FBI reports that BlackByte ransomware has breached US critical infrastructure

The FBI has announced that BlackByte ransomware has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.

News Insights:

Chris Clements, VP of Solutions Architecture, Cerberus Sentinel

“A large failing in the cybersecurity industry has been a lack of transparency from victims on how attackers breached their organization.  I fully understand the potential legal liability or reputational damage that may result in an honest accounting of the attack timeline including possible failures or negligence that contributed to the incident, but the outcome of not publishing this analysis means that many organizations are left uninformed on where their own exposures may be.  After all, many cybercriminal organizations use very similar techniques in attacking multiple victims.  A detailed analysis of events would raise awareness for everyone.  For example, how was the initial foothold gained?  Was the victim running anti-malware software?  Did the attackers bypass the anti-malware solution completely or were their initial attempts correctly flagged but dismissed by defenders because they were listed as “cleaned” or “quarantined”?  As technology becomes core to our most critical institutions, we must change our mindset on communicating this information.  The same way wouldn’t tolerate an airline refusing to provide a detailed account of an aviation incident to mitigate risks from equipment or procedures, we should demand that similar reporting and root cause analysis be made public where possible for cybersecurity breaches.”

James Graham, VP of Marketing, RiskLens

“It is imperative that organizations understand their exposure to ransomware and other attacks in financial terms, and especially in anticipation of increased threat activity.  Only through quantification can organizations understand the potential financial impact of new and increased attacks, and justify the investments that are necessary to adequately prevent and mitigate them.”

Erich Kron, Security Awareness Advocate, KnowBe4

“The critical infrastructure sector has been plagued by ransomware attacks, as the criticality of the systems makes quick recovery vital, which increases the likelihood that the victims will pay the ransom. This same criticality also makes law enforcement attention much more likely. However, given the low success rate of law enforcement busts, this is often a chance the groups are willing to take.

Critical infrastructure and many government entities are especially vulnerable to ransomware attacks as limited budgets, aging equipment and shortages in cybersecurity staffing all pose significant challenges for the defenders of these networks. These groups must focus on the top attack vectors used in ransomware attacks, usually email phishing and attacks on remote access portals. Training the users to spot and report phishing emails and improving the organizational security culture, along with ensuring remote access portals are monitored for brute force attacks and that credentials being used have Multi-Factor Authentication (MFA) enabled are some top ways to counter these threats.”

Photo by Andrea Piacquadio from Pexels