Tagged: Threat Intelligence
Ransomware is one of the greatest threats facing modern networks and it is tearing through the small to medium businesses. This blog post will address detecting ransomware in a vendor neutral format. Most of the detections discussed can be implemented with tools ranging from the most sophisticated XDR to a combination of Sysmon and Elastic Stack. A Quick Note on Live off the Land Detection Once inside a network, attackers may leverage systems administration tools already present in a tactic known as “living off the land”.
When it comes to effective cybersecurity today, companies must have much more than firewalls, virus scans, and an incident response team. Keeping bad actors out is more difficult than ever before, and in order to increase their security posture, businesses need to actively hunt down cyber threats and vulnerabilities on a regular basis as part of a wholistic plan to prevent breaches when possible, but also detect and respond to breaches quickly and effectively when they do occur.
It’s hard to believe, but the first quarter of 2023 is behind us and Spring is well sprung. There is an old saying when describing springtime: In like a lion, out like a lamb. I wonder if the same can be said for the state of ransomware in healthcare for 2023. At this year’s American Hospital Association (AHA) Rural Leadership meeting in San Antonio, I continually heard that a top concern from attendees is ransomware.
Executive Summary Since our initial report on the ransomware group known as BianLian, we have continued to keep an eye on their activities. Unfortunately, and sadly not surprisingly, the group continues to operate and add to their ever-growing list of victims. Having continued to research BianLian for the past six months or so, we felt the time was right to share an update and some of our findings with the larger community.
Don’t Pay the Ransom? When you take a step back and look at the ransomware problem, the obvious solution is for victims to refuse to pay the ransoms. It will demonetize the crime; the criminal enterprises that run these operations will no longer find the ransomware business to be profitable and they will move on to other things. However, this is much easier said than done. The actual decision of whether or not to pay the ransom, while a criminal gang is holding your network (and your data) hostage, is not an easy or simple decision to make.
When it comes to cybersecurity, it’s important to understand the tools, techniques, and thought processes of threat actors. Once adversaries have initial access to a network, lateral movement allows them to extend access and maintain persistence by compromising additional hosts in the network of their target organization. Threat actors can gather information about the company’s user activity and credentials, location of important data, and leverage methods for escalating privilege to successfully complete their attack, theft or espionage activities.
The case for implementing a Zero Trust strategy has never been greater. Cyberattacks are increasing in scale and severity with an attendant growth in sophistication. Most organizations agree: The post-pandemic world requires a paradigm shift in how we approach cybersecurity. In fact, in 2022, 72% percent of organizations were either in the process of adopting Zero Trust or had already adopted it.1 What is Zero Trust? At a high level, Zero Trust requires all users (inside or outside the network) to be continuously authenticated and authorized to gain network access.
Everyone knows cyber crime is increasing, boosting cybersecurity initiatives to the top of the corporate priority list. While 38 percent of Fortune 500 companies did not have a chief information security officer just three years ago, every single one does today. In addition, Gartner estimates that $188.3 billion dollars will be spent on information security and risk management products and services in 2023. A myriad of cybersecurity-related solutions have flooded the market in recent years in response.
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges. BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations.