Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Business Security. Show all posts

Here's Why Tracking Everything on the Dark Web Is Vital

 

Today, one of the standard cybersecurity tools is to constantly monitor the Dark Web - the global go-to destination for criminals - for any clues that the trade secrets and other intellectual property belonging to the organisation have been compromised. 

The issue lies in the fact that the majority of chief information security officers (CISOs) and security operations centre (SOC) managers generally assume that any discovery of sensitive company data indicates that their enterprise systems have been successfully compromised. That's what it might very well mean, but it could also mean a hundred different things. The data may have been stolen from a supply chain partner, a corporate cloud site, a shadow cloud site, an employee's home laptop, a corporate backup provider, a corporate disaster recovery firm, a smartphone, or even a thumb drive that was pilfered from a car.

When dealing with everyday intellectual property, such as consumer personal identifiable information (PII), healthcare data, credit card credentials, or designs for a military weapons system, knowing that some version of it has been acquired is useful. However, it is nearly hard to know what to do unless the location, timing, and manner of the theft are known. 

In some cases, the answer could be "nothing." Consider some of your system's most sensitive files, including API keys, access tokens, passwords, encryption/decryption keys, and access credentials. If everything is carefully recorded and logged, your team may find that the discovered Dark Web secrets have already been systematically deleted. There would be no need for any further move.

Getting the info right

Most CISOs recognise that discovering secrets on the Dark Web indicates that they have been compromised. However, in the absence of correct details, they frequently overreact — or improperly react — and implement costly and disruptive modifications that may be entirely unnecessary. 

This could even include relying on wrong assumptions to make regulatory compliance disclosures, such as the European Union's General Data Protection Regulation (GDPR) and the Securities and Exchange Commission's (SEC) cybersecurity obligations. This has the potential to subject the organisation to stock drops and compliance fines that are avoidable. 

Establishing best practices

You must keep a tightly controlled inventory of all of your secrets, including intricate and meticulous hashing techniques to trace all usage and activity. This is the only way to keep track of all activity involving your machine credentials in real time. If you do this aggressively, you should be able to detect a stolen machine credential before it reaches the Dark Web and is sold to the highest bidder.

Another good strategy is to regularly attack the Dark Web — and other evil-doers' dens — with false files to add a lot of noise to the mix. Some discriminating bad guys may avoid your data totally if they are unsure if it is genuine or not.

City Cyber Taskforce Introduced to Safeguard Corporate Finance in UK

 

Two of the UK's main accounting and security agencies are forming a new taskforce today to help organisations enhance the security of their corporate finance transactions. 

The effort is being led by the Institute of Chartered Accountants in England and Wales (ICAEW) in partnership with the National Cyber Security Centre. Other representatives from banking, law, consulting, and other fields include the Association of Corporate Treasurers, the British Private Equity and Venture Capital Association, Deloitte, EY, KPMG, the Law Society, the London Stock Exchange, the Takeover Panel, and UK Finance.

During the task force's launch earlier this week, the 14 organisations published new regulations meant to help businesses mitigate cyber-risk while engaging in corporate finance activities, such as capital raising, mergers and acquisitions, and initial public offerings. 

Important guidelines regarding building resilience against cyberattacks, protecting commercially sensitive data shared during deal processes, and responding to breaches were all included in Cyber Security in Corporate Finance. Additionally, it will include important details about various cyber-risks. 

According to Michael Izza, CEO of ICAEW, organisations may be vulnerable to security breaches when confidential information is shared during a transaction. 

“A cyber-attack could have a potentially disastrous impact on the dealmaking process, and so it is crucial that boardrooms across the country treat threats very seriously and take preventative action,” Izza added. “We must do all that we can to ensure London remains a pre-eminent place to do deals, raise investment and generate growth.” 

Sarah Lyons, NCSC deputy director for economy and society, stated that chartered accountants are becoming an increasingly appealing target for threat actors due to the sensitive financial and risk data they handle. 

A breach in this sector can not only jeopardise organisations and their customers, but can also undermine trust, confidence and reputation. I'd encourage everyone from across the industry to engage with this report and the NCSC's range of practical guidance, to help increase their cyber resilience, Lyons advised.

Cohesity Research Shows That Most Firms Break Their "Do Not Pay" Policies by Paying Millions in Ransoms

 

While a "do not pay" ransomware policy may sound appealing in theory, thwarting attackers' demand for ransom in exchange for stolen data is easier said than done. A recent study conducted by Cohesity, a leader in AI-powered data security management, reveals this truth.

The study surveyed over 900 IT and security decision makers who "take an if not when" approach regarding cyberattacks on their business. According to the study, 94% of participants stated that their organisation would pay a ransom to retrieve data and resume commercial operations, with 5% responding, "Maybe, depending on the ransom amount." 

The majority of those surveyed had paid a ransom in the previous two years, and the vast majority predicted that the threat of cyberattacks will increase dramatically by 2024. Worryingly, 79% of respondents reported that their firm has been the victim of a ransomware assault between June and December 2023. As a result, 96% of respondents believe the threat of cyberattacks to their industry would increase this year, with 71% expecting it to increase by more than 50%. 

9 out of 10 companies paid ransom 

Sixty-seven percent of respondents stated their organisation would be prepared to pay more than $3 million to retrieve data and restore business processes, while 35% were willing to pay $5 million as ransom. The study also demonstrated the need of being able to respond and recover, as 9 in 10 respondents indicated their organisation had paid a ransom in the previous two years, despite 84% claiming their company had a "do not pay" policy.

"Organisations can't control the increasing volume, frequency, or sophistication of cyberattacks such as ransomware," explained Brian Spanswick, Cohesity's chief information security officer and head of IT. "What they can control is their cyber resilience, which is the ability to respond quickly and recover. 

Expanding ransomware tactics

Since every ransomware incident is unique, the best people to determine whether or not to pay a ransom should be law enforcement or the cyber insurance provider for a company. Now, it appears that each ransomware attack is becoming more sophisticated and intense as the attack surface keeps expanding. 

Delinea, a privileged access management (PAM) company, stated in its annual State of Ransomware report that the growing quantity and frequency of ransomware assaults indicate a shift in attackers' strategy. 

According to Delinea, new tactics that use "stealth" to exfiltrate sensitive and private data have supplanted the tried and tested approaches of crippling a business and holding it hostage. For this motive, hackers usually make threats to either exploit the data to secure an attractive cyber insurance payout or sell it to the highest bidder on the darknet. 

Remember that external as well as internal sources can pose a threat to an organisation's cybersecurity. 90% of respondents stated insider threats are more or equally difficult to identify and avoid than external attacks, as the Securonix 2024 Insider Threat Report attests.

CISOs in the Firing Line as Cybercriminals Continue to Target Firms

 

Businesses are feeling the effects of cyberattacks hard; a staggering 90% of CISOs report that their organisation has experienced one during the past year. 

In the latest research from Splunk, 83% of CISOs who responded to a poll stated they have paid out, with more than half paying more than $100,000. 

They fear that generative AI will become more prevalent and provide attackers an advantage. However, companies are testing out such tools in their cyber defences, with 93% of their processes utilising automation either moderately or intensively. 

Splunk claims that the so-called "tool sprawl" issue, which is "likely compounding existing visibility issues," is another issue that is now emerging. A whopping 88% of CISOs seek to stop the expansion using tools like security orchestration, automation, and response (SOAR) and security information and event management (SIEM). 

By using solutions like these, they seek to reduce the number of tools required and simplify defence through automation.

Nearly half of the CISOs who responded to the survey also stated that they now directly report to their CEO, with CISOs being increasingly in charge of directing cybersecurity strategy. They frequently take part in board meetings across all sectors. Additionally, 90% of CISOs reported that their board is now more concerned about cybersecurity than it was two years ago. 

As a result, 93% of CISOs anticipate an increase in their cybersecurity budget over the next year, whereas 83% anticipate decreases in other areas of the organisation. 80% of CISOs say their organisation has encountered additional dangers as the economy has deteriorated. 

Greater collaboration has also happened across the organisation, with 92% of CISOs reporting that cybersecurity collaboration between teams has increased moderately or significantly as a result of digital transformation projects and cloud native adoption. Although 42% of respondents felt there was room for improvement in terms of results, 77% reported that IT and development teams worked together to identify the underlying causes of issues. 

Splunk CISO Jason Lee stated that, "the C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions," further stating, "these relationships provide CISOs the opportunity to become champions who strengthen an organization's security culture and lead teams to become more cross-collaborative and resilient." 

"By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defense management and prepare for the future," Lee concluded.

Granules India in Huge Loss After Cyber Attack Erodes Top Line

 

Granules India (GRAN.NS) issued a warning on Thursday regarding a huge loss in revenue and profitability as a result of a cyber security incident the pharmaceutical firm experienced in the latter part of May. 

The IT security breach caused a considerable disruption in its business operations because of extensive adjustments to its IT infrastructure, the manufacturer of paracetamol claimed in an exchange filing. Granules India disclosed the information security incident on May 25 and added that the affected IT assets have been contained. 

The company reported that it has now been able to get production up to levels that were close to normal, but it also noted backlogs and delays in getting materials cleared for quality system approvals before shipping the goods. 

LockBit, a ransomware gang linked to Russia, has claimed responsibility for a hack on Indian pharmaceutical giant Granules India and uploaded some of the data it allegedly stole. 

A leading maker of pharmaceuticals in India since its founding in 1984 is Granules India. Many generic medications, including paracetamol, ibuprofen, and metformin, are produced by the Hyderabad-based firm. Moreover, according to information on the company's website, it has more than 300 clients in more than 80 different nations.

The quarterly earnings for the quarter ended March 31 increased 7.8% to $14.6 million, according to a report released by Granules India in May. Shares of the business finished Thursday at $3.50, down marginally from the previous trading day's closing price of $3.48. 

Lockbit spreading wings

According to a recently published joint advisory from the U.S. federal cybersecurity organisation CISA and its international counterparts in Australia, Canada, France, Germany, New Zealand, and the United Kingdom, LockBit emerged as the most frequently utilised ransomware version worldwide in 2022 and 2023. In January 2020, Russian-language cybercrime forums were the first place where the ransomware gang was identified.

The ransomware group has recently made attacks on a number of well-known tech firms, including IT services provider Accenture, electronics producer Foxconn, U.K. health service provider Advanced, and British postal agency Royal Mail. Other victims of the ransomware group include the financial software company Ion Group, the Los Angeles Housing Authority, and the state of California's finance department. 

LockBit threat actors have extorted about $91 million in ransoms through nearly 1,700 attacks targeting U.S. victims since 2020, according to a recent U.S. and foreign joint advisory.

Phishing and Ransomware Attacks Continues to Hurt Singapore Businesses

 

Phishing efforts and ransomware remained a significant threat to organisations and individuals in Singapore in 2022, despite indicators that cyber hygiene is improving in the city-state, according to a new report from the country's Cyber Security Agency (CSA).

In contrast to the 3,100 incidents handled in 2021, around 8,500 phishing attempts were reported to the Singapore Cyber Emergency Response Team (SingCert) last year, according to the Singapore Cyber Landscape (SCL) 2022. 

Given its low cost and lax usage constraints, top-level domains ending in ".xyz" are favoured by threat actors in more than half of the recorded cases. 

Banks and other financial institutions were the most frequently impersonated companies in phishing attacks. These businesses are frequent targets because they store sensitive and valuable data such as user names and login credentials. 

According to the CSA, the rise in reported phishing attempts followed global trends. Several cyber security providers noted that phishing activities had increased in 2022. In total, SingCert assisted in the removal of 2,918 harmful phishing websites last year. Organisations in Singapore have also been hit by the global ransomware threat, which shows no signs of decreasing.

In contrast to the 137 incidents reported in 2021, 132 ransomware cases were reported to the CSA last year. While the number of reported ransomware attacks has decreased slightly, it is still alarming that small and medium-sized businesses (SMEs) have been hit, particularly those in manufacturing and retail, which may have valuable data and intellectual property (IP) that cybercriminals are interested in stealing. 

There was also a reduction in infected infrastructure, which the CSA described as compromised systems used for harmful reasons such as executing distributed denial of service (DDoS) attacks or spreading malware and spam. In 2022, the CSA discovered 81,500 infected systems in Singapore, a 13% decrease from 94,000 in 2021. 

Despite a high increase in contaminated infrastructure worldwide, Singapore's global proportion of infected infrastructure declined from 0.84% in 2021 to 0.34% in 2022. Although the drop in infected infrastructure in Singapore indicates an increase in cyber hygiene levels, the absolute number of infected systems in Singapore remains high, according to the CSA. 

Colbalt Strike, Emotet, and Guloader were the top three malware infections on locally hosted command and control servers, while Gamarue, Nymaim, and Mirai were the top three malware infections on locally hosted botnet drones, accounting for about 80% of Singapore IP addresses infected by malware in 2022. 

CSA also noted potential threats in its research, such as those related with the expanding deployment of artificial intelligence, which might be leveraged by both cyber attackers and defenders. While machine learning can provide real-time insights about cyber threats, it can also be utilised for malicious purposes, such as highly focused spear-phishing efforts. 

"2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as Covid-19 restrictions began to ease," noted David Koh, commissioner of cyber security and CEO of CSA.

"As with many new technology, emerging technologies such as chatbots have two sides. While we should be optimistic about the opportunities it presents, we must also manage the risks that come with it. "The government will continue to increase its efforts to protect our cyberspace, but businesses and individuals must also play a role," he added.

How to Keep Up With a Shifting Threat Landscape

 

Cybercrime is a problem that is only escalating and is bad for business, as one might anticipate. Regardless of how you feel about it, it forces your business to take action in order to secure its infrastructure.

Current threat landscape

It's critical to understand the danger landscape in order to understand what you're up against. Studying this offers you a general idea of the kinds of problems you can anticipate seeing, and just like the environment, it is constantly changing—never remaining static for very long. Even the most creative security researchers and the developers backing them up constantly face numerous threats that aim to impede their work. What will you do to safeguard your company from these difficulties? 

We saw hacktivists launch disruptive assaults, steal technological source code, and utilise wiper malware last year, in addition to hacks on vital infrastructure (particularly rail).

A cyberattack that affected the websites and production lines of the Mobarakeh Steel Company (MSC), Khouzestan Steel Company (KSC), and Hormozgan Steel Company (HOSCO) occurred in June and July of 2022. The hacktivist collective Gonjeshke Darandehat, who earlier in the year used wiper malware to damage the Iranian train system, claimed responsibility for the attack. This incident proves that threat actors can attack key infrastructure, regardless of their intentions or affiliations. 

A number of disruptive attacks on businesses in the manufacturing, oil, water, and electric utility sectors occurred between the months of August and September. The fourth-largest U.S. health system with 140 associate hospitals, CommonSpirit Health, was the target of a ransomware attack in October. The attack caused delays in patient operations such as surgery. Moreover, there were numerous cyberattacks across Europe. A ransomware attack at the French hospital Corbeil-Essonnes in December led to a data loss and operational interruption. 

Additionally in November, a cyberattack targeted Continental, a major player in the automobile and rail industries that creates cutting-edge technologies including autonomous brake systems, vehicle monitoring systems, and navigational systems. Prior to the attack, the attackers had already broken into Continental's networks, giving them access to countless technical documents and source code relevant to Continental's cutting-edge technologies. The possibility of attackers gaining access to these technologies' source code is quite concerning. 

Mitigation tips

The most important thing you can do to safeguard your company is to make sure your staff are aware of the threats they pose and their own personal duty to keep your company safe. You should create a thorough cybersecurity training course that is updated on a regular basis, then give it to your workers.

You can give advice on how to make secure passwords, use two-factor authentication, recognise phishing scams, and other topics. People will behave more consciously throughout the day if you instruct them about security. 

Many software components make up your company, so be sure that all of them are updated to prevent the newest attacks from exploiting a flaw. This also applies to browser add-ons. Researchers advise putting a plan in place to periodically assess your IT assets to make sure they are patched, updated, and secured.

Beyond Identity Officially Announces the Release of ‘Zero Trust Authentication'

 

Beyond Identity's launch of Zero Trust Authentication is a game-changer in the field of cybersecurity. The sub-category of zero-trust security is a step forward in aligning verification with zero-trust principles. The passwordless capability and phishing resistance features of Zero Trust Authentication enable businesses to verify the identities of people and devices with zero-trust-level certainty. This is crucial because, without such enhanced verification capacities, organizations cannot truly implement zero trust security. 

Organizations supporting Zero Trust Authentication, which was created to address the drawbacks of conventional authentication techniques, include Palo Alto Networks, CrowdStrike, Optiv, Ping Identity, the Cloud Security Alliance, and the FIDO (Fast Identification Online) Alliance. While its category-defining book, Zero Trust Authentication, describes the precise capabilities, requirements, policies, and best practises, Beyond Identity said it will provide practical Zero Trust Authentication advice to clients and channel partners through international and local events throughout 2023. 

One of the trickier problems that CISOs still have to deal with is authentication, as interoperability, usability, technical constraints, and vulnerabilities frequently make it difficult to identify and authorise individuals and devices effectively.

Zero Trust Authentication's seven prerequisites 

In order to distinguish Zero Trust Authentication from conventional authentication, Beyond Identity outlines seven requirements.

Passwordless: No passwords or other shared secrets that can be easily gained from users, recorded on networks, or hacked from databases are used. 

Phishing resistance: No chance of obtaining codes, magic links, or other authentication elements via phishing, adversary-in-the-middle, or other assaults. 

Capable of verifying user devices: Capable of ensuring that requesting devices are bound to a user and have access to information assets and applications. 

Capable of assessing device security posture: Able to identify whether devices adhere to security policies by ensuring that necessary security settings are enabled and security software is operating. 

Capable of assessing a wide range of risk signals: Competent of ingesting and analysing data from endpoints as well as security and IT management tools, allowing policy engines to assess risks based on parameters such as user behaviour, device security posture, and detection and response tool status. 

Ongoing risk assessment: The ability to analyse risk throughout a session rather than depending on one-time authentication. Integrating with security infrastructure: Connecting with a range of security infrastructure technologies to increase risk detection, faster reaction to suspicious behaviour, and improve audit and compliance reporting. 

Modern authentication techniques are ineffective

Existing identification approaches are failing miserably, says Jasson Casey, CTO at Beyond Identity, to CSO. The conventional method of security was creating a perimeter around the network and placing your trust in the users and equipment inside of it. This strategy, though, is no longer adequate. The perimeter-based paradigm failed since there are many cloud-based resources and users can work or access resources from anywhere. 

A network-based perimeter and implicit trust are absent from a zero-trust strategy, Casey continues. Casey contends that as every person and device must instead demonstrate their reliability, zero-trust authentication is a crucial component of any comprehensive zero-trust strategy. 

Simply put, efforts to prevent adversaries from penetrating systems, gaining access to accounts, or delivering ransomware won't be successful if an organisation executes the majority of zero-trust features flawlessly while continuing to rely on ineffective authentication techniques. 

By eschewing passwords and outdated multifactor authentication (MFA) and adopting the tenet of "never trusting and always confirming," Casey claims that adopting zero-trust authentication enables enterprises to put contemporary, effective security techniques into practice. 

“The approach enables several benefits for organizations including a higher level of security by reducing the attack surface and making it more difficult for attackers to move within the network. In addition, it enables more flexible working arrangements as employees can work remotely while maintaining high security. Lastly, it helps organizations to remain compliant with constantly updating regulations by providing a secure, auditable security framework,” Casey concluded.

Future of the Cloud is Plagued by Security Issues

 

Several corporate procedures require the use of cloud services. Businesses may use cloud computing to cut expenses, speed up deployments, develop at scale, share information effortlessly, and collaborate effectively all without the need for a centralised site. 

But, malicious hackers are using these same services more and more inappropriately, and this trend is most likely to continue in the near future. Cloud services are a wonderful environment for eCrime since threat actors are now well aware of how important they are. The primary conclusions from CrowdStrike's research for 2022 are as follows. 

The public cloud lacks specified perimeters, in contrast to conventional on-premises architecture. The absence of distinct boundaries presents a number of cybersecurity concerns and challenges, particularly for more conventional approaches. These lines will continue to blur as more companies seek for mixed work cultures. 

Cloud vulnerability and security risks

Opportunistically exploiting known remote code execution (RCE) vulnerabilities in server software is one of the main infiltration methods adversaries have been deploying. Without focusing on specific industries or geographical areas, this involves searching for weak servers. Threat actors use a range of tactics after gaining initial access to obtain sensitive data. 

One of the more common exploitation vectors employed by eCrime and targeted intrusion adversaries is credential-based assaults against cloud infrastructures. Criminals frequently host phoney authentication pages to collect real authentication credentials for cloud services or online webmail accounts.

These credentials are then used by actors to try and access accounts. As an illustration, the Russian cyberspy organisation Fancy Bear recently switched from using malware to using more credential-harvesting techniques. Analysts have discovered that they have been employing both extensive scanning methods and even victim-specific phishing websites that deceive users into believing a website is real. 

However, some adversaries are still using these services for command and control despite the decreased use of malware as an infiltration tactic. They accomplish this by distributing malware using trusted cloud services.

This strategy is useful because it enables attackers to avoid detection by signature-based methods. This is due to the fact that many network scanning services frequently trust cloud hosting service top-level domains. By blending into regular network traffic, enemies may be able to get around security restrictions by using legitimate cloud services (like chat).

Cloud services are being used against organisations by hackers

Using a cloud service provider to take advantage of provider trust connections and access other targets through lateral movement is another strategy employed by bad actors. The objective is to raise privileges to global administrator levels in order to take control of support accounts and modify client networks, opening up several options for vertical spread to numerous additional networks. 

Attacks on containers like Docker are levelled at a lower level. Criminals have discovered ways to take advantage of Docker containers that aren't set up properly. These images can then be used as the parent to another application or on their own to interact directly with a tool or service. 

This hierarchical model means that if malicious tooling is added to an image, every container generated from it will also be compromised. Once they have access, hostile actors can take advantage of these elevated privileges to perform lateral movement and eventually spread throughout the network. 

Prolonged detection and reaction

Extended detection and reaction is another fundamental and essential component of effective cloud security (XDR). A technology called XDR may gather security data from endpoints, cloud workloads, network email, and many other sources. With all of this threat data at their disposal, security teams can quickly and effectively identify and get rid of security threats across many domains thanks to XDR. 

Granular visibility is offered by XDR platforms across all networks and endpoints. Analysts and threat hunters can concentrate on high-priority threats because they also provide detections and investigations. This is due to XDR's ability to remove from the alert stream abnormalities that have been deemed to be unimportant. Last but not least, XDR systems should include thorough cross-domain threat data as well as information on everything from afflicted hosts and underlying causes to indicators and dates. The entire investigation and treatment procedure is guided by this data.

While threat vectors continue to change every day, security breaches in the cloud are getting more and more frequent. In order to safeguard workloads hosted in the cloud and to continuously advance the maturity of security processes, it is crucial for businesses to understand current cloud risks and use the appropriate technologies and best practises.

Cyber Assaults via Microsoft SQL Server Surged by 56 percent in 2022

 

Threat analysts at Kaspersky have identified a surge in the number of assaults that employ Microsoft SQL Server processes to attempt to access company infrastructure. 

Earlier this year in September, more than 3,000 SQL servers, which are employed by organizations and small and medium-sized enterprises across the globe to manage databases, were impacted, which is a surge of 56 percent compared to the same period last year, as per the latest findings from Kaspersky’s Managed Detection and Response Report. 

According to Sergey Soldatov, Head of Security Operations Center at Kaspersky, the number gradually increased during the last year, and in April 2022, the number exceeded 3,000, only to see a slight decrease in July and August. 

“Despite the popularity of Microsoft SQL Server, companies do not pay enough attention to protecting against software-related threats. Attacks using malicious processes on SQL Server have been known for a long time, but perpetrators continue to use them to gain access to company infrastructure,” stated Sergey Soldatov. 

There had been a number recent incidents where Microsoft SQL Servers has been exploited by actors. In April, hackers were identified deploying Cobalt Strike beacons on such devices. News of attacks against MS-SQL has also popped up in May, June, as well as October, this year. 

Normally hackers search the internet for endpoints with an open TCP port 1433, and then conduct brute-force attacks against them, until they guess the password. 

Mitigation tips 

To protect against enterprise-targeted threats, cybersecurity experts recommend the following measures: 

• Always update the software on all the devices you use to prevent attackers from infiltrating your network using vulnerabilities. Install updates for new vulnerabilities immediately, because after that they can no longer be abused. 

• Employ latest information about threats to keep up to date with the tactics, techniques and practices utilized by hackers. 

• Implement an authentic endpoint security solution such as Kaspersky Endpoint Security for organizations which represents effective protection against known and unknown threats. 

• Dedicated services can help combat high-profile attacks. Service Kaspersky Managed Detection and Response can help identify and stop intrusions in the early stages, before the cybercriminals achieve their aims.

SAP Security Patch for July: Six High Priority Notes

The July 2022 patch release from SAP was released in addition to 27 new and updated SAP Security Notes. The most serious of these problems is information disclosure vulnerability CVE-2022-35228 (CVSS score of 8.3) in the BusinessObjects Business Intelligence Platform's central administration console.

Notes for SAP Business One 

The three main areas that are impacted by the current SAP Security Notes are as follows, hence Onapsis Research Labs advises carefully reviewing all the information:
  • In integration cases involving SAP B1 and SAP HANA, with a CVSS score of 7.6(CVE-2022-32249), patches a significant information release vulnerability. The highly privileged hackers take advantage of the vulnerability to access confidential data that could be used to support further exploits.
  • With a CVSS rating of 7.5 (CVE-2022-28771),  resolves a vulnerability with SAP B1's license service API. An unauthorized attacker can disrupt the app and make it inaccessible by sending bogus HTTP requests over the network if there is a missing authentication step.
  • A CVSS score of 7.4(CVE-2022-31593), is the third High Priority note. This notice patches SAP B1 client vulnerability that allowed code injection. An attacker with low privileges can use the vulnerability to manipulate the application's behavior.
On July 20, 2022, SAP announced 17 security notes to fix vulnerabilities of medium severity, the bulk of which affect the NetWeaver Enterprise Portal and Business Objects.

Cross-site scripting (XSS) vulnerabilities in the NetWeaver Enterprise Portal were addressed in six security notes that SAP published, each of which had a CVSS score of 6.1. Medium-severity problems in Business Objects are covered by five more security notes.

The SAP July Patch Day illustrates the value of examining all SAP Security Notes prior to applying patches. 

FBI: Business Email Compromise is a $43 Billion Scam

 

The FBI recently announced that the amount of money lost to business email compromise (BEC) scams is increasing each year, with a 65 per cent rise in identified global exposure losses between July 2019 and December 2021.

From June 2016 to July 2019, IC3 received victim complaints about 241,206 domestic and international occurrences, totalling $43,312,749,946 in exposed cash loss. 

The FBI stated, "Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore." 

This was revealed in a new public service announcement issued on the Internet Crime Complaint Center (IC3) site as an update to a prior PSA dated September 2019, in which the FBI stated victims reported losses to BEC attacks totalling more than $26 billion between June 2016 and July 2019. 

About BEC scams:

BEC scams were the cybercrime type with the highest recorded overall victim losses last year, according to the IC3 2021 Internet Crime Report [PDF]. Based on 19,954 registered complaints relating to BEC attacks against individuals and businesses in 2021, victims reported losses of about $2.4 billion. BEC scammers use a variety of techniques to infiltrate business email accounts, including social engineering, phishing, and hacking, to transfer payments to attacker-controlled bank accounts. 

Small, medium and big enterprises are frequently targeted in this form of scam (also known as EAC or Email Account Compromise). Nonetheless, if the payout is high enough, they will attack individuals. Given that they often imitate someone who has the target's trust, their success rate is also very high. 

However, "the scam is not always associated with a transfer-of-funds request," as the FBI explained in the PSA alert. "One variation involves compromising legitimate business email accounts and requesting employees' Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even cryptocurrency wallets."

The FBI also offered advice on how to protect yourself from BEC scams:
  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying log-in credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
  • Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.