What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-03 11:00:00 | Extended threat detection and response (XDR): Filling out cybersecurity gaps (lien direct) |
This blog was written by an independent guest blogger.
Image source
Business technology generally advances on a rapid basis, however, so do the cyberthreats that can endanger your security.
According to BusinessWire, more than half of enterprises believe that their security cannot keep up, and according to IBM News Room, more than half of organizations with cybersecurity incident response plans fail to test them.
Because of overloaded security teams, poor visibility, and threat alert overload due to the many implemented technologies in place to fight this, for many of these enterprises, the difficulty constantly grows when it comes to detecting and effectively responding to cyber threats.
What is XDR?
XDR can be defined as a cross-layered detection and response tool. In other words, it collects and then correlates data over a variety of security layers, such as endpoints, emails, servers, clouds, and networks.
What this means is that, rather than focusing on end-point detection alone, it can enable your security team to detect, investigate, and respond to threats across multiple layers of security, not just the end-point.
This is due to the fact that today’s cyber threats are extremely tricky and complex, to the point where they can hide throughout different layers within an organization.
If you were to use a sideload approach, through the usage of different technologies, simply cannot provide a contextual view of all of the threats across the environment, and as such, can slow down the detection, investigation, and response.
It allows for improved protection, detection, and response capabilities as well as improved productivity of the operational security personnel, with lower costs associated with owning it.
Image source
XDR features
XDR was designed to simplify the security visibility across an organization’s entire cyber architecture. In other words, to allow an organization to analyze all of the layers associated with their security, not just the end-point, through an |
Tool Threat Guideline | Wannacry | |
 |
2021-03-02 15:00:00 | Anomali Cyber Watch: APT Groups, Cobalt Strike, Russia, Malware, and More (lien direct) |
We are excited to announce Anomali Cyber Watch, your weekly intelligence digest. Replacing the Anomali Weekly Threat Briefing, Anomali Cyber Watch provides summaries of significant cybersecurity and threat intelligence events, analyst comments, and recommendations from Anomali Threat Research to increase situational awareness, and the associated tactics, techniques, and procedures (TTPs) to empower automated response actions proactively.
We hope you find this version informative and useful. If you haven’t already subscribed get signed up today so you can receive curated and summarized cybersecurity intelligence events weekly.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, Emotet, Go, Masslogger, Mustang Panda, OilRig, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
(published: February 26, 2021)
Recent reporting indicates that two prolific cybercrime threat groups, CARBON SPIDER and SPRITE SPIDER, have begun targeting ESXi, a hypervisor developed by VMWare to run and manage virtual machines. SPRITE SPIDER uses PyXie's LaZagne module to recover vCenter credentials stored in web browsers and runs Mimikatz to steal credentials from host memory. After authenticating to vCenter, SPRITE SPIDER enables ssh to permit persistent access to ESXi devices. In some cases, they also change the root account password or the host’s ssh keys. Before deploying Defray 777, SPRITE SPIDER’s ransomware of choice, they terminate running VMs to allow the ransomware to encrypt files associated with those VMs. CARBON SPIDER has traditionally targeted companies operating POS devices, with initial access being gained using low-volume phishing campaigns against this sector. But throughout 2020 they were observed shifting focus to “Big Game Hunting” with the introduction of the Darkside Ransomware. CARBON SPIDER gains access to ESXi servers using valid credentials and reportedly also logs in over ssh using the Plink utility to drop the Darkside
Recommendation: Both CARBON SPIDER and SPRITE SPIDER likely intend to use ransomware targeting ESXi to inflict greater harm – and hopefully realize larger profits – than traditional ransomware operations against Windows systems. Should these campaigns continue and prove to be profitable, we would expect more threat actors to imitate these activities.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Hidden Files and Directories - T1158 | [MITRE ATT&CK] Process Discovery - T1057 | [MITRE ATT&CK] File Deletion - T1107 | [MITRE ATT&CK] Remote Services - T1021 | [MITRE ATT&CK] Scheduled Transfer - T1029 | |
Ransomware Malware Threat | Wannacry Wannacry APT 29 APT 28 APT 31 APT 34 | |
 |
2021-02-28 20:05:19 | We are living in 1984 (ETERNALBLUE) (lien direct) | In the book 1984, the protagonist questions his sanity, because his memory differs from what appears to be everybody else's memory.The Party said that Oceania had never been in alliance with Eurasia. He, Winston Smith, knew that Oceania had been in alliance with Eurasia as short a time as four years ago. But where did that knowledge exist? Only in his own consciousness, which in any case must soon be annihilated. And if all others accepted the lie which the Party imposed-if all records told the same tale-then the lie passed into history and became truth. 'Who controls the past,' ran the Party slogan, 'controls the future: who controls the present controls the past.' And yet the past, though of its nature alterable, never had been altered. Whatever was true now was true from everlasting to everlasting. It was quite simple. All that was needed was an unending series of victories over your own memory. 'Reality control', they called it: in Newspeak, 'doublethink'.I know that EternalBlue didn't cause the Baltimore ransomware attack. When the attack happened, the entire cybersecurity community agreed that EternalBlue wasn't responsible.But this New York Times article said otherwise, blaming the Baltimore attack on EternalBlue. And there are hundreds of other news articles [eg] that agree, citing the New York Times. There are no news articles that dispute this.In a recent book, the author of that article admits it's not true, that EternalBlue didn't cause the ransomware to spread. But they defend themselves as it being essentially true, that EternalBlue is responsible for a lot of bad things, even if technically, not in this case. Such errors are justified, on the grounds they are generalizations and simplifications needed for the mass audience.So we are left with the situation Orwell describes: all records tell the same tale -- when the lie passes into history, it becomes the truth.Orwell continues:He wondered, as he had many times wondered before, whether he himself was a lunatic. Perhaps a lunatic was simply a minority of one. At one time it had been a sign of madness to believe that the earth goes round the sun; today, to believe that the past is inalterable. He might be ALONE in holding that belief, and if alone, then a lunatic. But the thought of being a lunatic did not greatly trouble him: the horror was that he might also be wrong.I'm definitely a lunatic, alone in my beliefs. I sure hope I'm not wrong. Update: Other lunatics document their struggles with Minitrue: When I was investigating the TJX breach, there were NYT articles citing unnamed sources that were made up & then outlets would publish citing the NYT. The TJX lawyers would require us to disprove the articles. Each time we would. It was maddening fighting lies for 8 months.— Nicholas J. Percoco (@c7five) March 1, 2021 |
Ransomware | NotPetya Wannacry APT 32 | |
 |
2021-02-18 15:01:22 | US charges North Korean hackers in relation to WannaCry, Sony Pictures attack, and an attempt to steal more than a billion dollars from banks (lien direct) | The United States Department of Justice has charged three North Korean computer programmers with a range of cyber attacks that made headlines around the world. Read more in my article on the Tripwire State of Security blog. | Wannacry | ||
 |
2021-02-18 11:10:00 | (Déjà vu) Two More Lazarus Group Members Indicted for North Korean Attacks (lien direct) | Sony Pictures, WannaCry and string of heists blamed on agents | Wannacry Wannacry APT 38 APT 28 | ★★★ | |
 |
2021-02-17 21:12:56 | U.S. Indicts North Korean Hackers in Theft of $200 Million (lien direct) | The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide. | Ransomware Hack | Wannacry Wannacry | |
 |
2021-02-04 02:20:16 | Why Human Error is #1 Cyber Security Threat to Businesses in 2021 (lien direct) | Phishing and Malware
Among the major cyber threats, the malware remains a significant danger. The 2017 WannaCry outbreak that cost businesses worldwide up to $4 billion is still in recent memory, and other new strains of malware are discovered on a daily basis.
Phishing has also seen a resurgence in the last few years, with many new scams being invented to take advantage of unsuspecting |
Malware Threat | Wannacry Wannacry | |
 |
2021-01-26 14:06:51 | Increase in Ransomware Attacks on Healthcare Industry (lien direct) | In 2017 the NHS fell victim to the WannaCry ransomware attack, causing severe disruption and causing the UK’s health service £92m. On top of that, 19,000 patient appointments were cancelled. The attack was launched with malicious code placed in commonly used software. As a result, health systems prompted a renewed focus on cyber defences. Especially, […] | Ransomware | Wannacry Wannacry | |
 |
2021-01-07 12:42:02 | L\'importance des mises à jour en matière de cybersécurité (lien direct) | Qu'on se le dise, les systèmes qui ne sont pas régulièrement mis à jour sont fortement exposés aux cyberattaques. Dans ce contexte, le ransomware WannaCry fait figure d'illustration parfaite de la vulnérabilité des postes. The post L'importance des mises à jour en matière de cybersécurité first appeared on UnderNews. | Ransomware | Wannacry Wannacry | |
 |
2020-10-28 16:00:20 | WannaCry: How the Widespread Ransomware Changed Cybersecurity (lien direct) | If I had polled cybersecurity experts on their way to work on May 12, 2017, most of them would have said they knew a major cybersecurity event loomed. Yet, on that day no one expected that they were walking into the perfect storm — in the form of WannaCry ransomware, the most damaging cyberattack to […] | Ransomware | Wannacry | |
 |
2020-08-04 17:33:26 | EU Applies First Ever Sanctions In Response To Cyber-Attacks (lien direct) | The EU has applied its first ever sanctions in retaliation for cyber-attacks carried out by state-backed Chinese, Russian and North Korean hackers over recent years. The bloc said it will impose a travel ban and asset freeze on six individuals and three entities in response to the Operation Cloud Hopper, WannaCry and NotPetya attacks, as well as an attempted breach of security … The ISBuzz Post: This Post EU Applies First Ever Sanctions In Response To Cyber-Attacks | NotPetya Wannacry | ||
|
2020-07-31 11:31:24 | EU imposes sanctions on North Korean, Chinese and Russian-backed cyberattackers (lien direct) | The European council announced today that it will impose “restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper’.” The measures will include a travel ban and asset freeze, and constitute the very first sanctions […] | NotPetya Wannacry | ||
|
2020-07-31 06:47:40 | EU sanctions hackers from China, Russia, North Korea who\'re wanted by the FBI (lien direct) | The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states.
The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and 'Operation Cloud |
NotPetya Wannacry | ||
|
2020-07-30 19:19:01 | EU sanctions for WannaCry, NotPetya, OPCW & Cloud Hopper attackers (lien direct) | Individuals and entities from North Korea, China and Russia, responsible for or involved in ‘WannaCry’, ‘NotPetya’, ‘Operation Cloud Hopper’ and the OPCW (Organisation for the Prohibition of Chemical Weapons) cyber attacks have been identified and received travel bans and an asset freeze in the first ever imposition of restrictive sanctions by the EU Council. EU persons and entities are also […] | NotPetya Wannacry | ||
 |
2020-07-28 13:38:33 | Kaspersky: North Korean hackers are behind the VHD ransomware (lien direct) | North Korean hackers return to actively deploying ransomware after the huge WannaCry debacle. | Ransomware | Wannacry | |
|
2020-07-10 07:27:19 | Pas de crise de la trentaine pour les ransomwares (lien direct) |  Trente ans après le premier ransomware[1], ce type de logiciels malveillants chiffrant les données de leurs victimes jusqu'à l'obtention d'une rançon a toujours le vent en poupe. En 2017, les ransomwares avaient fait la une de l'actualité cyber. En effet, mai 2017 fut marqué par WannaCry qui bouscula le monde entier et causa des pertes consolidées qui s'élèveraient à 4 milliards de dollars. Les entreprises ne s'étaient pas encore remises de cette méga attaque qu'un nouveau ransomware, NotPetya, frappait un mois plus tard, causant 10 milliards[2] de dollars de dommages. |
NotPetya Wannacry | ||
 |
2020-06-30 16:27:31 | Ransomware: Weapons of Mass Disruption (lien direct) |
May 12th 2020 marked the 3 year anniversary of the WannaCry ransomware attack. Estimated to have affected hundreds of thousands of endpoints across 150 countries all around the world, the total damages as a result of the WannaCry attack have reached up to 4 billion USD, according to some accounts. |
Ransomware | Wannacry | |
 |
2020-06-24 13:01:51 | 3 ans après, le spectre de NotPetya est toujours présent (lien direct) | Le nom de NotPetya est familier à toute personne intéressée par le sujet de la cybersécurité. NotPetya est désormais connue comme la 3èmecyberattaque mondiale, survenue en 2017, après les non moins célèbres Wannacry et Adylkuzz. Apparue le 27 juin 2017, NotPetya a été défini comme un ransomware - puisque demandant le paiement d'une rançon – mais d'un genre un peu nouveau puisqu'il agissait d'un malware destructeur de données – wiper - se propageant comme un ver informatique. NotPetya était surtout basé, comme (...) - Points de Vue | Ransomware Malware | NotPetya Wannacry | ★★★ |
|
2020-05-13 09:49:35 | “Anti-Ransomware Day” declared by Interpol (lien direct) | International crime-fighting organization INTERPOL has teamed up with cybersecurity firm Kaspersky to declare WannaCry’s third anniversary ‘Anti-Ransomware Day.’ bWannaCry, notorious as the largest ransomware epidemic in history, reached its peak on May 12, 2017. Recent research by Kaspersky confirms that three years on, WannaCry retains the dubious honor of being among the most prevalent ransomware […] | Ransomware | Wannacry | |
|
2020-05-13 02:35:07 | U.S Defence Warns of 3 New Malware Used by North Korean Hackers (lien direct) | Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers.
Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from |
Ransomware Malware | Wannacry | |
|
2020-05-12 16:36:18 | On the three-year anniversary of WannaCry, US exposes new North Korean malware (lien direct) | US cyber-security officials expose today three new North Korean malware strains named COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. | Malware | Wannacry | |
|
2020-05-12 13:08:58 | 30% des attaques visent les professionnels, Kaspersky et INTERPOL appellent les entreprises à se protéger (lien direct) |  A l'occasion de la date anniversaire de WannaCry – cyberattaque massive de 2017 – le leader mondial de la cybersécurité Kaspersky et l'organisation intergouvernementale INTERPOL s'associent pour appeler les professionnels à revoir leur stratégie de sauvegarde et de protection des données. Cette initiative s'inscrit dans le cadre des accords de partenariat conclus entre les deux […] |
Guideline | Wannacry | |
 |
2020-05-12 12:30:02 | WannaCryptor remains a global threat three years on (lien direct) | WannaCryptor is still alive and kicking, so much so that it sits atop the list of the most commonly detected ransomware families | Ransomware Threat | Wannacry | |
|
2020-05-05 08:21:21 | Quelles leçons tirer du virus ILOVEYOU vingt ans après ? (lien direct) | Alors que l'on fête les vingt ans du virus ILOVEYOU, qui avait infecté 10 % des ordinateurs connectés à travers le monde en se faisant passer pour une lettre d'amour, les cyberattaques sont plus sophistiquées et récurrentes que jamais. Luis Corrons, Security Evangelist chez Avast, revient sur le virus ILOVEYOU et analyse la situation actuelle : " Je pense que nous sommes plus susceptibles de voir une attaque similaire à WannaCry à l'avenir, qu'une ressemblant au virus ILOVEYOU. Aujourd'hui, les (...) - Points de Vue | Wannacry | ||
 |
2020-03-12 12:00:00 | A New Wormable Windows Vulnerability Has No Patch in Sight (lien direct) | The flaw has the potential to unleash the kind of attacks that allowed WannaCry and NotPetya to cripple business networks around the world. | Vulnerability | NotPetya Wannacry | |
 |
2020-02-24 23:30:00 | Ransomware contre la machine: comment les adversaires apprennent à perturber la production industrielle en le ciblant et en OT Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT (lien direct) |
Depuis au moins 2017, il y a eu une augmentation significative des divulgations publiques des incidents de ransomwares ayant un impact sur la production industrielle et les organisations d'infrastructures critiques.Des familles de ransomwares bien connues comme Wannacry,Lockergoga, Megacortex, Ryuk, Maze, et maintenant Snakehose (alias Snake / Ekans), ont des victimes de coûts dans une variété de verticales de l'industrie plusieurs millions de dollarsen rançon et en coûts de garantie.Ces incidents ont également entraîné des perturbations et des retards importants sur les processus physiques qui permettent aux organisations de produire et de fournir des biens et services.
tandis que beaucoup
Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE (a.k.a. Snake / Ekans), have cost victims across a variety of industry verticals many millions of dollars in ransom and collateral costs. These incidents have also resulted in significant disruptions and delays to the physical processes that enable organizations to produce and deliver goods and services. While lots |
Ransomware Industrial | Wannacry | ★★★ |
|
2020-01-30 13:54:30 | The NHS has only suffered six ransomware attacks since the WannaCry worm, investigation reveals (lien direct) | An investigation claims that the UK's National Health Service, which was hit hard by the notorious WannaCry worm in 2017, has seen a marked fall in ransomware attacks since. Read more in my article on the Tripwire State of Security blog. | Ransomware | Wannacry | |
 |
2019-12-19 18:03:33 | A decade in cybersecurity fails: the top breaches, threats, and \'whoopsies\' of the 2010s (lien direct) |
As the 2010s come to a close, we take a snarky walk down memory lane, listing the craziest, most impactful, or simply just awful cybersecurity fails of the decade.
Categories:
Awareness
Tags: ashley madisonashley madison hackBadRabbitcambridge analyticacryptolockercryptolocker ransomwareData privacyEdward Snowdenemotetexploitsfacebookhacktivismmat honanNotPetyaNSAnsa spyingnsa surveillanceNSA toolsplaystation breachplaystation hackransomwareryukRyuk ransomwaresecurity failsshadow brokerssocial mediasonysony pictures hacksurveillancetarget breachtarget hacktrickbottriple threatWannaCry
(Read more...)
|
NotPetya Wannacry | ||
|
2019-11-21 20:46:20 | Experts Comments On The News: French Hospital Hit By Ransomware Attack (lien direct) | You may have already spotted, but a ransomware attack has hit a French hospital crippling 6,000 computers; reminiscent of WannaCry, which hit the NHS in 2017. To prevent the infection spreading, the IT team opted to close down the systems and operate in 'degraded mode'. It is predicted it will take much of this week to … The ISBuzz Post: This Post Experts Comments On The News: French Hospital Hit By Ransomware Attack | Ransomware | Wannacry | |
|
2019-11-12 10:04:24 | 3 ans après, pourquoi Wannacry est-il toujours la bête noire des responsables informatiques ? (lien direct) |  Alors qu'un simple patch Windows suffit à protéger une machine, Wannacry un virus capable de paralyser l'activité complète d'une entreprise, fait toujours trembler les responsables informatiques. Mais pourquoi cette menace est-elle toujours aussi active plus de deux ans après son identification ? Explications. |
Wannacry | ||
|
2019-11-05 13:04:14 | Spanish companies hit by ransomware (lien direct) | Two major Spanish companies have been hit by ransomware today. Both infections occurred on the same day, sparking memories of the WannaCry outbreak. Spain was one of the first countries alongside the UK, where the WannaCry ransomware infections were spotted for the first time back on May 12, 2017. Affected at the time were Spanish newspaper […] | Ransomware | Wannacry | ★★★ |
|
2019-11-04 17:53:28 | Ransomware hits Spanish companies, sparking WannaCry panic (lien direct) | Two victims reported so far: IT consultancy firm Everis and leading radio network Cadena SER. | Ransomware Guideline | Wannacry | |
 |
2019-10-16 13:45:52 | De Sasser à WannaCry, ces menaces qui ont marqué les RSSI (lien direct) | En marge des Assises de la sécurité, deux RSSI reviennent sur les virus qui ont marqué l'exercice de leur fonction. De Sasser à WannaCry, regards croisés sur des évènements qui ont façonné la vision du risque cyber. | Wannacry | ||
 |
2019-09-27 09:33:26 | Emsisoft released a new free decryption tool for the Avest ransomware (lien direct) | Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days ago the researchers also released a free decryptor for the WannaCryFake ransomware. The Avest ransomware […] | Ransomware Tool | Wannacry | |
|
2019-09-26 07:01:34 | Emsisoft releases a free decryptor for the WannaCryFake ransomware (lien direct) | Researchers at Emsisoft security firm have released a new free decryption tool for the WannaCryFake ransomware. Good news for the vicitms of the WannaCryFake ransomware, researchers at Emsisoft have released a FREE decryption tool that will allow decrypting their data. WannaCryFake is a piece of ransomware that uses AES-256 to encrypt a victim's files. The […] | Ransomware Tool | Wannacry | |
 |
2019-09-25 15:05:01 | Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt (lien direct) | Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections. [...] | Ransomware | Wannacry | |
|
2019-09-19 15:54:03 | Les attaques ciblant les objets connectés et Windows SMB progressent en 2019 (lien direct) | Au premier semestre 2019, les attaques liées aux objets connectés et à SMB se sont multipliées. En témoigne un nouveau rapport publié par F-Secure sur les cyber menaces baptisé Attack Landscape H1 2019. Ce rapport décrit les cyber menaces guettant les objets connectés lorsqu'ils ne sont pas correctement sécurisés. Il évoque notamment la popularité persistante d'Eternal Blue et des exploits connexes, deux ans après WannaCry. Les honeypots de F-Secure - des serveurs destinés à piéger les pirates (...) - Malwares | Wannacry | ||
 |
2019-09-18 18:14:00 | WannaCry Detections At An All-Time High (lien direct) | More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns. | Malware | Wannacry | |
|
2019-09-18 15:24:54 | Sophos suit l\'évolution de WannaCry, du prédateur initial au récent vaccin à haut risque (lien direct) | Sophos vient de publier WannaCry Aftershock, un article sur le malware WannaCry, devenu tristement célèbre suite à l'attaque mondiale qui a débuté le 12 Mai 2017. La recherche effectuée par les SophosLabs montre que la menace WannaCry demeure endémique, avec des millions de tentatives d'infection arrêtées tous les mois et que, même si le malware d'origine n'a pas été mis à jour, plusieurs milliers de variantes éphémères courent toujours. La persistance de la menace WannaCry est en grande partie due à la (...) - Malwares | Malware | Wannacry | |
|
2019-09-18 13:00:00 | Does your government take cybersecurity seriously enough? (lien direct) |
Photo by Katie Moum on Unsplash
Cybercrime is global, but the response isn’t. Governments in the west are slowly waking up to the importance of cybersecurity, and are (equally slowly) helping businesses to safeguard data and home users to protect their homes from cyberattack.
Look outside Europe and the US, though, and the picture is radically different. African countries, in particular, are underprepared for the impact of cyberattacks, and lack the governmental expertise to deal with them.
This is an issue for citizens of these countries, but also for us in the west. Poorly prepared countries act as safe havens for cybercriminals, and hackers (some of them state-sponsored) can use these countries to stage cyberattacks that directly impact users in the west.
Cybercrime: a global view
Though you wouldn’t know it from the press coverage, large cyberattacks don’t just affect the west.
Africa, for instance, actually has a huge problem with cybercrime. Recent reports from Botswana, Zimbabwe and Mozambique show that companies are increasingly falling victim to cybercrime. The global WannaCry malware attack of May 2017 hit South Africa hard, and companies in that country typically lose R36 million when they fall victim to an attack.
This situation is mirrored across the global south. It is made worse by the fact that developing nations do not have governmental policies for dealing with cyberattacks. This makes companies and home users in these countries particularly vulnerable. It also means that hackers can route their activities through these countries, which have neither the technical nor the legal expertise to catch them, let alone punish them.
Though government policies on cybercrime vary widely across the globe, many of the largest attacks of recent years rely for their success on their global reach. The Mirai Botnet, for instance, managed to infect IoT devices across a huge range of territories and countries, and this global base made it incredibly difficult to stop. Attacks like this have made the IoT one of the largest concerns among security professionals today.
Given this context, it is time for governments – in all countries and at all levels – to do more when it comes to managing cyber risk.
Managing risk
The approach that governments take to dealing with cyber risk is a critical factor in the success of these programs. Too often, governments take a ‘hands off’ approach, issuing advice to citizens and businesses about how to avoid falling victim to an attack, and then expecting them to protect themselves.
This approach i |
Malware Vulnerability Threat Guideline | Wannacry | |
|
2019-09-13 20:16:20 | North Korean Hackers Behind WannaCry and Sony Hack Sanctioned by USA (lien direct) | The U.S. Treasury signed sanctions against three hacking groups actively engaged in cyber operations meant to bring financial assets to the government of North Korea.. [...] | Hack | Wannacry | |
|
2019-09-10 14:57:02 | Bluekeep bug exploit published by Metasplot Project. (lien direct) | Coders late last week publicly released a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft's Remote Desktop Protocol implementation. Designated as CVE-2019-0708, BlueKeep is a remote Windows kernel use-after-free vulnerability that could be used to create wormable attacks similar to the WannaCry ransomware incident of May 2017. Published on GitHub by […] | Vulnerability | Wannacry | |
|
2019-09-09 13:00:00 | Category 1 cyber threat for UK businesses (lien direct) |
Julia Solonina
Britain should be prepared for a Category 1 cyber security emergency, according to the National Cyber Security Centre (NCSC). This means that national security, the economy, and even the nation’s lives will be at risk. However, despite this harsh warning, UK businesses still aren’t taking proactive and potentially preventative action to stop these attacks from happening. So just where are UK businesses going wrong and can they turn things around before it’s too late?
How businesses have responded
Since Brexit was announced in June 2016, 53% of UK businesses have increased their cyber security, according to latest statistics. This is as a direct result of industry data being published which revealed that malware, phishing, and ransomware attacks will become the biggest threats once Britain leaves the EU. However, despite these efforts being made, figures reveal that British businesses have the smallest cyber security budget compared to any other country. They typically spend less than £900,000, whereas the average across the world is $1.46 million.
At risk of a Category 1 cyber attack
A Category 1 cyber attack is described by the NCSC as “A cyber attack which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.” To date, the UK has never witnessed such an attack. Although, one of the most severe attacks in recent times was the 2017 NHS cyber attack which was classed as a Category 2 due to there being no imminent threat to life.
The NCSC says that they typically prevent 10 cyber attacks from occurring on a daily basis. However, as the organization believes that hostility from neighbouring nations is what drives these attacks every single day, they say that it’s only a matter of time before a Category 1 attack launches the country into chaos. NCSC's CEO Ciaran Martin states that "I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a Category 1 attack."
UK businesses under attack
The UK government’s ‘Cyber Securi |
Ransomware Threat Guideline | Wannacry | |
|
2019-08-29 13:26:01 | Ransomware: +110% d\'échantillons en Q2 & WannaCry continue de faire des victimes (lien direct) |  Tous les trimestres, Kaspersky tire un bilan des faits marquants des 3 derniers mois en matière de cybersécurité. Les rapports sont basés sur l'analyse des menaces bloquées par les solutions technologiques Kaspersky ou identifiées par son équipe d'experts. |
Wannacry | ||
|
2019-08-22 13:13:01 | UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks (lien direct) | NCSC likens companies continuing to use Python 2 past its EOL to tempting another WannaCry or Equifax incident. | Wannacry Equifax | ||
 |
2019-08-07 14:23:02 | Businesses need to patch for BlueKeep to avoid another WannaCry (lien direct) | BitSight is sounding an alarm over the potential for patching to taper off, leaving legacy systems at risk for the potentially potent vulnerability. | Patching | Wannacry | |
|
2019-07-29 22:07:03 | No Jail Time for “WannaCry Hero” (lien direct) | Marcus Hutchins, the "accidental hero" who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday. | Ransomware Malware | Wannacry | |
|
2019-07-29 15:50:05 | A week in security (July 22 – 28) (lien direct) |
The latest cybersecurity news for the week of July 22–28. We look at Phobos ransomware, stalkerware's similarities to parental monitoring apps, and the investigation into Malaysian Airlines Flight 17.
Categories:
A week in security
Tags: a week in securityAdwCleanerAmazongBlueKeepcloud securityElasticsearchElectronic Privacy Information CenterFaceAppfacebookFederal Trade CommissionFlight 17FTCMalaysian AirlinesMarcus Hutchinsoffice 365online privacyparental monitoringparental monitoring appsPhobospre-installed softwareransomwareRing doorbellrussiarussian disinformationstalkerwareUS Federal Trade CommissionWannaCryweek in security
(Read more...)
|
Wannacry | ||
|
2019-07-27 13:00:00 | WannaCry Hero Marcus Hutchins Won\'t Go to Jail for Old Hacking Crimes (lien direct) | Russian election hacks, Amazon's police partnerships, and more security news this week. | Wannacry | ★★★ | |
|
2019-07-26 17:36:00 | Marcus \'MalwareTech\' Hutchins gets no prison time, one year supervised release (lien direct) | US legal case against security researcher who helped stop WannaCry ransomware outbreak comes to an end. | Ransomware | Wannacry |
To see everything:
Our RSS (filtrered)
