ILTA’s LegalSEC Summit is two days all about security for legal. Our Mission: to deliver premier information security education focused on the information security challenges faced by the legal industry. We have two education tracks this year: Technical and Strategic + Half-Day Workshops on both days. #LegalSEC21 LegalSEC is designed for technology professionals at every …
One of the most curious elements of this year’s Verizon Data Breach Investigations Report (DBIR) was the inclusion of the new attack pattern “system intrusions.” Representatives from Verizon identified the category as a broad one that tends to include attacks with many steps, indicating significant lateral movement within the network. Research shows that many recent …
13 Lateral Movement Tactics Security Experts Should Recognize Read More »
Written by: Joseph R. Salazar, CISSP, CEH, EnCE – Ransomware attacks have evolved and grown in number. Traditional ransomware sought to spread and encrypt as many endpoints as possible, but Ransomware 2.0 attacks employ advanced methods or have a human controller directing their activities. These attacks spend much more time conducting discovery to identify business-critical assets for encryption. Because these assets are essential for business continuity and daily operations, the organization is more likely to pay to recover them instead of spending the money on endpoint systems they could re-image and recover. Attackers encrypting the entire Active Directory server infrastructure can demand much higher ransoms, and the organization must pay or else lose money, time, and resource attempting to restore operations. Additionally, these attackers often exfiltrate data and threaten to release it to induce ransom payment, often demanding a second ransom to prevent the release of the information.
At his six-month mark in office, President Biden is making the right moves to ensure the United States is safer in cyberspace, according to an overwhelming majority of cybersecurity experts we polled. Biden’s term has been marked by a string of cyber cataclysms starting with cleaning up the SolarWinds Russian espionage campaign, which was discovered …
The Cybersecurity 202: Cyber experts give Biden top marks at six months Read More »
It’s been quite a week when it comes to ransomware. The Kaseya attack has permeated the cybersecurity headlines across the pages of the Data Connectors Community Partners. The REvil ransomware group has gained a reputation for big cash sums and sweeping attacks – but where do they come from, and what are they looking to …
Vendor Partner Round-Up: REvil Reviled, Kaseya Attack Broken Down Read More »
Written by: Joseph Salazar, Technical Marketing Engineer – A significant reminder of the SolarWinds attack, attackers have once again targeted a trusted software vendor, this time Kaseya, to compromise hundreds of businesses and deploy ransomware. There are reports that the REvil ransomware group was behind this attack and that they have demanded $70 million to unlock the compromised systems. It is known to have affected over 1500 businesses using their on-premises software version. Many of these businesses use Managed Service Providers that the ransomware affected.
Tony Cole, CTO of Attivo Networks and a former executive at FireEye, McAfee, and Symantec, told ZDNet that there were a variety of reasons behind the recent spate of ransomware attacks. Enterprises have an over-reliance on vendors and in general, organizations continue to add digital tools to their operations which increases the complexity of work for cybersecurity officials.
Author: Venu Vissamsetty, V.P Security Research, Attivo Networks -The recent Hafnium attacks drew attention to several Microsoft Exchange Server vulnerabilities, but other groups are taking advantage of these to launch ransomware attacks. Attackers are targeting enterprises exploiting the four recent Microsoft Exchange Server vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) to deploy the DearCry ransomware. Post exploitation, attackers are moving inside the network by stealing privileged credentials from Active Directory to increase the number of systems where they deploy ransomware.
While cyberattacks targeting large corporations or government agencies tend to make splashy headlines, the truth is that many attackers are shifting their priorities to focus on small businesses. Unfortunately, these smaller businesses generally lack the resources and security capabilities of larger organizations. In fact, 83% of small business owners report handling cybersecurity matters themselves. Although …
Tips small businesses can use to strengthen their cyber health Read More »
Join us for a discussion and live demo where you will see how the Attivo Networks EDN solution presents a unique and fascinating way to disrupt ransomware’s ability to move laterally. You will also see how this solution prevents unauthorized access to data by concealing production files, folders, removable disks, network shares, and cloud storage. …
Deception and Defending Ransomware 2.0 Attacks with Attivo Networks Read More »
