Cybercriminals and nation-states have doubled down and improved on popular attacks, targeting companies with double-extortion ransomware attacks, adopting various COVID-19-themed lures for phishing, and taking advantage of cybersecurity chaos following the move to remote work, according to three threat reports published last week. (By Robert Lemos, DarkReading) Ingalls: We understand cybersecurity attacks. Since 2010, we’ve been in war rooms and boardrooms, investigating computer networks targeted and attacked by criminals and nation-state sponsored hackers. This experience gives us a powerful edge. Please contact us today if you would like to speak to one of our cybersecurity experts about how we can help secure your company's information in a personalized and efficient way with our cybersecurity and Managed Detection and Response services.
Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of "active exploitation" of the vulnerabilities. (By Ravie Lakshmanan, The Hacker News) Ingalls: We released a cybersecurity advisory on this issue yesterday that contains our recommended actions plus links to additional resources.
The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning. The fresh version of Ryuk reads through infected devices’ Address Resolution Protocol (ARP) tables, which store the IP addresses and MAC addresses of any network devices that the machines communicate with. Then, according to ANSSI, it sends a “Wake-On-LAN” packet to each host, in order to wake up powered-off computers. (By: Tara Seals, Threatpost) Ingalls: The Emotet – TrickBot – Ryuk ransomware killchain is an advanced cybersecurity threat that organizations and Cybersecurity professionals face. Understanding the specific techniques, tactics, and procedures (TTPs) that the threat actors who use these tools employ can provide vital insight to protecting against and responding to incidents. In our research paper, we explore evidence collected and analysis performed during real-world incident response efforts led by Ingalls Information Security.
The global pandemic had a dramatic influence on the cybersecurity landscape in 2020. “Cybercrime is an established industry driven by innovation to find vulnerabilities that can be monetized. The high-risk threats from the report are those that had the highest impact which is one of the metrics used in calculating risk. Looking forward, we see that state-sponsored cybercrime is leading the way with immense resources and talent. In 2021 we expect more attacks to leverage supply chain techniques that make use of the tools and tactics discovered in the SolarWinds breach,” said the CTO of Cymulate. (By Help Net Security) Ingalls: Ingalls’ tailored Managed Detection and Response (MDR) and Cybersecurity Risk Management Services enable a defense-in-depth approach so organizations of all sizes can rest easier knowing their environments are safe from criminal threats. Defense-in-depth is our blueprint, we use next-generation antivirus (NGAV) that employs artificial intelligence and machine learning to monitor, detect, and respond to criminals’ tactics, techniques and procedures (TTPs). Our experienced analysts use multiple layers of customized and proprietary tools to provide context and actionable information, simplifying enhanced security so you can rest easier. Download our white paper to learn more about our defense-in-depth approach to information security through our Managed Detection and Response (MDR) services.
The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others, highlighted both the threat and sophistication of those realities. (By Chuck Brooks, Forbes) Ingalls: The SolarWinds Orion software compromise has grabbed headlines like few other cybersecurity events in history. It will rank as one of the most serious security breaches of all time, and be studied as an early example of a supply chain insertion attack, performed as part of nation-state cyber espionage. It could have been much worse. Click here to learn why software alone cannot effectively defend against cyberattacks.