Archive for February 28, 2024

FBI, HHS & CISA warn US hospitals of targeted BlackCat ransomware attack

Posted in Commentary with tags , , on February 28, 2024 by itnerd

The CISA, the FBI and HHS have released an update on ALPHV/BlackCat ransomware attacks, warning that the group is targeting US healthcare orgs primarily. The three federal agencies warned in the joint advisory that, since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized.

Darren Williams, CEO and Founder, BlackFog:

“The healthcare industry has proven an irresistible target when it comes to ransomware, with publicized attacks in 2023 seeing a 134% increase over the previous year. Healthcare organizations possess troves of valuable and sensitive data just ripe for extortion, and unfortunately in many cases the level of cyber defense simply isn’t up to the task of protecting it.  When it comes to extortion the only way to prevent it is to prevent data exfiltration in the first place. The industry must look to third generation ADX cybersecurity solutions that have been designed to do just that.”

Once again this is an example of threat actors targeting health care. Thus like I said here, this sector needs to up its game in a serious way to take themselves off the target list of threat actors.

Leave a comment »

Vevo partners with TELUS as its advertising representative in Canada

Posted in Commentary with tags on February 28, 2024 by itnerd

Today, TELUS announced a new partnership with Vevo to become its direct ad sales representative nationally, enabling Vevo to bring its extensive music video content and enhanced advertising opportunities to the Canadian market. Leveraging TELUS’ extensive reach, this collaboration enables Vevo, the world’s leading music video network, to offer advertisers a vast library of premium music video content on major Connected TV (CTV) platforms and streaming services, including YouTube, Apple TV, Samsung TV Plus, Vizio, Google TV, and Roku.

This partnership offers opportunities for advertisers to elevate their strategies and connect with their audiences through influential music videos on multiple platforms across Connected TV, mobile and desktop. Brands and agencies will reach their target audience more effectively by leveraging first-look opportunities, including premieres, programming sponsorships, and linear channel takeovers. Through Vevo’s monthly reach of more than 10 million Canadians, advertisers can now engage with consumers watching culturally relevant content, featuring stars like Justin Bieber, The Weeknd, and Drake.  

For more information about TELUS, visit www.telus.com and Vevo at www.vevo.com

Leave a comment »

Cencora Pwned In Cyberattack

Posted in Commentary with tags on February 28, 2024 by itnerd

Cencora, a pharmaceutical solutions provider, has disclosed a cyberattack which resulted in personal information being stolen from its systems. According to a filing with the SEC, breach was identified on Feb. 21 and included data being exfiltrated from its systems. What type of data and who it belongs to has not yet been disclosed.

Darren Williams, CEO and Founder, BlackFog:

     “The attack against Cencora highlights the different sections of the healthcare industry which continue to be a massive target for cybercriminals. By targeting providers of access and supply chain efficiencies, there will surely be a ripple effect felt in many places throughout the country. It is also concerning to see that hackers exfiltrated data and even more so that the type of data stolen is not yet disclosed. Once hackers successfully exfiltrate data, there is no stopping them from implementing double and triple extortion attacks, going after not only individual members of the company, but any patients or customers whose data was also stolen. As extortion continues to be the tactic of choice for attackers, the focus must be on preventing data exfiltration in the first place.” 

Healthcare is one of those low hanging fruits that threat actors love to go after. What needs to happen is that this sector needs to redouble its efforts to defend against cyberattacks so that they are no longer low hanging fruit for threat actors.

1 Comment »

Martello Joins Forces with Yorktel to Bring Vantage DX to Microsoft Teams Managed Service

Posted in Commentary with tags on February 28, 2024 by itnerd

 Martello Technologies Group Inc., a provider of experience management solutions purpose-built for Microsoft Teams, today announced a partnership with leading managed services provider Yorktel. The collaboration will bring Vantage DX to customers through Yorktel’s Modern Workplace as a Service (MWaaS) offering. Vantage DX is the Microsoft-recommended software that proactively detects problems before they impact Microsoft Teams users, providing tools to resolve these problems faster and optimize the Teams user experience.

A Microsoft Operator Connect partner headquartered in the United States, Yorktel is a leading provider of collaboration and managed service solutions for enterprise, public sector, education and healthcare customers worldwide. Committed to addressing hybrid workplace challenges, Yorktel has chosen Vantage DX for its MWaaS offering, to proactively manage the Microsoft Teams performance and user experience for its customers, maximizing uptime and productivity.

The partnership has already yielded a sales deal with a large North American multinational investment management firm with more than 40 locations globally to manage the Teams user experience for 5,000 employees in the US and Canada. This project also supported a major Federal Department requiring strict security provisions. With Microsoft Teams a mission-critical part of Yorktel’s offering, they expect to integrate Vantage DX into all new deployments.

Microsoft Teams experience management has become a pressing concern for enterprises and managed service providers. The recent State of Microsoft 365 Performance Management report produced by research firm EMA exposed an important blind spot for enterprise IT teams. While 81% of Teams users cited Teams performance issues such as poor video or audio quality as having a high or significant impact on their productivity, only 7% of IT teams said they had an accurate view of how Microsoft Teams is performing for users. Vantage DX closes this visibility gap for enterprises and managed service providers.

Interested in learning more about Martello’s Microsoft-recommended Vantage DX solution for Microsoft Teams? Read about Martello’s Partner Program and about Vantage DX.

Leave a comment »

Cado Security Labs Releases H2 2023 Cloud Threat Findings Report 

Posted in Commentary with tags on February 28, 2024 by itnerd

Cado Security, provider of the first cloud forensics and incident response platform, today announced the release of the Cado Security Labs H2 2023 Cloud Threat Findings Report, sharing deep insights into the cloud threat landscape to help security teams remain at the forefront of securing their organizations against the latest threats.

Cado Security Labs operates honeypot infrastructure across four distinct geographical regions to collect cloud attacker telemetry. The latter half of 2023 saw the introduction of “Cloudypots,” a new, more sophisticated, high-interaction honeypot system that allows researchers to honeypot accurate services quickly and safely. 

As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number – a collective effort to safeguard both large and small enterprises is critical. Security teams need to reassess their internal tools and approaches to ensure their ability to correctly identify, investigate, and respond to emerging cloud threats. 

The report provides insights into the second half of 2023, an analysis of real-world techniques employed by attackers, an overview of novel malware campaigns found in the wild targeting cloud environments, including Qubitstrike, Legion, Blackcat, Bioset, Cetus, P2Pinfect, and 9hits.

Key technical findings from attacker telemetry, which Cado Security covers in detail within the report, include:

  • Attackers target cloud services that require specialist technical knowledge to exploit. Attackers are increasingly targeting services, such as Docker, Redis, Kubernetes, and Jupyter, that require expert technical knowledge to exploit, different from what’s required for attacking generic Linux servers. 
  • Docker is the most commonly exploited “cloud-native” service for initial access. Although cloud-focused attackers aim to exploit various services typically deployed in cloud environments, Docker remains the most frequently targeted for initial access, with 90.65% of honeypot traffic when discounting SSH. 
  • Threat actors leverage hosting companies across the globe for their infrastructure. Identified malware campaigns, such as P2Pinfect, had a wide geographical distribution with nodes belonging to providers in China, the US, and Germany, which shows that regardless of where your infrastructure is located, it is still susceptible to Linux and cloud-focused attacks.
  • Cryptojacking is no longer the sole focus of cloud attackers. While cryptojacking is a legitimate and significant threat, Cado Security Labs has started to see a diversification in objectives displayed by recent Linux and cloud malware campaigns. For example, with the discovery of new Linux variants of ransomware families, such as Abyss Locker, there is a worrying trend of ransomware on Linux and ESXi systems. Cloud and Linux infrastructure is now subject to a broader variety of attacks. 

Other observations also include: 

  • Attackers continue to exploit web-facing services in cloud environments to help them gain access to cloud environments and invest significant time into hunting for misconfigured deployments of these services. 
  • Rust malware continues to increase as the language gains popularity in general software development and will also become increasingly popular in the malware community, with threat actors increasingly developing malicious payloads in Rust.

To ensure effective and efficient cloud incident handling, Cado Security Labs recommends that security teams establish a policy of regularly reviewing the security of deployed services in their cloud estate, reduce the attack surface by only deploying public-facing services when necessary, and use networking security features provided by their Cloud Service Provider (CSP), collect and aggregate logs from CSP’s control plane and for the individual services intended to run in their accounts, and hold a periodic review and automated alerting for anomalies found in these log sources.

To download the full report, visit https://offers.cadosecurity.com/h2-2023-threat-findings-report

Leave a comment »

Aptum Named a Major Player in 2024 IDC MarketScape Canadian Managed Multicloud Services Vendor Assessment

Posted in Commentary with tags on February 28, 2024 by itnerd

 Aptum, a global cloud solutions provider specializing in technology consulting and managed services, today announced it has been named as a Major Player in the IDC MarketScape: Canadian Managed Multicloud Services 2024 Vendor Assessment (doc # CA50302123, February 2024). The IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of ICT (information and communications technology) suppliers in a given market.

With more than 20 years of comprehensive hybrid multicloud expertise, Aptum is committed to being a leader in cloud innovation, providing end-to-end support and advice tech leaders need today ­­— across cloud, network, and infrastructure technologies — as they look to mitigate risks, build new services, or grow into new markets. Aptum’s cloud platform-agnostic approach, adoption framework and certified expertise help customers to successfully plan, navigate and accelerate their journey to the cloud. 

For more information about Aptum’s new managed multicloud services, visit www.aptum.com.

Leave a comment »

NIST updates 10 y/o cybersecurity framework adding focus on supply chain risk management 

Posted in Commentary with tags on February 28, 2024 by itnerd

Monday, NIST released version 2.0 of its cybersecurity framework (CSF) that emphasizes governance and supply chain issues for both public and private sector entities.

The new guidance outlines “high-level cybersecurity outcomes that can be used by any organization to better understand, assess, prioritize and communicate its cybersecurity efforts.” There are six core functions:

  1. Govern
  2. Identify
  3. Protect
  4. Detect
  5. Respond
  6. Recover

“Govern”, the new addition to the other five pillars, focuses on how an organization establishes, communicates and monitors its cybersecurity risk management strategy, expectations and policy and is intended to address the implementation and oversight of a cybersecurity strategy.

Laurie Locascio, director of NIST and undersecretary of Commerce for Standards and Technology, noted that 10 years ago before NIST’s initial CSF launched, there was discussion about the elements of “govern,” but agency leaders “really weren’t ready yet to incorporate it.”

In version 2.0, the focus on supply chain risks covers how various types of technologies rely on complex landscapes for outsourcing involving geographically diverse routes for both private and public sectors offering a variety of services. In the updated CSF, NIST points to Cybersecurity Supply Chain Risk Management (C-SCRM) as a systemic process to manage exposure to cybersecurity risks by developing appropriate “strategies, policies, processes and procedures.”

Emily Phelps, VP, Cyware starts with this comment:

   “By adding governance, NIST does a great job rounding out an already best-in-class framework. This will help organizations not only improve bidirectional information sharing between security teams, executives, and board members, it will help ensure consistent language and clear definitions around responsibilities.”

Greg Welch, CEO, CyberProtonics had this comment:

   “Cybercrimes are on the rise with more sophistication and computing resources. We believe all data should be encrypted and pleased to see NIST provide organizations with risk assessment strategies and procedures that will help safeguard against malicious actors.”

Dave Ratner, CEO, HYAS served this comment:

   “As a key part of ‘Govern’ in version 2.0 of the NIST cybersecurity framework, organizations need change how they have historically thought about security and focus on business and operational resiliency versus pure prevention. Especially with rampant supply chain attacks, not to mention constantly adapting tactics and techniques, criminals will unfortunately continue to infiltrate organizations of all sizes. Appropriate governance requires recognizing this fact across the entire business and all aspects of digital risk, and ensuring that cyber resiliency is implemented to efficiently identify, isolate, and address breaches before they expand and cause significant damage.”

John Benkert , CEO, Cigent adds this comment:

   “The National Institute of Standards and Technology (NIST) recently added “Govern” as a new function to its Cybersecurity Framework, emphasizing the importance of governance in managing cybersecurity risks. This addition underscores the understanding that effective cybersecurity is not just about technology but also involves clear governance structures, policies, and processes to ensure comprehensive risk management. This is long overdue and has been talked about outside of NIST circles for many years.  Cybersecurity has to start at the top levels of organizations which includes C-level executives including the CFO.

Troy Batterberry, CEO and Founder, EchoMark followed with this comment:

   “A vast majority of cybersecurity events are caused by inadequate security practices that can be traced back directly to insufficient prioritization and funding. While moving the discussion into the board room will help in some cases, many organizations under financial stress will continue to make difficult tradeoff decisions that result in more breaches. When they do happen, the criminals involved extract money to fund further criminal activity. Breaches impact not only the business but the customers too. This unfortunately may be a situation where further regulatory requirements are needed to protect customers and ultimately the public.”

Stephen Gates, Principal Security SME, Horizon3.ai had this to say:

   “In terms of responding to risk, NIST defines the available actions one could take as accepting, avoiding, mitigating, sharing, or transferring risk to others. And in the case of just-in-time and lean manufacturing, suppliers can potentially transfer their cyber risk to their buyers. Meaning, if you rely on a host of suppliers that help support your mission, an outage-inducing cyberattack on one of them will likely impact you as well.

   “Soon, organization who have extensive supply chains will begin to require that their suppliers continuously access their own infrastructure to identify their truly exploitable weaknesses, verify those weaknesses have been remediated, and prove that their cyber risk is not being transferred to their buyers. Although the term “report” appears eight times in the recent NIST Cybersecurity Framework (CSF) 2.0, it does not necessarily define a reporting standard or framework to address the third-party supplier “risk transfer” issue that many are being subjected to.”

NIST updating its cybersecurity framework shows that they’re keeping up the ever changing cybersecurity landscape. Assuming that organizations are paying attention, this will benefit us all.

Leave a comment »