Information about general information security issues.

U.S. Can Expect to see more Ransomware Attacks

/
In the cybersecurity space, there are many things we do not all agree on, but one thing I have noticed in the past year is that we all agree that the U.S. can expect to see more ransomware attacks as the nation recover from recent attacks which included the District of Columbia Police Department, The Colonial Pipeline and now the JBS meat plant. These will continue to increase, especially in the state, local environment, as well as in the critical infrastructure and manufacturing space. There are two main reasons for this trend: 1. Organizations are not implementing the basic security controls thus allowing attackers to take advantage of easy attack vectors. A major of the critical infrastructure in the U.S. are operated by private organizations with very little IT and security regulations. 2. Many organizations are frequently deciding to pay the ransom after they have been attacked. Security researchers and law enforcement often recommend organizations not to pay the ransoms, but when stakeholders and the media are applying pressure, organizational leader must do what is best for the organization. This validates the ransomware industry and their frequency and tactics become more sophisticated. This recent attack seems to have a Russian’s group fingerprint associated to it just like the pipeline event. Many security researchers, law enforcement officials and politicians are recommending in conjunction to increasing regulations on U.S. based organizations, the U.S. must also impose sanctions against countries that allow these types of activities to occur inside their borders.

Bad Ending for Washington, D.C.’s Metropolitan Police Department (MPD) after a Ransomware Attack

/
A group of ransomware hackers known as “Babuk” leaked internal police files from the Washington, D.C. Metropolitan Police Department (MPD).  The information was stolen in late April. 

Colonial Pipeline Ransomware Attack

/
One of the nation's largest fuel pipelines has been forced to shut down after being affected by a ransomware cyberattack.  Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. 

Ransomware attack leads to shutdown of major U.S. pipeline system

/
By: David E. Sanger A cyberattack forced the shutdown of one…

The Cybersecurity Job Gap and How Getting Women in STEM can Help [Video]

/
As previously stated, Researchers at Cybersecurity Ventures detailed in a 2019 post there would be 3.5 million unfilled cybersecurity positions globally in 2021, but with the addition of 700,000 additional skilled practitioners according to a Cybersecurity Workforce Study that entered the field this year, the projected number has dropped to approximately 3,21 million.

Supply Chain Risk Management (SCRM) Explained

/
Supply chain risk management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of IT products and service supply chain.

The Civilian Cybersecurity Reserve: A National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government

/
This would be like a Civilian Cybersecurity Reserve and it would be voluntary and by invitation only.  This would allow our national security agencies to have access to the qualified, capable, and service-oriented American talent necessary to respond when an attack occurs.

Update Greenbone Vulnerability Management Plugins on Kali (NVT, Cert Data & SCAP Data) Automatically

/
Once you have installed or configured the Greenbone Vulnerability Management system it is a good idea to ensure it is kept up to date and running the latest security scripts to find the latest vulnerabilities as well as sync to the most updated nvt, scap and cert data.  The best way to do this is to create a script that sync’s the necessary data for you automatically each day.

SA.3.169 Community-based Threat Sharing (CMMC Level 3)

/
Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders.

IR.2.092 Incident Preparation (CMMC Level 2)

/
Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.