Tag Archive for: RSAC

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

/in


By Byron V. Acohido

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts.

Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Meanwhile, Russia has turned to weaponing ransomware in its attempt to conquer Ukraine, redoubling this threat. Now that RSA Conference 2023 has wrapped, these things seem clear: ransomware is here to stay; it is not, at this moment, being adequately mitigated; and a new approach is needed to slow, and effectively put a stop to, ransomware.

I had the chance to visit with Steve Hahn, EVP Americas, at Bullwall, which is in the vanguard of security vendors advancing ways to instantly contain threat actors who manage to slip inside an organization’s network.

Guest expert: Steve Hahn, EVP Americas, Bullwall

Bullwall has a bird’s eye view of Russia’s ongoing deployment of ransomware attacks against Ukraine, and its allies, especially the U.S.

Weaponized ransomware doubly benefits Russia: it’s lucrative, generating  billions in revenue and thus adding to Putin’s war chest; and at the same time it also weakens a wide breadth of infrastructure of Putin’s adversaries across Europe and North America.

Containment is a logical tactic that could make a big difference in stopping ransomware and other types of attacks. For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

May 20th, 2023

 

Source…

RSAC speaker offers ransomware victims unconventional advice

/in


An RSA Conference speaker argued that despite the stigma associated with paying ransomware gangs, it’s sometimes better to negotiate with terrorists.

In his session at the 2023 RSA Conference on Monday, Brandon Clark, CEO of Triton Tech Consulting in Denver, proposed a ransomware response process that works to squeeze out emotive instincts that are often tangled in the decision-making.

“It is absolutely critical that you do take as much of the emotion out of this as possible by looking at some of this ahead of time,” said Clark during the session, titled “Negotiating with Terrorists: The High Stakes Game of Ransomware Response.”

Clark suggested that ransomware victims often make detrimental decisions based upon emotional and moral instincts. He prefaced his response plan with a reference to the 1973 hostage crisis at the Saudi Arabian Embassy.

In that incident, three Western diplomats among 10 others were taken hostage at the embassy by the Black September group. Former President Richard Nixon refused to negotiate with the terrorists and publicly announced the U.S. would not pay the demanded ransom. The terrorists later killed the Western hostages while the remaining hostages were released and returned to their home in Sudan, which had negotiated with the group.

Clark related this piece of history to the life-threatening events that follow a ransomware attack on a hospital or an air traffic controller or other critical infrastructure targets. He stated that aversion to negotiate with terrorists was a polarizing mindset, “entrenched in our mental framework,” that has induced poor decision-making.

“If I’m not able to understand a patient’s history, if I can’t see what their allergic to and they’re given medication that sends them into anaphylactic shock, I would argue that’s probably worse and more evil than me paying $50,000 to get our systems back and running,” said Clark.

There’s also a financial component to the equation. Clark used the 2018 ransomware attack on the city of Atlanta as “a great example of what not to do,” because the city government refused to pay a $50,000 ransom and ended up paying more than $3 million in remediation and recovery costs.

“It doesn’t…

Source…

Phosphorus Showcases Game-Changing Enterprise xIoT Security Management Platform at RSAC 2023

/in


Phosphorus Cybersecurity Inc.

Phosphorus Cybersecurity Inc.

The world leader in xIoT breach prevention is also unveiling the industry’s first Intelligent Active Discovery (IAD) solution that safely and accurately discovers and assesses all IoT, OT, IoMT, and IIoT devices.

NASHVILLE, Tenn., April 11, 2023 (GLOBE NEWSWIRE) — Phosphorus, the leading provider of proactive and full-scope breach prevention for the xTended Internet of Things (xIoT), is bringing cyber-physical security innovation to RSAC 2023 with its groundbreaking Enterprise xIoT Security Management Platform and the industry’s first and only Intelligent Active Discovery (IAD) solution for IoT, OT, IoMT, and IIoT devices. Phosphorus is also a proud supporting sponsor of IoT Village in the RSAC Sandbox and will be hosting several interactive hacking and security demonstrations of vulnerable xIoT devices throughout the conference.

After more than six years of research spanning millions of production devices, Phosphorus has determined that 68% of xIoT devices have high-risk or critical CVEs, device firmware is on average six years old, and password compliance is at a dismal 1%. These problems are exacerbated by the lack of effective industry solutions, as traditional tools and approaches developed for IT systems are unable to directly communicate with xIoT devices in order to safely and effectively discover, assess, and remediate them. Most also cannot provide continuous drift monitoring and detection and response capabilities.

This is one of the reasons why Phosphorus has found that 80% of corporate security teams cannot identify the majority of their xIoT devices – let alone secure them.

xIoT is an enormous attack surface that grows bigger every year and these risks are not properly addressed with traditional security solutions, which are IT-centric and lack the capability to safely and effectively interact with xIoT devices,” said John Vecchi, Chief Marketing Officer of Phosphorus. “Attackers are constantly evolving their tactics and Cyber-Physical Systems are the next big target. Enterprises and organizations are now clamoring for best-of-breed, prevention-based platforms that can accurately and safely discover, assess, remediate, monitor,…

Source…

Webcast: Making Security Simpler

/in