Tag: douglas bernardini

Categories
Ransomware Sophos Threats

Sophos Discovers New Memento Ransomware

Sophos Discovers New Memento Ransomware - Douglas Bernardini
Sophos Discovers New Memento Ransomware - Douglas Bernardini

Memento Ransomware Locked Files in a Password-Protected Archive When it Couldn’t Encrypt the Data and Demands $1 Million in Bitcoin

Sophos Discovers Memento Ransomware – Sophos, a global leader in next-generation cybersecurity, has released details of a new Python ransomware called Memento. The research, “New Ransomware Actor Uses Password Protected Archives to Bypass Encryption Protection,” describes the attack, which locks files in a password-protected archive if the Memento ransomware can’t encrypt the targeted data.

“Human-led ransomware attacks in the real world are rarely clear cut and linear,” said Sean Gallagher, senior threat researcher at Sophos. “Attackers seize opportunities when they find them or make mistakes, and then change tactics ‘on-the-fly.’ If they can make it into a target’s network, they won’t want to leave empty handed. The Memento attack is a good example of this, and it serves as a critical reminder to use defense-in-depth security. Being able to detect ransomware and attempted encryption is vital, but it’s also important to have security technologies that can alert IT managers to other, unexpected, activity such as lateral movement.”

Attack Timeline

Sophos researchers believe the Memento operators breached the target’s network in mid-April 2021. The attackers exploited a flaw in VMware’s vSphere, an internet facing cloud computing virtualization tool, to gain a foothold on a server. The forensic evidence Sophos researchers found indicates the attackers started the main intrusion in early May 2021.

The attackers used the early months for lateral movement and reconnaissance, using the Remote Desktop Protocol (RDP), NMAP network scanner, Advanced Port Scanner, and Plink Secure Shell (SSH) tunneling tool to set up an interactive connection with the breached server. The attackers also used mimikatz to harvest account credentials to use in later stages of the attack.

According to Sophos researchers, on Oct. 20, 2021, the attackers used the legitimate tool WinRAR to compress a collection of files and exfiltrate them via RDP.

“Ransomware is one of the most growing cyber threats, being one of the biggest concerns of customers around the globe.” says Douglas Bernardini, Cyber Security Specialist and Cloud Computing Expert.

Release of the Ransomware

The attacker first deployed the ransomware on Oct. 23, 2021. Sophos researchers found that the attackers initially tried to directly encrypt files, but security measures blocked this attempt. The attackers then changed tactics, re-tooled and re-deployed the ransomware. They copied unencrypted files into password-protected archives using a renamed free version of WinRaR, before encrypting the password and deleting the original files.

The attackers demanded a ransom of $1 million in bitcoin in order to restore the files. Fortunately, the target was able to recover data without the involvement of the attackers.

Open Entry Points Let in Additional Attackers

While the Memento attackers were in the target’s network, two different attackers broke in via the same vulnerable access point, using similar exploits. These attackers each dropped cryptocurrency miners onto the same compromised server. One of them installed an XMR cryptominer on May 18, while the other installed an XMRig cryptominer on Sept. 8 and again on Oct. 3.

“We’ve seen this repeatedly – when internet-facing vulnerabilities become public and go unpatched, multiple attackers will quickly exploit them. The longer vulnerabilities go unmitigated, the more attackers they attract,” said Gallagher. “Cybercriminals are continuously scanning the internet for vulnerable online entry points, and they don’t wait in line when they find one. Being breached by multiple attackers compounds disruption and recovery time for victims. It also makes it harder for forensic investigations to unpick and resolve who did what, which is important intelligence for threat responders to collect to help organizations prevent additional repeat attacks.”

Security Advice

Sophos believes this incident, where multiple attackers exploited a single unpatched server exposed to the internet, highlights the importance of quickly applying patches and checking with third-party integrators, contract developers or service providers about their software security.

Sophos also recommends the following general best practices to help defend against ransomware and related cyberattacks:

At a Strategic Level

  • Deploy layered protection. As more ransomware attacks begin to involve extortion, backups remain necessary, but insufficient. It is more important than ever to keep adversaries out in the first place, or to detect them quickly, before they cause harm. Use layered protection to block and detect attackers at as many points as possible across an estate
  • Combine human experts and anti-ransomware technology. The key to stopping ransomware is defense-in-depth that combines dedicated anti-ransomware technology and human-led threat hunting. Technology provides the scale and automation an organization needs, while human experts are best able to detect the tell-tale tactics, techniques and procedures that indicate an attacker is attempting to get into the environment. If organizations don’t have the skills in house, they can enlist support from cybersecurity specialists

At a Day-to-Day Tactical Level

  • Monitor and respond to alerts. Ensure the appropriate tools, processes, and resources (people) are available to monitor, investigate and respond to threats seen in the environment. Ransomware attackers often time their strike during off-peak hours, at weekends or during the holidays, on the assumption that few or no staff are watching
  • Set and enforce strong passwords. Strong passwords serve as one of the first lines of defense. Passwords should be unique or complex and never re-used. This is easier to accomplish with a password manager that can store staff credentials
  • Use Multi Factor Authentication (MFA). Even strong passwords can be compromised. Any form of multifactor authentication is better than none for securing access to critical resources such as e-mail, remote management tools and network assets
  • Lock down accessible services. Perform network scans from the outside and identify and lock down the ports commonly used by VNC, RDP, or other remote access tools. If a machine needs to be reachable using a remote management tool, put that tool behind a VPN or zero-trust network access solution that uses MFA as part of its login
  • Practice segmentation and zero-trust. Separate critical servers from each other and from workstations by putting them into separate VLANs as you work towards a zero-trust network model
  • Make offline backups of information and applications. Keep backups up to date, ensure their recoverability and keep a copy offline
  • Inventory your assets and accounts. Unknown, unprotected and unpatched devices in the network increase risk and create a situation where malicious activities could pass unnoticed. It is vital to have a current inventory of all connected compute instances. Use network scans, IaaS tools, and physical checks to locate and catalog them, and install endpoint protection software on any machines that lack protection
  • Make sure security products are correctly configured. Under-protected systems and devices are vulnerable too. It is important that you ensure security solutions are configured properly and to check and, where necessary, validate and update security policies regularly. New security features are not always enabled automatically. Don’t disable tamper protection or create broad detection exclusions as doing so will make an attacker’s job easier
  • Audit Active Directory (AD). Conduct regular audits on all accounts in AD, ensuring that none have more access than is needed for their purpose. Disable accounts for departing employees as soon as they leave the company
  • Patch everything. Keep Windows and other operating systems and software up to date. This also means double checking that patches have been installed correctly and are in place for critical systems like internet-facing machines or domain controllers

Sophos endpoint products, such as Intercept X, protect users by detecting the actions and behaviors of ransomware and other attacks. The act of attempting to encrypt files is blocked by the CryptoGuard feature. Integrated endpoint detection and response, including Sophos Extended Detection and Response (XDR), can help capture nefarious activities, such as when attackers create password-protected archives like those used in the Memento ransomware attack.

To learn more, please read the Memento ransomware article on SophosLabs Uncut.

Additional resources

  • To learn more about evolving cyberthreats, including ransomware and cryptominers and what they mean for IT security in 2022, read the Sophos 2022 Threat Report
  • Tactics, techniques, and procedures (TTPs) and more for different types of threats are available on SophosLab Uncut, which provides Sophos’ latest threat intelligence
  • Information on attacker behaviors, incident reports and advice for security operations professionals is available on Sophos News SecOps
  • Learn more about Sophos’ Rapid Response service that contains, neutralizes and investigates attacks 24/7
  • The four top tips for responding to a security incident from Sophos Rapid Response and the Managed Threat Response Team
  • Read the latest security news and views on Sophos’ award-winning news website Naked Security and on Sophos News

About Sophos

Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Source: https://www.globenewswire.com/news-release/2021/11/18/2337364/0/en/Sophos-Discovers-New-Memento-Ransomware.html

See also: SOPHOS 2021 THREAT REPORT

Categories
ProofPoint Security

Proofpoint Wins Three Categories at 2021 CISO Choice Awards

Cover - Proofpoint Wins Three Categories at 2021 CISO Choice Awards - Douglas Bernardini
Cover - Proofpoint Wins Three Categories at 2021 CISO Choice Awards - Douglas Bernardini

Cybersecurity Leader Named Premier Security Company for second straight year; Also Finishes First in Email Security, Cloud Security categories as determined by Board of CISO Judges

Proofpoint, Inc., a leading cybersecurity and compliance company, today announced it took top honors in three categories at the 2021 CISO Choice Awards including Premier Security Company for the second straight year. Proofpoint also won the categories of best Email Security and Cloud Security solutions.

A first of its kind vendor recognition selected by a CISO Board of Judges – leading security executives across industries – the CISO Choice Awards is a buyer’s guide for their peers when selecting the technologies used to safeguard their organizations. Now in its second year, the awards honor security vendors of all sizes, types, and maturity levels, recognizing differentiated solutions valuable to the CISO and enterprise from security solution providers worldwide.

“Proofpoint is honored to receive top honors by the CISO Choice Awards Board of Judges in three different categories,” said Ryan Kalember, EVP of Cybersecurity Strategy, Proofpoint. “As real-life CISOs applying real-world conditions, the judges understand that today’s attacks target people, not networks. Deploying a layered, people-centric approach to cybersecurity that includes security awareness training and integrated threat protection as found in our Email Security and Cloud Security solutions is crucial for stopping and remediating threats.”

“I would like to congratulate the winners of the 2021 CISO Choice Awards. It was an extremely competitive playing field with a record number of submissions,” said Aimee Rhodes, CEO of CISOs Connect: “It was exciting to hear the judges – who live and breathe security – share their experiences and discuss with one another the wealth of technologies that are on the market or coming to the market. Nothing can replace the real-word insights that the CISO judges bring to the table when deciding on the top vendors. Kudos again to the winners.”

Deployed as a cloud service or on premises, Proofpoint Threat Protection Platform uses multilayered detection techniques coupled with reputation and content analysis to identify and block a wide range of email-based threats. These threats include email fraud and hybrid attacks that leverage both cloud and email vectors. With Proofpoint’s integrated platform, organizations can obtain actionable insight into threats, enable users to identify and report on suspicious messages, and accelerate threat response by automating threat investigation and remediation process.

“One of the most sensitive layers within cybersecurity is people. Proofpoint is recognized for its solutions that meet this front.” says Douglas Bernardini, Cyber Security Specialist and Cloud Computing Expert.

For more information on Proofpoint Email Security, please visit: https://www.proofpoint.com/us/products/email-security-and-protection

For more on Proofpoint’s Cloud Security Platform, please visit: https://www.proofpoint.com/us/products/cloud-security

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyberattacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Source: https://www.globenewswire.com/news-release/2021/10/27/2321707/35374/en/Proofpoint-Wins-Three-Categories-at-2021-CISO-Choice-Awards.html

See also: Proofpoint for Continuous Diagnostics and Mitigation

Categories
Gartner Imperva Magic Quadrant WAAP WAP Web Application Protection

Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection

Imperva An Eight-Time Magic Quadrant Leader for WAAP - Douglas Bernardini 2
Imperva An Eight-Time Magic Quadrant Leader for WAAP - Douglas Bernardini 2

2021 has seen a lot of change. Billionaires now go where only governments and Red Bull gimmicks could go before. The 2020 Olympics didn’t take place in 2020. Tom Brady won his 7th Super Bowl for a completely new franchise [those of you in the US get this reference]. Similar change in application security has now been defined by an annual report with a new name.

Gartner® published the 2021 Magic Quadrant™ for Web Application and API Protection and, despite the new name and expanded scope, Imperva has been named a Leader and rated highest for Completeness of Vision consistently throughout.

Imperva’s vision is to protect all applications for hybrid enterprises

If you picture an application 8 years ago, what you see is not complex: a very large piece of software running on vSphere in a leased data center. APIs were an innovative tool for tiny start-ups [I remember talking to my development team about the advantages of SOAP and why it was too soon to go to REST]. Amazon Web Services was just starting to offer a certification program for engineers. Clearly, 8 years is a very long time in application development time.

And yet, while so much has changed in 8 years, many web applications today are still versions of what was built then. It takes a great deal of methodical planning to properly migrate to cloud-native technologies, such as serverless functions, and gradual investments to effectively architect applications with RESTful and GraphQL APIs. For years, Imperva has continually focused on providing security for organizations in this transition, and the vast majority of them have a mix of legacy and modern across a hybrid environment. This is a key reason why we continue to invest in Web Application and API Protection that our customers can deploy in a variety of ways, from appliances in data centers to SaaS to natively deployed in AWS, Microsoft Azure, and Google Cloud Platform (GCP).

But you cannot protect all of a modern organization simply by adapting the protection they already use — it takes innovative approaches to secure what now comprises the majority of all traffic: APIs. Imperva protected our customers’ APIs prior to 2021, but this year, it became a top priority. A few months ago, we added the ability for customers to discover the APIs receiving traffic outside the view of the security team. And to ensure our customers can continue their modernization, we acquired CloudVector for advanced API security protecting high-scale businesses, but more importantly, for the expertise in the team. Effectively protecting APIs requires a deep understanding of how development operations work and how much it differs from the application development of 8 years ago.

“Imperva is a constant company, strong in market share and with solid solutions.” says Douglas Bernardini, Cyber Security Specialist and Cloud Computing Expert.

If you want to learn more about Imperva’s approach, please view the recorded session with Lebin Cheng, Head of API Security, and Peter Klimek, Office of CTO, here.

Imperva Eight Time Leader – Imperva recognizes the industry needs beyond 2022

To handle all of this change, we believe we have the industry’s best approach to protecting our customers from innovative attacks, and thank Gartner for this report’s recognition. Not every application security vendor has our track record of rapidly integrating the technology of their acquisitions, most recently with how the advanced bot management capabilities from Distil Networks were available to Imperva customers in under a year. We look forward to the 2022 report, once Gartner and the broader market have seen what we will accomplish with the CloudVector team guiding the way.

To download the report, visit here.

To immediately start a free trial of our market-leading Cloud WAAP platform, visit our free trial site.

Gartner, “Magic Quadrant for Web Application and API Protection”; Jeremy D’Hoinne, Rajpreet Kaur, John Watts, Adam Hils, Shilpi Handa; September 20, 2021.

The report was earlier named as Magic Quadrant for Web Application Firewalls until 2020. Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva.

Source: https://securityboulevard.com/2021/09/imperva-an-eight-time-magic-quadrant-leader-for-web-application-and-api-protection/

See also: Capability Brief – WAF Gateway

Categories
Akamai Firewall WAP Web Application Protection

Akamai announces Future of Life Online Challenge, awarding digital innovators $1 million in services

Akamai announces Future of Life Online Challenge - Douglas Bernardini
Akamai announces Future of Life Online Challenge - Douglas Bernardini

Challenge will award up to four visionary companies with a total of $1 million in Akamai security, content delivery, and/or edge compute solutions

Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution to power and protect digital experiences, today announces the launch of its Future of Life Online Challenge, celebrating and rewarding “the visionaries, the rebels, and the insanely curious innovators” shaping breakthrough online experiences. The challenge will award up to four winners an equal share of up to $1 million worth of Akamai security, content delivery and edge compute solutions and showcase their achievements in a special online docuseries.

“For more than 20 years, Akamai has devoted itself to powering and protecting the digital experiences that create online life as we know it. When done well, great online experiences elevate the entire human experience, so we want to empower those innovators who are defining our digital future,” said Robert Blumofe, Executive vice president and CTO, Akamai Technologies. “The Future of Life Online Challenge is designed to help groundbreaking companies take their solutions to the next level and shine a spotlight on their achievements, inspiring others to develop their own big ideas that will create the future of life online.”

To enter, companies must have an innovative, viable product or service in the market that needs support in scaling digital security, web performance, and/or digital delivery to achieve its full potential. The challenge will be conducted in two rounds:

  • For Round One, companies must submit a brief video describing their product or solution and how it delivers value to customers or society. Round One applications with videos must be submitted by February 18, 2022, at 5 PM ET. Finalists from Round One will be announced March 11, 2022.
  • For Round Two, finalists must submit a business proposal, not exceeding seven pages, describing their customer segments, value proposition, distribution/sales channels, market size, growth plans, and sustainability focus. They need to attend a virtual conference to pitch their proposal and answer questions. Round Two proposals must be received by May 13, 2022, at 5 PM ET.

Proposals will be judged according to the novelty of the idea, the market viability, and the customer benefit. The Challenge winners will be announced on June 06, 2022.

“It is an incentive to innovation, which will positively impact the cyber defense market.” says Douglas Bernardini, Cyber Security Specialist and Cloud Computing Expert.

Challenge entries must be submitted via the online application at www.futureoflifeonline.com. To qualify, companies may not be an existing direct or indirect customer of Akamai or of any subsidiary, affiliate, or channel partner of Akamai. For additional qualification requirements and the complete terms and conditions for the Challenge, please visit www.futureoflifeonline.com.

About Akamai
Akamai powers and protects life online. The most innovative companies worldwide choose Akamai to secure and deliver their digital experiences – helping billions of people live, work, and play every day. With the world’s largest and most trusted edge platform, Akamai keeps apps, code, and experiences closer to users – and threats farther away. Learn more about Akamai’s security, content delivery, and edge compute products and services at www.akamai.comblogs.akamai.com, or follow Akamai Technologies on Twitter and LinkedIn.

Source: https://www.prnewswire.com/news-releases/akamai-announces-future-of-life-online-challenge-awarding-digital-innovators-1-million-in-services-301424376.html

See also: Akamai – Web Application Protector

Categories
Azure Firewall Fortinet Microsoft Threats

Fortinet Announces the First Next-Generation Firewall and Secure SD-WAN Integration in Microsoft Azure Virtual WAN

Fortinet Announces the First Next-Generation Firewall and Secure SD-WAN Integration in Microsoft Azure Virtual WAN - Douglas Bernardini
Fortinet Announces the First Next-Generation Firewall and Secure SD-WAN Integration in Microsoft Azure Virtual WAN - Douglas Bernardini

FortiGate-VM Integration Enables the Convergence of Security and Networking in the Cloud

Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, today announced the expansion of its collaboration with Microsoft. The collaboration deliver the industry’s first next-generation firewall (NGFW) and Secure SD-WAN integration with Microsoft Azure Virtual WAN.

Customers can now – for the first time ever from any vendor – apply advanced security policies to virtual WAN traffic and extend Secure SD-WAN into the Azure virtual WAN hub.

The result is the convergence of advanced security and networking capabilities in the cloud for an even more simplified, automated, and secure cloud on-ramp and SD-WAN experience.

The integration also allows enterprises to more effectively interconnect with applications and workloads running Azure with the rest of their hybrid and multi-cloud deployments.

Secure Traffic Into, Out of and Through Azure Virtual WAN with Fortinet

Companies are increasingly looking to utilize Azure Virtual WAN as a global transit network architecture, providing seamless connectivity between endpoints.

While Microsoft has long provided secure access to the Virtual WAN Hub, until now, it has been difficult to provide the same security policies with the same security tools within Azure Virtual WAN and across clouds and data centers.

The integration of FortiGate tools into Azure Virtual WAN empowers organizations to achieve their innovation goals outcomes in the cloud. Specifically, this integration enables IT and security professionals to easily configure networking and security in Microsoft Azure and delivers some benefits:

Benefits

  • Advanced Security for Virtual WAN Traffic: FortiGate-VM allows security policies to extend to traffic within the Azure Virtual WAN hub. That enable better, more secure application experiences for users and branch offices. Support encrypted data transports, granular segmentation and application-layer protection against advanced threats. Allows and seamless overlay network with uniform policies across multi-clouds.
  • One-Click Deployment: Azure Virtual WAN integration provides one-click deployment and easy scalability for FortiGate-VM in Azure. Customers can select, configure and deploy FortiGate virtual machines directly from the Azure Marketplace. That is also possible from within the Azure Virtual WAN interface, allowing security to be part of the workflow for setting up a Virtual WAN in Azure.
  • Securely Interconnect Applications and Workloads Across Clouds:. Azure Virtual WAN provides a global network transit backbone for branch-to-branch connectivity readily interconnecting regions together. Customers looking to deploy hybrid and multi-cloud networks that include Azure can now easily and securely interconnect applications and workloads. That allows extending the benefits across their entire infrastructure to enable consistent policies and centralized visibility. This simplifies security management, enables global visibility into security events and policies, and improves quality of experience (QoE). For users and customers.

“Integrated information security solutions are becoming increasingly important for the success of cybersecurity actions.” says Douglas Bernardini, Cyber Security Specialist and Cloud Computing Expert.

Earlier this month, Fortinet and Microsoft also announced the availability of FortiGate-VM integration with Azure gateway load-balancer. It enables customers to deliver superior experiences for applications and workloads running in Azure.

See also: Fortinet Global Threat Landscape Report

Source: www.globenewswire.com/news-release/2021/11/17/2336468/0/en/Fortinet-Announces-the-First-Next-Generation-Firewall-and-Secure-SD-WAN-Integration-in-Microsoft-Azure-Virtual-WAN.html

Categories
CISA MS-ISAC Ransomware Threats

CISA Issues Guidance on Ransomware Attacks

CISA MS-ISAC Ransomware Guide - Douglas Bernardini
CISA MS-ISAC Ransomware Guide - Douglas Bernardini

CISA guidance ransomware attacks.

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued a fact sheet offering suggestions to government agencies and private companies on how to prevent and respond to a ransomware attack.

The fact sheet is entitled “Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches”. It provides organizations with tips to prevent and respond to ransomware. CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations listed in this fact sheet. The goal is to reduce their risk to ransomware and protect sensitive and personal information. Review StopRansomware.gov for additional resources.”

The fact sheet includes tips such as maintaining an offline, encrypted back-up of data, develop an incident response plan, implement auditing, regular scans and software updates, block phishing attempts, and practice “good cyber hygiene.”

“Guidance from internationally respected institutions such as CISA on real and dangerous threats to our companies is of paramount importance.”, says Douglas Bernardini, Cyber Security Specialist and Cloud Computing Expert.

The guidance sets forth some examples of good cyber hygiene, including:

  1. Ensuring antivirus and anti-malware software and signatures are up to date.
  2. Implementing application allowlisting.
  3. Ensuring user and privileged accounts are limited through account use policies, user account control, and privileged account management.
  4. Employing MFA for all services to the extent possible, particularly for webmail, virtual private networks (VPNs), and accounts that access critical systems.
  5. Implementing cybersecurity best practices from CISA’s Cyber Essentials and the CISA-MS-ISAC Joint Ransomware Guide.
    The fact sheet also offers suggestions on the topics “Protecting Sensitive and Personal Information” and “Responding to Ransomware-Caused Data Breaches.”

Finally, it provides additional resources listed on the StopRansomware.gov website. This is a free and valuable roadmap for organizations to read and consider using to prepare for and respond to a ransomware attack.

See also: CISA MS-ISAC Ransonware Guide

Source: https://www.dataprivacyandsecurityinsider.com/2021/08/cisa-issues-guidance-on-ransomware-attacks/

Categories
DDoS Threats

DDoS Attack launched by Mirai Botnet blocked by Cloudflare

DDoS-Protection-Cloudflare-Hudson-City-School-District-Selects-FirstLight-for-DDoS-Mitigation-Solution-Douglas-Bernardini
DDoS-Protection-Cloudflare-Hudson-City-School-District-Selects-FirstLight-for-DDoS-Mitigation-Solution-Douglas-Bernardini

    The number of DDoS increases. DDoS Attack Mirai Botnet confirms it.

    Cloudflare, a web giant, has detected and suppressed a DDoS Attack Mirai Botnet. This attack peaked at just below 2Tbps, making it the largest ever.

    Hackers launched a mega-attack against the company that targeted its online servers. They attacked with more than 15,000 bots running a variant of the original Mirai code. The targets was IoT devices and unpatched GitLab instances, according to SecureMyCloud.

    The company claims that the assault lasted no more than a minute. It was most likely a multi-vector attack utilizing both DNS amplification assaults as well as UDP floods.

    “Cloudflare’s mission is to help build a better Internet — one that is secure, faster, and more reliable for everyone. The DDoS team’s vision is derived from this mission: our goal is to make the impact of DDoS attacks a thing of the past”. Cloudflare in a blog post detailing the attack.

    According to Cloudflare, its systems automatically produced real-time signature after detecting the attack traffic. That was used by the whole network to identify assault patterns.

    Cloudflare about the current context of DDoS

    The firm’s website claims that employing fingerprinted rules to mitigate DDoS assaults without affecting real traffic, or introducing latency or performance issues, is possible.

    Cloudflare’s DDoS protection has gained a lot of admirers in the business. VoIP providers that have been subjected to ransomware attacks are grateful for Cloudflare’s built-in DDoS protection feature, which has saved them from an onslaught of DDoS assaults.

    “DDoS attacks are more and more frequent and can literally stop companies from operating.” says Douglas Bernardini, Cybersecurity Specialist and Cloud Computing Expert about DDoS Attack Mirai Botnet.

    In a recent DDoS trend assessment in Q3 2021, Gartner discovered that:

    • There was a 44 percent increase in network-layer DDoS attacks.
    • There was huge 1 terabit-per-second and larger than 10 gigabits per second (GTPS) network-layer DDoS attacks as well.

    While the fourth quarter is not yet over, Cloudflare has detected several terabit-force assaults aimed at its customers, according to the firm. “While the fourth quarter isn’t over yet, we’ve seen several terabit-force assaults targeted at Cloudflare customers,” it adds.

    See also: DDoS Protection

    Source: “https://lvhspiratepress.org/cloudflare-blocks-ddos-attack-launched-by-mirai-botnet”

    Categories
    Malware

    Malware Incident Prevention and Handling for Desktops and Laptops – NIST Malware Incident Prevention

    malware-incident-desktops-laptops-douglas-bernardinii
    malware-incident-desktops-laptops-douglas-bernardinii

    NIST Malware Incident Prevention and Handling for Desktops and Laptops – Special Publication 800-83

    Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to:

    • destroy data.
    • run destructive or intrusive programs.
    • compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system.

    Malware is the most common external threat to most hosts. It’s able to cause widespread damage and disruption and necessitating extensive recovery efforts within most organizations.

    Organizations also face similar threats from a few forms of non-malware threats that are often associated with malware. One of these forms that has become commonplace is phishing, which is using deceptive computer-based means to trick individuals into disclosing sensitive information.

    “Malware threats may be a complex incidente” says Douglas Bernardini, Cybersecurity Specialist & Cloud Computing Expert

    This publication provides recommendations for improving an organization’s malware incident prevention measures. Publication also gives extensive recommendations for enhancing an organization’s existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones.

    This revision of the publication, Revision 1, updates material throughout the publication to reflect the changes in threats and incidents. Unlike most malware threats several years ago, which tended to be fastspreading and easy to notice, many of today’s malware threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time and eventually leading to exfiltration of sensitive data and other negative impacts.

    see full document here:

    NIST Malware Incident Prevention Special Publication 800-83

    Categories
    Malware MSP MSSP Ransomware Threats

    SonicWall Knows MSSPs, MSPs Are Targets

    sonicwall-douglas-bernardini-logo2
    sonicwall-douglas-bernardini-logo2

    SonicWall Knows MSSPs MSPs Are Targets. SonicWall is particularly attuned to the threat ransomware poses to a whole host of organizations. It includes MSSPs and managed service providers (MSPs), SonicWall president and chief executive Bill Conner said. “As we see it, ransomware is on a nearly unimaginable upward trend, which poses a major risk to businesses, service providers, governments and everyday citizens,” he said. “The real-world damage caused by these attacks is beyond anecdotal at this point.”

    SonicWall released its findings following a mid-October White House virtual conference of 30 nations. The goal was to hammer out strategies to combat ransomware and other types of cyber crime. At the summit, Australia, Britain, Germany and India led panel discussions. With attendees also from Eastern Europe, the Middle East and Latin America. Russia and China, universally considered the primary perpetrators of most cyber offensives, were not invited to the meeting.

    “It is one of the biggest threats in cybersecurity today” says Douglas Bernardini, Cybersecurity Specialist & Cloud Computing Expert

    Of note, SonicWall also discovered 307,516 previously unknown malware variants through September, 2021 for a 73 percent spike from last year. The Milpitas, California-based security specialist said its researchers found more than 1,100 novel variants per day.

    “The risk of ransomware infection is increasing, and tools like Sonic Wall are invaluable allies.” says Douglas Bernardini, Cyber Security Specialist and Cloud Computing Expert.

    Here are some additional SonicWall ransomware findings:

    • In June, 2021, a new high water mark of 78.4 million ransomware attacks were recorded.
    • SonicWall logged the equivalent to 9.7 ransomware attempts per customer each business day.
    • The 190.4 million ransomware attempts in Q3, 2021 alone made it the highest quarter ever recorded by SonicWall, nearly overtaking the 195.7 million total ransomware attempts logged during the first three quarters of 2020.
    • The U.S. has incurred a 127 percent year-to-date increase in the number of ransomware attacks while the U.K. has seen a 233 percent surge.
    • Internet of Things malware incidents rose 33 percent globally.
    • An overall 21 percent increase in crypto-jacking with a 461 percent balloon across Europe.

    See also: Sonic wall cyber report 2021

    Source: mssp alert