Cybersecurity Saturday - Ermer and Suter PLLC

From the ransomware front, Cybersecurity Dive reports

The prevalence and scope of ransomware exploded in 2021, as two-thirds of mid-sized organizations worldwide were targets and average ransom payouts saw a five-fold increase, according to the State of Ransomware 2022 report from Sophos released Wednesday.
Ransomware hit 66% of mid-sized organizations last year, up from 37% in 2020. Average ransom payments reached $812,000 during 2021, compared with $170,000 the prior year.
Among organizations with encrypted data, 46% paid a ransom to adversaries. In addition, 26% of organizations who were able to restore data from backups, still decided to pay a ransom.

To make matters even worse, Security Week informs us

As part of a recent cyberattack, threat actors deployed ransomware less than four hours after compromising the victim’s environment, according to researchers with The DFIR Report.
The attack started with an IcedID payload being deployed on a user endpoint and led to the execution of Quantum ransomware only three hours and 44 minutes later. DFIR Report researchers described it as one of the fastest ransomware attacks they have observed to date.
In a Ryuk ransomware attack in October 2020, the threat actors started encrypting the victim’s data only 29 hours after the initial breach, but the median global dwell time for ransomware is roughly 5 days, according to Mandiant’s M-Trends 2022 report.
Once the ransomware has been executed, however, the victim’s data may be encrypted within minutes. A recent report from Splunk shows that ransomware needs an average of 43 minutes to encrypt data, while the fastest encryption time is less than 6 minutes.

ZDNet describes how a single failure to patch a vulnerability opened the door to ransomware hackers. The article emphasizes the importantance of basic cybersecurity hygiene advice:

“The biggest lesson here is patch the network infrastructure – whatever is facing the internet, it’s always important for it to be fully patched,” said Daniel dos Santos, head of security research at Forescout.
It’s also recommended that organisations monitor their networks for external access from known IP addresses or unusual patterns of behavior. In addition, businesses should backup their servers regularly. Then, if something happens, the network can be restored to a recent point without needing to pay a ransom.

Perhaps then it is not surprising that a Security Week expert advises “it is important to increase an organization’s ransomware preparedness and assure that the tools needed for remediation, eradication, and recovery are not just in place but also functioning as expected. This is especially true for the recovery of endpoints, which represent an essential tool for remote workers to conduct their assigned business tasks in today’s work-from-anywhere environment.”

As always and it may be every other week now, here is a link to Bleeping Computer’s The Week in Ransomware.

From the vulnerabilities front, HHS Cybersecurity Program released

a report on 2021’s top exploited vulnerabilities

a warning about BlackCat/ALPHV Ransomware Indicators of Compromise, and

an international joint cybersecurity advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure.

CISA added “seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.”

Health IT Security notes

Mandiant Threat Intelligence observed a record number of zero-day exploits in 2021, its latest report revealed. The firm identified 80 exploited zero-days in 2021, compared to just 30 in 2020. Threat actors favored zero-days in Google, Microsoft, and Apple products most frequently, largely exhibiting the popularity of those vendors.
The term “zero-day” indicates that there is no time between when a vulnerability is discovered by developers and when it is exploited by bad actors.

From the cyberdefenses front —

Healthcare Dive discusses what cyber insurance companies expect from their policyholders.

Federal News Network provides insights into achieving zero trust requirements.

ISACA explains what you need to know about malicious cybertrends.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog