The Week in Ransomware - October 13th 2023 - Increasing Attacks
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid. [...]
Outages can disrupt security tools and critical services, showing how failures in infrastructure, vendors, or recovery plans affect cyber resilience.
Search across headline titles and summaries.
Background for this topic.
Outage is a period when a system, network, application, or online service is unavailable or cannot perform its intended function. It may be planned maintenance or an unplanned disruption caused by equipment or software failure, misconfiguration, a dependency problem, natural hazards, or a denial-of-service attack. The tag generally concerns availability incidents, not every performance issue or security breach.
For security practitioners, an outage requires determining whether malicious activity contributed to the disruption while preserving relevant logs, network telemetry, and system state for investigation. Defenses include capacity planning, segmented and redundant architecture, tested failover and recovery procedures, and controls that limit the effect of DDoS traffic or compromised dependencies. Emergency changes made during recovery should be authorized and recorded, since they can create new vulnerabilities or affect data integrity. Clear incident ownership and communications help coordinate technical response without obscuring the cause or scope.
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid. [...]
Kwik Trip has been impacted by a wide range of mysterious business disruptions since this weekend that are indicative of a ransomware attack. [...]
Simpson Manufacturing yanks systems offline, warns of ongoing disruption Simpson Manufacturing Company yanked some tech systems offline this week to contain a cyberattack it expects will "continue to cause disruption."…
Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new 'contain user' capability in public preview. [...]
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.