Topic 2 DQ 1 and 2
.docx
School
Grand Canyon University**We aren't endorsed by this school
Course
ITT 210-O500
Subject
Information Systems
Date
Jan 6, 2025
Pages
3
Uploaded by AgentSteel12501
Topic 2 DQ 1CyberWire Daily is a podcast that provides daily briefings on global cybersecurity news and trends, including data breaches, emerging threats, and cybersecurity policy updates (Bittner, 2024). In the episode I listened to, the hosts discussed recent developments in ransomware, specifically how ransomware-as-a-service is spreading, allowing even less skilled attackers to use sophisticated tools to launch attacks. They also discussed the growing importance of layered defenses, such as network segmentation, multifactor authentication, and advanced threat detection tools. I learned the significance of staying updated on cybersecurity trends as threats evolve quickly, and keeping up-to-date can be key in early detection and prevention. Given the podcast's structured format and relevance, I would definitely listen to CyberWire Daily again and recommend it to other students, as it offers quick and digestible news that’s easy to keep up with.Darknet Diaries, hosted by Jack Rhysider, tells real-world stories from the dark side of the internet, diving deep into real cybercrime cases and offering insights into both the technical and human aspects of hacking (Rhysider, 2024). In one episode, Rhysider shared the story of a significant data breach, where attackers used a combination of phishing and social engineering to gain access to an organization’s critical systems. The episode explored how attackers targeted specific individuals and vulnerabilities, showing that the human element is often the weakest link in cybersecurity. This storytelling format made the information engaging and allowed me to see how the theory of cyber-attacks applies in the real world. Rhysider’s approach to breaking down complex incidents into relatable stories kept me engaged, so I’d definitely revisit his work. I’d also recommend this podcast to other students, especially those interested in the ethical and human side of cybersecurity.Security Now hosted by Steve Gibson, dives deep into the technical side of cybersecurity. In an episode on zero-day vulnerabilities, Gibson explained how these “unknown” vulnerabilities can be exploited by attackers before they’re even discovered by the developers. He outlined how important proactive vulnerability management is, explaining methods like patch management and continuous system monitoring (Gibson, 2023). Listening to Security Now! showed me how important it is to have a strong technical understanding of security risks. Gibson’s detailed breakdowns of complex topics are helpful for anyone with a technical background in cybersecurity. However, for newcomers, it might be more challenging due to the technical jargon. I’d recommend this podcast to students who want to go deeper into the technical aspects of cybersecurity and gain insights that apply directly to defending digital environments.References.Bittner, D. (2024). thecyberwire. N2K CyberWire. https://thecyberwire.com/podcastsGibson, S. (2023). Security now: A podcast covering Hot Topics in tech security: Twit. TWiT.tv. https://twit.tv/shows/security-now?
gad_source=1&gclid=Cj0KCQiA0MG5BhD1ARIsAEcZtwQtnANtwtI-00cpnEZ-ooWK18O3cxv-9l7DbowXJwwxP9WLncCXjNUaAttNEALw_wcBRhysider, J. (2024, November 5). Darknet Diaries – true stories from the dark side of the internet.Darknet Diaries – True stories from the dark side of the Internet. https://darknetdiaries.com/Topic 2 DQ 2.The MOVEit ransomware attack targeted the widely used file transfer software MOVEit Transfer, where attackers exploited a zero-day vulnerability to steal data and encrypt files across numerous systems globally. This attack affected a significant number of organizations, including government agencies and private companies, showcasing a high level of success and impact. The spread mechanism relied on vulnerabilities in the MOVEit software; attackers were able to gain unauthorized access by exploiting unpatched systems within affected organizations. Experts generally advise against paying the ransom in such cases, as it fuels further attacks and does not guarantee the secure recovery of data. Instead, collaborating with cybersecurity professionals is often a more effective strategy for file recovery and strengthening future defenses. To protect against similar incidents, organizations should focus on regular software updates, proactive vulnerability management, and minimizing internet exposure of sensitive systems.Royal ransomware has been used to attack critical sectors such as healthcare and manufacturing, with attackers typically infiltrating systems through phishing emails or exploiting weak Remote Desktop Protocols (RDP). This group has achieved success in obtaining ransom payments due to the essential nature of the systems they compromise, placing intense pressure on victims to restore access quickly. Royal ransomware primarily spreads through phishing and other social engineering tactics, often deploying fake technical support scams to deceive users. Despite this, experts strongly discourage paying the ransom, as it increases the likelihood of future attacks. Instead, organizations are advised to maintain strong backups, conduct regular cybersecurity training, and employ endpoint detection tools. To prevent infection, educating employees on phishing risks and enforcing secure access management policies, such as limiting RDP access, are effective protective measures.Akira ransomware is primarily directed at small to mid-sized businesses, where it encrypts data and threatens to leak it if ransom demands are not met. This ransomware has significantly impacted various companies, with attackers often demanding substantial payments. Akira spreads through vulnerabilities such as weak credentials, unpatched software, and insufficient network security measures. Experts generally recommend against paying the ransom due to potential ethical and legal concerns, as well as the lack of assurance in recovering encrypted data. To mitigate the risk of Akira ransomware, businesses are encouraged to adopt
regular patching schedules, enforce strong password policies, and use network segmentation to limit potential damage.References:Banks, M. (2022). Black Basta Ransomware: Outbreak alert. FortiGuard Labs. https://www.fortiguard.com/outbreak-alert/black-basta-ransomwareIkeda, S. (2023, October 16). #stopransomware: Cl0p ransomware gang exploits CVE-2023-34362 moveit vulnerability: CISA. Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158aOsborne, C. (2023, March 18). Lockbit 3.0 ransomware: Inside the cyberthreat that’s costing millions. The Hacker News. https://thehackernews.com/2023/03/lockbit-30-ransomware-inside.html