Google bans 173,000 malicious app developers

Google has issued a ban on approximately 173,000 application developers who tried various methods to get their software published on its Play Store. The web search giant has officially confirmed that it has weeded out a large number of bad accounts and has announced that it will raise the bar even further this year.

According to a source at the technology giant, the company has taken stringent action against those spreading malware and spying tools under the guise of renowned applications and will no longer accept applications that work under the same name and objective.

Google estimates that it has blocked over $2 billion from fraudulent and abusive dealings.

It has also issued stringent rules for developers whose apps access sensitive data and share it with servers, which goes against the privacy rules of the internet juggernaut.

Inside sources suggest that the company is also keeping a close eye on app developers from certain countries, such as India, China, Russia, and some other Asian and African countries, as well as the United States. If found guilty, their accounts are permanently suspended.

Additionally, the company blocks apps with names that are similar to government-related utility and services applications. Previously, it used to allow competing applications. However, to prevent fraud arising from such services, it has decided not to accept applications operating under the same name and motive.

Will it accept applications that are mimicked with just a typo or synonym? Only time will provide an appropriate answer to this question!

Note: Between January and December 2022, Google launched the App Security Improvements program, which helped developers fix over 500,000 vulnerabilities in 300,000 apps that had over 253 billion installs.

The post Google bans 173,000 malicious app developers appeared first on Cybersecurity Insiders.

April 28, 2023 at 08:37PM

Read More

Is mood tracking feature in Apple iOS 17 a privacy concern

Apple Inc’s released products are known for their progressive innovation, and the best example to prove it is the invention of a glass-driven touch screen that was first introduced to the world via the first iPhone in-series and is now a part of every electronic appliance in today’s world.

As expected, the next version of iOS 17, which might be unveiled in about a couple of months or so, is also expected to have mind-blowing features, and leaks suggest that it will include a feature that can detect the mood of the user through their texting and determine if the user is feeling down.

Other rumors include quality improvements in the software, a software feature that will be compatible with Apple’s new virtual reality headset, a journaling app, lock screen customization, and Siri changes.

Privacy analysts suggest that more technological innovations can do more harm than good as it depends on the mind that is using it. For instance, if the phone device can detect the mood of the user, it can be easily hacked, and the user’s mind can easily be manipulated.

Meaning, these are just anticipations that can go rogue if the mind of the hacker goes the other way round and starts planning nasty things for the user/victim.

The other rumor that is being discussed on Reddit and other platforms is Apple’s decision to allow sideloading on its upcoming phone models. Sideloading is nothing but allowing users to load apps from other sources, other than its sole App Store.

Currently, these are just speculations, but the truth will soon be out after June 7th at the Worldwide Developers Conference (WWDC).

The post Is mood tracking feature in Apple iOS 17 a privacy concern appeared first on Cybersecurity Insiders.

April 28, 2023 at 11:12AM

Read More

Get ready for RSA 2023: Stronger Together

Going to RSA next week? If you don’t know, it’s a huge cybersecurity conference held at Moscone Center in San Francisco, CA. If you’re going, please stop by the AT&T Cybersecurity booth and check us out. It’s at #6245 in the North Hall. Remember to bring a picture ID for RSA check-in, otherwise you’ll have to go back to your hotel and get it.

The RSA theme this year is “Stronger Together” which sounds like a great plan to me!

The details

So, the details: AT&T Cybersecurity will be at RSA Conference 2023 (San Francisco, April 24-27), in booth 6245 in the North Hall. We’ll have a 10’ digital wall, four demo stations, and a mini theatre for presentations.

What can you expect to see in the AT&T Cybersecurity booth?

The AT&T Cybersecurity booth will be a hub of activity with demo stations, presentations, and other social networking activities. Our goal is to help you address macro challenges in your organization such as:

• Pro-active and effective threat detection and response
• Modernizing network security
• Protecting web applications and APIs
• Engaging expert guidance on cybersecurity challenges

Demo stations

Come check out our four demo stations that will provide you an opportunity to meet and talk with AT&T Cybersecurity pros. Our demos are highlighting:

• Managed XDR
• Network Modernization
• Web Application and API Security (WAAP)
• AT&T Cybersecurity Consulting

In-booth mini-theatre

The AT&T Cybersecurity booth includes a mini-theater where you can relax and enjoy presentations every 15 minutes plus get one of our limited-edition AT&T Cybersecurity mini-backpacks for all of your RSA memorabilia

Join us for presentations about:

• 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Hot off the press for RSA, the 2023 AT&T Cybersecurity Insights Report is our annual thought leadership research. Learn how seven industries are using edge computing for competitive business advantages, what the perceived risks are, and how security is an integral part of the next generation of computing.

• The Endpoint Revolution

Understand today’s “endpoint revolution” and the multi-layered preventative and detective controls that should be implemented to secure your organization.

• Modernizing Network Security

Learn more about the modernization of enterprise security architectures and consolidation of multiple security controls, including those crucial to supporting hybrid work and the migration of apps and data to cloud services.

• Alien Labs Threat Intelligence

Learn how the AT&T Alien Labs threat intelligence team curates intelligence based on global visibility of indicators of compromise into threats and tactics, techniques, and procedures of cybercriminals.

• Next Generation Web Application and API Protection (WAAP) Security

Learn how WAAP is expanding to include additional features and how a service provider can help guide you to the right solution. The WAAP market is diverse and includes DDOS, bot management, web application protection and API security.

• Empowering the SOC with Next Generation Tools

Learn how a new era of operations in security and networking is creating more efficiency in the SOC.

Events

Monday, April 24	2023 AT&T Cybersecurity Insights Report: Edge Ecosystem Report launch – attend a mini-theater presentation for your copy
Monday, April 24	Cloud Security Alliance Panel: 8:00 AM – 3:00 PM Pacific Moscone South 301-304 Featuring AT&T Cybersecurity’s Scott Scheppers discussing cybersecurity employee recruitment and retention. Cloud Security Alliance Mission Critical summit RSAC 2023 (Open to RSA registrants) – All Day
Wednesday, April 26	Happy Hour at the AT&T Cybersecurity Booth N6245: 4:30 – 6:00 PM Pacific   Join us for networking and refreshments after a long day at the conference.
Wednesday, April 26	Partner Perspectives Track Session: 2:25 – 3:15 PM Pacific Moscone South 155 Cutting Through the Noise of XDR – Are Service Providers an Answer? Presented by AT&T Cybersecurity’s Rakesh Shah

 

As you can see, we have an exciting RSA week planned! We look forward to seeing and meeting everyone at the conference!

The post Get ready for RSA 2023: Stronger Together appeared first on Cybersecurity Insiders.

April 28, 2023 at 09:30AM

Read More

Intel allows Google to hack its servers

Intel gave permission to Google to hack its servers operating on its new security hardware product dubbed “Trust Domain Extensions” (TDX). According to sources reporting to our cybersecurity insiders, permission to infiltrate its servers was given almost 10 months ago as part of an audit of its infrastructural defense-line.

Google Project’s Zero Bug Hunting team states that its researchers found about two significant vulnerabilities, and five of the newly found flaws were being used as proactive measures to strengthen the security of TDX’s defenses.

The silicon wafer manufacturing giant will use the intelligence obtained from the analysis of Intel’s 4th generation Intel Xeon Processor, named “Sapphire Rapids,” which will use TDX to keep customer data encrypted at all times.

On the other hand, this is not new to the web search giant, as it often involves in projects that let its engineers hack into the products developed by chipmakers for actionable insights. This approach helps in building a business relationship and integrating some of the best intellectual property into its data center infrastructure.

As hacking gangs become highly sophisticated, those involved in the R&D of computing hardware and software should be extra vigilant while developing new products without vulnerabilities.

So, at this juncture, if a company collaborates with other technology-driven firms, actionable insights can be gained through black-box testing, where potential flaws are uncovered, making the product completely secure.

Intel did exactly the same by joining hands with Google Cloud Security to find flaws in its TDX hardware and is all set to integrate the hardware extension into its Sapphire Rapids processors by October of this year.

The post Intel allows Google to hack its servers appeared first on Cybersecurity Insiders.

April 27, 2023 at 08:44PM

Read More

LockBit Ransomware Group feels ashamed for the Cyber Attack

LockBit ransomware group that infiltrated the Olympia Community Unit School District 16 a few days ago has issued an unconditional apology for hacking into the servers of innocent school children. The criminal gang also admitted that it feels ashamed of its actions and assured that it will provide a free decryptor to victims who contact them with the decryption ID via the dark web.

LockBit 3.0’s remorse comes as a surprise but is not new. The gang has apologized in the past for causing inconvenience to the entire human race during the Covid-19 pandemic by hitting a healthcare R&D service provider and bringing vaccine research to a halt with digital disruption.

For those who aren’t aware of the potential of this file-encrypting malware-spreading gang, here’s a summary. This notorious group has a number of affiliates, as its latest version is being offered as part of a Ransomware-as-a-Service program highly active on the dark web. There are about 80 affiliated groups involved with the gang, using highly sophisticated tools to avoid detection by law enforcement agencies worldwide.

LockBit 3.0 is a successor to LockBit 2.0, and again, a predecessor to LockBit. It employs triple threatening tactics, stealing data and locking down the database with encryption, threatening to leak the data onto the dark web, and demanding more payment, or else informing the victim’s competitors, customers, and partners about the attack. If these tactics fail, it transforms the malware tool into a data wiping software.

NOTE: In a recent study conducted by Microsoft, the attacks on PaperCut servers were attributed to Clop and LockBit ransomware operations exploiting vulnerabilities to steal information from corporate server networks.

 

The post LockBit Ransomware Group feels ashamed for the Cyber Attack appeared first on Cybersecurity Insiders.

April 27, 2023 at 09:49AM

Read More

Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?

Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?

SOURCE:

The post Et esse laboriosam At consequatur nemo eum quibusdam voluptatum? appeared first on Cybersecurity Insiders.

April 27, 2023 at 02:12AM

Read More

The Cybersecurity Talent Gap – Where do We Go from Here?

By Tanya Freedland, VP of Human Resources and Talent Acquisition, Identiv

Currently there are 1 million cybersecurity workers in the U.S., yet there are still upwards of 700,000 positions in the field that need to be filled immediately.

As the number of job openings in cybersecurity continues to multiply, cyber attacks are growing at an exponential rate, putting the infrastructure of the entire world at risk. The infrastructure of every critical resource on the planet is run using digital technology: healthcare, commerce, energy, government, transportation, public services, education, banking, etc. This leaves an infinite number of attack surfaces for hackers to steal public and private information. In fact, U.S. corporations experienced 50% more cyber attacks in 2021 than they did in 2020. 

The same need for qualified cybersecurity professionals is expected moving into 2025. With so many experts needed to fill these important positions fast, should the cybersecurity industry hire IT professionals and teach them cybersecurity on the job, or hire those already trained in the industry?

Hiring talent in cybersecurity: What’s the issue?

One of the biggest challenges in filling many cybersecurity positions is the lack of people with qualifying credentials to enter the profession. Those credentials can be as high-level as a master’s degree in cybersecurity or one of several certificates that can be completed in a matter of months. 

A recent report states that four-year universities tend to be the main provider of entry-level cybersecurity professionals. However, the challenge facing recent university cybersecurity graduates is that by the time they complete their studies, their skills are oftentimes already obsolete. Still, 52% of hiring organizations required a degree to fill entry-level positions in 2022. This number was 6% lower than in 2021, demonstrating that a degree is becoming less important. 

The skills gap is also due to the lack of opportunities for non-technical professionals to gain cybersecurity training in an industry that is constantly evolving. Cyberthreats continue to rise as technology becomes more complex. Artificial intelligence (AI) can be used to launch attacks on companies big and small just as they can be used to block them. This makes it more complicated for organizations to define exactly what skills they need at any point in time.

The Great Resignation has affected the movement of cybersecurity professionals as it has just about every other industry. The cybersecurity industry was facing hiring challenges well before the pandemic. However, the pandemic did make people reconsider how they wanted to live and work. One recent report states that as many as 54% of security professionals want to quit their job, citing their increasing workload as one of the main reasons for experiencing work-related stress. The work involves a high amount of tedious tasks that can lead to burnout. While the need for cybersecurity professionals was made bigger by the pandemic, the transition to remote work put companies at a higher risk for attacks. Still, there just are not enough qualified people to fill these critical roles. 

Diversifying the pool of applicants is critical to the digital landscape

The answer to the hiring problem in cybersecurity may lie in creating a more diverse pool of applicants in the industry. According to one recent report, only 24% of cybersecurity professionals identify as women. Only 9% identify as black and 4% as hispanic. Salary discrepancies exist across race and gender while women and people of color are least likely to serve in leadership positions. 

It is critical that companies find ways to tap into new sources of talent and open up nontraditional entryways to a career in cybersecurity. This can be further supported through formal on-the-job training, accessible professional development opportunities, affordable certifications, mentoring programs, and much more.

Focusing on diversity, equity, and inclusion (DEI) in the hiring and training of cybersecurity professionals brings tremendous value to the workforce in general. Companies that invest in DEI initiatives have benefited from improved levels of problem solving and a greater generation of ideas. Diverse teams are able to innovate at a more rapid pace, anticipating consumer demand and buying patterns, offering their companies a competitive advantage. 

The cybersecurity industry cannot afford to wait for answers

The safety and security of business as we know it hangs on the ability to hire cybersecurity professionals who are ready to work. It does not matter whether they are IT professionals who want to make a career change, or individuals who have completed a degree and/or certifications for an entry-level position. Both are legitimate career opportunities that should be invested in to meet the needs of business in the U.S. and abroad. 

The pandemic has increased opportunities to hire remote workers to fulfill the security needs of most companies. This also brings new opportunities to offer creative options in training for those who, first and foremost, are dedicated to learning the job from the ground up.

The post The Cybersecurity Talent Gap – Where do We Go from Here? appeared first on Cybersecurity Insiders.

April 26, 2023 at 10:51PM

Read More

F-Secure to acquire Lookout Mobile Security

F-Secure has made an official announcement that it is going to acquire the mobile security business of Lookout, and the deal might be completed by June of this year. Although the financial terms are yet to be disclosed on an official note, unconfirmed sources state that the deal is to be valued at $224 million, all in cash.

Lookout, which established itself in business in 2009, offers Mobile Endpoint Security solutions with millions of users and hundreds of millions in funding. It offers security products for the consumer market, including antivirus software for smartphones, and has upped its ante towards enterprise business, making it a great pick for F-Secure – a company that offers all products from password management to anti-malware solutions.

F-Secure is planning to integrate the newly acquired tech into its endpoint and cloud security solutions, thereby becoming a pure-play enterprise security solutions provider.

NOTE: According to a market study made by Emergen Research, the global mobile security market, worth approximately $3.93 billion in 2021, is expected to reach $13 billion by the end of 2030. Analysts predict that the growth will be based on factors such as the increasing usage of smartphones, the rise in adoption of third-party apps, and the growing productivity of employees through BYOD and WFH culture. Among both iOS and Android, the former stands as the most dependable operating system, as Apple doesn’t allow developers to exploit its source code and does not permit iPhone and iPad owners to customize the code as per their needs.

The post F-Secure to acquire Lookout Mobile Security appeared first on Cybersecurity Insiders.

April 26, 2023 at 08:33PM

Read More

Quad nations unite to fight Cyber Attacks on Critical Public Infrastructure

The Quad nations comprising India, Japan, Australia, and the United States will reach an agreement on how to create a collective approach to blocking cyber attacks on critical public infrastructure, such as the power and communication sectors. The Quad countries have devised a plan to meet next month in Australia to reach an agreement on how to involve, deal with, and address state-funded attacks on national infrastructure.

Nowadays, every nation wants to target their adversaries on a digital note, and that can only be done by launching invasions in the form of cyber-attacks, disrupting operations of critical infrastructure, leading to blackouts that can trigger immense concern among the populace.

The Quad nations will discuss, at the summit, the preventive measures they will take to block such attacks and will address how they will be dealing with ransomware incidents arising from their territory.

“We exercise responsibility to assist each other in the face of malicious cyber activity, including ransomware attacks on public infrastructure,” says a joint statement issued by the foreign ministers of the four nations: Penny Wong of Australia, S Jayashanker of India, Hayashi Yoshimasa of Japan, and Tony Blinken of the United States.

Interestingly, the four nations have invited the UK’s representation in their objective to block state-funded attacks and received a positive response from the Parliament of the United Kingdom.

NOTE: Developed nations across the world are worried that the ongoing war between Russia and Ukraine could trigger World War III, as Moscow has given its nod to the use of its Leopard war tanks that can cause devastation across enemy nations in no time. If Putin faces a loss in this battle, he could wage a cyber war, as he is on the verge of losing patience, as his plan, execution, and consequences witnessed in the war are turning against him, both at home and on an international note.

The post Quad nations unite to fight Cyber Attacks on Critical Public Infrastructure appeared first on Cybersecurity Insiders.

April 26, 2023 at 10:39AM

Read More

Guidance on network and data flow diagrams for PCI DSS compliance

This is the third blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here.

PCI DSS requires that an “entity” have up to date cardholder data (CHD) flow and networking diagrams to show the networks that CHD travels over.

Googling “enterprise network diagram examples” and “enterprise data flow diagram examples” gets several different examples for diagrams which you could further refine to fit whatever drawing tools you currently use, and best resembles your current architecture.

The network diagrams are best when they include both a human recognizable network name and the IP address range that the network segment uses. This helps assessors to correlate the diagram to the firewall configuration rules or (AWS) security groups (or equivalent).

Each firewall or router within the environment and any management data paths also need to be shown (to the extent that you have control over them).

You must also show (because PCI requires it) the IDS/IPS tools and both transaction logging and overall system logging paths. Authentication, anti-virus, backup, and update mechanisms are other connections that need to be shown. Our customers often create multiple diagrams to reduce the complexity of having everything in one.

Both types of diagrams need to include each possible form of ingestion and propagation of credit card data, and the management or monitoring paths, to the extent that those paths could affect the security of that cardholder data.

Using red to signify unencrypted data, blue to signify data you control the seeding or key generation mechanism for and either decrypt or encrypt (prior to saving or propagation), brown to signify DUKPT (Derived Unique Key per Transaction) channels, and green to signify data you cannot decrypt (such as P2PE) also helps you and us understand the risk associated with various data flows. (The specific colors cited here are not mandatory, but recommendations borne of experience).

As examples:

In the network diagram:

In the web order case, there would be a blue data path from the consumer through your web application firewall and perimeter firewall, to your web servers using standard TLS1.2 encryption, since it is based on your web-site’s certificate.

There may be a red unencrypted path between the web server and order management server/application, then there would be a blue data path from your servers to the payment gateway using encryption negotiated by the gateway. This would start with TLS1.2, which might then use an iFrame to initiate a green data path directly from the payment provider to the consumer to receive the card data, bypassing all your networking and systems. Then there would be a blue return from the payment provider to your payment application with the authorization completion code.

In the data flow diagram:

An extremely useful addition to most data flow diagrams is a numbered sequence of events with the number adjacent to the arrow in the appropriate direction.

In the most basic form that sequence might look like

1. Consumer calls into ordering line over POTS line (red – unencrypted)
2. POTS call is converted to VOIP (blue – encrypted by xxx server/application)
3. Call manager routes to a free CSR (blue-encrypted)
4. Order is placed (blue-encrypted)
5. CSR navigates to payment page within the same web form as a web order would be placed (blue-encrypted, served by the payment gateway API)
6. CSR takes credit card data and enters it directly into the web form. (blue-encrypted, served by the payment gateway API)
7. Authorization occurs under the payment gateway’s control.
8. Authorization success or denial is received from the payment gateway (blue-encrypted under the same session as step 5)
9. CSR confirms the payment and completes the ordering process.

This same list could form the basis of a procedure for the CSRs for a successful order placement. You will have to add your own steps for how the CSRs must respond if the authorization fails, or the network or payment page goes down.

Remember all documentation for PCI requires a date of last review, and notation of by whom it was approved as accurate. Even better is to add a list of changes, or change identifiers and their dates, so that all updates can be traced easily. Also remember that even updates which are subsequently reverted must be documented to ensure they don’t erroneously get re-implemented, or forgotten for some reason, thus becoming permanent.

The post Guidance on network and data flow diagrams for PCI DSS compliance appeared first on Cybersecurity Insiders.

April 26, 2023 at 09:09AM

Read More

New SLP Vulnerability to play catalyst to 2000x DDoS attacks

A DDoS Attack is the bombardment of fake internet traffic onto an application server, thus disrupting its operations, leading to its unavailability to genuine traffic. Now, imagine what will happen if the intensity of such attacks increases by 2000 times if/when hackers exploit a vulnerability to amplify the attack resulting in a high scale denial of service attack.

Assigned with an ID tag of CVE- 2023-29552, the flaw if exploited can impact over 2,000 organizations and can spill data from over 54,000 SLP instances…. now that’s interesting!

These details were disclosed by researchers from BitSight and Curesec who issued an immediate alert to almost 700 product types, including Planex Routers, IBM Integrated Management Module, SMC IPMI, Konica Minolta Printers, and Vmware ESXi Hypervisors.

According to a report released by the security researchers, the exposed organizations to vulnerable SLP Instances could be from 10 countries- USA, UK, Japan, Germany, Canada, France, Italy, Brazil, and Netherlands along with Spain.

NOTE- Till date, and as per the analysis of Cloudflare, the biggest distributed denial of service attack took place in September 2017 and was targeted at Google services at 2.54tbps. AWS also experienced a similar attack in February 2020, with incoming traffic reaching a rate of 2.3 TB per second. Technically speaking, all these attacks do not exceed 10 Gbps rate per seconds. But attacks of such rate are also high enough to disrupt websites and applications offline for at least 12-15 hours.

 

The post New SLP Vulnerability to play catalyst to 2000x DDoS attacks appeared first on Cybersecurity Insiders.

April 25, 2023 at 08:35PM

Read More

Cyber Attack news headlines trending on Google

Yellow Pages Canada reportedly fell victim to a Black Basta Ransomware attack at the end of March this year. News has emerged that the criminals siphoned sensitive details and data from the servers of the Canadian Directory services provider, including information such as tax documents, sales and purchase deals, spreadsheets related to the accounts department, and many scanned passport and driving license documents related to customers and employees.

Franco Sciannamblo, the VP and CFO of the company, confirmed the news and assured that more details will be provided after a thorough investigation is conducted.

Black Basta has emerged as one of the notorious ransomware-spreading groups after LockBit and is seen taking down computer networks of many notable companies such as Capita and Sobeys.

Fincantieri Marine Group (FMG) expressed its concerns over the weekend as it fell prey to a ransomware attack on April 12th, 2023. The IT staff of the US Defense and Navy contractor are working with full force to recover the IT assets immediately. Certain systems have been isolated, and the company’s Italian subsidiary, Fincantieri SpA, has assured that no employee or personal details of customers or staff were fraudulently accessed or stolen in the attack.

Third is an interesting piece of news related to the BumbleBee malware, which is seen spreading through Google Ads and SEO Poisoning. Interestingly, cybercriminals are found spreading this malware via software ads related to Zoom, ChatGPT, Citrix Workspace, and Cisco AnyConnect. The highlight of this software is that it starts operating after 3 hours of its infection and starts tracking down accessible network points, spreading to other machines, exfiltrating data, and deploying ransomware.

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

April 25, 2023 at 10:25AM

Read More

How to establish network security for your hybrid workplace

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The global COVID-19 pandemic has left lasting effects on the workplace across all sectors. With so many people required to stay home, businesses in every field turned to remote work to open new possibilities for staying connected across distances. Now that the pandemic has largely subsided, many working environments have transitioned into a new hybrid workplace style. With this new approach to the office, employers and IT specialists have had to adapt to the increased risk of cybersecurity breaches within the company context. 

The first security measure businesses adopted during the pandemic was using VPNs that allowed employees to work remotely while still enjoying connectivity and security. Despite their popularity, however, VPN authentication can grant malicious third parties unrestricted network access and allow them to compromise an organization’s digital assets. 

To combat these vulnerabilities, organizations must consider establishing hybrid workplace network security. Investing in organizational cybersecurity means investing in the organization’s future; now, cybersecurity is as essential for the continuity and success of a business as the lock on its front door was once considered to be. 

This article will discuss types of network security breaches to watch out for. Then we will review practices you can adopt to establish hybrid workplace security and mitigate the risk of granting malicious third parties unrestricted network access.

Three types of hybrid network security breaches to watch out for

There are multiple potential gaps in every hybrid workplace network, including interpersonal communications, outdated software, and uninformed employees. Cybersecurity breaches at even a very small scale can grant hackers access to sensitive information, which could lead to the leakage of important data. 

This is a serious problem as, according to recent surveys, 45% of companies in the United States have been faced with data leakage in the past. With hybrid and remote workplaces becoming increasingly normal, workplace network security must become a priority. 

Here are three types of security breaches to watch out for. 

1. Phishing attacks

One type of cybersecurity attack is phishing. Phishing involves a hacker attempting to trick employees or co-workers into revealing sensitive information, granting access to protected files, or inadvertently downloading malicious software. 

Phishing is enacted by hackers who successfully adopt an employee’s personality, writing style, or company presence. According to recent statistics, 80% of breaches involve compromised identities, which can have a domino effect, leading to larger-scale company-wide cybersecurity breaches. 

2. Ransomware attacks

A second variety of cybersecurity breaches is ransomware. Ransomware is an attack where hackers encrypt files on a company’s network and demand payment to restore access. In other words, they gain private access to the workplace network and then essentially hold it hostage, demanding a “ransom” to prevent leaking any sensitive work data that might be stored there. 

Phishing can be used as an initial method of accessing a network so that hackers can then install ransomware. 

3. Man-in-the-Middle attacks

A third type of cybersecurity breach is a man-in-the-middle attack, where a hacker intercepts and alters communications between two parties to steal data or manipulate transactions. A man-in-the-middle attack can also be a type of phishing breach.  

Six practices to establish hybrid workplace security

The most effective overall approach to combating potential cyberattacks is establishing a comprehensive, multifaceted system of defenses. 

The combination of different approaches, such as widespread workplace cybersecurity education paired with awareness about making smart purchasing decisions, can shore up the defenses before an attack. Meanwhile, introducing specific preventive cybersecurity measures will guarantee a more robust cybersecurity structure across the workplace in case of a malicious incident.

 Here are six specific practices to establish hybrid workplace security. 

1. Choose trustworthy vendors

Part of running a business is working within a broader network of vendors, contractors, and clients. One way to establish cybersecurity from the outset is to carefully and thoroughly vet every business partner and vendor before working with them. Before signing a company-wide phone contract, for example, look for business phone services that come with features such as enhanced cyber protection and cyberattack insurance. 

When your business or employees request or send money online, they should use specific transfer sources as instructed. Employers should look for bank transfers that come with digital security encryption and protection against chargebacks to prevent breaches during the transaction. 

2. Adopt alternative remote access methods

Since breaches of company networks protected by VPNs are becoming increasingly common, seeking out alternative remote access methods is a good way to ensure the ongoing security of the workplace network. 

Software-defined perimeter, or SDP, uses a cloud-based approach so that each device can be easily synced across geographic barriers. A software-defined perimeter relies on identity authentication before connecting users and, as such, acts as a virtual barrier around every level of access. 

3. Introduce zero-trust network access (ZTNA)

Zero-trust network access means that every single request to access the company network, including all employee requests, must pass several layers of authentication before being granted. This way, all employees, both in-person and remote, will have to engage with the same advanced-level security protocols.  

Zero-trust network access also means that every device is analyzed and confirmed so hackers or bad actors attempting to impersonate an employee can be tracked and identified. 

4. Enact company-wide cybersecurity training programs

Create training documents that are easily accessible to both in-person and remote employees. 

Regular training on the latest cybersecurity protocols and procedures is an important way to maintain constant awareness of cybersecurity threats among your entire staff and establish clear and direct actions employees can take if they suspect they have been targeted by a bad actor. 

Since phishing is one of the top methods of cyberattacks in the workplace, the better informed that employees at every level of the company are, the more secure the workplace will be. 

5. Conduct regular cybersecurity tests

For hybrid companies, identifying potential vulnerabilities and weak spots in the cybersecurity system is key to preventing effective attacks.

Instruct the in-house IT team to conduct regular cybersecurity tests by launching false phishing campaigns and attempting to simulate other hacking strategies. If your hybrid business does not have an entire IT team, hire outside cybersecurity consultants to analyze the state of your company’s current cybersecurity defenses. 

IT experts should also be consulted to determine the best cybersecurity software for your business. All software and hardware should be updated regularly on every workplace device, and employees should be encouraged to update the software on their smartphones and other personal devices that might be used for work purposes. 

Since software updates contain the latest cybersecurity measures, they are essential to cyber risk management in the hybrid workplace. 

6. Install security software on all workplace devices 

In addition to the protection provided by personnel and alternative access networks, every workplace device should be equipped with adequate cybersecurity protective software. Installing a firewall on every workplace computer and tablet can protect the core of each hard drive from malware that may have been accidentally installed. 

A strong firewall can protect against any suspicious activity attempts within the company network. By providing a powerful firewall coupled with secure remote access methods, the entire workplace network should be secured from attempts at illicit access by cybercriminals with malicious intent. 

Data diodes are another viable method of securing the network; similar to software firewalls, data diodes work less like an identity barrier and more like a physical separator. While firewalls analyze and vet each incoming action request, data diodes function by separating distinct aspects of each electronic transaction or interaction. So even in case of a system failure, the main result would be a total lack of connectivity between parts, ensuring that cybercriminals would still be prevented from accessing company information. 

Final thoughts

Since a hybrid workplace encompasses both in-person and remote employees at the same time, hybrid companies face a unique set of challenges. Each cybersecurity policy must incorporate both types of employees, which can be difficult to enact across the board. 

To instill preventive measures that can thwart attempts at phishing, ransomware, malware, identity theft, and other malicious attacks, hybrid companies can boost their workplace training programs and install higher-level security software. These measures will help to prevent attacks and minimize damage in the case of a cybersecurity breach so that sensitive personal and company data will be protected no matter what. 

The post How to establish network security for your hybrid workplace appeared first on Cybersecurity Insiders.

April 25, 2023 at 09:09AM

Read More

SSD with in-built ransomware prevention capabilities

Can you imagine Hard Disk Drives (HDD) and Solid-State Disks (SSD) being immune to ransomware attacks?

Well, a company named Cigent says so! It claims to have produced the first SSD with built-in ransomware protection, thus saving users from having their information stolen and encrypted with malware.

The Cigent Secure SSD+ has a built-in processor powered by AI machine learning tools that blocks ransomware activity at its core. Its software can detect illegal disk accesses that lead to ransomware spread.

Cigent assures that its new storage solution offers a prevention program, rather than a mitigation plan, saving businesses money, time, and most importantly, avoiding embarrassment among competitors.

Tom Ricoy, the Chief Revenue Officer, disclosed to the media that its new solid-state drive acts as an automated risk prevention solution, unlike usual Endpoint Detection and Response (EDR) products that work on a detect-and-respond basis.

With this latest offering, Cigent has added another feature to its excellent data storage protection solutions, such as Full-Disk Encryption and support for multi-factor authentication. Additionally, the data storage solution company also sells a military-grade Data Defense Software as a Service (SaaS) platform that protects endpoint systems.

The Cigent Secure SSD+ will be available for commercial purchase from May 2023, with drive capacities ranging from 480GB to 1920GB or beyond. As these products are small, they occupy less space in the computing product’s chassis, emit less heat due to the absence of any moving parts, consume less power, and have more endurance than their HDD counterparts.

The post SSD with in-built ransomware prevention capabilities appeared first on Cybersecurity Insiders.

April 24, 2023 at 08:31PM

Read More

Lung Cancer detection possible 10 Years prior with AI

Lung cancer is a dangerous and contagious disease that spreads throughout the body quickly and is not easy to detect in its early stages. However, thanks to the technology of artificial intelligence-enabled machine learning tools, detecting lung cancer is now possible almost 10 years before its onset.

Dubbed as ‘CanPredict’, the AI program helps high-risk patients receive appropriate treatment before the disease becomes deadly. Developed by scientists at the University of Oxford, in association with some professors from the University of Nottingham, the ML tool considers patients’ physical measurements, smoking and alcohol intake status, family history, BMI, and socioeconomic status and calculates the likelihood of being hit by the disease and its severity.

Does this eliminate the need for expensive Computed/rized Tomography (CT) scans? Well, no, say experts. CanPredict helps detect the disease early and facilitates early treatment. However, for those already experiencing symptoms or yet to be detected, the options are limited.

Therefore, if you are experiencing symptoms such as fever, dry cough, waking up in a drenched state with sweat, pain while swallowing, face swelling, chest or shoulder pain, persistent breathlessness, coughing up blood occasionally, and experiencing finger clubbing, wheezing, and a change in voice, it’s time to get checked.

CanPredict is currently in the beta phase and will soon be released for official testing, with certain diagnostic centers assigned to test the ML tool on patients. After successful testing, it can be released as a commercial version.

The post Lung Cancer detection possible 10 Years prior with AI appeared first on Cybersecurity Insiders.

April 24, 2023 at 10:21AM

Read More

SSE Decoded: Answers to Your Questions About Secure Service Edge

Secure Service Edge works with a variety of network configurations. Is it right for yours?

By Chris Alberding & Evin Safdia

On the heels of another record number of cyberattacks in 2022, including an alarming 13% increase in ransomware attacks, according to a Verizon year-end report, shielding an organization from this very real and escalating risk requires protective measures that work across network configurations out to the network edge, even as the contours of that edge shift. It takes defenses that are as sophisticated, persistent, and adaptable as the would-be attacks and attackers themselves, without requiring or excessively relying upon specialized security talent. Security Service Edge (SSE) fits that profile.

Q-1: What is SSE?

SSE is the security portion of the SASE (Secure Access Service Edge) architecture, which converges networking and security together. SSE converges an organization’s disparate cybersecurity capabilities into a single, cloud-native software stack that protects all enterprise “edges” – sites, users and applications – worldwide.  More specifically, SSE includes:

• Secure Web Gateway (SWG), which defends users against phishing attacks and malicious websites.
• Firewall as a Service (FWaaS), which provides end-to-end traffic segmentation, restricting access to locations, applications and resources.
• Zero Trust Network Access (ZTNA), which ensures secure remote access to applications on-premises and in the cloud for every user, device and location.
• Cloud Access Security Broker (CASB), which controls access to cloud applications, extending enterprise security policies to the cloud and enabling regulatory compliance.
• Next-Gen Anti-Malware (NGAM), which protects connected sites, cloud resources and users against known and unknown malware.
• Managed Detection & Response (MDR), which offers ongoing network monitoring and alerting on compromised endpoints.
• Data Loss Prevention (DLP), which prevents sensitive data and information from leaving the organization, while complying with industry regulations.
• Intrusion Prevention System (IPS), which monitors network traffic and blocks malicious content, providing protection against range of cyberthreats.

A managed service provider can seamlessly maintain the SSE engine, keeping it current against new threats. And the engine operates at line rate regardless of the traffic volume or if it’s encrypted, traditionally a major problem for security appliances.

Q-2: Which types of cyberthreats is SSE designed to protect against?

SSE defends enterprises and their networks against anomalies, threats and sensitive data loss. That includes phishing, malware, ransomware, data theft, and other forms of unwanted access to locations, applications, and resources.

Q-3: What kinds of enterprises are a good candidate for SSE and why?

SSE is for any organization that wants to improve its risk posture and reduce operational overhead, which is to say it’s for everyone. By converging security capabilities, SSE provides deeper security insight than possible with the traditional patchwork of security appliances. And it’s all maintained by a SSE provider, not the enterprise itself.

Q-4: What’s the business case for SSE? What are the benefits?

SSE protects the complete organization – users, sites, and cloud resources. As such, organizations like SSE because it:

• Establishes a global fabric of enterprise-level security connecting all network edges into a unified security platform, enabling consistent policy enforcement.
• Readily scales with business demands and the network.
• Provides line-rate inspection of all traffic, scaled vertically and horizontally, even when traffic is encrypted.
• Reduces IT workloads as a self-maintaining service.
• Fits into any existing network topology, allowing SSE to be adopted gradually.

Q-5: How is SSE different from SASE?

As the security portion of SASE, SSE is independent of the connecting device. Third-party SD-WAN devices, firewalls, or any IPsec-capable device can connect to SSE. With SSE, organizations can benefit from cloud security without impacting their existing network infrastructure. Because of that, SSE is viewed as a seamless migration path to full SASE (with SD-WAN) architecture, if and when an organization is ready.

Q-6: What’s the SSE implementation process like? How easy is SSE to implement?

SSE can be deployed very rapidly without disrupting network operations. In many cases, organizations can be up and running in days. No need for extra hardware to be shipped and installed, or excessive operational overhead.

Q-7: Who manages the various moving parts of SSE? Is that something our organization’s IT department does internally, or can day-to-day management be outsourced?

SSE usually comes as a managed service, which is good news for organizations and their IT and security teams, many of which are running extremely lean. As a single-vendor managed solution, SSE relieves organizations from the burden of integrating, configuring, implementing, monitoring and managing multiple layers of security themselves. Instead, they can hand these responsibilities over to the cybersecurity experts providing the service. Organizations with skilled security experts may opt to select an SSE provider that enables them to co-manage the security policies via a user portal.

With this unique combination of advanced cybersecurity capabilities and turnkey management, it’s no wonder that by 2025, according to Gartner, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.

Chris Alberding is Senior Director for SD-WAN and Security at Windstream Enterprise (https://www.windstreamenterprise.com/). Evin Safdia is the Director of Product Marketing for the Americas at Cato Networks (https://www.catonetworks.com/).

The post SSE Decoded: Answers to Your Questions About Secure Service Edge appeared first on Cybersecurity Insiders.

April 22, 2023 at 01:14AM

Read More

Indian ICICI Bank data breach exposes 3.8 million customer information

ICICI Bank, an Indian bank with a business presence in over 15 countries, has become a victim of a data breach, leaking information of more than 3.8 million customers or 38 lakh customers. The banking giant says that the news of the data breach is false, as its preliminary inquiries have revealed that the available information on the web is fake and doesn’t belong to its customers.

However, the multinational Indian bank is still investigating the incident and may take at least 48 hours to offer confirmed details on the customer info leak.

According to sources reporting to Cybersecurity Insiders, the hackers accessed the information by exploiting a misconfigured cloud data bucket that had critical information stored on it. The information that was accessed via misconfigured servers of the Digital Ocean bucket includes bank account transaction details, credit card numbers, bank statements, full names, DOBs, home addresses, contact details, email addresses, PII docs, and employee CVs.

Passport numbers, driving license details, and PAN details belonging to some of the customers were also accessed by hackers on a fraudulent note.

Unconfirmed sources state that the fraudulent access took place from February 1st of this year, and Know-Your-Customer (KYC) data was also compromised in the incident. As soon as the Indian CERT team alerted the bank staff, they blocked the hackers’ access immediately and took appropriate measures to avoid such blunders in the future.

The ICICI Bank data leak seems to be critical as it can expose customers and staff to spear-phishing attacks.

NOTE: At one point in time, around 15-18 years back, ICICI Bank brought a revolution to the Indian banking sector by introducing online banking services. This made the banking customers in the Indian subcontinent compare the services to the government-run banks, which were later forced to introduce similar services that were never on par with the then services of ICICI Bank. Gradually, things improved, and since 2016, all government banks started matching the online and phone banking services of ICICI Bank, after which it was forced to abide by the rules of RBI for various reasons.

The post Indian ICICI Bank data breach exposes 3.8 million customer information appeared first on Cybersecurity Insiders.

April 21, 2023 at 08:37PM

Read More

Is Twitter Blue Tick removal a data security concern

A few years back, many people started creating fake twitter profiles to propagate fake news and to indulge in an other kind of online crimes. Later Twitter, that is now owned by Elon Musk, took stringent steps to curb the rise of fake profiles by issuing a “Verified Blue Tick” mark to all those profiles that were being created by a company, individual, group or a country.

In March this year, the Tesla Chief made it official that all the blue tick owners need to pay a premium to say to the world that they are still holding an authentic account. It started to charge $7 to those who were logging in via a web browser and $11 to those logging from their mobile phone app via iOS or Android app.

From April 20th, 2023 all those who haven’t paid a fee started loosing their Blue Tick from their twitter profiles. This only suggests that their profiles will from now on not display a tiny tick mark beside their profile.

So, is this blue tick vanish a security concern?

Well, if a blue tick is assigned to a profile, it authenticates that the username and image displayed on the profile are true and verified by the social media company. And if it doesn’t have the blue tick verified badge, there is a high possibility that the profile might be fake.

Do you need to pay the premium for the Blue Tick mark displayed?

Well, for normal postings and those who already have followers, there is no need to pay, as everyone who is following you knows who you are what you are up to. But for the new ones who want to break the internet with viral tweets, having a blue tick mark on their profile makes sense as it brings in a bouquet of benefits, apart from just offering an authenticity to the profile.

What about the fake profiles creation?

Precisely speaking, it is not that easy to create a profile these days, as the company has programmed a few of its servers to catch their fake ones and weed them out of the platform within a few hours of the profile creation. For those created by humans, it can still entertain them for a while. But those being created through virtual machines will land up in the trash bin within a time frame of 9-12 hours from creation. As the content monitoring servers of the company always filter profiles that have single email ids, fake email ids and contact numbers, along with images that do not reciprocate.

The post Is Twitter Blue Tick removal a data security concern appeared first on Cybersecurity Insiders.

April 21, 2023 at 11:43AM

Read More

How Can You Identify and Prevent Insider Threats?

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

If cyber threats feel like faceless intruders, you’re only considering a fraction of the risk. Insider threats pose a challenge for organizations, often catching them by surprise as they focus on securing the perimeter.

There is a bright side, however. Understanding the threat landscape and developing a security plan will help you to mitigate risk and prevent cyber incidents. When designing your strategy, be sure to account for insider threats.

What is an insider threat?

Perhaps unsurprisingly, insider threats are threats that come from within your organization. Rather than bad actors from the outside infiltrating your network or systems, these risks refer to those initiated by someone within your organization – purposefully or as a result of human error.

There are three classifications of insider threats:

• Malicious insider threats are those perpetrated purposefully by someone with access to your systems. This may include a disgruntled employee, a scorned former employee, or a third-party partner or contractor who has been granted permissions on your network.
• Negligent insider threats are often a matter of human error. Employees who click on malware links in an email or download a compromised file are responsible for these threats.
• Unsuspecting insider threats technically come from the outside. Yet, they rely on insiders’ naivety to succeed. For example, an employee whose login credentials are stolen or who leaves their computer unguarded may be a victim of this type of threat.

Keys to identifying insider threats

Once you know what types of threats exist, you must know how to detect them to mitigate the risk or address compromises as quickly as possible. Here are four key ways to identify insider threats:

Monitor

Third parties are the risk outliers that, unfortunately, lead to data compromise all too often. Monitoring and controlling third-party access is crucial to identifying insider threats, as contractors and partners with access to your networks can quickly become doorways to your data.

Consider monitoring employee access as well. Security cameras and keystroke logging are methods some companies may choose to monitor movement and usage, though they may not suit every organization.

Audit

Pivotal to risk mitigation – for insider threats or those outside your network – is an ongoing auditing process. Regular audits will help understand typical behavior patterns and identify anomalies should they arise. Automated audits can run based on your parameters and schedule without much intervention from SecOps. Manual audits are also valuable for ad hoc reviews of multiple or disparate systems.

Report

A risk-aware culture is based on ongoing communication about threats, risks, and what to do should issues arise. It also means establishing a straightforward process for whistleblowing. SecOps, try as they might, cannot always be everywhere. Get the support of your employees by making it clear what to look out for and where to report any questionable activity they notice. Employees can also conduct self-audits with SecOps’ guidance to assess their risk level.

Best practices for prevention

Prevention of insider threats relies on a few key aspects. Here are some best practices to prevent threats:

Use MFA

The low-hanging fruit in security is establishing strong authentication methods and defining clear password practices. Enforce strong, unique passwords, and ensure users must change them regularly. Multifactor authentication (MFA) will protect your network and systems if a user ID or password is stolen or compromised.

Screen candidates and new hires

Granted, bad actors have to start somewhere, so screening and background checks do not eliminate every threat. Still, it’s helpful to have processes in place to screen new hires, so you know to whom you’re granting access to your systems. Depending on the nature of the relationship, this best practice may also apply to third-party partners, contractors, and vendors.

Define roles and access

This may seem obvious to some, yet it’s often overlooked. Each user or user group in your organization should have clearly defined roles and access privileges relevant to their needs. For example, your valuable data is left on the table if entry-level employees have carte blanche across your network. Ensure roles and access levels are well-defined and upheld.

Have a straightforward onboarding and offboarding process

Most organizations have a clear and structured onboarding process for registering and bringing users online. Your onboarding process should include clear guidelines for network usage, an understanding of what will happen in the case of a data compromise (deliberate or accidental), where to report issues, and other security measures.

Just as important – if not more – as onboarding is the offboarding process. Languishing user accounts pose a major security risk as they lay theoretically dormant and unmonitored, and no user in the organization will notice if their account is being used. Ensure swift decommissioning of user accounts when employees leave the organization.

Secure infrastructure

Apply strict access controls to all physical and digital access points across your organization. Use least privileged access to limit accessibility, as recommended above. Opt for stronger verification measures, including PKI cards or biometrics, particularly in more sensitive business areas. Secure desktops and install gateways to protect your environment from nodes to the perimeter.

Establish governance procedures

Security requires everyone’s participation, yet organizations need buy-in from key leadership team members and nominated people or a team to hold the reigns. Establishing a governance team and well-defined procedures will ensure attention to security risks at all times and save valuable time should a breach occur.

The tools of the trade

“Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”

Thankfully, you don’t have to do it all alone. With a data-aware insider threat protection solution, you can rest with the peace of mind that you – and your network – are safe.

The post How Can You Identify and Prevent Insider Threats? appeared first on Cybersecurity Insiders.

April 21, 2023 at 09:10AM

Read More

The Double-edged Sword of Hybrid Work

By Mishel Mejibovski, Head of Operations and Strategy, SURF Security

While some companies insist on going back to their original work practices and are forcing their employees back into the office, many others have realized the benefits of hybrid work models and have adopted them as their new way of operations.

As this trend continues to grow, it inevitably forces companies to invest more resources in end-user security; According to Gartner, spending on security and risk management products and services will grow by 11.3 percent in 2023, reaching an all-time high of $188 billion.

Although remote work has its obvious benefits, such as increased flexibility and productivity, and while most industries made the shift to remote work following the pandemic, it also presents a new set of security challenges.

CISOs are faced with managing and securing new complex IT environments where business-critical applications and communications are spread throughout multiple clouds. Meanwhile, employees and third parties work from any given location and device while constantly opening up new attack surfaces. All this is keeping IT teams awake at night.

Tackling Security Challenges

With employees and third parties accessing applications and data from various locations and networks, both on personal and corporate-owned devices, it has become increasingly difficult to ensure that these assets are protected against unauthorized access and breaches. One of the biggest concerns is the use of third-party devices and networks to access corporate assets. These devices and networks usually don’t have the same level of security as those provided by the company, leaving the assets vulnerable to attacks. Additionally, employees may be accessing these assets from different geographical locations, making it difficult for the company to enforce its security policies and monitor for potential threats.

To address these challenges, companies are forced to implement a variety of security measures to protect their corporate assets, adding to their security stack and making it more difficult to keep up with.

One of the most important requirements is the deployment of a comprehensive DLP strategy. Implementing an endpoint Data Loss Prevention solution enables organizations to protect sensitive data regardless of an endpoint’s physical location. It protects any type of data regardless of where it’s accessed and who’s accessing it. Working from home, or anywhere outside the office, is the new normal, and that is why DLP is so crucial as one of the means for providing a safe environment to work in.

Identity and access management controls are also a foundational security piece. They are crucial in ensuring that only authorized users are allowed access to corporate assets. This can include using multi-factor authentication (MFA) to confirm the identity of users as well as implementing role-based access controls to restrict access to certain assets based on an individual’s job function or level of clearance.

The zero-trust security model has also been gaining momentum for years and has become practically imperative considering the surge in remote working and cloud computing and high-profile cyber attacks taking advantage of new attack surfaces. This can include using network segmentation and micro-segmentation to restrict access to specific parts of the network, as well as implementing software-defined perimeter (SDP) solutions to create a secure and isolated environment for accessing corporate assets.

Web isolation is an integral part of a Zero-trust approach that is widely applied across organizations. It provides businesses with security against web-based threats by isolating their browsing activity away from their physical desktop.

Lastly, SaaS management solutions are becoming increasingly important as SaaS adoption grows exponentially, with 85 percent of organizations expected to become cloud first by 2025 with a market size well over $50 billion and growing. These solutions can help to ensure that all access to cloud-based assets is secure and compliant with company policies and regulations.

Collapsing the Security Stack

The era of hybrid work comes with many benefits, however. Now, the browser is becoming the main OS through which many employees perform most of their everyday tasks. Therefore, companies are finding it necessary to implement a variety of complex security tools to try to keep up with security gaps that occur. As a result, IT professionals and CISOs are having difficulty managing the volume of security tools, not to mention how costly it is with regard to licensing and administration.

Fortunately, there is a way to collapse the security stack into one single control point – the corporate browser. With the browser the first line of defense, the cyber security stack – CASB, VPN, DLP, SWG, and ZTNA – can all be consolidated into one centralized control point. Businesses need to ensure that their team members are able to access corporate data and applications, on-premise and cloud-based, with complete security. Implementing a zero-trust enterprise browser enables to easily track and provide complete authentication, validation, and authorization of team members who need to access only what is relevant to get the job done without interrupting their workflow.

Mishel Mejibovski is Head of Operations, SURF Security, which provides a zero-trust secure enterprise browser. www.surf.security. Mishel has extensive experience in the security space, from physical to technical. He was deputy head of the security department for El Al in the UK and also served in military intelligence for the Israel Defense Force.

The post The Double-edged Sword of Hybrid Work appeared first on Cybersecurity Insiders.

April 21, 2023 at 12:04AM

Read More

Cost of state cyber attacks not to be covered under insurance says Lloyd

Bank of America has expressed its concerns over Lloyd’s recent policy decision to exclude cyber insurance coverage for large corporations hit by cyber attacks funded by adversary states. The decision to exclude such attacks from standard insurance policies is tentative, but the London-based insurance firm is sure that recent developments, such as the 2017 NotPetya attack on the NHS, have made it think twice about including the costs incurred through such incidents under general cyber insurance coverage.

It is still unclear whether the company plans to introduce a separate insurance cover with a title tag and an extra premium to bring such attacks under special cover. As of now, it offers a standard policy under which a company needs to follow all security procedures to be covered under the attack. However, if the attack seems to be motivated by retaliation or ideology, the costs incurred will not be covered in the marketplace.

State-funded attacks are those that are ideologically motivated and not financial. To date, China, Russia, and North Korea have launched such digital invasions either to create political rifts, concerns among the populace (such as the Moscow invasion of Ukraine), espionage, or to steal funds to fulfill nuclear ambitions.

Excluding such invasions might trigger backlash from customers. However, if the financial services offering firm offers clarity, it can face a win-win situation, as any state-backed attacks can bring partial or complete impairment to state infrastructure, leading to a cyber war, with an exclusion mentioned in the cyber policy cover in the fine print.

The post Cost of state cyber attacks not to be covered under insurance says Lloyd appeared first on Cybersecurity Insiders.

April 20, 2023 at 08:31PM

Read More

Pillars of Threat Blocking-as-a-Service

By Pat McGarry, CTO of ThreatBlockr

There are two indisputable facts about the cybersecurity industry right now. One, we are still in the middle of a massive staffing crisis. Two, one of the biggest drivers of this staffing crisis is burnout of security professionals.

A recent study indicates up to 84% of cybersecurity professionals are experiencing burnout. Personally, I was surprised that number wasn’t closer to 100, given what these men and women face on a day-to-day basis.

The past three years have been the gift that keeps on giving to threat actors. Threat surfaces widened with the rise of remote and hybrid work, networks became more vulnerable, and breaches became big business on the dark web.

The technologies we deploy to protect our data have been overwhelmed by a flood of malicious traffic and security teams are forced to respond to more and more alerts from more and more tools, worried that one misstep could result in disaster. Security professionals are not set up for success, which explains why there are 3.4 million cybersecurity roles unfilled worldwide. This is unsustainable.

We can’t keep throwing more of the same kinds of security technologies onto our networks and expecting different results. Threat Blocking-as-a-Service (TBaaS) gets you different results.

Instead of chasing after ever-changing attacks and threats, TBaaS focuses on known threat actors. This model blocks traffic entering the network as well as calls and traffic back out, all autonomously. Importantly, this type of enforcement can only be accomplished by leveraging massive amounts of cyber intelligence to get the clearest picture possible of who the threat actors attacking our networks, users, and data are.

The impact of TBaaS to networks and their security teams is felt instantaneously. We know that 30-50% of the traffic hitting a security stack is coming from IP addresses of known threat actors. Blocking this results in an immediate increase to your security posture while providing a significant boon to the performance of the rest of the security stack. This also eases the pressure on security teams significantly.

The idea of TBaaS – using cyber intelligence to block known threat actors from entering or exiting the network – is so simple that people assume their security stack technologies are already doing that. Unfortunately, without TBaaS, they aren’t. Threat Blocking-as-a-Service stands on five pillars that make it effective:

• Visibility
• Risk management
• Consolidation
• Budget

Every other tool in the modern security stack might have one, two, or maybe three of these assets, but TBaaS is the only one that combines all of them. Let’s dive into why this holistic approach makes such a difference.

Visibility

The threats coming in and out of our networks are constantly changing. Where we patch for one type of attack, threat actors deftly evolve more, each time adding layers of obfuscation and complexity. Most of these threat actors are well-funded – often by nation-states – which is of course why they have the resources to inflict such harm and adapt their methods so rapidly.

However, the constant in this discussion is not the “what” of the attacks but rather the “who.” Who are sending these attacks? And where are they?

The cyber intelligence community is comprised of government, open source, and private enterprises who research answers to those two pivotal questions. The TBaaS model is based on the idea of “the more intelligence the better” and ingests intelligence feeds and lists from anywhere with up-to-the-minute updates. This provides as much visibility as possible into the threat landscape, which in turn allows for significant network, user, and data protection.

Defense

Currently, the majority of threat intelligence is leveraged in the “detect/respond/recover” functions of a security stack. Make no mistake: utilizing threat intelligence in this space is essential. However, failing to leverage the full power of threat intelligence ahead of a breach has left systems open to breaches. As such, TBaaS is very much a “left of boom” technology.

Utilizing massive amounts of cyber intelligence to block traffic to and from known threat actors is the true defense for any network, and the second pillar of TBaaS.

Risk management

One of the most pivotal concepts in cybersecurity is redundancy: we create overlapping protections so one piece’s failure doesn’t mean system failure. For decades, however, the “identify and protect” piece has been filled by one single technology: the firewall. Firewalls were never built to handle either the amount of traffic thrown at them nor the amount of encrypted traffic they would have to parse.

The TBaaS model instead welcomes other tools and technologies, but also reduces risk by creating a true protection model.

Consolidation

No matter how great all your technologies are, if they aren’t talking to each other you’re headed for disaster. Another pillar of TBaaS is the consolidation of information: not just ingesting and acting on cyber intelligence, but also feeding its own actions and logs into the rest of the security stack to utilize. This type of data consolidation can reduce multiple alerts as well as aid in the “detect/respond/recover” phases if an unknown threat makes its way into the network.

Budget

One of my colleagues loves to ask people when making cybersecurity budget decisions: what is your budget for ransom? Because the truth is, unless you’re actively blocking known threat actors, it’s not a matter of if a breach happens, but when, and how often.

Cybersecurity budgets are tight, which is why another pillar of the TBaaS model is budgetary value. Of course, the solution itself should be affordable, but it also alleviates other issues causing budget headaches.

• Autonomous. Operates and updates without the need for staff to monitor, reducing the strain on the security staff.
• Reduce known-bad traffic hitting the security stack. Optimizing performance for the rest of the security stack.
• Reduce alerts. This also helps relieve the burden placed on expensive in-house cybersecurity staff, as well as help to avoid alert fatigue.

Clearly, what we’re doing as an industry isn’t working very well. Threat Blocking-as-a-Service is a paradigm shift in the industry to solve that conundrum. Sometimes it’s the simplest solutions that we can’t believe we weren’t already doing. By focusing on stopping the threat actors, by definition you stop all of the threats they present. That is Threat Blocking-as-a-Service.

The post Pillars of Threat Blocking-as-a-Service appeared first on Cybersecurity Insiders.

April 20, 2023 at 07:59PM

Read More

Trending Google news headlines on Ransomware, Penalties and Espionage

1.) AhnLab, a South Korean cybersecurity firm, has issued an alert about a ransomware attack on Microsoft SQL Servers that are being bombarded with Trigona Ransomware payloads meant to encrypt files after stealing data. Hackers induce the same ransomware via brute force or dictionary attacks, where hackers use easy-to-guess credentials to bypass logins. Trigona was first spotted in October 2022 by MalwareHunterTeam, who analyzed the possibilities and concluded that the malware-spreading gang uses Monero Cryptocurrency from their victims to offer a decryption key in exchange.

2.) Real estate firm OrangeTee & Tie has been slapped with a fine by Singapore’s Personal Data Protection Commission (PDPC) after the company failed to protect its user data, leading to a breach of information related to 25,000 customers and employees. This includes details such as names, bank account numbers, transaction details of the property, and ID card details. ALTDOS, a hacking group from Southeast Asia, was behind the incident, and it is known that the group of threat actors demanded 10 BTC for the return of the information, along with an assurance that no stolen data would be published online thereafter. After learning about the facts of the cyber incident, PDPC slapped a fine of $37,000 on the property firm for failing to take proactive security measures in advance to prevent data from being spilled from over 11 databases.

3.) Blind Eagle, an espionage actor speaking Spanish, is linked to the cyber attacks launched on the private and public sector in Colombia, Spain, Chile, and Ecuador. Security firms Check Point and BlackBerry have discovered that the threat actors group uses spear-phishing campaigns to deliver commodity malware such as AsyncRAT and BitRAT. Also known as APT-C-36, the group is financially motivated and has been found launching promiscuous attacks against citizens in South America since 2018.

The post Trending Google news headlines on Ransomware, Penalties and Espionage appeared first on Cybersecurity Insiders.

April 20, 2023 at 10:35AM

Read More

Facebook introduces new AI model capable of detecting objects in images

Meta, the parent company of Facebook, has introduced a new AI model to the world that can identify objects in an image. The newly developed AI model is known as the “Segment Anything Model” (SAM for short) and can understand objects inside images and videos.

The ability to detect specific objects is called segmentation, and Meta seems to be democratizing its AI development for analyzing objects on ocean floors, various underwater photography sceneries, space, and country borders.

According to the press release made by Meta last week, the accurate segmentation technology is an AI-trained infrastructure model induced with large amounts of data to perform specialized tasks.

The WhatsApp parent company says that SAM and its Segment Anything 1-billion mask dataset (SA-1B) are available under a permissive open-license framework for research, and the dataset has approximately 11 million licensed and privacy-preserving images in its final dataset.

Now, the big question is, what if this technology falls into the wrong hands? Criminals can use this tech to find out objects and things from selfie photos taken in bedrooms and restrooms by celebrities and then blackmail them.

NOTE – Irrelevant to the article topic, we have received info that the social media networking giant is planning to start a fresh round of layoffs. In this layoff spree, about 4,000-4,500 employees across the world can receive the “pink slip,” starting from April 20th of this year. Mostly, those working in the technical departments of FB, Instagram, Reality Labs, and WhatsApp will be affected. Those involved in various AI projects are safe for now, and new hirings are on the horizon. American news resource Vox was the first to report this development and expects that the layoff email will be sent to employees in the early hours of Thursday between 4:00 am to 5:00 am. This was an expected move, especially after the Meta founder Mark Zuckerberg announced in March this year that his company intended to eliminate around 10,000 jobs in the next 3 months. Interestingly, in February this year, Amazon announced its plan to lay off around 9,000 employees and is anticipated to divert the investments to the development of AI models.

The post Facebook introduces new AI model capable of detecting objects in images appeared first on Cybersecurity Insiders.

April 19, 2023 at 08:35PM

Read More

Over 25 billion email address and phone numbers available on dark web and Putin hacking British Power Network

Precisely speaking, the heading is related to two different articles with different stories. The first one goes as follows: According to a study conducted by Digital Shadows Photon research team, and their report dubbed “Account Takeover in 2022,” about 25 billion email addresses and phone numbers, along with an equivalent number of credit card details and related logins, are available on the web. Surprisingly, most of the data has been sold and used in multiple cyber attack campaigns, with only a small number of bank account credentials and healthcare data being utilized.

Websites embedded with scanning tools and various mobile applications are paving the way for hackers to collect and harvest data as per their needs, and website URLs like ID Security and Have I Been Pwned can be used by concerned people and authorities to check whether their email or phone number is being used or sold on the dark web.

For those who are extremely concerned about their data leak, they can use other services such as Aura, LifeLock, and ID Watchdog by paying $10 a month. These services, and others like them, can keep a constant tab on the dark web and check whether your data is being used for any criminal activity or such.

No matter how much you try, one thing is for sure: we cannot do anything if the credentials leak onto the dark web. However, changing our password at regular intervals like 7-10 days and generating a password with a mixture of at least 15-18 alphanumeric characters, along with one or two special characters, can help prevent criminals from breaking into our accounts.

Coming to the second news, the UK’s National Cyber Security Centre has issued an official cyber threat notice that Kremlin-aligned hacking groups, such as Killnet, will try their best to disrupt the power utilities operations in and around the UK. The threat notice was extended to other countries in Europe, as Putin has put them at the top of his country’s foe list.

Posting the same on a prominent social media platform, Oliver Dowden, the Cabinet Minister of Britain’s Infrastructure, confirmed the news that ‘Wagner’s’ will launch devastating attacks to disrupt and destroy the entire energy sector across the UK, but assured that the country’s cyber army was well prepared for such invasions and is excellently equipped to thwart such attacks to the core.

The highlight is that Britain now has the potential not only to defend its infrastructure but also to launch retaliation-filled attacks leading to dismantling Russia from all spheres.

The post Over 25 billion email address and phone numbers available on dark web and Putin hacking British Power Network appeared first on Cybersecurity Insiders.

April 19, 2023 at 10:38AM

Read More