Week in review: Preventing ransomware attacks, SOC burnout, and customizing your ATT&CK database

Here’s an overview of some of last week’s most interesting news and articles:

Vulnerabilities in Dell computers allow RCE at the BIOS/UEFI level
An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot (BIOS/UEFI) environment, Eclypsium researchers have found.

SOC burnout is real: 3 preventative steps every CISO must take
For those that spend every day as a security professional and for anyone who truly appreciates the demands applied to these essential security team members, burnout is a harsh reality.

How do I select a virtual SOC solution for my business?
To select a suitable virtual SOC solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Virtual machines hide ransomware until the encryption process is done
The use of virtual machines (VMs) to run the malicious payload is getting more popular with ransomware attackers, Symantec’s Threat Hunter Team claims.

It takes less than one hour to exploit vulnerable container infrastructure
Aqua Security published a research revealing a continued rise in cyberattacks targeting container infrastructure and supply chains, and showing that it can now take less than one hour to exploit vulnerable container infrastructure.

New tool allows organizations to customize their ATT&CK database
MITRE Engenuity has released ATT&CK Workbench, an open source tool that allows organizations to customize their local instance of the MITRE ATT&CK database of cyber adversary behavior.

Combatting OpSec threats to our COVID-19 vaccination efforts: What can we do?
COVID-19 vaccines have been rolling out for a few months now, but the nature of the pandemic and the number of people impacted by it mean that demand for these vaccines is enormous. And those of us in the security field know that any time you see high demand for a scarce resource, attackers are going to take advantage.

Scammers are impersonating the DarkSide ransomware gang
Someone out there is impersonating the infamous DarkSide ransomware gang and trying to trick companies in the energy and food industry to part with 100 Bitcoins, Trend Micro warns.

Cloud security skills in high demand
Cloud security is critically important for organizations across the globe as adoption of cloud infrastructure continues to grow at a rapid clip. The shift toward the cloud is unstoppable, and inevitably, it’s driving soaring demand for skilled security professionals, according to GIAC.

The paradox of post-quantum crypto preparedness
Preparing for post-quantum cryptography (PQC) is a paradox: on the one hand, we don’t know for sure when, or perhaps even if, a large quantum computer will become available that can break all current public-key cryptography. On the other hand, the consequences would be terrible – hijacked code updates, massive sensitive data exposure – and the migration process so complicated that we have no choice but to start preparing now.

Shame culture is the biggest roadblock to increasing security posture
Cybersecurity culture is nearly impossible to quantify due to an absence of measurement tools. Many businesses attempt to quantify the human element of their security posture by sending employees simulated attacks to find out how susceptible workers are to phishing, social engineering, spoofing, and other similar attacks.

Ransomware decreases as cybercriminals hit more lucrative targets
McAfee released a report examining cybercriminal activity related to malware and the evolution of cyber threats in the first quarter of 2021. The quarter saw cyber adversaries shift from low-return, mass-spread ransomware campaigns toward fewer, customized Ransomware-as-a-Service (RaaS) campaigns targeting larger, more lucrative organizations.

How to convince your boss that cybersecurity includes Active Directory
Because so many organizations rely on a hybrid cloud identity model that holds a central role for on-premises Active Directory, it’s a natural conclusion to consider Active Directory be a part of cybersecurity plans. And yet, Active Directory’s focus within most cybersecurity strategies is relegated to just maintaining backups in the event AD needs to be recovered.

Third-party identity risk management, compliance, or both?
Third-party risk management and compliance have traditionally gone hand-in-hand. One is a business requirement, the other a business necessity. So, which comes first? Or rather, which should come first?

How to rethink risks with new cloud deployments
These days, technology seems to evolve at the speed of light. Infrastructures change, attack surfaces reduce and multiply and, not surprisingly, your cloud environment advances. However, with new cloud deployment scenarios created to accelerate business operations, the risks also change. While many times the risks are not new, they are redesigned to infiltrate modern architectures.

Defense supply chain vulnerabilities creating security gaps
A BlueVoyant report highlights critical vulnerabilities within the defense supply chain ecosystem. The report includes evidence of the exploitable cyber weaknesses of SMBs within the Defense Industrial Base (DIB) and demonstrates how cybercriminals are becoming increasingly adept at locating and exploiting the weakest link within the supply chain.

Best practices for IT teams to prevent ransomware attacks
Organizations are in a tight spot to prevent ransomware cyberattacks and safeguard what they have built over the years. While IT teams are already battling the challenges of securing remote endpoints in the changing work sphere, the rise in cyberattacks has added additional responsibilities on their shoulders.

Embrace integrations and automation as you build a security program
AI, machine learning, continuous compliance, automation, integrations – these are the buzzwords in IT compliance right now. What do they mean and how can a startup or small enterprise leverage these concepts as it establishes a security program?

Only 7% of security leaders are reporting to the CEO
While 60% of organizations have experienced a cyberattack in the last two years and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO, a LogRhythm report reveals.

Most organizations would pay in the event of a ransomware attack
Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to a research from Harris Interactive.

Driving network transformation with unified communications
Unified communications (UC) has become a significant part of an organization’s digital transformation strategy, with the aim of establishing strong and reliable communication lines. UC tools, including video conferencing, instant messaging and VoIP, are now an absolute mandatory requirement for business continuity, productivity, and most recently, keeping businesses operational during the pandemic.

Can blockchain and MPC technology protect the integrity of auctions?
While traditional exchanges play a major role in defining the market price, recent NFT ventures have made attempts to align digital commodities with physical commodities. The long-term impact of this is unknown but, without scarcity, the value of any given digital asset could plummet.

On-demand webinar: Demystifying MDR for security conscious buyers
Join the on-demand webinar presented by cybersecurity veteran Lyndon Brown, Chief Strategy Officer at Pondurance.

New infosec products of the week: June 25, 2021
A rundown of infosec products released last week.

More about

Don't miss