SBS CyberSecurity - In The Wild 173

SBS Newsletter header
 



In The Wild - CyberSecurity Newsletter

Welcome to the 173rd issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions.
Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!
         
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[VIRTUAL CONFERENCE] CyberRiskNOW - Incident Response Edition

SBS Educational Resources

This virtual conference is designed to provide interactive training on evolving cybersecurity threats and how your organization can build a strong Incident Response Plan that helps protect against these threats. CyberRiskNOW: Incident Response Edition will identify components of a comprehensive Incident Response Plan that enables your organization to identify, protect, detect, respond to, and recover from today’s modern cyber attacks, as well as minimize your risk from these real-world threats. This seminar will also walk you through the anatomy of a modern cyberattack, show you around the Dark Web and how cybercrime-as-a-service works, provide you with security suggestions for Office 365, and discuss how to implement the most impactful controls to mitigate your cyber risk.

cid:image007.jpg@01D5D46F.318DE9A0

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way to combat cybercrime and steer offenders toward a better path.

PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time

threatpost

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. According to a warning on Twitter from Microsoft Security Intelligence on Wednesday, PonyFinal is not an automated threat, but rather has humans pulling the reins. It exfiltrates information about infected environments, spreads laterally and then waits before striking — the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely.

5 Principles for Effective Cybersecurity Leadership in a Post-COVID World

World Economic Forum

COVID-19 is forcing business leaders to adapt operating models faster than ever before to ensure existential survival. The large-scale adoption of work-from-home technologies, exponentially greater use of cloud services and explosion of connectivity allow companies to continue operations even with social distancing and “stay at home” orders. However, the paradigm shift is putting immense pressure on cybersecurity operations. As organizations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly.

Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »

Michigan State University Hit By Ransomware Gang

ZDNet

The operators of the NetWalker (Mailto) ransomware have announced today that they've infected the network of Michigan State University, one of the US' oldest educational institutes. The ransomware gang has given MSU administrators a week to pay an undisclosed ransom demand to decrypt their files. In case MSU officials refuse to pay or choose to restore from backups, the ransomware gang is prepared to leak documents stolen from the university's network on a special website the group is operating on the dark web.

Nworm: TrickBot Gang’s New Stealthy Malware Spreading Module

Bleeping Computer

The Trickbot banking trojan has evolved once again with a new malware spreading module that uses a stealth mode to quietly infect Windows domain controllers without being detected. Started as a banking Trojan, the TrickBot malware has evolved with the constant addition of new modules that allows it to perform a variety of malicious behavior. Some of this behavior includes spreading laterally through a network, stealing Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC, and PuTTY Credentials, and more.

A New Free Monitoring Tool to Measure Your Dark Web Exposure

The Hacker News

Last week, application security company ImmuniWeb released a new free tool to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered for sale or leaked. All you need to launch a Dark Web search is to enter your domain name.

9 Habits to Increase Your Energy

Medium

Energy, not time, is the basis for productivity. Having all the hours in the day won’t help you if you’re exhausted for most of it. Your habits define your energy levels. If you have good habits, you’ll feel energized and be more resilient to burn out, both physically and mentally. If your habits are misaligned, you can get into a cycle where you feel worse and worse, until your it’s a struggle just to keep up. Here are nine habits you can work on this year to increase your energy levels.

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"