AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 06/25/2021

NIST Publishes Ransomware Guidance

The National Institute of Standards and Technology (NIST) has published new draft guidance for organizations concerning ransomware attacks. The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. NIST’s Ransomware Profile can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to improve their risk postures. It can also help any organization seeking to implement a risk management framework that deals with ransomware threats. Included in the Ransomware Profile are steps that can be followed to identify and prioritize opportunities for improving their ransomware resistance. Users will learn how to prevent ransomware attacks and how to manage ransomware risk effectively. Basic measures mentioned in the guidance include keeping computers fully patched, using antivirus software, blocking access to known ransomware sites, and only permitting authorized apps to be used. 

 

Cyber insurance market faces a reckoning as losses pile up

Cyber insurers reported a spike in losses in 2020 as companies across a wide range of industries were hit by costly cyberattacks and ransomware incidents, which will likely drive up premiums and put pressure on insurers to lower limits going forward. The average paid loss for a closed standalone cyber claim jumped to $358,000 in 2020 from $145,000 in 2019, according to a recent report by Fitch Ratings. A key metric for the profitability of a line of insurance—the statutory direct loss plus defense and cost containment (DCC) ratio—also skyrocketed last year to 73%, which compares with an average of 42% for the previous five years for cyber insurance, the report found. The numbers suggest that cyber insurance, which in recent years has been seen as a profitable new market, is facing a reckoning, said Jim Auden, managing director at Fitch. A direct loss plus DCC ratio of 73% means that many cyber insurance providers are likely experiencing big losses when other costs like underwriting and legal expenses are factored in, he said.

 

FIN7 scammers posed as SEC officials, sick restaurant customers to hack victims

A hacking group known for innovative fraud techniques impersonated angry restaurant customers and targeted specific individuals with unique access to financial information, U.S. prosecutors argue in a court filing that sheds new light on the scammers’ work. The FIN7 gang, which researchers have blamed for more than $1 billion in theft since 2015, relied on more than 70 members who were assigned to various departments under the larger organization, according to court documents filed on June 17 in U.S. District Court in Seattle. By masquerading as a cybersecurity testing company dubbed Combi Security, FIN7 leaders organized their personnel into separate teams charged with developing malware, crafting phishing documents and collecting money from breached victims. The group targeted hundreds of U.S. companies, prosecutors say, infecting victims as diverse as the burrito chain Chipotle and the department store Saks Fifth Avenue.

 

The paradox of post-quantum crypto preparedness

Preparing for post-quantum cryptography (PQC) is a paradox: on the one hand, we don’t know for sure when, or perhaps even if, a large quantum computer will become available that can break all current public-key cryptography. On the other hand, the consequences would be terrible – hijacked code updates, massive sensitive data exposure – and the migration process so complicated that we have no choice but to start preparing now. But what can we do, without wasting resources, to be ready and to reassure our customers that we’re ready? Fortunately, there is a way to prepare for PQC that not only mitigates risk, but also gives us a number of immediate security and resilience benefits. Two recent reports, one from NIST and another from ENISA hold the key. In this article, we’ll show how you can use the takeaways from these reports to build a PQC plan for your organization with an instant return on investment, even if a large quantum computer turns out to be decades away.

 

Western Digital blames malware for My Book Live devices being wiped remotely

People who own and use a Western Digital My Book Live cloud storage device may want to disconnect it from the internet as soon as possible. As first reported by Bleeping Computer, a number of people worldwide who own the network-attached storage device took to the company’s forum to report that all their files had been deleted. Terabytes’ worth of data, years of memories and months of hard work vanished in an instant. The users couldn’t even log into WD’s cloud infrastructure for diagnosis, because their passwords were no longer working. Several owners looked into the cause of the issue and determined that their devices were wiped after receiving a remote command for a factory reset. The commands starting going out at 3PM on Wednesday and lasted throughout the night. One user posted a copy of their log showing how a script was run to shut down their storage device for a factory restore.

Related Posts