Analysis: Drone Tech Creates New Type of Blended Threat
Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn. Continue reading Analysis: Drone Tech Creates New Type of Blended Threat
Category Archives: Cyberdefense
Here’s how to defend your enterprise from Magecart
Magecart, a tool used by a broad set of hackers to steal online payment data, has been rampant in recent months. The group has allegedly breached popular websites like those of British Airways and Ticketmaster UK by injecting malicious scripts directly or through third-parties to siphon off customer data en masse. With the body of forensic evidence tied to Magecart growing, researchers with analytics company Securonix have released recommendations for defending against the groups. The goal is keep online vendors from being Magecart’s next high-profile scalp. The threat data can “increase the chances of early detection of this, and potentially other future variants of the Magecart malicious threat actor activity on your network,” Securonix’s Oleg Kolesnikov and Harshvardhan Parashar wrote in a research paper. There are at least three data channels that organizations need to monitor to boost their chances of detecting Magecart, according to Kolesnikov and Parashar: web server […]
The post Here’s how to defend your enterprise from Magecart appeared first on Cyberscoop.
Continue reading Here’s how to defend your enterprise from Magecart
DHS cyber specialist: look for behavior patterns with APTs
To better track advanced hacking groups, U.S.-based companies should watch for signals in human behavior instead of changing tactics, according to Casey Kahsen, an IT specialist at the Department of Homeland Security. From one campaign to another, there are “a lot of similarities” in the behavior of a Russian government hacking group that has targeted U.S. energy companies, Kahsen said Friday at a cybersecurity event on Capitol Hill. “Some things have changed, but the behavior element remains largely the same because that’s expensive to change,” he said. “The actors are going to change tactics; they’re going to change tools,” Kahsen explained at the event, hosted by the Lexington Institute. “We need to be looking for the things that they did that are more difficult to change – the human behavior element.” The human behavior that Kahsen referenced typically includes a group’s hours of operations or coding style, which cybersecurity experts say […]
The post DHS cyber specialist: look for behavior patterns with APTs appeared first on Cyberscoop.
Continue reading DHS cyber specialist: look for behavior patterns with APTs
Senators want National Guard on call for cyberattacks
A pair of Senate Democrats have introduced legislation that would give the National Guard a bigger role in defending everything from election systems to dams from cyberattacks. The bill from Sens. Maria Cantwell, Wash., and Joe Manchin, W.Va., would set up National Guard “cyber civil support teams” in every state and territory “to bridge the gap between federal and non-federal cybersecurity efforts,” the senators’ offices said in a release. The bill would put $50 million toward the National Guard teams, which would be tasked with preventing and mitigating the impact of cyber incidents, training critical infrastructure operators, and relaying classified threat information from U.S. Cyber Command to the states and private companies. States would have until September 30, 2022 to make their National Guard cyber teams operational. Another Democrat from Washington State, Rep. Derek Kilmer, has introduced companion legislation in the house. “As cyberattacks on the United States increase, we must […]
The post Senators want National Guard on call for cyberattacks appeared first on Cyberscoop.
Continue reading Senators want National Guard on call for cyberattacks
Threat Intelligence in the Age of Cyber Warfare
In the age of cyber warfare, security analysts must determine which assets are most critical and prioritize their defense strategies accordingly.
The post Threat Intelligence in the Age of Cyber Warfare appeared first on Security Intelligence.
Continue reading Threat Intelligence in the Age of Cyber Warfare
Crisis Leadership, Part 2: What Are We Learning?
In addition to responding to threats in progress, crisis leadership involves rehearsing various responses to prepare for a data breach.
The post Crisis Leadership, Part 2: What Are We Learning? appeared first on Security Intelligence.
Continue reading Crisis Leadership, Part 2: What Are We Learning?
Cybersecurity Meets Gamification at CTF Competitions
CTF competitions offer a closed arena for IT amateurs and experts to build and exercise their cybersecurity skills — and have a little fun along the way.
The post Cybersecurity Meets Gamification at CTF Competitions appeared first on Security Intelligence.
Continue reading Cybersecurity Meets Gamification at CTF Competitions
Crisis Leadership: The Missing Link in Cyberattack Defense
C-suite executives often lack the experience and training required to establish and lead a successful cyberattack defense program.
The post Crisis Leadership: The Missing Link in Cyberattack Defense appeared first on Security Intelligence.
Continue reading Crisis Leadership: The Missing Link in Cyberattack Defense