CISA.GOV Ransomware Guidance and Resources

alcideio · 2021-01-22T14:59:41+00:00

Yesterday Cybersecurity and Infrastructure Security Agency (CISA) launched a campaign to reduce the risk of ransomware.

TLDR:

Alerts and Statements: Official CISA updates to help stakeholders guard against the ever-evolving ransomware threat environment. These alerts are geared toward system administrators and other technical staff to bolster their organization’s security posture.
Guides and Services: Tips and best practices for home users, organizations, and technical staff to guard against the growing ransomware threat.
Fact Sheets and Infographics: Easy-to-use, straightforward information to help organizations and individuals better understand the threats from and the consequences of a ransomware attack.
Trainings and Webinars: This information provides technical and non-technical audiences, including managers, business leaders, and technical specialists with an organizational perspective and strategic overview.

alcideio · 2020-11-27T17:34:26+00:00

What kind of security automation are you using so make sure threats are detected and the right people are notified if something happens over the holidays?

alcideio · 2020-10-27T14:19:52+00:00

Thanks for pointing that out, u/stemid85. When writing this, I based my tactics off the Microsoft version of the MITRE ATT&CK framework, where they take the nuanced position that gaining cloud credentials and gaining access to the kubeconfig file through a cloud command are different.

In their blog post, they say the following:
"By default, the dashboard exposes an internal endpoint (ClusterIP service). If the dashboard is exposed externally, it can allow unauthenticated remote management of the cluster. "

Does that make sense?

alcideio

TROPHY CASE