ALPHV/Blackcat gang strikes again, 'healthcheck' your security posture, pentest your lines of defense

ALPHV/Blackcat gang strikes again, 'healthcheck' your security posture, pentest your lines of defense

By John Bruggeman , virtual Chief Information Security Officer

ALPHV/Blackcat gang claims credit for two major attacks

The ransomware group ALPHV, or “Blackcat", claimed credit for two cyber attacks in January and February. One attack was on a loan servicing company and compromised the data of 16.6 million customers. That attack was first disclosed on January 8, with additional details released on January 22.

The attack on a large finance management company was reported on February 4 and involved employee data and contractors. The company has over 40,000 employees and an undisclosed number of contractors, so both attacks were significant.

These companies are large Fortune 500 companies, they have cybersecurity programs, yet they suffered a substantial attack. What this tells us is that regardless of the size of a company, the threat landscape has changed. Cybercriminals are persistent and highly skilled and will attack big companies as well as small companies.

What can be done to prevent this?

The details of these two attacks are still coming out, so it’s not clear if the issue was an unpatched vulnerability, a compromised account, or a third-party attack, but it is likely one of those three.

There are ways to prevent this or at least make it much harder for criminals. A comprehensive cybersecurity program that has layered defense—defense in depth—can make a company cyber resilient. How do you know if you are ransomware-proof? Your cybersecurity program is assessed by one of our cybersecurity consultants to identify the strengths and potential weaknesses of your company.

It doesn’t matter if you are a Fortune 500 or Fortune 1000-sized organization: our team can review your existing program and help you identify any gaps in your cybersecurity program.

What to do?

What are your plans for a ransomware attack? Do you have a good backup strategy? Have you had your cybersecurity program assessed recently? If you haven’t had a program assessment in the past two years or a penetration test or vulnerability assessment in the last year, then it is time to get a check-up.

Vulnerability scan or pentest?

Ryan Hamrick , manager of the cybersecurity team, wrote a blog post to help you understand the difference between a vulnerability scan and a penetration test, or pentest. The two might seem the same, but they are different. Also, note that pentest is one word, it is not 'PEN' test.

As Ryan says in the article,

“A good analogy of the general purpose of a vulnerability assessment is to think of it as a ‘health check’ of an organization’s security posture. It is very much like having a checkup performed by a medical professional. We will take our time, check all the systems on the network with the full collaboration of the organization, and identify potential ‘health’ issues."

Using broad strokes, these are the key steps for a vulnerability assessment:

  1. Define the scope of the assessment. Ideally, this is 100% of the organization’s environment, including externally and internally facing assets.
  2. Coordinate credentials for the assessment team to leverage during the engagement for authenticated scanning.
  3. Configure the software and execute the scanning process.
  4. Review the results of the scanning process and, analyze and aggregate the results to draft a report.
  5. Deliver the report.

That all sounds good, so what is different about a penetration test?

Well, the easy answer is just one word—exploitation.

With a pentest, the skilled tester will see if they can exploit the vulnerabilities that have been discovered. The tester will determine if the security controls work or not. This is a key difference.

What to do?

Have you tested the security controls deployed in your network? Do you know all the controls are in place and working as expected?

You can read Ryan’s blog here .

How can you make your defenses impenetrable?

CBTS has lots of ways to help you. Just like building a house,?you want to start with a good foundation. The best way to do that is to figure out what you are doing well and where you need help.

Ryan Hamrick?leads the team that can perform cybersecurity program assessments .?These program assessments are like a home inspection: they help identify how a criminal or pest can get into your house.

Often, people are not sure where to begin. We can help! We can show where you are doing great and where you have gaps in your security program.

We can also?test the roof?to see if it leaks with a?penetration or pentest . Ryan has a team of experienced and skilled white hat penetration testers that poke and prod your servers and networks to see if there are gaps or vulnerabilities that?you need to fix ASAP.?

The pentest team can evaluate and test networks as small as five systems and as large as tens of thousands of systems. They can also?test cloud applications,?mobile applications,?and physical locations?and try to gain access with social engineering techniques, like phishing e-mails and SMS texts (smishing attacks).

Security Program assessments are fixed-fee engagements that are typically conducted in 2-4 weeks and?provide you with a roadmap?for improving your company's security. The roadmap is a plan of action with definitive steps specific to your needs, whether it be hardware (firewalls, switches, routers, etc.), software (upgraded anti-virus, network intrusion detection, online cybersecurity training, etc.), or other services (managed patching, managed firewall, SD-WAN, managed SOC). ?

Speaking of?managed services, Christopher DeBrunner and his team are ready to help any size company improve their cybersecurity with managed services. We offer constant security monitoring with our managed?Security Operations Center (SOC) ?and?Managed Detection and Response (MDR).

These security offerings are?24x7x365,?and help you?lower your cybersecurity insurance?premiums and?reduce the risk of a catastrophic incident.

In addition to those two key offerings,?Patching as a Service?and?vulnerability management?are also available and very affordable. Patching vulnerable servers and workstations reduces the risk to your customers by limiting where criminals can attack.

These questions can help you reveal where to start in a cybersecurity program:

  • Do you have someone in charge of cybersecurity?
  • Do you have cybersecurity requirements from the government that you have to follow??
  • Do you have cybersecurity insurance??
  • Do you have a patch management program?
  • Have you tested your network to see if it's secure??

Regardless of your answer, we can help—remember, not having a cybersecurity plan can cost you! ?


About the author

John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO


要查看或添加评论,请登录

社区洞察

其他会员也浏览了