Uncovering Cyber Ambushes

This week, the world is watching Ukraine fight for its survival. It’s hard to tell who has the most fire power.  Firepower not only on the ground but the kind that can and will stop the online ambush of cybercrime.

It appears that Russia’s unprecedented attack on Ukraine was a call to the dark side and has cybercriminals co-conspiring to disassemble critical infrastructure across borders with dangerous repercussions. CISA’s Joint Cybersecurity Advisory gave several warnings and counsel to politicians and businesses (paraphrased, as follows) in light of the uncertainty these current events have on markets and governments:

All organizations – regardless of size – should adopt a heightened cybersecurity posture to protect their most critical assets.  Recommended actions include:

– Reduce likelihood of damaging cyber-intrusion by validating use of multi-factor authentication.

– Ensure software updates are done for known exploited vulnerabilities identified by CISA.

– Implement strong controls per CISA’s guidance, for organizations using cloud services.

 –Take steps to quickly detect potential intrusions – at minimum, antivirus/antimalware software protection on entire network, and updated signatures.

– If working with Ukranian organizations, monitor, inspect, and isolate traffic from them.

– Ensure your organization’s readiness to respond should an intrusion occur, by designating a crisis-response team with main points of contact and their roles and responsibilities, to include technology, communications, legal and business continuity.

– Assure availability of key personnel.

The cyber-trend of targeting MSPs is prevalent and a source for future compromise. 

“Ransomware threat actors have targeted managed service providers (MSPs), with widespread, trusted accesses into client organizations. By compromising an MSP, threat actors can access multiple victims through one initial compromise. Cybersecurity authorities in the United States, Australia, and the United Kingdom assess there will be an increase in ransomware incidents where threat actors target MSPs for swift access to their client base.”  

Businesses need monitored day and night.

“The FBI and CISA observed cybercriminals conducting increasingly impactful attacks against U.S. entities on holidays and weekends throughout 2021. Ransomware threat actors may view holidays and weekends as attractive timeframes due to fewer network defenders and IT support personnel on-the-job.  Additionally, whether utilizing internal IT staff or outsourcing to an MSP, every business is well served to have a separate MSSP partner for providing periodic reviews of the business’ network and cybersecurity practices to ensure checks and balances that a second, qualified set of eyes, enables.”

Cybercrime is a business.

“The market for ransomware became increasingly “professional” in 2021 and the criminal’s business model of ransomware is now well established. In addition to their increased use of ransomware-as-a-service (RaaS), ransomware threat actors now employ independent services-for-hire to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals. NCSC-UK observed that some ransomware threat actors offered their victims the services of a 24/7 help center to expedite ransom payment and restoration of encrypted systems or data.” 

I contest any reference to cybercriminals as “professionals”. That is largely because my generation has imposed additional characteristics to Webster’s definition of “a person competent or skilled in a particular activity” with the criterion of “executing it with moral correctness and accountability for the contribution’s impact”.  When describing someone as professional, I’m saying they are moral and accountable as well as skilled or competent. I’m sure a few readers agree with me:

Cybercriminals are NOT professional. They’re organized. There’s a big difference between the two.

Did anyone refer to ”the mob” as professionals? At best, they are thugs; organized criminals. And when cybercriminals provide you services-for-hire to assist you in mopping up the mess they made ransoming your business, are they being professional? Imagine being beat to a pulp by a gang in a dark alley who reach out the next day to recommend a surgeon who will fix your rearranged face and stitch you back together. No thank you!

When crime is organized, you don’t get out from under it without harnessing the firepower to remove it or set it back. You need tools and experts who understand how to wield those tools to identify the enemy, hedge them up, and hit the ransomware kill-switch. “Firepower” in this context is a qualified Cybersecurity Partner like Data-Guard365 and our close-knit partners working feverishly to protect your information assets by exposing and terminating cyber threats.

Ambush is not an option among responsible business leaders or elected political officials.  Cyber-Unpreparedness may singe your 2022 profitability potential. Counsel with Data-Guard 365 or another MSSP of your choosing – today – and get your firepower on!

Data-Guard 365 is a MSSP firm headquartered in Indianapolis, Indiana, with offices in Chicago, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide armored cybersecurity for a price point that pays for itself.

Data-Guard365.com / (317) 967-6767 / info@data-guard365.com