November 4, 2022

Ensure Cyber Resilience by Developing Your Cyber Resilience Plan

November 4, 2022

Cybersecurity risks are common in the digital age, but we should not allow them to limit our business goals. Cybersecurity consulting and security breaches have gradually become critical parts of the IT department. We cannot tackle cyber threats without the expertise of cybersecurity consultants or cybersecurity breach experts.

Whether starting from scratch or looking to improve your existing cybersecurity resources, hiring a qualified cybersecurity consultant or security breach expert is always a good idea first.

Cybersecurity Vulnerabilities, Exploits, and Threats

Cybersecurity vulnerabilities are more likely to occur when old software versions are in use. Cybercriminals may exploit any software bugs they find. They may even write malware to specifically target older applications, which are less secure and easier to hack than their newer counterparts.

If you want to protect your company from cyber attacks, here are a few ways:

Use the latest version of any application that is essential for your business (e.g., antivirus software);
Have an expert conduct regular audits and penetration tests;
Install operating system patches as soon as possible;
Train employees on cybersecurity best practices;
Strengthen network defenses by having an active firewall, two-factor authentication, and strong passwords policies in place;
Let employees know what they can do to keep their devices safe at home and work.
Implement ransomware backup best practices

Cyber Risk Mitigation Solution

When considering an organization's cyber security approach, the initial needle-moving goal should not be to avoid all risks, but instead, the strategy should contemplate how much security and what type of risk level is appropriate for different vulnerabilities.

The vulnerability analysis techniques present an opportunity for organizations to address the weaknesses in their current system and security framework. The flaw-based techniques help in assessing risks, hypothesizing breach points as well as benefits and disadvantages produced as a result of these risks. The damage potential (DP) technique offers this kind of precise information about vulnerable areas within cyber-systems that are commonplace features of computers and mobile devices.

Companies are getting hit by ransomware attacks, but there are things that both companies and employees can do to protect themselves by hiring an organization like CyberSecOp to implement a robust security program.

Security breaches can have disastrous effects as they potentially expose sensitive data to hackers. Companies are advised to plan their security measures in a preventive way and commit to these methods. The response should also be planned in order to restore the state prior to or minimize the damage caused by a security breach effectively.

Governmental agencies are investing in cybersecurity.

Cybersecurity has become a major issue. Governmental agencies are investing in the cybersecurity domain and focusing on security advancements. For example, Cybersecurity Strategy 2020 and expanding U.S. Cyber Task Force under DHS relate to this area of security and address the broad scope of cyber threats to federal networks, systems, or communications infrastructure identify priorities for cyber risk management, ensure persistent attention to counterterrorism with respect to cyberspace policymaking, execution baseline resilience against digital interference, reduce interstate conflict over jurisdictional responsibilities related to cybersecurity matters by improving key information-sharing practices among relevant federal entities in order to promote operational coordination on cybersecurity matters.

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

September 13, 2021

Holistic Ransomware Security Approach

CyberSecOp Cybersecurity & Breach News

September 13, 2021

Do you have a holistic approach for security against ransomware? To prevent events from escalating, consider immediate containment and expert remediation assistance. Ransomware attacks are rampant, and include hackers locking up computer systems and demanding a payment to unlock them. Ransomware has had devastating effects on our infrastructure and economy, impeded emergency responders, stalled tax payments and forced government offices back to pen-and-paper operations for weeks on end.

80% of those who paid their ransom were attacked again, and not even security firms are immune to these attacks.

What is Ransomware?

Ransomware is a form of malicious software (malware) that is designed to encrypt files on a device, making the files and the systems that rely on them unusable. Malicious actors then demand a ransom payment, usually in the form of cryptocurrency, in exchange for decryption. These malicious actors may also make extortion demands, by threating to release stolen data if a ransom is not paid, or may come back after the fact and demand an additional payment in order to prevent the release of stolen data.

Recent Breach of a Top Security Firm

Accenture, one of the largest security firms around, confirmed in August 2021 that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.

Previously, the cybersecurity firm FireEye had been the first call for help at government agencies and international companies who had been hacked by sophisticated attackers. Yet on Dec 8, 2020, FireEye announced it had been breached, and not just data but also some of its most valuable tools had been stolen.

Ransomware Impact

The impact of a successful ransomware deployment includes both technical and non-technical challenges, and can be crippling to business operations. Modern-day attackers have developed advanced techniques that now require a holistic security risk mitigation strategy, inclusive from the board to technical practitioners.

The impact of ransomware can include:

· Temporary, and possibly permanent, loss of your company's data

· A complete shutdown of your company's operations

· Financial loss as a result of revenue-generating operations being shut down

· Financial loss associated with the cost of remediation efforts

· Permanent damage to your company's reputation

How Can CyberSecOp Help Your Organization?

Holistic Security Risk Mitigation Strategy

A holistic approach to cybersecurity can address the following components and their implications for governance, organizational structures, and processes. Our holistic security program includes a risk management program, which provides an accurate overview of the risk landscape and governing principles that ensure accurate risk reporting. We address:

Assets: Clearly defining critical assets
Controls: Differentiated controls to balance security with agility
Processes: State-of-the-art and fully tested procedures for optimal security and remediation
Organization: Bringing the right skills, most efficient decision making, and effective enterprise-wide cooperation into your organization
Governance: Investments in operational resilience, prioritized based on deep transparency into cyber risks including third parties and vendors, covering of the whole value chain
Patches: Keeping your network up to date with the latest software patches
Software Mitigations: Using robust antivirus and firewall protections in your network
Backups: Backing up data securely and separately from your network, and routinely testing restoring from backups

Incident Response Services

Scoping and Investigation

The CyberSecOp Incident Response (IR) Team conducts forensic analysis to identify root causes and ensure rapid containment of ongoing attacks. This swiftness to action helps prevent escalation.

Services and Expert Guidance

CyberSecOp IR Team remediates issues throughout the network and implements updates to configurations, architecture, and tooling.

Advanced Threat Analysis

The CyberSecOp Team conducts in-depth investigations including root cause analysis, malware reverse engineering and comprehensive incident reporting.

How Does Ransomware Infect my Network?

Ransomware, like other forms of malware, seeks to take advantage of poor security practices employed by employees and system administrators. According to the Internet Crime Complaint Center (IC3) the most common methods of infection are:

Email Phishing: This social engineering attack vector occurs when a cyber-criminal sends an email which appears to be legitimate, but in fact contains a link to a malicious website or document with a malicious script, which then infects the recipient’s computer and associated network.
Remote Desktop Protocol (RDP) Vulnerabilities: RDP is a type of software that allows individuals to control the resources of another computer over the internet. RDP is commonly used by employees working remotely and by system administrators to manage computers from a distance.
Software Vulnerabilities: These vulnerabilities are flaws in the code of a piece of software (like Microsoft Word) that can be exploited by threat actors to gain control of a system to deploy malware. A common example would be “macros” that get installed within Microsoft Word or Microsoft Excel that lead to infection.

Best Practices and remedial measures

Users and administrators are advised to take the following preventive measures to protect their computer networks from ransomware infection/ attacks:

Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
Check regularly for the integrity of the information stored in the databases.
Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)
Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems
Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
Application white listing/Strict implementation of Software Restriction Policies (SRP)to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.
Maintain updated Antivirus software on all systems
Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser
Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.
Network segmentation and segregation into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.
Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
Disable remote Desktop Connections, employ least-privileged accounts. Limit users who can log in using Remote Desktop, set an account lockout policy. Ensure proper RDP logging and configuration.
Restrict access using firewalls and allow only to selected remote endpoints, VPN may also be used with dedicated pool for RDP access
Use strong authentication protocol, such as Network Level Authentication (NLA) in Windows.
Additional Security measures that may be considered are

Use RDP Gateways for better management
Change the listening port for Remote Desktop
Tunnel Remote Desktop connections through IPSec or SSH
Two-factor authentication may also be considered for highly critical systems

If not required consider disabling, PowerShell / windows script hosting.
Restrict users' abilities (permissions) to install and run unwanted software applications.
Enable personal firewalls on workstations.
Implement strict External Device (USB drive) usage policy.
Employ data-at-rest and data-in-transit encryption.
Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf
Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.
Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

Our IT & cybersecurity consulting service protects you from cyber criminals in myriad ways. From implementing a cybersecurity program, which include a written information security program and cybersecurity assessment, to purchasing our best-in-class cybersecurity consulting and IT security solutions, engaging with CyberSecOp will lead you in the right direction towards an enhanced security stance. CyberSecOp is an ISO 27001 Certification Organization - join thousands of businesses by putting your security in our hands.

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

October 23, 2020

Using Linux Won't Save You from Ransomware - Here's Why

CyberSecOp Cybersecurity & Breach News

October 23, 2020

"Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent." (FBI, 2019)

Since early 2018, there has been a sharp spike in the cleverness, thoroughness, and precision of the security breaches we see in the ransomware landscape. Regardless of attack vector - whether it's from phishing, vishing, or the classic insider threat - once ransomware is on your computer, it's incredibly difficult to restore your files. It takes some serious intervention to stand a chance of recovering your business (or personal) data.

The easiest solution is to get the appropriate key and decryption tool, and use them together to unlock your files...but typically you only receive those resources in exchange for paying the ransom, and many companies can’t afford the ransom at its original price. By that time, there's a good chance you've taken a catastrophic financial blow. From hospitals, to insurance companies, to banks, there are plenty of highly valuable (and highly vulnerable) assets to be manipulated, and threat actors don’t hesitate to put lives at stake for the benefit of their wallets.

So how can we prevent these breaches? What is the key to staying safe from attackers?

The answer may be simpler than you think.

The three most impactful measures you can take to stay safe are as follows:

★ Quarantine

○ Take your computer off the network or wifi and reset your data by wiping the device entirely back to its factory settings (the way it came when you bought it) the moment you can confirm there has been a breach.

★ Have a backup

○ You can only take the first measure if you either don’t care at all about your data, or you have bothered to back it up so you have an unencrpted copy.

★ Get help negotiating your ransom down

○ If you need to pay the threat actor the ransom money to recover your data, there are many firms that can help you with this - don’t pay the full price of the ransom! Firms that can help with ransom negotiation and essential protections include CyberSecOp, which you can reach by using Our Contact Form.

So what’s so special about the threat of Linux-based malware? A Linux-based ransomware variant has the potential to take down any and every industry. Major cloud providers like AWS (Amazon Web Services), Oracle, and Microsoft base entire workloads on Linux; malware sweeping through those servers could bring down any company that uses a modernized cloud stack to host their sites and data.

And then there are hacktivists - hackers who hack to do activism for their cause (which can vary greatly in scope between organizations). Hacktivists have a history of using their ransomware attacks to make a point - whether it’s political or personal - and to incite fear in other companies or individuals who support the cause represented by the victim. While you might not think this presents a threat to you personally, or even to your business, the truth is that innovations in cyberattacks threaten us all. If the target were to have a Linux-based system, the hacktivist group targeting that individual would be devoted to finding a way to spread ransomware across Linux-based devices. When ransomware is evolved by perpetrators to this degree, we are likely to see major outages across all the cloud providers listed above, and it could cripple any business or personal account that is hosted therein.

To avoid such a catastrophic and monolithic problem, we should learn to govern our systems from a more ecosystem-centric approach, rather than depend on the classic signature-based antivirus alerts that have become standard. You may recognize Norton Antivirus alerts or even operating-system-based protection like Windows Defender presenting to you pop-ups about updating your signatures.

The truth is that we shouldn’t rely on the technical drivers of these updates, the people who hunt down and publish these known virus signatures, to keep us safe. We should be educating our employees, friends, and families, on the essentials of how to stay digitally secured and prevent breaches in the modern threat landscape. This concept is especially important as a mere tweak in the code of a virus and a quick recompilation of that code can cause the hash (or signature) of the virus to change, causing these famous signature-based antivirus softwares to completely miss the threat on your device.

A phenomenal example of how dangerous this variant-based workaround can be is what happened to the Colorado State Department of Transportation (CDOT) in early 2018.

“As CDOT’s Information Security group scrambled to contain the spread and impact of SamSam’s first wave, their efforts were quickly undermined by another variant of the same ransomware strain that was spreading throughout many of the newly sanitized zones of their network.”[1] (Richard Horne for the SANS Institute)

In an interview with the Denver Post, Brandi Simmons, a spokeswoman for the state's Office of Information Technology said, “The variant of SamSam ransomware just keeps changing. The tools we have in place didn't work. It's ahead of our tools.” The tools in question were signature-tracking antivirus software, like what many of us use on our home computers. In the end, Colorado's Office of Information Technology, the Colorado National Guard, and the FBI all had to collaborate to contain this threat, and by the time they had, over 2,000 computers running Windows and McAfee security software had been taken offline.

In conclusion, it seems inevitable that we will see Linux systems fall prey to the same types of ransomware we currently battle; it’s only a matter of time. Make sure you’re safe and you know how to protect your data: maintain a backup of all your files, be ready to quarantine in the event of a breach, and remember not to panic. We are here to help.

Sources:

https://www.sans.org/reading-room/whitepapers/tools/strings-me-linux-ransomware-39870

https://www.darkreading.com/attacks-breaches/second-ransomware-round-hits-colorado-dot/d/d-id/1331197

Authored by Alison Stuart

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

April 27, 2019

Cyber Security Services, Ransomware, Security Consulting

Ransomware - SMEs Faces Greatest Risk - Attacks Grown 235%

CyberSecOp Cybersecurity & Breach News

April 27, 2019

Cyber Security Services, Ransomware, Security Consulting

Enterprises, beware. Threat actors are continuing to eye businesses for high returns on investment in Q1 2019, breaching infrastructure, exfiltrating or holding data hostage, and abusing weak credentials for continued, targeted monitoring. From a steadfast increase of pervasive Trojans, such as Emotet, to a resurgence of ransomware lodged against corporate targets, cybercriminals are going after organizations with a vengeance.

Ransomware attacks on business targets have seen a substantial increase in the first quarter of 2019, up by 195 percent since the fourth quarter of 2018, according to a recent Malwarebytes report.

Malwarebytes researchers analyzed the combined statistics and intel collected from its intelligence, research, and data science teams between January 1 and March 31, 2019. They also leveraged telemetry from both consumer and business products on PC, Mac, and mobile devices.

Overall, they found that business detection of ransomware attacks increased by more than 500 percent from the same time frame in 2018 with 336,634 detections.

SMEs face the greatest risk from attacks as overall business detections have grown 235%

“Zero day attacks are on the rise and estimated to be a daily occurrence by 2021. This is largely down to digitisation within organisations and there’s more pressure on developers to deliver software faster – leaving systems vulnerable. This problem is exacerbated by hackers becoming more sophisticated, enabling them to bypass defences more easily.

“IT teams often prioritise stopping a breach occurring at all, but in today’s cyber climate a successful breach is inevitable. The most important aspect of cyber security is that businesses prepare for the worst and have effective data recovery and backup systems in place. Zero day recovery makes sure critical systems are down for as little time as possible. It’s often true that real damage from these breaches doesn’t come from the attack itself, but the resultant downtime after a breach – the time taken to become fully operational dictates the financial and operational fallout on a business.”

Key takeaways

cryptomining seems to have gone the way of the dodo. Detections of consumer-focused Bitcoin miners have dropped significantly over the last year and even from last quarter, while business-focused miners have increased from the previous quarter, especially in the APAC region.

Adware in Macs and mobile devices was problematic.

While all Mac malware saw a more than 60 percent increase from Q4 2018 to Q1 2019, adware was particularly pervasive, clocking in at over 200 percent from the previous quarter. Mobile adware detections also trended upward, as supply chain attacks delivered malware pre-installed on mobile devices. However, overall adware detections were fewer in Q1 2019 than they were during the same time period last year.

Exploit authors developed some attention-grabbing techniques. A new Flash Player zero-day was discovered in Q1 and quickly implemented into popular exploit kits, including Underminer and Fallout EK, as well as a new exploit kit called Spelevor. In addition, a Chrome zeroday required users to take action, fully shutting down and restarting their browser in order to patch the vulnerability. Finally, the popular software WinRAR was being used to deliver payloads to users.

As attacks against businesses ramped up, user trust in businesses to protect their data reached a new low.

In a survey conducted by Malwarebytes in Q1 2019 of nearly 4,000 respondents, users expressed deep concerns about abuse, misuse, and theft of PII, especially from social media and search engine companies. In a new section of our Cybercrime Tactics and Techniques report, we examine how cybercriminals found success by exploiting infrastructure weaknesses, gaps in policy and regulation, and even corporate negligence to not only walk away with valuable data, but establish persistence within the network.

Businesses are still the prime target. Overall detections of threats to businesses have steadily risen, while consumer threats have dropped off. Business detections increased by about 7 percent from the previous quarter, while consumer detections declined by nearly 40 percent, resulting in an overall dip in malware volume of 35 percent quarter over quarter. Compared to Q1 2018, business detections have skyrocketed 235 percent, with consumer detections dropping 24 percent year over year. This reinforces the observed trend of cybercriminals focusing more on business targets today.

Emotet shows no signs of stopping. Emotet, the most fearsome and dangerous threat to businesses today, has made a total shift away from consumers, reinforcing the intent of its creators to focus on enterprise targets, except for a few outlier spikes. Detections of Trojans (Emotet’s parent category) on business endpoints increased more than 200 percent from the previous quarter, and almost 650 percent from the same time last year.

Ransomware is back to business.

Ransomware has made a tremendous comeback against business targets in Q1 2019, with an increase of 195 percent in detections from Q4 2018 to Q1 2019. In comparison to the same time last year, business detections of ransomware have seen an uptick of over 500 percent, thanks in large part to a massive attack by the Troldesh ransomware against US organizations in early Q1.

Consumer detections of ransomware died down. Meanwhile, ransomware consumer detections have continued to drop, despite activity by families such as GandCrab, which primarily targeted consumers over the last quarter as it switched to a ransomware-asa-service and began brute-forcing RDP to infiltrate systems. Consumer detections of ransomware decreased by 10 percent quarter over quarter, and by 33 percent year over year.

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

March 27, 2019

Ransomware, Data Breach, Security Breach

Ransomware Breach and Ransomware Prevention

CyberSecOp Cybersecurity & Breach News

March 27, 2019

Ransomware, Data Breach, Security Breach

Cyber-criminals have turned to ransomware as the latest go-to tool for attacking and extorting businesses using a wide range of variants such as Dharma, Wallet, WannaCry, Cryptowall, Samas, Locky, TeslaCrypt., RyUK and others. The outbreak of WannaCry was one of the largest and worst ransomware campaigns ever. Traditional signature-based antivirus and threat detection methods have proven to be woefully ineffective against such attacks. CyberSecOp use AI to help organization protect their data, and provide ransomware Incident response and remediation services.

HOW DO I RESPOND TO RANSOMWARE?

Implement your security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove the ransomware threat to your systems and restore data and normal operations. In the meantime, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.

Contact law enforcement immediately. We encourage you to contact a local FBI or USSS field office immediately to report a ransomware event and request assistance. Contact CyberSecOp Security Consulting Firm for ransomware incident response & digital forensic services.

There are serious risks to consider before paying the ransom. We do not encourage paying a ransom. We understand that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. As you contemplate this choice, consider the following risks:

• Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom.

• Some victims who paid the demand have reported being targeted again by cyber actors.

• After paying the originally demanded ransom, some victims have been asked to pay more to get the promised decryption key.

• Paying could inadvertently encourage this criminal business model.

Ransomware Incident Response from CyberSecOp, the firm that provide ransomware protection, and ransomware ransom payment.

WHAT IS RANSOMWARE?

Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted.

HOW DO I PROTECT MY NETWORKS?

A commitment to cyber hygiene and best practices is critical to protecting your networks. Here are some questions you may want to ask of your organization to help prevent ransomware attacks:

1. Backups: Do we backup all critical information? Are the backups stored offline? Have we tested our ability to revert to backups during an incident?

2. Risk Analysis: Have we conducted a cybersecurity risk analysis of the organization?

3. Staff Training: Have we trained staff on cybersecurity best practices?

4. Vulnerability Patching: Have we implemented appropriate patching of known system vulnerabilities?

5. Application Whitelisting: Do we allow only approved programs to run on our networks?

6. Incident Response: Do we have an incident response plan and have we exercised it?

7. Business Continuity: Are we able to sustain business operations without access to certain systems? For how long? Have we tested this?

8. Penetration Testing: Have we attempted to hack into our own systems to test the security of our systems and our ability to defend against attacks?

Protecting Your Networks from Ransomware

Ransomware is the fastest growing malware threat, targeting users of all types—from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015. There are very effective prevention and response actions that can significantly mitigate the risk posed to your organization.

Ransomware targets home users, businesses, and government networks and can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.

Ransomware may direct a user to click on a link to pay a ransom; however, the link may be malicious and could lead to additional malware infections. Some ransomware variants display intimidating messages, such as:

“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”

“You only have 96 hours to submit the payment. If you do not send money within provided time, all your files will be permanently encrypted and no one will be able to recover them.”

Ransomware?

Ransomware is a form of malware that targets your critical data and systems for the purpose of extortion. Ransomware is frequently

delivered through spearphishing emails. After the user has been locked out of the data or system, the cyber actor demands a ransom payment. After receiving payment, the cyber actor will purportedly provide an avenue to the victim to regain access to the system or data. Recent iterations target enterprise end users, making awareness and training a critical preventive measure.

Protecting Your Networks

Educate Your Personnel

Attackers often enter the organization by tricking a user to disclose a password or click on a virus-laden email attachment.

Remind employees to never click unsolicited links or open unsolicited attachments in emails. To improve workforce awareness, the internal security team may test the training of an organization’s workforce with simulated phishing emails.

You will need and experience security consulting firm to guide you remediate the ransomware.

Proactive Prevention is the Best Defense

Prevention is the most effective defense against ransomware and it is critical to take precautions for protection. Infections can be devastating to an individual or organization, and recovery may be a difficult process requiring the services of a reputable data recovery specialist.

The U.S. Government (USG) recommends that users and administrators take the following preventive measures to protect their computer networks from falling victim to a ransomware infection:

Preventive Measures

• Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.

• Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.

• Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.

• Configure firewalls to block access to known malicious IP addresses.

• Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.

• Set anti-virus and anti-malware programs to conduct regular scans automatically.

• Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrator accounts should only use them when necessary.

• Configure access controls—including file, directory, and network share permissions— with least privilege in mind. If a user only needs to read specific files, the user should not have write access to those files, directories, or shares.

• Disable macro scripts from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.

• Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.

• Consider disabling Remote Desktop protocol (RDP) if it is not being used.

• Use application whitelisting, which only allows systems to execute programs known and permitted by security policy.

• Execute operating system environments or specific programs in a virtualized environment.

• Categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units. Business Continuity Considerations

• Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working.

• Conduct an annual penetration test and vulnerability assessment.

• Secure your backups. Ensure backups are not connected permanently to the computers and networks they are backing up. Examples are securing backups in the cloud or physically storing backups offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization. Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data.

What to Do If Infected with Ransomware

Should preventive measures fail, the USG recommends that organizations consider taking the following steps upon an infection with ransomware:

• Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives.

• Isolate or power-off affected devices that have not yet been completely corrupted. This may afford more time to clean and recover data, contain damage, and prevent worsening conditions.

• Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.

• Contact law enforcement immediately. We strongly encourage you to contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransomware event and contact CyberSecOp to request assistance.

• If available, collect and secure partial portions of the ransomed data that might exist.

• If possible, change all online account passwords and network passwords after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system.

• Delete Registry values and files to stop the program from loading.

Implement your security incident response and business continuity plan. Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data.

There are serious risks to consider before paying the ransom. CyberSecOp does not encourage paying a ransom to criminal actors. However, after systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees, and customers. Victims will want to evaluate the technical feasibility, timeliness, and cost of restarting systems from backup. Ransomware victims may also wish to consider the following factors:

• Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom.

• Some victims who paid the demand were targeted again by cyber actors.

• After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key. CyberSecOp can negotiate the ransom for you, we have a 60% t rate of reducing the ransom.

• Paying could inadvertently encourage this criminal business model.

Ransomware Variants

Ransomware is a growing criminal activity involving numerous variants. Since 2012 when police locker ransomware variants first emerged, ransomware variants have become more sophisticated and destructive. Some variants encrypt not just the files on the infected device, but also the contents of shared or networked drives, externally attached storage media devices, and cloud storage services that are mapped to infected computers. These variants are considered destructive because they encrypt users’ and organizations’ files, and render those files useless until a ransom is paid.

Recent federal investigations by the FBI reveal that ransomware authors continue to improve ransomware code by using anonymizing services like “Tor” for end-to-end communication to infected systems and Bitcoin virtual currency to collect ransom payments. Currently, the top five ransomware variants targeting U.S. companies and individuals are CryptoWall, CTBLocker, TeslaCrypt, MSIL/Samas, and Locky. New ransomware variants are continually emerging.

CryptoWall

CryptoWall and its variants have been actively used to target U.S. victims since April 2014.

CryptoWall was the first ransomware variant that only accepted ransom payments in Bitcoin.

The ransom amounts associated with CryptoWall are typically between $200 and $10,000. Following the takedown of the CryptoLocker botnet, CryptoWall has become the most successful ransomware variant with victims all over the world. Between April 2014 and June 2015, IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million. CryptoWall is primarily spread via spam email but also infects victims through drive-by downloads and malvertising.

CTB-Locker

CTB-Locker emerged in June 2014 and is one of the first ransomware variants to use Tor for its C2 infrastructure. CTB-Locker uses Tor exclusively for its C2 servers and only connects to the C2 after encrypting victims’ files. Additionally, unlike other ransomware variants that utilize the Tor network for some communication, the Tor components are embedded in the CTBLocker malware, making it more efficient and harder to detect. CTB-Locker is spread through drive-by downloads and spam emails.

TeslaCrypt

TeslaCrypt emerged in February 2015, initially targeting the video game community by encrypting gaming files. These files were targeted in addition to the files typically targeted by ransomware (documents, images, and database files). Once the data was encrypted, TeslaCrypt attempted to delete all Shadow Volume Copies and system restore points to prevent file recovery. TeslaCrypt was distributed through the Angler, Sweet Orange, and Nuclear exploit kits.

MSIL or Samas (SAMSAM)

MSIL or Samas (SAMSAM) was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application. SAMSAM exploits vulnerable Java-based Web servers. SAMSAM uses open-source tools to identify and compile a list of hosts reporting to the victim’s active directory. The actors then use psexec.exe to distribute the malware to each host on the network and encrypt most of the files on the system. The actors charge varying amounts in Bitcoin to provide the decryption keys to the victim.

Locky

In early 2016, a destructive ransomware variant, Locky, was observed infecting computers belonging to businesses globally, including those in the United States, New Zealand, Australia, Germany and the United Kingdom. Locky propagates through spam emails that include malicious Microsoft Office documents or compressed attachments (e.g., .rar, .zip) that were previously associated with banking Trojans such as Dridex and Pony. The malicious attachments contain macros or JavaScript files to download the Locky files. Recently, this ransomware has also been distributed using the Nuclear Exploit Kit.

Links to Other Types of Malware

Systems infected with ransomware are also often infected with other malware. In the case of

CryptoLocker, a user typically was infected by opening a malicious attachment from an email.

This malicious attachment contained Upatre, a downloader, which infected the user with GameOver Zeus. GameOver Zeus was a variant of the Zeus Trojan used to steal banking information and other types of data. After a system became infected with GameOver Zeus, Upatre would also download CryptoLocker. Finally, CryptoLocker encrypted files on the infected system and demanded a ransom payment.

The disruption operation against the GameOver Zeus botnet also affected CryptoLocker, demonstrating the close ties between ransomware and other types of malware. In June 2014,

an international law enforcement operation successfully weakened the infrastructure of both

GameOverZeus and CryptoLocker.

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

March 8, 2019

Botnet, Ransomware, Security Breach, Cyber Security Services, Data Breach

Ransomware Attack: Threats, and Countermeasures

CyberSecOp Cybersecurity & Breach News

March 8, 2019

Botnet, Ransomware, Security Breach, Cyber Security Services, Data Breach

When you combine cryptography with malware, you get a very dangerous mix of problems. This is a type of computer virus that goes by another name, “ransomware”. This type of virus is part of a field of study called “cryptovirology”. Through the use of techniques called phishing, a threat actor sends the ransomware file to an unknowing victim. If the file is opened it will execute the virus payload, which is malicious code. The ransomware runs the code that encrypts user data on the infected computer or host. The data are user files like documents, spreadsheets, photos, multimedia files and even confidential records. The ransomware targets your personal computer files and applies an encryption algorithm like RSA which makes the file inaccessible. The only way to access them is if the user pays a ransom to the threat actor by following instructions which appear encoded into the encrypted files. Thus it is called ransomware, because a form of payment is demanded in order to fix the problem.

Once they have all publicly available email addresses, the fun starts. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there. Now they can send all employees an email supposedly coming from Accounting, Human Resources, the CEO or perhaps the mail room, and social engineer your users to click on a link. almost 90 percent of attack are done via the internet, based on the new software model, and yes the bad guys are also moving to the cloud. Software is shifting away from locally-installed apps to Software as a Service web applications that run in the cloud. Criminals are cashing in on this trend, which has led to the creation of Ransomware as a Service (RaaS), a growing threat to business.

RaaS refers to various online malware exploits that bad actors can use to attack the IT assets of businesses and individuals. These attack programs are created by criminal entrepreneurs who sell their services to other criminals. The people who buy these programs then extort or blackmail their victims by holding computer systems to ransom.

How does Ransomware spread?

Ransomware is typically spread through phishing emails that contain malicious attachments. These emails appear to come from a legitimate source and give a compelling reason that the document is important. Malicious attachments are often PDF, ZIP, DOC, XLS, PPT files that appear as invoices, legitimate business documents, or other work-related files. In some cases, Ransonware may end up on your computer by visiting infected web sites. To avoid malicious drive-by downloads, ensure that antivirus and all installed software is up-to-date.

How to Mitigate the Risk of Ransomware Infections

These recommendations are not comprehensive but provide general best practices.

Securing Networks and Systems

Have an incident response plan that includes what to do during a ransomware event.
Backups are critical. Use a backup system that allows multiple iterations of the backups to be saved, in case a copy of the backups includes encrypted or infected files. Routinely test backups for data integrity and to ensure it is operational.
Use antivirus and anti-spam solutions. Enable regular system and network scans with antivirus programs enabled to automatically update signatures. Implement an anti-spam solution to stop phishing emails from reaching the network. Consider adding a warning banner to all emails from external sources that reminds users of the dangers of clicking on links and opening attachments.
Disable macros scripts. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.
Keep all systems patched, including all hardware, including mobile devices, operating systems, software, and applications, including cloud locations and content management systems (CMS), patched and up-to-date. Use a centralized patch management system if possible. Implement application white-listing and software restriction policies (SRP) to prevent the execution of programs in common ransomware locations, such as temporary folders.
Restrict Internet access. Use a proxy server for Internet access and consider ad-blocking software. Restrict access to common ransomware entry points, such as personal email accounts and social networking websites.
Apply the principles of least privilege and network segmentation. Categorize and separate data based on organizational value and where possible, implement virtual environments and the physical and logical separation of networks and data. Apply the principle of least privilege.
Vet and monitor third parties that have remote access to the organization’s network and/or your connections to third parties, to ensure they are diligent with cybersecurity best practices.
Participate in cybersecurity information sharing programs and organizations, such as MS-ISAC and InfraGard.

Securing the End User

Provide social engineering and phishing training to employees. Urge them not to open suspicious emails, not to click on links or open attachments contained in such emails, and to be cautious before visiting unknown websites.
Remind users to close their browser when not in use.
Have a reporting plan that ensures staff knows where and how to report suspicious activity.

Responding to a Compromise/Attack

Immediately disconnect the infected system from the network to prevent infection propagation.
Call CyberSecOp.com Ransomware Response Team: They provide remediation and bitcoin payment services.
Determine the affected data as some sensitive data, such as electronic protected health information (ePHI) may require additional reporting and/or mitigation measures.
Determine if a decryptor is available. Online resources such as No More Ransom! can help.
Restore files from regularly maintained backups.
Report the infection. It is highly recommended that SLTT government agencies report ransomware incidents to MS-ISAC. Other sectors and home users may report to infections to local Federal Bureau of Investigation (FBI) field offices or to the Internet Crime Complaint Center (IC3).

Ransomware Checker & Removal Tools

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

February 16, 2019

Cyber Security Services, Data Breach, Security Breach, Ransomware

Are Users Your Weakest Link - To Your Cybersecurity Posture

CyberSecOp Cybersecurity & Breach News

February 16, 2019

Cyber Security Services, Data Breach, Security Breach, Ransomware

Humans remain the weak link in corporate data protection

Humans remain the weak link in corporate data protection, but you might be surprised that it isn't only rank-and-file employees duped by phishing scams who pose risks. Some companies are lulled into a false sense of cybersecurity by vendors. You read that right, Some enterprises believe the shiny new technologies they've acquired will protect them from anything.

As we continue to build defense in depth and deploy security appliances utilizing AI and other emerging technologies, attackers will continue to pivot to the perennial weak spot: the users. Recently I hosted the Social Engineering Capture The Flag competition at Hackfest in Quebec, and similar to last year, the results were sobering. Every single targeted company had employees that gave detailed information over the phone on their OS and service pack level, and 88 percent gave detailed information on the browser they were using. Three quarters went to a URL that they were given over the phone. The information that the companies bled was disheartening but not shocking. Until we train employees to trust their instincts and tell them it's okay to say no to a customer, things won't change. In the current environment where companies ask their customers to leave a positive review online, employees increasingly feel less empowered to terminate a call they feel is suspicious. Your friendly neighborhood hacker is happy to exploit this weakness.

Billions being send on security tools

The threat of cyber crime has created a significant increase in interest on the topic of cyber security, with organizations spending billions of dollars to protect themselves against a fast evolving array of current and potential future threats. Many spend heavily on monitoring, surveillance and software; however, they often neglect the risk exposure created by their own people – and, in this digital age, by their customers.

Businesses are losing the fight, pay ransom, or lose their lively hood

Businesses are forced to make exceedingly difficult decisions. On one hand, it feels wrong to negotiate with the cybercriminals and give them what they want. On the other hand, the looming financial hit and business interruption is typically far more detrimental than the payoff amount. If business owners don’t engage with the ransomers, they face the prospect that they, and their employees, may lose their livelihood. I see ransomware as a continuing cyber threat in 2019 and beyond. It’s up to business owners to implement the best security practices and ensure that their employees are properly trained to identify and avoid potential threats.

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

November 18, 2018

Data Breach, Cyber Security Services, Cyber Insurance, Security Breach, Ransomware

Ransomware Cyberattack - 92% of MSSPs Expect Ongoing Attacks

CyberSecOp Cybersecurity & Breach News

November 18, 2018

Data Breach, Cyber Security Services, Cyber Insurance, Security Breach, Ransomware

Ransomware is the leading cyberattack experienced by small and medium-sized businesses (SMBs), according to a survey of more than 2,400 managed service providers (MSSPs) conducted by data protection company Datto.

Datto’s State of the Channel Ransomware Report provides unique visibility into the ransomware epidemic from the perspective of the IT Channel and the SMB clients who are dealing with these infections on a daily basis. The report provides a wealth of detail on ransomware, including year-over-year trends, frequency, targets, impact, and recommendations for ensuring recovery and continuity in the face of the growing threat.

Key findings from Datto’s “State of the Channel Ransomware Report” included:

79 percent of MSSPs reported ransomware attacks against customers.
85 percent indicated that victims had antivirus software installed, 65 percent reported victims had email/spam filters installed and 29 percent reported victims used pop-up blockers.
89 percent are “highly concerned” about ransomware attacks.
92 percent predict the number of ransomware attacks will continue at current, or worse, rates.
MSPs ranked phishing emails as the top ransomware delivery method, followed by malicious websites, web ads and clickbait.
The average requested ransom for SMBs is roughly $4,300, while the average cost of downtime related to such an attack is approximately $46,800.
The number of MSPs reporting OS/iOS attacks increased by nearly 500 percent year over year in the first six months of 2018.

No single solution is guaranteed to prevent such attacks, Datto indicated. Conversely, SMBs require a multilayered approach to identify and stop ransomware attacks before they cause brand reputation damage, revenue loss and other problems.

How Can SMBs Address Ransomware Attacks?

CyberSecop offered the following recommendations to help SMBs safeguard their data and assets against such attacks:

Leverage business continuity and disaster recovery (BCDR) technology. BCDR technology won’t stop ransomware attacks; instead, it helps an SMB determine how to limit downtime and maintain operations despite a ransomware attack.
Provide cybersecurity training. By offering regular and mandatory cybersecurity training, an SMB can ensure all of its employees can identify and avoid potential phishing scams that otherwise lead to such an attack.
Employ a dedicated cybersecurity professional. It may be difficult for an SMB to hire a full-time cybersecurity professional. Fortunately, working with an MSSP allows an SMB to receive cybersecurity monitoring and other security services.

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

November 2, 2018

Data Breach, Cyber Security Services, Security Compliance, Ransomware, Security Breach

Data Breaches Ransomware and Cyber Attacks

CyberSecOp Cybersecurity & Breach News

November 2, 2018

Data Breach, Cyber Security Services, Security Compliance, Ransomware, Security Breach

Data Breaches Ransomware and Cyber Attacks

It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so it’s vital to have a proper data recovery plan in place. You can also tighten your defenses significantly by ensuring all of your network devices are properly configured, and by putting some thought into all of your potential network borders.

Data Recovery Capability

Do you have a proper backup plan in place? Have you ever tested it to see that it works? Disaster recovery is absolutely vital, but an alarming number of companies do not have an adequate system in place. A survey of 400 IT executives by IDG Research revealed that 40% rate their organizations’ ability to recover their operations in the event of disaster or disruption as “fair or poor.” Three out of four companies fail from a disaster recovery standpoint, according to the Disaster Recovery Preparedness Benchmark.

A successful malware attack can lead to altered data on all compromised machines and the full effects are often very difficult to determine. The option to roll back to a backup that predates the infection is vital. Backed up data must be encrypted and physically protected. It’s also important that a test team routinely checks a random sampling of system backups by restoring them and verifying data integrity.

Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

The default configurations for network devices like firewalls, routers, and switches are all about ease of use and deployment. They aren’t designed with security in mind and they can be exploited by determined attackers. There’s also a risk that companies will create exceptions for business reasons and then fail to properly analyze the potential impact.

The 2015 Information Security Breaches Survey found that failure to keep technical configuration up to date was a factor in 19% of incidents. Attackers are skilled at seeking out vulnerable default settings and exploiting them. Organizations should have standardized secure configuration guidelines applied across devices. Security updates must be applied in a timely fashion.

You need to employ two-factor authentication and encrypted sessions when managing network devices, and engineers should use an isolated, dedicated machine without Internet access. It’s also important to use automated tools to monitor the network and track device configurations. Changes should be flagged and rule sets analyzed to ensure consistency.

Boundary Defense

When the French built the Maginot Line in World War II, a series of impregnable fortifications that extended along the border with Germany and beyond, it failed to protect them because the Germans invaded around the North end through neutral Belgium. There’s an important lesson there for security professionals: Attackers will often find weaknesses in perimeter systems and then pivot to get deeper into your territory.

They may gain access through a trusted partner, or possibly an extranet, while your defensive eye is focused on the Internet. Effective defenses are multi-layered systems of firewalls, proxies, and DMZ perimeter networks. You need to filter inbound and outbound traffic and take caution not to blur the boundaries between internal and external networks. Consider network-based IDS sensors and IPS devices to detect attacks and block bad traffic.

Segment your network and protect each sector with a proxy and firewall to limit access as far as possible. If you don’t have internal network protection, then intruders can get their hands on the keys to the kingdom by successfully breaching the outer defenses.

The real cost

A lot of businesses argue that they can’t afford a comprehensive disaster recovery plan, but they should really consider whether they can afford to lose all their data or be uncertain about its integrity. They may lack the expertise to ensure that network devices are securely configured, but attackers don’t lack the skills to exploit that. It’s understandably common to focus on the outer boundary of your network and forget about threats that come from unexpected directions or multiply internally, but it could prove costly indeed.

Compared to the cost of a data breach, all of these things are cheap and easy to set up

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

October 5, 2018

Cyber Security Services, Ransomware, Security Compliance, Security Consulting, Security Service

Ransomware Business Impacts, Ransomware Business Cost

CyberSecOp Cybersecurity & Breach News

October 5, 2018

Cyber Security Services, Ransomware, Security Compliance, Security Consulting, Security Service

Projecting the overall cost of a ransomware attack can be tricky for security executives considering the many factors that can come into play when responding to and recovering from one. Information from numerous previous incidents show the costs go well beyond any demanded ransom amount and the costs associated with cleaning infected systems.

Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers till they pay a ransom to cybercriminals. Ransomware typically operates via the crypto virology mechanism, using symmetric as well as asymmetric encryption to prevent users from performing managed file transfer or accessing particular files or directories. Cybercriminals use ransomware to lock files from being used assuming that those files have extremely crucial information stored in them and the users are compelled to pay the ransom in order to regain access.

Ransomware History

It’s been said that Ransomware was introduced as an AIDS Trojan in 1989 when Harvard-educated biologist Joseph L. Popp sent 20,000 compromised diskettes named “AIDS Information – Introductory Diskettes” to attendees of the internal AIDS conference organized by the World Health Organization. The Trojan worked by encrypting the file names on the customers’ computer and hiding directories. The victims were asked to pay $189 to PC Cyborg Corp. at a mailbox in Panama.

From 2006 and on, cybercriminals have become more active and started using asymmetric RSA encryption. They launched the Archiveus Trojan that encrypted the files of the My Documents directory. Victims were promised access to the 30-digit password only if they decided to purchase from an online pharmacy.

After 2012, ransomware started spreading worldwide, infecting systems and transforming into more sophisticated forms to promote easier attack delivery as the years rolled by. In Q3, about 60,000 new ransomware was discovered, which doubled to over 200,000 in Q3 of 2012.

The first version of CryptoLocker appeared in September 2013 and the first copycat software called Locker was introduced in December of that year.

Ransomware has been creatively defined by the U.S. Department of Justice as a new model of cybercrime with a potential to cause impacts on a global scale. Stats indicate that the use of ransomware is on a steady rise and according to Veeam, businesses had to pay $11.7 on average in 2017 due to ransomware attacks. Alarmingly, the annual ransomware-induced costs, including the ransom and the damages caused by ransomware attacks, are most likely to shoot beyond $11.5 billion by 2019.

Ransomware Business Impacts Can Be Worrisome

Ransomware can cause tremendous impacts that can disrupt business operations and lead to data loss. The impacts of ransomware attacks include:

Loss or destruction of crucial information
Business downtime
Productivity loss
Business disruption in the post-attack period
Damage of hostage systems, data, and files
Loss of reputation of the victimized company

You will be surprised to know that apart from the ransom, the cost of downtime due to restricted system access can bring major consequences. As a matter of fact, losses due to downtime may cost tens of thousands of dollars daily.

As ransomware continues to become more and more widespread, companies will need to revise their annual cybersecurity goals and focus on the appropriate implementation of ransomware resilience and recovery plans and commit adequate funds for cybersecurity resources in their IT budgets.

Consider the following examples. The Erie County Medical Center (ECMC) in Buffalo, NY, last July estimated it spent $10 million responding to an attack involving a $30,000 ransom demand. About half the amount went toward IT services, software, and other recovery-related costs. The other half stemmed from staff overtime, costs related to lost revenues, and other indirect costs. ECMC officials estimated the medical center would need to spend hundreds of thousands of dollars more on upgrading technology and employee awareness training.

Public records show that the City of Atlanta spent almost $5 million just in procuring emergency IT services following a March 2018 ransomware attack that crippled essential city services for days. The costs included those associated with third-party incident response services, crisis communication, augmenting support staff and subject matter expert consulting services.

In Colorado, Gov. John Hickenlooper had to set aside $2 million from the state disaster emergency fund after ransomware infected some 2,000 Windows systems at CDOT, the state department of transportation, this February. In less than eight weeks, CDOT officials spent more than half that amount just returning systems to normal from the attack.

Not surprisingly, industry estimates relating to ransomware damages have soared recently. Cybersecurity Ventures, which pegged ransomware costs at $325 million in 2015, last year estimated damages at $5 billion in 2017 and predicted it would exceed $11.5 billion in 2019.

For security executives trying to prepare a total ransomware cost estimate, the key is not to get fixated on the ransom amount itself. Even if you end up paying it to recover your data—something that most security analysts advocate against—the actual costs of the attack in most cases will end up being greater.

CyberSecOp assists organizations with Cyber Security and Privacy Consulting Services, providing services such as Cyber Security Program, Data Privacy Security Program, and Cyber Security Assessment services based on the following: NIST, ISO 27001, GDPR, CCPA, HIPAA, PCI, CMMC, GLBA amongst others. Don’t risk regulatory fines. Stay compliant with CyberSecOp Security Compliance and Cyber Incident Response Services. For More Information Call 866-973-2677

CyberSecOp an award winning cybersecurity consulting company, Click here to find out more.

CyberSecOp Cybersecurity & Breach News

September 17, 2018

Ransomware, Security Service

FBI: Protecting Your Networks from Ransomware

CyberSecOp Cybersecurity & Breach News

September 17, 2018

Ransomware, Security Service

Protecting Your Networks from Ransomware

Ransomware is the fastest growing malware threat, targeting users of all types—from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015. There are very effective prevention and response actions that can significantly mitigate the risk posed to your organization.

Ransomware targets home users, businesses, and government networks and can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.

Ransomware may direct a user to click on a link to pay a ransom; however, the link may be malicious and could lead to additional malware infections. Some ransomware variants display intimidating messages, such as:

“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”

“You only have 96 hours to submit the payment. If you do not send money within provided time, all your files will be permanently encrypted and no one will be able to recover them.”

What is Ransomware”

Ransomware is a form of malware that targets your critical data and systems for the purpose of extortion. Ransomware is frequently

delivered through spearphishing emails. After the user has been locked out of the data or system, the cyber actor demands a ransom payment. After receiving payment, the cyber actor will purportedly provide an avenue to the victim to regain access to the system or data. Recent iterations target enterprise end users, making awareness and training a critical preventive measure.

Protecting Your Networks

Educate Your Personnel

Attackers often enter the organization by tricking a user to disclose a password or click on a virus-laden email attachment. Remind employees to never click unsolicited links or open unsolicited attachments in emails. To improve workforce awareness, the internal security team may test the training of an organization’s workforce with simulated phishing emails. For additional information on Avoiding Social Engineering and Phishing Attacks.

Ransomware Proactive Prevention is the Best Defense

Prevention is the most effective defense against ransomware and it is critical to take precautions for protection. Infections can be devastating to an individual or organization, and recovery may be a difficult process requiring the services of a reputable data recovery specialist.

The U.S. Government (USG) recommends that users and administrators take the following preventive measures to protect their computer networks from falling victim to a ransomware infection:

Ransomware Preventive Measures