Thanksgiving and Black Friday were marred with several Cyber Bots related trade controversies

Have you bought a gift for this thanksgiving or black Friday at an exuberant price that you never expected? Then you could have fallen prey to a cyber attack propelled by Cyber Bots.

Want to know more about this scam? Then just go through the article further to enlighten your mind.

Many online scammers were seen targeting online websites with Cyber Bots that used to buy the goods at discounted prices and sell them at an exuberant price on platforms such as eBay and such.

And if the demand doesn’t meet the supply, people desperate not to disappoint their children were forced to buy those products listed on Ebay, ending up in paying almost double the price that could have been bagged for a 50% discounted price on shopping platforms like Amazon, Target and such.

It is usually a kind of trade scam where some mean guys launch BOT attacks on the shopping websites to grab the best out of a deal for a specific product. And as the product is scarce, some desperate people then see the listed section on eBay that is filled with the products of their choice at exuberant rates. Sometimes the price hike can be triple the actual price brought from a usual shopping platform such as Amazon.

What’s crazy about this trading scam is that the software that assists a buyer in bagging the best deal is openly available on the dark web for as low as $10.

So, some families, mostly from America and a small portion from UK, were seen buying the software and then shopping for their items, such as lego sets and video games, without the fear that the stocks might get exhausted and pay up more.

Therefore, it is better if shoppers are vigilant about such scams and evade shopping on busy days. Instead, they can opt for nonseasonal days such as May and February, where the product availability will be in equilibrium with the demand, giving an excellent value for the investment.

The post Thanksgiving and Black Friday were marred with several Cyber Bots related trade controversies appeared first on Cybersecurity Insiders.

December 01, 2021 at 10:35AM

Read More

China setting up data traps says UK

UK’s top intelligence agency MI6 has made an astonishing revelation yesterday, saying that the Chinese intelligence has set up data and dept traps to conquer the entire world by conducting espionage and indulging in extortion tactics later.

Richard Moore, the MI6 boss, asserted the statement by stating that Chinese government was providing secret funding to back up financially weak nations in order to keep them in loop of conducting a large scale espionage and cyber attacks.

Speaking the same in an interview on Radio 4, Mr. Moore said that the Xi Jinping led nation was conducting espionage through its home-made products like CCTV equipment, smart phones, IoT devices that are being used on a global note.

Divulging more about the debt traps set up by China, MI6 Chief stated Beijing was pressurizing Uganda into surrendering its port, if it fails to pay a $200 million loan given sometime back.

Moore reiterated the fact that Russia and China are two powerful nations that are trying to influence and dominate West by conducting spying and releasing loans to developing nations of Africa, Asia and Middle East.

Use of Artificial Intelligence technology is also adding advantage to their capabilities as it is allowing them to harvest data from billions of devices operating across the west.

Does that mean buying a Chinese product is not a safe decision any more…?

“It is hard to estimate their tech prowess over the world and can increment as a serious threat to global stability,” said Richard Moore.

Note- MI6 is a century old UK’s Secret Intelligence Service tasked with data collection and other covert operations meant to protect Britain’s National Security.

The post China setting up data traps says UK appeared first on Cybersecurity Insiders.

December 01, 2021 at 10:32AM

Read More

The Importance of Security Control Baselines

For cybersecurity professionals, baseline management is vital because any asset not properly configured can become a security vulnerability. Baselines are fundamental to managing projects of all types and this is especially important in cybersecurity, where everything is a race against time and against very guileful opponents. Although baseline management seems like time-consuming “record keeping,” it is in fact the only way to know where you are, how your assets are operating, what has changed, and what needs to be changed. Not only does this help ensure the safety and security of the assets under your watch, it also helps with compliance.

Baseline Configuration Management requires automated tools to help avoid missteps and oversights. The depth and frequency of baselining becomes a strategic decision that requires the input from cybersecurity and IT, as well as management, and is a vital component of the health of an organization. This is where specialized experts including Certified Authorization Professionals (CAP) play a key role. CAPs can be the vital bridge between technicians, executives, regulators, and others involved in the Security process.

Learn more in our article.

The post The Importance of Security Control Baselines appeared first on Cybersecurity Insiders.

December 01, 2021 at 09:10AM

Read More

Defense Cybersecurity: The Easy Doors for Adversaries are Closed, so How are They Still Getting In?

By Samuel Hutton, SVP North America, Glasswall

In the calm after the massive SolarWinds breach in 2020 that impacted the U.S. Treasury, Commerce, State, Energy, and Homeland Security departments, government agencies and the presidential administration were forced to rapidly evaluate what exactly went wrong — and how to right the sails. Perhaps most shocking, the nation-state hackers who were able to infiltrate defense organizations through the technology vendor by a tried and true method: password guessing.

SolarWinds Prompts Legislation

While SolarWinds stated that nation-state attackers were able to insert malware into two product updates in the spring of 2020, they likely already had access to the company’s software development system as far back as fall 2019, via stolen credentials from a Microsoft Office 365 account.

Once President Biden came into office in early 2021, work on an extensive cybersecurity executive order began. The Executive Order on Improving the Nation’s Cybersecurity aimed to shut the open doors that once allowed digital adversaries to seemingly waltz into government networks. One of the top priorities centered around  improving information sharing between the public and private sectors to decrease the chances of another devastating third-party breach.

Executive Order Lays Out Key Technologies

In addition, to prevent credential theft, successful phishing attempts and nation-state espionage, which represent some of the most common threats to government entities, the order suggests vast improvement and modernization of defense agencies’ cybersecurity technology. Section 3 of the order, in fact, states that the federal government will adopt the following initiatives, which the private sector is heavily encouraged to mirror:  Zero trust architecture, secure cloud services (SaaS, IaaS, PaaS), increased threat visibility, analytics-driven cybersecurity risk analysis, multi-factor authentication across all accounts, encryption of all data and increased investments in both tech and personnel.

Are the SolarWinds Hackers Back?

Alarmingly, in late October, reports surfaced from Microsoft, one of the organizations hit by the SolarWinds attack, that the Russian nation-state group behind the major breach is back and targeting IT supply chain organizations. As of initial reports on Oct. 25, 2021, 140 organizations had been targeted with 14 compromised.  The group, known as Nobelium, is not leveraging a known vulnerability this time around but rather utilizing the classic methods of password spraying and credential stuffing, phishing attacks, API compromise and token theft to obtain legitimate user credentials. Luckily, a lot of the advice provided by the executive order addresses these attack methods, thus putting defense organizations a step ahead — but there is still more to be done.

But What About File-based Content?

The detailed proposals from the Biden administration aim to prevent digital adversaries from entering government networks and minimize the dwell time if they do somehow break through, such as in the case of the original SolarWinds breach. While the steps above are an impressive start, there is one aspect missing: file sanitization and security.

In every industry, including defense, document-based content is the lifeblood of a business. Excel, Word files, Google docs, PDFs and more enable collaboration, productivity and overall business success. Therefore, many people do not even think twice about opening a file from a colleague or perceived trusted source.

As the last year especially has demonstrated, cyber is the newest battleground after land, air and sea. Insider threats are also a major aspect here, whether intentional or unintentional. An intentional insider threat could encompass a disgruntled employee that wants to harm a government agency or staff member looking to profit off of confidential information — which could potentially lead them to work with nation-state groups. Alternatively, there are unknowingly compromised employees whose systems were infiltrated by a bad actor. All of these insider instances are often tied to file-base content.

In fact, a few years back, a major government contractor’s network was compromised via foreign actors sending malware-laced resumes to its HR department, which the employees unwittingly opened, allowing for access and lateral movement across the network. It’s time these file-based threats are taken seriously by both the private and public sector, or cybercriminals will increasingly be running through these open doors.

Shutting the Door on the Adversaries

Reactive security tools simply will not cut it. Zero trust security, privileged access management, analytics-driven risk analysis and more are absolutely essential to have in a defense agency’s security stack, but scrubbing every file exchanged on a network will help close a major, remaining entrance point for bad actors.

Known as content disarm and reconstruction (CDR) solutions, these tools clean and rebuild files to match a “known good” manufacturer specification that automatically removes potential threats. This is a more proactive solution as CDR eliminates the threat by removing any places for malware to hide for prolonged periods of time. In comparison, reactive technologies often only catch the threats when it’s already too late.

If both the public and private sector act now to fortify their security infrastructure using guidance from the federal government and their own research and awareness of prominent threat vectors — they can increase their chances of preventing foreign actors from compromising their systems in the first place, let alone having time to dwell.

The post Defense Cybersecurity: The Easy Doors for Adversaries are Closed, so How are They Still Getting In? appeared first on Cybersecurity Insiders.

November 30, 2021 at 08:56PM

Read More

Queensland Ransomware and Malware on Finland Smart Phones

Queensland based energy company CS Energy has suffered a ransomware attack crippling the servers related to power generation across the network. And reports are in that the incident did not affect the electricity generation as its spread was only limited to administration based servers.

The IT staff at the Callide and Kogan Creek power stations are working hard to restore the operations and, to a certain extent, the situation seems to have improved since Monday this week.

Andrew Bills, the CEO of CS Energy, has confirmed the incident and stated that its incident response team has notified the government, as per the latest Australian projected Ransomware Action Plan.

Telstra is planning to acquire the energy market of Australia and has plans to purchase Stanwell Corporation, Cleanco, and CS Energy by the end of 2023.

Coming to the other news related to malware, sources reporting to Cybersecurity Insiders say that thousands of smart phones were bombarded with messages containing malicious links meant to spread FluBot malware.

Information is out that more than 10k smart phones were infected with FluBot that occurred after threat actors took control of a few of the message servers at the data center owned by Telia Finland.

National Cyber Security Centre has issued an alert to all mobile phone users urging them not to click on links sent by unknown SMS senders.

Now to those interested in how the message appears to brush up their knowledge, here’s a gist.

To all those using Android phones in Finland, never open a message that shows a voice mail awaiting a response from the user to open a link. As the link is leading to the malicious software downloads that thereafter lead to data steal, espionage, and data encryption.

And for those using Apple iPhones, users are being diverted to a website through an extortion message that is asking for personal information to free up their device from malware.

The post Queensland Ransomware and Malware on Finland Smart Phones appeared first on Cybersecurity Insiders.

November 30, 2021 at 08:42PM

Read More

Predict Cyber-attacks via digital twins

This blog was written by an independent guest blogger.

Several of the digital twin technologies out there have grown fast in only a few years.

Picture establishing a virtual model of IT infrastructure where one can identify loopholes, create attack scenarios, and prevent catastrophic attacks before the system is officially put in place.

Using digital twins, it's no longer a silly idea for organizations to follow. Let's get knowledge of Digital Twin technology and how it can help to assess the loopholes in your security posture.

What’s a digital twin?

A digital twin is a replica of a physical item, operation, or service in electronic form.

This technology reproduces operations to gather information and anticipate outcomes.

We can use digital twins for several purposes, such as:

• testing a design
• determining and monitoring development cycles
• assessing how an item or system would perform under various circumstances.

Cyber security and digital twins

The digital twin idea was first seen at the industrial level. Many businesses find digital twinning helpful for their assets, processes, and, lately, cyber security network.

As many businesses transfer their resources to the cloud and the Internet of Things (IoT) becomes more prevalent, threat actors are increasingly interested in exploiting unprotected devices, networks, etc.

Because cyber attackers are growing increasingly sophisticated, just guarding networks and responding to actual attacks is no longer enough, and companies must adopt better strategic and predictive methods.

Whereas only a few sectors have adopted digital twins to protect their virtual resources, many organizations raised their cyber security posture with more expediancy and efficiency to detect and counter future threats.

“For an efficient software update management system, a digital twin of the vehicle is almost a must.”

– Digital Twin for Maximum Cyber Security

According to Elsby, when industrial facilities and manufacturers incorporate the Industrial Internet of Things (IIoT) into their systems, cyber threats and security breaches via technologies become a threat. That is where twinning innovation comes into play to improve cyber security.

“Just as processes are simulated and data gathered to detect non-performance of assets, a simulated cyber-attack can also be detected by the digital twin.”

• the use of digital twins to deter cyber breaches in the chemical industry

Digital twins can help assess Cyber threats

Data breaches are expensive, from addressing security flaws and recovering information to rebuilding reputation and suffering financial consequences, as businesses that have experienced them understand.

When infiltration assessments happen in the twin simulation of a network, the digital twin technology helps prevent breaches by allowing for better and efficient solutions by providing information ahead of production use.

Think of digital twin as in honeypot, where we create a replica of our infrastructure and make attackers believe that the system they are breaching is real.  We can assess cyber threats using digital twins to give our network architecture an extra layer of security.

• With digital twins, you can identify infrastructure as it’s being developed, which will allow you to identify and minimize risk exposures. When any infrastructure modifications are needed, you can foresee and better control threats before installing the update.
• Digital twin complies with international regulations, allowing organizations to inventory any resource on the system and determine quantitative risk exposures, perhaps prior to  system implementation.
• Cyber-intelligent digital twins can construct attack graphs that forecast the intruder's most effective route. It may analyze step by step to predict how an attack will manifest itself if it happens.
• Essential data links with the company's procedures can be used to estimate the effect of threats. In the case of a breach, this will aid in picturing the harm inflicted at both the functionality and impact to operations layers.
• The data gathered in the previous two processes will help the organization decide what risks to tackle first. Prioritization of threats will aid in their effective management and steady reduction of threat intensity throughout all tiers.
• Businesses can use digital twins to track and assess security weaknesses or calculate the gap between existing and desired security standards. It can help determine the company's specific security objectives and prioritize cyber threats based on their influence on daily activities.
• The digital twin enables the monitoring, analysis, and testing of many use cases in a replicated scenario. It can leverage factual information to detect a risk prior to its manifests, avoiding any disruption or breach.
• Digital twin technology uses pen testing and other methods to evaluate and verify information in a virtual environment. Consequently, security staff may make more informed decisions before an infiltration effort turns into a cyber-attack.

Final thoughts

Power, manufacturing, governance, environmental cities, and the IT and OT industries benefit from digital twins. The dedication of management to comprehend and implement the necessity for a digital twin is necessary for it to be effective.

Effective deployment and management of digital twins could save millions for organizations in the foreseeable future. A digital twin is a mitigation strategy that can be significantly more affordable than a cyber incident.

The post Predict Cyber-attacks via digital twins appeared first on Cybersecurity Insiders.

November 30, 2021 at 09:12PM

Read More

Four Cybersecurity Tips Everyone Should Know Before Black Friday and Cyber Monday

According to a new report from Cybereason, 89% of global companies are concerned about repeat cyberattacks ahead of the holiday season, but, surprisingly, only two-thirds have a cyber response plan.

Concerns that attackers will strike over the holidays are valid, as cybersecurity researchers have observed a year-over-year uptick in cybercriminal activity on Black Friday through Cyber Monday. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have previously issued warnings that they’ve observed an “increase in highly impactful ransomware attacks occurring on holidays and weekends.”

Furthermore, the volume of ransomware attacks is up significantly. Unit 42, the Palo Alto Networks threat intelligence team, disclosed that ransomware attacks account for more than one-third of the cases the company responds to and it identifies new ransomware variants weekly.

Black Friday and Cyber Monday are a “free for all” for cybercriminals because everyone—consumers and businesses alike—is a target. Attackers are hoping to get lucky and obtain access to a treasure trove of sensitive data, such as passwords, credit cards or intellectual property, or wreak havoc on business during the biggest shopping weekend of the year.

Although attackers are more likely to target businesses during Black Friday/Cyber Monday weekend, capitalizing on people being away from the office or using the shopping frenzy as a smokescreen, consumers are access points into their employer.

With the biggest shopping weekend upon us, below are four things to know ahead of time.  

1. If the deal is too good to be true, it probably is – As a result of the global supply chain shortage, this year offers cyber attackers another human desire to exploit. Everyone wants their holiday gifts to arrive before the big day, but the reality is that many gifts won’t arrive on time. In addition to being mindful of unreal deals on this year’s hottest products, consumers should also be cautious of emails or ads that guarantee products will arrive ahead of the December holidays. These could be spamware, adware or phishing emails that infect your device or steal your data. If consumers have corporate files or email on their personal devices or they’re using company-owned devices to shop or check email, their employer is at risk. The U.S. Better Business Bureau’s full list of holiday scams to watch out for is available here.
2. Don’t click or give your information to untrusted vendors – Like any suspicious email that hits your inbox, hover over the links before clicking to ensure the URL is safe, being mindful of any spelling errors or mismatching URLs. For example, if you get an email from “Best Buy” about their Black Friday sale, but the link to the website is “www[.]buybest[.]co” – it’s probably not safe. Instead, manually navigate to the real website. When making a purchase or giving your personal information to a site, make sure there is a padlock symbol in the address bar indicating that the website is secure.
3. Change your passwords – If your password for personal and work accounts is the same or similar, now is a great time to change each password to something more robust (and different). While it might seem daunting to change all your passwords, password managers, such as LastPass or NordPass, make it easy to manage. When an organization is breached and passwords are stolen, attackers use or sell those credentials to break into other accounts with privileged access to sensitive data. When passwords are different, it makes it harder for cyber attackers to break in.  
4. Prep before leaving for the long U.S. Thanksgiving weekend – A devastating cyberattack has occurred during almost all major U.S. holiday weekends in 2021. Thanksgiving is no different. Before breaking for the extended holiday weekend, organizations should take several actions to ensure they’re ready in the event of a cyberattack. Read more on long weekend ransomware prep here.

 Have a great holiday season by ensuring you’re cyber safe before signing off and be on your guard with online shopping. 

The post Four Cybersecurity Tips Everyone Should Know Before Black Friday and Cyber Monday appeared first on Cybersecurity Insiders.

November 30, 2021 at 09:12PM

Read More

A Safe and Secure Way to Decommission

When it comes time to decommission data storage systems, there is much that must be planned and thoroughly carried out. It’s not just about the activity, it is also about due diligence, oversight, and proof. Data that appears to have been deleted is often still recoverable, and in many cases, people make mistakes, such as forgetting a second backup exists somewhere else, or forgetting to verify that a destruction has been successfully and completely deployed. Human errors like this are referred to as unintentional insider threats, since they lead to the potential of data theft, litigation, and penalties.

It is vital to follow a clear plan to ensure all decommissioning steps are taken, and this includes data stored off-site, such as in cloud backup/storage. Specialized experts including Certified Authorization Professionals (CAP) play a key role in ensuring the decommissioning and data destruction process is fully understood, is thoroughly carried out, and can be certified as complete.

Read our full article on this important topic.

The post A Safe and Secure Way to Decommission appeared first on Cybersecurity Insiders.

November 30, 2021 at 09:11PM

Read More

Data leak on Panasonic Corporation servers

Panasonic Corporation, known as Matsushita Electric Industrial LTD, previously has reported that it has become a victim of a sophisticated cyber attack in which some of the critical data might have compromised.

Source reporting to Cybersecurity Insiders said that a mis-configured file server belonging to the electronics giant was compromised in a cyber incident leading to data leak in between June 22nd to November 6th of this year.

Panasonic is yet to find out the extent of the data breach as its investigation is still underway, but has assured that it will keep its customers and valuable partners posted with the latest as soon as the probe gets concluded.

Meanwhile, a certain section of media belonging to news outlets NHK and Mainichi say that the breach stuck a file server in the first week of June and remained undetected until November first week. So, the hackers or any state funded hacking group could have easily stolen the information such as customer details, employee info, technical files and some R&D based data from the Japanese Multinational Conglomerate.

On Sunday, some print media sources said that the server could have been compromised by a malware that could have led to the data leak and transit of data to remote servers. But the electrical limited that also offers solutions for industrial needs did not acknowledge the incident as true and stated that the impact could be superficial as the core network remained pristine.

The post Data leak on Panasonic Corporation servers appeared first on Cybersecurity Insiders.

November 30, 2021 at 10:21AM

Read More

CISA issues Mobile Security Checklist and plans for Secure Email Service

All federal agencies and private sector organizations operating in United States are being urged to follow a checklist meant to protect mobile devices and was issued by the Cybersecurity and Infrastructure Security Agency (CISA).

Named as The Enterprise Mobility Management (EMM) the security guide offers steps for device management, app security, authentication, network security and ways to secure an enterprise related mobile devices from existing threats.

CISA also highlighted the fact that all the enterprise devices should update with the required patches and software updates that qualify for mobile device management standards.

Strong password implementation and 2FA, wherever applicable, is also necessary, says the federal agency that is also planning to offer a safe and secure email network supporting the Federal Civilian Executive Branch (FCEB).

To those uninitiated, DHS proposed a plan to execute an order that formalizes the use of a separate email network that is free from all kinds of phishing and email threats.

So, in October 2017, Homeland Security initiated a mandatory that requires Domain based Message Authentication, reporting and conformance standards complying with the Binding Operational Directive 18-01.

So, as per the proposed plan, the separate email service will have a three-way protection system supporting the general capabilities related to security.

However, the proposal is still at the drafting stage and might include any inputs given by veterans at any stage before its final implementation early next year.

The post CISA issues Mobile Security Checklist and plans for Secure Email Service appeared first on Cybersecurity Insiders.

November 30, 2021 at 10:19AM

Read More

Rookies Needed – Experience Required

Are Employer Demands Contributing to the Cybersecurity Skills Gap?

You’ve seen the job posting. It starts, “Looking for a cybersecurity specialist. Must have a master’s degree, certifications and 10 years of experience,” followed by, “This is an entry-level position with non-compensated job shadowing requirements.”

These unrealistic expectations are the obstacles many cybersecurity professionals face once they complete their studies and rigorous exams. It’s an unfair barrier to entry.

Clearly, hiring a person to work in any department in any organization is a risk. It costs money to locate, attract, assess, interview, hire, onboard and train someone, and it’s many months before that person’s true personality and capabilities emerge.

The challenges triple when it comes to hiring for cybersecurity positions. Not only are all of the above criteria required, the candidate is placed in a position of great risk with access to the company’s vital data and operations. What’s more, the cybersecurity industry is in constant motion. While hiring an accounting grad to work in finance requires applying learned skills to established processes, the process keeps shifting in cybersecurity as the threats change and become more sophisticated.

Are employer demands contributing to the skills shortage that continues to challenge the cybersecurity industry? The (ISC)² white paper, Cloud Adoption and the Skills Shortage, looks specifically at how the lack of qualified people is one of the largest impediments to cloud adoption. For an inside look, the report includes feedback from Certified Cloud Security Professionals (CCSPs) on what the industry looks like from their perspectives. The following are key pre- and post-hire takeaways for organizations seeking to build stronger cybersecurity teams.

Be specific. Use detailed, precise job descriptions rather than general phrases like “requires a broad level of skills.” Accuracy will help narrow the field of candidates, which is good for both sides: fewer resumes and interviews to wade through for employers and more opportunity to craft targeted pitches for applicants.

Keep in mind, there’s a big difference between the candidate looking to “fill a position” and one who comes to the company with an understanding of the cybersecurity industry and the specific challenges your individual company faces. Due diligence on the part of the applicant goes a long way toward compensating for the lack of experience that frequently plagues young professionals.

Be human. One of the greatest challenges qualified candidates face in the application process is when their resumes are processed by software that screens for specific keywords and other parameters. Sometimes the screening is done by a third-party organization rather than the company that’s hiring. Although it’s touted as an efficient way to eliminate 80 percent of applicants who may be unqualified, an excessive reliance on keyword-based scanning could disqualify some of the best candidates. The hiring process needs to be less automated and more human.

Give them time. Even after the hiring is complete, it must be understood that new hires will operate at roughly 50 percent to 60 percent productivity for the first several months while they learn the ropes. This includes becoming familiar with the job as well as your company’s technology and unique challenges. Time must be dedicated to ongoing training, development and education for new and longtime staff alike. In cloud security, technologies, policies and threats evolve quickly.

Candidates must understand the employer. The responsibility for a successful hiring process rests on both sides, not just the employer. Cloud security candidates have worked diligently to pass their certification exams, but they also have a responsibility to understand the company where they want to work. They must know how to speak to the managers and executives in a language they understand, which is often more strategic and risk-focused than technical.

The key to a good hiring experience is communication. The more both sides communicate before, during and after the hiring event, the more successful the long-term relationship will be.

Learn more recruiting strategies on building a strong cloud security team in the (ISC)² eBook, Cloud Adoption and the Skills Shortage: A View from the Field.

How CCSP Certification Can Help You

Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity member experts at (ISC)².

Achieving CCSP certification provides the added benefit of membership in (ISC)², the world’s largest nonprofit association of cybersecurity professionals, more than 150,000 members strong. (ISC)² provides members with professional development courses through the Professional Development Institute (PDI); technical webinars covering evolving cybersecurity trends; and benefits, such as the (ISC)² Community and InfoSecurity Professional magazine.

Learn more about how CCSP can help you build the skills you need to stand out in cloud security or get your copy of The Ultimate Guide to the CCSP and get started today.

The post Rookies Needed – Experience Required appeared first on Cybersecurity Insiders.

November 30, 2021 at 09:10AM

Read More

IKEA servers hit by Qakbot Malware

IKEA, the furniture giant from Sweden, has disclosed that its servers were hit by a Qakbot malware that could have compromised its staff and partner accounts to a certain extent. However, as the investigation is still underway, compromise of accounts is yet to be determined.

QuakBot aka QuackBot malware is actually a malicious software that has the potential to steal banking credentials and is existing since the year 2007. It also has the potential to spy on financial operations of its targets and has the potential to install ransomware, in order to maximize earnings to the threat actor spreading the payload.

Slowly and steadily, those spreading malware have developed this malware so much that it can also log keystrokes, induce backdoors and can stay anonymous from being detected by anti-malware solutions.

Staff members of Ikea suspect that the malware payload could have reached the servers through a malicious email.

However, a source reporting to Cybersecurity Insiders reports a company’s staff member could have also helped them to breach the network.

The good thing about the attack is that the company’s security policy already inducts an encryption technique where the card info, addresses, and other sensitive details are not easily accessible.

Note 1- As IKEA is a multi-national company that makes and sells furniture, kitchen appliances and home accessories, the extent of the malware spread on its global business is yet to be known.

Note 2- In January 2021, retail giant Dairy Farm that offers business to Ikea was hit by REvil ransomware.

The post IKEA servers hit by Qakbot Malware appeared first on Cybersecurity Insiders.

November 29, 2021 at 08:42PM

Read More

Rising volume of email fatigue opens doors for Cybercriminals

This blog was written by an independent guest blogger.

While remote work has many benefits, it can increase the risk of employees suffering from directed attention fatigue (DAF), where they find themselves unable to focus due to constant distractions. This is due primarily to isolation and the constant bombardment of emails and instant messages. In fact, one of the most worrying types of DAF for security professionals is email fatigue. 

Communicating through emails is often preferred over phone calls, but it may present a greater security risk – especially if we consider the amount of critical business data shared through email these days. When workers’ attention spans are stretched too thin, they are more likely to click on cleverly disguised malicious emails and put their data at risk. 

The best way to arm yourself against such attacks is by educating yourself. To that end, the following guide will explore how cybercriminals breach companies through employee inboxes and what you can do to prevent it.

What is email fatigue?

According to a recent study, the average American worker spends roughly five hours a day checking email. Email fatigue has long been a problem, but we can expect it to worsen because of the almost exponential growth of daily sent and received emails worldwide over the past few years. 

Similar to alert fatigue, this constant send-and-receive cycle keeps workers from concentrating on their core tasks. They often find that they need to ignore one for the other. Thus, they may start to ignore messages, delete them, and/or unsubscribe from email lists.

Unfortunately, this is when we are the most vulnerable to hackers.

How email-based cyber attacks work

Email-based attacks are not a new problem. For example, some of the most notorious email-related cyber attacks of the 1990s came through the propagation of the Melissa virus. During these attacks, the attacker would send the virus through a Microsoft Word document attached to an email. Once the victim opened the document, it would run a macro script that would infect the system and steal their mailing list.

Surprisingly, not much has changed, and email is still a popular way to send malware. According to a recent analysis conducted by Freshbooks on the rise of Covid scams, email remains one of the most vulnerable outlets for cybercriminals.

Even though many consider spam and phishing outdated techniques, they are still employed by cybercriminals today. A hacker will send an email from what seems to be a reputable social media site, but the email will have a malicious link or a fake button. As soon as you click on it, it confirms your email address and hackers will then target you with more malicious emails with more intricate exploits. 

Recent email-based attacks

In August 2021, a Revere Health employee was hacked through a phishing email attack which exposed approximately 12,000 patient medical records. The hackers may not have intended to release patient medical records; rather, this may have been a long-term phishing scheme designed to hack other Revere employees. Still, because of the overwhelming pressure the healthcare sector suffered due to the Covid-19 pandemic, they were left more vulnerable to cybercrime. 

The Revere Health data breach was small scale compared to the 2020 MEDNAX data breach. The data of over 1.2 million individuals was exposed after employees responded to a host of phishing emails. The breach was comprehensive, revealing the information of both patients and providers.

While there are different types of phishing, spear phishing is the most popular. Most phishing attacks are random or large-scale, while spear phishing is more targeted – that is, the cybercriminal will target a particular individual or organization with a custom attack. A fine example of this is the 2020 Magellan Health ransomware attack where the records of over 1 million individuals were revealed. 

In another case, Aetna Ace, a health insurance company, saw the records of over 480,000 patients exposed after an employee responded to a spear-phishing email. The company had to pay $1 million in fines after it was found that it violated HIPAA privacy rules due to the hacks. As a result of these attacks, healthcare service vendors and agents have had to change how they organize and store data in order to decrease the risks of a similar breach. 

Nevertheless, while healthcare accounted for 79% of all reported data breaches in 2020, it’s not the only sector that’s susceptible. Treasure Island, a non-profit company that aids the homeless, suffered losses of $625,000 after a sophisticated month-long business e-mail compromise (BEC) attack.   

The FBI’s 2020 Internet Crime Report found that businesses and consumers lost a combined $1.8 billion to BEC and email compromise attacks. To protect ourselves, we need to understand hackers’ motivations and strategies. Employing software-based security measures is important, but cautious employee behavior can render a large variety of attacks unsuccessful.      

Understanding email cyber attack strategies

Many businesses are taking steps to increase security protections for remote workers, but something like a phishing attack requires more than VPNs and encryption to prevent it. In some cases, you can immediately tell that phishing emails are inauthentic. A few grammatical and spelling mistakes may give it away, or the email address may be obviously fake.  

So how do so many employees fall victim to phishing scams? Over the years, cybercriminals have refined their skills. They carefully study their victims before launching their attacks. For example, in a BEC attack where the attacker poses as an executive or high-level employee, they study and mimic how the subject communicates through email. 

They achieve this by building a composite of email interactions. They may first pose as a lower-level employee and interact with the executive. Then they can use artificial intelligence (AI) to analyze how the victim communicates through email. It can look for subtle nuances such as diction, use of grammar and punctuation, typos, etc. 

Hackers can go a step further and use AI to automate their attacks. A recent study reported that OpenAI's GPT-3 could construct dangerously convincing spear phishing email messages. And this is just the tip of the iceberg. In 2019, hackers used AI and deepfake technology to defraud a UK-based company of $243,000 by mimicking the CEOs voice over the phone.      

It’s not just a matter of infecting the network with malware or ransomware, though these are still popular techniques for siphoning information as part of a larger-scale attack. Nonetheless, when we consider all these factors, falling prey to an email attack seems almost inevitable. But there are plenty of things companies can do to protect themselves. 

Preventing email-based hacks 

Before we discuss which security tools we can implement to mitigate or prevent security breaches, we need to address the human element. It’s obvious that remote work has impacted the balance in our working lives, so we need to utilize new coping mechanisms. 

Employees should be encouraged to understand and treat directed attention and email fatigue.  Remote workers should be sure to work in a stimulating environment with good ventilation. Taking regular breaks and getting enough sleep are also important tips to avoid fatigue. 

Also, organizations can minimize the risk of falling prey to phishing emails through comprehensive cybersecurity training. Companies should make it a priority to verify that employees are indeed practicing good cyber hygiene and know what to look for in phishing schemes. 

Next, you’ll need to ensure that you’re using the correct email hosting services for your company. According to web developer and marketer Gary Stevens from Hosting Canada, it is vitally important to do your research and look for email hosting providers that make security a top priority. 

“Some of the cheap hosts out there will use outdated email delivery standards that open you and your internal correspondence up to a myriad of potential security risks,” says Stevens. “Do yourself a favor and make sure that whatever host you choose offers Imap and Pop3 email delivery. These security standards will ensure that your private emails stay, well… private, and it will prevent your information from falling into the wrong hands (i.e., competitors and hackers).”

In addition, you’ll need to implement a security protocol with:

• Advanced persistent threat detection and response 
• Unified security management from anywhere (USM)   
• Vulnerability scanning for email
• Secure web gateway protection

Conclusion

Email fatigue is a concern that companies should not take lightly. In times of crisis, cybercriminals take advantage of the chaos by targeting our stresses and anxieties. Addressing email fatigue, implementing incident response training, and deploying a multi-faceted anti-malware program can thwart cybercriminals and keep your company safe.  

The post Rising volume of email fatigue opens doors for Cybercriminals appeared first on Cybersecurity Insiders.

November 29, 2021 at 09:10PM

Read More

How to Prepare for CISSP Exam Day

By deciding to take the CISSP exam, you’ve chosen to further your education and showcase your knowledge and experience by achieving the world’s premier cybersecurity certification. Soon, you will join the ranks of more than 147,000 global leaders committed to a safe and secure cyber world.

Make a Timeline

As you prep for your CISSP exam, first consider your experience level and determine a timeline that fits for your current workload and lifestyle. The amount of time you need to dedicate to studying can vary based on your experience. Do you have questions about creating a CISSP study plan? Learn more about how to prepare for the CISSP and what to expect on the exam by downloading the CISSP Ultimate Guide.

Register for the Exam

Commit to your CISSP certification by registering and preparing for the CISSP exam. Visit Pearson VUE (ISC)² Certification Testing and begin by creating an account. You can then schedule your CISSP exam, find testing locations, review policies and request any accommodations. What does the CISSP exam cost? Find your CISSP exam fee based on your region.  

Build Your Study Plan

The CISSP Certification Exam Outline is the best place to start to build your plan of attack for the eight CISSP domains.  Build out your CISSP education plan to meet your personal training style and schedule. Some candidates prefer to study on their own using the (ISC)² self-study resources, but many prefer an instructor-led approach. Several options are available and combining them can help you be more successful. Whether you choose self-paced CISSP online training or opt for a classroom setting with live instruction in-person or online, you will develop a comprehensive understanding of the CISSP CBK. Take advantage of CISSP learning resources like the CISSP flashcards and the CISSP Official (ISC)² Practice Test.  

Practice For Test Day

Prepare for the big day before your exam by driving to the testing center in advance to know how long it takes you to arrive and where to park. Be sure to get a good night’s sleep the evening before and make sure you have two forms of identification that match exactly. Contact the testing center in advance if you need any special accommodations.

Review Exam Documents

On exam day, sign the (ISC)² Exam Non-Disclosure Agreement right away as you only have five minutes to complete it. You can find the NDA here in advance to review: https://www.isc2.org/Exams/Non-Disclosure-Agreement. As a reminder, you cannot bring anything into the room with you. This includes food, drinks and sweaters. You will be instructed to empty your pockets and secure loose items in a locker. Should you need a break during your session, remember to raise your hand.

To connect with others gearing up for the CISSP exam, join the online (ISC)² Community and find your peers in the CISSP Study Group.

The post How to Prepare for CISSP Exam Day appeared first on Cybersecurity Insiders.

November 29, 2021 at 09:10PM

Read More

REvil ransomware spreading hackers found to be leading plush lives in Russia

REvil ransomware gangs, known to fleece millions from their victims, are seen leading luxurious lives in their hideouts protected by Russian government. According to a covert operation launched by leading news publishing resource DailyMail, a suspected hacker running REvil aka Sodinokibi ransomware gang was arrested by the police last week.

Named as Yevgeniy Polyanin, the 28-year hacking techie was arrested from Siberia from his $380,000 USD home. It is revised that hacker was living with his wife Sofia during the time of arrest and was leading a plush life with $74K Toyota Cruiser, and a $200K BMW along with a Range Rover.

Sofia, who runs a controversial online bakery business, is already facing a lawsuit against her for producing cakes and cupcakes in X rated forms and was supposed to become a proud owner of the new Range Rover Autobiography in Feb 2022.

FBI, along with other law enforcement agencies, has pressed several money laundering and digital extortion cases against him in various district courts of America for gaining $6.1 million funds through cyber attacks. A $5 million reward was also announced against Mr. Polyanin in 2019, who registered himself as an individual entrepreneur and software developer in Siberia and was found conducting ransomware spreading campaigns from his hideout in Barnaul city of Siberia.

As Putin led Russian nation forbids extradition of citizens, Computing Master’s degree holder Polyanin might only face legal prosecutions in his own country and might be freed with a minimum penalty and a few days of imprisonment.

The post REvil ransomware spreading hackers found to be leading plush lives in Russia appeared first on Cybersecurity Insiders.

November 29, 2021 at 10:35AM

Read More

Mediatek vulnerability in Android phones fixed

A serious vulnerability in MediaTek processors that could have allowed hackers to spy onto a targeted device has been fixed now. The technical flaw was detected in AI Processing Unit(APU) and Digital Signal Processor (DSP) and was having the potential of allowing a threat actor to eavesdrop on a user device and send media files to remote servers because of a malicious code injection.

Check Point Company was the first to reveal that flaw to the world and alert the security engineers at MediaTek who then took a note of the flaw and worked on it to issue a fix mid last week.

As per the statistics available to our Cybersecurity Insiders, over 33% of android phones operating around the world run on the MediaTek server. And the newly detected flaw could have affected millions of smart phones operating around the globe.

Tiger HSU, the product security officer at MediaTek, released a press statement in the last weekend stating that the issue has been resolved now and there was no evidence with the company that hackers might have already exploited the vulnerability so far.

Note 1- The exhibited flaw that is now patched allowed hackers to listen to the conversations made through the infected devices.

Note 2– MediaTek is a Taiwanese brand of semiconductor manufacturing company that offers silicon wafers to wireless communication systems, Smart TVs, mobiles, navigation systems, and is also into the manufacturing of optical disc drives.

Note 3- In early 2020, MediaTek was caught in a ‘Benchmark’ controversy as it tried to justify its optimal performance abilities of its Sports Mode enabled processors.

The post Mediatek vulnerability in Android phones fixed appeared first on Cybersecurity Insiders.

November 29, 2021 at 10:33AM

Read More

The Bitglass Blog

In 2015 several things happened in the tech world that significantly impacted our lives today, such as Google making their powerful artificial intelligence technology (TensorFlow) open source, the start of the media streaming wars, and the introduction of the Apple Watch to the world. Also that year a first of its kind experiment, run by Bitglass, tracked where stolen data travelled through the “Dark Web.” 

The post The Bitglass Blog appeared first on Cybersecurity Insiders.

November 29, 2021 at 09:09AM

Read More

Key benefits of iSIM technology for enabling secure connectivity

Connectivity is on the rise globally with more than 2.3 billion connected consumer devices such as smartphones, wearables, laptops and tablets expected to be shipped by 2025. As for IoT devices, it is expected that more than 3 billion devices will be connected to cellular networks over the next five years and eSIM capable devices will exhibit CAGR of  40%. 

To keep up with this tremendous growth there is a need for ensuring secure and seamless cellular connectivity. With devices needing SIMs to authenticate them for mobile networks, advances in SIM technology will be critical for the expansion of the connected world in years to come.  

So how can manufacturers seamlessly manage this growth, while also ensuring secure access to cellular networks? The solution lies in a new eSIM form factor, also known as integrated SIM (or iSIM).  

The integrated SIM (iSIM) provides a secure way of authenticating devices with the same security and convenience as the eSIM. iSIMs are embedded within a trusted, tamper-resistant enclave into a device’s System on Chip (SoC) and contain a secure vault for storing mobile subscription details. This simplifies the adoption of eSIM technology while also optimising costs and performance. The integrated SIM mirrors the specification and certification of the integrated eUICC given by the GSMA.  

Key benefits of the iSIM 

The main benefit of the iSIM is that it helps to radically simplify device design and manufacture, while reducing the management burden by limiting the number of vendors and service providers required to operate a device. The iSIM not only provides a streamlined experience for customers, mobile operators and OEMs, but allows all parties to reap the benefits, including: 

1. Simplifying connectivity

The iSIM is fully compatible with 2G, 3G, 4G and 5G networks, and can be used in any cellular consumer device. It can also be deployed in consumer IoT and M2M devices, allowing connected devices to operate from anywhere. The iSIM is also compliant with the GSMA Remote SIM Provisioning Consumer & M2M and ETSI SIM specifications. This means one can rely on the existing eSIM infrastructure to manage the iSIM. 

2. Reducing costs & energy consumption

While an eSIM relies on a separate chip, the iSIM is hosted on a single SoC along with a cellular modem and microcontroller unit. With fewer steps and materials needed to assemble the iSIM, costs for manufacturers are lowered across the supply chain. Energy consumption is also reduced thanks to the advanced technology node employed to build the SoC.

3. Same security certification

The iSIM is fully standardised and endorsed by the industry and is recognised by several industry bodies including the European Telecommunications Standards Institute (ETSI), Eurosmart, Trusted Connectivity Alliance and the GSMA. The assurance requirements that apply to the iSIM ensure the same security certification level as the eSIM is achieved. 

However, in order to provide secure access to the cellular network, the iSIM must be personalised with remote management credentials during the manufacturing process. So how can this be achieved without affecting device manufacturers? 

Introducing 2-step personalisation 

While the iSIM is a new means to authenticate devices on mobile networks, this should guarantee the security level remains unchanged. Data security needs to be ensured not only when managed by the secure area chip, but also while it is processed at the manufacturing of devices. This requires implementing specific security measures in factories and having them certified. 

Two-step personalisation is a new way to secure provision credentials in a tamper-resistant element that allows consumer electronics and IoT OEMs to fulfill these needs without incurring the burden of security management. 

Two-step personalisation securely splits personalisation steps between the SoC manufacturer and the iSIM provider such as Thales. Both players establish together a trusted relationship that enable them to prepare separately the SoC and the iSIM using GSMA approved processes named Perso SC and Perso UICC respectively. This allows the device manufacturer to use the SoC as usual as the iSIM is seamlessly deployed with the required credentials when the SoC firmware is loaded onto the device. The iSIM provider then securely activates the iSIM to turn into a fully functional eSIM. 

Thanks to 2-step personalisation, the device manufacturer flow remains unchanged and does not require extra certification, while adhering to the GSMA production security standards. This lowers dramatically the impact on OEM manufacturing sites and streamlined processes, reducing the effort to deploy cellular connectivity in devices while keeping the process secure. 

Thales is the first company in the world to introduce 2-step personalisation, and has recently been granted the world’s first 2-step personalisation GSMA SAS-UP certification for its data centre in Tours, France. 

Now 2-step personalisation can be implemented in an industrial and secure manner. This marks a significant shift towards the large-scale commercial deployment of integrated SIM technologies. 

Interested and want to learn more about the iSIM and its role in enabling the secure connectivity of devices? Leave a comment below and make sure to follow us on Twitter at @ThalesDigiSec! 

The post Key benefits of iSIM technology for enabling secure connectivity appeared first on Cybersecurity Insiders.

November 29, 2021 at 09:09AM

Read More

Going green to make green – how plastic waste can power financial services

2021 is a big year in our fight against climate change. In a summer, which has seen record-breaking temperatures across the world, the evidence of humanity’s impact on the environment is becoming more and more obvious.  

With conditions reaching new levels of severity, the world’s leaders and top scientists will be convening at the 26th Conference of the Parties (31st October to 12th November), also known as COP26, to negotiate how the world will respond to the mounting challenge of climate change. Aside from committing to reaching net-zero by 2050, attendees will also pledge to invest $100bn per year to finance the world’s crackdown on climate change. 

If this goal is to be achieved, the involvement of financial services providers, such as banks, will be essential. However, there are other ways financial institutions can help combat climate change.  

One environmental issue that financial institutions can play a key part in addressing is the world’s crippling consumption of plastic. By reusing discarded plastic products, such as water bottles and plastic bags, banks can drive sustainable transformation by offering greener banking solutions. 

But, before we look at the solutions, it’s critical we understand the problems which wasted plastic poses to our planet. 

More plastic, more problems 

The world’s consumption of plastic is well documented, and the numbers are truly staggering. Here are few statistics that highlight our plastic problem: 

• Around the world, one million plastic drinking bottles are purchased every minute 
• Over the course of just one year, the world uses 5 trillion single-use plastic bags 
• Today, we produce about 300 million tonnes of plastic waste every year, which is nearly equivalent to the weight of the world’s human population 

Sadly, with this level of consumption comes the environmental problems emanating from the production and disposal of plastic. 

The production process of plastic has traditionally been powered by fossil fuels, a core contributor to the world’s rising temperatures. If our current plastic production grows as currently planned, the emissions produced could reach 1.34 gigatons per year. This is equivalent to the emissions released by more than 295 new 500-megawatt coal-fired power plants by 2030. 

The disposal of plastic is equally problematic, with our heavy consumption leading to the irresponsible discarding of excess plastic waste. In fact, our oceans could contain more plastic than fish by 2050. Aside from outnumbering the world’s population of aquatic creatures, microplastics are often consumed by sea animals. Once consumed, these microplastics can increase the chance of disease and impact reproduction in these animals.  

Another core goal of COP26 is ‘adapt to protect communities and natural habitats’. For this to be possible, the world at large must do better to limit its consumption and wasting of plastic products. 

Upcycled banking – how discarded plastic can power financial services 

With literally tonnes of discarded plastic to use, what can financial institutions do to redirect waste for a more productive purpose? One answer is in the form of eco-friendly bank cards.  

Bank cards are the ubiquitous financial services tool found in the wallets of millions worldwide. But, while traditional PVC bank cards are certainly put to good use compared to other plastic goods, their production and disposal does pose environmental challenges. In fact, the amount of plastic used to produce bank cards every year is equivalent to the weight of 150 Boeing 747s. What’s more, the production of six billion bank cards produces a carbon footprint equal to 500,000 passengers flying from New York to Sydney. 

However, advances in technology have seen the development of new, sustainably sourced bank cards made from otherwise discarded materials. For example, many card manufacturers have turned to using ocean plastic as the base material for bank cards. By upcycling plastic floating in our oceans, banks have the potential to recycle one plastic bottle for every card issued. 

In 2019, we teamed up with American Express, Parley for the Oceans and Siegel + Gale to introduce the American Express Green Card made from 70% reclaimed plastic. Through our contribution to this project, Thales was named winner of the 2020 Élan Award of Excellence in the Unique Innovation category by the International Card Manufacturers Association (ICMA).

Climate change is an issue that all industries must face up to in the coming years. But it’s important that organisations, such as banks, are diverse in the way in which they tackle this issue. While funding sustainability initiatives is a strong start, there are many other areas which can be addressed through the adjustment of business models.  

Read more about our recent partnership with Parley for the Oceans here.

The post Going green to make green – how plastic waste can power financial services appeared first on Cybersecurity Insiders.

November 27, 2021 at 09:10PM

Read More

How biometric payment cards can perfect the contactless payment experience

The Covid-19 pandemic has accelerated the transition to convenient and more secure ways of paying. With increasing numbers of consumers favouring payment methods that are safer and more hygienic, contactless payments have been on the rise worldwide. In the UK alone, this method accounted for more than a quarter of all payments in the past year.

As consumers shift away from more traditional ways of paying like cash and PIN cards, demand for contactless payments is continuing to grow. This has led to many countries raising the payment threshold for contactless; France and many other European countries increased the limit to €50 from May last year.

What’s more, shoppers in the UK will be able to spend £100 when making a contactless payment from 15 October, as the government more than doubles the spending limit. This will allow consumers to make higher value transactions using their contactless card, like doing the weekly shop.

Governments and financial institutions are investing resources to mitigate the impact of Covid-19 on the economy, citizens and businesses, and to respond effectively and efficiently to society’s new needs.  But how will citizens react to the new contactless threshold? How can banks ensure that the right protection is in place to keep a positive perception about payments’ safety and security?

There is a new innovative method to provide fast and secure contactless payments while ensuring great convenience thanks to biometric technology.

Bringing biometrics to the payment card

The biometric payment card uses specific characteristics unique to the user, such as the details of their fingerprint, to verify a transaction. Biometric payment systems offer a number of benefits and are fast replacing traditional authentication methods such as PIN numbers.

By using this technology, biometric cards offer more security than conventional contactless payment methods. When processing a transaction, the card compares the user’s fingerprint on the scanner with the reference data stored in the card’s secure chip, before authorising the payment. No personal data is held on a bank’s servers or sent over the air to a centralised database. This means that if a card is lost or stolen, users don’t have to worry about fraudulent activity on their account as the owner’s fingerprint is needed to authorise the transaction. This adds an extra layer of protection and ensures that the user’s account details are kept secure.

This added protection means that biometric cards do not have a payment threshold, allowing consumers to make low or high value transactions without having to worry about their card being fraudulently used or rejected.

Biometric payment cards also don’t require users to enter a PIN on the Point of Sales (POS) terminal when making a payment – users can simply use their fingerprint to verify a transaction. This means that users no longer need to remember multiple PIN numbers for different accounts, allowing for a seamless and secure banking experience.

For banks, the added security of biometric payment cards means that they can rely on the secure authentication of the cardholder and benefit from increased trusted transactions. It also generates less false declines and therefore increases customer confidence. By enrolling biometric payment cards, banks can reduce administrative costs and optimise their processes. Several banks have already started rolling out the biometric payment card, including the RBS Group and BNP Paribas which is proposing the solution to all of its VISA premier customers.

As contactless payments continue to soar worldwide, demand for faster, more secure ways of paying will continue to grow. The biometric payment card brings all the benefits to be at the forefront of this transition towards contactless technology.

Interested and want to learn more about the benefits of the biometric payment card? Leave a comment below and make sure to also follow us on Twitter at @ThalesDigiSec!

The post How biometric payment cards can perfect the contactless payment experience appeared first on Cybersecurity Insiders.

November 27, 2021 at 09:12AM

Read More

2022 Cybersecurity Trends and Predictions

Lior Div, CEO and Co-founder, Cybereason

The changing of the leaves and the brisk fall mornings around Boston are a sign that 2021 is nearing its end. It’s a time that I like to reflect on the year gone by and think about the potential for the new year.

In the world of cybersecurity in particular, the end of the year brings an avalanche of predictions for what the threat landscape will look like in the year ahead. It’s a fun end-of-year tradition, but it can also provide valuable insight into coming trends to help defenders be prepared for what’s on the horizon.

“Predictions”

As I review predictions from previous years and look at some of the 2022 predictions that are already hitting the internet, I have noticed that a lot of them are not really “predictions”—they are just a list of buzzwords or topics that are already gaining momentum that someone has put together to “predict” that those things will still be relevant next year. Things like AI / ML, cloud computing, the cybersecurity skills gap, and ransomware are not really predictions but instead blatantly obvious. Of course, those things will continue to get attention, but it doesn’t take a security expert or any special insight to “predict” that.

Beyond the Buzzwords

To borrow a poker metaphor, those topics are table stakes. Looking ahead to what Cybereason and our customers need to be aware of for 2022, it’s important to keep those things in mind, but let us consider the broader threat landscape—and what we are seeing in terms of emerging attacks and current threat research—to identify key risks that defenders need to prepare for.

2022 Cybersecurity Predictions

With that in mind, here are the risks that stand out as unique above and beyond the buzzwords:

RansomOps – The New Kill Chain

Ransomware as a threat is already established and well known. Ransomware attacks occur on a daily basis and 2021 has seen multiple ransomware events that have had a significant impact. The risk that doesn’t get enough attention and that defenders need to understand is that ransomware has evolved.

It started out as a variant of traditional malware—just a different way for threat actors to make a profit when compromising a target. What we see today is not that simple. We now have ransomware cartels—like REvil, Conti, DarkSide, and others—and ransomware is not a piece of malware, but rather comprehensive ransomware operations, or RansomOps, where the execution of the ransomware itself is just the final piece of a much longer attack chain.

There is too much focus on the ransomware executable, or how to recover once an organization’s servers and data are already encrypted. That’s like fighting terrorism by focusing only on the explosive device or waiting to hear the “boom” to know where to focus resources.

RansomOps take a low and slow approach—infiltrating the network and spending time moving laterally and conducting reconnaissance to identify and exfiltrate valuable data. Threat actors might be in the network for days, or even weeks. It’s important to understand how RansomOps work and be able to recognize Indicators of Behavior (IOBs) that enable you to detect and stop the threat actor before the point of “detonation” when the data is actually encrypted, and a ransom demand is made.

Supply Chain – Amplifying Reach of Attacks

This also doesn’t feel like much of a “prediction” at face value. IT professionals are very familiar with the concept of a supply chain attack thanks to the SolarWinds attacks. You need to have a broader perspective on the concept of supply chain, though. It is not always a function of compromising a device or application that is then distributed to others down the chain.

It would be more accurate to call it “Low Hanging Fruit.” SolarWinds is one example of a threat actor finding a way to compromise one company and leveraging that attack to allow them to compromise the customers of the initial target. Our research into DeadRinger and GhostShell illustrates examples of a different approach with a similar outcome. Threat actors gained access to telecommunications providers, which then enabled them to access and monitor communications for customers of those providers.

In both cases, the concept is the same. There is a growing trend of threat actors realizing the value of targeting a supplier or provider up the chain in order to compromise exponentially more targets downstream. Rather than attacking 100 or 1,000 separate organizations, they can successfully exploit one company that unlocks the door to all the rest. It is the path of least resistance.

The attacks we have seen have been part of cyber espionage campaigns from nation-state adversaries. Those attacks will likely continue, and we will see a rise in cybercriminals adopting the strategy as well. Companies that act as suppliers or providers need to be more vigilant, and all organizations need to be aware of the potential risk posed from the companies they trust.

Microsoft – Living with the Microsoft Risk

The simple truth is that one way or another, Microsoft products are directly involved in the vast majority of cyber attacks. Threat actors invest their time and effort identifying vulnerabilities and developing exploits for the platforms and applications their potential victims are using. Microsoft has a dominant role across operating systems, cloud platforms, and applications that make it fairly ubiquitous.

By developing software riddled with vulnerabilities and not always accepting responsibility or acting to address issues, Microsoft bears some responsibility. However, it is not always a matter of exploiting vulnerabilities. Google analyzed 80 million ransomware samples and determined that 95% were Windows-based executables or DLLs. Only about 5% of the samples actually used exploits—but most of those targeted Windows as well.

Adding insult to injury, Microsoft continues to coerce customers into using its own inferior cybersecurity offerings through its predatory E5 licensing model. They are selling customers products and services that make them vulnerable, and then demanding more money to provide inadequate protection to try and defend those products and services.

Microsoft will continue to be the primary focus for cyber attacks in 2022. That isn’t really a revelation. Defenders need to understand the risk of relying on Microsoft to protect them when they can’t even protect themselves. Organizations that depend on Microsoft for security will find themselves making headlines for the wrong reasons.

I’m not suggesting that organizations not use Microsoft products or services, but it is important to understand the risks and have a layered approach to defending those products and services against attacks.

Cybersecurity Is National Security

The line no longer exists between national security and cybersecurity. Sometimes a nation-state adversary attacks a private company as part of a broader campaign. Russia did it with SolarWinds. China did it with HAFNIUM. Iran did it with GhostShell. Sometimes, cybercriminals launch attacks with national security implications. The flow of oil and the food supply chain were both seriously disrupted in 2021 by ransomware attacks.

What we need to be aware of as we go into 2022 is the increasing cooperation and collaboration between these threat actors. Nation-state adversaries are not directly controlling many of these operations, but a combination of state-sanctioned, state-condoned, and state-ignored attacks create an environment where failure to act is equivalent to tacit approval and indicates that even if they are not actively working together, their objectives are often aligned.

The US government has made progress and will continue to work to improve the cyber defenses of federal agencies. They will also coordinate efforts with private sector tech and cybersecurity companies, as well as nation-state allies around the world to address the Cyber Cold War, protect effectively against threats, and work together to bring threat actors to justice.

XDR – Improving Protection with AI

With the shift to work-from-home or hybrid work models, the rollout of 5G wireless, and the explosion of IoT (internet-of-things) devices, virtually everything is connected today. This connectivity provides a variety of benefits in terms of productivity and convenience, but it also exposes organizations to significant risk which makes Extended Detection and Response (XDR) crucial.

The question is, “What is XDR?”. Many vendors have an offering they are calling XDR, but not all XDR is created equally. There is almost universal agreement that XDR is the next thing, but the definition of what XDR is and the best way to achieve it is still being debated.

The industry will reach some consensus in 2022 and leaders will emerge as the dust settles some in the XDR market. Regardless of how we define XDR, the scope and volume of threats demands that artificial intelligence (AI) play a central role in making it effective.

Get Ready for 2022

As you take time to gather with family and friends for the holidays, or just disconnect from work and recharge, hopefully these insights will help you prepare more effectively for the cybersecurity challenges you will face in 2022. The threat landscape is constantly shifting, but understanding how threat actors think and having insight into emerging trends enables you to stay ahead of the curve and defend more effectively.

The post 2022 Cybersecurity Trends and Predictions appeared first on Cybersecurity Insiders.

November 26, 2021 at 08:58PM

Read More