Tag Archive for: spotlight

Threat Spotlight: Triple Extortion Ransomware

/in


Executive Overview

Threat actors have escalated the single extortion ransomware attack model to double and even triple extortion. 

With the commodification of cybercrime, adversaries have significantly increased the sophistication levels of their operations, and therefore also the potential devastating impacts of a ransomware attack. 

Flare Director of Marketing Eric Clay and CTO & Co-Founder Mathieu Lavoie discussed the latest trends in ransomware attacks including: double/triple extortion, different types of ransomware, methods for stealing sensitive data, and more.

Check out our full webinar recording, Triple Extortion Ransomware & Dark Web File Dumps, and/or keep reading for the highlights.

Commodification of Ransomware Groups

Ransomware groups are becoming more like companies, such as with:

  • mission-oriented approaches
  • recruitment practices to seek new hires
  • specialization

The Karakurt group, after operating privately for a year, has recently published a recruitment post to attract new members. They pride themselves on their mission to hold companies accountable for existing vulnerabilities in their cybersecurity and for the negligence of their IT staff. These groups can be driven by both financial and political motives, often influenced by the shifting landscape of geopolitics.

In general, there are two distinct types of specialization within such groups. Similar to a company with various departments, a group can have internal specialization. For instance, within a ransomware group, some members might excel in negotiating the ransom, while others primarily focus on developing malware. Another form of specialization involves individual groups having their own areas of expertise, akin to specialized agencies within a larger company. One group might concentrate on distributing ransomware, collaborating with another group that specializes in extortion.

This organized and specialized collaboration among groups can lead to more intricate and scalable operations compared to individual threat actors.

Changes in Ransomware Groups

Ransomware groups are constantly changing their tactics, techniques, and procedures (TTPs) to optimize their strategy. One alarming trend that we’ve…

Source…

ZeroFox Puts Spotlight on Exec

/in


WASHINGTON, Jan. 18, 2023 (GLOBE NEWSWIRE) — ZeroFox ( ZFOX), a leading external cybersecurity provider, will participate in a webinar through the SANS Institute about the importance of executive protection on Jan. 24, 2023 at 1 p.m. EST. AJ Nash, ZeroFox’s VP & Distinguished Fellow of Intelligence, will speak alongside Jeff Daisley, Senior Security Intelligence Engineer at Comcast and former lead analyst at the U.S. Secret Service. The webinar is free to attend and will address the growing external attack surface and threats to high profile individuals; the benefits of an executive protection program; and best practices to create an effective executive protection strategy.

Targeted cyberattacks on executives are on the rise, and exposed PII for sale puts executives and organizations at an increased risk of spear phishing, ransomware, and social engineering. The cost of not taking executive protection seriously can be detrimental to a company’s bottom line.

“Each year, more company executives’ and employees’ personal data is exposed and marketed for sale by third parties in publicly searchable databases,” said AJ Nash, VP & Distinguished Fellow of Intelligence at ZeroFox. “In a world where the pool of security professionals is shrinking while the external attack surface is expanding, it’s never been more important – or more challenging – to protect leaders from external threats. As corporate security teams build effective executive protection strategies, ZeroFox is increasingly included because we reduce their workload through ongoing monitoring and automated removal of executive PII, account takeovers, impersonations, and physical threats.”

To register for the SANS webinar with ZeroFox and Comcast and learn why protecting people should be a pillar of any strong cybersecurity strategy, visit SANS.org.

About ZeroFox
ZeroFox ( ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a…

Source…

Spotlight on CRED: Benchmarking security with a BSIMM assessment

/in


CRED, a fintech company and BSIMM member since early 2022, underwent a BSIMM assessment to benchmark their security processes.

CRED, launched in 2018, provides financial services and lifestyle features, and has been a member of the BSIMM community since early 2022. CRED provides a wide variety of product offerings from lifestyle to personal finance. It has a strong ethos of upholding and meeting client’s demands, and the #SecurityFirst culture at CRED has been ingrained into its culture from its start.

The challenge

The security team at CRED strongly believes in building a great team of engineers and in the importance of establishing a strong information security presence. The team is involved in research and development of CRED’s ever-growing security ecosystem. CRED’s security culture includes:
Advanced learning sessions: Each week, team members conduct research into emerging security flaws and lead educational sessions for the security team. These sessions include a deep dive into new security vulnerabilities, how they can be exploited, their mitigations, and a capture-the-flag challenge for team members to fully understand the vulnerability.

  • Threat modeling: For each new feature or product release, CRED’s security team conducts a security threat modeling exercise to identify potential design flaws, edge cases, data flows, and architecture choices, all of which could result in certain risks to the company.
  • Security Bugbash: This gamified exercise is performed once a quarter to look for new vulnerabilities or threats in the CRED application. This introduces fresh perspectives, inventive exploitation scenarios, and approaches that aid in the team’s search for bugs and security flaws.
  • Capture-the-flag competition: Hackception is a company-wide information security competition hosted by the security team. Participating in Hackception helps developers think creatively about how to exploit software, and how to code securely.
  • Security hackathon: During this event, the team brainstorms new automation that can reduce recurring manual efforts and identifies projects that could improve the team’s security maturity. This practice drastically reduces manual effort in security…

Source…

Security under spotlight after British MP stabbed to death

/in


posted October 16, 2021 at 08:30 pm

by 
AFP

The fatal stabbing of British lawmaker David Amess was a terrorist incident, police said Saturday, as MPs pressed for tougher security in the wake of the second killing of a UK politician while meeting constituents in just over five years.

Security under spotlight after British MP stabbed to death

Veteran Conservative MP David Amess, 69, was talking with voters at a church in the small town of Leigh-on-Sea east of London when he was stabbed to death on Friday.

Police said they arrested a 25-year-old suspect and were investigating “a potential motivation linked to Islamist extremism.”

Police have said the investigation is in the “very early stages,” though multiple UK media outlets, citing sources, reported that the suspect was believed to be a British national with Somali heritage.

Britain’s politicians were stunned by the highly public attack, which recalled the murder of a pro-EU lawmaker ahead of the Brexit referendum.

In June 2016, Labour MP Jo Cox was killed by a far-right extremist, prompting demands for action against what lawmakers said was “a rising tide” of public abuse and threats against elected representatives.

Cox’s sister Kim Leadbeater, who became an MP in the same constituency this year, said Amess’ death had left her “scared and frightened.”

“This is the risk we are all taking and so many MPs will be scared by this,” she added.

Home Secretary Priti Patel on Friday ordered police across the country to review security arrangements for all 650 MPs.

House of Commons Speaker Lindsay Hoyle promised no “knee-jerk reactions” but told Sky News: “We will take further measures if we need to”.

Labour MP Chris Bryant wrote in The Guardian that “sensible measures” were needed both in parliament, which is typically heavily guarded, and in constituencies, where MPs often hold meetings in locations such as church halls and high-street offices.

“We don’t want…

Source…