F1TYM1

When most people think about cybercrime, especially when they are victims of a data breach or business interruption by
hackers, they tend to focus on the how. While tempting, this rarely leads to the culprit or a better defense.

In protecting an organization from cyber risk, clarity about the effectiveness of its cybersecurity program is imperative. The organization must understand its security posture and identify gaps in safeguards to ensure that security investments align with the organization’s risk appetite. Performing assessments using a reference framework, such as the NIST Cybersecurity Framework (CSF), provides the means for evaluating current cybersecurity posture and potentially identifying risk for further analysis. Additionally, the use of NIST CSF to create a current profile (where the organization stands at the time of the assessment relative to each control) and a target profile (where the organization would like to be at some future date relative to each control) helps in identifying gaps in a cybersecurity program and establishing areas for improvement in a consistent and methodical manner.  

Written by Tim Starks and Sean Lyngaas
Oct 23, 2020 | CYBERSCOOP

The Louisiana National Guard was called in to stop a series of cyberattacks aimed at small government offices across the state in recent weeks, Reuters reported Friday, citing two people with knowledge of the events, highlighting the cyber threat facing local governments in the run up to the 2020 U.S. presidential election. From the report:

The situation in Louisiana follows a similar case in Washington state, according to a cybersecurity consultant familiar with the matter, where hackers infected some government offices with a type of malware known for deploying ransomware, which locks up systems and demands payment to regain access. Senior U.S. security officials have warned here since at least 2019 that ransomware poses a risk to the U.S. election, namely that an attack against certain state government offices around the election could disrupt systems needed to administer aspects of the vote. It is unclear if the hackers sought to target systems tied to the election in Louisiana or were simply hoping for a payday. Yet the attacks raised alarms because of the potential harm it could have led to and due to evidence suggesting a sophisticated hacking group was involved. Experts investigating the Louisiana incidents found a tool used by the hackers that was previously linked to a group associated with the North Korean government, according to a person familiar with the investigation.

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Written by Shannon Vavra
Oct 23, 2020 | CYBERSCOOP

Security has always claimed that “Defense in Depth” is the dominant strategy. As we enter the world of automated workloads at internet-scale, it has become clear that it is in fact “Defense in Diversity” that wins over depth. When dealing with large-scale automated attacks, iteration over the same defense a million times is cheap. However, attacking a million defenses that are slightly different is costly for the threat actor.