Login | May 08, 2024
CISA rolls out online security tools
RICHARD WEINER
Technology for Lawyers
Published: April 21, 2023
The US Cybersecurity & Infrastructure Agency (CISA) has developed and is distributing two tools to help with large scale online security for vulnerable systems.
The first one can help solve one of the modern world’s biggest problems with cloud computing—the unseen hacks into cloud-based data that can affect a business, law firm, or infrastructure.
It is a new, open-source incident response tool called “Untitled Goose Tool” which helps detect signs of malicious activity in the Microsoft cloud environment, including the Azure and M365 worlds.
The tool is a “robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods to run a full investigation…” The tool then dumps those findings to security (or wherever it is directed to dump it).
Although this is only available in the Microsoft environment for now, it is a large step toward decreasing potential liability for both the business and Microsoft in the event of a data breach.
Hopefully, the tool will be adapted to the other cloud providers.
CISA also rolled out an open-source tool to detect ransomware attack vulnerabilities and early ransomware entries called “Decider.”
That tool dropped after the agency released a best practices guide in January.
All of this followed launch of the Joint Cyber Defense Collaborative, the public-private partnership to prevent ransomware attacks on critical infrastructure reported here before.
And all of that followed the cybersecurity assessment tool the agency released in June 2021 called Ransomware Readiness Assessment, as well as guidance to help at-risk private sector and governmental organizations avoid costly ransomware attacks and the data breaches attendant to them.
The upshot of all of this official activity has been to stop a number of ransomware attacks.
In a statement, CISA said "Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community."
Not bad for an agency that was basically dead in the water two years ago. Maybe the government is good for something after all.
Thanks for the roundup to bleepingcomputer.com.