A quick Saturday digest of cybersecurity news articles from other sources.
Cyber Attack Made Easy: ‘An 8th Grader Could Have Hacked’ Colonial Pipeline
Here is something you never want to hear about your company after a ransomware attack: “I mean, an eighth-grader could have hacked into that system.” Which company was this about about? Colonial Pipeline. The person speaking authored a $1.8 million information governance report for the company which uncovered “a patchwork of poorly connected and secured systems.” Is this what led to the successful ransomware attack against the company? The attack left millions of drivers in the eastern U.S., along with airlines and truckers, scrambling to find fuel. And let’s consider another key question. How much action did Colonial Pipeline take to shore up its vulnerabilities following the report? We may never know. Unlike cybersecurity standards that electric providers must adhere… Read more
How to prevent another Colonial Pipeline ransomware attack
Government and business both need to step up to combat ransomware attacks against critical systems before they spiral further out of control. The ransomware attack against Colonial Pipeline represents a relatively new and destructive type of threat against critical infrastructure. Beyond the financial and operational hit to the company itself, such an attack threatens to impact millions of people dependent on the safe and quick delivery of gas and oil.
Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware
Original release date: May 11, 2021
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure (CI) company.
Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data. These groups then threaten to expose data if the victim does not pay the ransom. Groups leveraging DarkSide have recently been targeting organizations across various CI sectors including manufacturing, legal, insurance, healthcare, and energy.
Prevention is the most effective defense against ransomware. It is critical to follow best practices to protect against ransomware attacks, which can be devastating to an individual or organization and recovery may be a difficult process. In addition to the Joint CSA, CISA and FBI urge CI asset owners and operators to review the following resources for best practices on strengthening cybersecurity posture:
- CISA and Multi-State Information Sharing and Analysis Center: Joint Ransomware Guide
- CISA webpage: Ransomware Guidance and Resources
- CISA Insights: Ransomware Outbreak
- CISA Pipeline Cybersecurity Initiative
- CISA Pipeline Cybersecurity Resources Library
Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.
There’s more to cryptocurrency than Bitcoin: 5 other digital coins to consider
Dogecoin has a super-fan in Elon Musk, Ripple pre-mined billions of XRP coins and Tether is a bridge between physical money and cryptocurrencies.
9 network commands every Linux admin should know
These are the basic Linux network commands every admin should be able to use for troubleshooting network connection problems.
Top 5 things to know about web shells
The use of web shells is increasing, which could put your business at risk. Tom Merritt lists five things to know about web shells. Recently, the U.S. FBI was given court authorization to delete web shells from Microsoft Exchange servers. Web shells are a rising menace. They let attackers hide an entry point in your network that’s hard to get rid of. You don’t generally let the FBI go scanning for web shells if it’s an easy fix. Why all the angst? Here are five things to know about web shells.
End-User Attempt to Pirate Software Leads to Ryuk Ransomware Attack
Bleeping Computer recently reported that an end user in a research institute –a student in this case– attempted to pirate expensive data visualization software, which resulted in a Ryuk ransomware attack.
We’ve seen ransomware distributed in the past through cryptocurrency miners but this type of ‘crack site’ attack takes ransomware attacks to a whole other level.
The student had searched for data visualization software that they wanted to install at home. Instead of buying a legit license, the student proceeded to search for a cracked version and downloaded it. The illegal download resulted in an infection with an information-stealing trojan that stole the credentials needed by Ryuk cybercriminals to log into the institute and wreak havoc.
This attack lost the institute a week’s worth of research data and a week-long network outage as servers were rebuilt from scratch and data restored from backups. More…
Share
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com