Tag Archive for: Prevent

Essential steps to prevent a ransomware attack

/in


While preventing ransomware may sound like a fairly routine exercise for IT professionals with the right infrastructure and resources, the reality is that many businesses still fall victim to sophisticated cyber attacks. Recent statistics point to a 70% increase in ransomware attacks on UK businesses, with the UK proving to be the second most targeted region for cybercrime.

In addition, the evolving digital landscape necessitates innovative ways of building resilience and for businesses to expect the unexpected in uncharted territory.

Ransomware is still a thorn in the side of UK institutions and businesses

The premise of ransomware remains much the same as it always has: with malware encrypting files and data and grinding operations to a halt, followed by demands of (often extortionate) ransom payments in exchange for a decryption key. The coordinated Conti and Ryuk ransomware attacks affected 149 British victims and — across hospitals, schools, councils and businesses — extorted about £27 million. This resulted in sanctions on seven Russian nationals courtesy of concerted action against international cybercriminals.

Notable recent attacks have included the Greater Manchester police force, Royal Mail and The Guardian. If these established institutions and companies can fall victim to this highly intricate and malicious form of cybercrime it’s clear that more needs to be done to protect against it. Businesses must invest in more robust defence strategies and make suitable preparations. Not only should this be in relation to the containment and isolation of threats, but also in terms of their disaster recovery efforts and long term preservation of their reputation.

The growing ransomware landscape has made many business leaders question whether paying a cybercriminal’s ransom is the most effective way to minimise harm. This prompted the release of an in-depth financial sanctions and ransomware whitepaper from the UK government, vehemently advising against such a move. Proactive prevention is far more effective than a reactionary response.

5 Steps to developing a strong ransomware prevention strategy

The five steps outlined below should form a loose…

Source…

How to Learn From Coldfusion Attack to Prevent Ransomware?

/in


Credential compromise is a common way for attackers to get into systems and move around in compromised environments. Limiting their maneuverability can make things much harder for them.

Fremont, CA: Ransomware attacks on servers underscore the need for security. EDR software blocks the attacker’s attempts to install their payload because of vulnerabilities in unsupported ColdFusion Server software. To that end, security teams should:

Perform Continuous Backups: The best way to protect against data breaches is to back it up. It’s imperative in the case of ransomware attacks since it allows you to restore your system without paying a ransom.

Prepare An Incident Response Plan: To deal with ransomware attacks and digital disruptions, organizations need an effective incident response plan. It requires planning, practice, and testing.

Assess The Security Team: Companies without dedicated cybersecurity professionals should consider third-party cybersecurity service providers (MSSPs) for enhanced ransomware protection.

Cyber Insurance: The insurance company and broker assess the security readiness of the organization, so a cyber-insurance policy can reduce the financial impact.

Identify And Reduce Exposure: Organizations can reduce their exposure and minimize risk by identifying and inventorying every asset through patch applications, configuration management, and network segmentation.

Prepare For Double Extortion: The double extortion attack involves ransomware attackers demanding a ransom so that their data remains unencrypted. A sound data security policy involves more than just backups and reducing data exfiltration.

Stay Up-To-Date With Software: The ColdFusion Server attack highlighted the importance of patching software, exploiting vulnerabilities in unsupported versions, and emphasizing the need for end-of-life software updates.

Monitor Server Activity: Server traffic and behavior are crucial thanks to high access levels and tons of applications and networks. Attackers can get deeper access through command-line interfaces, so monitoring is vital.

Consider Endpoint Detection and Response (Edr): When the endpoint detection and response software is effective, it…

Source…

CrowdStrike CEO says AI can help prevent ransomware attacks

/in


  • CrowdStrike CEO George Kurtz told CNBC’s Jim Cramer why AI can help companies fight against cybercrime.
  • “We can identify these pieces of ransomware without ever seeing them in the past. And that’s different than signature-based technologies that are out there today,” Kurtz said.

CrowdStrike CEO George Kurtz told CNBC’s Jim Cramer that using artificial intelligence is important in fighting increasingly sophisticated ransomware attacks.

“We can identify these pieces of ransomware without ever seeing them in the past. And that’s different than signature-based technologies that are out there today,” Kurtz said. “Right now, ransomware, on average is, $8.5 million per ransom event, which is double just over the last month.”

But as much as AI helps outfits like CrowdStrike, cybercriminals are also benefitting from it with “Dark AI” tools like FraudGPT. The new technology allows them to attack organizations without having a lot of knowledge in house, Kurtz said.

Kurtz stressed the importance of identity verification when it comes to preventing cybercrime, saying the biggest weakness is “between the keyboard and the chair,” or individuals. He said CrowdStrike’s technology gives extra identity challenges to adversaries, even if credentials have already been compromised, buying more time to stop them.

Publicly-traded companies are reassessing their cybersecurity measures since the Securities and Exchange Commission adopted new rules that require them to disclose breaches within four days. Kurtz said this has created more business for CrowdStrike.

“Those are tailwinds that we see in the business, and it’s something that every publicly traded company is going to have to deal with,” he said.

Jim Cramer’s Guide to Investing

Source…

5 cyber hygiene strategies to help prevent cyber attacks

/in


The world of cybersecurity is constantly inundated with news on the latest data breaches, cybercriminal attack trends, and security measures. And while that information is critical for adapting to the ever-changing nature of cybercrime, it’s also important to pay attention to foundational measures as well. Basic security hygiene still protects against 98% of attacks.

As companies become increasingly reliant on technology and online systems to conduct their business, meeting the minimum standards for cyber hygiene is essential for protecting against cyber threats, minimizing risk, and ensuring ongoing business viability.

Read on to learn what these standards are and how you can begin implementing them in your organization.

Increase your cyber hygiene in 5 steps

  1. Require phishing-resistant MFA: Enabling multifactor authentication (MFA) can help prevent up to 99.9% of attacks. This is because MFA helps disrupt potential phishing attacks by requiring attacks to crack more than two factors of verification in order to gain access to your system.

However, in order for MFA to be effective, it must be frictionless. Options like device biometrics or FIDO2 compliant factors such as Feitan or Yubico security keys can help increase security without placing an additional burden on employees. Likewise, MFA should be strategically leveraged to help protect sensitive data and critical systems rather than applying it to every single interaction.

Finally, MFA should be easy for end users. Conditional access policies are a great solution here, as they can trigger two-step verification based on risk detections, as well as pass-through authentication and single sign on (SSO). This helps reduce the need for end users to navigate multiple sign-on sequences to access non-critical file shares or calendars on the corporate network as long as their devices are updated. It also eliminates the need for 90-day password resets.

  1. Apply Zero Trust principles: Zero Trust acts as a proactive, integrated approach to security across all layers of the digital estate. Under the Zero Trust model, every transaction is explicitly and continuously verified; least-privilege access is enforced; and intelligence,…

Source…