Tag Archive for: Lessons

Lessons From Clop: Combating Ransomware and Cyber Extortion Events

/in


Lessons from Clop

It’s been one month since the Clop ransomware group began exploiting the MOVEit vulnerability (CVE-2023-34362 (VulnDB ID: 322555) to claim nearly 100 victims across the globe, many of which have come public. This attack comes on the heels of Clop leveraging the GoAnywhere MFT vulnerability (CVE-2023-0669), which led them to claim they’d illegally obtained information for more than 100 companies.

When a ransomware or cyber extortion event occurs, security teams are racing against the clock:

  • What do we know about the cybercriminal group that’s claiming responsibility for an attack or double extortion?
  • Is our organization affected? If so, what is the extent of the breach and its impact on our systems, networks, people, and data?
  • How do we respond to and mitigate the situation?
Flashpoint Ignite’s finished intelligence is readily available to all teams to help mitigate risk across the entire organization.

These questions are of vital importance to organizations across the public and private sectors. And the recent Clop attacks—which affected organizations across the globe in nearly every vertical—are yet another example of why it’s vital to have proactive defense measures in place.

Targeting upstream data providers

First, it’s vital to have a deep understanding of the adversary, such as a RaaS (ransomware-as-a-service) group like Clop. Here are five ways that ransomware groups like Clop attack targets, as well as the threat vectors they seen to exploit:

  1. Supply chain attacks. As illustrated through MOVEit, Clop often targets upstream software vendors or service providers so that it can cast a wide net. A number of the known Clop victims are companies who were attacked via a third-party vendor. Attackers like Clop may exploit vulnerabilities in the communication or data exchange between these companies, or compromise the software or hardware components supplied by third-party providers to inject malicious code or backdoors.
  2. Cloud Service Providers (CSP). If a cloud service provider experiences a security breach, it can potentially impact third parties that utilize their cloud services in several ways. Clop successfully breached a cloud service…

Source…

Lessons Learned from Real-World Incidents

/in


IoT Security Case Studies: Lessons Learned from Real-World Incidents

The Internet of Things (IoT) has rapidly transformed the way we live, work, and communicate, connecting billions of devices worldwide. However, this rapid expansion has also exposed numerous security vulnerabilities, leading to high-profile incidents that have had significant consequences for individuals, businesses, and governments. By examining these IoT security case studies, we can gain valuable insights into the challenges faced and lessons learned from real-world incidents, helping to improve the security of IoT devices and networks in the future.

One of the most well-known IoT security incidents occurred in 2016 when the Mirai botnet was used to launch a massive Distributed Denial of Service (DDoS) attack against the DNS provider Dyn. The attack caused widespread internet outages, affecting major websites such as Twitter, Netflix, and Reddit. The Mirai botnet primarily targeted IoT devices, such as security cameras and routers, exploiting weak default passwords to gain control over them. This incident highlighted the importance of strong, unique passwords for IoT devices and the need for manufacturers to prioritize security in their products.

Another notable IoT security case study involves the St. Jude Medical implantable cardiac devices, which were found to have vulnerabilities that could allow hackers to remotely access and control the devices. In 2017, the US Food and Drug Administration (FDA) issued a recall for these devices, affecting nearly half a million patients. This incident underscores the critical importance of securing IoT devices that directly impact human health and safety, as well as the need for rigorous testing and regulatory oversight in the medical device industry.

In 2018, a casino in North America fell victim to a cyber attack that resulted in the theft of 10 gigabytes of sensitive data. The attackers gained access to the casino’s network through an internet-connected fish tank, which was not properly secured. This incident demonstrates that even seemingly innocuous IoT devices can serve as entry points for cybercriminals, emphasizing the need for comprehensive network security…

Source…

Data Breaches in the Ransomware Era: Lessons Learned

/in


Events
,
Fraud Management & Cybercrime
,
Ransomware

BH Consulting CEO Brian Honan on the Importance of Data Logging and Monitoring

Mathew J. Schwartz (euroinfosec) •
May 4, 2023    

Brian Honan, CEO, BH Consulting

The lack of proper monitoring and logging can make it difficult for companies to effectively address breaches. Many companies do not have logs turned on or do not properly configure them to track and record what is necessary. Without logs, the response to a breach can be significantly slower.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

Monitoring and logging also must consider privacy concerns because personal data could be contained in the logs, said Brian Honan, CEO of BH Consulting. He also stressed the need to comply with the General Data Protection Regulation.

“GDPR has brought data protection to the fore. It also has put more focus on cybersecurity as to how we protect that personal data,” Honan said.

In this video interview with Information Security Media Group at RSA Conference 2023, Honan also discusses:

  • The rise of artificial intelligence and its implications for privacy;

  • Potential consequences of data gathering;

  • Regulations and frameworks related to cybersecurity and personal data protection in the European Union and United States.

Honan is a recognized industry expert on information security, providing consulting services to clients in various industry segments. His work also includes advising various government security agencies…

Source…

5 IoT Security Fails of Smart Devices And Lessons Learned5 IoT Security Fails Of Smart Devices And Lessons Learned

/in


Hackers are already eyeing unprotected IoT devices every user has in their homes. These small components are a default technology that manufacturers put in all sorts of devices — from baby monitors, printers, and pacemakers to smart TVs.

With billions of Internet of Things devices that are globally connected and sharing what is often sensitive user data, we need to talk about IoT Security.

From harmless pranks to life-endangering hacking, vulnerable IoTs can cause quite a stir. What can we learn from IoT hacking incidents that happened in recent years? Why is putting the best security practices for IoT devices so challenging?

Hacking of Amazon’s Ring Cameras

In 2020, several of Amazon’s Ring security systems, which feature a camera and two-way communication, were hacked. A home security camera allowed strangers to communicate with children. Some people even received death and sexual threats, while others were blackmailed.

This security incident might ring a bell if you’re seen the reports of the class action against Amazon in the news.

What happened, exactly?

Hackers broke into the Ring account linked to the camera, exploiting Amazon’s lax security practices. As a response, Amazon urged customers to change their passwords to stronger ones and enable two-factor authentication.

The security lesson that was learned in this IoT hacking case?

Users have an inherent trust in the technology they purchase — they believe that it’s safe and that it’s not their job to secure it. Pinning the cyber incident on them and failing to improve the security measures is a poor way of handling a security problem.

Roomba Recording Woman On the Toilet

In 2020, workers from Venezuela posted a series of images shot by a robot vacuum, Roomba — raising major data privacy concerns. One of the images captured a woman sitting on a toilet.

This was possible because the data uploaded in the cloud via the IoT device was not secured enough.

Roomba confirmed that the images were, in fact, shared by the robot vacuum. Also, it claims that the images stem from the training of the robot in the development stages and that this version is not the one available on the…

Source…