactive approach to ransomware resilience


Ransomware has become a pervasive threat, compromising the security and functionality of vital systems across the United States.

While governmental pledges and public declarations of intent to fight cybercrime are foundational, they often lack the immediate and tangible impact necessary to counter sophisticated cyber threats. Case in point – the US recently pledged, along with 39 other countries, not to pay ransoms. In theory this makes sense: don’t pay, the bad guys don’t make money and move on to other crimes. In practice, it won’t work.

government cybersecurity tools

Getting the right tools

Instead of investing time in formulating non-binding pledges rather than working on actionable solutions, the US Government should adopt a more proactive stance by directly procuring advanced cybersecurity tools.

These tools, which have been developed to keep data safe and stop ransomware attacks, exist and are continually evolving. By spearheading the implementation, through investment and education, the government can set a powerful example for the private sector to follow, thereby reinforcing the nation’s cyber infrastructure.

The effectiveness of such tools is not hypothetical: they have been tested and proven in various cybersecurity battlegrounds. They range from advanced threat detection systems that use artificial intelligence to identify potential threats before they strike, to automated response solutions that can protect data on infected systems and networks, preventing the lateral spread of ransomware.

Investing in these tools would not only enhance the government’s defensive capabilities but would also stimulate the cybersecurity industry, encouraging innovation and development of even more effective defenses.

This approach can also foster public-private partnerships, as government agencies can collaborate with cutting-edge technology firms to develop new standards, best practices, and adapt commercial tools for government use, ensuring the most robust protection possible. These collaborations can also facilitate expanded information sharing, enabling both to stay ahead of emerging threats and collectively strengthen the nation’s cyber defenses.

Moreover, the procurement of…

Source…

Understanding these nine ransomware stages can help harden cyber defenses


Ransomware payouts are on track to make 2023 another banner year for criminals, netting more than $440 million since January, according to a recent analysis by Chainalysis. But there are ways for organizations to blunt the impact.

First, some background: One of the reasons for ransomware’s continuing success, according to Chainalysis, is the success of what is popularly called “big-game hunting,” or going after large enterprises with deep pockets and the promise of big ransom rewards. Witness the reach of the Clop gang with exploits of Progress Software Corp.’s MOVEit file transfer software. Chainalysis estimates an average payout of $1.7 million per victim.

But the trend has other contributing factors, such as an increased number of successful attacks on smaller targets. Also, as more victims refuse to pay some security analysts think this has motivated attackers to ask for higher ransoms across the board or use more extortion techniques to convince victims to pay. Ransomware continues to be a growth business opportunity for criminals, whether or not victims pay up, because stolen data carries a certain value on the dark web, the shady corner of the internet reachable with special software.

To bring more clarity to the rise in ransom payments, we examined reports by six security firms that tried to categorize the various steps involved in a typical ransomware attack:

  • EJ2 Communications Inc. Flashpoint’s Anatomy of a Ransomware attack (seven stages, July 2023)
  • Google LLC Mandiant’s m-Trends June 2023 report (which breaks down the recent Ukrainian cyberattacks into five stages)
  • Palo Alto Networks Inc. Unit 42’s Stages of a Ransomware attack (five stages, February 2023)
  • Blackberry Ltd.’s Anatomy of a Ransomware attack (eight stages, October 2022)
  • JP Morgan Chase & Co.’s Anatomy of a Ransomware attack (five stages, September 2022)
  • Darktrace PLC’s Nine Stages of Ransomware (it is really six discrete stages, December 2021)

Many of these companies have ulterior motives in laying out their ransomware models, in that they sell research based on their own telemetry (such as Palo Alto Networks and Mandiant) or products that can help find or mitigate malware…

Source…

Elevate Your Ransomware Defenses with a Post Incident Review


When a military mission is completed, commanders create what’s commonly known as an “after-action review” to assess what happened versus what was intended to happen. These reviews are designed to determine what went right and what needs improvement before the next mission.

Such reviews are critical in the armed forces, and they also are key tools that IT and business leaders can use to evaluate how organizations performed in response to ransomware attacks and other cybersecurity incidents. These assessments can help organizations determine how attacks occurred, what the response was like, and how to improve cybersecurity efforts and post-incident communications, according to industry experts.

The need for such reports is as critical as ever. According to IBM’s X-Force Threat Intelligence Index 2023, ransomware was the second-most common action malicious actors took in 2022, covering 17 percent of attacks (behind only the use of malware backdoors at 21 percent).

And according to a 2023 Cybersecurity Ventures report, “by 2031, ransomware attacks are expected to occur every 2 seconds” and carry a global cost of about $265 billion. “You want to be able to look at what the root cause was and try to get to lessons learned in terms of continuous improvement,” says Rob Clyde, an ISACA board director.

 

Creating a Post-Incident Ransomware Review

It’s crucial for business and IT leaders to hold multiple post-incident review meetings to discuss what happened during a ransomware attack, says Jon France, CISO of (ISC)², a nonprofit cybersecurity association. Leaders can use these meetings not only to determine how an attack occurred and what broke down in terms of cybersecurity but also look at what went right so that good behaviors and best practices can be reinforced.

The most important part of these reviews is to get to the truth of what happened. Without that, organizations won’t know how to improve, says Lisa Plaggemier, executive director of the National Cybersecurity Alliance. She says it’s important for post-incident reviews to include individuals within an organization who were on the front lines when an attack occurred, because they…

Source…