The Partnerships Behind Uncovering Cyberattacks [Weekly Cybersecurity Brief]

Hacking and ransomware attacks are threats that continue to grow in both prevalence and intricacy. As this trend persists, so does the need for new perspectives on cybersecurity and a broader alliance of those who work on it. 

As Jim Alkove, Chief Trust Officer for Salesforce, wrote for the World Economic Forum, “Widespread phishing, malware, ransomware attacks, and other frauds pose a risk not just to individuals or platforms, but to entire economies, governments, and our way of life.” That’s why he is calling for a transition from defensive cybersecurity to resilient cybersecurity. A resilient approach is a commitment to regular practices that protect an organization’s support systems from being disrupted like patching vulnerabilities, educating employees and threat monitoring. However, the adoption of this type of cybersecurity requires a framework. First and foremost, Alkove suggests that cyber resilience needs to be flexible and adaptable. In addition, it should be based on qualities like an awareness of social and political influences and an openness to partnerships with peers and public entities.

The importance of partnerships received a particular emphasis recently with the exposure of a breach carried out by foreign hackers that impacted “nine organizations in the defense, energy, health care, technology and education sectors,” according to CNN. The breach, which included at least one U.S. victim, was detected by security firm Palo Alto Networks with help from the National Security Agency and the US Cybersecurity and Infrastructure Security Agency. It is believed that the attack led to password theft with the goal of maintaining access to targeted networks. While there are only nine identified victims at this point, Ryan Olson, a senior Palo Alto Networks executive, told CNN that this may only be the beginning of what they will uncover. Although there may be more to find, federal officials stated that their knowledge of the attack is a testament to the combined work happening between them and cybersecurity firms.

It was a team effort that also led to the revelation of details associated with investigation into the Clop ransomware group, the ransomware gang that is known for operating on leak sites on the Dark Web and exploiting vulnerabilities attached to organizations like The Reserve Bank of New Zealand, Washington State Auditor, Qualys and Stanford Medical School. As part of a 30-month dive into its operations, the Ukrainian National Police worked with law enforcement in South Korea, Interpol’s Cyber Fusion Centre and United States enforcement as well as private groups like Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet and Group-IB. ZDNet reported that Craig Jones, Interpol’s Director of Cybercrime, explained that “Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly.”  

Key Takeaways:

“Cyber security is no longer enough: businesses need cyber resilience” – Jim Alkove, World Economic Forum

https://www.weforum.org/agenda/2021/11/why-move-cyber-security-to-cyber-resilience/

  • Jim Alkove, Chief Trust Officer for Salesforce, recently called for a switch from defensive cybersecurity to resilient cybersecurity.
  • A resilient approach is a commitment to regular practices that protect an organization’s support systems from being disrupted like patching vulnerabilities, educating employees and threat monitoring.
  • Alkove suggests that cyber resilience needs to be flexible and adaptable and based on qualities like an awareness of social and political influences and an openness to partnerships with peers and public entities.

“Hackers have breached organizations in defense and other sensitive sectors, security firm says” – Sean Lyngaas, CNN

https://www.cnn.com/2021/11/07/politics/hackers-defense-contractors-energy-health-care-nsa/index.html

  • According to CNN, a breach carried out by foreign hackers that impacted “nine organizations in the defense, energy, health care, technology and education sectors,” was recently discovered.
  • The breach, which included at least one U.S. victim, was detected by security firm Palo Alto Networks with help from the National Security Agency and the US Cybersecurity and Infrastructure Security Agency.
  • While there are only nine identified victims at this point, Ryan Olson, a senior Palo Alto Networks executive, told CNN that this may only be the beginning of what they will uncover.

“Cybersecurity firms provide threat intel for Clop ransomware group arrests” – Charlie Osborne, ZDNet

https://www.zdnet.com/article/cybersecurity-firms-provide-threat-intel-in-clop-ransomware-group-arrests/

  • There are new details out associated with investigation into the Clop ransomware group.
  • Over a 30-month period, Ukrainian National Police worked with law enforcement in South Korea, Interpol’s Cyber Fusion Centre, and United States enforcement as well as private groups like Trend Micro, CDI, Kaspersky Lab, Palo Alto Networks, Fortinet and Group-IB, to track their operations. 
  • Craig Jones, Interpol’s Director of Cybercrime, explained that “Despite spiraling global ransomware attacks, this police-private sector coalition saw one of global law enforcement’s first online criminal gang arrests, which sends a powerful message to ransomware criminals, that no matter where they hide in cyberspace, we will pursue them relentlessly.”  
Share
Share on facebook
Share on twitter
Share on linkedin
Share on email

You Might Also Like...