What can be done to halt to growth of ransomware? (Includes interview) – Digital Journal
What can be done to halt to growth of ransomware? (Includes interview) Digital Journal
Tag Archive for: Includes
The SolarWinds Body Count Now Includes NASA and the FAA
Some blasts from the past surfaced this week, including revelations that a Russia-linked hacking group has repeatedly targeted the US electrical grid, along with oil and gas utilities and other industrial firms. Notably, the group has ties to the notorious industrial-control GRU hacking group Sandworm. Meanwhile, researchers revealed evidence this week that an elite NSA hacking tool for Microsoft Windows, known as EpMe, fell into the hands of Chinese hackers in 2014, years before that same tool then leaked in the notorious Shadow Brokers dump of NSA tools.
WIRED got an inside look at how the video game hacker Empress has become so powerful and skilled at cracking the digital rights management software that lets video game makers, ebook publishers, and others control the content you buy from them. And the increasingly popular, but still invite-only, audio-based social media platform Clubhouse continues to struggle with security and privacy missteps.
If you want something relaxing to take your mind off all of this complicated and concerning news, though, check out the new generation of Opte, an art piece that depicts the evolution and growth of the internet from 1997 to today.
And there’s more. Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
In addition to infiltrating the unclassified networks of seven other US government agencies, the suspected Russian hackers who compromised the IT services firm SolarWinds as a jumping off point also penetrated NASA and the Federal Aviation Administration. Researchers and officials testified before the Senate Intelligence Committee on Tuesday about the scope and scale of the attack. The Washington Post reported ahead of the hearing that the Biden administration is preparing sanction against Russia related to the SolarWinds espionage operation and other recent incidents of aggression. The seven other breached agencies are the Departments of Commerce, Homeland Security, Energy, and State, the US Treasury, the National Institutes of Health, and the Justice Department. The White House said earlier this month that hackers also compromised 100 companies in the spree….
Twitter hack caused by stolen VPN credentials (Includes interview)
Employees were fooled by the hackers constructing the site to look exactly like the VPN login page. As a result of the hack, many high-profile Twitter accounts were compromised. According to TechRadar, the hack made headlines all over the world, with the accounts of high-profile Twitter users – including Barack Obama and Elon Musk – compromised.
Commenting on the hacking event forDigital Journal is Mark Riemer, Field CTO of Pulse Secure.
According to Riemer, the heart of the matter are virtual private networks (VPNs). These are a series of virtual connections routed over the Internet and which function to encrypt data as it travels back and forth between theclient machine and the Internet resources you’re using, such as web servers.
With this, Riemer says: “While VPNs have been used as a secure access method for many years, they are rapidly evolving to stay ahead of the attack curve. The latest Twitter hack emphasizes the need for a comprehensive remote secure access approach founded on the concept of Zero Trust.”
By Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters. There are different models and approaches for achieving this.
In terms of how the hack happened, Riemer says: “Cybercriminals tricked Twitter employees into handing over their account details by creating a site that mirrored their VPN login page and even went as far as to call staff members, claiming to be from Twitter’s IT department.”
In terms of what needs to be done, theanalyst says: “To prevent someone from logging into a VPN using stolen or compromised credentials, it is imperative that organizations remove any implicit trust and establish context-based access permissions. These are two of the driving principles of Zero Trust, which allows organizations to ensure continuous, contextual security by verifying and re-verifying users to ensure they are who they truly say they are and prevent outsiders from obtaining unauthorized access to the network.”
Riemer concludes: “The Zero Trust principle dictates that no connectivity is allowed until a user is authenticated, their endpoint is validated, and…
CISA advisory examines LokiBot malware threat (Includes interview)
The reason why this type of threat presents a cause of alarm is because LokiBot is one of today’s most dangerous and widespread malware strains. The malicious code has appeared as threat to industry and government since July 2020.
The malware works by infecting computers and then it porceeds to activate built-in capabilities that are dersigned to search for locally installed apps. Exploiting these, the malicious code then extracts credentials from their internal databases, giving the personal information to the groups who control the malware.
The malware is a form of information stealer code that functions to collect data from most widely used web browsers, File Transfer Protocol (FTP), email clients plus over a hundred software tools installed on the infected machine. The code was developed somewhere within Eastern Europe.
In addition, LokiBot functions as a backdoor risk, allowing hackers to run other pieces of malware on infected hosts, and potentially escalate attacks.
Looking at the issue for Digital Journal is Mark Bagley, VP of Product at AttackIQ.
Bagley explains the seriousness of the issue: “Cyberattacks have been evolving and growing at an alarming rate in the recent past, sparing no industry from disruption. The increase of LokiBot malware incidents shines a light on why organizations should take a proactive approach to testing and validating their security controls.”
In terms of the consequence of this and the deeper implications for businesses, Bagley: “Understanding common adversary tactics, techniques, and procedures, as outlined by the MITRE ATT&CK framework, allows organizations to protect what matters most to them, their ability to operate.”
He concludes by saying: “Doing this on an automated, ongoing basis is crucial to informing an organization’s defenders about the state of the security program, as well as supporting the goal of continuous improvement.”