Crypto Scammers Game YouTube for Amplification While Keeping Under Radar, Researchers Find

By Joe Fay

Not even a pyramid scheme – they just convince people to give away their money. 

A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the video platform’s safety team, researchers at WithSecure have said. 

The network used YouTube to post and boost videos encouraging victims to take part in fraudulent USDT (Tether) cryptocurrency investment schemes. Users were promised lucrative returns when they moved cryptocurrency from their wallets into wallets associated with the “apps” highlighted in the videos. 

WithSecure Intelligence Researcher Andy Patel tracked over 700 URLs hosting the suspect apps, although thousands more could be implicated. Patel said his analysis during the latter half of 2022 suggested a network of 30 members were using hundreds of YouTube channels and automation to instigate “inauthentic engagement” with thousands of videos touting the fraudulent apps. 

The videos themselves were low quality and not particularly sophisticated, invariably following the same script. Some of the apps featured trivial tasks and simplistic games, which could earn participants more rewards. 

The videos would demonstrate how “investors” could withdraw their money at any time. By extracting wallet addresses from the YouTube videos, Patel was able to map out a potential network of “seeding” accounts, app wallets, victims, and receiving addresses. Patel’s analysis showed that no currency was ever moved back to the “investors’” wallets. 

“It’s not even a pyramid scheme,” said Patel. “Literally they just convince people to give away money. And that's it. Simple.” 

Patel used the YouTube API to pull data down the network, before subjecting it to data analysis techniques, including constructing node edge graphs highlighting interactions within the dataset. He did the same for the crypto wallet addresses featured in the videos to track interactions between potential “victim wallets” and potential “app wallets”. 

Over the period analyzed, the network was able to generate around $100,000 in revenue from 900 victims. However, Patel said, the scammers were opportunistic and were clearly hoping to snag “investors” willing to transfer larger investors. As the reach of the network increases, so does the likelihood of finding such investors. 

Patel’s research could only analyze a limited number of accounts and may have missed a large number of additional wallets. 

WithSecure’s report detailing the research said that given the number of channels involved, the amount and frequency of content posted, and the length of time they had been operating, “It is highly surprising that they weren’t already spotted and taken down.”  

It added, “It would be nice to know that YouTube’s administrators take inauthentic amplification seriously and are devising more generic methods to detect and counter such activity in the future…The fact that YouTube verified accounts have partici­pated in the advertising of these scams is worrying.” 

WithSecure noted that according to the U.S. Federal Trade Commission (FTC), nearly half of the 46,000 people that reported falling prey to crypto scams had initially been hooked via a social media platform. 

We contacted Google for comment but have not had a reply at the time of publication. 

The post Crypto Scammers Game YouTube for Amplification While Keeping Under Radar, Researchers Find appeared first on Cybersecurity Insiders.

March 01, 2023 at 11:11AM

Read More

The Bridge to Zero Trust

No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data is only the first of many issues you will be facing. You also have to navigate reputational damage, lost revenue, and the potential for fines and sanctions from regulatory agencies.

This is why governments and organizations around the world are implementing a zero trust security framework to reduce the risk of attacks while protecting resources and data. If you are searching for the tools you need to confidently move to a zero trust model and you’d like to learn about the vital role authentication plays in laying a strong foundation for security, we’d like to invite you to attend a live virtual event:

The Zero Trust Leadership Series Presents: The Bridge to Zero Trust Virtual Event

On Wednesday, March 15, from 11 AM to 2:30 PM ET, security and IT leaders will explore how identity, Zero Trust Authentication, network architecture, and endpoint detection and response technologies combine to thwart cyberattacks. The sessions will be packed with practical insights to help you take zero trust from a concept to a real practice within your organization so you can stay ahead of the attackers and out of the headlines.

Register now to save your spot

The zero trust information you need now

Experts leading the zero trust charge will focus on:

• What you need to have a fully scaled zero trust ecosystem
• The need for Zero Trust Authentication in a security architecture and the current state of zero trust
• Why identity is crucial in zero trust (according to industry leaders)
• Tips and best practices you can use to implement zero trust in your organization

Top security experts

We asked ourselves, “What experts would we like to hear from on the topic of zero trust?” Then we went and found them for you.

Chase Cunningham, aka Dr. Zero Trust, will join us and discuss the current state of zero trust. He’ll also look at why identity and access management are the first elements you should modernize as you start your zero trust journey, and how Zero Trust Authentication will help accelerate your journey.

John Masserini, of Tag Cyber, will explore practical approaches to advancing zero trust along with his fellow panelists: Kevin Dana, VP of Information Technology for World Wide Technology; Marcos Christodonte II, Global CISO for CDW; and Allen Jeter, Director of IT for Chainalysis.

Kurt Johnson, Chief Strategy Officer for Beyond Identity, will lead a discussion with technology leaders from Palo Alto Networks, CrowdStrike, BeyondTrust, and World Wide Technology on how continuous signal sharing via integration can close vulnerability gaps and accelerate zero trust.

Bill Hogan, Chief Revenue Officer for Beyond Identity, will lead a discussion with key technology advisors and service players from World Wide Technology, Optiv, and Guidepoint on their security practices. They’ll also discuss recommended steps to advance security posture.

We will also feature speakers from Ping Identity and others. You can view the full agenda here.

Leveling-up your cybersecurity strategy is no longer a wish-list item. Protecting your organization is a priority, and the time to do it is now. Register today to save your spot.

The post The Bridge to Zero Trust appeared first on Cybersecurity Insiders.

March 01, 2023 at 04:06AM

Read More

Cybersecurity Industry News Review: February 28, 2023

By Joe Fay 

Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok. 

Australia to Overhaul Cybersecurity Rules 

The Australian government is overhauling its approach to cybersecurity and will create a new agency to coordinate responses to cyberattacks and manage investment. The plans follow publication of a discussion paper on cybersecurity following recent high-profile attacks, including one that affected telco Optus. The minister for home affairs, Clare O’Neil, described the current regime as “bloody useless.”                      

AT&T Selling a Cybersecurity Business, Trend Micro Buying One 

AT&T plans to offload its cybersecurity division. The telecoms giant built the unit around its $600m acquisition of AlienVault five years ago. AT&T’s strategy has been overtaken by a rash of startups offering more cost-effective offerings. Meanwhile, Trend Micro has acquired security operations center vendor Anlyz, boosting Trend’s orchestration, automation and integration capabilities and bringing 40 technical employees to Trend’s 3,000+ engineering team. 

The Big Return for Paying Ransom Demands? Research Warns of 10 More Attacks 

If ransomware victims pay the ransom they are bankrolling 10 more attacks on average, according to research from Waratah Analytics and Trend Micro. The report, What Decision Makers Need to Know about Ransomware Risk, applies data science techniques to a range of data, from chat logs to crypto currency transactions. It claims that LockBit and the historic Conti groups enjoyed ransom payment rates of 16%, probably thanks to their highly targeted business models. 

Banana Giant Dole Bent Out of Shape By Ransomware Attack 

Fruit and veg giant Dole has confirmed it had been hit by a ransomware attack, but the impact to its operations “has been limited”. The food producer said it had “moved quickly to contain the threat” and engaged leading third-party cybersecurity experts to work with Dole’s internal teams to remediate the issue and secure systems. The attack was first reported by CNN, which said it had resulted in shutdowns at Dole’s plants in the US earlier this month and halted shipments to grocery stores. Apparently, salad making kits were particularly affected, illustrating the supply chain disruption that ransomware can create.  

Warning Over More Malicious Libraries on Pypi 

The number of malicious “HTTP” libraries on the Python Package Index repository has increased according to research by ReversingLabs. In a blog post the firm said that most of these are “simple, malicious packages bearing names that are Frankenstein-like’ amalgamations of the acronym ‘HTTP’”, usually aping popular libraries in a bid to distribute malware or steal information. The PyPi repository was the source of a supply chain attack at the end of December, when someone uploaded a malicious dependency package with the same name as one shipped as part of the PyTorch nightly package index. 

Google reports on Ukraine (cyber) war a year on 

A year after Russia’s invasion of Ukraine, analysts and pundits have been contemplating the ongoing effect on the cyber landscape. A report from Google has detailed the phases of the cyberwar to date and its lasting effects, concluding that Moscow-based attackers have waged an “aggressive, multi-pronged effort…often with mixed results.” The effort has also “triggered a notable shift in the Eastern European cybercriminal ecosystem” with long term implications. The outlook? More of the same, with attacks likely to expand to include Ukraine’s NATO allies. 

European Commission takes a lead from the US, bans Tik Tok 

The European Commission has become the latest governmental organization to ban the video app TikTok from its staff’s corporate devices. The Commission explicitly said the move was to “increase its cybersecurity”, and to protect it against “actions which may be exploited for cyber attacks against the corporate environment of the commission”. Other social media platforms would be kept under review, it added. The commission is in good company, with multiple governments banning the app, along with a range of US government agencies. Joe Biden approved a TikTok ban for the Federal Government in December, though the White House has also sought to use TikTokers to reach the youth vote. 

 

The post Cybersecurity Industry News Review: February 28, 2023 appeared first on Cybersecurity Insiders.

February 28, 2023 at 09:10PM

Read More

The ethics of biometric data use in security

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In a world where you can scan the veins in your hand to unlock a smartphone, how do you maintain control over personal data? Biometric authentication, the use of distinctive human features like iris patterns, fingerprints and even gait in lieu of a password, is gaining ground in the tech world.

Proponents tout its inherent, hard-to-replicate qualities as a security benefit, while detractors see the same features as an invasion of privacy. Both sides may be right.

The problems with biometrics

Unlike a password, you can’t forget your face at home. But also, unlike a password, you can’t reset your face — meaning you’re out of luck if someone steals a photo of it.

In 2016, a biometrics researcher helped investigators hack into a murder victim’s phone with only a photo of the man’s fingerprint. While security systems are getting more advanced all the time, current technology also allows cybercriminals to run wild with a single piece of biometric data, accessing everything from laptop logins to bank accounts.

By its very nature, biometric authentication requires third parties to store biometric data. What happens if the information is exposed?

In addition to potential hacking, breaching people’s personal data might reveal something they’d rather keep private. Vein patterns could reveal that a person has a vascular disorder, raising their insurance premiums. Fingerprints could expose a chromosomal disease.

True, people give this same information to their doctors, and a medical data breach could have the same repercussions. But handing off biometric data to a commercial company — which isn’t bound by HIPAA or sworn to do no harm — is a much grayer area.

Another issue that occasionally plagues biometric authentication is injuries and natural bodily changes. A single paper cut can derail a fingerprint scanner, and an aging eye throws iris scanners for a loop. People will have to update their photos every few years to remind the system what they look like.

Some facial recognition programs can even predict how long a person will live. Insurance companies have expressed interest in getting hold of this data, since the way a person ages says a lot about their health. If stolen biometric data fed into an algorithm predicts a person won’t make it past 50, will their employer pass them up for a promotion?

In the event of an accident, your family won’t easily be able to access your accounts if you use biometric authentication, since it’s not as simple as writing down a list of passwords. Maybe that’s a good thing — but maybe not.

Another ethical dilemma with biometric data use is identifying people without their consent. Most people are used to being on camera at the grocery store, but if that same camera snaps a photo without permission and stores it for later retrieval, they probably won’t be too happy.

Some people point out that you have no right to privacy in a public space, and that’s true — to an extent. But where do you draw the line between publicity and paparazzi? Is it OK to snap a stranger’s photo while you’re talking to them, or is that considered rude and intrusive?

The benefits of biometric data

Of course, no one would be handing off a photo of their face if the technology was good for nothing.

It’s quick, easy, and convenient to log into your phone by putting your thumb on the home button. Though it’s possible for a hacker to find a picture of your thumbprint, they’d also have to snag your phone along with it to log in, essentially having to bypass a two-factor authentication system. Who has time for that just to steal a reel of cat photos?

Hackers also can’t brute-force their way into guessing what your face looks like. Letter and number combinations are finite, but the subtle variations of the human body are limitless. Nobody can create a program to replicate your biometric data by chance. Consequently, biometric authentication is an extremely strong security measure.

Police can also use biometric analysis to get criminals off the streets. Unlike a human with questionable accuracy, a camera is a reliable witness. It’s not perfect, of course, but it’s much better than asking shaken crime victims for a description of who mugged them. Smart cameras equipped with facial recognition can prevent wrongful detainments and even acquit people who would otherwise languish in jail.

The flip side is that facial recognition does occasionally get it wrong — people have been arrested for crimes they didn’t commit thanks to camera footage of a lookalike. As camera technology improves, hopefully the incidence of people being wrongfully accused will lessen. But for the few outliers who still get misidentified, the consequences can be grave.

Facing the facts

Ultimately, people will have to decide for themselves if they’re comfortable using biometric technology. You probably won’t encounter any problems using biometric authentication to access your phone or laptop, and it can vastly improve your security. The bigger ethical debate is in how third parties can use publicly available data — whether legal or leaked — to further their own gains. In the meantime, just know that your face is probably already in a database, so keep an eye out for doppelgangers.

The post The ethics of biometric data use in security appeared first on Cybersecurity Insiders.

February 28, 2023 at 09:10AM

Read More

(ISC)² Research Finds Cybersecurity Professionals to be Least Impacted by Layoffs in 2023

The latest (ISC)² research report, How the Cybersecurity Workforce Will Weather a Recession, found that despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023.  

To assess the impact of a potential economic downturn on cybersecurity teams, (ISC)² polled 1,000 C-suite executives in December 2022 across five countries: Germany, Japan, Singapore, the U.K. and U.S. The research highlights how C-suite executives view cybersecurity as an essential, valuable asset that is a strategic priority. 

While 85% of respondents expect layoffs will be necessary at their organizations, cybersecurity roles are expected to be the least affected by staff reductions. Only 10% of organizations are likely to cut jobs in cybersecurity compared to other business areas, such as human resources (30%), finance (24%), operations (24%), marketing (22%) and sales (22%). This is because 87% of respondents believe that a reduced cybersecurity team can lead to greater risks and they recognize the challenges associated with building cybersecurity teams when skilled workers are in short supply. Half of the participating executives said cybersecurity staff would be prioritized for hiring or rehiring if layoffs were necessary. IT is another priority (49%), with research and development (R&D) not far behind (41%). Lower on the rehiring priority list are marketing (35%), finance (34%), operations (31%), sales (30%) and HR (29%). 

“The importance placed on cybersecurity professionals, even during uncertain economic times, suggests that top executives understand the critical need for a strong cybersecurity team now more than ever,” said Clar Rosso, CEO, (ISC)². “This is not surprising given the upward trend in recent years where a weakening economy combined with political tensions has led to increased cyber threats. A key test for executives in 2023 will be their ability to sustain their commitment toward strengthening their organizations’ resilience against evolving cyberthreats amid emerging budgetary pressures.” 

Key report findings include: 

• 80% of participants believe a weakening economy will increase cyber threats 
• 87% of participants say reductions in their cybersecurity teams would increase risk for their organizations 
• 31% of respondents cited cybersecurity as the least likely to be impacted in a first round of layoffs 
• 74% of respondents are open to recruiting cybersecurity talent laid off elsewhere to bolster their own teams 
• 90% of participants said they increased cybersecurity hiring in the last two to three years 
• Salary was the least important factor when determining which staff would be impacted by layoffs compared to other factors such as performance and expertise/skill set 
• Cybersecurity professionals may face increased automation adoption, longer hours, more junior staff hiring and salary freezes due to economic conditions 

To learn more, read the full report here: How the Cybersecurity Workforce Will Weather a Recession. 

The post (ISC)² Research Finds Cybersecurity Professionals to be Least Impacted by Layoffs in 2023 appeared first on Cybersecurity Insiders.

February 28, 2023 at 09:09AM

Read More

Special Report: The State of Software Supply Chain Security 2023

Attacks on software supply chains surged in 2022. A few years after word of the SolarWinds hack first spread, software supply chain attacks show no sign of abating.

In the commercial sector, attacks that leverage malicious, open source modules continue to multiply. Enterprises saw an exponential increase in supply chain attacks since 2020, and a slower, but still steady rise in 2022. The popular open source repository npm, for example, saw close to 7,000 malicious package uploads from January to October of 2022 — a nearly 100 times increase over the 75 malicious packages discovered in 2020 and 40% increase over the malicious packages discovered in 2021.

Here’s what software development and security operations teams need to know about the state of supply chain security. Download the report ‘The State of Software Supply Chain Security 2023‘ to learn about:

✓ Key trends in software supply chain security
✓ How and where supply chain threats have mounted
✓ New federal mandates for supply chain security (EO 14028 etc.)
✓ Emerging best practices to get ahead of supply chain risk in 2023

 

The post Special Report: The State of Software Supply Chain Security 2023 appeared first on Cybersecurity Insiders.

February 28, 2023 at 03:46AM

Read More

Advance Your Cybersecurity Career with Toolkits from (ISC)² and BUiLT

As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and advancing in the cybersecurity profession.  
 
“Diversity continues to lag in the tech and cyber industries – and in order to meet the workforce gap head on, we need to create racial equity by helping the Black community explore new career possibilities within these fields,” said Peter Beasley, executive director and chairman of the board, BUiLT. “Partnering with (ISC)² encourages a shift we need – to convert, train and educate adults already in the workforce to meet the open roles in the tech and cyber industries.” 
 
The Top Ten Series powered by BUiLT kicks off with four toolkits, available on the (ISC)² DEI Resource Center. Each toolkit provides tips and actionable steps for professionals at different stages of their career who are looking to work in the cybersecurity field.  
 
How to Get into Cyber provides strategies to help young professionals from diverse backgrounds break into the cybersecurity industry. Whether you have a college degree or a non-traditional education, you can leverage your skills to secure opportunities in the field.  
 
How to Stay and Advance in Cybersecurity equips those already working in cyber with the knowledge to excel and advance in their career. Through training, determination and professional networking, you can build your career and launch yourself into new leadership roles.  
 
The Student Pathways Guide provides resources for students and recent graduates to help them land their first role in cybersecurity. If you’re a student unsure of how to break into the field, this guide provides concrete strategies for you to employ.  
 
The Switching Roles into Cybersecurity Guide helps you assess whether a move into cybersecurity is the right step for your career. Dive deep into your passions and explore what technical or non-technical roles in the field best suit your interests.     
 
These guides and more resources can be viewed and downloaded on the (ISC)² DEI Resource Center. 

The post Advance Your Cybersecurity Career with Toolkits from (ISC)² and BUiLT appeared first on Cybersecurity Insiders.

February 27, 2023 at 09:10PM

Read More

Ransomware attack on Dish Network

A suspected cyber attack of ransomware genre has reportedly downed the entire websites, apps, and internal systems of American Television service provider Dish Network for the past two days and information is out that it could take at least a week or so to restore back the services to normalcy.

It is unclear whether the attack was of malware variant as the IT staff of the Dish Network are still investigating the outage that reached its 4th day yesterday.

Dish.com and Dish Anywhere app is unreachable and a message displayed on the home page states teams are working 24×7 to resolve the incident.

The worst scenario of this incident is that the customers of Dish TV services are finding it hard to establish contact with the customer support teams as the malware seems to have disrupted the network to the core.

Erik Carlsson is yet to acknowledge the digital incident but assured via his social media account that timely updates on the attack will be provided on Tuesday this week.

As dish logins are failing to establish a server contact, customers cannot sign into TV channel apps such as MTV and Starz.

Meanwhile, research carried out by a hacker on a separate note has discovered PureCrypter Malware encrypting the database of several government entities leading to information steal and ransomware spread incidents.

And according to her update, Dish TV might have become a victim of the malware campaign.

Presently, no information is out regarding the ransomware group that struck the American Television services provider. But a suspicious finger is pointing at the LockBit Ransomware group.

 

The post Ransomware attack on Dish Network appeared first on Cybersecurity Insiders.

February 27, 2023 at 10:18AM

Read More

Cybersecurity Industry News Review: February 21, 2023

By Joe Fay

Think tank warns as economic, political, and cybersecurity risks collide. Accenture heads to Brazil, quantum security firm Sandbox fills up on cash and Biden loses cyber director.

Washington Think Tank Warns on Economic Risk and Cybersecurity 

Increased international conflict, including rising nationalism, a “cyber arms race”, and a looming recession are contributing to an increasingly volatile environment when it comes to cybersecurity, the Bipartisan Policy Center has declared in a new report. It also noted “lowered inhibitions for cyberattacks” and spillover from the war in Ukraine. Even as organizations contemplate these problems, they must deal with the consequences of earlier under investment in security and infrastructure, fragmented regulation and pressure on new investments due to economic uncertainty. All this and a “talent shortage” too. 

https://bipartisanpolicy.org/download/?file=/wp-content/uploads/2023/02/Cyber-Security-Report_R03.pdf 

Accenture Smells the Coffee, Buys Brazil’s Morphus 

Consultancy giant Accenture has bolstered its security workforce and geographical reach with the acquisition of Brazil-based Morphus. The 20-year-old target firm provides an “end-to-end” portfolio of services, including strategy, risk management, and managed security services. The deal brings an additional 230 cybersecurity professionals into Accenture. Morphus will provide a launchpad for Accenture to expand its cybersecurity offering in Latin America, forming the core of a new Cyber Industry practice. Accenture last year named Brazil as one of the most victimized countries when it comes to info theft. 

https://newsroom.accenture.com/news/accenture-acquires-morphus-brazil-based-cybersecurity-company.htm

Sandbox Fills Up with Dash for Post Quantum Future 

Sandbox AQ, which was spun off from Google last year and is developing “post quantum cryptography”, has raised $500 million in funding. Sandbox AQ describes itself as a SaaS company “combining AI + Quantum tech to solve hard problems impacting society”. Those problems include the prospect of quantum computing making current cryptography redundant – though that should be still some way away. At least part of its solution is scanning existing systems to identify the use of older encryption protocols so that they can be upgraded to newer standards, or as Sandbox AQ describes it, Cryptographic Agility. 

https://www.reuters.com/technology/quantum-startup-sandbox-aq-spins-off-alphabet-gains-nine-figures-funding-2022-03-22/

Jamaica Ratchets Up on Cybersecurity 

Jamaica is establishing a National Cyber Security Authority with backing from the US Agency for International Development and the Inter-American Development Bank. The authority will oversee policies, provide skills training, and monitor cyber threats to the Island nation. Its debut coincides with the finalization of data protection regulations, and the announcement of a national broadband network. 

https://www.jamaicaobserver.com/latest-news/new-national-cybersecurity-authority-to-be-established-says-gg/

US Cyber Chief steps down ahead of new strategy 

Chris Inglis has stepped down as the US National Cyber Director. The post was established by President Biden, with NSA and Air Force veteran Inglis the first individual to hold it. His appointment coincided with a ratcheting up of US focus on cybersecurity in general, along with critical infrastructure and open source in particular. Inglis’ move comes as the White House is expected to announce a new national cyber strategy. His principal deputy Kemba Walden is now acting director. 

https://www.hstoday.us/subject-matter-areas/cybersecurity/national-cyber-director-chris-inglis-steps-down/

The post Cybersecurity Industry News Review: February 21, 2023 appeared first on Cybersecurity Insiders.

February 26, 2023 at 09:11PM

Read More

Building blocks for Cyber resilience: MSSPs can lead the way

In today's world, cybersecurity is an ever-growing concern for businesses. With the rising threat of cyber threats and data breaches, it can be difficult for companies to keep up with the latest security technologies and stay ahead of the curve. Managed Security Services Providers (MSSPs) provide comprehensive security solutions to clients. They offer various services, from monitoring and threat intelligence to incident response. MSSPs are ideal for businesses looking for an all-in-one security solution tailored to their specific needs. MSSPs offer a wide range of services to help protect businesses from cyber threats. Here are some initiatives that MSSPs should consider when looking to help customers in 2023.

Making Zero Trust attainable

As the global landscape continues to test our resiliency, staying focused on a security-first mindset is critical. Organizations must consider the most significant risks and take a proactive approach to address cyber risk concerns. This means assessing the current state of their cybersecurity, understanding their attack surface, and rethinking their security strategy with a Zero Trust model. By taking a risk-based approach to vulnerability management, implementing cloud security measures, and developing third-party risk management solutions, organizations can ensure they are prepared to adapt to the ever-changing digital landscape and remain resilient in the face of cyber threats.

The traditional perimeter as we know it is no longer viable due to the shift to remote and hybrid working. To keep our networks secure, Zero Trust architecture is essential. Zero Trust reduces the risk of security breaches by authenticating and authorizing every person and system before granting access. Nowadays, the security industry is figuring out how to apply Zero Trust practically. Established companies are using the term Zero Trust in their product portfolios to capitalize on the opportunity. Ultimately, Zero Trust will become more prominent with measurable results.

Risk-Based vulnerability management

Managing vulnerabilities inside your environment are challenging. New attack vectors for threat actors to breach your network are identified daily. Organizationally, the attack surface is constantly changing due to IT device and platform lifecycle issues, changing operational priorities, and the adoption of emerging technologies. With every change comes the risk that a new flaw or configuration issue will provide a threat actor with the final link in their attack chain, resulting in an impact on your users, operations, and customers.

Your network is expanding in the traditional sense and with the ever-increasing role of endpoints, devices, and the Internet of Things. Each year you see the amount of data multiply exponentially, the threat of attacks become more sophisticated, and the challenge of minimizing risk and optimizing operations grow more challenging. It can feel like a never-ending battle, yet identifying, prioritizing, and managing vulnerabilities through remediation is not only possible—it can be simple.

Vulnerability management is an established function of information security, but with technology configurations constantly evolving and cloud and container infrastructure expanding, the complexities of vulnerability management persist. Today's best vulnerability management platforms have been designed with visibility, remediation automation, and improved vulnerability prioritization.

Vulnerability and patch management are essential for any organization, as is the need for risk reduction. With the right risk reduction strategy, organizations can improve their cyber resilience and reduce their risk. To help ensure that organizations keep their IT infrastructure up-to-date and secure, they should focus on strengthening the fundamentals of vulnerability and patch management, risk reduction, and Managed Extended Detection and Response (MXDR). By implementing these strategies, organizations can reduce risk and improve security posture.

Security Mesh, Zero Trust, and SASE (Secure Access Service Edge)

These are three technology trends converging to allow organizations to consolidate and optimize their Zero Trust initiatives. Security Mesh provides a cloud-based fabric that enables organizations to connect to users, applications, and data in a secure and unified fashion. Zero Trust is a security model that eliminates the concept of trust assumptions based on internal network boundaries.

And SASE is a cloud-delivered service that combines network and security functions, including secure access, cloud security, and network security, into a single integrated solution. These technologies can be used together to reduce complexity and help organizations to implement their Zero Trust strategies quickly and effectively. By consolidating and optimizing Zero Trust initiatives, organizations can gain the security, agility, and scalability needed to accelerate their digital transformation.

The biggest challenge for SASE adoption is the split decision between networking and security components. While the two technologies have their strengths and weaknesses, their integration is the most critical factor for successful SASE deployments. Enterprises need to evaluate both solutions' performance, scalability, scalability, reliability, and cost to determine which is best suited for their needs. Additionally, at the same time, they need to consider the synergies between both solutions to make sure that the combination of them will yield the best results. The primary benefit of SASE is the integration of networking and security services, which simplifies the provisioning and maintenance of both solutions.

Additionally, the service provider can offer more tailored solutions to its customers, allowing them to customize their SASE deployments to meet their specific needs. This makes the solution more attractive to enterprises and increases the likelihood of adoption. Ultimately, the split decision between networking and security components is a challenge that SASE must overcome to remain relevant in the future. Enterprises need to weigh both solutions' pros and cons and ensure they invest in the right technologies. By doing so, they can ensure that they get the most out of their SASE deployments and guarantee that their solutions remain up-to-date and secure.

Cyber Resilience

As MSSPs look to offer a Cyber Resilience service that leverages expertise to enhance protection, detection, and response capabilities while driving an organization's ability to recover in the event of a malicious attack rapidly. MSSPs can help shift an organization's model from reactive to proactive, helping the team prepare for potential cyberattacks by implementing a resilience model. This end-to-end service capability helps reduces risk holistically and supports an organization's ability to identify, protect, detect, respond, and recover from malicious activity. Cyber Resilience service is a customized strategy to enhance your current people, processes, and technology based on comprehensive strategic and tactical evaluations across an enterprise.

The post Building blocks for Cyber resilience:  MSSPs can lead the way appeared first on Cybersecurity Insiders.

February 26, 2023 at 09:09AM

Read More

The Center for Cyber Safety and Education Evolves Its Mission Statement

The Center for Cyber Safety and Education, the charitable foundation of (ISC)² founded in 2011, aims to grow the cybersecurity profession and its positive impact on the world by raising awareness, building a diverse pipeline of cybersecurity professionals and activating a more secure digital world.

Originally, the Center was created to serve as the home for cyber safety awareness programs and a place for the next generation of cyber professionals to receive educational scholarships. However, as the modern cybersecurity landscape has intensified and the global workforce gap of needed cybersecurity professionals has increased, (ISC)² is committed to meeting these demands. The Center will support new pathways for more cybersecurity professionals to begin their career while remaining dedicated to raising awareness and help build a pipeline of diverse cybersecurity professionals; thus, creating a more safe and secure cyber world. 

The mission of the Center has evolved to meet this global need and now stands on these three program pillars:  

• Reach and Inspire – increasing knowledge of cyber threats and awareness of cyber career options 
• Engage and Elevate – building a diverse pipeline of future cybersecurity professionals and addressing challenges current cyber workers face that can lead to leaving the profession 
• Activate and Impact – providing cybersecurity resources to underserved organizations

Learn more about how you can support the Center with your talent, time and treasure at iamcybersafe.org.

The post The Center for Cyber Safety and Education Evolves Its Mission Statement appeared first on Cybersecurity Insiders.

February 26, 2023 at 09:09AM

Read More

How to protect your car dealership from cyber-attacks

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Recent trends show that car dealerships are becoming a prime target for cyber-attacks, partly due to the rise in autonomous and connected vehicles. This is in addition to more traditional attacks such as phishing. Therefore, car dealerships are urged to take measures to improve their cybersecurity. 

Throughout this article, we will focus on how to protect your car dealership from cyber-attacks, from technological solutions to raising staff awareness, and more. 

Why are car dealerships being targeted by cybercriminals?

Car dealerships collect a significant amount of data which is often stored on-site. This data includes things such as names, addresses, email addresses, phone numbers, and perhaps more importantly, financial information such as bank details and social security numbers. Gaining access to this database can be very lucrative for criminals. 

According to the Second Annual Global State of Cybersecurity Report by CDK Global in late 2022, 15% of all auto dealerships surveyed sustained a cyberattack that year, with 85% of the incidents occurring due to phishing specifically. The report also found that as customers move to a more mobile environment, dealerships will need to secure their desktops and mobile devices to protect against potential cyberattacks.

A cybercriminal’s life is made much easier if a car dealership uses outdated IT infrastructure and lacks sufficient processes in terms of protecting employee login details. 

How are car dealerships vulnerable to cybersecurity attacks?

Before we discuss how to protect your car dealership from a cyber-attack, it is important to know what makes a car dealership vulnerable, and what sort of attacks it could be subjected to. 

• Open Wi-Fi Networks – Many car dealerships have open Wi-Fi networks for their customers to use freely. However, this provides an opportunity for hackers who can potentially access other areas of the network that store sensitive data.
   
• Malware – Malware is possibly the most likely form of cyber-attack, targeting individuals within your organization with malicious email attachments that execute software onto the victim’s device. This software can then grant the attacker remote access to the system.
   
• Phishing – Phishing emails are much more sophisticated than they used to be, appearing much more legitimate, and targeting individuals within the company. If an email seems suspicious or is from an unknown contact, then it is advised to avoid clicking any links.
   
• User error – Unfortunately, anyone working for the car dealership, even the owner, could pose a risk to security. Perhaps using lazy passwords, or not storing log-in details in a safe place. This is why cyber security training is now becoming mandatory at most businesses. 

The consequences of cyber-attacks on car dealerships

If a small-to-medium-sized car dealership is the victim of a cyber-attack, then it can have a much bigger impact than just a short-term financial loss. Some smaller businesses that suffer a data breach may go out of business after such an event, losing the trust of their customer base, and failing to recover from the financial impact.

Research suggests that most consumers would not purchase a car from a dealership that has had a security breach in the past. Failing to prevent a cyber-attack and a criminal from gaining access to customer information is extremely detrimental to a business’s public image. 

How to protect your car dealership from cyber-attacks

Regardless of whether you already have security measures in place, it is always advised to assess how they can be improved and constantly be on the lookout for vulnerabilities within the organization. 

In this section, we will discuss how to improve cybersecurity within a car dealership, breaking down the process into three key stages. 

Stage one – Implementing foundational security

Establishing strong foundational security is key to the long-term protection of your business. When creating your foundational security strategy you should focus on seven main areas.

1. User permissions 

Ensure administrative access is only provided to users who need it as granting unnecessary permissions to standard users creates numerous vulnerabilities. Ensure that only the IT administrator can install new software and access secure areas. 

2. Multi-factor authentication 

Multi-factor authentication means more than just a traditional username and password system. Once the log-in details have been entered, users will also need to enter a PIN that can be randomly generated on their mobile phone, or issued periodically by the administrator.

For added protection, you could also implement a zero-trust strategy. 

3. Data backup recovery processes

The effects of ransomware attacks can be sometimes avoided if important files are regularly backed up, such as each morning. Once stored, there should also be procedures in place to quickly restore this data to minimize any downtime. 

4. Firewalls and other security software

Many car dealerships continue to use older firewall software and outdated security services. Newer, next-generation firewalls offer much more protection, securing even the deepest areas of the network while being more effective at identifying threats. 

5. Endpoint protection 

The endpoint refers to a user’s mobile device or computer that may be targeted by attacks such as phishing emails. Endpoint protection can help secure these devices, identifying malware and preventing it from spreading to other parts of the network.

As part of modernization efforts, some businesses are choosing to protect their phone systems by using a cloud solution.

6. Email gateways

Similar to the above, email and web scanning software is essential to protect data and business operations. This can identify threats and warn the user to prevent them from opening malicious links or opening suspicious attachments. 

7. Email training

Many businesses test their workforce by sending fake phishing emails to see how employees respond. If the correct actions are not taken, then the individual can be given cyber security training to raise their awareness so that they take appropriate action in the future. 

Stage two – security processes

Once all of the above has been assessed and the necessary course of action has been taken, it is time to think about the critical security processes that need to be implemented. These are vulnerability management, incident response, and training. 

1. Vulnerability management 

Firstly, an inventory of your assets (software and devices) needs to take place so you know what needs to be protected. Once this has been done, all software should be checked to determine if it has been patched with the latest update. 

Finally, vulnerability scans should be run on a monthly or quarterly basis. This can be done via penetration testing or an internal network scan. 

2. Incident response

Policies should be drafted in the case of an incident or data breach so the correct course of action can be taken in terms of contacting the necessary parties. Numerous people should also be trained to respond to an incident should a key individual, such as the IT manager not be present. 

Network analysis needs to take place immediately after an incident, whether this is in-house or externally. This is necessary for insurance purposes.

3. Training

Cybersecurity and Acceptable Use policies need to be created so everyone knows what needs to be done in the event of a breach and what their responsibilities are. This can be combined with thorough security training to increase awareness. 

Stage three – ongoing security activities

To ensure your business is protected at all times, it is vital that your IT team is on top of things and you do not rest on automated tasks and policies. 

Key activities include:

• Using an encrypted email solution
• Employing a VPN for remote workers to encrypt the connection
• Mobile device security, management, and protection 
• On-going monitoring, risk assessments, and sticking to best practices

Protecting your car dealerships from Cyber-attacks – summary

According to October, 2022 research from CDK Global, car dealerships are being targeted by cybercriminals who see them as an opportunity to steal sensitive information and financial details. This can be done in multiple ways including phishing scams and malware.

To tackle this, car dealerships should focus on three key areas: the business’ foundational security, implementing security processes, and performing key security activities on an ongoing basis.

The post How to protect your car dealership from cyber-attacks appeared first on Cybersecurity Insiders.

February 25, 2023 at 09:11PM

Read More

Latest Cyberthreats and Advisories – February 24, 2023

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023. 

Threat Advisories and Alerts 

NCSC Provides Recommendations on Supply Chain Security 

As the recent ransomware attack on ION Trading revealed, supply chain attacks can be devastating to a business and have knock-on effects for suppliers and customers alike. The U.K. National Cyber Security Centre recently published guidance on the topic to help companies address supply chain cyberthreats. The article provides detailed security recommendations, including how companies can map their supply chains, the type of supplier information to gather and how to address subcontractors in the supply chain.   

Source: https://www.ncsc.gov.uk/guidance/mapping-your-supply-chain  

PoC Exploit Released for Fortinet Flaw with a 9.8 Severity Score  

Security researchers at Horizon3 have released a proof-of-concept (PoC) exploit for a critical vulnerability (CVE-2022-39952) impacting multiple versions of Fortinet’s network access control suite, FortiNAC. The flaw has a severity score of 9.8, and if exploited, could allow attackers to achieve remote code execution. Users of FortiNAC 9.10 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 and all versions on the 8.3, 8.5, 8.6, 8.7 and 8.8 branches are urged to apply the appropriate security updates immediately.  

Source: https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-fortinet-rce-flaw-patch-now/  

Emerging Threats and Research 

19% of Brits Have Been Victims of Online Fraud 

A new survey by Finnish security vendor F-Secure has revealed that a fifth of adults in the U.K. have been victims of online fraud, experiencing identity theft, stolen passwords and theft of life savings. Why have so many Brits been affected? The survey, which polled 1,000 people in the U.K., may have an answer. It revealed that 60% of respondents think cybersecurity is too complex and 48% are unsure whether their devices are secure.   

Source: https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/  

GoDaddy Suffers Third Breach in Three Years 

In what is starting to seem like an annual event, web hosting and domain registrar giant GoDaddy has been hit with yet another breach. This time, threat actors stole source code and installed malware that intermittently redirected customers’ sites to malicious pages. According to GoDaddy, the attack’s purpose was to "infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities." The initial infection, which was first reported in December 2022 by upset customers, follows November 2021 and March 2020 breaches. An investigation into this most recent incident shows that all three breaches are connected.   

Source: https://thehackernews.com/2023/02/godaddy-discloses-multi-year-security.html  

FBI Contains Security Breach on Its Computer Systems 

The U.S. Federal Bureau of Investigation (FBI) has experienced a cyber incident, impacting computer systems used in child sexual exploitation investigations. The FBI has not revealed details of the breach but said in a statement, "This is an isolated incident that has been contained.” According to former FBI agent Austin Berglas, the incident is likely contained to a specific computer or network. For this reason, it’s unlikely classified information was accessed.  

Source: https://www.theregister.com/2023/02/17/fbi_security_incident/  

Thousands of NHS Employees Impacted by Data Leak 

The data of roughly 14,000 staff members at a NHS hospital trust in Liverpool, U.K. had their data leaked due to an email snafu. According to an apology letter to the victims, a file containing names, addresses, dates of birth and other sensitive information was sent to 24 external accounts and hundreds of NHS managers. “The spreadsheet file included a hidden tab which contained staff personal information. Whilst it was not visible to those receiving the email, it should not have been included in this spreadsheet,” the letter read. The 24 external recipients have since confirmed deletion of the spreadsheet.  

Source: https://www.infosecurity-magazine.com/news/data-leak-hits-thousands-of-nhs/  

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board. 

The post Latest Cyberthreats and Advisories – February 24, 2023 appeared first on Cybersecurity Insiders.

February 25, 2023 at 09:11PM

Read More

The Significance of Key Risk Indicators in Organisations

By Vivek Soni, CCSP

Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise to report risks, prevent calamity and remediate them promptly.

Risks to an organisation may vary based on their business environment and the respective business unit. For example, an IT service management team might worry about changes going into production without approvals, an Information Security Team might focus on preventing data compromise, a bank might be concerned with fraudulent bank accounts being opened, etc.

KRIs measure the potential risk related to specific decision that an organisation is considering as well as the risk inherent in the organisation’s day-to-day operations. It can be used by any organisation irrespective of their sizes and can be a foundation for security reporting to the executive level. The organisations can set targets and monitor these indicators for continuous improvement.

KRIs independently or in combination with other risk environment pertinent data, such as, loss events, assessment outcomes, and issues, offer considerable insights into the weaknesses within the risk and control environments.

Benefits of KRIs

• Early notice of potential risks that could harm the organisation.
• Quantifying each risk and its potential impact.
• Developing appropriate risk responses.
• Give insights into possible vulnerabilities in the organisation’s monitoring and control tools.
• Ongoing risk monitoring.
• Assurance to the senior management and shareholders on the security posture of the organisation.
• Greater trust levels from regulatory bodies perspective.

Differences Between KRIs and KPIs

Even though enterprises use the terms Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) interchangeably, they are two different tools with different purposes:

KPI	KRI
The measurement an organisation leverages to understand how well individuals, business units, projects and companies are performing against their strategic goals.	The measurement an organisation leverages to determine how much risk they are exposed to or how risky a particular venture or activity is.
These are backward Looking.	These are forward Looking.
Once an organisation has identified its strategic goals, KPIs serve as monitoring and decision-making tools   that help answer your organisation’s key performance questions.	By measuring the risks and their potential impact on business performance beforehand, organisations can create early warning systems that allow them to monitor, manage and mitigate key risks.
Answers the question: How are we doing against our goals?	Answers the question: What prevents us from achieving our goals?

Traits of Effective KRIs

When developing KRIs, the business context of the organisation plays a critical role. Some important questions to ask before the organisation begins its KRI journey:

• What kind of industry the organisation operates in?
• What different regulations/laws are applicable?
• What kind of risks the industry faces?
• What locations the business operates in?
• What external parties the organisation deals with and their requirements?

The characteristics of good KRIs include:

• Business Aligned: Linking key business attributes to the risks and identifying serious threats.
• Context Rich: Details about the people, processes, technologies, resources, and other aspects important to the success of the
• Risk Based: Identifying the risks and threats that the organization faces and how they will impact its day-to-day operations and
• Measurable: Metrics should be The data can be number, count, quantity, percentage, amount etc. but NOT texts, Yes/No questions, or reports.
• Management Buy-In: Approval of the KRIs by
• Repeatable: They should be easy to collect, parse, and report
• Standardised: Must be benchmarkable both internally and to industry

Challenges in developing KRIs

Many organizations encounter challenges when developing KRIs because they don’t tie to the business objective or do not address the risks associated with their development.

• Lack of accurate information or insufficient requirement
• Lack of risk-based approach in developing
• Lack of Management buy-in/approval.
• Lack of alignment with industry standards/benchmarks.
• Complex and Legacy System integration act as a blocker for the data which is required to develop metrics
• Failure to automate the collection of KRI values

Key Risk Indicators Examples

Risk	Metric Definition	Frequency	Reasoning
Data Loss	Percentage of Servers/Workstations backup Failure in a given Period.	Monthly	Change in server configuration or any upgrades in software can result in backup failure.
Data Loss	Percentage of Servers   using weak authentication protocols.	Monthly	Servers using weak authentication protocols can be a pathway for attackers to penetrate resulting into Information Leakage and Lateral Movement.
Compromised Systems/Data	Percentage of Critical Servers hosting sensitive/highly sensitive /Business Critical information where Logging is not Enabled.	Monthly	If logging is not enabled on Critical servers, the organisation will be unaware of any malicious activity/attacks.
Compromised Systems/Data	Percentage of Critical Servers missing patches.	Monthly	Missing critical patches may result into newly identified vulnerabilities being exploited by attackers.
Unauthorised Access	Percentage of Users whose access rights have not been reviewed within the last 90 days.	Monthly, Quarterly	Access rights if not reviewed timely can lead to unauthorised access by those who do not have business need to have that access.
Unauthorised Access	Number of Failed Attempts to Access User Accounts with Access to Sensitive Data.	Monthly	Access to sensitive information may be controlled and limited to those who have business need. If not it can cause serious harm to the organisation.
Unauthorised Access	Percentage of Network Devices not meeting the configuration standards.	Monthly	The Network devices not meeting the configuration standard can act as a pathway for threat actors to attack the weak configuration.
Malware/Virus Attacks	Percentage of Critical Servers that have not received a full malware scan within last 24 hours.	Daily, Weekly	Critical servers not undergoing a full malware scan with last 24 hours can be vulnerable and can be exploited by attackers.

 

Malware/Virus Attacks	Percentage of Critical Servers not running updated antivirus software.	Daily, Weekly	Critical servers without updated virus/malware signatures can be exploited by attackers.
Data Exfiltration	Average Time elapsed between formal reviews of Firewall Rules.	Monthly, Quarterly	Firewall rule reviews may help in discovering the need for additional rules and reveal unused rules – both outcomes improve overall security & firewall performance and ensures that unused rules cannot be used by external attackers for data exfiltration.
Service Interruptions	Percentage of Requests not resolved with the SLA (Service Level Agreement).	Monthly, Quarterly	A large percentage of issues that are not resolved within the desired time frame may increase the likelihood of productivity/capacity issues, service interruptions and potential customer service issues.
Service Interruptions	Percentage of IT Assets (Devices) Impacted by End-of- Life or Support.	Quarterly	A high percentage of devices with impending EoL dates may indicate that the company is using relatively outdated devices, and/or that it will be a large undertaking to procure and implement replacement devices soon.

Conclusion

To wrap it up, key risk indicators plays a crucial part in an organisation’s strategic risk management activities and day to day operations. To carve out an effective KRI library is one of the most vital steps for getting a proactive approach to risk management. Effectively designed KRI’s should act as an enabler to drive decisive action to manage risks, improve financial performance and provide the right level of board assurance that risks are under control.

To gain a holistic vision of key risk indicators, business people, risk professionals, Data Specialists, Software Engineers, UX Engineers and digital transformation experts must collaborate. Otherwise, an organisation may have tons of KRI’s with zero automation or highly automated alerts that nobody monitors.

 

References

• KRI (Key Risk Indicator): Understanding KRI and why is it important? (cyvatar.ai)
• (5) Key Risk Indicators; What Are They and Why Do They Matter So Much? | LinkedIn
• 64 Key Risk Indicators Examples with Definitions – KRIs for Technology Risk Management – OpsDog

The post The Significance of Key Risk Indicators in Organisations appeared first on Cybersecurity Insiders.

February 24, 2023 at 09:09PM

Read More