Search This Blog

Powered by Blogger.

Blog Archive

Labels

Latest News

Unmasking Cyber Shadows: New Zealand’s Battle Against State-Backed Hackers

Recently, New Zealand accused China of engaging in “malicious cyber activity” targeting its parliament. This accusation sheds light on the g...

All the recent news you need to know

Ransomware Strikes Tarrant Appraisal District

 



Tarrant Appraisal District (TAD) finds itself grappling with a major setback as its website falls prey to a criminal ransomware attack, resulting in a disruption of its essential services. The attack, which was discovered on Thursday, prompted swift action from TAD, as the agency collaborated closely with cybersecurity experts to assess the situation and fortify its network defences. Following a thorough investigation, TAD confirmed that it had indeed fallen victim to a ransomware attack, prompting immediate reporting to relevant authorities, including the Federal Bureau of Investigation and the Texas Department of Information Resources.

Despite concerted efforts to minimise the impact, TAD continues to work towards restoring full functionality to its services. Presently, while the TAD website remains accessible, the ability to search for records online has been temporarily suspended. Moreover, disruptions extend beyond the digital realm, with phone and email services also facing temporary outages. This development comes hot on the heels of a recent database failure experienced by TAD, which necessitated the expedited launch of a new website. Originally intending to run both old and new sites concurrently for a fortnight, the agency was compelled to hasten the transition following the database crash.

Chief Appraiser Joe Don Bobbitt has moved seamlessly to reassure the public, asserting that no sensitive information was compromised during the disruption. However, TAD remains vigilant and committed to addressing any lingering concerns. The agency is poised to provide further updates during an upcoming board meeting.

These recent challenges encountered by TAD underscore the critical importance of robust cybersecurity measures and organisational resilience in the face of unforeseen disruptions. Against the backdrop of escalating property values across North Texas, scrutiny of appraisal processes has intensified, with TAD having previously grappled with website functionality issues. Nevertheless, the agency remains steadfast in its commitment to enhancing user experience and fostering transparency.

In light of recent events, TAD remains resolute in prioritising the integrity of its operations and the safeguarding of sensitive data. The deliberate response to the ransomware attack prompts the agency's unwavering dedication to addressing emerging threats and maintaining public trust. As TAD diligently works towards restoring full operational capacity, stakeholders are urged to remain careful and report any suspicious activity promptly.

The resilience demonstrated by TAD in navigating these challenges serves as a testament to its dedication to serving the community and upholding the highest standards of accountability and transparency in property valuation processes.


Facebook Spied on Users' Snapchat Traffic in a Covert Operation, Documents Reveal

 

In 2016, Facebook initiated a secret initiative to intercept and decrypt network traffic between Snapchat users and the company's servers. According to recently revealed court filings, the purpose was to better analyse user behaviour and help Facebook compete with Snapchat. Facebook dubbed it "Project Ghostbusters," an apparent homage to Snapchat's ghost-like emblem.

On Tuesday of this week, a federal court in California disclosed fresh documents acquired during the class action case between consumers and Meta, Facebook's parent company. 

The newly revealed documents show how Meta attempted to gain a competitive advantage over its competitors, namely Snapchat and later Amazon and YouTube, by analysing network traffic to see how its users interacted with Meta's competitors. Given that these apps use encryption, Facebook had to design specific technology to get around it. 

Facebook's Project Ghostbusters is described in one of the documents. In the letter, the customers' attorneys stated that the project was a part of the company's In-App Action Panel (IAPP) programme, which employed a method for "intercepting and decrypting" encrypted app traffic from users of Snapchat, and later from users of YouTube and Amazon. 

The document includes internal Facebook emails about the project. 

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them,” Meta chief executive Mark Zuckerberg wrote in an email dated June 9, 2016, which was published as part of the lawsuit. “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.” 

Facebook developers' idea was to employ Onavo, a VPN-like service that the company acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that the business had been secretly paying teens to use Onavo so that it could monitor all of their web activity. 

Following Zuckerberg's email, the Onavo team took on the project and proposed a solution a month later: so-called kits that can be installed on iOS and Android to intercept traffic for specific subdomains, "allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage," reads a July 2016 email. "This is a 'man-in-the-middle' approach.” 

A man-in-the-middle attack, also known as adversary-in-the-middle, is one in which hackers intercept internet communication passing from one device to another over a network. When network communication is not encrypted, hackers can read data such as usernames, passwords, and other in-app activity.

Given that Snapchat's traffic between the app and its servers is encrypted, this network research technique is ineffective. This is why Facebook developers advocated adopting Onavo, which, when engaged, scans all of the device's network data before it is encrypted and transferred over the internet. 

Sarah Grabert and Maximilian Klein filed a class action lawsuit against Facebook in 2020, alleging that the company misled about its data collecting activities and used the data it "deceptively extracted" from users to find competitors and then unfairly compete with the new firms.

'Tycoon' Malware Kit Bypasses Microsoft and Google Multifactor Authentication

 

An emerging phishing kit called "Tycoon 2FA" is gaining widespread use among threat actors, who are employing it to target Microsoft 365 and Gmail email accounts. This kit, discovered by researchers at Sekoia, has been active since at least August and received updates as recent as last month to enhance its evasion techniques against multifactor authentication (MFA).

According to the researchers, Tycoon 2FA is extensively utilized in various phishing campaigns, primarily aimed at harvesting Microsoft 365 session cookies to bypass MFA processes during subsequent logins. The platform has amassed over 1,100 domain names between October 2023 and late February, with distribution facilitated through Telegram channels under different handles such as Tycoon Group, SaaadFridi, and Mr_XaaD.

Operating as a phishing-as-a-service (PhaaS) platform, Tycoon 2FA offers ready-made phishing pages for Microsoft 365 and Gmail accounts, along with attachment templates, starting at $120 for 10 days, with prices varying based on the domain extension. Transactions are conducted via Bitcoin wallets managed by the "Saad Tycoon Group," suspected to be the operator and developer of Tycoon 2FA, with over 1,800 recorded transactions as of mid-March.

The phishing technique employed by Tycoon 2FA involves an adversary-in-the-middle (AitM) approach, utilizing a reverse proxy server to host phishing webpages. This method intercepts user inputs, including MFA tokens, allowing attackers to bypass MFA even if credentials are changed between sessions.

Despite the security enhancements provided by MFA, sophisticated attacks like Tycoon 2FA pose significant threats by exploiting AitM techniques. The ease of use and relatively low cost of Tycoon 2FA make it appealing to threat actors, further compounded by its stealth capabilities that evade detection by security products.

Sekoia researchers outlined a six-stage process used by Tycoon 2FA to execute phishing attacks, including URL redirections, Cloudflare Turnstile challenges, JavaScript execution, and the presentation of fake authentication pages to victims.

The emergence of Tycoon 2FA underscores the evolving landscape of phishing attacks, challenging the effectiveness of traditional MFA methods. However, security experts suggest that certain forms of MFA, such as security keys implementing WebAuthn/FIDO2 standards, offer higher resistance against phishing attempts.

To assist organizations in identifying Tycoon 2FA activities, Sekoia has published a list of indicators of compromise (IoCs) on GitHub, including URLs associated with Tycoon 2FA phishing campaigns.

Safeguarding the NHS: Protecting Against Potential Cyber Attacks from China

 

Recent concerns have surfaced regarding the vulnerability of the NHS to cyberattacks, particularly from China. Reports indicate that Beijing-backed actors exploited software flaws to access the personal details of millions of Britons. As experts in cybersecurity, it's crucial to address these fears and provide insights into safeguarding against potential cyber threats. 

The prospect of a cyber attack on the NHS by hostile actors underscores the critical importance of robust cybersecurity measures. With the personal details of 40 million Britons potentially compromised, the stakes are high, and proactive steps must be taken to protect sensitive data and preserve public trust in the healthcare system. 

One of the primary concerns raised by these reports is the exploitation of software flaws to gain unauthorized access to personal information. Vulnerabilities in software systems can provide entry points for cybercriminals to launch attacks, compromising the integrity and security of sensitive data stored within NHS databases. 

Furthermore, the involvement of state-backed actors adds a layer of complexity to the threat landscape. Nation-state cyber-attacks are often sophisticated and well-coordinated, making them particularly challenging to defend against. As such, healthcare organizations must remain vigilant and adopt comprehensive security measures to detect and deter potential threats. To defend against potential cyber attacks from China or any other threat actor, the NHS must prioritize cybersecurity at every level. 

This includes implementing robust security protocols, conducting regular risk assessments, and investing in advanced threat detection and response capabilities. Additionally, healthcare professionals and staff members must receive comprehensive training on cybersecurity best practices to recognize and respond to potential threats effectively. By fostering a culture of security awareness and vigilance, the NHS can strengthen its defenses against cyber attacks and mitigate the risk of data breaches. 

Collaboration and information sharing are also essential components of an effective cybersecurity strategy. By partnering with government agencies, cybersecurity experts, and industry stakeholders, the NHS can stay ahead of emerging threats and leverage collective intelligence to bolster its security posture. 

While the prospect of a cyber attack on the NHS is concerning, it's essential to approach these threats with a proactive and informed mindset. By implementing robust cybersecurity measures, fostering a culture of security awareness, and collaborating with relevant stakeholders, the NHS can enhance its resilience against potential cyber threats and safeguard the personal data of millions of Britons.

The Great Data Heist: China's Alleged Theft of Voter Data and Its Potential Impact

 


Chinese-backed hackers allegedly targeted U.S. officials, journalists, corporations, pro-democracy activists and the United Kingdom's electoral watchdog in a comprehensive, state-backed attack on March 25, authorities announced in an announcement on March 25. The attack was aimed at targeting officials, journalists, corporations, pro-democracy activists, and the British election watchdog. 

In 2010, China launched Operation Troll to harass critics of the government, steal trade secrets from American corporations, as well as spy on and trace high-level political figures, an operation that began in 2010. Officials say the campaign began in 2010. During the last election, Western officials sounded a fresh alarm about a country long regarded as having advanced espionage capabilities when they revealed the operation, which was carried out by a hacking group called APT31. 

According to the U.S. Justice Department, seven hackers are being charged with crimes in China, and they are believed to be living there. An official announcement by the British government concerning the breach that may have provided China with access to information on tens of millions of U.K. voters held by the Electoral Commission was that a front company and two defendants had been imposed sanctions by the British government. 

U.K. Deputy Prime Minister Oliver Dowden said that hackers working for the Chinese government were responsible for the 2021 data breach at the Electoral Commission in his speech to lawmakers in Parliament on Monday. It was the first time since the cyberattack was reported in 2023 that the United Kingdom has attributed it to the Chinese government and has said it is not going to hesitate to take swift and robust actions whenever the Chinese government threatens its interest.

In his speech, Dowden said the U.K. government would not hesitate to take quick and robust action whenever the Chinese government threatened its interests. In the United Kingdom, the Electoral Commission, which keeps copies of the register of citizens eligible for voting, reported in July that hackers had taken an estimated 40 million U.K. citizens' names and addresses. There are approximately 5 million registered voters across the U.S. including all people who voted in the last 4 years.

Between 2014 and 2022, over 30 million people were affected by the data breach, but they weren't recognized until after a year had passed. As the deputy prime minister of the United Kingdom mentioned in Parliament in Downden's speech, the attack likely occurred as part of a wider threat perpetrated by government-backed groups. 

The government of New Zealand, as well as the governments of other Western countries, have also voiced their concerns. Several high-profile phishing attacks targeting German politicians that were linked to Russian-backed groups have recently been reported in the media. APT31, a Chinese-based cyberattack group, has been sanctioned in the UK as part of the government's response to the attack by responding to the involvement of two individuals, Zhao Guangzong and Ni Gaobin, and one company, Wuhan Xiaoruizhi Science and Technology Company Ltd. 

Those companies are no longer authorised to handle these funds or assets, and the individuals are not allowed to enter the country. " There is no doubt that APT31 has an impeccable track record of targeting politicians both in the US and Europe. They have targeted various political campaigns, parliamentarians, and other targets to gain insight into the landscape," said John Hultquist, Chief Analyst of Mandiant Intelligence - Google Cloud. APT31 has been identified as a threat targeting British lawmakers during a separate campaign in 2021, the National Cyber Security Centre said, even though no parliamentary accounts were compromised, a reconnaissance activity was conducted against the lawmakers during that campaign. 

The British Foreign Secretary, David Cameron, made a formal request for the Chinese ambassador to be summoned, and he said in a separate statement that he raised the matter directly with the Chinese Foreign Minister, Wang Yi. It is clear from the episode that for the UK, this represents an increasing level of tension that has been growing since Hong Kong passed security legislation that the UK says undermines freedom in Hong Kong. Moreover, this violated the handover agreement signed by the two countries when Beijing took over the governance of the territory in 1997.z

Data Breach at Giant Tiger: Protecting Customer Information in the Digital Age

Data Breach at Giant Tiger: Protecting Customer Information in the Digital Age

In an increasingly interconnected world, data breaches have become a recurring nightmare for organizations of all sizes. The recent incident at Giant Tiger Stores Ltd., a popular discount retailer based in Ottawa, serves as a stark reminder of the importance of safeguarding customer information.

The Breach

On March 4, Giant Tiger discovered that its customer data had been compromised. The breach affected various categories of customers:

Email Subscribers: Names and email addresses of those who subscribe to Giant Tiger emails.

Loyalty Members and Online Orders: Names, emails, and phone numbers of loyalty members and customers who placed online orders for in-store pickups.

Home Delivery Orders: Some customers who placed online orders for home delivery may have had their street addresses compromised.

Thankfully, no payment information or passwords were part of the data breach. However, the incident highlights the vulnerability of customer data and the need for robust security measures.

Third-Party Vendor Involvement

Giant Tiger’s breach was linked to a third-party vendor. While the retailer did not disclose the vendor’s name, it relies on this external partner for managing customer communications and engagement. This situation underscores the risks associated with outsourcing critical functions to third parties. Organizations must carefully vet their vendors and ensure they adhere to stringent security protocols.

The Fallout

The fallout from a data breach can be severe:

Reputation Damage: Customers trust companies with their personal information. When that trust is violated, it erodes brand reputation. Giant Tiger now faces the challenge of rebuilding customer confidence.

Legal and Regulatory Consequences: Data breaches often trigger legal and regulatory investigations. Organizations may face fines, lawsuits, and compliance requirements. In Giant Tiger’s case, the breach occurred in Canada, where privacy laws are stringent.

Financial Impact: Remediation efforts, legal fees, and potential compensation to affected customers can strain an organization’s finances. Moreover, the cost of reputational damage can be immeasurable.

Mitigation Strategies

To prevent such incidents, companies must adopt proactive measures:

Vendor Risk Assessment: Regularly assess third-party vendors’ security practices. Understand their data handling processes and ensure they align with your organization’s standards.

Encryption and Access Controls: Encrypt sensitive data and limit access to authorized personnel. Implement robust access controls to prevent unauthorized entry.

Employee Training: Educate employees about cybersecurity best practices. Human error remains a significant factor in data breaches.

Incident Response Plan: Have a well-defined incident response plan in place. Swift action can minimize damage and protect customer trust.

Transparency and Communication

Giant Tiger’s response has been commendable. They hired cybersecurity experts for an independent investigation and promptly informed affected customers. Transparency is crucial during a breach. Customers appreciate honesty and timely updates.

What Are The Risks of Generative AI?

 




We are all drowning in information in this digital world and the widespread adoption of artificial intelligence (AI) has become increasingly commonplace within various spheres of business. However, this technological evolution has brought about the emergence of generative AI, presenting a myriad of cybersecurity concerns that weigh heavily on the minds of Chief Information Security Officers (CISOs). Let's synthesise this issue and see the intricacies from a microscopic light.

Model Training and Attack Surface Vulnerabilities:

Generative AI collects and stores data from various sources within an organisation, often in insecure environments. This poses a significant risk of data access and manipulation, as well as potential biases in AI-generated content.


Data Privacy Concerns:

The lack of robust frameworks around data collection and input into generative AI models raises concerns about data privacy. Without enforceable policies, there's a risk of models inadvertently replicating and exposing sensitive corporate information, leading to data breaches.


Corporate Intellectual Property (IP) Exposure:

The absence of strategic policies around generative AI and corporate data privacy can result in models being trained on proprietary codebases. This exposes valuable corporate IP, including API keys and other confidential information, to potential threats.


Generative AI Jailbreaks and Backdoors:

Despite the implementation of guardrails to prevent AI models from producing harmful or biased content, researchers have found ways to circumvent these safeguards. Known as "jailbreaks," these exploits enable attackers to manipulate AI models for malicious purposes, such as generating deceptive content or launching targeted attacks.


Cybersecurity Best Practices:

To mitigate these risks, organisations must adopt cybersecurity best practices tailored to generative AI usage:

1. Implement AI Governance: Establishing governance frameworks to regulate the deployment and usage of AI tools within the organisation is crucial. This includes transparency, accountability, and ongoing monitoring to ensure responsible AI practices.

2. Employee Training: Educating employees on the nuances of generative AI and the importance of data privacy is essential. Creating a culture of AI knowledge and providing continuous learning opportunities can help mitigate risks associated with misuse.

3. Data Discovery and Classification: Properly classifying data helps control access and minimise the risk of unauthorised exposure. Organisations should prioritise data discovery and classification processes to effectively manage sensitive information.

4. Utilise Data Governance and Security Tools: Employing data governance and security tools, such as Data Loss Prevention (DLP) and threat intelligence platforms, can enhance data security and enforcement of AI governance policies.


Various cybersecurity vendors provide solutions tailored to address the unique challenges associated with generative AI. Here's a closer look at some of these promising offerings:

1. Google Cloud Security AI Workbench: This solution, powered by advanced AI capabilities, assesses, summarizes, and prioritizes threat data from both proprietary and public sources. It incorporates threat intelligence from reputable sources like Google, Mandiant, and VirusTotal, offering enterprise-grade security and compliance support.

2. Microsoft Copilot for Security: Integrated with Microsoft's robust security ecosystem, Copilot leverages AI to proactively detect cyber threats, enhance threat intelligence, and automate incident response. It simplifies security operations and empowers users with step-by-step guidance, making it accessible even to junior staff members.

3. CrowdStrike Charlotte AI: Built on the Falcon platform, Charlotte AI utilizes conversational AI and natural language processing (NLP) capabilities to help security teams respond swiftly to threats. It enables users to ask questions, receive answers, and take action efficiently, reducing workload and improving overall efficiency.

4. Howso (formerly Diveplane): Howso focuses on advancing trustworthy AI by providing AI solutions that prioritize transparency, auditability, and accountability. Their Howso Engine offers exact data attribution, ensuring traceability and accountability of influence, while the Howso Synthesizer generates synthetic data that can be trusted for various use cases.

5. Cisco Security Cloud: Built on zero-trust principles, Cisco Security Cloud is an open and integrated security platform designed for multicloud environments. It integrates generative AI to enhance threat detection, streamline policy management, and simplify security operations with advanced AI analytics.

6. SecurityScorecard: SecurityScorecard offers solutions for supply chain cyber risk, external security, and risk operations, along with forward-looking threat intelligence. Their AI-driven platform provides detailed security ratings that offer actionable insights to organizations, aiding in understanding and improving their overall security posture.

7. Synthesis AI: Synthesis AI offers Synthesis Humans and Synthesis Scenarios, leveraging a combination of generative AI and cinematic digital general intelligence (DGI) pipelines. Their platform programmatically generates labelled images for machine learning models and provides realistic security simulation for cybersecurity training purposes.

These solutions represent a diverse array of offerings aimed at addressing the complex cybersecurity challenges posed by generative AI, providing organizations with the tools needed to safeguard their digital assets effectively.

While the adoption of generative AI presents immense opportunities for innovation, it also brings forth significant cybersecurity challenges. By implementing robust governance frameworks, educating employees, and leveraging advanced security solutions, organisations can navigate these risks and harness the transformative power of AI responsibly.