FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Sunday, March 31, 2024

What to Do When Someone Steals Your Identity Online? – 8 Expert Tips

The convenience and benefit of doing so much online these days, unfortunately, come with some risks. The crime of stealing identities online is becoming more frequent, and it can happen to anyone. Educate yourself and be prepared for such an eventuality so it causes the least amount of problems should you become a victim.  

Online Identity Theft – Shocking Facts

Having a realistic view of this type of crime may help inspire more caution, but also help you understand how vital it is to have a plan in place. These facts and stats paint a clear picture of the risk:

  • By 2029, the industry aimed at protecting people from identity fraud could grow to $28 billion. 
  • In the US, the victims of identity fraud have lost as much as $10.2 billion in just one year.
  • The average loss of identity fraud victims is around $500, but this amount tends to increase over time. 
  • From one year to the next, the total number of identity theft reports in the US can rise as much as 1 million. 

Instead of feeling overwhelmed by what society is facing, let’s empower you to take control, even if something goes wrong.  

Steps to Take if Your Identity is Stolen

Information is power, so do as much as you can, from reading Aura reviews and articles on other identity theft protection solutions to changing your online habits. But when you realize that a cyber criminal did get to your personal data, simply follow these steps. 

Change Passwords

Much of online identity theft may relate to accounts, such as your banking profile or Gmail account. Prevent access to these by resetting your passwords and making them stronger this time round. The more complex it is, the less likely it becomes that cybercriminals will hack it.

Report the Case

Make it known that identity theft took place by reporting it to the relevant institutions. This ranges from opening a case with the police to talking to appropriate agencies that specifically deal with identity theft cases. Most countries have these entities, and they may have easy processes to report a case, such as dialing a dedicated phone number or simply logging a case on their website. 

Identify Where the Threat Came from

Try to determine how the breach came about. It could have been an email phishing scam, a data leak of a vendor where you have an account, or someone using information they found on documents you discarded. Knowing how it happened will help you determine what type of help you need to remedy the situation and prevent it from happening again.

Start a Paper Trail

If someone is using your identity for fraud, you may need to prove to vendors that it wasn’t you. For example, for credit card fraud, you’ll need to show it wasn’t you making purchases. Compile proof of all your communication with the police and other role players so you can easily prove your innocence.

Talk to Your Bank

If it’s your credit card details that are being used without your permission, your bank needs to know. Close the account, so you can prevent any further transactions, or at least freeze it until you’re sure that passwords are changed and no one else can use it.

Contact Creditors and Vendors

The fraud could include criminals opening accounts in your name. You can usually see details of such vendors and institutions if you request a detailed credit report. Inform them that it was done unlawfully and get written proof that any fraudulent charges have been dropped, so it won’t affect your credit report.

Manage Your Credit Report

The long-term effect of identity theft is that it could ruin your credit report. Luckily, by following some of the steps above you can once again have good credit. 

Also, ask about fraud alerts that can be added to your credit report. This will require anyone who wants to open an account to first contact you personally, so you’ll have an additional barrier against online identity theft going forward.

Implement Proactive Measures

You don’t want this happening again, so safeguard yourself by initiating appropriate safety measures. Base your plans on the type of threat you face. For example, if you realize your information was stolen via malware, it may be time to update your software or educate yourself about cyber security. 

Final Thoughts

Realizing you’re a victim of crime will probably make you break out in a cold sweat, but don’t let it overwhelm you. With the prevalence of cybercrime and online identity theft, banks and governments have various resources in place to help you manage the situation. Use these tips to regain control and limit the damage.

The post What to Do When Someone Steals Your Identity Online? – 8 Expert Tips appeared first on Cybersecurity Insiders.


March 31, 2024 at 09:31PM

Friday, March 29, 2024

Understanding and Shrinking Attack Surfaces: A Comprehensive Guide for Organizational Leaders

[Jacqueline Faerman, PR Manager, Privacy Bee]

In 2024, many organizations operate with a newly expanded attack surface.  Even though most already invest significantly in cybersecurity.  All companies are acutely aware of the threat posed by cyberattacks and the resulting data breaches.  And sadly, many have already been victimized. If they wish to avoid being breached, CEOs, CFOs, CHROs, and all other non-IT department heads must become educated about how and why their organization’s attack surface has been expanded.  Cyber threats have evolved into business threats; every department should be vigilant. Once they do, they will undoubtedly want to address the challenges of shrinking the attack surface immediately.  This document will shed light on the attack surface and what can be done to minimize it – even if an organization already invests significantly in information security.

If you’re a CFO, CEO or other organizational leader not directly involved with information security and IT, you may not often hear the term “attack surface”.  So, here’s a basic definition of the term. 

An organization’s attack surface is defined as all the possible points of entry a cybercriminal might exploit to gain unauthorized access to information systems.  This includes every endpoint – e.g., mobile device, desktop, server, web applications/software, APIs, etc. – and other potential vulnerability to cyberattacks or data breach attempts.

Most modern organizations have a sprawling attack surface because information systems, computing networks and cloud hosting/storage have become so integral to the operations of every industry.  There are generally two classifications or subsets of attack surfaces in a broad sense.  Chief Information Officers or Chief Information Security Officers know they must apply different strategies to secure the digital attack surface as well as the physical attack surface.  And many have been working for years to reduce their exposure.

The physical attack surface is comprised of all the hardware that hackers might try to infiltrate.  These are all your organizations’ endpoint devices such as desktop computers and workstations, mobile devices, phones, tablets, even USB drives and other portable storage devices.  Remember that when retiring old hardware, the discarded devices may still contain log in credentials, passwords, sensitive user or organizational data or more.  To a lesser extent the physical attack surface also includes protecting actual physical locations from intruders who could sneak into facilities and steal data manually.  To shrink the physical attack surface, InfoSec leaders implement hardware management policies and other common endpoint security measures.

The digital attack surface is more difficult to defend because it is distributed across the internet.  It is comprised of software systems, applications, websites, servers, email systems, cloud storage/hosting, and unauthorized system access locations.  Digital information security is largely focused on closing holes and other vulnerabilities that arise from poor coding, insufficient passwords, weak encryption, open APIs, outdated software, etc.

The goal of any organization is to shrink, to the smallest extent possible, their physical and digital attack surfaces to guard against unwanted public access to sensitive data.

The New Social Engineering Attack Surface

In recent years a new attack surface has emerged, and it is clearly undermining the efforts of IT and InfoSec leaders to protect their organizations.  This new attack surface has been dubbed the “Social Engineering Attack Surface”.  For organizations that had successfully shrunken their digital and physical attack surfaces, the rise of social engineering attacks has exploded the scope of potential attack vectors and breaches are on the rise. 

Social engineering can straddle digital and physical attack vectors and leverage unregulated external data available for sale or even for free on the public internet.  This article from Privacy Bee details the methods cybercriminals use to exploit weak external data privacy in social engineering attacks.

While physical and digital attack surface management involves a fairly concrete set of processes and best practices, social engineering attack surface management presents a more slippery challenge.  CISOs, CIOs, and InfoSec professionals can exert robust control over the digital and physical assets under their supervision and purview.  By contrast, social engineering attacks are not directed at surfaces under the organization’s direct control.  Instead, social engineering attacks are directed toward any or every member of the organization’s workforce.  Social engineering attacks also regularly target the workforce elements of an organization’s vendors, third-party associates, supply chain partners and any external group that has systems integrations with the organization.   InfoSec leadership has far less ability to control the online activities of all these persons.  And it is the human element that hackers exploit.  This is why the social engineering attack surface is so much more difficult to reduce.

Finding the Shortcomings in Existing Attack Surface Management Practices

Respected B2B technology vendor marketing firm TechTarget published an overview of the steps involved in creating a risk mitigation plan.   To summarize, there were five recommendations:

  1. Identify the risk – catalog existing and potential events and event sequences where risk is inherent. Whether from existing vulnerabilities or known threats against the organization

  2. Perform risk assessments – using a weighted system to determine the possible impact of each risk and how likely it is to occur.

  3. Prioritize – ranking the potential risks identified in the assessment and acting first on the areas with the lowest acceptable risk.

  4. Track risks – this involves an ongoing monitoring of risks identified and noting the frequency of attacks in different types of risk pools.

  5. Implementing mitigation and monitoring progress – Once a risk mitigation plan has been developed and deployed to address the risks identified and prioritized in the earlier steps, the organization should monitor the efficacy of the plan, keep tabs on the threat levels, and make modifications to the plan as the priorities may shift.

The five recommendations from Tech Target are well-conceived and if applied, should serve well to reduce the size of any organization’s attack surface.  But this is only if the organization is savvy enough to use it to the new social engineering attack surface.  Evidence suggests this is not yet happening across the preponderance of organizations in the US. 

In 2022, leading tech research and advisory firm Gartner predicted the expansion of the attack surface driven by the dispersal of enterprises (by expanded remote work arrangements, further supply chain diversification, and other causes).  At the time of their prediction, Gartner estimated information security spending would reach $172 billion in 2022.   In 2023, Gartner expects $188 billion will be spent.  US organizations are willing to spend mightily to combat the risk of cyberattacks.  However, simply throwing money at the problem will not suffice.

The shortcomings in contemporary efforts don’t lie in the spending level directed toward the problem. Instead, the problem is that organizations are not applying the above five risk mitigation steps properly to the specific risks of social engineering strategy.  To successfully shrink the social engineering attack surface, InfoSec leaders must understand that the risks of social engineering attacks originate, on average, a full YEAR before the attack is perpetrated. 

When performing TechTarget’s “step 1” (risk assessment), one cannot simply focus on “intrusion attempts” as the inception of the risk.  However, that is precisely what the current Physical and Digital attack surface management strategy dictates.

To interrupt social engineering attacks and shrink the social engineering attack surface, organizations need to adopt a forward-looking, preemptive posture toward risk assessment.  They must focus on external data privacy and external data hygiene practices.

In the article “The Anatomy of Spear Phishing Attacks” published by Privacy Bee, the typical cyber attack process is detailed in a step by step process.  Illustrated in the graphic below, is a clear characterization of the breadth of the attack surface currently exposed for most organizations.

Today’s mainstream strategies for attack surface management only address steps five and six.  So, it becomes easy to see that steps one through four represent a social engineering attack surface some 66% larger than is acceptable. 

When performing the risk identification process – or Step 1 in the TechTarget Attack Surface Management process – it is essential to identify unsecured external data as the primary risk. 

External Data Privacy expert, Arnez Edwards of Privacy Bee explains, “If external data privacy is left wholly unaddressed, cyber criminals and other threat actors are allowed to reconnoiter and map out your company’s organizational structure.  They can identify the appropriate targets within the workforce (and vendor/affiliate workforce) to determine which workers have appropriate access to the data and systems the criminals want to attack.”  These are steps one and two in the Anatomy of a Successful Cyber Attack graphic – Reconnaissance and Identification of Weaknesses.  The reconnaissance is often as simple as visiting the target organization’s website and reading the information about the company, its executives, its locations, business partners, and business activities. 

Step three in the anatomy graphic is “research target”.  This is where, according to Edwards, “the gaping hole of external data privacy represents an unacceptably large attack surface” for many organizations.   Using resources such as People Search Sites, Data Broker firms, search engines, and social media profiles, bad actors can glean highly specific information about their targets.  Whether they purchase personally identifiable information (PII) from data brokers or simply scrap PII from social sites like LinkedIn, Facebook or others, compiling PII about identified targets helps hackers prepare for step four – crafting the message for social engineering attacks.

For detailed examples of how cybercriminals craft messages for different flavors of social engineering attacks, review Privacy Bee’s article titled, “Spear Phishing Attacks: Types, Elements, and Detection”. With detailed personal information about a specific employee/target’s life and recent activities, creative hackers and cybercriminals can produce a broad array of attacks like Spear Phishing, business email compromising, whaling and credential harvesting, etc.

Also, note the imbalance between defenses applied to steps five and six in the Six Steps of a Successful Cyber Attack graphic.  This additionally illustrates the unprotected attack surface posed by social engineering risk.  The graphic clarifies that organizations have processes and practices to address the physical and digital attack surface.  It also clarifies where organizations must focus efforts to shrink this new and significant attack surface.

External Data Privacy Management Shrinks the New Attack Surface

Managing and protecting access to the PII of every single employee and those of all third-party affiliates (like vendors and other partners) may seem like an overwhelming challenge.  Knowing 350+ People Search Sites and data brokers, dozens of social media platforms, powerful search engines, and tons of publicly searchable data makes it an even more sobering prospect.  However, as Arnez Edwards says, “You can’t sit around waiting for defenses to fail.  You must act on the offense and disrupt attacks before they start. Utilizing data privacy platforms, such as Privacy Bee, can help shrink the attack surface back to acceptable tolerances through multiple methods:


Understanding and Shrinking Attack Surfaces: A Comprehensive Guide for Organizational Leaders

In the ever-evolving cybersecurity landscape, the concept of attack surfaces has become increasingly crucial for organizations to comprehend and address. Despite significant investments in cybersecurity measures, expanding attack surfaces has left many companies vulnerable to cyber threats and data breaches. As organizational leaders, it is imperative to understand what attack surfaces entail and how they can be minimized to mitigate risks effectively.

What is an Attack Surface?

An organization’s attack surface encompasses all potential points of entry that cybercriminals might exploit to gain unauthorized access to information systems. This includes various endpoints such as mobile devices, desktop computers, servers, web applications, APIs, and more. Modern organizations face a sprawling attack surface with the integration of information systems, computing networks, and cloud hosting/storage into everyday operations.

Types of Attack Surfaces

Attack surfaces can be broadly classified into two categories: physical and digital. The physical attack surface comprises hardware devices susceptible to infiltration, including desktop computers, mobile devices, and USB drives. It also extends to physical locations, necessitating protection against intruders who might attempt to steal data manually.

On the other hand, the digital attack surface presents a more complex challenge as it is distributed across the internet. It encompasses software systems, applications, websites, servers, email systems, and cloud storage/hosting. Securing the digital attack surface requires addressing vulnerabilities arising from coding flaws, weak passwords, outdated software, and other factors.

The Emergence of the Social Engineering Attack Surface

Recently, the “Social Engineering Attack Surface” emerged. This phenomenon has significantly expanded the scope of potential attack vectors, leading to a surge in data breaches. Social engineering attacks leverage external data available on the internet to manipulate individuals into divulging sensitive information or performing actions that compromise security.

Unlike traditional attack surfaces, social engineering attacks target the human element within organizations, making them particularly challenging to defend against. Hackers exploit unregulated external data sources to gather detailed information about targets, enabling them to craft sophisticated attacks such as spear phishing and business email compromise.

Shortcomings in Attack Surface Management Practices

While organizations allocate substantial resources to combat cyber threats, many need help managing attack surfaces effectively. Contemporary strategies often overlook the risks posed by social engineering attacks, focusing primarily on traditional physical and digital surfaces. As a result, organizations fail to adopt preemptive measures to mitigate social engineering risks, leaving them vulnerable to exploitation.

Shrinking the Attack Surface with External Data Privacy Management

Organizations must adopt a proactive approach to attack surface management to address the evolving threat landscape, particularly concerning social engineering risks. External Data Privacy Management is a critical strategy for shrinking attack surfaces and safeguarding sensitive information.

Privacy Bee offers comprehensive solutions to assist organizations in managing external data privacy effectively. Their Employee Risk Management (ERM) solution provides visibility into external privacy risks by scanning hundreds of sources for potential exposures. Similarly, the External Data Privacy Audit (EDPA) and Vendor Risk Management (VRM) tools offer insights into privacy vulnerabilities and enable organizations to mitigate risks efficiently.

By leveraging Privacy Bee’s solutions, organizations can protect employee and vendor data from exposure on the internet, thereby reducing the attack surface and enhancing overall cybersecurity posture. Additionally, engaging with Privacy Bee fosters a culture of data privacy within organizations, making them more resilient to cyber threats and attractive to prospective customers.

Conclusion

Understanding and shrinking attack surfaces are paramount for organizational leaders safeguarding sensitive information and mitigating cyber risks. By comprehending the intricacies of attack surfaces and implementing proactive measures such as external data privacy management, organizations can bolster their defenses against evolving cyber threats. Collaborating with trusted partners like Privacy Bee empowers organizations to stay ahead of adversaries and foster a robust cybersecurity posture in an increasingly digital world.

 

The post Understanding and Shrinking Attack Surfaces: A Comprehensive Guide for Organizational Leaders appeared first on Cybersecurity Insiders.


March 30, 2024 at 07:24AM

Exploring SASE and SSE Roadmaps with the Two Taylor Swifts of the Decade – AI and Quantum

[John Spiegel, Director of Strategy, Field CTO, Axis Security]

Exploring the SASE and SSE landscape is a daunting task.  With over 30 vendors in the space, each with a point of view, it is easy to get lost in both the technical and marketing aspects of the frameworks.  But SASE and SSE are critical to bringing convergence to network and security, enabling your application delivery system with both speed and security and reducing your organization’s operational and vendor management burden. 

 

While I will not dive deep into how to select your vendor and platform, there are two areas I recommend exploring, arguably two of the most hyped emerging technology categories. Yes, you guessed it, AI and Quantum.  

 

Why should you even think about the twin Taylor Swift of our decade when bringing harmony between the cats and dogs of networking and security?  As Ferris Bueller, a well-known philosopher of the 80s, is known for saying, “Life moves fast.  If you don’t stop and look around once in a while, you could miss it.” 

 

Technology moves at a breakneck speed. Before you know it, these technologies will be areas you need to account for in your technology portfolios.  As it is still early days for both AI and Quantum, how should you think about them today, and where does this conversation happen? The answer is roadmaps.  Each vendor has a roadmap, and it’s important to understand how a vendor’s product offering aligns with your requirements.  This is not a day-one conversation but a discussion area you must address as you begin to down-select the vendors you are considering.  

 

As you engage vendors, each will discuss current features and capabilities as well as make promises about what’s coming soon. In this article, I will help you understand why AI and Quantum must be included in these discussions. 

 

Roadmap Item 1 – AI

 

Every time you open your (insert social media app) or talk with your peers at a conference, the lack of talent in cybersecurity will inevitably come up.  Per ISC2, the gap in 2024 is 4 million workers, and it is not improving. This is exacerbated by the mantra from leadership that you must “do more with less” and lean budget allocations set for this year. Add it all up, and the choices are challenging for those on the frontlines.  

 

Enter AI.  While ChatGCP is hogging all the headlines, AI will remake how we approach security and networking.  But let me be clear, AI is not our cyber messiah, but it will assist us on the operational side of cyber security and will be our aide or guide in optimizing your technology solutions.  For example, in the SSE space, your AI guide will assist you in providing recommendations for your security policies.  Since it can “see” the bigger picture and understands best practices, an operations resource will interact with the AI guide to learn about policy violations and be briefed on possible areas of improvement.  Perhaps there is a policy statement that is no longer being used, or worse, Jim, who was in sales, just moved to marketing.  Should Jim’s privileges for sales be rationalized?  Is there a business impact, such as lower operating costs and greater security outcomes? 

 

What are the questions to ask regarding roadmaps for SASE and SSE vendors?  For AI to work effectively, it must have access to massive data pools.  The performance will never be met without data, the raw oil powering the AI engine.  The question to ask your vendor is how they collect the data, what the data is (hopefully both network and security), and whether or not there is a single data lake. The single data lake is key.  If the vendor’s solution is a series of separate, lightly integrated solutions, it’s time to be concerned.  That’s because it will be hard to train their AI engine and, as a result, lower your operational costs.  I recommend seeking better outcomes with vendors who built on a modern architecture based on Cloud forward principles.  Providing AI assistants and normalizing the data needed for success will be much easier. Make sure to dive deep into this topic, and do not accept soft answers! 

 

Roadmap Item 2 – Quantum

 

The second area is quantum encryption.  Right now, all the key vendors in the space are built on TLS, IPSec, and GRE (yes, they exist), as well as newer protocols like WireGuard.  Experts in the field say by 2030, all of them will be at risk.  Nation-state actors will lead the way, but given Moore’s Law, the cost and power of computing will continue its march forward, putting this futuristic capability in the hands of garden-variety blackhats. That means it will become very easy to break modern protocols.  

 

Why is this a critical roadmap question to ask? Both SASE and SSE are generally consumed on 3—to 5-year terms. The time to value for a full SASE or SSE deployment can also take 12-36 months. Why? You are consolidating what were previously point products from different vendors. Thus, you need to consider the financial impact. Is the solution depreciated? When does support expire? Given the time horizon, 2030 will be here before you know it.  

 

So, what do you need to ask?  The more innovative vendors are already planning.  They will have a strong message regarding quantum and should already have an MVP in process.  It may not be in general availability for a year or two which is ok. Remember, you are looking for the indication that quantum encryption is coming and a rough time frame. What you’re not looking for is a blank stare or a talk track where you’re told,  “Don’t be concerned.” That’s when you should be concerned!  It’s because the vendor either has not thought about it or, worse, the architecture they’ve based their solution on has become difficult to scale due to technical debt and operating costs. Asking the quantum question helps you understand the future and the present state of their technology.  It’s not necessary to do a deep dive on the various quantum protocols. At this stage, you want to see how they respond.  In addition, if this is an area you are passionate about, you may be able to influence their roadmap as it is still early days for quantum encryption.

 

Exploring the roadmaps of vendors you are down-selecting is an essential due diligence activity in procurement.  You want to understand where the product is going, its vision for the future, where it is deficient, how you can influence its roadmap to solve your key business challenges, and, critically, how much of a partner it can be.  Much can be uncovered and gained from these critical discussions….  Always do a roadmap review before purchase, and …. make sure to ask about AI and quantum encryption!!!

 

 

The post Exploring SASE and SSE Roadmaps with the Two Taylor Swifts of the Decade – AI and Quantum appeared first on Cybersecurity Insiders.


March 30, 2024 at 07:04AM

Meet the Phishing service platform named Darcula

Cybersecurity analysts at Netcraft, an internet service company based in London, have recently uncovered a sophisticated phishing platform dubbed ‘Darcula.’ This platform, known as a phishing-as-a-service (PhaaS) operation, provides users with template-based guidance for setting up phishing websites.

What sets Darcula apart is its continual evolution with innovative updates, including new anti-detection measures and features designed to obscure the attack’s origin. These features incorporate technologies such as JavaScript, React Docker, and Harbor, facilitating the seamless reinstallation of phishing kits. Currently, Darcula boasts over 20,000 domains and operates across 11,000 IP addresses spanning more than 100 countries.

According to Netcraft, cybercriminals leveraging Darcula have successfully targeted organizations like DHL, Evri, and USPS. Their interests extend to government agencies, postal services, financial institutions, telecommunications companies, and manufacturing sectors.

It’s important to note that despite its name, ‘Darcula’ bears no connection to the classic novel “Dracula” published in 1887. The naming might evoke suspense and horror, but the association ends there.

Security researcher Oshri Kalfon revealed last summer that Darcula employs the Rich Communication Services (RCS) protocol, familiar to users of Apple’s iMessage and Google’s Messages, as a means of reaching targets. This protocol offers an alternative to traditional SMS messaging.

Given the rise of phishing attempts through messaging platforms, users should exercise caution when encountering embedded URLs in incoming messages. Clicking on these links could lead to fraudulent websites. Look out for grammar and spelling errors, as well as offers that seem too good to be true, to avoid falling victim to phishing scams.

The post Meet the Phishing service platform named Darcula appeared first on Cybersecurity Insiders.


March 29, 2024 at 08:35PM

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

In a decisive move against the escalating wave of cyber threats, ThreatHunter.ai has announced a groundbreaking initiative to offer its advanced cybersecurity services free for 30 days to all organizations. This bold step comes in response to the alarming increase in sophisticated cyber-attacks, including ransomware and nation-state threats, which have put the security of many organizations at risk.

James McMurry, the founder of ThreatHunter.ai, highlighted the urgency of the situation, stating, “In the past 48 hours alone, we have stopped hundreds of actual attacks and performed mitigations for our customers. Yet, the frequency and sophistication of these attacks are escalating at an alarming rate. Our mission is clear: to extend our protective reach to every organization in need, ensuring that the digital frontier is safe for all.”

This initiative draws attention to the volatile cybersecurity landscape, underscored by recent events like the resurgence of the LockBit ransomware group. Despite a significant law enforcement takedown, LockBit’s comeback illustrates the resilience and continuous evolution of cyber threats.

At the heart of ThreatHunter.ai’s defense capabilities is the ARGOS platform, powered by cutting-edge AI and machine learning technologies. This platform enables the company’s expert team of threat hunters, engineers, and cybersecurity specialists to deliver real-time threat detection and response, ensuring robust protection for their clients.

McMurry further emphasized the importance of proactive defense measures, “We see the problem getting larger, with cyber threats becoming more sophisticated by the day. Offering our services for free for 30 days is our way of bolstering the defenses of organizations across the globe. It’s a call to action for everyone, and to show that ThreatHunter.ai is much more than all the MDR’s offering automated alerts, we actually will stop threats, and how our team operates as part of our customers cyber team.”

This initiative is more than a temporary fix; it’s a wake-up call for organizations to recognize the importance of vigilance and proactive security measures in the face of growing cyber threats. ThreatHunter.ai invites organizations to take advantage of this unique opportunity to enhance their cyber defenses.

About ThreatHunter.ai

ThreatHunter.ai is at the forefront of cybersecurity, specializing in real-time detection, analysis, and mitigation of cyber threats. Powered by the innovative ARGOS platform, our approach combines advanced AI and ML technologies with the expertise of the industry’s most skilled professionals. We are dedicated to defending the digital infrastructure against the complex landscape of cyber threats, ensuring peace of mind for businesses and governments worldwide. ThreatHunter.ai, a 100% Service-Disabled Veteran Owned Small Business, is a leading provider of AI-driven threat hunting solutions. Its advanced machine learning algorithms and expert analysis help organizations detect, identify, and respond to cyber threats. Its solutions are designed to supplement existing security resources and provide a fresh perspective on how to address today’s complex cyber threats. Don’t miss the opportunity to safeguard your organization with the unparalleled cybersecurity protection offered by ThreatHunter.ai. Visit our website at www.threathunter.ai to explore our unique approach, learn more about our cutting-edge solutions, and discover how we can empower your business to stay ahead of cyber threats. To speak with our experts or schedule a personalized demo, reach out to our sales team at sales@threathunter.ai or call 714.515.4011. Take action today and ensure the security and resilience of your digital infrastructure.

The post ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On appeared first on Cybersecurity Insiders.


March 29, 2024 at 08:00PM

Understanding the Surge in Cyber Kidnapping: Exploring the Factors Behind the Rise

In recent years, the world has witnessed a concerning uptick in cyber kidnappings, with individuals, organizations, and even governments falling victim to this malicious form of digital extortion. This article delves into the multifaceted reasons contributing to the rise of cyber kidnapping, shedding light on the complex dynamics at play in this evolving threat landscape.

1. Lucrative Financial Incentives: One of the primary drivers behind the surge in cyber kidnapping is the lucrative financial incentives it offers to perpetrators. With the proliferation of cryptocurrencies and anonymous payment methods, cyber criminals can demand ransom payments with reduced risk of detection. These financial motives incentivize attackers to target individuals and organizations with the promise of significant monetary gain.

2. Sophisticated Ransomware Technologies: The evolution of ransomware technologies has played a pivotal role in the rise of cyber kidnapping. Modern ransomware variants are increasingly sophisticated, employing advanced encryption algorithms and evasion techniques to bypass traditional security measures. This technological arms race has empowered cyber criminals to execute large-scale, impactful attacks, amplifying the prevalence of cyber kidnappings.

3. Global Connectivity and Digital Dependency: The increasing inter connectedness of the digital world has amplified the susceptibility to cyber kidnappings. As individuals and organizations become more reliant on digital technologies for communication, commerce, and critical infrastructure, they inadvertently expose themselves to cyber threats. The pervasive nature of digital connectivity provides cyber criminals with a vast attack surface to exploit, fueling the proliferation of cyber kidnappings.

4. Anonymity and Impunity: The anonymity afforded by the internet enables cyber-criminals to operate with relative impunity, shielding them from law enforcement scrutiny. Operating behind the veil of pseudonymity, perpetrators can orchestrate cyber kidnap-pings from virtually anywhere in the world, evading jurisdictional boundaries and law enforcement efforts. This sense of anonymity emboldens cyber criminals to engage in increasingly brazen acts of extortion, contributing to the rise in cyber kidnappings.

5. Weak Cybersecurity Postures: Despite heightened awareness of cyber threats, many individuals and organizations maintain weak cybersecurity postures, making them susceptible to cyber kidnappings. Factors such as lax security protocols, inadequate employee training, and outdated software contribute to vulnerabilities that cyber criminals exploit to infiltrate systems and execute ransomware attacks. The failure to prioritize cybersecurity measures leaves individuals and organizations vulnerable to exploitation, facilitating the proliferation of cyber kidnappings.

6. Evolving Tactics and Strategies: Cyber criminals continuously adapt their tactics and strategies to circumvent defensive measures and maximize their success rates. From spear phishing campaigns to supply chain attacks, cyber kidnappers employ a diverse array of techniques to infiltrate targets and extract ransom payments. This dynamic landscape of cyber threats necessitates constant vigilance and proactive cybersecurity measures to mitigate the risk of falling victim to cyber kidnappings.

In conclusion, the rise in cyber kidnapping can be attributed to a confluence of factors, including financial incentives, technological advancements, global connectivity, anonymity, weak cybersecurity postures, and evolving tactics. Addressing this growing threat requires a multi-faceted approach encompassing robust cybersecurity measures, international cooperation, legislative reforms, and public awareness initiatives. By understanding the root causes of cyber kidnappings and implementing proactive strategies, individuals, organizations, and governments can mitigate their susceptibility to this pervasive threat and safeguard against potential cyber extortion.

The post Understanding the Surge in Cyber Kidnapping: Exploring the Factors Behind the Rise appeared first on Cybersecurity Insiders.


March 29, 2024 at 12:44PM

Thursday, March 28, 2024

C2A Security’s EVSec Platform: Driving Cybersecurity Compliance in the Automotive Industry

The automotive industry is under pressure to comply with a variety of cybersecurity regulations and standards, including UN Regulation No. 155, ISO/SAE 21434, and Chinese GB Standards. The year 2024 marks a crucial period for these regulations, especially UN Regulation No. 155, which will be fully implemented.

C2A Security’s EVSec Risk Management and Automation Platform is increasingly adopted within the automotive sector to address the challenge of complying with cybersecurity regulations and standards efficiently. As of 2023, C2A Security has entered into commercial agreements with over 10 customers and partners, including a significant enterprise agreement with a European Commercial Vehicle Manufacturer.

C2A Security’s EVSec platform is designed to enhance product security in automotive software development and operations by automating traditional manual processes. It facilitates collaboration among teams, customers, and the supply chain and offers comprehensive digital twin capabilities. The platform’s continuous feedback mechanism for product operations and vulnerabilities significantly contributes to the agility of software development processes.

In 2023, C2A Security expanded its customer base to include multiple OEMs and Tier 1 suppliers through successful evaluations and partnerships with industry leaders such as Daimler Truck AG, BMW Group, Marelli, NTT Data, Siemens, and Valeo.

EVSec aids in aligning with regulatory standards and best practices by mapping and automating compliance efforts, crucial for companies pioneering new vehicle technologies and infrastructure. Roy Fridman, CEO of C2A Security, highlights the importance of automated product security platforms like EVSec in addressing the challenges posed by current and emerging regulatory demands. He references a case from late 2023 where a premium car manufacturer halted sales of a popular model in the European Union due to non-compliance, underscoring the competitive necessity for advanced security automation in product development and operations.

C2A Security positions itself as a leading provider of risk-driven DevSecOps platforms tailored for the automotive industry, offering solutions that transform cybersecurity from a limitation to a value multiplier. Founded in 2016 by NDS/Cisco veteran Michael Dick and headquartered in Jerusalem, Israel, C2A Security serves a global market, including Daimler Truck AG, BMW Group, Siemens, Valeo, and others, driving down software release times and costs while enhancing cybersecurity posture. For more information, visit C2A Security’s website www.c2a-sec.com.

The post C2A Security’s EVSec Platform: Driving Cybersecurity Compliance in the Automotive Industry appeared first on Cybersecurity Insiders.


March 29, 2024 at 07:21AM

NHS patient data published on the Dark Web

In a concerning development, a well-known ransomware collective known as INC Ransom has recently disclosed a portion of pilfered data linked to the UK’s National Health Service (NHS) on the obscure corners of the internet known as the dark web. Investigations into the matter have identified the compromised data as originating from NHS Dumfries and Galloway. Additionally, the group has declared its intention to release approximately 6 terabytes of data obtained from another healthcare entity based in Scotland.

Notably, the communication from the perpetrators also contains substantiating evidence indicating the authenticity of the disclosed information pertaining to the NHS board. The threat actors affiliated with INC Ransom ransomware have set forth demands for a ransom payment to be fulfilled by the first week of April this year.

The purloined data encompasses sensitive details including names, addresses, and medical histories of individuals associated with the British healthcare provider. Furthermore, the criminals have issued threats to vend this information to interested parties, including state-sponsored actors, if their demands are not met within a specified timeframe.

It is becoming increasingly common for cybercriminals to target the healthcare sector due to the lucrative nature of their extortion schemes. By exploiting vulnerabilities in healthcare systems, these perpetrators not only extort ransom payments from afflicted institutions but also leverage the personal information of patients for additional blackmailing opportunities.

Consequently, the profitability of such attacks has surged since 2021, prompting a concerning trend in cybercrime. Moreover, certain adversarial nations, such as North Korea, are known to enlist or train cybercriminals to conduct attacks on various targets including cryptocurrency exchanges, financial institutions, and manufacturing sectors. The proceeds from such illicit activities are often channeled into funding nefarious agendas such as the development of weaponry.

Implementing a blanket ban on digital currencies may prove ineffective as there lacks a centralized authority to oversee these transactions. Consequently, apprehending offenders engaged in such criminal activities poses a significant challenge for law enforcement agencies, particularly while the crimes are ongoing.

The post NHS patient data published on the Dark Web appeared first on Cybersecurity Insiders.


March 28, 2024 at 08:44PM

The human-AI partnership: a guide towards secure coding

[Pieter Danhieux Co-Founder and CEO, Secure Code Warrior]

The doomsayers are, so far, losing the argument. The panic around AI replacing humans has been countered with a new narrative: “Let AI redefine your job rather than replace it.” According to a recent survey from Stack Overflow, 44% of developers are either using or planning to use AI tools—even though just 3% “highly trust” the accuracy of the results. Twice as many (6%) say they highly mistrust AI due to security concerns and inaccuracy.

There remains at least some debate among developers on whether to embrace these tools, though many businesses are testing them as much as possible. The UK government’s stance has been laissez-faire, with no “rush to regulate,” encouraging businesses to explore AI’s benefits. And many developers report good results, with some already claiming it increases their productivity and reduces time spent on repetitive tasks.

AI’s role in supporting developers will grow over time, but it cannot come at the expense of secure coding practices. Its quick-to-please mentality and propensity to “hallucinate” is a significant concern, rendering it impossible to fully trust. Until this is resolved—if it can be resolved—we’re going to need skilled developers that can ensure security is front-of-mind, and to check AI-generated code for any potential vulnerabilities.

GenAI: a journey companion

Beyond streamlining time-consuming and monotonous tasks, AI tools can proactively propose fresh lines of code, provide fast answers to technical inquiries, offer valuable research support, demystify complex processes and make what was a very difficult job, more accessible. Github surveyed developers about how managers should consider productivity, collaboration, and AI coding tools. Over 80% of developers anticipate that AI coding tools will promote greater collaboration within their team, and 70% believe that AI coding tools will give them a competitive edge in their professional roles, with benefits to code quality, speed, and incident resolution.

However, it also introduces a new security challenge—now it’s no longer enough to check your own code for vulnerabilities, but that of your AI helper. It’s already crucial to maintain a strong focus on secure coding practices in software development. Recent research from the Department of Homeland Security estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding.

So while AI offers significant advancements in productivity, it is fallible and needs vigilance so advantages don’t come at the expense of more security issues.

Developers as security sheriffs

Blindly relying on AI output without verification is like using Wikipedia: while a good place to start, you can’t be certain about its reliability. We all still use Wikipedia, we just need to be aware of the risks and have the right processes in place to catch any potential problems.

The UK has already shown some initiative, starting with The AI Safety Summit. This gathering aimed to help establish a global consensus on AI and drive international efforts to enhance safety. These rules will be critical in shaping the future of AI security. Still, we cannot wait for governments to draft them—developers must act to ensure new technologies are used responsibly, or risk an AI-generated nightmare with insecure software.

Developers should be enabled to act as security sheriffs within their organisation to drive secure strategies while producing protected code. This can be done through:

  • Human oversight and expertise: While certain AI tools will flag potential vulnerabilities and inconsistencies, humans must still oversee this process. The code produced can only be as accurate as the prompts provided by the developer, who needs to understand how the AI recommendations are applied in the greater context of the project.
  • Pay attention to complexities and the overall strategy: In software production, developers can take on the role of a quality control team. They can be trained to review AI-generated code and ensure it meets the project’s standards. AI is not yet capable of independently handling complex components or generating innovative solutions for DevOps challenges.

Why “sheriffs?” Today’s AI frontier is the wild west, with little regulation and a real potential for danger. Organisations cannot wait for robust regulation—they need to integrate a culture of security today that extends across the entire business.

The post The human-AI partnership: a guide towards secure coding appeared first on Cybersecurity Insiders.


March 28, 2024 at 05:56PM

Wednesday, March 27, 2024

Cyber Attack suspected behind Baltimore Bridge Collapse

The incident that shook Baltimore on March 26, 2024, when a cargo vessel collided with the Baltimore Bridge, resulting in its collapse into the Patapsco River, has sparked widespread speculation and concern. In the early hours of March 27, 2024, several publications shared photos of the bridge collapse, raising questions about the possibility of foul play by adversaries.

A hashtag quickly gained traction on social media platform X (formerly Twitter), suggesting that the Francis Scott Key Bridge was targeted in a cyber-attack, leading to the collision with the container ship. This unexpected development captured the attention of many, including politicians from the Western world, and was widely shared among users of X.

Adding fuel to the fire, influencer Andrew Tate, with a massive following of 9 million users, confirmed the cyber-attack narrative, asserting that the Maritime systems on the 300-meter container vessel was indeed compromised. According to Tate, the cyber-attack not only caused the bridge collapse but also resulted in numerous vehicles and their occupants plunging into the Patapsco River, casting doubt on the Maryland Transportation Authority’s handling of the situation.

The question on everyone’s mind is whether the cargo ship was manipulated by external forces, leading to the tragic collapse of the bridge and the loss of an estimated 6-8 lives?

The coming weeks are likely to be rife with speculation, with investigations potentially uncovering more alarming truths that could involve intelligence agencies from adversarial nations. However, the White House has dismissed these conspiracy theories, asserting that the bridge collapse was simply an accident. Nonetheless, the government emphasizes its close monitoring of the situation and its commitment to holding any individuals or groups responsible for malicious intent accountable.

Furthermore, the government has pledged unwavering support to the families affected by this tragedy, promising assistance in locating missing loved ones and offering solace during this difficult time.

The post Cyber Attack suspected behind Baltimore Bridge Collapse appeared first on Cybersecurity Insiders.


March 28, 2024 at 10:13AM

Has the third world war started with Baltimore Bridge Collapse with Cyber Attack

The incident that shook Baltimore on March 26, 2024, when a cargo vessel collided with the Baltimore Bridge, resulting in its collapse into the Patapsco River, has sparked widespread speculation and concern. In the early hours of March 27, 2024, several publications shared photos of the bridge collapse, raising questions about the possibility of foul play by adversaries.

A hashtag quickly gained traction on social media platform X (formerly Twitter), suggesting that the Francis Scott Key Bridge was targeted in a cyber-attack, leading to the collision with the container ship. This unexpected development captured the attention of many, including politicians from the Western world, and was widely shared among users of X.

Adding fuel to the fire, influencer Andrew Tate, with a massive following of 9 million users, confirmed the cyber-attack narrative, asserting that the 300-meter container vessel was indeed compromised. According to Tate, the cyber-attack not only caused the bridge collapse but also resulted in numerous vehicles and their occupants plunging into the Patapsco River, casting doubt on the Maryland Transportation Authority’s handling of the situation.

The question on everyone’s mind is whether this incident marks the beginning of World War 3. Was the cargo ship manipulated by external forces, leading to the tragic collapse of the bridge and the loss of an estimated 6-8 lives?

The coming weeks are likely to be rife with speculation, with investigations potentially uncovering more alarming truths that could involve intelligence agencies from adversarial nations. However, the White House has dismissed these conspiracy theories, asserting that the bridge collapse was simply an accident. Nonetheless, the government emphasizes its close monitoring of the situation and its commitment to holding any individuals or groups responsible for malicious intent accountable.

Furthermore, the government has pledged unwavering support to the families affected by this tragedy, promising assistance in locating missing loved ones and offering solace during this difficult time.

The post Has the third world war started with Baltimore Bridge Collapse with Cyber Attack appeared first on Cybersecurity Insiders.


March 27, 2024 at 08:35PM

Agenda Ransomware Targeting VMware and 17k Microsoft Exchange servers vulnerable to cyber attacks

Agenda Ransomware targets VMware servers

A recent emergence in the cyber threat landscape has revealed the presence of a new variant of ransomware known as Agenda Ransomware, which has swiftly made its mark by targeting VMware ESXi servers worldwide. This variant, suspected to be a recent addition to the malware arsenal, has been active since 2022, causing concerns among cybersecurity experts.

Previously recognized under monikers such as Qilin or Water Galura, this particular strain of file-encrypting malware has primarily set its sights on servers operating within critical sectors like manufacturing, healthcare, and education. The impact has been felt notably in countries such as Canada, Argentina, the United States, Australia, Columbia, Indonesia, and India.

Findings from a study conducted by Trend Micro shed light on the modus operandi of this malicious software. It exploits Remote Monitoring and Management Tools like Cobalt Strike to infiltrate target systems. Once inside, it meticulously analyzes the infected device before deploying its ransomware payload, particularly focusing on VMware vCenter and ESXi servers.

Security analysts emphasize the critical importance for organizations to remain vigilant in the face of such threats. Key measures include closely monitoring administrative privileges, maintaining up-to-date software patches, conducting regular system scans, and educating employees about emerging cybersecurity risks. Additionally, maintaining secure backup data and implementing proactive measures against social engineering attacks are strongly advised.

It’s imperative to dispel the misconception that malware attacks are confined solely to Windows environments. The reality is that virtual and Linux environments are equally susceptible, as evidenced by the activities of Agenda Ransomware.

Over 17,000 Microsoft Exchange Servers in Germany are vulnerable to Cyber Attacks

According to a statement released by German Federal Office for Information Security (BSI) over 12% of approximately 45,000 Microsoft Exchange Servers are deemed vulnerable to cyber attacks. The BSI has sounded the alarm, attributing this vulnerability to the use of outdated software and hardware lacking support for the past 8-10 years.

The root cause of this vulnerability trend lies in the absence of software security updates for these servers, many of which are nearing obsolescence. While the responsibility lies with software companies to issue security patches, the onus also falls on individuals and organizations to deploy these updates within their environments. While auto-updates offer a convenient solution, some administrators opt for manual updating procedures due to security concerns.

The post Agenda Ransomware Targeting VMware and 17k Microsoft Exchange servers vulnerable to cyber attacks appeared first on Cybersecurity Insiders.


March 27, 2024 at 11:47AM