FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Friday, May 31, 2024

How to stop ransomware for good— and add the missing layer to ransomware resiliency

Attackers are going to do their best to breach you. And if they invest enough time and technology, they will probably succeed. Put enough obstacles in their path, however, and as you wear down their resources, you have a very good chance of stopping them. Today, defense-in-depth is viewed as a reliable and proven way to prevent ransomware.

Yet while the practice of defense-in-depth is recognized by agencies like CISA, many, if not most, organizations get the practice of building defensive layers against ransomware wrong. When you’re a target for threats that get past your firewalls, antivirus (AV) solutions, endpoint detection and response (EDR) platforms, etc., another layer of controls that work on the same principle of threat detection and response will do little to stop them.

Complex and evasive threats continue to evolve. Consider a Cobalt Strike beacon that loads into device memory at runtime, an evasive malware strain with polymorphic signatures, an exploit targeting a zero-day or the next big supply chain threat. These and other advanced threats won’t show up on telemetry-based controls or respect their signature libraries or behavior analysis. To stop them, you need to build redundancy and resiliency into your ransomware defensive posture.

Also called failure protection by NIST, redundancy is the security boost you get when you deploy multiple protection mechanisms within your environment that work through different mechanisms. When you have redundancy, you gain resiliency (i.e., the ability to withstand and recover from repeated attacks).

To achieve redundancy against modern ransomware threats, you need another control layer in your environment—one that defeats ransomware through a novel defensive method. Emerging technology like Automated Moving Target Defense (AMTD) can close this gap and prevent ransomware attacks at multiple phases, from early infiltration to safeguarding critical systems when ransomware attempts to execute.

Ransomware Threat Evolution

“Ransomware is a threat to national security, public safety, and economic prosperity.” The National Cybersecurity Strategy‘s description of ransomware risk is a nod to the new reality of ransomware—one of the most dangerous risks our world faces, cyber or not.

For individual organizations, betting on reaction and recovery against this risk is a failing strategy. Attacks now target backups, and it’s also no longer sustainable to rely on insurance— a recent report noted a 100% increase in insurance premiums.

Ransomware has existed for over 30 years. But what’s changed over the last few years is potential profits—as profits soar, malware developers and operators have dramatically upped their game, refining techniques to help malware successfully evade defense mechanisms.

Take the 2021 Health Service Executive Conti attack as an example. This ransomware attack on Ireland’s national healthcare system compromised over 80,000 endpoints and effectively shut down healthcare services in an entire country. The attack succeeded for several reasons, but a core one was that Conti could evade the AV and similar security solutions on the HSE’s endpoints.

Conti used fileless techniques to move laterally from endpoints to servers without raising any alarms. They could also load malicious code to encrypt DLLs into device memory and execute ransomware in this space (during runtime) that AVs and other solutions cannot scan.

More ransomware attacks are using this memory compromise method alongside other evasive techniques. From hijacking legitimate tools to relying on scripts that only load from memory during a device operation, threat actors are increasingly looking at security control weak spots and targeting their efforts toward them.

Ransomware Defense with AMTD

Automated Moving Target Defense (AMTD) is an emerging technology that morphs runtime memory environments. AMTD changes an application’s attack surface by deterministically moving attackable assets (such as hashed memory passwords) into unexpected places. It then leaves skeletons of the original assets to trap threats and isolate executables. 

AMTD builds depth into ransomware defense and adds assurance by reducing exposure to known MITRE ATT&CK ransomware tactics, including initial access, persistence, privilege escalation, defense evasion, lateral movement, and impact. 

This happens through four added layers of protection:

  1. Data encryption and destruction protection — Most ransomware attacks succeed in encrypting data. However, when AMTD is installed on an endpoint or server, the system resources targeted by malicious code are not where its creator expects them to be.  Instead, what looks like system resources are decoys. Code that tries to execute on a decoy and encryption is automatically terminated and captured for forensic analysis while the actual system resource remains protected, thereby denying encryption.
  2. System recovery tamper protection—According to Acronis, leading ransomware groups, such as LockBit and ALPHV, have evolved to target backups directly, necessitating robust defenses to prevent successful attacks. Specifically, ransomware attacks target the system shadow copies backups rely on. AMTD blocks access to shadow copies by ending any unauthorized processes that try to access them.
  3. Credential theft protection — Credential dumping is one of the most common MITRE ATT&CK techniques in the wild. Almost all ransomware attackers will try to access passwords stored in browsers, RDPs, SAM hashes, etc. AMTD deterministically hides the location of these passwords and stops threats from finding them.
  4. Runtime memory protection —  from Webroot found that 94 percent of attacks are now polymorphic.  Many execute in memory during runtime instead of on a device disk. AMTD protects runtime by morphing (randomizing) runtime memory to create an unpredictable attack surface. It moves application memory, APIs, and other system resources while leaving decoy traps in their place. With the adoption of Generative AI this will only increase exponentially moving forward as threat actors will have the resources to adapt malware at a never seen before accelerated pace.

Coming off a year in which ransomware attacks reached record levels, it’s safe to assume attackers will continue their assault through 2024. For businesses, it’s time to go on the offensive and your best bet is to double down on ransomware assurance with defense-in-depth and AMTD.

Brad LaPorte- Chief Marketing Officer at Morphisec and former Gartner Analyst

Brad LaPorte is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces. With a distinguished career at Gartner as a top-rated research analyst, Brad was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection & Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach led to the inception of Secureworks’ MDR service and the EDR product Red Cloak—industry firsts. At IBM, he spearheaded the creation of the Endpoint Security Portfolio, as well as MDR, Vulnerability Management, Threat Intelligence, and Managed SIEM offerings, further solidifying his reputation as a visionary in cybersecurity solutions years ahead of its time.

The post How to stop ransomware for good— and add the missing layer to ransomware resiliency appeared first on Cybersecurity Insiders.


May 31, 2024 at 07:53PM

The Public Sector’s Troubled Relationship to Ransomware in 2023: A Year in Review

This past year showed us that the ransomware landscape is only getting increasingly sophisticated. This can be seen through ransomware attacks steadily increasing scale, frequency, cost and impact. In fact, 2023 broke the record in ransomware payouts, exceeding $1 billion globally; a stark increase from the $567 million in ransomware payouts seen in 2022. 

Securin’s 2023 Year in Review: Ransomware Report, analyzed the 230,648 Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database (NVD), prioritizing them on severity, affected systems, and vulnerability characteristics. Below are some of the key findings and themes from this year’s report. 

Ransomware is on the rise 

The public sector has seen its fair share of breaches and ransomware attacks throughout 2023. The MGM Resorts breach is a prime example as the Scattered Spider ransomware group utilized BlackCat/ALPHV-developed ransomware to gain access to all the resort’s websites and mobile app. Furthermore, they shut down digital hotel room keys, took slot machines offline, and gained access to guests’ personal information. 

Two other notable breaches were orchestrated by the Cl0p ransomware group. Cl0p exploited a zero-day vulnerability within Fortra GoAnywhere Managed File Transfer (vulnerability identified as CVE-2023-0669) resulting in 2095 organizations being affected. The MOVEit Transfer breach (vulnerability identified as CVE-2023-34362) was also notably carried out by Cl0p, which compromised over 1,000 organizations and affected more than 60 million individuals. 

The public sector also includes government services as well as public goods. This means that as we enter 2024, if we do not continue to evolve with the ransomware landscape and learn from the breaches that took place in 2023; then further sections of the public sector such as the military, infrastructure, public education, law enforcement, public transit, and healthcare are all at risk of a ransomware attack.  

New Year, New Threats  

Securin’s report identified that in 2023 there were 38 new vulnerabilities associated with ransomware. This report also provides a deep dive into the state of ransomware as 2024 begins, with critical information on newly identified vulnerabilities, insight into the most significant ransomware attacks, and new ransomware families and APT groups.  

“These discoveries are alarming, but they are far from surprising. Talking to our customers over the last year, we have heard the same thing repeatedly: the attacks, successful or thwarted, keep coming. This onslaught, combined with an ongoing talent shortage and slashed IT budgets, has created a combustible situation for organizations of every kind,” said Ram Movva, CEO and co-founder of Securin.  

In 2023, the ransomware landscape was dominated by three notorious groups: Cl0p, BlackCat, and Vice Society. These entities spearheaded a wave of cyberattacks that targeted high-profile organizations such as MOVEit Transfer, and the Industrial and Commercial Bank of China. Their coordinated efforts resulted in significant disruptions and financial losses, highlighting the escalating threat posed by ransomware groups on a global scale. 

As the frequency and severity of ransomware attacks surged, so did the number of vulnerabilities associated with these malicious activities. From 344 in the previous year, the tally climbed to 382 in 2023, underscoring the expanding attack surface for cybercriminals to exploit. Among these vulnerabilities, the Progress MOVEit Transfer Vulnerability (CVE-2023-34362) stood out the most. 

Despite efforts to bolster defenses, a concerning revelation surfaced regarding the efficacy of popular vulnerability scanners. Sixteen ransomware-associated Common Vulnerabilities and Exposures (CVEs) managed to evade detection by widely-used scanners like Nessus, Qualys, and Nexpose, remaining hidden during routine vulnerability scans. However, approaches such as those employed by Securin, proved instrumental in uncovering these stealthy threats. This underscores the necessity for a multifaceted approach to cybersecurity that combines proactive detection methods with cutting-edge technologies to stay one step ahead of cyber adversaries. 

“Addressing these challenges head on, with the best information possible, will be essential to keeping the worst from transpiring in 2024,” said Movva. “The fact is that, despite increased vigilance, major vulnerabilities continue to be ignored. Third-party

 software manufacturers and repositories are both struggling to stay fully informed of the active threats facing every organization. Our predictive platform has long been able to fill this gap for our customers, illuminating active threats before ransomware gangs began weaponizing them.” 

It’s Time To Take Control of Security  

As our society continues to become more advanced, so does the ransomware landscape alongside it. These advancements prove that cyber resilience is no longer an option – it is a necessity in order to create a secure future.  

If security leaders want to protect their data, especially within the public sector, then it is imperative to prioritize staying ahead of the latest ransomware threats by implementing preventative measures, remaining vigilant and being dedicated to action when  facing potential vulnerabilities and ransomware threats. 

For organizations, this can mean implementing training and routine learning cycles for employees on basic security practices. Typically, employees are overlooked in an organization’s overall security plan, essentially creating a new layer of vulnerability in organizational systems that can be exploited by bad actors. Organizations can implement a more comprehensive cybersecurity approach that considers all angles by simply educating and empowering their employees on how to take proactive security measures.  

 

The post The Public Sector’s Troubled Relationship to Ransomware in 2023: A Year in Review appeared first on Cybersecurity Insiders.


May 31, 2024 at 07:02PM

The Crucial Role of Security in Accelerating 5G Adoption

In the rapidly evolving landscape of telecommunications, the emergence of 5G technology represents a pivotal moment in connectivity. With promises of unprecedented speed, reliability, and connectivity, 5G networks are poised to revolutionize industries, transform economies, and empower societies. However, amidst the excitement and anticipation surrounding 5G adoption, one crucial factor stands out as a driving force behind its rapid expansion: security.

Security concerns have long been at the forefront of discussions surrounding new technologies, and 5G is no exception. As networks become increasingly interconnected and data flows multiply exponentially, the need to safeguard against potential threats becomes paramount. Recognizing this imperative, stakeholders across industries are placing a heightened emphasis on security measures as they embrace 5G technology.

One of the key drivers of intense 5G adoption is the robust security framework that underpins its architecture. Unlike previous generations of wireless technology, 5G is designed with security in mind from the outset. With features such as enhanced encryption, authentication mechanisms, and network slicing capabilities, 5G networks offer unprecedented levels of protection against cyber threats.

Moreover, the integration of advanced technologies such as artificial intelligence (AI) and machine learning (ML) further bolsters the security posture of 5G networks. These technologies enable proactive threat detection, rapid response to security incidents, and adaptive security protocols that evolve in realtime to counter emerging threats.

Another factor contributing to the accelerated adoption of 5G is the growing recognition of its transformative potential across industries. From healthcare and manufacturing to transportation and entertainment, 5G technology unlocks a myriad of opportunities for innovation and growth. However, realizing these potential hinges on ensuring the security and integrity of 5G networks.

In the healthcare sector, for example, the proliferation of connected medical devices and telemedicine applications powered by 5G holds the promise of revolutionizing patient care. Yet, this digital transformation also introduces new vulnerabilities that must be addressed to safeguard patient data and ensure the reliability of critical healthcare services.

Similarly, in the realm of smart cities, 5G-enabled IoT devices facilitate the collection of vast amounts of data to optimize urban infrastructure and enhance public services. However, the interconnected nature of these devices creates potential entry points for cyber attackers, highlighting the need for robust security measures to protect against data breaches and cyber threats.

Furthermore, as businesses increasingly rely on 5G networks to drive innovation and gain a competitive edge, security considerations become paramount. A breach or disruption in connectivity could have far-reaching consequences, impacting operations, eroding consumer trust, and incurring significant financial losses.

In response to these challenges, governments, regulatory bodies, and industry stakeholders are collaborating to establish standards and best practices for securing 5G networks. Initiatives such as the European Union’s 5G Toolbox and the U.S. Federal Communications Commission’s (FCC) Secure 5G and Beyond Act aim to ensure the integrity and resilience of 5G infrastructure.

Additionally, partnerships between telecommunications providers, cybersecurity firms, and technology vendors are driving innovation in security solutions tailored specifically for 5G networks. From threat intelligence and vulnerability assessments to security analytics and incident response capabilities, these collaborative efforts are instrumental in fortifying the security posture of 5G deployments.

In conclusion, security plays a central role in accelerating the adoption of 5G technology. By addressing concerns related to privacy, integrity, and resilience, robust security measures instill confidence among stakeholders and pave the way for widespread adoption of 5G networks. As we embark on the next phase of digital transformation, ensuring the security of 5G infrastructure remains essential to unlocking its full potential and reaping the benefits of a connected future.

The post The Crucial Role of Security in Accelerating 5G Adoption appeared first on Cybersecurity Insiders.


May 31, 2024 at 11:54AM

Over 600K routers in USA were disrupted by Cyber Attack

A cyber assault targeting internet routers operating in the United States has caused widespread disruption, affecting over 600,000 devices and marking one of the most significant router attacks in American history.

Discovered by Black Lotus Labs, a division of Lumen Technologies, in April 2024, the attack occurred during October and November of the previous year but was only disclosed to the public recently.

While security experts believe the attack to be the work of state-sponsored hackers, official details regarding the breach have yet to be revealed as investigations are ongoing.

Reports indicate that the attack utilized a malicious software update that continues to circulate online, capable of deeply infecting routers by deleting their operational code, rendering them inoperable.

The perpetrators engineered the malware disguised as a firmware update and distributed it through the software update servers of Windstream, a prominent telecommunications company based in Arkansas and a major Internet Service Provider (ISP).

In response to the incident, the FBI and other national security agencies have dispatched agents to Windstream’s facilities for further investigation. However, Windstream has refrained from issuing any official statements as its internal inquiry is still underway.

Lumen’s reports shed light on complaints from Windstream customers, who expressed frustration on platforms like Reddit regarding disruptions experienced between October 25th and October 28th, 2023. During this period, Windstream advised affected users to request device replacements, which were fulfilled within two weeks. However, the company has remained silent regarding the router hack incident.

Notably, neither the FBI nor any other law enforcement agencies, including the SEC, have acknowledged the incident, which, according to existing data breach laws, should have been reported within 30 days of discovery.

The post Over 600K routers in USA were disrupted by Cyber Attack appeared first on Cybersecurity Insiders.


May 31, 2024 at 11:51AM

Thursday, May 30, 2024

Eurojust conducts operation to shut malware and ransomware spreading botnets

Eurojust, the European Union Agency for Criminal Justice, recently initiated a decisive strike against a notorious botnet network responsible for disseminating malware and ransomware across the digital realm.

Dubbed “Endgame,” this operation was meticulously coordinated with law enforcement agencies worldwide, resulting in the apprehension of four key suspects. The crackdown led to the seizure of their extensive IT infrastructure, which encompassed over 100 servers and more than 2,000 web domains.

Interestingly, while three of the suspects hailed from Ukraine and one from Armenia, their locations of refuge bore no connection to their respective nationalities.

Europol, the EU’s law enforcement agency, played a pivotal role in this collaborative effort, reminiscent of a similar operation in 2021 that dismantled the notorious ‘Emotet‘ botnet.

Notably, one of the apprehended suspects reportedly amassed a staggering $74 million in a single year by leasing out their IT infrastructure to criminal syndicates specializing in ransomware distribution. Among these were prominent entities like the LockBit Ransomware group and the now-defunct BlackCat, alias ALPHV.

However, it’s crucial for readers to recognize that while such operations disrupt criminal activities temporarily, they often fail to yield long-term results. Many of the dismantled criminal groups swiftly regenerate, emerging as revamped versions of their former selves.

For instance, despite the takedown of LockBit ransomware’s 2.0 infrastructure earlier this year, the emergence of LockBit 3.0 underscores the resilience of these criminal networks. Similarly, the disruption of BlackCat’s IT infrastructure in March led to the emergence of RansomHub, a new criminal outfit targeting victims like Change Healthcare, a subsidiary of UnitedHealth Group.

Therefore, rather than solely targeting individual criminals and their infrastructure, law enforcement agencies must address the underlying governmental and intelligence apparatuses supporting these illicit activities. Such an approach is paramount in eradicating cybercrime at its roots rather than merely trimming its branches.

The post Eurojust conducts operation to shut malware and ransomware spreading botnets appeared first on Cybersecurity Insiders.


May 30, 2024 at 08:45PM

Wednesday, May 29, 2024

Cyber Attack news headlines trending on Google

BBC Data Breach Exposes Personal Information of 25,000 Staff Members

In a recent development, a spokesperson from BBC Pension issued a press release confirming a security breach that potentially compromised the personal information of over 25,000 current and former staff members. While investigations are underway to determine any misuse of data related to the corporation’s pension scheme, the stolen data includes sensitive details such as National Insurance card numbers, addresses, and names of the pensioners. Cybersecurity insiders suggest that the incident might be linked to a ransomware attack, prompting affected individuals to remain vigilant against potential phishing and identity theft attempts.

Internet Archive Targeted in DDoS Attack

Internet Archive, a renowned repository for various forms of digital content including newspapers, e-books, movies, and historical literature, recently fell victim to a Distributed Denial-of-Service (DDoS) attack. Reports indicate that the attack, which lasted for three days, disrupted access to the platform. Interestingly, the timing of the attack coincided with a legal trial initiated by the US Recording Industries Association and US Book Publishing against Internet Archive.

Ticketmaster and Live Nation Data Breach: Hacker Group Demands $500,000

A hacking group identified as ShinyHunters has successfully infiltrated the databases of Ticketmaster, resulting in the theft of over 560 million records or 1.3 terabytes of data. It is speculated that the motive behind the attack is purely financial, with indications pointing to the involvement of a prominent ransomware group. The stolen data, including credit card numbers, expiry dates, fraud details, and hashed credit card information, has surfaced on the dark web.

British MPs’ Email IDs Compromised and Leaked

Recent research conducted by security firm Proton has revealed alarming findings regarding the cybersecurity posture of British and EU parliamentarians. Nearly half of the Members of Parliament (MPs) from Britain, along with an equivalent number from the EU, have had their email IDs compromised and leaked on the dark web. Given that a significant portion of parliamentary communication occurs digitally, the exposure of sensitive information such as IP addresses, social media profiles, physical addresses, and dates of birth could potentially lead to blackmail and cyberbullying incidents. This breach underscores the urgent need for enhanced cybersecurity measures to safeguard parliamentary data and protect the privacy of elected officials.

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.


May 30, 2024 at 11:04AM

Microsoft uncovers North Korea Moonstone Sleet

Microsoft Threat Intelligence teams recently uncovered a novel collective of hackers known as Moonstone Sleet, also identified as Storm-1789. This group has been engaging in a variety of tactics aimed at maintaining their activity and funding the nuclear ambitions of Kim Un Jong.

Over the past few weeks, Moonstone Sleet has been initiating the formation of new companies, enticing potential targets with bogus job offers, and subsequently extorting money from victims under false pretenses. Additionally, this threat group has been distributing trojanized games, which either deploy malware or ransomware capable of wiping data if ransom demands are not met.

Their primary objectives revolve around gathering intelligence and generating revenue through fraudulent means, all to fulfill the demands of their nation’s leadership. Notably, Moonstone Sleet shares similarities with previous instances of nation-backed malware distribution, including NotPetya, WannaCry, and HolyGhost, albeit with a significant escalation in ransom demands, now ranging from $6 million to $12 million USD in cryptocurrency.

Thus far, their targets have spanned across the IT, education, defense, and software sectors, with potential plans to expand their reach to companies in Western regions in the near future. Microsoft suspects that Moonstone Sleet may be operating in collaboration with intelligence agencies from prominent Asian countries, although specific names have not been disclosed. Consequently, their primary aim appears to be disrupting Western business operations or maximizing financial gains through coercive measures.

The post Microsoft uncovers North Korea Moonstone Sleet appeared first on Cybersecurity Insiders.


May 29, 2024 at 08:50PM

Data Entry Job Offers in Southeast Asia Could Be Cyber Crime Traps

In recent revelations by Indian police authorities collaborating with counterparts in Sri Lanka and Singapore, a disturbing trend has emerged: hacking syndicates are preying on unsuspecting graduates by enticing them with lucrative data entry positions in countries like Cambodia, Singapore, Bangkok, Malaysia, or Vietnam, only to coerce them into cybercrime activities.

The modus operandi is unsettlingly simple- These criminal groups promise high-paying data entry roles to hopeful job seekers, providing them with basic necessities upon arrival in countries like Cambodia. However, once settled, these individuals are coerced into engaging in fraudulent schemes such as digital scams and cyber campaigns.

Many of these recruits initially sought legitimate employment opportunities after receiving training in data entry, only to find themselves ensnared in criminal activities like creating fake social media profiles to deceive innocent victims or manipulating individuals into cryptocurrency schemes, ultimately defrauding them of their finances.

Resistance is met with severe consequences. Those expressing reluctance are subjected to physical violence or starvation until they capitulate and sign documents further entangling them in criminal activities. These signed agreements, later used to implicate the coerced individuals in drug or human trafficking, carry hefty penalties and lengthy prison sentences, compelling compliance or leading to tragic outcomes like suicide due to the emotional turmoil endured.

Those who succumb to the pressures of cybercrime are promised a monthly salary of $400, payable after 45 days, with the intention of transferring funds to family members back home. Exploiting lax enforcement of laws in underdeveloped countries, except for Malaysia and Singapore, these criminal enterprises mostly operated by Chinese individuals reap substantial profits.

The question arises: how are these recent graduates enticed into such criminal enterprises? Through social media or SMS, promising job opportunities like data entry or virtual assistant positions are advertised, only to ensnare unsuspecting individuals upon arrival.

Compounding the issue, evidence of the crimes is digitally fabricated, leaving victims vulnerable to legal prosecution without implicating their employers or influencers.

In light of these alarming trends, caution is advised when encountering job offers via platforms like WhatsApp or social media. What may appear as a promising opportunity could well be a trap leading to dire consequences.

The post Data Entry Job Offers in Southeast Asia Could Be Cyber Crime Traps appeared first on Cybersecurity Insiders.


May 29, 2024 at 11:24AM

Tuesday, May 28, 2024

ABN AMRO bank hit by Ransomware

A prominent ransomware group has reportedly targeted the databases of ABN AMRO bank, resulting in the theft of data belonging to a subset of customers. However, the financial institution has swiftly responded by implementing measures to mitigate risks and is actively informing affected customers about the data breach.

As per the latest reports from media sources, the technology provider for the banking firm, ‘Add-Comm,’ fell victim to a ransomware attack. The specific name of the ransomware remains undisclosed at this time. Initial investigations suggest that the attackers may have gained access to certain customer-related data.

The extent of potential misuse of the stolen data remains uncertain, prompting Add-Comm to enlist the expertise of cybersecurity professionals to conduct a thorough investigation into the incident.

ABN AMRO has promptly published relevant information regarding the attack on its website, urging customers to reach out immediately if they are directly contacted by the perpetrators and threatened with potential repercussions.

The Dutch Data Protection Authority has been notified of the incident through a complaint filed by Add-Comm and will collaborate with law enforcement agencies to delve deeper into the matter.

Add-Comm, which specializes in distributing digital documents and tokens to clients, has pledged to provide further updates as soon as the third-party investigation concludes.

Meanwhile, in an unrelated development, the banking giant has finalized an acquisition deal with the German bank Hauck Aufhauser Lampe for $742 million. This marks ABN AMRO’s largest acquisition since the 2008 global financial crisis.

Previously owned by China’s Fosun International, Hauck Aufhauser Lampe will now merge with the Netherlands-based financial institution, expanding its presence and offerings in the European market.

The post ABN AMRO bank hit by Ransomware appeared first on Cybersecurity Insiders.


May 28, 2024 at 08:36PM

ATM malware developed to target Europe

Britain’s NCSC, the cybersecurity arm of GCHQ, has taken heed of a recent alert regarding a concerning cyber threat. According to reports from media outlets, criminals have developed malware specifically targeting ATMs, with the potential to generate a minimum profit of $30,000 per infected machine.

This malicious software, currently attributed to a known cybercrime actor, purportedly claims to have already infiltrated 60% of ATMs across Europe, with intentions to expand its reach further.

Alarming reports suggest that this malware is capable of infecting ATMs worldwide, including those manufactured by prominent companies such as GRG, Hitachi, BCR, Hyosung, Bank of America, Hosing Oki, and Diebold.

What sets this malware apart is its distribution model, which operates on a subscription basis and even entertains requests for profit sharing from jackpotting campaigns.

Amidst the multitude of financial scams and lesser-known frauds that occur annually, these attacks not only jeopardize the integrity of the banking sector but also erode public trust in digital banking, potentially leading to increased instances of theft and cybercrime.

Given its success thus far, threat actors are reportedly considering expanding the reach of this malware to ATM infrastructures in other Western nations such as the United States, Canada, and Australia.

The methods by which this malware is introduced into ATM systems remain shrouded in mystery, as both media publications and the threat actors themselves have provided scant details.

For the public, exercising vigilance when using ATMs is paramount. It’s crucial to remain alert to your surroundings, as ATMs could be compromised by hidden cameras or other surveillance devices.

The post ATM malware developed to target Europe appeared first on Cybersecurity Insiders.


May 28, 2024 at 11:30AM

Monday, May 27, 2024

Microsoft to roll out AI powered PCs concerningly in coming years

Microsoft is poised to revolutionize the landscape of personal computing with its upcoming line of AI-powered PCs, signaling a significant shift in user experience and productivity. These cutting-edge devices, akin to the already unveiled Copilot, will predominantly rely on cloud-based infrastructure, ensuring seamless accessibility to stored data from anywhere.

Essentially, Microsoft’s foray into AI-driven PCs implies a paradigm where the devices themselves become conduits to cloud-based services, entrusting data management and control to the stewardship of the Satya Nadella-led company.

Critics may raise concerns about the implications of centralized data storage and control. While cloud service providers maintain a stance of impartiality regarding user data and applications, the opacity of operations within server farms leaves privacy and security apprehensions largely unaddressed.

A report by Morgan Stanley forecasts a surge in the adoption of these AI-powered PCs, propelled by marketing narratives centered around innovation, poised to catalyze a substantial uptick in PC sales by 2025. Furthermore, IT leaders across Europe and the United States are strategically integrating AI-powered PCs into their infrastructures, drawn by their unparalleled processing capabilities, capable of handling over 40 tera operations per second.

Microsoft anticipates a staggering increase in demand for such intelligent PCs, projecting a rise from 8% to 64% by 2028, fueled by a burgeoning ecosystem of AI-compatible applications developed by software engineers.

The debate ensues whether these AI-infused PCs will emerge as a boon or a bane for humanity. Yet, it’s essential to recognize that the efficacy and impact of these technologies are contingent upon human application and governance, rather than intrinsic flaws within the devices themselves.

The post Microsoft to roll out AI powered PCs concerningly in coming years appeared first on Cybersecurity Insiders.


May 27, 2024 at 09:33PM

Saturday, May 25, 2024

Enhancing Cyber Resilience in Banking: Leveraging Live Patching to Combat Rising Threats

Now more than ever, banks and financial institutions are facing unprecedented challenges in combating the increasing onslaught of cybercrime. As the digital landscape continues to evolve, hackers are becoming more sophisticated and even geopolitical in their tactics as they relentlessly target the systems, websites and applications within the financial ecosystem. Despite hefty regulations, the industry continues to be categorized as a high risk target. This is largely due to ever-increasing digital dependence and the wealth of stored private data that can be available at a hacker’s fingertips. The opportunities for financial gain from a breach are significant for a cybercriminal, making it a tantalizing victim for repeated attacks. A successful phishing scam or breach can not only damage the trust and reputation of an institution, it can also expose customers to identity theft, fraud and other forms of exploitation. 

The High Stakes of Digital Dependance

As a global system that’s interconnected in various ways with a heavy reliance on digital access, a single breach within the financial sector can cause far-reaching chaos involving fellow banking partners, customers, shareholders and the economy as a whole. With society continuing to lean toward a cashless approach to everyday transactions and becoming more reliant upon online transactions, banks have no choice but to increase their levels of innovation. The rapid digitalization of such banking services has not only expanded the attack surface for security threats, but it has also increased the need for the prioritization of physical and cybersecurity solutions. 

Unfortunately, the manual processes, difficulty in retaining top talent, and the complexity of tools, many organizations find themselves with an inability to properly mitigate and respond to incidents. This lack of readiness can leave the entire financial ecosystem vulnerable to threats, especially as security challenges become more nuanced and elaborate in nature. As Q2 arrives, adopting a more holistic approach to security over traditional methods is crucial to protecting not only assets but valuable customer relationships. 

Compliance Is More Than a Box Check

Placing cybersecurity at the core of a financial institutions risk management framework involves identifying and assessing cybersecurity risks, implementing mitigation controls, and continuously monitoring and updating these controls as the threat landscape evolves. It also includes maintaining a variety of regulatory standards and guidelines aimed at safeguarding customer data and ensuring the overall integrity of financial systems. But while compliance requirements such as PCI DSS, SEC, and OCC guidelines provide a foundation for cybersecurity within the financial industry, relying solely on these mandates can create a false sense of security. 

Customers expect and rely on their financial institutions to prioritize the security and protection of other sensitive information with effective security measures. With the notable increase in attacks targeting the financial sector, it is no longer a matter of “if” banks or credit unions will be attacked, but “when” this will occur. Because of this, assessing response times and testing through routine simulation how each organization will respond to a breach is important in preventing human errors during a real attack. A fast response to a detected threat is key to mitigating the damage it can cause to the business. An effective incident response plan that maps out and allows the organization to practice its responses before being placed under the pressure of an active compromise is imperative to finding gaps in cybersecurity defenses. 

Live Patching Is at the Core of a Secure Framework

One of the bigger challenges that financial institutions face when trying to establish stronger security measures is the lack of available adequate IT staff, not to mention maintaining ongoing, effective training. For example, meeting specific cybersecurity regulations for PCI DSS requires implementing certain patching timelines, or risk hefty financial penalties. But traditional methods of patch management can be highly disruptive to a business, requiring extensive downtime for online systems and hours of work for busy IT teams. This not only jeopardizes customer satisfaction and daily operations, it also causes delays in productivity for security teams. As a result, the patching process gets pushed to the back burner more often than not. Instead of immediately applying a security patch to an open vulnerability, security personnel may delay it by weeks or even months until it better fits into the maintenance schedule. 

Delaying the process of patch management only makes vulnerabilities more accessible to cybercriminals and can cause notable damage to internal systems. Live patching offers a solution to this problem by directly applying security patches as they become available without any reboots or scheduled downtime needed. By automating the process, code can be updated in memory without causing any disruptions to operations around them and patches can be applied quickly and efficiently. When vulnerabilities are closed as soon as they are discovered, not only does risk become greatly reduced, but it also helps firms meet the tight patching deadlines set forth by compliance mandates. 

Given these challenges, the financial sector’s future security posture hinges on their ability to embrace innovative security measures that go beyond basic traditional defenses. The complete integration of technology like live patching can be one of the most versatile and useful tools in the security toolbox of an organization. By choosing to invest in robust security measures and demonstrating a commitment to safeguarding sensitive information, institutions can not only mitigate the risks associated with cyber attacks but also strengthen their reputation and competitiveness in the marketplace for years to come.

Joao Correia serves as Technical Evangelist at TuxCare (www.tuxcare.com), a global innovator in enterprise-grade cybersecurity for Linux.

The post Enhancing Cyber Resilience in Banking: Leveraging Live Patching to Combat Rising Threats appeared first on Cybersecurity Insiders.


May 25, 2024 at 06:13PM

Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration

AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP, is now available on the AWS Marketplace. This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

After meeting specific technical and security standards set by AWS, the SaaS-based Criminal IP search engine ensures reliability and seamless integration with AWS services. The AWS Marketplace, a significant platform primarily used in the US, provides Criminal IP with access to a vast global customer base, enhancing its visibility and credibility. This listing demonstrates the critical role of AWS Marketplace in the software’s adoption and success.

<Criminal IP, a comprehensive threat intelligence tool, is now available on the AWS Marketplace>

Criminal IP excels in threat detection, empowering cybersecurity with unparalleled intelligence.

Criminal IP is the industry’s leading IP address intelligence tool, leveraging AI and machine learning to provide unparalleled visibility into the risks associated with internet-connected devices. It offers comprehensive solutions for fraud detection, attack surface management, and threat hunting.

Additionally, Criminal IP offers seamless API integration, allowing effortless incorporation of threat intelligence data into existing services and security systems such as SOAR and SIEM. With a rich repository of cyber threat intelligence data, including risk classification, geographical insights, vulnerable asset graphs, and more, Criminal IP empowers organizations to stay ahead in the ever-evolving landscape of cybersecurity.

Seamless Integration and Payment Flexibility Between AWS Marketplace and Criminal IP

Criminal IP’s presence on the AWS Marketplace brings several conveniences for users. The interconnected tokens of AWS and Criminal IP seamlessly exchange information, allowing users to leverage both platforms’ strengths without encountering data silos or compatibility issues.

Additionally, customers enjoy consistent plans and subscription options on Criminal IP, regardless of whether transactions are initiated through Criminal IP or the AWS Marketplace. This uniformity extends to credit usage monitoring for specific features and APIs, accessible directly from the dashboard, promoting transparency and ease of management.

<Payments on AWS Marketplace seamlessly reflect on Criminal IP>

“The most important aspect of entering the AWS Marketplace was to ensure easier compatibility between AWS Cloud and ‘Criminal IP’ threat intelligence. We paid a lot of attention to interoperability with AWS products and credit management systems,” stated Byungtak Kang, CEO of AI SPERA. “We will continue to pursue Marketplace registration to secure global customers and increase interoperability with various clouds in the future.”

Explore the detailed features of the newly listed Criminal IP on the AWS Marketplace, as well as Criminal IP ASM, an Automated Attack Surface Management SaaS solution that monitors all internet-connected assets and vulnerabilities.

About AI Spera

AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, significantly expanded its reach with the launch of its flagship solution, Criminal IP, in 2023. Since then, the company has established technical and business collaborations with over 40 renowned global security firms, including VirusTotal, Cisco, Tenable, Sumo Logic, and Quad9.

Available in five languages (English, French, Arabic, Korean, and Japanese), the search engine ensures a powerful service for users worldwide.

In addition to the CTI search engine, the company also offers Criminal IP ASM, a SaaS-based Attack Surface Management Solution available on Azure Marketplace, and Criminal IP FDS, an AI-based Anomaly Detection Solution used for credential stuffing prevention and fraud detection.

The post Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration appeared first on Cybersecurity Insiders.


May 25, 2024 at 05:32PM

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., a provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Digital Impersonation Fraud Resilience report. Notably, Memcyco’s research indicates that the majority of companies do not have adequate solutions to counter digital impersonation fraud and that most only learn about attacks from their customers.

More than half of all respondents (53%) said their existing cybersecurity solutions do not effectively address website impersonation attacks, and 41% said their existing solutions only protect them and their customers “partially.” Just 6% of brands claimed to have a solution that effectively addresses these attacks, despite 87% of companies recognizing website impersonation as a major issue and 69% admitting to having had these attacks carried out against their own website.

Fake websites dupe users into sharing their login credentials on unauthorized pages, leaving them vulnerable to account takeover (ATO) attacks. This growing problem has earned cybercriminals an astonishing $1 billion+ in 2023 alone, according to data from the U.S. Federal Trade Commission. That’s more than three times the amount reported stolen in 2020. 

The report found that 72% of companies have a monitoring system to detect fake versions of their website, but still, 66% said that they primarily only learn about digital impersonation attacks when they are flagged by customers. 37% of respondents learn about such attacks as a result of “brand shaming” by impacted customers on social media.

The inability to adequately protect against digital impersonation fraud raises questions about companies’ responsibility to reimburse their customers for any losses stemming from scams. 48% of survey respondents are aware that upcoming regulations are likely to enforce customer reimbursements, making effective protection against digital impersonation fraud a ‘must-have’ for avoiding revenue loss.

“One of the most alarming takeaways from the report is that website impersonation scams are growing because cybercriminals rely on companies having limited visibility into these kinds of attacks,” said Israel Mazin, Chairman and CEO of Memcyco. “This creates a glaring blindspot in cybersecurity — the inability of companies to protect their customers online.”

The State of Digital Impersonation Fraud Resilience report was conducted together with Global Surveyz Research, based on the responses of 200 full-time employees ranging from Director to C-level executives at organizations in the security, fraud, digital, and web industries, operating transactional websites with traffic of more than 10,000 monthly visits.

Memcyco’s solution suite addresses the rising tide of website impersonation scams by using real-time alerts to secure end-users on every website visit and provides organizations with unparalleled insights into the scope and impact of all attacks on their sites. 

The full report can be found here.

About Memcyco

Memcyco offers a suite of AI-based, real-time digital risk protection solutions for combating website impersonation scams, protecting companies and their customers from the moment a fake site goes live until it is taken down. Memcyco’s groundbreaking external threat intelligence platform provides companies with complete visibility into the attack, attacker, and each individual victim, helping to prevent ATO fraud, ransomware attacks, and data breaches before they occur. Memcyco’s “nano defender” technology detects, protects, and responds to attacks as they unfold, securing tens of millions of customer accounts worldwide and reducing the negative impact of attacks on workload, compliance, customer churn, and reputation.

About Global Surveyz

Global Surveyz is a global research company that provides survey reports as-a-service, covering the whole process of creating an insightful and impactful B2B or B2C report for any target market. Global Surveyz was established in 2020 by Ramel Levin.

The post Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud appeared first on Cybersecurity Insiders.


May 25, 2024 at 04:39PM

Securing Trust: How to Partner With Customers to Build World-Class Cybersecurity Solutions

In today’s complex digital landscape, safeguarding businesses and individuals against constantly evolving cyber threats requires a robust, multi-faceted approach. As the Chief Customer Officer at Traceable, I’ve seen firsthand the power of customer collaboration in shaping cybersecurity solutions. 

True partnerships with customers provide invaluable insights that inform strategies and product development within the evolving cybersecurity landscape.

The Customer at the Core

Building robust cybersecurity solutions in today’s ever-evolving threat landscape requires a multi-faceted approach. While cutting-edge technology is essential, experience has shown me that true effectiveness hinges on understanding the customer’s perspective. By placing the customer at the core of our strategies, we gain invaluable insights into how they interact with and utilize cybersecurity solutions. This understanding is the cornerstone of developing solutions that are not only secure but also user-centric.

Navigating the Customer Journey

The customer journey, from onboarding to sustained usage, is a critical aspect that demands meticulous attention. A streamlined onboarding process, complemented by comprehensive educational resources, ensures that customers can quickly and effectively integrate API security solutions into their operations. Furthermore, by mapping the customer journey, we can anticipate needs, address pain points, and facilitate seamless interaction with our solutions, thereby enhancing customer satisfaction and loyalty.

Amplifying the Voice of the Customer

Incorporating the voice of the customer (VoC) into your product development and enhancement strategies should be a cornerstone of your approach. By establishing robust feedback mechanisms and actively engaging with our customer community, we ensure that our API security solutions evolve in tandem with the emerging needs and challenges faced by our customers. This symbiotic relationship not only enhances our offerings but also ensures that our solutions are perpetually aligned with customer expectations.

Fostering a Culture of Security Awareness

In an era where cyber threats are perpetually evolving, fostering a culture of security awareness among our customers is paramount. Through targeted educational initiatives, we aim to empower our customers with the knowledge and tools to navigate the complex API security landscape effectively. Furthermore, by sharing insights into the latest threat vectors and providing guidance on developing robust incident response plans, we ensure that our customers are not only protected but also prepared.

Defining “Customer-Centric Security”

Customer-centric security goes beyond the typical approach of creating technology and then trying to make it work for users. 

Let’s break it down:

  • Empathy as a Design Principle: Understanding customers’ pain points, needs, and levels of expertise is the foundation for building security solutions that work effectively within their business realities.
  • Proactive Engagement: Actively seeking customer feedback throughout the product lifecycle— development, implementation, and ongoing updates. This is not passive helpdesk support, it’s treating customers as valuable advisors.
  • Security as an Enabler: Customer-centric security recognizes that if security solutions impede a business’s ability to innovate and operate, they fail. Security needs to be a partner to business growth, not an obstacle.

Customer-Centricity in Action

At Traceable, we believe that customers are integral partners in shaping the future of API security. Our approach hinges on three core principles:

  • Collaborative Security: Actively solicit customer feedback, and use it to fuel the ongoing development and refinement of solutions. This collaborative approach ensures cybersecurity strategies evolve alongside the real-world challenges and needs of customers.
  • Simplifying Security and the Process: It’s important to realize that not every customer is going to be an expert. Many are, but some aren’t, and it’s not required. Security needs to be accessible and be designed to be intuitive and user-friendly. Extensive documentation and educational resources are also important, as they empower customers of all technical backgrounds to protect their environments effectively.
  • Transparency as a Core Value: We need to foster an environment of open communication. If vulnerabilities arise, it’s crucial to proactively inform customers and work with them to implement clear mitigation strategies. Trust is paramount, and it’s built through honesty and a sense of shared responsibility for maintaining a robust cybersecurity program.

The Bottom Line

Cybersecurity is an ever-evolving challenge, and its solutions should be equally dynamic. It’s important to place the customer at the core, navigating their journeys, amplifying their voices, and fostering security awareness. By doing so, we build solutions that effectively address real-world threats and earn the trust of those we serve.

 

 

The post Securing Trust: How to Partner With Customers to Build World-Class Cybersecurity Solutions appeared first on Cybersecurity Insiders.


May 25, 2024 at 03:36PM

Friday, May 24, 2024

New Ransomware Gang exploits Microsoft Bitlocker to lockup databases

In a concerning development, a new ransomware gang has emerged employing BitLocker encryption technology to hold databases hostage, demanding payment for decryption keys.

BitLocker, a Windows encryption tool, safeguards data by encrypting hard drives, requiring multi-factor authentication for access.

Reportedly, the ShrinkLocker ransomware gang has been observed targeting companies in Mexico, Indonesia, and Jordan, focusing on vaccine and steel manufacturers, along with a federal agency.

Their strategy appears clear: coerce victims into paying ransoms, especially those reliant on critical data for operations.

The onslaught of ransomware continues unabated, with criminals adopting double and triple extortion tactics. Alarmingly, some victims are targeted multiple times within a year, either due to neglecting to patch vulnerabilities or underestimating criminals’ persistence.

Recently, RansomHub, previously associated with the Alphv or BlackCat ransomware gang, resurfaced, re-victimizing those previously targeted. Notably, a victim who initially paid $22 million to BlackCat found themselves compelled to pay an additional $15 million to the subsequent gang.

These developments pose a formidable challenge for security experts and law enforcement agencies, as efforts to contain file-encrypting malware prove increasingly difficult.

We welcome suggestions from readers on combating this growing threat.

The post New Ransomware Gang exploits Microsoft Bitlocker to lockup databases appeared first on Cybersecurity Insiders.


May 24, 2024 at 08:44PM

Thursday, May 23, 2024

Leveraging Data Consolidation to Strengthen Cybersecurity: A Comprehensive Approach

In today’s interconnected digital landscape, cybersecurity has become a paramount concern for organizations of all sizes and industries. With cyber threats evolving in sophistication and frequency, businesses are constantly seeking innovative strategies to fortify their defenses and safeguard sensitive information. One such strategy gaining prominence is data consolidation – a proactive approach that consolidates diverse data sources to enhance cybersecurity measures.

Data consolidation involves centralizing and integrating disparate data sets from various sources within an organization’s network, including logs, alerts, and network traffic data. By aggregating this information into a unified platform or system, organizations can gain comprehensive visibility into their digital environment, enabling them to detect and respond to security threats more effectively. Here’s how data consolidation can significantly bolster cybersecurity efforts:

1. Enhanced Threat Detection: Centralizing data from multiple sources allows security teams to correlate events and identify patterns indicative of malicious activity. By analyzing a holistic view of network traffic, system logs, and user behavior, organizations can detect anomalous behavior and potential security breaches in real-time, minimizing the dwell time of threats within their environment.

2. Streamlined Incident Response: In the event of a security incident, having consolidated data readily available expedites the incident response process. Security analysts can quickly access relevant information, such as the source of the breach, affected systems, and the extent of the damage, enabling them to formulate a targeted response and mitigate the impact of the incident more efficiently.

3. Improved Forensic Analysis: Data consolidation facilitates comprehensive forensic analysis following a security incident or breach. By retaining historical data in a centralized repository, organizations can conduct thorough investigations to uncover the root cause of the incident, identify vulnerabilities in their security posture, and implement remediation measures to prevent future occurrences.

4. Proactive Threat Intelligence: Centralized data provides valuable insights that enable organizations to proactively identify emerging threats and vulnerabilities. By leveraging advanced analytics and threat intelligence feeds, security teams can stay abreast of evolving cyber threats, anticipate potential attack vectors, and fortify their defenses accordingly.

5. Regulatory Compliance: Data consolidation aids organizations in meeting regulatory compliance requirements, such as GDPR, HIPAA, and PCI DSS. By maintaining centralized records of security events and data access, organizations can demonstrate compliance with data protection regulations and streamline audit processes.

To effectively implement data consolidation for cybersecurity purposes, organizations should consider the following best practices:

• Define clear data collection and storage policies to ensure the integrity and confidentiality of consolidated data.

• Implement robust security measures, such as encryption and access controls, to protect centralized data from unauthorized access or tampering.

• Employ advanced analytics and machine learning algorithms to automate threat detection and response processes, augmenting the capabilities of security personnel.

• Regularly audit and review data consolidation practices to identify areas for improvement and ensure alignment with evolving cybersecurity requirements.

In conclusion, data consolidation offers a multifaceted approach to strengthening cybersecurity defenses, enabling organizations to proactively detect, respond to, and mitigate security threats effectively. By centralizing diverse data sources and leveraging advanced analytics, organizations can bolster their resilience against cyber threats and safeguard their digital assets in an increasingly complex threat landscape.

The post Leveraging Data Consolidation to Strengthen Cybersecurity: A Comprehensive Approach appeared first on Cybersecurity Insiders.


May 24, 2024 at 10:36AM

US to stop GPS data communication from Foreign Satellites

After weeks of diligent examination into potential cyber threats posed by foreign satellites manipulating GPS signals to U.S. mobile devices, the Federal Communications Commission (FCC) is now urging the White House to enact a permanent ban on such interference.

Since July 2023, the FCC has fielded approximately seven complaints expressing apprehension that Russian and Chinese satellites could tamper with GPS signals intended for U.S. mobile devices within their operational jurisdictions.

Consequently, drawing upon technical insights from the Defense sector, the FCC has opted to greenlight only select satellite systems capable of processing GPS data directly linked to U.S. constellations, such as the European Galileo GNSS.

Evidently, certain adversaries have resorted to tactics like spoofing or jamming GNSS signals, prompting Mike Gallagher, chair of the US House Select Committee on China, to call upon European authorities to scrutinize GPS signals originating from foreign satellites.

This call to action was reinforced by the FCC’s own analysis, leading the telecom watchdog to mandate authorization solely for GPS signals from foreign satellites under the surveillance purview of U.S. military forces.

For those puzzled about the necessity of utilizing foreign satellites for mobile communications, such reliance serves various purposes, including facilitating communications for ambassadors and visiting dignitaries during their sojourns in Asia, as well as enabling embassy staff and officials to utilize U.S. devices while stationed abroad.

The specter of surveillance or espionage targeting mobile devices via malware and satellite intervention invariably raises concerns about data security and privacy. Such actions are universally condemned as illegal, not just within the United States but worldwide. Governments or entities found engaging in such practices consistently face public backlash.

The post US to stop GPS data communication from Foreign Satellites appeared first on Cybersecurity Insiders.


May 24, 2024 at 10:28AM

Deepfakes turn into second most common cybersecurity incident

Deepfakes, where AI algorithms manipulate a person’s voice, image, or video to mimic the original, have emerged as the second most common cybersecurity threat in the UK, closely trailing malware.

Surprisingly, an alarming 32% of businesses in Britain have fallen victim to such incidents within the past year, according to a recent online survey conducted by the ISMS web portal.

The survey, which collected responses from over 500 participants across various sectors including technology, manufacturing, education, energy, and healthcare, shed light on the growing prevalence of deepfake attacks.

One particularly concerning trend is the infiltration of deepfakes into the corporate sector through business emails. Hackers are utilizing manipulated voices and video files to deceive C-level executives into authorizing fraudulent money transfers. As a result, calls are mounting for government intervention to mandate cybersecurity awareness training for employees in both public and private companies.

Additionally, adequate budget allocation is deemed essential for safeguarding IT assets and investing in technology capable of detecting and mitigating deepfake threats, thereby affording victims a timely exit strategy.

Despite the looming threat posed by deepfakes, there exist discernible signs to help identify manipulated content:

a. Discrepancies in skin texture and body proportions often expose deepfakes.
b. Anomalies such as unusual blinking patterns and irregular shadows around the eyes indicate potential image or video manipulation.
c. Non-realistic lip movements and excessive glare in eyewear are common red flags.
d. Unnatural hair styling or inconsistencies between hair and facial features may signal tampering.
e. Aberrations in voice tone, fragmented speech, and irregular word breaks hint at AI-generated content.

It’s worth noting that while premium software tools are available to detect deepfake content, they come at a cost. Moreover, governments worldwide are poised to enact legislation requiring companies responsible for generating deepfakes to watermark their creations, spanning images, videos, and audio files. Such measures aim to enhance accountability and combat the proliferation of deceptive digital content.

The post Deepfakes turn into second most common cybersecurity incident appeared first on Cybersecurity Insiders.


May 23, 2024 at 08:45PM

Wednesday, May 22, 2024

Cyber Threat news headlines trending on Google

Rockwell Automation Urges Caution Regarding Industrial Control Systems

Rockwell Automation, a leading provider of industrial control systems (ICS), has issued a cautionary advisory urging its customers to refrain from connecting their ICS to the internet. This proactive measure aims to mitigate the risks associated with potential fraudulent access and cyber threats from external sources. The alert aligns with recommendations from US-CERT, emphasizing the importance for users and administrators to heed this warning to safeguard their systems from potential vulnerabilities before they escalate.

Optus Faces Scrutiny Following Cyber Attack and Network Outage

Australian telecommunications giant Optus found itself in the spotlight after experiencing a cyber attack in September 2022, resulting in a 14-hour network blackout impacting approximately 10 million customers. The Australian Communications and Media Authority (ACMA) has leveled allegations against the company, accusing it of failing to adequately protect its customers from threat actors. As a result, Optus, a business unit of Singapore Telecom, faces the possibility of legal action and significant penalties for the disruption to its IT services.

Police Service of Northern Ireland Faces Fine Over Data Breach

The Police Service of Northern Ireland (PSNI) is set to incur a hefty fine of £750,000 following its failure to prevent a data breach that led to the unauthorized disclosure of sensitive information. Originally facing a potential penalty of £5.6 million, PSNI is collaborating with external forensic experts to thoroughly investigate the breach and mitigate associated risks. This fine underscores the critical importance of robust data security measures in safeguarding sensitive information.

Microsoft Introduces ‘Recall’ Feature in Copilot + Line for Windows 11 OS

Microsoft is set to introduce a new ‘Recall’ feature in its Copilot + line of Windows 11 operating systems. This innovative feature functions as a screenshot-taking service, capturing snapshots at regular intervals and utilizing AI technology to facilitate content searchability. Analogous to snapshot technology commonly found in backup services software, Recall represents Microsoft’s commitment to enhancing user data security. In a recent memo to employees, CEO Satya Nadella emphasized the imperative of securing user data and encouraged leveraging the expertise of Microsoft’s Threat Intelligence teams when needed.

The post Cyber Threat news headlines trending on Google appeared first on Cybersecurity Insiders.


May 23, 2024 at 10:15AM

Safeguard Your Future with Seven Layers of Data Resilience

Organizations have been doing backup and recovery for decades and many feel that they have reactive data protection under control. If an event like a power failure or natural disaster takes down their data center, they just use their replica site hundreds of miles away to continue operations and, if need be, recover their data from disk or tape or cloud storage as needed. It’s a pretty well-understood practice.

However, enterprises are now seeing the impact of cyberattacks such as ransomware, which alone is poised to exceed $265 billion in global damage costs by 2031. These problems differ from natural disasters or hardware or power failures in that someone is actively trying to prevent you from succeeding with a traditional recovery approach.

Plus, cyberattacks are getting more sophisticated – and that’s only accelerating with the advent of artificial intelligence, which has the ability to write and improve upon code. And launching a cyberattack is now easy with ransomware as a service, which means that people don’t need deep expertise to hold your data hostage or steal your data and sell it on the dark web.

It’s also important to note that bad actors are now targeting the configuration files of applications and the datasets you would traditionally use to try to recover from an attack. Making it harder to get back to normal operations makes targets more willing to pay ransom.

These harmful entities are also going after data like personally identifiable information and payment information, which are covered by regulatory requirements, and more data regulations are coming soon. The European Union’s Digital Operational Resilience Act (DORA) take effect in January 2025, and similar requirements are likely coming to the Americas and APAC region.

The fact that the National Institute of Standards and Technology recently introduced the NIST Cybersecurity Framework 2.0 signals this new and evolving data and cybersecurity landscape.

This new landscape is extremely complex to navigate – especially in an environment where cybersecurity experts are costly, hard to keep, and in short supply. It calls for a new approach to data resilience, one that combines cyber readiness with traditional data protection.

To achieve operational resilience in this landscape, we believe there are seven critical layers to a proper data resilience strategy:

  • Monitoring, posture assessment, testing, and incident response
  • Anomaly detection and malware scanning
  • Pen/patch/upgrade testing and DevSecOps
  • Forensics and recovery in minutes
  • A diverse partner ecosystem for compliance
  • Efficient, dependable backup and recovery
  • Reliable, secure, immutable infrastructure

Here’s how to secure your future with these seven critical layers.

Start with a posture assessment

Imagine you’re a brokerage and your average cost of downtime is $5 million an hour. If you got hit with a ransomware attack, could you survive being offline for two, three or four weeks? If your business goes offline because you can’t access your data, what does that do to your bottom line? What will you owe in regulatory fines? How will this impact customer trust?

It’s a massive problem that could result in a huge – potentially fatal – hit to your business.

Don’t panic. Take a step back. Employ your internal experts and/or work with a trusted partner to understand your cyber resilience, data protection, and overall operational resilience posture.

Bring in an independent voice

This is a broad remit. No one person in your organization will be able to identify the problem.

Also, be aware that internal teams might have blinders on. Your network team will likely think that the network is fine. Your infrastructure team will say the infrastructure is great. Or perhaps these teams will elect to use this exercise as a way to get extra budget in a predetermined area.

Bring in an independent voice to help you get a more realistic assessment of your posture. A third party who will have no agenda other than helping you understand where you are today, define your goals, and make the right decisions around the people, process, and technology you need.

Understand reactive technologies are no longer enough

Reactive approaches alone may have worked in the past. But in today’s world of frequent and increasingly sophisticated attacks, you need to be more proactive and much, much faster.

Move to a posture in which you are using artificial intelligence both to monitor for anomalous activity and scan for malware in your environment. Embrace the power of automation to act, whether that’s to notify an administrator of anomalies to investigate or to rapidly isolate at-risk systems.

Address data resilience across your entire environment

The rapid growth of data and the widespread implementation of IoT, edge computing, and storage are expanding the attack surface. Now you must ensure your data center is super secure and has data resiliency, cyber readiness, and rapid recovery at scale where your data – and all of the devices that touch that data – exist. In today’s hybrid world, that’s going to be anywhere and everywhere.

That can make ensuring data resilience complex and hard to get your arms around. Work with a trusted partner with the ecosystem, people, processes, and technology to streamline your journey and provide consistent protection from edge to core to cloud.

Adopt a reliable, secure, immutable infrastructure

Chances are good that you have reliable backup and recovery. You probably also have a reasonable amount of security around it. But be sure you also have robust infrastructure, which is characterized by data immutability, consistent deployment processes, and enhanced resilience against unexpected system failures.

With these critical capabilities, you can take immutable snapshots of your database environment and ensure that file data cannot be overwritten so that if your data is encrypted, you have the previous version that you can fail back to. That, and forensic capabilities to determine the right point to recover to prior to malware entering your environment, will empower you to recover from an incident very, very quickly.

Don’t throw the baby out with the bathwater

You’ll also want to explore how you can do penetration, patch, and upgrade testing at scale in a way that doesn’t impact your production environment. Plus, you’ll want to manage the governance of data, including how long it is retained, who can access it, and when it should be deleted.

You may be thinking all of the above is a lot to consider and tackle. But rest assured, you don’t need to replace everything you have and rebuild your environment from scratch.

By working with a proven partner, you can identify your biggest gaps, bring the right people across your organization to the table, and decide what you need today and going forward to ensure you have the appropriate data protection, security, compliance, and cyber resilience.

The post Safeguard Your Future with Seven Layers of Data Resilience appeared first on Cybersecurity Insiders.


May 22, 2024 at 06:29PM

Can a Cyber Threat Abruptly Evolve into a Ransomware Attack

In today’s digital landscape, the evolution of cyber threats poses significant challenges for individuals and organizations alike. One pressing concern is the sudden escalation of a seemingly minor cyber threat into a full-fledged ransomware attack. This phenomenon has become increasingly common, raising questions about the speed and unpredictability of cyber threats’ transformations.

Cyber threats encompass a wide range of malicious activities, including phishing, malware infections, and data breaches. While each threat presents its own risks, the emergence of ransomware represents a particularly menacing development. Unlike other cyber threats that may cause data loss or financial harm, ransomware encrypts valuable files or systems, demanding payment for their release. The sudden shift from a standard cyber threat to ransomware can catch victims off guard, amplifying the impact and urgency of the attack.

One way in which a cyber threat can abruptly escalate into a ransomware attack is through the exploitation of vulnerabilities within an organization’s cybersecurity defenses. For example, a seemingly innocuous phishing email may initially deliver malware designed to steal credentials or gather sensitive information. However, if this malware goes undetected or is not promptly addressed, threat actors may pivot to deploying ransomware, leveraging the compromised system as a foothold for launching a broader attack.

Similarly, vulnerabilities in software or outdated security protocols can provide opportunities for threat actors to escalate their tactics. What begins as a routine malware infection or system compromise can quickly escalate into a ransomware incident if adequate safeguards are not in place to prevent unauthorized access or data exfiltration.

Moreover, the interconnected nature of modern IT environments can facilitate the rapid spread of ransomware within an organization. A single compromised device or network segment can serve as a vector for infecting other systems, leading to widespread encryption of critical data and systems. This domino effect underscores the importance of early detection and containment measures to mitigate the impact of ransomware attacks.

The evolving tactics and techniques employed by cyber-criminals further complicate efforts to anticipate and counter ransomware threats. Threat actors continuously adapt their strategies to bypass security controls and maximize their chances of success. As such, organizations must adopt a proactive approach to cybersecurity, regularly assessing their risk posture and implementing robust defenses to thwart potential ransomware attacks.

In conclusion, the abrupt escalation of a cyber threat into a ransomware attack underscores the dynamic nature of cybersecurity threats and the importance of vigilance and preparedness. By understanding the factors that contribute to this escalation, organizations can better safeguard their assets and respond effectively to emerging cyber threats. Through ongoing investment in cybersecurity measures and collaboration with industry partners, they can mitigate the risk of falling victim to ransomware and protect against the potentially devastating consequences of a cyber attack.

The post Can a Cyber Threat Abruptly Evolve into a Ransomware Attack appeared first on Cybersecurity Insiders.


May 22, 2024 at 11:48AM

LockBit demands $25 million from London Drugs in 48 hours

In April of this year, London Drugs faced a cyber attack, which led to the encryption of their servers. The company promptly announced its efforts to seek alternative methods to recover the stolen data in collaboration with law enforcement. However, following this disclosure, London Drugs maintained silence on the matter until recently, when hackers issued a formal demand: pay $25 million within 24 hours or risk the sale of the compromised data on the dark web.

Adhering to data protection laws, London Drugs will notify all affected individuals digitally about the attack and assure them of implemented security measures. The company pledges to cooperate with law enforcement guidance.

Despite the FBI’s prior advisory against yielding to hackers’ demands, London Drugs, a pharmaceutical firm with a global workforce exceeding 9,000 employees, spanning British Columbia, Manitoba, Alberta, and Saskatchewan, has yet to confirm any intentions to pay ransom. Their IT team is exploring alternative avenues to verify the legitimacy of the demands.

Meanwhile, the criminal group has claimed responsibility for the recent attack on the Italian Revenue Service (L’Agenzia Delle Entrate), promising to return the stolen data upon payment.

The history of the LockBit criminal gang dates back to September 2019 when it emerged as a Ransomware-as-a-Service (RaaS) operation. After rebranding as LockBit 2.0 in June 2021, the group persisted despite a joint FBI-Europol operation in February 2024, which seized their IT infrastructure. Undeterred, the group resurfaced as LockBit 3.0, continuing their ransom demands in Monero cryptocurrency.

It’s crucial for readers of Cybersecurity Insiders to recognize the resilience of such criminal entities, despite law enforcement interventions, underscoring the ongoing challenges posed by cyber threats.

The post LockBit demands $25 million from London Drugs in 48 hours appeared first on Cybersecurity Insiders.


May 22, 2024 at 11:45AM

Tuesday, May 21, 2024

OpenAI ChatGPT Cyber Threat to Scarlett Johansson

Scarlett Johansson, a familiar face in Hollywood, has repeatedly demonstrated her ability to seamlessly embody various movie characters. In her latest film “Her,” she captivated audiences with her portrayal of a feminine AI virtual assistant, showcasing a surprising blend of friendliness and romance that left viewers intrigued.

Setting aside the film’s narrative, let’s delve into a recent development concerning AI and its potential cyber threats.

Reports emerged a few months back that Sam Altman, CEO of OpenAI, approached Scarlett Johansson to lend her voice to ChatGPT 4.0, codenamed Sky. Despite her reservations about the advancement of robotics and AI technology, Johansson politely declined the offer on two occasions.

However, Johansson’s stance shifted earlier this month when she began receiving numerous calls from friends and family members regarding an AI assistant named Hello ChatGPT4o, which uncannily resembled the character Samantha from “Her.”

Initially skeptical, Johansson became increasingly convinced when she listened to audio clips forwarded by her acquaintances, realizing that her voice had been mimicked by the AI assistant. This revelation sparked concerns about the potential ramifications for her career and personal life.

To some, the notion of a cyber threat against an actress may seem obscure. Yet, consider the possibilities: malicious individuals could exploit the AI voice to coerce friends or family members into sending money to fraudulent accounts or extort them for ransom, a tactic commonly associated with Vishing.

In response to Johansson’s concerns, her representative Marcel Pariseau reached out to Sam Altman. Altman and his team clarified that the voice in question was provided by another professional and was never intended to replicate or mimic Johansson’s voice. While expressing regret if the Academy Award-winning actress felt offended by the resemblance, Altman did not concede to replacing the voice with that of another female artist.

Stay tuned for further updates on this developing story.

The post OpenAI ChatGPT Cyber Threat to Scarlett Johansson appeared first on Cybersecurity Insiders.


May 21, 2024 at 08:49PM

The Year in GenAI: Security Catches Up with Innovation

Over a year ago, the general public got its first taste of the possibilities of generative artificial intelligence (GenAI) with the public rollout of ChatGPT. As far as watershed tech moments go, it was comparable only to the iPhone launch fifteen years earlier—another occasion on which millions of people realized, simultaneously, that nothing would ever be the same.

The enterprise implications of this technology were apparent from the beginning, but that doesn’t mean the relationship between GenAI and enterprise has been uncomplicated. On the contrary, over the last year, we’ve witnessed every stage of the innovation life cycle play out in real time. What started as white-hot excitement soon cooled to skepticism and has now come back around to widespread excitement.

What changed? How did artificial intelligence (AI) go from an exciting but risky new technology to a must-have for most businesses? Understanding how we got to this point can tell us a lot about the present state of GenAI and where it might be headed in the near future.

Why some businesses were slow to adopt GenAI

It makes sense that many organizations spent the early part of 2023 wary about implementing GenAI. To start, many saw the quick rise and even quicker fall of digital innovations like the Metaverse and crypto around the same time. Large enterprises like Meta and Microsoft were entrenched in the Metaverse, causing hype and promising plans for future additions. However, we’ve entered 2024, and it’s nearly forgotten about. While AI promises quite a bit, there was no guarantee it wouldn’t head in the same direction during an overheated initial hype cycle.

It’s more important to note, however, that a few things can damage a company’s reputation and bottom line, like hacked or otherwise exfiltrated data. However incredible AI’s capabilities might be, they could not—in the eyes of many businesses—outweigh the potential security risks.

The most prominent of these risks was the chronic lack of visibility endemic to many GenAI tools. Remember that many of these GenAI-skeptical businesses had spent the preceding few years working diligently to gain insight into newly sprawling multi-cloud operations. In other words, the perils of partial transparency were well-known to them, and by now, it’s a cybersecurity maxim that you can’t protect yourself from what you can’t see. So it makes sense that these businesses were wary of implementing GenAI tools, which—at least at the time—could not offer the kind of comprehensive visibility they’d come to view as a baseline cybersecurity expectation.

There were other security issues, however. For instance, there is difficulty integrating GenAI with pre-existing security stacks and generating unified internal policies for GenAI usage. Beyond security concerns, the very newness of this technology meant many employees would lack the skills to use it effectively. Any investment in GenAI tech would have to come with a concomitant investment in new security protocols and employee training.

Enterprise adoption spiked dramatically in 2023—what changed?

In the world of AI, everything moves fast. It is no surprise that in a year, everything about this situation has changed. In 2023, we saw many companies race to implement GenAI, but the small segment that held out last year may be struggling to catch up in 2024. 

This is partly a result of competitive pressure. Many of the companies that took the GenAI plunge early saw spectacular gains in productivity over the year—approximately a 40% increase, according to a recent study from Accenture. Per a recent State of GenAI survey, these gains can be chalked up to a few notable factors, including GenAI’s ability to generate starting points for presentations or for code; its ability to replace traditional web research; and its usefulness for labor-intensive tasks like generating letters or structured responses. 

Customers have also benefited from the improved user experience GenAI facilitates, and they are favoring AI-powered products and services accordingly. At the same time, GenAI has become inescapable, the subject of countless conference presentations and research papers from analysts like Gartner, Forrester, and IDC.  

While the companies that took a risk in 2023 saw productivity gains, those who took a more cautious approach now see the reaping benefits from afar. Business leaders now see the potential return on investment (ROI) from these trailblazers, and they’re continuing to see GenAI’s relevance in industry research. These C-suite executives, board members, and investors are now asking, “Where’s our GenAI strategy?” 

While these are all important factors, none would matter if GenAI tools were still riddled with security risks. Thankfully, that situation has likewise changed dramatically in the last few months.

In 2023, security concerns finally caught up with innovation

GenAI posed unique security risks from day one. For instance, visibility. As mentioned, this was the key concern for many enterprise GenAI skeptics. However, as we’ve learned more about GenAI and its benefits, we have also developed a deeper understanding of the technology that has culminated in better tools for GenAI security.

Visibility concerns have been definitively put to rest through tools developed and perfected in just the last year or so. Businesses can now easily determine how their AI technology is being utilized across systems, who is using them and for what purposes.

These new tools have also significantly impacted things like risk management and data privacy. Employers now have the option of next-generation security and privacy controls that ensure employees do not intentionally or inadvertently exfiltrate sensitive data. They can also easily catalog AI-specific risks and determine appropriate mitigation strategies. Combined with GenAI-facilitated advances in employee training and internal governance, these developments explain why the pool of GenAI holdouts grows smaller by the day.

In 2023, businesses were effectively faced with a binary question: namely, are you willing to potentially sacrifice security for the sake of increased productivity? Throughout 2023, we rapidly saw this question proven irrelevant, but throughout 2024, we we’re seeing new aspects of the conversation unfold. In the world of GenAI, innovation and security are no longer in opposition. The latter has finally caught up to the former. And both are advancing—in tandem—at an unimaginable pace. The unique security challenges presented by GenAI are now better understood, and companies now have to decide what security investments need to be made to keep GenAI secure.  

 

The post The Year in GenAI: Security Catches Up with Innovation appeared first on Cybersecurity Insiders.


May 21, 2024 at 07:31PM