Tag Archive for: Response

Veeam’s New ‘Cyber Secure Program’ Teams Tech with Ransomware Response Experts — Virtualization Review

/in


News

Veeam’s New ‘Cyber Secure Program’ Teams Tech with Ransomware Response Experts

Along with purpose-built technology to combat ransomware, Veeam Software’s new Cyber Secure Program also offers up a team of experts to help organizations wield that tech to fight threat actors.

“When there is an attack, customers are connected with Veeam’s dedicated Ransomware Response Team and the program offers post-incident support to enable rapid recovery,” said the specialist in data protection and ransomware recovery.

The three-pronged approach of Veeam Cyber Secure includes the expert help for secure design and implementation along with ransomware recovery support backed up by a recovery warranty for help in all three phases of an attack: pre-incident, during incident and post-incident.

The teams of experts include a dedicated support account manager and “Ransomware SWAT Team” to help with immediate action in case of a cyber incident

The new offering comes in the wake of the company’s 2024 Data Protection Report that revealed ransomware is still plaguing IT as the No 1. cause of server outages.


Causes of Outages
[Click on image for larger view.] Causes of Outages (source: Veeam).

“Consider the past 12 months: 76 percent of organizations have been attacked at least once, with 26 percent reporting being attacked at least four times and only 13 percent believe they can recover successfully after an attack,” Veeam said. “It’s clear that organizations need a comprehensive cyber protection and support program, ultimately ensuring they are well-prepared when cyberattacks occur.”

A Jan. 31 news release further fleshed out the new program’s three key components.

  • Confident Security: Attentive and dedicated design and implementation assistance to ensure Veeam best practices in securely implementing Veeam solutions to the highest security standards. Customers receive advanced seven-phase onboarding support and rigorous quarterly security…

Source…

Hackers hit Moscow internet provider in response to Kyivstar cyber attack, ET Telecom

/in



<p>cyberattacks </p>
cyberattacks

By James Pearson and Tom Balmforth

LONDON: Hackers linked to Ukraine’s main spy agency have breached computer systems at a Moscow-based internet provider in retaliation for a Russian cyber attack against Ukrainian telecom giant Kyivstar, a source with direct knowledge of the operation told Reuters on Tuesday.

The hacking group, dubbed “Blackjack”, has previously been linked to the Security Service of Ukraine (SBU). The hackers deleted 20 terrabytes of data at M9 Telecom, a small Russian internet and TV provider, leaving some Moscow residents without internet, the source said.

The digital intrusion was a warm-up for a larger cyber attack which would be “serious revenge for Kyivstar”, the source said, citing the hackers. The source did not say when the hack took place.

M9 Telecom did not respond to an emailed request for comment. The company’s website was still online on Tuesday, despite claims by the hacking group that it had been destroyed.

Reuters was unable to independently verify the extent to which the hack was successful. Reached by phone, M9 Telecom’s CEO Andrey Pavolvsky declined to comment.

Kyivstar, Ukraine’s largest mobile network operator, was knocked offline by Russian spies last month in what appeared to be the largest cyber attack since Moscow launched its war on the country in February 2022.

Russian hackers were inside Kyivstar’s systems for months before the attack, Ukraine’s cyber spy chief, Illia Vitiuk, told Reuters last week. The hack caused “disastrous” destruction at the company, he said.

Separately, Ukraine’s military intelligence agency, the GUR, said late on Monday that it had received a large cache of classified Russian military data from the Special Technology Centre (STC), a sanctioned Russian company which produces the Orlan drone and a range of intelligence equipment for Moscow.

Source…

CISA’s response to Iran hacking control systems in US critical infrastructures is inadequate

/in


Iran is in an undeclared war, including cyber war, against the U.S. and our critical infrastructures. Dec. 1, 2023, CISA, FBI, EPA, NSA and the Israel National Cyber Directorate (INCD) issued the following alert: “IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities.”

The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is a nation-state with associated capabilities, not just some hackers who support a cause. The picture of the hack of Full Pint Brewery should remove all doubt that Iran is directly behind state-sponsored hacking of U.S. critical infrastructures. The Unitronics incidents are cyberattacks on control systems, in this case PLCs, not IP networks or equipment. PLCs are used for operation, not to hold customer information. Because IRGC got to the PLC, they can compromise the near- or long-term operation of any targeted system.
Iran has PLCs (think about Stuxnet as that was an attack against Siemens PLCs) in their nuclear, manufacturing and oil/gas industries and is familiar with the operation of PLCs. The Nov. 25 IRGC cyberattack of the Municipal Water Authority of Aliquippa brings several interesting wrinkles to cyber war. The IRGC targeted the control system equipment, in this case Israeli-made Unitronics PLCs, not the end-users such as Aliquippa or Full Pint. Consequently, this is a nation-state supply chain attack against U.S. critical infrastructure, not any single end-user or sector.

However, this supply chain attack is not the usual software compromise that can be addressed by a Software Bill of Materials, but design weaknesses in control systems that are not unique to Unitronics. Recall, Stuxnet compromised Siemens PLCs to cause damage to the centrifuges and Triconix controllers were compromised by the Russians in an attempt to blow up a Saudi Arabian petrochemical plant. It is evident the Dec. 1 alert does not address PLC-unique issues identified from the Unitronics incidents or other previous PLC attacks. 

Unitronics

Unitronics is a control system/automation supplier. From the Unitronics website, the company was founded in 1989 with installations in automated parking systems,…

Source…

Dallas delays release of report that reviews ransomware response

/in


An internal report reviewing Dallas’ response to a ransomware attack that was planned to be published Wednesday could now have its public release delayed up to two weeks, city officials say.

The hold up could mean further delaying clarity to the public on how the cyberattack happened and what steps the city took to safeguard residents’ personal information since then.

A full after-action report was scheduled to be released to the public after a briefing on the review’s findings by information technology officials to the City Council on Wednesday, but the briefing was postponed because it was past 8 p.m. by the time the presentation was set to be heard. The City Council meeting started around 9:30 a.m., and the bulk of it was spent discussing amendments to the upcoming budget.

Political Points

Get the latest politics news from North Texas and beyond.

“In the interest of time tonight, we’re going to recommend that we postpone the briefing (letter) C, the ransomware update, until our next briefing day, as well as the executive session that may have been associated with it,” City Manager T.C. Broadnax told the City Council around 8:20 p.m. Wednesday. The elected officials approved delaying the presentation to their next briefing meeting, which is scheduled for Sept. 20.

Catherine Cuellar, the city’s communications director, confirmed Thursday that the report’s release will be delayed as well. A news conference with Chief Information Officer Bill Zielinski and Chief Security Officer Brian Gardner — top officials in the city’s IT department — about the ransomware attack was scheduled for 2 p.m. Thursday. It was canceled four hours after it was announced Wednesday when the council presentation was postponed.

It would have been the first news conference held by the city discussing the ransomware attack since the data breach was announced on May 3.

Hackers accessed some of the most sensitive information stored by the city, including medical information, health insurance information and Social Security numbers of Dallas employees, retirees and their relatives. The personal information of…

Source…