New ransomware attacks by Russian hackers highlight cybersecurity challenges

By Max On Aug 6, 2021

Image showing Colonial Pipeline Houston Station facility in Pasadena, Texas (Eastern Houston) … [+] Taken on May 10, 2021. -US President Joe Biden said Russia-based groups are behind a ransomware attack that forced the closure of the largest oil pipeline in the eastern United States. The FBI identifies the group behind the Colonial Pipeline hack as Dark Side, a shadowy operation that surfaced last year, locking corporate computer systems and forcing businesses to pay to unfreeze them. It was made. (Photo courtesy of Francois PICARD / AFP) (Photo courtesy of FRANCOIS PICARD / AFP, via Getty Images)

AFP via Getty Images

NBC News reported On Friday, “According to cybersecurity firm Huntress Labs, successful ransomware attacks on a single company have spread to at least 200 organizations, making them one of the largest criminal ransomware ever.” NS Washington post Later, he said the attack affected more than 1,000 companies.

according to Forbes, A group of Russian-speaking hackers Claim Responsible for a major ransomware attack and demanded $ 70 million in Bitcoin to recover corporate data.

Faced with these Increase in cyber attacksBusiness leaders continue to face major challenges that make it difficult for businesses to respond to cyber-related crises.

Cyber vulnerabilities and trends

on Wednesday, cobalt Their release Annual report We investigated corporate cyber vulnerabilities and identified trends and risks affecting the cyber security community.Data was collected from the company’s own platform to connect to Ethical hacker According to organizations that need security testing and need to help find and fix security vulnerabilities. Caroline Wong, Cobalt Chief Strategy Officer.

“Unfortunately, the hottest cyberattacks that have occurred in the last few years—Equifax, Solar wind, Colonial pipeline, JBS — It’s not fundamentally different from the types of attacks observed over the last few decades, ”says Wong.

She states: “The first ransomware attack occurred in 1999. The cybersecurity industry knows how to discover, fix, and prevent the occurrence of this type of problem. NS National Vulnerability DatabaseWas created in 2000 and contains over 150,000 publicly known security vulnerabilities. NS OWASP Top 10The list of common web application security vulnerabilities has not changed significantly since the first iteration of 2003. So why do these attacks continue to occur? “

Underutilized security measures

To find out why, Wong said Cobalt has over 1,600 security penetration tests ( Penetration test) It was implemented in 2020. She states: Organizations are struggling to find the right people to test security, and even if they can proactively identify vulnerabilities, it’s too late to fix the findings. “

Cobalt also interviewed more than 600 non-customer companies about cybersecurity practices and procedures.

5 major challenges

According to a Cobalt report, the main challenges facing companies trying to combat cyberattacks are:

Slow response time

Organizations are taking too long to respond to security threats. Twenty-five percent of respondents report that it takes up to 60 days or more to address low-risk to medium-risk vulnerabilities. 1% of companies don’t care about fixing the attack at all.
67% of respondents believe that their slow response to moderate and low security vulnerabilities poses a significant risk to their business.

Insufficient budget

42% say they don’t have the budget to fully test all their applications.

Appropriate skill set

Eighty-six percent of respondents agreed that it would be difficult to find or hire people with the right skill set to perform penetration testing.

Gap test

78% of respondents agreed that penetration testing was a high priority for their security team, but on average 63% of their application portfolio was tested. “This leaves a clear hole in the organization’s security system,” Wong said.

collaboration

Only 3 out of 10 people surveyed reported that their security and engineering teams were “intertwined.” The security and engineering team still has work to do to effectively work together on repair priorities. This means that low-risk vulnerabilities will remain exposed for longer and will reoccur in later tests.

Advice for business leaders

Test options

Michael Barboni Chairs the Cyber Security and Infrastructure Protection Commission New York Electric Power Corporation, The largest public utility in Japan. “As the threat of cybersecurity attacks increases, every company and organization needs to have a solid understanding of the strengths and vulnerabilities of cybersecurity,” he said.

Balboni listed three ways to perform cybersecurity vulnerability testing.

To pursue Fishing exercises, IT departments intentionally send fake emails to employees using malicious links. If an employee clicks on a link, they need to attend cybersecurity training. If employees continue to click links after attending training, they need to restrict or give up access to the company’s network.
implement Vulnerability assessment It analyzes the architecture of defense, firewall, access control, and identity management. By creating reports detailing a company’s cyber vulnerabilities, companies can develop strategies to mitigate the vulnerabilities.
conduct “Red teamIs when a company retains an enemy that breaks into the company’s network, finds a vulnerability, and scores its vulnerability level.Some companies “Bug BountyThe program rewards friendly hackers for finding malware on the corporate network.

Employee training

Digital forensics expert Ondley Krehel CEO and founder of LIFARS.. He said the business leader said: “Make sure you have regular and frequently updated employee training to educate your team about the latest social engineering tactics.

“Given that these processes are often seriously inadequate, we would like to emphasize the need for business continuity, disaster recovery, and incident response planning. IT staff and security personnel are responsible for incidents and Whenever a breach occurs, you need to do what, when, and how. They know at least who to call and can come to solve the problem on their behalf. He said he should have the professional resources to do it.

Action plan

Neil JonesAn expert in the cybersecurity industry with over 15 years of experience in data governance, application security testing and penetration testing. Egnyte.. He recommended that: “Cyber security testing should be done as often as possible, especially in the current explosive situation. Zero-day malware When Ransomware..

“But’analyst fatigue’is a real concern, so it doesn’t make sense for an organization to perform tests if no one actually takes action to fix the vulnerability,” he advises. Did.

Jones said a rational action plan would include:

Daily vulnerability reports on potential ransomware, internal threats, and compromised logon credentials.
Automatic penetration testing of devices and applications.
routine Blue Team / Red Team Test,
every day Patch management update.
Professional testing of major updates from major technology vendors such as Microsoft, Adobe and Apple.
Regular quarterly security audits by third parties.

7/4/21-The story has been updated with information on the number of companies affected by the ransomware attack.

7/5/21-The story has been updated with information about hacker requests.

Source link New ransomware attacks by Russian hackers highlight cybersecurity challenges

Source link