Home|Tag: breachandattacksimulation

Ransomware: Develop and Test Your Response Strategy Using Simulation

Ransomware: Develop and Test your Response Strategy Using Simulation In this blog I want to take a look at Simulating a Ransomware Attack and how you would go about developing and testing a Response Strategy. I’ve already covered the basics of a Ransomware attack in this blog article: The object of this exercise is twofold: Maintain business continuity – or in other words a ransomware attack should have little to no disruption to business; Contain and eliminate the attack quickly with minimal effort; Throughout this blog I am going to focus on behaviour rather than specific IoCs. Please also note that the information provide here is a high-level guide and not an exhaustive task list and is focused on the endpoint only. In a future blog post I will cover network security controls. While User Awareness Training is recommended is hasn’t been included as part of validating security controls.

By |2020-10-14T14:11:48+00:00October 14th, 2020|Blog|0 Comments

Ransomware: Do you have a tried and tested strategy in place?

Ransomware: Do you have a tried and tested strategy in place? With the recent Garmin outage that is still ongoing, which has allegedly been caused by a Ransomware attack, a large number of Executives are going to be asking tough questions about how Ransomware could impact their own organisations, as there is a good chance that this outage has had a direct effect on their daily lives. TL:DR – Ransomware attacks are preventable, however organisations need to have a tried and tested strategy in place to prevent these attacks. Breach and Attack Simulation provides the visibility needed to develop and test a Ransomware prevention strategy. While my intention with this article is not to speculate on the Garmin outage specifically, the points below are important factors that YOUR business should consider as important attributes of your Cyber Incident Response Protocol. Due to a lack of transparent communication with their clients

By |2020-07-28T07:54:34+00:00July 27th, 2020|Blog|0 Comments

How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises

How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises In conjunction with an announcement by the Australian Prime Minster, Scott Morrison, on National Television, the Australian Cyber Security Centre (ACSC) recently published an advisory (Advisory 2020-008: Copy-paste compromises) giving the MITRE Tactics, Techniques and Procedures (TTPs) used against multiple Australian organisations seen in recent campaigns by a sophisticated threat actor.   The title “Copy-paste compromises” is derived from the actor’s heavy use of tools copied almost identically from open source. One of the ACSC recommendation is that:   “It is imperative that Australian organisations are alert to this threat and take steps to enhance the resilience of their networks.”   And while the Advisory also recommends the following:   Prompt patching of internet-facing software, operating systems and devices Use of multi-factor authentication across all remote access services Implementing the remainder of the

By |2020-07-06T13:21:28+00:00July 6th, 2020|Blog|0 Comments

Regularly Validating Security Controls with Breach and Attack Simulation

Regularly Validating Security Controls with Breach and Attack Simulation   Validating Security Controls is of vital importance for all organisations and is mandated by Cyber Security Frameworks like National Institute of Standards and Technology (N.I.S.T.) who offer a simple high-level way to do this using 5 steps:   IDENTIFY (CROWN JEWELS) PROTECT DETECT RESPOND RECOVER   To emphasise the importance of validating Security Control on a regular basis think of pilots doing a pre-flight check and inspection of their aircraft. Not performing these checks and inspections could lead to a loss of license for the pilots and the airline as it is mandatory and so should validating your organisation’s Security Controls. Simplistically you start by Identifying a Crown Jewel which could be an Endpoint, A Domain Controller or a Business Application. The next step is to detail and understand the attack vectors, which could be infiltration via email or a

By |2020-05-18T13:22:53+00:00May 18th, 2020|Blog|0 Comments

Breach and Attack Simulation vs Penetration Testing

Breach and Attack Simulation vs Penetration Testing Cyber attacks have evolved dramatically in the past decades. The capabilities, scope, fallout and number of targets of these attacks have greatly increased. This has resulted in damages from cybercrimes reaching all time, worldwide highs which are only set to increase. As a result, organisations are finding it necessary to test their organisation’s cyber security posture on the regular. Elasticito can help you navigate this process to find a solution suitable to your organisation. MITRE-ATT&CK-APT3+APT29 | Elasticito A Common Question! A common question people evaluating cyber security testing options for their organisations ask us is: “how does Breach & Attack Simulation differ from penetration testing”? The simple and shortest answer to this question is that both have their own part to play in making enterprise cyber defences more effective. Breach & Attack Simulation (BAS) are tools that allow businesses to simulate

By |2020-05-11T13:26:50+00:00May 11th, 2020|Blog|0 Comments

You Should Adopt a Cyber Security Framework – Here’s Why

You Should Adopt a Cyber Security Framework – Here’s Why Today, cyber attacks and cyber security breaches are constantly happening around the world. These attacks are also continuously evolving, becoming more sophisticated and unforeseen. This makes it difficult for organisations to proactively prevent phising, malware and ransomware attacks. So what can your organisation do to become resilient to cyber threats? A suitable cyber security framework and cyber security policies and procedures can reinforce your organisation’s IT security.       Cyber Security Framework A growing number of organisations are coming to the realisation that their extensive investment in cyber security technologies has not provided the resilience to cyber attacks that they were expecting and are looking for answers as to why they are still susceptible to phishing, ransomware and malware. The answer to this susceptibility conundrum lies in the understanding and adoption of a Cyber Security Framework (CSF). This doesn't mean that blindly adopting

By |2020-04-29T13:42:34+00:00April 29th, 2020|Blog|0 Comments

Using Breach and Attack Simulation with MITRE ATT&CK to highlight threat actor behaviours

MITRE ATT&CK is a phenomenal global free knowledge base produced by MITRE, a US Government research organisation, that maps adversary tactics and techniques that are used by threat actors to launch cyber attacks against targets.  The ATT&CK framework (which stands for Adversarial Tactics, Techniques, and Common Knowledge) began its life in 2013 and now incorporates a vast array of Tactics, Techniques and Procedures (TTPs). As Sun Tzu famously wrote in The Art of War, 'Know your enemy ...' - this is about understanding how cyber adversaries operate and what tactics and techniques they use when conducting reconnaissance on a target and launching an attack, with the aim to try and disrupt their activity to make an attack too complex or too costly for the attacker to pursue. MITRE ATT&CK Navigator The MITRE ATT&CK Navigator is used to map and filter adversary TTPs in order to understand the phases and techniques

By |2020-04-07T06:55:30+00:00April 6th, 2020|Blog|0 Comments

Webinar – Automated Breach & Attack Simulation vs Penetration Testing to validate security controls

Webinar - Automated Breach & Attack Simulation vs Penetration Testing to validate security controls Register now   Over 1,000 exploits and vulnerabilities are publicised every month. It is no longer effective to solely rely on point-in-time manual penetration tests to test your defences. In this webinar, you will learn how a new generation of automated Breach & Attack Simulation solutions are transforming the way that offensive security testing is conducted across the whole network, safely and continuously, to provide evidence-based data on the effectiveness of security controls. Who should attend? - CISOs - Security Architects and Strategists - Offensive Security specialists - Security Operations professionals When? Thursday 2 April 2020 at 10:00 GMT Register now  

By |2020-03-09T12:06:30+00:00March 2nd, 2020|Events|0 Comments