Tag Archive for: inevitable

Ransomware: recovering from the inevitable

/in


For business leaders, the threat of ransomware is by no means new.

The warning to beware of phishing emails and avoid following suspicious links, for example, is a familiar one. But with tools such as ChatGPT now able to accurately replicate human conversation, distinguishing fake emails from real ones is becoming more challenging. Can organisations really risk the security of their systems by depending on their employees to spot the signs of content written by AI that even industry experts fail to notice?

As the cybercrime landscape advances, moving out of the enterprise realm into areas like critical infrastructure and healthcare, many find that their existing cybersecurity measures aren’t sufficient to keep bad actors at bay. So how can businesses ensure that they are adequately prepared to respond to ever-evolving, ever-advancing cyber threats?

The inevitability of an attack

The first step to adequate preparation is the acknowledgement that an attack is unavoidable. With 71% of organisations globally falling victim to some form of ransomware attack in 2022, we are now in the world of not if, or when, but how often will a business experience a ransomware incursion. Businesses that deny the inevitability of an attack will not only be more exposed, but slower to recover when one does strike. Speed of recovery is crucial as the longer systems are down, the more severe the financial and reputational damage will be.

The cyber defence process should therefore be focused on threat prevention, remediation and regaining operability as quickly as possible. Only when businesses can execute their response and recovery strategies as soon as it becomes clear an attack has struck will they be able to minimise damage.

Designing for recovery

There’s no doubt that businesses’ cybersecurity teams are under an immense amount of pressure in the battle against ransomware but they can only go so far alone. There must be an awareness that it simply can’t be stopped at the source, and that defending against ransomware takes a combination of people, processes and technology.

The digital world can appear complex – especially in the case of large enterprise structures – so it can be…

Source…

6 historical threat patterns suggest that cyberwar could be inevitable

/in


We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Predicting cyberthreats has been an elusive goal. Unlike in healthcare, where early diagnostics can be used to predict and hopefully prevent disease, cybersecurity has never had a reliable means for determining that an attack is coming. This is especially true for isolated cyberbreaches, such as data theft, which are often decided on a whim. 

That said, it’s been noticed by this author recently that certain historical patterns do exist that can be used to predict large-scale cyberthreats. Sadly, as will be shown below, analysis and extrapolation of the patterns suggest an uncomfortable progression toward a major global cyberwar. Let’s go through the relevant patterns.

Threat pattern 1: Worms

In 1988, the first worm was created by a student with the innocent goal of determining whether such a program might work. This was followed by a long period of minimal worm activity, only to be broken in 2003 by a major rash of worms such as Slammer, Blaster and Nachi. These worms caused significant disruption to major business operations.

The pattern here was that an initial small-scale attack occurred in 1988, followed by 15 years of relative quiet, which ended with a significant large-scale attack in 2003. Worms still represent a cyberthreat, but not much change has occurred in their design since 2003. Worms are now in a period of relative quiet once again.

Threat pattern 2: Botnets

In 1999, the first botnet appeared, followed by a similar attack in March of 2000. This was followed by a period of relative quiet in terms of DDoS attack design innovation. Attack volumes, for example, remained relatively constant until 13 years later when Iranian hackers launched a series of massive layer 3/7 DDoS attacks at US banks

Again, the pattern was that an initial small-scale attack occurred in 1999, followed by 13 years of quiet, which ended with a large-scale event in 2012. Like worms, botnets are also still a security problem, but they have not experienced much…

Source…

Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable

/in


780th Military Intelligence Brigade

Military units like the 780th Military Intelligence Brigade shown here are just one component of U.S. national cyber defense. Credit: Fort George G. Meade

Takeaways:

  • There are no easy solutions to shoring up U.S. national cyber defenses.
  • Software supply chains and private sector infrastructure companies are vulnerable to hackers.
  • Many U.S. companies outsource software development because of a talent shortage, and some of that outsourcing goes to companies in Eastern Europe that are vulnerable to Russian operatives.
  • U.S. national cyber defense is split between the Department of Defense and the Department of Homeland Security, which leaves gaps in authority.

The ransomware attack on Colonial Pipeline on May 7, 2021, exemplifies the huge challenges the U.S. faces in shoring up its cyber defenses. The private company, which controls a significant component of the U.S. energy infrastructure and supplies nearly half of the East Coast’s liquid fuels, was vulnerable to an all-too-common type of cyber attack. The FBI has attributed the attack to a Russian cybercrime gang. It would be difficult for the government to mandate better security at private companies, and the government is unable to provide that security for the private sector.

Similarly, the SolarWinds hack, one of the most devastating cyber attacks in history, which came to light in December 2020, exposed vulnerabilities in global software supply chains that affect government and private sector computer systems. It was a major breach of national security that revealed gaps in U.S. cyber defenses.

These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, blurred lines between organized crime and international espionage, and a national shortfall in software and cybersecurity skills. None of these gaps is easily bridged, but the scope and impact of the SolarWinds attack show how critical controlling these gaps is to U.S. national security.

The SolarWinds breach, likely carried out by a group affiliated with Russia’s FSB security service, compromised the software development supply chain used by SolarWinds to update 18,000 users of its Orion network…

Source…

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem — GCN

/in


10 ways to recharge cybersecurity ops centers

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem

  • By Terry Thompson
  • May 11, 2021

The ransomware attack on Colonial Pipeline on May 7, 2021, exemplifies the huge challenges the U.S. faces in shoring up its cyber defenses. The private company, which controls a significant component of the U.S. energy infrastructure and supplies nearly half of the East Coast’s liquid fuels, was vulnerable to an all-too-common type of cyber attack. The FBI has attributed the attack to a Russian cybercrime gang. It would be difficult for the government to mandate better security at private companies, and the government is unable to provide that security for the private sector.

Similarly, the SolarWinds hack, one of the most devastating cyber attacks in history, which came to light in December 2020, exposed vulnerabilities in global software supply chains that affect government and private sector computer systems. It was a major breach of national security that revealed gaps in U.S. cyber defenses.

These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, blurred lines between organized crime and international espionage, and a national shortfall in software and cybersecurity skills. None of these gaps is easily bridged, but the scope and impact of the SolarWinds attack show how critical controlling these gaps is to U.S. national security.

The SolarWinds breach, likely carried out by a group affiliated with Russia’s FSB security service, compromised the software development supply chain used by SolarWinds to update 18,000 users of its Orion network management product. SolarWinds sells software that organizations use to manage their computer networks. The hack, which allegedly began in early 2020, was discovered only in December when cybersecurity company FireEye revealed that it had been hit by the malware. More worrisome, this may have been part of a broader attack on government…

Source…