Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt

When Splunk told me we would have a “breach holiday” theme for the summer, I didn’t think it would be quite so on the nose… For those of you who have been working on this Kaseya REvil Ransomware incident over the weekend, I salute you. We’ve been doing the same. As usual, my team here at Splunk likes to make sure that we have some actionable material before posting a blog, and this time is no different.

Yuba County Survived a Ransomware Attack and Lived to Tell the Tale

The growing threat of ransomware attacks is ubiquitous, which has been further accelerated by the pandemic. In February of 2021, Yuba County was hit by ransomware that infected critical systems. Despite the attacker’s demands for ransom, the county was able to avoid paying the hefty fee and quickly recovered with Rubrik. Listen in on the fireside chat with Paul LaValley, CIO of Yuba County as he shares intimate details of how they survived the attack and lived to tell the tale.

Secure Software Development: How to Check Your Code

In May of 2021, a cybercrime organization called DarkSide successfully locked operators of the Colonial Pipeline, which supplies the east coast with 45% of its petroleum fuel, out of their own software system with a type of malware called "ransomware." True to its name, ransomware returns access to your software (in theory) if you pay a ransom. The result-fuel supplies collapsed across the eastern United States, with gas lines, price spikes, and panic. People began hoarding gasoline in states not even served by the Colonial Pipeline. The US government passed emergency legislation. Even DarkSide seemed shocked at the impact of their cyberattack.

5 Cyber Risks SLED Agencies Need to Protect Against

Last year was a tough one for schools, local, and state governments. Not simply because of COVID-19, which forced every local government and school to navigate a pandemic, but also because the pandemic brought with it a different set of dangers. While local governments and schools were trying to figure out remote learning, remote work, and how to run public meetings safely and effectively online, cybercriminals took advantage of the fact that the remote world is new to most small governments.

How to reduce your attack surface with system hardening in 2021

The goal of system hardening (or security hardening) is to reduce the attack surface. It includes reducing security risks and removing potential attack vectors. By removing superfluous programs, accounts functions, applications, ports permissions access etc., the reduced attack surface means the underlying system will be less vulnerable, making it harder for attackers or malware to gain a foothold within your IT ecosystem.

Stories from the SOC - Office 365 account compromise and credential abuse

Credential abuse and compromised user accounts are serious concerns for any organization. Credential abuse is often used to access other critical assets within an organization, subsidiaries, or another partner corporation. Once an account is compromised, it can be used for data exfiltration, or to further promote the agenda of a threat actor.

On the Importance of Protecting U.S. Pipeline Owners and Operators

In the beginning of May, a U.S. pipeline company suffered a ransomware attack. The company decided to respond by halting operations while it investigated the incident. This delayed tens of millions of gallons of fuel from reaching their destination all along the East Coast. Less than a week later, Bloomberg reported that the company had paid millions of dollars to a ransomware group in order to regain access to their systems. U.S.

Survey: Nearly Half of Manufacturers Suffered a Digital Attack in the Last Year

Confidence isn’t new when it comes to cybersecurity. All the way back in 2015, for example, 86% of security professionals working in the energy sector told Tripwire that they were confident they could detect a breach in a week. Just less than half (49%) said it wouldn’t take them longer than a day to spot an attack. It was the same story a year later when Tripwire surveyed infosec professionals in the retail sector.