You are here

Home » Cybersecurity

Cybersecurity

New Ransomware has Unpatched Exchange Servers Seeing (Epsilon) Red

Another exploitation opportunity is taking advantage of still unpatched on-premise Microsoft Exchange servers. Last week, Sophos discovered a new ransomware strain, calling itself Epsilon Red that was observed targeting a U.S.-based company in the hospitality sector. According to Sophos, it isn’t clear whether the attack was enabled by the ProxyLogon exploit or another vulnerability, but it seems likely that the root cause was an unpatched server.

OT Compromises – AEIOU (Actors Exploiting Infrastructure Often Unsophisticated)

A recent threat research post by Mandiant Threat Intelligence highlights the increasing frequency of OT compromises by low sophistication threat actors. The majority of these compromises occur due to insecure OT systems exposed to the internet. According to Mandiant’s report, the compromises appear to be driven by threat actors who are motivated to achieve ideological, egotistical, or financial objectives by taking advantage of an ample supply of internet-connected OT systems.

Basic (Cybersecurity) Doesn’t Mean Trivial, but it Does Mean Foundational

According to countless reports of risk assessments, vulnerability assessments, penetration tests, and disclosed incidents, organizations of all sizes and sectors are not doing well with basic cybersecurity. The reasons why (excuses) vary from entity to entity, but what shouldn’t be an excuse is cost. Cybersecurity doesn’t have to cost a lot of money. Granted, at some point you’ll want/need or have the budget for the next shiny thing, but that currently elusive shiny thing should not stop anyone from embracing a lot of the best practice guidance already out there – for no cost.

Executive Order 14028, Improving the Nation’s Cybersecurity in Small Manageable Chunks

Much has been said about the new Executive Order (EO 14028), Improving the Nation’s Cybersecurity, released earlier this month (covered in the Security & Resilience Update for May 13, 2021). And if you have had time to read the EO, then feel free to move to the next write-up. However, those of us who haven’t reviewed it and what it could mean beyond federal networks, may find a series by aDolus Inc.

Cybersecurity Resilience – Security Audits

We all dread them; we all need them – security audits. They can take multiple forms, but without security audits we are unable to measure cybersecurity improvements and many deficiencies may never be brought to light. Security audits involve evaluating or analyzing people, processes, and technology surrounding the security aspects of an organization. Likewise, as organizational networks and cyber threats are constantly changing, security audits should be performed regularly to assess if current controls and processes sufficiently reduce risk against the ever-changing threat landscape.

IT Security Configuration - Active Directory

If your utility uses Microsoft Windows in a networked environment, there’s a near 100% chance you use Active Directory (AD) to centrally administer domains, machines, users, and groups. And like many legitimate tools, if not securely configured, can be a threat actor’s dream for gaining a foothold and hiding in plain sight within your environment. Using AD tactics is nothing new for threat actors, but two recent very large-scale compromises – SolarWinds and Microsoft Exchange – emphasize the importance of securing AD. When is the last time you reviewed your AD configurations?

Verizon’s 2021 Data Breach Investigations Report (2021 DBIR)

Pardon the lack of fanfare that this report deserves, but this serves as an FYI that arguably the most heralded cybersecurity industry report, the Verizon Data Breach Investigation Report, affectionately known as the “DBIR,” was released this morning. According to Verizon, the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR) examines more breaches than ever before. Some of the high-level findings include:

Pages

Subscribe to Cybersecurity