PlayStation Network was launched in the autumn of 2006 and offers games, music and movies to people with PlayStation consoles.

2021 PlayStation Network Users Account Breach

On July 14, 2021 Sony Urges PSN Users to Use 2-Step Verification After Reports of Hacking. Sony urged users of its PSN service to use 2-step verification after receiving user reports of account hacking. Several users have submitted inquiries through the official Japanese PlayStation Support. While the issue has to do with PSN accounts, there is no indication that any of Sony’s official accounts were breached. This includes any hacking attempts or any breach of information through the service.

2014 PlayStation Network Breach

On November 24, 2014, a hacker group identifying itself as "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures. The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films, and other information.

On December 24, 2021 Xbox live and PlayStation Network attack and Christmas was ruined for millions of gamers. Millions of people could not use their games consoles for a second day as disruption on the Xbox Live and Sony PlayStation networks continued after an apparent cyber-attack.

The group calling itself Lizard Squad once again claimed responsibility for bringing down both networks on Christmas Eve, which could have affected nearly 160 million gamers. This was once again distributed denial of service, or DDOS, the attack is overloading the systems of both services by generating fake access requests. More than 110 million people use the PlayStation Network (PSN) and at least 46 million use Xbox Live, both of which connect players to other gamers and services through the internet. Lizard Squad had apparently threatened to target both networks at Christmas describe itself as the “next-generation Grinch”.

 2011 PlayStation Network Breach

This PlayStation Network attack took the down for 23 days

The first reported play PlayStation Network Breach was disclosed between April 17 and April 19, 2011.

Sony learned that user information had been stolen from its PlayStation Network seven days ago, prompting it to shut down the network immediately.

The company said user account information for the PlayStation Network and its Qriocity service users was compromised between April 17 and April 19.

On April 20 PlayStation Network services were disabled to investigate the security incident. Sony update it blog that all data was encrypted and the database of customer information exposed to the unknown attacker. The data base includes information such as name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, handle/PSN online ID, as well as profile data including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers.

On April 30, 2011, Sony report that recovery is on it was and it hope to restore all services with the week.  Sonly also update that it was work with multiple security firms. May 3, 2011, Sony announced that a total of 77 million customers were affected in the breach.

On May 2 Sony issued a press release, according to which the Sony Online Entertainment (SOE) services had been taken offline for maintenance due to potentially related activities during the initial criminal hack. Over 12,000 credit card numbers, albeit in encrypted form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed.

On May 6 Sony stated they had begun "final stages of internal testing" for the PlayStation Network, which had been rebuilt.  However, the following day Sony reported that they would not be able to bring services back online within the one-week timeframe given on May 1, because "the extent of the attack on Sony Online Entertainment servers" had not been known at the time. On May 14 various services began coming back online on a country-by-country basis, starting with North America. On May 23 Sony stated that the outage costs were $171 million.

CyberSecOp is a leading Cybersecurity Services Provider offering a comprehensive portfolio of Cybersecurity Maturity Model Certification (CMMC) advisory services and cyber security solutions.  

CyberSecOp is an CMMC Registered Provider Organization (RPO) listed on the CMMC-AB Marketplace. Our organization staff have passed the RP Exam, Background Check and signed the RPO agreement, indicating our commitment to comply with the CMMC-AB Code of Professional Conduct. CyberSecOp is also an ISO 27001-certified organization.

 What are CMMC-AB, CMMC, and the Responsibility of the RPO Designation?

 CMMC-AB authorizes RPOs to provide CMMC consulting services in support of government contractors, supply chain/DoD suppliers, and organizations seeking certification within the Defense Industrial Base (DIB).

The CMMC-AB is an independent accreditation body that manages the CMMC on behalf of the DoD. The CMMC framework is a set of mandatory cybersecurity requirements that all contractors within the DoD supply chain will be required to implement and, beginning this year, to have verified by an independent CMMC Third Party Assessment Organization (C3PAO). CMMC was created to address the ongoing theft of and unauthorized access to Controlled Unclassified Information (CUI) by foreign adversaries through the enforcement of good cyber hygiene and best practices. 

It initially launched in June 2020 and formally announced in August 2020 that it was accepting applications for five types of credentialed roles within the CMMC ecosystem. These include the following:

·         C3PAOs

·         Certified Assessors (CAs)

·         Certified Professionals (CPs)

·         Licensed Partner Publishers (LPPs)

·         Registered Practitioners (RPs)

·         Registered Provider Organizations (RPOs)

The CMMC framework establishes five certification levels with a defined security posture or maturity level an organization must achieve, determined by the sensitivity of the information they handle. These are outlined below:

How can CyberSecOp help your organization with CMMC?

CyberSecOp has created a suite of advisory services to help organizations effectively plan and prepare for an official CMMC assessment: CMMC Consulting, CMMC Readiness, Assessments, CMMC-RPO, CMMC Gap Analysis, DFARS, ITAR, VCISO, MSSP, NIST 800 53, and NIST Cybersecurity Framework (CSF), NIST 800-171, Security Services.

 CMMC Scoping Workshop – determine the type of data and the required CMMC maturity level needed. Identify how data is received, stored, shared and handled on all information systems.

CMMC Gap Analysis – identify discrepancies between current state and CMMC maturity levels as determined in the scoping workshop. The CMMC Gap Analysis will provide areas of weakness that need to be targeted to reach the desired maturity level.

 CMMC Remediation Strategy –assist the organization with remediation efforts, including resolving discrepancies identified in the CMMC Gap Analysis and creating a strategic plan for remediation. This process may include security control testing, polices, procedures and plan creation to close all known gaps related to the desired maturity level. 

VCISO (Virtual Chief Information Security Officer) – CyberSecOp provides a board-level security expert backed by a team of professionals to ensure continuous compliance and maintain the maturity level as threats, infrastructure and business objectives evolve. Services include the following.

•  Compliance Advisory Consulting Services

• CMMC Readiness

• Vulnerability and Penetration Testing Assessment

• Ransomware Response

• Forensic Analysis

• 24/7/365 Security Operations Center (SOC)

• Cyber Security Consulting

• CMMC Cybersecurity RP, RPO

• Incident Response & Incident Management

• Security Assessments

• Security Awareness

• Data Loss Prevention 

About CyberSecOp

 Cyber Security Operations Consulting (CyberSecOp) is an innovative cybersecurity firm, providing consultants and managed security services to empower businesses since 2001. Our IT & cybersecurity consulting services protect you from cyber criminals in myriad ways. From implementing individualized Cyber Security Programs, which include written Information Security Programs, Incident Response Policies and Plans, and Cybersecurity Assessments, to offering the best-in-class cybersecurity consulting, tools, and IT security solutions, we do it all.

CyberSecOp is an CMMC-AB RPO & ISO 27001 Certified Organization - join thousands of businesses by putting your security in our hands. For more information about CyberSecOp and CMMC, contact us at 866-973-2677, Sales@CyberSecOp.com or visit: www.CyberSecOp.com.

Do you have a holistic approach for security against ransomware? To prevent events from escalating, consider immediate containment and expert remediation assistance. Ransomware attacks are rampant, and include hackers locking up computer systems and demanding a payment to unlock them. Ransomware has had devastating effects on our infrastructure and economy, impeded emergency responders, stalled tax payments and forced government offices back to pen-and-paper operations for weeks on end.

80% of those who paid their ransom were attacked again, and not even security firms are immune to these attacks.  

What is Ransomware?

Ransomware is a form of malicious software (malware) that is designed to encrypt files on a device, making the files and the systems that rely on them unusable. Malicious actors then demand a ransom payment, usually in the form of cryptocurrency, in exchange for decryption. These malicious actors may also make extortion demands, by threating to release stolen data if a ransom is not paid, or may come back after the fact and demand an additional payment in order to prevent the release of stolen data.

Recent Breach of a Top Security Firm

Accenture, one of the largest security firms around, confirmed in August 2021 that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.

Previously, the cybersecurity firm FireEye had been the first call for help at government agencies and international companies who had been hacked by sophisticated attackers. Yet on Dec 8, 2020, FireEye announced it had been breached, and not just data but also some of its most valuable tools had been stolen. 

Ransomware Impact

The impact of a successful ransomware deployment includes both technical and non-technical challenges, and can be crippling to business operations. Modern-day attackers have developed advanced techniques that now require a holistic security risk mitigation strategy, inclusive from the board to technical practitioners.

The impact of ransomware can include:

·         Temporary, and possibly permanent, loss of your company's data

·         A complete shutdown of your company's operations

·         Financial loss as a result of revenue-generating operations being shut down

·         Financial loss associated with the cost of remediation efforts

·         Permanent damage to your company's reputation

How Can CyberSecOp Help Your Organization?

Holistic Security Risk Mitigation Strategy

A holistic approach to cybersecurity can address the following components and their implications for governance, organizational structures, and processes.  Our holistic security program includes a risk management program, which provides an accurate overview of the risk landscape and governing principles that ensure accurate risk reporting. We address:

• Assets: Clearly defining critical assets

• Controls: Differentiated controls to balance security with agility

• Processes: State-of-the-art and fully tested procedures for optimal security and remediation

• Organization: Bringing the right skills, most efficient decision making, and effective enterprise-wide cooperation into your organization

• Governance: Investments in operational resilience, prioritized based on deep transparency into cyber risks including third parties and vendors, covering of the whole value chain

• Patches: Keeping your network up to date with the latest software patches

• Software Mitigations: Using robust antivirus and firewall protections in your network

• Backups: Backing up data securely and separately from your network, and routinely testing restoring from backups

Incident Response Services

Scoping and Investigation

The CyberSecOp Incident Response (IR) Team conducts forensic analysis to identify root causes and ensure rapid containment of ongoing attacks. This swiftness to action helps prevent escalation.

Services and Expert Guidance

CyberSecOp IR Team remediates issues throughout the network and implements updates to configurations, architecture, and tooling.

Advanced Threat Analysis

The CyberSecOp Team conducts in-depth investigations including root cause analysis, malware reverse engineering and comprehensive incident reporting.

How Does Ransomware Infect my Network?

Ransomware, like other forms of malware, seeks to take advantage of poor security practices employed by employees and system administrators. According to the Internet Crime Complaint Center (IC3) the most common methods of infection are:

• Email Phishing: This social engineering attack vector occurs when a cyber-criminal sends an email which appears to be legitimate, but in fact contains a link to a malicious website or document with a malicious script, which then infects the recipient’s computer and associated network.

• Remote Desktop Protocol (RDP) Vulnerabilities: RDP is a type of software that allows individuals to control the resources of another computer over the internet. RDP is commonly used by employees working remotely and by system administrators to manage computers from a distance.

• Software Vulnerabilities: These vulnerabilities are flaws in the code of a piece of software (like Microsoft Word) that can be exploited by threat actors to gain control of a system to deploy malware. A common example would be “macros” that get installed within Microsoft Word or Microsoft Excel that lead to infection.

Best Practices and remedial measures

Users and administrators are advised to take the following preventive measures to protect their computer networks from ransomware infection/ attacks:

• Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.

• Check regularly for the integrity of the information stored in the databases.

• Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)

• Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems

• Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.

• Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.

• Application white listing/Strict implementation of Software Restriction Policies (SRP)to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.

• Maintain updated Antivirus software on all systems

• Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser

• Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.

• Network segmentation and segregation into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.

• Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.

• Disable remote Desktop Connections, employ least-privileged accounts. Limit users who can log in using Remote Desktop, set an account lockout policy. Ensure proper RDP logging and configuration.

• Restrict access using firewalls and allow only to selected remote endpoints, VPN may also be used with dedicated pool for RDP access

• Use strong authentication protocol, such as Network Level Authentication (NLA) in Windows.

• Additional Security measures that may be considered are

• Use RDP Gateways for better management

• Change the listening port for Remote Desktop

• Tunnel Remote Desktop connections through IPSec or SSH

• Two-factor authentication may also be considered for highly critical systems

• If not required consider disabling, PowerShell / windows script hosting.

• Restrict users' abilities (permissions) to install and run unwanted software applications.

• Enable personal firewalls on workstations.

• Implement strict External Device (USB drive) usage policy.

• Employ data-at-rest and data-in-transit encryption.

• Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.

• Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf

• Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.

• Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

Our IT & cybersecurity consulting service protects you from cyber criminals in myriad ways. From implementing a cybersecurity program, which include a written information security program and cybersecurity assessment, to purchasing our best-in-class cybersecurity consulting and IT security solutions, engaging with CyberSecOp will lead you in the right direction towards an enhanced security stance. CyberSecOp is an ISO 27001 Certification Organization - join thousands of businesses by putting your security in our hands.

Microsoft's Security Intelligence team sounds the alarm on a sneaky phishing email campaign with fake sender addresses. The phishing email also cleverly employs various detection evasion techniques to trick most automated filters and users in its attempt to garner Microsoft Office 365 credentials.

The alert was sent after observing an active campaign that was zoning in on Office 365 organizations with convincing emails.

In a statement by Microsoft, "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters."

Microsoft notes that this campaign is sneakier than usual due to the convincing Microsoft logos with the link posing as a 'file share' request to access bogus reports. However, the main phishing URL relies on a Google storage resource that takes the victim to the Google App Engine domain Appspot. This results in hiding a second URL that directs the victim to a compromised SharePoint site, and thus allowing the attack to bypass sandboxes.

Researchers at Microsoft have published details

Accounting to the FBI

According to the FBI's latest figures, phishing attacks have cost Americans more than $4.2 billion last year. Fraudsters employ business email compromise (BEC) attacks, which rely on compromised email accounts or email addresses that are similar to legitimate ones and are difficult to filter as they blend within normal, expected traffic. BEC attacks are far more costly than high-profile ransomware attacks.

What is CMMC?

In the face of unacceptable risks to the Controlled Unclassified Information that resides on its contractors' systems, the Pentagon introduced the CMMC standards to ensure that the companies it does business with, adhere to an appropriate level of cybersecurity protections.

The United States Department of Defense is implementing the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity preparedness across the federal government’s defense industrial base (DIB). This piece will cover the concept of a maturity model in the context of cybersecurity, key depictions of the DIB, the anatomy of CMMC levels, and how CyberSecOp can fast-track CMMC certification with our CMMC Compliance services.

CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

A CUI registry provides information on the specific categories and subcategories of information that the Executive branch protects.

What are CMMC protected data

• Critical Infrastructure

• Defense

• Export Control

• Financial

• Immigration

• Intelligence

• International Agreements

• Law Enforcement

• Legal

Why was CMMC created?

Department Of Defence Create Cybersecurity Maturity Model Certification (CMMC Guidelines

In the face of unacceptable risks to the Controlled Unclassified Information that resides on its contractors' systems, the Pentagon introduced the CMMC standards to ensure that the companies it does business with, adhere to an appropriate level of cybersecurity protections

DOD is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity controls and processes are adequate and in place to protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.

How can my organization become CMMC certified?

Your organization will coordinate directly with an accredited and independent third party commercial certification organization to request and schedule your CMMC assessment. Your company will specify the level of the certification requested based on your company’s specific business requirements. Your company will be awarded certification at the appropriate CMMC level upon demonstrating the appropriate maturity in capabilities and organizational maturity to the satisfaction of the assessor and certifier.

How do I request certification assessment?

We call us for a fee consultation, we provide 3rd party CMMC assessment and certification.

I am a subcontractor on a DoD contract. Do I need to be certified?

• Yes, all companies doing business with the Department of Defense will need to obtain CMMC.

• How often does my Organization need to be reassessed? The duration of a certification is still under consideration.

What are the CMMC Levels?

CMMC Level 1

• Process: At this level, practices are performed in an ad-hoc manner so there is no process requirement.

• Practice: It addresses protection of FCI and 17 practices are required for the basic safeguarding requirements specified in 48 CFR 52.204.21.

CMMC Level 2

• Process: Policy and documentation of practice are required to develop mature capabilities and achieve process Level 2.

• Practice: Progression from Level 2 to Level 3. The majority of practices (65 of 72) comes from NIST SP 800-171 and new 7 practices from other standards are added to Level 2, such as audit log review, event detection/reporting, analyzing triaging events, incident response, Incident RCA (root cause analysis), regular data backup and testing, and encrypted session for device mgmt..

CMMC Level 3

• Process: Not just policy and documentation of practices, a plan is required to demonstrate management of practice implementation activities. The plan needs to address missions, goals, project plans, resourcing, required training and involvement of stakeholders.

• Practice: All 110 control requirements of NIST SP 800-171 are required for this level. In addition, 13 new practices from other standards are added to Level 3, such as defining procedures of CUI data handling, collecting audit info into central repositories, regular data backups, periodical risk assessment, risk mitigation plan, separate management of non-vendor-supported products, security assessment of enterprise software, cyber threat intel response plan, DNS filtering, restriction of CUI publication, spam protection mechanisms, email forgery protections, and sandboxing.

CMMC Level 4

• Process: Practices are reviewed and measured for effectiveness. In addition, correct actions when necessary and communication to higher level mgmt. on a recurring basis are required.

• Practice: In order to protect CUI from APTs, 26 practices enhance the detection and response capabilities to address and adapt to TTPs used by APTs.

CMMC Level 5

• Process: Process standardization and optimization.

• Practice: The additional 15 practices increase the depth and sophistication of cybersecurity capabilities.

Authored by Alison Stuart, Sales Lead at CyberSecOp

What Is a Supply Chain Attack? 

Supply chain attacks have crept to the top of the cybersecurity agenda after hackers alleged to be operating at the Russian government’s direction tampered with a network monitoring tool built by Texas software firm SolarWinds (CNBC), costing the company  $18 million in the first three months of 2021.

The hackers used a supply chain attack to insert malicious code into the Orion system. A supply chain attack works by targeting a third party with access to an organization's systems rather than trying to hack the networks directly. The third-party software, in this case, the SolarWinds Orion Platform, creates a backdoor through which hackers can access and impersonate users and accounts of victim organizations. The malware could also access system files and blend in with legitimate SolarWinds activity without detection, even by antivirus software. SolarWinds was a perfect target for this kind of supply chain attack. Because their Orion software is used by many multinational companies and government agencies, all the hackers had to do was install the malicious code into a new batch of software distributed by SolarWinds as an update or patch. (WhatIs.com)

Why Do Supply Chain Attacks Keep Happening, and How?

The short answer: ensuring the security of every single third-party vendor you interact with is complicated. Even if you require that your vendors are certified to be meeting some particular security standard such as NIST 800-171, that’s no guarantee that they can’t be compromised.

Why Does It Matter If My Vendors Are Secure, As Long As I Am?

Let’s look at what happened to Target. Target was pretty secure, but their HVAC supplier, Fazio Mechanical Services, was not. In 2013, Target was breached through the credentials hackers acquired from Fazio Mechanical Services, and malware was deployed to Target’s point of sale (POS) systems. Those systems collected credit card data from over 40 million shoppers who had visited Target stores during the 2013 holiday season. (NBC) 

So How Did the Breach Impact the Company? 

Not only did Target’s CEO, Gregg Steinhafle, step down within 6 months, but the company reported a 46% drop in profits in the fourth quarter of 2013 compared with the year before. (New York Times) Target spent 100 million dollars upgrading their payment terminals to support Chip-and-PIN enabled cards in response to the attack. Theoretically, that should protect them from future such incidents, right? Wrong. The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach is 0. Without end-to-end card data encryption, the card numbers and expiration dates can still be stolen and used in online transactions. (Krebs On Security)

Isn’t this Mostly Ancient History?

The Kaseya breach on July 2nd, 2021, left the private sector reeling most recently. A successful ransomware attack on a single company had spread to at least 200 organizations that the company provided software to (and likely far more, according to cybersecurity firm Huntress Labs). That number made it one of the single most enormous criminal ransomware sprees in history. Kaseya announced Friday afternoon (Kaseya) that it was attacked by hackers and warned all its customers to stop using its service immediately. Nearly 40 of its customers were already confirmed to have been hacked as of the evening of the press release.

Protecting your customers from potentially unsafe vendors is essential: 

Research shows that 2017 alone saw a 200% increase in supply chain attacks (DarkReading), and 56% of surveyed organizations had experienced a breach caused by one of their vendors. In Q1 of this year, The Identity Theft Resource Center (ITRC) said 137 organizations reported being hit by supply chain cyber-attacks at 27 different third-party vendors. The ITRC also indicated that the attacks in Q1 have affected seven million people.  Data breaches included high-profile cyber attacks on IT provider Accellion’s File Transfer Appliance (FTA), which impacted organizations including Shell, the Reserve Bank of New Zealand, Bombardier, and Kroger.

So How Can You Protect Your Company?

The easiest way to protect your company is to ensure you have an active vendor management program. CyberSecOp offers this service to companies of all sizes - contact us now to learn more or explore our Vendor Risk Management Services.

Cyber resilience is the ability of an organization to withstand and recover from cyber attacks and other cybersecurity threats. It involves implementing measures to prevent cyber attacks, as well as having the necessary systems and processes in place to minimize the impact of a successful attack and to quickly recover from it.

There are several components of cyber resilience, including:

• Risk assessment: Identifying and assessing potential vulnerabilities and threats to an organization's systems and data.

• Prevention: Implementing measures to prevent cyber attacks, such as using strong passwords and enabling two-factor authentication.

• Detection: Implementing systems and processes to detect potential cyber attacks in progress.

• Response: Having a plan in place to respond to a cyber attack, including procedures for containing the attack and minimizing its impact.

• Recovery: Having systems and processes in place to recover from a cyber attack, including data backup and recovery systems.

• By building cyber resilience, organizations can protect themselves from cyber attacks and minimize the impact of successful attacks, enabling them to continue operating in the face of these threats.

Zero trust Cyber resilience

Zero trust is a cybersecurity approach that assumes that all actors, whether inside or outside an organization, are potentially untrustworthy and must be continuously authenticated and authorized before being granted access to resources. It is based on the idea that an organization should not trust any user or device, regardless of their location or whether they are inside or outside the organization's network.

The zero trust approach can be used to enhance cyber resilience by requiring all users and devices to be authenticated and authorized before they are granted access to resources. This can help to prevent unauthorized access to sensitive information and systems, and can also help to minimize the impact of a successful cyber attack.

To implement a zero trust approach, organizations typically use a combination of technologies, including multi-factor authentication, network segmentation, and access controls. These technologies help to ensure that only authorized users and devices are granted access to resources, and can help to prevent unauthorized access or the spread of malware within an organization.

By adopting a zero trust approach, organizations can significantly enhance their cyber resilience and reduce their risk of suffering a cyber attack.

zero trust cyber resilience technologies

There are several technologies that can be used to implement a zero trust approach and enhance cyber resilience. Some examples include:

1. Multi-factor authentication: This requires users to provide multiple forms of authentication, such as a password and a security token, before they are granted access to resources.

2. Network segmentation: This involves dividing an organization's network into smaller, isolated segments, which can help to prevent the spread of malware or unauthorized access within the network.

3. Access controls: This involves implementing controls to ensure that only authorized users and devices are granted access to specific resources.

4. Identity and access management (IAM) systems: These systems help to manage and secure user access to resources by controlling who is allowed to access specific resources and under what conditions.

5. Security information and event management (SIEM) systems collect and analyze security-related data from multiple sources, such as firewall logs and intrusion detection systems, to help organizations detect and respond to potential threats.

By using these technologies, organizations can implement a zero-trust approach and enhance their cyber resilience by preventing unauthorized access to sensitive information and systems and minimizing the impact of successful cyber attacks.

Imagine the following scenario: you arrive early to work in the morning, plop down at your desk with coffee in hand, and log in to your computer. You’re excited to start working on a big project, but first you are greeted with this message:

Quickly, you dash over to a colleagues’ desk. They too, have the same message on their desk. You try dialing your IT department, but they don’t start until normal business hours.

What do you do? Where do you even start?

It’s easy to think that the above scenario would never happen to you. In reality, a 2020 survey of 600 businesses in the United States revealed that a staggering 78% had been infected with ransomware that year. The average cost of recovering from a ransomware attack has spiked to $1.85 million in 2021!

Ransomware isn’t the only threat to your business continuity. In February 2021, the state of Texas suffered massive power outages due to a severe winter storm. At least 151 people died as a result. Property damage has been estimated at more than $195 billion.

What do these scenarios have in common? They demonstrate the need to prepare for the worst; this is the essence of Incident Response.

What is Incident Response anyway?

Every organization needs to have an Incident Response Plan (IRP). The team that executes the IRP is the Computer Incident Response Team (CIRT). The most important feature of both the IRP and CIRT is that they are clearly defined before the incident takes place! Disaster recovery is hardest when preparation is lacking.

The Incident Response Plan details who does what if an incident does happen. This can include using alternate systems, notifying stakeholders, or restoring from backups.

Perhaps the most important part of the Incident Response Plan is the postmortem. Now that you’ve recovered, what will you do in order to ensure that attackers won’t attack again using the exact same methods? The Incident Response Team will identify what door the attackers used to get in and make sure it stays shut.

Why do I need Incident Response?

I’m so glad you asked. Here’s three reasons why you need Incident Response for your organization:

1.     The probability of an incident has never been higher.

Ransomware is pervasive. At this point, we need to ask ourselves not “will I get breached?” but “when will I get breached?”

A proper defense has multiple layers. Having a fence around your house is nice, but you’ll still have homeowners’ insurance. Incident Response is a way to mitigate the risks of ransomware that we can’t avoid.

2.     The cost of an incident has never been higher.

How much would it cost to replace your entire infrastructure? The nasty aspect of ransomware is that, in some cases, the only way to ensure that the attackers have been completely removed from your environment is to start from scratch. This means replacing every workstation and server in your organization.

Sometimes, there simply isn’t a price to pay; there may not even be new hardware available to purchase with a global silicon chip shortage.

3.     You can’t afford not to.

Every business owes itself to do a risk analysis of a ransomware attack. What would be the cost of not doing business for an hour? A day? A week? You will find that incident response is a necessary piece of the plan for protecting your assets and business continuity.

CyberSecOp is a leader in the Incident Response field. CyberSecOp consultants are cyber incident response subject matter experts who have collaborated on numerous security projects and operational improvement initiatives. We will support your security operational activities by helping to develop an incident response plan and work with your IT team to mitigate any potential risk. Our teams will create investigative processes and playbooks. In addition, we will be responsible for continuously identifying gaps and managing the improvements in the security response process, technologies, and monitoring. Working closely with internal architecture, engineering, and project management teams will ensure cyber-defense requirements are identified and communicated early in the project life cycle.

Security incident response services with CyberSecOp

• Support cyber incident response actions to ensure proper assessment, containment, mitigation, and documentation

• Support cyber investigations for large- and small-scale security incident breaches

• Review and analyze cyber threats and provide SME support

• Interact and assist other investigative teams within on time sensitive, critical investigations

• Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents

• Manage the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud- and on-premise-based applications, services and platforms

• Maintain detailed tracking plan of all internal/external enrollment outcomes/recommendations and provide support through to implementation

• Act as a liaison between cyber-defense, engineering, security architecture, network & system operations, and functional project teams to ensure effective project implementation that meets incident response requirements

• Define baseline security monitoring requirements for all new projects, services, and applications joining your organization's network

• Facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting

 Don’t delay in ensuring that your business can survive any threat. Join CyberSecOp on your journey towards a safe and protected future.

Author: Josh Cabrera

What is Zero Trust Security?

Zero Trust Security, also referred to as Zero Trust Networks or Zero Trust Architecture, is a security concept with one basic principle: don’t automatically trust anything to access your data, whether it’s connecting from outside your organization or within. Implementing Zero Trust involves various technologies, policies, and processes that help you better respond to the sophisticated approaches cybercriminals are using to gain access to sensitive data.

CyberSecOp’s Zero Trust Security service offers a comprehensive solution to secure all access to your applications and environment from any user, device, and location. Zero trust is a security model based on maintaining strict access controls.

With the recent and very public surge of cyber incidents affecting businesses and critical infrastructure, you may have heard the phrase ‘Zero Trust’ regarding cyber security and protecting business assets. So what is Zero Trust? Put Zero Trust is a model of thought that centers around never trusting any device, application, or person, regardless of whether they are attempting to connect from inside or outside the network. This methodology is gaining more and more traction as cloud application usage increases and the permanent shift to remote work is further implemented.

 Zero trust is a strategy where everything (People, Data, Sessions, Devices, Applications) is treated as suspicious regardless of whether it's inside or outside the network. Essentially it is a ‘default deny’ posture, even for users within the organization. Instead of ‘Trust, verify the organization ‘Never Trusts, Always Verify.’ This is not accomplished by one tool but rather by policy, procedure, and means. Zero trust also focuses on Least Privilege- a Methodology that states no user should have more rights and permissions than what is needed to perform their work.

Zero Trust focuses on 5 pillars

1.       Device Trust

2.       User Trust

3.       Transport and Session Trust

4.       Application Trust

5.       Data Trust 

CyberSecOp can transform your business into a Zero Trust model by focusing on the tools, policy, and procedures to protect these five pillars and substantially decrease the odds of a successful breach. 

ZERO TRUST SERVICES & ZERO TRUST PLATFORM

OVERVIEW: MANAGED SECURITY - MDR SERVICES - MANAGED COMPLIANCE

With Zero Trust network access for your private apps and systems, you no longer have to choose between user experience and security. CyberSecOp Managed Zero Trust services were built with a new approach that directly creates zero trust connections between the users and the applications to solve this unique challenge. As a scalable, cloud-native platform, it enables digital transformation by securely connecting users, devices, and applications anywhere without relying on network-wide access. This platform is delivered by five key architecture attributes unique to the CyberSecOp Managed Zero Trust services. Together, they enable organizations to provide strong security and a great user experience to their employees and customers.

ZERO TRUST SECURITY SOLUTION & SERVICES

When all employees have the same access privileges, the network is vulnerable. VPNs may provide adequate security for on-premise resources, but only Zero Trust solutions offer the user-based access rules required for proper cloud security.

Our Zero Trust solutions and services utilize multi-layered cybersecurity protection to transform your business with cybersecurity orchestration, automation, cybersecurity consulting, cloud, and managed security services. We implement a comprehensive approach to secure and protect businesses from cyber threats. Our cybersecurity services cover all the following areas needed for a zero-trust secure environment:  Cybersecurity Program Strategy, Risk Management, Risk Assessment, Threat Intelligence, Incident Response, Advanced Malware & Ransomware Protection,  Perimeter Security,  Application Assessment, & Security Monitoring Services. We know where you are and how to protect your organization with a cybersecurity gap analysis to identify a more precise road map and a more robust cybersecurity program.

Zero Trust Cybersecurity Benefits and More

Zero trust networks, of course, extend beyond security. They are also inherently agile, a vital benefit for an increasingly remote workforce. As massive remote crews put unprecedented strain on cloud resources, the more stability and resilience you can build into your architecture, the better. Rather than backhauling remote data to a static data center, zero trust applications connect directly into your network from outside the perimeter, which helps free up bandwidth for DevOps and access business-critical cloud services.

ADOPT OUR ZERO TRUST SECURITY MODEL DEFENSE APPROACH

AUTOMATED PKI LIFECYCLE MANAGEMENT ZERO TRUST

The automated PKI lifecycle management platform enables Zero Trust by utilizing  Public Key Infrastructure (PKI) certificates and key pairs, strengthening digital identities, and securing the connections between entities beyond the firewalled network architecture. In this age of digital transformation, the Zero Trust model increases the need for a consolidated, automated, and modern approach to PKI.

SECURE INTERNET GATEWAY

Control desktop, laptop, and mobile device access to malicious and inappropriate websites.

SECURE WEB GATEWAY

Protect against every kind of threat and ensure strict compliance with policies without slowing down your users.

ANTI SPAM & EMAIL GATEWAY

Secure Email Gateway protects organizations and employees from spear-phishing, malware, spam, and zero-day attacks. To ensure zero trust by removing spam and malicious email traffic before it enters your network to ensure zero trust.

ADVANCED ENDPOINT PROTECTION

Secure all your servers, desktops, laptops, and mobile devices from known and unknown malware–without requiring signatures or updates.

WEB APPLICATION FIREWALL

Powerful, real-time edge protection for

web apps and websites providing advanced

filtering, security, and intrusion protection.

SIMPLIFY COMPLIANCE REPORTING

Meet compliance requirements with no extra work. CyberSecOp Consultants have you covered, delivering streamlined reports of system access across the organization and zero trust technologies. 

CYBER SECURITY OPERATIONS CENTER

Your always-on certified cybersecurity professionals team provides 24/7/365 surveillance and remediation services to ensure zero trust.

DATA LOSS PREVENTION

Monitor and control the movement of sensitive and confidential data across the network. Implement a ‘zero-trust’ data loss prevention (DLP) strategy utilizing activity, system-access, schedule, and content-based rules to ensure zero trust.

SINGLE SIGN-ON

A secure cloud single sign-on solution that IT, security, and users will love. Single sign-on solutions can quickly connect to and sync from identity stores including AD, LDAP, HR systems, and other third-party identity providers to ensure zero trust.

MULTI-FACTOR AUTHENTICATION

Secure, intelligent access to delight your workforce and customers. Secure your accounts and apps with a robust multi-factor authentication solution to keep the right people in and the wrong people out. Protect all your resources, including customer-facing and enterprise apps that store your most sensitive data to ensure zero trust.

SECURITY INCIDENT EVENT MANAGEMENT

We are providing actionable intelligence leveraging current events and data. Our SIEM collects logs and circumstances of the network traffic and web assets, security devices, operating systems, applications, and databases and reviews the vulnerabilities using artificial intelligence to process to ensure zero trust.

REMOTE MONITORING AND MANAGEMENT

Remote Monitoring and Management (RMM) is remote monitoring software that allows you to remotely monitor and manage endpoints, computers, mobile devices, and networks from a centralized console to ensure zero trust.

MANAGED CYBERSECURITY SERVICES

CyberSecOp is a cybersecurity service provider offering a range of solutions related to protecting computer systems within an organization. Cybersecurity is a constantly evolving industry created in response to hacking, viruses, and other personal and business data threats. CyberSecOp-managed cybersecurity services will provide your business with expertise in the three stages of business cybersecurity protection services: assessment, security program implementation, and governance. We implement external and internal cybersecurity solutions with advanced IT security software and hardware solutions. CyberSecOp provides several cybersecurity tools to ensure end-to-end cybersecurity protection. We also offer IT outsourcing services to address your company’s information technology needs.

End to End Cybersecurity Services

We offer cybersecurity and strategic advisory consulting, incident response, design, and deployment services. We will implement a security program strategy to align information security policy, security controls, and plan with business goals.

LEADING MANAGED CYBERSECURITY SERVICE PROVIDER

CyberSecOp is a leader in managed cybersecurity services. Our cybersecurity team will implement a secure framework and constantly monitor and protect your business from cyber threats. Our cybersecurity experts integrate business context intelligence, threat data, and cybersecurity insights to protect your assets and data. The risk scene develops with rising rates; it takes more oversight with cybersecurity services to effectively ensure your organization is secure from cyber threats. Our team will work with your firm to identify any risks or threats it may face. We will deliver recommendations highlighting security flaws in your environment and the immediate steps to these issues.

CYBERSECURITY AS A SERVICE (CSAAS)

CyberSecOp offers proactive Cybersecurity as a Service (CSaaS) to mitigate cyber risk. Every business needs defense in-depth, includincludessecurity solutions and cybersecurity experts who can deploy and monitor them. 

Transform and strengthen your cybersecurity to become proactive, effective and resilient. Cybersecurity is a core business requirement, providing a secure foundation to transform your enterprise and support your business. Ready to see how CyberSecOp Cybersecurity Services can help?

Since the start of the COVID19 pandemic, several societal changes have shaped how firms function in the current climate. Many firms have implemented a work-from-home model to help prevent the spread of the novel coronavirus and ensure employees are comfortable with their surroundings. What many organizations didn’t anticipate are the cyber security-related risks.

Once employees leave the security of their offices, they increase their attack surface and open themselves and their employer to attendant Information Security vulnerabilities that may come with working remotely. Remote work changes have prompted heightened instances of cyber attacks that have worsened in style and quantity over time. The pandemic has created the perfect environment for hackers to attack with more accuracy, and with greater cost to the firm, than ever. Learn more about remote working in relation to the pandemic. 

How a vCISO can help protect your firm from cyber attacks

A vCISO can function as an additional set of eyes that constantly monitors your firm’s security operations. The additional security will aid in preventing possible security breaches. A vCISO can also bring expertise to assist in developing a strategy to strengthen your firm’s security program.

The benefits of a vCISO: 

• A board-level cyber security consultant fulfilling the CISO responsibilities 

• A team of security risk assessment experts 

• Employee security awareness education 

• Dark Web Monitoring 24/7/365

• Full enterprise risk management for any required compliance 

• Comprehensive third party/vendor  management 

• Compliance support for NIST, ISO, GDPR, CCPA, NYDFS, PCI/DSS among others

• A more affordable approach as opposed to hiring a full-time CISO

• Eliminate internal training costs and have our seasoned experts handle your security 

CyberSecOp offers vCISO services. Click here to learn more.

Understanding your vulnerabilities through vulnerability and penetration testing can play an essential role in your firm’s security. We recommend the steps below to sideline these threats:

 Discover if your systems are prepared for a cyber-attack

A security expert or ethical hacker will launch a simulated attack using external and internal attacks on your servers, web apps, wireless networks, intranets, network devices, mobile devices, and any other entry point.

 Reporting with findings on vulnerabilities in your systems

Once the simulation is complete, the security team will present reports of their findings and recommend the next steps for securing your systems. Since there are several potential entry points into your plans, the team will attempt to exploit those vulnerabilities. 

Know where your weaknesses lie and patch up those vulnerabilities before they can be exploited

Conduct an IT penetration testing to identify gaps in your security system, problems with your IT security policy, and vulnerabilities in your firewall and or antivirus. You will obtain a report with all the problematic access points in your system and suggestions for hardware and software improvements. The test will help you determine if you may need to upgrade your Firm’s security.

Internal vulnerabilities

Whether a disgruntled employee or accidental, internal vulnerabilities can be a window for malicious actors to exploit.

Not all Ethical Hackers are created equally

Be sure to hire the most seasoned experts in the field. Your ethical hacker will attempt to exploit the vulnerabilities as a real hacker would – but the effectiveness of the penetration test will ultimately depend on the amount of experience the engineer has.

 Once is not enough

As we know, hackers have been becoming increasingly bold with their techniques to infiltrate the most sophisticated systems yet, as proven in the Sunburst Hack; therefore, CyberSecOp recommends testing your systems quarterly and keeping up with systems patches and updates.

CyberSecOp offers:

• Network Penetration Testing Services – External or Internal

• Web Application Penetration Testing Services

• Mobile Application Penetration Testing Services

• IoT and Internet-Aware Device Testing

• Social Engineering Penetration Testing Services

• Red Team Attack Simulation

• Wireless Network Penetration Testing Services

   

CyberSecOp has security experts with a combined experience of 40 years. Ask about our pen test sample report.

Cyber Security Breach Defense and Ransomware Risk Reduction by 98%, As ransomware evolves, so does CyberSecOp defense technologies.

Ransomware is the fastest growing attack-vector targeting all sorts of companies, institutions and organizations. No organization is immune to cyber attack. Cyber attackers can demand money from companies and institutions of all sizes and industries including nonprofit, enterprises and startups.

Ransomware Protection Solutions

• Managed Detection & Respond - Managed advanced endpoint protection, this is basically monitoring an advanced antivirus, which have the following features: Antivius, Firewall, Host Inturstion Prevention, Auto Malware Containment, and Malicious URL filtering services.

• SOC as a Service - Secure Operations Center 24/ monitoring- starts with a SIEM which correlated all logs into a central system, but SIEM can ingest data from multiple solution in the client environment, for example: Network Traffic, Intrusion Prevention, Cloud Assess Security Broker, Data Loss Prevention, Mircosoft Active Directory, Antivirus, Authentication System, Access Management, and other security logs.

• Cyber Security Threat Hunting - Treat Hunting is not tied to any one a solution, and it is a service provided by a team utilizing multiple tools to understand if the client has been compromised, also call a compromised assessment, which may include the following but not limited to: Advanced Endpoint Protection (AEM), Security Information and Event Management (SIEM), Network Traffic, Intrusion Prevention, Cloud Assess Security Broker, Data Loss Prevention, Microsoft Active Directory, antivirus, Authentication System, Access Management, and others.

• Data Loss Prevention (DLP) - Data loss prevention software (Common Terms data loss, data leak) detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data. It is a standalone document, but its log data can be ingested by a SIEM correlation.

Preventing and Mitigating

• Disable or remove remote services whenever possible; If not possible, use MFA/IP address restriction.

• Do not allow remote access directly from the internet. Instead, enforce the use of remote access gateways along with a VPN that requires multi-factor authentication;

• Require separate credentials for any remote access services; and administrative accounts.

• Allow only VPN IP addresses to connect via RDP so that only trusted machines can connect;

• Application whitelisting is critical to identify risks and unsanctioned application within your organization;

• Network and domain segregation, isolation critical system from none critical system';

• Deploy password lockout provisions to prevent brute-forcing attempts;

• Implement awareness security training programs for employees;

• Phishing simulation to identify employees who a susectiable to phishing emails;

• Monthly external vulnerability testing;

• Daily backup to a cloud provider, or take a copy of the backup offline Daily, Monthly, or Weekly depending on your business risk;

The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. Ransomware penetrates organizations in multiple ways, so fighting it requires more than one product. CyberSecOp Ransomware Defense products provide ransomware protection from the network, DNS layer to email to the endpoint. As ransomware evolves, so does CyberSecOp defense technologies.

CyberSecOp is proud ISO 27001 Certified Organization

The team at CyberSecOp is ISO/IEC 27001:2013 (ISO 27001) certified.
International Organization for Standardization (ISO) is an internationally recognized standard that ensures that firms such as CyberSecOp, meet best practices for information security management systems and vigorous risk-based framework approach.

We are committed to following a high-quality and consistent security management system. A-lign, an independent, third-party auditor, found CyberSecOp to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications. Therefore, through ISO 27001, we have developed and implemented processes and procedures in order to provide requirements for establishing, implementing, maintaining, and continually improving an information security management system. The entire certification leads us to the appropriate requirements for an Information Security Management System (ISMS) in our company — a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management processes.

Achieving the ISO 27001 certification is the result of a great amount of effort, dedication, and involvement from every member of the CyberSecOp team. We are constantly challenging ourselves to improve our service and provide the highest security and privacy standards to meet or exceed the needs and expectations of our customers.

Author: Carlos Neto

Information Security Officer

Since early 2018, there has been a sharp spike in the cleverness, thoroughness, and precision of the security breaches we see in the ransomware landscape. Regardless of attack vector - whether it's from phishing, vishing, or the classic insider threat - once ransomware is on your computer, it's incredibly difficult to restore your files. It takes some serious intervention to stand a chance of recovering your business (or personal) data. 

The easiest solution is to get the appropriate key and decryption tool, and use them together to unlock your files...but typically you only receive those resources in exchange for paying the ransom, and many companies can’t afford the ransom at its original price. By that time, there's a good chance you've taken a catastrophic financial blow.  From hospitals, to insurance companies, to banks, there are plenty of highly valuable (and highly vulnerable) assets to be manipulated, and threat actors don’t hesitate to put lives at stake for the benefit of their wallets.

So how can we prevent these breaches? What is the key to staying safe from attackers?

The answer may be simpler than you think.

The three most impactful measures you can take to stay safe are as follows:

★    Quarantine

○     Take your computer off the network or wifi and reset your data by wiping the device entirely back to its factory settings (the way it came when you bought it) the moment you can confirm there has been a breach.

★    Have a backup

○     You can only take the first measure if you either don’t care at all about your data, or you have bothered to back it up so you have an unencrpted copy.

★    Get help negotiating your ransom down

○     If you need to pay the threat actor the ransom money to recover your data, there are many firms that can help you with this - don’t pay the full price of the ransom! Firms that can help with ransom negotiation and essential protections include CyberSecOp, which you can reach by using Our Contact Form.

So what’s so special about the threat of Linux-based malware? A Linux-based ransomware variant has the potential to take down any and every industry. Major cloud providers like AWS (Amazon Web Services), Oracle, and Microsoft base entire workloads on Linux; malware sweeping through those servers could bring down any company that uses a modernized cloud stack to host their sites and data.

And then there are hacktivists - hackers who hack to do activism for their cause (which can vary greatly in scope between organizations). Hacktivists have a history of using their ransomware attacks to make a point - whether it’s political or personal - and to incite fear in other companies or individuals who support the cause represented by the victim. While you might not think this presents a threat to you personally, or even to your business, the truth is that innovations in cyberattacks threaten us all. If the target were to have a Linux-based system, the hacktivist group targeting that individual would be devoted to finding a way to spread ransomware across Linux-based devices. When ransomware is evolved by perpetrators to this degree, we are likely to see major outages across all the cloud providers listed above, and it could cripple any business or personal account that is hosted therein.

To avoid such a catastrophic and monolithic problem, we should learn to govern our systems from a more ecosystem-centric approach, rather than depend on the classic signature-based antivirus alerts that have become standard. You may recognize Norton Antivirus alerts or even operating-system-based protection like Windows Defender presenting to you pop-ups about updating your signatures.

The truth is that we shouldn’t rely on the technical drivers of these updates, the people who hunt down and publish these known virus signatures, to keep us safe. We should be educating our employees, friends, and families, on the essentials of how to stay digitally secured and prevent breaches in the modern threat landscape. This concept is especially important as a mere tweak in the code of a virus and a quick recompilation of that code can cause the hash (or signature) of the virus to change, causing these famous signature-based antivirus softwares to completely miss the threat on your device.

A phenomenal example of how dangerous this variant-based workaround can be is what happened to the Colorado State Department of Transportation (CDOT) in early 2018.

“As CDOT’s Information Security group scrambled to contain the spread and impact of SamSam’s first wave, their efforts were quickly undermined by another variant of the same ransomware strain that was spreading throughout many of the newly sanitized zones of their network.”[1] (Richard Horne for the SANS Institute)

In an interview with the Denver Post, Brandi Simmons, a spokeswoman for the state's Office of Information Technology said, “The variant of SamSam ransomware just keeps changing. The tools we have in place didn't work. It's ahead of our tools.” The tools in question were signature-tracking antivirus software, like what many of us use on our home computers. In the end, Colorado's Office of Information Technology, the Colorado National Guard, and the FBI all had to collaborate to contain this threat, and by the time they had, over 2,000 computers running Windows and McAfee security software had been taken offline.

In conclusion, it seems inevitable that we will see Linux systems fall prey to the same types of ransomware we currently battle; it’s only a matter of time. Make sure you’re safe and you know how to protect your data: maintain a backup of all your files, be ready to quarantine in the event of a breach, and remember not to panic. We are here to help.

Sources:

https://www.sans.org/reading-room/whitepapers/tools/strings-me-linux-ransomware-39870

https://www.darkreading.com/attacks-breaches/second-ransomware-round-hits-colorado-dot/d/d-id/1331197

Authored by Alison Stuart

What is Vishing?

We’ve all heard the countless stories on phishing and how much of a threat is it in today’s information security landscape. Social engineering to solicit confidential information via email is a threat that all of us have been made aware of. Extensive efforts have been made to not only reduce the influx of phishing emails, but also to raise awareness so that users have the know-how to assess and respond to the threat when a malicious email hits their inbox.

In response, threat actors have turned to a newer form of exploitation: Vishing. Vishing is a form of criminal phone fraud that uses social engineering over the phone or SMS to gain confidential information. Here are some examples

• Fake call from “Help Desk” asking for credentials

• Unsolicited calls for credit and loans

• Calls from a fake client asking about an invoice

Vishing is becoming an increasingly favored tool attackers use, due to the Covid-19 pandemic. With the shift to work-from-home environments, corporate VPNS, and elimination of in-person verification, threat actors are shifting their tactics to exploit this widespread weakness.

How do I protect my firm against Vishing?

1. Security awareness is the best line of defense against this type of attack, so be sure to incorporate vishing education into your information security awareness program. Policies and procedures should be established and communicated to ensure that employees can verify identity when the helpdesk or anyone else from the company calls and asks after proprietary topical information. It is imperative that information security managers instill a sense of suspicion for any caller asking for said information.

2. Enabling MFA for any system that has access to confidential information, network or system is non-negotiable; that second factor of authentication can halt many types of attacks. When you enable MFA you avoid the use of SMS as a means of authentication as SMS is easily manipulated and exploited.

3. Lastly, always apply least privilege so that in the event an account is compromised, there will be minimal damage.

AUTHOR: CARLOS NETO

Information Security Officer

The current pandemic gives cloud computing a push forward; our clients are taking advantage of CyberSecOp Alliance resilient cloud-based digital infrastructure for businesses of every size to protect their data. We have noticed 58% growth in our Cloud services, securing and protecting data while working remotely is one of the top concerns for most of our clients.

During the crisis, cyberattacks have increased worldwide, including against critical healthcare institutions, which have been the target of ransomware attacks. Private-sector data reveals a 350% surge in phishing websites since the start of the pandemic.

Our security professionals prepare for a new level of untrusted network activity and cyber attacks as remote working is expected to continue. What are the questions you should be asking, and what controls need to be in place?

Pandemic & Post Pandemic Cyber Security

While we are still very much on this transformation journey, we are working on the mindset of our clients to be prepared for quicker response to a crisis like COVID-19, by doing this we will increase business continuity and build-in security for all remote working processes. Removing legacy systems, introducing more automation, better identity and access management for remote systems, secure build for remote devices, extended security services such as Managed Detection and Response (MDR), IPS/IDS, Advanced Endpoint Protection, Application Firewall, DNS Filtering, Automated Virus Containment, and Filer Reputation Detection this will provide an additional layers of security for remote workforce, please see below for other recommendations.

Telecommuting is the only way of working for many

1. Adoption of virtual desktop will finally see an upswing:

With tele-working likely to become the norm, virtual desktops could become the security baseline for IT teams to enforce data management standards. Virtual desktops emulate a computer system so that IT can control access as such adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.

To meet the stringent criteria of regulatory and corporate compliance regarding data security, many companies will see the adoption of virtual desktops as the go-to solution.

2. We will notice surge in adoption of decentralized cyber security:

Traditional cyber security controls dictate a centralized approach where data is consolidated from different sources to perform analysis and investigation. With swift digitization, security controls will shift to data sources, similar to the trend witnessed in IoT. We could start seeing a new wave of anti-virus, data loss protection, digital rights management and endpoint-based firewalls and other security controls gaining traction.

With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralized cyber security will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.

3. Rise in bio metric way of authentication:

User access controls have largely revolved around one or two-factor authentication. These methods rely on “something you know (username)” and “something you have (password)” and given hackers’ interest in employees as the weak link to start a technical exploit, we will see cyber attacks directed towards individuals.

This means identity protection will be of priority and the best defense should focus on building authentication systems which focus on “who you are.” This would require advanced bio metric solutions such as fingerprint/thumbprint/hand print, retina, iris, voice, and facial recognition technologies.

With bio metrics, hackers’ attempt at impersonating you just got a lot harder than trying to break into passwords. 

New processes will govern our way of work

1. Global privacy regulation and policies will require a re-look:

The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes. With remote working concepts taking center stage, re-evaluation of these policies is needed to address the new cyber threats.

From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR, NYDFS, CCPA, SHIELD Act compliance and state privacy laws.

Governance around companies and employees’ social media profiles would also have to be included as these platforms are frequently trolled by hackers as they carry out reconnaissance before launching a cyber attack.

2. Cloud will become more important than ever before:

 The shift to cloud services offers employees, customers, suppliers, and everyone else across the ecosystem a seamless and frictionless access to data and applications. Remote access by various users would compound security challenges and presents many new potential attack vectors.

In the post-pandemic world, IT resources would shift towards data, particularly keeping data secure across cloud platforms.

3. Containerization technology will be extended beyond enterprise network to include endpoints:

IT architectures will extend containerization and zoning concepts to include not just systems, but also people, roles, and the level of sensitive data they possess. Containerization, thus, will be extended beyond enterprise networks to include endpoints such as remote worker machines and mobile devices.

This will facilitate cyber security teams to apply varied access controls and demarcate data storage to minimize risk of cyber intrusion and data breach.

Source: Cybersecurity Ventures

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard intended for implementing cybersecurity across DoD contractors.

The CMMC has been in development for a number of years, but the first details on the framework were released in January 2020. The framework makes use of a “maturity” model, in which audits will be conducted by third-party assessors. Firms will be assigned a “level” that represents the cybersecurity protections, or maturity level they have demonstrated.

Breach Report and predicted loss by 2024

A recent study predicted that business losses due to cybercrime will exceed $4.5 trillion by 2024. The threat to the Defense Industrial Base (DIB)--the network of more than 300,000 businesses, organizations, and universities that research, engineer, develop, acquire, design, produce, deliver, sustain, and operate military weapons systems--is especially alarming due to current cyber warfare activities by cybercriminals and state-sponsored actors.

Security is a foundational component of acquisition

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S) recognizes that security is a foundational component of acquisition and that some contractors are trading security to benefit cost, schedule, and performance. It's estimated that the DoD supply chain consists of more than 300,000 businesses and organizations, all of which are targets. Most of these organizations are small to mid-size businesses, which are the most vulnerable to cyber-attacks. Based on over 100 Data Breach Investigation's CyberSecOp recognized that organizations between 100 -300 employees are prime victims for cyber criminals because of lack of security controls.

CMMC Model Structure

The goal of CMMC is to provide a framework for the improvement of cybersecurity in DIB sector organizations. CMMC currently defines 17 domains of technical capability, each with five levels of certification (L1 through L5) and specific practices. The DoD will require an organization to have CMMC Level 3 certification before it can receive Controlled Unclassified Information (CUI) in any domain.

CMMC Domains

CMMC Leveled Practices

The majority of the practices (110 of 171) originate from the safeguarding requirements and security requirements specified in FAR Clause 52.204-21 and DFARS Clause 252.204-7012. The practices fall into five levels:

• Level 1 represents basic cyber hygiene, and focuses on the protection of federal contract information (FCI). It consists of practices that correspond only to the basic safeguarding requirements specified in 48 CFR 52.204-21 ("Basic Safeguarding of Covered Contractor Information Systems").

• Level 2 is a transitional step in cybersecurity maturity progression to protect CUI. Level 2 consists of a subset of the security requirements specified in NIST SP 800-171, as well as practices from other standards and references.

• Level 3 focuses on the protection of CUI. It encompasses all of the security requirements specified in NIST SP 800‑171, as well as additional practices from other standards and references.

• At Level 4, the model begins to focus more on the proactive activities an organization can take to protect, detect, and respond to threats. These practices enhance the organization's ability to address and adapt to the changing tactics, techniques, and procedures (TTPs) used by advanced persistent threats (APT)s.

• Level 5 focuses on the protection of CUI from APTs. The practices increase the depth and sophistication of cybersecurity capabilities.

CMMC Cyber Compliance Services

DOD has made the effort to simplify CMMC, but it is surely still complicated. CMMC is based on several other standards, including DFARS, CERT RMM, 800-171, AU ACSC Essential Eight, UK NCSC Cyber Essentials, ISO 27001, CIS Critical Security Controls, and the NIST Cyber Security Framework. Utilizing all the above information security standards make it very challenging for most DOD contractors to copy with CMMC. Get compliant with CyberSecOp CMMC Assessment, Security Program & Advisory Services.

Author: Kaushik Reddy