Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last year was a tough one for schools, local, and state governments. Not simply because of COVID-19, which forced every local government and school to navigate a pandemic, but also because the pandemic brought with it a different set of dangers. While local governments and schools were trying to figure out remote learning, remote work, and how to run public meetings safely and effectively online, cybercriminals took advantage of the fact that the remote world is new to most small governments.

The goal of system hardening (or security hardening) is to reduce the attack surface. It includes reducing security risks and removing potential attack vectors. By removing superfluous programs, accounts functions, applications, ports permissions access etc., the reduced attack surface means the underlying system will be less vulnerable, making it harder for attackers or malware to gain a foothold within your IT ecosystem.

In the beginning of May, a U.S. pipeline company suffered a ransomware attack. The company decided to respond by halting operations while it investigated the incident. This delayed tens of millions of gallons of fuel from reaching their destination all along the East Coast. Less than a week later, Bloomberg reported that the company had paid millions of dollars to a ransomware group in order to regain access to their systems. U.S.

Credential abuse and compromised user accounts are serious concerns for any organization. Credential abuse is often used to access other critical assets within an organization, subsidiaries, or another partner corporation. Once an account is compromised, it can be used for data exfiltration, or to further promote the agenda of a threat actor.

Confidence isn’t new when it comes to cybersecurity. All the way back in 2015, for example, 86% of security professionals working in the energy sector told Tripwire that they were confident they could detect a breach in a week. Just less than half (49%) said it wouldn’t take them longer than a day to spot an attack. It was the same story a year later when Tripwire surveyed infosec professionals in the retail sector.

SecurityScorecard’s Investigations & Analysis team conducted an investigation into the details surrounding the USAID.gov attack. As has been previously reported, the attack has been potentially attributed to the organization commonly known as Cozy Bear, but our investigation found that the campaign is likely much larger, and began much earlier than has been reported.

The Anti-Phishing Working Group (APWG) has just released its Phishing Activity Trend Report for Q1 2021. The first findings are easily predictable; the dispersion of the workforce is pushing phishing attacks to new records: just in January 2021, the APWG detected 245,771 unique phishing sites, the highest number reported so far.

Security teams defending Windows environments often rely on anti-malware products as a first line of defense against malicious executables. Microsoft provides security vendors with the ability to register callbacks that will be invoked upon the creation of processes on the system. Driver developers can call APIs such as PsSetCreateProcessNotifyRoutineEx to receive such events.