Shields Up

As the Russian invasion of Ukraine unfolds, experts are urging American businesses to double down on their cybersecurity protocols. 

In mid-February, the Cybersecurity and Infrastructure Security Agency issued an advisory to U.S. organizations to put their “shields up” as tensions between Russia and Ukraine escalate. The shields up initiative encourages organizations of all sizes to take steps to reduce their chances of a cyberattack and ensure that they’re prepared in the case of a breach. The recommendations include assessing unusual behavior, assembling a crisis-response team, and shoring up vulnerabilities that might exist in your network. 

“T]he reason why there are these bulletins coming out, especially directed at small and medium-sized businesses, is that we have learned the hard way about the fragility of the global supply chain,” says Theresa Payton, a former White House Chief Information Officer under George W. Bush.

https://www.inc.com/melissa-angell/cybersecurity-etiquette-russia-ukraine-cyber-attacks-breach-safety.html

Three Takeaways For Business Leaders From The Front Lines Of A Cyberattack

Three Takeaways For Business Leaders From The Front Lines Of A Cyberattack

Mickey Bresman
Forbes Councils Member
Forbes Business Council

Co-founder of Semperis. Leads the company’s overall strategic vision and implementation.

“Since its inception in 2014, my team has been on the front lines many times, helping companies combat cyberattacks that target identity systems such as Microsoft’s Active Directory, an increasingly common attack vector. (Full disclosure: Microsoft is a Semperis partner.)

But while recently helping a massive healthcare company navigate a particularly harrowing ransomware attack, I was reminded of three core action items every business leader needs to validate with their technology leaders to help avoid an AD-related cyber disaster.”

LINK: https://www.forbes.com/sites/forbesbusinesscouncil/2021/07/20/three-takeaways-for-business-leaders-from-the-front-lines-of-a-cyberattack/

Watch out for your email inbox because one of the biggest ransomware botnets is back

Watch out for your email inbox because one of the biggest ransomware botnets is back

By Dave James

“After being taken down by Microsoft and the Pentagon ahead of the 2020 presidential election, the group behind Trickbot is up and running again.

The Russian-speaking ransomware group taken down by Microsoft and the Pentagon last year is back up and running and ready to infect a whole new tranche of machines. So yeah, time to be really careful about what links and attachments you click on in unsolicited emails.

The group, known by the moniker of its Trickbot malware, was targeted by the Pentagon’s Cyber Command because of fears that it might decide to interfere with the presidential election. A series of coordinated attacks were launched against infected systems in September 2020, pointing them at a local address rather than a Trickbot control server, and it looked like the debilitating efforts had succeeded.

At least temporarily.

Microsoft also got in on the action, apparently on its own cognisance, tracking down the servers actually being used by the Trickbot botnet. Working with ISPs in Latin America, Microsoft was able to obtain court orders which meant they could disable the IP addresses plumbed into those servers.

Because of the decentralised nature of the group, reportedly spread out across Russia, Ukraine, Belarus, and other locales in Eastern Europe, it’s almost impossible to put these sorts of groups out of action for good. And, despite the arrest of one 55-year-old for apparently facilitating the spread of the Trickbot operation, there’s a lot of evidence that it’s winding back up again.
Indeed, there are reports as far back as January, that malware attacks bearing all the essential hallmarks of a Trickbot campaign were happening across North America. Menlo Security said that: “While Microsoft and its partners’ actions were commendable and Trickbot activity has come down to a trickle, the threat actors seem to be motivated enough to restore operations and cash in on the current threat environment.”

LINK: https://www.pcgamer.com/russian-ransomware-trickbot-is-back-in-action/

Phishing, Ransomware Driving Wave of Data Breaches

Phishing, Ransomware Driving Wave of Data Breaches

by Nathan Eddy on July 12, 2021

“Data compromises have increased every month this year except May.

If that trend continues, or even if there is only an average of 141 new compromises per month for the next six months, the total will still exceed the previous high of 1,632 breaches set in 2017.

These were among the findings of the nonprofit organization Identity Theft Resource Center’s (ITRC) latest data breach analysis report, which revealed publicly reported U.S. data breaches are up 38% in the second quarter of 2021, for a total of 491 compromises, compared to Q1.”

“Simply put, cybercriminals don’t need to steal as much information as they have historically to commit phishing and ransomware attacks,” said the ITRC’s chief operating officer James E. Lee. “For the past several years, identity thieves have been relying less on stealing mass amounts of information needed to attack individuals in favor of being very targeted in what they steal and the companies they target.”

He noted even with the drop in the number of victims, the risk of identity crimes to those impacted by breaches and compromises is real and can have devastating consequences.”

LINK: https://securityboulevard.com/2021/07/phishing-ransomware-driving-wave-of-data-breaches/

Warning: 1 in 3 employees are likely to fall for a phishing scam

by Brandon Vigliarolo in Security on July 9, 2021, 8:04 AM PST

“Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.

A new study from cybersecurity training and phishing simulation company KnowBe4 found that one in three untrained users were likely to fall for phishing or social engineering scams.

The report analyzed businesses in a variety of industries to build what KnowBe4 calls an organization’s “phish-prone percentage (PPP),” which indicates how many employees are vulnerable to such attacks. The average baseline, 31.4%, varied greatly by organization size and industry, with a full half of employees in large (1,000+) energy and utilities companies likely to fall for a phishing or social engineering attack “

Figure A: The most at-risk industries by organization size, as identified by KnowBe4.

“This is deeply concerning. Organizations should monitor their risks due to the majority of data breaches originating from social engineering. This data shows us that implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks,” said KnowBe4 CEO Stu Sjouwerman.

KnowBe4’s data suggests that training is the answer to the dangerously high percentages. Within 90 days of training, KnowBe4 ran another phishing and social engineering test on the 23,400 organizations included in the report, and it found the average PPP score dropped to 16.4%. After ne year of ongoing training that number drops to just 4.8% (Figure B). That equates to an average improvement of 84%, the report said.

LINK: https://www.techrepublic.com/article/warning-1-in-3-employees-are-likely-to-fall-for-a-phishing-scam/