Microsoft banishes rumors of cyber attack and steal of data from 30m accounts

Just a day after hacktivists group “Anonymous Sudan” took claim of cyber-attack on Microsoft servers to steal info from over 30 million accounts, the Satya Nadella led company issued a press statement that the publishes stories in a certain section of media are false and completely baseless.

Anonymous Sudan, a group linked to Killnet, a pro-Russian Hacktivists group is known to launched denial of service attacks aka DdoS. Their main aim is to disrupt the network of servers, causing downtime to the victim.

But they never indulged in data steal and so the claims published by few media resources that they have siphoned data related to 30m accounts is false.

The technology giant added in its statement that the said group of cyber criminals were responsible for downtime of online services such as Azure, Outlook, and OneDrive for a certain period in June this year. But the company banished all rumors related to data steal and insisted that it gives high priority in protecting the information of its customers and have put all security measures in place in practical.

NOTE- A Telegram user has posted on the messaging platform that the stolen data belonging to 30 million Microsoft customers including their emails and passwords was available for sale at a price of $50,000. And interested parties can contact the bot to fetch more about the info. Interestingly the post was available in Urdu and English, so that those from middle east and west can understand and connect with ease.

The post Microsoft banishes rumors of cyber attack and steal of data from 30m accounts appeared first on Cybersecurity Insiders.

July 04, 2023 at 10:28AM

Read More

What is post-quantum cryptography and why is it important?

Whether you work in the tech field or not, it’s likely that you’ve increasingly heard of quantum computing.  

As with any emerging technology, along with all the possibilities there are also potential risks. We’ll be unpacking these latest developments, what it means for the digital identity market, and what Thales is doing in response.  

 In this blog we’ll be giving an introduction to quantum computing, and what this means for security and cryptography.  

 

What is quantum computing?  

Quantum computing is a type of computing that uses quantum mechanics to perform calculations much quicker than traditional computers.  

By using quantum algorithms, these computers can perform calculations that are faster than classical computers for certain types of problems, such as those involving prime factorization or optimization. Think of it like a maze. A classical computer solves the maze by exploring each path one at a time until it finds the right one. A quantum computer can explore all possible paths at once, which means it can solve the maze much faster. 

 As a relatively new and rapidly developing field of technology, there are still challenges to overcome before it has practical applications. However, quantum computing possesses the potential to revolutionize the way our digital infrastructures are secured. 

 

What security risks does quantum computing carry?  

As with any new technology, as well as rewards there are also risks. Because quantum computers can solve certain problems that classical computers can’t, it could potentially break many of the cryptographic systems we use today.  

 Quantum computing poses a potential risk to digital identities due to its ability to break traditional encryption methods that are commonly used to protect sensitive data, including personal and financial information. 

The majority of encryption methods rely on the difficulty of factoring large numbers into their prime factors. However, quantum computers can perform certain calculations much faster than classical computers, including factoring large numbers using Shor’s algorithm. This means that quantum computers could potentially break widely-used encryption algorithms like RSA and Elliptic Curve Cryptography (ECC), rendering digital identities vulnerable to theft, fraud and exploitation. 

 Additionally, quantum computers could also be used to ease the finding of collisions in  the hash functions that are used to create and authenticate digital signatures, thus allowing to impersonate legitimate digital identities 

 The rapid development of quantum computing represents a challenge to the security of digital identities, and new methods of encryption and authentication may need to be developed to keep pace.  

 

What is post quantum cryptography, and how can it help?  

Post-quantum cryptography (also known as quantum-resistant cryptography) is a type of cryptography that aims to develop new cryptographic algorithms that are resistant to attacks by quantum computers.  

Post-quantum cryptography aims to develop new cryptographic algorithms that are secure against attacks from both classical and quantum computers. These algorithms typically rely on different mathematical problems that are believed to be hard to solve, even for quantum computers. For example, some post-quantum cryptographic algorithms are based on lattice-based cryptography, code-based cryptography, or multivariate cryptography. 

As quantum computing technology continues to evolve, post-quantum cryptography is becoming increasingly important in securing sensitive data and communications. Governments, financial institutions, and other organizations are actively exploring and investing in post-quantum cryptographic solutions to ensure that their sensitive data and communications remain secure in the face of quantum computing attacks. 

  

For further reading, please check out the following:  

• Thales Pioneers Post Quantum Cryptography with a Successful World-First Pilot on Phone Calls 
• Cyber security: A post-quantum shield co-developed by Thales 

The post What is post-quantum cryptography and why is it important? appeared first on Cybersecurity Insiders.

July 03, 2023 at 09:36PM

Read More

Israel Takes Bold Steps to Expose Cyber Threat Actors Faces Potential Retaliation

In a groundbreaking move, Israel has become the first country to publicly identify and condemn cyber threat actors, a decision that could potentially escalate tensions with Iran. Moreover, Israel is set to implement a new policy aimed at curbing the misuse of AI technology.

The announcement was made during the Cyber Week event in Tel Aviv by the Israel National Cyber Directorate, which sternly warned that any nation launching cyber attacks against Israeli citizens would face significant consequences.

It is worth noting that Western nations had previously considered implementing a similar practice of naming and shaming threat actors. However, due to various political challenges, no nation took a decisive stand on the matter until now.

Israel has emerged as a trailblazer in this arena, boldly attributing certain infrastructure attacks to its neighboring country, Iran, officially designating it as a cyber adversary. One such incident involved a severe digital assault on the Israel Institute of Technology, also known as Technion. The attack was so disruptive that examinations had to be postponed as the IT systems were paralyzed by MuddyWater, a group allegedly backed by the Iranian Ministry of Intelligence.

In a surprising development, the Israeli Defense Community confirmed that Iran had targeted civilian entities in several countries, including India, Bahrain, Kuwait, Oman, Morocco, Egypt, Saudi Arabia, and Turkey. It remains unclear whether this statement was meant to highlight countries currently under threat or to indicate potential targets for the upcoming month.

Nonetheless, the Israel National Cyber Directorate sources clarified that they will only publicly name and shame nations involved in attacking other countries once substantial evidence has been obtained.

Israel’s bold stance in exposing cyber threat actors marks a significant milestone in the global cybersecurity landscape. While it may face potential retaliation from Iran, this move sends a strong message to other nations regarding the consequences of engaging in cyber attacks against Israeli interests. Moreover, the forthcoming policy addressing the regulation of AI technology demonstrates Israel’s commitment to ensuring responsible use and curbing potential misuse of this powerful tool.

The international community will closely monitor the impact of Israel’s actions and how it shapes the future of cyber deterrence and accountability on the global stage.

The post Israel Takes Bold Steps to Expose Cyber Threat Actors, Faces Potential Retaliation appeared first on Cybersecurity Insiders.

July 03, 2023 at 08:42PM

Read More

Navigating the Data Privacy Maze: How DataGrail Advances Privacy Management

Data is rapidly becoming the most valuable commodity, permeating practically every aspect of life. However, with this explosion of data comes the daunting challenge of data privacy. Companies are constantly investing in a multitude of applications, each leading to a collection of vast amounts of personal information. From customer support teams to sales teams and e-commerce operations, the collection of personal data is ubiquitous.

Yet, the consumer’s expectation for transparency regarding how their information is used is steadily increasing, and in many cases manifested in legal requirements. Consumers desire control over how their personal data is used, which forces businesses to be fully aware and in control of the information they collect. This task, however, is far from simple. The sheer volume of data and applications often results in the loss of oversight, often exacerbated by corporate ‘Shadow IT’— the unauthorized use of unknown applications containing sensitive data outside of IT’s control and visibility.

Existing Solutions and Their Shortcomings

Traditional solutions to this issue have primarily been workflow-driven, with a focus on assigning responsibility to employees to declare the applications they use. However, this approach is fundamentally flawed, as it assumes all employees will comply with workflow rules and actively participate in understanding and reducing risk.

Other solutions struggle with the immense task of tracking the increasing number of applications in use. Okta’s Businesses at Work report suggests that an average user interacts with an estimated 196 applications, however Netskope’s Cloud & Threat report shows that the number could exceed 1500 distinct applications in larger organizations. Navigating this labyrinth of applications to ensure data privacy is an enormous challenge for businesses of all sizes.

DataGrail: A New Approach to Data Privacy

DataGrail, founded in 2018 emerged with an innovative solution to these data privacy challenges. The company’s mission is to provide businesses with an integrated solution that both addresses the growing concern for privacy and manages the proliferating number of business applications.

DataGrail built its solution from the ground up with a unique approach. Instead of relying on workflow or network scanning, they leverage existing ecosystems, looking at the relationships between applications. This method enables DataGrail to uncover and expose the use of different applications that may otherwise fly under the IT radar.

Unveiling Risk Intelligence

One of DataGrail’s flagship offerings is Risk Intelligence. This innovative concept is about uncovering Shadow IT and providing visibility about how businesses are collecting personal information and how it’s being used across an organization. DataGrail’s patented technology allows the platform to identify applications and the type of personal information existing within them, providing unprecedented visibility and control to organizations over their data privacy landscape.

The Integrated Approach

DataGrail differentiates itself by integrating with more than 2,000 different applications, offering a vast coverage scope. If an application contains sensitive information, like Social Security numbers or addresses, it is prioritized, helping businesses minimize the risk of unknown applications housing sensitive information.

The Road Ahead

As the digital landscape evolves and data sources continue to explode, DataGrail plans to invest in their suite of products and innovate in the data discovery and risk intelligence fields. The company is committed to expanding their ecosystem approach, keeping pace with the rapidly evolving data landscape.

In conclusion, DataGrail stands at the forefront of data privacy management, offering an integrated solution that addresses the increasing challenges posed by the digital age. Their unique approach to identifying and prioritizing risky applications, coupled with an expansive ecosystem of integrations, sets them apart in the industry.

DataGrail’s innovative Risk Intelligence not only uncovers Shadow IT but also provides organizations with an unprecedented level of visibility and control over their data privacy landscape. With their patented technology and commitment to compliance, DataGrail is pioneering a new way for businesses to navigate the data privacy maze, bridging the gap between the rising demand for transparency and the complex task of personal information management.

The post Navigating the Data Privacy Maze: How DataGrail Advances Privacy Management appeared first on Cybersecurity Insiders.

July 03, 2023 at 06:33PM

Read More

Dublin Airport staff details leaked in Cyber Attack

A cyber attack on Aon Insurance provider has led to the data breach of about 2000 staff members working for Dublin Airport. Prima Facie revealed that the attack was more intense and is more related to Moveit software that could have given access details of the airport staff members.

News is out that Clop Ransomware gang that hacked into the servers of MoveIT gained sensi-tive details of salary and benefits from the servers of the infected computers. After threatening to post the details, the cyber criminals chose to disclose the information to the media as they were more interested in tarnishing the details of Aon Insurance provider.

Since, Dublin Airport staff were function under Aon insurance coverage their details were also leaked onto the dark web, along with the other customers of the London based insurance service provider.

Stealing classical details of employees can lead to identity thefts and phishing attacks. Criminals can also use the data to threaten the victims and such.

Financial details can fetch hackers a handsome amount on the dark web as such data often sells like hot cakes in the dark world. The price of data might go from $50 to $1200 per 1000 accounts depending on its freshness and sensitivity.

Banking companies are nowadays showing a lot of interest in raising the security bar of the way their customer info is being stored and process. Encryption, multi factor authentication, not storing all details on one server are some of the practices that can mitigate risks associated with data leaks.

NOTE- DAA that manages global airport retailing of DA hasn’t reacted to the news yet!

The post Dublin Airport staff details leaked in Cyber Attack appeared first on Cybersecurity Insiders.

July 03, 2023 at 04:18PM

Read More

Incident Management Chronicles: Striking The Right Balance

By Jeff Chan, Vice President of Technology, MOXFIVE

If you haven’t experienced a ransomware attack, it’s likely only a matter of time. Adding insult to injury, you will receive no warning. One minute the team is working hard to end the day, the next, your SaaS apps stop working, network access disappears, and the phones of each member of the security team start ringing.

That’s when all evening plans are canceled, and the coffee is brewed because getting systems back in order will likely be an all-night affair. This response is only natural since every second the systems are down, they are crippling to the business.

It is precisely when teams begin to scramble that mistakes are made. From my own experience, there are two critical missteps that I see time and again. First, they lose sight of three key protocols that are critical to follow when responding to an incident—containment, forensics, and recovery.

Second, they take a siloed containment approach as if containment, forensics, and recovery are all independent entities. For example, when an attack occurs, one group focuses solely on recovery, where the mantra is “recover at all costs.” In parallel, the remaining teams dive into forensics and containment, where their focus is keeping the data intact for the investigation. Operating on their islands, each group conducts a damage assessment, determines the underlying causes, kicks off damage containment, and inevitably cuts off all outside communication.

This approach isn’t wrong. All these response activities are valid and essential. What’s missing is balance across these three primary functions. While it might seem counter-intuitive, combining the three will ultimately accelerate the process and help ensure a smoother resolution. The following aims to show why giving equal focus to each area is so vital, starting with containment.

Containment: For anyone who has never conducted a forensic investigation, the aim is to find Indicators of Compromises (IOCs) which are essentially evidence that malicious activity exists. This could come in the form of unrecognized files in the system or unusual traffic, and they help guide containment measures designed to prevent further damage. One potential action could be for the forensic team to deploy an Endpoint Detection and Response (EDR) solution that can determine what’s been affected. That team then shares its findings with the containment group, which then gets to work. This process helps connect teams that may have previously been disjointed and deliver a more comprehensive response.

Recovery: To recover impacted systems, you need input from the containment team. More specifically, insights into their efforts, such as installing EDR on a restored system before putting it back into production. ​So, as these IOCs get identified by the forensics team, they are then fed into the EDR solution along with any other applications by the containment team. From there, the recovery team can go about restoring systems without being concerned about potential reinfection. They can then use the EDR to see if any of these indicators trigger on that system before putting it back into production. Without any indicators, recovering is a lot riskier. On the other hand, if a business decision is made to collect all IOCs before systems go back online, it will take longer to get the IT infrastructure up and running, which will cause increasing revenue loss. ‍

Forensics: During recovery, the collection of all forensic data is done by the recovery team, and it must be completed before any system restoration efforts are commenced. This helps the forensics team identify any other IOCs that may be present and then connect with the containment team and help determine what occurred and how it started so teams can take the necessary steps to tighten the perimeter.

The theme through this process is that each of these teams is connected, collaborating in an ongoing process where each area is equally balanced, and the process doesn’t stop until the incident is fully resolved. When one group takes precedence over the others, this process begins to break down, which can have a deleterious effect on the business.

The post Incident Management Chronicles: Striking The Right Balance appeared first on Cybersecurity Insiders.

July 02, 2023 at 05:44PM

Read More

Toward a more resilient SOC: the power of machine learning

A way to manage too much data

To protect the business, security teams need to be able to detect and respond to threats fast. The problem is the average organization generates massive amounts of data every day. Information floods into the Security Operations Center (SOC) from network tools, security tools, cloud services, threat intelligence feeds, and other sources. Reviewing and analyzing all this data in a reasonable amount of time has become a task that is well beyond the scope of human efforts.

AI-powered tools are changing the way security teams operate. Machine learning (which is a subset of artificial intelligence, or “AI”)—and in particular, machine learning-powered predictive analytics—are enhancing threat detection and response in the SOC by providing an automated way to quickly analyze and prioritize alerts.

Machine learning in threat detection

So, what is machine learning (ML)? In simple terms, it is a machine’s ability to automate a learning process so it can perform tasks or solve problems without specifically being told do so. Or, as AI pioneer Arthur Samuel put it, “. . . to learn without explicitly being programmed.”

ML algorithms are fed large amounts of data that they parse and learn from so they can make informed predictions on outcomes in new data. Their predictions improve with “training”–the more data an ML algorithm is fed, the more it learns, and thus the more accurate its baseline models become.

While ML is used for various real-world purposes, one of its primary use cases in threat detection is to automate identification of anomalous behavior. The ML model categories most commonly used for these detections are:

Supervised models learn by example, applying knowledge gained from existing labeled datasets and desired outcomes to new data. For example, a supervised ML model can learn to recognize malware. It does this by analyzing data associated with known malware traffic to learn how it deviates from what is considered normal. It can then apply this knowledge to recognize the same patterns in new data.

Unsupervised models do not rely on labels but instead identify structure, relationships, and patterns in unlabeled datasets. They then use this knowledge to detect abnormalities or changes in behavior. For example: an unsupervised ML model can observe traffic on a network over a period of time, continuously learning (based on patterns in the data) what is “normal” behavior, and then investigating deviations, i.e., anomalous behavior.

Large language models (LLMs), such as ChatGPT, are a type of generative AI that use unsupervised learning. They train by ingesting massive amounts of unlabeled text data. Not only can LLMs analyze syntax to find connections and patterns between words, but they can also analyze semantics. This means they can understand context and interpret meaning in existing data in order to create new content.

Finally, reinforcement models, which more closely mimic human learning, are not given labeled inputs or outputs but instead learn and perfect strategies through trial and error. With ML, as with any data analysis tools, the accuracy of the output depends critically on the quality and breadth of the data set that is used as an input.

A valuable tool for the SOC

The SOC needs to be resilient in the face of an ever-changing threat landscape. Analysts have to be able to quickly understand which alerts to prioritize and which to ignore. Machine learning helps optimize security operations by making threat detection and response faster and more accurate.

ML-powered tools automate and improve the analysis of large amounts of event and incident data from multiple different sources in near real time. They identify patterns and anomalies in the data and then prioritize alerts for suspected threats or critical vulnerabilities that need patching. Analysts use this real-time intelligence to enhance their own insights and understand where they can scale their responses, or where there are time-sensitive detections they need to investigate.

Traditional threat detection methods, such as signature-based tools that alert on known bad traffic can be augmented with ML. By combining predictive analytics that alert based on behavioral anomalies with existing knowledge about bad traffic, ML helps to reduce false positives.

ML also helps make security operations more efficient by automating workflows for more routine security operations response. This frees the analyst from repetitive, manual, and time-consuming tasks and gives them time to focus on strategic initiatives.

New capabilities enhance threat intelligence in USM Anywhere

The USM Anywhere platform has long utilized both supervised and unsupervised machine learning models from AT&T Alien Labs and the AT&T Alien Labs Open Threat Exchange (OTX) for most of its curated threat intelligence. The Open Threat Exchange is among the largest threat intelligence sharing platforms in the world. Its more than 200,000 members contribute new intelligence to the platform on a daily basis.

Alien Labs uses ML models in several ways, including to automate  the extraction of indicators of compromise (IOCs) from user threat intelligence submissions in the OTX and then enrich these IOCs with context, such as associated threat actors, threat campaigns, regions and industries being targeted, adversary infrastructure, and related malware.

The behind-the-scenes capabilities in USM Anywhere have been reinforced by new, high-value machine learning models to help security teams find today’s most prevalent threats.

These new models help the platform generate higher-confidence alerts with less false positives and provide advanced behavioral detections to facilitate more predictive identification of both insider and external threats. Its supervised models can identify and classify malware into clusters and families to predict behaviors. They can also detect obfuscated PowerShell commands, domain generation algorithms, and new command-and-control infrastructure.

Since the platform has an extensible architecture, new models can be introduced as the threat landscape dictates, and existing models can be continuously refined.

For more on how machine learning is transforming today’s SOC and to learn how the USM Anywhere platform’s own analytics capabilities have evolved, tune in to our webinar on June 28.

Register now!

The post Toward a more resilient SOC: the power of machine learning appeared first on Cybersecurity Insiders.

July 01, 2023 at 09:10PM

Read More