Security News

Over the past year, an Iran-linked threat actor named Agrius has been observed launching destructive attacks on Israeli targets, under the disguise of ransomware attacks, according to endpoint security company SentinelOne. Likely state-sponsored, the threat group initially engaged in cyberespionage attacks, but then attempted to extort victims, claiming to have exfiltrated and encrypted data.

A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution. The attack saw its computer systems encrypted, putting its operations offline and causing fuel shortages for American drivers.

Today, Cato Networks has released an analysis of the network flows across its platform during Q1, 2021, seeking anomalous behavior in approximately 200 billion traffic flows during Q1, 2021. "Blocking network traffic to and from 'the usual suspects' may not necessarily make your organization more secure," comments Etay Maor, senior director of security strategy at Cato Networks.

From paralysing the internet in Estonia to a $4.4-million ransom being paid last week after the shutdown of a major US pipeline, we take a look back at 15 years of cyberattacks. The Baltic nation of Estonia was the first state hit by a massive cyberattack in 2007, paralysing key corporate and government web services for days.

The incidents of the past month have confirmed the lack of cyber resilience in many industrial companies and is another reminder of the benefits of zero trust in mitigating the effects of ransomware. The industrial community must improve resilience in operational networks using zero trust strategies.

Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios. SimuLand test labs "Provide use cases from a variety of data sources including telemetry from Microsoft 365 Defender security products, Azure Defender, and other integrated data sources through Azure Sentinel data connectors," MSTIC Threat Researcher Roberto Rodriguez said.

Glass and metal packaging giant Ardagh Group this week disclosed a cyberattack that forced it to shut down certain systems and applications. The Luxembourg-based company, one of the largest producers of glass and metal packaging products, says it was able to safely continue operations at its facilities despite the incident.

Neal Dennis: There's a lot of good things out there that are kind of one-offs, or staging one-offs, when the campaigns in the cyberwar kick off. You're kind of out in front of the threats as a community.

The European Council this week announced its decision to extend for one year the framework for sanctions against cyberattacks that threaten the European Union and its member states. Established in 2017, the framework allows member states to take restrictive measures against cyberattacks, including to prevent, discourage, deter and respond to malicious activities.

Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S. The government's invitation to provide feedback that will be open for almost two months comes at a time of prominent cyberattacks such as, the Colonial Pipeline incident, the Codecov supply-chain attack, and ransomware attacks on mission-critical organizations [1, 2] that continue to grow.