Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2021

OT Security: Risks, Challenges and Securing your Environment

Before the revolution of Information Technology (IT), the world experienced the revolution of Operational Technology (OT). Operational Technology is the combination of hardware and software that controls and operates the physical mechanisms of industry. OT systems play an important role in the water, manufacturing, power, and distribution systems that transformed industry into the modern age. All of these systems function to operate, automate, and manage industrial machines.

FBI warns of Ranzy Locker ransomware threat, as over 30 companies hit

The FBI has warned that over 30 US-based companies had been hit by the Ranzy Locker ransomware by July this year, in a flash alert to other organisations who may be at risk. According to the alert, issued with the Cybersecurity and Infrastructure Security Agency (CISA), most of the victims were compromised after brute force credential attacks targeting Remote Desktop Protocol (RDP) to gain access to targets’ networks.

CIS Control 10: Malware Defenses

With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the minimum requirements for ensuring your malware defenses are up to the task.

How Cyber Threat Intelligence Can Help to Protect Against Cloud Security Threats

The coronavirus pandemic has accelerated the massive increase in using cloud computing services. As the world progresses through its online evolution, cloud computing services have become more of a necessity. However, along with businesses, cybercriminals have also seen this virtualization as a means of snagging more prey. The rapid increase in cloud computing services has made organizations face novel security challenges.

Hidden Value In Creating Cybersecurity Audit Programs

One of my first tasks after leaving NSA for private industry in the early 90s was to write my new company’s information security policy. I’m not sure my previous job as a cryptanalyst left me qualified for this, but I was viewed as the security guy. So, I attacked the task with vim and vigor. That first information security policy I wrote was a thing of beauty. I scoured the Orange Book and other resources to find every security requirement that might help us prevent a security incident.

5 Cybersecurity Considerations for the Auto Industry

Technology has become an essential part of daily life. From the way we get around to the things we buy, computers are at the forefront of change. This is especially true for vehicles. Vehicle technology has evolved dramatically over recent decades. The latest iteration of vehicle remodelling in the automobile industry is heavily software-focused, from autonomous and connected vehicles to electric vehicles and car-sharing.

CISO Interview Series: Investing in Frameworks, Humans, and Your Technical Skills

The journey for someone to the role of Chief Information Security Officer (CISO) isn’t often straightforward. Take Sandy Dunn, for example. Per SailPoint, Sandy started as a paper delivery kid at 10 years old. She then worked her way through software sales, insurance, and even horses before becoming the CISO of a health insurance provider in Idaho. All these “entry-level” jobs share one thing in common.

Top 3 Grooming Techniques in Fraud: What to Watch for

Grooming is a method of establishing a connection with a person to perpetrate a crime against them. Grooming is becoming more common in fraud, both online as well as in interpersonal interactions. What’s more, scammers are getting more sophisticated in their techniques. There is a mistaken belief that scammers are forceful, arrogant, and therefore easy to spot, but many play a long game, carefully and patiently grooming the victim before asking for money.

No Integrity, No Trust. The Foundation of Zero Trust Architecture | Ep 26

In the episode, Tripwire's Maurice Uenuma, discusses the role of integrity when it comes to Zero Trust Architecture. With results from our latest research survey on the Executive Order and Zero Trust, he and Tim make the case that Zero Trust cannot be maintained without proper Integrity controls at its foundation.

US Government warns of BlackMatter ransomware attacks against critical infrastructure

The US Government has issued an alert to organisations about the threat posed by the BlackMatter ransomware group. The government’s Cybersecurity & Infrastructure Security Agency (better known as CISA) issued the advisory earlier this week, following a series of BlackMatter ransomware attacks since July 2021 targeting US critical infrastructure, including two American organisations working in the food and agriculture sector.

CIS Control 09: Email and Web Browser Protections

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization.

What Pandemic Responses Teach Us About Cybersecurity

I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full of t-shirts. One thing I never would have predicted owning was a Tripwire-branded face mask to protect me from a global pandemic. Over the past year, I’ve worn that face mask more than any of my other swag. Of course, none of my other swag protected me and others from a highly contagious, deadly virus.

Salesforce Monitoring with Tripwire Configuration Manager

You may already know that Tripwire Configuration Manager can audit your cloud service provider accounts like AWS, Azure, and Google Cloud Platform, but did you know it also has capabilities to monitor other cloud based software services such as Salesforce? Salesforce is a popular customer relationship management (CRM) service with rich configuration options that could lead to unintended risks if it is improperly configured.

Analysis of 80 million ransomware samples reveals a world under attack

Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service in the last year and a half. Each day, approximately 150,000 ransomware samples were analysed by the free VirusTotal service after being submitted by suspicious computer users, and shared with the security community to enhance their threat intelligence and improve anti-virus products.

Windows 11: Registry Keys, SMB Protocol, and SystemInfo

Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this.

CIS Control 08: Audit Log Management

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of a successful attack. CIS Control 8 emphasizes the need for centralized collection and storage and standardization to better coordinate audit log reviews.

Public Sector Cyber Security beyond the PSN

Recording of a Tripwire Q&A with Gary Hibberd, Professor of Communicating Cyber at Cyberfort Group. As ransomware attacks increase we discuss how the threat is only set to increase as attacks become increasingly sophisticated and government organizations and public bodies in the UK wrestle with the challenges and complexities of migrating securely from the PSN.

Contextualizing the Ransomware Threat Confronting OT Environments

Back in early June, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) published a fact sheet discussing the rising threat of ransomware to operational technology (OT) assets. This development raises several questions. Why is ransomware a threat to OT environments? And what can organizations do to protect their OT assets against ransomware?

The Changing Role of the CISO

Back in the early days of networking, many companies assigned all of the responsibilities to anyone who showed any aptitude towards operating a computer. In many companies, this was an accountant or someone else who also managed sensitive financial information. The assumption was that the person managing the corporate books was the most trustworthy person in the organization.

Ransom disclosure law would give firms 48 hours to disclose ransomware payments

Organisations who find their networks hit by a ransomware attack may soon have to disclose within 48 hours any payments to their extortionists. That’s the intention of the Ransom Disclosure Act, a new bill proposed by US Senator Elizabeth Warren and Representative Deborah Ross.

CIS Control 07: Continuous Vulnerability Management

When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control 07 provides the minimum requirements, table stakes if you will, for establishing a successful vulnerability management program.

Analysis of a Parental Control System

Canopy was advertised to me through my child’s school. The company offers a multi-platform parental control app claiming various abilities to limit and monitor use of protected devices. Access to Canopy is billed monthly and includes a compelling list of features for concerned parents: Several of these features imply that the app has privileged access to the protected device and may be intercepting TLS connections to filter content.

4 Types of MSPs that Can Help You Meet Your Cybersecurity Needs

In my previous post, I discussed some of the reasons why organizations decide to partner with managed service providers (MSPs). Organizations need to be careful when deciding to work with a specific provider, however, as not all MSPs are the created the same. Part of the reason why is because MSPs come in four varieties. Let’s discuss those types below.

Don't Warn Your Co-Workers About That Phishing Test

It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became our primary business location, it all became very personal. I once worked at a company that prohibited me from offering personal cybersecurity advice.

Conquering the Taproot of Cybersecurity

What is your organization’s approach to security events? For many organizations, each security alarm is treated with the same urgency as a fire. While a sense of urgency is good, the ensuing panic that occurs is not a recipe for longevity. The constant shifting of attention from one emergency to the next is fatiguing; it can often lead to mistakes that compound an event. The “all hands on deck” approach is similar to an ineffective method of weeding a garden.

Tripwire Industrial Cybersecurity Suite

For industrial organizations, managing cybersecurity and compliance is a big job. On top of your IT servers, workstations, applications and databases, etc. you have your plant operations and OT: industrial control systems, SCADA systems, HMIs, etc. Luckily, Tripwire can help you with IT, OT and the convergence of both. From the factory floor, to the top floor, Purdue levels zero through five.