About Us

Forescout Frontline to Combat Ransomware and Threats

Forescout Frontline is a new threat hunting service from Forescout Technologies. It leverages a team of expert cybersecurity analysts to support cybersecurity teams by proactively identifying risks, enabling accelerated incident response, and maturing security posture. Forescout is providing this complimentary service to organizations that lack the internal resources and visibility required to defend themselves against cybersecurity attacks such as ransomware and advanced persistent threats.

Many organizations employ multiple security tools across teams to assist in the identification of threats and risks. However, due to siloed views of IT, IoT, IoMT, or OT assets, insights may be limited. A variety of these asset types typically exist across an organization’s digital terrain and are frequently interconnected, implying that cybersecurity risk must be identified and addressed holistically.

Shawn Taylor, vice president of Threat Defense at Forescout, “Cybersecurity attacks are on the rise. Simultaneously, cybersecurity teams are perennially understaffed and under-resourced. This has created a perfect storm. Organizations are under immense pressure to cope with the scale and speed of attacks and the havoc caused by adversaries. Forescout is launching this new service to help organizations defend against attacks by providing a complete and holistic view of their assets.”

The Threat Hunting and Risk Identification Service, delivered by Forescout Frontline analysts, overcome staffing resource and asset visibility challenges to uncover threats and identify risks that would otherwise go unnoticed. Frontline will assist organizations against cyber threats and vulnerabilities, and help them to discover, validate, and prioritize all assets, including IT, IoT, IoMT, and OT. It will examine the context and risk factors for all findings along with effective risk mitigation and remediation strategies.

Forescout Frontline levels cybersecurity by operationalizing vulnerability research and threat intelligence produced by Forescout’s Vedere Labs and enhancing it with the Forescout Continuum Platform to provide threat hunting services across multiple dimensions. Forescout Frontline analysts are former public and private sector threat hunters with training in threat detection and incident response.

Read more articles:

The benefits of cyber threat intelligence!

Nebulon to Support Dell PowerEdge Servers

Nebulon TimeJump safeguards both the operating system and application data, preventing the need for manual server and operating system rebuilds and saving valuable time. Furthermore, Nebulon data security software works in an isolated domain within the server, protecting critical data even if the management servers are compromised. Nebulon TimeJump offers users access to the only combined server and storage solution available. It provides a 4-minute ransomware recovery solution. It can deploy ransomware protection for small, two-node management infrastructure clusters, which reduces server purchases, data center space, power, and cooling costs by 33%.

Nebulon offers enterprises a 2-node alternative for their management infrastructure, with near-instant recovery capabilities and a 33% smaller footprint than 3-node-minimum hyper-converged infrastructure solutions, which also take hours or even days to fully recover from ransomware attacks.

Many mid-sized businesses rely on small management infrastructure clusters, which include services like PXE, DNS, DHCP, LDAP, NTP, Radius, VPN, and license servers, to quickly recover their production application environment after a ransomware attack. Since the infrastructure is on a network it can be compromised by a ransomware attack, malware, or wiper attacks, delaying production environment recovery by hours or even days.

Nebulon TimeJump 4-minute ransomware recovery solution with extended support from Dell PowerEdge-based 2-node management clusters restores the management infrastructure back online.

Siamak Nazari, CEO of Nebulon commented, “Ransomware attacks are inevitable. Many enterprises today are focused on protecting their production systems against ransomware attacks, but few have a strategy in place to quickly recover their management clusters. This can be a costly mistake as management infrastructure is critical to recovering production servers. Enterprises need a simple, fast way to ‘recover so they can recover’ – recover their management infrastructure so they can recover their production environment.”

Nebulon smartInfrastructure includes cybersecurity and ransomware protection as a core component, to prevent unauthorized login. Nebulon ON, the smartInfrastructure cloud control plane, employs mandatory multi-factor authentication (MFA). Furthermore, Nebulon’s service includes role-based access control (RBAC), which limits a malicious user’s privileges and access to the server’s data. smartInfrastructure takes data security a step further by providing always-on data encryption at rest and in-flight via a hardware-generated encryption key, rather than user-generated keys, reducing the risk of keys being lost or misappropriated.

Read more articles:

Developers’ interest in cybersecurity grows

cyber threat intelligence!

 

Developers’ interest in cybersecurity grows substantially in data breaches.

The statistics of O’Reilly’s annual platform analysis, which examines the most popular queries and content on the company’s learning platform, were released. There has been significant growth in interest in specific cybersecurity challenges.

The amount of content about ransomware has nearly tripled (a 270% increase). Privacy (up 90 %), identity (up 50 %), application security (up 45 %), malware (up 34 %), governance (up 35 35 %), and cybersecurity compliance (up 35 %) all saw significant year-over-year growth (up 30 %). This is unsurprising, given the 17 % increase in data breaches observed in 2021 compared to 2020. (ITRC).

With the high-profile occurrences involving ransomware, supply chain attacks, the exploitation of key systems vulnerabilities, and the new focus on cryptocurrency theft from last year, interest in cybersecurity subjects is likely to continue to rise in 2022 and beyond.

The VP of emerging technology content O’Reilly, Mike Loukides said, “Analysing annual trends in technology usage helps our community stay abreast of emerging technology areas—whether it’s learning about software architecture for the cloud, mastering new languages to support cryptocurrency, or productizing AI. These valuable insights empower software developers, data scientists, and other practitioners to begin the hard work of taking emerging technologies and deploying them as real-world solutions.”  

Huntsman Security Introduced SmartCheck for Ransomware

Huntsman Security introduced new solution SmartCheck for Ransomware, an automated, on-demand diagnostic application developed to analyse the risk of a ransomware outbreak. The application captures data directly from security activities in order to report on an organization’s security posture in comparison to a set of security measures. These measures are similar to those recently recommended by the UK National Cyber Security Centre (NCSC) and the US National Institute of Science and Technology (NIST), and will provide users with assurance that they are adhering to known cyber security best practice.

SmartCheck for Ransomware tests an organization’s ransomware readiness quickly and effectively, providing a numeric score for each of the 12 security controls. As a result, companies can findout their risk exposure and modify any security policies that are needed to enhance their security posture and ransomware preparation. At the same time, the verifiable report gives higher security trust levels to third parties, such as insurers or potential partners, at a time when supply chain security is a big issue.

“To protect against ransomware and effectively manage their security risks, it is vital that senior executives have clear visibility of their cyber posture. This goes beyond annual audits to having the relevant information available whenever the organisation needs it – whether to modify security settings to improve readiness; or to verify their posture to partners or insurers. By making assessments automated and in line with established best practice, we have given organisations access to reliable security information that they can use with confidence to improve their risk management processes,” said Peter Woollacott, CEO, Huntsman Security.

SmartCheck for Ransomware is developed with much the same precision and reliability as Huntsman Security’s other defence-grade SIEM and Scorecard products, and is meant to be simple to install and use. It assesses the effectiveness of important cyber-attack prevention, containment, and restoration mitigation tactics across the course of a cyber-attack.

“As the threat of ransomware grows everywhere, organisations need to regularly assess their state of readiness. With insurers such as AIG tightening terms and raising premiums in response to the ransomware threat, organisations that can’t demonstrate adequate security precautions will find insurance terms increasingly difficult to negotiate. At the same time, organisations need to take steps to ensure that ransomware will not disrupt their operations or those of their supply chains – making assessing partners’ security posture just as important as assessing their own. Updating ransomware risk management efforts to include SmartCheck for Ransomware to better address their ever changing risk environment will put organisations in a much better position to combat the threat of ransomware,” said Woollacott.

Mitiga Launched Cloud Incident Readiness and Response Solution for Ransomware Attacks

Mitiga, a cloud incident management firm, announced the launch of the first Ransomware Readiness solution for the cloud, which aims to improve ransomware protection. This technology and services solution allows businesses to improve their cloud ransomware readiness and resilience, as well as respond and recover quickly when attacks occur.

Ransomware attacks are on the rise around the world, and they’re becoming more complex as cybercriminals adapt to defensive tactics. Attackers encrypt and erase backups, exfiltrate and sell information, and even sell access to vulnerable systems. Because of this growing complexity, ransomware discussions necessitate a thorough investigation to identify the scale of the attack, the optimal response, and how to prevent perpetrators from repeating the attack.

Mitiga built Ransomware Readiness in response to this increasing threat, based on studies on cloud service providers, including how data is accessed, stored, and encrypted. Ransomware Readiness assists businesses in better preparing for and responding to ransomware attacks in cloud settings, allowing for quicker recovery and a faster return to business as normal. Clients can be certain that if cybercriminals attack their critical cloud services, incident response and investigation may begin in hours, not days, thanks to Ransomware Readiness.

“As with all cybersecurity threats, ransomware has become more sophisticated over the last two decades. And as more and more companies migrate to the cloud, it becomes increasingly complex for them to navigate today’s dangerous threat landscape,” said Ariel Parnes, Mitiga Co-Founder and COO.

It’s critical to swiftly analyse the magnitude of a ransomware attack so that executive teams may make informed decisions and handle any associated risks, such as informing regulatory authorities, clients, and the general public if necessary.

Making those judgments without enough knowledge makes it difficult to keep the trust of the board of directors, shareholders, and clients, and may result in expensive ransomware payments and notifications. Giving leadership teams the information and response experience they need to make timely choices through readiness exercises can make the difference between a small event and a crisis.

Involta Releases Air Gap Solution to Protect Crucial Data From Cybercrime

Involta, a provider of cloud computing, hybrid IT and data services firm, announced the launch of  Involta Air Gap to secure business backup, as digital migration continues to advance into the cloud. Involta Air Gap provides robust air security — the space between working and backup — to stop cyber criminals from accessing important information, significantly mitigating the severity of expensive ransomware attacks.

With increased cybercrime at corporate level, this solution is vital. Cybercrimes have increased significantly over the past year in terms of high-profile ranching campaigns and viruses, malware and DoS (denial of service). This has led to unprecedented cyber and information security spending among businesses. Research forecasts that the world will have a global cost of 11.4 million dollars every minute by the end of 2021.

“In the arena of cybersecurity, ransomware attacks target back-ups, crippling an organization’s ability to access its critical data. Involta Air Gap builds on cybersecurity measures that may already be in place and acknowledges that securing enterprise data in a separate location is critical. The premise is that a cybercriminal can’t access back-ups if there is no connection between environments. Involta Air Gap was developed to help enterprises win the war against cybercrime, especially those using AWS and Veeam cloud solutions,” said Mark Cooley, Vice President of Security and Compliance, Involta.

It continues to follow AWS’s elevated relations with AWS as the AWS Partner Network’s Advanced Consulting partner and its Veeam Cloud and Service Provider (VCSP) status in the AWS Partner Network (APN). 

CompTIA Members offer assistance to victims of Ransomware Attacks

CompTIA, the non-profit association for the information technology (IT) industry and workforce, announced a number of initiatives to assist IT companies affected by the global ransomware outbreak.

CompTIA member organisations are assisting and supporting other IT companies and via them the customers who have been affected by the ransomware attack.

MJ Shoer, senior vice president and executive director of the CompTIA ISAO said “Within hours of the attack being discovered more than three dozen members of the CompTIA Information Sharing and Analysis Organization (ISAO) offered assistance, including driving or flying to impacted companies to provide additional ‘boots on the ground,’ as well as sharing communications, incident response strategies, technical support and other resources.”

CompTIA is creating a Rapid Response Team, comprising of internal and member resources, to assist any IT firm that is the victim of a cyberattack, whether or not they are a CompTIA member.

In addition, the CompTIA ISAO’s Cyber-Forum is giving near-real-time updates on the attack, with the information open to the entire industry, not just ISAO members.

“This was a global attack impacting companies around the world, reminding us that we face unprecedented threats from cyberattacks, unlike any threat we have collectively faced in the past. That is why it is critical that we engage in an active discourse that discourages ‘cyber-shaming’ and encourages public and private organizations to come forward immediately and share as much threat intelligence as possible to limit the damage of these attacks and to ward off future incursions.” Shoer said.

“Kaseya just holds the unfortunate distinction of being the company attacked, even as they were working on closing down the very vulnerability that the attackers used,” he said. “Kaseya is to be commended for their transparency throughout this attack.”

Revil Ransomware Cyberattack, The Year’s Biggest Cyberattack on Kaseya Ltd: FBI, CISA Offer Guidance

The REvil cybergang claimed responsibility for the large ransomware attack on managed service provider Kaseya Limited. The ransomware attack is huge and it is considered the single largest worldwide ransomware attack ever this year. Financial services, tourism, retail and government computer systems in several nations are all affected. The attackers claim to have infected 1 million Kaseya-connected computers and are seeking $70 million in bitcoin in exchange for a decryption key. The number of enterprises affected is estimated to be in the thousands, according to federal authorities.

The attack is massive and considered the single biggest global ransomware attack on record. Affected are financial services, travel and leisure and public sector computer systems located across many countries.

The infamous cybergang REvil claimed responsibility for the attack in a posting posted to a hacker site on Sunday. The message was as follows:

“On Friday (02.07.2021) we launched an attack on MSP providers. More than a million systems were infected. If anyone wants to negotiate about universal decryptor – our price is 70 000 000$ in BTC and we will publish publicly decryptor that decrypts files of all victims, so everyone will be able to recover from attack in less than an hour. If you are interested in such deal – contact us using victims “readme” file instructions.” – REvil.

The gang (also known as Sodinokibi ransomware group) has been operating since April 2019 when the GrandCrab cybergang split, according to a detailed investigation of the REvil attack by Kaspersky. “REvil ransomware has been advertised on underground forums for three years and it is one of the most prolific Ransomware as a Service (RaaS) operations,” researchers wrote.

Later, Deputy National Security Advisor Anne Neuberger issued a statement stating that US President Joe Biden had “directed the full resources of the government to investigate this incident” and urging anyone who believes they have been hacked to contact the FBI.

In related news, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) of the United States offered support to those affected by the massive cyberattack.

“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately. As always, we stand ready to assist any impacted entities,” according to a security alert.

“If you feel your systems have been compromised as a result of the Kaseya ransomware incident, we encourage you to employ all recommended mitigations, follow guidance from Kaseya and the Cybersecurity and Infrastructure Security Agency (CISA”) to shut down your VSA servers immediately and report your compromise to the FBI.

Kaseya helpdesk stated –

“On Friday, July 2nd, Kaseya received reports from customers and others suggesting unusual behavior occurring on endpoints managed by the Kaseya VSA on-premises product.  Shortly thereafter, customer reports indicated that ransomware was being executed on endpoints.  In light of these reports, the executive team convened and made the decision to take two steps to try to prevent the spread of any malware:  we sent notifications to on-premises customers to shut off their VSA servers and we shut down our VSA SaaS infrastructure.

The attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution.  This allowed the attackers to leverage the standard VSA product functionality to deploy ransomware to endpoints.  There is no evidence that Kaseya’s VSA codebase has been maliciously modified.   

Mandiant was quickly engaged to investigate the incident.  We have been actively engaged with Mandiant to assess the manner and impact of the attack.  We are also cooperating with federal law enforcement to ensure that they have the information they need to investigate this attack.  Below, we provide some of the technical details that we have been able to confirm in the course of the investigation.

To date, we are aware of fewer than 60 Kaseya customers, all of which were using the VSA on-premises product, who was directly compromised by this attack.  While many of these customers provide IT services to multiple other companies, we understand the total impact thus far has been to fewer than 1,500 downstream businesses.  We have not found any evidence that any of our SaaS customers were compromised.

We have begun our restoration process and are developing and readying for deployment to our VSA customers a fix for this issue.  On July 3rd, Kaseya released a Compromise Detection Tool to customers.  This tool analyzes the user’s system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IOC) are present.  To date, over 2,000 customers have downloaded the tool.  Updates on this are being posted at the following link: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689.  We are working to bring our SaaS environment up safely and provide an update for on-premises customers.

We know there is a lot of information circulating about this incident.  Some of it is accurate, much of it is not.  We will continue our efforts to keep you updated as we have solid, actionable information to share.”

Ransomware – Everything You Need Know

Ransomware is a cryptographic malware that threatens to release or permanently block access to the victim’s data until a ransom is paid. Ransomware encrypts information and documents on any device, including servers, from a single computer to an entire organization’s network. Ransomwares are part of cryptovirology. Cryptovirology is the study of the creation of effective harmful malware using encryption. 

Ransomwares encrypt the victim’s files making them unusable and demand a ransom to unlock them. Recovery of documents without the decryption key is an unsolvable problem in a properly executed cryptoviral extortion attack. The payment of ransoms is demanded in Bitcoin or other cryptocurrencies, making it impossible to track down and prosecute the culprits. 

Recent Ransomware attacks  

The WannaCry ransomware attack swept across the Internet in May 2017, employing the EternalBlue vulnerability vector. The ransomware attack, which was unparalleled in scope, infected over 230,000 devices in over 150 countries and demanded money from customers using the Bitcoin cryptocurrency in 20 different languages. At least 16 hospitals in the United Kingdom’s National Health Service (NHS) had to turn away patients or cancel scheduled surgeries. The US Colonial Pipeline was the target of a cyberattack on May 7, 2021. DarkSide was recognised by the Federal Bureau of Investigation as the culprit of the Colonial Pipeline ransomware assault, which resulted in the voluntary shutdown of the primary pipeline carrying 45 percent of petroleum to the US East Coast. 

How Attackers Attack? 
  • Ransomware comes as an email attachment – Invoice, attached document, etc. It may include a real vendor’s name or even your organization’s name. 
  • Employees’ computers are usually connected to the company’s network, shared cloud services, and so on. Without any human involvement or indication, ransomware begins encrypting all of the files it can as soon as it is launched. 
  • It then notifies the user and gives payment instructions. 
  • Some other ways are – Compromised webpages, infected removable drives, malicious software bundles.
  • Payment is mostly in Bitcoins 
 Key choices: 

– Pay the ransom and get data 

– Restore from backup 

– Lose Data 

Paying the Ransom increases Risk of Future Attacks 

The majority of cybersecurity experts don’t recommend paying a ransom in the event of a ransomware attack. Paying won’t guarantee that a company will get their data and it will encourage hackers behind ransomware attacks to keep doing what they’re doing, maintaining the illegal industry. The targets of a ransomware attacks are mostly given a time limit with the threat of deleting a particular amount of data every hour until the ransom is paid. This can be extremely stressful and unpleasant for the key management people in an organization, leading them to believe that they have no other option except to pay. The best suggestion is to be properly prepared for an attack so that enterprise firms can defend themselves. 

Ransomware and Cryptocurrency  

Bitcoins are a type of cryptocurrency, which means they don’t have a physical form. They are kept in anonymous digital wallets. They can be sent to any location. They can be paid with complete anonymity from anywhere to anywhere. Aside from the advantages, they are an excellent method of payment for illegal operations. One may claim that cryptocurrency is one of the ransomware’s enablers. After all, the software would be worthless if the hackers couldn’t safely take cash. The emergence of Bitcoin has coincided with an increase in ransomware attacks.

Security Awareness Training  

It is advised that effective security awareness training is required. Employees do not come to work with the goal of clicking on phishing emails and infecting their machines. As many IT professionals can confirm, knowing what red flags or threat is, can make all the difference in an employee’s ability to distinguish malicious links/software from legitimate traffic. 

Protection  

Investing in a renowned security solution and putting in a strong firewall is a terrific approach to protect an organization’s network. There are various security solutions like Zero-Trust Security, Web Application Firewall and Cloud Security. Keeping the security system up to date will assist security teams in detecting a ransomware infection in the early phase. 

Backup of Data 

The most important piece of advice given by anti-ransomware experts is to back up all data outside of your organization’s network. Create an isolated network or buy a service to keep the company’s backup safe from infection. It’s necessary for an enterprise firm to restore the whole system. 

Ransomwares have grown into malware that disables entire infrastructure. It won’t be surprising if ransomwares evolve in the next few years. Hence, necessary steps to secure an organization should be taken into consideration.