Priya Patel
TLDR:
Key Points:
- Brute force credential attacks on the rise since March, affecting VPN, web applications, and SSH services.
- Russia’s Sandworm cyber group classified as an advanced persistent threat actor by researchers.
In this week’s Cyber Security Today Week in Review, several key cybersecurity incidents were highlighted. Brute force credential attacks have seen an increase since March, targeting VPN, web applications, and SSH services. Additionally, Russia’s Sandworm cyber group has been classified as an advanced persistent threat actor by researchers at Mandiant. This group, linked to various cyber attacks, has tools for collecting intelligence, spreading disinformation, and sabotaging IT networks. On the ransomware front, UnitedHealth reported a significant cost of $872 million to handle a ransomware attack, underscoring the financial impact of these incidents. The UN Development Programme and the Roman Catholic Diocese of Phoenix were also targeted by ransomware attacks, highlighting the pervasive nature of this threat.
On the policy side, the Ransomware Task Force’s recent report outlined a roadmap for potential prohibition of ransomware payments, emphasizing the need for government action before implementing such a ban. Jen Ellis, a member of the Task Force, discussed the challenges organizations face in defending against ransomware attacks, citing capacity and capability constraints as key roadblocks. Recommendations included establishing a ransomware response fund, ending tax deductibility of ransom payments, and building resilience through backups and vulnerability management programs.
Overall, the cybersecurity landscape remains complex and challenging, with organizations grappling with evolving threats and the potential implications of ransomware payment bans. Education, collaboration, and preparedness are critical components in mitigating cybersecurity risks and enhancing resilience in the face of persistent threats.
