Cybersecurity Saturday

The Wall Street Journal reports that the SolarWinds hackers are back at it.

Microsoft Corp. said [in a blog post] hackers, linked by U.S. authorities to Russia’s Foreign Intelligence Service, installed malicious information-stealing software on one of its systems and used information gleaned there to attack its customers. * * *

Most of the attacks were unsuccessful, but three of Microsoft’s customers were compromised during the campaign, the company said. “We have confirmed that two of the compromises were unrelated to the support agent issue, and are continuing to investigate the third instance,” a Microsoft spokesman said.

Microsoft identified the hackers behind the break-in as Nobelium, the same group associated with the sophisticated hack at Austin, Texas-based software maker SolarWinds Corp. U.S. authorities have said this group is part of Russia’s Foreign Intelligence Service, known as the SVR. Russia has denied involvement in the SolarWinds hack. A Russian embassy representative didn’t immediately return a message seeking comment on Microsoft’s blog post.

“This should concern all of us,” said Sherri Davidoff, chief executive of the security consulting firm LMG Security LLC. “Hackers made it past the defenses of one of the world’s most sophisticated technology suppliers, whose software underlies our entire economy.”

ZDNet explains in an illuminating article about where we stand in ransomware struggle

Regularly updating backups – and storing them offline – also provides another means of lessening the severity of ransomware attacks, because even in the event of the network being encrypted, it’s possible to restore it without paying cyber criminals, which cuts off their main means of income. 

Nonetheless, the rise of double extortion attacks has added an extra layer of complexity to this issue because if the organisation doesn’t pay a ransom, they’re faced with the prospect of potentially sensitive information about employees and customers being leaked. 

“Do you have a plan if if your information starts leaking out?,” says Hultquist. “Those pieces need to be in place now, not when it hits the fan”

While Phoenix NAP Global IT Services describes the 18 best practices to deter ransomware, The Wall Street Journal adds that “companies [now] stress-test systems by emulating successful cyberattacks.” Zurich Insurance via the Financial Times explains “Given that cyber exposures are now seen as inevitable, it only makes sense for businesses to invest in resilience. The fundamentals of resilience are protecting profitability through business continuity and incident response planning. The best way to assess that resilience is to see how quickly and effectively your business can react to any given scenario. That’s what cyber risks stress tests are all about.” The article goes on to break down one of these tests for the reader.

As alway’s here’s a link to the Bleeping Computer’s The Week in Ransomware.