![]() ![]() This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. “Please don’t harm Sociogram’s reputation,” Medayedupin pleaded. Reached via LinkedIn, Sociogram founder Oluwaseun Medayedupin asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were any inaccuracies in Hassold’s report. “According to this actor, he had originally intended to send his targets-all senior-level executives-phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote.Ībnormal Security documented how it tied the email back to a young man in Nigeria who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram. This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network. So, you know, we have to get better."Īlexander Culafi is a writer, journalist and podcaster based in Boston.Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. Well, hey, we went from 15% to only 5%, click through, so that's great, yay! Well, who's in the 5%? Oh, it was the CEO. "Do you do the volleyball charts red, yellow, green? Nobody believes if you give them green, it just frustrates them if you give them red, and if you show them all yellow, what does that even mean? Similarly, percentages. Everybody has struggled with this problem," Krebs said. ![]() "The biggest problem or challenge I see right now is that we still don't have good, meaningful metrics for conveying risk to the board. Though Krebs didn't give direct advice, he made two observations: One, that recent large-scale cyberattacks were "game changers for awareness." And two, that there aren't many meaningful metrics to convey risk to the boardroom. You're not going to be able to contact them."Īt the end of the presentation, MacDonald asked Krebs for his advice on how CIOs can take advantage of the increased visibility boardrooms have on the importance of cybersecurity. He advised businesses with a board to figure out a response plan now, including whether the company will pay, because "when you have that bad day, half the board's probably going to be in Malibu or something like that. On ransomware, Krebs said that he stood "staunchly" in the " do not pay" camp, and gave three reasons why: One, the victim is conducting business with a criminal two, the ransomware decryptors don't always work three, the victim is investing in a criminal enterprise's ability to cause further damage. And so, you should go about validating and verifying and each and every transaction." You can't trust the things that are on your network, particularly with this interjection of all the third-party services that we're using. "But I would think about zero trust as exactly what the two words combined tell you. ![]() And certainly I think some products are probably pitching it a little bit more narrow or myopically than it than it deserves," Krebs said. "Zero trust, some might consider it a branding exercise. The former CISA head advocated for the practice and called it "one of your best tools to secure your own environment." President Joe Biden required federal agencies to implement a plan for zero-trust architecture in his major executive order strengthening cyberdefenses that was signed in May. Krebs also weighed in on zero trust, the security practice and strategy that removes implicit trust and requires strict user authentication methods to implement. And it was successful with minimal cascading effects." ![]() But again, it was very disciplined, they had significant guardrails on the operation. "I would expect going forward is, if this was the initial test case, I would expect on large-scale activities, like the Exchange attack, the FBI to follow the same playbook. "As far as I can tell, and from the number of conversations I've had, it was a wildly successful operation with almost no collateral damage," Krebs said. Krebs said the act was part of an operation to seize evidence, and that since it was "wildly successful," he expects the bureau to do it again in the future as appropriate. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |