CHICAGO, April 16, 2024 – BDO Digital, the technology advisory arm of BDO USA, P.C., today announced that it has adopted cybersecurity innovator OnDefend’s breach and attack simulation technology, BlindSPOT, to enhance its IT security service offering called Active Assure.
BlindSPOT simulates real-world attack scenarios from both established and emerging cyber adversaries to identify vulnerabilities, test controls, and improve incident response time to help mitigate cyber risks.
The technology integration is a significant extension to BDO Digital’s Active Assure service, which provides continual threat simulations, purple teaming, and resilience assessments to validate the strength of an organization’s managed extended detection and response (MXDR) solutions. It also works seamlessly with Microsoft security tools to help improve the overall customer experience. With the addition of BlindSPOT, BDO’s clients will be able to better anticipate and prepare for evolving threats, identify security gaps, and adapt defenses so they remain resilient in the face of changing attack landscapes.
“Our collaboration with OnDefend empowers BDO Digital to offer our clients real-time validation that enhances defenses against the dynamic and sophisticated nature of cyber threats,” said Ric Opal, BDO Digital Principal & National Leader of IT Solutions and Strategic Partnerships. “It also helps users navigate the complex interaction between artificial intelligence (AI) and risk management, furthering our dedication to offer the best-in-class, full-service cyber solutions to our clients. Together, we help our clients thrive through greater cyber awareness and resilience.”
As the 2023 Microsoft Security Partner of the Year, BDO Digital is dedicated to delivering top-tier, resilient, and adaptive defense strategies to its clients. The new strategic relationship with OnDefend reinforces this commitment to helping clients mitigate cyber risks and strengthens BDO Digital’s Perpetual Defense cyber threat management solution.
“We are proud to empower BDO Digital with our attack simulation tool BlindSPOT, providing organizations visibility into the effectiveness of their security controls and proving the value of these investments,” said Chris Freedman, Co-Founder of OnDefend. “It is no longer a question of if but when a company will face an attack. While organizations invest in technical security controls to prevent, protect, and prepare, we’ve found that security programs needed a way to validate those tools will work during those critical moments.”
To learn more about Active Assure and the other components of Perpetual Defense, please visit: BDO Digital: Active Assure
About BDO USA
Our purpose is helping people thrive, every day. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first. BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.
BDO is the brand name for the BDO network and for each of the BDO Member Firms. BDO USA, P.C., a Virginia professional corporation, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. For more information, please visit: www.bdo.com.
About OnDefend
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit www.OnDefend.com.
Contact
BDO Digital: Ellen Evans
EEvans@TheBlissGrp.com
212‑840‑1661
—
OnDefend: Lauren Verno
Lauren.verno@ondefend.com
Customer Success: Ransomware & Healthcare
After the Chief Information Security Officer of a major hospital system needed visibility into the effectiveness of their security controls, BlindSPOT, OnDefend’s breach and attack simulation solution, was able to provide visibility, validation, and clear results.
Here is that story:
Ready to leverage BlindSPOT to simulate ransomware in your environment? Check out Ransomware Defense Validation, where we safely simulate ransomware attacks using our proprietary BlindSPOT attack simulation tool to test and validate that your defense in depth is prepared for real-world threats. Get Started Here
Originally aired on Action News Jax: Thousands potentially compromised in Jacksonville Beach, Beaches Energy cyberattack – Action News Jax
JACKSONVILLE BEACH, Fla. — A cybersecurity attack potentially compromised thousands of people’s private information, specifically those who have homes in Jacksonville’s three beaches, Ponte Vedra and Palm Valley.
The City of Jacksonville Beach sent out a statement, Wednesday, about a data security incident. The release stated the breach may have affected the privacy of information for certain employees of the city and customers of Beaches Energy Services, a utility that serves 35,000 customers according to its website.
Action News Jax learned on Thursday that the city was listed on a website found on the dark web. It has since been removed.
While the City of Jacksonville Beach won’t release how many people have been impacted, Action News Jax learned through the Maine Attorney General’s Office that 48,949 people have been impacted, including thirty-eight Maine residents. (Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches) We’ve reached out to the Florida Attorney General’s Office for comment but haven’t heard back.
“About a month ago, I noticed that I wasn’t getting charged or any email confirmations,” Cierra Glasgow said. “So, I knew something was happening. I just never got notification that anything was wrong.”
Glasgow has been a Beaches Energy customer for four years and has her billing set up to auto-pay. She said she still hasn’t received any communication on why there’s a payment delay.
“It’s definitely concerning for the people that do pay online with our banking information, social security on there,” Glasgow said. “It’s definitely an unsettling feeling knowing that that could be in the hands of hackers.”
An investigation revealed that between the dates of January 22 and January 29, information may have been taken from the city network, according to the City of Jacksonville Beach spokesperson.
Action News Jax told you at the end of January, when the city had an “information systems issue” due to a “cybersecurity event” that forced city hall and city facilities to close down on Monday.
At the time, the city said it had “no indication” that personal, sensitive data was compromised.
Action News Jax reporter, Meghan Moriarty, learned on Thursday that the City was given information on February 22 indicating that sensitive information “pertaining to certain individuals” was involved in the cybersecurity incident from January.
In a formal statement Wednesday, the city said its’ employees and customers of Beaches Energy Services may have been impacted, including social security numbers, driver’s license information and bank account information.
When we asked about the gap in notification a spokesperson said:
“Comprehensive computer forensic investigations take time. After the City identified certain files were involved in the event during the investigation, it began a thorough review of those files to determine their contents and to obtain contact information for individuals so that it could issue written notice.”
— City of Jacksonville Beach spokesperson
“I think you can also assume that your login credentials were stolen, so maybe change your username and password, certainly your password across all your platforms you use,” Chris Freedman, the CEO of OnDefend, said.
He said smaller municipalities have become the big target for cyber attacks.
“They really have unsecure programs and they’re softer targets,” Freedman said. “If the data was stolen, it’s likely for financial reasons, for profitable reasons. So certainly, checking their credit, freezing their credit.”
Freedman recommends taking proactive measures by monitoring your identity and monitoring your credit. He also recommended ‘Have I been Pwned’ a website where you can check if your information is involved in a data breach.
A City of Jacksonville Beach spokesperson said if your information was compromised, you’ll get a letter in the mail with information and a code to use a credit monitoring service. Anyone who believes they are potentially impacted by this incident or have additional questions may call the dedicated assistance line at 844-709-0703.
For Media Inquiries: Lauren Verno, OnDefend
Media@ondefend.com
Originally written for Forbes: How To Prepare For A Ransomware Attack (forbes.com)
Let’s start by working our way back. To set the scene: You and your team successfully repelled a ransomware attack. You stop it before it spreads, disrupts your work or steals your data. You avoid the dreaded “I” word (incident).
Sure, there were a few malicious email attachments, and some credentials were compromised. However, your team quickly identified and contained the compromised endpoints, effectively executing a well-practiced plan. It’s truly magnificent!
So, how did you succeed where so many others have failed?
A Plan Of Action
First, you had a plan that your team not only knew about but also practiced and could execute competently. That leads me to my first recommendation: Have a plan and be able to execute it, with a hard emphasis on the “execute” part. So many organizations have a plan, and it could be a great one, but if you don’t execute the plan well, then what’s the point?
Second, your team had the necessary visibility to detect malicious activity before the ransomware could cause significant damage. This was achieved by identifying the right malicious data (telemetry) and then collecting it someplace where your team can hunt through it and build analytics to highlight possible problems (detections). Proper data collection, effective detection capabilities and training are crucial for success.
You might expect me to mention vulnerability scanning, but it’s not the ultimate solution to your ransomware problem. Ransomware attacks often start with access methods that don’t require exploitation, such as phishing emails. Not to mention the constant parade of zero-day vulnerabilities that unless your vulnerability management program lets you identify and patch in less than 24 hours, odds are exploitable vulnerabilities will always be a challenge. This leads you back to identifying and responding once an adversary gains access.
Just to note—I’m certainly not suggesting you abandon your vulnerability management program. Just be realistic about the total effectiveness of preventing these kinds of attacks.
In short, here’s the plan that has led to our success.
1. Have a plan.
2. Ensure your team can execute the plan effectively.
3. Collect the right data (telemetry).
4. Apply effective analytics (detections) to the collected data.
5. Train your team to effectively utilize security tools and gather telemetry for reliable detections.
You may be looking at this list and thinking, “Yep, check on all of those! I’m set.”
However, how are you grading the maturity of each? How do you discover the gaps?
When you were in school, how did teachers score your level of retention of material throughout the year? Testing.
Testing, Testing, Testing
In this case, test your plan by executing adversary activity within your environment.
Frequently, this takes form in a network penetration test, but I would argue a singular pentest will not fully express the success or failure of a program. Pentests generally tell you how effective an attack path may be in a given scenario, but often, those actions reflect the individual pentester’s capabilities rather than a true adversarial attack.
Instead, consider unit and functional testing, then a full dress rehearsal. Unit testing evaluates specific security tool performance, while functional testing combines telemetry and detection. Full dress rehearsals, such as tabletop exercises or red team exercises, simulate real adversary attacks.
In unit testing, ask specific questions like “Does our EDR prevent the execution of regsvr32.exe to execute an unknown DLL?” This allows you to establish a baseline or an understanding of the current state. Then, you can continuously test and monitor changes to ensure the security tool remains effective. You’ll also get a chance to see what telemetry the unit test action generates and whether any detections built for it are correctly tuned.
As a quick aside, I have seen a lot of situations where a security tool blocks something, such as the example above, and the SOC teams will close the alert without investigation. Cue, my brain exploding.
I get it; most teams are frequently drowning in a sea of alerts, and there is just not enough time in the day, but my goodness- something just happened where your tools had to block an issue expressly! Wouldn’t you want to know what happened? What if there happened to be other activity that didn’t get blocked?
One way to help reduce these vast volumes of alerts is to write more effective detections in the first place.
Here is where functional testing can come into play—the execution of a chain of events to see if we can leverage our telemetry to put together multiple detections into a single incident. In addition to the benefit of using functional testing, we can also test tuning out the normal activity in the environment. This gives us fewer, but better alerts that our team can now investigate. The findings lead to feedback in detections and/or telemetry, which then leads to amplifying your team’s plan and their ability to execute it.
The reality is that so many security teams spend their days just closing false positive alerts that they don’t spend much time preparing to identify and expel an intrusion. It’s imperative to prioritize practicing the execution of an incident response plan.
Once all of that has been done, you’re ready for a full dress rehearsal—which means simulating the exact tactics and techniques of these adversaries to ensure you understand the timing of everything: detection, response and containment times.
These processes for working through your preparations will continually influence the others. As your detection and mitigation capabilities improve, so will your plan. As the team exercises the plan more often, they will find the need for increased capabilities in the security tools or their ability to use them. But, testing at each stage will give you real metrics and data to understand the maturity of your preparation and where your next improvement should be.
That way, when opening night comes (and I promise it will), you will have already performed these tests enough times to know you’re ready.
Originally reported on News4Jax: ‘Sophisticated cyberattack’ on city of Jacksonville Beach potentially impacts personal data of workers, residents (news4jax.com)
—-
JACKSONVILLE BEACH, Fla. – The city of Jacksonville Beach plans to reach out to residents about a “sophisticated cyberattack” that occurred at the end of January that could have potentially affected personal data.
The city first informed residents of what it called a “cyberattack conducted by a criminal organization” that crippled city operations, causing city hall and other city facilities to abruptly shut down.
An investigation was opened as the city worked to address the issue and it revealed that “certain files in the City’s systems were subject to unauthorized access.” Officials believe that information may have been accessed between Jan. 22, 2024, through Jan. 29, 2024.
Sensitive information such as social security numbers, driver’s license numbers and/or bank account information is believed to be impacted. The city did say that the information varies by individual.
City employees and customers of Beaches Energy Services will receive a notice in the mail if they are affected. The city will also provide notice of the cyberattack directly to other people who were involved.
“The City takes this event and the security of information in our care very seriously, and we are working to determine the full extent of the event,” Communications Manager for the City of Jacksonville Beach Jacob Board said.
Chris Freedman, CEO of OnDefend, explained why smaller cities such as Jacksonville Beach would be targeted for a cyberattack.
“Smaller cities just like smaller private organizations, they’re usually less funded to build proper cybersecurity programs. They have less measures in place to defend against cyber attacks, less money for training their employees to avoid these types of things as well. So it really is just a lack of investment which makes them softer targets,” Freedman said.
Anyone who believes they were potentially impacted is urged to call 844-709-0703 between 9 a.m. and 9 p.m.
Click here to learn about the credit monitoring resources the city is offering for protection.
Jacksonville University & OnDefend are proud to announce the appointment of Ben Finke, Chief Technology Officer (CTO) at OnDefend, to the Advisory Board of the Center of Cybersecurity and the Department of Computing Science.
Mr. Finke brings a wealth of experience and expertise in the field of cybersecurity, making him an invaluable addition to the university’s efforts in fostering cybersecurity education and innovation.
The Jacksonville University Center of Cybersecurity is dedicated to addressing the rising demand for skilled cybersecurity professionals by producing highly qualified graduates, providing top-notch training and certification programs, and establishing itself as a hub for innovation in cybersecurity research and teaching. The Department of Computing Science offers Bachelor of Science majors in Computing Science and Cybersecurity, along with minors in Computing Science and Cybersecurity.
As a member of the Advisory Board, Ben Finke will play a crucial role in shaping the mission and objectives of the Center of Cybersecurity and the Department of Computing Science. His responsibilities include contributing to the ongoing evaluation of the mission statement, reviewing and evaluating undergraduate programs’ curriculum, and providing insights into the expected core competencies of graduates.
Furthermore, Mr. Finke’s role will involve creating a demand for graduates through internships, co-op positions, and permanent positions. Additionally, he will work to increase the visibility of the Cybersecurity and Computing Science Programs locally, statewide, and regionally.
Ben Finke, OnDefend’s lead security assessor, brings a diverse skill set to the Advisory Board. With expertise in penetration testing, web application security, vulnerability management, and compliance assessments, Mr. Finke serves as a security architect and manager of OnDefend’s security operations practice. His commitment to sharing and collaboration, coupled with a pragmatic approach to problem-solving, has positioned him as a thought leader in the industry.
Finke joins a list of cybersecurity industry leaders including, Cybersecurity and Infrastructure Security Agency’s (CISA) supervisory protective security advisor Dr. Kirby Wedekind, AMCS Group chief enterprise architect Evan Schwartz, Federal Bureau of Investigation (FBI) supervisory special agent Paul Magnusson, and NLP Logix co-founder and CIO Matt Berseth.
OnDefend Media Contact: Lauren Verno, media@ondefend.com
Originally written for news4jax.com
JACKSONVILLE, Fla. –Chris Freedman, the CEO of cyber-security company On-Defend, Joined The Morning Show to talk about how you can keep yourself safe while online.
Trust but verify your security tools are working.
BlindSPOT is a specialized breach & attack simulation tool that mimics a real-world cyber threat’s tactics & techniques safely on a customer’s production network.
Below is an overview of how BlindSPOT works and the reasons why these security tool blind spots occur in the first place. By, removing these security blind spots your organization is equipped with the knowledge you are well-equipped to face cyber security challenges in the future.
Reach out to schedule a virtual consultation today.
Does your email inbox look something like this? 1 Day Only! LAST CHANCE! It’s a Cyber Monday miracle!
While most of the emails showing up in your inbox will be legitimate, cyber criminals only need you to click on one bad link to create havoc.
Annual trends indicate sales revenue on Cyber Monday 2023 will total $13.7 billion., according to CapitalOne shopping.
Americans spent a record $11.3 billion on Cyber Monday, more than any other 2022 holiday season shopping day.
Aka, let’s get you prepared.
Here are 6 simple ways to avoid becoming a Cyber Monday victim:
- Check the web address of any website you are on. Secure web addresses begin with “HTTPS” and not just “HTTP”.
- Never put personal or credit card information in forms on non-secure web pages. Even more important, NEVER save your credit card information after checkout.
- Stop ignoring that software update. Make sure you have antivirus software installed on your computer or mobile device, and that it is up to date.
- Be wary of the Wifi. In a survey by the Identity Theft Resource Center, 53% of respondents reported they used public Wifi at least one a week, yet half said they use a Virtual Private Network (VPN). Make sure you’re always using two-factor authentication when dealing with sensitive information.
- Password Protection. Hopefully you are not still using the same password you made in college but if you are it’s time to get a password manager. Always use a different password for every app and website you use. It might seem like a lot of work at the time, but you’ll be thankful you did it, if that password if ever compromised.
- Avoid clicking on any links in your email or to your phone. Go straight to the website instead. If the deal in the email is legitimate, the same deal should be offered on the website.
Need help with any cybersecurity consulting or services? We’re here to help. OnDefend.com
JACKSONVILLE, Fla. – If you’ve ever received a message from a Facebook friend warning you not to accept a friend request from them because their account was “hacked,” you’re not alone. It’s easy to believe their page was hacked, but it’s likely their account was cloned.
News4JAX Consumer Investigator Lauren Verno sat down with OnDefend Security CEO Chris Freedman to discuss the differences between two popular social media problems circulating the cyber world: cloning and hacking.
Scammers are always “looking for a quick target to clone,” said Freedman “Let’s start with Facebook cloning. Facebook cloning is when someone creates a new Facebook account with your profile picture with information about you that they can find on the web to impersonate you to invite your friends to be their friends.”
While hacking into an account is a little trickier, cloning an account takes no work at all.
Unfortunately, a scammer can clone a profile on any platform, not just Facebook. Even being blue-checked certified doesn’t protect you from potentially experiencing a cloning or hacking situation.