The Evolution of Financial Fraud

By Greg Woolf, CEO of FiVerity

The marriage of fraud and artificial intelligence (AI) is lethal. Right now, fraudsters are upping their games, leveraging new and innovative tools such as ChatGPT and Generative AI to wreak havoc on the financial world. Their goal? To create deep-fake personas that look so authentic that financial institutions are granting them loans, allowing them to open accounts, approving transactions, the list goes on.

Adding insult to injury, most don’t realize the damage inflicted upon them until it’s too late. This is the new reality financial institutions face today thanks to AI, which not only allows criminals to create deep-fake or synthetic personas but makes the process easier than ever.

This is troubling on many levels.

First, as I mentioned above, these fraudulent identities are virtually undistinguishable from authentic ones, and discerning the difference is a challenge, even to the trained professional. Here’s why—deep fake IDs include a long credit and payment history, exactly the information an institution would see with all their legitimate customers. Exacerbating the issue is that fraudsters are turning to algorithms to quickly create multiple deep-fake personas, which they can refine continually using AI to avoid detection.

Add it all up, and it’s no surprise that fraudsters are achieving significant levels of success and becoming more and more aggressive—according to a TransUnion 2023 State of Omnichannel Fraud Report, digital fraud attempts have increased 80% from 2019 to 2022, while rising 122% for digital transactions originating in the U.S. during that time.

You don’t need to be an expert to realize that the success of fraudsters spells trouble for financial institutions.

• First and foremost are the financial losses that stem from defaulted loans, charge-offs, and more.
• Next comes damaged reputations, which can tarnish a business where trust is one of THE key attributes that customers value most—how can a consumer be expected to choose a financial institution making front-page news because it was defrauded by deep-fake personas?
• And don’t forget compliance. Financial institutions are required to verify the identity of their customers to prevent fraud, money laundering, and other financial crimes. Any failure to meet these mandates can come with a hefty fine and penalty.

Going From Bad….to Worse

If you think the above scenario sounds ominous, I have bad news. It’s only going to get worse. That’s because technology never sits still. It’s always advancing and growing in sophistication, and incidents of digital catfishing and identity fraud will reach new levels as fraudsters leverage these advancements. This will manifest itself in different ways. One will be the use of deep-fake biometric data. This includes facial recognition or voice prints. The result would be a deep fake persona that is convincing on multiple levels, on paper and in person. Just imagine the challenges businesses will face trying to distinguish the fraudulent from the legitimate.

Criminals will also leverage AI to automate the creation of synthetic identity creation. The result would be hundreds to thousands of deep-fake personas being created and used simultaneously. This scale would be unlike anything we have ever seen before.

Fighting back 

Fighting back starts with collaboration. Financial institutions must be committed to sharing information on known fraudsters and intelligence on suspicious transactions. By pooling the resources and expertise of all these institutions, they can identify emerging patterns and trends and better detect digital catfishing and identity fraud ways that aren’t possible with information siloes.

Working together, they can also devise best practices. This should include everything from how to best share data and intelligence, how to act before an incident causes significant financial losses, and how to prevent these incidents from happening in the first place.

For anyone wondering what will support this collaborative mode, your best bet is a centralized platform that enables the safe, secure, and real-time sharing of fraud data. The platform should leverage AI and machine learning algorithms, and here’s why. AI and ML make it possible for businesses to analyze huge libraries of data to detect patterns and anomalies that may indicate fraudulent activity. Some key use cases that can help spot fraud include:

• Dynamic Profiling: Implement a system that dynamically profiles user activity and attributes such as name, email address, zip, and state. This means not merely looking for hard matches but understanding the normal behavioral patterns of users to spot anomalies.
• Multi-Attribute Analysis: Why look at a single attribute when you can examine multiple attributes and the interrelationship between each? For example, a change in email address alone might not raise a flag. Many of us use more than one email address. But when that switch coincides with a change in state, further investigation may be necessary.
• Machine Learning Adaptability: Leverage adaptive machine learning algorithms to gain insights from the constantly shifting tactics. As you gain new levels of knowledge, take what’s been learned and update detection protocols.
• Time-based Monitoring: Implement time-based flags that trigger alerts when sudden changes in key attributes are made in a short timeframe. This helps to enable fast action while freeing teams from spending countless hours sifting through data to identify fraudulent activity.

All of these capabilities are hugely valuable, but I would be remiss if I didn’t spotlight your biggest resource in this fight, your fraud analysts. At the end of the day, the intuition of these experts is invaluable. We encourage businesses to continue plugging into their knowledge experience to conduct periodic manual reviews, especially in cases that the system flags as borderline.

At the end of the day, financial services businesses face a highly sophisticated threat that is escalating in frequency. This is not a battle that can be one in isolation. It required action that is equal parts collaboration and a commitment to tapping into the latest innovations. By gaining a better understanding of fraudsters, they can identify patterns as well as fraudulent accounts that can not only take preemptive action but also collaborate on methods to stay ahead of the ever-evolving threat landscape of digital fraud.

The post The Evolution of Financial Fraud appeared first on Cybersecurity Insiders.

November 01, 2023 at 12:00AM

Read More

India witnesses biggest data breach of Aadhaar details via ICMR

Aadhaar, the unique identification number issued to every Indian citizen, has recently made headlines for all the wrong reasons. There are alarming reports suggesting that the personal information of approximately 815 million citizens was illicitly accessed by hackers through the Indian Council of Medical Research (ICMR) website, which maintains records of Covid-19 vaccination details for the public.

The ICMR, short for the Indian Council of Medical Research, fell victim to a security breach in September of this year. Allegedly, an actor known as ‘pwn001’ successfully gained unauthorized access to this data and subsequently posted it on a discussion thread within Breach Forums.

The breach is particularly concerning as the hacker claims to have sourced data on over 81.5 crore (815 million) Indian residents from a website related to citizen information. To put this into perspective, the leaked data pertains to roughly half of India’s total population, which stands at a staggering 144 crore citizens, or 1.40 billion people.

What makes this UIDAI data breach even more troubling is the wealth of information the hacker managed to obtain. In addition to Aadhaar numbers, the breach includes names, phone numbers, addresses, and passport data of Indian citizens. Such comprehensive personal information can potentially be exploited by cybercriminals to orchestrate phishing attacks and other malicious activities.

In response to this alarming breach, the Information and Broadcasting Ministry of India has reported that the Central Bureau of Investigation (CBI) is currently investigating the details of the data breach. The CBI launched this inquiry following a complaint filed by the ICMR. The Ministry has pledged to provide further information once a thorough investigation has been completed.

It is worth acknowledging the efforts of Resecurity, a cybersecurity firm based in Los Angeles, for initially bringing this significant breach to public attention. Their responsible disclosure of this information through proper channels has played a crucial role in shedding light on this serious security incident.

The post India witnesses biggest data breach of Aadhaar details via ICMR appeared first on Cybersecurity Insiders.

October 31, 2023 at 08:36PM

Read More

Ransomware news trending on Google

1.) A ransomware group known as “Play” has recently issued a concerning statement. They have threatened to release the personal details of more than 8,600 Dallas County employees on the dark web unless their ransom demands are met. To add weight to their threat, the hackers have shared several screenshots that display personal information belonging to employees from various county departments.

The Play ransomware group is not new to the world of cybercrime and has a history of targeting corporate entities, often demanding large sums of money. In this latest incident, they have successfully infiltrated a government department in the early weeks of October and extracted sensitive employee data.

Dallas County’s IT department chose not to comply with the ransom demands, prompting the Play Ransomware Gang to issue a warning via Telegram. They have threatened to publicly auction the stolen data, leaving the personal information of over 8,000 employees vulnerable to social engineering attacks, such as phishing.

The exact method by which the “Play” group gained access to the network remains uncertain. However, some reports suggest that the breach occurred when the criminals obtained a staff member’s credentials through a brute force attack.

Dallas County officials have committed to taking all necessary steps to prevent such cyber incidents from recurring. They are closely monitoring the situation with the assistance of forensic experts and have implemented measures to mitigate the risks associated with the attack.

It is important to note that the “Play” group is known for disabling anti-malware solutions on target networks, stealing information, and encrypting files. Their modus operandi involves double extortion, where they demand payment from victims under the threat of publishing stolen data. They have a history of exploiting vulnerabilities in ProxyNotShell, OWASSRF, and Microsoft Exchange Servers to install malware. This group is not just an information thief; it can also function as a data wiper with a simple command from the hacker. There are also links between “Play” and now-defunct criminal groups such as Conti and Hive Ransomware, with their encryption code matching that of the Quantum Ransomware group.

2.) In another cyber incident, Stanford University is currently investigating a claim made by the Akira Ransomware group on October 27, 2023. The group stole approximately 430GB of sensitive data, marking another instance of a cyberattack on the university. Earlier in the year, the Clop Ransomware group exposed their theft of information from Stanford through a server compromise. In 2021, the university fell victim to a digital infiltration when hackers exploited a vulnerability in Accelion FTA to gain access to its servers.

3.) Lastly, the White House is in the process of formulating a policy to share ransomware-related data with its international allies. This policy will encompass information about collected ransoms, attribution of the attacks, and the associated risks. It will also emphasize that victims should refrain from paying ransoms, as such payments encourage criminal activities and do not guarantee the return of decryption keys.

The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.

October 31, 2023 at 10:30AM

Read More

Kaspersky Uncovers ‘Operation Triangulation,’ a Threat to iOS Devices

Russian cybersecurity firm Kaspersky has uncovered a new threat called ‘Operation Triangulation,’ revealing that it infects iOS devices, including iPads and iPhones. This revelation came during the Security Analyst Summit (SAS) in Phuket, where Kaspersky also released a technical paper detailing the vulnerability that online criminals may have already exploited.

For a long time, it was widely believed that Apple devices were impervious to breaches by criminals. However, it has now come to light that threat actors can gain control over the physical memory of these devices and take command.

According to a report by Kaspersky’s Global Research and Analysis Team (GReAT), those involved in ‘Operation Triangulation’ are disseminating zero-click exploits through iMessages and the Safari web browser.

Apple Inc. has responded to this newly discovered issue by issuing a fix in its latest software update. In addition, the company has urged users to keep their device software up to date and cautioned against clicking on suspicious links sent by unknown sources through email, messages, or calls, as this can lead to the leakage of sensitive information.

For all the MacBook and iPhone enthusiasts out there, an exciting event titled “Scary Fast” is on the horizon, scheduled for October 30, 2023. This event promises the best Halloween deals of the season from the technology services provider, and you can catch a glimpse of it through Apple TV devices, YouTube streaming, or the official website.

The post Kaspersky Uncovers ‘Operation Triangulation,’ a Threat to iOS Devices appeared first on Cybersecurity Insiders.

October 30, 2023 at 10:54AM

Read More

LockBit Ransomware Group Targets Boeing with Data Threat

LockBit, a notorious ransomware gang, has recently set its sights on the aerospace giant Boeing, initiating a double extortion attack and threatening to unveil stolen data on or after November 2, 2023. In a brazen move, the criminal group has publicly disclosed that they’ve gained access to sensitive company information and are prepared to auction off this valuable data unless Boeing’s IT department complies with their demand for a multimillion-dollar ransom.

According to the United States Cybersecurity and Infrastructure Security Agency (CISA), LockBit stands out as one of the most active Russian-speaking cybercriminal organizations in 2023. Their audacious exploits have targeted over 1,700 American multinational corporations, accumulating an astonishing $93 million in ill-gotten gains from January 2020 to January 2023.

Boeing, a prominent commercial aircraft manufacturer, has not yet officially responded to LockBit’s claims. However, the company has pledged to provide a comprehensive update by the coming weekend, citing ongoing internal investigations as the reason for the delay.

This incident is reminiscent of LockBit’s earlier breach of the technology firm CDW in August of this year. The breach may have led to the exposure of additional data belonging to CDW’s clients and partners, with Boeing potentially being among the affected parties, now ensnared in a ransomware quagmire.

Boeing, known for its role in designing, manufacturing, and distributing airplanes, rotorcraft, satellites, telecom equipment, and missiles worldwide, also provides critical product support services to numerous government defense contractors across the globe.

The extent and nature of the data in the possession of the LockBit criminal gang remain uncertain. The full scope of the breach may only become apparent when the group decides to release a selection of screenshots or other evidence of their ill-gotten information.

The post LockBit Ransomware Group Targets Boeing with Data Threat appeared first on Cybersecurity Insiders.

October 30, 2023 at 10:53AM

Read More

Email Security in the Remote Work Era

“Is your email safe? Think again.” Every day, we send and receive over 333 billion emails worldwide, with the average employee managing 120 of them daily. But, did you know that 94% of cyberattacks start with a malicious email? In 2022 alone, cybercrime cost businesses more than €9.6 Billion, with business email compromise taking the lion’s share of the damage. Don’t become an example!

As a result, we’ll delve deep into the most recent developments in email security. We’ll look at the most recent technologies and approaches for keeping emails secure. Additionally, we will discuss some recommended strategies that you can implement to ensure the highest level of security for your email. The proliferation of remote work has elevated the significance of email security to an unprecedented degree. It is critical to investigate every potential security measure that can safeguard our data and maintain the integrity of virtual environments.

Let’s take action and safeguard your business from cybercriminals today!

Why Email Security Matters?

“Your email is under attack, and here’s why.” In our digital world, email is a primary communication tool, but it’s also the number-one threat vector for cyber attacks. Criminals are constantly finding new ways to exploit email vulnerabilities. According to Verizon, 94% of malware is delivered via email. An additional 96% of spoofing attacks begin with an email, according to a Cisco report. However, email security involves more than just technology. In addition, training and awareness are crucial. According to a report by Terranova, 67.5% of individuals who click on a fraudulent link are likely to divulge their credentials. We shall examine the essential measures that must be implemented in order to safeguard one’s email, organization, and self against these perils.

Thus, it is essential to emphasize the significance of having a comprehensive and effective email security strategy. It is essential to maintain business operations and safeguard against potential hazards.

What Are The Types of Email Security Tools?
There’s a vast array of email security tools out there, each designed to tackle the multitude of threats that lurk in your inbox. Let’s break down the most essential features:

• Spam Filter: No one likes spam, right? A spam filter works tirelessly to keep those pesky, often dangerous, unwanted emails out of your inbox.
• Anti-Phishing: Anti-phishing tools work like your personal detective. Sniffing out the subtle signs of phishing scams to keep your inbox clean and safe.
• Data Encryption: Encryption is the superhero of email security. Protecting your sensitive information from prying eyes as it travels across the web.
• Antivirus Protection: Think of antivirus as your inbox’s bouncer. This helps to stop malware-laden phishing emails from ever stepping foot inside.
• Content and Image Control: It ensures that everything in your corporate emails is appropriate and followed by company policy.
• URL Rewriting/Click-Time Protection: These clever tools are like your personal guide in a minefield, ensuring you don’t step on any malicious links.
• Data Loss Prevention (DLP): DLP acts as your own personal security guard, preventing sensitive data from being shared with the wrong people.
• Content Disarm & Reconstruction (CDR): CDR is like a meticulous editor, removing any malicious bits from documents before they reach your inbox.
• Clawback: Your safest bet on slip-through threats. Clawback is your safety net, pulling back harmful emails even after they’ve landed in your inbox.
• Image Analysis: Image analysis acts as your decoder ring for some code can be hidden in images. It helps reveal and block any hidden threats.
• Archiving: Archiving is your library of past emails, making sure you’re in compliance with any relevant regulations.
• Sandboxing: Allowing you to see if anything harmful is cooking up, all without any risk to your main course – your organization.
• Artificial Intelligence (AI)/Machine Learning (ML): Think of AI and ML as inbox’s smart assistants, using patterns and trends to block any malicious content that tries to sneak past your defenses.

Benefits of Email Security:

Securing your emails is essential for safeguarding important information and preventing damaging data breaches. Email security offers several key advantages:

1. Protection from phishing and spoofing: These measures can detect and mitigate threats such as phishing or spoofing attacks. These attacks could result in severe breaches and potential malware or virus infections.
2. Prevention of data breaches: By encrypting emails, you can avoid accidental exposure and help prevent costly data breaches. This ensures that confidential details like credit card numbers, bank accounts, and personal information remain secure.
3. Enhanced confidentiality: Email encryption ensures that only the designated recipients can access the content of your emails. This enhances confidentiality.
4. Detection of malicious and spam emails: Email security can identify harmful or spam emails that might bypass your mail system’s spam filter. This protects your accounts from potential threats.
5. Compliance with regulations: Encryption services can assist businesses in meeting industry-specific regulations. They also help in avoiding potential risks.
6. Safeguarding sensitive data: Email security protects vital information such as intellectual property, financial records, and top-secret company data. This keeps the data safe from hackers and cybercriminals.
7. Real-time protection: With anti-malware and anti-spam features, email security solutions provide real-time protection. They shield you against emerging threats.
8. Prevention of compromised accounts and identity theft: Email encryption can help prevent attackers from stealing login credentials, and personal data. It also stops them from installing malware on your system.

What are Email Security Policies?

Email security policies are a set of rules created to safeguard your messages from the prying eyes of cybercriminals. They act as a protective shield, ensuring that all confidential messages within your organization’s network remain confidential.

Why are Email Security Policies Important?

Tailoring your email security policies is crucial for protecting sensitive data. And ensuring it’s available to users, affiliates, and business partners when needed. Especially important for organizations that follow regulations like GDPR, HIPAA, or SOX, or adhere to security standards like PCI-DSS.

Key Components of Email Security Policies:

• Strong Password Requirements: Your first line of defense is a solid password. Make sure it’s complex, unique, and changed.
• Multifactor Authentication (MFA): MFA adds an extra layer of armor to your accounts, requiring many forms of identification to gain access.
• Email Encryption: This handy tool minimizes the risks of data loss and policy violations, all while keeping the business communication flowing.
• Email Attachments: Be selective about the file types you allow as attachments and use scanning tools to fend off any malware.
• Security Awareness Training: Train your team to be email detectives! They should only interact with links and attachments from trusted sources.
• Regular Software Updates: Stay ahead of the game by regularly updating your email security software.
• Data Retention: Set clear guidelines on how long emails should be stored and when it’s time to hit the delete button.
• Secure Email Gateway (SEG): An SEG acts as the gatekeeper of your email stream, blocking any unwanted messages while making sure sensitive data stays put.

Conclusion

As remote work becomes more prevalent, email security has become more important than ever before. By implementing two-factor authentication, you enhance your email security. Using email encryption protects your communications from being intercepted. Undergoing security awareness training prepares you to recognize and avoid cyber threats. Regular software updates are crucial in maintaining security. A secure Wi-Fi network helps protect your online activities from prying eyes. Strong, unique passwords are essential to safeguarding your accounts and digital communications.

Remember, the best defense against email security threats is a proactive approach. Educate yourself, be skeptical of unsolicited emails, and always be wary of email links and attachments. By taking these steps, you can enjoy the benefits of remote work. At the same time, you will keep your digital communications secure and protected.

 

The post Email Security in the Remote Work Era appeared first on Cybersecurity Insiders.

October 30, 2023 at 01:53AM

Read More

Five Canada Hospitals hit by cyber attack, ransomware suspected

Transform, a prominent IT, accounts, and managed service provider dedicated to providing digital support to over five hospitals in Ontario, Canada, is currently under suspicion of being targeted in a cyber attack. Unconfirmed sources suggest that the hospital services have been disrupted since the beginning of this week, and the recovery process may extend for approximately 10 days.

While there has been no official statement regarding the nature of this cyber attack, an unverified source has hinted that it could potentially be a variant of ransomware.

The cyber attack on Transform has had a substantial impact on the operations of five hospitals, namely: Windsor Regional Hospital, Hotel Dieu Grace (not to be confused with a hotel, as it is a medical facility with over 300 beds that also provides mental health services), Erie Shores Healthcare, Windsor Essex Hospice, and Chatham Kent Health Alliance.

The attack has disrupted patient care and appointment schedules, with recovery efforts expected to take a considerable amount of time for the affected healthcare organizations.

In response to the incident, law enforcement agencies, in collaboration with a security firm, are actively investigating the matter.

Cyber-criminals targeting healthcare institutions for data breaches or service disruptions have become increasingly common. In such scenarios, threat actors often seek financial gain through ransom demands or aim to damage an organization’s reputation among its customers, partners, and competitors.

It is important to note that as businesses continue to embrace digital transformation, they are at an elevated risk of falling victim to cyber attacks. Despite their best efforts to fortify their defenses, the quest for an absolute solution against cyber threats remains a challenge.

The post Five Canada Hospitals hit by cyber attack, ransomware suspected appeared first on Cybersecurity Insiders.

October 27, 2023 at 08:31PM

Read More

Hunter International Ransomware Group hacks plastic surgery clinic

A newly emerging ransomware group, known as Hunter International, has recently targeted a plastic surgeon’s office, raising concerns by threatening to expose sensitive photographs of patients who have undergone facial surgery procedures at the clinic’s branches in Beverly Hills and Dubai.

Dr. Jaime Schwartz, the US-based surgeon, has reached out to law enforcement agencies to report the cyber-crime and is offering full cooperation to aid in the pursuit of the criminals. Dr. Schwartz remains resolute in refusing to comply with the ransom demands. Unfortunately, the situation is complicated by the fact that while the stolen data can be restored from backup systems, once the criminals gain access to it, there is no guarantee they will delete the information, despite their initial promises to do so in exchange for a payment.

Sources close to our Cybersecurity Insiders have revealed that the attackers infiltrated the clinic’s computer network several months ago and seized over 249,000 files, including sensitive patient information such as names, addresses, photos, and video clips.

The Hunter International Group, which appears to have ties to the now-defunct Hive Ransomware, has taken an aggressive stance. They have begun sending mass emails to the doctor’s clinic and have posted before-and-after photos of patients who underwent surgery. These tactics are intended to exert pressure on Dr. Schwartz to meet their demands. Adding to the distress, the group has also threatened to directly contact the affected patients to extort money if the doctor and his staff fail to meet the ransom demands promptly.

It remains uncertain whether the group’s claims about the leaked data are accurate, as the identities of the patients have not been disclosed. Moreover, there is no confirmation that the leaked photos and videos are indeed from Dr. Jaime Schwartz’s clinic, known for its reputation in reconstructing the facial features of patients who have experienced accidental damage.

Cyber-criminals are highly motivated to seize and sell this sensitive data due to the potential for lucrative extortion. As a result, victims are placed under significant pressure to pay the ransom at any cost. The situation is ongoing, and law enforcement agencies are actively working to trace the attackers and secure the compromised data.

The post Hunter International Ransomware Group hacks plastic surgery clinic appeared first on Cybersecurity Insiders.

October 27, 2023 at 11:28AM

Read More

Ransomware news headlines trending on Google

BHI Energy recently issued a statement revealing that its servers fell victim to a ransomware attack orchestrated by a group known as Akira in June of this year. The breach was not detected until July. The attackers gained unauthorized access to the company’s network by exploiting a vulnerability in a VPN connection, resulting in the exposure of sensitive information belonging to approximately 896 residents of Iowa.

The compromised data included a range of personal information such as social security numbers, health records of Iowa citizens, full names, and dates of birth. BHI, a subsidiary of Westinghouse, emphasized that no financial data was compromised during the breach. To address the security breach, the energy service provider swiftly took action by offering a 24-month Experian credit monitoring service to the affected individuals free of charge.

In another cybersecurity incident, Grupo GTD, a telecommunications company, disclosed that it had fallen victim to a cyber attack targeting its Infrastructure as a Service (IaaS) platform. This attack severely disrupted its services over an extended period. The company, which provides IT managed services, data center services, and telecommunications solutions, confirmed that the attack was carried out by the Rorschach Ransomware group, which locked down access to critical data and applications necessary for the company’s operations.

Chile’s Computer Security Incident Response Team, in collaboration with other law enforcement agencies, has initiated an investigation into the incident. Forensic experts have been enlisted to assist in the probe. Research conducted by Check Point confirmed the sophistication of the Rorschach Ransomware group, revealing that it can encrypt a database in as little as four minutes.

Moving on to the global cybersecurity landscape, Malwarebytes released a report indicating that the United States is the primary target for file-encrypting malware attacks. Criminals are drawn to targeting U.S. companies due to the nation’s strong economy and the favorable exchange rate of cryptocurrencies against the U.S. dollar. Among the 1,900 reported attacks worldwide, 43% were directed at U.S. companies. Notably, many of these attacks were attributed to notorious groups such as Clop, Revil, Darkside, and Conti. Their primary focus is on stealing valuable data, including emails, documents, photos, and videos.

Lastly, there is news concerning Akumin, a Florida-based radiology service provider. The company, which specializes in providing imaging solutions, has filed for Chapter 11 bankruptcy protection as it grapples with a debt burden of approximately $470 million. While the specific details of this financial crisis remain unclear, Akumin recently acquired a healthcare company and cited the accumulation of debt due to higher interest rates as a contributing factor.

The cybersecurity landscape is fraught with challenges, as evidenced by these recent incidents. While companies often experience disruptions of varying durations, the case of Akumin marks a unique occurrence with the filing for bankruptcy as a result of financial strain.

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

October 26, 2023 at 09:08PM

Read More

How to craft a password meticulously

In today’s digital landscape, many online service providers offer the convenience of using a single password across multiple services. A prime example of this is Google, which allows users to access various platforms like Gmail, Drive, Google Photos, Maps, Sheets, and more with a single login. In this era of interconnected digital services, the art of creating a strong password has become paramount, as a single misjudgment can expose an innocent online user to potential hacking threats.

Here are some valuable tips for crafting a robust and cybersecure password:

1.) Resist Predictability: Gone are the days when hackers relied on basic personal details like birthdates, favorite foods, or colors to guess an individual’s password. Modern cybercriminals employ Artificial Intelligence-powered software to streamline this process. Such tools employ vast datasets, including common phrases, foods, birthdates, and color combinations, to rapidly deduce passwords through permutations and combinations. Therefore, it’s crucial to avoid passwords that are easily guessable, such as the names of celebrities or favorite sports teams.

2.) Opt for Passphrases: Consider using a passphrase as your password—a combination of words that is memorable for you but challenging for cybercriminals to crack. For example, “ilikechickennoodles” is a passphrase that is easy for you to recall but highly unlikely for a hacker to predict.

3.) Length Matters: The National Institute of Standards and Technology (NIST) recommends creating passwords that are between 18 to 60 characters in length. However, excessively long passwords like a Bitcoin token might be difficult to enter accurately and may result in errors. NIST also advises allowing spaces between words and the use of special characters, as this greatly increases the time it takes for a threat actor to guess your password.

4.) Avoid Frequent Changes: Contrary to some conventional wisdom, frequently changing your password by just altering a character or interchanging a few characters can be counterproductive. It’s often more effective to maintain a consistent but strong password.

5.) Utilize a Password Manager: Password managers, while valuable for personal use, may not be suitable for enterprise-level security needs. Threat actors have demonstrated the capability to exploit vulnerabilities in password manager software to access sensitive information.

6.) Implement Multi-Factor Authentication: Relying solely on a password does not guarantee the security of your account. Using multi-factor authentication, which involves receiving a passcode through email, text messages, or a dedicated app, is an effective way to fortify your data security.

7.) Steer Clear of Common Passwords: Avoid using easily guessable passwords, such as “123456,” “iloveyou,” “qwerty,” common names of politicians, sports figures, or Hollywood celebrities, and the names of football teams. These passwords can be cracked within seconds by experienced hackers.

By following these guidelines, you can significantly enhance your online security and reduce the risk of unauthorized access to your accounts and personal information.

The post How to craft a password meticulously appeared first on Cybersecurity Insiders.

October 26, 2023 at 04:16PM

Read More

Microsoft invests $5 billion to bolster Cyber Shield of Australia

Australian Prime Minister Anthony Albanese has unveiled Microsoft’s Cyber Shield, a substantial commitment to bolster the nation’s cybersecurity infrastructure with a $5 billion investment. The announcement was made during the Prime Minister’s visit to the Australian embassy in Washington, D.C., with the presence of Brad Smith, the head of the prominent tech company.

This substantial investment by Microsoft is slated to take place over the course of five years, focusing on enhancing and implementing cloud technology and artificial intelligence.

The Australian Signals Directorate, a prominent national agency responsible for safeguarding against cyber warfare and security threats, will utilize this investment to establish a cybersecurity defense mechanism known as MACS, short for “Microsoft Australian Signals Directorate Cyber Shield.”

MACS will collaborate closely with experts and the military to fortify Australia’s national infrastructure against cyber threats sponsored by nation-states, including but not limited to China, Russia, North Korea, and Iran. While Brad Smith did not explicitly name any specific nations, he alluded to previous digital attacks on an insurance firm and a telecom company.

Prime Minister Albanese has pledged that Australia will achieve a high level of cyber resilience by the year 2030.

In parallel, Microsoft is gearing up to construct nine new data centers throughout Australia, complementing the existing 20 server facilities in Melbourne, Canberra, and Sydney. This expansion is in response to the surging demand for cloud services, with the goal of meeting this demand by 2026.

Furthermore, Microsoft has ambitious plans to establish a “Data Centre Academy” in collaboration with TAFE NSW, designed to provide training for 200 professionals every two years, and to support over 300,000 Australians in acquiring essential digital skills.

 

The post Microsoft invests $5 billion to bolster Cyber Shield of Australia appeared first on Cybersecurity Insiders.

October 25, 2023 at 08:34PM

Read More

The Role of FPGAs in Post-Quantum Cryptography and Cyber Resilience

By Mamta Gupta, Director of Security and Communications Segment Marketing, at Lattice

The rise of both 5G and the Internet of Things (IoT) has created a complex and highly distributed network of devices that are increasingly vulnerable to cyberattacks. In fact, within this new ecosystem, 83% of businesses have experienced firmware attacks, and some don’t even know that they’ve been targeted.

As a result, cybersecurity has become non-negotiable for companies, regardless of the industry.

Couple this with the advent of Quantum Computers, which will break the traditional asymmetric cryptography, and suddenly we feel the urgency to look at mitigations for this double threat. This need for secure systems that can withstand the attacks from Quantum Computers has driven a newfound demand for post-quantum cryptography (PQC) as a way to ensure that systems are cyber resilient to future threats.

However, with PQC being new to the scene, standards are continuing to evolve and, as such, they must be bolstered by tools and solutions that not only provide flexibility but also help maintain security. Fortunately, one solution already exists – Field Programmable Gate Arrays (FPGAs).

The Current State of Post Quantum Cryptography

The role of PQC in cybersecurity is to develop cryptographic systems that are secure against attacks generated from both quantum and classic computers and can work alongside existing communications protocols and networks. In July 2022, the National Institute of Standards and Technology (NIST) announced the first algorithms that will be the basis for PQC standards.

Although these first algorithms and standards are an important milestone to ensure sensitive data is secure amidst the development of new cutting-edge technology, they are just the beginning. There are additional algorithms that are being evaluated and the final selections will be announced in the coming months. However, we are seeing a quick pivot to developing and selling solutions for consumers and businesses alike – the US Government and other regulatory bodies are also releasing strict requirements for PQ resilience.

With these evolving standards and yet-to-come solutions, it’s imperative that the companies utilizing PQC can pivot and adjust as the technology changes. FPGAs are a natural fit to implement cyber resilient systems enabled with PQC algorithms in a flexible and secure way.

How FPGAs and PQC Can Work Together

Overarchingly, FPGAs are generally renowned for their flexibility, making them an excellent tool to implement evolving standards like the PQC algorithms.

Not only do FPGAs provide developers with the ability to create a specifically designed engine or co-processor, but they are also reprogrammable and can be updated after a system has already been deployed. In a space that is constantly evolving, this flexibility is critical to ensure compliance with changing PQC standards to meet new technical demands.

Additionally, FPGAs are secure and can help safeguard sensitive data amidst growing firmware vulnerabilities. FPGAs that operate as Root of Trust (RoT) devices can protect, detect, and recover in real-time. In fact, FPGAs with RoT monitor traffic, look for inaccurate transactions or rogue situations, and can carry out these actions on multiple channels at the same time – ensuring a complete chain of trust from bottom to top.

Further, if developers find something isn’t running according to plan, FPGAs provide the ability to go into recovery mode and make sure everything is working properly, helping to decrease the time that it takes systems to recover when they are attacked.

As threats and standards continue to evolve, FPGAs are a necessary tool to not only ensure that fielded systems are secure and in-line with the latest PQC algorithms but can be altered if standards change.

A PQC-Driven and Cyber Resilient Future

As we continue to embrace the fast evolving technology in our daily lives, we must also recognize and mitigate the risks that come with it. There is pressure for companies to keep their information secure – nearly half of C-suite and other executives expect the number and size of cyber events targeting their organizations’ accounting and financial data to increase in the year ahead – and many are also recognizing the threat that Quantum Computers pose to their systems and are turning to PQC models as a means of protection.

While leveraging PQC is certainly a step in the right direction, evolving standards emphasize the need to utilize existing technology like FPGAs as they allow developers to update at fundamental hardware levels in a way that microcontrollers cannot. In tandem with PQC, FPGAs are the clear answer to keeping systems nimble, flexible, and secure in the face of threats and evolving technology standards.

The post The Role of FPGAs in Post-Quantum Cryptography and Cyber Resilience appeared first on Cybersecurity Insiders.

October 25, 2023 at 07:16PM

Read More

Ten compelling reasons to assert cloud sprawl can lead to cybersecurity concerns

Cloud sprawl can indeed lead to cybersecurity concerns for organizations. Here are ten reasons why:

1.Increased Attack Surface: More cloud resources mean more potential entry points for attackers to exploit, as each resource represents a potential vulnerability.

2. Misconfigurations: With various teams provisioning their own resources, there’s a higher chance of security mis-configurations, such as exposed databases or overly per-missive access controls.

3.Complexity: Managing multiple, independently provisioned cloud resources can lead to a lack of oversight, making it challenging to monitor and secure the entire environment effectively.

4.Unauthorized Access: Decentralized cloud resource management can result in unauthorized access, as employees or vendors may create resources without following proper authorization protocols.

5.Data Fragmentation: Data gets fragmented across various cloud providers and services, making it harder to enforce consistent security policies and protect sensitive in-formation.

6.Shadow IT: Cloud sprawl often involves shadow IT, where users adopt unsanctioned cloud services, bypassing IT’s security controls and potentially exposing the organization to unknown security risks.

7. Lack of Visibility: Cloud sprawl can lead to a lack of visibility into what’s running in the cloud, making it challenging to detect and respond to security incidents promptly.

8.Compliance Challenges: Managing and ensuring compliance across a sprawling cloud environment becomes difficult, increasing the risk of regulatory non-compliance.

9.Resource Redundancy: Multiple teams provisioning similar resources without coordination can lead to redundancy, inefficient resource usage, and increased security risks due to underutilized assets.

10.Insider Threats: The decentralized nature of cloud sprawl can result in insider threats as disgruntled or negligent employees may misuse or expose sensitive data stored in the cloud.

In summary, cloud sprawl can pose significant cybersecurity concerns due to the expansion of an organization’s attack surface, mis-configurations, increased complexity, unauthorized access, data fragmentation, shadow IT, limited visibility, compliance challenges, resource redundancy, and the potential for insider threats. Organizations must address these concerns by implementing proper governance and security measures to mitigate the risks associated with cloud sprawl.

The post Ten compelling reasons to assert cloud sprawl can lead to cybersecurity concerns appeared first on Cybersecurity Insiders.

October 25, 2023 at 11:28AM

Read More

Amazon Web Services launches European Sovereign Cloud

Amazon Web Services (AWS), the American technology giant, has launched an exclusive European Sovereign Cloud to meet the needs of its European customer base. This new cloud infrastructure will operate independently and is designed to address the evolving concerns regarding data residency and resiliency for AWS customers in the European Union (EU).

In simple terms, when data is stored on EU servers, it will be under the control of local employees, mitigating data security and privacy concerns for users.

The establishment of the AWS European Sovereign Cloud has garnered significant support and appreciation from various European entities, including the German Federal Office for Information Security (BSI), German Federal Ministry of Interior and Community (BMI), German Federal Ministry of Digital and Transport, Finland Ministry of Finance, National Cyber and Information Security Agency (NUKIB) of the Czech Republic, National Cyber Security Directorate of Romania, and numerous industry leaders such as SAP, Dedalus, Deutsche Telekom, O2 Telefonica, Heidelberger Druckmaschinen AG, Raisin, Scalable Capital, Telia Company, Accenture, De Volksbank, AlmavivA, Deloitte, Eviden, Materna, and msg group.

The key feature of this new cloud infrastructure is its location within Germany, ensuring it is physically and logically separate from other AWS regions. Importantly, this European Sovereign Cloud will deliver the same high levels of availability, security, and performance that AWS customers have come to expect.

Customers with specific requirements for data isolation and in-country data residency can request customization. They will be able to leverage their Sovereign cloud tools, which can be seamlessly integrated with AWS Dedicated Local Zones or AWS Outposts.

In parallel with this development, Amazon, following the example of Microsoft, Google, and Facebook, is moving away from traditional passwords in favor of passkeys. This transition was announced by the company’s leadership, and it is set to be implemented from January 2024.

Currently, passcode login is available to a limited user group and will gradually roll out to all users by the end of the next year. Under this system, users receive a 6–8-digit passcode via SMS or email, which they must enter to access their account. The unique nature of passcodes makes it difficult for hackers and malicious actors to guess or obtain them, enhancing account security.

So, does this mark the end of password-based logins for Amazon services? Not yet.

Password-based logins will continue to be an option for some time. However, business users, particularly those using AWS, may see the eventual phase-out of password-based logins by the end of next year. Other Amazon customers will be informed of any changes at a later date.

The post Amazon Web Services launches European Sovereign Cloud appeared first on Cybersecurity Insiders.

October 25, 2023 at 11:15AM

Read More

American healthcare looses $78 billion to ransomware attacks

A recent report by Comparitech reveals that the healthcare sector in the United States has incurred staggering losses of $78 billion due to ransomware attacks. These losses are primarily attributed to the significant downtime experienced by healthcare companies over the past six to seven years, spanning from 2016 to 2023.

The comprehensive study conducted by Comparitech on the subject of ransomware sheds light on a concerning trend. During this period, there were over 539 officially reported ransomware incidents that affected a total of 9,860 hospitals and clinics, resulting in the compromise of records belonging to over 52 million patients. The figures presented are based on data provided to law enforcement agencies and forensic experts, underscoring the severity of the issue.

Examining the duration of downtime, experts noted that the disruption period ranged from a few days to several months. In 2016, the average downtime was approximately 14 days, but this figure steadily increased to 16 days in 2022 and 19 days in 2023. When these statistics are taken into consideration, the cumulative downtime across all affected companies is estimated to be a staggering 6,350 days or roughly 18 years.

Notably, the landscape of ransomware attacks has evolved in 2023. Hackers have adopted new tactics, including double and triple extortion techniques. What’s particularly alarming is the lack of leniency shown to victims who fail to meet hackers’ demands. In a recent incident, Denmark-based CloudNordic fell victim to ransomware criminals who wiped out nearly all their customer data because they refused to pay the demanded ransom of 6 Bitcoins (BTC).

Starting from August 2023, these cyber criminals have taken their malevolent strategies a step further. They are now persuading employees of targeted companies to surrender their login credentials, granting the hackers control over the entire network. This worrisome development underscores the need for enhanced cybersecurity measures and vigilance within the healthcare sector to combat the growing ransomware threat.

The post American healthcare looses $78 billion to ransomware attacks appeared first on Cybersecurity Insiders.

October 24, 2023 at 08:31PM

Read More

Why EDRs and other preventative measures cannot stop ransomware

As ransomware attacks continue to increase in frequency and sophistication, organizations are searching for ways to prevent them from occurring. One common approach is to implement Endpoint Detection and Response (EDR) solutions and other preventative measures. While these tools can be effective in many cases, they are not always effective in stopping ransomware attacks. Let’s explore why:

1. Evolving Tactics and Techniques

Ransomware attackers are constantly evolving their tactics and techniques to evade detection and bypass security measures. They can use social engineering tactics, exploit vulnerabilities in software, and use stealthy malware techniques to evade detection. EDRs and other preventative measures can only be effective if they are able to detect these tactics and techniques, which is not always possible.

2. Insider Threats

Insider threats can also pose a significant risk for organizations. Malicious insiders can use their knowledge and access to bypass security measures and deploy ransomware on the network. EDRs and other preventative measures are not designed to detect insider threats, making it difficult to prevent these types of attacks.

3. Zero-Day Vulnerabilities

Zero-day vulnerabilities are previously unknown vulnerabilities that can be exploited by attackers to bypass security measures. EDRs and other preventative measures are designed to detect known threats and vulnerabilities, but they may not be able to detect zero-day vulnerabilities. Once an attacker exploits a zero-day vulnerability, it can be difficult to prevent or contain the attack.

4. Human Error

Humans are often the weakest link in an organization’s security posture. Employees can inadvertently click on malicious links, download infected files, or fall for phishing attacks. EDRs and other preventative measures cannot always prevent human error, making it difficult to stop ransomware attacks.

5. Lack of Visibility

EDRs and other preventative measures rely on endpoint visibility to detect and prevent attacks. However, ransomware can enter an organization in a myriad of ways. While these solutions can be effective in many use cases, they cannot stop ransomware attacks in all situations. Organizations must adopt a multi-layered approach to security to protect against ransomware. This approach should include detection, prevention, response, and recovery. Most organizations have focused on the detection and prevention side, which is a good first step. But with the increasing success that cybercriminals are having at evading these measures, another layer to contain an active attack has to be added to the full strategy. It should also involve regular employee training, network segmentation, and regular backups of critical data. By taking a holistic approach to security, organizations can better protect themselves from the growing threat of ransomware.

 

The post Why EDRs and other preventative measures cannot stop ransomware appeared first on Cybersecurity Insiders.

October 24, 2023 at 07:58PM

Read More

Vietnam hackers start stealing Facebook Credentials

Facebook, the world’s leading social networking platform, has recently made headlines for all the wrong reasons. The company led by Mark Zuckerberg has found itself in the news due to a troubling trend: it has become a target for cyber criminals hailing from Vietnam, who are utilizing stolen account credentials for various nefarious purposes, including selling them on the black market, identity theft, financial loss, and emotional distress.

While Facebook’s customer support teams are tirelessly working to address these issues, the situation is far from ideal.

So, how are these cyber criminals managing to siphon off account credentials from Facebook, often referred to as FB?

The cyber crooks from Vietnam are employing tactics that involve exploiting weak passwords and pilfering cookies from web browsers.

Cookies, in this context, are small pieces of information that websites store on a user’s browser. This allows websites to remember a user’s purpose for visiting, as well as their login details. Consequently, the user doesn’t need to repeatedly enter their password to access a service. A single password input grants access to various services provided by a single company within the same browser session. For browsers like Firefox, these cookies remain active until the user closes the browser, after which the data stored in the cookies disappears.

Hackers are employing techniques to steal data from these cookies without requiring the user to enter a password or verification code.

Interestingly, the dark web is rife with sites offering information from over 1,000 cookies for a mere $69. In the case of Facebook emails, a collection of 100 account details can be obtained for $30.

These stolen credentials empower hackers to perpetrate scams, frauds, or resell datasets with active information. It’s important to note that threat actors can use stolen Facebook login credentials to access personal information from emails, manipulate payment methods, or pilfer photos and videos stored on Facebook accounts.

In this precarious digital landscape, implementing robust security measures is crucial. This includes employing threat detection solutions, using strong passwords that consist of a combination of alphanumeric characters and a few special characters, and ensuring they are at least 14 characters in length. Enabling multi-factor authentication further enhances account security, making it significantly more challenging for hackers to gain unauthorized access.

Additionally, exercising caution when it comes to clicking on links sent by unknown sources via emails, WhatsApp, or SMS is advisable in order to navigate these cyber threats more safely.

The post Vietnam hackers start stealing Facebook Credentials appeared first on Cybersecurity Insiders.

October 24, 2023 at 10:53AM

Read More

The Evolution of Access Control: A Deep Dive with PlainID’s Gal Helemski

Access control is at the heart of IT security, evolving over the years to adapt to the rising challenges and demands of an ever-complex digital landscape. One company at the forefront of this evolution is PlainID. In a recent conversation with Gal Helemski, co-founder and CTO/CPO of PlainID, we discussed the evolution of access control, the role of policy-based access control, and how the current cybersecurity landscape is shaping up.

The Evolution of Access Control

Access control’s story is one of constant change. From rudimentary methods that revolved around physical barriers to more complex role-based systems and beyond, it has always been about ensuring that the right people have the right access at the right time.

In the early days, Identity and Access Management (IAM) systems primarily centered on defining, managing, and authenticating identities. However, as Helemski mentioned, the IAM journey didn’t end there. “The identity journey is not completed. It’s not enough just to manage the identity. And to have the identity authenticated in a very well and secured manner.” Comparing the situation to giving someone a key to a house, she inquired, “Can they go everywhere they want in that house? Can they open the fridge, take whatever they want? No, they can’t. And that’s authorization.”

This gap in authorization management and control was the driver behind the founding of PlainID. The company’s vision was clear – address the missing link in the IAM journey.

Policy-Based Access Control (PBAC) vs. Role-Based Access Control (RBAC)

The shift from role-based access control (RBAC) to policy-based access control (PBAC) is significant. While RBAC focuses on the identity context, PBAC provides a holistic view, considering both the identity and the assets it accesses in the business context. Helemski elaborated, “Policies consider both what we know about the identity and what the identity is trying to access, and on top of that, any condition like environmental factors, time of day, and risk metrics which are currently in play.”

This comprehensive approach allows for dynamic, context-rich decisions about access, providing a much-needed solution to the limitations and complexities of traditional role-based systems. The policies governing policy-based access are flexible and can be defined or adjusted based on various attributes, including user attributes, resource attributes, and environmental conditions.

Flexibility & Scalability

One of the strengths of PBAC is its inherent flexibility. Whether it’s a change in job roles, introduction of new services, or organizational restructuring, PBAC can easily adapt without requiring a massive overhaul. This adaptive nature ensures that PBAC systems are scalable, catering to both small startups and vast multinational corporations.

Integration and Real-time Evaluation

Modern PBAC systems are designed to integrate seamlessly with other enterprise systems, such as HR or CRM platforms. This integration ensures that any change in a user’s status, like a job change or department transfer, can be immediately reflected in their access permissions. Real-time policy evaluation ensures that users have the right access at the right time, enhancing security without compromising on user experience.

Granularity and Context Awareness

PBAC excels in its ability to make context-aware decisions. Whether it’s distinguishing between access requests made from a secure office network versus a public Wi-Fi, or between regular working hours and unusual late-night requests, PBAC considers it all. This granularity ensures that access decisions are not just binary but are based on the comprehensive context surrounding the request.

Simplifying the Complex

While PBAC can handle complex policy definitions, it actually simplifies access management. Traditional systems might require defining and managing thousands of roles, leading to ‘role explosion’. In contrast, PBAC, with its dynamic policies, reduces the need for such extensive role definitions, making management more straightforward and more efficient.

Continuous Compliance and Audit

In an era where regulatory requirements are stringent, PBAC shines in ensuring compliance. Its detailed logging capabilities provide clear insights into who accessed what, when, and based on which policy. Such detailed audit trails not only help in regulatory compliance but also in internal reviews and investigations.

Insider Threats and Access Control

One of the considerable advantages of a policy-based approach is its nuanced understanding of risk. By considering the dynamic context of an access request, PBAC systems can respond to high-risk situations effectively. Helemski explained, “If the identity is trying to access from the office itself at 10:00 AM, that’s a low-risk access. But if they’re trying to access from a different country at 8:00 PM, that’s a high-risk access.”

Such a dynamic and granular approach is invaluable in managing insider threats, ensuring that risk metrics are continually updated and relevant.

PlainID and Zero Trust

The Zero Trust model posits that trust needs to be re-established at every point, from network access right down to data access. While many companies focus on network-based Zero Trust, PlainID believes in extending the model. “PlainID enables you to make those decisions dynamically and granularly. It does not end at the network. It continues all the way through applications, APIs, services, data and so on,” Helemski said, emphasizing the need for a comprehensive Zero Trust approach.

Recommendations for Organizations

For organizations seeking to enhance their security posture, Gal Helemski’s top three recommendations are:

• Awareness of Visibility Gaps: Recognize that as digital space grows, there’s a pressing need to detect where digital identities are and their capabilities.
• Provision of Tools: Equip application owners with the necessary tools to ensure consistent and secure authorization across the board.
• Embrace the Zero Trust Program: Remember, Zero Trust is an ongoing journey. It’s essential to set clear foundations and objectives, gradually onboarding more applications to reduce overall risk.

Looking Ahead

As the digital landscape continues to evolve, the need for dynamic, context-aware access control mechanisms like PBAC becomes even more apparent. By focusing on policies rather than static roles, PBAC provides a forward-thinking approach to access control, ensuring that organizations remain secure in an ever-changing digital world.

For more information, visit https://www.plainid.com/

The post The Evolution of Access Control: A Deep Dive with PlainID’s Gal Helemski appeared first on Cybersecurity Insiders.

October 23, 2023 at 09:26PM

Read More

Insider Threats nurtured for circumnavigating data centers

A few days ago, our Cybersecurity Insiders reported an alarming trend: hackers are actively persuading employees of corporate firms to surrender their login credentials, providing a gateway for unauthorized network access.

Now, sources on Telegram are forecasting an escalation in cyberattacks, particularly involving malware and file-encrypting malware. These predictions suggest that criminals will increasingly exploit employee credentials to breach networks. This ominous outlook primarily pertains to data centers responsible for managing, storing, and sometimes analyzing clients’ and customers’ sensitive data.

Yes, you read that correctly!

Data centers in Western regions and those operating in Europe and Asia are anticipated to face a growing insider threat. Apparently, malevolent actors on the dark web have successfully manipulated employees from at least six major companies into divulging their login details. However, the identities of these targeted firms remain undisclosed, as the Telegram sources have opted to unveil this information in February of the coming year. The rationale behind this delay is to avoid negatively impacting ongoing campaigns orchestrated by adversarial nations in the Western hemisphere.

While concrete evidence is lacking to corroborate these claims, it appears that a hacking collective is orchestrating a campaign where employees are induced to surrender their company’s confidential information in exchange for compensation. This compensation is seemingly substantial enough to secure the livelihood of the participating insider, even if they are subsequently exposed or found guilty.

Several diligent researchers from a prominent UK-based cybersecurity firm are hot on the trail of these criminals, actively working to pinpoint their locations. They are on the verge of providing law enforcement authorities with comprehensive details and evidence before the situation escalates further.

The post Insider Threats nurtured for circumnavigating data centers appeared first on Cybersecurity Insiders.

October 23, 2023 at 08:36PM

Read More

How Maritime companies can shield from Ransomware

In today’s digital age, ransomware attacks have become a grave concern for industries across the world. Maritime companies, with their extensive reliance on digital systems and global operations, are no exception. Protecting against ransomware is of utmost importance in safeguarding sensitive information, ensuring smooth operations, and preventing potential financial losses. In this article, we will explore the key strategies and best practices that maritime companies can implement to shield themselves from ransomware attacks.

Employee Training and Awareness: The first line of defense against ransomware begins with well-informed employees. Conduct regular training sessions to educate your staff about the dangers of phishing emails, suspicious attachments, and links. Teach them to recognize and report potential threats promptly.

Robust Cybersecurity Measures: Implement strong cybersecurity measures, including firewalls, intrusion detection systems, and anti-malware software. Keep all software and systems up to date to address vulnerabilities that cyber-criminals may exploit.

Data Backup and Recovery: Regularly back up all critical data to an offline or isolated system. In case of a ransomware attack, having clean, uninfected backups can save your company from paying a ransom to retrieve data.

Access Control and Least Privilege Principle: Limit access to sensitive data and systems to only those employees who require it to perform their duties. Follow the principle of least privilege, which ensures that users have the minimum levels of access necessary for their work.

Network Segmentation: Divide your network into segments, each with its own security measures. This can prevent the lateral spread of ransomware within your system.

Incident Response Plan: Develop and regularly update an incident response plan that outlines steps to take in the event of a ransomware attack. This plan should include a chain of command, communication protocols, and contact information for relevant authorities and cybersecurity experts.

Regular Security Audits: Conduct regular cybersecurity audits and vulnerability assessments to identify weaknesses in your systems and take corrective actions.

Collaboration with Cybersecurity Experts: Seek assistance from cybersecurity experts who specialize in protecting maritime and logistics industries. They can provide industry-specific insights and solutions.

Regular Updates and Patch Management: Stay proactive by applying software updates and patches as soon as they become available. Many ransomware attacks exploit known vulnerabilities that can be prevented by staying current.

Threat Intelligence Sharing: Join or establish networks for sharing threat intelligence within the maritime industry. By collaborating with others, you can learn about emerging threats and how to protect against them.

Conclusion:

Ransomware attacks continue to pose a significant threat to maritime companies. Implementing a comprehensive cybersecurity strategy that includes employee education, robust technology solutions, and an incident response plan is essential to protect sensitive data and maintain the integrity of operations. With the right precautions and vigilance, maritime companies can significantly reduce their vulnerability to ransomware attacks and continue their essential operations with confidence.

The post How Maritime companies can shield from Ransomware appeared first on Cybersecurity Insiders.

October 23, 2023 at 03:49PM

Read More

Top 3 Google trending news headlines related to Cyber Attacks

International Criminal Court suffers espionage related cyber attack

The International Criminal Court (ICC) has officially determined that the recent cyberattack on its digital systems, which occurred last month, was an act of espionage with the intent to compromise sensitive court data. Situated in The Hague, the ICC houses a wealth of confidential information, including records of war crimes and details of criminals, making it a valuable target for hackers.

The ICC has publicly announced that it is launching an investigation into the September attack and plans to pursue criminal proceedings against those responsible, tarnishing their international reputation.

Netherlands government officials have suggested that the sophisticated cyberattack might have been orchestrated by individuals from Russia in collaboration with North Korea and China. Nevertheless, preliminary evidence indicates that the initial point of intrusion was traced back to devices connected to the internet in Iran.

Israel hospitals asked to sever ties with internet

In other news, a conflict zone has emerged between Israel and Hamas terrorists. According to a statement from Israel’s Health Ministry, several hospital networks have been advised by the government to disconnect their IT systems from the internet. Hospitals are also being cautioned against potential intranet attacks, as cyber groups associated with Russia, operating through Iran, have been attempting to exploit intranet connections to disseminate malware capable of disrupting network access for days, especially during critical emergencies.

The directive to disconnect health-related systems from the internet was issued jointly by the National Cyber Directorate and the Health Ministry. There are speculations that other government services such as power, water, transit, and arms facilities may also be instructed to shift to intranet services for a temporary period to mitigate the risk of cyber incidents from hostile nations.

Europol seizes Ragnar Locker Ransomware website

Finally, in recent developments, Europol successfully seized the website of the Ragnar Locker ransomware gang toward the end of last week. Government agencies took down the servers that supported the operations of this criminal group in the Netherlands, Germany, and Sweden, effectively disabling their operations. Furthermore, the cryptocurrency funds acquired by this gang through double extortion were also confiscated in the operation.

Ragnar Locker is a notorious cybercriminal gang that launched attacks against 168 international companies on a global scale. It has been active since 2019, with its operational peak in 2020. Notably, during the initial spread of the COVID-19 pandemic in March 2020, the gang displayed some level of humanity by providing decryption keys to healthcare-related organizations that fell victim to their attacks. However, since September 2021, they have been demanding substantial ransoms to compensate for losses incurred during pandemic-induced lockdowns in Western countries.

The post Top 3 Google trending news headlines related to Cyber Attacks appeared first on Cybersecurity Insiders.

October 23, 2023 at 03:42PM

Read More

Best practices to protect data in remote work environments

By Allen Drennan, Co-Founder & Principal, Cordoniq

Addressing the security challenges associated with remote work is critical for today’s Chief Information Security Officers (CISOs). Along with data breaches and ransomware attacks, another top concern is whether company or customer data or other sensitive information is being shared via remote work environments.

Data theft is climbing rapidly. A recent report from Identity Theft Resource Center shows that 2023 is on pace to set a record for the number of data compromises in a year, passing the all-time high of 1,862 compromises in 2021. Also, IBM reports that the average cost of a data breach in 2023 is $4.45 million, a 15% increase over 3 years.

Tools that make remote work easier have increased data breach risks. The significant increase in devices and networks has also expanded attack surfaces. Data storage, including information collected and stored by various cloud applications, adds even more uncertainty.

Meanwhile, heightened cybersecurity regulations are making it more imperative to protect data in order to meet strict compliance regulations such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Digital Operational Resilience Act (DORA), Sarbanes-Oxley (SOX), or California Consumer Privacy Act (CCPA).

Data encryption is a critical part of securing data. However, the type of encryption may vary depending on the software application. It’s crucial to understand how your data is being protected in different instances.

Data Collection and Storage Concerns 

Data collection and storage is more complex now than ever before. For instance, data is used and stored in various locations, including devices, the cloud, in databases, on premises, and in data centers. Meanwhile, data is categorized by three different states (data at rest, data in motion, and data in use) that can change quickly depending on how it’s being used or accessed. Comprehensive data security strategies must address all of these instances.

The widespread use of third-party cloud and SaaS applications adds another layer of complexity to many environments. Organizations must be aware of how data is protected by the third-party apps they’re using.

For example, applications do not always protect data in each state of use. For instance, some off-the-shelf products for collaboration and communication indicate that they provide encrypted communications. However, in some cases, the application may only encrypt data in motion.

Data at rest, with some apps, may not be encrypted. Data at rest, or stored in a third-party cloud, may not be adequately protected. For instance, some video conferencing and collaboration tools do not provide full control of where data at rest is stored.

Many software products don’t offer encryption for all of their cloud services. As a result, data such as audio and video files or recordings, documents or other media could be at risk depending on how and where they’re stored. This can provide hackers the means to access customer data, company secrets, or other sensitive information.

Best practices and additional safeguards for third-party apps 

Remote and hybrid work environments rely on a variety of third-party apps that provide employees and teams with the tools they need for an engaging and productive experience. But it’s critical for organizations to apply security strategies and additional safeguards to protect their information with third-party apps or SaaS tools.

Some additional security measures to implement for cloud-based applications include the following:

• Apply the principles of zero-trust for data management and storage as part of an overall zero-trust strategy. This includes data stored on devices.
• Limit access to data by using principles of least privilege, access control and comprehensive Identity and Access Management protocols for any type of third-party or cloud-based application.
• Consider tools that allow complete control over where shared data is contained and stored, including tools that support the use of private cloud storage when necessary.
• Provide consistent encryption across devices connected to any company infrastructure, network or cloud application.

In addition, be sure to follow complete due diligence and best practices for vendor risk assessment when considering any third-party software. Every third-party software application should be reviewed by internal security teams to make sure it meets company standards. Organizations should consider software that is secure by design, meaning software with security built in and not added as an afterthought.

It’s also important to follow the software vendor’s recommended security and other software updates and monitor any other changes in the software vendor’s performance. Finally, be certain to understand how and where any software application is storing – and using – your data and information.

 

The post Best practices to protect data in remote work environments appeared first on Cybersecurity Insiders.

October 22, 2023 at 06:12AM

Read More

The Evolution of Security: From Signatures to Deep Learning

In cybersecurity, the arms race between defenders and attackers never ends. New technologies and strategies are constantly being developed, and the struggle between security measures and hacking techniques persists. In this never ending battle, Carl Froggett, the CIO of cybersecurity vendor Deep Instinct, provides an insightful glimpse into the changing landscape of cyber threats and innovative ways to tackle them.

A changing cyber threat landscape

According to Froggett, the fundamental issue that many organizations are still grappling with is the basic hygiene of technology. Whether it’s visibility of inventory, patching, or maintaining the hygiene of the IT environment, many are still struggling.

But threats are growing beyond these fundamental concerns. Malware, ransomware, and the evolution of threat actors have all increased in complexity. The speed of attacks has changed the game, requiring much faster detection and response times.

Moreover, the emergence of generative AI technologies like WormGPT has introduced new threats such as sophisticated phishing campaigns utilizing deep fake audio and video, posing additional challenges for organizations and security professionals alike.

From Signatures to Machine Learning – The Failure of Traditional Methods

The security industry’s evolution has certainly been a fascinating one. From the reliance on signatures during the ’80s and ’90s to the adoption of machine learning only a few years ago, the journey has been marked by continuous adaptation and an endless cat and mouse game between defenders and attackers. Signature based endpoint security, for example, worked well when threats were fewer and well defined, but the Internet boom and the proliferation and sophistication of threats necessitated a much more sophisticated approach.

Traditional protection techniques, such as endpoint detection and response (EDR), are increasingly failing to keep pace with these evolving threats. Even machine learning-based technologies that replaced older signature-based detection techniques are falling behind. A significant challenge lies in finding security solutions that evolve as rapidly as the threats they are designed to combat.

Carl emphasized the overwhelming volume of alerts and false positives that EDR generates, revealing the weaknesses in machine learning, limited endpoint visibility, and the reactive nature of EDR that focuses on blocking post-execution rather than preventing pre-execution.

Machine learning provided a much-needed leap in security capabilities. By replacing static signature based detection with dynamic models that could be trained and improved over time, it offered a more agile response to the evolving threat landscape. It was further augmented with crowdsourcing and intelligent sharing, and analytics in the cloud, offering significant advancements in threat detection and response.

However, machine learning on its own isn’t good enough – as evidenced by the rising success of attacks. Protection levels would drop off significantly without continuous Internet connectivity, showing that machine learning based technologies are heavily dependent on threat intelligence sharing and real-time updates. That is why the detect-analyze-respond model, although better than signatures, is starting to crumble under the sheer volume and complexity of modern cyber threats.

Ransomware: A Growing Threat

A glaring example of this failing model can be seen in the dramatic increase of ransomware attacks. According to Zscaler, there was a 40% increase in global ransomware attacks last year, with half of those targeting U.S institutions. Machine learning’s inadequacy is now becoming visible, with 25 new ransomware families identified using more sophisticated and faster techniques. The reliance on machine learning alone has created a lag that’s unable to keep pace with the rapid development of threats.

“We must recognize that blocking attacks post-execution is no longer enough. We need to be ahead of the attackers, not trailing behind them. A prevention-first approach, grounded in deep learning, doesn’t just block threats; it stops them before they can even enter the environment.” added Carl.

The Deep Learning Revolution

The next evolutionary step, according to Froggett, is deep learning. Unlike machine learning, which discards a significant amount of available data and requires human intervention to assign weights to specific features, deep learning uses 100% of the available data. It learns like humans, allowing for prediction and recognition of malware variants, akin to how we as humans recognize different breeds of dogs as dogs, even if we have never seen the specific breed before.

Deep learning’s comprehensive approach takes into account all features of a threat, right down to its ‘DNA,’ as Froggett described it. This holistic understanding means that mutations or changes in the surface characteristics of a threat do not confound the model, allowing for a higher success rate in detection and prevention. Deep learning’s ability to learn and predict without needing constant updates sets it apart as the next big leap in cybersecurity.

Deep Instinct utilizes these deep learning techniques for cybersecurity. Unlike traditional crowd-sourcing methods, their model functions as if it’s encountering a threat for the first time. This leads to an approach where everything is treated as a zero-day event, rendering judgments without relying on external databases.

One interesting aspect of this deep learning approach is that it isn’t as computationally intensive as one might think. Deep Instinct’s patented model, which operates in isolation without using customer data, is unique in its ability to render verdicts swiftly and efficiently. In contrast to other machine learning-based solutions, Deep Instinct’s solution is more efficient, lowering latency and reducing CPU and disk IOPS. The all-contained agent makes their system quicker to return verdicts, emphasizing speed and efficiency.

Deep Instinct focuses on preventing breaches before they occur, changing the game from slow detection and response to proactive prevention.

“The beauty of our solution is that it doesn’t merely detect threats; it anticipates them,” Froggett noted during our interview. Here’s how:

1. Utilizing Deep Learning: Leveraging deep learning algorithms, the product can discern patterns and anomalies far beyond traditional methods.
2. Adaptive Protection: Customized to the unique profile of each organization, it offers adaptable protection that evolves with the threat landscape.
3. Unprecedented Accuracy: By employing state-of-the-art deep learning algorithms, the solution ensures higher accuracy in threat detection, minimizing false positives.

Advice for Security Professionals: Navigating the Challenging Terrain

Froggett’s advice for security professionals is grounded in practical wisdom. He emphasizes the need for basic IT hygiene such as asset management, inventory patching, and threat analysis. Furthermore, the necessity of proactive red teaming, penetration testing, and regular evaluation of all defense layers cannot be overstated.

The CIO also acknowledges the challenge of the “shift left” phenomenon, where central control in organizations is declining due to rapid innovation and decentralization. The solution lies in balancing business strategies with adjusted risk postures and focusing on closing the increasing vulnerabilities.

Conclusion: A New Era of Prevention

The current trajectory of cybersecurity shows that reliance on machine learning and traditional techniques alone is not enough. With the exponential growth in malware and ransomware, coupled with the increased sophistication of attacks using generative AI, a new approach is needed. Deep learning represents that revolutionary step.

The future of cybersecurity lies in suspending what we think we know and embracing new and adaptive methodologies such as deep learning, leading into a new era of prevention-first security.

 

The post The Evolution of Security: From Signatures to Deep Learning appeared first on Cybersecurity Insiders.

October 22, 2023 at 01:25AM

Read More

Getting your organisation post-quantum ready

While quantum computing is still very much in its early stages, it’s important that companies are already thinking about this evolving technology – and more importantly implementing and stress testing much needed solutions suitable for a post-quantum world.

In this blog series we have already discussed the evolving threat that is quantum computing, the need for Post Quantum Cryptography, and how security standards are evolving. In this final instalment we’ll be looking at the examples of PQC already in development.

Thales is actively engaged in research and development (R&D) efforts in the field of post-quantum cryptography. Recognising the potential impact of quantum computing on current cryptographic systems, our team is dedicated to developing and advancing secure solutions that can withstand the power of quantum computers.

One of our key objectives is to identity and evaluate the most suitable post-quantum algorithms for different applications and scenarios. This involves thorough analysis and testing to determine the algorithms’ effectiveness against quantum attacks while considering their performance characteristics and compatibility with existing cryptographic infrastructure.

We’re actively collaborating with academic institutions, research organizations, and industry partners to foster innovation and exchange knowledge in the field of post-quantum cryptography.

Some examples of projects, research and initiatives that we are currently involved in include:

Piloting the first successful Post-Quantum phone call

Post quantum threats hold significant implications for situations involving highly sensitive information, such as the exchange of classified data during encrypted phone calls. To address these concerns, Thales helped developed a proof of concept to evaluate the scalability and effectiveness of its quantum-protected mobile solutions.

In this pilot our team successfully experimented end-to-end encrypted phone calls, tested to be resilient in the Post Quantum era.

The pilot was performed with the Thales ‘Cryptosmart’ secure mobile app and 5G SIM cards installed in today’s commercial smartphones, testing a mobile-to-mobile call, voice/data encryption, and user authentication.

Any data exchanged during the call is set to be resistant to Post Quantum attacks thanks to a hybrid cryptography approach, combining pre-quantum and post-quantum defence mechanisms.

PQC Signature Tokens

Thales has been working on PQC Signature Tokens, a revolutionary smart card that incorporates a quantum-resistant digital signature algorithm. This feature can provide organizations with a powerful tool to ensure the integrity and authentication of their data files.

The smart card can securely store the private keys necessary for generating digital signatures. When a user wants to sign a data file, the token utilizes the private key to internally process and create a signature based on the file’s digest. This ensures that the signature is unique to the file and cannot be tampered with or replicated.

To enable verification of the signature, the PQC Signature Token also includes associated public keys. These public keys are certified by a trusted certification authority, allowing recipients of the signed files to check the signature’s validity. By verifying the authenticity and integrity of the file through the certified public keys, organizations can have confidence in the legitimacy of the data.

The certificates associated with the public keys can either be stored within the token itself or accessed from a server in the cloud. This flexibility provides convenience and scalability for organizations, allowing them to manage and distribute the necessary certificates according to their specific requirements.

The TDIS PQC Signature Token represent a significant advancement in data security, particularly in the face of quantum computing threats. With its integration of quantum-resistant algorithm and secure key management, this smart card empowers organizations to protect their data files, maintain data integrity, and establish trust in digital transactions.

We are already involved in two internationally funded projects with the TDIS signature token:

Securing Medical Data with Moore4Medical

Moore4Medical creates connected health products, including connected mattresses – designed to use real-time data and IOT to monitor patient health data and ultimately improve patient outcomes.

However, health data is sensitive and can cause harm if it ends up in the wrong hands – creating security and privacy issues. There is a need for a technical solution that are secure by default, ensuring a true end-to-end data security of the patient data.

We’re collaborating on this EU-funded project to create a quantum resistant e-Passport for sensitive medical sensor data, which will provide enhanced identity and authentication of patients, achieving the necessary performance and functionality levels while guaranteeing security and long privacy protection for this sensitive data.

Securing the Future of Electric Power and Energy Storage with ELECTRON

ELECTRON aims at delivering a new generation EPES platform, capable of empowering the resilience of energy systems against cyber, privacy, and data attacks.

EPES platforms refer to a combination of technologies and infrastructure used for generating, distributing, and storing electrical power. EPES systems are designed to enhance the efficiency, reliability, and sustainability of power delivery and energy management.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme and has the following four task forces:

1. Shielding the EU borders: Addressing and Mitigating Cyberattacks and Data Leaking in Ukraine
2. Looking ahead: Providing a Resilient Electric Vehicle Ecosystem
3. Protecting the Renewables Energy Chain from Cyberattacks and Data Leaking
4. Proactive Islanding Meets Efficient Threat Detection: Addressing & Mitigating Cyberattacks in the Romanian Energy Chain.

We’re working on the second task help improve privacy and security by adding digital signatures and an auditing mechanism ensure that information come from trusted sources and protect against attacks.

To achieve this, we use a system called TDIS Quantum Cryptography OS to help make the system resistant to attacks from quantum computers. Our team will select the best algorithms for creating signatures on smart tokens. We’ll then show how these algorithms work on smart tokens and EPES systems. We’ll also keep improving the system’s performance and make it compatible with existing methods.

These are just a summary of some of the projects we’re working on in this field. The arrival of quantum computing poses an unprecedented challenge for the global cybersecurity community. Building defences against future threats may seem daunting, but it is an urgent task we must tackle head-on. While the post-quantum era is still a few years away, the increasing prevalence of quantum computing demands immediate action. By actively engaging in pilot programs and trials, Thales and its customers are proactively practicing crypto agility, preparing ourselves for the imminent arrival of this game-changing technology.

The post Getting your organisation post-quantum ready appeared first on Cybersecurity Insiders.

October 20, 2023 at 09:10PM

Read More