FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Friday, April 30, 2021

How to ensure security and trust in connected cars

The cars we drive today have become truly connected objects, capable of a variety of functionalities that both users and manufacturers could have only dreamed of in past decades. Whether it is detecting tiredness, alerting the driver of potential dangers or in-car entertainment systems, the level of innovation that is found in modern vehicles is nothing short of staggering.

Connected cars are an untapped well of potential, this being indicated by the fact that the connected vehicles market is projected to reach $166 billion by 2025. However, with increased connectivity in our cars, new challenges are arising for both manufacturers and users.

For example, these vehicles are dependent on consistent connectivity in all conditions, from dense urban environments to remote rural locations. They must be able to transmit data rapidly and reliably. What’s more, the range of data that can be stored by connected cars is broad – from contact details and addresses, to Wi-Fi passwords and many other things. Thus, challenges concerning data protection have become even more pressing. A recent survey found that 80% of drivers failed to remove their personal data from their vehicles before selling them. This, combined with the fact that many connected cars contain up to 100 million lines of code, leaves cars, drivers and manufacturers exposed to hackers.

In this sense, the challenge for original equipment manufacturers (OEM) is twofold: ensuring high-quality, around-the-clock connectivity in all conditions while providing high-level cybersecurity and data protection protocols across the value chain.

In this blog, we focus on a few aspects which are essential to ensuring robust connectivity and security within connected vehicles including cellular connectivity, security-by-design, digital identity, regulation and lifecycle management.

Technologies that enable connectivity in cars

With new functionalities being embedded in connected cars every year, connectivity is becoming a primary concern for manufacturers. This is because connectivity, whether it is Wi-Fi, Bluetooth, LPWAN or cellular, is the foundation for the interaction and communication between the vehicle and its environment, nearby infrastructure and the cloud. This is a concept which is known as V2X or ‘Vehicle-to-Everything’. Without good connectivity, critical safety services such as accident prevention and eCall emergency call solutions would not be possible.

Why cellular?

Whether it’s NB-IoT, LTE-M or 4G and 5G, cellular can provide the most reliable and stable connectivity in different environments.

With further developments in mobile connectivity, experts believe that 5G is best able to deliver the long-term potential of smart transportation. With unparalleled speeds, low latency and capacity which should be able to support one million connected devices per square kilometre, the technical capabilities offered by 5G will allow manufacturers to push connected car technology to new limits.

The role of eSIM

With a crucial need for connectivity to maintain the safety of drivers, one piece of technology that is an essential part of enabling safety and trust is the embedded SIM (eSIM).

These devices provide a secure element within connected cars to manage the vehicle’s mobile network operator subscriptions. In other words, eSIMs identify vehicles within networks, and provide the basis for global connectivity. By using eSIMs, connected cars are able to support functionalities such as vehicle telematics and navigation.

Furthermore, they also have the capacity to enable cars to instantly connect with cellular networks anywhere in the world, meaning they can operate in different countries without having to have new settings applied for each country visited.

Reliable connectivity is the fundamental basis that enables these innovative services to enhance driver experience and safety. However, with increased connectivity comes more vulnerable threat points that can be exploited by hackers. Consequently, robust cybersecurity protocols are needed to enable drivers to trust their connected vehicles.

How to ensure cybersecurity and trust in connected vehicles

The importance of cybersecurity in connected cars was succinctly summarised by Sir Ralf D. Speth, former CEO of Jaguar Land Rover, when he declared, ‘In a connected world, cybersecurity is as fundamental to your safety as the brakes’.

Cyberattacks can affect any party along the value chain, from the car user to the manufacturer. Having numerous points of entry has meant that the number of cybersecurity incidents involving connected cars has increased dramatically.

Like any other IoT device, connected cars need to have built-in security from the start, also known as security-by-design. This includes securing the firmware and software applications of the car using public key infrastructure (PKI) among other tools, key management services and identity issuance. PKI also uses encryption, authentication and identity checks to keep the data moving securely to and from the vehicle.

Furthermore, digital IDs allow manufacturers to protect the different components within a connected car’s ecosystem by making sure that all data that is transmitted between components is securely authenticated. Guarding the in-car system is ultimately as important as protecting the user’s information, as unsecured components within a connected car can allow hackers to gain access to the vehicle. Digital ID technology can also enable manufacturers to issue over-the-air updates which can further protect the car and its user from hackers. What’s more, the use of these updates allows the manufacturer to ensure that all components within the vehicle are operating at optimal performance, limiting the chances of the car needing to come in for a service.

Managing the data over the lifecycle of the connected vehicle is another key component of ensuring trust. Manufacturers need to make it possible to remotely update, patch and improve applications and embedded devices within connected cars. This will allow to not only keep connected vehicles working at an optimal performance but will protect them from cyberattacks while ensuring an enhanced user experience.

Regulation is also an important aspect of ensuring security and trust in connected vehicles. Regulatory frameworks such as UNECE WP29 are essential in supporting efforts to provide innovative vehicle technologies that not only enable vehicle safety but also make modern cars kinder to the environment.

By ensuring reliable connectivity and trusted cybersecurity, connected cars can become the standard of transportation in the modern world, enabling fantastic functionalities which drastically improve driver experience while protecting all parties involved, from the driver to OEMs and manufacturers.

Find out more about vehicle connectivity and cybersecurity in this automotive whitepaper.

Follow us @ThalesDigiSec for future content on all things connected cars!

The post How to ensure security and trust in connected cars appeared first on Cybersecurity Insiders.


May 01, 2021 at 09:09AM

Tom Cruise, TikTok and Fraud: How to combat DeepFakes

Earlier this month, popular Hollywood actor Tom Cruise was trending on social media not because of a new film that he’s working on, but thanks tTikTok videos that went viral, generating many reactions from users around their authenticity.  

In one of the clips, Cruise is showperforming a magic trick with a coin, ending with him saying “It’s all the real thing”, and on others he could be seen golfing or tripping over a carpet.  

While this gimmick may be amusing at first viewing, the use of deepfakes as means to defraud unsuspecting victims has become an alarming trend that has increased since their emergence in late 2017. In a famous case, one business leader fell victim to a deepfake scam where fraudsters impersonated a trusted business partnermanipulating the CEO into transferring $243,000 to the scammers’ account. 

So, the idea of these entertainment videos delivered by a deepfaked Tom Cruise had an additional benefit alongside the levity – of raising awareness around trust and misinformation. What’s more, the creator of the videos said in an interview recently that he created them in order to raise awareness to the continued evolution of the technology that can create incredibly realistic fake videos of people’.  

In this blog, we look at the rise of deepfakes and how businesses and consumers alike can protect themselves. 

What are deepfakes? 

Deepfakes are sophisticated forgery of an image, video or audio recording that could often be difficult to detectThey are made to look and sound authentic by using deep learning technology and AI algorithms. 

Deepfakes first came into prominence in 2018 when a developer adapted AI techniques to create software that can swap one person’s face for another. This technology quickly grew in popularity, and now there are a number of applications which allow users to substitute their face for that of a celebrity just by using a single photo.  

It’s worth noting that sophisticated deepfaked videos are very difficult to create. For examplethe creator of Tom Cruise’s videos had to spend over two months training an AI programme by feeding it with a huge number of images of the actor in order to create a realistically looking replica.  

Deepfakes are currently most widespread on social media where users usually quickly glance through an image or a video and often don’t think twice if the visuals they’ve been exposed to are real. Experts say that watching deepfake videos on a small screen like a smartphone or a tablet are more likely to look realistic rather than if you watched them on your TV or a bigger screen.  

While deepfakes are still largely restricted to jokes and pranks, fraudsters have begun to wise up and exploit the technology for malicious purposes. For example, synthetic voice impersonation has been used to defraud companies and business leaders, tricking them into giving away sensitive information or transferring money. Fraudsters are also turning to synthetic identities, using deepfaked images and videos, to open fake accounts with financial institutions. According to McKinseythis type of fraud is already the fastest growing type of financial crime in the U.S.  

How to protect your business from deepfake fraud 

Due to new levels of sophistication, deepfakes are able to bypass traditional anti-fraud measures as they fail to distinguish between what is real and what isn’t. With these attacks continuing to grow in frequency, it’s more important than ever for businesses to take precautionary measures.  

When it comes to financial servicesthese businesses need to ensure they have strong and secure authentication process in place for customers to avoid becoming a victim. Furthermore, the use of secure onboarding processes with biometric verification such as facial recognition, can act as means to reduce the number of fake accounts opened using synthetic identities.  

The liveness detection capabilities of biometrics mean that the system is able to detect if a face or a fingerprint is real or fake by using algorithms that analyse data collected from biometric scanners and readers. The combination of several biometric modalities such as face, voice, iris and even including a form of behavioural biometric, will add an inherent element of identification to the authentication process.  

Overall, deepfake fraud can be combatted by harnessing the very AI and deep learning techniques that make the technology so convincing. Algorithms are currently being trained to recognise minor inconsistencies such as unexpected shadows, too much glare on glasses, too much/ too little blinking, etc., and major technology companies such as Facebook and Microsoft have committed to fighting this type of fraud. In fact, Microsoft recently announced it has developed a tool that analyses photos and videos to give a confidence score about whether the content has been artificially created.  

Hopefully, while amusing for many, the TikTok videos of a deepfaked Tom Cruise managed to serve the purpose they were created for – raise awareness of synthetic media and the misuse of technology 

What do you think of deepfake technology and its (mis)uses? Let us know in the questions below or by tweeting us @ThalesDigiSec.    

The post Tom Cruise, TikTok and Fraud: How to combat DeepFakes appeared first on Cybersecurity Insiders.


May 01, 2021 at 09:09AM

Was SUNBURST really a Zero-day attack?

Most companies affected by the SolarWinds attack learned about it from the Department of Homeland Security. Wouldn’t it have been better for them to have learned from their MSP/MSSP before DHS came calling? With Stellar Cyber, you would have known right away.

The reason this breach was so successful was that the attackers leveraged a trusted source – the software manufacturer – to get their code installed inside the customer’s network on the SolarWinds server, via a product update.  This is not that different from phishing or brute force attacks that compromise trusted servers or users to deploy their tool kits.  Once the code is installed inside the network, the attackers carefully scan it for additional devices.  Next, they begin to exploit the additional assets they find during the scan. Their ultimate goal is to find a database that contains sensitive data that they can stage for exfiltration.

Taken individually, many of these actions would either
1) not trigger an alert at all or
2) create multiple unrelated alerts.
What was missing was the correlation of events from many different data sources, to piece it all together into a complete event.

Once the SUNBURST attack was made public, Stellar Cyber simulated it in our lab within 12 hours of the announcement.  What we found is that our Open XDR intelligent SOC platform identified the event immediately, leveraging our native machine learning-based detections to correlate and detect this specific threat.  We also utilized the existing tools in the environment to detect all of the lateral movement and other significant actions taken by the attacker.

Another issue that made this event even more threatening was that the SolarWinds tool set keeps a complete record of all of the devices in the environment and their patch level. Once it was compromised by the update, it provided the attackers with a roadmap to the other devices, so they knew exactly which exploits would load successfully.  It is the same strategy that attackers used to target other RMM manufacturers last year.

This use case illustrates that for your service to move beyond manual rules-based detection, not all machine learning solutions are created equal.  Stellar Cyber does not simply ingest logs and attempt to make sense of them.  We very carefully extract the security metadata from the original log source, add in multiple sources of threat intelligence on every relevant aspect of the metadata, and create a single record format before it is analyzed. Next, we leverage supervised, unsupervised, and adaptive ML models to detect variances from normal, and correlate them into actionable security events, enabling you to protect your customers BEFORE they hear from Homeland Security.

The post Was SUNBURST really a Zero-day attack? appeared first on Cybersecurity Insiders.


May 01, 2021 at 01:30AM

Introducing the world’s first SIM made of 100% recycled plastic from old refrigerators

In this blog, I am joined by my colleague Christelle Toureille, VP Telecom SIM cards here at Thales, to discuss the latest innovation in removable SIM cards.

Sébastien Violette (SV): Before delving into the specifics of our new Eco SIM it is important to understand why we felt there was a need to make SIM cards more eco-friendly. As a global enterprise, we are acutely aware of our role in providing our markets with products that are more sustainable and waste less of the earth’s precious resources – particularly when it comes to plastic. With at least eight million tons of plastic ending up in our oceans every year, we are more aware than ever before just how much of a role humans are playing in damaging fragile ecosystems with man-made products that take hundreds of years to biodegrade.

Christelle Toureille (CT): That’s exactly right, for example, although SIM cards weigh only around 4 grams each, with approximately 4.5 billion SIM cards manufactured each year (ABI Research – Sept. 2020), we estimate they contribute to about 20,000 tons of PVC and other polymers, being created annually. Shockingly, this is the equivalent of two Eiffel Towers worth of plastic amassing each year just from SIM cards creation alone.

With this in mind, we asked ourselves how we could reduce the carbon footprint of our own SIM card production. To make this vision a reality, we decided to approach Veolia (a leader in waste treatment), and together, we tried to find a more environmentally friendly process for making SIM cards that would still be as reliable and secure as the current market offering.

Using recycled material

(SV): When looking to develop a product using recycled materials there are two key routes a business can take: pre-consumer and post-consumer. Pre-consumer recycled material refers to the recycling of industrial waste that never made it into consumers hands, such as scraps, discards, and trimmings. The problem with using pre-consumer materials is that sometimes it’s not truly regarded as recycled material as instead it involves finding a purpose for manufacturing scrap.

Post-consumer recycled material on the other hand refers to the waste that’s been used and disposed of by a consumer. This form of recycling is considered to have more sustainable benefit as if the materials were not recycled, they would instead end up in landfill.

(CT): For our new Eco SIM we decided to choose post-consumer materials – turning polystyrene waste from broken refrigerators into pellets, which are then used to manufacture the SIM card body. It took us three years of co-development to fine-tune the right ‘formula’ but now, with this process in place, there is no need to produce ‘new’ PVC/polymer.

In addition, to the SIM card body itself now being made from 100% recycled materials, we’re also committed to offsetting the carbon footprint of other non-recyclable components of the eco SIM (such as the electronic components) to achieve a carbon neutral footprint. Therefore, when purchasing the Eco SIM, mobile operators and consumers also contribute towards renewable energy and reforestation projects, certified by Natural Capital Partners. To top it off we’ve also included eco-friendly SIM packaging.

“Thales Eco SIM is the world’s first SIM card, made of 100% post-consumer recycled plastic from old fridges”

The importance of environmental innovation

(SV): There is a real ecological awareness in our societies today, both at the level of citizens and companies. With March being the month where both Global Recycling Day and Earth Hour take place, this month is a great opportunity to highlight the importance of recycling and other environmentally friendly initiatives and the impact they can have on driving towards a more sustainable society.

(CT): Indeed, this innovation targets those mobile operators looking for real sustainable strategies and are willing to reduce the impact of their SIM card activity. As part of their sustainable strategies, eco SIM lets mobile operators reduce the environmental impact of their SIM card activity, while improving brand awareness in front of the end customer. It has been great to see mobile operators really supporting this drive to go greener and understanding how the eco SIM can help them with their ESG goals (Environmental, Social, and corporate Governance).

Let’s take the case of Orange in Belgium – the first telecom operator in the world to introduce the new Thales’ eco SIM in Q4 of 2020. Since 2006, Orange Belgium has deployed an ambitious Corporate Social Responsibility strategy to reduce its environmental impact, which saw for instance an overall reduction of CO2 emissions by almost 80%.

Their CEO, Xavier Pichon, told us that “As a responsible telecom operator, the company strongly believes in a relevant usage of technology to address societal challenges. By introducing this new generation of SIM cards, Orange Belgium is at the forefront, worldwide, of the fight towards more sustainable business practices. It allows us to further reduce our environmental footprint, next to other major efforts we’re making into reducing our energy consumption, our CO2 emissions and our waste production.”

As a mobile operator, what’s your view here? Let us know your thoughts and feedback by tweeting to us at @ThalesDigiSec or leaving a comment below.

You can also read our other related resources on Eco SIM here and eco-friendly SIM packaging here:

The post Introducing the world’s first SIM made of 100% recycled plastic from old refrigerators appeared first on Cybersecurity Insiders.


April 30, 2021 at 09:09PM

Who has the smartest home in cinema history?

Last weekend, we saw the biggest night of the year for actors and filmmakers across the world, the Oscars, unfold on Sunday evening (or very early Monday morning for those in Europe). So, in the spirit of celebrating the silver screen, we decided to look into popular films that feature smart homes and see whether these concepts and technologies reflect today’s reality.

From Tony Stark’s Malibu Mansion to the quirky abode inhabited by Wallace and Gromit, we dive deep into the magic of cinema to discover what can be considered the smartest home in film history.

The McFly family home – 2015 version (Back to the Future part 2)

Great Scott! Is that a pizza hydrator???

Starting off with an all-time classic, audiences were wowed by the futuristic setting portrayed in the sequel to the original Back to the Future.

After becoming separated from Marty in the 2015 version of Hill Valley, his girlfriend, Jennifer, finds herself trapped in the future abode of the McFly family.

While fitted with appliances that oddly combine a retro-yet-futuristic aesthetic, the future McFly home displays many technologies that we see in homes of 2021.

This includes a smart TV that doubles as a webcam (a particularly useful technology in 2021), voice-activated appliances (in this case a pizza hydrator and a fruit basket), and smart glasses used by Marty and Jennifer’s future children. Overall, the McFly household of 2015 is full of smart technology which is not too dissimilar to some of the technology available today.

(Side note: We didn’t forget the iconic time-travelling DeLorean, however, this sadly does not count as part of a home).

Smart rating: 8/10

Officer K’s apartment (Blade Runner 2049)

Despite the monochromatic colour scheme of a futuristic Los Angeles, Officer K’s apartment from Blade Runner 2049 gives the audience a brief insight into what one could expect of apartments of the not-too-distant future (certainly more so than Deckard’s apartment from the original 1982 cult classic).

While fairly minimalist in design, the star of K’s urban homestead is Joi, a holographic companion powered by artificial intelligence (AI) who figures to be K’s girlfriend.

Whether it’s ‘cooking’ virtual meals to compensate for the gruel K treats himself to, or lighting K’s cigarette at the touch of her finger, Joi stands an almost-human Alexa/Cortana replica.

However, the technology within K’s flat does not extend further than his holographic partner, apart from an excessively powerful shower and a surround sound system which quietly plays Frank Sinatra in the background. When compared to current technology, Officer K’s apartment reaches a similar standard to the technology-filled homes of today. For that reason, its smart rating is weaker compared to other homes on this list.

Smart rating: 5/10

Tony Stark’s Malibu mansion (The Iron Man Series)

Billionaire, philanthropist, and owner of a smart home, Tony Stark certainly knows what he wants when it comes to decking out his Malibu mansion with cutting edge smart technology.

Like Officer K, Tony Stark is never alone in his house, kept busy by his personal assistant Jarvis. Similar to Alexa but with the charming personality of actor Paul Bettany, Jarvis is burdened with the unenviable task of trying to schedule Stark’s hectic life, as well as be his top assistant when it comes to constructing his various gadgets (namely his Iron Man suits).

Aside from his stupendous second-in-command, Stark’s mansion is littered with technology that one could only dream of having in their home. From its 3D holographic projectors, a fully kitted out workshop to build gadgets in, to even the underappreciated Dum-E and U robots, Stark’s mansion is almost unparalleled in its diverse repertoire of smart technology. Compared to contemporary standards, Stark’s mansion blows the smart homes of today into outer space, let alone out of the water.

Smart rating 10/10

Wallace and Gromit’s house (Wallace and Gromit)

While their inventions may not be high-tech or ‘useful’ in a conventional sense, the contraptions throughout Wallace and Gromit’s house are certainly smart in their own unique way.

Aside from building a rocket and flying to the moon, the inventor and his trusty hound have more than leaned into incorporating smart technology into their house.

Whether it’s the ‘snoozeatron’ to help Wallace get his beauty sleep or the infamous wrong trousers, Wallace and Gromit, in their various iterations since their first grand day out in 1989, have slowly kitted out their home to resemble a smart home heavily geared towards making life easier.

While I sadly don’t own a pair of automated trousers, I can definitely see the value in the snoozeatron or the ‘autochef’, providing the latter doesn’t cover me in scrambled eggs! But, by today’s standards, with many homes fitted with cutting edge IoT technology, Wallace and Gromit’s distinctly analogue house is far from what we would call a traditional smart home.

Smart rating: 6/10 (depending on whether you like cheese or not)

What’s your favourite smart home in cinema history? Let us know in the comments below and make sure to follow us at @ThalesDigiSec!

The post Who has the smartest home in cinema history? appeared first on Cybersecurity Insiders.


April 30, 2021 at 09:08PM

Ransomware Task Force of 60+ Members From Industry, Government, Law Enforcement, Civil Society, and International Organizations Publishes Comprehensive Framework to Combat Ransomware

SAN FRANCISCO & WASHINGTON–(BUSINESS WIRE)–Today, the Institute for Security and Technology (IST) is publishing the Ransomware Task Force’s (RTF) comprehensive framework for action, the result of a coalition of 60+ experts from software companies, government agencies, cybersecurity vendors, financial services companies, civil society, and academic institutions. Combating Ransomware – A Comprehensive Framework for Action provides 48 practical recommendations to curb the rampant spread of this increasingly destructive type of cybercrime. Our comprehensive recommendations assign a role to everyone, from U.S. and international leaders to industry, lawmakers, and civil society.

“The imperative could not be more clear; it’s time to increase prioritization of action and limit the damage inflicted by these attacks,” said Philip Reiner, Executive Director of the RTF and IST CEO. “In the past 12 months alone, we’ve seen ransomware attacks delay lifesaving medical treatment, destabilize critical infrastructure, and put our national security at risk. We felt an urgent need to bring together world-class experts across sectors to create a framework that government and industry can pursue to disrupt the ransomware business model and mitigate the impact of attacks.”

Ransomware is an international cybercrime that is multiplying in frequency and severity. These attacks are executed by criminals around the world who are willing to target schools, hospitals, businesses, and governments alike. This is not a problem that can be solved by any one entity alone, and it is not a threat that can wait for piecemeal solutions. Public and private leaders and organizations must act now, and in unison, to curb this dangerous criminal enterprise.

A crime that threatens so many sectors required a diverse body of experts to develop unique solutions. The RTF was proactively convened with representatives across disparate sectors, large and small, public and private. This breadth of expertise led to deeply informed solutions that, taken together, form a comprehensive strategy to quell the ransomware crisis.

The recommended framework consists of four priority goals; to deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; to disrupt the ransomware business model and decrease criminal profits; to help organizations better prepare for ransomware attacks; and to respond to ransomware attacks more effectively. The 48 recommended actions provide guidance for dealing with the complexities of the ransomware epidemic, from the role of cyber insurance, to cryptocurrency, to safe havens for threat actors.

These actions must be carried out in full, and as a collaborative, cohesive strategy, as each element on its own is insufficient to address this growing problem. The RTF’s recommended framework is not for siloed action; it will take the coordinated effort of many stakeholders to accomplish these four critical goals, which each fill a gap in the current approach to ransomware mitigation.

We at IST are honored to have the opportunity to convene and work with this groundbreaking coalition. We thank the RTF members who volunteered their immense time and care for this effort, and whose lively discussions led to these actionable recommendations. The Ransomware Task Force represents the many people who dedicate themselves each day towards making the ransomware problem less of a threat. We remain indebted and grateful to all you do.

The time for concerted, coordinated action is now. We urge every stakeholder to read this report, and to join IST and the entire RTF coalition in ransomware mitigation efforts, now and until the threat of ransomware no longer looms over the heads of citizens, teachers, businesses, hospitals, and nations.

To read the RTF report, http://securityandtechnology.org/ransomwaretaskforce/report

To learn more about the Ransomware Task Force, visit https://securityandtechnology.org/ransomwaretaskforce/

About The Institute for Security and Technology

The Institute for Security and Technology designs and advances solutions to the world’s toughest emerging security threats. We are a nonpartisan, nonprofit network based in the San Francisco Bay Area dedicated to advancing solutions to critical national security challenges. For more information, visit securityandtechnology.org.

The post Ransomware Task Force of 60+ Members From Industry, Government, Law Enforcement, Civil Society, and International Organizations Publishes Comprehensive Framework to Combat Ransomware appeared first on Cybersecurity Insiders.


April 30, 2021 at 09:08PM

Nitro Ransomware asks for Gift Cards as ransom

Nitro Ransomware, a new variant of file encrypting malware is shaking up the internet by demanding Discord Nitro Gift Cards from victims instead of cryptocurrency. Researchers from MalwareHunterTeam have discovered this activity and discovered that the distributors of this malware are giving only 3 hours to buy the gift card after which the stolen data will leaked to the internet.

Discord is an online messaging platform that also allows VOIP calls and is also designed to share media- similar to that of WhatsApp. The platform allows users to purchase a premium subscription for $9.99 that allows its subscribers to upload files that are large and also offers to its users better emoji option along with HD Video streaming that is free of advertisements.

It is still unknown why the threat actors are stressing on Discord Nitro gift cards. But as soon as the victim enters the purchased gift card code, their data is being unlocked.

Analysts say that the decryption key can be extracted from the executable itself and there is no need to pay the $9.99.

Note- All these days we have seen hackers stealing data and then encrypting the database to involve in double extortion schemes later. But with Nitro Ransomware the situation seems to be different. In this malware attack, hackers indulge in data stealing and encryption as usual. But they ask for gift cards instead of Bitcoins or Monero in return of the decryption key.

The post Nitro Ransomware asks for Gift Cards as ransom appeared first on Cybersecurity Insiders.


April 30, 2021 at 08:51PM

How to Mitigate DDoS Attacks with Log Analytics

Thomas Hazel

 

Is your organization prepared to mitigate Distributed Denial of Service (DDoS) attacks against mission-critical cloud-based applications?

A DDoS attack is a cyber attack that uses bots to flood the targeted server or application with junk traffic, exhausting its resources and disrupting service for real human users. DDoS attacks are on the rise, with over 4.83 million attacks reported in the first half of 2020 – an increase of more than 250% compared to the same period in 2019. Data from Kaspersky Lab found that the average cost of responding to a DDoS attack was over $2 million for enterprises and $120,000 for SMBs.

Mitigating against DDoS attacks in cloud-based environments can be a challenge, but current technologies make it possible for organizations to efficiently monitor their entire networks, analyze security logs at scale, and rapidly detect and respond to DDoS attacks before they impact user experience.

In this week’s blog post, we’ll take a deeper look at the recent growth in DDoS attacks and the threat they could pose for your organization.

We’ll also explain why early detection is the key to effectively mitigating DDoS attacks, and how you can combat DDoS attacks with security log analysis powered by Chaos Search.

What is a DDoS Attack?

A DDoS attack is a cyber attack whose goal is to disrupt the availability of a host, network, server, application, or website by overwhelming it with a large volume of traffic from many sources. DDoS attacks are among the most potent tools utilized by cyber criminals, hacktivists, and other malicious actors to disrupt service availability and damage the operations of a target organization.

How Do DDoS Attacks Work?

A DDoS attack works by flooding a website, application, server, or network with junk traffic or excess data, exhausting its resources and creating slow-downs or service interruptions for human users.

DDoS attacks are often executed using botnets – global networks of Internet-connected, malware-infected devices controlled by hackers. Cyber criminals distribute malware or engage in security hacking to gain remote access and control of private computers and networks, then install bots that can be remotely controlled and configured to carry out cyber attacks at scale, including email spamming, identify theft, targeted intrusions, and DDoS attacks.

DDoS Attack Types

Source: Testbytes

Cyber criminals have discovered more than 20 distinct methodologies for launching DDoS attacks with the goal of overwhelming a target server or network. We won’t detail every single method here, but our readers should at least be aware of the three main types of DDoS attacks they’re likely to encounter: volume-basedprotocol, and application layer attacks.

Volume-based attacks are the most common type of DDoS attack. A volume-based attack uses a globally distributed botnet to flood the target website or server with a high volume of requests. As more of these requests are received and answered, the website’s available bandwidth is exhausted and legitimate traffic is either interrupted or significantly slowed.

Protocol attacks are also known as TCP state-exhaustion attacks because they frequently target the stateful traffic inspection services of publicly-exposed devices, including servers, edge load balancers, firewalls, and intrusion detection or prevention systems.

Stateful devices use tables with limited memory to collect and store information about active connections, including IP addresses, ports, and time stamps. By transmitting slow or incomplete pings, or partial packets to the target device, hackers can manipulate or break traffic inspection services, exhausting the available  network resources, and preventing real users from connecting to the network.

Application layer attacks try to disrupt specific features of a website or application by transmitting a high volume of HTTP requests, usually from multiple sources. These requests may strongly resemble genuine user traffic, making application layer attacks potentially more difficult to identify and mitigate.

5 DDoS Attack Risks

DDoS attacks are a substantial business risk, especially for organizations who lack the capabilities to detect and mitigate attacks on cloud-based infrastructure. Some of the major consequences include:

  1. Unplanned service downtime – A DDoS attack may result in unplanned service outages, creating an emergency situation for your IT security and operations teams.
  2. Loss of revenue – Unplanned service downtime often results in loss of revenue, especially for organizations who monetize through eCommerce or digital advertisement.
  3. Poor customer experience – A DDoS attack that negatively impacts service availability results in a poor customer experience.
  4. Security breaches – A successful DDoS attack that overwhelms resources on your network may expose security vulnerabilities, resulting in an escalated attack or data breach that becomes more time-consuming and costly to remedy.
  5. Damaged brand reputation – A highly-publicized DDoS attack could damage your brand’s reputation, especially if you fail to mitigate effectively while protecting consumer data.

Early Detection: The Key to Quickly Mitigating DDoS Attacks

Effective mitigation of DDoS attacks depends on the organization’s ability to detect suspicious network activity as it happens, identify the suspicious activity as a possible DDoS attack, and respond with appropriate countermeasures that preserve the functioning of applications and services.

Early detection is a critical success factor in mitigating a DDoS attack. So organizations are increasingly reliant on security log analysis to support the rapid identification of DDoS attacks – particularly in cloud computing environments of growing complexity.

Security log analysis is a set of capabilities for capturing application and event data from across the network, then analyzing the data at scale to detect the warning signals of a DDoS attack before critical systems are disrupted.

Let’s take a closer look at how DevOps engineering and IT security teams can use log analysis to mitigate DDoS attacks.

DDoS Mitigation Methods

How to Mitigate DDoS Attacks with Security Log Analytics

Centralize & Aggregate Log Data

Early symptoms of a DDoS attack-in-progress can include your server returning a 503 “Service Unavailable” error or an unexpected spike in network traffic. Detecting these early warning signs and responding appropriately requires a high level of visibility into activity on the network.

To gain this visibility, IT organizations depend on software solutions with log aggregation capabilities.

Log aggregator software captures machine and event data from throughout cloud-based environments, then centralizes the data in a single platform that supports real-time analysis and the detection of anomalous traffic patterns.

Understand Typical Network Traffic Patterns

To achieve early detection of DDoS attacks, DevOps teams should develop a baseline understanding of traffic patterns on the network.

Engineers establish a baseline expectation for network performance by leveraging software-based tools that monitor network traffic, capturing data on network utilization, traffic components and sources, key server information, average packet length and packet sizes, plus more.

Engineers can also measure traffic patterns for a given application via the total number of DNS queries, DNS replies, HTTP requests received, or HTTP connections established on a per-hour basis.

The process of network baselining sets expectations for how websites, applications, and other components on the network behave during normal operation, allowing for the detection of anomalies that could indicate a DDoS attack.

Configure Monitoring, Alerts, and Automated Responses

Once an IT organization has implemented log aggregation and established a network baseline, the next step is to configure security monitoring, alerting, and automated responses to rapidly detect abnormal network activity.

Network security monitoring involves the detection of potential security threats through the analysis of centralized log files from across the IT environment. Alerting is a feature of virtually all cloud-based security tools that allows IT security teams to be rapidly notified of anomalous network events as they are detected.

IT organizations may also choose to configure automated responses to certain types of events, ensuring an immediate reaction to suspicious network activity. Automated responses can be programmed to instantly detect anomalous traffic, redirect malicious traffic to prevent service outages, escalate mitigation protocols according to a defined strategy, and more.

Establish a DDoS Rapid Response Protocol

While automated responses can work to isolate and counteract a DDoS attack in the cloud, rapid intervention by IT security is necessary to assess the true nature of the attack and fully implement countermeasures to avoid network/application downtime and secure organizational data.

A rapid response protocol for DDoS attacks may allow IT SecOps to implement network modifications or traffic control to limit the scale of the attack. Other techniques like bandwidth prioritization, traffic-scrubbing, or sinkholing may also be implemented to avoid the negative impacts of a DDoS attack.

Once a DDoS attack has been effectively mitigated, security teams can verify that the network has returned to baseline before re-launching any suspended services and initiating a rollback of any mitigation measures that were implemented.

Use Logs to Discover and Eliminate Vulnerabilities

Beyond enabling early threat detection, security log analysis allows IT security teams to identify systems that were impacted by the DDoS attack, isolate possible attack vectors, and eliminate any security vulnerabilities that may have been exploited during the attack.

Centralized logging is critical to detection, mitigation, and effective post mortem analysis of the organization’s response to a DDOS attack, as well as underpinning a needs-analysis for additional safeguards, countermeasures, or updates to the overall DDoS response strategy.

Rapidly Detect DDoS Attacks with ChaosSearch

The ChaosSearch data platform is changing how organizations harness the power of centralized logging to create a security data lake to fight DDoS attacks in the cloud and more, and there’s no better example than a recent case study with HubSpot.

Prior to adopting ChaosSearch, HubSpot relied on the Cloudflare Content Delivery Network (CDN) for DDoS defense and ran its own ELK cluster to analyze Cloudflare log data for over 78,000 customers.

As the company grew its operations, IT leaders at HubSpot were continuously challenged to keep the ELK stack working, even while ingesting more than 10 TB of data each day. This left HubSpot with a difficult choice: continuously allocating more compute resources to the ELK stack at significant cost, or keep shortening data retention cycles, a process which negatively impacts data utility.

Eventually, HubSpot dropped its ELK cluster entirely.

With ChaosSearch, HubSpot can aggregate its security logs from Cloudflare and other sources directly into Amazon S3 buckets, creating a security data lake, while benefiting from the cost-effective scalability of data storage.

Analyzing security log data directly in S3, HubSpot reduced overall time-to-insights and lowered costly data egress fees. Using ChaosSearch’s proprietary system for highly-compressed data formatting, HubSpot can utilize more of its security log data without having to shorten data retention cycles.

DDoS attacks come in a variety of forms and can result in unplanned downtime, lost revenue, and security incidents that damage your brand and negatively impact customer experiences.

The key to effectively mitigating DDoS attacks is early identification, facilitated by log analytics software solutions with features like network security monitoring, customizable alerts, and advanced threat detection. These capabilities accelerate the process of detecting and responding to DDoS attacks in the cloud.

When IT SecOps teams can rapidly detect anomalous network activity, they can utilize automated responses and follow rapid response protocols to prevent service interruptions, defuse the incoming DDoS attack, and secure the cloud environment.

The post How to Mitigate DDoS Attacks with Log Analytics appeared first on Cybersecurity Insiders.


April 30, 2021 at 08:20PM

Hacker steals funds from customer bank accounts through Brute Force Attacks

First Horizon Bank of United States witnessed a cyber attack on a few of its customers resulting in fund loss of $1 million in total. The banking firm reported the same in the Securities and Exchange Commission (SEC) filing and stated that the attack could have taken place after the hacker/s stole customer credentials.

Highly placed sources say that the attack could have taken place last month when the threat actor stole customer details from the banking servers through a vulnerability lying inside accounts software and then launched a brute force attack.

Over 200 customer account details were reportedly stolen in the cyber attack and that includes personal details of customers.

First Horizon, aka First Tennessee Bank stated it has discovered the flaw in the software and fixed it to prevent any further damage to the company’s reputation and customer trust. It also added in its press update that the operations of the company will not damage or the financial condition of the firm will never get impacted as the bank earns more than $500 million profits per annum.

The bank has launched a detailed inquiry and the culprits behind the attack are likely to be nabbed shortly.

First Horizon says that it will train its employees on the lurking threats in the current cyber landscape and will also help them in recognizing phishing and fake websites.

Threat monitoring solutions related to the network and software meant for application security have been re-deployed to protect the banking assets from such attacks in near future.

The post Hacker steals funds from customer bank accounts through Brute Force Attacks appeared first on Cybersecurity Insiders.


April 30, 2021 at 11:19AM

Emotet malware steals 4.3 million email addresses

Emotet Botnet that establishes a backdoor on Windows systems has reportedly stolen 4 million email addresses over the past couple of years said Troy Hunt, the Regional Director of Microsoft and the founder of data breach disclosure digital firm HaveIBeenPwned.

All those compromised emails have been registered at the website of Mr. Troy and those concerned can check if their email addresses have been compromised by the threat actors of Emotet Botnet gang.

In fact, early April this year, FBI contacted Mr. Hunt on whether they can use the content backing HaveIbeenPwned to check the depth of the data trove and reported that the Microsoft’s senior executive was happy to help.

FBI stated in a media update that the gathered email addresses were sourced by Emotet gang in two ways- by sending spam emails to online users and trapping them and by harvesting credentials of such users from their web browsers, respectively.

The law enforcement agency of America is urging its users to change their email password, and any authentication related security question if they want to keep their email accounts secured from Emotet gang’s malicious intentions.

Using a strong unique password that is a mixture of alpha-numeric characters tucked with 1-2 special characters and taking help of 2-factor authentication will definitely help in curbing such digital menace.

Note- In January this year, FBI, Canadian and European police conducted Emotet botnet takedown.

The post Emotet malware steals 4.3 million email addresses appeared first on Cybersecurity Insiders.


April 30, 2021 at 11:17AM

Thursday, April 29, 2021

The 5 most crucial Cybersecurity updates for businesses in 2021

This blog was written by an independent guest blogger.
For as long as businesses have used computers, cybersecurity has been crucial. Now, as modern business and data are becoming inseparable, it’s an absolute necessity. As companies start to recover from 2020 losses, they should consider investing in security updates.
Cybercrime reached new heights in the past year, with internet crime reports rising 69.4% and costing more than $4.2 billion. Now that more companies are embracing digital services after the pandemic, this trend will likely continue. All businesses, regardless of size or industry, must revisit their cybersecurity.
Here are the five most important cybersecurity updates for this year.
1. Implementing a Zero-Trust framework
The single most crucial cybersecurity upgrade for businesses this year is adopting a zero-trust security framework. These systems, which rely on network segmentation and thorough user verification, aren’t new but are increasingly crucial. In light of rising cyberthreats,…

Devin Partida Posted by:

Devin Partida

Read full post

     

The post The 5 most crucial Cybersecurity updates for businesses in 2021 appeared first on Cybersecurity Insiders.


April 30, 2021 at 09:11AM

National health passes: Short-term fix or long-term legacy?

This article originally appeared in a global white paper examining the issues around vaccination certificates and immunity passports, and released by Reconnaissance International during the Digital Documents Security virtual event.

As vaccination programmes gather momentum, attention is turning towards restoring individual freedoms and reviving economies. In realising these ambitions, so-called health passes (aka vaccine passports or certificates) are seen by many governments as a potentially powerful asset. To date, much of the focus has been on enabling international travel. Inevitably, establishing the global standards necessary for success here will take time. However, schemes that provide citizens with trusted proof of their vaccinated status, quarantine compliance, and the results of PCR (polymerase chain reaction) or antibody tests, can play a valuable role within national boundaries. While governments await international harmonisation, health passes deployed at the domestic level offer a means of reopening – or keeping open – a wide array of businesses, venues and events, without putting public health at undue risk. And the good news for governments is that successful rollout is more straightforward than it might initially appear.

Certainly, there are significant challenges. To make a worthwhile impact, deployment needs to be swift. At the same time, schemes must provide absolute trust in the authenticity of any information shared by the pass holder. Verifying documentation needs to be quick and easy, and accessible to a wide range of businesses and organisations.  As with any personal medical data, maintaining privacy and security is paramount.

Leveraging the near ubiquity of the smartphone is an obvious response. But when it comes to developing apps to support Covid-related programmes, the record of governments to date has been mixed. In several cases, purpose-designed apps have fallen short of expectations in terms of protecting privacy and securing trust. To be fair and effective, any solution must also recognise that not everyone carries a smartphone. What’s more, some who do are unwilling to share personal data via a mobile device.

In fact, there’s no need to reinvent the wheel. All the necessary bricks are already supporting the latest generation of digital identity programmes. Thales is at the forefront of many of these initiatives, embracing not only smartphone-enabled solutions, but also the secure paper-based methodologies that are essential for any truly inclusive deployment.

Health passes, just like digital identity programmes, will invariably require a chain of trust to be built between issuing authorities, digital identity holders and the organisations that verify these credentials. For the mobile channel, a Digital Identity Wallet should stand at the heart of the ecosystem, providing a secure, fully interoperable and standards-based environment for encrypted credentials within the holder’s smartphone. Ideally suited to the demands of health passes, in contrast to a standalone app, it delivers an extra layer of protection for the information contained within it. A virtual wallet also ensures that credentials are inextricably linked to the holder’s identity.

To be universally accepted, health passes must provide reassurance they have been issued by the legitimate authority and presented by the genuine holder. Thales’ own Digital Identity Wallet, for example, is supported by a secure and interoperable platform, and incorporates the modularity necessary to extend to forthcoming standardised international health passports. Beyond that, it will also facilitate broader digital transformation initiatives. Crucially, the wallet can interface securely with a broad array of different health systems, guaranteeing the aforementioned chain of trust and secure issue of a digitalised version of the health pass, proof of vaccination and/or test results to the authenticated individual’s Digital ID Wallet. It also enables lifecycle management of these digital documents. In the current context, this is particularly significant. Understanding of the virus, and the on-going efficacy of vaccines, is evolving continuously; to maintain trust, passes must remain current.

Health passes will be checked by a wide array of stakeholders. A fast, accessible and intuitive verification process is therefore crucial to maximising adoption and compliance. It will also be essential for avoiding delays, particularly at mass spectator events. Once again, to ensure relevance, scheme rules will need to be updated over-the-air.

Thales’ proposal is built on standards defined by international standardisation bodies including ISO – International Organisation for Standardisation – and ICAO – International Civil Aviation Organisation. Thales’ certified mobile security technologies ensure that all the relevant vaccination, test, antibody or quarantine data is securely processed and stored. Whenever proof of this information is needed, users simply authenticate to open their mobile wallet, select the information they want to share, and generate a QR code to invite third party verifiers to engage with the wallet using ISO 18013-5 compliant mechanisms. Once consent is given, data is shared via Bluetooth Low Energy, Wi-Fi Aware or NFC. To optimise privacy, only the information required needs to be shared by the holder.

For citizens unable or unwilling to use a smartphone, QR codes can be distributed via a PDF as an ICAO Visible Digital Seal. Trust is ensured by embedding ID document information within the code. Verification is performed in exactly the same way as the mobile version, with the citizen presenting a physical document such as a passport or ID card to prove they are the genuine holder of the printed code.

As well as addressing all the technical considerations, governments also need to undertake a rigorous cost-benefit analysis. Will the returns on a domestic health pass justify the investment? In contrast to a proprietary app, developed exclusively to support a vaccination programme, a Digital ID Wallet is a truly future-proof solution. Above and beyond the requirements of the health pass, it provides a standards-based platform for on-going digitisation programmes, including any future, internationally harmonised vaccine passport. In addition to reigniting economic growth, and offering welcome relief to lockdown-weary citizens, health passes therefore represent a unique opportunity for governments to create a positive legacy that prevails long after the immediate challenges of the pandemic have passed.

Interested and want to learn more? Leave a comment below and follow us on Twitter at @ThalesDigiSec!

The post National health passes: Short-term fix or long-term legacy? appeared first on Cybersecurity Insiders.


April 30, 2021 at 09:10AM

BIGtoken to Host Webinar on Thursday, May 6, 2021 to Discuss New Opportunities for Ad Tech in a World Without Third-Party Cookies

LOS ANGELES–(BUSINESS WIRE)–BIGtoken® Inc., the first privacy focused, opt-in data marketplace where people own and monetize their data, will host a webinar on Thursday, May 6, 2021 to discuss the impact of ad tech and media in a post-third-party-cookie world.

At the turning of the tide, you can sink or swim. When privacy regulations forced advertisers to change their ethics and technology, the industry needed a new strategy to stay afloat. Luckily, some saw possibilities where privacy laws could impact publishers and brands in a positive way. So, what are those possibilities? With Google’s removal of third-party cookies, Chrome’s Privacy Sandbox, and Apple’s opt-in for Identifiers for Advertisers (IDFA), how can brands work to understand their consumers better? As ad tech evolves, how can brands reach their target audiences while abiding by privacy standards and without spending a fortune?

Join hosts BIGtoken Co-Founder and CRO George Stella and Gilbert Hill and experts Jessica Simpson and Nick Potvin on May 6 for a discussion on the impact of ad tech and media in a post-third-party-cookie world.

Who: George Stella, Gilbert Hill, Nick Potvin, Jessica Simpson

When: May 6, 2021 at 1:00 p.m. ET / 10:00 a.m. PT

What: Turning of the Tide for Ad Tech

  • New changes in ad technology, including new advertising identifiers, and how it impacts publishers and brands
  • Opportunities for the advertising industry to grow in a privacy regulated environment
  • Optimizing marketing budgets while abiding by new privacy standards

Where: Sign up for the webinar via Zoom HERE!

Jessica Simpson

Jess Simpson leads Publicis Media’s Verified and Identity Consulting and Solutions teams, where she works across all regions, agencies and solutions to bring identity strategy and capabilities to Publicis Groupe’s media clients in a privacy-first context.

Nick Potvin

Nick serves in a dual report role at PGA TOUR between Revenue Operations and Legal. Prior to his current role, he worked in UX for the healthcare industry, agency side as a producer, and performed campaign management in the ad tech space. Nick has a Master’s degree in Digital Media Management from Northeastern University and is currently pursuing a Master’s of Science in Cybersecurity Law from the University of Maryland. He has also earned the Certified Information Privacy Technologist (CIPT) distinction from the International Association of Privacy Professionals (IAPP).

About BIGtoken

BIGtoken® believes that data privacy is a human right. BIGtoken is the first privacy focused, opt-in data marketplace where people own and monetize their data. Through a transparent platform and consumer reward system, BIG offers users choice, transparency, and compensation for their anonymized data. Participating consumers earn rewards and advertisers and media companies get access to insights from compliant first-party data for marketing and media activation. For more information on BIGtoken, visit bigtoken.com.

Cautionary Statement Regarding Forward-Looking Information:

This news release contains “forward-looking statements” made pursuant to the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995. Such forward-looking statements relate to future, not past, events and may often be identified by words such as “expect,” “anticipate,” “intend,” “plan,” “believe,” “seek” or “will.” Forward-looking statements by their nature address matters that are, to different degrees, uncertain. Specific risks and uncertainties that could cause our actual results to differ materially from those expressed in our forward-looking statements include risks inherent in our business, and our need for future capital. Actual results may differ materially from the results anticipated in these forward-looking statements. Additional information on potential factors that could affect our results and other risks and uncertainties are detailed from time to time in BIGtoken’s periodic reports filed with the Securities and Exchange Commission (SEC). We do not assume any obligation to update any forward-looking statements.

The post BIGtoken to Host Webinar on Thursday, May 6, 2021 to Discuss New Opportunities for Ad Tech in a World Without Third-Party Cookies appeared first on Cybersecurity Insiders.


April 30, 2021 at 09:08AM

Datto CISO Ryan Weeks Contributes to Ransomware Task Force's Comprehensive Framework to Combat Ransomware

NORWALK, Conn.–(BUSINESS WIRE)–Datto Holding Corp. (“Datto”) (NYSE:MSP), the leading global provider of cloud-based software and security solutions purpose-built for delivery by managed service providers (MSPs), today announced its collaboration on the Ransomware Task Force’s (RTF) “Combating Ransomware: A Comprehensive Framework for Action” report. Datto CISO Ryan Weeks is a core member of the RTF, a broad coalition of more than 60 experts in industry, government, law enforcement, and international organizations coming together in the fight against ransomware.

The RTF, formed in January by the Institute for Security and Technology (IST), recognizes that ransomware attacks present an urgent national security risk around the world. According to Datto’s Global State of the Channel Ransomware Report, while threat actors do not discriminate, 95% of MSPs state that their own businesses are increasingly being targeted and 78% of MSPs reported attacks against small and mid-sized businesses (SMB) in the last two years. Any recommended solutions must therefore apply both internationally and to a wide array of affected sectors, including MSPs and SMBs. The varied expertise of the members allowed for multifaceted solutions and a full, comprehensive strategy to stem the ransomware tide.

The recommended RTF framework consists of four goals:

  • deter ransomware attacks through a nationally and internationally coordinated, prioritized, and resourced comprehensive strategy;
  • disrupt the ransomware business model and decrease criminal profits;
  • help organizations better prepare for ransomware attacks; and
  • respond to ransomware attacks more effectively.

The 48 recommended actions provide guidance for addressing some of the root causes of the ransomware epidemic, including the low barrier to entry for intelligent cyber criminals, the difficulty of tracing cryptocurrencies, and lack of law enforcement resources. This has created an environment of safe havens for threat actors.

Effects on the MSP Community

The RTF finds that MSPs do not commonly provide extensive security coverage or ransomware mitigation, but doing so would create a widespread positive impact for SMBs.

To further this effort, baseline requirements for MSPs include:

  • Adherence with a cyber-hygiene program (for example, CIS Controls Implementation Group 1 and the NIST Cybersecurity Framework)
  • Financial funding and support to help MSPs develop cyber resilience capabilities
  • Stricter disclosures of the occurrence of ransomware incidents for increased transparency
  • Formation of an MSP-ISAC, an information sharing and analysis center specific to the unique needs of the MSP industry

“The release of these findings is an important step both in the U.S. and globally in instituting the proper frameworks, enforcement, and funding to make a difference,” said Ryan Weeks, CISO at Datto. “MSPs continue to be on the frontlines of a cyberwar but need more support, and this report elevates this concern. The time for concerted, coordinated action is now. Datto is proud to have played a part in this groundbreaking coalition, and looks forward to the day when the threat of ransomware no longer looms over the heads of citizens, students, teachers, businesses, hospitals, and nations.”

To read the RTF report, visit http://securityandtechnology.org/ransomwaretaskforce/report

To learn more about how Datto builds cyber resilience, visit https://www.datto.com/cyber-resilience

About Datto

As the world’s leading provider of cloud-based software and security solutions purpose-built for delivery by managed service providers (MSPs), Datto believes there is no limit to what small and medium businesses (SMBs) can achieve with the right technology. Datto’s proven Unified Continuity, Networking, and Business Management solutions drive cyber resilience, efficiency, and growth for MSPs. Delivered via an integrated platform, Datto’s solutions help its global ecosystem of MSP partners serve over one million businesses around the world. From proactive dynamic detection and prevention to fast, flexible recovery from cyber incidents, Datto’s solutions defend against costly downtime and data loss in servers, virtual machines, cloud applications, or anywhere data resides. Since its founding in 2007, Datto has won numerous awards for its product excellence, superior technical support, rapid growth, and for fostering an outstanding workplace. With headquarters in Norwalk, Connecticut, Datto has global offices in Australia, Canada, China, Denmark, Germany, Israel, the Netherlands, Singapore, and the United Kingdom.

MSP-C

The post Datto CISO Ryan Weeks Contributes to Ransomware Task Force's Comprehensive Framework to Combat Ransomware appeared first on Cybersecurity Insiders.


April 30, 2021 at 09:08AM