The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Friday Five 8/28

by Colin Mullins on Friday August 28, 2020

Contact Us
Free Demo

Ransomware going corporate, Cyber Command changing to a more proactive approach, and cybersecurity professionals weighing in on election security - catch up on all the week's news with the Friday Five.

1. Ransomware Has Gone Corporate-and Gotten More Cruel by Brian Barrett

Ransomware has gone corporate. As odd as it may sound, ransomware groups have realized that the most effective strategy for payment is to adopt many of the best practices of corporate America. These include guaranteed turnaround times, real-time chat support, and various pledges not to go after hospitals, schools, nonprofits, or government targets; attacks that would make their enterprise appear morally dubious (especially within the context of a pandemic). Ransomware groups like Darkside and REvil also claim to only go after companies that can afford to pay, hoping to play on the strong anti-corporate sentiment in the country. The groups are betting that as long as they’re smart about who they target, they’ll be seen as more palatable to deal with when companies are trying to decide whether to pay the ransom. While this change might seem positive, the veneer of professionalism is thin. If companies refuse to pay, the ransomware groups weaponize the stolen information by threatening to leak the data. The dark side of professionalism is that it causes breached companies to worry that a competent ransomware group will follow through on their threats. While ransomware groups have realized a more effective and seemingly cordial way to operate, their intent and purpose - to steal data for profit - has not changed.

Read more

2. How to Compete in Cyberspace by Paul M. Nakasone and Michael Sulmeyer

Cyber Command, the division of DOD tasked with dealing with cyber threats, has signaled a significant shift in policy towards a more proactive and aggressive approach to completing its directive. Long known as a conservative and reactionary agency since its founding ten years ago, an October 2019 “hunt forward” mission in Montenegro to combat Russian cyber harassment exemplifies Cyber Command’s new mindset. This new approach of “persistent engagement” is a necessary evolution of thought with the ever-increasing volume and sophistication of cyber threats. In the last decade, Cyber Command have changed their modus operandi in three notable ways. First, they increased their focus on what happens inside their networks, not just on the walls around them, through the use of protection teams more proactively hunting for malware and threats. Second, they shifted to a zero-trust approach, which assumes every host, server, or connection is potentially hostile. Third, they cultivated a mindset of accountability in which military commanders treat the defense of computer networks as an essential requirement. Though Cyber Command notes that this more aggressive posture runs the risk of escalation, they argue that the threats are too considerable to risk inaction. From a cybersecurity standpoint, it’s encouraging to see the government evolving to meet the threats and challenges of our time.

Read more

3. Cybersecurity Experts Weigh-In on the Most At-Risk Election Yet - Part 3 by Cyber Jack

As we approach the November election, various cybersecurity experts weighed in on the state of election security. The consensus: our election systems are extremely vulnerable to exploitation. To start, almost every make and model of election voting equipment are hackable. Besides individual machines, there is also a worry of an attack on some aspect of infrastructure, like the electrical grid, which would disrupt or prevent people from voting. Further, with the campaigns being forced online because of COVID, a realistic fear is that something crucial will be disrupted or hacked (for example: when Joe Biden’s Twitter account was hacked in a Bitcoin scam - imagine if the tweet had been something far more disruptive, like questioning election results). Finally, there is a concern is with the longer voting window because of mail-in voting, the election systems are active longer, thus the window for potential exploitation is extended. Two solutions to help mitigate some of these problems would be better public education about voting systems and the sharing of actionable threat information amongst local jurisdictions, states, and the federal government. Ultimately, the goal of any election hacker is to sow doubt in the legitimacy of the election, and all of these potential vulnerabilities could be exploited to achieve that end. A safe and effective voting system is the bedrock of a working democracy. We should be putting every recourse into resolving these potential issues.

Read more

4. Cyber Attack Halts New Zealand Market For Third Straight Day by Agence France Presse

New Zealand’s stock market halted trading for the third day in a row because of cyber attacks. The latest attack was a DDoS or denial of service attack, which involves flooding a computer network with so much traffic that it crashes. The attackers are currently unknown, but as more information comes out about the motives and origins of the hackers, the case is sure to be heavily scrutinized for what it can predict about future attacks. The timing of the DDoS attack coincided with companies reporting their first annual results since the COVID-19 pandemic began. Details are still emerging but anytime a stock market is disrupted and forced to shut down, there are huge implications. The incident raises concerns about the possibility of markets with a greater volume of transaction traffic being affected by cyberattacks on crucial days in the financial calendar, especially as the economy tries to recover from a historic recession.

Read more

5. US Government exposes North Korean government ATM cashout hacking campaign by Shannon Vavra

In the latest attempt by the US government to slow down state-sanctioned hacking from North Korea, the DOD, DHS, FBI, and the US Treasury released a joint statement warning of a hacking campaign targeting ATMs around the world. The effort to steal from ATMs is the latest attempt from the regime to bypass the crippling economic sanctions that plague the country. Hacking ploys run by the state help the government steal and gain access to currency prohibited under sanctions. The joint statement from the US Government is a warning shot at Kim Jong-Un, North Korea’s leader, that the US is aware of and will not tolerate further hacking from the North Koreans. Experts do not expect the statement to deter hackers. The specific hacking group in question, the “BeagleBoyz,” are a part of a larger hacking group, Hidden Cobra. Despite the US taking a more active approach in disrupting North Korean hacking, the groups have had significant success targeting financial institutions around the world. Perhaps most concerningly, reports state that the BeagleBoyz may be working with Russian hackers to gain initial entry, which would make it harder to track the group’s criminal activities.

Read more

Tags: Ransomware, Cyberspace, Election, D-Dos

Recommended Resources

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Guest Contributor

Get unique perspectives on a range of infosec topics from our guest contributors.