Page 30 - Cyber Defense eMagazine August 2024
P. 30
Testing defenses with sector- & function-specific threats.
To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks
against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector
and function within that sector, including specific TTPs.
The most effective BAS solutions are continuously and quickly updated with new cyber threat information,
including incorporating the latest content from US-CERT and FBI Flash alerts. Attack simulations must
also be informed by a broad base of industry research findings, making integration between BAS
platforms and external threat intelligence networks essential.
A notable example can be found in the recent US-CERT alert around the indicators of compromise (IOCs)
and TTPs for Akira Ransomware that were disclosed by the US FBI, CISA, Europol's European
Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL). The
disclosure was based on research from the FBI, as well as an industry threat research partner.
Evidence suggests Akira has been targeting a wide range of businesses and critical infrastructure entities
since March 2023 across North America, Europe, and Australia. During the initial attacks, threat actors
leveraging Akira ransomware targeted Windows-only systems. However, in April 2023, they began
targeting VMware ESXi virtual machines through a new Linux variant. It is believed that as of the
beginning of this year, the Akira ransomware group successfully impacted over 250 organizations and
extorted nearly $42 million USD from its victims.
BAS enables organizations with a similar profile to the victims of Akira Ransomware to implement
information from such disclosures within their simulations and, in doing so, regularly validate their security
controls—at scale and in a production environment—to ensure optimal performance against this and
other new and evolving cyber threats.
Understanding exposure & developing mitigation responses.
As simulations proceed, CISOs will be best served by utilizing BAS platforms that can not only create
highly customized attacks, but also integrate into their solutions to inform their mitigation priorities and
develop defensive strategies against the most novel of attack vectors.
For instance, a global financial services firm recently used BAS to validate the end-to-end efficacy of its
security tools, alert and detection systems, and incident response workflows. They utilized simulations
that included both known attacks and attacks customized to the organization's specific architecture and
industry. They also integrated both their ticketing system and security information and event management
(SIEM) system with the BAS platform to determine whether their detection mechanisms and alert
notifications were operational, effective, and capable of identifying and responding to specific security
events.
The organization found that notifications around potential malicious activity often were not delivered to
incident responders. In fact, many were being delayed for hours due to the complex pipeline of
Cyber Defense eMagazine – August 2024 Edition 30
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
