New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Senate Includes Over $1.9 Billion for Cybersecurity in Infrastructure Bill

This week the Senate passed a $1 trillion bipartisan infrastructure bill. Within the bill, the Senate included more than $1.9 billion for cybersecurity improvements. The funds aim to improve critical infrastructure and help vulnerable organizations improve their cybersecurity posture. The bill creates a grant program at the Department of Homeland Security (DHS) providing aid to state and local governments and improving cybersecurity systems. Additionally, DHS’s Cybersecurity and Infrastructure Security Agency was given $35 million to invest in risk management, while $150 million was allocated to DHS’s Science and Technology Directorate for cybersecurity research.

Analyst Notes

The infrastructure bill will now head to the House for approval. The cybersecurity portions of the legislation have been discussed by members of the Senate as early as January of this year. The recent ransomware attacks and the Solar Winds cyber incident have put these issues at the forefront of debate. The cybersecurity portion of the infrastructure bill will be a massive improvement to the nation’s cybersecurity posture. Organizations still need to be proactive in improving their security posture to contend with the multiple types of cyber threats. To protect against cyber threats and data breaches, organizations should have an incident response plan in place. A detailed plan should include digital forensics response activation and notification procedures for a cyber incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other Remote Desktop Services by protecting them behind a strong VPN with Multi-Factor Authentication (MFA) and auditing any unusual login events from IP addresses or devices that are different from what the employee account normally uses. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. Provide social engineering and phishing training to employees. Urge them not to open suspicious emails, not to click on links or open attachments contained in such emails, and to be cautious before visiting unknown websites. When an attack makes it through the outer layers of defense, it is important to have a Security Operations Center or a managed security monitoring service with expert security analysts on duty, such as the Binary Defense Security Operations Task Force. The Task Force provides a 24/7 monitoring solution of SIEM and endpoint detection systems to detect and defend from intrusions on an organization’s network.