Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Business Security. Show all posts
Technology
Business Security ChatGPT Data Privacy Generative AI Technology

Risks of Generative AI for Organisations and How to Manage Them

 

Employers should be aware of the potential data protection issues before experimenting with generative AI tools like ChatGPT. You can't just feed human resources data into a generative AI tool because of the rise in privacy and data protection laws in the US, Europe, and other countries in recent years. After all, employee data—including performance, financial, and even health data—is often quite sensitive.

Obviously, this is an area where companies should seek legal advice. It's also a good idea to consult with an AI expert regarding the ethics of utilising generative AI (to ensure that you're acting not only legally, but also ethically and transparently). But, as a starting point, here are two major factors that employers should be aware of. 

Feeding personal data

As I previously stated, employee data is often highly sensitive and sensitive. It is precisely the type of data that, depending on your jurisdiction, is usually subject to the most stringent forms of legal protection.

This makes it highly dangerous to feed such data into a generative AI tool. Why? Because many generative AI technologies use the information provided to fine-tune the underlying language model. In other words, it may use the data you provide for training purposes, and it may eventually expose that information to other users. So, suppose you employ a generative AI tool to generate a report on employee salary based on internal employee information. In the future, the AI tool can employ the data to generate responses for other users (outside of your organisation). Personal information could easily be absorbed by the generative AI tool and reused. 

This isn't as shady as it sounds. Many generative AI programmes' terms and conditions explicitly specify that data provided to the AI may be utilised for training and fine-tuning or revealed when users request cases of previously submitted inquiries. As a result, when you agree to the terms of service, always make sure you understand exactly what you're getting yourself into. Experts urge that any data given to a generative AI service be anonymised and free of personally identifiable information. This is frequently referred to as "de-identifying" the data.

Risks of generative AI outputs 

There are risks associated with the output or content developed by generative AIs, in addition to the data fed into them. In particular, there is a possibility that the output from generative AI technologies will be based on personal data acquired and handled in violation of data privacy laws. 

For example, suppose you ask a generative AI tool to provide a report on average IT salary in your area. There is a possibility that the programme will scrape personal data from the internet without your authorization, violating data protection rules, and then serve it to you. Employers who exploit personal data provided by a generative AI tool may be held liable for data protection violations. For the time being, it is a legal grey area, with the generative AI provider likely bearing the most or all of the duty, but the risk remains. 

Cases like this are already appearing. Indeed, one lawsuit claims that ChatGPT was trained on "massive amounts of personal data," such as medical records and information about children, that was accessed without consent. You do not want your organisation to become unwittingly involved in a litigation like this. Essentially, we're discussing an "inherited" risk of violating data protection regulations. However, there is a risk involved. 

The way forward

Employers must carefully evaluate the data protection and privacy consequences of utilising generative AI and seek expert assistance. However, don't let this put you off adopting generative AI altogether. Generative AI, when used properly and within the bounds of the law, can be an extremely helpful tool for organisations.
Read more »
Thread Landscape
Business Security Cyber defense Cyber Security Machine Identity Thread Landscape

Machine Identities Pose Major Threat to Indian Organizations: CyberArk

 

In an era where digital transformation is swiftly reshaping the business world, the most recent research from CyberArk, an identity security company, highlights a growing concern: identity-related breaches. 

The 2024 Identity Security Threat Landscape Report highlights a concerning trend among Indian companies, with 93% reporting two or more identity-related breaches in the previous year. This worrying number demonstrates how Artificial Intelligence (AI) boosts both cyber defences and attacker capabilities by increasing the rate at which these identities are created. 

The rise of machine identities 

As organisations implement multi-cloud strategies and integrate AI-driven programmes, the number of machine identities expands. These identities, which are frequently allowed sensitive or privileged access, are currently regarded as the riskiest category. 

Unlike human identities, machine identities usually lack effective security protections, making them ideal targets for cyber attackers. The report emphasises that machine identities are the key driver of identity expansion, with 50% of organisations expecting a threefold increase in identities over the next year.

Humans vs. Machines: A security gap

The findings reveal a huge discrepancy in how organisations approach human and machine identities. While 53% of organisations define privileged users as human exclusively, 46% broaden the definition to cover any identities with sensitive access, whether human or machine. This mismatch highlights a key vulnerability in identity security solutions, emphasising the necessity for a unified strategy. 

AI’s role in cyber defense 

The report also focuses on AI's dual function in cybersecurity. Nearly every organisation (99%) is using AI-powered solutions to strengthen their defences. However, attackers employ the same technologies to increase the sophistication of their attacks. 

Notably, 93% of respondents believe that AI-powered goods will create new security risks in the coming year. Despite these concerns, 84% of security professionals are confident that their employees can detect deepfakes in organisational leadership, demonstrating greater awareness and training in organisations. 

Conclusion

The findings of the CyberArk research serve as a sharp reminder of the changing threat landscape and the vital role of strong identity safety measures.

As organisations expand their digital footprints, a paradigm shift towards a more integrated and robust cybersecurity design is needed. Organisations can better safeguard themselves against the ever-expanding range of digital threats by prioritising identity security in their strategy.
Read more »
Threat Landscape
Business Security Cyber Attacks Dutch Firm Ransomware attack Threat Landscape

Dutch Threat Experts Issues Warning to Companies Regarding Ransomware Attack

 

Thousands of companies have received alerts about a global ransomware attack from the Dutch cybersecurity agencies. The perpetrators, known as the Cactus Gang, hail from Eastern Europe and have been operating since the end of last year.

The gang infiltrated the companies' networks because the companies used a Qlik Sense server. The Dutch experts stated they noticed that many of these systems are susceptible to ransomware attacks. The professionals work for Fox-IT of Delft, Northwave of Utrecht, Responders of Amsterdam, and ESET of Sliedrecht. 

The attackers were able to breach the security systems of 122 firms, at least ten of those based in the Netherlands. The security specialists exchanged details regarding the situation and realised that victims were being attacked in the same manner each time. The four companies reported their findings to the Dutch authorities.

Around 5,200 Qlik Sense servers are in use around the world, with around 3,100 of them vulnerable. According to Dutch security organisations, "the cooperation has potentially helped prevent a maximum of 3,100 victims of the Cactus Gang.”

Only recently have police, prosecutors, and security officials begun sharing details regarding ransomware attacks. This is why the collaboration project, Melissa, was established last year. Since then, additional operations against cybercriminals have been accomplished successfully. "Mutual confidence has grown strongly as a result of this," security expert Willem Zeeman from Fox-IT stated.

The Digital Trust Centre (DTC), which is part of the Ministry of Economic Affairs, notified Dutch enterprises so that they might take precautions. The Dutch Institute for Vulnerability Disclosure (DIVD) notified foreign cyber organisations, such as the American Cybersecurity & Infrastructure Security Agency (CISA) and the FBI. 

Ransomware attacks have wreaked havoc on numerous Dutch businesses and institutions in recent years. The victims included the Dutch football association KNVB, the VDL Group, Maastricht University, Hof van Twente, RTL Nederland, the Dutch Organisation for Scientific Research (NWO), and Mediamarkt. 

In the majority of cases, a ransom was demanded. Last year, the Digital Trust Centre notified more than 140,000 Dutch companies of specific cyber threats.
Read more »
Threat Landscape
Business Security Cyber Security Multi-Layer Security Threat Intelligence Threat Landscape

Defense-in-Depth: A Layered Approach for Modern Cybersecurity

 

The cybersecurity landscape has shifted dramatically in recent years. Malware, phishing attempts, and data breaches have grown in frequency and scope, prompting organisations to invest more time and money into enhancing their cybersecurity strategies. Organisations should be aware of the shifting threat landscape, asking themselves what issues they face today and what specific steps they can take to mitigate the risks of cybercrime

This was the topic of discussion between cybersecurity expert Jon Bernstein and John Shier, field CTO commercial at Sophos, as they analysed how the security landscape is moving with increasingly sophisticated crime and what this implies for the future of business security. 

Shier highlighted multiple critical takeaways, including the evolution of cybercrime professionalisation and specialisation. Firewalls and multilayering defences, such as multi-factor authentication (MFA), have become critical additions to current organisational security layers in order to react to changing hacker techniques.

“We are getting better at detection, and are able to catch these people in the act sooner, but they know that. They know we’re better at detection, we have better tools and services, to aid in this quest of detecting them sooner and so they move faster, naturally,” noted Shier. “The faster we attack, the more we start to prevent these attacks, then the faster we can break their cadence and get in the way.” 

Shier also reviewed Sophos' recent research, 'Stopping Active Adversaries,' which identifies the most prevalent and emerging ways hackers infiltrate organisations. The study, which is based on an evaluation of 232 large cyber incidents managed by Sophos X-Ops incident responders, provides helpful suggestions for security strategy. 

Among its primary results are that compromised credentials and exploited vulnerabilities remain the most common entry points, and attacks are becoming faster. Ransomware dwell duration was reduced to five days in 2023, down from larger levels in previous years, and 91% of ransomware assaults occurred outside of business hours, highlighting the necessity for organisations to invest in round-the-clock protection.

Three steps to enhance security 

Shier highlights the need of three elements for organisations in combating these threats: security, monitoring, and response. "Securing means increasing friction wherever possible, using strong levels of multifactor authentication. "That is critical, and it should be applied wherever possible," Shier added. 

Shier warns that cybercriminals will only adapt when absolutely necessary. He suggests raising the bar so high that some cybercriminals' tactics "won't be worth it anymore," but reminds businesses that they no longer need to navigate their cybersecurity journey alone, and can rely on beneficial partnerships to maintain airtight security for their organisation and employees.

“Getting security right can be difficult and time-consuming, it’s resource-consuming and expensive,” Shier added. “When you find yourself in a situation where you think, I’m having trouble doing this on my own, go ask for help. There are plenty of organisations out there, whether it’s people you can partner with for your IT infrastructure or vendors that can help you, ask for help, we’re here to help, and we’ve got the experience to keep you safe.” 

During this extensive discussion, Shier offere more insightful details and recommendations to help organisations create a thorough cybersecurity plan. The dynamic landscape of cybercrime and security underscores the significance of implementing multi-layered defences and the necessity for constant protection. Businesses can keep their digital assets safe and remain ahead of cyber threats by taking proactive measures to secure, monitor, and respond.
Read more »
Threat Landscape
Business Security CISO Cyber Security Dark Web Data Privacy Threat Landscape

Here's Why Tracking Everything on the Dark Web Is Vital

 

Today, one of the standard cybersecurity tools is to constantly monitor the Dark Web - the global go-to destination for criminals - for any clues that the trade secrets and other intellectual property belonging to the organisation have been compromised. 

The issue lies in the fact that the majority of chief information security officers (CISOs) and security operations centre (SOC) managers generally assume that any discovery of sensitive company data indicates that their enterprise systems have been successfully compromised. That's what it might very well mean, but it could also mean a hundred different things. The data may have been stolen from a supply chain partner, a corporate cloud site, a shadow cloud site, an employee's home laptop, a corporate backup provider, a corporate disaster recovery firm, a smartphone, or even a thumb drive that was pilfered from a car.

When dealing with everyday intellectual property, such as consumer personal identifiable information (PII), healthcare data, credit card credentials, or designs for a military weapons system, knowing that some version of it has been acquired is useful. However, it is nearly hard to know what to do unless the location, timing, and manner of the theft are known. 

In some cases, the answer could be "nothing." Consider some of your system's most sensitive files, including API keys, access tokens, passwords, encryption/decryption keys, and access credentials. If everything is carefully recorded and logged, your team may find that the discovered Dark Web secrets have already been systematically deleted. There would be no need for any further move.

Getting the info right

Most CISOs recognise that discovering secrets on the Dark Web indicates that they have been compromised. However, in the absence of correct details, they frequently overreact — or improperly react — and implement costly and disruptive modifications that may be entirely unnecessary. 

This could even include relying on wrong assumptions to make regulatory compliance disclosures, such as the European Union's General Data Protection Regulation (GDPR) and the Securities and Exchange Commission's (SEC) cybersecurity obligations. This has the potential to subject the organisation to stock drops and compliance fines that are avoidable. 

Establishing best practices

You must keep a tightly controlled inventory of all of your secrets, including intricate and meticulous hashing techniques to trace all usage and activity. This is the only way to keep track of all activity involving your machine credentials in real time. If you do this aggressively, you should be able to detect a stolen machine credential before it reaches the Dark Web and is sold to the highest bidder.

Another good strategy is to regularly attack the Dark Web — and other evil-doers' dens — with false files to add a lot of noise to the mix. Some discriminating bad guys may avoid your data totally if they are unsure if it is genuine or not.
Read more »
UK Firms
Business Security Corporate Finance Cyber Security Data Safety Threat Landscape UK Firms

City Cyber Taskforce Introduced to Safeguard Corporate Finance in UK

 

Two of the UK's main accounting and security agencies are forming a new taskforce today to help organisations enhance the security of their corporate finance transactions. 

The effort is being led by the Institute of Chartered Accountants in England and Wales (ICAEW) in partnership with the National Cyber Security Centre. Other representatives from banking, law, consulting, and other fields include the Association of Corporate Treasurers, the British Private Equity and Venture Capital Association, Deloitte, EY, KPMG, the Law Society, the London Stock Exchange, the Takeover Panel, and UK Finance.

During the task force's launch earlier this week, the 14 organisations published new regulations meant to help businesses mitigate cyber-risk while engaging in corporate finance activities, such as capital raising, mergers and acquisitions, and initial public offerings. 

Important guidelines regarding building resilience against cyberattacks, protecting commercially sensitive data shared during deal processes, and responding to breaches were all included in Cyber Security in Corporate Finance. Additionally, it will include important details about various cyber-risks. 

According to Michael Izza, CEO of ICAEW, organisations may be vulnerable to security breaches when confidential information is shared during a transaction. 

“A cyber-attack could have a potentially disastrous impact on the dealmaking process, and so it is crucial that boardrooms across the country treat threats very seriously and take preventative action,” Izza added. “We must do all that we can to ensure London remains a pre-eminent place to do deals, raise investment and generate growth.” 

Sarah Lyons, NCSC deputy director for economy and society, stated that chartered accountants are becoming an increasingly appealing target for threat actors due to the sensitive financial and risk data they handle. 

A breach in this sector can not only jeopardise organisations and their customers, but can also undermine trust, confidence and reputation. I'd encourage everyone from across the industry to engage with this report and the NCSC's range of practical guidance, to help increase their cyber resilience, Lyons advised.
Read more »
Threat Landscape
Business Security Cyber Security Data Backup Ransomware attack Threat Landscape

Cohesity Research Shows That Most Firms Break Their "Do Not Pay" Policies by Paying Millions in Ransoms

 

While a "do not pay" ransomware policy may sound appealing in theory, thwarting attackers' demand for ransom in exchange for stolen data is easier said than done. A recent study conducted by Cohesity, a leader in AI-powered data security management, reveals this truth.

The study surveyed over 900 IT and security decision makers who "take an if not when" approach regarding cyberattacks on their business. According to the study, 94% of participants stated that their organisation would pay a ransom to retrieve data and resume commercial operations, with 5% responding, "Maybe, depending on the ransom amount." 

The majority of those surveyed had paid a ransom in the previous two years, and the vast majority predicted that the threat of cyberattacks will increase dramatically by 2024. Worryingly, 79% of respondents reported that their firm has been the victim of a ransomware assault between June and December 2023. As a result, 96% of respondents believe the threat of cyberattacks to their industry would increase this year, with 71% expecting it to increase by more than 50%. 

9 out of 10 companies paid ransom 

Sixty-seven percent of respondents stated their organisation would be prepared to pay more than $3 million to retrieve data and restore business processes, while 35% were willing to pay $5 million as ransom. The study also demonstrated the need of being able to respond and recover, as 9 in 10 respondents indicated their organisation had paid a ransom in the previous two years, despite 84% claiming their company had a "do not pay" policy.

"Organisations can't control the increasing volume, frequency, or sophistication of cyberattacks such as ransomware," explained Brian Spanswick, Cohesity's chief information security officer and head of IT. "What they can control is their cyber resilience, which is the ability to respond quickly and recover. 

Expanding ransomware tactics

Since every ransomware incident is unique, the best people to determine whether or not to pay a ransom should be law enforcement or the cyber insurance provider for a company. Now, it appears that each ransomware attack is becoming more sophisticated and intense as the attack surface keeps expanding. 

Delinea, a privileged access management (PAM) company, stated in its annual State of Ransomware report that the growing quantity and frequency of ransomware assaults indicate a shift in attackers' strategy. 

According to Delinea, new tactics that use "stealth" to exfiltrate sensitive and private data have supplanted the tried and tested approaches of crippling a business and holding it hostage. For this motive, hackers usually make threats to either exploit the data to secure an attractive cyber insurance payout or sell it to the highest bidder on the darknet. 

Remember that external as well as internal sources can pose a threat to an organisation's cybersecurity. 90% of respondents stated insider threats are more or equally difficult to identify and avoid than external attacks, as the Securonix 2024 Insider Threat Report attests.
Read more »
threat report
Business Security CISOs Cyber Security Data Safety threat report

CISOs in the Firing Line as Cybercriminals Continue to Target Firms

 

Businesses are feeling the effects of cyberattacks hard; a staggering 90% of CISOs report that their organisation has experienced one during the past year. 

In the latest research from Splunk, 83% of CISOs who responded to a poll stated they have paid out, with more than half paying more than $100,000. 

They fear that generative AI will become more prevalent and provide attackers an advantage. However, companies are testing out such tools in their cyber defences, with 93% of their processes utilising automation either moderately or intensively. 

Splunk claims that the so-called "tool sprawl" issue, which is "likely compounding existing visibility issues," is another issue that is now emerging. A whopping 88% of CISOs seek to stop the expansion using tools like security orchestration, automation, and response (SOAR) and security information and event management (SIEM). 

By using solutions like these, they seek to reduce the number of tools required and simplify defence through automation.

Nearly half of the CISOs who responded to the survey also stated that they now directly report to their CEO, with CISOs being increasingly in charge of directing cybersecurity strategy. They frequently take part in board meetings across all sectors. Additionally, 90% of CISOs reported that their board is now more concerned about cybersecurity than it was two years ago. 

As a result, 93% of CISOs anticipate an increase in their cybersecurity budget over the next year, whereas 83% anticipate decreases in other areas of the organisation. 80% of CISOs say their organisation has encountered additional dangers as the economy has deteriorated. 

Greater collaboration has also happened across the organisation, with 92% of CISOs reporting that cybersecurity collaboration between teams has increased moderately or significantly as a result of digital transformation projects and cloud native adoption. Although 42% of respondents felt there was room for improvement in terms of results, 77% reported that IT and development teams worked together to identify the underlying causes of issues. 

Splunk CISO Jason Lee stated that, "the C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions," further stating, "these relationships provide CISOs the opportunity to become champions who strengthen an organization's security culture and lead teams to become more cross-collaborative and resilient." 

"By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defense management and prepare for the future," Lee concluded.
Read more »
Revenue Loss
Business Security Cyber Attacks Data Leak Indian Firm Pharmaceutical Firms Revenue Loss

Granules India in Huge Loss After Cyber Attack Erodes Top Line

 

Granules India (GRAN.NS) issued a warning on Thursday regarding a huge loss in revenue and profitability as a result of a cyber security incident the pharmaceutical firm experienced in the latter part of May. 

The IT security breach caused a considerable disruption in its business operations because of extensive adjustments to its IT infrastructure, the manufacturer of paracetamol claimed in an exchange filing. Granules India disclosed the information security incident on May 25 and added that the affected IT assets have been contained. 

The company reported that it has now been able to get production up to levels that were close to normal, but it also noted backlogs and delays in getting materials cleared for quality system approvals before shipping the goods. 

LockBit, a ransomware gang linked to Russia, has claimed responsibility for a hack on Indian pharmaceutical giant Granules India and uploaded some of the data it allegedly stole. 

A leading maker of pharmaceuticals in India since its founding in 1984 is Granules India. Many generic medications, including paracetamol, ibuprofen, and metformin, are produced by the Hyderabad-based firm. Moreover, according to information on the company's website, it has more than 300 clients in more than 80 different nations.

The quarterly earnings for the quarter ended March 31 increased 7.8% to $14.6 million, according to a report released by Granules India in May. Shares of the business finished Thursday at $3.50, down marginally from the previous trading day's closing price of $3.48. 

Lockbit spreading wings

According to a recently published joint advisory from the U.S. federal cybersecurity organisation CISA and its international counterparts in Australia, Canada, France, Germany, New Zealand, and the United Kingdom, LockBit emerged as the most frequently utilised ransomware version worldwide in 2022 and 2023. In January 2020, Russian-language cybercrime forums were the first place where the ransomware gang was identified.

The ransomware group has recently made attacks on a number of well-known tech firms, including IT services provider Accenture, electronics producer Foxconn, U.K. health service provider Advanced, and British postal agency Royal Mail. Other victims of the ransomware group include the financial software company Ion Group, the Los Angeles Housing Authority, and the state of California's finance department. 

LockBit threat actors have extorted about $91 million in ransoms through nearly 1,700 attacks targeting U.S. victims since 2020, according to a recent U.S. and foreign joint advisory.
Read more »
Threat Landscape
Business Security Cyber Security Online Safety phishing ransomware attacks Singapore Threat Landscape

Phishing and Ransomware Attacks Continues to Hurt Singapore Businesses

 

Phishing efforts and ransomware remained a significant threat to organisations and individuals in Singapore in 2022, despite indicators that cyber hygiene is improving in the city-state, according to a new report from the country's Cyber Security Agency (CSA).

In contrast to the 3,100 incidents handled in 2021, around 8,500 phishing attempts were reported to the Singapore Cyber Emergency Response Team (SingCert) last year, according to the Singapore Cyber Landscape (SCL) 2022. 

Given its low cost and lax usage constraints, top-level domains ending in ".xyz" are favoured by threat actors in more than half of the recorded cases. 

Banks and other financial institutions were the most frequently impersonated companies in phishing attacks. These businesses are frequent targets because they store sensitive and valuable data such as user names and login credentials. 

According to the CSA, the rise in reported phishing attempts followed global trends. Several cyber security providers noted that phishing activities had increased in 2022. In total, SingCert assisted in the removal of 2,918 harmful phishing websites last year. Organisations in Singapore have also been hit by the global ransomware threat, which shows no signs of decreasing.

In contrast to the 137 incidents reported in 2021, 132 ransomware cases were reported to the CSA last year. While the number of reported ransomware attacks has decreased slightly, it is still alarming that small and medium-sized businesses (SMEs) have been hit, particularly those in manufacturing and retail, which may have valuable data and intellectual property (IP) that cybercriminals are interested in stealing. 

There was also a reduction in infected infrastructure, which the CSA described as compromised systems used for harmful reasons such as executing distributed denial of service (DDoS) attacks or spreading malware and spam. In 2022, the CSA discovered 81,500 infected systems in Singapore, a 13% decrease from 94,000 in 2021. 

Despite a high increase in contaminated infrastructure worldwide, Singapore's global proportion of infected infrastructure declined from 0.84% in 2021 to 0.34% in 2022. Although the drop in infected infrastructure in Singapore indicates an increase in cyber hygiene levels, the absolute number of infected systems in Singapore remains high, according to the CSA. 

Colbalt Strike, Emotet, and Guloader were the top three malware infections on locally hosted command and control servers, while Gamarue, Nymaim, and Mirai were the top three malware infections on locally hosted botnet drones, accounting for about 80% of Singapore IP addresses infected by malware in 2022. 

CSA also noted potential threats in its research, such as those related with the expanding deployment of artificial intelligence, which might be leveraged by both cyber attackers and defenders. While machine learning can provide real-time insights about cyber threats, it can also be utilised for malicious purposes, such as highly focused spear-phishing efforts. 

"2022 saw a heightened cyber threat environment fuelled by geopolitical conflict and cybercriminal opportunism as Covid-19 restrictions began to ease," noted David Koh, commissioner of cyber security and CEO of CSA.

"As with many new technology, emerging technologies such as chatbots have two sides. While we should be optimistic about the opportunities it presents, we must also manage the risks that come with it. "The government will continue to increase its efforts to protect our cyberspace, but businesses and individuals must also play a role," he added.
Read more »
Threat Landscape
Business Security Cyber Security Cyber Threats IT Security Online Safety Threat Landscape

How to Keep Up With a Shifting Threat Landscape

 

Cybercrime is a problem that is only escalating and is bad for business, as one might anticipate. Regardless of how you feel about it, it forces your business to take action in order to secure its infrastructure.

Current threat landscape

It's critical to understand the danger landscape in order to understand what you're up against. Studying this offers you a general idea of the kinds of problems you can anticipate seeing, and just like the environment, it is constantly changing—never remaining static for very long. Even the most creative security researchers and the developers backing them up constantly face numerous threats that aim to impede their work. What will you do to safeguard your company from these difficulties? 

We saw hacktivists launch disruptive assaults, steal technological source code, and utilise wiper malware last year, in addition to hacks on vital infrastructure (particularly rail).

A cyberattack that affected the websites and production lines of the Mobarakeh Steel Company (MSC), Khouzestan Steel Company (KSC), and Hormozgan Steel Company (HOSCO) occurred in June and July of 2022. The hacktivist collective Gonjeshke Darandehat, who earlier in the year used wiper malware to damage the Iranian train system, claimed responsibility for the attack. This incident proves that threat actors can attack key infrastructure, regardless of their intentions or affiliations. 

A number of disruptive attacks on businesses in the manufacturing, oil, water, and electric utility sectors occurred between the months of August and September. The fourth-largest U.S. health system with 140 associate hospitals, CommonSpirit Health, was the target of a ransomware attack in October. The attack caused delays in patient operations such as surgery. Moreover, there were numerous cyberattacks across Europe. A ransomware attack at the French hospital Corbeil-Essonnes in December led to a data loss and operational interruption. 

Additionally in November, a cyberattack targeted Continental, a major player in the automobile and rail industries that creates cutting-edge technologies including autonomous brake systems, vehicle monitoring systems, and navigational systems. Prior to the attack, the attackers had already broken into Continental's networks, giving them access to countless technical documents and source code relevant to Continental's cutting-edge technologies. The possibility of attackers gaining access to these technologies' source code is quite concerning. 

Mitigation tips

The most important thing you can do to safeguard your company is to make sure your staff are aware of the threats they pose and their own personal duty to keep your company safe. You should create a thorough cybersecurity training course that is updated on a regular basis, then give it to your workers.

You can give advice on how to make secure passwords, use two-factor authentication, recognise phishing scams, and other topics. People will behave more consciously throughout the day if you instruct them about security. 

Many software components make up your company, so be sure that all of them are updated to prevent the newest attacks from exploiting a flaw. This also applies to browser add-ons. Researchers advise putting a plan in place to periodically assess your IT assets to make sure they are patched, updated, and secured.
Read more »
Zero Trust Authentication
Business Security Cyber Security Online Security User Credentials User Privacy Zero Trust Authentication

Beyond Identity Officially Announces the Release of ‘Zero Trust Authentication'

 

Beyond Identity's launch of Zero Trust Authentication is a game-changer in the field of cybersecurity. The sub-category of zero-trust security is a step forward in aligning verification with zero-trust principles. The passwordless capability and phishing resistance features of Zero Trust Authentication enable businesses to verify the identities of people and devices with zero-trust-level certainty. This is crucial because, without such enhanced verification capacities, organizations cannot truly implement zero trust security. 

Organizations supporting Zero Trust Authentication, which was created to address the drawbacks of conventional authentication techniques, include Palo Alto Networks, CrowdStrike, Optiv, Ping Identity, the Cloud Security Alliance, and the FIDO (Fast Identification Online) Alliance. While its category-defining book, Zero Trust Authentication, describes the precise capabilities, requirements, policies, and best practises, Beyond Identity said it will provide practical Zero Trust Authentication advice to clients and channel partners through international and local events throughout 2023. 

One of the trickier problems that CISOs still have to deal with is authentication, as interoperability, usability, technical constraints, and vulnerabilities frequently make it difficult to identify and authorise individuals and devices effectively.

Zero Trust Authentication's seven prerequisites 

In order to distinguish Zero Trust Authentication from conventional authentication, Beyond Identity outlines seven requirements.

Passwordless: No passwords or other shared secrets that can be easily gained from users, recorded on networks, or hacked from databases are used. 

Phishing resistance: No chance of obtaining codes, magic links, or other authentication elements via phishing, adversary-in-the-middle, or other assaults. 

Capable of verifying user devices: Capable of ensuring that requesting devices are bound to a user and have access to information assets and applications. 

Capable of assessing device security posture: Able to identify whether devices adhere to security policies by ensuring that necessary security settings are enabled and security software is operating. 

Capable of assessing a wide range of risk signals: Competent of ingesting and analysing data from endpoints as well as security and IT management tools, allowing policy engines to assess risks based on parameters such as user behaviour, device security posture, and detection and response tool status. 

Ongoing risk assessment: The ability to analyse risk throughout a session rather than depending on one-time authentication. Integrating with security infrastructure: Connecting with a range of security infrastructure technologies to increase risk detection, faster reaction to suspicious behaviour, and improve audit and compliance reporting. 

Modern authentication techniques are ineffective

Existing identification approaches are failing miserably, says Jasson Casey, CTO at Beyond Identity, to CSO. The conventional method of security was creating a perimeter around the network and placing your trust in the users and equipment inside of it. This strategy, though, is no longer adequate. The perimeter-based paradigm failed since there are many cloud-based resources and users can work or access resources from anywhere. 

A network-based perimeter and implicit trust are absent from a zero-trust strategy, Casey continues. Casey contends that as every person and device must instead demonstrate their reliability, zero-trust authentication is a crucial component of any comprehensive zero-trust strategy. 

Simply put, efforts to prevent adversaries from penetrating systems, gaining access to accounts, or delivering ransomware won't be successful if an organisation executes the majority of zero-trust features flawlessly while continuing to rely on ineffective authentication techniques. 

By eschewing passwords and outdated multifactor authentication (MFA) and adopting the tenet of "never trusting and always confirming," Casey claims that adopting zero-trust authentication enables enterprises to put contemporary, effective security techniques into practice. 

“The approach enables several benefits for organizations including a higher level of security by reducing the attack surface and making it more difficult for attackers to move within the network. In addition, it enables more flexible working arrangements as employees can work remotely while maintaining high security. Lastly, it helps organizations to remain compliant with constantly updating regulations by providing a secure, auditable security framework,” Casey concluded.
Read more »
Technology
Business Security Cloud Security Cloud Services data security Malicious Hackers Technology

Future of the Cloud is Plagued by Security Issues

 

Several corporate procedures require the use of cloud services. Businesses may use cloud computing to cut expenses, speed up deployments, develop at scale, share information effortlessly, and collaborate effectively all without the need for a centralised site. 

But, malicious hackers are using these same services more and more inappropriately, and this trend is most likely to continue in the near future. Cloud services are a wonderful environment for eCrime since threat actors are now well aware of how important they are. The primary conclusions from CrowdStrike's research for 2022 are as follows. 

The public cloud lacks specified perimeters, in contrast to conventional on-premises architecture. The absence of distinct boundaries presents a number of cybersecurity concerns and challenges, particularly for more conventional approaches. These lines will continue to blur as more companies seek for mixed work cultures. 

Cloud vulnerability and security risks

Opportunistically exploiting known remote code execution (RCE) vulnerabilities in server software is one of the main infiltration methods adversaries have been deploying. Without focusing on specific industries or geographical areas, this involves searching for weak servers. Threat actors use a range of tactics after gaining initial access to obtain sensitive data. 

One of the more common exploitation vectors employed by eCrime and targeted intrusion adversaries is credential-based assaults against cloud infrastructures. Criminals frequently host phoney authentication pages to collect real authentication credentials for cloud services or online webmail accounts.

These credentials are then used by actors to try and access accounts. As an illustration, the Russian cyberspy organisation Fancy Bear recently switched from using malware to using more credential-harvesting techniques. Analysts have discovered that they have been employing both extensive scanning methods and even victim-specific phishing websites that deceive users into believing a website is real. 

However, some adversaries are still using these services for command and control despite the decreased use of malware as an infiltration tactic. They accomplish this by distributing malware using trusted cloud services.

This strategy is useful because it enables attackers to avoid detection by signature-based methods. This is due to the fact that many network scanning services frequently trust cloud hosting service top-level domains. By blending into regular network traffic, enemies may be able to get around security restrictions by using legitimate cloud services (like chat).

Cloud services are being used against organisations by hackers

Using a cloud service provider to take advantage of provider trust connections and access other targets through lateral movement is another strategy employed by bad actors. The objective is to raise privileges to global administrator levels in order to take control of support accounts and modify client networks, opening up several options for vertical spread to numerous additional networks. 

Attacks on containers like Docker are levelled at a lower level. Criminals have discovered ways to take advantage of Docker containers that aren't set up properly. These images can then be used as the parent to another application or on their own to interact directly with a tool or service. 

This hierarchical model means that if malicious tooling is added to an image, every container generated from it will also be compromised. Once they have access, hostile actors can take advantage of these elevated privileges to perform lateral movement and eventually spread throughout the network. 

Prolonged detection and reaction

Extended detection and reaction is another fundamental and essential component of effective cloud security (XDR). A technology called XDR may gather security data from endpoints, cloud workloads, network email, and many other sources. With all of this threat data at their disposal, security teams can quickly and effectively identify and get rid of security threats across many domains thanks to XDR. 

Granular visibility is offered by XDR platforms across all networks and endpoints. Analysts and threat hunters can concentrate on high-priority threats because they also provide detections and investigations. This is due to XDR's ability to remove from the alert stream abnormalities that have been deemed to be unimportant. Last but not least, XDR systems should include thorough cross-domain threat data as well as information on everything from afflicted hosts and underlying causes to indicators and dates. The entire investigation and treatment procedure is guided by this data.

While threat vectors continue to change every day, security breaches in the cloud are getting more and more frequent. In order to safeguard workloads hosted in the cloud and to continuously advance the maturity of security processes, it is crucial for businesses to understand current cloud risks and use the appropriate technologies and best practises.
Read more »
SQL Server
Business Security Cyber Attacks Data Risk Sever HAck SQL Server

Cyber Assaults via Microsoft SQL Server Surged by 56 percent in 2022

 

Threat analysts at Kaspersky have identified a surge in the number of assaults that employ Microsoft SQL Server processes to attempt to access company infrastructure. 

Earlier this year in September, more than 3,000 SQL servers, which are employed by organizations and small and medium-sized enterprises across the globe to manage databases, were impacted, which is a surge of 56 percent compared to the same period last year, as per the latest findings from Kaspersky’s Managed Detection and Response Report. 

According to Sergey Soldatov, Head of Security Operations Center at Kaspersky, the number gradually increased during the last year, and in April 2022, the number exceeded 3,000, only to see a slight decrease in July and August. 

“Despite the popularity of Microsoft SQL Server, companies do not pay enough attention to protecting against software-related threats. Attacks using malicious processes on SQL Server have been known for a long time, but perpetrators continue to use them to gain access to company infrastructure,” stated Sergey Soldatov. 

There had been a number recent incidents where Microsoft SQL Servers has been exploited by actors. In April, hackers were identified deploying Cobalt Strike beacons on such devices. News of attacks against MS-SQL has also popped up in May, June, as well as October, this year. 

Normally hackers search the internet for endpoints with an open TCP port 1433, and then conduct brute-force attacks against them, until they guess the password. 

Mitigation tips 

To protect against enterprise-targeted threats, cybersecurity experts recommend the following measures: 

• Always update the software on all the devices you use to prevent attackers from infiltrating your network using vulnerabilities. Install updates for new vulnerabilities immediately, because after that they can no longer be abused. 

• Employ latest information about threats to keep up to date with the tactics, techniques and practices utilized by hackers. 

• Implement an authentic endpoint security solution such as Kaspersky Endpoint Security for organizations which represents effective protection against known and unknown threats. 

• Dedicated services can help combat high-profile attacks. Service Kaspersky Managed Detection and Response can help identify and stop intrusions in the early stages, before the cybercriminals achieve their aims.
Read more »
Vulnerability and Exploits.
API Bug Business Security CVE vulnerability HTTP Patch Fix SAP Vulnerabilities and Exploits Vulnerability and Exploits.

SAP Security Patch for July: Six High Priority Notes

The July 2022 patch release from SAP was released in addition to 27 new and updated SAP Security Notes. The most serious of these problems is information disclosure vulnerability CVE-2022-35228 (CVSS score of 8.3) in the BusinessObjects Business Intelligence Platform's central administration console.

Notes for SAP Business One 

The three main areas that are impacted by the current SAP Security Notes are as follows, hence Onapsis Research Labs advises carefully reviewing all the information:
  • In integration cases involving SAP B1 and SAP HANA, with a CVSS score of 7.6(CVE-2022-32249), patches a significant information release vulnerability. The highly privileged hackers take advantage of the vulnerability to access confidential data that could be used to support further exploits.
  • With a CVSS rating of 7.5 (CVE-2022-28771),  resolves a vulnerability with SAP B1's license service API. An unauthorized attacker can disrupt the app and make it inaccessible by sending bogus HTTP requests over the network if there is a missing authentication step.
  • A CVSS score of 7.4(CVE-2022-31593), is the third High Priority note. This notice patches SAP B1 client vulnerability that allowed code injection. An attacker with low privileges can use the vulnerability to manipulate the application's behavior.
On July 20, 2022, SAP announced 17 security notes to fix vulnerabilities of medium severity, the bulk of which affect the NetWeaver Enterprise Portal and Business Objects.

Cross-site scripting (XSS) vulnerabilities in the NetWeaver Enterprise Portal were addressed in six security notes that SAP published, each of which had a CVSS score of 6.1. Medium-severity problems in Business Objects are covered by five more security notes.

The SAP July Patch Day illustrates the value of examining all SAP Security Notes prior to applying patches. 

Read more »
Scams
attackers Business Security Cyber Fraud FBI Frauds Email security Safety Scams

FBI: Business Email Compromise is a $43 Billion Scam

 

The FBI recently announced that the amount of money lost to business email compromise (BEC) scams is increasing each year, with a 65 per cent rise in identified global exposure losses between July 2019 and December 2021.

From June 2016 to July 2019, IC3 received victim complaints about 241,206 domestic and international occurrences, totalling $43,312,749,946 in exposed cash loss. 

The FBI stated, "Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore." 

This was revealed in a new public service announcement issued on the Internet Crime Complaint Center (IC3) site as an update to a prior PSA dated September 2019, in which the FBI stated victims reported losses to BEC attacks totalling more than $26 billion between June 2016 and July 2019. 

About BEC scams:

BEC scams were the cybercrime type with the highest recorded overall victim losses last year, according to the IC3 2021 Internet Crime Report [PDF]. Based on 19,954 registered complaints relating to BEC attacks against individuals and businesses in 2021, victims reported losses of about $2.4 billion. BEC scammers use a variety of techniques to infiltrate business email accounts, including social engineering, phishing, and hacking, to transfer payments to attacker-controlled bank accounts. 

Small, medium and big enterprises are frequently targeted in this form of scam (also known as EAC or Email Account Compromise). Nonetheless, if the payout is high enough, they will attack individuals. Given that they often imitate someone who has the target's trust, their success rate is also very high. 

However, "the scam is not always associated with a transfer-of-funds request," as the FBI explained in the PSA alert. "One variation involves compromising legitimate business email accounts and requesting employees' Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even cryptocurrency wallets."

The FBI also offered advice on how to protect yourself from BEC scams:
  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying log-in credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
  • Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
Read more »
Subscribe to: Posts (Atom)