5 Critical Steps to Recover From a Ransomware Attack

The Hacker News published a short manual on essential steps for recovery after ransomware attack.

Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities.

A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Ventures predicts that a ransomware attack will occur every 11 seconds in 2021.

Read further on The Hacker News


DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months

The Hacker News reported on ransomeware campaign of DarkSide.

"In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. "According to DarkTracer, 99 organisations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million."

Read further on the Hacker News


Global Phishing Attacks Spawn Three New Malware Strains

The Threat Post reported on large scale phishing attack.

Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team.

On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains  Doubledrag, Doubledrop, and Doubleback. What Mandiant called the “trifecta” spear-phishing campaign twice hit a wide swath of industries worldwide: first on Dec. 2, 2020, with a second wave launched between Dec. 11 and Dec. 18, 2020.

Read further on The Threat Post


3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

The Hacker News informed that SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild.

Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on an internet-accessible system within a customer's environment that had SonicWall's Email Security (ES) application running on a Windows Server 2012 installation. A third flaw (CVE-2021-20023) identified by FireEye was disclosed to SonicWall on April 6, 2021

Read more on The Hacker News


Trilight Security Featured among Top Cybersecurity Consulting Companies 2021 by Superbcompanies.com

Trilight Security is proud to announce that we were ranked in the list of top Cybersecurity Consulting Companies.

Superbcompanies.com is a portal that helps companies looking for IT, Cybersecurity, Software Development etc. service providers find reliable partner. To achieve this goal companies featured on Superbcompanies.com undergo thorough assessment based on such criteria as industry presence, expertise level, quality and reliability of services, and more.

Superbcompanies.com has more than 10 years of experience analyzing businesses and their qualification worldwide. Creating list of top providers of IT-related services, this portal helps potential customers make justified buying decisions.

Trilight Security was featured among Cybersecurity Consulting Companies due to recognition by existing customers and demonstrated ability to provide high-quality cybersecurity services such as Managed Security and more:

  • Penetration Testing
  • Vulnerability Analysis
  • Security Monitoring
  • Threat Analysis & Management
  • Incident Response
  • SOC-as-a-Service
  • Cybersecurity Audit
  • Cybersecurity Outsourcing & Outstaffing

Trilight Security is a Managed Security Services Provider (MSSP) with focus on customers from small and medium businesses. We also provide managed IT services and cloud services to have all IT assets of our customers running smoothly and protected reliably.

Thank you to the Superbcompanies team.


When security and resiliency converge: A CSO’s perspective on how security organizations can thrive

The Security Magazine published an article by John Scimone on perspectives for security organizations. 

You’ve just been hired to lead the security program of a prominent multinational organization. You’re provided a seasoned team and budget, but you can’t help looking around and asking yourself, “How will I possibly protect every asset of this company, every day, against every threat, globally?” After all, this is the expectation of most organizations, their customers and shareholders, as well as regulators and lawmakers. In my experience, one of the top challenges security leaders face is trying to optimize a modest security budget to protect a highly complex and ever-expanding organizational attack surface. In fact, Accenture found that 69% of security professionals say staying ahead of attackers is a constant battle and the cost is unsustainable. For most, this challenge is extremely discouraging. However, success is not necessarily promised to those with resources – it’s more about how resourceful you can be.

Read further on the Security Magazine


How to Choose MSSP?

When you decide to find a Managed Security Services Provider (MSSP) which will meet your technological needs and business requirements, the most important thing is to develop a list of criteria to make a proper selection. MSSPs come to stay with you for a long period of time so you should better minimize the number of known unknowns to avoid risks and build successful partnership.

To find a good fit among various MSSPs pay attention to the following:

References

Customer references will always be the ultimate measure for B2B solutions and services providers. The easiest way is to check whether online reviews of the company in question are available for you. Go to Clutch, GoodFirms, etc or at least use Google and you will definitely find enough pro (or contra) information.

Such references can give you rather realistic idea of how relations with MSSP will develop. In addition, there is always a chance to find some secondary technical or business details which might prove to be valuable exactly for you.

The more sources offer references about your potential partner the better it is for you.

Internal Security

As we all know by now, even cybersecurity companies have no guarantee against cyber attacks. Attacking cybersecurity vendor or service provider may open backdoors to IT assets of dozens and hundreds of their customers. So, a mandatory requirement to every cybersecurity company, including but not limited to MSSPs, is that they have an extremely reliable internal cybersecurity program.

Just get clear and concise answers from MSSP to such questions as where your data will be stored, what kind of encryption is used and what backup and restore policy/solutions are used by MSSP itself and for its customers. As you are going to have nearly the same level of security for your data with this provider.

When MSSP has respective certification, such as ISO 27001, is a very good sign. However, as a rule, they are not mandatory for MSSPs and quite expensive to get. For these reasons they are usually obtained by large MSSPs, but not mid-sized or small. With smaller MSSPs you should first check personal certificates of employees.

Certifications

Once again, MSSPs can have or can have no certifications from ISO or vendors. If they have, that’s great, but do not forget to check their authenticity at websites of issuing bodies. Just to make sure :).

This is a rare occasion that some unscrupulous group of people calling themselves MSSP will forge such certificates. Still, there is sense in going to vendors’ sites and checking existence of the partnership status in question.

As far as vendor partnership suggest partner agreements with certain obligations as to selling, MSSP will not necessarily have such statuses. Their managed security provision platforms for surely will be based on solutions and products by some vendors. But MSSP can very well just use them, not sell, as partnership suggests. How will you check credibility of MSSP in such a case? Again, go for personal certificates. All-in-all, it is the MSSP team that guarantees your security, and not simply a set of cybersecurity solutions.

Flexibility

MSSP will have its cybersecurity services platform based on carefully selected and integrated solutions. In most cases the customers will also have their cybersecurity solutions. Sometimes, MSSP might accept your solutions and integrate them into managed security services delivery process. This might simplify transition to partnership for you and increase ROI of your cybersecurity program.

In most cases it will be a preferred scenario for you as a customer, yet MSSP might decline your existing cybersecurity infrastructure because it is outdated compared to its platform, or its platform is perfectly sufficient for selected package of services and MSSP doesn't want additional efforts (and expenses for both of you). Sometimes, MSSP will suggest an alternative to cybersecurity solutions currently used by you. Anyway, if you already have implemented cybersecurity infrastructure, discuss its destiny with your potential managed security provider.

Feedback

When signing agreement with MSSP it must define, in addition to different SLA aspects, such thing as frequency of communications under normal conditions, when no attack is in progress or no incidents require immediate attention.

Always ask for clearly defined schedule of communications with MSSP. Those can be quarterly, monthly or weekly reports of number of vulnerabilities discovered and removed, incidents handled and so on, weekly video conferences with fixed duration, just to make sure that joint cybersecurity process goes on the way it has to.

Make sure that emergency communications are clearly defined as well, as this is what you are partnering with MSSP for. Readiness of MSSP to meet your expectations in this area will be a clear sign of smooth communications after the contract is signed.


How MSSP Will Close Gaps in Cybersecurity of Your Business?

Security gaps in any business or organization are most commonly caused by:

  1. Absent or insufficient cybersecurity personnel, thus unable to react or react timely on cybersecurity incidents and not available 24/7.
  2. Absent or insufficient cybersecurity solutions protecting your IT assets, leaving vulnerabilities not removed, threats not mitigates and incidents not even detected before it’s too late.
  3. Absent or insufficient processes to maintain cybersecurity at a proper level (awareness trainings etc).

All of these issues are addressed by partnership with MSSP:

  1. MSSPs will complement or fully replace the in-house cybersecurity team and in most cases, especially for SMB, the MSSP’s personnel will be better trained for mitigating cybersecurity threats in real-time mode. One more important thing it that MSSP can provide SOC services in 24/7/365 mode and they will be much more affordable than in-house team working in such mode.
  2. Collection of cybersecurity tools and solutions is in no way a guarantee for reliable protection. Those tools and solutions have to be properly set up, operated, maintained and, which is critically important, integrated. Data exchange and correlation have to be efficiently done. This is something not always found even in large corporations, to say nothing of SMBs. MSSPs, on the contrary, have their managed security platforms designed, implemented and operated in very high quality and up-to-date manner in most cases, which makes them efficient and adequate to modern cybercrime treats. And this cybersecurity infrastructure with guaranteed efficiency can be made available to customer at very reasonable cost. What’s important, the customers will not have to take care of or bear the costs of keeping this cybersecurity platform up-to-date.
  3. It’s important to understand that whether you have or have no partnership with MSSP, your personnel has to have proper training in cybersecurity for their usual operational and business activities. Phishing, malwares, ransomware, social engineering etc. But if something goes wrong and some employee makes a mistake or just gets mislead by some cunning attack, MSSP will greatly increase chances that no damage will be caused or it will be minimized to a tolerable level.

Security ratings could raise the bar on cyber hygiene, but won’t stop the next SolarWinds

SC Media discusses the plans to introduce ratings for security products.

Plans from the Biden administration to release product security rating system could raise the bar for security overall, say experts, but won’t likely prevent the next SolarWinds or Microsoft hacks.

In a briefing to reporters Friday, senior official compared the forthcoming rating system to the health and safety letter grades at restaurants. And it is a concept that the cybersecurity community has batted around for some time: place a label on the box that says a product is or is not secure, and let consumers create a market around security.

Read further on SC Media


Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

The Treat Post published a report on phishing attack targeting Microsoft users which leverages a bogus Google reCAPTCHA system.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies.

According to researchers, at least 2,500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. Google reCAPTCHA is a service that helps protect websites from spam and abuse, by using a Turing test to tell humans and bots apart (through asking a user to click on a fire hydrant out of a series of images, for instance).

Read further on The Treat Post