Featured [r Blogs
Executive Summary Since our initial report on the ransomware group known as BianLian, we have continued to keep an eye on their activities. Unfortunately, and sadly not surprisingly, the group continues to operate and add to their ever-growing list of victims. Having continued to research BianLian for the past six months or so, we felt the time was right to share an update and some of our findings with the larger community.
Don’t Pay the Ransom? When you take a step back and look at the ransomware problem, the obvious solution is for victims to refuse to pay the ransoms. It will demonetize the crime; the criminal enterprises that run these operations will no longer find the ransomware business to be profitable and they will move on to other things. However, this is much easier said than done. The actual decision of whether or not to pay the ransom, while a criminal gang is holding your network (and your data) hostage, is not an easy or simple decision to make.
More [r Blogs
When describing the month of March there is an old saying: In like a lion, out like a lamb. I wonder if the same can be said for the state of ransomware in healthcare for 2023. I recently attended the American Hospital Association (AHA) Rural Leadership meeting in San Antonio and continually heard that a top concern is ransomware. How are hospitals being targeted? Who is targeting them? How should they plan and prepare for a breach and how do they ensure resiliency during the downtime?
Vulnerability scanning vs penetration testing – equally important but often confused. We’re here to pull back the veil on these two valuable tools to help you understand whether your business needs one (or both) to keep your digital landscape secure. Keeping your organization safe from cyber attacks is a 24x7x365 responsibility. The wicked never rest. It requires every tool in the toolbox to keep evildoers from running off with your organization’s crown jewels.
When it comes to cybersecurity, it’s important to understand the tools, techniques, and thought processes of threat actors. Once adversaries have initial access to a network, lateral movement allows them to extend access and maintain persistence by compromising additional hosts in the network of their target organization. Threat actors can gather information about the company’s user activity and credentials, location of important data, and leverage methods for escalating privilege to successfully complete their attack, theft or espionage activities.
The case for implementing a Zero Trust strategy has never been greater. Cyberattacks are increasing in scale and severity with an attendant growth in sophistication. Most organizations agree: The post-pandemic world requires a paradigm shift in how we approach cybersecurity. In fact, in 2022, 72% percent of organizations were either in the process of adopting Zero Trust or had already adopted it.1 What is Zero Trust? At a high level, Zero Trust requires all users (inside or outside the network) to be continuously authenticated and authorized to gain network access.
Everyone knows cyber crime is increasing, boosting cybersecurity initiatives to the top of the corporate priority list. While 38 percent of Fortune 500 companies did not have a chief information security officer just three years ago, every single one does today. In addition, Gartner estimates that $188.3 billion dollars will be spent on information security and risk management products and services in 2023. A myriad of cybersecurity-related solutions have flooded the market in recent years in response.
On January 26, 2023, the Department of Justice (DOJ) announced that, following an extensive operation, the FBI were able to disrupt the Hive ransomware gang’s operations by distributing decryption keys to numerous victims mid-attack. It has been established that Hive’s victims included hospitals, U.S. K-12 schools, and other critical infrastructure entities. The question of “if” or “when” the victim of a ransomware attack should report and involve authorities comes up during every discussion involving cybersecurity incident response.
Managed Detection and Response is a managed security solution that provides organizations with an expansive suite of cyber security services, including threat monitoring and cybersecurity event analysis, to help ensure their environment is safe around the clock. MDR services can help improve security across an organization’s network and strengthen its infrastructure by leveraging the latest security technologies and experienced security professionals. Read on to learn more about what MDR services are and how they can help fortify cybersecurity across your organization.
Our world and work are powered by data. To make use of that data, each of us is reliant on technology, from the computers where we answer emails to the phones we keep in our pockets. However, as our reliance on (and the complexity of!) these systems and data increase, our risks grow with them. Confidentiality, integrity, and accessibility of data are essential to the success of a company, yet many firms simply do not have the resources necessary.
Today, businesses face more sophisticated cybersecurity threats than ever before. And security incidents don’t just affect the big businesses you hear about in the news. Every type of business is at risk: from professional services firms to healthcare providers. As attacks proliferate, many businesses are seeking the support of a Managed Security Service Provider (MSSP). These external security providers are responsible for maintaining the security of their clients’ systems and networks.
On 04 October 2022 CommonSpirit Health announced a cyberattack affecting its system of healthcare facilities. CommonSpirit Health operates more than 1,000 care sites and 140 hospitals in 21 states, including CHI (Catholic Health Initiatives) Health and MercyOne facilities in Iowa. CommonSpirit reported on their website that the attack affected their electronic medical record (EMR) and CHI Health and MercyOne have notified their patients that patient portals, electronic prescriptions, and scheduling have been affected, with some procedures delayed.
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges. BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations.