CIRO issues cybersecurity playbook as ransomware gang is disrupted | #ransomware | #cybercrime

The FBI says that the group has targeted over 2,000 victims, received more than $120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars.

With the chance that the crime group will rebuild, the scale of its infrastructure and network highlights the importance of strong cyber defences, especially for high-risk industries such as financial services. The world’s largest bank by assets globally was targeted by LockBit in November 2023.

CIRO guidance

CIRO’s new Ransomware Response Playbook details high-level steps that a member firm needs to take to ensure a timely, coordinated, and effective response to a ransomware attack. It points out that “cyber incidents are becoming increasingly prevalent and pose an existential threat” to the industry.

With growing sophistication and volume of attacks, the regulator has also published a Cybersecurity – Ransomware Notice which lists some basic steps for firms to respond to attacks. It highlights the most common ways that criminals initiate ransomware attacks:

  1. Phishing attacks, i.e. malicious links or attachments sent through emails, text messaging and other communication technology, is the most common threat vector
  2. “Drive-by downloads” which occur when an individual clicks on a compromised website or on a malicious advertisement on a legitimate website (i.e. malvertising)
  3. Stolen credentials, which are available on the dark web from a previous exposure or attack
  4. Brute-force entry into vulnerable web networks and servers 

The guidance has been published following two cybersecurity table-top exercises in 2023 for small and medium-sized CIRO member firms.

Source link


National Cyber Security