During the pandemic HALOCK and the information security community have been responding to a significant spike in cyber security incidents. Threat actors have been using strikingly similar attack patterns to exploit vulnerabilities to remote work environments. These weekly bulletins alert you to these common vulnerabilities, and what you should do to address them.
WHEN RANSOMWARE HAS CAPTURED DATA … BUT WE DON’T KNOW WHAT THAT DATA IS Incident Summary: Ransomware victims that have not categorized and inventoried sensitive data are paying high ransom fees just to begin the investigation phase of their breach response. | |||
DESCRIPTION | VULNERABILITY | ||
Cyber criminals are successfully carrying out data encryption and exfiltration attacks for financial gain. The absence of a documented inventory of systems and data stored on these systems has led multiple organizations to pay ransom without knowing whether the encrypted information is worth the cost. Multiple recently attacked organizations lacked formal controls to identify what systems attackers accessed and the type of data files they encrypted and stole. Furthermore, back-up volumes were also encrypted limiting the ability for organizations to determine what files would have been encrypted and whether they posed a risk to themselves or others if lost or stolen. | The impact of the security breach was increased due to multiple weak security controls.
| ||
TESTING FOR THE VULNERABILITY | MITIGATING THE VULNERABILITY | ||
Determine whether the following are in place for all systems that may contain, process, or transmit sensitive information:
| In addition to advanced malware protections, establish the following data inventory controls:
| ||
WHAT YOU MUST DO NOW
|
CONTACT YOUR PREFERRED HALOCK TEAM MEMBER FOR MORE COMPREHENSIVE ADVICE
If you are concerned that your recent configurations to support a remote work force have exposed you to correctable vulnerabilities, please directly contact your preferred HALOCK team member. We can walk you through a more comprehensive list of vulnerabilities that we are seeing in the field. If you do not have a preferred HALOCK team member, contact us here and select “Secure Home-to-Office Transition Discussion” as your Area of Interest. We will have a HALOCK team member reach out to you to schedule a call.
After having responded to so many breaches these past few weeks we cannot stress enough how important it is to adopt expected security practices as we proactively prepare for phase 2 of this pandemic, as well as the return to the office.
CYBER SECURITY SERVICES TO MITIGATE YOUR RISKS
HALOCK also provides the following services to help our clients prevent these types of attacks
- Privacy – Data Inventory
- Risk Assessment
- Compromise Assessment
- Incident Response Services including IR Planning and training
HALOCK Threat Monitoring Partner Solutions
- Sophos Endpoint Protection
- Carbon Black Cloud-native Endpoint Protection
- Sensitive Data Scanning
Keep safe and stay secure.
HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on reasonable information security strategies, third-party risk management, risk assessments, penetration testing, security management and architecture reviews, and HIPAA, Privacy, & PCI compliance, incident response and forensics throughout the US.