https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

3 security lessons learned from the Kaseya ransomware attack

3 security lessons learned from the Kaseya ransomware attack

  • Written by Ashok Sankar / Dark Reading
  • 2nd November 2021

Ransomware attacks targeting the supply chain are increasing in frequency, along with the cost of ransom payments. In the first half of 2021, the average ransomware payment totaled $512,000, a 171% increase from $312,000 in 2020. More so, the amount these attackers request has also increased, with the average ransomware demand in 2021 being $5.3 million, up 518% from the 2020 average of $847,000.

One security incident in particular, the Kaseya ransomware attack, brought attention to a new wave of ransomware attacks specifically targeting managed service providers (MSPs), which often serve as the security lifeline for small to medium-sized businesses. These attacks give cybercriminals access to the MSP provider, the organizations it serves, and many of the organizations’ customer networks as well — creating a ripple effect of digital havoc. These attacks are also much harder to prevent, since they often exploit employees at the company who think they’re performing everyday tasks like logging in to email. This issue has become more prevalent, especially with the shift to hybrid work. As more and more devices are connected to the cloud, the harder it is to safeguard those endpoints from attackers.

Let’s explore how organizations can better prepare themselves and their customers for these attacks in the future, and some of the strategies to identify the threats before they become a widespread issue.

Trust No One: Zero Trust as a Prevention Mechanism
With the Kaseya attack, the REvil ransomware group was able to bypass authentication by simply sending a note password, granting them a session cookie that allowed them to have a low key where they could upload files onto the Kaseya VSA server. This was a fairly simple exploit that could have been avoided if there had been more stringent behavior detection practices in place, which can be achieved through zero trust.

The fundamental principle behind zero trust is that any entity trying to connect to an enterprise resource should be validated for compliance against a set of predetermined attributes before it can connect and stay connected to that resource. In effect, its premise is to consider anybody and anything operating inside or outside the enterprise network as hostile.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Public Safety Security Software State & Local Government Tracking, Monitoring & Control Training Partner content

Most Recent


  • 3 security lessons learned from the Kaseya ransomware attack
    Newscan: Japanese carrier outage lasts multiple days
    Web Roundup Items from other news organizations KDDI network ‘almost restored’ as Japan assesses outage’s full impact Up to 39.15 million KDDI mobile lines affected during nationwide disruption Vendor outage affects state unemployment, job-seeking sites Supreme Court deals blow to net-neutrality fans How many satellites are too many? TSA implements ‘surge team’ to allow pipeline […]
  • Criminals use deepfake videos to interview for remote work
    Security experts are on the alert for the next evolution of social engineering in business settings: deepfake employment interviews. The latest trend offers a glimpse into the future arsenal of criminals who use convincing, faked personae against business users to steal data and commit fraud. The concern comes following a new advisory this week from the […]
  • Tesla recalls 59,000 vehicles over emergency-call software glitch
    A software glitch has prompted Germany’s automotive regulator to call for the recall of more than 59,000 Teslas. The country’s Kraftfahrt-Bundesamt (KBA) agency published a notice on its website notifying Model Y and Model 3 owners of a bug with the Emergency Call (eCall) safety system on the vehicles. Tesla describes eCall as a “call system that automatically contacts […]
  • Report: Reforming emergency dispatch won't be easy, but it's necessary
    Over the last several years, reforming law enforcement has been a primary topic of discussion in communities across the nation. Discourse has mostly centered around the challenges agencies face in addressing the complex needs of those in mental health crisis, and the disparity of experience among community members depending on their race. But in this […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Local intelligence's role in fully automated mobility
  • QR codes help attackers sneak e-mails past security controls
  • 6 eye-opening statistics about software supply-chain security
  • SolarWinds attacker targets cloud service providers in new supply-chain threat

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Newscan: Japanese carrier outage lasts multiple days dlvr.it/STS9JJ

6th July 2022
UrgentComm

Criminals use deepfake videos to interview for remote work dlvr.it/STRjZM

6th July 2022
UrgentComm

Tesla recalls 59,000 vehicles over emergency-call software glitch dlvr.it/STRcgT

6th July 2022
UrgentComm

Report: Reforming emergency dispatch won’t be easy, but it’s necessary dlvr.it/STRYNP

6th July 2022
UrgentComm

FCC clears SpaceX to connect Starlink to boats, planes, other moving vehicles dlvr.it/STRXGB

6th July 2022
UrgentComm

Judge orders Hytera to make large royalty payment this month to Motorola Solutions dlvr.it/STRRQc

6th July 2022
UrgentComm

Sesame Solar leverages mobile solar, hydrogen to power efforts beyond the grid dlvr.it/ST8m3K

1st July 2022
UrgentComm

Newscan: On front lines, communications breakdowns prove costly for Ukraine dlvr.it/ST7fnC

30th June 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X