FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Friday, March 31, 2023

Business Wire's Website is Currently Unavailable

We apologize for the inconvenience. Our team is working to resolve the issue.

If you have questions or need to submit a news release, please contact your local Business Wire bureau:

  • US: +1.888.381.WIRE(9473)
  • Australia: +61 2.9004.7015
  • Canada: +1.416.593.0208
  • France: +33 1.56.88.29.40
  • Germany: +49 69.915066.0
  • Hong Kong: +852.3602.3091
  • Japan: +81 3.3239.0755
  • UK: +44 20.7626.1982

The post Business Wire's Website is Currently Unavailable appeared first on Cybersecurity Insiders.


April 01, 2023 at 10:57AM

PRODUCT REVIEW: Trend Micro Cloud One

As part of the Cybersecurity Insiders Product Review series, we are today reviewing Trend Cloud One, a comprehensive and powerful cloud security platform for developers, security teams, and businesses. Trend Micro Cloud One’s integrated platform approach considers cloud projects and objectives holistically, meeting the needs of cloud and security teams alike with cloud-native application protection platform (CNAPP) capabilities that provide connected protection throughout an organization’s entire cloud environment.

Plus, Cloud One delivers thoughtful application security from commit to runtime across all major cloud providers, integrating with the DevOps tools your organization already uses.

THE MOVE TO PLATFORM SOLUTIONS

In the past, organizations have been looking for best-of-breed point solutions to meet their specific cloud security needs in different areas. This approach has created some serious drawbacks, including insufficient protection of cloud-native apps that can be exploited by bad actors and overwhelmed security teams that receive alerts from multiple tools and dashboards – to name a couple.

In response to the challenges and shortcomings of this best-of-breed patchwork approach, organizations are increasingly prioritizing all-in-one solutions such as Trend Cloud One. These types of solutions offer an integrated platform approach to cloud security that allows security teams to save time and gain visibility, leading to operational efficiencies, tool consolidation, and streamlined compliance.

TREND CLOUD ONE PROVIDES COMPREHENSIVE CLOUD SECURITY

Trend Cloud One is built with flexibility in mind, recognizing that every digital transformation journey is different, and it delivers connected protection at every stage of an application’s lifecycle. So, whether your organization needs to integrate security into a mature DevOps toolchain, get quick visibility of your production environment without sacrificing performance and reliability, or deploy runtime protection on your critical production workloads, Trend Cloud One meets the security needs for organizations of all different cloud maturities, deployment models, and tool/platform choices.

Trend Cloud One provides robust, connected protection against threats in hybrid cloud environments, including source code repositories, virtual machines, containers, serverless functions, networks, APIs, endpoints, and file storage. The platform delivers security controls at every stage of the application’s lifecycle, safeguarding business-critical systems from malware, misconfigurations, vulnerabilities, and more.

As a result, Trend Cloud One helps organizations to secure their digital transformation, including cloud migration projects and cloud-native application development.

TREND CLOUD ONE SUPPORTS ORGANIZATIONS’ EVOLVING CLOUD PRIORITIES

1 – Cloud Migration: Trend Cloud One automates the discovery and protection of public, private, and virtual cloud environments while protecting the network layer. This provides flexibility and simplicity in securing cloud environments throughout the migration and expansion process. Customers gain increased visibility and consistent security throughout their hybrid cloud environments, with the most security controls and integrations within their existing toolsets.

2 – Cloud-Native Applications: With modern development practices and technologies like CI/CD, containers, and serverless, customers demand cloud-native application security with connected protection throughout their application’s lifecycle. Customers also want the assurance that their cloud services meet security best practices. Incorporating these practices empowers developers to address application risk across development toolchains, CI/CD pipelines, and production environments.

3 – Cloud Operational Excellence: With Trend Cloud One, organizations can automatically evaluate how well cloud services align to cloud configuration best practices and industry compliance standards. This way, customers can embrace a DevOps culture by empowering teams to build better architecture and applications in the cloud while having the necessary guardrails to grow and scale business safely and securely.

TREND CLOUD ONE DELIVERS A COMPLETE CLOUD SECURITY PLATFORM

Cloud Sentry delivers visibility of the threats in cloud environments with quick, actionable insights with the context of applications.

  • Identifies threats in minutes with no performance impact, all without removing customer data from the environment.
  • Provides context-rich insights into risks, which help prioritize and implement mitigations.
  • Visibility of all resources and security findings by AWS account in Trend Cloud One Central. Customers can review results and remediate with one click. File Storage Security provides security for cloud file and object storage services like Amazon S3.
  • Fast, automated scanning for malware in cloud storage, regardless of file size or type.
  • Customer data never leaves their environment.
  • Backed by industry-leading Trend Micro Research to protect customers from the latest threats, zero-day vulnerabilities, and more.

File Storage Security provides security for cloud file and object storage services like Amazon S3.

  • Fast, automated scanning for malware in cloud storage, regardless of file size or type.
  • Customer data never leaves their environment.
  • Backed by industry-leading Trend Micro Research to protect customers from the latest threats, zero-day vulnerabilities, and more.

Conformity offers cloud security posture management (CSPM) with automated rules and checks for cloud services.

  • Automatically check your cloud environment’s configurations in real time against nearly 1,000 cloud service configuration best practices across 90+ services from AWS, Microsoft® Azure®, and Google Cloud Platform.
  • Run continuous scans against hundreds of industry best-practice checks, as well as an organization’s own custom checks.
  • Scan infrastructure-as-code templates to ensure only the most secure and compliant infrastructure gets deployed.

FAST DEPLOYMENT

Depending on your security requirements, relevant Trend Cloud One services can be deployed in as little as a few minutes. For larger deployments requiring more complex or custom implementations, it can take up to one month to deploy Cloud One in their environments.

Trend Cloud One is available for purchase via both the AWS and Azure Marketplaces with a custom annual license or pay-as-you-go model. When purchased through one of the Marketplaces, new customers enjoy a free 30-day trial and gain access to always-free tiers.

HOW TREND CLOUD ONE SIMPIFIES CLOUD SECURITY

  • Automated: Save time while gaining complete visibility and control via integrated CNAPP capabilities. Automated deployment and discovery lead to operational efficiencies and accelerated, streamlined compliance.
  • Flexible: Turnkey integrations, broad APIs, and powerful cloud-native application protection platform (CNAPP) capabilities. Customers can procure the services they want the way they want, and deploy those services the way they need.
  • All-in-one: Meet the needs of cloud and security teams alike with CNAPP capabilities that provide connected protection throughout entire cloud environments. Trend Cloud One delivers thoughtful application security from commit to runtime across all major providers, integrating with the DevOps tools organizations already use.

“Trend Micro is the largest player in the cloud workload security market. Security teams are struggling to keep up with the rapid pace of development as business-critical cloud infrastructure and applications are deployed across complex hybrid cloud environments. Not only do organizations need visibility, but they also need real ways to address threats and reduce risk. Trend Micro delivers that with Cloud Sentry.” – Forrester Research

ABOUT TREND MICRO
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for cloud environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

For more information, visit www.TrendMicro.com

[Download this product review as a PDF here]

The post PRODUCT REVIEW: Trend Micro Cloud One appeared first on Cybersecurity Insiders.


March 31, 2023 at 11:53PM

NHS IT systems under disruption threat due to cyber attack on Capita

Capita, an internationally acclaimed business processing & outsourcing firm, is experiencing a sudden halt in the operations of its IT services and suspects a cyber attack behind the disruption. However, the company is yet to reveal it on an official note and assured that it will definitely do so after a detailed investigation gets completed.

Those from the company and familiar with the incident state that the incident could be the work of a ransomware gang or some notorious group operating on the funds of Russian intelligence GRU.

But as they are still busy gathering evidence, they are not in a position to make it official.

As Capita manages IT services for NHS, and the British Army and also conducts annual IT maintenance at the British Submarine Training Centre, and the Ministry of Defense. The IT disruption can lead to service failure at the said government agencies, prompting the government to take serious steps to mitigate the risks associated with the attack.

Apart from the above-stated services, the company also looks after the digital operations of London’s Road Charging system, and the Department of Work and Pensions disability.

Currently, email systems and phone lines are not operating and so the staff is resorting to the usage of radios, pens & paper to cater to the regular admin needs of the company.

National Cyber Security Centre, the cabinet office, and the intelligence had been alerted about the cyber incident and they have started an independent probe, respectively.

NOTE- Apart from the UK, Capita also has its business presence in Asia, Africa, and Europe and is now listed on the London Stock Exchange.

 

The post NHS IT systems under disruption threat due to cyber attack on Capita appeared first on Cybersecurity Insiders.


March 31, 2023 at 08:38PM

Gamers playing with real money should be wary of scammers.

Are you one of those who play games by investing real money to earn double or triple the amount in return? If yes, then you should be wary of scammers who are indulging in various kinds of gaming frauds.

Account switching, account takeover, fake identity and promo abuse, money laundering, phishing scams, and fake websites intended to steal sensitive information are some of the frauds targeting gamers these days.

Apart from these, there are also large-scale gaming frauds lurking in the gaming space. Hackers develop a website and offer a wallet to users to make money and transfer the amount scored in their wallet to other accounts. However, as soon as the user wins the trust, the gaming website drains all the money accumulated in the wallets of users and shuts down the site, making the users lose their investment as well as their hard-earned money.

So, how can you protect yourself from falling prey to such scams? It’s simple: just be vigilant and follow these steps to make your living out of gaming secure:

1.) Always enable MFA for accounts and wallets that offer better security when it comes to storing and transferring funds.

2.) Installing an anti-malware solution helps identify online threats beforehand and safeguards the device from falling prey to phishing.

3.) If you are still using public Wi-Fi and devices that are meant for public use (like computing devices in internet cafes), ensure that you always log out of your account.

4.) Never download apps and extensions from external sources other than the website, as it could push you into a scam.

5.) Never trust those you meet in a gaming chatroom and never hand over your personal financial details to them, as chatrooms are turning into earning paradises for some nasty minds.

6.) While buying games online, make sure that you purchase them from an approved vendor.

7.) Most reliable gaming platforms offer customer support to report violations and scams, so it’s better to ensure that the service provider is hosting such a service before indulging in the games.

8.) Many gaming platforms are becoming KYC compliant as they can know who the user is and track them down when anything suspicious takes place due to them.

Gaming frauds are a serious threat, so it’s essential to take precautions and protect yourself from scammers.

The post Gamers playing with real money should be wary of scammers. appeared first on Cybersecurity Insiders.


March 31, 2023 at 11:24AM

Thursday, March 30, 2023

BlackGuard stealer extends its capabilities in new variant

AT&T Alien Labs researchers have discovered a new variant of BlackGuard stealer in the wild, infecting using spear phishing attacks. The malware evolved since its previous variant and now arrives with new capabilities.

Key takeaways:

  • BlackGuard steals user sensitive information from a wide range of applications and browsers.
  • The malware can hijack crypto wallets copied to clipboard.
  • The new variant is trying to propagate through removable media and shared devices.

Background

BlackGuard stealer is malware as a service sold in underground forums and Telegram since 2021, when a Russian user posted information about a new malware called BlackGuard. It was offered for $700 lifetime or $200 monthly, claiming it can collect information from a wide range of applications and browsers.

In November 2022, an update for BlackGuard was announced in Telegram by its developer. Along with the new features, the malware author suggests free help with installing the command & control panel (Figure 1)

announcement in Telegraph

Figure 1. Announcement of new malware version in its Telegram channel.

Analysis

When executed, BlackGuard first checks if another instance is running by creating a Mutex.

Then to ensure it will survive a system reboot, the malware adds itself to the “Run” registry key. The malware also checks if it's running in debugger mode by checking TickCount and checking if the current user belongs to a specific list to determine whether it is running in a malware sandbox environment. (Figure 2)

Blackguard avoiding detection

Figure 2. Malware will avoid execution if running under specific user names.

Now all is ready for stealing the user’s sensitive data. It collects all stolen information in a folder where each piece of data is stored in a specific folder, such as Browsers, Files, Telegram, etc. (Figure 3)

Blackguard main folder

Figure 3. BlackGuard main folder with stolen data divided into folders.

When it finishes collecting sensitive data, the malware will zip the main folder using the password “xNET3301LIVE” and send it to its command & control. (Figure 4)

Zipped exfiltration data

Figure 4. Zipping exfiltrated data with password and uploading to command & control.

Browser stealth

Along with collecting cookies, history and downloads of different browsers, BlackGuard also looks for the existence of special files and folders of different browsers. (This includes “Login Data”, AutoFill, History and Downloads. (Figure 5)

 Blackguard collecting browser information

Figure 5. Collecting browser information.

Below is the list of browsers BlackGuard is looking for:

Chromium

Chrome

ChromePlus

Iridium

7Star

CentBrowser

Chedot

Vivaldi

Kometa

Elements Browser

Epic Privacy Browser

uCozMedia

Sleipnir5

Citrio

Coowon

liebao

QIP Surf

Orbitum

Comodo Dragon

Amigo

Torch

Comodo

360Browser

Maxthon3

K-Melon

Sputnik

Nichrome

CocCoc

Uran

Chromodo

Opera

Brave-Browser

Edge

Edge Beta

OperaGX

CryptoTab browser

 

In addition, the malware steals Chrome, Edge, and Edge Beta browsers’ crypto currency addons data. It supports the addons listed below by looking for their hardcoded installation folder path in “MicrosoftEdgeUser DataDefaultLocal Extension Settings”. For example, the specific folder for “Terra Stations” is “ajkhoeiiokighlmdnlakpjfoobnjinie”. BlackGuard looks for Edge/EdgeBeta addons listed below:

Auvitas

Math

Metamask

MTV

Rabet

Ronin

Yoroi

Zilpay

Exodus

Terra Station

Jaxx

 

 

For Chrome it looks for those addons:

Binance

Bitapp

Coin98

Equal

Guild

Iconex

Math

Mobox

Phantom

Tron

XinPay

Ton

Metamask

Sollet

Slope

Starcoin

Swash

Finnie

Keplr

Crocobit

Oxygen

Nifty

Keplr

Forbole X

Slope Wallet

Nabox Wallet

ONTO Wallet

Goby

FINX

Ale

Sender Wallet

Leap Wallet

Infinity Wallet

Zecrey

Maiar Wallet

Flint Wallet

Liquality

 

 

 

Cryptocurrency

The malware also steals cryptocurrency wallets. It copies the wallet directory for each of the following crypto wallets below and sends them to its command & control.

Zcash

Armory

Jaxx Liberty

Exodus

Ethereum

Electrum

Atomic

Guarda

Zap

Binance

Atomic

Frame

Solar wallet

Token Pocket

Infinity

 

It will also query the registry for the installation path of “Dash” and “Litecoin” keys and do the same.

Messaging and gaming applications:

BlackGuard supports the stealing of a wide range of messaging applications. For some of the applications such as Telegram, Discord and Pidgin, the malware has a specific handler for each. For example, for Discord, it copies all data for the following folders in the Application Data folder which stored the Discord tokens: “DiscordLocal Storageleveldb”, “Discord PTBLocal Storageleveldb”, “Discord Canaryleveldb”. In addition, it copies all strings in files with the extension of “.txt” and “.ldb” if they match Discord’s token regular expression. (Figure 6)

BlackGuard stealing Discord data

Figure 6. Stealing Discord’s tokens and data.

Below is the list of messaging applications the malware looking to steal sensitive information from:

Discord

Telegram

Tox

Element

Miranda NG

Signal

Adamant-IM

Wire

WhatsApp

Vipole

Proxifier

Steam

Pdgin

Battlet net

 

 

Outlook, FTP, VPN, and other applications

BlackGuard steals login data and other sensitive information from additional communication programs. For email applications, the malware queries specific Outlook registry keys under the CURRENT_USER hive to extract user, password and server information. (Figure 7)

exfil of Outlook data

Figure 7. Exfiltration of Outlook stored information.

The malware also handles different FTP and VPN applications to extract stored users and passwords. For example, for NordVPN, the malware will search the application’s folder and if found, it parses all user.config files to extract the users and passwords. (Figure 8)

exfil NordVPN data

Figure 8. Exfiltrating NordVPN information.

In addition to Outlook and NordVPN, BlackGuard also steals information from WinSCP, FileZilla, OpenVPN, ProtonVPN and Total Commander.

Other data collected      

Additionally, the malware also collects information from the machine such as anti-virus software installed on the machine, external IP address, localization, file system information, OS and more.

New BlackGuard features

Crypto wallet hijacking

In addition to stealing crypto wallets saved/installed on the infected machine, BlackGuard is hijacking cryptocurrency addresses copied to clipboard (such as CTRL+C) and replacing them with the threat actor’s address. This can cause a victim to send crypto assets to the attacker without noticing it when trying to transfer/pay to other wallets. This is done by tracking any content copied to the clipboard and matching it to relative different crypto wallets’ regex. (Figure 9)

regex to search

Figure 9. Specific regex to search in clipboard for listed coins.

Once there is a match, the malware will query its command and control for the alternative wallet and replace it in the clipboard instead of the one that was copied by the user. The malware supports stealing the popular crypto assets below:

BTC (Bitcoin)

ETH (Ethereum)

XMR (Monero)

XLM (Stellar)

XRP (Ripple)

LTC (Litecoin)

NEC (Nectar)

BCH (Bitcoin Cash)

DASH

 

Propagate through shared / removable devices

Although this feature was limited since Windows 7 to be used only for CDROM, the malware copies itself to each available drive with an “autorun.inf” file that points to the malware to execute it automatically. This includes removable and shared devices. For example, if a USB device is connected to an old version of Windows, the malware will be executed automatically and infect the machine. (Figure 10)

BlackGuard propagating

Figure 10. Propagate to all available drives.

Download and execute additional malware with process injection

The new variant of BlackGuard downloads and executes additional malware from its command & control. The newly downloaded malware is injected and executed using the “Process Hollowing” method. With that the malware will be running under legitimate/whitelisted processes and can make more detection more difficult. (Figure 11)

BlackGuard process injection

Figure 11. Download and execute additional malware using process injection.

The targeted process is RuntimeDirectory folder, RegASM.exe (C:WindowsMicrosoft.NETFramework64runtime_versionRegAsm.exe)

Massive malware duplication

The malware copies itself to every folder in C: drive recursively, each folder the malware generates a random name to be copied to. This feature is not common for malware, and this is mostly annoying, as the malware gains no advantage from that.

Persistence
The malware added persistence to survive system reboot by adding itself under the “Run” registry key. (Figure 12)

BlackGuard registry persistence

Figure 12. Setting registry persistence.

Documents – stealth activity

The malware searches and sends to its command and control all documents end with extensions “.txt”, “.config”, “.docx”, “.doc”, “.rdp” in the user folders (including sub directories): “Desktop”, “My Documents”, UserProfile folder.

Detection methods

The following associated detection methods are in use by Alien Labs. They can be used by readers to tune or deploy detections in their own environments or for aiding additional research.

SURICATA IDS SIGNATURES

 

2035716: ET TROJAN BlackGuard_v2 Data Exfiltration Observed

2035398: ET TROJAN MSIL/BlackGuard Stealer Exfil Activity

 

Associated indicators (IOCs)

The following technical indicators are associated with the reported intelligence. A list of indicators is also available in the OTX Pulse. Please note, the pulse may include other activities related but out of the scope of the report.

TYPE

INDICATOR

DESCRIPTION

IP ADDRESS

http://23[.]83.114.131

Malware command & control

SHA256

88e9780ce5cac572013aebdd99d154fa0b61db12faffeff6f29f9d2800c915b3

Malware hash

 

Mapped to MITRE ATT&CK

The findings of this report are mapped to the following MITRE ATT&CK Matrix techniques:

  • TA0001: Initial Access
    • T1091: Replication Through Removable Media
  • TA0002: Execution
    • T1106: Native API
    • T1047: Windows Management Instrumentation
  • TA0003: Persistence
    • T1547.001: Registry Run Keys / Startup Folder
  • TA0005: Defense Evasion
    • T1027: Obfuscated Files or Information
  • TA0006: Credential Access
    • T1003: OS Credential Dumping
    • T1539: Steal Web Session Cookie
    • T1528: Steal Application Access Token
    • T1552: Unsecured Credentials
      • .001: Credentials In Files
      • .002: Credentials In Files
  • TA0007: Discovery
    • T1010: Application Window Discovery
    • T1622: Debugger Evasion
    • T1083: File and Directory Discovery
    • T1057: Process Discovery
    • T1012: Query Registry
    • T1082: System Information Discovery
    • T1497: Virtualization/Sandbox Evasion
  • TA0008: Lateral Movement
    • T1091: Replication Through Removable Media
  • TA0009: Collection
    • T1115: Clipboard Data
    • T1213: Data from Information Repositories
    • T1005: Data from Local System
  • TA0011: Command and Control
    • T1071: Application Layer Protocol
    • T1105: Ingress Tool Transfer
  • TA0010: Exfiltration
    • T1020: Automated Exfiltration

The post BlackGuard stealer extends its capabilities in new variant appeared first on Cybersecurity Insiders.


March 31, 2023 at 09:09AM

Real Talk with CCSPs: An Interview with Panagiotis Soulos

MAR-Blog-CCSP_Interview_Panagiotis_Soulous_Web-Banners-1024x512“Cloud is the present, and the future. It affects everything, every day, both in business and our personal lives.” With these words Panagiotis Soulos summarizes his philosophy of why the CCSP credential is important to any cybersecurity professional. Panagiotis holds the position of the Global Information  Security Manager in Global Information Security at Intrum. We recently had the opportunity to learn more about his career.

Q: What is your current position at Intrum?

A: I recently changed positions, moving from Information Security Officer, into leading a new unit that will be help Intrum to manage and control all aspects of their information security compliance. Another colleague will take over my former role. I will be a leader of a team that will manage and create the formal security control framework that we will use in all our markets to identify any gaps, as well as assess the maturity or information security of each market. Let me give you a little of information about Intrum. It has a presence in 24 European countries, plus Brazil. While I'm very excited about it, it's not an easy task as you can imagine. There are many countries and markets to be assessed.

Q: What types of problems does the company solve?

A: Intrum is involved with nonperforming loans; servicing loans from debt, which, most of the time, are owned by investors. We support companies to help improve their cash flows and improve their profitability. We have more than 10,000 employees as a group, and we serve more than 80,000 companies.

Q: Going back to the beginning of your career, what attracted you to cybersecurity?

A: That happened while finishing my bachelor's degree in 2004. I was motivated by another student who was about to take the master's degree for network security in the UK at Royal Holloway. I was also looking to work on my master's degree, and cybersecurity sounded very interesting; to be involved in how to protect information, and to learn more about cyberattacks, as well as to understand the technical skills of how to bypass controls and gain access to systems, but always on the ethical side.

Q: What was your first cyber cybersecurity job?

A: The army was the first time that I got involved with something more related to cybersecurity, but my really intense involvement was in 2015 when I moved into the cybersecurity team in a banking institution here in Greece. That's where I was mainly involved with cybersecurity risk and vulnerability assessments, and then overseeing the information security policy.

Q: What prompted you to decide to focus more on the security aspects?

A: I always want to learn more and make advantages in my career. I was working in a system administrator capacity at the bank, and I wanted to know more about cybersecurity and follow the part of my master’s degree. I decided to apply to move internally to the cybersecurity team, which was not an easy position to get into, but they accepted me, and that was the job that got me into where I am now.

Q: Your first (ISC)² certification was the CISSP. What prompted you to pursue that credential?

A: After completing my master’s degree, I knew that the CISSP designation had a broad reach in cybersecurity, I wanted to further validate my skills.

Q: What then prompted you to undertake the Certified Cloud Security (CCSP) qualifications?

A: Well, as I say, cloud is in the present, and it will be here in the future. It affects everything, every day, both in business and our personal lives. Every company will always have a footprint in the cloud. The CCSP is a credential that – as a cybersecurity professional – you need to invest in. It is an asset that will serve you for years. That's why I started training in cloud security. I think every cybersecurity professional should go in this direction.

Q: Did you have any formal training or other resources that you used to prepare for your examination?

A: Yes. I took the official (ISC)² CCSP online self-paced course. I had that for six months, including the flashcards and preparation exam test of 100 questions. I was working at the same time, and it was challenging to remain devoted to the training. I started slowly. I started in March. Here in Greece, August is one of the months that most of the people go on vacation, so I used all that time and finished up in September and took the exam.

I was making notes; hundreds of notes! That helps me to assimilate the information and the knowledge better. Then, it took me about two months of more intense studying before I took the exam. During my first sessions, I was looking at my notes, and then I was making another set of notes, but more compact this time. Then I took preparation questions. There are the official preparation exam tests I used. I took all those preparation exams. It felt like there were a thousand questions in these exams, and I took them all!

I also used the free material from Cloud Security Alliance (CSA). There are also specific groups within the (ISC)² Community site with other professionals who want to take the CCSP exam. The community site is free to log in. You do not have to be a member of (ISC)² to get access to that. Finally, before taking the exam I had four days off. I made even more notes which were used to study the last day before the exam. It's not an easy exam. I, in the last four days I was studying for 12 to 14 hours. Yeah, that was intense, but I wanted to be well prepared and 100% sure I would pass the exam. The exam that I took was only available at 125 questions because it is changing to a new exam format in August (2022). With that exam, you had three hours to complete it, and once you answered one question, you moved to the next one; you were not able to go back.

Q: Did anything surprise you about the content that you learned, anything that you weren't expecting, or anything that was just different from how you'd expected it to be?

A: I was surprised with the deep knowledge I gained, because I was already involved in cloud assessments and reviewing cloud installations. It is a very well structured course, and what also surprised me is how up to date this information is. All of the information in is relevant today. It also surprised me that it is changing again. This is a very good achievement for (ISC)².

Q: Did the course material change anything you were doing from your work perspective?

A: It changed the way I was reviewing cloud implementations and applications, having better knowledge, how this things work in the background, I was able to ask more relevant questions. It also helped me to get the CCSP certification.

Q: Has the CCSP designation had an impact on your career? Do you see the certification as a way to advance someone’s career?

A: The CCSP credential is one that I recognize as an advanced level. Having this knowledge, and the certification, is a validation of skills. It distinguishes a person from other cybersecurity professionals. It is an asset I will continue to maintain. It opened the right doors and made the difference for me getting to move internally in the group at Intrum.

Q: Is your new job something that you've always wanted to do? What attracted you to this new position?

A: What brought me to the position is that it intrigued me. The challenges involved with multicultural countries and other markets is wonderful. We are involved with diverse populations, and that is very significant and educational as well. This is in the career path I want to have. From the administrative side, the compliance part of cybersecurity, and information security is extremely satisfying. The core of it is that you should be able to know how to audit or to assess a control. You have to know what it is you are able to do, and to know what options are available, what you should do in order to have the assurance that a threat or risk is mitigated correctly, and that a policy is appropriate.

Q: What are your ambitions for the future for your career? What would you like? What would you want your career to be like?

A: I want to advance more, so my goal is to be a Chief Information Security Officer. I want to keep moving up upwards as long as I'm able to do that.

Q: Can you tell us about an achievement or contribution that you're really proud of that you've achieved in your career?

A: I've been involved with many cybersecurity awareness exercises for the general public. When I was first elected as the Secretary of the (ISC)² Hellenic Chapter, I lead the team of 13 cybersecurity professionals in order to translate the Safe and Secure Online materials to Greek. That took us around one year, during which we had physical presentations for the parents. We were the first chapter to present the material online to the parents during the pandemic. We have also collaborated with other non-profit and private educational organizations to promote online security for children, as well as the general public, by creating cybersecurity awareness animation videos. I was also part of an interview as a subject matter expert for a local national television series called The Network, where they presented achievements in technology along with related cybersecurity risks for kids. We were recognized with a bronze award in Public Cybersecurity Awareness at the first Greece Cybersecurity Awards 2022 by Boussias. That is one of my favorite accomplishments.

Creating the materials takes a lot of time and effort, but once I started, it flowed naturally. And I wanted to do more, because I was getting positive feedback, whether I was making presentations to various audiences, or from other colleagues. We also saw what the outcomes were from what we did, and it was very encouraging to move forward.

Q: How do you make sure your skills stay cutting edge? How do you like to keep learning?

A: All (ISC)² members are required to submit a certain number of Continuing Professional Education (CPE) credits each year. You can gain credits from various activities, for instance, delivering presentations, or taking part in, or and attending online or physical conferences, watching webinars, or taking trainings. There are technical assessments for someone who is more technical, like “Hack the Box” that have a collaboration with (ISC)². This all helps a person to keep up with developments in the industry.

Q: What do you think are some of the biggest challenge challenges for cloud security right now?

A: I've been engaged with cloud for more than 10 years, and I have seen many developments in the cloud infrastructure, and the way cloud services work. And I'm sure that we'll see many new developments coming as well. So, we know that new developments and new technologies introduces new threats. When we combine that with the global cybersecurity skills gap, it presents a lot of challenge to anticipate in the coming years.

To combat that, we have to use specific strategies, such as zero trust architectures, and defense in depth solutions. We also need to combine these with best management practices. And, of course, above all, we need to have user awareness embedded in this; from the top level, to the lowest employee in the company. Everyone needs to know and understand the value of cybersecurity. This is also why I participate in public awareness presentations. It is important to inform the general public that security is not something that only happens when we are at work, and not only something that the companies have do to protect their information or company information. It has to carry over to everyone’s personal lives. We all have personal information that we want to protect, and these two concepts are combined. If we understand the value of protecting our own information, then we can understand why this is needed at work too. Cybersecurity is everyone's responsibility.

Q: Who inspires you in the world of cybersecurity?

A: I have many conversations with colleagues and other professionals from the(ISC)² chapter, and friends who are in the same industry. There are so many unsung heroes. Some of the more prominent names include Ramses Gallego, who is a very vivid presenter. I always enjoy hearing him, and I have met him. I enjoy having conversations with Ramses. One other more public professionals is Ira Winkler. His latest book is “You can stop stupid : Stopping Losses from Accidental and Malicious Actions”. And, of course, I'm inspired by the veterans like Kevin Mitnick, and Bruce Schneier.

Q: What advice would you give to those who might be considering cloud security as a career option?

A: They should certainly consider it, because it is the way to move forward. Cloud is the present, and the future, so it's here to stay. Everyone will use it. It is what we're going to see over the next years. So, being prepared in that field is something that will be a career asset. You have to be able to understand how it works, what are the roles, and deployment models. And, of course, the most important is to understand the shared responsibility model. Cybersecurity is everyone's responsibility, and especially in the cloud, when using services from vendors, depending on the model, an amount of responsibility is placed with them. You have to be able to understand this and to know this in order to protect what is at stake.

Panagiotis is a consummate professional, and an altruistic contributor to the cybersecurity profession. His accomplishments, outlook, and his positive spirit are invigorating.

Learn how you can improve your cloud skills, and accelerate your career here.

The post Real Talk with CCSPs: An Interview with Panagiotis Soulos appeared first on Cybersecurity Insiders.


March 31, 2023 at 09:09AM

3CX Desktop App Supply Chain Attack Targets Millions – Known Facts and First Expert Comments

News is breaking about a software supply chain attack on the 3CX voice and video conferencing software. 3CX, the company behind 3CXDesktopApp, states to have more than 600,000 customers and 12 million users in 190 countries. Notable names include American Express, BMW, Honda, Ikea, Pepsi, and Toyota.

Experts believe the supply chain attack, which was maliciously sideloaded, targets downstream customers by installing popular phone and video conferencing software that has been digitally authenticated and modified.

Known Details

Cybersecurity vendors have identified an active supply chain attack on the 3CX Desktop App, a voice and video conferencing software used by millions. SentinelOne researchers are tracking the malicious activity under the name SmoothOperator, which began as early as February 2022, with the attack possibly commencing around March 22, 2023.

The trojanized 3CX desktop app serves as the first stage of a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub, ultimately leading to a third-stage infostealer DLL. The attack affects the Windows Electron client (versions 18.12.407 and 18.12.416) and macOS versions of the PBX phone system.

The final payload is an information stealer capable of gathering system information and sensitive data stored in Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox browsers. The macOS sample carries a valid signature and is notarized by Apple, allowing it to run without the operating system blocking it.

Huntress reported 242,519 publicly exposed 3CX phone management systems. Symantec said the information gathered could allow attackers to gauge if the victim was a candidate for further compromise. CrowdStrike attributed the attack with high confidence to North Korean nation-state actor Labyrinth Chollima (aka Nickel Academy), a sub-cluster within the Lazarus Group.

3CX CEO Nick Galea stated the company is working on a new build and advises customers to uninstall the app and reinstall it or use the PWA client as a workaround. The Android and iOS versions are not affected.

3CX is urgently working to release a software update in response to the SmoothOperator supply chain attack that targets millions of users. The affected 3CX Desktop App is popular for voice and video conferencing, with over 600,000 customers and 12 million users worldwide, including American Express, BMW, Honda, Ikea, Pepsi, and Toyota.

The attack exploits the DLL side-loading technique, and telemetry data reveals the attacks are limited to Windows Electron (versions 18.12.407 and 18.12.416) and macOS versions of the PBX phone system. The GitHub repository hosting the malicious files has been taken down.

The final payload can steal sensitive data from popular browsers, including Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox. CrowdStrike has attributed the attack to a North Korean nation-state actor known as Labyrinth Chollima, a sub-cluster within the Lazarus Group.

As a temporary solution, 3CX has urged customers to uninstall and reinstall the affected app or use the PWA client while the company works on a new build. Android and iOS versions remain unaffected. Further updates on the situation will be provided as new information emerges.

Expert Comments

Tyler Farrar, CISO, Exabeam

“Any adversary, regardless of whether it is a novice or the work of nation-state actors like the Lazarus Group, is going to go for the path of least resistance to meet their end goal. Weaknesses in the supply chain are one of the simplest, yet most successful, ways to do that. In the case of 3CX, the threat actors were likely not going after the company itself, but the data from its 12 million global customers. Rather than attempt to attack each of the customers individually, the adversaries figured it would be easier to break through 3CX — and they were correct.

Unfortunately, attacks like these are going to become more and more common and I anticipate software supply chain attacks to be the No.1 threat vector of 2023. As a result, I encourage organizations to create a thorough vendor risk management plan to vet third parties and require accountability to remain vigilant, and potentially stop devastating consequences when third-parties are compromised.”

Anand Reservatti, CTO and co-founder, Lineaje

“The 3CX VOIP ‘Trojanizing’ the software supply chain attack is the latest proof point of why companies need to know ‘what’s in their software?’

Companies are still suffering from the fallout of SolarWinds, and now another software supply chain attack is playing out and putting millions of software producers and consumers at risk. The 3CX CEO today asked customers to uninstall the application, but for those who might have missed the notification or who don’t know what’s in their software bill of materials (SBOM) risk destroying their brand and business.

It is critical to understand that not all software is created equal. The 3CX attack was caused when the Electron Windows App got compromised due to an upstream library. It is clear that 3CX has not deployed any tools to accurately discover and manage their software supply chain. So, in order to protect the software supply chain you have to shift to the “left of the shift-left mentality.” Because the software itself is malicious and not straight malware, vulnerability and malware scans fall short as well.

This type of attack is particularly challenging for technologies such as vulnerability and malware scans or CI/CD to detect. You need a solution that can do the following:

1) Discover software components and creating entire genealogy-including all transitive dependencies

2) Establish integrity throughout the supply chain without relying on any external tooling and their assertion

3) Evaluate inherent risk by determining examining each component of the software

4) Remediate inherent risks strategically in order to address the most critical components based on the genealogy

Knowing what’s in your software comes only by knowing what’s in your software supply chain. It’s why it is critical to work with solutions that can attest to the integrity of your software supply chain of all software built and bought. With more details surfacing including possible ties to a nation-state hacking group, it is essential for software producers and consumers to be able to attest to what exactly is in their software to prevent devastating consequences.”

Kayla Underkoffler, Lead Security Technologist, HackerOne

“Cybersecurity professionals already face an uphill battle as defenders; our 2022 Attack Resistance Report found that about one-third of respondents monitor less than 75% of their attack surface, and almost 20% believe that over half of their attack surface is unknown or not observable. The complexity of attack surface monitoring compounds as attackers take the fight to a more granular level by targeting supply chain vulnerabilities.

And unfortunately, that’s exactly what we’re seeing. Malicious actors now strive to embed themselves more deeply within the enterprise tech stack because cybercriminals understand the potential impact of accessing the most sensitive areas of an organization’s network. This can be done through critical dependencies within the software supply chain or a seemingly unchecked corner of the environment.

That’s why it’s critical organizations understand what’s in their environment and how that software  interacts with their critical business processes. It’s no longer enough to just document components and dependencies once in the development lifecycle and be done. Today, organizations must proactively consider new solutions to prevent attacks.

An example of tools in use today for active monitoring of software include IBM’s recently developed SBOM Utility and License Scanner: two open-source tools that facilitate and standardize SBOM policies for organizations. These help build a living, breathing inventory of what’s in use in an organization’s current environment so organizations can respond quickly to software supply chain disruptions. Ethical hackers are also proven to be creative resources, skilled at identifying open source and software supply chain vulnerabilities, as well as undiscovered assets that may impact an organization’s software supply chain.”

The post 3CX Desktop App Supply Chain Attack Targets Millions – Known Facts and First Expert Comments appeared first on Cybersecurity Insiders.


March 31, 2023 at 05:36AM

The Human Aspect in Zero Trust Security

Zero trust security has become a buzzword in the cybersecurity world, emphasizing the need for a more robust and reliable security model. While most guides and articles focus on the technical aspects, there is a crucial element often overlooked: the human aspect and the organizational culture change required for a successful zero trust implementation. In this blog post, we will delve into the essential components of incorporating the human factor and fostering a security-aware culture to maximize the effectiveness of your zero trust security strategy.

  1. Building a Security-Aware Culture

For any security model to work, it is crucial to create a culture where every employee understands the importance of security and their role in maintaining it. This involves regular training sessions, workshops, and awareness programs that emphasize the significance of following security protocols and recognizing potential threats. Encourage employees to take ownership of security and make it an integral part of their daily routine. Reinforce this mindset by recognizing and rewarding those who actively contribute to the organization’s security efforts.

  1. Encouraging Cross-Functional Collaboration

A successful zero trust implementation requires collaboration between various teams, such as IT, security, HR, and legal. Fostering a collaborative environment ensures a seamless transition to a zero trust security model. Encourage communication between teams and provide opportunities for cross-functional workshops and training sessions to address security concerns and share knowledge. Promoting open dialogue and teamwork will lead to a more comprehensive understanding of the organization’s security posture and the zero trust framework.

  1. Implementing the Principle of Least Privilege

The principle of least privilege is a cornerstone of the zero trust security model. It entails limiting access to resources and data to only those who need it to perform their job functions. Train employees to follow this principle by requesting access only when necessary and revoking it when it is no longer required. Make this practice part of the organizational culture and ensure that everyone understands its importance in maintaining a secure environment. Implementing strict access control policies and using tools like identity and access management (IAM) solutions can further support the principle of least privilege.

  1. Addressing Insider Threats

Insider threats, whether intentional or accidental, pose a significant risk to an organization’s security posture. Educate employees on the potential dangers of insider threats and teach them how to identify suspicious activities. Implement security measures such as user behavior analytics (UBA) and data loss prevention (DLP) tools to detect and prevent potential insider threats. Encourage employees to report any suspicious activities to the security team and foster an environment where they feel comfortable doing so.

  1. Continuous Monitoring and Improvement

The zero trust model relies on continuous monitoring and improvement. Encourage employees to provide feedback on security policies and procedures, as well as report any incidents or anomalies. Maintain an open dialogue between the security team and employees to ensure that the organization’s security posture is continuously refined and adapted to the ever-evolving threat landscape.

Maintaining a strong feedback loop will not only help improve security but also promote a sense of shared responsibility and ownership. Implementing a Security Information and Event Management (SIEM) system can further support continuous monitoring and improvement efforts.

Conclusion

The human aspect and organizational culture change play a pivotal role in the successful implementation of zero trust security. By focusing on building a security-aware culture, encouraging cross-functional collaboration, implementing the principle of least privilege, addressing insider threats, and promoting continuous monitoring and improvement, organizations can create a more holistic and effective approach to zero trust security.

Remember, technology is just one part of the equation. Emphasizing the human factor and fostering a culture of security awareness will not only help in the successful implementation of zero trust security but also create a more resilient organization in the face of ever-evolving cyber threats. As you embark on your zero trust journey, keep these often-overlooked aspects in mind to maximize the effectiveness of your security strategy and ensure a more secure and collaborative environment for your organization.

Ultimately, it is the people within the organization who will make the difference in implementing and maintaining a zero trust security model. By giving them the knowledge, tools, and mindset to embrace the change, you will be setting your organization on a path to a more secure future. So, invest in your people and foster a culture of continuous learning and improvement to make your zero trust security model a resounding success.

The post The Human Aspect in Zero Trust Security appeared first on Cybersecurity Insiders.


March 31, 2023 at 03:15AM

Apple acquires WaveOne that uses AI to compress videos

Apple has almost made it official that it has acquired WaveOne company that uses Artificial Intelligence technology to compress videos. Well, the tech company did not release a press statement on the issue yet. But one of the former employees of WaveOne has given the world a hint by posting on his profile that the iPhone giant is now the parent company of the Mountain View startup.

Sources familiar with the news reported to our Cybersecurity Insiders that the company was purchased by the iOS giant in January this year and will be adding the firm’s tech operating with machine learning, in its deep learning video tech that may be introduced by the end of this year.

Generally, most of the compression of the videos takes place at the content provider’s side, while decompression takes place on the end-users device. But when new codecs are used, new hardware is required to process compression and decompression.

WaveOne has come up with an innovation by developing a “content-aware” video compression and decompression algorithm that operates on AI accelerators, now built on numerous PCs and mobile phones.

By leveraging the power of AI, the device understands a video frame and can differentiate scene and object in a scene. Then it can prioritize faces, for instance, to save bandwidth, thus, acting as a savior in abrupt connectivity disruptions- usually seen in 3G and 4G connections and not in 5G.

In December 2022, WaveOne released a demo video that claims the innovation to be hardware-agnostic, as it can reduce video file size by fraction, thus useful in processing complex scenes such as 4K with ease.

 

The post Apple acquires WaveOne that uses AI to compress videos appeared first on Cybersecurity Insiders.


March 30, 2023 at 08:34PM

Wednesday, March 29, 2023

alphaMountain has launched a new Cyber Threat analysis platform called “threatYeti”

alphaMountain has launched a new platform called “threatYeti,” designed to aid cyber threat analysts, security researchers, and in-house security operations teams with domain research. Built on alphaMountain’s domain and IP threat intelligence APIs, threatYeti is a browser-based investigation tool that provides a fast, search-based interface to deliver real-time threat verdicts for any internet host.

With threatYeti, security professionals can access powerful domain intelligence and threat detection capabilities through an easy-to-use, search-based web portal. Some of the platform’s leading features include a high-fidelity, color-coded numerical threat rating for each host, rock-solid content categorization, an unambiguous view into relationships and activities on a host, and a comprehensive suite of additional signals such as HTTP responses, SSL certificates, DNS, WHOIS, and more.

Since its emergence from stealth in 2021, alphaMountain has achieved significant milestones, including partnerships and customers for its API data feeds, and funding from venture capital firms Mercato Partners and Crosspoint Capital.

AlphaMountain leverages machine learning models to analyze and deliver domain and IP threat intelligence rapidly. In addition to threatYeti, alphaMountain’s intelligence is available through turnkey product integrations with leading security platforms such as Cisco SecureX, Splunk, Maltego, and Cyware.

With a free trial, threatYeti is available for everyone to start using, and tiered pricing plans allow additional capabilities and value at each level. Registering with an email address adds more queries and functionality to an account. The alphaMountain team will be showcasing threatYeti at the RSA Conference in San Francisco from April 24-27, 2023, at the Early Stage Expo on the 2nd level of Moscone South.

Alpha Mountain AI, Inc. is a cybersecurity startup based in Draper, Utah, offering API-delivered domain and IP threat intelligence feeds, the browser-based threatYeti domain research platform, and the a9 Web Reputation plugin for Chrome.

For more information on how to improve your cybersecurity program with instant threat verdicts and reliable site categorizations, or to access threatYeti and request a free trial API key, visit https://www.alphamountain.ai.

 

The post alphaMountain has launched a new Cyber Threat analysis platform called “threatYeti” appeared first on Cybersecurity Insiders.


March 30, 2023 at 09:50AM

Will you entrust cybersecurity to AI as per Microsoft

OpenAI-developed conversational AI ChatGPT is hitting the news headlines almost daily, and as it is now a part of Microsoft, the software giant is also getting a lot of credit for devising such a tool that can do anything and everything…well, almost!

Microsoft, which is busy integrating the services of the chatbot into its software products such as Bing, made an announcement that it intends for the world to entrust cybersecurity to artificial intelligence technology, as its capabilities are dynamically superb at countering the present generation of threats existing in the cyber landscape to the fullest.

Thus, by making such an announcement, the technology giant is clear that the proliferation of various language models inducing fear into the minds of security professionals is baseless, as they can be countered smartly.

This is in reference to a buzz created by a security engineer on GitHub on how his team used ChatGPT to obfuscate a malicious code from being detected.

The Windows OS giant also divulged some details about its Security Copilot and added to the statement that all the AI data is protected by the most comprehensive compliance and security controls prevailing in the industry, thus putting an end to the ChatGPT data leak commotion taking place on a tech forum that saw even the senior development engineers from the multinational participate in the discussion to shut down some trolls.

NOTE: Any/every technology is developed by a human mind and will/can be used in favor and against people. Here, the fact is that the fault never lies with the tech, but it’s the using mind that can go either way.

 

The post Will you entrust cybersecurity to AI as per Microsoft appeared first on Cybersecurity Insiders.


March 29, 2023 at 08:33PM

Microsoft Exchange Server vulnerability makes lawyers pay $200k as a settlement

In 2021, the LockBit Ransomware group breached the servers of New York-based law firm HPMB and stole sensitive information from one of its healthcare-related clients. The stolen data included names, DOBs, social security numbers, driving license details, biometric information of 114,979 individuals, and court-related documents in PDF form.

A security analysis done in April 2022 revealed that the cybercriminals from China-funded Hafnium Group gained access to HPMB’s servers through a vulnerability in Microsoft Exchange Server.

As the vulnerability was fixed by Microsoft in 2021, the Windows OS-producing company was not at fault for the breach. In response to a class action lawsuit, HPMB agreed to pay $200,000 to settle the data breach suit filed by its customer.

The healthcare provider also agreed to enhance its cybersecurity measures and appoint a third-party forensic expert to report on its current cybersecurity posture and those that will be adopted in the future.

Additionally, the company paid $100,000 to the LockBit ransomware gang that stole and encrypted the database in 2021. Therefore, the company paid a total of $350,000, including $50,000 as miscellaneous expenses($200,000 settlement costs and $100,000 paid to Lockbit), to continue its business operations.

Letitia James, the Attorney General at New York Court, gave the law firm seven days to review its decision and submit a report on how it will protect its user data in the future.

 

The post Microsoft Exchange Server vulnerability makes lawyers pay $200k as a settlement appeared first on Cybersecurity Insiders.


March 29, 2023 at 10:44AM

Tuesday, March 28, 2023

Member Feedback on (ISC)² 2023 Bylaws Requested by April 7

Today, all members should’ve received an email with a link to a survey inviting feedback on the (ISC)² 2023 Bylaws which closes on April 7, 2023. The URL starts with https://schlesinger.focusvision.com/. CPE Credit

We encourage all members to read the bylaws located on the (ISC)² Governance webpage. The (ISC)² Bylaws set forth the rules concerning the operation of our association and actions of our members. It guides how our Board of Directors and staff manage our nonprofit corporation. The (ISC)² Amended and Restated Bylaws establish fundamental principles about key governance policies, members’ rights and Board operations. 

As (ISC)² begins the 2023 Bylaws review process, the Board of Directors are looking for feedback from the membership. This will allow members to provide input and help shape the future of the association and its governance process. As the cybersecurity industry changes and the organization evolves and grows, this process provides an opportunity to allow (ISC)² to grow, adapt and continue to support all members.  

To learn more about what is new about the bylaws review process and meet some of the 2023 (ISC)² Bylaws Committee, we recorded a webinar with Board of Directors member and Bylaws Committee Chair Lisa Young, CISSP, as she guides viewers through this year’s process.  

Watch the webinar: Get Involved – Meet the 2023 (ISC)² Bylaws Committee 

The post Member Feedback on (ISC)² 2023 Bylaws Requested by April 7 appeared first on Cybersecurity Insiders.


March 29, 2023 at 09:09AM

OPINION: Why Perfection is the Enemy of Progress in Cybersecurity

By Muhammad ChbibCEO of Autobahn Security

Is your organization suffering from cybersecurity paralysis? Many businesses are in cybersecurity panic-mode due to the steady stream of alarming news that ‘nobody is safe’ from hackers. While it’s true that all businesses are technically ‘hackable’, it’s important to see the bigger picture – cybercriminals tend to focus their efforts primarily on high-yield targets. That means striving for cybersecurity perfection is unnecessary for most companies.

In fact, perfection is the enemy of progress in cybersecurity. Striving to be ‘perfectly secure’ is ultimately an unrealistic and unachievable goal that comes at a massive detriment to innovation and productivity. Rather than aiming for perfection, businesses should take a pragmatic approach to making themselves less vulnerable — and focus their efforts only on the risks that matter most to the hacker. Taking a measured, strategic approach to cybersecurity will have the most impact where it counts, and this approach will also protect a business’s capacity for innovation and productivity.

Most companies don’t get hacked, most of the time

Hackers are rational and will pick the easiest targets in terms of snatching cash or stealing information. For example, unless a new website generates a certain amount of revenue, there’s no urgent need to keep it ‘perfectly secure’, because hackers are most likely not interested in small, unprofitable targets.

Using benchmarking to ensure a business remains above the industry average for ‘hackability’ helps decrease the likelihood of an attack. Companies can set milestones in the lifecycle of new apps and products they’re developing to reveal the correct time to introduce robust cybersecurity measures. This can help businesses prioritise their cybersecurity efforts and make the most impact where it counts.

Balancing ‘healthy paranoia’ with innovation

Security is not the most important part of a business – a statement which may come as a shock from me, a security practitioner. Yes, cybersecurity threats are rising, and a solid security strategy should be implemented in every organisation, however it’s vital that overzealous cybersecurity practices don’t threaten the ability of companies to innovate, take risks and embrace new technology. Unfortunately, this is something I see happening every day. 

CSOs, CISOs and IT leaders today are pulled in multiple directions within organisations, often expected to juggle overwhelming volumes of information and make rapid decisions to ensure all vulnerabilities are addressed. Many are overwhelmed enough to leave the workforce entirely, but others are simply fighting the growing number of security threats with ‘healthy paranoia’ and being extra forceful with their input. This approach is using a sledgehammer to crack a nut: a disproportionate reaction that can have unintended negative impacts on other parts of a business. 

Going overboard with security can stifle the unique cultural elements that propel companies to global success, which is ironic since business leaders investing in cybersecurity are doing so with the best interests of their company in mind. But tunnel vision security doesn’t care about innovation; it’s only interested in preventing total disaster. As a result, striving for security above everything else often means taking fewer chances on new ideas, or losing the appetite and capacity for innovation. It can create a demoralised workforce with lower productivity, and it can make companies fearful of taking potentially worthwhile risks – all of which are detrimental to a company’s future and broader market opportunities. 

The good news is that there’s no need for businesses to panic when faced with a huge volume of cyber-threats, because in most cases – and for most businesses – the risks are very low. Security experts see threats everywhere, but this needs to be compensated for by regularly stepping back and regaining a sense of perspective on which risks are real now, and which may become real in the future but don’t require immediate attention. However — that’s easier said than done! Luckily, there are tools out there to help you assess risk and get advance warning of your biggest threats.

By thinking rationally (and from a hacker’s perspective) about which risks will result in actual harm, and which are purely theoretical, businesses can find a more balanced perspective on cybersecurity which can empower them to pursue opportunities and innovate as normal — without unnecessary fear. A healthy dose of paranoia is always a good thing, but practising moderation and reason (instead of perfectionism) is the most sensible, sustainable way to establish strong cybersecurity foundations. 

The post OPINION: Why Perfection is the Enemy of Progress in Cybersecurity appeared first on Cybersecurity Insiders.


March 29, 2023 at 12:14AM