Cybersecurity Blog: The Cyber Scene is evolving, are you?

Overview

On March 15 2018, the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint Technical Alert (TA) – TA18-074A providing information on Russian government actions targeting U.S. critical infrastructure organizations including energy, nuclear, water, aviation and critical manufacturing sectors. The TA includes the Indicators of Compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks.

Read more

WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware targeting Microsoft Windows operating system. On Friday May 12, 2017 a widespread attack using this ransomware was launched affecting IT organizations worldwide. The ransomware encrypts files changing the extensions to: .wnry, .wcry, .wncry and .wncrypt.  The malware then presents a window to the user with a ransom demand.

Read more

The remark “never a dull moment” is rarely an expression used to indicate joy.  Instead, it’s a semi-sarcastic way of lamenting unwelcome excitement.  While no one wants to have a boring job, spending one’s time fighting ransomware outbreaks that disrupt business operations and put one’s job at risk are not the kinds of exhilarating challenges that most Chief Information Security Officers (CISO) pine for.  The recent WannaCry outbreak has all the hallmarks of this unwelcome excitement.  The ransomware infects computers by exploiting a vulnerability that Microsoft patched two months ago.  It propagates through a network port that every enterprise should be locking down.  It exhibits malicious behavior that should be relatively easy to detect and mitigate.  By some accounts, it was arguably a poorly executed attack that did a mediocre job of accomplishing what appears to be its most important objective - extracting money from its victims. 

Read more

Technological advances notwithstanding, program security still comes down to one basic element: well written code.

Read more