IS Centurion Consulting Ltd

If your business is concerned about the ransomware threat, you might consider doing automated configuration audits of your firewalls. Why? Check out how much hardened Fortigate firewalls and isolating (using network segmentation) your critical/important business service environments can disrupt the threat actor's Delivery Mechanisms. For example, hardening your Fortigate firewalls , against the CIS Fortigate 7.0.x Benchmark, v1.3.0 can help deliver the following: Perimeter Firewall: Emphasis on external-facing security: - Recommendation 1.3: "Disable all management-related services on WAN port" is essential for perimeter firewalls to reduce the attack surface they expose to the Internet. - Recommendations like 3.3 are about using ISDB to deny traffic from and to known malicious IP addresses is particularly important at the network edge. Focus on inbound threat prevention: - Security profiles like IPS (4.1.2), Antivirus (4.2 series), and Application Control (4.4 series) are crucial for inspecting incoming traffic from untrusted sources. VPN security: - Recommendations in section 6 about SSL VPN hardening are more relevant for perimeter firewalls providing remote access. Internal Segmentation Firewalls: Emphasis on lateral movement prevention: - Recommendation 1.2: "Ensure intra-zone traffic is not always allowed" becomes increasingly important when it comes to internal segmentation in order to avoid network lateral movement. Granular policy control: - Recommendation 3.2 about not using "ALL" as a service in policies is essential for precise control between internal segments. Focus on both inbound and outbound inspection: - Security profiles are applied bi-directionally to monitor and control traffic between internal segments. Logging and visibility: - To maintain visibility between segments, internal firewalls may need more detailed logging (3.4) and centralized logs (7.3.1). Authentication and access control: - Section 2.4's recommendations for admin accounts and access control become more nuanced when dealing with internal firewalls, requiring integration with internal identity management systems. Common to Both:- Firmware and system hardening (2.1 series recommendations) - The use of encryption and secure management practices (2.1.9, 2.1.10). - Ensure robust monitoring and logging (Section 7) - Implementation of security fabric features (Section 5) to detect and respond to comprehensive threats https://a.co/d/1zthyLa #ransomware #threatmanagement #cybersecurity #ransomwareattacks

I wonder where all these CISOs will come from? https://lnkd.in/eTCKdCw8 #protectivesecurity #riskmanagement #cybersecurity #australia

As equally important as the Principles of Need to Know and Least Privilege is the often neglected Principle of Least Functionality. If you’re worried about the Ransomware threat, this is something that can really help. • Reduced Attack Surface: By disabling unnecessary functions, ports, protocols, and services, the attack surface is significantly reduced. This limits the avenues through which ransomware can infiltrate a system. • Limitation of Exploitable Vulnerabilities: Systems configured with only essential capabilities are likely to have less exploitable vulnerabilities that need to be managed. This reduces the chances of ransomware gaining unauthorised access or executing malicious activities. • Prevention of Privilege Escalation: By restricting system functionalities, the opportunities for privilege escalation—where an attacker gains elevated access rights—are minimised. This containment is crucial in preventing ransomware from spreading across networks. • Enhanced System Security: Ensuring that systems operate with only necessary functions enhances overall security and stability. It prevents attackers from exploiting non-essential features that are often overlooked in security assessments. https://lnkd.in/evEJs8MX #cybersecurity #ransomware #securebydefault #riskmanagement

Following the considerable noise that was created after the CrowdStrike incident, have the lines for what is considered to be a security incident 🆚 an operational incident become blurred? If security incidents are deemed to be a result of a compromise of the Confidentiality, Integrity, Availability +/or Authenticity (CIAA), if an update is applied to enhance operational effectiveness, and that causes an outage, is this a security incident? #cybersecurity #operations #incidentmanagement #operationalresilience

Could your business sustain and recover from a ransomware attack? Sadly the Lockbit ransomware attack on KNP Logistics proved fatal to their business, leading to the tragic loss of 730 jobs. https://lnkd.in/eBZq4zn7 #logistics #ransomware #ransomwareattack #cybersecurity

Using the aviation industry to help explain the intent of PCI DSS Requirement 6.3.1: "6.3.1 Security vulnerabilities are identified and managed as follows: • New security vulnerabilities are identified using industry-recognized sources for security vulnerability information, including alerts from international and national computer emergency response teams (CERTs). • Vulnerabilities are assigned a risk ranking based on industry best practices and consideration of potential impact. • Risk rankings identify, at a minimum, all vulnerabilities considered to be a high-risk or critical to the environment. • Vulnerabilities for bespoke and custom, and third-party software (for example operating systems and databases) are covered. Applicability Notes: This requirement is not achieved by, and is in addition to, performing vulnerability scans according to Requirements 11.3.1 and 11.3.2. This requirement is for a process to actively monitor industry sources for vulnerability information and for the entity to determine the risk ranking to be associated with each vulnerability.  Purpose Classifying the risks (for example, as critical, high, medium, or low) allows organizations to identify, prioritize, and address the highest risk items more quickly and reduce the likelihood that vulnerabilities posing the greatest risk will be exploited. " In understanding the associated risks, it is important to understand the threat actors' TTPs so that you can analyse the likelihood that a vulnerability might be exploitable. On 21 Dec 1998, terrorists managed to smuggle an IED onto PAN AM flight 103, in 1991 PAN AM filed for bankruptcy: https://lnkd.in/eA_WZGEa In response, to these terrorists' TTPs, the aviation industry evolved its mitigation measures. By Sep 2001, the terrorists had evolved their TTPs to evade the aviation industry's evolved techniques. #terrorism #counterterrorism #pcidss #cybersecurity #riskmanagement #threatmanagement #vulnerabilitymanagement

Extortionware: How is your business planning to turn the tide? 1. Increasing Financial Impact: By 2031, ransomware damages are expected to reach $265 billion annually, driven largely by an increase in attacks, with predictions suggesting a ransomware attack every two seconds. 2. Evolving Attack Methods: The rise of generative AI, which allows more sophisticated phishing campaigns and ransomware attacks, will facilitate the evolution of attackers' methods, particularly by exploiting cloud and VPN infrastructures. 3. Ransomware as a Service (RaaS): Ransomware campaigns are becoming more widespread due to the RaaS model, which lowers the barriers to entry for cybercriminals. Ransomware attacks become more common and accessible due to this model, which provides attackers with the necessary tools and infrastructure. https://lnkd.in/g-Ct9j8G DON'T wait to become their next victim! #ransomwareattacks #cybercriminals #cybersecurity #ransomware

Have you ever wondered how Mitre D3fend's Network Isolation looks in the Mitre Att&ck framework? "Network Isolation (D3-NI): Network Isolation techniques prevent network hosts from accessing non-essential system network resources." #ransomware #networksegmentation #networksecurity #cybersecurity

As you can see from CrowdStrike's Root Cause Analysis (RCA) report, patching is not as easy as many might think. The cause of the major incident: - A flaw in a new template type, which had been developed to detect novel attack techniques. A coding error allowed for 20 input parameters, whereas 21 input parameters were needed. #patchmanagement #vulnerabilitymanagement #riskmanagement #softwaredevelopment #incidentmanagement #cybersecurity

This Cybersecurity and Infrastructure Security Agency alert provides the following 4 recommendations: https://lnkd.in/gYB-jv26 1. Take an inventory of assets and data, identifying authorized and unauthorized devices and software. 2. Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate applications. 3. Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices such as firewalls and routers 4. Regularly patch and update software and applications to their latest versions, and conduct regular vulnerability assessments. I would argue that most organizations should already be trying to do these. What is missing is the recommendations for containing the impact of such a vulnerability being exploited: 1. Categorise your identified assets and data (identify your IBSs). 2. Tokenize or encrypt your most sensitive data. 3. Silo your IBSs (network segmentation & isolation). 4. Monitor effectiveness of network segmentation and ensure strict change control is maintained. That way, you have ring-fenced your IBSs with extra defensive layers. #cybersecurity #ransomware #riskmanagement #networksecurity