Please enjoy this month’s episode of The Gate 15 podcast on Anchor, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts.
The Risk Roundtable crew gathers after a long weekend and talks about two enduring issues that we can’t seem to get away from – the latest ransomware and terrorism news – as well as ideas on government sharing of classified information with the private sector. We find out a little more about Dave and Jen, as they recognize some of their favorite movies and actors, and salute some favorite sodas, er, pop brands, or fizzy drinks? And the team acknowledges some great information sharing champions including Jim Rosenbluth, President, Analytic Risk Solutions, and Aharon Chernin, the CEO at Perch Security.
Gate 15 continues to conduct workshops and other educational and exercise events focused on hostile events (active shooter), ransomware, and more. Please contact our team if we can assist your organization plan and prepare for these and other threats.
Some of the references from our podcast and additional resources include:
- Kaseya: Updates Regarding VSA Security Incident (ongoing updates).
- Huntress Labs: Rapid Response: Mass MSP Ransomware Incident (ongoing updates).
- Zack Whittaker, @zackwhittaker, Security Editor @TechCrunch commenting on the Kaseya response: ‘”This attack was never a threat nor had any impact to critical infrastructure.” Wow. Kaseya’s messaging about the attack was actually going well, until its PR team waded in.’
- Additional ransomware links shared in last month’s Risk Roundtable post are reshaped below, including White House guidance to industry)
- NIAC report on information sharing.
- Executive Order 13388 (2005), which directed agencies to give highest priority to developing information systems and disseminating intelligence-related information to fellow agencies, State and local governments, and private-sector entities.
‘To the maximum extent consistent with applicable law, agencies shall, in the design and use of information systems and in the dissemination of information among agencies: (a) give the highest priority to (i) the detection, prevention, disruption, preemption, and mitigation of the effects of terrorist activities against the territory, people, and interests of the United States of America; (ii) the inter-change of terrorism information among agencies; (ili) the interchange of terrorism information between agencies and appropriate authorities of State, local, and tribal governments, and between agencies and appropriate private sector entities; and (iv) the protection of the ability of agencies to acquire additional such information; and (b) protect the freedom, information privacy, and other legal rights of Americans in the conduct of activities implementing sub-section.‘
- We discussed some recent reports on terrorism and extremism. The following can be searched for online (links not included): MEMRI: New Issue Of Al-Qaeda In The Arabian Peninsula (AQAP) ‘Inspire’ Magazine – The First Since April 2017 – Calls Colorado Shooter Ahmad Al-Issa ‘Mujahid,’ Urges Muslims To Follow In His Path And Target ‘The American Enemy’ Inside And Outside The U.S. ABC News: ‘Perfect storm’: Bulletin warns of extremist violence as pandemic restrictions lift.
- NTAS Bulletin, 14 May 2021
- WSJ, FBI Director Compares Ransomware Challenge to 9/11, 04 Jun 2021
- Armis, Beer, cheese, fuel, and now meat. What’s next?, 03 Jun 2021.
- Malwarebytes, Ransomware to be investigated like terrorism, 04 Jun 2021
- Cybercrime Magazine, Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031, 03 Jun 2021
- The Gate 15 Interview: Ransomware Running Rampant! 28 Sep 2020. Some notes from that post: In the discussion Jeremy and Andy discussed some ransomware security best practices. Jeremy shared some technical ideas and listeners are encouraged to review the Cybersecurity and Infrastructure Security Agency’s Ransomware Resources, including CISA’s Ransomware page. Some of the best practices listed there include:
- Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
- DHS CISA and MS-ISAC Ransomware Guide, (announcement)
- U.S. DHS CISA, Ransomware Guidance and Resources: A DHS repository of ransomware-related products, including government alerts, guides, and fliers.
- U.S. NCIJTF, Ransomware Factsheet: A joint-sealed ransomware factsheet adressing current ransomware threats and provide information on prevention and mitigation techniques.
- U.S.S.S. Cybercrime Investigations, The U.S. Secret Service released a series of fact sheets related to ransomware attacks and how to report cybercrime-related incidents to the government.
- A Guide to Ransomware
- Contacting Law Enforcement
- Reporting Cyber Incidents to the Federal Government
- U.S. FTC, Ransomware Prevention: An Update for Business: A blog outlining the commission’s stance on ransomware.
- U.S. Department of Treasury, Advisory on Potential Sanctions for Facilitating Ransomware Payments: This advisory alerts companies of the potential sanctions risks for facilitating ransomware payments.
- U.S. Department of Treasury, Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments: This advisory alerts financial institutions to predominant trends, typologies, and potential indicators of ransomware and associated money laundering activities.
- U.S. White House memo, as reported by The Hill: Memo to Protect Against The Threat of Ransomware: This open letter urges the private sector to increase efforts to defend against ransomware.
- U.K. NCSC: Cyber Security Toolkit for Boards: Ransomware: A blog post outlining the basics of ransomware and the essential questions a board should be asking technical experts.
- Intel471, Here’s what happens after a business gets hit with ransomware.
- Cyber Readiness Institute, Ransomware Playbook
- Heimdal Security, What is Ransomware – 15 Easy Steps To Protect Your System.
- FireEye, Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment.
The Risk Roundtable podcast is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally. As we seek to help apply a threat-informed, risk-based approach to analysis, preparedness and operations, we hope these podcasts are informative and maybe even a little entertaining. Read more about Gate 15’s full podcast menu at our Podcast page. We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: firstname.lastname@example.org.
- The Risk Roundtable, a panel discussion among our Gate 15 team;
- The Cybersecurity Evangelist, with Jennifer Lyn Walker;
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder; and
- The Gate 15 Interview, a monthly interview with security and risk management leaders.
We hope you’ll subscribe, listen and share your ideas and other feedback!