Category: Cyber Security

Determine whether external assets exist inside your organization and take measures to tighten control. 

For the first time, digital supply chain hacks pose a danger to the business continuity of massive organizations. 50-third parties carry out 60% of all cyberattacks, and digital supply chains represent the fastest-growing attack surface for most businesses. Enterprises must develop a proactive threat prevention approach and address vulnerabilities before catastrophic security breaches. 

You can’t defend what you can’t see; therefore, proactively investigate the environment. Locate and map all externally exposed assets, including those added via shadow IT solutions known, unknown, and orphaned. 

Consider the uncontrolled assets that make up your digital supply chain, regardless of how downstream they are. Evaluate whether external assets, if any, are susceptible, how they might be exploited, and the degree of the danger they offer. What was safe yesterday could no longer be safe tomorrow. 

A breach anywhere along the digital supply chain may quickly endanger services, users, customers, and your company’s reputation. Organizations must take a proactive approach to fix any external attack surface vulnerabilities. As part of any merger, acquisition, or divestment, it is essential to understand the risk signature of newly acquired or recently disposed digital assets. 

Source: https://www.darkreading.com/vulnerabilities-threats/how-to-keep-your-enterprise-safe-from-digital-supply-chain-attacks  

Ransomware attacks have exploded in the last year, with 25 percent of all data breaches incorporating ransomware components. According to Verizon, four out of five of these attacks originated from external cybercriminal gangs and threat organizations. With ransomware as a service (RaaS), extortion requires no expertise or effort. 

There are four distinct attack vectors, including exploiting stolen credentials, social engineering, and phishing. Locking down your organization’s external infrastructure may go a long way toward safeguarding it against ransomware. Training personnel to recognize phishing and exploits may save millions of dollars in breach recovery expenses in the future. 

  Source: https://www.darkreading.com/attacks-breaches/ransomware-alarming-growth-verizon-dbir  

The White House is pushing businesses to strengthen their defenses against hackers urgently. 

On March 16, 2022, hackers infiltrated national news broadcast on the television station Ukraine 24, presenting statements purporting to be from Ukrainian President Volodymyr Zelenskyy. By 2022, cyberattacks are predicted to cost companies and organizations $8 trillion, up from $6 trillion in 2021. Ransomware is the most danger facing the government sector, mainly targeting critical infrastructure. The White House Administration issued advisories recommending that businesses swiftly enhance their defenses against possible Russian cyberattacks at the end of March. Companies such as BIO-key International Inc. have said that they assist businesses in reducing cyber risk by offering front-line protection. Multi-factor authentication is capable of preventing up to 90% of intrusions such as ransomware.  

Source: https://www.benzinga.com/markets/emerging-markets/22/04/26779421/the-dark-threat-of-cyber-warfare-and-how-this-cybersecurity-company-aims-to-be-part-of-t  

Four Queensland sugar mills are excluded from the Security of Critical Infrastructure 2018 Act. 

Numerous industrial assets are vital under the Security of Critical Infrastructure 2018 Act. Fuel firms, data storage and processing companies, freight forwarding companies, banking, insurance, finance organizations, and food and grocery assets are included in this category. Domain name systems are considered vital since they address consumer inquiries for connections to internet protocol addresses. Four sugar mills in Queensland are expressly excluded from the legislation. 

Source: https://www.itnews.com.au/news/mandatory-cyber-security-incident-reporting-now-in-force-578641  

Ukraine’s senior cyber-security authorities claim they were informed of the possibility of an assault on the country’s electricity systems before Russia’s invasion. Hackers attempted to take down substations, resulting in blackouts for two million people. The malicious software employed in the assault is identical to that used by Russian hackers to create blackouts in Kyiv in the past. According to researchers, sandworm, a Russian military outfit, is believed to be responsible. Industroyer is the term given to the virus used in 2016 to shut down power substations in Kyiv temporarily. 

Sandworm is also suspected of being responsible for outages that impacted more than 200,000 houses in Ukraine the previous year. The United States has identified several guys it thinks are members of the Sandworm hacking organization, which the FBI seeks. 

Source: https://www.bbc.com/news/technology-61085480