CYBER SECURITY CONSULTING SERVICE AWARDS AND RECOGNITIONS
CyberSecOp's comprehensive managed security services, cyber security consulting, professional services, and data protection technology are recognized as industry-leading threat detection and response solutions by major analyst firms, key media outlets, and others.
Don't let a cyber security breach damage your reputation
Cybersecurity breaches have cost many organizations some of their largest clients. While most organizations quickly hire legal experts, public relations teams, and a cyber security firm like CyberSecOp, the reputation damages have already begun. For example, your client may not have access to your services for hours before you realize that your system was affected.
Prime attack time
Attackers are strategic with time selection to minimize their activities being seen by employees. Most attackers operate on weekends or at night, knowing that most organizations’ employees do not access or monitor systems at this time.
When does reputation damage begin?
Reputation issues may begin long before the organization knows about an attacker. Some attackers disclose information on social media so that the organization will act quickly to their demands. Most cybercriminals spend an average of three months on clients’ systems before they act, but by this point, they may have already sold your data on the dark web or to your competitor.
Disclosing sensitive information violates privacy policies and requirements such as CCPA, GDPR, and some states’ and countries’ data protection regulations or requirements. The data disclosed may also include clients and your client’s customer information, putting your clients at risk. They, too, need to report the breach to their customers and provide the necessary protection to protect their customer’s credit and identity.
Reputation damage extends to your client.
At this point, not only is your organization’s reputation is in jeopardy, but also the reputation of your client and your client’s customers. All of these expenditures may be a liability to your organization if the breach is on your side, especially if there is evidence that you didn’t take due care regarding your organization’s security posture.
Conclusion
Defense-in-depth security program
Having a defense-in-depth security program such as those offered by CyberSecOp, cannot only save your business money but can also help you compete against other companies that have not implemented a security program. Most organizations have implemented a vendor management program to mitigate their threat against a third-party risk. A security program that includes third-party risk management is critical to identifying and remediating internal and external threats.
Sanctions Leave US Ransomware Victims with No Way Out
The US Treasury Department's Office of Foreign Assets Control ("OFAC") imposed multiple sanctions against a Russian-operated virtual currency exchange involved in ransomware payments. It issued an updated advisory on the sanction risks associated with ransomware payments.
Victimized organizations balance the risk and cost of stalled operations and encrypted data with federal watchdogs ready to act. Response and recovery are never going to be an easy process. Ransomware exists because organizations and cyber insurance companies are paying the perpetrators.
Ransomware attacks, in most cases, cause complete shutdowns of mission-critical functions. This has the same effect as business continuity events. As a result, business continuity planning is one of the best ways to prepare for the increasing likelihood that an organization will eventually fall victim to a ransomware attack. Without a solid business continuity plan, organizations are forced to pay threat actors and may face stiff sanctions or fines in the future.
A ransom payment is a negligible portion of the costs incurred by an organization following a ransomware attack. Added to the risk of reputation loss, fines, sanctions, downtime, and recovery expenses, organizations, and cyber insurance firms face uncertainty without clear direction on identifying threat actors for proper OFAC due diligence.
Biden-Harris Administration Warns
In response to the unprecedented economic sanctions imposed by the United States, the Biden-Harris Administration has repeatedly warned about the possibility of Russia engaging in malicious cyber activity against the United States. There is now growing evidence that Russia is considering cyberattack options.
The United States Government will continue to work to provide resources and tools to the private sector, including through CISA's Shields-Up campaign. While we will do everything possible to defend the Nation and respond to cyber-attacks, the private sector owns and operates much of the nation's critical infrastructure. Therefore, the private sector must act to protect the vital services on which all Americans rely.
Biden-Harris Administration and CISA Urge Companies To
Below you will find a list of guidance provided by the Biden-Harris Administration and CISA. CyberSecOp has assisted with the following list, along with other security frameworks found below.
Biden-Harris Administration and CISA List
Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system.
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.
Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities and change passwords across your networks so that previously stolen credentials are useless to malicious actors.
Back up your data and ensure you have offline backups beyond the reach of malicious actors.
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.
Encrypt your data so it cannot be used if it is stolen.
Educate your employees about common tactics that attackers will use over email or through websites and encourage them to report if their computers or phones have shown unusual behavior, such as uncommon crashes or operating very slowly.
Engage proactively with your local FBI field office or CISA Regional Office to establish relationships before cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI, to find technical information and other valuable resources.
Bolstering America’s cybersecurity over the long term
We also must focus on bolstering America’s cybersecurity over the long term. We encourage technology and software companies to:
Build security into your products from the ground up - “bake it in, don’t bolt it on” - protect your intellectual property and your customers’ privacy.
Develop software only on a highly secure system and accessible only to those working on a particular project. This will make it much harder for an intruder to jump from system to system, compromise a product, or steal your intellectual property.
Use modern tools to check for known and potential vulnerabilities. Developers can fix most software vulnerabilities — if they know about them. There are automated tools that can review code and find most coding errors before software ships, and a malicious actor takes advantage of them.
Software developers are responsible for all code used in their products, including open-source code. Most software is built using many different components and libraries, which are open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it.
Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity. Under that EO, all software the U.S. government purchases are now required to meet security standards in how it is built and deployed.
CyberSecOp Cybersecurity Services & Information Security Compliance assists organizations in developing mature cyber security, risk, and compliance programs according to PCI, HIPAA, SOC, GLBA, FISMA, ISO, NYDFS, NIST, and other security compliance mandates.
Protecting Against Ransomware: Zero Trust Security
Zero trust isn't a silver bullet for ransomware, but if implemented well, it can help create a much more robust security defense.
Did you know only 26% of companies have a specific incident response plan for ransomware? With ransomware attacks constantly on the rise, your organization needs to be prepared and take every possible precaution.
Reduce your organization’s risk with CyberSecOp Zero Trust Program. With the help of a single-source platform for your compliance program, you can protect against vulnerabilities while reducing incident response time by as much as 60%.
Ransomware victims paid more than $600 million to cybercriminals in 2021. According to blockchain analysis firm, Chainalysis, more than $600 million in cryptocurrency could be tied to ransomware payments in 2021, with the Conti ransomware gang accounting for nearly one-third of those payments.
HOW CAN CYBERSECOP HELP YOUR ORGANIZATION BE CYBER READY?
CyberSecOp provides cyber risk and advisory programs that identify security gaps and build strategies using Zero Trust or other security frameworks. The zero-trust model is an effective defense mechanism for preventing ransomware. Adoption of zero-trust architecture, the modern alternative to perimeter-based security, is one of the most effective ways to prevent ransomware attacks.
Don't Forget the Fundamentals on World Backup Day 2022
March 31st is apparently world backup day! Who knew? In honor of that it seemed like a good time for a quick post extolling the virtues of backups. According to the “WorldBackupDay” website, 21% of people have never taken a backup and 30% of computers are already infected with malware. While these stats are related to individuals and not necessarily businesses the stats sound about right.
Take Backups!
Regardless of whether you are a small business or a global Fortune 500 company, backups are an essential part of your organization's risk management plan. It’s easy to be lulled into complacency. Just the other day I was working with an organization in the mechanical service delivery industry who’s entire “IT Infrastructure” was a single 2017 iMac. They never bothered with any additional machines, backups and other such items because they had been told that Mac’s were “bulletproof” and not susceptible to the common maladies of the humble PC. Unfortunately, their Mac was susceptible to good old fashioned old age and corrupt updates. As a result they found themselves in a position where they had a large proposal for a job due the next day and the only place it existed was on this one broken Mac. Now fortunately for them, we were able to recover the system and restore their data, but what if we hadn’t been able to? It is absolutely critical, regardless of the size of your organization that you have a backup solution in place tailored to your specific needs. Stay tuned for some suggestions on backup providers we love at the end of this article!
Test your Backups!
This might seem like a no-brainer, but in addition to taking backups, it's critically important that you TEST your backups. Having a plan and procedure in place for how to recover your data in the event of a disaster is just as important as taking the backup in the first place! In my last example of the company with a single iMac. What if they had set up icloud and automatically configured their file to sync there. If I had asked the owner of the business if he had the password for the icloud account or even knew what account icloud was associated with, I wonder if he would have known? Having a documented plan that outlines where your backups go, what authentication is used to access them, how frequently they are taken, and how to restore them to a device is critical. If you are a larger organization you probably want to start having conversations about RTO and RPO at this point as well and ensuring your backup solution can meet those goals. (Recovery Time Objective, Recovery Point Objective.) Essentially, how long will it take to recover my data and how much time passes between backups, or put more simply, how much data can I afford to lose? 1 Day’s Worth? 1 Weeks worth? Less? More? Make sure your backup solution can meet your specific needs and goals!
Protect your Backups!
Finally, congrats if you're taking and testing your backups! Are you also protecting your backups? You’re probably thinking, protecting my backups?! What’s this guy going on about now? Consider this, you backup your information every night and test it regularly. You sleep easy at night knowing that you can recover should the worst happen. However, what you don’t know, is that earlier last month one of your employee’s laptops was infected with a virus. This virus replicated across your organization but stayed dormant, collecting information about your company and environment but not taking any malicious actions yet. The threat actor discovers that your backups run nightly and are stored for 4 months on a network share. The virus then deletes all of your backups and begins encrypting your files. When you return to work the next day and find all of your computers and files encrypted, you attempt to recover from backup only to find your backups have been deleted! This is an oversimplification of the process but this is essentially what the bad guys are doing. There are many ways to prevent this sort of attack including storing backups in offline or immutable data stores, encrypting your backups and storing multiple copies of every backup in different locations. At this point you might be thinking “I can simply copy files to an external drive of some sort on a regular basis right?” , but what if something happens to that drive? As the old timer’s say, “two is one and one is none”. The idea is that if you only have one, something could happen to it and then you have none. Have a backup plan for your backup plan!
Conclusion
Now that you’re completely terrified know that there are solutions out there for all of these problems. Proper backup planning is a key component of every organization's Disaster Recovery, Business Continuity and Incident Response Planning. If you are looking for assistance with any of those plans, make sure you give us at CyberSecOp a call, we would love to help you with this.
In the meantime if you're looking for somewhere to start with backup’s here are some of our favorites.
Author: Timothy Burger
Chrome and Edge Should Be Updated Due to a Zero-Day Vulnerability
Google and Edge has released an update to remediate a critical zero-day chrome exploit. The zero-day is a weakness in Edge and Chrome's JavaScript engine that can be used by hackers to inject their code into your browser. Google explains for zero-day exploit CVE-2022-1096, first reported to the company by an anonymous tip on March 23. As part of our commitment to continuous support in security monitoring and enhancement we advise all clients to update to Chrome version 99.0.4844.84 and Microsoft Edge 99.0.1150.55 of as soon as possible.
DETAILS AND REMEDY FOR MICROSOFT AND GOOGLE
At this time Microsoft and Google won't provide much more information other than admitting there have already been attacks leveraging this zero-day weakness and keeping some information away from the public as a safety measure, stating that full details on how the exploit worked won't be made public until most users have the fix. Fortunately, this time Microsoft and Google was apparently able to issue a patch before the exploit became widely known.
Normally Chrome updates happen in the background when you close and reopen your computer's browser.
Microsoft issued its own notice and said the issue was fixed in Edge.
Please follow the steps below to ensure you have the latest version of Chrome.
Remediation Efforts
On your computer, open Chrome.
Author: Tanvir Ahmed
ADVISORY: Reports of possible digital breach
ADVISORY: Reports of possible digital breach
Okta investigating reports of possible digital breach
Lapsus$, a cyber extortion gang, has announced that they have breached Microsoft and Okta.
The gang has leaked torrents containing source code for Bing, Bing Maps, and Microsoft Cortana, as well as a screenshot of an internal Microsoft Azure DevOps account. They also claim to have had “Superuser/Admin” access to Okta’s systems for two months, and said its focus was “only on Okta customers.”
Both Microsoft and OKTA have started an investigation to confirm or disprove they’ve been breached.
Recommended Actions:
These attacks are a striking reminder of the supply chain’s cyber risks - Real risks brought to organizations by use of softwares and systems like OKTA, Microsoft, as well as many others.
Please work with your vCISO or Risk Manager to ensure the proper Vendor Security controls and processes are in place as well as other vital security controls that will drastically reduce the possibility of these dangerous hacks spilling into your network and systems.
Author: Michael Sardari
CISA's 'Shields Up' Alert Highlights Foreign Cyberthreats
Cyberwarfare is the battlefield of today. Increased geopolitical tensions stemming from Russia's unprovoked attack on Ukraine has led to CISA (the Cybersecurity & Infrastructure Security Agency) issuing a "Shields Up" bulletin. Every organization must be prepared to respond to disruptive cyber activity, especially those in critical infrastructure fields.
Here are some tips to help you keep your organization safe in these trying times.
Reduce the likelihood of a damaging cyber intrusion
Use MFA or Multi-Factor-Authentication everywhere.
Ensure all Systems are patched and up to date.
Consider increasing patch frequency if not already real-time.
Take steps to quickly detect a potential intrusion
Run, update and monitor a strong Endpoint Protection Program.
Consider increasing Spam and Phishing filter sensitivity.
Disable any non-essential ports and protocols, specifically through external gateways.
Ensure that the organization is prepared to respond if an intrusion occurs
Review your incident response plan and ensure it is up to date and all parties are clear on their roles.
Maximize your organization's resilience to a destructive cyber incident
Ensure that you are taking regular backups and that your backups are encrypted and immutable.
Test your backup and recovery procedures.
Communicate with your users, the best and strongest defense is a well-educated and well-prepared workforce.
If you are a CyberSecOp customer today in either our vCISO or vSOC program your risk manager will be reaching out shortly to ensure this guidance is being implemented to the extent possible within your organization.
If you are not currently enrolled in one of our plans and need assistance assessing your posture and capabilities, please feel free to reach out.
What Does Cybersecurity Compliance Mean?
Cybersecurity Compliance involves meeting various controls (usually enacted by a regulatory authority, law, or industry group) to protect the confidentiality, integrity, and availability of data. This is usually driven by a security consultant.
What is a Security Consultant?
A security consultant, also sometimes called a security analyst, pinpoints vulnerabilities in computer systems, networks, and software programs and identifies solutions to defend against hackers. This consultant role is a strong example of a highly specialized IT occupation.
What Does a Cybersecurity Consultant do?
Cybersecurity consultants assess an organization's security operations, computer systems, network, and software for vulnerabilities, then design and implement the best security solutions for the company. If a cyberattack does happen, the client will reach out to a security consulting firm, such as CyberSecOp, to seek expertise to respond and mitigate the damage. Cybersecurity consultants and risk managers can provide your organization with technology controls, policies, procedures and other management controls.
What does a Risk Manager do?
While cyber security consultants/analysts are geared more towards the technology stack of an organization a Risk Manager takes it a level higher and focuses on the organization risk from a holistic view. A risk manager can help an organization understand how to formulate a documented Risk Management Framework (RMF) in which representation from key stakeholders and leaders take part in continuously assessing, identifying and mitigating risks for the organization. This goes beyond the security tools and into the realm of Policy, Culture, Procedure, Communication and continuous improvement. Risk Managers are skilled at organizational risk and are a key component of not only ensuring compliance, but risk reduction as a whole. It is important to remember that being compliant is not necessarily being secure, and risk mangers can bring that whole package together.
What are Cybersecurity Consulting Services?
Cybersecurity consulting helps organizations mitigate certain risks and prevent identity theft, hacking and data theft. A cybersecurity consultant can also help identify risks that the business may have previously overlooked. Cybersecurity consulting acts as an extension to your in-house security team.
Main Areas of Focus Will Be:
Security management, governance and compliance
Risk Management
Security monitoring
Security architecture
Incident response
Remediation of attacks
Attack detection
Cybersecurity Consulting Service Benefits
Cybersecurity consulting acts as an extension to your in-house security team.
The professionals from CyberSecOp security consulting services can identify problems within the organization
Maximize your security investments with cybersecurity services.
Cybersecurity consulting management makes it easier to handle regulatory and compliance requirements.
Cybersecurity services provide you with experts who have the training, experience and qualifications needed to identify and manage risk all the while ensuring your business remains compliant.
CyberSecOp security consulting services help your organization achieve maturity within your security environment. CyberSecOp cybersecurity consulting firm has experience with diverse clients across many industries. A skilled group of security consultants will know the pitfalls and hurdles to avoid in relation to your security transformation or security compliance requirements.
CEO Letter - Cyber Security Operations Consulting (CyberSecOp)
We believe the foundation of our success is grounded in our vision to uplift enterprise security while ensuring confidentiality, integrity, and availability beyond best practices. That purpose is a virtuous circle. We create long-term value by empowering our people to deliver for our customers and communities. CyberSecOp helps organizations with security consulting, incident response and ransomware negotiation, payment, and recovery.
Our vital role to the community can be found in our mission statement. Our mission is to make the world a better place by defending and protecting our clients and partners from the theft of sensitive data through rapid incident response, cyber security programs, threat hunting, and the deployment of protective measures.
Sustainability and Growth
Our sustainability is rooted in our vision and mission statement. We believe this is an integral part of our growth and the reason we can keep our promises to our clients and partners.
Growth - Expectations for 2022 are higher than 2021, a year with 85% growth. Cyber risks currently rank as one of the top global threats to businesses and custodians of data, along with an ever-increasing number of data privacy and protection laws. These factors, combined with CyberSecOp’s ability to respond both proactively and reactively, put the company in a very favorable position.
Partnerships - CyberSecOp continues to develop, encourage and align an increasing number of strategic partnerships, allowing our teams to continually improve upon our Service Level Agreements (SLA’s) and expand our portfolio and breadth of services.
Culture - CyberSecOp has built a culture of people passionate about Cybersecurity and Professional Services. Uniting around a common goal brings our team together and ensures everyone is working to assist our clients with Cyber Security and compliance. We are a diverse workforce with an open and collaborative culture. Our goal is to be a leading security consulting company by empowering our employees to provide top-quality services measured against best-in-class industry benchmarks.
Customer Success - Customer satisfaction and success continue to be CyberSecOp’s highest priority, measured by retention and the increase in recurring services. Our success is a direct result of the success of our clients.
Our commitment to our mission, staff, clients and partners will continue to fuel our fast growth, creating long-term value for all stakeholders.
What is Your Organization's Cybersecurity Game Plan?
What is Your Organization’s Game Plan for Optimizing Cybersecurity Management?
Like the teams prepping for Sunday's Big Game, cybersecurity and risk management require a playbook to efficiently manage multiple frameworks. Most organizations are going on the offensive with their defensive measures in regards to cybersecurity and risk management. CyberSecOp cybersecurity programs empower your security maturity and culture by utilizing multiple security frameworks to address expanding requirements.
Why is Offensive Defense Important?
Threats like ransomware give attackers the ability to shut down your access to devices, databases and other data streams. While large corporations and government agencies are in attackers’ crosshairs to yield big payouts, small and mid-sized businesses (SMBs) are not immune to ransomware risks.
Which Security Framework Can Reduce the Risk of Ransomware?
CyberSecOp provides cyber risk and advisory programs to identify the right security framework for your organization and industry.
How CyberSecOp Assists Our Customers:
To protect against ransomware, CyberSecOp assists clients to implement NIST Cybersecurity Framework and NIST SP 800-207, Zero Trust Architecture to help understand, manage and reduce your cybersecurity risks like phishing and ransomware attacks.
CyberSecOp assist our customers with:
Benefits
Reduce the potential of ransomware encryption
Experienced Security & IT leader
Reduce risk
Build risk assessment program
Third-party risks, privacy compliance and data processing mapping.
Response and mitigation strategies
Security monitoring (SOC & MDR)
GRC platform that incorporates all stages of processing in the risk operational workflow.
Monitor and report on combines and individual frameworks
CyberSecOp cybersecurity experts have been involved in thousands of audit processes at organizations worldwide. Our team has experience with the following framework and regulatory requirements: NIST, PCI, HIPAA, GLBA, SOC, FISMA, GDPR, NYDFS, ISO 27000, SEC, FINRA and others.
Cybersecurity Consulting Career
Cybersecurity consulting is a type of professional service that helps organizations assess their cybersecurity risks and vulnerabilities, and provides guidance and recommendations for improving their cybersecurity posture. Cybersecurity consultants typically have a strong background in information technology and cybersecurity, and are skilled in identifying and mitigating potential security threats. They can provide a variety of services, including conducting security assessments, developing and implementing security policies and procedures, providing security training to employees, and assisting with the selection and implementation of cybersecurity technologies and tools.
The goal of cybersecurity consulting is to help organizations protect their systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction. This can involve identifying and addressing potential vulnerabilities, implementing effective security controls, and developing and practicing incident response plans in the event of a security breach. Cybersecurity consultants can work with organizations of all sizes and in a variety of industries, and can provide services on a one-time or ongoing basis, depending on the needs of the organization.
Cybersecurity Consulting Career
A career in cybersecurity consulting can be a rewarding and challenging field, requiring a strong foundation in information technology and cybersecurity, as well as excellent problem-solving, communication, and consulting skills.
To become a cybersecurity consultant, you will typically need to have a bachelor's degree in a related field such as computer science, information technology, or cybersecurity. Some employers may also require a master's degree in a relevant field or industry certifications such as the Certified Information Systems Security Professional (CISSP).
In addition to formal education, practical experience in information technology and cybersecurity is also important for a career in cybersecurity consulting. This may include internships, part-time or full-time work in IT or cybersecurity roles, or participation in cybersecurity-related clubs or organizations.
As a cybersecurity consultant, you may be responsible for working with clients to assess their cybersecurity risks and vulnerabilities, and developing and implementing strategies to improve their security posture. This may involve conducting security assessments, developing and implementing security policies and procedures, providing security training to employees, and assisting with the selection and implementation of cybersecurity technologies and tools. You may also be responsible for staying up-to-date on the latest trends and developments in the field, and for maintaining industry certifications as needed.
The demand for cybersecurity professionals, including cybersecurity consultants, is expected to continue to grow in the coming years as organizations of all sizes seek to protect their systems, networks, and data from increasingly sophisticated cyber threats. According to the U.S. Bureau of Labor Statistics, employment of information security analysts, which includes cybersecurity consultants, is projected to grow 31% from 2019 to 2029, much faster than the average for all occupations.
Cyber Security Consultant salary
The salary for a cybersecurity professional, including a cybersecurity consultant, can vary widely depending on a number of factors such as the individual's level of education, experience, skills, certification, and location. According to data from the U.S. Bureau of Labor Statistics (BLS), the median annual wage for information security analysts, which includes cybersecurity consultants, was $99,730 in May 2020.
The BLS also reports that the lowest 10% of information security analysts earned less than $58,480 per year, while the highest 10% earned more than $157,590 per year. Factors that can impact a cybersecurity professional's salary include the industry in which they work, the size of the organization they work for, the location of their job, and the level of responsibility and expertise required for the role.
In addition to salary, many cybersecurity professionals also receive benefits such as health insurance, retirement savings plans, and professional development opportunities. It is worth noting that salaries for cybersecurity professionals can vary significantly depending on the specific role and the specific employer.
Cyber Threats Require New Approach to Design Flaws and Risk
Now that the year is in full swing, and you’re only left with the distant memories, COVID, and cyber security, what are your business cyber objectives for 2022?
Ours goals are to continue helping businesses:
Improving security for everyone, by doubling the amount or organizations we helped last year (100% our client shows no evidence of a data breach)
Offer competitive pricing, to make security an attainable goal for every organization
Reduce cost and increase security by implementing more automation and artificial intelligence
Cyber threats are a real threat to all modern businesses, with the evolution of technology in all sectors. Malicious cyberattacks in 2021 forced shutdown of many business operations at an average downtime of a month. According to multiple reports, the amount of companies who ended paid hackers grew by 300% in 2020, and 200% in 2021. The businesses that were victimized had two options, pay the ransom or go out of business.
Email is the most popular attack vector
Email is still a top attack vector cybercriminal use. A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing.
Top 3 email attacks
Most wire frauds are successful over email communication; the focus trust, in most case the threat actor would be in the middle of a communication between two are more parties. This allows the threat actor to control the conversation, and change wire information.
Threat actor’s setup email rules to keep persistent connections and visibility to gain insight into the organization long after all passwords have been changed.
Threat actors add external emails to distribution groups to keep persistent connect and gain continuous insight into the organization in preparation for their next attack.
Double and Triple Extortion
Cybercriminal groups identified by the FBI responsible for most incidents are known for conducting aggressive “double/triple extortion” ransomware attacks once they have gained access to a network.
In double extortion attacks not only is the victim organization’s data rendered inaccessible until a ransom is paid but the criminals may further monetize the ransomware attack by coupling it with a Distributed Denial of Service (DDoS) attack or selling the stolen data onto other criminal groups. In some cases, if the organization is not careful, hackers use email, phone, or text to deceive employees into helping them commit wire fraud.
Providing security is challenging in any industry, whether you’re talking about agriculture, automobiles, furniture, financial services, or educational. It requires special equipment and knowledge around how things can fail in the field, and a disciplined approach to executing tests that reflect real-world conditions as much as possible.
This is where CyberSecOp can help your organization
We are an independent third-party testing, and compliance readiness firm, operating only within the cybersecurity industry. With our comprehensive suite of services and solutions our team can provide continuous testing, security program development, security tabletop exercise, security awareness training to reduce risk and increase critical testing against sensitive systems, using real-world conditions.
Ransomware Protection with Zero Trust Security
Zero Trust Security Architecture: Why is the Zero Trust Security Model important?
Endpoints represent the most significant attack surface, according to IDC, with over 70% of breaches originating on the endpoint. Organizations have a diverse mix of endpoints connected to their network, whether laptops, mobile endpoints, servers, firewall, wireless hotspots, or IoT devices. Zero-trust architecture works to ensure that users, devices and network traffic are all verified and subjected to least-privilege rules when accessing trusted resources. This way, compromised assets are limited in their scope and an attacker is prevented from moving laterally across the network.
With the rise of remote endpoints and high-profile ransomware attacks, businesses face more cybersecurity threats than ever before. Traditional network security models which assume users and computing devices within the “trusted” network environment are free from compromise and cannot secure organizations. Businesses are also now recognizing that attacks are more sophisticated and that internal networks are no longer more trustworthy than what lies outside the firewall. CyberSecOp and the security community recognized that Zero-trust security is the ultimate protection against ransomware.
Zero Trust Security Optimization
Zero Trust Network (ZTN) concept follows the mantra of never trust, always verify. Through this approach, organizations can reduce their open attack surface and adopt enhanced security capabilities beyond traditional defenses. Zero Trust enables organizations to reduce risk of their cloud and container deployments while also improving governance and compliance. Organizations can gain insight into users and devices while identifying threats and maintaining control across a network.
Traditional – manual configurations and attribute assignment, static security policies, least-function established at provisioning, proprietary and inflexible policy enforcement, manual incident response, and mitigation capability.
Advanced – some cross-solution coordination, centralized visibility, centralized identity control, policy enforcement based on cross-solution inputs and outputs, some incident response to pre-defined mitigations, some least-privilege changes based on posture assessments.
Optimal – fully automated assigning of attributes to assets and resources, dynamic policies based on automated/observed triggers, assets have dynamic least-privilege access (within thresholds), alignment with open standards for cross pillar interoperability, centralized visibility with retention for historical review
10 Ransomware Prevention Best Practices
Below are 10 best practices to help security professionals improve endpoint management:
CyberSecOp Managed Zero Trust security services were built with a new approach that creates zero-trust connections between the users and applications directly to solve this unique challenge. As a scalable, cloud-native platform, it enables digital transformation by securely connecting users,
devices, and applications anywhere, without relying on network-wide access. This platform is delivered by five key architecture attributes, unique to the CyberSecOp Managed Zero Trust Security services that together enable organizations to provide strong security and a great user experience to their employees and customers.
Multi-Factor Authentication (MFA) is is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication.
Email Security is critical because 74% of organizations in the United States experienced a successful phishing attack. Implementing email security gateway, DMARC, SPF, DKIM, stronger encryption, and MFA can reduce email compromise by over 98%.
CyberSecOp endpoint management solution that supports application isolation and containment technology is a form of zero-trust endpoint security. Instead of detecting or reacting to threats, it enforces controls that block and restrain harmful actions to prevent compromise. Application containment is used to block harmful file and memory actions on other apps on the endpoint. Application isolation is used to prevent other endpoint processes from altering or stealing from an isolated app or resources. This can prevent ransomware from being deployed on devices.
CyberSecOp endpoint management solution support Protective DNS Service (PDNS) refers to a service that provides Domain Name Service (DNS) protection (also known as DNS filtering) by blacklisting dangerous sites and filtering out unwanted content. It can also help to detect & prevent malware that uses DNS such as URL in phishing emails and hiding tunnels to communicate attackers' command and control servers.
CyberSecOp endpoint management solution supports bandwidth throttling so that remote endpoints can be continuously patched and secured rather than having to periodically send IT resources to remote locations. Our solution delivers patch management over the internet without requiring corporate network access. This ensures that internet-facing systems are patched in a proactive, timely manner rather than IT having to wait for these devices to visit the corporate network before they can be scanned and remediated.
CyberSecOp endpoint management reduces administrative overhead of endpoint management solutions to accommodate tight budgets and future growth. Our solutions support many endpoints using a single management system.
Consolidate endpoint management tools. Use a single tool to patch systems across Windows, Mac and variations of Unix operating systems to simplify administration, minimize the number of open network ports, and reduce the number of active agents on endpoints.
Validate that the endpoint management solution provides accurate, real-time endpoint data and reports. End users make changes to endpoints all the time and information that is hours or days old may not reflect a current attack surface.
CyberSecOp endpoint management allows administrators to apply patches that address the highest levels of risk first based on current endpoint status. This gives the biggest impact from remediation efforts.
Make sure the endpoint management solution enforces regulatory and corporate compliance policies on all endpoints constantly to avoid unintended drift and introduction of new vulnerabilities.
To conclude
Ransomware protection needs to go beyond detecting and blocking an initial malware infection at the email perimeter. Malware can enter your organization by other means, and cyber attacks often use the web channel to contact command and control servers and download the encryption keys necessary to complete the cyber attack.
Cybercrime: TOR, Dark Web, Ransomware, and Cryptocurrency
Why cybercrimes love these tools: TOR, Dark Web, Ransomware, and Cryptocurrency
How is TOR, Dark Web, Ransomware, and Cryptocurrency connected when it comes to cybercrime? Cyber criminals use The Onion Router (TOR) in combination with a Virtual Private Network (VPN) to hide their geolocation.
This provides the threat actor with anonymity and privacy, making their connection and identity in some cases untraceable. Cyber criminals use TOR to connect to the dark web where they exchange or purchase illegal goods. This could be hacking tools, drugs, ransomware tools, or even information about your organization. Armed with TOR, VPN, hacking tools, ransomware tools, and organization information they attack organizations to infect their systems with ransomware. Threat actors can also extort a business in the case that they are able to obtain PII or other confidential data on the Dark Web.
At a very high level once the hacker infects an organization system, they encrypt the organization data with ransomware. The encryption renders all data useless. They will also look for other vectors of attack such as deleting shadow copies and other backups they can compromise. The hacker then leaves a ransom note usually demanding payment in cryptocurrency like bitcoin.
I know now you are curious like I was to know more about: TOR, Dark Web, Ransomware, and Cryptocurrency. I have taken the liberty to do just that for you below.
What is TOR?
TOR is short for The Onion Router (thus the logo) and was initially a worldwide network of servers developed with the U.S. Navy that enabled people to browse the internet anonymously. Now, it’s a non-profit organization whose main purpose is the research and development of online privacy tools.
TOR is a free software program that you load onto your computer (like a browser) that hides your IP address every time you send or request data on the Internet. The process is layered with heavy-duty encryption, which means your data is layered with privacy protection. Then there’s the route your data takes as it travels to its destination: TOR will bounce your Internet requests and data through a vast and extensive network of relays (servers) around the world. That data path is never the same because TOR uses up to 5,000 TOR relays to send your data request. Think of it as a huge network of “hidden” servers that will keep your online identity (meaning your IP address) and your location invisible. By using TOR, websites will no longer be able to track the physical location of your IP address or what you have been looking at online…and neither will any interested organizations that may want to monitor someone’s Internet activity—meaning law enforcement or government security agencies. TOR is like a proxy on steroids.
TOR has extreme value because it can work with your website browser, remote log-in applications and even with instant-messaging software. TOR is registered as a nonprofit company, so they run mainly on donations and reliance on the hope that people will become a relay to their network.
What is the Deep and Dark Web and why do you need TOR?
TOR is essential to accessing the dark web. The dark web refers to sites that are not indexed and only accessible via specialized web browsers. Significantly smaller than the tiny surface web, the dark web is considered a part of the deep web. Using our ocean and iceberg visuals, the dark web would be the bottom tip of the submerged iceberg. The dark web, however, is a very concealed portion of the deep web that few will ever interact with or even see. In other words, the deep web covers everything under the surface that's still accessible with the right software, including the dark web.
Breaking down the construction of the dark web reveals a few key layers that make it an anonymous haven:
No webpage indexing by surface web search engines. Google and other popular search tools cannot discover or display results for pages within the dark web. “Virtual traffic tunnels” via a randomized network infrastructure.
Inaccessible by traditional browsers due to its unique registry operator. Also, it's further hidden by various network security measures like firewalls and encryption.
The reputation of the dark web has often been linked to criminal intent or illegal content.
How does ransomware work?
Hackers use TOR to access organization systems to deploy ransomware, so what is ransomware you ask?
Ransomware uses asymmetric encryption. This is cryptography that uses a pair of keys to encrypt and decrypt a file. The public-private pair of keys is uniquely generated by the attacker for the victim, with the private key to decrypt the files stored on the attacker’s server.
The attacker makes the private key available to the victim only after the ransom is paid, though as seen in recent ransomware campaigns, that is not always the case. Without access to the private key, it is nearly impossible to decrypt the files that are being held for ransom. Many variations of ransomware exist. Often ransomware (and other malware) is distributed using email spam campaigns or through targeted attacks. Malware needs an attack vector to establish its presence on an endpoint. After presence is established, malware stays on the system until its task is accomplished.
After a successful exploit, ransomware drops and executes a malicious binary on the infected system. This binary then searches and encrypts valuable files, such as Microsoft Word documents, images, databases, and so on. The ransomware may also exploit system and network vulnerabilities to spread to other systems and possibly across entire organizations. Once files are encrypted, ransomware prompts the user for a ransom to be paid within 24 to 48 hours to decrypt the files, or they will be lost forever. If a data backup is unavailable or those backups were themselves encrypted, the victim is faced with paying the ransom to recover personal files.
What can you do about this?
There are many steps you can take as an individual or an organization to reduce the threat of ransomware exploiting your assets.
· Exercise extreme awareness to spot a phishing or other social engineering attempts
· Harden your devices with Anti Malware, Intrusion Prevention, Firewalls and regular patching
· Backup all important data to an external source in combination with MFA
· Utilize MFA on all applications that are critical
· Perform Vulnerability and Penetration testing to identify weaknesses in your assets
Need help with implementing the above recommendations? Want more information? Reach out to the experts at CyberSecOp and take a proactive step to preventing Ransomware and other types of malware from infecting you.
PlayStation Network Breaches (PSN Hacks)
PlayStation Network was launched in the autumn of 2006 and offers games, music and movies to people with PlayStation consoles.
2021 PlayStation Network Users Account Breach
On July 14, 2021 Sony Urges PSN Users to Use 2-Step Verification After Reports of Hacking. Sony urged users of its PSN service to use 2-step verification after receiving user reports of account hacking. Several users have submitted inquiries through the official Japanese PlayStation Support. While the issue has to do with PSN accounts, there is no indication that any of Sony’s official accounts were breached. This includes any hacking attempts or any breach of information through the service.
2014 PlayStation Network Breach
On November 24, 2014, a hacker group identifying itself as "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures. The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films, and other information.
On December 24, 2021 Xbox live and PlayStation Network attack and Christmas was ruined for millions of gamers. Millions of people could not use their games consoles for a second day as disruption on the Xbox Live and Sony PlayStation networks continued after an apparent cyber-attack.
The group calling itself Lizard Squad once again claimed responsibility for bringing down both networks on Christmas Eve, which could have affected nearly 160 million gamers. This was once again distributed denial of service, or DDOS, the attack is overloading the systems of both services by generating fake access requests. More than 110 million people use the PlayStation Network (PSN) and at least 46 million use Xbox Live, both of which connect players to other gamers and services through the internet. Lizard Squad had apparently threatened to target both networks at Christmas describe itself as the “next-generation Grinch”.
2011 PlayStation Network Breach
This PlayStation Network attack took the down for 23 days
The first reported play PlayStation Network Breach was disclosed between April 17 and April 19, 2011.
Sony learned that user information had been stolen from its PlayStation Network seven days ago, prompting it to shut down the network immediately.
The company said user account information for the PlayStation Network and its Qriocity service users was compromised between April 17 and April 19.
On April 20 PlayStation Network services were disabled to investigate the security incident. Sony update it blog that all data was encrypted and the database of customer information exposed to the unknown attacker. The data base includes information such as name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, handle/PSN online ID, as well as profile data including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers.
On April 30, 2011, Sony report that recovery is on it was and it hope to restore all services with the week. Sonly also update that it was work with multiple security firms. May 3, 2011, Sony announced that a total of 77 million customers were affected in the breach.
On May 2 Sony issued a press release, according to which the Sony Online Entertainment (SOE) services had been taken offline for maintenance due to potentially related activities during the initial criminal hack. Over 12,000 credit card numbers, albeit in encrypted form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed.
On May 6 Sony stated they had begun "final stages of internal testing" for the PlayStation Network, which had been rebuilt. However, the following day Sony reported that they would not be able to bring services back online within the one-week timeframe given on May 1, because "the extent of the attack on Sony Online Entertainment servers" had not been known at the time. On May 14 various services began coming back online on a country-by-country basis, starting with North America. On May 23 Sony stated that the outage costs were $171 million.
CyberSecOp Becomes A CMMC Register Provider Organization
CyberSecOp is a leading Cybersecurity Services Provider offering a comprehensive portfolio of Cybersecurity Maturity Model Certification (CMMC) advisory services and cyber security solutions.
CyberSecOp is an CMMC Registered Provider Organization (RPO) listed on the CMMC-AB Marketplace. Our organization staff have passed the RP Exam, Background Check and signed the RPO agreement, indicating our commitment to comply with the CMMC-AB Code of Professional Conduct. CyberSecOp is also an ISO 27001-certified organization.
What are CMMC-AB, CMMC, and the Responsibility of the RPO Designation?
CMMC-AB authorizes RPOs to provide CMMC consulting services in support of government contractors, supply chain/DoD suppliers, and organizations seeking certification within the Defense Industrial Base (DIB).
The CMMC-AB is an independent accreditation body that manages the CMMC on behalf of the DoD. The CMMC framework is a set of mandatory cybersecurity requirements that all contractors within the DoD supply chain will be required to implement and, beginning this year, to have verified by an independent CMMC Third Party Assessment Organization (C3PAO). CMMC was created to address the ongoing theft of and unauthorized access to Controlled Unclassified Information (CUI) by foreign adversaries through the enforcement of good cyber hygiene and best practices.
It initially launched in June 2020 and formally announced in August 2020 that it was accepting applications for five types of credentialed roles within the CMMC ecosystem. These include the following:
· C3PAOs
· Certified Assessors (CAs)
· Certified Professionals (CPs)
· Licensed Partner Publishers (LPPs)
· Registered Practitioners (RPs)
· Registered Provider Organizations (RPOs)
The CMMC framework establishes five certification levels with a defined security posture or maturity level an organization must achieve, determined by the sensitivity of the information they handle. These are outlined below:
How can CyberSecOp help your organization with CMMC?
CyberSecOp has created a suite of advisory services to help organizations effectively plan and prepare for an official CMMC assessment: CMMC Consulting, CMMC Readiness, Assessments, CMMC-RPO, CMMC Gap Analysis, DFARS, ITAR, VCISO, MSSP, NIST 800 53, and NIST Cybersecurity Framework (CSF), NIST 800-171, Security Services.
CMMC Scoping Workshop – determine the type of data and the required CMMC maturity level needed. Identify how data is received, stored, shared and handled on all information systems.
CMMC Gap Analysis – identify discrepancies between current state and CMMC maturity levels as determined in the scoping workshop. The CMMC Gap Analysis will provide areas of weakness that need to be targeted to reach the desired maturity level.
CMMC Remediation Strategy –assist the organization with remediation efforts, including resolving discrepancies identified in the CMMC Gap Analysis and creating a strategic plan for remediation. This process may include security control testing, polices, procedures and plan creation to close all known gaps related to the desired maturity level.
VCISO (Virtual Chief Information Security Officer) – CyberSecOp provides a board-level security expert backed by a team of professionals to ensure continuous compliance and maintain the maturity level as threats, infrastructure and business objectives evolve. Services include the following.
Compliance Advisory Consulting Services
CMMC Readiness
Vulnerability and Penetration Testing Assessment
Ransomware Response
Forensic Analysis
24/7/365 Security Operations Center (SOC)
Cyber Security Consulting
CMMC Cybersecurity RP, RPO
Incident Response & Incident Management
Security Assessments
Security Awareness
Data Loss Prevention
About CyberSecOp
Cyber Security Operations Consulting (CyberSecOp) is an innovative cybersecurity firm, providing consultants and managed security services to empower businesses since 2001. Our IT & cybersecurity consulting services protect you from cyber criminals in myriad ways. From implementing individualized Cyber Security Programs, which include written Information Security Programs, Incident Response Policies and Plans, and Cybersecurity Assessments, to offering the best-in-class cybersecurity consulting, tools, and IT security solutions, we do it all.
CyberSecOp is an CMMC-AB RPO & ISO 27001 Certified Organization - join thousands of businesses by putting your security in our hands. For more information about CyberSecOp and CMMC, contact us at 866-973-2677, Sales@CyberSecOp.com or visit: www.CyberSecOp.com.
Holistic Ransomware Security Approach
Do you have a holistic approach for security against ransomware? To prevent events from escalating, consider immediate containment and expert remediation assistance. Ransomware attacks are rampant, and include hackers locking up computer systems and demanding a payment to unlock them. Ransomware has had devastating effects on our infrastructure and economy, impeded emergency responders, stalled tax payments and forced government offices back to pen-and-paper operations for weeks on end.
80% of those who paid their ransom were attacked again, and not even security firms are immune to these attacks.
What is Ransomware?
Ransomware is a form of malicious software (malware) that is designed to encrypt files on a device, making the files and the systems that rely on them unusable. Malicious actors then demand a ransom payment, usually in the form of cryptocurrency, in exchange for decryption. These malicious actors may also make extortion demands, by threating to release stolen data if a ransom is not paid, or may come back after the fact and demand an additional payment in order to prevent the release of stolen data.
Recent Breach of a Top Security Firm
Accenture, one of the largest security firms around, confirmed in August 2021 that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.
Previously, the cybersecurity firm FireEye had been the first call for help at government agencies and international companies who had been hacked by sophisticated attackers. Yet on Dec 8, 2020, FireEye announced it had been breached, and not just data but also some of its most valuable tools had been stolen.
Ransomware Impact
The impact of a successful ransomware deployment includes both technical and non-technical challenges, and can be crippling to business operations. Modern-day attackers have developed advanced techniques that now require a holistic security risk mitigation strategy, inclusive from the board to technical practitioners.
The impact of ransomware can include:
· Temporary, and possibly permanent, loss of your company's data
· A complete shutdown of your company's operations
· Financial loss as a result of revenue-generating operations being shut down
· Financial loss associated with the cost of remediation efforts
· Permanent damage to your company's reputation
How Can CyberSecOp Help Your Organization?
Holistic Security Risk Mitigation Strategy
A holistic approach to cybersecurity can address the following components and their implications for governance, organizational structures, and processes. Our holistic security program includes a risk management program, which provides an accurate overview of the risk landscape and governing principles that ensure accurate risk reporting. We address:
Assets: Clearly defining critical assets
Controls: Differentiated controls to balance security with agility
Processes: State-of-the-art and fully tested procedures for optimal security and remediation
Organization: Bringing the right skills, most efficient decision making, and effective enterprise-wide cooperation into your organization
Governance: Investments in operational resilience, prioritized based on deep transparency into cyber risks including third parties and vendors, covering of the whole value chain
Patches: Keeping your network up to date with the latest software patches
Software Mitigations: Using robust antivirus and firewall protections in your network
Backups: Backing up data securely and separately from your network, and routinely testing restoring from backups
Incident Response Services
Scoping and Investigation
The CyberSecOp Incident Response (IR) Team conducts forensic analysis to identify root causes and ensure rapid containment of ongoing attacks. This swiftness to action helps prevent escalation.
Services and Expert Guidance
CyberSecOp IR Team remediates issues throughout the network and implements updates to configurations, architecture, and tooling.
Advanced Threat Analysis
The CyberSecOp Team conducts in-depth investigations including root cause analysis, malware reverse engineering and comprehensive incident reporting.
How Does Ransomware Infect my Network?
Ransomware, like other forms of malware, seeks to take advantage of poor security practices employed by employees and system administrators. According to the Internet Crime Complaint Center (IC3) the most common methods of infection are:
Email Phishing: This social engineering attack vector occurs when a cyber-criminal sends an email which appears to be legitimate, but in fact contains a link to a malicious website or document with a malicious script, which then infects the recipient’s computer and associated network.
Remote Desktop Protocol (RDP) Vulnerabilities: RDP is a type of software that allows individuals to control the resources of another computer over the internet. RDP is commonly used by employees working remotely and by system administrators to manage computers from a distance.
Software Vulnerabilities: These vulnerabilities are flaws in the code of a piece of software (like Microsoft Word) that can be exploited by threat actors to gain control of a system to deploy malware. A common example would be “macros” that get installed within Microsoft Word or Microsoft Excel that lead to infection.
Best Practices and remedial measures
Users and administrators are advised to take the following preventive measures to protect their computer networks from ransomware infection/ attacks:
Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
Check regularly for the integrity of the information stored in the databases.
Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)
Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems
Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.
Application white listing/Strict implementation of Software Restriction Policies (SRP)to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.
Maintain updated Antivirus software on all systems
Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser
Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.
Network segmentation and segregation into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.
Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
Disable remote Desktop Connections, employ least-privileged accounts. Limit users who can log in using Remote Desktop, set an account lockout policy. Ensure proper RDP logging and configuration.
Restrict access using firewalls and allow only to selected remote endpoints, VPN may also be used with dedicated pool for RDP access
Use strong authentication protocol, such as Network Level Authentication (NLA) in Windows.
Additional Security measures that may be considered are
Use RDP Gateways for better management
Change the listening port for Remote Desktop
Tunnel Remote Desktop connections through IPSec or SSH
Two-factor authentication may also be considered for highly critical systems
If not required consider disabling, PowerShell / windows script hosting.
Restrict users' abilities (permissions) to install and run unwanted software applications.
Enable personal firewalls on workstations.
Implement strict External Device (USB drive) usage policy.
Employ data-at-rest and data-in-transit encryption.
Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf
Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.
Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies
Our IT & cybersecurity consulting service protects you from cyber criminals in myriad ways. From implementing a cybersecurity program, which include a written information security program and cybersecurity assessment, to purchasing our best-in-class cybersecurity consulting and IT security solutions, engaging with CyberSecOp will lead you in the right direction towards an enhanced security stance. CyberSecOp is an ISO 27001 Certification Organization - join thousands of businesses by putting your security in our hands.
Microsoft Warns of Sneaky Phishing Campaign
Microsoft's Security Intelligence team sounds the alarm on a sneaky phishing email campaign with fake sender addresses. The phishing email also cleverly employs various detection evasion techniques to trick most automated filters and users in its attempt to garner Microsoft Office 365 credentials.
The alert was sent after observing an active campaign that was zoning in on Office 365 organizations with convincing emails.
In a statement by Microsoft, "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters."
Microsoft notes that this campaign is sneakier than usual due to the convincing Microsoft logos with the link posing as a 'file share' request to access bogus reports. However, the main phishing URL relies on a Google storage resource that takes the victim to the Google App Engine domain Appspot. This results in hiding a second URL that directs the victim to a compromised SharePoint site, and thus allowing the attack to bypass sandboxes.
Researchers at Microsoft have published details
Accounting to the FBI
According to the FBI's latest figures, phishing attacks have cost Americans more than $4.2 billion last year. Fraudsters employ business email compromise (BEC) attacks, which rely on compromised email accounts or email addresses that are similar to legitimate ones and are difficult to filter as they blend within normal, expected traffic. BEC attacks are far more costly than high-profile ransomware attacks.
What you need to know about CMMC Compliance
What is CMMC?
In the face of unacceptable risks to the Controlled Unclassified Information that resides on its contractors' systems, the Pentagon introduced the CMMC standards to ensure that the companies it does business with, adhere to an appropriate level of cybersecurity protections.
The United States Department of Defense is implementing the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity preparedness across the federal government’s defense industrial base (DIB). This piece will cover the concept of a maturity model in the context of cybersecurity, key depictions of the DIB, the anatomy of CMMC levels, and how CyberSecOp can fast-track CMMC certification with our CMMC Compliance services.
CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.
A CUI registry provides information on the specific categories and subcategories of information that the Executive branch protects.
What are CMMC protected data
Natural and Cultural Resources
NATO
Nuclear
Privacy
Procurement and Acquisition
Proprietary Business Information
Provisional
Statistical
Critical Infrastructure
Defense
Export Control
Financial
Immigration
Intelligence
International Agreements
Law Enforcement
Legal
Why was CMMC created?
Department Of Defence Create Cybersecurity Maturity Model Certification (CMMC Guidelines
In the face of unacceptable risks to the Controlled Unclassified Information that resides on its contractors' systems, the Pentagon introduced the CMMC standards to ensure that the companies it does business with, adhere to an appropriate level of cybersecurity protections
DOD is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity controls and processes are adequate and in place to protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.
How can my organization become CMMC certified?
Your organization will coordinate directly with an accredited and independent third party commercial certification organization to request and schedule your CMMC assessment. Your company will specify the level of the certification requested based on your company’s specific business requirements. Your company will be awarded certification at the appropriate CMMC level upon demonstrating the appropriate maturity in capabilities and organizational maturity to the satisfaction of the assessor and certifier.
How do I request certification assessment?
We call us for a fee consultation, we provide 3rd party CMMC assessment and certification.
I am a subcontractor on a DoD contract. Do I need to be certified?
Yes, all companies doing business with the Department of Defense will need to obtain CMMC.
How often does my Organization need to be reassessed? The duration of a certification is still under consideration.
What are the CMMC Levels?
CMMC Level 1
Process: At this level, practices are performed in an ad-hoc manner so there is no process requirement.
Practice: It addresses protection of FCI and 17 practices are required for the basic safeguarding requirements specified in 48 CFR 52.204.21.
CMMC Level 2
Process: Policy and documentation of practice are required to develop mature capabilities and achieve process Level 2.
Practice: Progression from Level 2 to Level 3. The majority of practices (65 of 72) comes from NIST SP 800-171 and new 7 practices from other standards are added to Level 2, such as audit log review, event detection/reporting, analyzing triaging events, incident response, Incident RCA (root cause analysis), regular data backup and testing, and encrypted session for device mgmt..
CMMC Level 3
Process: Not just policy and documentation of practices, a plan is required to demonstrate management of practice implementation activities. The plan needs to address missions, goals, project plans, resourcing, required training and involvement of stakeholders.
Practice: All 110 control requirements of NIST SP 800-171 are required for this level. In addition, 13 new practices from other standards are added to Level 3, such as defining procedures of CUI data handling, collecting audit info into central repositories, regular data backups, periodical risk assessment, risk mitigation plan, separate management of non-vendor-supported products, security assessment of enterprise software, cyber threat intel response plan, DNS filtering, restriction of CUI publication, spam protection mechanisms, email forgery protections, and sandboxing.
CMMC Level 4
Process: Practices are reviewed and measured for effectiveness. In addition, correct actions when necessary and communication to higher level mgmt. on a recurring basis are required.
Practice: In order to protect CUI from APTs, 26 practices enhance the detection and response capabilities to address and adapt to TTPs used by APTs.
CMMC Level 5
Process: Process standardization and optimization.
Practice: The additional 15 practices increase the depth and sophistication of cybersecurity capabilities.
Why Supply Chain Attacks Keep Happening, and How
Authored by Alison Stuart, Sales Lead at CyberSecOp
What Is a Supply Chain Attack?
Supply chain attacks have crept to the top of the cybersecurity agenda after hackers alleged to be operating at the Russian government’s direction tampered with a network monitoring tool built by Texas software firm SolarWinds (CNBC), costing the company $18 million in the first three months of 2021.
The hackers used a supply chain attack to insert malicious code into the Orion system. A supply chain attack works by targeting a third party with access to an organization's systems rather than trying to hack the networks directly. The third-party software, in this case, the SolarWinds Orion Platform, creates a backdoor through which hackers can access and impersonate users and accounts of victim organizations. The malware could also access system files and blend in with legitimate SolarWinds activity without detection, even by antivirus software. SolarWinds was a perfect target for this kind of supply chain attack. Because their Orion software is used by many multinational companies and government agencies, all the hackers had to do was install the malicious code into a new batch of software distributed by SolarWinds as an update or patch. (WhatIs.com)
Why Do Supply Chain Attacks Keep Happening, and How?
The short answer: ensuring the security of every single third-party vendor you interact with is complicated. Even if you require that your vendors are certified to be meeting some particular security standard such as NIST 800-171, that’s no guarantee that they can’t be compromised.
Why Does It Matter If My Vendors Are Secure, As Long As I Am?
Let’s look at what happened to Target. Target was pretty secure, but their HVAC supplier, Fazio Mechanical Services, was not. In 2013, Target was breached through the credentials hackers acquired from Fazio Mechanical Services, and malware was deployed to Target’s point of sale (POS) systems. Those systems collected credit card data from over 40 million shoppers who had visited Target stores during the 2013 holiday season. (NBC)
So How Did the Breach Impact the Company?
Not only did Target’s CEO, Gregg Steinhafle, step down within 6 months, but the company reported a 46% drop in profits in the fourth quarter of 2013 compared with the year before. (New York Times) Target spent 100 million dollars upgrading their payment terminals to support Chip-and-PIN enabled cards in response to the attack. Theoretically, that should protect them from future such incidents, right? Wrong. The number of customer cards that Chip-and-PIN-enabled terminals would have been able to stop the bad guys from stealing had Target put the technology in place prior to the breach is 0. Without end-to-end card data encryption, the card numbers and expiration dates can still be stolen and used in online transactions. (Krebs On Security)
Isn’t this Mostly Ancient History?
The Kaseya breach on July 2nd, 2021, left the private sector reeling most recently. A successful ransomware attack on a single company had spread to at least 200 organizations that the company provided software to (and likely far more, according to cybersecurity firm Huntress Labs). That number made it one of the single most enormous criminal ransomware sprees in history. Kaseya announced Friday afternoon (Kaseya) that it was attacked by hackers and warned all its customers to stop using its service immediately. Nearly 40 of its customers were already confirmed to have been hacked as of the evening of the press release.
Protecting your customers from potentially unsafe vendors is essential:
Research shows that 2017 alone saw a 200% increase in supply chain attacks (DarkReading), and 56% of surveyed organizations had experienced a breach caused by one of their vendors. In Q1 of this year, The Identity Theft Resource Center (ITRC) said 137 organizations reported being hit by supply chain cyber-attacks at 27 different third-party vendors. The ITRC also indicated that the attacks in Q1 have affected seven million people. Data breaches included high-profile cyber attacks on IT provider Accellion’s File Transfer Appliance (FTA), which impacted organizations including Shell, the Reserve Bank of New Zealand, Bombardier, and Kroger.
So How Can You Protect Your Company?
The easiest way to protect your company is to ensure you have an active vendor management program. CyberSecOp offers this service to companies of all sizes - contact us now to learn more or explore our Vendor Risk Management Services.