Tag Archive for: Combat

Sullivan County uses NYSSOC to combat cybersecurity threats

/in


Cybersecurity threats are a worldwide issue.

New York state is working to combat this with its New York State Security Operations Center (NYSSOC).

What You Need To Know

  • Sullivan County is the first county to start utilizing the NYSSOC

  • The NYSSOC facility is based in Brooklyn and dedicated to detecting and responding to real-time threats 24/7

  • Tompkins County will be the next to launch it, and 45 counties have shown interest in subscribing to NYSSOC

Sullivan County is the first county to start utilizing the NYSSOC.

It allows the state to monitor for cyber threats with a goals of preventing them and improving responses to incidents.

“The county, as well as the state, as well as the nation, are under attack constantly from foreign adversaries just looking to wreak havoc on the infrastructure and environment that we work in and with. So, it’s important for us to know what’s happening quickly, to be able to respond quickly, and to mitigate those risks as quickly as possible,” said Commissioner of Information Technology Services and CIO for Sullivan County Lorne Green.

The NYSSOC facility is based in Brooklyn and is dedicated to detecting and responding to real-time threats 24/7.

“Anything that they see that, you know, red flags, anything, even some minor occurrences that go through, they will alert us. And then, we can take action on those to either let them know that this is a low priority, high priority, medium, and then, whatever that comes through as, we can take action,” said Deputy CIO for Sullivan County Dan Smith.

Officials said Sullivan County went live with NYSSOC in late March. It was selected due to relationships with New York State Homeland Security and the State’s Center for Internet Security.

Officials collected log data from security appliances and servers to feed to NYSSOC to get the project rolling.

“They then parch that data and put it into their recording solution for analysis and further determination as to whether or not there are any incidents that need to be addressed,” Green said.

One of the major aspects of this effort is ensuring threats are being tracked even when local information technology services staff members are not…

Source…

To combat Chinese cyber threats, the US must spearhead a new Indo-Pacific intelligence coalition

/in


To combat Chinese cyber threats, the US must spearhead a new Indo-Pacific intelligence coalition

When the highest-ranking US law enforcement official describes a concern as “the defining threat of our generation,” it should be taken seriously. On January 31, FBI Director Christopher Wray testified before Congress about China’s capability to threaten US national and economic security. In particular, he identified the imminent cyber threat that Chinese hackers pose to critical infrastructure. A China-sponsored cyber group called “Volt Typhoon,” Wray explained, has prepositioned cyberattack capabilities in the US communications, energy, transportation, and water sectors intended to “destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous.” Alarming in its own right, Volt Typhoon is just the latest example of Beijing’s ongoing “cyber onslaught,” Wray added.

This story is not new. Since at least 2019, the US government has publicly sounded the alarm about the threat that China’s cyberattack and espionage enterprise poses to US national security and to regional stability in East Asia. The 2023 annual threat assessment by the US Office of the Director of National Intelligence (ODNI) states that China “uses coordinated, whole-of-government tools to demonstrate strength and compel neighbors to acquiesce to its preferences.” The assessment adds that China’s cyber capabilities are essential for orchestrating espionage, malign influence, and attack operations in support of Chinese interests.

To confront the threat to critical infrastructure posed by Volt Typhoon and other state-sponsored Chinese cyber actors, the United States should launch an expansive new multilateral cyber threat intelligence sharing coalition in the Indo-Pacific. This coalition should utilize some of the lessons learned from the Five Eyes intelligence alliance, and it would incorporate members of the Five Eyes alliance, US Indo-Pacific partners, and even some European states. The expanded reach and resources of such a coalition would help disrupt cyber threats, signal to the world that the United States and its partners are committed to protecting both cyber and physical…

Source…

How fintechs can combat the growing ransomware threat

/in


Ransomware is one of the industry’s most pressing cybersecurity problems. Criminals exploit vulnerabilities within internal systems to gain access to an organisation and keep it hostage, holding out that the company will pay a ransom. For the criminals, it can be an easy payday – but what can fintechs and financial institutions do to stave off the threat?

We asked James Derbyshire, browser isolation expert at Garrison.

Can you tell us how much of a threat ransomware poses to the industry?

Ransomware poses a growing threat to the fintech and wider financial services sector, with 64% of financial institutions globally already hit by an attack in 2023. The fintech industry is projected to continue its growth to become a US$1.5tn industry by 2030, which is making it a particularly attractive target amongst cybercriminals looking for significant financial gain. Despite handling the same valuable financial data as traditional banks and financial services, the digital-centric interconnectivity and international scale of fintech businesses can render them more vulnerable to attack.

Ransomware attacks, which work by locking away critical company data until a ransom is paid, have increased exponentially over the past decade. And the effects can be devastating. Victim companies not only have to contend with a costly ransom, but due to the ability of the malware to conceal key data, systems and networks, may also find themselves unable to operate. Inaccessible services combined with potential breaches of personal and financial customer data can irreparably impact a fintech’s reputation with customers, leading to significant revenue loss.

The fintech sector is increasingly integrated with the traditional financial services industry, and this integration is expected to increase over the coming years. It is possible, therefore, that the security gaps within fintechs can be exploited to compromise other financial institutions with whom they do business. It’s no surprise that almost three quarters of traditional banks consider data security in fintech to be a priority concern.

How big a factor is human vulnerability in ransomware risk?

Before looking at possible solutions, it is important…

Source…

Can Organizations Combat Malicious Password-Protected File Attacks?

/in


Password-protected files are an intelligent way in which attackers are working to evade enterprise security defenses and infect endpoints. 

Not long ago, phishing attacks were nearly always delivered via email. However, today’s threat actors are increasingly targeting other channels – be it SMS, social media direct messaging and even collaboration tools – to evade common anti-malware engines, content filters and signature-based detection tools.

Across these varied platforms, password-protected files remain a common attack vector. Here, malicious payloads are hidden within seemingly benign, safe, and accepted file formats. Because the files are encrypted, security tools can’t read and analyze them. When this is done using commonly used file extensions, organizations often allow malicious files to pass through security sandboxes or automated analysis tools.

As a result, password-protected files containing malware are all too often able to evade network or gateway security defenses and endpoint detection solutions, reaching the threat actor’s target destination. Once this has been achieved, individuals are exposed to increasingly sophisticated and convincing social engineering and spear phishing tactics used by attackers to trick their targets into clicking on attachments and entering the required password, leading to infection of the endpoint. 

To reiterate, this no longer happens exclusively over email. Indeed, threat actors are increasingly directing potential victims to web browsers and external storage applications, such as Dropbox and Google Drive, to the same effect. 

Three Malicious Password-Protect File Attacks

Password-protected files have resulted in widespread breaches and made headlines recently – one example stemming from the North Korean Lazarus group.

Here, threat actors delivered malicious Office documents hidden in ZIP files as they targeted Russian organizations. When its intended victims clicked on these ZIP files, they would find themselves presented with what looks like a legitimate and indeed safe Word document. 

However, this was used to launch macros and infect the target endpoint. Once this had been achieved, the…

Source…