For more crisp and insightful business and economic news, subscribe to The Daily Upside newsletter. It's completely free and we guarantee you'll learn something new every day.

Microsoft wants its computers to stop blowing through so much energy. 

The company filed a patent application for a "sustainability-aware" system for device behavior management. The system would determine the actions taken by a computing device by considering their impact on the energy grid. 

Microsoft's system first obtains what it calls "sustainability information" associated with an energy grid, such as how carbon-intense the action will be at a given time, and a variety of environmental factors, such as weather, temperature, and energy demand on the grid. It also collects and stores historical sustainability information. 

With this information (and in some examples using an AI model), it churns out a sustainability forecast, and uses that forecast to manage device functionality by holding off on performing certain actions until they'd have a "comparatively lower environmental impact." The system also takes into account the tasks that need to be done and their priority when deciding what actions to put off. Microsoft said this avoids energy consumption during peak times which would have a higher environmental impact. 

In practice, this could show up on the user end as a task scheduler requesting to put off downloads, software updates, backups or charging a device's battery. The sustainability forecast is updated periodically, and may change if the location of your device or IP address changes. 

Along with reducing strain on the grid, Microsoft said its tech can manage behavior in a way that lengthens hardware lifespan, thereby avoiding e-waste and reducing carbon emitted in the manufacturing of a new device.

Microsoft is no stranger to environmental goals. On the patent side, the company filed an application for a carbon capture system that works to reduce emissions from its data centers. And carbon capture tech is just a piece of the company's ambitious goal to go carbon-negative by 2030, and remove the equivalent of its historical emissions by 2050. 

While the patent details delaying actions such as downloading, charging and system updates that are typically associated with personal computers, inventions in patents are often intended to cover a far wider scope than the examples within them. With that in mind, Microsoft's tech could be put into practice in data centers, said Dr. Dan Stein, founder and director of climate giving consultancy Giving Green.

Microsoft's tech could hold off certain data center operations until times of day when clean energy is readily available, said Stein, whether it be from the energy grid or from its own sources of renewable energy. Given that data centers accounted for roughly 1.3% of energy consumption globally in 2022, according to the International Energy Agency, Microsoft keeping its own data centers in check in this way could help it make progress toward its broader goals. 

"The idea is, if you could anticipate when there's going to be clean energy, and there are certain highly computational intensive tasks that you have a choice of when you're going to them, you would just do them at the right time," said Stein. 

The question of how much this could help is still up in the air, said Stein, as some actions likely can't be delayed depending on safety and user demand times. However, Microsoft's filing is one example of a type of energy conservation that's being discussed and implemented far beyond tech companies, extending to household appliances, utilities and basically every other operation that uses up energy, said Stein. 

"The energy nerds call it demand shaping," said Stein. "It's getting the demand to be when we have access to clean electricity." 

Have any comments, tips or suggestions? Drop us a line! Email at [email protected] or shoot us a DM on Twitter @patentdrop. If you want to get Patent Drop in your inbox, click here to subscribe.

Over a dozen vulnerabilities discovered by Microsoft researchers in Codesys products can be exploited to cause disruption to industrial processes or deploy backdoors that allow the theft of sensitive information.

Germany-based Codesys makes automation software for engineering control systems. Its products are used by some of the world’s largest industrial control system (ICS) manufacturers, the vendor claiming that its software is found in millions of devices — roughly 1,000 different types of products made by over 500 manufacturers.

Microsoft researchers specializing in the security of cyberphysical systems have discovered a total of 16 vulnerabilities in Codesys Control V3 versions prior to 3.5.19.0. The security holes were reported to Codesys in September 2022 and patches were announced in April 2023. 

All of the vulnerabilities have been assigned a ‘high severity’ rating. They can be exploited for denial-of-service (DoS) attacks or for remote code execution (RCE).

Threat actors could exploit them to target programmable logic controllers (PLCs) and other ICS devices using Codesys software. Microsoft’s research focused on PLCs made by Schneider Electric and Wago. 

While exploitation of the vulnerabilities requires authentication, the researchers showed how hackers could exploit older Codesys flaws, such as CVE-2019-9013, to achieve this. 

“While exploiting the discovered vulnerabilities requires deep knowledge of the proprietary protocol of Codesys V3 as well as user authentication (and additional permissions are required for an account to have control of the PLC), a successful attack has the potential to inflict great damage on targets,” Microsoft explained. 

It added, “Threat actors could launch a DoS attack against a device using a vulnerable version of Codesys to shut down industrial operations or exploit the RCE vulnerabilities to deploy a backdoor to steal sensitive data, tamper with operations, or force a PLC to operate in a dangerous way.”

Microsoft has published a lengthy blog post describing the vulnerabilities and how they can be exploited. The tech giant has also made available an open source tool designed to help users identify affected devices.

Codesys also has an advisory describing the flaws (direct obtain link). 

The Codesys vulnerabilities were summarized in a session at the Black Hat cybersecurity conference this week by Microsoft researcher Vladimir Tokarev. 

Related: Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors

Related: Serious Vulnerabilities Found in CODESYS Software Used by Many ICS Products

Related: OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products

Symantec's discovery isn't actually the first time that Cobra DocGuard has been used to distribute malware. Cybersecurity firm ESET found that in September of last year a malicious update to the same application was used to breach a Hong Kong gambling company and plant a variant of the same Korplug code. ESET found that the gambling company also had been breached via the same method in 2021.

ESET pinned that earlier attack on the hacker group known as LuckyMouse, APT27, or Budworm, which is widely believed to be based in China and has for more than a decade targeted government agencies and government-related industries, including aerospace and defense. But despite the Korplug and CobraGuard connections, Symantec says it's too early to link the wider supply chain attack it has uncovered to the group behind the previous incidents.

“You can't rule out the idea that one APT group compromises this software, and then it becomes known that this software is vulnerable to this kind of compromise, and somebody else does it as well,” says Symantec's O'Brien, using the term APT to mean “advanced, persistent threat,” a common industry term for state-sponsored hacker groups. “We don't want to jump to conclusions.” O'Brien notes that another Chinese group, known as APT41 or Barium, has also carried out numerous supply chain attacks—perhaps more than any other team of hackers—and has used Korplug, too.

To add to the attack's stealth, the CarderBee hackers managed to somehow deceive Microsoft into lending extra legitimacy to their malware: They tricked the company into signing the Korplug backdoor with the certificates Microsoft uses in its Windows Hardware Compatibility Publisher program to designate trusted code, making it look far more legit than it is. That program typically requires a developer to register with Microsoft as a business entity and submit their code to Microsoft for approval. But the hackers appear to have obtained a Microsoft signature through either developer accounts they created themselves or obtained from other registered developers. Microsoft didn't respond to WIRED's request for more information on how it ended up signing malware used in the hackers' supply chain attack.

Malware that's signed by Microsoft is a long-running problem. Getting access to a registered developer account represents a hurdle to hackers, says Jake Williams, a former US National Security Agency hacker now on faculty at the Institute for Applied Network Security. But once that account is obtained, Microsoft is known to take a lax approach to vetting registered developers' code. “They typically sign whatever you, as the developer, submit,” Williams says. And those signatures can, in fact, make malware far harder to spot, he adds. “So many folks, when they threat-hunt, they start by exempting things that are signed by Microsoft,” Williams says.

That code-signing trick, combined with a well-executed supply chain attack, suggests a level of sophistication that makes CarderBee uniquely worthy of tracking, says Symantec's O'Brien—even for those outside of its current targeting in Hong Kong or Chinese neighbor countries. Regardless of whether you’re in China’s orbit, says O’Brien, “it’s certainly one to look out for.”

Microsoft researchers have identified multiple high-severity vulnerabilities that could enable threat actors to shut down power plants.

The flaws were discovered within the CODESYS software development kit (SDK), which is widely used to program and engineer programmable logic controllers in industrial operational technology (OT) systems in sectors like manufacturing and energy.

All versions of CODESYS V3 SDK prior to 3.5.19.0 are affected by the 15 bugs, which were listed in a Microsoft blog post published on August 10, 2023.

The Microsoft’s cyberphysical systems research team said that exploitation of the discovered vulnerabilities could put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS).

A DoS attack against a device using a vulnerable version of CODESYS could enable attackers to shut down a power plant, according to the researchers. In addition, threat actors could tamper with operations, cause a PLC to run in an unusual way, or steal critical information by deploying a backdoor via an RCE.

The researchers acknowledged that exploitation is difficult, with attackers requiring user authentication alongside “deep knowledge of the proprietary protocol of CODESYS V3 and the structure of the different services that the protocol uses.”

It is not the first time vulnerabilities have been discovered in the CODESYS automation software, with Chinese cybersecurity firm NSFOCUS spotting 11 critical security flaws in June 2022.

Remediation

Microsoft said it reported the latest discovery to CODESYS in September 2022 and worked with the firm to develop patches.

CODESYS customers have been urged to apply these fixes as soon as possible. Microsoft recommended that they first identify the devices using CODESYS in their network before checking with device manufacturers to determine which version of the CODESYS SDK is used and whether a patch is available.

To assists with this process, the Microsoft cyberphysical system research team has released an open-source software tool on GitHub that allows users to communicate with devices in their environment that run CODESYS and extract the version of CODESYS on their devices in a safe manner to confirm if their devices are vulnerable.

Parse away, but dire is the climate news these days, including the potential of the world to breach a 1.5c temperature increase threshold by 2027. Such consequences of global warming as fires in Hawaii, the cloak of orange haze from record Canadian fires, and July coming in as the hottest month on record since 1880 increases the pressure to slash carbon emissions as the collective “we” race to meet net zero by 2050.

How is the tech sector addressing its carbon footprint, including the data centers that feed it, the coding that defines it, as well as AI, wireless throughput and other energy-intensive processes that populate it? The sustainability efforts of Apple, Google, Cisco and other tech companies are explored.

Jump to:

Tech’s impact and role in sustainability

Data centers, most of which are in the U.S., and transmission networks account for up to 3% of global electricity and 3.5% of global greenhouse gas emissions (Figure A).

Figure A

That percentage is also approximately the same as produced by the airline industry, and a little less than the entire energy from the manufacture of fertilizers, pharmaceuticals, refrigerants, oil and gas extraction, which produce approximately 3.6% of carbon emissions worldwide.

Of the 1,325 enterprises that responded to EY’s Reimagining Industry Futures Study, published in February 2023, 54% said emerging technologies can play a vital role in accelerating sustainability. 41% said they believe these technologies can play a largely positive role but also present some risks. Only 4% believe their potentially detrimental impact would outweigh their positive impact.

SEE: Sustainability tops Gartner’s 2023 strategic tech trends list (TechRepublic)

“One of the things I would highlight is that the tech industry has been very forward on the sustainability agenda,” said John Grant, sustainability expert, author and co-founder and former head of strategy at London creative shop St Luke’s.

“Companies including Microsoft have said they are going to remit all the carbon they have ever emitted historically,” he said, adding that Spotify is also a big investor in carbon removal technology. “Generally, tech companies are trying to be really good actors in this space.”

Net zero, carbon neutral, carbon free or carbon negative?

Net zero

The World Economic Forum defines net zero pretty much the way it sounds: taking out what you put into the atmosphere, or as the WEF puts it, “Carbon dioxide emissions are still generated, but an equal amount of carbon dioxide is removed from the atmosphere as is released into it, resulting in zero increase in net emissions.”

Carbon neutral or carbon free, similar but…

Some disambiguation from Energy Tracker Asia helps: The regional energy guide describes carbon neutral as a balancing act between greenhouse gas emissions through offsetting an equivalent amount of carbon from the atmosphere, usually through buying carbon credits.

SEE: How about hardware? Check out how semiconductor makers are going beyond carbon offsets (TechRepublic)

Carbon free, a more challenging proposition, means directly reducing emissions to zero. “For example, if a country or company is carbon-free, all the energy and electricity comes from renewable sources, like wind or solar,” the group said, noting that Washington, California, New Mexico and Hawaii have carbon-free targets in place requiring 100% clean or renewable electricity.

Carbon negative

How about carbon negative, which companies like Microsoft have committed to? Carbon offset company Terrapass explained in a blog that a carbon negative would mean, in theory, emitting less than zero carbon dioxide and carbon dioxide equivalent (CO2e) greenhouse gasses. “Since it is impossible to emit a negative amount of carbon (or any other physical substance), being carbon negative refers to the net emissions you create. To be carbon negative means to offset more carbon, through carbon capture, sequestration or avoidance, than you contribute to the environment.”

Scope 1,2, 3 carbon emission schedule

Many companies, tech and otherwise, adopted carbon-reduction targets based on the Scope 1, 2 and 3 carbon emission schedule (Figure B) from the U.S. Environmental Protection Agency. This three-part agenda defines emissions by government entities:

• Scope 1: A company’s own emissions from on-site combustion, processes, transportation, etc.
• Scope 2: Indirect emissions from the sources of generated power consumed by a company.
• Scope 3: Emissions associated with water treatment, employee travel and waste disposal.

Figure B

Google investing in carbon removal solutions

In 2020, Google’s CEO Sundar Pichai announced the company would commit to operating on 24/7 carbon-free energy by 2030. The company has approached sustainability from several fronts, including applying AI to search in order to provide carbon-emissions data to travelers. In addition, Google plans to invest in carbon removal solutions to neutralize emissions with a goal of running on carbon-free energy worldwide on every grid it uses by 2030.

The company reported that last year it achieved 64% carbon-free energy globally. The company said it consumed around 7 GW of renewable energy globally last year (Figure C).

Figure C

Grant pointed out that Google managed to drop the energy used to cool its data centers by up to 40% by using AI developed by DeepMind, and for years has been buying renewable energy from wind farms physically close to its data centers. He added, “These are key projects Google is including in its calculation of how to reduce their carbon emissions.”

Microsoft launched Cloud for Sustainability, cut operational emissions

Microsoft, which set its first carbon emission goals in 2009 and was carbon neutral in 2012, committed in 2020 to being carbon negative by 2030. They said that by 2030 it will remove more carbon than it emits, “Setting us on a path to remove by 2050 all the carbon the company has emitted either directly or by electrical consumption since it was founded.”

The company said its Microsoft Cloud for Sustainability helps users take such actions as:

• Unify their data intelligence around Scope 1, 2 and 3 energy use goals.
• Build a sustainable IT infrastructure.
• Create green end-to-end value chains.
• Meet other environmental, social and governance goals.
• Innovate around resilience and other sustainable business models.

In Microsoft’s most accurate environmental sustainability report, the company said that In 2022, when business grew by 18%, its overall emissions declined by 0.5%. This is in part because of a 22.7% reduction in Scope 1 and 2 (operational) emissions.

Apple is using its Daisy robot to turn phones to dust

Apple, which has committed to being carbon neutral by 2030, has been using technological innovations such as its Daisy robot to recycle basic materials.In April 2023, Apple reported progress on its climate goals, which included:

• It had decreased its carbon footprint by over 45% since 2015.
• It had directed over 40,000 metric tons of electronic scrap toward recycling.
• 20% of all materials shipped in its products came from recycled sources. Apple said the majority of aluminum in its products are recycled, and that it employs a new, zero-carbon smelting process.

“Apple is one of the most aggressive companies in the world in terms of reclaiming minerals,” said Grant. “However, while they are using their Daisy robots to grind up phones to reclaim the component materials, there are numerous regulations preventing e-waste from being moved across borders. So the collection and delivery of materials is proving very difficult,” he said. This year, Apple pledged to use 100% recycled cobalt batteries by 2025.

SEE: Sustainable solutions for tacking plastic waste (TechRepublic)

Cloud and security firms looking to greener processes

Most cloud, software-as-a-service and security firms are looking at ways to reduce their hardware and server farm footprints through renewable sources of energy and recycling plans, partnerships and consumer programs. Below we focus on efforts from Cisco, Akamai, WithSecure and Gigamon.

Cisco aims for net zero by 2040

In 2021, Cisco announced its goal to be net zero by 2040, including products, operations and supply chain. The company’s plan aligns with Scope 1, 2 and 3 emissions targets, using 2019 as a benchmark.

The company is aiming for:

• 90% reduction in Scope 1 and 2 greenhouse emissions by 2025. Cisco said it would neutralize any remaining emissions by removing an equal amount from the atmosphere.
• 30% reduction in Scope 3 emissions from purchased goods and services, upstream transportation and distribution and use of sold products by 2030.
• Net zero greenhouse gas emissions across its value chain by 2040.

Akamai aims for 100% renewable energy and waste recycling

In 2021, cloud services and web security company Akamai Technologies said 50% of its energy needs had already been met by renewable sources. Akamai also announced 2030 sustainability goals toward 100% renewable energy at data centers, offices, network program partners and other sources of electricity, and said it will use “attestable and traceable sources of renewable energy certificates” to reach them.

One focus is on efficiency of its edge platform, which Akamai characterized as its greatest point of energy consumption, comprising approximately 325,000 servers in more than 135 countries and nearly 1,435 networks around the world as of 2021. In addition, Akamai announced a global expansion of its 100% electronic waste recycling program.

WithSecure launches W/Sustainability initiative

Earlier this year, threat intelligence and response firm WithSecure launched W/Sustainability, designed to make sustainability and transparency part of its strategy and operations, including a green coding initiative to lower energy consumed by software.

Gigamon creates power savings calculator

Gigamon recently launched an Energy Savings Calculator as part of its Network Efficiency Appraisal Team to get customers to cut power consumption, carbon footprint and costs associated with data centers by as much as 87% over five years. The calculator looks at the volume of network traffic sent to tools and the annual growth rate in network traffic to see where energy efficiencies are achievable.

Are ecommerce and cloud services like eBay and AWS inherently sustainable?

Grant asserted that the business models of ecommerce and cloud services companies like eBay and AWS are inherently green because they are marketing their spare capacity. He said, for example, that Amazon’s web service came about because the company was sitting on huge unused capacity, and therefore unnecessary energy costs on unused service.

“AWS was invented, to some extent, because they needed so much capacity at peak moments that they were not using 80% of their service at other times,” he said. “So, renting some of that spare capacity out to people that didn’t have the same peaks that they did made a lot of sense. And that is actually a sustainability business model — it’s like a service economy rental that takes some amount of physical resources and passes it around. So, if I were counting Amazon’s carbon footprint, I’d put a big tick in the margin for that on the positive side. It’s a commercial and sustainable win-win.”

© 2023 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Akamai’s ransomware report released at Black Hat 2023 revealed that exploitation of zero-day and one-day vulnerabilities has led to a 143% increase in total ransomware victims with data exfiltration of files at the end of the kill chain, now the primary source of extortion.

Jump to:

LockBit in the lead, CL0P in 2nd

The report, Ransomware on the Move, looked at how exploitation techniques are evolving — including attackers’ sharpened focus on zero-day vulnerabilities. It showed how victims of multiple ransomware attacks were more than six times more likely to experience the second attack within three months of the first attack.

The authors from Akamai’s Security Intelligence Group reviewed data from the fourth quarter of 2021 to the second quarter of 2023. The authors reported that LockBit ensnared around 39% of all victim organizations tracked by Akamai, which said LockBit’s victim count is three times that of its nearest competitor, the CL0P group. Number three in volume of victims, ALPHV, aka Black Cat, focused its efforts on developing and exploiting zero-day points of entry (Figure A).

Figure A

Top ransomware groups by victim count. Image: Akamai

Anthony Lauro, director of security technology and strategy at Akamai, explained that LockBit looks for high value targets with zero day vulnerabilities that companies can’t fix quickly. They tend to target and retarget these organizations and the sectors — like manufacturing and technology for example — where security operations are lagging, generally. Also, he explained, malware writers can choose tools and services from a growing dark ecosystem.

Two clear trends show how threats are evolving

The report spotlighted two trends that speak to how large groups — with reach and breadth of products including RaaS — have a stable growth and smaller groups focus on opportunities as they arise:

• The first is exemplified by LockBit, characterized by a steady count of 50 victims per month, and activity seems tied to its number of affiliates and its resources.
• The second, typified by groups like CL0P, feature spikes in activity from abusing critical zero-day vulnerabilities as they appear, and highly targeted security flaws.

“Malware writers can now split off operations, which is a change,” said Lauro. “It used to be that the attackers were a single entity or group that would be responsible for malware payload delivery, exploitation and follow up.” He added that, because of the open nature of the malware marketplace, groups like LockBit and Cl0P have been able to co-opt others to perform various tasks in the supply kill chain.

ALPHV: Rust never sleeps

Lauro said within the tactics found more often in the second trend group, “Are the tried and true methodologies, like Windows system vulnerabilities that are not necessarily high severity because these systems aren’t usually available to outside queries. Attackers can still access them. So, there are two major trends: spreading the victim base across easy targets and tactics and ones leveraging CVE and zero days looking at big players as targets.”

ALPHV, for example, second on Akamai’s list of attackers in terms of victim volume, uses the Rust programming language to infect both Windows and Linux systems. Akamai said the group exploited vulnerabilities in Microsoft Exchange server to infiltrate targets.

According to Akamai, the group spoofed a victim’s website last year (using a typosquatted domain). The new extortion technique included publishing the stolen files and leaking them on their website in order to tighten the thumbscrews on victims and encourage ransom payment.

Mid-sized organizations are the ‘Goldilocks zone’ for threat actors

In Akamai’s study, 65% of targeted organizations had reported revenue of up to $50 million dollars, while those worth $500 million dollars and up constituted 12% of total victims, according to Akamai. They also reported that the ransomware data used was collected from the leak sites of approximately 90 different ransomware groups.

Let’s call it ‘Cyberfracking’

If you had invested in a natural gas mining operation, you might “accidentally on purpose” reach out sideways to assets under other peoples’ lawns once you’d tapped out the target. LockBit attackers are likewise reaching out to victim’s customers, informing them about the incident and employing triple extortion tactics with the inclusion of Distributed Denial-of-Service attacks.

Lauro said different stages of exploitation and delivery and execution are the first two steps. Defense is predicated on edge defense elements like visibility, but the rest of it is after the fact, moving laterally and tricking systems, or making requests that look like a “friendly” — all inside the network.

SEE: Look at your APIs! Akamai says observability tools sorely lacking (TechRepublic)

“Once you’re inside most organizations are wide open, because as then, an attacker I don’t have to obtain special toolkits; I can use installed tools. So there is a lack of good localized network security. We are finding more and more environments in bad shape in terms of internal visibility and over time,” he said.

CL0P for a day … a zero day

CL0P, which is number three in terms of its volume of victims over the course of Akamai’s observation period, tends to abuse zero-day vulnerabilities in managed file transfer platforms. Akamai said the group exploited a legacy file transfer protocol that has been officially out of date since 2021, as well as a zero-day CVE in MOVEit Transfer to steal data from several organizations.

“It is worth noting how CL0P has a relatively low victim count until its activity spikes whenever a new zero-day vulnerability is exploited as part of its operation,” said the Akamai report authors. “And unlike LockBit, which has a semblance of consistency or pattern, CL0P’s attacks are seemingly tied to the next big zero-day vulnerability, which is hard to predict (Figure B).”
Figure B

LockBit: a turnkey solution

Akamai noted that LockBit, whose website looks like a legitimate web concern, is touting new tools and even a bug bounty program in its latest 3.0 version. Just like white hats, the group is inviting security researchers and hackers to submit bug reports in their software for rewards ranging up to $1 million.

Akamai noted that while the bug bounty program is principally defensive, “It’s unclear if this will also be used to source vulnerabilities and new avenues for LockBit to exploit victims.” (Figure C).
Figure C

On its site, LockBit seeks ethical AND Unethical hackers. Source: Akamai via Bleeping Computer.

Manufacturing, health care in hot seat

Of all vertical industries, manufacturing saw a 42% increase in total victims during the period Akamai investigated. LockBit was behind 41% of  overall manufacturing attacks.

The health care vertical saw a 39% increase in victims during the same  period, and was targeted primarily by the ALPHV (also known as BlackCat) and LockBit ransomware groups.

SEE: Akamai focused on fake sites in research released at RSA

Mitigation is best defense

Akamai’s recommendations on lessening the chance of attack and mitigating the effects of an incursion include adopting a multilayered approach to cybersecurity that includes:

• Network mapping to identify and isolate critical systems and limit network access in and out to put fences up in the face of threat actors’ efforts at lateral movement.
• Patch, patch, patch: update software, firmware and operating systems.
• Tale snapshots: maintain regular offline backups of critical data and establish an effective disaster recovery plan.
• Develop and regularly test an incident response plan that outlines the steps to be taken in case of a ransomware attack. This plan should include clear communications channels, roles and responsibilities and a process for engaging law enforcement and cybersecurity experts.
• Train, and train again: Don’t give employees, vendors and suppliers access to organizational sites or systems until they’ve had (regular) cybersecurity awareness training on phishing attacks, social engineering and other ransomware vectors.
• If you see something, say something: Encourage employees and stakeholders to report suspicious activities.

Defense is best offense

Defense tactics, according to Akamai, should include:

Blocking exfiltration domains

Limit access to services that can be abused for data exfiltration by either using solutions that block known malicious url and DNS traffic, or by using solutions or controls that allow blocking access to specific domains.

Hang those honey-coated fly strips

Honeypots: use them. Akamai said they can help trap probing attackers, luring them into servers where their activities can be monitored

Scan and scan again

Use an intrusion detection system to do suspicious network scans. Akamai noted that attackers use identifiable tools to finger targets within an organization’s network. You can detect them.

Check passports at the gate

Akamai suggests using tools for inspection of outgoing internet traffic to block known malware C2 servers. “Solutions must be able to monitor your entire DNS communications in real time and block communications to malicious domains, preventing the malware from running properly and accomplishing its goals,” the firm said.