The Resounding Boom of Cybersecurity: Understanding Its Ever-Expanding Industry

In today’s digital landscape, cybersecurity has emerged as not just a necessity but a thriving industry. With cyber threats becoming more sophisticated and pervasive, the demand for robust security measures has skyrocketed, propelling cybersecurity into a realm of unprecedented growth and innovation.

1. Escalating Cyber Threats: The proliferation of technology in every aspect of modern life has created a vast attack surface for cybercriminals to exploit. From large corporations to small businesses, government agencies to individuals, no entity is immune to cyber threats. The rise of ransomware, data breaches, phishing attacks, and other malicious activities has raised alarms across industries, driving the urgent need for effective cybersecurity solutions.

2. Regulatory Compliance: Governments worldwide have responded to the escalating cyber threats by implementing stringent regulations and compliance standards. Frame-works like GDPR, HIPAA, PCI DSS, and others impose strict requirements on organizations to safeguard sensitive data and protect consumer privacy. Compliance with these regulations necessitates robust cybersecurity measures, further fueling the growth of the industry.

3. Digital Transformation: The ongoing digital transformation across industries, characterized by cloud computing, IoT (Internet of Things), AI (Artificial Intelligence), and big data analytics, has introduced new complexities and vulnerabilities. While these technologies offer immense benefits, they also widen the attack surface, making organizations susceptible to cyber threats. As businesses embrace digital innovation, cybersecurity becomes integral to their strategic initiatives, driving investment in advanced security solutions.

4. Increased Awareness: High-profile cyber attacks and data breaches have garnered widespread media attention, raising public awareness about the importance of cybersecurity. Organizations and individuals alike are recognizing the critical need to protect their digital assets and sensitive information from cyber threats. This heightened awareness has led to increased investment in cybersecurity products and services, contributing to the industry’s rapid growth.

5. Cybersecurity Talent Shortage: Despite the booming demand for cybersecurity professionals, there remains a significant shortage of skilled talent in the field. The evolving nature of cyber threats requires expertise in areas such as threat detection, incident response, penetration testing, and security analytics. As organizations struggle to fill cybersecurity roles, they are willing to invest in training, education, and recruitment efforts, further driving the growth of the industry.

6. Innovation and Investment: The dynamic nature of cyber threats necessitates continuous innovation in cybersecurity technologies and solutions. Startups, established companies, and venture capital firms are pouring resources into developing cutting-edge security products and services. From AI-driven threat intelligence platforms to block-chain-based authentication solutions, the cybersecurity industry is ripe with innovation, attracting substantial investment and driving its exponential growth.

In conclusion, the booming cybersecurity industry is a testament to the escalating cyber threats faced by organizations and individuals worldwide. As technology continues to advance and cyber-criminals become more sophisticated, the demand for robust cybersecurity measures will only intensify. By understanding the factors driving the industry’s growth, stakeholders can better navigate the evolving landscape of cybersecurity and ensure the protection of digital assets in an increasingly interconnected world.

The post The Resounding Boom of Cybersecurity: Understanding Its Ever-Expanding Industry appeared first on Cybersecurity Insiders.

March 01, 2024 at 10:48AM

Read More

LockBit Ransomware gang endorses Donald Trump as next US President

The LockBit Ransomware gang, previously subdued by law enforcement agencies worldwide, has resurfaced with its trademark double extortion tactics, targeting businesses with file-encrypting malware attacks. Interestingly, the group’s leader, ‘LockbitSupp,’ has publicly endorsed Donald Trump as the next US President, citing his perceived ability to address potential challenges at the Mexico border, which the group views as critical. This endorsement comes amidst uncertainties regarding the Biden administration’s handling of border security.

Following the disruption of their operations by Britain’s NSC, in collaboration with the US FBI and Europol under Operation Cronos, it remains a mystery how the cybercriminal network managed to regroup and resume activities from scratch. Despite the apprehension of associates and the seizure of infrastructure, the group appears to have swiftly reestablished itself.

Recent discussions on platforms like Reddit highlight the audacity of the LockBit ransomware group, which reportedly threatened law enforcement agencies with the release of sensitive court documents related to Donald Trump. These documents were allegedly obtained during a ransomware attack on Fulton County’s digital repository in January 2024. Speculations suggest that the group leveraged this threat to regain control of its seized network without making any payments.

Furthermore, reports indicate that the gang is now demanding an undisclosed sum from law enforcement to prevent the dissemination of these court documents online. However, the veracity of these claims remains uncertain, raising questions about whether this is mere speculation or a tangible threat. If proven true, it would signify a concerning escalation in the tactics employed by the LockBit ransomware gang, as they now brazenly extort federal agencies for financial gain.

Only time will tell whether these developments are substantiated, underscoring the evolving landscape of cybercrime and the increasingly bold tactics adopted by ransomware groups like LockBit.

The post LockBit Ransomware gang endorses Donald Trump as next US President appeared first on Cybersecurity Insiders.

March 01, 2024 at 10:44AM

Read More

Data security concerns with Chinese cars and Ban on mass data being imported to China

Data security concerns with Chinese and other nation cars

The security of data in cars from China and other nations has become a focal point of concern, prompting action from the United States government. President Joe Biden has signed an executive order empowering federal agencies to investigate potential data risks associated with Chinese and other foreign-made vehicles, particularly those equipped with self-driving or autonomous capabilities.

Despite their allure of affordability and advanced features, vehicles from nations like China, exemplified by brands such as BYD, have garnered considerable interest among Americans, particularly in urban areas where their cost can be as low as a quarter of that of a Tesla.

Nevertheless, the proliferation of these electric cars has raised significant security apprehensions, which have either been overlooked or inadequately addressed. Consequently, the White House has mandated the Computer Emergency Readiness Team (CERT) to scrutinize the operations of these autonomous electric vehicles, which amass substantial amounts of data through drivers, cameras, and sensors, often transmitted to servers located abroad.

The Commerce Department will collaborate in this assessment, soliciting feedback over a 60-day period before formulating regulations to address national security concerns associated with these automakers, particularly those engaged in partnerships with taxi services across states like Texas, New York, Florida, Chicago, and California.

It’s imperative for readers to recognize that companies like Huawei and ZTE have faced trade bans in the United States since 2018, dating back to the administration of former President Donald Trump.

Restrictions on Mass Data Sale and Transfer to Adversarial Nations

In a bid to safeguard national security and privacy, the Biden administration has imposed restrictions on the transfer and sale of mass data to servers operating in adversarial nations. The executive order aims to prevent data brokers from acquiring sensitive information such as biometrics, personal health data, geolocation, financial records, and other personally identifiable information (PII), which could pose significant risks to the American populace.

Such data is often highly sought after on illicit online platforms, enabling malicious actors to construct profiles and track individuals. Governments of adversarial nations may exploit this information for surveillance, scams, extortion, or even targeted attacks, as evidenced by incidents like the Salisbury Poisonings.

However, enforcing such regulations effectively presents challenges, particularly in the digital age. With many companies operating within hybrid environments, managing data becomes increasingly complex, making comprehensive oversight a formidable task.

The post Data security concerns with Chinese cars and Ban on mass data being imported to China appeared first on Cybersecurity Insiders.

February 29, 2024 at 08:26PM

Read More

Ransomware infection reach extends to Data Backups

For years, IT experts have emphasized the importance of maintaining backups for data and applications, highlighting their crucial role in swiftly recovering from cyber-attacks. Indeed, having such backup systems in place can preserve data continuity during unexpected incidents, thereby minimizing downtime.

However, recent discussions on platforms like Reddit have challenged the notion that all backup solutions are impervious to malware attacks, particularly ransomware.

While some companies tout their products as immune to such threats, security experts caution that even sophisticated cyber attacks, including those leveraging AI technologies, can compromise backup solutions and undermine data protection efforts.

Even air-gapped backup solutions, which are physically separated from the primary data storage environments and often managed manually, are not foolproof. Despite being marketed as highly secure, the manual management of such solutions requires dedicated personnel and is susceptible to human error.

Furthermore, software-based solutions, though more automated, still pose risks if operated on computers that have been connected to the internet or are part of a compromised network.

To enhance resilience against cyber-attacks, organizations are advised to maintain multiple copies of data repositories, geographically dispersed and periodically synchronized, before disconnecting them from networks. However, this approach can be resource-intensive, particularly for organizations grappling with budget constraints and staffing shortages.

As cyber threats, particularly ransomware, evolve with the aid of advanced technologies like Generative AI, the task of fortifying cybersecurity measures becomes increasingly daunting for CIOs and CTOs. Addressing these challenges will require innovative strategies and investments in robust security solutions.

The post Ransomware infection reach extends to Data Backups appeared first on Cybersecurity Insiders.

February 29, 2024 at 09:53AM

Read More

New Ransomware gang steals about 200GB of data from Game Developer

A newly emerging ransomware group named Mogilevich has purportedly breached the servers of Epic Games, an American game developer, making off with approximately 200GB of data. Reports indicate that the cybercriminal outfit has set a deadline of March 4th for the victim to meet their ransom demands.

Failure to comply will result in Mogilevich threatening to publicly disclose the pilfered 189GB of data, which includes sensitive information such as emails, passwords, full names, payment details, and source code related to the company’s products, on the dark web for a price of 50BTC.

Adding to the intrigue, a spokesperson purportedly representing the Mogilevich Ransomware group has taken to social media channels, advocating for ransomware-for-hire operations to bolster their illicit business endeavors.

Epic Games, renowned for its popular title Fortnite, finds itself as the fourth target of this particular ransomware syndicate, following the recent cyber-attack on Infinity USA, a subsidiary of Nissan, on February 20, 2024. Allegedly operating in Russian-speaking circles, Mogilevich is believed to have connections to the Rhysida Ransomware group, implicated in the 2023 hack of Insomniac Games.

The unscrupulous nature of ransomware actors underscores their singular pursuit of financial gain, displaying little regard for ethical considerations. Their indiscriminate targeting spans across various sectors such as healthcare, defense, manufacturing, and finance, causing significant disruptions to companies for whom data serves as a vital asset.

Of late, these cybercriminal groups, particularly those fluent in the Russian language, have shifted their focus towards cloud-based enterprises and entities involved in gaming and software development. Such entities are seen as lucrative targets, with the infiltration of their systems promising substantial monetary returns.

This incident unfolds amidst Disney’s announcement of a hefty $1.5 billion investment in the game development and distribution company. Epic Games had previously pledged to re-enter the iOS market in Europe by September 2024.

The post New Ransomware gang steals about 200GB of data from Game Developer appeared first on Cybersecurity Insiders.

February 28, 2024 at 08:32PM

Read More

Russia develops an AI Cyber Threat Tool to put a jolt in US democracy

Amidst growing concerns over cyber warfare, reports have surfaced regarding Russia’s advancements in artificial intelligence (AI) for spreading misinformation. Under the leadership of Vladimir Putin, Russia has allegedly developed sophisticated AI-based cyber tools aimed at manipulating news narratives, with potential implications for the upcoming US elections in November 2024.

The revelation first came from Ukraine, a nation embroiled in conflict with Russia for the past two years. In an official statement issued yesterday, Ukrainian authorities raised alarm about Russia’s utilization of AI tools to disseminate disinformation. Groups like APT28, also known as Cozy Bear, are purportedly backing Russia’s efforts, pushing the world towards the brink of a potential third world war.

Initially employed to sow discord among the Ukrainian populace by fabricating news regarding conflicts with Russian forces, these AI-driven disinformation campaigns have now shifted focus as the American elections loom closer. Allegedly, Russia has invested a staggering $1.5 billion into a data repository dedicated solely to amplifying fake news through AI technologies, posing a threat far graver than currently anticipated.

The overarching objective appears twofold: to undermine Western support for Ukraine’s leadership under President Zelensky, and to influence the outcome of the 2024 election in the United States, favoring candidates sympathetic to Kremlin interests.

Notably, the landscape of the upcoming US elections remains uncertain, with both the Democratic and Republican parties yet to announce their respective nominees.

Meanwhile, in response to these developments, the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have issued a joint statement highlighting Russian intelligence’s exploitation of compromised routers. This tactic involves the harvesting of credentials to facilitate proxy web traffic, as well as the collection and sale of sensitive data such as cookies and digests. Targets reportedly include academic and research institutions, political entities, defense contractors, and even private individuals.

Among the affected entities, Linux-based Ubiquiti Edge Router stands out as a victim of these sophisticated cyber attacks, signaling a concerning trend likely to impact more businesses in the future.

The post Russia develops an AI Cyber Threat Tool to put a jolt in US democracy appeared first on Cybersecurity Insiders.

February 28, 2024 at 11:00AM

Read More

IBM offers AI enabled ransomware resilience data storage solutions

Amidst the prevailing wave of Artificial Intelligence technology, IBM has aligned itself with the trend by introducing an AI-driven ransomware resilience solution for data storage. This innovative offering is poised to tackle the diverse array of file-encrypting malware prevalent in today’s cyber landscape.

Harnessing the power of IBM FlashCore Module technology within its FlashSystem products, bolstered by IBM Storage Defender Software, this solution stands as a formidable defense against cyber threats targeting data assets.

Functioning seamlessly across primary and secondary workloads, IBM’s solution deploys AI-powered sensors strategically placed at key notification points. These sensors play a pivotal role in swiftly detecting and responding to cyber-attacks, enabling enterprises to recover with minimal disruption.

At its core, the IBM FlashSystem leverages cutting-edge technology to scan incoming data at the granular block level, ensuring robust protection without compromising performance. Employing in-line data corruption detection software alongside cloud-based AI capabilities, the system can identify anomalies at the earliest stages of a cyber-attack. This early detection affords organizations the critical time needed to respond effectively, enabling them to recover using immutable copies of their data.

Thanks to the utilization of flash storage media, each individual input/output operation undergoes thorough scanning for ransomware-related anomalies in a matter of minutes.

While similar solutions exist in the market, IBM, affectionately known as “Big Blue,” distinguishes itself by offering an unparalleled combination of hardware and software technologies. This ensures that stored information remains impeccably safeguarded against evolving cyber threats.

Recognizing the growing demand for cybersecurity expertise, IBM has partnered with ISC2 to develop a certification program tailored to aspiring professionals. The Cybersecurity Specialist Professional Certificate, designed to elevate careers in the security domain, offers a comprehensive curriculum achievable within a four-month timeframe. This initiative aims to alleviate the significant gap between the demand and supply of cybersecurity professionals, which currently stands at approximately four million, by cultivating a skilled workforce equipped to tackle emerging cyber challenges.

The post IBM offers AI enabled ransomware resilience data storage solutions appeared first on Cybersecurity Insiders.

February 27, 2024 at 08:32PM

Read More

Trending Cyber Attack news headlines on Google

APT29 moves from Government infrastructure towards Cloud Service Providers

APT29, also known as Midnight Blizard or Cozy Bear and associated with Russian Intelligence, appears to have altered its approach from targeting government infrastructure to focusing on cloud service providers. This strategic shift is driven by the increased challenges posed by law enforcement efforts against infiltrations into government systems. Cloud services offer a more lucrative avenue for malicious actors, as compromising them can have far-reaching consequences, such as impacting global supply chains, as seen in incidents like SolarWinds and the recent MoveIT File transfer software breach.

BlackCat Claims Responsibility for Pharmacy Prescription Delays

Following a recent disruption to Change Health’s IT infrastructure, resulting in halted prescription deliveries to numerous pharmacies, the ransomware gang BlackCat, also known as ALPHV, has asserted control over the servers of both Change Health and United Health’s Optum subsidiary. They are demanding $13 million in exchange for decrypting the compromised data. Mandiant, the cybersecurity arm of Google’s parent company Alphabet Inc., has been engaged to investigate the breach and assist the affected pharmaceutical companies in resolving the situation.

Cyber Attack on the Royal Canadian Mounted Police

The Royal Canadian Mounted Police (RCMP) has confirmed an ongoing investigation into a cyber incident affecting its computer network, resulting in the RCMP website being inaccessible for the past 24 hours with an HTTP 404 error message. Visitors to the site are being redirected to a nonexistent webpage, indicating a potential cyber-attack rather than a technical error, as initially suspected.

Germany ThyssenKrupp falls prey to a ransomware attack

ThyssenKrupp, a German steel producing company, has reported a ransomware attack targeting its Automotive division at the onset of last week. This breach has disrupted automotive chassis production to some extent, with the full extent of the damage yet to be determined. While investigations are ongoing, suspicions point towards a ransomware-based cyber-attack as the cause of the breach.

Google’s AI Cyber Defense Gains Momentum

Numerous Fortune 500 companies have expressed interest in Google’s latest AI Cyber Defense initiative, aimed at revolutionizing the cybersecurity landscape through the integration of artificial intelligence. This initiative seeks to address the Defender’s Dilemma by proactively enhancing security postures in alignment with evolving threats. Reports indicate that out of 70 prospects, 35 have shown interest in Google’s initiative, with an additional 13 expected to follow suit by May of this year.

The post Trending Cyber Attack news headlines on Google appeared first on Cybersecurity Insiders.

February 27, 2024 at 10:44AM

Read More

FTC slaps Avast with $16.5m penalty for selling browser data

It’s indeed concerning when cybersecurity solutions meant to protect users’ privacy end up compromising it instead. The case of AVAST highlights the importance of transparency and accountability in the handling of user data. Users trust these companies to safeguard their information, and any breach of that trust can have serious consequences.

In a recent development, UK-based cybersecurity company AVAST found itself in hot water as the US Federal Trade Commission (FTC) uncovered its illicit practice of selling user data to marketing and advertising firms. The repercussions? A hefty penalty of $16.5 million, coupled with a cease-and-desist order mandating an immediate halt to these dubious activities.

The investigation shed light on AVAST’s clandestine data-selling scheme dating back to 2014, which remained undisclosed for nearly a decade. The company’s antivirus solutions were not just safeguarding users’ devices but also covertly capturing sensitive browsing data, including URLs of visited webpages, search queries, and even purchase history. Such information paints a detailed portrait of users, encompassing their political inclinations, financial status, and religious beliefs, thereby facilitating targeted advertising campaigns.

Central to this controversy was AVAST’s subsidiary, Jumpshot, which acted as the conduit for funneling user data to third-party advertisers. Despite efforts to conceal these activities, the FTC’s scrutiny exposed the truth, prompting decisive action against the cybersecurity giant.

As part of the FTC’s order, AVAST is required to cease all data-selling operations and notify affected consumers about the misuse of their data. Furthermore, the company must purge all information amassed and utilized by Jumpshot, ensuring the eradication of any lingering privacy concerns.

It’s worth noting that AVAST had previously shut down Jumpshot in January 2020 amidst mounting controversies surrounding its data harvesting practices. However, the FTC’s intervention underscores the need for greater accountability and transparency in the cybersecurity sector.

In light of these revelations, users may reassess their reliance on third-party antivirus solutions and consider alternatives such as Microsoft’s Windows Defender. With its robust capabilities and regular updates, Windows Defender offers comprehensive protection against cyber threats, alleviating the need for additional security tools.

Ultimately, the AVAST saga serves as a stark reminder of the paramount importance of safeguarding user privacy and holding companies accountable for their actions in the ever-evolving digital landscape.

The post FTC slaps Avast with $16.5m penalty for selling browser data appeared first on Cybersecurity Insiders.

February 26, 2024 at 08:32PM

Read More

Cybersecurity fears trigger Cloud Repatriation

It’s interesting to see the shift in attitudes towards cloud adoption, especially considering the initial push towards it from figures like former President Trump. The concept of cloud repatriation, where organizations bring their workloads back in-house from third-party cloud services, highlights some of the complexities and challenges involved in cloud migration.

Security concerns have always been a significant factor in decision-making when it comes to cloud adoption, and it’s understandable that C-level executives would prioritize data protection and privacy. Additionally, economic considerations such as cost-effectiveness play a crucial role in determining the infrastructure strategy for many organizations.

The issues related to performance, compatibility, and downtime mentioned in the survey underscore the importance of thorough planning and evaluation before migrating to the cloud. It’s essential for organizations to assess their specific needs and capabilities to determine the best approach, whether it’s a fully cloud-based model, an on-premise infrastructure, or a hybrid strategy.

Hybrid cloud solutions indeed offer a middle ground, allowing organizations to leverage the benefits of both on-premise and cloud environments while mitigating some of the risks associated with either approach. Distributing critical applications and data across multiple platforms can enhance security and resilience, providing a more balanced and flexible IT infrastructure.

Ultimately, the key lies in finding the right balance between operational expenditure (Opex) and capital expenditure (Capex) costs, while also addressing security, performance, and reliability concerns. The evolving landscape of cloud technologies and infrastructure options offers organizations a range of possibilities to tailor their strategies according to their unique requirements and priorities.

The post Cybersecurity fears trigger Cloud Repatriation appeared first on Cybersecurity Insiders.

February 26, 2024 at 10:43AM

Read More

2024 is Here: Will This Be the Year We Get Passwords Right?

[By Darren James, Senior Product Manager, Outpost24]

Humans have made unbelievable advancements in science and technology that have stretched the imagination and changed society forever.  But one seemingly mundane, albeit crucial, piece of wisdom continues to elude mankind – proper password management.

We’ve all seen the headlines about the next big breach, the majority of which can be attributed to a root cause of human interaction, including the use of compromised or stolen access credentials, such as usernames and passwords.   This is clearly a chronic issue for businesses and consumers alike.

Unfortunately, this conclusion is no “revelation.”  The individual remains the weakest link in the security chain.  Despite countless resources for end user training and security hygiene, IT teams are still battling against the use of weak or compromised passwords creeping into their company’s network.

The reason there is such a huge focus on passwords and getting password security right is the fact that 88% of organizations still use passwords as their primary method of authentication to protect their systems.

This naturally attracts a lot of attention from cybercriminals who are focusing thoroughly on exploiting weak passwords, stealing credentials, selling them, and using them as an initial access point for breaching organizations.

There is certainly more than meets the eye when it comes to passwords. Understanding this as well as the patterns and trends of breached passwords, how they become compromised, and the most common password mistakes users make that might surprise you, will lead us along a path towards stronger password security.

Weak Passwords – How they’re exploited

Within any organization, you’d be hard pressed to find an employee who hasn’t had training in creating strong passwords. If you have, this is a serious problem. The many years of security industry advice and best practices should have hammered this home. Yet, even with these recommendations, research has revealed that the most common base terms used in breached passwords were “password,” “admin,” and “welcome” – terms one may think would be obviously off-limits to any security-savvy end user.

Weak passwords remain the gifts that hackers keep on getting. The easy entry routes into organizations, they are the low hanging fruit that can be snatched and exploited to reveal the jewels of the kingdom: sensitive data.

There are three common methods in which hackers exploit weak passwords, including:

Dictionary attacks:

Hackers use predefined ‘dictionary lists’ of likely possibilities to guess passwords or decryption keys. These could range from frequently used passwords and phrases to common terms in specific industries, exploiting the human tendency to opt for simplicity and familiarity when creating passwords. Hackers will often leverage social media platforms to gather information about specific users and their organizations, gaining insights into the potential usernames and passwords they may choose. Of course, many end users will add at least a small amount of variation to these terms, which is where brute force techniques come in.

Brute force attacks:

Brute force attacks use software to attempt all possible character combinations until the correct password or decryption key is found. While this might seem time-consuming, it can be a highly effective method against shorter or less complex passwords – especially when given a head start by using common base terms found in dictionary lists. Combining techniques in this way is known as a hybrid attack. For example, “password” could be the base term from a dictionary list. A brute force attack will try all subsequent variations such as “password, Password, P@$$w0rd,P455w0rD, Password1, Password!” and so on. This takes advantage of common variations people make to weak base terms to meet their organization’s complexity requirements.

Mask attacks:

A mask attack is a form of brute forcing, where attackers know elements of common password constructions and can therefore reduce the amount of guesses they’ll need to get it right. For example, an attacker might know many passwords are eight characters, start with a capital letter, and end with a few punctuation characters, like “Welcome1!”. So, they might only try combinations that match this pattern, reducing the total amount of passwords to attempt. Alternatively, they might know a specific company has a poor policy such as adding the current month and year to the end of passwords when rotating them. Having any sort of definitive information about the makeup of a password can greatly speed up a brute force attack.

Keyboard walks

Another common base term for passwords can be found looking at a traditional keyboard. The terms “Qwerty”, “asdfghjkl” or, “zxcvbnm” may seem like random combinations but they are simply the letters next to each other on the keyboard. Known as “keyboard walks” or “finger walks”, these are seen as quick and memorable passwords for employees. Unfortunately, they are incredibly easy to compromise. The most used keyboard walk pattern was “Qwerty,” which appeared over 1 million times in a list of 800 million compromised passwords. Even “123456” was found to be the most common compromised password in a new list of breached cloud application credentials.

Now, the notion that the password issue lies solely with the general workforce is not true.  In fact, IT administrators are often equally careless when it comes to password choices. Research has revealed that out of 1.8 million administrator credentials scanned, over 40,000 admin portal accounts were using the weak password “admin” to protect access to some of the most sensitive accounts with the highest levels of access within an organization.

It goes without saying that protecting access to sensitive information must be a priority for every employee within an organization. Above all, this starts with creating stronger passwords.

But what exactly makes a strong password?

Strength, length and security

At present, the default password length requirement in the Active Directory is 8 characters, which is also the most common length for many websites. However, given the sophistication of modern cracking technology, the time it takes for hackers to crack 8-character long passwords is under 3 hours. Moreover, if an individual was to use a known compromised password, this would be cracked instantly. It is strongly recommended for organizations to force end users to create passwords that are at least 15 characters long.

While this may be a challenge for some employees to remember, a method to overcome this would be to encourage the use of passphrases consisting of three random words. Embedding special characters and using a combination of letters and numbers would only strengthen the password.

Across the board, stronger password policies are needed to prevent the use of breached, common, and easily guessable passwords entering the system. To achieve this, a multi-pronged approach is required whereby the organization has the necessary processes in place to detect compromised passwords – even those that have become breached outside of the workplace. Implementing a company-wide password policy is beneficial in achieving this outcome as there are solutions available that can be integrated with the organizations’ Active Directory to prevent the use of keyboard walks, passwords that don’t meet a set criterion for length and/or complexity, or passwords that have been detected in compromised lists.

Scanning the Active Directory passwords against breached passwords lists should be conducted continuously, and if a compromised password is being used within the organization, the IT team should be alerted instantly so they can immediately enforce the end user to change it at their next logon.

Yes, the password continues to be a significant issue for IT teams and a massive weak link in the defense for many businesses. With that said, by following security best practices and deploying the security parameters, there will be drastic improvements in helping the IT team achieve password peace of mind for the entire organization. While it’s hard to imagine 2024 being the year total password security is achieved, it can certainly be something IT teams strive for going forward.

The post 2024 is Here:  Will This Be the Year We Get Passwords Right? appeared first on Cybersecurity Insiders.

February 24, 2024 at 04:56AM

Read More

Repeat Ransomware attacks on 78% of victims who pay

In November 2019, the FBI and US-CERT jointly issued a statement advising against ransom payments to hackers, asserting that such payments could embolden cybercriminals and exacerbate cybercrime. They urged victims to instead seek guidance from law enforcement or forensic experts.

Echoing this sentiment, Cybereason’s latest ransomware report, titled ‘The Cost to Business Study 2024,’ revealed alarming trends. According to the report, 78% of organizations that opted to pay ransom found themselves targeted by a second file-encrypting malware attack, often by the same threat group responsible for the initial breach.

Notably, the demand from threat actors in subsequent attacks tends to escalate, with victims facing a minimum 20% increase in ransom fees compared to their previous payment. Shockingly, over 56% of organizations fell victim to repeat attacks within the past 24 months.

Compounding the issue is the lack of assurance that hackers won’t strike again or delete data from compromised servers, especially in cases involving double extortion tactics.

This raises a pertinent question: Does cyber insurance cover repeat ransomware attacks?

The answer hinges on the specific policy provisions and premium agreements. Typically, policy documentation outlines the scope of coverage for software and hardware in the event of a cyber attack. It’s imperative for Chief Technology Officers (CTOs) or Chief Information Officers (CIOs) to thoroughly inquire about coverage details before finalizing agreements with insurers.

However, most cyber insurance policies include coverage for a single ransomware attack recovery, excluding subsequent incidents. Multiple ransomware attacks may signify a failure on the part of the victimized organization to adequately safeguard its IT infrastructure against cyber threats, rendering them technically ineligible for continued coverage despite negotiations with service providers.

The post Repeat Ransomware attacks on 78% of victims who pay appeared first on Cybersecurity Insiders.

February 23, 2024 at 08:32PM

Read More

How to Properly Handle Cyber Security Incident Management

[By Chris Debigh-White, Chief Security Officer at Next DLP]

The majority of security experts adhere to the “assume breach” paradigm, which recognizes the possibility, if not the inevitability, of an attacker gaining access to an organization. This breach could occur through various means, such as unpatched vulnerabilities, phishing attacks, insider threats, or the exploitation of the billions of stolen credentials harvested from previous breaches.

With the “assume breach mindset,” a defender’s primary objective is to detect and mitigate these breaches as quickly as possible. According to the 2023 IBM Cost of a Data Breach Report, the global average cost of a data breach was $4.45 million ($4.9 million if the attack was by a malicious insider). Breaches identified and contained within 200 days of the initial breach cost organizations over $1 million less than those that required more than 200 days. The time taken to address a breach is directly proportional to the extent of damage and financial impact on an organization.

The same IBM report found that organizations that have a formal and regularly rehearsed incident response plan (IR plan) could detect breaches 54 days sooner than those without any plan. Moreover, organizations with robust IR planning and testing procedures were able to reduce the costs associated with a breach by over 34%.

Defining an Incident Response Plan

An IR plan is a documented approach to address and manage cybersecurity incidents or attacks. A well-defined IR plan outlines the roles, responsibilities, and procedures to be followed during an incident, enabling a coordinated and efficient response. It includes identifying, investigating, mitigating, and recovering from data breaches, cyberattacks, or any unauthorized activity that threatens data and systems.

Cybersecurity Incident Response

One well recognized process for incident response and management is the ISO/IEC Standard 27035 which provides five-steps focused on preparation, detection and reporting, assessment and decision-making, response, and lessons learned. It’s important that organizations take it a step further, and dive into each recommended step more deeply:

1. Preparation

The cornerstone of a strong IR plan lies in thorough preparation. This phase includes the formation of a dedicated, clearly-defined IR team, along with the allocation of all necessary resources. Regular drills and training sessions are vital in maintaining the team’s preparedness, with activities like simulated phishing attacks to uncover potential weaknesses and enhance the team’s capability to respond effectively.

 

Adopting best practices in preparation involves comprehensive documentation of the organization’s network infrastructure and compiling a detailed inventory of vital assets. Setting up communication pathways with pertinent stakeholders, including legal departments, public relations teams, and law enforcement agencies, is also imperative. Furthermore, building relationships with external incident response specialists and providing additional expertise when confronting complex cyber security challenges is advised.

 

1. The Detection and Identification Phase

The primary goal of detection and identification is to swiftly pinpoint potential security incidents supported by tools like intrusion detection systems (IDS) and security information and event management (SIEM) tools. Additionally, data loss prevention (DLP) and Insider Threat Management tools observe and analyze all actions taken with data to identify and confirm activity that could put sensitive data at risk.

 

By generating alerts based on predefined rules or anomalous behavior, security teams can then gather relevant information, such as log files, network traffic data, and system snapshots, and analyze the situation to determine the scope and severity of the incident.

 

1. The Containment Phase

In the containment phase, isolating affected systems is vital to mitigate further damage. This requires an in-depth understanding of the network architecture, system interdependencies, and established protocols for swift isolation, like network disconnection or account deactivation. Utilizing data protection tools enhances this process, enabling organizations to disconnect devices, terminate user sessions, capture evidence, block uploads, and halt harmful processes, thereby effectively safeguarding against the escalation of the incident.

 

1. The Eradication Phase

It’s imperative to remove all forms of malware, backdoors, and unauthorized access. This often requires system restoration from clean backups or the application of security patches. Documenting each action for future analysis is crucial. Given the persistence of sophisticated attackers, this stage includes identifying the root cause of the breach.

 

1. The Recovery Phase

In the post-incident recovery phase, the focus is on restoring affected systems and resuming normal operations, which includes validating system integrity, ensuring data availability, and thorough testing before reintegration. Effective recovery entails prioritizing critical systems, setting clear recovery time objectives (RTOs), and regular data backups to minimize downtime. Comprehensive testing and monitoring are crucial to address residual issues and reduce future risks. Concurrently, transparent communication with stakeholders about recovery progress and timelines is essential for maintaining trust and clarity.

 

1. The Reflection/Learning Phase

The final step of an incident response plan is to conduct a detailed post-incident analysis and document the lessons learned to identify ways in which the IR process and overall security of a company can be improved. This does not mean pointing fingers and assigning blame. Reflection involves the response team thoroughly investigating the breach, assessing the affected data or assets, and evaluating the extent of the damage. Such analysis is crucial for identifying gaps in the response process and determining improvement areas, necessitating the involvement of all relevant stakeholders, including the response team, IT personnel, and management. Additionally, the psychological safety of all participants is paramount in order to ensure that this phase is not just a tick box exercise.

 

Thorough incident response documentation, encompassing all actions and timelines, is vital for future reference, compliance, and plan enhancement. Regular updates and reviews of the incident response plan, integrating these insights, are essential to ensure ongoing effectiveness. Organizations must respond promptly to incidents, with a well-crafted playbook of policies and processes and regular practice drills to ensure teams are well-versed in the required actions, including incident categorization and reporting protocols.

 

Incident Response Goes Beyond the Security Team

Effective cybersecurity incident response is not solely the responsibility of information security teams. Incident response teams require a coordinated effort across multiple disciplines in an organization, depending on the type of attack. Those outside of the organization, like customers, law enforcement, and service providers will play a big part too. While security teams will confirm the attack and recommend remediation activities, legal will guide data breach notification requirements, compliance with data protection laws, and potential liabilities. HR will work with legal and management to plan internal responses when considering insider threats. Per your IR Plan, each participant and their teams will have specific responsibilities that are essential to have practiced prior to an incident.

 

Must-Haves for Effective Incident Response

Incident response plans will vary depending on the affected assets, organizational resources, and regulatory requirements, but a few core pieces will always be necessary. Training will always be the most effective first line of defense and practice makes perfect in incident response. Additionally, teams must never forget to consider insider threats while constantly testing containment capabilities.

 

In the event of a breach, always collect data for investigations. Adequate logging and monitoring is paramount to the availability of this data. If not performed, there will be nothing to collect. This should be addressed in the preparation phase and reflected upon in the lessons learned phase by conducting post-mortem reviews and assessments to identify areas of improvement.

 

For security teams and the entire organization, having an IR plan in place, and regularly testing and improving upon that plan, is what every organization should do regardless of the potential costs of a breach. By combining an organization-wide incident response team with a well-coordinated IR plan, companies can actively reduce the impacts of data breaches.

The post How to Properly Handle Cyber Security Incident Management appeared first on Cybersecurity Insiders.

February 23, 2024 at 06:49PM

Read More

Top 7 best Practices for Mobile Security in a BYOD Environment

In the modern workplace, the Bring Your Own Device (BYOD) trend has become increasingly prevalent, revolutionizing how businesses operate and employees collaborate. While BYOD offers flexibility and convenience, it also introduces significant security challenges, particularly in the realm of mobile devices. As organizations adapt to this new paradigm, it’s crucial to implement robust mobile security measures to safeguard sensitive data and mitigate risks effectively.

The Rise of BYOD

BYOD allows employees to use their personal smartphones, tablets, and laptops for work-related tasks, blurring the lines between personal and professional use. This trend has gained momentum due to its potential to boost productivity, enhance employee satisfaction, and reduce hardware costs for businesses. However, the inherent security implications cannot be overlooked.

Key Security Challenges

1. Device Diversity: With employees using a variety of devices running different operating systems and versions, ensuring consistent security measures across the board can be challenging.

2. Data Leakage: Mixing personal and corporate data on the same device increases the risk of unauthorized access and data leakage, especially if the device is lost or stolen.

3. Compliance Concerns: Organizations must navigate regulatory requirements and compliance standards regarding data protection and privacy, adding complexity to BYOD security initiatives.

4. Network Vulnerabilities: Mobile devices often connect to public Wi-Fi networks, which can be insecure and susceptible to eavesdropping and man-in-the-middle attacks.

5. App Security: The proliferation of mobile apps introduces potential security vulnerabilities, such as malware, data exfiltration, and unauthorized access to sensitive information.

Top 7 best Practices for Mobile Security in a BYOD Environment

1. Establish Clear Policies: Develop comprehensive BYOD policies outlining acceptable device usage, security requirements, and employee responsibilities. Regularly communicate these policies to all staff members.

2. Implement Mobile Device Management (MDM): Deploy MDM solutions to enforce security policies, remotely manage devices, and facilitate data encryption, backup, and wipe capabilities.

3. Enable Strong Authentication: Implement multi-factor authentication (MFA) mechanisms, such as biometrics or one-time passwords, to strengthen access controls and prevent unauthorized access.

4. Encrypt Data: Utilize encryption technologies to protect sensitive data both at rest and in transit, reducing the risk of data breaches in the event of device loss or theft.

5. Conduct Regular Security Training: Educate employees about mobile security best practices, including how to identify and report suspicious activities, phishing attempts, and malware threats.

6. Monitor and Audit Devices: Continuously monitor device activity, network traffic, and application usage to detect anomalies and proactively respond to security incidents.

7. Stay Updated: Regularly update devices, operating systems, and applications with the latest security patches and firmware updates to address known vulnerabilities and weaknesses.

Conclusion

In the age of BYOD, mobile security is paramount for safeguarding organizational data, maintaining regulatory compliance, and preserving customer trust. By adopting a proactive approach to mobile security and implementing robust policies, technologies, and employee training initiatives, organizations can effectively mitigate risks and reap the benefits of BYOD while minimizing security concerns. Embracing a culture of security awareness and diligence is essential in navigating the evolving landscape of mobile security threats and challenges.

The post Top 7 best Practices for Mobile Security in a BYOD Environment appeared first on Cybersecurity Insiders.

February 23, 2024 at 10:13AM

Read More

Cyber Attack news headlines trending on Google

Federal Trade Commission Clears X (formerly Twitter) of Data Security Violations

Following an investigation into the server operations of X, previously known as Twitter, the Federal Trade Commission (FTC) has announced that Elon Musk’s company has upheld user privacy and safeguarded their data. This statement comes in response to complaints filed by privacy advocates alleging that Twitter permitted third-party access to user information for research and advertising purposes.

The FTC’s probe revealed that while third parties were granted access, it was under the supervision of security experts who diligently protected internal documents, preventing unauthorized access.

LockBit Ransomware Targets ScreenConnect Servers

The notorious LockBit 3.0 ransomware group has resurfaced, this time targeting ScreenConnect Servers. Utilizing vulnerabilities, the hackers infiltrated the network of ConnectWise (formerly ScreenConnect), encrypting servers and demanding ransom for decryption. Despite law enforcement agencies worldwide dismantling LockBit infrastructure as part of ‘Operation Cronos,’ the group persists in its malicious activities.

AT&T Cellphone Network Outage Attributed to Software Update

AT&T has clarified that recent network outages affecting some customers were not the result of a cyberattack but rather a technical glitch stemming from a software update. Dismissing rumors linking the outage to a Chinese hacking group targeting multiple service providers, AT&T assures its customers that measures are in place to address such incidents effectively. Encouraging affected users to utilize Wi-Fi calling, AT&T aims to maintain connectivity during service disruptions.

While concerns persist regarding potential Chinese cyber threats to U.S. infrastructure, the Biden administration has taken proactive steps to mitigate risks. Collaboration between public and private entities, including information sharing, enhances defenses against state-sponsored attacks. With recent network outages affecting AT&T customers in Houston, Chicago, and Atlanta, alternative communication methods like Wi-Fi calling are recommended to ensure connectivity.

American Pharmacies Experience Medication Shortages Due to Ransomware Attack

Several American pharmacies reliant on online delivery services are grappling with medication shortages following a ransomware attack on their technology service provider, Change Healthcare. While investigations into the incident are ongoing, steps have been taken to isolate affected systems and mitigate risks. Efforts to ensure uninterrupted hospital operations and patient care are underway as recovery efforts continue. 

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

February 23, 2024 at 10:08AM

Read More

Toshiba and Orange offer quantum secure data transmission with utmost security

Toshiba, the Japanese electronics giant, and Orange, a major telecom company, have unveiled breakthroughs in quantum secure data transmission. Their innovation shields information transmitted over fiber optic networks from cyber threats of all kinds.

The advancement relies on Quantum Key Distribution (QKD) technology, enabling secure data transmission at speeds of 400 Gigabits over a 100-mile fiber link. Quantum computing poses a growing threat to public key encryption, commonly used to secure data at rest or in motion. As this technology advances, traditional data networks become increasingly susceptible to attacks.

QKD, leveraging the principles of quantum mechanics, addresses this challenge by securing cryptographic keys, thereby mitigating risks. Integrating QKD into existing fiber networks enhances the security of conventional data transmission, safeguarding against today’s security challenges.

Although still in its early stages, further experiments are required to assess the integration of Quantum Key Distribution into complex network frameworks. Presently, QKD technology is deployed to secure a metro-scale fiber link network spanning approximately 23 miles between Wall Street and New Jersey, crossing the Hudson River. This ensures the protection of high-powered data, such as transactions, algorithms, and video calls, with minimal errors, seamlessly integrating into existing network infrastructure.

In an era where digitalization is rapidly advancing, data has become the lifeblood of many companies. Securing information at rest and in motion not only guards against hackers’ interference and substitution but also ensures its integrity in an increasingly interconnected world.

The post Toshiba and Orange offer quantum secure data transmission with utmost security appeared first on Cybersecurity Insiders.

February 22, 2024 at 08:25PM

Read More

Air Canada AI Chatbot spreads misinformation only to fetch hefty legal penalty

When attempting to book a flight ticket on an air travel website, it’s common to encounter a chatbot designed to assist in completing the transaction. However, what happens if this chatbot provides misinformation that could result in costly consequences?

This scenario unfolded for Jake Moffatt, a Canadian resident faced with the urgent need to book a flight to attend his grandmother’s funeral. Relying on the guidance of an AI-based chatbot, Jake believed he was entitled to a reimbursement under Air Canada’s bereavement policy, which offers discounted fares for emergency travel, valid for up to 90 days from the date of ticket purchase.

To Jake’s dismay, upon contacting Air Canada officials, he discovered that 20% of the ticket amount would not be reimbursed, contrary to what the chatbot had indicated. Air Canada acknowledged that their chatbot had provided misinformation and issued an apology for the confusion.

Despite repeated attempts to resolve the issue with Air Canada’s customer support, Jake ultimately sought recourse through the Civil Resolution Tribunal of British Columbia. The tribunal not only ordered a partial refund as promised by the chatbot but also imposed penalties on Air Canada for misleading a customer through false claims.

Air Canada attempted to downplay the responsibility of its chatbot, arguing that it was merely a machine and not trained to interpret the nuances of its bereavement policy. However, the tribunal rejected this argument, emphasizing that the actions of the chatbot should be attributed to Air Canada, prompting the company to reconsider its approach.

While there may be arguments suggesting external influences on the chatbot’s actions and the potential inconclusiveness of the lawsuit, Tribunal Officer Christopher Rivers carefully analyzed the evidence presented by both parties. As a result, Air Canada was ordered to refund Mr. Moffat $483, along with $23 in interest and $89 in legal fees and miscellaneous charges.

Furthermore, the tribunal urged Air Canada to clarify its AI-based customer support practices to ensure transparency regarding its policies and implementation. Failure to do so could lead to substantial penalties and even a ban for misleading customers regarding policy details.

The post Air Canada AI Chatbot spreads misinformation only to fetch hefty legal penalty appeared first on Cybersecurity Insiders.

February 22, 2024 at 10:37AM

Read More

Top 5 Cybersecurity Risks Facing Businesses Today

The digital era: what a time to be alive! It’s easier to stay in contact from a distance, make financial transactions, shop for necessities (or luxuries), and conduct business. Lucky us, right?

The answer is undoubtedly yes, with an and… thrown in for good measure. We’re indeed in a period of life where things are easier and more accessible than ever. Of course, consumers and businesses aren’t the only ones benefiting from the digitization of modern life. Cybercrime is growing exponentially, and businesses in particular are at significant risk.

The Era of Cyber (In)security

It’s been said that if cybercrime were a country, it would be the third-largest economy in the world. That’s a pretty sobering statistic, mainly owing to the value of attacks against organizations and enterprises.

Cybercriminals are attacking from all directions, and businesses must stay on their toes to avoid becoming a statistic. Digitized data is particularly vulnerable, and it’s more than an inconvenience if it falls into the wrong hands. Compromised data can be financially and reputationally costly and only takes a single exploited weakness to trigger a wave of fines, regulatory issues and brand damage.

Top Risks to Businesses

Vigilance is vital to staying safe, but where and how do you begin implementing robust security measures to protect your data, end users, and customers? To start, it’s crucial to understand the top risks your business faces today.

Insider Threats

Cybercriminals are not only opportunistic strangers. In the modern era, threats can come from inside your network.

Insider threats are those posed by people who don’t need to breach security to reach your network, as they’ve already been granted access. That means employees, contractors, partners, vendors, suppliers, and anyone else you trust with your network or data can pose a threat.

Of course, not all insider threats are purposeful. Human error can be just as costly, as any employee or third-party partner can click the wrong link, use an insecure network connection, or leave a device unattended, leading to a security breach.

That doesn’t mean deliberate insider threats are not a problem, however. Employees with privileged access may be tempted to sell trade secrets, bring information to a new company as a bargaining chip for career advancement, or sabotage your information as retaliation for discipline or firing. Insider threats can exist in any department or team, whether accidental or deliberate.

Social Engineering

Covering a wide range of attacks, Social Engineering refers to any cybercrime that starts with gaining the trust of an end user. That can mean masquerading as a trustworthy colleague or simply sending a believable message (including an SMS or phone call) with a request for information.

Social engineering attacks are particularly threatening because they prey on the trust or naivety of an end user to wreak havoc. With remote and hybrid workforces, social engineering attacks are even more prominent – end users have grown accustomed to receiving requests for information or performing actions via digital means.

Traditional security, like encryption, policies, and security software, are less effective. Organizations must also communicate well and often with their end users to ensure they encourage a healthy sense of skepticism about messages and requests.

Ransomware

A form of malware, ransomware is a nefarious attack that can be catastrophic for businesses. All it takes is one exploited system weakness or false move by a user, and malware is installed on your network. From there, your valuable data or systems are locked until you pay a hefty price to regain access.

Ransomware attacks are very effective as businesses are held at the mercy of their attackers. Without access to their data or systems, business comes to a standstill. That means the value of these attacks is not only the price tag set by the attackers but the losses incurred when a company cannot conduct business.

While the dream for cybercriminals is a successful ransomware attack on a large company with deep pockets, no one is hidden from their radar. Small businesses are often targeted as bad actors know they likely lack resources to back up data or otherwise recover from downtime and are most likely to find a way to pay the ransom so they can get back to business.

Artificial Intelligence

Threats exploiting artificial intelligence (AI) vulnerabilities are evolving faster than any other category, particularly as interest in AI tools grows. Emergent technologies are alluring for cybercriminals, as organizations are less likely to have policies and protections.

At the time of writing, AI is a non-standard attack vector. The most considerable related risk to businesses today concerning AI is data leakage. AI tools such as large language models (LLMs) and GPT do not consider confidentiality. As such, several organizations worldwide have banned GPT tools to prevent confidential and privileged information – such as code and trade secrets – from falling into the wrong hands.

Cloud Vulnerabilities

Along with digitizing processes across the organization, our modern world is predominantly cloud-based. This has been a tremendous help, particularly for the remote and hybrid workforce, as cloud-based tools can be accessed from anywhere, as long as an internet connection is available.

Cloud security vulnerabilities can present a cyber threat to organizations. It’s imperative to ensure the third-party platforms you enlist to help run your business take security seriously. Data transmission must be encrypted and stored securely, and multi-factor authentication is recommended to keep end-user accounts protected. Apply the same stringent security assessment to APIs, as API security is a common attack vector.

Learn more about governance, risk and compliance professional certification in The Ultimate Guide to the CGRC.

The post Top 5 Cybersecurity Risks Facing Businesses Today appeared first on Cybersecurity Insiders.

February 22, 2024 at 06:22AM

Read More

API Security in 2024: Navigating New Threats and Trends

[By Tyler Shields, Vice President at Traceable AI]

As we step into 2024, the landscape of API security is at a critical juncture. The previous year witnessed a significant escalation in API-related breaches, impacting diverse organizations and bringing to light the critical vulnerabilities in API security. This surge not only accentuated the essential role of APIs in our digital ecosystem but also catalyzed a much-needed shift in focus towards their security. And with regulatory bodies like the FFIEC now acknowledging APIs as distinct attack surfaces, the stage is set for a deeper understanding and reinforcement of API defenses.

Looking ahead, the key question is: what new trends and challenges will define the realm of API security in 2024?

The Explosive Growth of APIs: Brace for Impact

As we approach 2024, the digital landscape is poised to witness an exponential growth in API usage, a trend that signifies a profound transformation in how digital services are deployed and interconnected. This surge is not merely a quantitative increase but a qualitative shift, reflecting the deeper integration of digital technologies in organizational operations. The transition to cloud computing, still far from completion, is a key driver of this expansion. As organizations continue moving applications and workloads into the cloud, we’re seeing a consequential shift in infrastructure. This shift, often referred to as the atomization of applications, involves breaking down applications into smaller, more manageable components, each potentially interfacing through its own API.

This next phase of cloud transformation is expected to dramatically increase the number of APIs, as these atomized applications require extensive intercommunication. While this growth facilitates greater flexibility and scalability in digital operations, it also introduces the challenge of API sprawl, where organizations struggle to manage the sheer volume of APIs within their ecosystems. However, the primary focus for 2024 remains on the sheer scale of API integration and deployment. As APIs become more central to organizational infrastructure, they create new opportunities for innovation and efficiency, but also raise critical concerns in security and management. The ability to effectively harness this growth, balancing the benefits with the complexities it introduces, will be a defining factor in the success of digital strategies in the coming year.

Emerging Threats in Data Quantity and Storage, and Role of AI

As we navigate the digital transformation, a critical challenge emerges in the realm of data quantity and storage, exacerbated by the exponential growth of the communication patterns. This issue transcends the traditional cybersecurity approach of merely blocking attackers or direct attacks against APIs. The real challenge lies in managing the colossal volumes of data amassed from extensive API interactions, now centralized in vast digital repositories. The pivotal question is: how do we ensure that this data is accessed exclusively by appropriate, authenticated, and authorized personnel? Moreover, how do we prevent sensitive data from being exposed to unauthorized individuals or systems?

This dilemma is not just about securing data; it’s about redefining how we perceive and handle cybersecurity. The complexity is magnified when we consider the role of AI in this landscape. AI models, which are increasingly integral to our digital ecosystem, require training on large data sets. The volume of data used for this purpose has skyrocketed, with computational capacities doubling every six months since 2010. In this context, AI becomes more than a technological tool; it represents a new paradigm of API interaction, where AI systems, accessing data via APIs, pose complex questions and analyses.

This scenario presents a multifaceted challenge. On one hand, we have the ‘data in’ aspect, involving the influx of information into these systems. On the other, there’s the ‘data out’ component, where the output and its implications, particularly regarding privacy and fraud, become a concern. For instance, the potential for AI to ask questions or rephrase queries in ways that might inadvertently breach privacy or security protocols illustrates the intricate nature of this challenge.

Addressing these issues requires a nuanced approach to authentication, authorization, and privacy. The complexity of ensuring the security and integrity of data, both incoming and outgoing, in these vast, interconnected systems cannot be overstated. It’s a formidable task, yet not insurmountable. API security technologies stand at the forefront of this challenge, poised to develop solutions that can effectively navigate and secure this intricate web of data interactions. As we look towards the next three years, the evolution of these technologies will be pivotal in shaping a secure digital future, where data security is not just a feature but a foundational aspect of our cybersecurity infrastructure.

2024: The Year of API Breaches

This prediction isn’t unfounded, considering the recent statistics revealing that 60% of organizations reported an API-related data breach in the past two years, with a staggering 74% of these involving at least three API-related incidents.

This trend underscores a critical reality: APIs have become the universal attack vector in the digital world. Beyond the traditional realms of social engineering and cloud misconfiguration attacks, which themselves often leverage APIs, it’s becoming increasingly challenging to identify cyber attacks that don’t have their roots in API vulnerabilities.

APIs are rapidly evolving into the superhighway of digital communication within our infrastructure. As their usage broadens and becomes more complex, the necessity for robust API security measures escalates. In 2024, we anticipate that API security will no longer be an afterthought but a fundamental standard in cybersecurity strategies, pivotal in preventing the next wave of major digital breaches.

Contextual Intelligence – The Keystone of API Security in 2024

In 2024, a key driver in enhancing API security will be the comprehensive collection and analysis of data to create context. This approach marks a significant evolution in our security techniques, shifting from traditional perimeter-based defenses to a more nuanced understanding of each interaction within the API ecosystem. The focus is on securing the vast quantities of data that flow in and out through APIs by meticulously gathering and analyzing the surrounding data of each request to build a rich context that allows deeper analysis. This involves a detailed examination of the APIs themselves – their structure, expected data flow, and typical usage patterns. It also includes identifying what constitutes normal and abnormal behaviors within these interactions. By aggregating this information into a contextual dataset, we can apply advanced AI analysis to discern broader results and subtle anomalies.

This shift in strategy represents a move from basic, binary security queries – such as “Are you authenticated?” or “Is this connection secure?” – to more complex, AI-driven interrogations that mimic human analytical skills. Questions like “Does this data transaction contain any information that should not be leaked?” or “Is this pattern of API use indicative of a potential security threat?” become central to our security protocols. This level of inquiry requires a deep understanding of API interactions, far beyond surface-level authentication checks.

The future of API security, therefore, hinges on the ability of security technologies to amass and intelligently analyze the richest and most comprehensive sets of contextual data. The technologies that excel in capturing this depth and breadth of information will be best equipped to navigate the sophisticated security landscape of 2024, ensuring robust protection against increasingly complex threats.

The Bottom Line

The trends we’ve identified call for a proactive reimagining of cybersecurity strategies, where the focus shifts from reactive defense to anticipatory resilience. This evolution demands more than just technological upgrades; it requires a paradigm shift in our understanding of digital ecosystems. The integration of AI, the management of sprawling APIs, and the safeguarding of vast data repositories are not isolated tasks but parts of a cohesive strategy to fortify our digital infrastructures. In this context, the insights from 2024 serve as a beacon, guiding us towards a future where cybersecurity is dynamic, intelligent, and integral to the fabric of our digital existence.

As we navigate these waters, the real measure of success will be our ability to not just defend against emerging threats but to adapt and thrive in an ever-evolving digital landscape.

The post API Security in 2024: Navigating New Threats and Trends appeared first on Cybersecurity Insiders.

February 21, 2024 at 03:54AM

Read More

5 Ways to Counteract Increasing Cyber Insurance Rates

[By Brett Bzdafka, principal product manager at Blumira]

Businesses today face an ever-increasing number of cyberattacks on average, often posing potential financial impacts in the 7-figure range. Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. The high cost of premiums, which surged in 2022, might contribute to the low percentage of organizations with sufficient coverage.

As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure and consider ways to invest in comprehensive cyber insurance policies that truly meet their needs without breaking the bank.

Understanding the Role of Cyber Insurance

Cyber insurance is a financial safeguard against the repercussions of cyberattacks and data breaches. This coverage extends to the expenses associated with data recovery, system restoration and the aftermath of a security breach. Legal actions from affected parties, regulators or business partners following a cyberattack can incur significant costs, all of which cyber insurance can thankfully alleviate.

Cyber insurance policies commonly encompass incident response services, enabling organizations to enlist security experts for breach investigation and mitigation. Some coverage extends beyond mere recovery, encompassing the implementation of security enhancements and measures to prevent future events.

Incorporating cyber insurance is an integral component of a holistic risk management strategy for any organization. It’s important for decision-makers and legal counsel to carefully consider the business’s unique needs and risks when choosing a cyber insurance policy.

Let’s delve into the cybersecurity strategies that IT professionals can adopt to reduce insurance expenses and identify a policy that aligns most effectively with their unique needs.

5 Ways to Lower Costs

IT experts can actively contribute to lowering cyber insurance expenses by showcasing a robust dedication to cybersecurity, effective risk management, regulation adherence and threat awareness.

1. Proactive Risk Management Strategies: Regular risk assessments empower IT professionals to pinpoint vulnerabilities and deploy effective measures for risk mitigation. Consider this: A staggering 98% of organizations globally are linked to breached third-party vendors. To counter the potential impact of a compromised partner or vendor, IT teams should seek to understand the vendor’s cybersecurity protocols. It’s imperative that vendors align with cybersecurity best practices and standards, preventing unauthorized access to sensitive information.

Through a meticulous vetting process of these entities, IT teams fortify their defenses and showcase an unwavering commitment to ongoing enhancements in cybersecurity practices and technologies. Such proactive risk management efforts often translate into more favorable insurance rates from providers who appreciate the dedication to risk prevention.

2. Robust Security Measures: Deploying advanced security solutions like firewalls, intrusion detection systems, encryption and systematic updates plays a pivotal role in curbing cyber insurance expenses by fortifying an organization’s overall cybersecurity framework. Insurers often factor in risk levels when determining premiums, and the efficacy of security software can significantly alleviate potential risks.

Security software doesn’t just safeguard against external threats – it aids in pinpointing and remedying vulnerabilities within other software, applications, systems and networks. The routine execution of vulnerability assessments and patch management, facilitated by reliable security software, contributes to a more resilient environment, diminishing the susceptibility to cyber exploitation.

3. Automated Threat Detection: Implementing security software with advanced threat detection capabilities empowers organizations to identify and respond to security incidents swiftly. Advanced threat detection tools can continuously analyze network traffic, system logs, and user behavior to identify abnormal patterns that may indicate a security breach. By promptly detecting these anomalies, organizations can initiate a rapid response to investigate and contain the threat before it escalates. Timely incident response can constrict the scope and impact of a cyberattack, potentially mitigating the financial losses associated with such incidents.

Companies that utilize modern technologies to monitor for and respond to threats may find insurers willing to extend discounts and offer lower premiums as a recognition of their commitment to cybersecurity.

4. Cybersecurity Compliance: Adopting cybersecurity standards fosters a proactive approach to managing cyber risks and can positively impact cyber insurance costs. Organizations can establish and uphold robust security protocols by aligning with recognized standards and abiding by a structured framework for compliance.

IT teams should prioritize compliance with industry-specific standards and regulatory requirements pertinent to their business sector. Noteworthy cybersecurity standards like ISO 27001, NIST Cybersecurity Framework and PCI DSS offer guidelines for identifying and mitigating cyber risks. By embracing these standards, organizations incorporate best practices into their risk management strategies, lowering the probability of security incidents that necessitate insurance claims.

5. Workforce Education: Despite the evolving technological landscape, the human element remains the primary contributor to cybersecurity incidents, accounting for 74% of total breaches. Well-intentioned employees may inadvertently contribute to security incidents if they lack awareness or training. Incorporating ongoing cybersecurity education is essential because it empowers employees to identify and address potential threats.

A robust training program allows employees to build skills to avoid common pitfalls that could lead to breaches. When the workforce understands cyber risks and best practices, they become less vulnerable to manipulation and less likely to make costly mistakes. Investing in employee education strengthens institutional resilience and signals to partners like insurance providers that the organization takes risk management seriously. Ultimately, equipping staff with knowledge and tools through training fosters a culture of collective responsibility for cybersecurity.

Don’t Wait. Now’s the Time to Prioritize Cyber Insurance.

Given the current threat environment, businesses must strengthen security measures and secure sufficient cyber insurance coverage. The path to lowering cyber insurance costs begins by implementing thorough security measures that diminish risks, and signal to insurers a dedication to addressing potential threats. Taking a proactive approach empowers organizations to protect their digital assets and obtain more economical cyber insurance coverage in the ever-evolving and intricate cybersecurity landscape.

About the Author

Brett Bzdafka is the principal product manager at Blumira. Brett has more than 10 years of leadership experience delivering SaaS solutions that solve real-world problems for small to medium-sized businesses (SMBs). Brett is committed to understanding SMB and IT leaders’ needs by gathering customer insights to shape Blumira’s product roadmap. Previously, Brett served as Group Product Manager at BoxCast, where he led the product team and agile teams to scale their SaaS live streaming solution. With experience in sales, project management, and product development, Brett knows firsthand what it takes to build products that customers love.

The post 5 Ways to Counteract Increasing Cyber Insurance Rates appeared first on Cybersecurity Insiders.

February 21, 2024 at 12:48AM

Read More

Wireless Visibility: The MUST for Zero Trust

[By Brett Walkenhorst, Ph.D., CTO, Bastille]

Zero Trust has been an important paradigm for advancing network security for almost 15 years, incorporating tenets that move beyond perimeter-based control toward a multi-layered approach that seeks to minimize risk in the modern world. Although the paradigm is complex, the basic idea behind Zero Trust is to shift our mindset from defending our perimeter to assuming an attacker has already penetrated it. This requires us to bring visibility to our network, limit access to network resources, and automate the response to incidents aided by analytics.

As a security community, we are making progress implementing this paradigm shift, but one key area that is often overlooked is the wireless attack surface of our networks. Without addressing the wireless problem, our Zero Trust posture is incomplete.

The Wireless Problem

Wireless devices number in the tens of billions worldwide, and their presence continues to grow. Interfaces include Wi-Fi, cellular, Bluetooth, IoT, and others. Much of this wireless space is not monitored or even visible within our security tools. These unaccounted devices may include shadow IT equipment, industrial control systems (ICS), personal/corporate smartphones, peripherals, wearables, and many more. All of these devices have the potential to connect to our networks in some way, and yet their wireless interfaces are largely unmonitored. In our efforts to shift to a Zero Trust mindset, it is critical that we bring visibility to these wireless technologies in addition to the wired components of our networks.

Wireless devices are ubiquitous. They utilize electromagnetic waves to communicate with each other and with network infrastructure. These waves travel at the speed of light; they penetrate walls and other physical barriers, bypassing our physical security perimeter; and they are invisible to the eye. As critical 1’s and 0’s modulate these invisible waves, we must find ways to make them more visible to defend against the many vulnerabilities that exist within these wireless protocols. Over 2,000 wireless CVEs have been published within the last 10 years alone. And that is only what has been discovered. The trend of these discoveries is one of exponential growth. Clearly, the wireless attack surface is an area of growing concern.

The forms of wireless-based attacks vary widely. They include machine-in-the-middle (MitM) attacks to crack credentials and/or compromise clients/peripherals; denial of service (DoS), eavesdropping, malware injection, data exfiltration, and many more. Many affordable tools (both hardware and software) exist that have lowered the barrier to entry for people to conduct such attacks. Attack devices include Wi-Fi pineapples (Evil Twin attack devices), O.MG and USB Ninja cables and Wi-Fi Rubber Duckies (wireless-controlled keystroke injection and exfiltration cables/dongles), wireless network interface controller (NIC) dongles, Bluetooth development kits/dongles, software-defined radio kits/dongles, and more. The more sophisticated devices are typically around $100, but many very capable devices can be purchased for $10 or less.

Bringing Visibility to the Invisible Wireless Attack Surface

Wireless signals use electromagnetic (EM) waves to communicate. EM waves are invisible, but electronic systems can be built to both create and detect them. To make those invisible waves visible, then, we need a suitably capable detector. While radio technology has been around since the late 19th century, modern developments involving higher frequencies and digital modulation have made wireless communication increasingly efficient and effective, allowing us to use different bands of the EM spectrum to support tens of billions of devices speaking many different protocols. A wireless detection system must be equally capable by employing modern tools like software-defined radio technology and highly-capable processors to digitally demodulate and decode the many wireless packets from many protocols.

A wireless detection system should include multiple broadband, multi-channel software-defined radio sensors to detect multiple wireless signals simultaneously. The sensors must digitally decode the headers of many wireless packets in parallel to extract metadata for individual wireless detections, and then feed their data to a central server to localize the emissions in space. In this way, the system can detect and locate all wireless emissions within a facility. This gives a user visibility into the wireless signals in terms of their temporal, spatial, and behavioral characteristics. But visibility is only the first step. To enable Zero Trust, we need to add analytics and automate the response.

Analytical tools transform data into actionable insights. Applied to wireless data, we need to identify unhealthy behaviors in the wireless transmissions, classify their severity, and provide tools for users to take action. Dimensions over which we can analyze wireless devices include time, space, and many dimensions of behavior. The metadata available from the wireless packet headers offers a rich set of data from which we can infer connectivity, device information, data transmission volume, and much more. Once a particular behavior is identified, we need to alert on that behavior and automate the response if appropriate. Such automation should include the ability to shut off a device’s network access, disable certain functions of the device, populate an alert list in a security operations center (SOC), issue an incident response alert, focus physical security cameras on a specific area, flash a light, lock a door, and many other actions. To enable those kinds of responses, the wireless detection system must be able to readily integrate with a host of other security tools including security information and event management (SIEM) systems, security orchestration automation and response (SOAR), network access control (NAC) systems, unified endpoint management (UEM) systems, physical access control systems, etc.

Building a wireless detection system like the once described above is not trivial. The hardware is specialized and highly capable, but the software/firmware is the real key to making such a system viable. Some challenges include:

• Differentiating among 4G/5G cellular devices and localizing them individually
  • This is simple enough for certain control channel packets such as a random-access channel (RACH) packet, but these are few and far between, so we would miss most of the relevant data
  • It is extremely difficult to do with general traffic channel packets
• Detecting and locating Bluetooth devices when they’re connected to other devices
  • Bluetooth signals hop in frequency when they’re in a connected state, so many single-channel sniffers aren’t capable of seeing them
  • Differentiating and locating individual devices in a Bluetooth network requires sniffing the entire spectrum and teasing out which packets belong to which device
• Accurate localization of indoor signals
  • Indoor environments have a lot of noise and multipath (EM waves bouncing off of various physical materials)
  • Localization accuracies of 10m is reasonable to achieve, but it’s not very actionable
  • Accuracies of 1-3m is very challenging but much more useful

Building such a detection and localization system is obviously challenging, but the effort yields a lot of value. In terms of implementing a Zero Trust architecture, it is essential, but some examples may help to motivate the value. The following are just a few examples of things that have been detected and located by such a system:

• A USB Ninja cable on an executive floor of a Fortune 10 company
  • This cable is a hacking tool that looks and acts like a standard USB cable
  • It can wirelessly connect to a controller to enable an attacker to inject keystrokes and exfiltrate data from a target system
• A laptop connected to a server in a secure data center beaconing Wi-Fi and Bluetooth packets
• An active, unencrypted Zigbee transceiver in industrial chillers that had wired access to the core network inside a data center
• Excessive RTS and connection request packets from devices indicating misconfiguration and/or a potential DoS condition
• Intermittent WEP encryption advertised through beacons from an access point that otherwise used WPA2 encryption
  • WEP is a very old Wi-Fi encryption scheme that was cracked in 2001
  • No access point should ever be using it
• Bluetooth-enabled RFID readers that were susceptible to a wireless DoS attack that could shut down physical access to the facility
• Fitbits, phones, smartwatches, and many other devices are detected on a daily basis in various government and secure commercial facilities where the presence of such devices is prohibited due to security concerns

The ability to detect these kinds of threats allows operators to identify potential problems before they become incidents and take corrective action. For many of the examples above, physical security interdiction is the appropriate response, and the wireless detection system’s ability to locate the wireless devices spatially is critical. For others, some action to correct device misconfiguration or simply shutting down a specific wireless mode is sufficient. For such cases, the system’s ability to identify device details such as MAC address, device name, manufacturer, etc and integrate with a UEM/NAC system are all that is needed to identify and correct the problem. Whatever the case, a wireless detection solution can not only provide real-time monitoring of the wireless attack surface to identify incidents as they occur, but it can serve to shore up an organization’s security posture to prevent attacks from occurring at all.

Solving the Wireless Problem

Wireless devices are ubiquitous, vulnerable to attack, and invisible to most security tools. Their growing presence and vulnerability along with the trend toward democratizing RF hacking tools and capabilities necessitates improved vigilance on the part of network administrators and the entire security industry. While it is challenging to create systems that can monitor these wireless signals, such tools are becoming increasingly available with continuously improving capabilities.

The ability to detect, localize, analyze, and respond to wireless threats is the next phase in the implementation of Zero Trust. It is time to plug this increasingly dangerous gap in our network security posture.

The post Wireless Visibility: The MUST for Zero Trust appeared first on Cybersecurity Insiders.

February 21, 2024 at 12:32AM

Read More