Cyber Insurance demand fall as businesses bolster their cybersecurity infrastructure

Businesses are increasingly recognizing the critical need to enhance their cybersecurity defenses amid today’s evolving cyber landscape. Consequently, they are strategically investing in fortifying their existing infrastructure. This proactive approach has led to a notable decline in the demand for cyber insurance premiums across the UK.

According to a study conducted by cyber insurance firm Howden, the COVID-19 pandemic initially caused a surge in insurance prices throughout 2021 and 2022. However, as economic activities gradually resumed and profit margins improved, organizations found incentive to strengthen their IT defenses tailored to their specific requirements, thereby reducing reliance on insurance coverage.

Howden highlighted that companies implementing robust security measures such as multi-factor authentication have significantly bolstered their resilience against cyber threats. This proactive stance has mitigated the necessity for insurance coverage to protect IT assets.

Moreover, the study unveiled an unexpected insight: the invasion of Ukraine by Russia has coincided with a decline in ransomware attacks. This correlation is attributed to many ransomware groups, predominantly based in Russia, potentially redirecting their focus towards military activities, thereby postponing or decreasing their digital attack efforts.

For businesses deliberating whether to invest in cyber insurance, Howden’s experts offer valuable advice. A comprehensive cyber insurance policy can mitigate the financial impact of cyber incidents by covering costs incurred during and after an attack. This includes expenses related to downtime, recovery efforts, data loss, and potentially legal liabilities from affected stakeholders.

However, securing these benefits entails significant premium payments, which necessitate substantial budget allocations within IT departments. Organizations must ensure adequate financial readiness to support these expenditures to fully leverage cyber insurance protections.

The post Cyber Insurance demand fall as businesses bolster their cybersecurity infrastructure appeared first on Cybersecurity Insiders.

July 01, 2024 at 11:05AM

Read More

How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach

In 2024, we’ve seen several high-profile data breaches that have caused tangible and widespread damage to companies and their customers. One of the hardest-hit industries also includes one of our most critical: healthcare. The UnitedHealth data breach has had ripple effects since the initial news hit earlier this year.

It was recently revealed that the data breach will impact a large portion of the American people, and up to one in three Americans may have had their information compromised. This has been one of the worst healthcare breaches ever, and as the consequences keep emerging, the grim truth of exposing this personal data becomes clear.

This is what an expert had to say:

Clyde Williamson, Product Manager, Protegrity , said, “Months after the initial breach, UnitedHealth is still dealing with the long-term impacts of BlackCat’s infiltration into their networks. We’re now learning that personal identifiable information (PII, personal health information (PHI), and billing information were all part of this incident.  

While in this instance no complete patient information has been exposed, billing information can be just as revealing for a customer’s private medical procedure. For example, this information could include details on a prescribed drug, a specialist seen, or even of an out-of-state charge for a medical procedure when recent legal changes may make this legally problematic.  

Not only do these kinds of incidents expose some PII data, but they also expose inferences that can be made with that data. 

Stolen data has a wide-reaching and long tail of impact, and there are often subsequent breaches years after a primary attack. There’s no way to know for sure that either party involved actually deleted the stolen PII and PHI, but we can be sure that broader bad actors had access to this information for a period of time.  

Double extortion scenarios can haunt these organizations for years, meaning prevention is the best defense. UnitedHealth has already started the arduous process of creating a website for impacted customers. We must stop hoping layered defenses can stop threat actors from stealing our information while internally leaving it in clear text. Data de-identification methods offer flexibility and foresight benefits that render sensitive data useless for these groups. 

We need to remove the most significant source of ransom value to avoid these costs and strains on both organizations and their customers, even in instances of data exfiltration.” 

 

The post How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach appeared first on Cybersecurity Insiders.

June 29, 2024 at 09:24PM

Read More

Addressing Financial Organizations’ Digital Demands while Avoiding Cyber Threats

The financial services industry has been at the forefront of the digital transformation age for some time. Agility and convenience are mandatory in this sector, and customers have expected reliable access to financial services at a moment’s notice. Everything from basic transactions such as making transfers and payments, to more involved processes such as investments, loans, and more, can now be completed online or with a mobile app.

Growing the attack surface with hybrid working and cloud migration

Keeping up with these requirements has caused financial organizations to rapidly overhaul their IT infrastructure, adopt multiple types of cloud technologies, and embrace a hybrid working environment for employees. Because of this rapid digitalization, organizations are consuming many different security solutions creating a bespoke environment that inadvertently exposes them to cyber threats – and there are plenty of cyber thieves opportunistically waiting for their chance to attack.

The Growing Risk of IoT

In addition, many financial organizations have invested heavily in other new technologies such as IoT (Internet of Things) assets that have become commonplace in branch offices as banks seek to optimize their remaining locations. These devices range from simple security cameras to items such as smart payment terminals and ATMs.

However, IoT devices can also give cyber thieves a clear entry into the network. As these devices are purpose built and normally run some kind of thin Linux/Unix platform, it makes them incredibly hard to be properly secured through traditional means. Because of this, hackers can easily use tools to perform automated scans to discover these devices and quickly exploit security issues such as unpatched vulnerabilities.

In addition, the financial industry is known for taking advantage of the availability of 5G networks. The technology promises speeds up to 100 times faster than 4G, allowing organizations to deploy even larger, more effective networks of IoT devices more easily.

But while enabling firms to rapidly expand their IoT and IT footprint, 5G can also lead to even greater risk exposure, since as more potentially vulnerable devices are deployed the attack surface significantly expands. In addition, attackers can also leverage the faster connection speeds, facilitating faster data extraction and more sophisticated botnets.

Balancing security and user performance

The financial industry faces a difficult balancing act, with multiple conflicting priorities at the forefront. Organizations must continually strengthen security around their evolving solutions to keep up in an increasingly competitive and fast-moving landscape. But while strong security is a requirement, it cannot impact usability for customers or employees in an industry where accessibility, agility, and the overall user experience are key differentiators.

One of the best options to balancing these priorities is the utilization of Secure Access Service Edge (SASE) solutions. This model integrates several different security features such as Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Next Generation Firewall (NGFW), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP); and network management functions, such as SD-WAN, into a single offering delivered via the cloud. Cloud-based delivery enables financial organizations to easily roll out SASE services and consistent policies to their entire network infrastructure, including thousands of remote workers scattered across various locations, or multiple branch offices to protect private data and users, as well as deployed IoT devices.

There are a variety of SASE approaches for financial organizations to consider. Advanced unified SASE solutions provide the greatest benefits by natively embedding security into the global fabric of a software-defined network to optimize latency, scalability, and performance in ways only possible when everything is built-in from the beginning as a single service. A well-architected unified SASE solution comes with a unified management plane encompassing all the security and networking functionalities listed above, including a single policy engine, one language to define or import apps and users, an API that exposes most capabilities, and a common data lake – all part of a single operating system.

Unified SASE delivers important benefits for financial organizations to optimize security and user performance, most notably around tightly integrated security and networking that can be centrally managed and monitored, reducing the risk of security gaps or misconfigurations across otherwise separate functions. Unified SASE also offers the tightest integration of components, since they are designed to work together seamlessly, making it easier to manage and troubleshoot, which reduces complexity and streamlines IT operations. It is also easier to scale up or down for financial firms – since it’s a single-service cloud-native architecture designed for flexibility and scalability, adding additional components or capacity is simpler and quicker. Unified SASE gives users a consistent experience across all locations and services, with the same set of policies and controls in place. Finally, by combining security and networking policy into a single policy repository, unified SASE avoids the manual and often difficult and inconsistent policy reconciliation found with multiple implementations.

Enhancing network capabilities without compromising security

As the financial industry continues its relentless pursuit of digitalization, SASE will play an important role in optimizing the customer experience while also securing that experience against mounting cyber threats. SASE’s convergence of security capabilities and network management gives organizations the ability to control critical activity such as access management, policy enforcement, and network segmentation, just to start. Financial firms should explore how the vast array of SASE services can improve the services they offer while providing unparalleled security for the network, their customers, and private financial information.

The post Addressing Financial Organizations’ Digital Demands while Avoiding Cyber Threats appeared first on Cybersecurity Insiders.

June 29, 2024 at 09:02PM

Read More

Symmetric vs. Asymmetric Encryption in the Cloud: Choosing the Right Approach

Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. The key needs to be shared among the parties who are involved who wish to encrypt or decrypt data. Asymmetric encryption uses two separate keys related to one other mathematically. These are known as private and public keys. Typically, the certificate is often linked with a public key, which retains the information about the public key owners. 

The certificate consists of details like name, used algorithms, organization name, etc. However, symmetric and asymmetric encryption as ways of implementing cyber risk assessment may appear identical. Symmetric encryption is faster compared to asymmetric encryption, which is related to performance. Asymmetric encryption is slower, which is why symmetric encryption is specifically used in conjunction with asymmetric encryption. Let us now explore more related to this here.

Symmetric Encryption

As we have explained already, symmetric encryption utilizes an identical key for encryption and decryption; therefore, the sender will send the key to its receiver to decrypt the encrypted data. The key is often involved and needs to be protected and transferred securely. If anyhow the key is lost, then the data fails to get decrypted, and if the key is compromised, then it impacts encryption. Therefore, the symmetric keys get transferred among the parties who use the asymmetric encryption that ensures that the symmetric key stays encrypted. Two varied forms of keys get involved in encrypting and decrypting the data. Symmetric encryption is often comparably faster compared to asymmetric encryption, which is the reason why it gets used enormously.

Asymmetric Encryption

For managing third party risk, asymmetric encryption uses two distinctive keys that get mathematically involved with one another. The first one is known as the private as they are heavily protected. The key stays in an HSM or an air-gapped computer to ensure the protection of this key. The public key or the other one is derived from the private key that gets evenly distributed. The certificate is often created with the help of a public key that contains information about the owner of the key and a couple of details related to the key.

The key will often rely on the main number of the greater length. The public and private keys are simultaneously computed using similar mathematical operations, specifically the trapdoor functions. The trapdoor functions are easier to calculate in a single direction as they are troublesome to calculate in the reverse way. We can locate the public key; however, the private key never gets obtained through the public key using the private key.

Although asymmetric encryption offers greater protection to the keys, it is much slower than symmetric encryption. It is for this reason that asymmetric encryption is used for exchanging the secret key, which is used for establishing symmetric encryption for rapid data transfer and making encryption and decryption of the data rapid.

Integrating Encryption with Third Party Risk Management

In third party risk management, both symmetric and asymmetric encryption play pivotal roles. Companies should ensure that third-party vendors handle the key data and implement strong encryption practices to mitigate rapidly surfacing cyber risks and attacks.

Symmetric Encryption for Third Party Risk Management

• Data Protection: Organizations will need third-party vendors to use symmetric encryption to safeguard the stored data to ensure that whenever data gets accessed for keeping it unreadable without the encryption key.
• Secure Key Exchange: Implementation of the secure key exchange protocols remains critical while dealing with third parties. The encrypted channels for the distribution of keys and periodic key rotation would boost security.

Asymmetric Encryption for Third Party Risk Management

• Secure Communications: Asymmetric encryption is the key to establishing secure communications with third-party vendors. The SSL/TLS protocols and the digital certificates ensure that the data gets transmitted between the parties in a tamper-proof and confidential manner.
• Authentication and Integrity: Asymmetric encryption benefits the strong mechanisms behind authentication, verifying the identity of third-party vendors while ensuring the integrity of data.

Uses for Asymmetric and Symmetric Encryption

Asymmetric and symmetric encryption is used in a better way across a myriad of situations. Symmetric encryption with the use of a single key is better used for the data at rest. Data stored across the databases requires to be encrypted, ensuring that it does not get stolen or compromised. The data never needs two keys, just a single one offered by the symmetric encryption as it requires it to be safer until it gets accessed in the future. Alternatively, asymmetric encryption should be used on data that is sent across emails to the rest of the people.

Whenever symmetric encryption gets used on data in emails, the attackers take the key being used for encryption and decryption that gets compromised or stolen. The sender and recipient ensure that the recipient of the data can start decrypting the data since their public key gets used for data encryption with asymmetric encryption. These encryptions get used with different processes, such as digital signing or compression, offering greater data security.

Security and Trust

Making the right choice between symmetric and asymmetric encryption takes a lot of work to get a direct one. Asymmetric encryption is often used for establishing a secure connection between users who hardly met with the connection that was used for exchanging a symmetric encryption key. Whenever the entire process gets implemented in the SSL systems it will take a couple of milliseconds. As an outcome, numerous users will never find it. It is important for modern network infrastructure. For now, it is the ideal way to safeguard key data against corruption and theft.

Conclusion

Symmetric encryption is the fastest technique for encryption as the robust cybersecurity measures; however, the secret key should be exchanged securely for its real potential. Asymmetric encryption is thereby used for exchanging the key that gets involved for symmetric encryption. In both instances, asymmetric encryption is used briefly exchanging the parameters and establishing the symmetric encryption used for the remainder of the communication. Therefore, both of them get used together to achieve the perfect secure communication, achieving authenticity, maintaining privacy, proper authentication, and integrity of data.

 

The post Symmetric vs. Asymmetric Encryption in the Cloud: Choosing the Right Approach appeared first on Cybersecurity Insiders.

June 29, 2024 at 08:36PM

Read More

Infinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat Windows

Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks. Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such as ransomware. Sophisticated cyberattacks, including new sinister forms of AI-driven attacks, are increasingly targeting the data storage infrastructure of enterprises.

Infinidat’s InfiniSafe ACP enables enterprises to easily integrate with their Security Operations Centers (SOC), Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) cybersecurity software applications, and simple syslog functions for less complex environments. A security-related incident or event triggers immediate automated immutable snapshots of data, providing the ability to protect InfiniBox® and InfiniBox SSA block-based volumes and/or file systems and ensure near instantaneous cyber recovery.

“The merging of cybersecurity and data infrastructure has been compelling CIOs, CISOs and IT team leaders to rethink how to secure enterprise storage across hybrid multi-cloud deployments in light of increasing cyberattacks. Enterprises need proactive strategies, seamless integration across IT domains, and the most advanced, automated technologies to stay ahead of cyber threats,” said Eric Herzog, CMO at Infinidat. Recognized as a cyber secure storage expert, Herzog is coming off participation in a string of cybersecurity panel discussions, roundtables and conference events.“Infinidat has carved out a very unique leadership position as the only storage vendor to offer an automated enterprise storage cyber protection solution that seamlessly integrates with cyber security software applications,” said Chris Evans, Principal Analyst at Architecting IT. “Infinidat’s newly launched InfiniSafe Automated Cyber Protection that easily meshes with the SIEM, SOAR or Security Operations Centers is exactly what enterprises need to include enterprise storage as a comprehensive approach to combat cyber threats.”

Infinidat’s new InfiniSafe ACP capability orchestrates the automatic taking of immutable snapshots of data, at the speed of compute, to stay ahead of cyberattacks by decisively cutting off the proliferation of data corruption.

Evans added, “This proactive cyber protection technique is extremely valuable, as it enables taking immediate immutable snapshots of data at the first sign of a potential cyberattack. This provides a significant advancement to ensure enterprise cyber storage resilience and recovery are integral to an enterprise’s cybersecurity strategy. ACP enhances an enterprise’s overall cyber resilience by reducing the threat window and minimizing the impact of cyberattacks on enterprise storage environments.”

The InfiniSafe Automated Cyber Protection is one of the biggest innovations of the year in cybersecurity because it unlocks the full potential of an enterprise’s security posture and maximizes the investments that an enterprise has made in protecting the business. By plugging into existing security mechanisms and continuous monitoring, InfiniSafe ACP bridges the gaps between enterprise storage and cybersecurity strategies that can transform the way CIOs and CISOs think about enterprise data infrastructures.

Information technology leaders have identified this ability to automate data snapshot commands and data pathways as critical to early detection and worry-free cyber recovery that minimizes the effects of even the most vicious and deceptive cyberattacks of malicious actors. An enterprise’s security team can put all its information from security operations through an enterprise storage intelligence grid to create the most sensitive triggers that often get missed by existing technologies and techniques.

Paul Rapier, VP of Information Technology at the Detroit Pistons, stated, “Infinidat’s efforts in enhancing cyber resilience for enterprises, particularly through the new InfiniSafe Automated Cyber Protection, are noteworthy for data security.”Allen Shahdadi, Vice President of Global Sales at Sycomp, said, “Infinidat has become synonymous with guaranteed cyber resilient storage. Infinidat continues to deliver powerful solutions that solve critical cyber issues for enterprises and service providers around the globe. The InfiniSafe Automated Cyber Protection solution brings much needed capabilities to fight more effectively against cyberattacks. The automatic capture of immutable snapshots of primary data could be the difference between your data being held ransom and the rapid recovery of your data. Before international cybercriminals, hackers and fraudsters can gain an advantage, Infinidat’s InfiniSafe reduces the threat window decisively.”

The InfiniSafe Automated Cyber Protection solution is the latest in a string of cybersecurity capabilities that Infinidat has brought forward to strengthen enterprise storage in the face of constant threats of a tsunami of cyberattacks. Infinidat has also unveiled the following extensions of its state-of-the-art cyber resilient capabilities:

• InfiniSafe Cyber Detection for VMware – Access to InfiniSafe cyber resilience capabilities to combat cyberattacks has been expanded into VMware environments. The impact of a cyberattack can be readily determined through this cyber detection capability, with highly granular insights by leveraging AI and machine learning whether or not a VMware datastore and the VM’s they encompass have been compromised.
• InfiniSafe Cyber Detection for InfiniGuard® – Cyber detection will be extended onto the InfiniGuard purpose-built backup appliance to help enterprises resist and quickly recover from cyberattacks. This proven capability provides highly intelligent scanning and indexing to identify signs of cyber threats in backup environments, helping ensure that data has integrity. The enhanced version will be available in 2H 2024.

As a leader in cyber resilient storage, Infinidat first unveiled its InfiniSafe software-based platform two years ago with a set of cybersecurity functions. This solution has won numerous awards and has been proven by large global enterprises. The comprehensive cyber resilience capabilities of InfiniSafe technology improve the ability of an enterprise to combat and protect against ever-increasing cyberattacks and data breaches by uniquely combining immutable snapshots, logical air gapping, fenced/isolated networks, and virtually instantaneous data recovery into a single, high-performance platform.

The InfiniSafe ACP is the latest example of Infinidat’s broadening innovation. It was introduced alongside the launch of the InfiniBox G4 family of next-generation storage arrays for all-flash and hybrid configurations. The G4 series is a completely new storage array family built from the ground up that substantially extends Infinidat’s cyber storage resilience and delivers up to 2.5x improvement in performance. The InfiniBox G4 series introduces a new set of foundational elements, powered by InfuzeOS, which is Infinidat’s software defined storage operating system.

Webinar On Demand

To watch Infinidat’s end-user webinar about the new solutions − “The Future of Enterprise Storage, Cyber Security and Hybrid Multi-Cloud” – users can click here.

The post Infinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat Windows appeared first on Cybersecurity Insiders.

June 29, 2024 at 08:11PM

Read More

Cybersecurity breach of TeamViewer Corporate environment by APT29

TeamViewer, a remote monitoring and management tool based in Germany, has reported a security breach within its internal corporate IT environment. The incident occurred on June 26, 2024, prompting immediate remedial actions to prevent any potential data compromise.

The company, known for serving over 600,000 active customers, reassured the public that no customer data was illicitly accessed by the hackers responsible for the breach. TeamViewer has since launched a thorough investigation into the incident, identifying it as an attack carried out by a state-sponsored hacking group known as APT29 aka cozy bear. The breach was reportedly facilitated by the theft of an employee’s credentials, raising concerns about potential unauthorized access.

In response to the breach, TeamViewer has deployed incident response teams to mitigate any operational disruptions caused by the cyber attack on its corporate IT infrastructure. The company emphasizes its commitment to security, highlighting features such as multi-factor authentication and options for blocking or allowing specific connections. Passwords are safeguarded against brute force attacks, and additional security measures like fingerprint biometrics are available to enhance device protection.

Notably, TeamViewer faced scrutiny in June 2016 following unauthorized access incidents in China, attributed at the time to weak, easily guessable passwords. The company subsequently took steps to address these vulnerabilities to prevent misuse and enhance overall security protocols.

APT29 is a threat group that is affiliated to Russian Foreign Intelligence Services and works for Kremlin in gathering intelligence. This group of criminals is operating since 2008, and till date has been primarily targeting government networks in Europe and NATO members. Since June 2015, it shifted its focus in targeting Democratic National Committee and in April 2021 compromised SolarWinds software, thereafter targeting the software provider’s client companies.

The post Cybersecurity breach of TeamViewer Corporate environment by APT29 appeared first on Cybersecurity Insiders.

June 28, 2024 at 08:42PM

Read More

Apple Safari Browser Data Security ad against Google Chrome

Recently, commuters in California, Paris, Singapore, Queensland, and London have been encountering Apple Inc.’s Safari Browser ads on billboards and public buildings. These ads cleverly promote Safari as the browser of choice for iPhone users while taking a swipe at Google’s Chrome browser. Google had recently admitted to collecting data from Chrome users, sparking concerns over privacy.

Apple’s ad campaign suggests that users worried about data security and privacy should switch to Safari for their browsing needs, emphasizing improvements like fixing the kids’ screen time bug. While some find Apple’s promotional tactics innovative, others criticize the approach for unfairly disparaging competitors.

Earlier this year, Google Chrome faced backlash for allegedly collecting data even in incognito mode, including cookies, search history, and location details. The controversy highlighted ongoing debates about tech companies’ ability to collect user data with or without consent.

Google, under its parent company Alphabet Inc., claims to prioritize user data security and control over content. However, discrepancies between policy and practice have been highlighted, notably in a 2020 lawsuit alleging data collection despite incognito mode usage.

In the past few days, Google issued security updates for its Chrome 125 browser, addressing nine vulnerabilities. This followed an alert from a bug bounty program about a potential security flaw that could allow remote hackers to inject code via an HTML page, posing a risk to browser stability.

Apple has remained committed in offering its users utmost level of privacy as it also doesn’t cater to the demands of law enforcement agencies across the world with regards to data sharing…..

 

The post Apple Safari Browser Data Security ad against Google Chrome appeared first on Cybersecurity Insiders.

June 28, 2024 at 10:45AM

Read More

Maryland Association of Community Colleges Receives Funding for the Cyber Workforce Accelerator

Partnership with BCR Cyber Will Provide Jobs and Access to Advanced Experiential Training at Maryland Community Colleges

Baltimore, MD (6/25/24) – The Maryland Association of Community Colleges (MACC), in partnership with Baltimore Cyber Range dba BCR Cyber, has been awarded $935,680 through the Maryland Department of Commerce’s “Build Our Future Grant Pilot Program” to fund the Cybersecurity Workforce Accelerator.  This award leverages the $2 million of Congressionally Directed Spending obtained by U.S. Senators Ben Cardin and Chris van Hollen that was allocated for the Accelerator earlier this year in the Federal FY25 Budget as matching funds, bringing the total amount awarded year to date for the Cyber Workforce Accelerator to $2.9 million.

Together, MACC and BCR Cyber developed the Cyber Workforce Accelerator to dramatically expand Maryland workforce development efforts and provide the state’s community colleges with BCR Cyber Series 3000 Cyber Ranges, giving access to advanced experiential training and education technology to train and certify thousands of entry level IT and cyber practitioners. The Cyber Workforce Accelerator will be available to both credit and non-credit students enrolled at Maryland community colleges.

The grant award facilitates the procurement, configuration, and deployment of the cyber ranges, as well as required community college and server facility infrastructure upgrades, enhancements, and staff training. Delivery of the cyber ranges and training commencement is expected by April 1, 2025.

As a function of this effort, a public-private consortium of 35+ cybersecurity companies and government agencies will steer course content development and recruit entry-level employees trained at the community college cyber ranges. Each of these entities have pledged significant leveraged resources to this project.

According to Dr. Brad Phillips, Executive Director of MACC, “The goal is to place cyber ranges in community colleges across the State to be used for workforce development in cybersecurity.  This will place Maryland as the first state in the nation to use range technology for workforce development, which will diversify the workforce and accelerate closing the workforce skills gap. I strongly believe what we are doing should become a model for the nation.”

This initiative builds on the federally funded “Cyber Pathways Across Maryland” (CPAM) program infrastructure and BCR Cyber via Maryland Department of Labor Employment Advancement Right Now (EARN) programs. For more than five years, BCR Cyber has worked with the EARN program and Maryland community colleges to establish an IT and cybersecurity workforce development pipeline. More than 1,000 Maryland residents have been trained, certified, and placed through the pipeline.

“Our work with MACC to deploy these additional cyber ranges not only helps meet the critical need to fill more than 30,000 cybersecurity job openings in Maryland, but also creates thousands of potentially life-changing career opportunities for Marylanders.  We are extremely grateful to the Moore-Miller Administration and the Department of Commerce for recognizing the need to dramatically expand Maryland’s cybersecurity workforce with this innovative public-private partnership,” says BCR Cyber President Michael Spector. 

BCR Cyber has established a wide range of strategic relationships with state and federal IT departments, allowing them to deliver cutting-edge cybersecurity training to their employees. Collaborating closely with these government entities, BCR Cyber is enabling them to strengthen their cybersecurity posture while fostering a culture of continuous learning and improvement.

Additionally, BCR Cyber holds exclusive responsibility for conducting technical proficiency testing for third-party assessment organizations (3PAOs), as required by the Federal Risk and Authorization Management Program (FedRAMP). BCR Cyber testing ensures these organizations meet the standards necessary to assess and authorize cloud service providers for federal agencies.

The Build Our Future Grant Pilot Program was established through The Innovation Economy Infrastructure Act of 2023 as a key piece of Maryland Governor Moore’s plan to bridge the gap between vision and success in the state. Grants are awarded to private companies, nonprofit entities, local governments, or colleges and universities in Maryland. Eligible projects include cyber ranges, prototype manufacturing centers, research spaces, sensitive compartmented information facilities, and wet laboratories, among others.

About Maryland Association of Community Colleges

Maryland Association of Community Colleges (MACC) is an advocate for Maryland’s 16 community colleges and the needs of the students they serve. State-of-the-art facilities, flexible curricula, and award-winning teaching staff serve full- and part-time students pursuing academic degrees, career certifications, and enrichment courses at 22 campuses and 1000+ learning sites statewide. See more at mdacc.org.

About BCR Cyber

Established in 2017, BCR Cyber (formerly Baltimore Cyber Range) is dedicated to delivering exceptional training solutions to both government and commercial clients. BCR Cyber has trained thousands of individuals and successfully placed over 83 percent into employment. The BCR Cyber Range is the first such facility in the world specifically dedicated to workforce development in the cybersecurity sector. BCR Cyber provides trainees with the most advanced cybersecurity strategies and techniques in an environment that simulates real threats in real-time. The range’s hands-on training encompasses cyber threat detection, compromise mitigation, and system remediation, and is complemented by placement services. For more information, visit www.bcrcyber.com.

 

 

The post Maryland Association of Community Colleges Receives Funding for the Cyber Workforce Accelerator appeared first on Cybersecurity Insiders.

June 27, 2024 at 03:52PM

Read More

Top Tips to Keep Data Safe During the 2024 Paris Olympics

It’s no secret that the Olympics is one of the most highly attended events in the world. This year, it is expected that the Olympics will bring over 15 million visitors to Paris. With such a heavy influx of people, protecting the event from both physical and cyber-attacks is a massive but vital undertaking. This year, it’s safe to say that the spotlight will be on mobile devices as they are our first choice for how we communicate, work, bank, take photos, navigate, shop and stay informed. This year, it is important to be aware of the risks associated with mobile devices as bad actors will have them high on their hit list. In fact, according to Zimperium’s Global Mobile Threat Report 2023 , 43% of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187% year-over-year. What’s more, the CISO for the Paris Olympics 2024 has announced that the number of attacks is expected to be eight to ten times higher than it was for the Tokyo Olympics. This piece will explore those risks and give insights on how to prepare for them. 

Don’t fall prey to risky QR codes

Mobile devices are a main avenue in which today’s cybercriminals are launching highly evasive attacks. In the last few years, QR codes have risen in popularity because of their ease and swift ability to share information by simply scanning a mobile phone’s camera. They will undoubtedly have a heavy presence at this year’s Paris Olympic Games (i.e. scanning codes via your personal TV, downloading Olympic related apps) and it is important to know that a QR code is just like a URL but worse, as you can’t see the real URL you really visiting prior to scanning it. So it’s really important to ensure you know where the QR code is actually taking you.

Make sure you don’t fall victim to malware by clicking on QR codes with malicious links that require you to download an application. Download the application from a trusted app store instead of following an opaque link to download an app from a third-party app store or an unknown source. We expect to see many fake apps centered around the Olympics. In fact, more than 200 fraudulent sites selling tickets for sporting events have already been detected by French police in recent months, and the French government has announced that it has fallen victim to cyberattacks of “unprecedented intensity.” 

Malicious Data Collection

With millions of people traveling to Paris this summer for the Olympic games, bad actors are preparing themselves to attack on all fronts, one of which is through guest Wi-Fi networks that can easily be corrupted i.e. public networks at the games, local coffee shops, airports etc. To all individuals who think logging into public Wi-Fi networks is safe, you better think twice. Bad actors can easily create open Wi-Fi hotspots disguised as legitimate and free networks, which, if connected to, compromise devices and install dangerous malware. To make matters worse, bad actors can also use these tactics to launch Man-in-the-Middle (MITM) attacks, where attackers interrupt an existing conversation or data transfer to steal account details, credit card numbers and login credentials. Once an unsuspecting user connects to the free, malicious Wi-Fi hotspot that the attacker created, the bad actor has full visibility into the exchange. The last thing anyone wants to have to spend time on while trying to enjoy the games is having to spend precious time on the phone with banks and credit card companies notifying them of nefarious activity.  If you must use a public Wi-Fi network, consider using a VPN for an added layer of protection and be sure you’re transacting with SSL/TLS protected web sites.

The CISO for the Paris Olympics 2024 has announced that the number of attacks is expected to be eight to ten times higher than what we saw occur at the 2020 Tokyo Olympics. With an event of this magnitude, the French authorities are working around the clock to prepare for possible cyberattacks and nefarious activity. The Comité d’organisation Paris24 (Organising Committee for Paris24 is taking great precaution to ensure the games go as smoothly as possible. France will not be exempt from attempts to destabilize the country through computer / mobile device sabotage. According to the French Cybersecurity Agency (ANSSI), attackers may be encouraged to penetrate and maintain a position on critical networks amidst ongoing international tensions and turmoil. This is a prevalent reason why ANSSI is calling on organizations to be better equipped and follow cyber protection recommendations such as creating a strong security strategy tailored to this event, developing detection capabilities, implementing an information system backup strategy, and drawing up recovery plans.

The biggest takeaway here is that in a mobile-powered world, a mobile-first security strategy is vital. Mobile devices and apps are an integral part of some of the largest events and organizations in the world. It is essential to establish advanced, adaptive protections that safeguard against unsafe devices, unsafe networks, phishing, and malware attacks that can destabilize networks and put millions of users at risk. Establishing these protections must become the new norm for business leaders.

Bio:

Krishna Vishnubhotla is a seasoned professional in the SaaS industry, specializing in catalyzing startup growth through adept product and marketing strategies. With a keen focus on mobile application security products, he has a proven track record in defining and executing product visions that drive significant revenue growth. In addition to managing a global customer success portfolio, he established high-value strategic partnerships. His leadership skills extend to spearheading revenue generation efforts, serving a diverse clientele across multiple industries.

The post Top Tips to Keep Data Safe During the 2024 Paris Olympics appeared first on Cybersecurity Insiders.

June 27, 2024 at 03:35PM

Read More

Adversaries Seek to Take Advantage of Global Events – How To Prepare for the 2024 Paris Olympics

The 2024 Paris Olympics is set to begin on July 26, global adversaries are paying close attention and such a high-profile event serves as an opportunity for bad actors to cash in on vulnerable organizations and users with poor cyber hygiene. It is crucial to take a proactive approach when dealing with cyber initiatives. 

No one tool can stop it all. It is essential to collaborate with many organizations and security agencies to help identify potential security threats early. Robust cybersecurity measures should be implemented to safeguard critical infrastructure and data. This includes monitoring for anomalies, securing service accounts, ensuring cyber hygiene practices are followed, and many more. Not to forget, comprehensive risk assessment and scenario planning are essential components of cyber readiness. Anticipating various adversarial tactics, enables proactive measures to mitigate organizational vulnerabilities. 

Ultimately, a cohesive strategy that combines proactive intelligence efforts, robust cybersecurity measures, diplomatic collaboration, and community engagement will fortify resilience against potential adversaries seeking to exploit global events like the 2024 Paris Olympics.

For more insights, security leaders share their thoughts below on their advice for organizations ahead of the Paris Olympics: 

Tim Eades, co-founder & CEO, Anetac

“Whether it is the 2024 Paris Olympics, or another “lightning rod” global event, there will be an endless amount of service accounts created through new employee logins, tickets, payment information, etc, that will be seen as a target for bad actors. If they can access an employee login, they have limitless potential to access other chains in the organization. 

If we can’t identify what these service accounts have access to in the broader chain of operations, it could be detrimental to security efforts.”

Roy Akerman, CEO & co-founder, Rezonate

“We need to face the facts. User identities are the keys to the castle and should be protected as such. According to the 2024 Verizon Data Breach Report, 68% of breaches happen due to human error and 1/3 of breaches happen due to misconfigurations and other issues. Ahead of the 2024 Paris Olympics, it’s crucial to allocate resources to security solutions that establish a baseline for user behavior within an organization’s network. 

This approach allows security teams to swiftly detect and address anomalies, and respond to potential threats before they escalate into full blown breaches. In today’s landscape, the question is not whether you’ll face a breach, but when. That’s why prioritizing investment in modern security solutions and fostering a security-conscious culture across your entire organization is paramount, rather than confining it solely to the security team.”

The post Adversaries Seek to Take Advantage of Global Events – How To Prepare for the 2024 Paris Olympics appeared first on Cybersecurity Insiders.

June 27, 2024 at 11:19AM

Read More

Ransomware attacks launched on the world by China and North Korea

According to a joint investigation by security analysts from SentinelOne and Recorded Future, a significant ransomware campaign targeted government and critical infrastructure between 2021 and 2023, with new details now coming to light.

The attacks occurred in two distinct clusters. The first cluster, attributed to the group ChamelGang (also known as CamoFei), targeted institutions such as India’s All India Institute of Medical Sciences (AIIMS) and the aviation ministry, as well as the Presidency Hall in Brazil in 2022, using the CatB ransomware. And the second one launched by a group belonging to North Korea and dubbed as Andariel, apparently linked to APT41.

Initially, suspicions pointed towards known groups like BlackCat and LockBit. However, the sophistication of the CamoFei attack allowed it to evade detection by traditional threat intelligence software, masking its origins effectively.

In the past week, the National Health Laboratory Service of South Africa(NHLS) was hit by a ransomware attack that disrupted the testing of blood samples, mainly at the time of Moneypox or Mpox outbreak. The attack was sophisticated enough as the hackers deleted some data sections in the systems, prompting the authorities to take the help of backups for data rebuild. CatB Ransomware first detected by Positive Technologies in the year 2021 is suspected to be behind the incident, though there is no concrete evidence to prove the point, yet.

Security experts at SentinelOne suggest that the attackers may have affiliations with state-sponsored groups, possibly seeking financial gains to support broader geopolitical ambitions, including nuclear programs.

Notably, nations facing international sanctions, such as North Korea under Kim Jong Un’s leadership, have shown interest in using cyber operations to generate revenue despite global efforts to curb such activities. Western nations like the UK and USA continue to impose sanctions and press for cybersecurity measures to counter such threats, highlighting ongoing tensions over cyber warfare and financial exploitation.

The post Ransomware attacks launched on the world by China and North Korea appeared first on Cybersecurity Insiders.

June 27, 2024 at 10:46AM

Read More

AI driven Google Naptime to help LLM to conduct vulnerability research

Security researchers face significant challenges when hunting for vulnerabilities in Large Language Models (LLMs). However, Google’s Naptime Framework provides a breakthrough in AI-driven vulnerability research, automating variant analysis.

Named for its concept of allowing researchers to “take a nap” amidst their intensive exploration of large-scale language models, Naptime Framework closely mirrors the methods employed by human security experts, including analysis and hypothesis testing. This approach ensures precise and reproducible results in identifying vulnerabilities.

Tested since 2023 and aligned with Google’s Project Zero principles, the framework aims to enhance the efficiency of vulnerability detection in LLMs, benchmarked against CyberSecEval2 standards set by Meta, Facebook’s parent company, in April 2024.

Meanwhile, discussions have arisen in tech forums regarding ransomware targeting Meta’s virtual reality headsets. Attacks on virtual headsets, dubbed Spatial Computing attacks, are uncommon but gained attention following incidents such as the hack of Apple’s Vision Pro.

Despite Meta’s headsets running on the Android Open-Source Project, technical analysts assert that compromising such devices is challenging without access to developer mode—a rare occurrence.

This debate has sparked interest among enthusiasts, particularly in light of how CovidLock, a ransomware disguised as a Covid-19 tracking application, infected thousands of devices last year without requiring admin-level permissions. This topic remains highly contentious and is currently trending in top-tier tech forums.

The post AI driven Google Naptime to help LLM to conduct vulnerability research appeared first on Cybersecurity Insiders.

June 26, 2024 at 08:45PM

Read More

Cloud Security becoming a priority for businesses in 2024

With the rise of digital transformation and widespread adoption of cloud-based solutions, organizations are increasingly turning to these platforms to meet their evolving needs. However, the surge in data breaches within cloud data centers has sparked significant concern among security professionals. This uncertainty has left many grappling with decisions about cybersecurity budget allocations in upcoming sessions.

The 2024 Thales Cloud Security Study identifies two primary concerns that, if addressed by Cloud Service Providers (CSPs), could alleviate many of these anxieties: human error and mis-configurations. These factors are responsible for 28% of breaches, resulting in data leaks and application disruptions.

Based on insights gathered from nearly 3,000 IT professionals across 18 countries, the report reveals that 14% of organizations experienced breaches in the past year, often attributed to insufficient use of multifactor authentication.

Notably, cybercriminals are targeting not just small companies but also industry giants like Microsoft and Google. These attacks are increasingly sophisticated, with threat groups specifically targeting sensitive information, including government data, for intelligence purposes.

Recent incidents, such as the breach in Snowflake‘s customer environment and Neiman Marcus’s confirmation of a security lapse, underscore the pervasive risks faced by cloud users.

Initially seen as a secure alternative to on-premise solutions, cloud platforms have faced scrutiny over data ownership and security responsibilities. This debate gained traction with manufacturers of data storage appliances challenging who should bear accountability for safeguarding cloud-stored data and applications.

While the controversy briefly subsided, the complexity of managing cloud security in today’s expansive network environments has reignited discussions. Many organizations struggle to navigate the intricacies of defending against cyber threats, further intensifying the ongoing debate on cloud security.

In conclusion, the issue remains highly contested, reflecting the escalating challenges and persistent concerns surrounding cloud security.

The post Cloud Security becoming a priority for businesses in 2024 appeared first on Cybersecurity Insiders.

June 26, 2024 at 11:35AM

Read More

CDK Global faced second ransomware attack

CDK Global, a prominent provider of software solutions for automotive sales and services across 15,000 dealerships, recently faced significant disruptions due to alleged ransomware attacks. Reports indicate that the attacks, attributed to the Black Suit file encrypting malware group, initially targeted the company, causing temporary service disruptions.

Shortly after the first incident, media outlets reported a second ransomware attack targeting CDK Global while recovery efforts from the initial breach were still ongoing. Lisa Finney, a spokesperson for the company, confirmed the occurrence of the second attack and assured that investigations were underway. Law enforcement agencies were promptly notified, and security experts were engaged to conduct a thorough investigation.

Meanwhile, efforts to restore services were in progress, with CDK Global urging caution among its staff regarding potential phishing attacks. Employees were warned about threats where malicious actors could impersonate CDK partners to obtain sensitive information.

Cybersecurity experts emphasize the importance of promptly addressing vulnerabilities through software upgrades and updates. Failure to do so may leave companies vulnerable to repeated attacks throughout the year. It is crucial for affected businesses to seek expert guidance to patch vulnerabilities effectively, thereby minimizing future risks of exploitation by cybercriminals.

The post CDK Global faced second ransomware attack appeared first on Cybersecurity Insiders.

June 25, 2024 at 09:25PM

Read More

Create order from chaos

The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyber threats are growing in complexity and frequency, demanding sophisticated solutions that not only detect but also prevent malicious activities effectively.

Cybereason’s MalOp (Malicious Operations) is designed to tackle this challenge head-on, transforming chaos into order by providing comprehensive, real-time insights into security threats.

Chaos in cybersecurity

Cybersecurity teams are often overwhelmed by the sheer volume of alerts and data they must sift through daily. Traditional security systems generate numerous alerts, many of which are false positives, leading to alert fatigue and missed genuine threats. This chaotic environment hampers the efficiency of security operations centres (SOCs) and increases the risk of breaches.

Cybereason’s MalOp is a game-changer in this chaotic environment. It consolidates alerts and presents them as a single, coherent storyline, allowing security teams to understand and respond to threats more effectively. Here’s how Cybereason MalOp creates order from chaos:

1.  Consolidation of Alerts

Instead of presenting isolated alerts, MalOp correlates various signals from endpoints, networks, and users to form a comprehensive picture of an attack. This approach reduces noise and highlights the real threats that need attention.

2. High-Fidelity Detections

MalOp employs advanced analytics and machine learning to provide high-fidelity detections. This means fewer false positives and more accurate identification of threats. The system can discern between benign anomalies and actual malicious activities, ensuring that security teams focus on genuine threats.

3. Automation and Guided Remediation

Cybereason MalOp integrates automation to handle repetitive tasks and provide guided remediation steps. This reduces the workload on security teams and ensures swift, effective responses to threats. Automated remediation can neutralise threats instantly, while guided steps assist analysts in more complex scenarios.

Key capabilities of Cybereason MalOp

1. Comprehensive Visibility

Cybereason MalOp provides visibility into the entire attack lifecycle, from root cause to every affected endpoint and user. This holistic view enables security teams to understand the full scope of an attack and take informed action.

2. Rapid Investigation and Response

The platform significantly reduces the time required for threat investigation and response. According to the Forrester Total Economic Impact (TEI) report, Cybereason reduces investigation periods by as much as 93%. This speed is crucial in minimising the damage caused by cyberattacks.

3. Leveraging All Event Data

Unlike other solutions that limit data collection, Cybereason collects and analyses 100% of event data in real-time. This comprehensive data collection ensures that no critical information is missed, enhancing the accuracy and reliability of threat detection.

 4. Scalability

Cybereason boasts an impressive analyst-to-endpoint ratio of 1:200,000, thanks to its advanced automation and machine learning capabilities. This scalability ensures that even large organisations can manage their cybersecurity effectively with limited human resources.

The edge against evolving threats

Traditional antivirus solutions are no longer sufficient, Cybereason moves beyond legacy AV limitations with a multi-layered prevention approach, including intelligence-based, behavioural, deception, NGAV (Next-Generation Antivirus), and machine learning attack prevention.

1. Multi-Layered Prevention

Cybereason’s multi-layered prevention strategy ensures comprehensive protection against various types of threats. By combining different methods, the platform can detect and prevent known, unknown, and emerging threats effectively.

2. Behavioural and Deception Techniques

The platform employs behavioural analysis to identify anomalies indicative of malicious activities. Deception techniques, such as honeypots and decoys, lure attackers into revealing their methods, allowing Cybereason to preemptively counteract threats.

Real-time reporting and actionable intelligence

Cybereason MalOp provides real-time reporting and actionable intelligence, enabling security teams to act swiftly. The platform’s Nocturnus team, comprising world-class threat intelligence analysts, continuously monitors and analyses emerging threats, ensuring that the latest intelligence is always at hand.

1. AI-Powered Insights

Cybereason utilises multiple layers of machine learning to uncover sophisticated threats, including zero-day malware and ransomware. These AI-powered insights make sense of complex data relationships, surfacing the most critical threats for immediate action.

2.Global Threat Intelligence

The Nocturnus team leverages global threat intelligence to stay ahead of cybercriminals. By understanding and disrupting malicious operations worldwide, Cybereason ensures its users are protected against the latest threats.

Tailored solutions for different enterprises

Cybereason offers tailored solutions to meet the unique needs of various enterprises, from small to medium businesses to large corporations. Each solution is designed to provide the critical tools necessary for robust cybersecurity.

1.Small to Medium Enterprises

For smaller enterprises, Cybereason offers a prevention-focused protection plan that includes threat intelligence, NGAV, anti-ransomware, and endpoint controls. These tools provide a solid foundation for protecting against common cyber threats.

2. Large Enterprises

Large enterprises benefit from more advanced capabilities, including EDR (Endpoint Detection and Response), MDR (Managed Detection and Response), incident response, and threat hunting. These features ensure comprehensive protection and rapid response to sophisticated attacks.

3. Ultimate Protection

For organisations seeking the highest level of security, Cybereason offers a comprehensive attack protection plan backed by a $1 million breach protection warranty. This plan includes all features, ensuring that enterprises are fully equipped to handle any cyber threat.

Cybereason MalOp is not just a tool; it is a paradigm shift in cybersecurity, turning chaos into order and enabling security teams to protect their organisations effectively. For more information about Cybereason MalOp and how it can benefit your organisation, visit the Cybereason website.

The post Create order from chaos appeared first on Cybersecurity Insiders.

June 25, 2024 at 06:58PM

Read More

LockBit ransomware spinoff variant targets Indonesia Govt data centers

In recent days, Indonesia has been grappling with significant disruptions to airport services and banking operations following a ransomware attack attributed to a variant known as Brian Cipher, a spinoff of the notorious LockBit ransomware. This incident has resulted in widespread outages affecting essential services, including immigration and IT systems across 210 government organizations.

Initial investigations suggest that the hackers behind the attack have successfully exfiltrated a portion of data and are demanding a ransom of $8 million within a two-day deadline. Failure to comply threatens the release of stolen data on the dark web.

The impact has been particularly felt at Jakarta Soekarno-Hatta International Airport, where automated passport processing delays caused lengthy queues, though this issue has since been resolved. However, many other government offices continue to struggle with data recovery efforts.

Ransom payments, though sometimes considered as a quick fix, do not guarantee the return of decryption keys and can perpetuate criminal activities. Moreover, victims may face repeated attacks if underlying vulnerabilities are not properly addressed.

Looking ahead, the threat landscape is expected to escalate with the adoption of AI technology by cybercriminals, making attacks more sophisticated and challenging to defend against.

LockBit, the group responsible for this attack, has been active in digital crime for three years. Despite periodic law enforcement crackdowns that temporarily halted their operations, the group has reemerged with new iterations, demonstrating adaptability in their tactics.

This incident underscores the ongoing challenge of cybersecurity and the evolving nature of ransomware threats, necessitating robust preventive measures and responses to safeguard critical infrastructure and data.

The post LockBit ransomware spinoff variant targets Indonesia Govt data centers appeared first on Cybersecurity Insiders.

June 24, 2024 at 08:43PM

Read More

NHS Qilin Ransomware gang is shrugging off the blame

The Qilin ransomware group, responsible for the recent attack on NHS, resulting in the cancellation of nearly 1200 operations and crucial blood tests, has urged against blaming them for the hardships faced by Britain’s healthcare system.

Instead, they pointed fingers at the nation and its government, alleging support for adversaries in the global arena. This rhetoric prompts readers to question whom the group is implicating.

Security analysts interpret these statements as a tactic to divert attention from the real impact on the National Health Service, where over 200 cancer surgeries alone were postponed due to the IT disruption.

NHS England has warned that the effects of the Synnovis downtime may persist until September or beyond.

Meanwhile, an unverified source on Telegram claimed NHS was considering a $45 million ransom payment to the hackers, citing recovery costs exceeding their annual budget.

In a conversation with a BBC journalist via encrypted chat, the hackers defended their actions as a political statement, leaving the world speculating on their ties to Russia or Ukraine.

Regardless of the perpetrators, the primary victims remain the innocent patients already burdened by healthcare challenges, compounded by treatment cancellations and suspended pathology services, including vital blood-borne disease tests like HIV, Hepatitis C, and Hepatitis B.

Over the past days, individuals allegedly affiliated with Qilin have reportedly leaked a fraction of the 405GB of stolen data, warning of escalating consequences in the coming weeks.

 

The post NHS Qilin Ransomware gang is shrugging off the blame appeared first on Cybersecurity Insiders.

June 24, 2024 at 10:33AM

Read More

Cyber A.I. Group Announces the Engagement of Walter L. Hughes as Chief Executive Officer

Highly Successful Technology Executive to Drive Growth in the Cybersecurity and IT Services Sectors 

Cyber A.I. Group, Inc., an early stage cybersecurity, A.I. and IT services company, announced today the engagement of Walter L. Hughes as Chief Executive Officer. The announcement was made by A.J. Cervantes, Jr., Executive Chairman of Cyber A.I. Group and Chairman of Trilogy Capital Group, LLC, Cyber A.I.’s founding shareholder. 

Walter Hughes has had an expansive 15+ year executive career across eight distinct industries, including transformative roles at Meta and Elevance Health (formerly Anthem), with impactful contributions to innovative startups and government sectors. Mr. Hughes’ deep experience spans nearly two decades in pioneering technology enterprises with a specific emphasis on the intricacies and applications of Artificial Intelligence.

“Walter’s career has been a testament to the art of driving business transformation,” noted Mr. Cervantes. “Rooted in a solid foundation in finance and technology, his expertise has evolved, embracing and mastering the intricate processes of fostering business success. This mastery is underpinned by a profound application of Six Sigma methodologies and strategic venture capital endeavors, positioning him as a pioneering force.”

Mr. Hughes stated, “I’m absolutely thrilled to be joining CyberAI Group as CEO. With its cutting edge approach and incredible potential, it’s a chance to leverage everything I’ve learned across multiple technology-driven industries and put it to work generating transformative change. Building on CyberAI’s strong foundation and seasoned management team, I’m excited to be a force at the forefront of this burgeoning business, shaping the future of this dynamic company.” 

“The cybersecurity and IT services industries are highly fragmented and lend themselves to a proactive consolidation strategy,” continued Mr. Hughes. “We believe a large pool of prospective acquisitions exists offering substantial opportunity for an emerging growth private company on a path to public ownership. The cybersecurity market alone has witnessed remarkable growth and reached a value of $202 billion in 2022. We are confident that an IT/cybersecurity services company with advanced A.I. capabilities can provide clients with numerous proactive and customized cybersecurity services to optimize technology security and improve business operations and performance.” 

“The IT services industry has grown into one of the fastest growing sectors in the United States and around the world, with forecasts of continued double-digit growth over the next decade,” noted Mr. Cervantes. “This is compounded by the massive proliferation of highly publicized data breaches and ransomware attacks that are further propelling demand for cybersecurity expertise. Cyber A.I. Group is leveraging this skyrocketing demand, combined with a core focus on fundamentals, by pursuing a “Buy-and-Build” strategy of acquiring a broad spectrum of IT services companies and positioning them to address the fast-growing needs for the cybersecurity and A.I. markets.”

Artificial intelligence, under development and building momentum for decades, is emerging as one of the most potentially powerful and disruptive forces in the Information Age. Recent moves have seen remarkable advances, such as the launches of OpenAI‘s ChatGPT A.I. chatbot and Google‘s Bard A.I. chatbot. This rapid proliferation of A.I. is introducing not just new capabilities, however, but also new dangers and security concerns. To capitalize on these opportunities and challenges, Cyber A.I. intends to integrate A.I. services in all aspects of its business as it expands. 

Reg 506(c) Offering 

The Company is conducting a private placement offering (the “Offering”) pursuant to Regulation 506(c) as promulgated by the Securities and Exchange Commission. The terms of the Offering are up to Two Million Dollars ($2,000,000) of seventeen and one half percent (17.5%) Promissory Notes with Equity Consideration in the form of Founders’ Stock (each a “Note,” and collectively the “Notes”). The minimum investment amount is $50,000. The Company reserves the right to accept lesser amounts in its sole discretion. The term sheet for the Offering can be found here:

cyberaigroup.io/investors/17-5-promissory-note-with-founder-shares/

About Trilogy Capital Group 

Trilogy Capital Group, LLC is a Delaware limited liability company and private equity firm based in Miami, Florida. Trilogy Capital Group and its predecessor company, Trilogy Capital Partners, Inc., are a financial services group which has been engaged in Private Equity, Venture Capital, Merchant Banking and Financial Advisory since 2002. For additional information, please visit: trilogy-capital.com. 

About Cyber A.I. Group 

Cyber A.I. Group, Inc. is a newly formed Florida corporation that will engage in the acquisition and management of domestic and international cybersecurity and IT services firms. The founders and management of Cyber A.I. are pursuing a “Buy-and-Build” strategy to rapidly expand operations by acquiring a broad spectrum of IT services companies and repositioning them to address fast-growing market needs for cybersecurity and artificial intelligence (A.I.) markets. The Company’s initial target is to acquire multiple companies representing aggregate revenues approaching $100 million. The Company is focusing its acquisition targets as those with the most favorable terms and lend themselves to certain benefits through integration including horizontal and vertical marketing and economies of scale. Cyber A.I.’s business model is focused on the acquisition and consolidation of IT services companies with proven ability in broad conventional technology services. This emphasis on conventional companies with strong revenues and cash flow distinguishes Cyber A.I. from the explosion of A.I. startups that may be pinning their future on a single technological breakthrough which may never materialize. This “Buy-and-Build” strategy provides Cyber A.I. with the maximum flexibility for diversification and risk management for moving into new fields and addressing fast moving market opportunities. For additional information, please visit: cyberaigroup.io.

Contact 

Cyber A.I. Group, Inc. 

990 Biscayne Blvd., Suite 503 

Miami, FL 33132 

info@cyberaigroup.io 

The post Cyber A.I. Group Announces the Engagement of Walter L. Hughes as Chief Executive Officer appeared first on Cybersecurity Insiders.

June 23, 2024 at 07:54PM

Read More

1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

1inch, a leading DeFi aggregator that provides advanced security solutions to users across the entire space, has announced today the launch of the 1inch Shield. 

This solution, that is offering enhanced protection against a wide range of potential threats, was completed in partnership with Blockaid, a major provider of Web3 security tools.

Scam tokens masquerading as legitimate assets have long been creating problems for Web3 users. Now, due to collaboration with Blockaid, all tokens of this kind will be instantly detected and marked, so that users can avoid transacting with these tokens.

Speaking about the partnership, Sergej Kunz, co-founder of 1inch, said, “The collaboration between Blockaid and 1inch is anticipated to set a new standard for security in the cryptocurrency landscape. By combining Blockaid’s innovative security solutions with the 1inch’s advanced features, this partnership aims to enhance user safety and asset protection, contributing to the growth and mainstream adoption of DeFi.”

“The collaboration with 1inch represents a pivotal step forward in our mission to secure the Web3 ecosystem. By integrating our robust security solutions with the 1inch, we are enhancing the safety of digital assets while fostering trust and confidence among users in the DeFi space. Our joint efforts will pave the way for a more secure and accessible DeFi environment for everyone”, said Ido Ben-Natan, co-founder and CEO of Blockaid. 

Blockaid acts like an anti-virus for Web3, leveraging superior data and machine learning to identify and protect against malicious attackers. The provider with a better data can produce a better product, allowing multiple layers of security for users. Whenever a user connects their wallet to sign a transaction, Blockaid provides clear information about what will actually happen when the transaction is executed.

Blockaid can also simulate any transaction involving a wallet, dApp, or smart contract across multiple blockchains. What transforms simulation into security is validation. In simple terms, validation involves determining whether a given transaction is malicious or benign, allowing users to transact with confidence. Now, this transaction simulation capacity is used to protect 1inch users.

Meanwhile, blockchain users also encounter AML compliance risks. The 1inch Shield mitigates these risks by running 24/7 screening of blockchain addresses for ties to sanctions, terrorist financing, hacked or stolen funds, ransomware, human trafficking and more. Based on the outcome of screening, suspicious addresses are immediately blocked.

The screening component is powered by TRM Labs, which uses on-chain and off-chain data to detect possible security risks.

Finally, a blocklisting functionality provided by Etherscan Pro is also included in the 1inch Shield to immediately blocklist suspicious blockchain addresses.

The Shield API will be gradually integrated into 1inch products. This API is available on the 1inch Developer Portal alongside a suite of other cutting-edge tools intended for Web3 developers.

The post 1inch partners with Blockaid to enhance Web3 security through the 1inch Shield appeared first on Cybersecurity Insiders.

June 23, 2024 at 07:27PM

Read More

INE Security: Optimizing Teams for AI and Cybersecurity

2024 is rapidly shaping up to be a defining year in generative AI. While 2023 saw its emergence as a potent new technology, business leaders are now grappling with how to best leverage its transformative power to grow efficiency, security, and revenue. With the near-universal integration of AI into global technology, the need for AI-ready cybersecurity teams is more critical than ever. INE Security, a leading global cybersecurity training and cybersecurity certification provider, predicts large language model (LLM) applications like chatbots and AI-drive virtual assistants will be at particular risk. 

“AI systems are invaluable, enabling us to process vast amounts of data with unmatched speed and accuracy, detect anomalies, predict threats, and respond to incidents in real-time. But these revolutionary technologies are also empowering attackers, leveling the playing field in unprecedented ways,” said Lindsey Rinehard, COO and Head of AI Integration at INE Security. “As automated attacks increase, our defense strategies must also be automated and intelligent. The accelerating arms race between cyber attackers and defenders underscores the vital need for ongoing training and development for cybersecurity teams.” 

According to the IBM X-Force Threat Intelligence Index 2024, cybercriminals mentioned AI and GPT in over 800,000 posts in illicit markets and dark web forums last year. Training and preparation for AI in infosec are no longer optional: organizations must deploy employee training for AI and cybersecurity to maintain effectiveness and stay ahead of attackers. 

Strategies to Optimize Teams for AI and Cybersecurity

1. Incorporate Structured Team Training Programs

The first step in building an AI-ready cybersecurity team is to implement structured training programs that focus on both foundational cybersecurity principles and advanced AI applications. These programs should offer certifications and courses from recognized institutions and industry leaders to ensure they meet high standards. For example, courses offered by INE Security provide comprehensive training that covers both traditional cybersecurity skills and newer AI-based tools. The ideal training program will include:

• Skills Gap Analysis: Conduct an analysis to identify where the team’s capabilities may be an area of improvement, particularly concerning AI integration.
• Tailored Curriculum Development: A training curriculum that addresses identified cybersecurity skills gaps, incorporating both core cybersecurity principles and advanced AI applications.
• Blended Learning Approach: A mix of online courses, hands-on labs, and real-world scenario simulations to accommodate different learning styles and enhance practical application skills.

2. Promote a Culture of Learning

Building a culture that encourages ongoing learning and curiosity is equally important. Google, for instance, fosters a learning culture where employees are encouraged to spend 20% of their time on learning new skills or on side projects, many of which involve AI and cybersecurity innovations. This not only keeps their skills fresh but also helps in retaining talent and fostering a proactive approach to security challenges.

To effectively implement a culture of learning that supports the development of AI-ready cybersecurity teams, organizations can adopt several strategies:

• Provide Access to Resources: Offer subscriptions to leading industry publications, access to specialized online courses, and entry to relevant conferences and seminars that focus on AI and cybersecurity.
• Reward Continuous Learning: Establish a rewards system that recognizes and incentivizes team members who actively engage in learning new skills or who earn new certifications, particularly those that integrate AI technologies with cybersecurity practices.
• Create Innovation Labs: Set up dedicated spaces or times when employees can experiment with new technologies or develop new solutions independently of their regular tasks. This can help stimulate creative thinking and practical application of learned skills.

3. Leverage Simulation-Based Learning

Simulation-based learning tools like cyber ranges provide hands-on experience in dealing with real-world cybersecurity scenarios and help users learn how to use AI. Cyber ranges provide a simulated environment where professionals can safely engage with and respond to real-world cyber threats using AI tools, without the risk of impacting actual operations (this hands-on lab from INE Security is a great example). This practical exposure is crucial for understanding how AI can be integrated into cybersecurity practices to detect, analyze, and mitigate threats. By training in a cyber range, team members can develop and refine their skills in a controlled yet realistic setting, which improves their ability to effectively utilize AI in live environments. The hands-on experience also helps in bridging the gap between theoretical knowledge and practical application, enhancing the team’s overall readiness and responsiveness to emerging cyber threats.

To effectively leverage cyber ranges for building an AI-ready cybersecurity team, consider implementing the following strategies:

• Regular Tabletop Exercise: Incorporate regular sessions within the cyber range into the team’s training schedule. This ensures consistent practice and skill refinement in handling AI-driven security scenarios.
• Scenario Variety: Develop a variety of threat scenarios that reflect the latest AI-driven attack techniques and the most common threats specific to the organization’s industry. This variety helps prepare the team for a wide range of potential real-world situations.
• Cross-Functional Exercises: Include team members from various functional areas in cyber range sessions to foster a comprehensive understanding of how AI impacts different aspects of cybersecurity across the organization.
• Post-Exercise Reviews: Conduct debriefing sessions after each cyber range exercise to discuss what was learned and how it can be applied. This reinforces the lessons and integrates them into everyday practices.

4. Encouraging Participation in Hackathons and Competitions

Participation in hackathons and cybersecurity competitions can also play a crucial role in continuous learning. These events challenge participants to solve complex problems with innovative solutions, often under time constraints. They are excellent for learning new skills, testing existing ones, and keeping up with the latest cybersecurity and AI technologies.

To effectively implement a strategy that encourages participation in hackathons and competitions, organizations can adopt the following approaches:

• Promote Awareness: Regularly inform team members about upcoming hackathons and competitions through internal newsletters, meetings, or dedicated communication channels. Highlight the benefits of participation, such as skill enhancement and potential recognition.
• Incentivize Participation: Offer incentives such as bonuses, extra vacation days, or public recognition within the organization for those who participate and especially for those who perform well in these events.
• Post-Event Learning Sessions: After each event, hold a session where participants can share their experiences, learnings, and new techniques discovered during the competition. This helps disseminate new knowledge across the entire team, enriching the organization’s skill base.

Conclusion

The integration of AI into cybersecurity is not just an enhancement of existing frameworks; it is a fundamental shift that requires a new kind of expertise. Continuous learning is critical for cybersecurity professionals to remain effective in their roles as defenders of digital assets. By embracing a culture of ongoing education and utilizing advanced training tools and techniques, cybersecurity teams can develop the resilience and adaptability needed to stay one step ahead of attackers in this fast-paced digital world.

As the landscape of cyber threats continues to evolve, so too must the capabilities of those tasked with protecting against them. An investment in continuous learning is an investment in the future security of our digital lives.

To learn more about INE Security’s cybersecurity training and certifications, click here. 

The post INE Security: Optimizing Teams for AI and Cybersecurity appeared first on Cybersecurity Insiders.

June 23, 2024 at 06:56PM

Read More

AI in Cybersecurity: Friend or Foe?

How organizations can both leverage and defend against artificial intelligence (AI) in security operations. 

While AI has been around for many years and isn’t a new concept, the emergence of generative AI (GenAI) boosted by large language models (LLMs) has drastically changed conversations about AI globally. Before OpenAI’s public release of its GenAI tool ChatGPT, AI was often seen as a tool with limited intelligence and capability. Now, as new use cases with Generative AI continue to prove its expanded capability in areas like security and productivity, its adoption is beginning to span every industry as enterprise executives race to implement AI across their tech stacks and workflows. Companies like Google have also opened a path to experimenting with AI engineering through offerings like Bard and Vertex AI. 

Right now, security teams are witnessing two different conversations around AI in cybersecurity: 

• First, AI’s potential for defense and all the ways enterprises can leverage its power to shore up security postures while streamlining operations. 
• Second, concerns regarding both privacy and accuracy, as well as how to defend against bad actors harnessing AI themselves. 

In the grand scheme of it all, these conversations can be segmented into three categories: 

1. How to leverage AI in security operations
2. How to secure AI while using it 
3. How to ultimately defend against AI-driven cyberattacks

Leveraging AI Tools for Security Operations 

Security teams are now asking the critical question, “How can we leverage AI to transform security operations?” More specifically, these teams are looking at GenAI’s uses for predictive analytics, aptitude in detection, investigative capability, workflow automation, and AI copilots.

Modern companies are collecting, storing, and even transporting massive amounts of data every day. The reality is any sensitive information like addresses, payment information, Social Security numbers, and names are considered security-relevant data. The sheer volume of this security-relevant information is too large to even fathom, but they’re collecting it nonetheless. With AI, a new realm of tools and resources opens up for security teams.  

Machine learning (ML) is one of the best tools for accurately identifying patterns in these huge data stores, largely thanks to the mathematical approach it takes when discerning statistical anomalies. One example of ML succeeding is its ability to detect unexpected system access by a user because of their patterned behavior within the specific system. This ability to discern behavioral abnormalities could then be used to assign dynamic risk scores based on user activities that can help determine whether action should be taken to secure internal systems and networks. 

Beyond this, there’s a major role for GenAI in support of a strong defense. Companies are challenged to make sense of the massive streams of security information they must manage while handling a shortage of qualified engineers. In 2024, expect to see cybersecurity tools adopt natural language “prompting” (similar to ChatGPT) into their core user interfaces. This will allow newer, less experienced security analysts to execute powerful, but complex search queries in seconds, and allow a CISO to make quick sense of the information coming out of their security operations center (SOC) by explaining complex data in simple, human language terms.

A Defense in Depth Strategy for Securing AI 

CISOs face a dual challenge: harnessing the productivity potential of GenAI while ensuring its secure deployment. While the benefits of GenAI can be immense, there’s a growing concern among companies about the risks it poses, particularly in terms of unintended training, data leakage, and the exposure of sensitive corporate information or personally identifiable information (PII).

In recent conversations with customers, a striking insight emerged: approximately three-quarters of CISOs have imposed bans on the use of GenAI tools within their organizations, citing security concerns. They are actively seeking strategies to secure these tools before fully integrating them into their business processes. The apprehension is rooted in the fear that GenAI tools, while powerful, might inadvertently learn and disclose confidential corporate secrets or sensitive customer data.

To navigate this complex terrain, companies should adopt a ‘defense in depth’ strategy, a layered approach to security that is well-established in other domains of data protection. This strategy involves not only leveraging traditional endpoint security and data loss prevention (DLP) tools but also integrating more advanced, AI-driven solutions such as user and entity behavior analytics (UEBA). UEBA plays a crucial role in providing a comprehensive view of how GenAI tools are being utilized within the organization. It goes beyond mere usage tracking, delving into the nuances of how these tools are employed and the nature of the data they interact with. By analyzing patterns of behavior, UEBA helps in identifying anomalies and potential risks, thereby enabling a more nuanced and informed assessment of the security posture.

Incorporating UEBA into the security framework allows organizations to understand the full spectrum of GenAI tool usage and its implications. This insight is invaluable for formulating a risk profile that is not just based on hypothetical scenarios but grounded in actual usage patterns. It enables CISOs to make informed decisions about deploying GenAI tools, ensuring that while the organization reaps the benefits of AI-driven productivity, it does not compromise on security.

Defending Against Adversaries with AI 

While AI isn’t the sole culprit for today’s increased levels of cybersecurity attacks, it will continue to gain strength as an enabler. Other productivity improvements like the shift to the public cloud,, have also increased the current threat landscape. As data infrastructure systems evolve, organizations continue to tackle problems like explosive and unmanaged data, expanded attack surfaces, and increased cases of stolen and compromised credentials and ransomware attacks. For every step forward, the industry faces two steps back. No matter where your data is, bad actors are working daily to figure out how to get access to it. 

While we are still in the early stages of GenAI, both fears and promises of the technology will be tested for years to come.

Unfortunately, cyber adversaries are already abusing GenAI tools to enhance the destructive force of security threats. We’re continually seeing major data breaches make headlines, many of which utilize AI. Bad actors will continue developing AI-powered threats that will be increasingly more difficult to detect and prevent. Social engineering techniques combined with the power of GenAI, as just one example, can create persuasive phishing attacks as large data models mimic writing styles and vocal patterns. 

Both AI and human adversaries are proving to be a relentless force for companies to defend against. Security teams need to be well-armed to defeat both. 

The post AI in Cybersecurity: Friend or Foe? appeared first on Cybersecurity Insiders.

June 23, 2024 at 05:17PM

Read More