Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: As Feds Hunt CL0P Gang, Check Out Tips on Ransomware Response, Secure Cloud Management and Cloud App Data Privacy

Tips on CL0P Gang, Ransomware Response, Secure Cloud Management and Cloud App Data Privacy

Learn all about the U.S. government's reward for CL0P ransomware leads. Plus, check out ransomware incident response recommendations. Also, review concrete guidance on cloud system administration and on designing cloud apps with privacy by default. And much more!

Dive into six things that are top of mind for the week ending June 23.

1 – Wanted: Feds offer $10 million reward for CL0P info

The CL0P ransomware gang lately has been making hay out of the MOVEit Transfer vulnerabilities, so it's no surprise it's drawn the attention of law enforcement. This week, the U.S. Department of State announced a reward of up to $10 million for information on the group – or on any attackers targeting U.S. critical infrastructure. Check out the details below.

Feds offer $10 million reward for CL0P info

For more information about the MOVEit Transfer vulnerabilities and CL0P, check out these Tenable resources:

VIDEOS

Tenable CEO Amit Yoran discusses CL0P Ransomware Gang with CNN

Anatomy of a Threat: MOVEIt

Tenable CEO Amit Yoran discusses MOVEit Transfer Hack on BBC Asia

2 – IANS: Best practices for ransomware incident response

And staying on the ransomware topic, you can never have too many tips, insights and best practices into how to address these attacks. That’s why a recent IANS Research blog post about building an incident response process for ransomware caught our eye. Here’s what it recommend:

  • Be as prepared as possible for a ransomware attack, including having data backups; a business continuity and disaster recovery plan for critical applications; cyber insurance coverage; and updated threat intelligence information.
  • Have tools and processes in place that let you detect early signs of an attack, so you can isolate and contain impacted systems before widespread damage is done. Items to assess include known ransomware signatures and anomalous I/O activity.
A blueprint for ransomware incident response
  • Collect critical data quickly and thoroughly, including when the infection happened, what was the infection method, what’s the attack’s scope and magnitude; and what’s the impact on the business.
  • Outline a course of action, including ways to reduce business impact, whether to loop in your insurance provider, examining your threat intelligence and deciding on whether to pay the ransom or not
  • Restore the damaged data and bring all affected systems back up, including fixing the underlying cause of the attack

To get all the details, read the IANS Research blog “How to Build a 5-Step IR Process for Ransomware.

For more information about ransomware, check out these Tenable resources:

3 – Guidance on high-risk and emergency access to cloud services

The U.K.’s National Cyber Security Centre (NCSC) this week delved into two specific and critical areas of cloud system administration – high-risk access and emergency access – and how to secure them.

Guidance on high-risk and emergency access to cloud services

For high-risk access, which allows cloud service administrators to manage a critical component during normal operation, the NCSC recommends:

  • Implementing phishing-resistant multifactor authentication for users with this level of access 
  • Require that these admins use a privileged access workstation (PAW), which is a dedicated hardware device for performing high-risk management tasks

Also known as “break the glass” access, emergency access lets administrators manage cloud services during abnormal circumstances when systems may be down. NCSC security tips include:

  • Ask your cloud provider what account recovery options are available, and make sure you’re ready to use them if needed
  • Ensure that alarms are triggered when emergency access steps are taken in case it’s not a legit action but rather a sign of a breach

To get all the details, check out the NCSC’s blog “Protecting how you administer cloud services.”

For more information about secure cloud administration:

4 – Study: U.S. critical infrastructure at risk due to weak public-private collaboration 

A new study finds the relationship between the U.S. government and the private sector for protecting critical infrastructure is obsolete and underfunded – a danger to national security.

That’s the conclusion from the report “Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure” published by CSC 2.0, a project that’s continuing the work that the U.S. Congress-backed Cyberspace Solarium Commission conducted from 2019 to 2021.

US critical infrastructure at risk due to weak public-private collaboration

“The policy underpinning this public-private sector relationship has become outdated,” reads the 36-page report. “Similarly, the implementation of this policy – and the organization, funding, and focus of the federal agencies that execute it – is inadequate.” 

CSC 2.0’s recommendations center on rewriting the Presidential Policy Directive 21 (PPD-21), adopted during the Obama administration, and include:

  • Clarify CISA’s roles and responsibilities as the national risk management agency
  • Establish responsibilities and accountability for updating key documents
  • Organize public-private collaboration to mitigate systemic and cross-sector risk
  • Develop functional information-sharing capacity across all sectors

To get all the details, read the report’s announcement, the executive summary and the full report.

For more information about critical infrastructure cybersecurity:

5 – Build privacy into cloud apps by default and by design

Building cloud apps that’ll store and process private data? Check out seven foundational principles of privacy by default and by design from Eyal Estrin, a cloud and infosec architect who authored the book “Cloud Security Handbook.

  • Implement proactive and preventive security controls offered by cloud providers in areas like identity and access management, network protection and data encryption
  • Adopt privacy as the default setting at the application level and infrastructure level, minimizing collection and retention of data, and encrypting it in transit and at rest
  • Embed privacy safeguards into an app’s design, so that it supports data privacy regulations and rights
  • When embedding privacy safeguards into the design, don’t affect the app’s security controls and other services’ performance
  • Protect data from end-to-end for its full lifecycle, including collection, storage, retirement and disposal
  • Craft a comprehensive and clear privacy policy for the app, and keep it updated
  • Make privacy user-centric, with privacy settings turned on by default and with easy ways for users to opt-in and opt-out, and to export their data

To get all the details, read Estrin’s post “Privacy by Design and Privacy by Default in the Cloud” in the Cloud Security Alliance blog.

For more information about cloud data privacy and security:

6 – Secure your baseboard management controllers

CISA and the NSA have issued a joint information sheet with guidelines for hardening baseboard management controllers (BMCs), embedded controllers that allow administrators to monitor computers, servers and other hardware devices.

Secure your baseboard management controllers

“Hardened credentials, firmware updates and network segmentation options are often overlooked, leading to a vulnerable BMC,” reads a joint alert. A breached BMC can let attackers take actions like “establishing a beachhead with pre-boot execution potential.”

Recommended actions include:

  • Protecting BMC credentials by changing defaults ASAP, using strong passwords and establishing unique user accounts for administrators
  • Enforcing VLAN separation to isolate BMC network connections
  • Hardening configurations

To get all the details, read the joint announcement and the actual document, titled “Harden Baseboard Management Controllers.

For more information about BMCs and how to secure them:

(Editor's note: This blog was updated on June 27, 2023 to correctly attribute the CL0P ransomware reward offer to the U.S. Department of State.)

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.