Tag Archive for: Defenses

Elevate Your Ransomware Defenses with a Post Incident Review

/in


When a military mission is completed, commanders create what’s commonly known as an “after-action review” to assess what happened versus what was intended to happen. These reviews are designed to determine what went right and what needs improvement before the next mission.

Such reviews are critical in the armed forces, and they also are key tools that IT and business leaders can use to evaluate how organizations performed in response to ransomware attacks and other cybersecurity incidents. These assessments can help organizations determine how attacks occurred, what the response was like, and how to improve cybersecurity efforts and post-incident communications, according to industry experts.

The need for such reports is as critical as ever. According to IBM’s X-Force Threat Intelligence Index 2023, ransomware was the second-most common action malicious actors took in 2022, covering 17 percent of attacks (behind only the use of malware backdoors at 21 percent).

And according to a 2023 Cybersecurity Ventures report, “by 2031, ransomware attacks are expected to occur every 2 seconds” and carry a global cost of about $265 billion. “You want to be able to look at what the root cause was and try to get to lessons learned in terms of continuous improvement,” says Rob Clyde, an ISACA board director.

 

Creating a Post-Incident Ransomware Review

It’s crucial for business and IT leaders to hold multiple post-incident review meetings to discuss what happened during a ransomware attack, says Jon France, CISO of (ISC)², a nonprofit cybersecurity association. Leaders can use these meetings not only to determine how an attack occurred and what broke down in terms of cybersecurity but also look at what went right so that good behaviors and best practices can be reinforced.

The most important part of these reviews is to get to the truth of what happened. Without that, organizations won’t know how to improve, says Lisa Plaggemier, executive director of the National Cybersecurity Alliance. She says it’s important for post-incident reviews to include individuals within an organization who were on the front lines when an attack occurred, because they…

Source…

Hospitals urged to tighten DDoS defenses after health data found on Killnet list

/in


The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.

In fact, users found and publicly shared global health and personal information belonging to global health organizations on the alleged Killnet list on Jan. 28.

John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, warned that “As of today, we understand that some of the named entities were, in fact, targeted by DDoS attacks.”

However, the impact of the activity was found to be “minimal and temporary with no impact to care delivery services,” he added. Although DDoS attacks don’t typically cause significant damage, the traffic surges brought on by these cyberattacks can cause website outages that can last for several hours or days.

As such, provider entities should ensure they have adequate DDoS protection for their web hosting.

Killnet is notorious for launching DDoS attacks with “thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems,” according to a December HC3 alert that followed a successful attack on a U.S. healthcare entity.

The group operates multiple public channels for recruitment purposes and has suspected ties with Russian government organizations like the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR). But the connections have not been confirmed. 

What’s clear is that the group’s senior members have extensive experience with deploying DDoS attacks, having “previously operated their own DDoS services and botnets. Most of these operations rely on publicly available DDoS scripts and IP stressers.

But researchers are divided on the group’s impact, noting the group has failed at pivoting their attack models. In October, for example, Killnet successfully blocked the infrastructure of J.P. Morgan but was unable to disrupt the bank operations.

The Department of Justice seized 48 internet domains tied to some of…

Source…

The Art of Future-Proofing – Upgrading Your Defenses for the Threats of Tomorrow

/in


After a disruptive couple of years, we’re emerging into a much more digitised world with consumers and businesses capable of doing more than ever before. However, that progress hasn’t been reserved only for them – the threat landscape has similarly evolved, with bad actors intensifying their use of advanced technology to conduct more determined attacks on their victims.

This shift can be perfectly encapsulated in the number of zero-days we’ve witnessed over the past year. Zero-day refers to a breach or attack that happened because of a vulnerability in a piece of software that has yet to be patched because it hasn’t been discovered yet.

The past 12 months have seen a record high number of zero-days ever, according to Project Zero, a Google-funded team responsible for disclosing these sorts of bugs to vendors. And while this indicates greater transparency and dedication by security researchers to warn against these sorts of attacks, it leaves security professionals with the daunting challenge of continuously patching their critical – and vulnerable – estates.

The evolving role of the CISO

CISOs have a vital role to play when it comes to elevating their company’s security posture to protect it from threats.

CISOs, in partnership with identified stakeholders in technology, operations, and business design, lead changes that are meant to strengthen their organisation’s cybersecurity while elevating overall digital trust. To achieve this, they need to involve themselves in the business/product roadmap conversations and create a cybersecurity ecosystem within the enterprise. This will help create a culture of awareness, ownership, and accountability around security within the larger organisation from the get-go.

However, this is easier said than done. There are several factors that can impact a firm’s adaptation of a successful security strategy. Some factors are: a product’s time to market; the movement to hybrid work and the inherent exposure of a firm’s key assets in such a model; and employee engagement, especially as work-from-anywhere picks up pace. CISOs need to continually review and reprioritise adaption of security…

Source…

Four new defenses against quantum codebreakers- POLITICO

/in


With help from Derek Robertson

The ability to pay for something with a credit card online is something we now take for granted, but in the not-too-distant future, quantum computers might be able to crack the encryption that protects these payments from spies and cyber criminals.

The encryption-breaking power of these quantum computers, while likely still decades away, already has the National Security Agency worried about the United States’ enemies accessing classified secrets.

As we’ve reported in this newsletter, multiple arms of the federal government are trying to find fixes.

The House of Representatives today passed a bill aimed at accelerating the government’s use of encryption algorithms that quantum computers would struggle to break with currently known methods, in part out of fear that an adversary might “steal sensitive encrypted data today using classical computers, and wait until sufficiently powerful quantum systems are available to decrypt it.”

In May, President Joe Biden issued a national security memorandum declaring that a powerful quantum computer would “jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”

Nobody knows for sure if such a quantum computer is five years away, 20 years away or a dream that will never be realized. But the National Institute of Standards and Technology is coordinating efforts to develop new encryption algorithms so that the government will be ready. On July 5, NIST announced the selection of the first four of those algorithms.

“We’re not waiting for something to be broken,” Matthew Scholl, the chief of NIST’s Computer Security Division, told me in an interview a few days before the announcement.

Quantum computers aren’t superior to classical ones in any general sense, but they can (in theory) quickly solve particular types of problems, including breaking large numbers into their prime factors. (It’s a lot easier…

Source…