Author: rescue@crimefire.in

Seven Russian men have been sanctioned by the UK and US for having links to recent ransomware attacks.
The UK's Foreign Office, along with US authorities, has released pictures of the men, frozen their assets and imposed travel restrictions.
US authorities have accused them of being members of loosely defined Russian-based hacking network Trickbot.
Ransomware strains Conti and Ryuk extorted at least £27m in ransoms from 149 British victims.
"This is a hugely significant moment for the UK and our collaborative efforts with the US to disrupt international cyber-criminals," said National Crime Agency director general Graeme Biggar.
"The sanctions are the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies," he said.
The National Cyber Security Centre, a part of GCHQ, has assessed that key group members are "highly likely" to have strong links to the Russian Intelligence Services from which they are sometimes directed.
No evidence was supplied to support this allegation.
The UK government categorises ransomware as a tier one national security threat with recent victims including UK schools, local authorities and firms.
The individuals sanctioned are: Vitaliy Kovalev, Valery Sedletski, Valentin Karyagin, Maksim Mikhailov, Dmitry Pleshevskiy, Mikhail Iskritskiy and Ivan Vakhromeyev.
Any arrests are impossible unless the accused leave the country.
The group behind the Conti strain has targeted hospitals, schools, businesses and local authorities, including the Scottish Environment Protection Agency.  It extorted $180m (£148m) in ransomware in 2021 alone, according to research from Chainalysis.
Ireland's Health Service Executive was targeted by Conti ransomware actors during the Covid pandemic, leading to disruption to blood tests, X-rays, CT scans, radiotherapy and chemotherapy appointments over 10 days. 
Another recent ransomware attack included Harrogate-based transportation and cold storage firm Reed Boardall, whose IT systems were under attack for nearly a week in 2021.
Although Conti disbanded in 2022, its members are thought to have continued their attacks under different guises.
This video can not be played
Businesses are being held to ransom by callous Ryuk cyber-criminals
Russia has for years denied that it is harbouring ransomware hackers, but cyber-security experts say there is compelling evidence that many of the criminal groups are co-ordinated from the country.
Many of the gangs operate on Russian-language forums, there are fewer attacks on Russian organisations, and the frequency of hacks dips during Russian public holidays.
The latest sanctions follow multinational efforts to disrupt ransomware crews, most recently by sabotaging the Hive ransomware crew and taking them offline.
Previously the US and UK worked together on sanctions issued against alleged members of cyber-crime group Evil Corp in 2020. Authorities allege that some of the men in the latest sanctions could have formerly worked for the group.
In 2021 the BBC went to Russia to try to track down the group and was told by a family member that the sanctions had made them fear for their safety.
Evil Corp: Searching for the world's most wanted hackers
Station master arrested after dozens killed in Greece train crash
Covid origin likely China lab incident – FBI chief
Ukraine war casts shadow over India's G20 ambitions
Ukraine war casts shadow over India's G20 ambitions
Blackpink lead top stars back on the road in Asia
Why the lab-leak theory is being taken seriously
India anti-corruption crusader fighting to clear his name
Exploring the rigging claims in Nigeria's elections
'Wales is in England' gaffe sparks TikToker's trip
Record numbers of guide dog volunteers after BBC story. VideoRecord numbers of guide dog volunteers after BBC story
Why the world faces a 'genomic gap'
DeSantis won't say he's running. What's he waiting for?
The iconic outfits that cause outrage
Why Gen Z are feeling stressed at work
NZ's battle with a ruthless predator
© 2023 BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.

source

To enjoy additional benefits
CONNECT WITH US
February 07, 2023 12:17 pm | Updated 12:17 pm IST – VILLUPURAM
COMMents
SHARE
READ LATER
A police official addressing a gathering about the do’s and don’t of online behaviour in Villupuram | Photo Credit: Special Arrangement
In an effort to contain the growing number of cyber crime offences, the Villupuram district police have launched an intensive awareness campaign to inform school and college students as well as the general public about how to avoid falling for online scams/fraudulent deals.
Villupuram Superintendent of Police N. Shreenatha said the ‘Safe Surfing’ campaign launched on Monday, would cover over 50 educational institutions across the district. The campaign will go on until February 10. “We are creating awareness among the people about the do’s and don’ts when it comes to online behaviour,” he said.
In the event of fraud, people are being advised to dial 1930, the cyber crime control room and report the incident immediately. People can also file complaints on the National Cyber Crime Reporting Portal (https://www.cybercrime.gov.in), he said.  
Additional Deputy Superintendent of Police (Cyber Crime) P. Govindaraju said police personnel will explain how online banking scams operate, including the issue of fake online scratch cards that go under the name of social commerce platforms, loan apps, and ransomware attacks. He said the most common form of online scams are part-time job offers where fraudsters, creating fake versions of pages of popular websites, hoodwink gullible victims.
The public should also refrain from sharing one-time passwords (OTPs) with fraudsters who contact debit or credit card users claiming that their cards have expired or that they are eligible to redeem certain ‘reward points.
Passwords and other account information including ATM card details and PIN numbers are sensitive pieces of information that should not be disclosed over the phone or on email. Hence, the public should not disclose these details to strangers, Mr. Govindaraju added.
COMMents
SHARE
Tamil Nadu / cyber crime / police
BACK TO TOP
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.

source

Topics
Telangana | cyber crime | Cyberattacks
Press Trust of India  |  Hyderabad 
Last Updated at February 7, 2023 18:03 IST
https://mybs.in/2cCKGsR

Cyber crimes in Telangana have doubled to 10,303 cases in 2021 from 5,025 cases in 2020 with Cyberabad topping the chart with 4,412 felonies, according to a report.
Revealing data, the Telangana Socio Economic Outlook 2023 said,"As many as 10,303 cases of cyber crime were registered in 2021 as against 5,025 cases in 2020, an increase of 105.03 per cent. The highest number of cases were reported from the police commissionerates of Cyberabad (4,412) followed by Hyderabad (3,303) and Rachakonda (1,548), it said.
Cyber crime is a rapidly evolving transnational crime committed across borders and affects individuals and societies globally, said the report. It said the Telangana government is trying to use technical assistance in capacity-building, prevention, creating awareness, increasing cooperation, collecting data, researching and analysing cybercrime, the report said.
The Telangana Cyber Crime Coordination Centre (T4C) was set up in 2021 to provide round-the-clock assistance to victims of cyber fraud. The T4C has a 24×7 call centre that helps coordinate with district police in the registration, investigation and detection of cyber crime, it said.
T4C has successfully prevented almost Rs 30 crore of public money from reaching the hands of cyber fraudsters. The State has also created Telangana Cyber Security Policy 2016 to address cyber security issues.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
Exclusive Stories, Curated Newsletters, 26 years of Archives, E-paper, and more!
Insightful news, sharp views, newsletters, e-paper, and more! Unlock incisive commentary only on Business Standard.
Download the Business Standard App for latest Business News and Market News .
First Published: Tue, February 07 2023. 18:03 IST

source

The Sunshine Coast has been selected as the location for a new national organisation aimed at protecting the nation against cyber criminals.
The Critical Infrastructure – Information Sharing and Analysis Centre (CI-ISAC), featuring some of the nation’s best and brightest when it comes to “threat intelligence’’, has started operations from Maroochydore today (February 6).
Under the guidance of CI-ISAC’s Chief Executive Officer David Sandell, the not-for-profit industry-based organisation provides comprehensive information and analysis advice to assist its membership base protect Australia’s most critical infrastructure.
The membership will be drawn from 11 key industry sectors representing almost 11,000 entities that include everything from banking, water and power grids to supermarkets and mining.
Mr Sandell said the Sunshine Coast had been steadily building its credentials in the cyber and tech space and this had not gone unnoticed for an organisation that is focussed on addressing digital defence-in-depth across Australia’s ICT networks.
“Assets that Sunshine Coast Council has been building alone or in partnership over the years were all key drivers to locate such an important organisation to a region location,” Mr Sandell said.
“No one else in regional Australia has the assets we need, including the fastest fibre cable to Asia, diversity of data path to Sydney, a fully fibre-enabled city centre and a new international runway with rapidly growing regional aviation connections.
“The local university and TAFE are doing some great things to develop the skilled workforce we need and the future on the Sunshine Coast looks bright.”
The new organisation is being led by some of Australia’s best, brightest, and most experienced in the field of threat intelligence and response.
Chair of the CI-ISAC Board is Brigadier (retired) Steve Beaumont, who previously served as Director-General of Intelligence, Surveillance, Reconnaissance, Electronic Warfare and Cyber with the Australian Department of Defence.
Also playing a key role in the organisation is Dr Gary Waters, who has worked in the defence and national security space for more than five decades
Sunshine Coast Council Acting Mayor Rick Baberowski welcomed the news that CI-ISAC would be calling the Sunshine Coast home, joining our emerging tech eco-system that already included key corporate players like Next DC, and industry leading bodies such as the Sunshine Coast Tech Industry Alliance.
He congratulated board members and founders, Scott Flower and David Sandell, on their decision to create a base and invest on the Sunshine Coast with such an important initiative designed to combat the acceleration in cyber-threats.
“A significant part of Australia’s critical infrastructure is owned or managed by local government, and I encourage all 537 Australian local governments to consider the considerable value in becoming a community of cyber defenders,” Acting Mayor Baberowski said.
“The concept is clear-cut. If we act together and share cyber threat intelligence, we can only get better at pre-empting attacks, while contributing to defending Australia’s data highway and all of the sensitive and personal data public services and businesses collect.
“We are proud that the Sunshine Coast will host and participate in an important new sector to develop solutions that can benefit all Australians.”
For more information on how to become a member or partner of the CI-ISAC, navigate to https://ci-isac.com.au/

source

source

Sambad English – The Latest News & Views on Odisha
Bhubaneswar: Odisha government issued a special helpline number ‘1930’ today to curb cyber crime in the State, which is meant for commoners and victims. The drive in this regard will be intensified further in the days ahead, said Chief Secretary Suresh Chandra Mahapatra.
Such a drastic step was taken in view of rising cases of cyber crime pertaining to finance and sex abuse on women and children. Awareness campaigns will be organised for the purpose. Any unlawful act where a computer or communication device or computer network is used to commit or facilitate the commission of a crime must be checked, Mahapatra insisted.
Miscreants posing as policemen loot gold chain from woman in Sundargarh town
Plastic rice being distributed to beneficiaries in PDS is rumour: Odisha Food Supplies Minister
Especially, elderly persons, students, Asha and Anganwadi workers and self-help groups (SHGs) are to be included in the drive against cyber crime. Thirty-four awareness-creating vehicles named ‘Sachetanata Rath’ will be pressed into service in the State equipped with audio and visual materials.
People will be made aware to verify the authenticity before carrying out a financial transaction, avoid friendships with unknown persons and not to click on links, SMSs and Apps received from suspicious sources. Symposiums and seminars will be conducted on a regular basis across the State.
Quiz, debates and essay competitions are to be organised at the school level. Odisha is the first State in the country in launching anti-cybercrime campaigns, the Chief Secretary added.
It is pertinent to mention, 52,975 cyber crime cases were registered in the country in 2021, which was 5.9 per cent more in number as compared to the cases registered in the previous year.
Similarly, 1485 cyber crime cases were registered in Odisha in 2019, 1931 cases in 2020 and 2037 cases in 2021 during the same period. On the other hand, 3402 petitions were received in the State in 2022 and 7700 petitions in 2022 respectively through cyber help desks.
Prev Post
17th Toshali National Crafts Mela from tomorrow
Next Post
Jaya Ekadashi Vrat Today, 1 February 2023: Fast/Upvas Breaking Time, Rituals
JSW BPSL Township Women’s Sports Meet-2023 concludes
Police attack on BJP youth workers arbitrary, a cause of grave concern: Dharmendra…
Narasingha Mishra demands action against Odisha CM over breach of privilege
Putin signs law to suspend Russia’s participation in arms treaty with US
Grammy winner Ricky Kej composes theme song of Odisha Millets Mission [Watch]
Fish trader crushed to death by speeding truck in Odisha’s Jajpur
Comments are closed.
POPULAR
28 February 2023 Horoscope Today, Rashifal, Lucky Colour,…
1 March 2023 Horoscope Today, Rashifal, Lucky Colour,…
Pisces 28 February 2023 Horoscope Today, Rashifal, Lucky…
Capricorn 1 March 2023 Horoscope Today, Rashifal, Lucky…

Recent Posts
Ind vs Aus 3rd Test: Matthew Kuhnemann takes maiden five-fer…
Kashmir to Kanyakumari: Asia’s longest cycle race…
Body of missing VSSUT student Chinmayee found in power…
Moody’s raises India’s economic growth…
VSSUT girl student goes missing as she jumps into power…
UK Foreign Secretary in India, to launch scheme for young…
How can we trust Crime Branch, CBI inquiry?: Narasingha…
Odisha woman steals ornaments from her home to please lover;…

source

Twitter has confirmed that the phone numbers and email addresses from 5.4 million accounts have been stolen due to the zero-day vulnerability on the platform that was originally flagged in January 2022.
The vulnerability meant that if a bad actor entered a phone number or email address and attempted to log in, they were able to learn if that information was associated with an existing account. This then led to the email address and phone numbers associated with 5.4 million accounts being put up for sale on the hacking forum, Breach Forums.
Twitter said in a statement that it “will be directly notifying the account owners [it] can confirm were affected by this issue”.
In a previous article by CS Hub on July 27, it was reported that many of the accounts that were up for sale, according to the hacker belonged to, “celebrities, companies, randoms, OGs, etc.”. ‘OGs’ refers to Twitter handles that are either made up of a desirable word like a first name or are very short and contain only a few letters.  
Twitter went on to suggest that those who operate “pseudonymous” accounts like OGs that may have been affected by the breach “keep [their] identity as veiled as possible by not adding a publicly known phone number or email address” to their Twitter account. The company clarified that while no passwords were compromised in the breach, it encourages “everyone who uses Twitter to enable 2-factor authentication using apps or hardware security keys to protect your account from unauthorized logins”.  
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterized 2022. Cybercriminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared.
2023 will see a continuation of these challenges, especially as bad actors continue to take advantage of the chaos caused by the expected backlash from Russia due to the Ukraine conflict.
The following cyberthreat predictions are based on key observations made by the Zscaler ThreatLabz research team, made up of more than 125 security experts with decades of experience in tracking threat actors, malware reverse engineering, behavior analytics, and data science.
Crime-as-a-service (CaaS) encompasses the full range of cyber threat service offerings, including ransomware-as-a-service, where developers outsource ransomware to their affiliates who execute the attack and share the profits, and phishing-as-a-service, where cybercriminals can buy grammatically perfect email templates, replicas of popular webpages, and more.
As threat actors seek to increase payouts, they will leverage more service model offerings to increase the effectiveness of their attacks and cut out the development time to quickly scale operations. CaaS also lowers the technical barrier to entry, enabling novice cybercriminals to execute sophisticated threats.
Supply chain attacks occur when adversaries compromise partner and supplier ecosystems to reach their ultimate breach target and goals, such as executing a ransomware attack. Compromising a target’s weaker suppliers is more accessible and has led to successful upstream attacks, which is why this tactic will likely increase in the future.
Dwell time is the period between the initial compromise and the final stage of an attack — for example, the median dwell time for threat actors to deploy ransomware is now just five days, according to Mandiant. For most organizations, this is also the length of time an attack can be detected and stopped by defenders before it causes damage.
Malware families, ransomware gangs, and other cybercriminal associations reorganize themselves frequently.
GandCrab rebranded as REvil, the group responsible for the spotlight attacks on JBS and Kaseya. The old groups typically go dark after an incident, then a new group appears months or years later. Researchers eventually discern that it’s basically the old group getting back together, with similar techniques and code styles giving them away.
They may rebrand because of new member affiliations to avoid criminal charges and to ensure they can secure cyber insurance payouts.
Threat actors will increase the use of tactics to bypass antivirus and other endpoint security solutions. In addition, their attacks will have an increasing focus on core business service technologies, like VMware ESX, for example.
Last fall, researchers observed attackers using new techniques to install persistent backdoors on ESXi hypervisors, a virtualization software and a primary component in the VMware infrastructure software suites for virtual machines.
Because of this, organizations will have an even greater need for defense-in-depth, rather than relying solely on endpoint security to prevent and detect intrusions.
Forked malware, of course, is just another variant that include updates with more sophisticated techniques. Sometimes the source code for a specific malware is leaked online by a researcher, as in the case of Conti ransomware.
Since Conti ransomware was leaked, for example, parts of the source code have been found in other types of ransomware, borrowed or repurposed by different developers.
Updated and forked versions of malware and other threats make it harder for defenders to detect, because there are so many variants using custom techniques to deploy the same attack. We expect such variants will continue to evolve at different rates.
Read more Partner Perspectives with Zscaler.
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

On January 6, 2023, the Federal Communications Commission (FCC or the “Commission”) released a Notice of Proposed Rulemaking (“Notice”) with updates to its data breach rules and reporting requirements. Considering the growing number of data breaches in the telecommunications industry in recent years, the proposed changes aim to strengthen the Commission’s rules governing breaches involving certain sensitive customer information, also known as customer proprietary network information (CPNI). Like other definitions of personal information or personal data in global privacy laws, CPNI is defined broadly and includes both personally identifiable information and usage data that communications providers collect from or about their customers. 
The FCC’s proposed changes come at a time where the data breach notification obligations for companies are constantly evolving. A number of states have expanded their breach notification laws in recent years, and a few have also added affirmative cybersecurity obligations with regard to protected information. Companies subject to the FCC’s jurisdiction will have to account for these new changes (if finalized) along with these other evolving requirements at the state level. 
We have provided relevant background and a description of the key takeaways related to the Notice below. The Notice also invites comments on other related matters including the adoption of harm-based trigger notifications for data breaches, setting minimum requirements for the content of customer breach notices, and addressing breaches of sensitive personal information. A detailed summary of the Notice was published in the Federal Register on January 23, 2023, and comments to the Notice are due on February 22, 2023.
Background
Section 222 of the Communications Act of 1934 (the “Act”) requires telecommunications carriers to protect the privacy and security of customer information to which they have access to as network operators. In addition to requiring carriers to protect the confidentiality of proprietary information of and relating to their customers (i.e., CPNI), the Act also restricts carriers’ use, disclosure, and providing access to such information. Notably, the Act defines CPNI broadly, and includes information relating to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service, as well as certain information contained in the bills received by customers. Examples of CPNI include phone numbers called by a customer, the frequency, duration, and timing of such calls, and location data of mobile devices.
Moreover, with respect to Telecommunications Relay Service (TRS) providers specifically, Section 225 of the Act has been found to authorize the Commission to apply the same privacy protections afforded to telecommunications users to TRS users. Thus, in 2013 the Commission adopted rules concerning CPNI that applied to all TRS providers. Effectively, today, the data breach rules and reporting requirements for telecommunications carriers and TRS providers are largely identical.
Key Takeaways
Inadvertent Disclosures. The first update proposed by the Commission would broaden the definition of “breach” to include the inadvertent access, use, or disclosure of customer information. By broadening the definition to include both intentional and inadvertent breaches, the Commission hopes that carriers will be incentivized to strengthen their data security practices. Moreover, by gathering more information about accidental breaches, the Commission will be able to better identify and remediate any vulnerabilities to prevent similar breaches from occurring in the future.
Commission Notification. In addition, the Commission proposes updating their notification requirements to require telecommunications carriers and TRS providers to notify the Commission of data breaches, in addition to notifying the Secret Service and FBI as their current rules require. Notification to the Commission would improve their ability to track and enforce ongoing compliance with their rules. The Commission notes that this requirement aligns with other data beach notification rules, including, for example, HIPAA, which requires notification to the department of Health and Human Services.
Notifying Customers without Unreasonable Delay. The Notice also proposes adopting a without unreasonable delay standard for notifying customers. This update would eliminate the current mandatory waiting period, and instead, require telecommunications carriers and TRS providers to notify customers of CPNI breaches without unreasonable delay after discovery of a data breach, unless a delay is requested by law enforcement. It is the Commission’s belief that implementing such a standard that still allows for necessary delays, would allow affected customers to receive information about breaches and take preventative action sooner, while still not impeding the actions of law enforcement. 
Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an “engagement letter”) you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.
Thank you for your interest in WilmerHale.

source

James Tyrrell
@JT_bluebird1
james.tyrrell@hybrid.co
Zero trust segmentation: cybersecurity teams are developing digital strategies to combat data breaches. Image credit: Shutterstock Generate.
Microsoft, T-mobile, the Red Cross, Twitter, Zoom, Paypal, Uber, the Shanghai Police Department, Tokyo Olympics attendees, JPMorgan Chase Bank, Facebook, Marriott Group, ASUS, JD Sports – if we were playing Jeopardy, the prize-winning response would be ‘victims of a data breach’. But data breaches are no game. And that’s just a sample of incidents, taken from stories that have appeared on TechHQ. The true scale of compromised data is huge. Data breaches happen with such regularity that they’ve almost ceased to become news. But that predictability offers a clue on how to remedy the problem. Given how often threat actors target firms, organizations, and individuals, it makes sense for IT systems to be attack tolerant and capable of data breach containment.
A common cybersecurity strategy is to invest in products that put a boundary between the internet and the outside world. “Firms are trying to build the wall higher and higher,” Trevor Dearing – Director of Critical Infrastructure Solutions at Illumio – told TechHQ. “But we have to change our thinking; assume that you’re going to get breached and invest in how to survive it.”
At a high level, there are three areas to think about. How do attackers gain access in the first place? What can be done to secure data so that, in the event of an attack, companies can roll back to a known clean version and continue critical operations? And the piece that sits in the middle – understanding which assets on the network are talking to each other. Ransomware has a habit of targeting the highest-value assets, and firms can use this knowledge to prioritize their activity.
Reassuringly, there’s plenty that can be done to make life harder for potential data thieves targeting IT networks. Defences include limiting the available attack surface and engineering data breach containment. “We know the most popular protocols,” explains Dearing. “And we don’t need those protocols everywhere.” A Palo Alto Networks blogpost sheds light on one of the most popular targets for ransomware attacks – remote desktop protocol (RDP).
Legitimate uses for RDP include allowing IT support to connect to an employee’s laptop or for remotely managing cloud assets. But leaving RDP ports open threatens to invite unwelcome interest. In fact, RDP has become so notorious that many security experts have renamed it the Ransomware Deployment Protocol! Network scans commonly reveal a large number of connection attempts to RDP’s default port of 3389. And if attackers can find their way in – using stolen credentials, by exploiting a vulnerability, or through brute force – then adversaries will be able to wander through as much of a company’s IT infrastructure as the compromised user account has access to.
The threat emphasizes why it’s important to keep track of which protocols are being used on different portions of the network and make sure, as Dearing recommends, to limit any unnecessary activity. RDP exposures can be reduced through a number of steps, such as setting time limits on disconnected sessions, limiting the number of allowable login attempts, and monitoring for any unintended exposures.
Cycling back to the change in mindset from building a higher wall to making sure that systems are attack tolerant and capable of data breach containment, it’s no surprise to witness the rise of ‘zero trust’ – granting users the bare minimum of permissions and only for the duration of the tasks that need to be carried out. Also, the widespread roll out of multifactor authentication (MFA) points to the threat posed by phishing emails – a staple in the suite of tactics, techniques, and procedures (TTPs) used by bad actors to steal data and launch ransomware campaigns.
Inevitably there will be gaps in the wall and some phishing emails will get through and convince recipients to click on rogue links. Attackers can pore over numerous social media feeds and even use AI writing tools such as ChatGPT to craft plausible and compelling content. Making IT systems impenetrable is a tall order, but attack resilience is achievable – for example, by asking for more than just usernames and passwords during the sign in process. Preparations also include having a well-rehearsed drill for when things do go wrong.
“Organizations need to understand their plan when they are attacked,” said Dearing. Cybersecurity frameworks such as the widely used NIST Special Publication 800-39 [PDF] are being re-written with increased emphasis on cybersecurity risk management governance. In Europe, NIS2 broadens the range of sectors that need to consider cybersecurity best practices. And responsibilities will rest with company leadership to ensure that everything is done to keep data loss to a minimum and reduce the damage done when systems are breached.
Another side of the coin is regulation. GDPR has made it clear that negligence on data protection will be punished. Companies are required to be able to detect, investigate, risk-assess, and record any breaches. And firms must report any data losses as appropriate. The UK’s Information Commissioner’s Office spells out the repercussions for failing to notify a data breach when required, highlighting that fines can reach up to 2% of global turnover.
But organizations aren’t on their own, and security providers such as Illumio, and others, have shown how solutions such as zero trust segmentation can be effective in containing data breaches. Ransomware and data theft attempts may be here to stay, but investing in IT systems that are attack tolerant and capable of containing data breaches will diminish the damage done.
James Tyrrell
@JT_bluebird1
james.tyrrell@hybrid.co
28 February 2023
27 February 2023
27 February 2023

source