Expert(s):
CISO and VP of Customer Success feature_status*/ ?>
AttackIQ

Comments Dotted : 5
June 12, 2020

Knoxville, Tennessee Hit With Ransomware Attack – Expert Commentary
The best way to defend against ransomware is readiness and timely response.
State services (that state governments heavily rely on to generate revenue) have been largely shut down for roughly a quarter due to the COVID-19 pandemic, and a ransomware attack like the one impacting Knoxville is just another setback in reopening, causing further financial damage. Cybercriminals tend to target organizations that require the least effort to hack for maximum profit, and state and local governments usually fit the bill. These smaller government agencies often chug along old.....Read More
State services (that state governments heavily rely on to generate revenue) have been largely shut down for roughly a quarter due to the COVID-19 pandemic, and a ransomware attack like the one impacting Knoxville is just another setback in reopening, causing further financial damage. Cybercriminals tend to target organizations that require the least effort to hack for maximum profit, and state and local governments usually fit the bill. These smaller government agencies often chug along old legacy infrastructure, and that old legacy infrastructure is easy for bad actors to exploit. Furthermore, many government agencies are now providing their services online to maximize efficiency, so citizens can conveniently pay off their parking tickets and taxes or even manage their motorist licenses online. However, most government entities are faced with limited IT resources, budget constraints, and internal personnel may not have the expertise to operate new technology efficiently, let alone ensure its security. Therefore, most of the workload gets outsourced to third parties. That said, not all third-party contractors are created equal when it comes to security. For a government agency, the strength of cybersecurity is only as good as the security of the contractors they select, and many do not leverage advanced (and therefore more expensive) tools available, thereby introducing additional risk. Ransomware is a tremendously growing threat with more powerful variants and strains that are constantly emerging. And there are more capabilities for it to be remotely (and confidentially) managed. Government organizations must steer away from solely reacting to cyberattacks as they happen and instead take a more proactive approach to security. The best way to defend against ransomware is readiness and timely response. Cyber threat intelligence should inform what methods a modern ransomware would take and if your organization has a credible defense investment. Organizations must have a comprehensive network segmentation strategy in place to quarantine an outbreak to a localized facility or business unit. Additionally, government agencies and all other organizations should employ modern solutions that allow security teams to continuously test the effectiveness of their security controls, as well as exercise an incident response plan that can be emulated when a real threat occurs.  Read Less
June 11, 2020

Experts Insight On Honda Confirms Its Network Has Been Hit By Cyberattack
One department getting hit with ransomware should not impact other core business processes.
It appears Honda has suffered a business crippling SNAKE ransomware attack. The international automotive giant was also impacted by WannaCry in 2017. It’s concerning that Honda seems to not have made significant changes to their security program to address like threats – SNAKE and WannaCry share some principles of effects. This strain of ransomware doesn’t steal data, so Honda customer information likely isn’t at risk, but given Honda’s financial presence, they will likely pay a.....Read More
It appears Honda has suffered a business crippling SNAKE ransomware attack. The international automotive giant was also impacted by WannaCry in 2017. It’s concerning that Honda seems to not have made significant changes to their security program to address like threats – SNAKE and WannaCry share some principles of effects. This strain of ransomware doesn’t steal data, so Honda customer information likely isn’t at risk, but given Honda’s financial presence, they will likely pay a hefty ransom letter or hire a third-party incident response team to help with the cleanup. The fact that the ransomware affected global operations, inclusive of factory operations, is an indicator their network may not be segmented and isolated in a way to prevent “jumps” between different business functions. For example, manufacturing organizations usually isolate the technology systems that build stuff to protect them from attacks like this. One department getting hit with ransomware should not impact other core business processes. Ransomware is a tremendously growing threat. More powerful variants and strains are constantly emerging, and there are more capabilities for it to be remotely (and confidentially) managed. The best way to defend against ransomware is readiness and timely response. The role of the cyber threat intelligence should inform what methods a modern ransomware would take and if your company has a credible defense investment. Enterprises must have a comprehensive network segmentation strategy in place to quarantine an outbreak to a localized facility or business unit. Additionally, organizations should employ advanced solutions that allow security teams to continuously test the effectiveness of their company’s security controls (do I have a credible defense), as well as exercise an incident response plan that can be emulated when a real threat occurs (could I respond and stop this in a timely matter?). Not adopting a more proactive approach to security means organizations are just upping their cyber insurance policies and suffering the business impact and reputation damage—but that’s also changing. Cyber insurers are getting wise and increasing premiums for organizations with immature security postures or are stipulating expectations of certain security capabilities be in place. If companies claim to have a defense, but it does not work, they may not be covered.  Read Less
January 10, 2020

EXPERT COMMENTS: Iranian Hackers Have Been ‘Password-Spraying’ US Electric Utilities
Iran has a well-funded and state-supported offensive cyber capability.
Cyber attacks are commonly used in warfare today as they are cheaper and easier than any other kind of army to raise. Iran has a well-funded and state-supported offensive cyber capability, and this malware incident will likely be followed by other attacks. We have witnessed over the past five years an increase of state-sponsored attacks directed at “civilian,” or commercial, organizations as methods to achieve secondary access or other goals. Unfortunately, the use of cyber attacks is now a .....Read More
Cyber attacks are commonly used in warfare today as they are cheaper and easier than any other kind of army to raise. Iran has a well-funded and state-supported offensive cyber capability, and this malware incident will likely be followed by other attacks. We have witnessed over the past five years an increase of state-sponsored attacks directed at “civilian,” or commercial, organizations as methods to achieve secondary access or other goals. Unfortunately, the use of cyber attacks is now a doctrinal norm and organizations must ensure they are prepared to defend themselves and not collateral damage. To protect their networks and consumer data, companies must understand the methods of these types of threats and continuously test the efficacy of their security controls to ensure what they believe to be their security posture is actually true and they’re adequately defended.  Read Less
November 22, 2019

Experts Comments On Macy’s Customer Payment Info Stolen In Magecart Breach
Companies should proactively test and evaluate their cybersecurity posture to find vulnerabilities and remediate them.
Consumers trust companies to keep their data secure and with the holiday season around the corner, this is at the top of mind. Cybercriminals are continuously looking for gaps in security defenses and vulnerabilities to turn a quick profit. In this incident, valuable financial information was stolen including credit card numbers, security codes and expiration dates. During peak holiday shopping season, it is imperative companies continuously validate their security controls to make sure they.....Read More
Consumers trust companies to keep their data secure and with the holiday season around the corner, this is at the top of mind. Cybercriminals are continuously looking for gaps in security defenses and vulnerabilities to turn a quick profit. In this incident, valuable financial information was stolen including credit card numbers, security codes and expiration dates. During peak holiday shopping season, it is imperative companies continuously validate their security controls to make sure they are enabled, configured correctly and operating effectively. What’s more, companies should proactively test and evaluate their cybersecurity posture to find vulnerabilities and remediate them before they can be exploited by bad actors.  Read Less
July 29, 2019

Experts Commentary On Equifax Settlement
They spent $250 million on cybersecurity investments—yet still suffered one of the worst data breaches of all time.
The Equifax 2017 breach was articulated as a ‘failure to patch’ but the reality is the security failures were far more broad. Poor IT governance, vulnerability discovery, application architecture, identity and privileged access management and other factors led to 147 million consumers’ highly sensitive records being exfiltrated. Because the company was not practicing continuous monitoring of its IT environment combined with a failure to validate security controls on an ongoing basis,.....Read More
The Equifax 2017 breach was articulated as a ‘failure to patch’ but the reality is the security failures were far more broad. Poor IT governance, vulnerability discovery, application architecture, identity and privileged access management and other factors led to 147 million consumers’ highly sensitive records being exfiltrated. Because the company was not practicing continuous monitoring of its IT environment combined with a failure to validate security controls on an ongoing basis, hackers had access to its system for 76 days without detection. While part of the settlement requires Equifax to make changes to its business practice to strengthen security, simply investing in more cybersecurity tools is useless unless they can be sure that those tools are effective. Case in point, Equifax shared that between 2014-2017, they spent $250 million on cybersecurity investments—yet still suffered one of the worst data breaches of all time. The cost to validate security controls is noncomparable to the cost of a data breach, including fines under GDPR, the cost of cleanup and incident response, the cost of reparations for customers exposed, and litigations that could very well be in the hundreds of millions. Last week British Airways was fined $230 million showing that EU data watchdogs are cracking down on organizations that have exposed EU citizens’ data. To avoid similar repercussions, organizations must continuously test the efficacy of their security controls to ensure they are working as expected and must continuously analyze the security of their environments to identify and remediate weaknesses. The threat landscape is evolving constantly and as companies make changes to their IT environments, they can be secure one day and extremely vulnerable the next.  Read Less