Network Security News | Ingalls Information Security

Articles of interest from the week of January 6, 2020

Written by John Frasier | Jan 6, 2020 5:00:00 AM

FBI Warns of Maze Ransomware Focusing on U.S. Companies

Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first. (BleepingComputer) Ingalls: Ransomware has become a serious threat to businesses of all sizes and industries, and traditional security practices are no longer strong enough to protect your business: early detection and response is key. Are you prepared to defend against ransomware?

 

Microsoft Phishing Scam Exploits Iran Cyberattack Scare

An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials. (By Lawrence Abrams, Bleeping ComputerIngalls: Your organization's security is only as strong as your employees' awareness. Strengthen your defenses against social engineering attacks with our specialized training and testing programs.

 

Iran Cyberattack Warning Update: U.S. CISA Offers Cybersecurity Guidance

How could Iran potentially launch cyberattacks vs. the United Stated & related infrastructure? CISA Insights guide from U.S. Department of Homeland Security offers guidance for MSPs & MSSPs. (By Joe Panettieri, MSSP Alert) Ingalls: Having spent the last decade in war rooms and boardrooms investigating attacks by criminals and nation-state sponsored hackers, our team understands how to prevent and respond to cyber attacks. Even with the best controls in place, a security incident can still happen. In fact, when we talk in terms of incident response, it may not necessarily refer to a breach, but an attempted breach. Regardless, whatever is responsible for triggering a response, our team of experts has the experience to resolve cyber attacks quickly and discreetly in order to get you back to normal as fast as possible. 

 

How to Create an Incident Response Plan

The previous installment of this column discussed what to do when a cyberattack inevitably occurs, including how to react if a client’s organization (or a CPA’s own employer) lacks an incident response plan (IRP). It is never desirable to operate without an IRP, so this installment will discuss the best practices to reduce the financial and business impact of an attack to a level that will not threaten the viability of the organization. (By Steven Werthein, The CPA Journal) Ingalls: All organizations are at risk for a data breach, no matter the size. The way you respond to the breach can be just as important as your security defenses. A thorough Incident Response Plan, created before a breach ever happens, can significantly reduce the negative impact of the breach. Read more about how to properly respond to a data breach here.

 

Patch or Perish: VPN Servers Hit by Ransomware Attackers

Stop me if you've heard this one before: Unpatched servers are getting hacked by malware-wielding attackers. Recently, that includes attackers hitting unpatched Pulse Secure VPN servers with Sodinokibi - aka REvil - ransomware, warns British security researcher Kevin Beaumont (@gossithedog). While fixes for the flaws have long been available, at least several thousand internet-connected servers remain unpatched, he says. (By Mathew J. Shwartz, Health Care Info Security) Ingalls: Enhancing your patch management process to include vulnerability scanning, a robust remediation workflow, and metrics-based decision support from data collection can do a lot more for your risk management than simply plugging holes whenever a software vendor produces a patch. In our downloadable “8 Effective Cybersecurity Controls For SMBs” guide we discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program. If your business or a client needs expert cybersecurity risk management that includes Vulnerability Lifecycle Management, please contact us today to schedule an engagement with Ingalls Information Security!