We are back! We didn’t go anywhere we have just been busy like everyone else. Today, we carry on my favorite miniseries of the best way to not get eaten is to not look like food; proverbially of course. Part 2 of this is regarding critical asset protections. This includes, but again not limited to, domain controllers and critical asset backups, business continuity planning, ... READ MORE
Defense
Russia Ukraine Conflict Observables
With the rise of cyberwarfare against Ukraine and Russia, one could agree that there could be potential blowback from the sanctions that the United States has placed on the country of Russia. Some of the attacks that have been observed against Ukraine are attacks that include data wiping malware, such as HermeticWiper, Whispergate, and IsaacWiper. There have also been ... READ MORE
Digital piracy through ransomware: A change in tides
Due to the tidal wave of ransomware attacks since 2018, the seas are changing, and the attackers are now becoming the attacked. A disparate group of entities have started to fight back against these modern-day pirates in an epic battle which will likely change how ransomware attacks are handled going forward. Years ago, digital pirates targeted healthcare and relatively ... READ MORE
Russia’s new breadbasket is America’s Mid-West
The BlackMatter ransomware group, which claims to be the successor to the ostensibly, but possibly not so retired threat actor groups REvil/DarkSide, has successfully breached an Iowa-based grain and farm services provider. The provider, which operates grain elevators, trades crops and provides other support to Iowa and surrounding farmers, says it's has taken it’s systems ... READ MORE
TSA cybersecurity directives: What pipeline companies need to know
After the Colonial Pipeline ransomware attack shut down the entire pipeline system for over a week, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) issued a directive requiring all pipeline companies to take immediate actions to mitigate cyber risks. The first cybersecurity directive was issued on May 27 and the follow-up directive was ... READ MORE
The State of Ransomware
Ransomware as a concept isn’t exactly bleeding edge. For years, cybercriminals have been using ransomware along with a variety of different attack vectors to compromise companies both big and small around the globe. What is new, however, is the recent uptick in the quantity and frequency of ransomware-based attacks. According to Verizon's 2021 Data Breach Investigations ... READ MORE
Mapping Government Cybersecurity Initiatives to the NIST CSF
On May 12, 2021, a press release was released by the Biden Administration regarding intentions to improve the nation’s cybersecurity and protections for federal government networks. The press release cites recent incidents (e.g. SolarWinds and the recent Colonial Pipeline ransomware incident) as reminders that cybersecurity threats are constantly evolving. More recently, there ... READ MORE
Mass Mailing Attack from NOBELIUM
On May 25, 2021, the campaign escalated as NOBELIUM, the same group behind the 2020 SolarWinds attacks, leveraged the legitimate mass-mailing service, Constant Contact, to masquerade as a US-based development organization and distribute malicious URLs to a wide variety of organizations and industry verticals. Using the legitimate mass mailing service Constant Contact, NOBELIUM ... READ MORE
Combating Ransomware for Tomorrow – The Other Pandemic
Another year and another record topping year of even higher ransomware payments; something has to change if we want this to get any better. Some stats first: 51% of all businesses in 2020 were targets of ransomware Overall 40% surge in global ransomware hits in 2020 Average ransomware payments in Q3 of 2020 were over $233,000. A new 2021 report shows that average is up ... READ MORE
Microsoft Exchange – CVE-2021-26855+
On March 2, 2021, Microsoft released several security updates to address at least seven critical vulnerabilities in supported versions of on-premise Microsoft Exchange Server. These vulnerabilities were observed being used in limited targeted attacks; however, due to the critical nature and publication of these vulnerabilities, Microsoft released guidance that all customers ... READ MORE