Featured [r Blogs
Executive Summary Since our initial report on the ransomware group known as BianLian, we have continued to keep an eye on their activities. Unfortunately, and sadly not surprisingly, the group continues to operate and add to their ever-growing list of victims. Having continued to research BianLian for the past six months or so, we felt the time was right to share an update and some of our findings with the larger community.
Don’t Pay the Ransom? When you take a step back and look at the ransomware problem, the obvious solution is for victims to refuse to pay the ransoms. It will demonetize the crime; the criminal enterprises that run these operations will no longer find the ransomware business to be profitable and they will move on to other things. However, this is much easier said than done. The actual decision of whether or not to pay the ransom, while a criminal gang is holding your network (and your data) hostage, is not an easy or simple decision to make.
More [r Blogs
Ransomware is one of the greatest threats facing modern networks and it is tearing through the small to medium businesses. This blog post will address detecting ransomware in a vendor neutral format. Most of the detections discussed can be implemented with tools ranging from the most sophisticated XDR to a combination of Sysmon and Elastic Stack. A Quick Note on Live off the Land Detection Once inside a network, attackers may leverage systems administration tools already present in a tactic known as “living off the land”.
Over the last several decades, the run-of-the-mill computer hacker has evolved into a global, sophisticated, multi-million dollar cyber criminal industry. As a result, the simple firewalls that used to protect organizations have had to mature alongside. The most effective cybersecurity systems today are those that can not only respond to incidents quickly and effectively but are able to constantly monitor both endpoint devices and network environments for any potential threats. Simply having a few tools or pieces of software is simply no longer enough.
When it comes to effective cybersecurity today, companies must have much more than firewalls, virus scans, and an incident response team. Keeping bad actors out is more difficult than ever before, and in order to increase their security posture, businesses need to actively hunt down cyber threats and vulnerabilities on a regular basis as part of a wholistic plan to prevent breaches when possible, but also detect and respond to breaches quickly and effectively when they do occur.
What is Defense in Depth? Simply put, defense in depth is the use of layers of security controls to protect a network. The best defense is a multi-pronged, layered defense, both on the physical battlefield and in the digital world. Cyber attackers have your business or organization under the microscope, waiting for a misstep or an easy access point to maximum damage. To get ahead of these potential threats, you need defense in depth (DiD).
When your critical data is under attack, you don’t have time to waste. Incident response helps you respond effectively, and understanding the lifecycle is vital to a powerful defense. Formulating an incident response plan can be the difference between a quick resolution and significant financial consequences for your business in the event of a cyberattack. While you can start with the Cybersecurity and Infrastructure Security Agency (CISA)’s quickstart guide to incident response plans, we’ve created a complete explanation below.
Incident response focuses on how organizations deal with data breaches. Cybersecurity incident response plans work to minimize damage to systems and data in the event of a cyber attack, data breach, or outage. Having an effective incident response program is crucial for any organization to recover with minimal disruption in the event of an incident. Learn more about incident response and how to create an incident response plan. What Is Incident Response?
It’s hard to believe, but the first quarter of 2023 is behind us and Spring is well sprung. There is an old saying when describing springtime: In like a lion, out like a lamb. I wonder if the same can be said for the state of ransomware in healthcare for 2023. At this year’s American Hospital Association (AHA) Rural Leadership meeting in San Antonio, I continually heard that a top concern from attendees is ransomware.
Vulnerability scanning vs penetration testing – equally important but often confused. We’re here to pull back the veil on these two valuable tools to help you understand whether your business needs one (or both) to keep your digital landscape secure. Keeping your organization safe from cyber attacks is a 24x7x365 responsibility. The wicked never rest. It requires every tool in the toolbox to keep evildoers from running off with your organization’s crown jewels.
When it comes to cybersecurity, it’s important to understand the tools, techniques, and thought processes of threat actors. Once adversaries have initial access to a network, lateral movement allows them to extend access and maintain persistence by compromising additional hosts in the network of their target organization. Threat actors can gather information about the company’s user activity and credentials, location of important data, and leverage methods for escalating privilege to successfully complete their attack, theft or espionage activities.
The case for implementing a Zero Trust strategy has never been greater. Cyberattacks are increasing in scale and severity with an attendant growth in sophistication. Most organizations agree: The post-pandemic world requires a paradigm shift in how we approach cybersecurity. In fact, in 2022, 72% percent of organizations were either in the process of adopting Zero Trust or had already adopted it.1 What is Zero Trust? At a high level, Zero Trust requires all users (inside or outside the network) to be continuously authenticated and authorized to gain network access.
Everyone knows cyber crime is increasing, boosting cybersecurity initiatives to the top of the corporate priority list. While 38 percent of Fortune 500 companies did not have a chief information security officer just three years ago, every single one does today. In addition, Gartner estimates that $188.3 billion dollars will be spent on information security and risk management products and services in 2023. A myriad of cybersecurity-related solutions have flooded the market in recent years in response.
On January 26, 2023, the Department of Justice (DOJ) announced that, following an extensive operation, the FBI were able to disrupt the Hive ransomware gang’s operations by distributing decryption keys to numerous victims mid-attack. It has been established that Hive’s victims included hospitals, U.S. K-12 schools, and other critical infrastructure entities. The question of “if” or “when” the victim of a ransomware attack should report and involve authorities comes up during every discussion involving healthcare incident response plans.
Managed Detection and Response is a managed security solution that provides organizations with an expansive suite of cyber security services, including threat monitoring and cybersecurity event analysis, to help ensure their environment is safe around the clock. MDR services can help improve security across an organization’s network and strengthen its infrastructure by leveraging the latest security technologies and experienced security professionals. Read on to learn more about what MDR services are and how they can help fortify cybersecurity across your organization.
Our world and work are powered by data. To make use of that data, each of us is reliant on technology, from the computers where we answer emails to the phones we keep in our pockets. However, as our reliance on (and the complexity of!) these systems and data increase, our risks grow with them. Confidentiality, integrity, and accessibility of data are essential to the success of a company, yet many firms simply do not have the resources necessary.
Today, businesses face more sophisticated cybersecurity threats than ever before. And security incidents don’t just affect the big businesses you hear about in the news. Every type of business is at risk: from professional services firms to healthcare providers. As attacks proliferate, many businesses are seeking the support of a Managed Security Service Provider (MSSP). These external security providers are responsible for maintaining the security of their clients’ systems and networks.
On 04 October 2022 CommonSpirit Health announced a cyberattack affecting its system of healthcare facilities. CommonSpirit Health operates more than 1,000 care sites and 140 hospitals in 21 states, including CHI (Catholic Health Initiatives) Health and MercyOne facilities in Iowa. CommonSpirit reported on their website that the attack affected their electronic medical record (EMR) and CHI Health and MercyOne have notified their patients that patient portals, electronic prescriptions, and scheduling have been affected, with some procedures delayed.
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges. BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations.