The US Cybersecurity and Infrastructure Protection Agency (CISA) has published a white paper with details on free tools and best practices for protecting digital assets after moving to the cloud from on-premises environments.
The newsletter helps cybersecurity teams reduce the risk of information theft and disclosure, as well as data encryption and ransomware attacks.
These tools are designed to help solving the critical challenges of identifying, detecting, and resolving known vulnerabilities and cyberthreats that arise when managing cloud or hybrid environments.
Dedicated tools complement the built-in tools provided by cloud service providers and help improve network infrastructure resilience, strengthen security measures, quickly identify compromises, carefully display potential threat vectors, and effectively detect malicious activity after a breach.
Free tools presented and developed by CISA in collaboration with partners include:
- Cybersecurity Evaluation Tool (CSET): helps organizations to assess the cybersecurity status of an enterprise and assets;
- SCuBAGear (Secure Cloud Business Applications Gear): Helps comparing company configurations with CISA baseline recommendations for Microsoft 365;
- Untitled Goose Tool: Helps detect signs of malicious activity and respond to incidents in Microsoft cloud environments, including Microsoft 365 and Azure AD;
- Decider: maps the attacker’s behavior to the MITER ATT&CK framework;
- Memory Forensic on Cloud (Japan CERT): Creates a memory forensic environment on Amazon Web Services (AWS).
While these tools are not comprehensive, they can help detect malicious activity, increase resilience against cyberattacks, and assist in remediation and investigations. The announcement is part of an ongoing effort to protect critical infrastructure from cyber threats by providing organizations with timely warnings and guidance.
For example, CISA recently demanded that federal agencies immediately fix a vulnerability in the Arm Mali GPU driver, which is actively exploited by attackers and was fixed in the latest Android security updates.
Also CISA, together with the FBI, the Internet Security Center (MS-ISAC), and the Canadian Cybersecurity Center (CCCS), noted that hackers are using new variants of Truebot malware to attack organizations in the US and Canada. Since May 31, specialists have begun to notice a surge in financially motivated TrueBot activity.
Besides, in July the CISA agency warned about the critical vulnerability found in systems of the cardiological equipment of the medical company Medtronic. The vulnerability allows hackers to steal, delete or change data, as well as penetrate the network of a medical organization. In addition, using this error, an attacker can remotely execute code on the device and carry out DDoS attacks.
User Review( votes)