Tag Archive for: Responding

Responding to a cyber incident – a guide for CEOs – National Cyber Security Centre



Responding to a cyber incident – a guide for CEOs  National Cyber Security Centre

Source…

US: Police responding to shooting in downtown Mobile, Alabama, late Dec. 31


01 Jan 2023 | 01:28 AM UTC

Police responding to shooting in downtown Mobile, Ala., US, late Dec. 31. Avoid the area.


Warning

security

transportation

USA

Event

Authorities are responding to a shooting in downtown Mobile, Alabama, late Dec. 31. At least one person is dead and nine others injured in the incident near 200 Dauphin Street. Authorities did not immediately confirm a motive for the shooting. An investigation is ongoing as of early Jan. 1.

Heightened security, as well as localized business and transport disruptions, are likely in the coming hours as investigations continue.

Advice

Avoid the area until the situation stabilizes and authorities give the all-clear. Allow additional travel time and seek alternative routes to circumvent the incident site.

Source…

DOJ sets new goals for responding to ransomware attacks


The Justice Department said it wants to increase the percentage of reported ransomware incidents it handles to 65% by September 2023.

In a strategic planning document published Friday, the Department of Justice said that by September 30, 2023, it pledges to increase “the percentage of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours to 65%.”

The department also wants to increase “the number of ransomware matters in which seizures or forfeitures are occurring by 10%.”

The pledges were also included in the President’s Management Agenda website and were under the purview of Eun Young Choi, the recently appointed director of the National Cryptocurrency Enforcement Team at the Justice Department. 

The department set similar goals in its 2022-2026 Strategic Plan document, pledging to “address supply chain vulnerabilities, support other government agencies and the private sector, and identify new sources of evidence and intelligence.”

“In addition, the Department will continue to develop ways to attribute cyberattacks, to respond to and engage victims and targeted entities, and to provide intelligence to help victims recover and strengthen their defenses,” the DOJ said. 

“Finally, we will continue to develop our own cyber expertise by investing in recruitment, training, and capacity building.”

The Justice Department said it also wanted to “bolster its interagency and international collaborations to aid attribution, defend networks, sanction bad behavior, and otherwise deter or disrupt cyber adversaries overseas.”

Other goals laid out by the document include closer public/private partnerships as a way to encourage incident reporting and tougher internal measures to improve cybersecurity at the department, including multifactor authentication, encryption and more. 

“The Department will help the private sector identify and address their vulnerabilities through threat intelligence sharing and targeted outreach. We will also continue to support policy efforts to protect the digital supply chain, federal information systems, and critical infrastructure against…

Source…

Practical Steps for Responding to the CISA Warning on Russian Cyber Attacks


On February 25, 2022, two days after Russia began its military invasion of Ukraine, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a rare ‘Shields Up’ warning for U.S.-based organizations, stating: “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”

The Shields Up warning is in direct response to increased Russian cyber aggression against Ukrainian and other targets in the region, including recent distributed denial-of-service (DDoS) and malware attacks. In addition to the possibility of disruptive nation-state activities affecting U.S. targets, CISA also warned of an increase in cyber attack activity against U.S. organizations from Russia or hackers acting on Russia’s behalf.

The need for this warning was amplified by recent events, including the hacking of over twenty U.S.-based natural gas companies by Russian Intelligence two weeks before the Russian Army invaded Ukraine. With the CISA warning, this recent evidence, and what we know from past attacks against Ukraine it would be irresponsible for organizations to ignore CISA’s warning.

Download ExtraHop’s guide to responding to CISA’s Shields Up warning.

To help organizations prepare for a possible attack, it’s important to first, understand the types of attacks organizations should be watching for.

Russian Cyber Attacks and To Watch For:

Given the speed at which the war against Ukraine is progressing, in the immediate future, attacks are likely to be fast, hard-hitting, and focused on disruption and destruction. Here are some of the attacks to monitor closely.

Distributed Denial of Service (DDoS)

DDoS attacks aren’t new or particularly sophisticated, but they’re still effective at stopping work at government agencies and commercial enterprises in its tracks. Russia has used these attacks before. For example, in 2008, during the country’s conflict with Georgia, Russia or another party closely affiliated with the Russian government launched DDoS attacks against the Georgian government and Georgian news agencies.

It’s not surprising, then, that on February 15, 2022, DDoS attacks were launched against two of the largest Ukrainian banks…

Source…