threatpost.com
Open in
urlscan Pro
35.173.160.135
Public Scan
Submitted URL: https://threatpost.com/latest-insights-ransomware-threats/178391/#comments'
Effective URL: https://threatpost.com/latest-insights-ransomware-threats/178391/
Submission: On March 09 via api from US — Scanned from DE
Effective URL: https://threatpost.com/latest-insights-ransomware-threats/178391/
Submission: On March 09 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
POST /latest-insights-ransomware-threats/178391/#gf_5
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_5" id="gform_5" action="/latest-insights-ransomware-threats/178391/#gf_5">
<div class="gform_body gform-body">
<ul id="gform_fields_5" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_5_8" class="gfield field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text" for="input_5_8">Your name</label>
<div class="ginput_container ginput_container_text"><input name="input_8" id="input_5_8" type="text" value="" class="medium" placeholder="Your name" aria-invalid="false"> </div>
</li>
<li id="field_5_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text" for="input_5_1">Your e-mail address<span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_5_1" type="text" value="" class="medium" placeholder="Your e-mail address" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_5_9" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden">
<div class="ginput_container ginput_container_text"><input name="input_9" id="input_5_9" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</li>
<li id="field_5_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text gfield_label_before_complex"><span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_2">
<li class="gchoice gchoice_5_2_1">
<input class="gfield-choice-input" name="input_2.1" type="checkbox" value="I agree" id="choice_5_2_1">
<label for="choice_5_2_1" id="label_5_2_1">I agree to my personal data being stored and used to receive the newsletter</label>
</li>
</ul>
</div>
</li>
<li id="field_5_5" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text gfield_label_before_complex"><span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_5">
<li class="gchoice gchoice_5_5_1">
<input class="gfield-choice-input" name="input_5.1" type="checkbox" value="I agree" id="choice_5_5_1">
<label for="choice_5_5_1" id="label_5_5_1">I agree to accept information and occasional commercial offers from Threatpost partners</label>
</li>
</ul>
</div>
</li>
<li id="field_5_10" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_10">Phone</label>
<div class="ginput_container"><input name="input_10" id="input_5_10" type="text" value=""></div>
<div class="gfield_description" id="gfield_description_5_10">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_5" class="gform_button button screen-reader-text" value="Subscribe"
onclick="if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; jQuery("#gform_5").trigger("submit",[true]); }" disabled="disabled"
style="display: none;"> <input type="hidden" name="gform_ajax" value="form_id=5&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_5" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="5">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_5" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_5" id="gform_target_page_number_5" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_5" id="gform_source_page_number_5" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="1646821054625">
<script>
document.getElementById("ak_js").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>POST https://threatpost.com/wp-comments-post.php
<form action="https://threatpost.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<div class="o-row">
<div class="o-col-12@md">
<div class="c-form-element"><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Write a reply..."></textarea></div>
</div>
</div>
<div class="o-row">
<div class="o-col-6@md">
<div class="c-form-element"><input id="author" name="author" placeholder="Your name" type="text" value="" size="30"></div>
</div>
<div class="o-col-6@md">
<div class="c-form-element"><input id="email" name="email" placeholder="Your email" type="text" value="" size="30"></div>
</div>
</div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="c-button c-button--primary" value="Send Comment"> <input type="hidden" name="comment_post_ID" value="178391" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="bb5ca43171"></p><!-- the following input field has been added by the Honeypot Comments plugin to thwart spambots -->
<input type="hidden" id="knIHp2TwrOy3qoXRR3MVBClEA" name="zrP6IHjUymaWMD3zmXPvyuoMW">
<script type="text/javascript">
document.addEventListener("input", function(event) {
if (!event.target.closest("#comment")) return;
try {
grecaptcha.render("recaptcha-submit-btn-area", {
"sitekey": "6LfsdrAaAAAAAMVKgei6k0EaDBTgmKv6ZQrG7aEs",
"theme": "standard"
});
} catch (error) {
/*possible duplicated instances*/ }
});
</script>
<script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async="" defer=""></script>
<div id="recaptcha-submit-btn-area"> </div>
<noscript>
<style type="text/css">
#form-submit-save {
display: none;
}
</style>
<input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment">
</noscript>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="30">
<script>
document.getElementById("ak_js").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>Text Content
Newsletter
SUBSCRIBE TO OUR THREATPOST TODAY NEWSLETTER
Join thousands of people who receive the latest breaking cybersecurity news
every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
* Your name
* Your e-mail address*
*
* *
* I agree to my personal data being stored and used to receive the
newsletter
* *
* I agree to accept information and occasional commercial offers from
Threatpost partners
* Phone
This field is for validation purposes and should be left unchanged.
Δ
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
Threatpost
* Podcasts
* Malware
* Vulnerabilities
* InfoSec Insiders
* Webinars
*
*
*
*
*
*
*
Search
* White House Denies Mulling Massive Cyberattacks Against RussiaPrevious
article
* Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware GangNext article
InfoSec Insider
6 CYBER-DEFENSE STEPS TO TAKE NOW TO PROTECT YOUR COMPANY
InfoSec Insider
Daniel Spicer
February 25, 2022 1:49 pm
4 minute read
Write a comment
Share this article:
*
*
Ransomware is getting worse, but Daniel Spicer, chief security officer
at Ivanti, offers a checklist for choosing defense solutions to meet the
challenge.
The headlines feel like Groundhog Day, if each of Bill Murray’s repeated days
grew increasingly threatening:
Ransomware attacks rise again.
Ransomware attacks up over last quarter.
Ransomware attacks tower over previous year.
You get the idea. And yet again, a new report from Ivanti sends a clear warning:
It’s still getting worse. The Ransomware Spotlight Year-End Report identified 32
new ransomware families in 2021, bringing the total to 157 and representing a 26
percent increase over the previous year. These ransomware families are
exploiting a total of 288 vulnerabilities – a 29 percent increase over the
previous year. The report was conducted in partnership between Ivanti, Cyber
Security Works and Cyware, and based on proprietary data, publicly available
threat databases, and threat researchers and penetration-testing teams.
The report found that these ransomware groups are continuing to target unpatched
vulnerabilities and weaponize zero-day vulnerabilities in record time to
instigate crippling attacks. At the same time, threat actors are broadening
their attack spheres and finding newer ways to compromise organizational
networks and fearlessly trigger high-impact assaults.
And according to Coveware, organizations pay an average of $220,298 and suffer
23 days of downtime following a ransomware attack. That’s devastating in an
optimal climate, and given the scramble to shift to the digital landscape
combined with unprecedented shortages of skilled IT labor, an attack could be
insurmountable.
IT’S TIME TO MAP YOUR CYBERSECURITY JOURNEY
The good news: while ransomware threats are increasing in sophistication, so are
countermeasures. There are things you can do to dramatically reduce your attack
surface and proactively protect against and/or remediate threats without further
exhausting your human resources.
To build a comprehensive, scalable and framework-aligned cybersecurity strategy
for the Everywhere Workplace, companies must go on a three-phased journey:
Manage, Automate and Prioritize (MAP). Manage, the first phase, is about
establishing your cybersecurity foundation. Automate is about alleviating the
burden on IT. Prioritize is about getting to a state where IT has the
information and ability to identify and address the top risk areas.
There are six steps to a comprehensive MAP strategy, and you can get started
right now:
STEP 1: GET COMPLETE ASSET VISIBILITY
You can’t manage and secure what you can’t find. Invest in an automated platform
that enhances visibility into all connected devices and software and provides
context into how those assets are being used, so your IT and security teams can
make better decisions. A comprehensive discovery initiative finds all assets on
a network, including both corporate-owned and BYOD devices, and then provides
context around who is using what device, how and when they’re using that device,
and what they have access to. This enables security teams to better keep assets
protected and improve overall security posture.
STEP 2: MODERNIZE DEVICE MANAGEMENT
Modern device management is an essential part of increasing security in remote
and hybrid work environments. A unified endpoint management (UEM) approach fully
supports bring-your-own-device (BYOD) initiatives while maximizing user privacy
and securing corporate data at the same time.
UEM architectures usually include the ability to easily onboard and configure
device and application settings at scale, establish device hygiene with
risk-based patch management and mobile threat protection, monitor device posture
and ensure compliance, identify and remediate issues quickly and remotely,
automate software updates and OS deployments, and more. Choose a UEM solution
with management capabilities for a wide range of operating systems, and one that
is available both on-premises and via software-as-a-service (SaaS).
STEP 3: ESTABLISH DEVICE HYGIENE
Most people associate device hygiene with patch management, but it extends
beyond that. Good device hygiene involves taking a proactive, multi-layered
approach to ensure that only devices meeting defined security requirements are
allowed to access business resources, thereby reducing the digital attack
surface. Companies should look to combat device vulnerabilities (jailbroken
devices, vulnerable OS versions, etc.), network vulnerabilities
(man-in-the-middle attacks, malicious hotspots, unsecured Wi-Fi, etc.) and
application vulnerabilities (high security risk assessment, high privacy risk
assessment, suspicious app behavior, etc.). Establishing good device hygiene
also includes building processes that are well-defined and repeatable so they
can eventually be automated.
STEP 4: SECURE YOUR USERS
The only people who seem to like passwords are the threat actors who weaponize
them. Credentials, like passwords, remain among the most sought-after data types
in breaches – involved in 61 percent of breaches. Further, single sign-on (SSO)
solutions can create a single point of failure that can be exploited by hackers
to gain access to most or all enterprise apps.
The ideal solution: Passwordless authentication via zero sign-on. Instead of
passwords, this approach uses multifactor authentication via alternative
authentication methods such as possession (what you have, like a mobile device),
inherence (biometrics like fingerprints, Face ID, etc.) and context (location,
time of day, etc.).
STEP 5: PROVIDE SECURE ACCESS
The network perimeters that worked when your team was in-office no longer
suffice in the Everywhere Workplace. Today’s networks should be built on the
principles of the software-defined perimeter (SDP). It’s designed to leverage
proven, standards-based components that help ensure SDP can be integrated with
your existing security systems. SDP still requires a layer of security to
maximize benefits, which is where zero-trust network access (ZTNA) comes into
play.
STEP 6: CONTINUOUSLY MONITOR & MAKE IMPROVEMENTS
Most assessments of security posture are made after an attack, and are specific
to the attack vector. This reactive approach, combined with too many empty seats
in IT roles, is a substantial problem. To stay in compliance and mitigate
threats, it’s imperative to get a handle government, risk and compliance (GRC)
management. Look for a solution with quick and easy regulatory documentation
imports to map citations with security and compliance controls, and seek to
replace manual tasks with automated repetitive-governance activities.
There’s a lot of information here – and the idea of tackling six steps can feel
overwhelming. Then again, the threats are overwhelming, too. It’s essential to
take partners and leverage solutions to support your cybersecurity journey. The
right solutions will be comprehensive and integrated to ease the burden on your
IT staff, and will also preserve a productive, intuitive user experience that
maintains integrity no matter where, when or how your employees work.
Daniel Spicer is Chief Security Officer at Ivanti.
Enjoy additional insights from Threatpost’s Infosec Insiders community by
visiting our microsite.
Write a comment
Share this article:
* InfoSec Insider
* Malware
SUGGESTED ARTICLES
THE UNCERTAIN FUTURE OF IT AUTOMATION
While IT automation is growing, big challenges remain. Chris Hass, director of
information security and research at Automox, discusses how the future looks.
March 8, 2022
NVIDIA’S STOLEN CODE-SIGNING CERTS USED TO SIGN MALWARE
NVIDIA certificates are being used to sign malware, enabling malicious programs
to pose as legitimate and slide past security safeguards on Windows machines.
March 7, 2022
MASSIVE MERIS BOTNET EMBEDS RANSOMWARE NOTES FROM REVIL
Notes threatening to tank targeted companies’ stock price were embedded into the
DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in
the URL.
March 4, 2022
DISCUSSION
* Satya Kancharla on February 28, 2022
good article. Very informative. Keep it up
Reply
LEAVE A COMMENT CANCEL REPLY
Δ
This site uses Akismet to reduce spam. Learn how your comment data is processed.
INFOSEC INSIDER
* THE UNCERTAIN FUTURE OF IT AUTOMATION
March 8, 2022
* 6 CYBER-DEFENSE STEPS TO TAKE NOW TO PROTECT YOUR COMPANY
February 25, 2022
1
* THE HARSH TRUTHS OF CYBERSECURITY IN 2022, PART II
February 24, 2022
2
* 3 TIPS FOR FACING THE HARSH TRUTHS OF CYBERSECURITY IN 2022, PART I
February 9, 2022
* ‘LONG LIVE LOG4SHELL’: CVE-2021-44228 NOT DEAD YET
February 4, 2022
Newsletter
SUBSCRIBE TO THREATPOST TODAY
Join thousands of people who receive the latest breaking cybersecurity news
every day.
Subscribe now
NEXT 00:02 01:35 360p 720p HD 1080p HD Auto (360p) About Connatix V153996 Closed
Captions About Connatix V153996
1/1 Skip Ad Continue watching after the ad Visit Advertiser websiteGO TO PAGE
SUBSCRIBE TO OUR NEWSLETTER, THREATPOST TODAY!
Get the latest breaking news delivered daily to your inbox.
Subscribe now
Threatpost
The First Stop For Security News
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
* Copyright © 2022 Threatpost
* Privacy Policy
* Terms and Conditions
* Advertise
*
*
*
*
*
*
*
TOPICS
* Black Hat
* Breaking News
* Cloud Security
* Critical Infrastructure
* Cryptography
* Facebook
* Government
* Hacks
* IoT
* Malware
* Mobile Security
* Podcasts
* Privacy
* RSAC
* Security Analyst Summit
* Videos
* Vulnerabilities
* Web Security
Threatpost
*
*
*
*
*
*
*
TOPICS
* Cloud Security
* Malware
* Vulnerabilities
* Privacy
Show all
* Black Hat
* Critical Infrastructure
* Cryptography
* Facebook
* Featured
* Government
* Hacks
* IoT
* Mobile Security
* Podcasts
* RSAC
* Security Analyst Summit
* Slideshow
* Videos
* Web Security
AUTHORS
* Tara Seals
* Tom Spring
* Lisa Vaas
THREATPOST
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
Search
*
*
*
*
*
*
*
InfoSec Insider
INFOSEC INSIDER POST
Infosec Insider content is written by a trusted community of Threatpost
cybersecurity subject matter experts. Each contribution has a goal of bringing a
unique voice to important cybersecurity topics. Content strives to be of the
highest quality, objective and non-commercial.
Sponsored
SPONSORED CONTENT
Sponsored Content is paid for by an advertiser. Sponsored content is written and
edited by members of our sponsor community. This content creates an opportunity
for a sponsor to provide insight and commentary from their point-of-view
directly to the Threatpost audience. The Threatpost editorial team does not
participate in the writing or editing of Sponsored Content.
We use cookies to make your experience of our websites better. By using and
further navigating this website you accept this. Detailed information about the
use of cookies on this website is available by clicking on more information.
ACCEPT AND CLOSE
Notifications