“Such a change in the process would have devastating and permanent effects on the trust and utility of this global system,” ICANN says

Ukraine’s Plea to Unplug Russia From the Internet Is Denied

Written by. 

Sophisticated threats dominate information security headlines. MITRE ATT&CK® for enterprise includes over 560 unique adversary behaviors seen in the wild. Cyber defenders cannot focus on all these threats. Defending against this huge number of observed attacks is further complicated by the evolving nature of our IT environments and the threats against them. Both our environment and the threats against them are continually changing. Defenders need data to drive prioritization and understanding of how adversaries are evolving.

Our vision is to establish an ecosystem in which security teams, vendors, ISACs/ISAOs, and governments share when they see adversaries use specific behaviors — sightings of ATT&CK techniques — to give defenders unprecedented visibility into what adversaries are actually doing in the wild.

To establish this Sightings Ecosystem, the Center for Threat-Informed Defense (Center), in collaboration with participants including AttackIQ, Inc., Fortinet, Inc.’s FortiGuard Labs, The Global Cyber Alliance, and Verizon Business Services, collected and analyzed sightings of adversary behaviors in the wild. This analysis presented a clear look at the most commonly observed adversary behaviors and provides a roadmap for developing threat-informed defenses. We also packaged our methodology and tools and are releasing those alongside the report so organizations can perform similar analysis to develop a threat-informed defense specific to their organization.

With data contributions from ConnectWise Cyber Research Unit, FirstEnergy Corp, Red Canary, and others, we were able to collect over 6 million sightings of adversary behavior. After normalizing the data and narrowing our scope from April 2019-July 2021, we were left with 1.1m different observed techniques. Many of the findings confirmed what we knew or suspected about adversary behaviors, but it was comforting to have the data to back it up. Below is our list of the top 15 most common techniques that were observed. We focused on the top 15 because those techniques made up 90 percent of all techniques in our dataset.

Read full post:

https://medium.com/mitre-engenuity/informing-defense-with-adversary-sightings-3d54fe39290

President Joe Biden warned Thursday that the federal government would respond to Russian aggression in cyberspace.

“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” Biden said in the White House East Room. “For months, we’ve been working closely with the private sector to harden our cyber defenses, sharpen our ability to respond to the Russian cyberattacks as well.”

The remarks came hours after Russian troops invaded Ukraine and Russian hackers used denial-of-service attacks to disable Ukrainian government and financial sites.

https://www.nextgov.com/cybersecurity/2022/02/biden-prepared-respond-if-russia-pursues-cyberattacks-against-us/362401/

In recent days, the Russia-Ukraine standoff in the physical world has also spilled into the cyber realm, with politicians and cybersecurity experts alike warning of potential attacks against the U.S. financial industry.

As a result, banks are seeking support in better addressing potential vulnerabilities. Victor Wieczorek, nation state red teamer and director of threat and attack simulation at cybersecurity firm GuidePoint Security, works with financial institutions on table top exercises to simulate a Russian cyberattack. “We’re seeing a lot of action and activity on the cyber front,” he says. “As tensions rise and there’s more poking and prodding… we’re seeing a long tail here.”

https://www.scmagazine.com/analysis/apt/as-russian-cybercriminals-become-emboldened-us-banks-prepare-for-potential-attack

Cyberattacks on oil surge as hackers target commodities

https://www.spglobal.com/platts/en/market-insights/latest-news/oil/021822-cyberattacks-on-oil-surge-as-hackers-target-commodities

“Is Sharing Caring? A report on current cyber threat intelligence networking practices, results, and attitudes” is now available online from Pulsedive.

Cyber threat intelligence (CTI) is a growing space, with an industry-wide consensus that teams cannot effectively operate in an intelligence silo. In support of improved CTI sharing, stakeholders have invested in research and development efforts around cross-boundary collaboration, technical standardization, managing trust, and reporting best practices.

Yet, there’s a lack of clarity around how professionals can most effectively network today. The conventional wisdom amongst practitioners is that CTI networking is achieved through trial & error and on an individual basis. So, we reached out directly to practitioners to capture their CTI networking experiences.

The report benchmarks CTI networking practices, results, and attitudes to provide data-driven insights around:
– How different methods stack up
– How and why individuals participate
– The role organizations play

Access the report https://blog.pulsedive.com/cti-networking-report/

The US Cybersecurity and Infrastructure Security Agency (CISA) shared a joint cybersecurity advisory on how 2021 Trends Show an Increased Globalized Threat of Ransomware.

Policy Insights:

Dan Schiappa, Chief Product Officer at Arctic Wolf:

“Despite the incessant headlines and mainstream attention over the last year, the ransomware epidemic is far from over. CISA’s joint cybersecurity advisory highlights the urgent actions organizations must take to protect themselves from high-impact ransomware incidents, specifically targeting critical infrastructure organizations across the world. As IT (Information Technology) and OT (Operations Technology) systems continue to converge, having adequate protection in place will alleviate expensive remediation efforts, lost profits and costly downtime.

Organizations within the critical infrastructure sector, such as those in the oil and gas industry, have a lot at stake – especially if a ransomware attack affects operations. We saw this firsthand with the Colonial Pipeline attack of 2021. In fact, the FBI, CISA, and NSA disclosed cybercriminals were leveraging ransomware tactics and targeting 14 of the 16 U.S. critical infrastructure sectors including government facilities, thus causing the potential for additional nation-state attacks. In this type of environment, no one is safe – and many organizations face shared challenges when attempting to manage their own internal security operations centers (SOCs).

With ransomware’s success targeting organizations of all sizes and across various industries, this business model has evolved into an incredibly sophisticated and organized operation. If hackers are working together, we must too. To mitigate potential threats, organizations need to work with a partner that provides capabilities that amplifies their existing resources.

It’s easy to focus on the sophisticated response to this, but It’s an understatement to say that security basics should not be overlooked. Organizations need to implement a user training program to help employees build resilience against potential threats – such as phishing attacks, social engineering, and credential theft. In fact, 60% of executives believe their individual employees lack the ability to identify a cyberattack; coupled with 2020’s 64% increase in phishing and ransomware attacks, there’s no doubt that businesses must put security at the forefront of culture. Given this, organizations need to be held accountable for prepping their employees – regardless of whether they are an intern or in the C-Suite – on identifying a well-orchestrated phishing or ransomware attack when it occurs. Leveraging third-party resources can help encourage employees to engage in training and provide them with content that focuses on real-world threat tactics. A well-developed training program can empower employees to effectively identify and mitigate threats in the early stages while strengthening their security posture congruently.