Can I say good job?
Category: Security
NotPetya2 – Cont.
So significant ransomware attacks on Ukraine right now. Dark Reading notes that 77% of organizations have poor segmentation, 70% have exposed Industrial Control System connections and 44% shared credentials:
https://www.darkreading.com/attacks-breaches/ransomware-trained-on-manufacturing-firms-led-cyberattacks-in-industrial-sector
Most of last year also saw scans of TCP Port 502, which is used by a protocol called Modbus, the transportation systems of Ukraine. (That is SCADA devices as well.)
Significant was the use of a new data wiper called “HermeticWiper” (aka KillDisk.NCV) with evolving attacks over the past two months. Over 121 unsuccessful cyber attacks took place last month, one which was called “WhisperGate.”
The prep for the main event was overwhelming distributed denial-of-service (DDoS) attacks on Ukrainian government offices and banks. The Russian Main Intelligence Directorate (GRU) was fingered by U.S. and U.K. officials, with subsequent denial of course by the Kremlin.
The propaganda war is trying to sow panic and spread miss information.
“President Joe Biden said last month the US could respond with cyberoperations of its own if Russia conducts additional cyberattacks in Ukraine.”
This is not about websites. This is about basic economic processes and transportation. ICS and SCADA systems are being compromised.
The attacks began Feb12. The second version of NotPetya? I have a feeling that we will know the damages more than anything ever before. Alarming is the data wiping that happened before the kinetic events.
Key Ukrainian government websites hit by series of cyberattacks – CNN
Register the assets to be prepared
No doubt some of these are due to lack of a comprehensive asset audit. In a larger organization, things can get lost in the shuffle.
NotPetya 2
Biden notes that a physical war could result from cyber breaches. In spite of NATO, Putin and crew could do some damages that would cost billions.
NotPetya was the largest and most expensive cyberattack ever and was perpetrated largely on Ukraine by Russian criminals working for the government. It caused more than $10 billion in damages in 2017. Is part 2 in order?
I’m hoping that now we will be ready and that NATO will act together. This is all new territory though. We haven’t seen physical war yet, but I think it will be tit-for-tat unless it takes down some infrastructure that is critical and/or relies on IRL human processes.
Do you have a dark web presence?
REvil stops momentarily but then…?
Pegasus and the Israeli Left
For those who think that Israel is some kind of right-wing regime, here the Israeli Left and right–and the public at large–are united in their alarm at police actions in using NSO’s Pegasus software to spy on top officials without a court order. Just more proof that Israeli politics are democratic, the worst kind of politics other than every other one.
Credentials no-no
Recovery
It’s been a few weeks now and I have not been consistent in writing here. I really have not been following the main news lately, but reading an interesting piece on Trickbot in Wired. Ransomware does not slow down. These lowlifes have no qualms about attacking life-sustaining systems. Brazen.
Pegasus enables warfare
Cyber Threat Actions NCSC UK
“When organisations might face a greater threat and the steps to take to improve security.”
Actions to take when the cyber threat is heightened – NCSC.GOV.UK
New iPhone vuln allows camera use when off
Cyber Risk Assessment, Pt. II
3. Vulnerability Assessment (also known as “security posture assessment”) – An in-depth examination of the assets from the inventory to gauge their weaknesses or vulnerabilities. [Our] vulnerability assessments uncover gaps in your security and drive our overall risk management. While threats can come from both inside and outside your organization, vulnerabilities are internal factors. We look for your organization’s structural flaws and weaknesses, how effective your current safeguards are (vulnerability appraisal), and the weaknesses that remain in spite of them. We captures a picture of your network’s and data’s security. Every possible contingency will be gauged for multiple vulnerabilities. Our team’s diverse backgrounds and experience enables us to consider all the weaknesses specific to your organization. Testing cyber infrastructure is an indispensable part of what we do. We use industry-standard tools like Nessus, Nmap, and Metasploit to test for vulnerabilities, examining every available host, services, OS, ports, firewalls, software and firmware vulnerabilities, unencrypted and sensitive data, and permissions. We may also conduct penetration testing and red team-blue team exercises, and examine your data that is online right now that may aid in a threat actor’s social engineering tactics. Continue reading “Cyber Risk Assessment, Pt. II”
Business Continuity in the Age of Ransomware
The goal of Disaster Recovery Planning is to enable a company to continue doing business in the least amount of interruption. Parts of the plan should include:
1. Which data and systems are backed up, as well as specific details like where the backups should be kept, how frequently are they made, and how the data can be recovered.
2. Details on network topology, redundancy and agreements with Internet Service Providers.
3. Contact information for the team who are charged with response and recovery.
4. The process for testing the DRP.
5. A plan for managing the crisis, including dealing with outside contacts, and communicating with the media, law enforcement and legal counsel.
The goal is to decrease the risks of losing critical data.
Ransomware disaster recovery is one of the essential tasks that a company should engage in, but other crises can also be averted or dealt with through this sort of plan.
Makes sure to keep MalwareBytes NY resolutions
Per MalwareBytes (and me):
Say “yes” to updates
Installing updates promptly is one of the best ways to be more cybersecure. Next time an app offers you an update, click “yes” instead of “no”, “cancel” or “remind me later”. (Do you know where it came from?)
Say “no” to feeble passwords
Strong passwords keep your data safe, so don’t let yourself choose feeble passwords in 2022, and if somebody shares a password with you, or asks for yours, just say “no.” (My passwords are generally very strong with financial, job or security sites.)
Say “woah” to unexpected messages
Scams come in all shapes and sizes, but no matter how they’re dressed up, they always want something valuable, URGENTLY. So don’t be rushed—take your time in 2022.
(Remember: if it sounds too good to be true…)
Geek risk management
An asset provides value to user or company and has a relative worth.
Assets are people, physical assets (computers, network equipment), and IT assets (HW, SW, data). An asset’s relative worth is determined through its positive economic value and can have different values based on criticality to the organization.
Asset – in this case Joe Dork’s 1990s collection of Star Trek TOS VHS cassettes.
Vulnerability – Unlocked basement door to Dork’s room in parents’ home.
Vector – Going through the unlocked door.
Threat Actor – Beautiful cosplay girl.
Threat – Theft of tapes.
Risk – Stolen VHS.
Not only are your direct assets something to catalog, but you should also assess your supply chain assets, in all steps from supplier to consumer. Vendors should be cataloging their assets and the threats to it. The SolarWinds hack came from a supply chain vulnerability.
There’s zero chance that Dork’s VHS assets will be stolen by any cosplay girl, but you must perform a continuing asset inventory before any exploitation of vulnerabilities takes place.
We should be concerned about IoT devices
The Internet of Things (IoT) sounds like some kind of set of devices which we don’t have to be concerned about, e.g. “it’s only a thermostat (or a bedroom light).” But IoT can also be comprised of smartphones, printers, self-driving cars, Google Home, Amazon Alexa, Apple Homekit, wearables, door locks, connected LEDs, laptops, pacemakers, hospital devices, assisted living companions, microchipped animals, smart padlocks (possibly accessed by fingerprint), smart toys and other sensors. So systems that were intended to make life easier can also make security and privacy a concern. (Baby monitors and toys listening or talking to your child). Continue reading “We should be concerned about IoT devices”
Americans lost $148 million to gift card scams this year
Gift cards should never be used to pay bills or the government for taxes, etc. Gift cards should always be used to buy gifts.
This goes to show you the wisdom of the elders: if something sounds too good to be true, it probably is. Don’t let your guard down.
Report Gift Cards Used in a Scam | Federal Trade Commission – YouTube
Reminder: Phishing still way up there in terms of compromise
Reminder: Phishing is still the method of compromise most widely used. 91% of cyberattacks use phishing emails. With ransomware, the number is about 70%.
Phishing is really sophisticated sometimes. You may get phishing emails that look exactly like the real thing and the sites they lead to can have images and layouts stolen from the mimicked website.
Spearphishing is a targeted attack against certain individuals at an organization. Whaling is directed at big names at an org, typically a CEO or CFO–or someone with purchasing power since money transfers are the goal.
Smishing uses SMS (text) messages to get you to click and vishing uses phone calls or voice messages to get a target to do something the threat actor wants.
Don’t click. Don’t open attachments. Don’t even respond.