Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2022

Potential Abuse of Self-Signed Certificate IP Attribution Leads to Malicious Score Drop

In 2020, SecurityScorecard uncovered a case in which self-signed certificates caused misattributions for CDN IPs, and IPs shared by many websites. At the time, we mitigated this issue by labeling CDNs (e.g. Cloudflare, Akamai, Fastly, etc.), so that customers could easily determine if their scoring problems were related to shared IPs.

How We Empower Your Post-Breach Actions

Here’s what you need to do immediately when a cybersecurity incident occurs: At SecurityScorecard, we’ve recently introduced our Digital Forensics Incident Response service. In case of an emergency, we can come on-site and help the company figure out what's happening and how to contain the crisis. It's valuable to us because now, in addition to providing scores and threat intelligence, we also have a service to help organizations become safer.

Shifting to Holistic Risk Management with Cyber Risk Quantification

As malicious attackers and nation states have increasingly weaponized the cyber domain to impact private companies, the sustainability of organizations' ties to their cybersecurity is in question across all industries and sectors. There are many examples of companies going out of business as a result of a cyber attack, due to business leaders failing to wrap their arms around all the different ways that the ever evolving cyber threat landscape can impact their business.

How Your Cybersecurity Score Impacts Your Stock Price

Your cybersecurity score impacts your stock price. Here’s how: The value of a company’s stock is based on trust. Investors need to trust that the company will perform well, sustain its competitive advantage, and protect its customers’ information. When a company gets hacked, it betrays that trust, influencing its credibility. We have seen the stock price of Equifax, SolarWinds, etc., drop after they suffered data breaches.

Incredibly simple...yet effective. Zhadnost botnet relies on Open Proxies and DNS Resolvers.

As mentioned in SecurityScorecard’s (SSC) previous Zhadnost blog posts (part one and part two), the DDoS attacks against Ukrainian and Finnish websites do not appear to have a lasting impact, as the sites were back online within hours of the attack.

The Caller is Coming from Inside the House!

SecurityScorecard’s own Ondrej Krehel talks with News 12 in New York about how to protect yourself from what might be the most surreal spam number of all—your own. Most of us are used to getting spam texts: You’ve paid your bill, click this link for a free gift! You’ve won the sweepstakes, click here to redeem! It’s no surprise that nothing good comes from clicking those links.

The Impact of New Federal Banking Regulation

Let’s talk about the new federal bank regulation that goes into effect in April 2022. It will require organizations to notify about a breach within 36 hours, which is the shortest breach notification reporting requirement of any law to date. The clock starts ticking when the organization determines that an incident has occurred. A serious computer incident is usually defined as an incident that materially disrupts or degrades the performance of an organization.

What We Can Learn From SolarWinds Security Breach

65% of cyber attacks today happen due to the negligence of a third party. SolarWinds security breach is a good example of that. In this case, hackers used a method known as a supply chain attack to insert malicious code into their Orion System. From there, they managed to crack into the SolarWinds network and put malware into the environment. SolarWinds did a great job following up on this. They made significant improvements and are currently rated as a B by SecurityScorecard.

What is Incident Response?

Creating an incident response plan is mission-critical for modern organizations. As threat actors continuously evolve their attack methodologies, organizations need the people, processes, and technologies that allow them to rapidly respond to a security incident. According to research, attacks have increased by 15% since 2019.

We Need a New Risk Management Approach to Secure Critical Infrastructure Against Russian Cyber Threats

A democratized approach to cybersecurity risk management that leverages continuous monitoring and public-private partnerships is overdue, and critical, for today’s cyber threat environment.

Zhadnost strikes again... this time in Finland.

SecurityScorecard (SSC) has identified a DDoS attack which targeted the websites of the Finnish Ministry of Foreign Affairs and Ministry of Defense. SSC discovered more than 350 bots, mainly located in Bangladesh and African countries, which are now considered to be part of the Zhadnost botnet, previously discovered by SSC in March.

What To Do If You Think Your Company Has Been Hacked

Nearly every day, it seems like you’re reading about another data breach in the news. Between ransomware attacks and nation-state actors, you can’t rely on the old “trust but verify” adage anymore. Cyber resilience isn’t about preventing all threats, it’s about creating a security program that allows you to identify, investigate, contain, and mitigate threats quickly and effectively.

Cybersecurity Tips for Healthcare Organizations

“Why do ransomware attackers target healthcare companies so often?” Here are 2 reasons why: Goldmine of personal information: If you look on the dark web, the price of a stolen credit card would be $5 for a validated card. But the price of personal information (passport, social security number, etc.) could range from $400 to $6,500 per person because you can create a fake identity and use it to create accounts in various places.

5 Cyber Hygiene Best Practices

Here are 5 cyber hygiene best practices to safeguard yourself from hackers: Hackers know your external look and feel better than you do. So you must constantly rediscover how you appear to the adversaries and take actions to safeguard yourself. A lot of hacks happen by exploiting vulnerabilities that have not been patched instead of being zero-day attacks. So you need to patch your software regularly.

Water Sector Cybersecurity Requirements

Water Sector Cybersecurity Requirements Policymakers and regulators in Washington are bringing their attention now to water utilities’ cybersecurity. Last month, the White House announced it was expanding its public-private cybersecurity partnership to the water sector. Separately, in December of 2021, the Environmental Protection Agency (EPA) announced an evaluation of regulations related to the public water system’s cybersecurity, which will change in April.

Scary kids scaring kids: An update on the arrest of Lapsus$ group members

One would be hard pressed to find anyone working today in the cybersecurity world that has not yet heard of Lapsus$, an emerging cyber-crime group with big claims of breaching the likes of high-profile companies Microsoft, Samsung, NVIDIA, and Okta amongst others.

5 Ways to Illuminate Your Attack Surface Blind Spots

How well do you know your organization’s attack surface? Chances are, you don’t know it as well as you think you do. According to a recent report, 2 out of 3 organizations say their external attack surface has expanded in the past 12 months, but that does not mean they’ve been keeping track of it.

Reducing Cybersecurity Risk for Local Government

The amount of data that municipalities deal with on an everyday basis has grown exponentially. In particular, local governments have focused on upping their cybersecurity efforts due to the sensitive information and data stored and shared with state and federal government programs. It is now more important than ever to ensure effective cybersecurity within local governments. In this blog, we will take a look at how your local government can reduce impending risks and secure innate vulnerabilities.

2 Ways Reduce the Likelihood of Getting Attacked

2 ways to make your security infrastructure better than 99% of companies: Start with a zero-trust architecture: Assume that the attackers are going to inevitably break-in. Design a system with zero-trust architecture. To do that, you must: You need to look at how you appear to hackers from outside. Today, with a click of a mouse, attackers can scan the entire Internet and find open ports from companies that are easy to break into.

Improving accuracy and value: Why Inviting Vendors is important

As most of our customers know, every single company – customer or not – gets free and unlimited access to their own company’s Scorecard. This view allows them to see the complete details of their scorecard and a high-level view of five other scorecards. SecurityScorecard provides this free access because we know that when companies engage with their scorecard, their scores improve, their attribution becomes more accurate, and our customers lower their own cyber risk.

Spring4Shell: 12 year old vulnerability springs back to life

On Thursday, March 31st a patch for a widely used Java framework called the Spring Framework was given the designation CVE-2022-22965 with a CVSS Score of 9.8. That’s bad news for a lot of companies that make use of this framework for delivery of their web applications, services and APIs. This is a remote code execution (RCE) vulnerability and the ease of exploitation is partly why it has earned a 9.8 out of 10 on the CVSS Score.