Microsoft exposes WhatsApp Spear Phishing Campaign of Star Blizzard

Microsoft’s Threat Intelligence teams have uncovered and exposed a spear phishing campaign targeting WhatsApp accounts, attributed to the Russian-linked hacker group Star Blizzard. The campaign began in October 2023 and continued through August 2024.

Following extensive analysis, Microsoft’s experts revealed that the campaign primarily targeted journalists, politicians, think tanks, and NGO leaders. These individuals’ data was collected and transmitted to remote servers, according to the company’s findings.

Star Blizzard’s method was straightforward: they initially sent a link to WhatsApp users that appeared to be from a well-known U.S.-based organization, such as a government agency, NGO, or public utility. Once a user engaged with the link, they were subsequently sent an email containing a malicious web link. This was the beginning of the covert operation to gather sensitive information from the victims without their awareness.

The U.S. Department of Justice, in collaboration with the FBI, has identified and taken action against those responsible for the campaign. They seized the perpetrators’ IT infrastructure and gathered substantial evidence. However, the threat remains persistent as the attackers continue to find new ways to carry on their cybercriminal activities.

It’s worth noting that this tactic mirrors previous incidents, such as the spread of Pegasus spyware by the NSO Group. Originally developed for government use to monitor terrorists and criminals, Pegasus made its way to the dark web and was eventually used to infiltrate the device of Amazon founder Jeff Bezos via WhatsApp, leading to a high-profile personal scandal.

Similarly, Star Blizzard appears to be carrying out surveillance on behalf of the Kremlin, conducting spear phishing campaigns to gather intelligence for political or strategic purposes.

 

The post Microsoft exposes WhatsApp Spear Phishing Campaign of Star Blizzard appeared first on Cybersecurity Insiders.

January 17, 2025 at 08:33PM

Read More

State of Network Threat Detection 2024 Report

Executive Summary

While “platformization” has been a hot topic in 2024, it has also been a year in which security professionals have looked to advanced, highly specialized tools to help them solve thorny problems that not only persist but seem to grow more challenging by the day. Among these are acute alert fatigue, a steady erosion of network visibility, and a growing sophistication in cyberattacks.

Among the specialized tools security professionals are looking to are Network-based Threat Detection (NTD) solutions, such as Network-based Intrusion Detection Systems (NIDS) and Network-based Threat Detection and Response (NDR). To better understand the state of Network Threat Detection and whether today’s solutions and supporting technologies— like deep packet inspection— are meeting contemporary security challenges, Cybersecurity Insiders surveyed its 600,000-member information security community. The survey reveals that while NTD tools are widely deployed and positively viewed, they must evolve if they are going to help security professionals meet significant present-day and emerging challenges. 

Key findings:

ALERT ISSUES

• Alert prioritization is the #1 overall operational challenge for security teams
• Alert accuracy & actionability is cited as the greatest challenge with NIDS specifically

VISIBILITY CHALLENGES

• No (or poor) global attack surface visibility is the #2 overall operational challenge
• Encrypted traffic is the #1 network blind spot, which 55% report negatively impacts security 

DESIRED PRODUCT ENHANCEMENTS

• AI integration: 71% consider AI integration extremely or very important for combatting   advanced threats
• Automatic scoring & prioritization of threats named the #1 must-have for an effective network threat detection solution 

DEPLOYMENT PLANS & PREFERENCES

• Majority (66%) plan to implement anomaly detection over the next 6 to 24 months; only 17% report     having an NTD solution now that uses anomaly detection
• Majority (59%) prefer standalone NTD solutions (DPI sensor, NIDS, NDR, XDR) to NTD within multi-    function security platforms (e.g., SASE, SSE)

Experts from Enea, Arista Security, and Custocy discuss options and strategies for addressing the needs and concerns raised in this survey in a panel discussion. We invite you to watch the webinar “2024 State of Network Threat Detection” on November 14, 2024, or afterwards on-demand. 

Many thanks to Enea, Arista Security and Custocy for supporting this important research project, with special gratitude to Enea for their invaluable contribution to this report.

Holger Schulze

Founder, Cybersecurity Insiders

Even Split on Familiarity with & Opinion of NTD 

About half of respondents (44%) are very familiar with NTD tools and use them regularly, while a similar percentage (45%) are only somewhat familiar with them and use them only occasionally. The rest are only slightly familiar, or not familiar at all, with NTD tools. 

A similar breakdown applies to the perceived effectiveness of NTD solutions: half (50%) rate them as either extremely or very effective while 42% find them only moderately effective, and 8% find them slightly or not at all effective. While differences in domain specialization may affect awareness and usage, all security team team members would benefit from increased awareness of the vital role NTD plays in contemporary multilayered defensive systems. With regard to confidence levels, much progress can be made by focusing solution roadmaps on the important challenges identified in  this survey.

Alerts & Visibility Are Top Operational Challenges

When asked for their top three operational challenges, the difficulty prioritizing alerts emerged as a top challenge for 52% of respondents. Given the huge volume of alerts frontline security professionals typically face, distinguishing between critical and low-risk incidents can be a major (and highly frustrating) hurdle. 

This issue is compounded by a lack of visibility into the global attack surface (50%), which opens a crucial gap in defensive capabilities as organizations expand into cloud and hybrid environments, the number of edge locations multiply, and information, operational and communications technologies converge. Closely linked to challenges with visibility and alert prioritization, the number three challenge, cited by 49% of respondents, is speed of detection and response.

Alert Accuracy & Actionability #1 NIDS/IDS Issue

Echoing the top response for operational challenges, the most pressing need in the specific context of NIDS/IPS deployments is more accurate and actionable alerts (61%). As with effective prioritization of alerts, reducing false positives and alert noise can improve the efficiency and effectiveness of security teams, which would help address the burnout and turnover challenges cited on page 11.  

Another difficulty is limited visibility into cloud workloads, cited as the second greatest challenge by 52% of respondents. Technical performance challenges come in at number three (48%), followed by the loss of functionality for encrypted flows (42%) and limited protocol and application coverage (39%). These are all factors respondents cite in explaining why they prefer commercial rather than open source NIDS/IPS solutions (see page 18).

Visibility Challenges Drive Wider Sourcing for Traffic-Related Insights 

To address visibility gaps arising from evolving networks, security professionals are turning to an expanded pool of resources for gathering network traffic-related insights. Logically enough, a Network Intrusion Detection System (NIDS) is reported to be the most commonly used tool (67%). Deep Packet Inspection (DPI) (49%) and non-DPI packet sniffers (35%) also make a strong showing, which is to be expected given their long-time leading role in extracting traffic insights. 

What is new is relying on sources such as endpoint agents (58%), external intelligence feeds (41%), and device/host kernel applications (eBPF) (28%) to gather network traffic insights (with the latter especially common in cloud workloads). 

This reliance on non-network tools for network insights is a two-way street. For example, today advanced DPI can deliver unique insights into devices and users in addition to network flows. This diversification of resources used for cross-domain insights is a welcome development as important strategies such as zero trust and defense-in-depth rely heavily on broadly sourced contextual data  to be effective.

Encrypted Traffic Is the Most Significant Blind Spot 

Among specific visibility gaps, respondents rank encrypted traffic as number one (44%), followed closely by multi-cloud traffic (42%) and SaaS app traffic (39%). Cloud and SaaS app use poses a double challenge to visibility: the growth rate outpaces the ability to integrate the apps into monitoring tools and structural challenges make it difficult to extract insights from resources controlled by third parties. Ranked fourth is intra-cloud workload traffic (34%), which underscores the fact that this internal traffic often falls outside the purview of traditional security tools. 

Additional sources of concern are public internet traffic (31%) (a challenge due partly to the increase in remote work), IoT and IIoT traffic (28%), and OT/industrial control system traffic (14%), where specialized devices and protocols make visibility and threat detection more difficult. These environments are also often more sensitive to disruptions, making it harder to inspect traffic without impacting operational performance.

Encryption Has a Negative Impact on Security

Beyond the negative impact on visibility, encrypted traffic creates many challenges for security (and networking) teams. Ironically, though encryption was developed to strengthen security, respondents report that their number one challenge with its use is the negative impact it has on cybersecurity (55%). Trying to navigate the regulatory issues that govern encryption is the second most significant challenge for respondents (40%), while a close 39% circle back to the recurring theme of visibility impediments, with 37% also reporting that encryption has a negative impact on traffic steering. Additionally, 28% of respondents highlight performance degradation caused by decryption and inspection processes. This highlights a challenge with what could otherwise be a solution to visibility difficulties: decrypting and inspecting all traffic (within the limits of regulations). This strategy is commonly employed by SASE and SSE vendors, who recreate high-performing central gateways on cloud perimeters. 

In any case, 11% report the formidable challenge of performing network threat detection on encrypted traffic alone, and 57% perform it on both encrypted and clear traffic.

Reducing Attack Surface Should Be Higher Priority

Another indicator of the importance security teams place on closing visibility gaps is the divergence between what security teams think executive priorities are for the security organization versus what security teams think they should be. 

Here, security professionals think executives consider meeting compliance requirements as the security organization’s number two priority. However, they believe minimizing the global attack surface should actually occupy that spot (with minimizing the global attack surface being dependent on network visibility).

Security Teams Feel Unprepared & Overwhelmed

The top organizational challenge cited by respondents is inadequate in-house skills and training, followed closely by staff burnout and turnover.

Given the high importance respondents placed on AI integration in network threat detection solutions (see page 13), it is likely staff have confidence that one of AI’s benefits will be to make them feel better equipped to meet ever more sophisticated attacks.  And successfully addressing the top operational challenges of alert fatigue and poor attack surface visibility – also likely with AI support – could certainly be expected to reduce staff burnout and turnover. 

Challenges with ML/AI-Based Network Threat Detection

Of those who use ML/AI, the number one challenge cited is model selection, followed by data acquisition and data cleansing and normalization. Regarding the 4th and 5th challenges, managing drift and model tuning, vendors are providing more tools to empower users to address these natural AI lifecycle evolutions on their own, though more than one third (35%) still provide only black box access to their ML/AI solutions.

 

Very High Confidence in AI’s Value

 

A striking 71% of respondents consider it very (38%) or extremely (33%) important for network threat detection to incorporate AI. Another 23% consider it moderately important, with only 6% considering it slightly important (4%) or not important (2%).  

Part of this confidence may be tied to AI’s ability to rapidly analyze large volumes of network traffic and detect subtle patterns or anomalies—especially within encrypted or highly complex traffic—that are indicative of sophisticated attacks (which, in turn, increasingly employ AI). 

However, given that the three top operational challenges for security teams are 1) the difficulty of prioritizing alerts, 2) no (or poor) visibility into the global attack surface, and 3) unsatisfactory speed of detection and response, it is logical to assume that security teams have faith that AI can be used to address a wide variety of challenges.

Automatic Threat Scoring & Prioritization  Most-Valued Capability

Respondents place automation and simplification at the top of their must-have capabilities for network threat detection solutions. 62% of respondents see automatic threat scoring and prioritization as a must-have, while 59% value correlation of relevant data, events, and alerts into single incidents. Close behind, 57% desire automated and/or guided response processes, and 53% want their solution to automatically add contextual data to alerts. 

Against this backdrop of a deep desire for automation, it is interesting to note that generative-AI (or GenAI) assistance, which involves a collaborative dialogue between the security analyst and the AI application, comes near the end of the must-haves. It is an indicator, perhaps, that full automation is now valued more highly than interactive assistance.

Reduction in Breaches Tops KPI List

Respondents consider the reduction in the number of breaches as the most useful KPI for judging threat detection effectiveness. In a network threat detection context, this does not mean blocking threats at the perimeter, but rather finding and stopping infiltrations before data is accessed and released, exfiltrated, or encrypted. And for this, one has to be aware of breaches in order to measure their reduction over time, hence high rankings of reducing time from detection to resolution (63%), increasing  true positive detections – i.e., not missing actual threats (54%), and reducing false positives (43%), which take valuable time away from finding and stopping legitimate threats.

Broad Expansion for Anomaly Detection

Network intrusion detection systems use two principal techniques for identifying breaches. One analyzes traffic for specific patterns, or signatures, of known threats, while the other looks for anomalous behaviors. The latter typically works by creating a baseline of what normal (safe) traffic looks like, and then uses statistical and/or machine learning to detect anomalies indicative of a breach or vulnerability.

Anomaly detection is used to a limited extent in conventional IDS/IPS but is a key pillar of NDR solutions. It offers a more effective method of catching advanced threats than signatures, as hackers rapidly adapt their techniques once an attack method is exposed and codified via a signature. 

Reflecting confidence in this capacity to catch advanced attacks, 83% of all organizations say they either currently use anomaly detection (17%) or plan to do so over the next 6-24 months (66%).  15% are uncertain of their organization’s intent to use it. Only 2% report no plans for using anomalybased network threat detection.   

IDS/IPS & Specialized NTD Tools Are Popular Choices

IDS/IPS is currently the most widely deployed network threat detection tool (43%). Two other specialized threat detection tools, SIEM/SOAR and NDR/XDR, are more widely deployed than broader platforms like Secure SD-WAN, SASE and SSE. 

Furthermore, per the second question below, only a minority (36%) consider integration into a broader, multi-functional security platform to be the most effective option for their organization, while 59% cite one of three types of specialized NTD solutions (DPI-based NTA sensor, NDR, or XDR). This may change as SASE and SSE adoption continues to grow, but it would not be surprising to see continued deployment of best-of-breed NTD solutions alongside such platforms.

Commercial NIDS Preferred over Open Source

Security professionals express a preference for commercial over open source solutions (41% vs 28%), though 16% use both. The top three reasons for the commercial preference are performance and scalability, customer support, and protocol coverage. It is important to note, however, that most commercial NIDS/IPS are built upon an open source NIDS/IPS foundation. For example, the Enea Qosmos Threat Detection SDK was developed in partnership with the Open Information Security Foundation (OISF, Suricata’s maker). It tightly integrates core functionalities from Suricata with Enea’s deep packet inspection engine, the Enea Qosmos ixEngine®, to help solution developers meet the unique performance demands of commercial-grade deployments.

Snort & Suricata Most Popular Open Source NTD Tools

Snort is cited as the most frequently used open source NIDS, followed closely by Suricata. The number three most commonly cited NIDS is Zeek. These tools have been around for a long time, and all continue to evolve and to play an important role in protecting networks worldwide. 

Created in 1998, Snort was originally developed as a packet sniffer and logger and evolved to support signature- and anomaly-based intrusion detection. First released in 2010, Suricata was originally developed as a signature-based NIDS/IPS, but over time has added some anomaly detection and network security monitoring capabilities. First deployed in 1995, Zeek is a network security monitoring tool but can be used to provide some NIDS functionality.

Methodology and Demographics

This 2024 Network Threat Detection Report is based on a comprehensive online survey of 327 cybersecurity professionals, conducted in September 2024, to gain deep insight into the latest trends, key challenges, and solutions for network threat detection.

The survey utilized a methodology ensuring a diverse representation of respondents, from technical executives to IT security practitioners, across various industries and organization sizes. This approach ensures a holistic and balanced view of the insider threat landscape, capturing insights from different organizational perspectives and experiences.

 

______________________________________

About Arista Networks Arista Networks is an industry leader in zero trust networking, delivering security and observability across wired, wireless, and cloud infrastructure. Arista AVA, an AI decision support system, enables an integrated suite of security platforms for standards-based network access control, autonomous threat hunting, and identity-aware microsegmentation. Importantly, these zero trust platforms are built on network infrastructure powered by Arista EOS and NetDL, avoiding network security overlays and thus reducing costs while accelerating zero trust maturity and lowering breach impact. Arista Networks has been recognized as a market leader by Gartner, Forrester, and KuppingerCole, among others. arista.com/security

______________________________________

About Enea We are a world-leading specialist in advanced telecom and cybersecurity software with a vision to make the world’s communications safer and more efficient. As the most widely deployed Deep Packet Inspection (DPI) technology in cybersecurity and networking solutions, the Enea Qosmos products classify traffic in real-time and provide granular information about network activities. Enea also offers IDS-based threat detection capabilities as an SDK, enabling easy and tight integration with cybersecurity solutions while remaining highly flexible and scalable. Enea is headquartered in Stockholm, Sweden and is listed on NASDAQ Stockholm. enea.com/dpi-tech

______________________________________

About Custocy Custocy is a French spin-off from IMS Networks, specialised in cybersecurity software. Based in Toulouse, in the Occitanie region, it has a Research and Development team of around fifteen PhDs and engineers who have been developing an artificial intelligence engine since 2019. This engine is integrated into a SaaS platform for Network Detection and Response. Custocy has established a high-level collaboration with the LAAS-CNRS laboratory. Custocy is a laureate of the i-NOV innovation competition as part of the French government’s France 2030 plan and Bpifrance. In May 2024, Custocy was named “Product of the Year” at the Paris Cyber Show. custocy.ai

______________________________________

Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem-solving and collaboration in tackling today’s most critical cybersecurity challenges. Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges. For more information: email us info@cybersecurity-insiders.com or visit cybersecurity-insiders.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The post State of Network Threat Detection 2024 Report appeared first on Cybersecurity Insiders.

January 17, 2025 at 02:22PM

Read More

NSA issues warning to iPhone users on data security

National Security Agency (NSA) of the United States has issued a global advisory for iPhone users regarding a device setting that raises significant data security concerns. According to the agency, this setting could enable third-party applications and hackers to conduct remote surveillance on users’ devices, making it a serious cybersecurity risk.

To mitigate these risks, the NSA is urging iPhone users to review and adjust their privacy settings. Specifically, users are advised to limit location-sharing permissions by allowing access only when an app is actively in use. Additionally, users should disable advertising permissions for downloaded apps and reset their device’s advertising identifiers regularly.

The location-sharing feature, if not carefully managed, can expose users to privacy breaches. Hackers and third-party entities can exploit this setting to track a user’s movements, activities, and locations in real-time. For instance, they can monitor behavior at public spaces like shopping malls, workplaces, or coffee shops.

The NSA’s concerns extend beyond Apple devices, as similar vulnerabilities exist within the Android ecosystem. Many applications request location access unnecessarily, often for purposes unrelated to their functionality. For example, the widely-used glucose monitoring app in Britain has been criticized for collecting location data under the guise of “development purposes.”

Adding to these concerns, a recent cybersecurity breach at Gravy Analytics, a prominent location-tracking firm, highlighted the dangers of unregulated data collection. The attack resulted in a data leak that exposed sensitive location information, including details about political leaders from the White House, Kremlin, Vatican, and other critical sites like military bases.

Such breaches can have severe implications. Cybercriminals can use leaked data to map or target individuals, including those in military or defense roles, journalists covering sensitive topics, or high-profile individuals. For example, during the recent Los Angeles fires, several celebrities lost their homes, and data from such events can potentially become tools for malicious actors.

To safeguard your privacy, it is essential to remain vigilant about app permissions and regularly review device settings. The NSA’s warning serves as a timely reminder for all users to prioritize data security in an increasingly connected world.

The post NSA issues warning to iPhone users on data security appeared first on Cybersecurity Insiders.

January 17, 2025 at 11:13AM

Read More

How Video-Based Training Drives Compliance in Cybersecurity Policies

Cybersecurity threats are becoming more sophisticated, posing significant risks to organizations of all sizes. With sensitive data and critical systems at stake, employee compliance with cybersecurity policies is crucial to mitigating these threats. One effective way to ensure compliance is through video-based training, a dynamic tool that engages employees and simplifies complex cybersecurity concepts.

The Role of Video-Based Training in Cybersecurity Compliance

Video-based training offers distinct advantages over traditional methods like manuals or slide presentations. Videos are engaging, accessible, and easy to update, making them an ideal medium for critical training.

Studies show that employees retain information better when it is presented through video. For example, a report by Forrester Research found that employees are 75% more likely to watch a video than read a document. Additionally, video training can cater to diverse learning styles, combining visuals, audio, and interactivity to ensure all employees understand essential cybersecurity practices. Tools like a video editor can further enhance the quality and customization of training content, ensuring it meets an organization’s specific needs.

Real-World Examples of Successful Video-Based Cybersecurity Training

A study by Proofpoint demonstrated that a northeastern U.S. college achieved a 90% reduction in successful phishing attacks after implementing interactive training and simulated phishing exercises.

Additionally, a global consumer goods company reported a significant decrease in phishing incident risk by automating their phishing awareness training, leading to improved employee recognition and response to phishing threats.

These cases highlight the effectiveness of video-based and interactive training methods in enhancing cybersecurity compliance

Key Benefits of Video Training for Cybersecurity Compliance

Enhanced Accessibility

Video-based training allows employees to learn at their own pace. Whether in the office or remote, on-demand access ensures no one is left behind.

Consistency in Messaging

With video training, every employee receives the same information, reducing the risk of inconsistencies that can arise with in-person sessions.

Tracking and Analytics

Video training platforms often include analytics tools to track progress. Organizations can monitor completion rates, quiz scores, and compliance metrics to identify areas that need improvement. To optimize storage and sharing, compressing videos can reduce file sizes without sacrificing quality, making the training videos more accessible.

How to Create Effective Cybersecurity Training Videos

Step 1: Identify Key Training Objectives

Start by pinpointing the most critical topics, such as phishing awareness, password hygiene, and proper data handling practices.

Step 2: Simplify Complex Topics

Break down technical jargon using animations, infographics, and real-world examples. For instance, use a simple animation to explain how malware spreads.

Step 3: Incorporate Scenarios and Role-Playing

Show employees real-life situations they might face, such as spotting a suspicious email or responding to a potential data breach.

Step 4: Add Interactive Elements

Interactive features like decision-making scenarios or clickable sections can boost engagement and help employees apply their knowledge.

Step 5: Ensure Accessibility

Make videos inclusive by adding subtitles, offering multilingual options, and ensuring compatibility with screen readers.

Step 6: Continuously Update Content

Cybersecurity threats evolve rapidly. Regularly updating videos ensures employees are prepared to handle the latest risks and comply with new regulations. A video editor can streamline the process of updating existing content, ensuring it stays relevant and impactful.

Measuring the Success of Video-Based Training

To gauge the effectiveness of video training, organizations can track key performance indicators (KPIs) such as:

• Completion Rates: The percentage of employees who finish the training.
• Assessment Scores: Results from quizzes or simulations embedded in the videos.
• Compliance Metrics: Changes in the number of reported incidents or compliance violations.

Regular assessments and follow-ups can reinforce key concepts, while employee feedback helps refine the training material.

The Future of Cybersecurity Training with Video Technology

Emerging technologies are poised to transform video training. AI video generators can personalize training for employees, while virtual reality (VR) and augmented reality (AR) offer immersive experiences for hands-on learning. Microlearning modules, which deliver short and focused lessons, will cater to employees with limited time.

These advancements will make video training even more effective in combating increasingly sophisticated cybersecurity threats.

Take Away

Video-based training is a powerful tool for driving compliance with cybersecurity policies. Its engaging format, accessibility, and ability to simplify complex topics make it an invaluable asset for organizations. By adopting video training, businesses can build a culture of security awareness and better protect themselves against cyber threats.

Start implementing video-based training today to safeguard your organization’s future.

 

The post How Video-Based Training Drives Compliance in Cybersecurity Policies appeared first on Cybersecurity Insiders.

January 17, 2025 at 10:57AM

Read More

GoDaddy falls into FTC Data Breach radar

GoDaddy, a prominent web hosting service provider trusted by millions of customers to host their websites, has long been recognized as a digital enabler for small businesses. However, recent security lapses have tarnished its reputation, drawing the attention of the Federal Trade Commission (FTC).

The FTC has reprimanded GoDaddy for its failure to implement robust security controls, which left its platform vulnerable to cyber threats. These deficiencies have allegedly been ongoing since 2018, exposing customers to significant risks. In response, the watchdog has directed GoDaddy to establish a comprehensive information security program to address these issues.

Allegations of Misleading Compliance Practices

In addition to its security failures, GoDaddy is accused of overstating its compliance with privacy frameworks, including those governed by the European Union, Swiss, and U.S. privacy regulations. These frameworks mandate specific security measures to safeguard personal data, which GoDaddy reportedly failed to uphold. This discrepancy raises questions about the company’s commitment to protecting sensitive customer information.

Multiple Data Breaches Exposed

Between 2019 and 2022, GoDaddy’s domain management platform suffered multiple data breaches. Investigations revealed that hackers exploited these vulnerabilities to gain unauthorized access to customer information. In some cases, cybercriminals redirected website visitors to malicious sites, compromising the trust and operations of affected businesses.

The FTC’s probe attributed these breaches to GoDaddy’s inadequate management of its IT infrastructure. The company reportedly neglected critical tasks, such as timely application of software patches, which could have mitigated these threats. These oversights have not only jeopardized customer data but also called into question GoDaddy’s ability to uphold cybersecurity standards.

FTC’s Mandates for Strengthened Security

The FTC has issued strict directives to GoDaddy to address these shortcomings. The hosting provider is now required to develop a comprehensive security program aimed at securing its platform and protecting the confidentiality, integrity, and availability of customer data.

Additionally, the company must engage an independent third-party assessor to evaluate its security controls. This assessment will occur biennially to ensure ongoing compliance. A specialized five-member team has also been tasked with negotiating penalties and outlining further corrective measures. This move was widely anticipated as a necessary step to restore trust and accountability.

A Wake-Up Call for the Industry

GoDaddy’s case serves as a stark reminder for businesses across the digital landscape about the importance of rigorous cybersecurity measures. As cyber threats evolve, maintaining a proactive approach to IT asset management and compliance is crucial to safeguarding sensitive data and sustaining customer trust.

The post GoDaddy falls into FTC Data Breach radar appeared first on Cybersecurity Insiders.

January 16, 2025 at 08:33PM

Read More

North Korea targeting software developers with Malware

Lazarus Group, a notorious hacking collective believed to be funded by North Korea’s government, is now shifting its focus to target software developers and freelancers through malware campaigns. Their strategy is straightforward: they aim to deceive victims and infiltrate their company networks. For freelancers, the situation is different, as Lazarus hackers are using malicious software to turn infected devices into part of a botnet.

In both scenarios, Lazarus benefits by extracting money from the victims, which in turn supports North Korea’s ongoing efforts to fund its leader Kim Jong-un’s nuclear ambitions.

The group’s method is clear: they begin by sending fake recruitment emails via LinkedIn or other job portals to software developers. These emails direct victims to platforms like GitLab Repositories, disguised as web coding or cryptocurrency blockchain projects, which in reality deliver malware.

So far, the campaign, dubbed “Pay99,” has primarily targeted countries such as Argentina, Brazil, Egypt, France, Germany, India, Indonesia, Mexico, Pakistan, the Philippines, and the UK. However, it is likely that the campaign will soon extend to other regions, including Australia, the United States, and Canada.

North Korea has been engaged in such cyber activities for years, as they provide a financial lifeline to the country, which is under significant international sanctions. The nation’s citizens, under the strict rule of Kim Jong-un, do not question the leader’s actions. Kim has been known to launch cyberattacks to steal cryptocurrencies, particularly Bitcoin, which recently surpassed $90,000 per unit.

By utilizing these cyberattacks, North Korea is generating substantial income to sustain its military and economic needs, all while evading the impact of international sanctions.

One notable attack involves a fake recruitment email campaign, where profiles are generated by artificial intelligence. These profiles appear highly realistic, making it difficult for recipients to recognize the threat.

The post North Korea targeting software developers with Malware appeared first on Cybersecurity Insiders.

January 16, 2025 at 10:40AM

Read More

Legacy VPN Vulnerabilities and the Rise of ZTNA

In recent years, the cybersecurity landscape has witnessed a series of high-profile vulnerabilities affecting popular VPN solutions, including two major vendors. These incidents have underscored the limitations of traditional VPN architectures and accelerated the adoption of Zero Trust Network Access (ZTNA) principles.  

Vulnerabilities

• Vendor A: Multiple critical vulnerabilities, including remote code execution flaws, have been discovered in Vendor A’s firewall software. Threat actors have actively exploited these vulnerabilities to gain unauthorized access to sensitive systems and data.
• Vendor B: Several critical vulnerabilities have also been identified in Vendor B’s VPN appliances, enabling attackers to remotely execute code and compromise vulnerable systems. These vulnerabilities have been widely exploited, resulting in significant security breaches across various organizations.

The Devastating Cost of Breaches

The financial and reputational damage caused by these breaches is staggering and continuously escalating.  

Direct Costs:

• Incident Response: Costs associated with investigating the breach, containing the damage, and restoring systems can be immense. This includes hiring forensic investigators, legal counsel, and cybersecurity consultants.
• Ransomware Payments: Organizations may feel pressured to pay ransoms to regain access to critical data, further enriching cybercriminals.  
• Data Recovery and Restoration: Recovering lost or corrupted data and restoring systems to their pre-breach state can be time-consuming and expensive.
• Legal and Regulatory Fines: Non-compliance with data privacy regulations (e.g., GDPR, CCPA) can result in hefty fines and legal penalties.  

Indirect Costs:

• Loss of Business: Disruptions to operations, downtime, and loss of productivity can significantly impact revenue.  
• Reputational Damage: Data breaches erode customer trust, damaging brand reputation and potentially leading to customer churn.  
• Increased Insurance Premiums: Following a breach, insurance premiums for cyber liability coverage often rise significantly.  
• Lost Business Opportunities: Damaged reputation can hinder new business deals and partnerships.  

The Impact on VPN Security

These vulnerabilities have highlighted several key weaknesses of traditional VPN solutions:

• Large Attack Surface: VPN appliances often have a large attack surface due to their complex configurations and numerous features.  
• Difficulty in Patching: Keeping VPN software and firmware up to date with the latest security patches can be challenging, especially in large organizations with diverse IT environments.
• Reliance on Perimeter Security: Traditional VPNs rely heavily on perimeter security, which can be easily bypassed by sophisticated attackers who have already infiltrated the network through other means.  

The Rise of ZTNA

In response to these challenges, Zero Trust Network Access (ZTNA) has emerged as a promising alternative to traditional VPNs. ZTNA is based on the principle of “never trust, always verify,” meaning that access to resources is granted based on the identity and context of the user or device, rather than their location on the network.  

Key Benefits of ZTNA:

• Reduced Attack Surface: ZTNA solutions have a smaller attack surface compared to traditional VPNs, as they only expose specific resources to authorized users on a need-to-know basis.  
• Enhanced Security: ZTNA incorporates multiple layers of security controls, including multi-factor authentication, device posture checks, and least privilege access. This minimizes the blast radius of a successful compromise.  
• Enhanced Visibility and Control: ZTNA solutions provide granular visibility into user activity and access patterns, enabling organizations to detect and respond to threats more quickly. 

The Future of Network Security

The vulnerabilities in the affected vendors have served as a wake-up call for organizations to re-evaluate their network security strategies. While VPNs will continue to play a role in some use cases, ZTNA is poised to become the de facto standard for secure remote access.

Organizations that adopt ZTNA can significantly reduce their risk of cyberattacks and improve their overall security posture. As the threat landscape continues to evolve and the cost of breaches continues to rise, ZTNA will be critical for ensuring that organizations can protect their sensitive data, maintain business continuity, and thrive in an increasingly digital world.  

Time to Recover: A Critical Factor

The time it takes to recover from a cyberattack can significantly impact an organization’s bottom line.

• Disruption to Business Operations: Every hour of downtime can translate to substantial financial losses due to lost productivity, missed sales opportunities, and damage to customer relationships.  
• Reputational Damage: The longer a breach remains unresolved, the greater the potential for reputational damage to spread and erode customer trust.
• Increased Costs: The longer an attack persists, the higher the costs associated with incident response, data recovery, and business disruption.  

Conclusion

The vulnerabilities in the affected vendors have highlighted the critical need for organizations to adopt a more secure approach to network access. ZTNA offers a promising alternative to traditional VPNs, providing enhanced security, flexibility, and reduced risk. 

As organizations continue to embrace digital transformation, ZTNA will play a crucial role in ensuring that their networks remain secure and resilient in the face of evolving cyber threats.  

 

The post Legacy VPN Vulnerabilities and the Rise of ZTNA appeared first on Cybersecurity Insiders.

January 15, 2025 at 11:45AM

Read More