News is surfacing about investigations and activities aimed at bringing down cyberattack and ransomware gangs. For example, Security Week reported on Oct. 22, 2021, that its team confirmed the Reuter’s report that a hack-back operation involving law enforcement from several countries led to the seizure of REvil ransomware gang servers. Security Week reports that threat hunters tracking ransomware operations confirmed the shutdown carried out by a foreign partner of the U.S. government.
Additionally, the U.S. Department of State announced on Nov. 4 that it’s offering a $10 million reward for information on DarkSide/BlackMatter ransomware group leaders. Additionally, the department is offering $5 million for information that leads to the arrest of any person attempting to participate in a DarkSide ransomware attack. DarkSide is the group responsible for the Colonial Pipeline ransomware attack
More cybersecurity news from the past month and action items include:
What you need to know about BlackMatter Ransomware
While investigators around the world work to identify the leaders and stop further attacks by DarkSide/BlackMatter, the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and NSA, issued an alert about BlackMatter ransomware. The alert provides information on the ransomware, obtained by analyzing a sample and from information from third parties. It also lists mitigations.
Action Items:
To reduce the threat of becoming a victim of BlackMatter ransomware:
- Implement detection signatures
- Use strong passwords
- Use multifactor authentication (MFA)
- Stay up to date with security patches
- Restrict administrative privileges
- Use a host-based firewall
- Use network segmentation
- Implement a tool that logs and reports all network traffic, including lateral movement
- Implement and enforce a strong backup and disaster recovery strategy
- See the complete alert.
The clock is ticking for federal agencies to patch known security flaws
CISA released a Binding Operational Directive (BOD) that includes a list of almost 300 known vulnerabilities that cybercriminals continue to exploit. The fact sheet with information on the directive points out that the Common Vulnerability Scoring System (CVSS) doesn’t always accurately represent the risk a CVE poses; some attacks exploit CVEs rated as low. Therefore, the agency changed its strategy to focus on CVEs that are exploited, regardless of their score.
Action items:
If you work with federal civilian agencies, refer to the list and ensure that they remediate any vulnerabilities, especially those on the BOD list.
Cyberattack activity is trending ahead of 2020
Hackmageddon has released the Q3 2021 Cyber Attack Statistics report. Data shows that the number of security incidents in the first nine months of 2021 is about 20 percent higher than the same period in 2020.
Malware is the top attack technique, and cybercrime is the leading motivation. Specific industries that experience the greatest number of attacks include health and social work, 13.4 percent; public administration, defense and social security, 12.7 percent; and finance and insurance, 6.3 percent.
Action items:
- Review your IT security strategy to ensure you are defending your business and your clients against current types of attacks.
- Deploy solutions to protect each part of the IT environment, from endpoints to networks and cloud and web applications.
- Help users in targeted industries protect their data and networks.
Microsoft is partnering with community colleges to help solve the security skills gap
Microsoft announced in October that it will partner with community colleges and provide free resources. In addition to diversifying the cybersecurity workforce, the plan aims to prepare 250,000 people to work in this space by 2025 and to fill some of the 464,200 jobs currently open.
See Microsoft’s blog on the topic to learn more.
For more security updates and insights, visit DevPro Journal’s Security resources page.
