DISC InfoSec
#InfoSecTools and #InfoSectraining
Ask DISC an InfoSec & compliance related question
May 11 2022
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline.
The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide.
DarkSide is an example of what’s known as RaaS, short for ransomware-as-a-service, where a small core team of criminals create the malware and handle any extortion payments from victims, but don’t perform the actual network attacks where the malware gets unleashed.
Teams of “affiliates” (field technicians, you might say), sign up to carry out the attacks, usually in return for the lion’s share of any blackmail money extracted from victims.
The core criminals lurk less visibly in the background, running what is effectively a franchise operation in which they typically pocket 30% (or so they say) of every payment, almost as though they looked to legitimate online services such as Apple’s iTunes or Google Play for a percentage that the market was familiar with.
The front-line attack teams typically:
- Perform reconnaissance to find targets they think they can breach.
- Break in to selected companies with vulnerabilities they know how to exploit.
- Wrangle their way to administrative powers so they are level with the official sysadmins.
- Map out the network to find every desktop and server system they can.
- Locate and often neutralise existing backups.
- Exfiltrate confidential corporate data for extra blackmail leverage.
- Open up network backdoors so they can sneak back quickly if they’re spotted this time.
- Gently probe existing malware defences looking for weak or unprotected spots.
- Turn off or reduce security settings that are getting in their way.
- Pick a particularly troublesome time of day or night…
…and then they automatically unleash the ransomware code they were supplied with by the core gang members, sometimes scrambling all (or almost all) computers on the network within just a few minutes.
The Disaster Recovery Handbook: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets
Business Continuity Planning & Disaster Recovery (ISO 22301)
👇 Please Follow our LI page…
DISC InfoSec
#InfoSecTools and #InfoSectraining
Nov 04 2016
Cyber security is not enough
Cyber security is not enough – you need to become cyber resilient
Cyber Resilience Implementation Suite
It’s no longer sufficient to suppose that you can defend against any potential attack; you must accept that an attack will inevitably succeed. An organisation’s resilience in identifying and responding to security breaches will become a critical survival trait in the future. The Cyber Resilience Implementation Suite has been designed to help organisations create an integrated management system that will help defend against cyber threats and minimise the damage of any successful attack. This suite of products will help you to deploy the cyber security Standard
ISO27001
ISO22301
Cyber Resilience Implementation Suite
Contents
This suite includes:
- ISO 22301 Business Continuity Management System (BCMS) Implementation Toolkit(worth ÂŁ495)
- ISO27001 2013 ISMS Standalone Documentation Toolkit (worth £595)
- Disaster Recovery & Business Continuity third edition (eBook)Â (worth ÂŁ29.95)
- A Manager’s Guide to ISO22301 (eBook) (worth £29.95)
- Nine Steps to Success, second edition (eBook)Â (worth ÂŁ24.95)
- Resilient Thinking (eBook)Â (worth ÂŁ19.95)
Start building cyber resilience into your organisation today.
Apr 27 2016
Why you should care about ISO 22301?
Business Continuity is the term now given to mean the strategies and planning by which an organization prepares to respond to catastrophic events such as fires, floods, cyber-attacks, or more common human errors and accidents
Business Continuity Management System (BCMS) puts such a program in the context of an ISO Management Systems, and ISO 22301:2012 sets a certifiable standard for a BCMS. It is the first and most recognized international standard for business continuity.
Several other standards, particularly BS 25999 have had wide international acceptance, however, they are now largely supplanted by ISO 22301.
The obvious benefits to an organization having a robust, mature business continuity program have been outlined in this Newsletter previously (April, 2015). They center on being able to respond to disruptions so an organization stays in business and meets its obligations and commitments to all stakeholders.
However, there are additional ways that an organization can benefit from adhering to a business continuity standard, particularly ISO 22301. These benefits can accrue from obtaining certification to the Standard, and also from formally aligning to the Standard without actual certification.
For more on additional benefits: So, why should you care about 22301?
Steps in ISO 22301 implementation are the following:
1. Obtain management support
2. Identify all applicable requirements
3. Develop top-level Business Continuity Policy and objectives
4. Write documents that support the management system
5. Perform risk assessment and treatment
6. Perform business impact analysis
7. Develop business continuity strategy
8. Write the business continuity plan(s)
9. Implement training and awareness programs
10. Maintain the documentation
11. Perform exercising and testing
12. Perform post-incident reviews
13. Communicate continuously with the interested parties
14. Measure and evaluate the BCMS
15. Perform internal audit
16. Implement all the necessary corrective and preventive actions, and
17. Perform the management review
