See also: How to Stay Digitally Safe This Black Friday and Cyber Monday

In a joint alert, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are alerting all organizations – big or small – and critical infrastructure partners that malicious actor groups are in full fire to launch premeditated cyberattacks during the holiday season.

“Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways — big and small — to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” the alert said.

Friendly reminder to remain vigilant to #ransomware and other cyber threats this holiday season. Cybercriminals don’t take off days! Follow our tips in our joint release with the @FBI: https://t.co/gFmiRTR2rK #StopRansomware https://t.co/KRnPXhNwaJ

— Cybersecurity and Infrastructure Security Agency (@CISAgov) November 24, 2021

Tessian researchers reveal that almost two-thirds (64%) of the top couriers are at risk of having their domains impersonated by scammers, as their email domains are not sufficiently protected against phishing, spoofing, or fraud. What’s more, only 20% of the top global couriers have configured DMARC (Domain-based Message Authentication, Reporting & Conformance) to its highest security level.

The FBI and CISA have stringent advice for organizations, especially critical infrastructure and services, to assess the current security posture and implement best practices and mitigations to attenuate the threat posed by cyberattacks this festive season.

CISA and the FBI Recommend

• Identify IT, security employees, for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
• Implement multi-factor authentication for remote access and administrative accounts.
• Mandate strong passwords and ensure they are not reused across multiple accounts.
• If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
• Remind employees not to click on suspicious links and conduct exercises to raise awareness.

Caroline Wong, Chief Strategy Officer at Cobalt, opines, “Cybercriminals don’t take off for Thanksgiving holidays, and neither should your cybersecurity safety measures. To combat malicious attackers, business leaders should heed CISA’s warning and proactively search their systems for potential security vulnerabilities now before it’s too late. Year-round preventative security measures go a long way. It’s simple — you must identify your assets, find your security problems, and promptly fix those security problems. This will protect you when cybersecurity incidents occur, whether during the holidays or not.”

“People are expected to receive a lot of packages during the holiday season – and hackers take advantage of this by pretending to be FedEx, UPS, and Amazon, to trick victims into giving them personal information that they can use for personal gain. Remain vigilant to avoid falling prey to malicious actors’ ploys.”

Watch Out For

• Phishing scams, such as unsolicited emails posing as charitable organizations.

• Fraudulent sites spoofing reputable businesses — it is possible malicious actors will target sites often visited by users doing their holiday shopping online.

Being vigilant is imperative and not a choice. It is important to closely monitor your security posture before signing off for the season.

The post CISA, FBI Ask Critical Infrastructure Partners to be Vigilant This Festive Season appeared first on CISO MAG | Cyber Security Magazine.

In an alert from the Internet Crime Complaint Center (IC3), the #FBI warns of exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021. https://t.co/xO7THvjxjf pic.twitter.com/COpLqF3ka8

— FBI Seattle (@FBISeattle) November 18, 2021

Report

FBI has requested users to report the existence of any of the following immediately:

• Identification of indicators of compromise.
• Presence of webshell code on compromised FatPipe WARP, MPVPN, and IPVPN appliances.
• Unauthorized access to or use of accounts.
• Evidence of lateral movement by malicious actors with access to compromised systems.
• Malicious IPs identified through the conducted log file searches and session activity.
• Suspicious or malicious .bash_history contents.
• Other indicators of unauthorized access or compromise.

Users must share any other information related to the vulnerability with the authorities.

Suggested Mitigations

Immediate action is suggested regarding the discovered FatPipe MPVPN zero-day compromise within the networks.

FatPipe released a patch and security advisory, FPSA006, on November 16, 2021, that fixes the vulnerability.

All FatPipe WARP, MPVPN, and IPVPN device software previous to releases 10.1.2r60p93 and 10.2.2r44p1 are at risk. The security advisory and additional details are available at the following URL: https://fatpipeinc.com/support/cve-list.php.

FBI strongly urges system administrators to upgrade their devices immediately and follow other FatPipe security recommendations, such as disabling UI and SSH access from the WAN interface (externally facing) when not actively using it.

Zero-day Exploits Rising Popularity

A recently published  CISO Mag article discussed how several cybercriminal groups are found buying zero-day vulnerabilities such as the zero day vulnerability in FatPipe MPVPN and leasing exploit-as-a-service models on dark web forums.

Per a report from Digital Shadows, several cybercriminal groups and state-sponsored actors are increasingly willing to purchase information on vulnerabilities and exploits from various cybercrime affiliates on the dark web. The market for zero-day vulnerabilities is reportedly high, as many ransomware operators are interested in buying them. Digital Shadows claim that the price range of zero-day flaws could go up to $10 million.

The post FBI Alerts About Zero-Day Vulnerability in the FatPipe MPVPN device software appeared first on CISO MAG | Cyber Security Magazine.

Threat actors are now going beyond network and data vulnerability and leveraging an organization’s financial and market vulnerabilities. The FBI has assessed that the adversaries use significant financial events, such as mergers and acquisitions, to launch ransomware attacks.

“Threat ransomware actors are targeting companies involved in significant, time-sensitive financial events to incentivize ransom payment by these victims. Ransomware is often a two-stage process beginning with an initial intrusion through a Trojan malware, which allows an access broker to perform reconnaissance and determine how to best monetize the access,” the FBI said.

Threat actors scout for confidential, non-public information of the target and coerce the victim to relent to the ransom demands. The victims, in most cases, would concede as they are amid a significant financial event like stock valuation or a merger and acquisition, whereby the consequences of any leaked information could heavily impact the stock value of the company.

The #FBI assesses ransomware actors are likely using significant financial events like mergers and acquisitions to target and leverage victim companies. Review our PIN for related recommendations and steps to report a compromise. #RansomwareAware https://t.co/FAU8ATP9ZL

— FBI (@FBI) November 2, 2021

The FBI listed multiple ransomware cases from 2020 and 2021:

• In early 2020, a ransomware actor using the moniker “Unknown” made a post on the Russian hacking forum “Exploit” that encouraged using the NASDAQ stock exchange to influence the extortion process. Following this posting, unidentified ransomware actors negotiating a payment with a victim during a March 2020 ransomware event stated, “We have also noticed that you have stocks. If you will not engage us for negotiation we will leak your data to the nasdaq and we will see what’s gonna happen with your stocks.”
• Between March and July 2020, at least three publicly traded US companies actively involved in mergers and acquisitions were victims of ransomware during their respective negotiations. Of the three pending mergers, two of the three were under private negotiations.
• A November 2020 technical analysis of Pyxie RAT, a remote access trojan that often precedes Defray777/RansomEXX ransomware infections, identified several keyword searches on a victim’s network indicating an interest in the victim’s current and near future stock share price.
• In April 2021, Darkside ransomware actors posted a message on their blog site to show their interest in impacting a victim’s share price. The message stated, “Now our team and partners encrypt many companies that are trading on NASDAQ and other stock exchanges. If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn in the reduction price of shares. Write to us in ‘Contact Us’ and we will provide you with detailed information.”

Evolving Ransomware Techniques

From new malware variants to different hacking methods, threat actors constantly change their approaches to encrypt victims’ data and pressurize them into paying the ransom. To prove their power, the operators behind the Darkside ransomware group announced that they are leveraging new extortion tactics by targeting companies that are listed stock markets like NASDAQ. As reported in April 2021, the Darkside operators stated they are coaxing certain crooked stockbrokers to use insider information of their corporate targets to short-sell a victim company’s stock before disclosing the breach or leak any data. The operators believed that the impact of posting a traded company’s name on its website would cause the victim company’s stock price to fall and help insider traders make profits.

See also: Darkside Ransomware Gang Adopts New Extortion Technique by Targeting Stock Traders

Not conceding to ransom demands has been echoed by experts and authorities across industries, yet the victims’ willingness to pay for their compromised data has been the primary reason why we continue to see a surge in the attacks.

FBI warns that ransomware scammers are timing hacks to target stock-boosting events https://t.co/ehSpdeqmu6 #Money #Threats #DarkSide #FBI #ransomware via cyberscoopnews pic.twitter.com/fPbk1zJ0fr

— EdiAcoo (@AcooEdi) November 2, 2021

“Paying a ransom emboldens adversaries to target additional organizations, encourages other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to your local FBI field office. Doing so provides the FBI with the critical information they need to prevent future attacks by identifying and tracking ransomware attackers and holding them accountable under US law,” the FBI added.

FBI Recommends

• Back-up critical data offline.
• Ensure copies of critical data are in the cloud or on an external hard drive or storage device.
• Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the original data resides.
• Install and regularly update anti-virus or anti-malware software on all hosts.
• Only use secure networks and avoid using public Wi-Fi networks.
• Use two-factor authentication for user login credentials, use authenticator apps rather than email as actors may be in control of victim email accounts, and do not click on unsolicited attachments or links in emails.
• Implement least privilege for file, directory, and network share permissions.

In an exclusive quote to CISO MAG, Bill Alderson, CTO, HOPZERO, said, “Sadly, the NSA, CIA, and FBI all losing their lawful intercept tools to hackers increased technical ability greatly.  As with any monetization method – they are increasing their market by simple research to find high stakes, high-visibility situations they can exploit. All is not lost.  Hackers are not omniscient, omnipotent, or omnipresent, as those technically deficient might think, that only AI can fix data compromise. And by AI Security success, those are easy pickings.  My solution rests with hop starvation reducing the attack surface of vital servers by over 99% reducing risk while catching ransomware and phish – hooking-em, cooking-em, and frying-em up in a pan.”

The post Ransomware Operators Leverage Financial Events Like M&A to Pressurize Victims: FBI appeared first on CISO MAG | Cyber Security Magazine.

“Promoting national security is an integral part of the Commission’s responsibility to advance the public interest, and today’s action carries out that mission to safeguard the nation’s telecommunications infrastructure from potential security threats,” the FCC said.

Brendan Carr, the Commissioner of the FCC, stated the latest move is a critical initiative towards defending against constant cyberthreats from China.

Today, the FCC voted to revoke China Telecom America’s Section 214 authority to operate in the U.S. based on national security risks.

Another important step towards addressing the threats posed by Communist China and those that would do its bidding. pic.twitter.com/qDIoIitL0t

— Brendan Carr (@BrendanCarrFCC) October 26, 2021

Order Endorsed by Executive Branch Agencies

The decision to withdraw China Telecom Americas services comes after the U.S. Executive Branch agencies (the Departments of Justice, Defense, State, Commerce, Homeland Security, and the U.S. Trade Representative) recommended the FCC in April 2020 significant security risks.

The Executive Branch unveiled its findings to the FCC, which include:

• China Telecom Americas is subject to exploitation, influence, and control by the Chinese government and is highly likely to be forced to comply with Chinese government requests without sufficient legal procedures subject to independent judicial oversight.
• The Control by the Chinese government raises significant national security and law enforcement risks by providing opportunities for China Telecom Americas, its parent entities, and the Chinese government to access, store, disrupt, and/or misroute U.S. communications, which in turn allow them to engage in espionage and other harmful activities against the U.S.
• The China Telecom Americas conduct and representations to the Commission and other U.S. government agencies demonstrate a lack of candor, trustworthiness, and reliability that erodes the baseline level of trust that the Commission and other U.S. government agencies require of telecommunications carriers.
• The telecom wilfully violated two of the five provisions of the 2007 Letter of Assurances with the Executive Branch agencies, compliance with which is an express condition of its international section 214 authorizations.

Chinese Telecoms Face the Heat

This is not the first Chinese telecom has encountered security concerns from government authorities. Earlier, the Chinese telecommunications service provider Huawei experienced severe backlashes from the Australian government and other countries over security and cyberespionage campaigns.  A security report has alleged that Huawei has been recruiting high-level operatives linked to China’s military and intelligence agencies. It is suspected that over 100 Huawei employees had connections with the Chinese military and state-sponsored hacking operations.

As Part of Cybersecurity Initiate

The latest move to stop the China Telecom Americas services in the U.S. could be another critical step of the Biden Administration, which is constantly trying to mitigate the state-sponsored attacks from China, Russia, and across the globe. The U.S. government has been initiating several cybersecurity measures to address the rising cyberthreats. As part of their multiple cybersecurity initiatives, the U.S. recently hosted a virtual meeting this month involving over 30 countries to address the expanding cyberthreat landscape.

The post U.S. Bans China Telecom Americas Citing National Security Issues appeared first on CISO MAG | Cyber Security Magazine.

The Biden government since its time in office, has been taking a stern stand towards the issue of cybersecurity and sanctioned a host of cybersecurity plans.

State-sponsored cyberattacks and espionage have been cresting and need to be contained. Per the announcement by BIS, the control would ban the U.S. companies from exporting and reselling software and hardware tools that are proliferating and nourishing the autocratic practices that use malicious hacking activities and human rights abuse.

Per the Commerce Department’s statement, “This rule establishes a new control on these items for National Security (NS) and Anti-terrorism (AT) reasons, along with a new License Exception Authorized Cybersecurity Exports (ACE) that authorizes exports of these items to most destinations except in the circumstances described.

The rule will become effective in 90 days and will effectively ban the export of “cybersecurity items” for National Security (NS) and Anti-terrorism (AT) reasons.”

It continues to state that these items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny, or degrade the network or devices on it.

This proposed ban also aligns the U.S. with the 42 European and other allies that are members of the Wassenaar Arrangement, which sets voluntary export control policies on military and dual-use technologies — or products that can be used for both civilian and military purposes.

The Wassenaar Arrangement (WA)

The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a multilateral export control regime (MECR) with 42 participating states including many former Comecon (Warsaw Pact) countries established in 1996.

The Wassenaar Arrangement has been established to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations. The aim is also to prevent the acquisition of these items by terrorists.

Participating States seek, through their national policies, to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine these goals and are not diverted to support such capabilities.

In Perspective

The Pegasus spyware was one such incident, which highlighted the problem of surveillance in the name of national security. The spyware was extensively being used for snooping on activists, journalists, and politicians. The NSO Group Technologies, that created Pegasus spyware vehemently denied any involvement. It said it just creates the tool and sells it to governments and intelligence or security agencies, which use it for anti-terrorism surveillance and national security.

This proposed control will ban the misuse of these cybersecurity tools and help contain the widespread abuse at the hands of countries with malicious intentions.

Governments around the world are waking up to the need to collectively address the issue of cybersecurity and take joint action to curb cyberattacks. The White House National Security Council facilitated an initiative where 31 countries came together to deliberate the efforts to improve national resilience, addressing the misuse of virtual currency, laundering ransom payments, disrupting the ransomware ecosystem, and prosecuting the cybercriminals.

Concerted efforts like these must be pursued to address the global cybersecurity issue; countries must unite to disrupt the safe heavens which are sheltering the threat vectors if they do not want to see disruption in their critical services.

The post U.S. Govt to Control Export of Cybersecurity Items to Regions with Despotic Practices appeared first on CISO MAG | Cyber Security Magazine.

There has been a spate of incidents where ransomware has been demanded in the form of cryptocurrency by cybercriminals for ease of business operations. Incidents of rising ransomware attacks have been reflecting the low resilience of the critical network infrastructure and the vulnerabilities.

The statement was issued by ministers and representatives from Australia, Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States.

Per the White House statement, significant economic losses have been incurred globally due to the increased ransomware attacks. “Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, illustrating the financially driven nature of these activities.”

Ransomware is a world-wide threat leveraging global infrastructure – and no country can fight it alone. This week, the United States and dozens of nations aligned on common approaches to counter it together. 

— Jake Sullivan (@JakeSullivan46) October 14, 2021

The Counter-Ransomware Initiative

Governments of the 30 countries have realized the need for an immediate action plan and collective effort to tackle the risk of ransomware. Cybercriminals abuse the financial mechanism of countries and launder huge amounts through cryptocurrency mining, evading all kinds of surveillance.

The White House states, “We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring our national AML frameworks effectively identify and mitigate risks associated with VASPs and related activities. We will enhance the capacity of our national authorities, to include regulators, financial intelligence units, and law enforcement to regulate, supervise, investigate, and act against virtual asset exploitation with appropriate protections for privacy, and recognizing that specific actions may vary based on domestic contexts.  We will also seek out ways to cooperate with the virtual asset industry to enhance ransomware-related information sharing.”

The need of the hour is to collectively look at the problem of exploitation of the digital asset platform and disrupt the machinery from further exploiting the platform. As policies and regulations vary from one jurisdiction to the other, this effort will help accelerate the investigation and prosecution of the criminals. The problem has been exacerbated as incidents of attack are treated in isolation.

“Ransomware criminal activity is often transnational in nature, and requires timely and consistent collaboration across law enforcement, national security authorities, cybersecurity agencies, and financial intelligence units. Such collaboration must be consistent with domestic legal requirements and may be pursued alongside diplomatic engagement so that malicious activity can be identified and addressed, and the actors responsible can be investigated and prosecuted.  Together, we must take appropriate steps to counter cybercriminal activity emanating from within our own territory and impress urgency on others to do the same, in order to eliminate safe havens for the operators who conduct such disruptive and destabilizing operations,” the White House said.

The post 30 Governments Join Hands to Suppress Ransomware Payment Channels appeared first on CISO MAG | Cyber Security Magazine.

The Biden Administration organized the Counter-Ransomware efforts in four parameters:

1. Disrupt Ransomware Infrastructure and Actors
2. Bolster Resilience to Withstand Ransomware Attacks
3. Address the Abuse of Virtual Currency to Launder Ransom Payments
4. Leverage International Cooperation to Disrupt the Ransomware

 Participating Countries

According to an official statement from the White House, the meetings host several senior ministers and representatives from Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, the EU, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, the UAE, and the U.K.

In particular, four countries have volunteered to organize specific discussions on:

• India for resilience,
• Australia for disruption
• The U.K. for virtual currency
• Germany for diplomacy

Russia and China Not Invited

Despite multiple cooperation in several areas, the U.S. government has not invited Russia to the Counter-Ransomware meetings.

“We did not invite the Russians to participate for a host of reasons, including various constraints. However, as I noted, we are having active discussions with the Russians. But in this forum, they were not invited to participate, but that doesn’t preclude future opportunities for them to participate as we do further sessions like these. We do look to the Russian government to address ransomware criminal activity coming from actors within Russia. I can report that we’ve had, in the Experts Group, frank and professional exchanges in which we’ve communicated those expectations,” said a Senior Administration Official from the White House.

Primary Goal – To Curb Ransomware

The Counter-Ransomware Initiative comes in response to a series of ransomware attacks on Colonial Pipeline, JBS Foods, and Kaseya, which have affected several critical infrastructures in the country. White House stated that several international ransomware operators have targeted organizations of all sizes in the U.S. It has revealed that the global economic losses from ransomware reached over $400 million globally in 2020 and topped $81 million in the first quarter of 2021.

The Biden Administration also called on multiple tech companies in the private sector to modernize their cybersecurity capabilities to protect against ransomware threats.

The post White House Brings 30 Nations Together for Counter-Ransomware Event appeared first on CISO MAG | Cyber Security Magazine.

“The bill introduces account takeover warrants to enable the AFP and ACIC to take over a person’s online account to gather evidence to further a criminal investigation; and make minor amendments to the controlled operations regime to ensure controlled operations can be conducted effectively in the online environment,” the Parliament of Australia stated.

Minister for Home Affairs, Karen Andrews, stated that the new legislation gives more authority to the law enforcement agencies in the country in identifying cybercriminal activities online. “Under our changes, the AFP will have more tools to pursue organized crime gangs to keep drugs off our street and out of our community, and those who commit the most heinous crimes against children,” Andrews said.

Legislation passed today will significantly boost the capacity of our law enforcement agencies to identify and disrupt serious criminal activity occurring online, and keep Australians safe. Read more: https://t.co/9o9GHN6qdP pic.twitter.com/2vr1q4ftUk

— Karen Andrews MP (@karenandrewsmp) August 25, 2021

The three warrants that give additional powers to the AFP and the ACIC include:

1. Network Activity Warrant – This warrant will enable the AFP and the ACIC to collect intelligence on the most harmful criminal networks operating online, including the dark web, and when using anonymizing technologies.

2. Data Disruption Warrant– This will enable the AFP and the ACIC to disrupt serious criminality online – authorizing the AFP and the ACIC to modify data belonging to individuals suspected of criminal activity to frustrate the commission of serious offenses such as the distribution of child exploitation material.

3. Account Takeover Warrant– This warrant powers the AFP and the ACIC to control a person’s online account to gather evidence about criminal activity, to be used in conjunction with other investigatory powers. Right now, law enforcement agencies rely on a person consenting to the takeover of their account.

All the three warrants will be supervised by the Commonwealth Ombudsman and the Inspector-General of Intelligence and Security to ensure the agency uses them appropriately and reviewed by the Independent National Security Legislation Monitor and the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

The post Australia Passes Surveillance Legislation (Identify and Disrupt) Amendment Bill 2020 appeared first on CISO MAG | Cyber Security Magazine.

NCSC for Startups

NCSC for Startups is a cyber accelerator program that involves onboarding cybersecurity startup companies for technical collaboration and better outcomes. The new initiative is a cooperation between the NCSC and Plexal, with additional partnerships with CyNam, Deloitte, Hub8, and QA.

NCSC for Startups will aid new firms with established cybersecurity solutions, which are looking to expand their reach into new markets and support the NCSC’s mission to make the U.K.’s digital space secure. The initiative will also:

• Shape technical challenges to focus on areas of interest
• Work together and directly with startup companies to influence their products
• Provide technical leadership and influence to encourage the growing cyber eco-system

The NCSC has selected five cybersecurity innovators to work with the U.K.’s cybersecurity experts to address the most prevalent cyberthreats in the country. The first five startups are:

1. PORGiESOFT – The EdTech startup offers cyber fraud detection services for enterprise employees
2. Exalens – Provides inexpensive threat detection services
3. Enclave – Helps organizations in creating Zero Trust overlay networks
4. Meterian – Provides a sustainable line of defense for apps that use open-source software
5. Rebellion Defense – Leverages AI to defend national security systems against threats like ransomware

The selected startups will receive direct support from the NCSC’s experts and Plexal’s cyber innovation team to obtain wider technical and commercial opportunities with the industry partners across the U.K.’s cybersecurity ecosystem.

Commenting on the new initiative, Chris Ensor, NCSC Deputy Director for Cyber Growth, said, “The U.K. has a thriving cybersecurity industry. Finding great ideas that can help protect all areas of society is a key part of our mission and we look forward to collaborating with more startups as the program rolls on.”

“The NCSC understands the U.K.’s cybersecurity challenges better than anyone, and the opportunity for innovative startups to benefit from its world-class insight and expertise is unique. Combined with Plexal’s extensive track record in supporting startups to become market leaders, NCSC For Startups will help companies address some of the most challenging security problems facing the government, businesses, and society now and in the future,” said Saj Huq, Director of Innovation at Plexal.

The post NCSC for Startups Initiative will Address U.K.’s Cybersecurity Challenges appeared first on CISO MAG | Cyber Security Magazine.

Ransomware Risk Management

The ransomware risk management profiling established in this draft is based on NIST’s cybersecurity framework version 1.1, and is built on the core functions to identify, protect, detect, respond, and recover. Each function is further divided into several sub-categories and selected informative references, which then guide the implementation to achieve the objective of each core function. NIST has additionally mentioned how ransomware can affect each core function of the Cybersecurity Framework and how to effectively manage a ransomware risk in each of these instances.

Among the basic measures listed in this draft by NIST, the most common yet effective recommendations against any form of cyberattack include an antivirus solution, up-to-date patch application, role-based access control (RBAC), backup and restore plan, etc. However, one of the most important steps for recovery from a ransomware attack is an incident recovery plan, which the NIST highlights and says, “could be a part of a continuity plan as well.”

According to NIST, the said Ransomware Profile is intended and applicable for organizations that:

• Have already adopted the Cybersecurity Framework.
• Are familiar with the Cybersecurity Framework and want to improve their risk posture.
• Are unfamiliar with the Cybersecurity Framework but need to implement a risk management framework to meet ransomware threats.

The first draft of the ransomware profile will be open for comments until July 9, 2021, post which it will undergo changes and/or additions based on the recommendations and will be released again for further comments. Only after this, the final version of the Ransomware Risk Management document will be published for broader implementation.

Related News:

The Zero Trust Primer: A Simple Overview of the NIST 800-207 Draft

The post NIST Releases Preliminary Draft for Ransomware Risk Management appeared first on CISO MAG | Cyber Security Magazine.