Cyber Defense eMagazine February Edition for 2022

More documents

Recommendations

Info

Ransomeware Hackers May Be Hidden in Your Network for Months • JBS May 31, 2021. JBS is one of the largest meat suppliers in the US. Hackers caused it to temporarily halt operations at its five largest US-based plants. The ransomware attack also disrupted the company's Australia and UK operations. JBS paid the hackers $11 million in ransom money. The hackers began with a reconnaissance phase in February 2021, followed by Data Exfiltration from March 1 to May 29, 2021. • Colonial Pipeline May 6, 2021. The largest refined’ products pipeline in the US went offline on May 6 h . The pipeline covers 5,500 miles and transports 100 million gallons of fuel daily. The hackers gained access to their network April 29. On May 6 Data Exfiltration began with the hackers stealing 100 gigabytes of data before locking Colonial Pipeline computers with ransomeware. The pipeline paid hackers $4.4 million in ransom money on May 7th. • CNA Financial March 23, 2021. CNA Financial, the seventh largest commercial insurer in the US announced it had sustained a sophisticated cybersecurity attack. CNA Financial eventually paid $40 million in May 2021 to get its data back. Conventional approaches to cyber security may not prevent Data Exfiltration and Data Breaches. In 2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense Agency recognized this and all issued requests for proposals (RFP) for network full packet data capture for Deep Packet Inspection analysis (DPI) of network traffic. This is an important step forward protecting confidential database data and organization information. Zero-day vulnerabilities that allow hackers to gain system privileges are a major threat to all organizations encrypted and unencrypted confidential data. Confidential data includes: credit card, tax ID, medical, social media, corporate, manufacturing, trade secrets, law enforcement, defense, homeland security, power grid and public utility data. This confidential data is almost always stored in DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL and SAP Sybase databases. How to Stop Data Exfiltration and Data Breaches with Deep Packet Inspection Protecting encrypted and unencrypted confidential database data is much more than securing databases, operating systems, applications and the network perimeter against Hackers, Rogue Insiders and Supply Chain Attacks. Non-intrusive network sniffing technology can perform a real-time Deep Packet Inspection (DPI) of 100% the database activity from a network tap or proxy server with no impact on the database servers. The database SQL activity is very predictable. Database servers servicing 1,000 to 10,000 end-users typically process daily 2,000 to 10,000 unique queries or SQL commands that run millions of times a day. Deep Packet Analysis does not require logging into the monitored networks, servers or databases. This approach can provide CISOs with what they can rarely achieve. Total visibility into the database activity 24x7 and 100% protection of confidential database data. Cyber Defense eMagazine – February 2022 Edition 82 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Advanced SQL Behavioral Analysis from DPI Prevents Data Exfiltration and Data Breaches Advanced SQL Behavioral Analysis of 100% of the real-time database SQL packets can learn what the normal database activity is. Now the database query and SQL activity can be non-intrusively monitored in real-time with DPI and non-normal SQL activity immediately pinpointed. This approach is inexpensive to setup and has a low cost of operation. Now non-normal database activity from Hackers, Rogue Insiders or and Supply Chain Attacks can be detected in a few milli seconds. The Security Team can be immediately notified and the Hacker session terminated so that confidential database data is not stolen, ransomed or sold on the Dark Web. About the Author Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He is the architect of the Database Cyber Security Guard product, a database Data Breach prevention product for DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and SAP Sybase databases. He has a Master’s Degree in Computer Science and has worked extensively over the past 25 years with real-time network sniffing and database security. Randy can be reached online at rreiter@DontBeBreached.com, www.DontBeBreached.com and www.SqlPower.com/Cyber-Attacks. Cyber Defense eMagazine – February 2022 Edition 83 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
How Criminals Have Migrated Through
Page 3 and 4:
Combining True MDR & SOC for Robust
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - February
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
How Criminals Have Migrated Through
Page 19 and 20:
Quite often the perpetrator claims
Page 21 and 22:
• Identity Access Management (IAM
Page 23 and 24:
About The Author Active with the IC
Page 25 and 26:
Given the rise in cyber-attacks, th
Page 27 and 28:
Why is that? Let’s take COVID-19
Page 29 and 30:
soon as possible and base it on str
Page 31 and 32: How Do I Reliably Identify You If I
Page 33 and 34: validation, what can be a very reli
Page 35 and 36: How To Improve Federal Endpoint Det
Page 37 and 38: What should agencies look for in a
Page 39 and 40: Decision Trees in Case of a Ransomw
Page 41 and 42: expertise’s recommended returning
Page 43 and 44: was sentenced to 12 years for payin
Page 45 and 46: Verify But Trust Managing insider t
Page 47 and 48: We now live in a world where the in
Page 49 and 50: 2. Cryptographic Failures - Cryptog
Page 51 and 52: Conclusion Penetration testing is a
Page 53 and 54: 1. Increase enterprise security pro
Page 55 and 56: minimise the impact on business per
Page 57 and 58: Today's Digital Battlefield Demands
Page 59 and 60: UAE can be a cyber security powerho
Page 61 and 62: Why Ransomware is Only a Symptom of
Page 63 and 64: Response vendor that can leverage a
Page 65 and 66: Critical IT infrastructure had to b
Page 67 and 68: Killware is the Next Big Cybersecur
Page 69 and 70: The most effective way to defend ag
Page 71 and 72: Combining True MDR & SOC for Robust
Page 73 and 74: especially those who want to build
Page 75 and 76: intelligence, data logs, and advanc
Page 77 and 78: But when it comes to cybercrime, a
Page 79 and 80: of in 2022. In effect, ransomware h
Page 81: Detect Ransomware Data Exfiltration
Page 85 and 86: In contrast, the corresponding reac
Page 87 and 88: of how PCs, laptops, and other Wind
Page 89 and 90: Cyber Insurance: What Executives Ne
Page 91 and 92: Keeping Premiums Low Once Coverage
Page 93 and 94: Data Security Must Be a Priority as
Page 95 and 96: sites like Facebook or LinkedIn. Cy
Page 97 and 98: Why Building Managers Need to Prior
Page 99 and 100: It should also provide the means fo
Page 101 and 102: Cyber Defense eMagazine - February
Page 123 and 124: CyberDefense.TV now has 200 hotseat
Page 125 and 126: Books by our Publisher: https://www
show all

Cyber Defense eMagazine February Edition for 2022

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?