Amazon helps in nabbing Anonymous Sudan cyber criminals

For the first time in the history of the tech industry, the U.S. Department of Justice (DOJ) has publicly acknowledged the pivotal role of Amazon Web Services (AWS) in the apprehension of two key individuals associated with the hacking group known as Anonymous Sudan. This group has been responsible for a series of denial-of-service (DDoS) attacks targeting government agencies, healthcare organizations, telecommunications companies, and cloud service providers around the globe.

In a notable statement, the DOJ expressed gratitude to Amazon for providing crucial leads that aided in the capture of these criminals, who security experts believe are not only influential but also linked to a broader network of cybercrime activities, including ransomware operations.

Tom Scholl, Vice President and Engineer at Amazon Web Services, shared details of the investigation, shedding light on how law enforcement was able to trace the hackers who were reportedly offering “rate cards” for DDoS services—charging around $100 per day, $600 per week, and between $1,700 and $1,900 for executing these disruptive attacks.

The criminals were identified through AWS’s advanced technical capabilities. Specifically, the company’s experts monitored a group of servers, referred to as “Proxy Drivers,” which were rented by the hackers to launch their attacks. Once these malicious actors began leasing the bots, they came under surveillance from an internal threat detection system developed by AWS, known as MadPot. This system has been operational since June 2023. Although Jeff Bezos is no longer the CEO, he still serves as Executive Chairman, underscoring the company’s ongoing commitment to security.

Scholl and his team effectively tracked the activities of the digital mercenaries affiliated with Anonymous Sudan. They promptly alerted law enforcement, which led to a coordinated effort involving the DOJ, the FBI, and Europol to indict the individuals now identified as Ahmad Yousif Omar and Alaa Salah Yusuf Omar. These brothers have been charged with inflicting substantial damage to the digital assets of numerous companies.

Reports indicate that the FBI seized operations and infrastructure linked to the group in March of this year, neutralizing a significant tool known as the Distributed Cloud Attack Tool (DCAT), also dubbed “Godzilla.” This sophisticated weapon was capable of executing over 35,000 DDoS attacks simultaneously, boasting a success rate of approximately 10%.

This incident serves as a critical reminder for companies to maintain vigilant oversight of their leased infrastructure and to cooperate with law enforcement in the event of cyber incidents. Many cybercriminal organizations often launch ransomware, malware, and DDoS attacks using cloud-based infrastructure leased from large providers, particularly those operating in Western and Central Asian regions. It is imperative that organizations stay alert and proactive in safeguarding their digital environments.

The post Amazon helps in nabbing Anonymous Sudan cyber criminals appeared first on Cybersecurity Insiders.

October 17, 2024 at 08:46PM

Read More

Microsoft blocked most ransomware attacks and about 600M Cyber attacks

In its recently published Annual Digital Defense Report, Microsoft provided a comprehensive overview of its ongoing efforts to safeguard users and businesses against the growing tide of cyber threats. The report highlights some significant achievements in the field of cybersecurity, revealing that the company successfully blocked over 600 million cyberattacks daily, which include both hacking attempts and coordinated assaults from state-sponsored actors. This staggering number underscores the massive scale of the threat landscape Microsoft navigates on a daily basis.

Moreover, the software giant stressed that its cybersecurity protocols have made notable improvements over the past two years, particularly in preventing ransomware attacks from reaching their destructive potential. Microsoft reported that a remarkable 90% of ransomware attempts have been stopped at the critical encryption stage, where the malicious actors would typically hold sensitive data hostage in exchange for ransom. This has helped save billions of dollars that could have otherwise been funneled into the hands of cybercriminals.

The War Against Ransomware: Leading Threats

The report also identified the top ransomware variants that have been a cause for concern in the cybersecurity world. The Akira ransomware emerged as the most prominent threat in recent months, taking the number one spot on the list of most active and damaging ransomware variants. Close behind were LockBit and Play, which claimed the second and third spots respectively. Notably, two particularly infamous ransomware families, BlackCat (also known as ALPHV) and Black Basta, rounded out the list of major cybercriminal groups wreaking havoc in the digital realm.

One of the most alarming takeaways from Microsoft’s report is the increasingly sophisticated nature of cyberattacks, many of which are collaborations between criminal groups and state-sponsored entities. These cybercriminals, often working in tandem with nation-states, have been developing highly advanced and complex attack strategies, making it much more challenging for defenders to both identify and mitigate the threats in a timely manner.

Geopolitical Tensions Fueling Cyber Warfare

A significant portion of Microsoft’s report highlights how global geopolitical tensions are playing a central role in shaping the cyber threat landscape. In particular, the ongoing conflict between Russia and Ukraine has escalated the role of cyber warfare, with state-backed Russian hackers leveraging freelance cybercriminals from various countries to attack critical Ukrainian infrastructure. As the war continues into its fourth year, there are indications that Russia is planning to increase the number of hired hackers by the end of this year, signaling an intensification of cyber operations as part of its broader military strategy.

In parallel, nations like Iran and North Korea are also deepening their involvement in the cyber conflict, albeit with their own distinct motivations. Iran has been focusing on countering cyberattacks from Israel, while North Korea has been more active in spreading ransomware. The regime led by Kim Jong-un appears to be leveraging ransomware as a means of securing funds to support its nuclear ambitions, further complicating the global cybersecurity landscape.

The Looming Threat of the 2024 U.S. Elections

As the 2024 U.S. presidential elections draw near, cybersecurity experts are predicting a surge in cyberattacks targeting critical infrastructure across the United States. With just a few weeks remaining until voters head to the polls, major sectors such as aerospace, defense, nuclear, power, and water systems are expected to be high-priority targets for cybercriminals and hostile state actors. The growing sophistication of these attacks suggests that election-related cybersecurity threats will not just be limited to disinformation campaigns but will likely involve direct attempts to disrupt or manipulate election systems.

China, in particular, is expected to play a pivotal role in the upcoming cyber battle. Security experts speculate that China could collaborate with Russia in an effort to influence the 2024 U.S. elections by launching cyberattacks designed to sow discord and undermine confidence in the election process. This aligns with broader geopolitical trends where cyberattacks are increasingly being seen as part of the toolkit for influencing political outcomes on the global stage.

Tech Giants Respond with Proactive Security Measures

In response to the rising tide of cyber threats, technology giants like Amazon, Google, Meta, Microsoft, and X are investing heavily in both preventative and defensive cybersecurity measures. These companies are working not only to bolster the security of their own platforms but also to share knowledge and tools with businesses and governments to protect broader ecosystems. Through proactive security measures, they have managed to successfully deter a significant number of cyberattacks, providing some relief in the ongoing battle against cybercriminals.

However, the ever-evolving nature of technology presents new challenges. As digital transformation continues to accelerate, so too does the potential for cybercriminals to harness emerging technologies like Generative AI. With these tools at their disposal, cybercriminals are becoming more unpredictable and capable of launching highly sophisticated, automated attacks that may be harder to detect and defend against.

The Road Ahead: Staying One Step Ahead of Cybercriminals

As the cybersecurity landscape becomes more complex, the key takeaway from Microsoft’s report is the growing collaboration between tech companies, governments, and cybersecurity experts to fight back against these threats. Yet, the challenge remains daunting. The use of artificial intelligence, machine learning, and advanced cryptography by cybercriminals is pushing cybersecurity defenses to innovate rapidly, often outpacing the efforts of defenders.

Ultimately, as we move deeper into the digital age, the fight against cybercrime will be ongoing. Microsoft’s report illustrates the company’s significant strides in defense, but it also highlights how much work remains to be done. As cyberattacks grow in scale and sophistication, ensuring the safety of global digital infrastructure and sensitive data will require continued collaboration, cutting-edge technology, and a shared commitment to outsmarting adversaries who are increasingly leveraging the best tech at their disposal.

The post Microsoft blocked most ransomware attacks and about 600M Cyber attacks appeared first on Cybersecurity Insiders.

October 17, 2024 at 11:45AM

Read More

Navigating the NIS2 Directive: A comprehensive guide for UK businesses

The tech regulatory landscape is constantly evolving, with the imminent Network and Information Security 2 Directive, more widely known as NIS2, that aims to enhance cybersecurity and resilience across the EU. EU Member States have until 17th October 2024 to transpose the NIS2 security requirements into national law.

The Directive, which has come about in response to increasing digital threats and the rise in cyber-attacks, aims to enhance security requirements, address supply chain security, streamline reporting obligations, and implement stricter supervisory measures and enforcement standards, including harmonised consequences for non-compliance across the EU.

While the UK is not implementing NIS2, since it’s no longer bound by EU legislation, UK businesses that operate essential services within the EU, will need to comply and should start preparing now to implement the comprehensive measures. Such UK companies which fall under the scope of the directive, may face sanctions by the authority in the member state where they register their representative.

UK businesses who are operators of essential services solely within the UK, however, should also be fully up-to-speed of the new requirements, as although the UK will not be implementing EU NIS2, it is planning to update its information security legislation with similar requirements. These include regulation of managed services providers, and a two-tier supervisory regime – with proposed  UK NIS reforms outlined in the government’s whitepaper.

In light of this, here I offer an overview of the NIS2, with advice on how businesses can prepare. I will discuss the critical role of encryption in meeting many of the Directive’s stringent requirements and ensuring robust data protection. 

Understanding NIS2 – objectives and considerations

Understanding which sectors need to comply with NIS2 is essential for UK businesses, especially those working with or providing services to EU-based organisations. While UK companies may not be directly subject to the Directive, industries that interact with critical infrastructure and essential services within the EU will increasingly be required to provide NIS2-specific documentation, such as risk analyses and security compliance reports. For UK businesses, staying informed about which sectors are affected allows them to offer relevant solutions, ensuring they remain competitive in the EU market by meeting regulatory demands and maintaining strong partnerships.

Which businesses are affected?

The NIS2 Directive eliminates the distinction between the operators of essential services and digital service providers. It classifies organisations into essential and important entities including sectors, which were not covered under the first NIS Directive, such as postal services and public administration.

Essential entities include sectors such as energy, transport, banking, health, and digital infrastructure. Important entities cover postal services, waste management, chemicals, food, and digital providers. By introducing a clear company size threshold, NIS2 applies to medium and large companies in these sectors, with stricter oversight, tougher enforcement, and higher fines for non-compliance than those outlined in its predecessor.

Understanding the NIS2 Directive: 8 key requirements

 1. Implement cryptography and encryption methods to protect data: Organisations should use encryption methods to protect data, ensuring it remains unreadable to unauthorised individuals and meets robust security standards. The gold standard is zero-knowledge, end-to-end encryption (E2EE). Data is encrypted on the sender’s device and only decrypted on the recipient’s device, with the service provider having no access to the content and the encryption keys. Encryption is crucial both internally and for external communications, ensuring secure email and data sharing throughout the supply chain, which leads aptly on to requirement number two.

2. Ensure data protection across supply chains: It’s crucial to maintain strong cyber security practices not just internally, but also when sharing data with suppliers and contractors, ensuring all collaborative tools safeguard digital assets.

3. Prepare for cyber security incidents: Businesses must develop a comprehensive response plan for data breaches and incidents. High-security cloud solutions that limit access to sensitive information during an incident could play a vital role in this.

4. Maintain business continuity: Organisations must implement disaster recovery and backup solutions to ensure operations can continue during a crisis. This is crucial as business disruptions to those managing critical resources like water supply and healthcare can have serious consequences on a broader community.

5. Share vulnerability information securely: NIS2 emphasises the importance of sharing information about system vulnerabilities with relevant authorities and third parties if needed. While collaboration is key to reducing cyber risks, sharing details about system vulnerabilities requires the utmost security. An end-to-end encrypted collaboration platform could help facilitate compliance with this requirement

6. Enforce cyber hygiene: It’s vital to provide regular cyber security training for all employees and ensure that cyber security tools are user-friendly to prevent bypassing security protocols.

7.  Implement access control and asset management: Accurate records of all hardware and software should be maintained, and only authorised employees should have access to these assets to protect sensitive data.

8. Develop an IT security maintenance strategy: Organisations must regularly update IT infrastructure and ensure any new software or digital platforms are frequently patched and updated to combat evolving cyber threats.

Aiding NIS2 compliance and streamlining cloud collaboration

Cloud collaboration tools that provide zero-knowledge end-to-end (E2E) encryption across all platforms, help businesses to comply with NIS2 and maintain productivity by:

Offering ultimate protection for data: Thanks to E2E encryption, all files are encrypted with unique keys, ensuring that only authorised users can access them, even if servers are breached.

Securing access: Organisations can control which devices and locations can access files, manage permissions at a granular level, and limit or revoke access as needed.

Enforcing security policies: Organisations can implement and manage security measures like 2-step verification and IP filtering through a unified interface.

Encrypting email attachments: Enabling businesses to seamlessly integrate with Gmail and Outlook to automatically encrypt email attachments and replace them with secure share links using existing email accounts.

As NIS2 approaches, UK businesses operating in the EU should enhance their cyber security capabilities by preparing for compliance with its cyber security standards. Adopting end-to-end encrypted document collaboration tools will be crucial. Although the UK is not implementing NIS2, preparing for similar local cyber security laws and focusing on robust encryption and risk management will strengthen security and ensure compliance.

The post Navigating the NIS2 Directive: A comprehensive guide for UK businesses appeared first on Cybersecurity Insiders.

October 17, 2024 at 07:16AM

Read More

Data Poisoning threatens AI platforms raising misinformation concerns

AI-based chatbots are increasingly becoming integral to our daily lives, with services like Gemini on Android, Copilot in Microsoft Edge, and OpenAI’s ChatGPT being widely utilized by users seeking to fulfill various online needs.

However, a concerning issue has emerged from research conducted at the University of Texas at Austin’s SPARK Lab. Security experts there have identified a troubling trend: certain AI platforms are falling prey to data poisoning attacks, which manipulate search results—a phenomenon technically referred to as “ConfusedPilot.”

Led by Professor Mohit Tiwari, who is also the CEO of Symmetry Systems, the research team discovered that attackers are primarily targeting Retrieval Augmented Generation (RAG) systems. These systems serve as essential reference points for machine learning tools, helping them provide relevant responses to chatbot users.

The implications of such manipulations are significant. They can lead to the spread of misinformation, severely impacting decision-making processes within organizations across various sectors. This poses a substantial risk, especially as many Fortune 500 companies express keen interest in adopting RAG systems for purposes such as automated threat detection, customer support, and ticket generation.

Consider the scenario of a customer care system compromised by data poisoning, whether from insider threats or external attackers. The fallout could be dire: false information disseminated to customers could not only mislead them but also foster distrust, ultimately damaging the business’s reputation and revenue. A recent incident in Canada illustrates this danger. A rival company poisoned the automated responses of a real estate firm, significantly undermining its monthly targets by diverting leads to the competitor. Fortunately, the business owner identified the issue in time and was able to rectify the situation before it escalated further.

To those involved in developing AI platforms—whether you are in the early stages or have already launched your system—it’s crucial to prioritize security. Implementing robust measures is essential to safeguard against data poisoning attacks. This includes establishing stringent data access controls, conducting regular audits, ensuring human oversight, and utilizing data segmentation techniques. Taking these steps can help create more resilient AI systems, ultimately protecting against potential threats and ensuring reliable service delivery.

The post Data Poisoning threatens AI platforms raising misinformation concerns appeared first on Cybersecurity Insiders.

October 16, 2024 at 08:40PM

Read More

Cybersecurity concerns arise as Windows 10 support to end next year

As the deadline looms for Microsoft Windows 10 users, with only a year left to decide on an upgrade or extension, cybersecurity analysts are sounding the alarm over potential risks. With Microsoft set to end support for Windows 10, users may soon face significant vulnerabilities if they do not take action.

Exploring Post-Support Options

For those considering their next steps after Microsoft officially halts support for Windows 10 devices, here’s a comprehensive look at available options:

1. Windows 10 Support Extension- In the past, when Microsoft phased out support for Windows 9, it offered users an option to extend their service, providing security updates for varying timeframes of one, two, three, or even five years. Users might hope for a similar extension for Windows 10; however, it’s essential to recognize that no guarantee exists. Microsoft’s decision could be influenced by the need to promote new hardware sales, as continued support for older devices might hinder the adoption of its latest offerings.

2. Upgrade to Windows 11- If your current hardware meets the minimum requirements for Windows 11, upgrading is a wise and cost-effective choice. Many users can upgrade at little to no cost, making it an attractive option. However, for those with older machines lacking essential specifications—such as at least 8GB of RAM and a modern processor like an i7—the opportunity to upgrade may be permanently closed. This limitation could force users to consider other alternatives if they want to maintain a secure computing environment.

3. Shift to Chrome or Linux OS- Transitioning to alternative operating systems such as Chrome OS or Linux presents a more complicated scenario. Many applications and hardware components that function seamlessly on Windows 10 may not perform as well, or at all, on these new platforms. Such a shift can create an ecosystem imbalance, potentially leading to compatibility issues that disrupt daily tasks and overall productivity. For users reliant on specific Windows applications, this option may not be feasible.

4. Purchase a New PC- Another viable route is to invest in a new PC, potentially selling your old device to a scrap dealer. While this option may come with a higher upfront cost, a new computer typically offers a lifespan of around ten years, ensuring long-term functionality and security. This investment not only provides peace of mind but also access to the latest hardware capabilities and security features, which are crucial in today’s cyber landscape.

5. Remaining on Windows 10- Choosing to stick with Windows 10 after support ends is fraught with risks. Cybercriminals are always on the lookout for outdated systems that lack the necessary security updates, making these machines prime targets for various attacks. After October 15, 2025, Microsoft will cease all security updates for Windows 10, leaving users exposed to threats such as malware, data breaches, and social engineering attacks. This vulnerability is particularly concerning for organizations in sensitive sectors, including government, healthcare, and finance.

The Microsoft Digital Defense Report 2024 highlights that both individuals and large organizations could become targets for exploitation, especially as outdated Windows 10 systems proliferate. With the rise of AI-driven cyberattacks, the complexity and severity of threats are escalating, posing significant challenges for incident response teams and IT administrators tasked with safeguarding systems.

Conclusion

As the clock ticks down, users must weigh their options carefully. Whether choosing to upgrade, switch to a different operating system, or invest in new hardware, the key is to act before the deadline. Failing to do so could leave you vulnerable in an increasingly hostile cyber environment.

So, what will your decision be?

The post Cybersecurity concerns arise as Windows 10 support to end next year appeared first on Cybersecurity Insiders.

October 16, 2024 at 11:21AM

Read More

Cisco Data Breach and UK Government’s Free Cybersecurity Initiative for Schools

Cisco Data Breach by IntelBroker

A prominent threat actor known as IntelBroker has claimed responsibility for breaching Cisco’s computer network and is preparing to release stolen data on a well-known hacker forum.

Reports indicate that a cyberattack occurred on Cisco’s servers in June, and following what appears to be a lack of response from the company, the attackers—who formed a trio including Zjj, Energy Weapon Users, and IntelBroker—are now looking to sell the compromised information on the dark web.

The stolen data is particularly concerning, as it reportedly includes sensitive research and development information. The hackers are attempting to sell this data at a high price, labeling it with tags that denote its sensitivity. Sources from Cybersecurity Insiders reveal that the compromised information encompasses Jira tickets, API tokens, AWS cloud data stored in private buckets, Cisco Tech SRCs, Docker builds, Azure storage metadata, private and public keys, SSL certificates, SonarQube project data, and login credentials for GitLab and GitHub.

Cisco has acknowledged the situation, stating it is actively investigating IntelBroker’s claims and is aware of sample data being circulated on the dark web.

UK Government Offering Free Cybersecurity to Schools

In light of increasing cyber threats, particularly against educational institutions, the UK government is launching a free cybersecurity initiative aimed at safeguarding school websites and IT infrastructure.

Cybercriminals are increasingly targeting schools, as student data is highly lucrative on the dark web. Ransom demands can put educational institutions in difficult positions, leading to a rise in cyberattacks.

To combat this trend, the National Cyber Security Center (NCSC), in collaboration with the UK government, has announced a new initiative under the Protective Domain Name System (PDNS) program, which will provide free cybersecurity services to schools and educational institutions.

This program, announced on October 15, will soon extend to a variety of educational establishments, including academies, private schools, and internet service providers serving these institutions. The initiative aims to enhance defenses against spyware, malware, and ransomware attacks.

The urgency of this program follows a report from the Office of Qualifications and Examinations Regulation (Ofqual), which revealed that over a quarter of schools and colleges in England were targeted by cyberattacks in 2023, with threats expected to escalate further this year.

We hope the PDNS achieves its intended goals effectively!

The post Cisco Data Breach and UK Government’s Free Cybersecurity Initiative for Schools appeared first on Cybersecurity Insiders.

October 15, 2024 at 08:37PM

Read More

How to Protect Yourself from Deceitful Identity Theft Trends

Identity theft is a growing concern in our digital age, with scammers constantly evolving their tactics to deceive unsuspecting victims. Protecting yourself from these deceitful identity theft trends requires vigilance and proactive measures. Here’s how you can safeguard your personal information and reduce your risk of falling victim to identity theft.

1. Stay Informed About Common Tactics

Understanding the latest trends in identity theft is your first line of defense. Scammers often use methods such as phishing emails, social engineering, and data breaches to obtain personal information. Familiarize yourself with these tactics and be cautious about unsolicited communications that ask for sensitive data.

2. Use Strong, Unique Passwords

Creating strong passwords is essential for protecting your online accounts. Use a combination of upper and lowercase letters, numbers, and symbols. Avoid using easily guessable information like birthdays or common words. Additionally, use a unique password for each account to prevent a single breach from compromising multiple accounts.

3. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your accounts. Even if a hacker manages to obtain your password, they will need a second form of verification—such as a code sent to your phone—to access your account. Always enable 2FA where available.

4. Monitor Your Financial Statements

Regularly review your bank and credit card statements for any suspicious transactions. Set up alerts for transactions over a certain amount to catch potential fraud quickly. Additionally, consider using a credit monitoring service to keep an eye on your credit report for any unauthorized accounts.

5. Be Cautious with Personal Information

Limit the personal information you share online, particularly on social media. Scammers often use details like your birthdate, hometown, or pet’s name to guess your passwords or security questions. Adjust privacy settings on social platforms to restrict who can view your information.

6. Shred Personal Documents

Before disposing of documents containing personal information, such as bank statements or tax returns, be sure to shred them. This prevents identity thieves from retrieving sensitive information from your trash.

7. Secure Your Devices

Keep your devices secure by regularly updating your operating system and software. Use reputable antivirus and anti-malware programs to protect against malicious software. Additionally, avoid using public Wi-Fi for sensitive transactions, as these networks can be insecure.

8. Be Wary of Scams and Offers That Seem Too Good to Be True

If you receive unsolicited offers or requests for personal information, be skeptical. Scammers often use enticing offers to lure victims into providing their information. Research the source and confirm its legitimacy before responding.

9. Report Suspicious Activity Immediately

If you suspect that your identity has been compromised, act quickly. Report the incident to your bank, credit card company, and local authorities. You may also want to place a fraud alert on your credit report or freeze your credit to prevent further misuse.

10. Educate Yourself and Others

Knowledge is power. Stay informed about the latest identity theft trends and educate friends and family on how to protect themselves. Sharing information can create a more informed community that is less susceptible to deceitful tactics.

Conclusion

As identity theft continues to evolve, so must our defenses. By staying informed, taking proactive steps, and being cautious with personal information, you can significantly reduce your risk of falling victim to deceitful identity theft trends. Remember, protecting your identity is an ongoing process that requires vigilance and awareness.

The post How to Protect Yourself from Deceitful Identity Theft Trends appeared first on Cybersecurity Insiders.

October 15, 2024 at 11:10AM

Read More