Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: Insights on Hive Ransomware, Supply Chain Security, Risk Metrics, Cloud Security

Cybersecurity Snapshot: Insights on Hive Ransomware, Supply Chain Security, Risk Metrics, Cloud Security

Get the latest on the Hive RaaS threat; the importance of metrics and risk analysis; cloud security’s top threats; supply chain security advice for software buyers; and more! 

Dive into six things that are top of mind for the week ending Nov. 25.

1 - Ransomware attackers pocket over $100M with Hive

In the past 18 months, cybercriminals have used the Hive ransomware-as-a-service (RaaS) to hijack the systems of 1,300-plus companies and shake down victims for around $100 million in ransom payments, with the healthcare sector especially impacted.

That’s according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) in which they detail Hive indicators of compromise, as well as techniques, tactics and procedures.

Ransomware attackers pocket over $100M with Hive ransomware
Prevention and mitigation recommendations include:

  • Install software updates as soon as they are released, and prioritize patching VPN servers, remote access software, virtual machine software and exploited vulnerabilities.
  • Require “phising-resistant” multifactor authentication as much as possible, in particular for services like webmail, VPNs, accounts with access to critical systems and accounts that manage backups.
  • Maintain offline data backups, and ensure all backup data is encrypted, immutable and comprehensive.
  • If infected with ransomware, isolate the impacted system, remove it from all networks, disable its networking capabilities and disconnect all shared and networked drives.

For more information, watch this video by Justin Hall, a senior research manager at Tenable:

To learn more about Hive and ransomware in general, check out these resources:

2 - CompTIA: Cybersecurity and risk analysis will mesh in 2023

In its “2023 IT Industry Outlook” report, the non-profit Computing Technology Industry Association (CompTIA) outlines 10 trends to watch next year, and one in particular caught our eye: An emerging, evolving connection between cybersecurity metrics and risk analysis. 

As companies shift from a defensive, reactive focus to a proactive, preventative approach, they face a key challenge: How do you measure success and progress when cybersecurity becomes a moving target?

CompTIA: Cybersecurity and risk analysis will mesh in 2023

Yes, keeping tabs on, for example, the number of patched systems and the percentage of trained staffers is a good start. But to truly map cybersecurity efforts to business objectives, you’ll need what CompTIA calls “an organizational risk approach to metrics.”

What would this look like?

  • Assessing the risk of digital activities
  • Calculating financial impacts
  • Building mitigation plans

“This structure can then be used to justify investment, determine skill needs or quantify cyber insurance activity,” reads the report.

For more information about cybersecurity metrics and risk management:

3 - SANS updates its most dangerous cyber attack techniques

At RSA Conference in June, a panel of SANS Institute instructors presented what they consider the five types of cyberattacks that represent the biggest threats, and they recently revisited their list to offer an update.

In the video below, the SANS panelists discuss what’s new with these “most dangerous” cyberattacks, look ahead at 2023 and offer tips and recommendations:

  • Living off the cloud
  • MFA bypass
  • Ghost backup attack
  • Stalkerware
  • Cyberwarfare

For more information, you can read this blog about the presentation.

4 - CISA issues supply chain security guide for software buyers

A guide aimed at helping customers steer clear of unsafe software has been released by the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Office of the Director of National Intelligence.

CISA issues supply chain security guide for software buyers

It’s the third guide devoted to software supply chain security issued by these agencies recently. The first one focused on advising developers, while the second one was aimed at suppliers.

Recommendations for software buyers are broken out into three main categories:

  • Procurement and acquisition, which includes:
    • Definition of requirements
    • Product evaluation
    • Contracts
  • Deployments, which includes:
    • Product acceptance
    • Functional testing
    • Security testing and validation
  • Software operations, which includes:
    • Bug reporting by users
    • Software updates
    • Security and supply chain risk management

Each section includes a discussion of potential threat scenarios along with recommended mitigations.

For more information, read the 39-page guide, titled “Securing the Software Supply Chain: Recommended Best Practices Guide for Customers.” 

And check out these articles and videos about software supply chain security.

Articles

Videos

5 - Play it again, Sam: Another look at CSA’s top cloud security threats

With cloud security firmly top of mind for most security leaders, it seems like a good time to revisit the Cloud Security Alliance’s “Top Threats to Cloud Computing.” Below we highligh one or two key recommendations for each and link to subsequent blogs CSA has so far devoted to nine of the 11 threats highlighted in the report.

1. Insufficient identity, credentials, access and key management

  • Deprovision users’ privileged accounts immediately after they leave the organization or change their role.
  • Ensure users’ privileges match their roles and responsibilities so that they don’t get excessive access and permissions to systems and data.

2. Insecure interfaces and APIs

  • Adopt tools that automate continuous monitoring of API traffic, detect anomalies and remediate issues.
  • Adjust conventional controls and change management policies to secure cloud-based APIs.

3. Misconfiguration and inadequate change control 

  • Adopt technologies that continuously scan and detect cloud misconfigurations.
  • Ensure your change control approach matches the speed and dynamism of changes in cloud environments.

4. Lack of cloud security architecture and strategy 

  • Craft a cloud security architecture and strategy covering identity and access management, networking and security controls.

5. Insecure software development

  • Ensure your developers understand the shared responsibility model between your organization and the cloud service provider (CSP).
  • Take advantage of the security guidance CSPs provide for deploying software securely.

6. Unsecured third-party resources

  • Periodically review third-party products you’re using and revoke the access and permissions of those you no longer need.
  • Perform penetration tests and use static and dynamic application security testing tools.

7. System vulnerabilities 

  • Conduct routine vulnerability scanning and deploy patches for critical bugs as soon as possible.

8. Accidental cloud data disclosure

  • Ensure your cloud databases and storage are properly secured with strong authentication requirements and properly configured.
  • Adopt tools that can flag routing or network services that expose traffic externally, including load balancers and content delivery networks.

9. Misconfiguration and exploitation of serverless and container workloads

  • Use cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), and cloud workload protection platforms (CWPP) to automatically check serverless workloads.
  • Boost cloud security training, governance processes and reusable secure cloud architecture patterns to cut the risk of insecure configurations.

10. Organized crime/hackers/APT

  • Simulate the tactics, techniques and procedures of advanced persistent threat (APT) groups to assess the detection precision of your monitoring tools.
  • Carry out a business impact analysis to get visibility into your information assets.

11. Cloud storage data exfiltration

  • Adopt your CSP’s best practices and monitoring/detection capabilities.
  • Set different controls based on data classification, and document the recovery actions required in an incident response plan.

6 - SANS: Critical cybersecurity controls for ICS

In a new white paper, the SANS Institute identifies five critical cybersecurity controls that organizations can implement for creating an “efficient and effective” security program for their industrial control systems (ICS).

SANS: Critical cybersecurity controls for ICS
Intended to focus on outcomes, as opposed to being prescriptive, the controls are:

  • An ICS-specific incident response plan that facilitates root cause analysis
  • A defensible architecture that reduces as much risk as possible via system design and implementation
  • ICS networking visibility and monitoring that helps to understand systems interactions
  • Secure remote access via multifactor authentication or compensating controls
  • Risk-based vulnerability management

For more information about the security of ICS and operational technology (OT) systems, check out these new Tenable videos.

The top threats to ICS systems

Proactively Securing ICS/OT Systems

ICS Security: Securing Industrial Controllers

Securing the Industrial Control Plane

Automated Asset Discovery and Management for Industrial Systems

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training