by Dawn Dunkerley
Contributing Editor

They Come in the Night: Ransomware Deployment Trends – Fire Eye Threat Research

  • We noted several initial infection vectors across multiple ransomware incidents, including RDP, phishing with a malicious link or attachment, and drive by download of malware facilitating follow-on activity.
  • Contain and remediate infections quickly to prevent attackers from conducting follow-on activity or selling access to other threat actors for further exploitation.

Editor’s note: As I was looking to pull together this month’s post, I was almost overwhelmed with the uptick in ransomware-related reporting. If that means that we are having more, or just having more reporting, I cannot be sure; however, this Mandiant report is still quality reading for weary eyes. The point that “if initial infections are detected, contained, and remediated quickly, the significant damage and cost associated with a ransomware infection could be avoided” may seem obvious, but we continue to see organizations that haven’t planned and exercised for these events. Prevention is important, but response and recovery when the bad times come cannot be ignored.


Securing the MSP: Best Practices for Vetting Cybersecurity Vendors– Malwarebytes Labs

  • What’s concerning from a Chief Security Officer’s (CSO’s) perspective is the veneer of legitimacy many cybersecurity vendors are capable of producing: Scammy security companies generally have slick, professional websites, convincing sales engineers, legions of onshore support administrators, and almost invariably, one or more executives with ties to a government intelligence agency, whether in the US or abroad.
  • What these threat alerts amount to tends to be a drag on organizational resources, as in-house security personnel are tasked with vetting ever-increasing quantities of data that don’t address business needs.

Editor’s note: This is an exceptional quote from this article: “Some infosec vendors really do try their best to provide a valuable product to the end user, but still fall awfully short of the mark. The problem here isn’t that they’re not trying to deliver a good product—it’s that they don’t necessarily understand what “good” is to you.” I really pondered this… while we do see truly “scammy” vendors, most often there are good vendors that just aren’t right for your particular organizational gaps. It’s easy to be overwhelmed by the number of tools and service providers, so a good, honest look at the critical cyber assets and how they are under- and over-defended. Rational decisions are important, even in these times.


Fresh Virus Misery for Illinois: Public Health Agency Taken Down by… Web Ransomware. Great Timing, Scumbags– The Register

  • The Champaign Urbana Public Health District (CHUPD) in Illinois, covering 210,00 folks, including the state’s biggest university, said today it has had to set up an alternate website as it deals with a ransomware infection that took down its primary site.
  • At the time of writing, the district’s alternate website was operational and displaying some basic contact information about the deadly coronavirus outbreak.

Editor’s Note: And “scene”… even through an above note discussed the never-ending flood of ransomware reporting, I had to point this one out, chiefly because my mentor had correctly predicted attacks against public health agencies would increase in the face of the COVID-19 (Coronavirus) epidemic. Scumbags, indeed.


Beyond Burnout: What Is Cybersecurity Doing to Us? – Dark Reading

Infosec professionals may feel not only fatigued, but isolated, unwell, and unsafe. And the problem may hurt both them and the businesses they aim to protect.

Editor’s Note: I do put this in quite on purpose, hoping that my friends and colleagues in the field (as well as their leadership) will consider what the constant barrage of attacks are doing to their teams. Perhaps more so than ever, it’s exhausting to be a cyber professional. To quote the article:

“Cybersecurity professionals are trying to save everyone. Does someone need to save them?

The Impact: ‘The Only Ones to Feel Any Pain’
Over 400 CISOs and 400 C-suite executives revealed some sobering truths in a survey recently conducted by Vanson Bourne on behalf of Nominet. The “CISO Stress Report” found:

  • 21% of CISOs said they have taken a leave of absence because of job-related stress. Some CISOs took this significant step even though many reported being afraid to take sick days (41%) and neglecting to take all of their allotted time off (35%).  
  • 48% of CISOs said their work stress has impacted their mental health, and 35% said it has impacted their physical health.
  • 40% of CISOs said their work stress has impacted their relationships with their families or children, 32% said it has impacted their relationships with spouses or romantic partners, and 32% said it has impacted their relationships with friends.
  • 23% said they are using medication or alcohol to manage stress.
  • 94% of American CISOs and 95% of UK CISOs reported working more than their contracted hours – on average, 10 hours per week more. In addition, 83% of American C-suite execs and 73% of UK execs confirmed they do, indeed, expect security teams to work longer hours.”

Emotions are high, attacks are nonstop, and generally budgets are not keeping up. It’s very common to feel alone and unappreciated, and that can lead to a downward spiral. Please don’t ever hesitate to reach out to me personally if you are feeling these things, and know that, as a community, we are fighting the good fight every day, no matter the odds. Somehow knowing that helps me every day.


Leave a Reply

Your email address will not be published. Required fields are marked *