Search This Blog

Showing posts with label Cyber Security. Show all posts

New Information-Stealing Malware Campaign Targets Online Sellers

Online sellers have become the latest targets of a new information-stealing malware campaign that aims to compromise their sensitive data. Security researchers have discovered a strain of malware called Vidar being deployed in this campaign, with attackers using various methods to distribute the malicious software.

Vidar is a well-known information-stealing malware that has been active since at least 2018. It is designed to collect sensitive data from infected systems, including login credentials, financial information, and other personal details. The malware operates by monitoring the victim's activities and capturing keystrokes, taking screenshots, and even recording audio if necessary.

In this recent campaign, attackers have specifically focused on online sellers, recognizing the potential financial gain from stealing their login credentials and gaining unauthorized access to their e-commerce platforms. By compromising online seller accounts, attackers can manipulate product listings, redirect payments, and exploit customer data for fraudulent purposes.

The distribution methods employed in this campaign are diverse. They range from phishing emails containing malicious attachments or links to infected websites that host exploit kits. Once the malware is successfully installed on the victim's system, it remains silent and works stealthily in the background, gathering valuable information without the user's knowledge.

To protect against this type of threat, online sellers and individuals should implement robust cybersecurity practices. These include regularly updating operating systems and software to patch known vulnerabilities, employing strong and unique passwords for all online accounts, and being cautious when opening email attachments or clicking on suspicious links.

Furthermore, it is crucial to educate employees and individuals about the risks of phishing attacks and social engineering techniques commonly used by cybercriminals. By raising awareness and promoting a security-conscious mindset, organizations can significantly reduce the likelihood of falling victim to such malware campaigns.

Security solutions, including robust antivirus and anti-malware software, should be installed and kept up to date to detect and mitigate any potential threats. Regular system scans should also be conducted to identify and remove any malicious files or software.

The discovery of this new information-stealing malware campaign serves as a reminder that cybercriminals are continuously evolving their tactics and targeting specific industries for financial gain. Online sellers, in particular, should remain vigilant and implement strong security measures to safeguard their valuable data and protect their customers from fraud and identity theft.


RBI Announces Draft Norms to Ensure Security of Payment System Operators


Reserved Bank of India (RBI), India’s central bank and regulatory body is all set to enhance the safety and security of digital payments amidst the raising cyber risks, the draft regulations for payment system operators (PSOs) announced on Friday.

The draft, Master Directions on Cyber Resilience and Digital Payment Security Controls for PSO, proposes a governance mechanism for the identification, analysis, monitoring, and management of cybersecurity risks.

RBI confirms that these norms will be implemented from April 1, 2024, for large non-bank-PSOs. For medium-sized non-bank PSOs, the norms will be implemented by April 1, 2026, as for the smaller ones, the deadline is April 1, 2028.

The key responsibility of the draft circular will be designated to a sub-committee of the board that must meet at least once every quarter.

"The PSO shall formulate a board-approved Information Security (IS) policy to manage potential information security risks covering all applications and products concerning payment systems as well as management of risks that have materialised," the draft note said.

“The directions will also cover baseline security measures for ensuring system resiliency as well as safe and secure digital payment transactions[…]However, they shall endeavour to migrate to the latest security standards. The existing instructions on security and risk mitigation measures for payments done using cards, Prepaid Payment Instruments (PPIs) and mobile banking continue to be applicable as hitherto,” the RBI noted.

What are the Draft Norms? 

As per the proposed norms, the PSO will define relevant key risk indicators (KRIs) to identify possible risk events and key performance indicators (KPIs) to evaluate the efficacy of security controls.

According to the RBI, the PSO must conduct cyber-risk assessment exercises pertaining to the launch of new products, services, and technologies along with initiating innovative changes in infrastructure or processes of existing products and services. The central bank is seeking feedback on the draft norms by June 30.

In order to manage potential information security risks involving all applications and products related to payment systems, the PSO has been asked to develop an Information Security (IS) policy that has been authorized by the board.

According to the proposed norms, the PSO was required to create a business continuity plan (BCP) based on several cyber threat scenarios, including the most unlikely but conceivable occurrences to which it might be subjected. To manage cyber security events or incidents, the BCP should be evaluated at least once a year and include a thorough response, resume, and recovery plan.

Moreover, a senior-level executive like the chief information security officer (CISO) will be in charge of implementing the information security policy and the cyber resilience framework as well as continuously reviewing the overall IS posture of PSO. According to the draft norms, the PSO must implement safeguards to keep its network and systems safe from external assaults.

The PSO must also implement a thorough data leak prevention policy to ensure the confidentiality, integrity, availability, and protection of business and customer information (both in transit and at rest), in accordance with the importance and sensitivity of the information held or transmitted.  

'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft


The United Arab Emirates has recently become a target of SMS campaigns that seek to deceive residents and extract their personal and payment information. This particular campaign, known as PostalFurious, initially targeted individuals in the Asia-Pacific region before expanding its reach to the UAE. It operates by impersonating postal services, using SMS messages to deceive unsuspecting victims into revealing sensitive data.  

The investigations carried out by Group-IB have linked both campaigns to a phishing ring called PostalFurious, known for its Chinese-speaking language. This group, active since 2021, possesses the capability to swiftly establish extensive network infrastructures, frequently changing them to evade detection by security systems. 

Additionally, the group employs access-control techniques to bypass automated detection and blocking mechanisms. Also, the evidence suggests that PostalFurious operates on a global scale, extending its activities beyond the Middle Eastern initiative under scrutiny. 

As part of this campaign, fraudulent SMS messages are being used to gather payment details by deceiving recipients into believing they need to pay fees for tolls and deliveries. The URLs included in these text messages direct individuals to counterfeit payment pages adorned with the logos and names of well-known postal service providers in the country. 

Since April 15 of this year, the scam SMS messages have been distributing shortened URLs that lead to counterfeit payment pages. Initially, the campaign impersonated a UAE toll operator, but on April 29, a new version was launched, this time mimicking the UAE postal service. Interestingly, the phishing domains for both versions were hosted on the same servers. The SMS messages were sent from phone numbers registered in Malaysia and Thailand, along with email addresses via iMessage. 

These pages illicitly request personal information, including names, addresses, and credit card details. Notably, the phishing pages can only be accessed from IP addresses located within the UAE, further targeting residents of the country. 

Anna Yurtaeva, a senior cyber investigation specialist at Group-IB's Digital Crime Resistance Center in Dubai, has confirmed that the group is exclusively targeting members of the public. Previously the group victimized users of Singapore and Australia

"They launch widespread SMS phishing campaigns, and we are aware of cases where messages have been sent to UAE residents who are not users of the services. From our analysis of the source code and infrastructure of the PostalFurious website, we see that the gang aims to steal payment credentials and personal data from victims," she said. 

Data Theft: Significance, Impacts, and Consequences 

The Significance of Data Theft: 

  • Primary Driver: Corporate data theft stems primarily from the pursuit of financial gain, accounting for a minimum of 86% of breaches. 
  • Exploiting Weaknesses: Attackers exploit security vulnerabilities by stealing and selling data to other malicious actors, maximizing their gains. 

Impacts on Businesses: 

  • Costly Breaches: Data breaches incur substantial costs, with the average breach exceeding $1.2 million in 2018, indicating a 24% increase from the previous year. 
  • Small Business Vulnerability: Smaller organizations with limited resources face heightened risks, as 60% of them go out of business within six months of an attack. 

Broader Consequences: 

  • Ransomware Extortion: Cybercriminals may hold an organization's data hostage, with paying the ransom not guarantee a resolution. 
  • Expensive Recovery: Data recovery and system patching post-breach entail significant expenses. 
  • Reputational Damage and Customer Loss: Data theft leads to customer attrition, while brands with a history of breaches struggle to attract new business. 
  • Legal Liabilities: Mishandling of data exposes companies to potential lawsuits from affected customers. 
  • Downtime and Reduced Productivity: Breaches render systems unusable, causing downtime and hampering employee productivity. 
  • Regulatory Penalties: Non-compliant organizations face substantial financial penalties for failing to meet security mandates. 
In a new development, it was discovered not only PostalFurious but there is also another campaign with a similar theme that has emerged. Referred to as "Operation Red Deer," is designed to specifically target Israeli engineering and telecommunications companies. The campaign involves a persistent stream of phishing messages that skillfully impersonate Israel's postal service, adding to the credibility of the attacks. These ongoing events highlight the need for robust mechanisms and quick responses. 

The Unintended Consequences of Netflix's Password Sharing Ban

Netflix Password Sharing Ban

Netflix's recent ban on password sharing may have initially appeared as a step forward for cybersecurity. However, emerging data suggest that this policy change has led some users to explore alternative streaming options on the Dark Web.

In addition to losing subscribers, Netflix inadvertently created a breeding ground for cybercriminals. This blog delves into the repercussions of the password-sharing ban, including compromised accounts sold at discounted prices and a surge in phishing attacks exploiting the confusion among users.

Netflix's Password Sharing Ban and its Fallout 

On February 8, Netflix implemented a new household policy in several countries, including Canada, New Zealand, Portugal, and Spain. The immediate backlash was severe, with over a million Spanish subscribers canceling their Netflix accounts by the end of the following month.

But where did these viewers turn to? Some opted for Dark Web offerings rather than mainstream alternatives like Hulu. Researchers from Check Point noted that the ban had created an ideal environment for cybercriminals, enticing former account holders with heavily discounted Netflix deals obtained through compromised user credentials.

Risks and Pitfalls in Dark Web Deals 

Hackers promoting "full access" to Netflix for a mere 190 Indian rupees (approximately $2.30 or €2.15) on Telegram channels caught the attention of cybersecurity experts. However, the discounts offered were too good to be true. 

Check Point researchers discovered instances where users either failed to gain access or had their permits revoked after a short period. These cybercriminals exploited the compromised accounts they had hijacked, leaving unsuspecting users disappointed and potentially susceptible to further cybersecurity threats.

Exploiting User Vulnerability: Phishing Attacks 

Taking advantage of the confusion and vulnerability among Netflix users, cybercriminals launched social engineering attacks. Phishing emails with deceptive subjects such as "Your suspension notification" or "Update required — Netflix account on hold" flooded inboxes, originating from email addresses impersonating Netflix. 

Omer Dembinsky, data group manager at Check Point Software, warned that users lured by these scams might unwittingly divulge their credentials on fraudulent websites, subsequently enabling attackers to resell their compromised accounts on the Dark Web.

The Unexpected Solution 

Ironically, the researchers from Check Point suggested that adhering to Netflix's new guidelines could help prevent the trafficking of secondhand Netflix accounts. They recommended that users implement the very measures that Netflix had previously criticized: restricting shared access to their accounts. 

While it remains uncertain whether Netflix's ban on password sharing will ultimately enhance or hinder security in the long run, this episode highlights the unintended consequences that businesses may face when implementing policy changes affecting their users.

Netflix's attempt to combat password sharing has inadvertently opened the door to cybercriminals and undermined user trust. The migration of disenchanted users to Dark Web offerings, coupled with an increase in phishing attacks exploiting the confusion, showcases the unintended consequences of this policy change. 

This scenario serves as a reminder to businesses that policy alterations can have unforeseen cybersecurity implications. As the dust settles, it remains to be seen whether Netflix's measures will indeed enhance security or inadvertently compromise it further.

Which Country Ranked the Highest in the Global National Privacy Test?


Apparently, it has turned out that what is known to be the world’s smallest country has also been named the most literate in terms of cybersecurity: Vatican City.

As per the National Privacy Test carried out by one of the most acclaimed VPN services, NordVPN, The Holy See topped, with eight other top ten nations all being European. On the world leaderboard, the UK came in at number 35.

NordVPN says the test is "designed to evaluate aspects of an individual's online life, including their understanding of cybersecurity in theory and their ability to recognize online threats and react accordingly."

European Countries Dominate

Vatican City respondents received 72 points in the test, the highest of any other country, according to data accumulated since 2020 with nearly 140,000 respondents from 192 countries answering to 20 questions. 

The residents "demonstrated an excellent awareness of digital risks and how to avoid them," notes NordVPN. However, the firm also criticized the residents’ digital habits, mentioning that they need to up their online services and privacy tools in order to maintain their security. 

The second place was secured by Finland, followed by the Czech Republic. As per the reports, when compared to Vatican City, both countries have poorer results in areas pertaining to the test, namely digital habits, digital privacy awareness, and digital risk. 

Status of the Non-European Countries 

Singapore was the only non-European country making it in the top ten, ranking seven with 69 points. The other Asian countries followed were Malaysia and the UAE, both scoring 67 points. Moreover, the US ranked 21st globally with a score of 67, leaving behind Canada in all the test aspects.

New Zealand took first place in the Oceanic region with 68 points, while Australia came in second with 63 points. New Zealand outperformed other nations in every category. Meanwhile, with 67 points, Brazil took first place in Latin America, two points ahead of its closest competitors, Argentina and Colombia. However, Colombia outperformed Argentina in terms of digital dangers (84 to 80) and behaviors (49 to 47).

Moreover, the global average score turned out to be 65, with respondents performing their best when identifying and avoiding digital dangers, scoring an average of 82 points. The average score for knowing how to avoid malware was 69 points, while only 47 points were awarded for knowing how to properly secure data utilizing privacy tools and internet services.  

What B2C Service Providers can Learn From Netflix's Accidental Model

 

Netflix made a policy error last month that might provide consumers with long-term security benefits. For other business-to-consumer (B2C) firms wishing to enhance client account security, this unintentional pro-customer safety action may serve as a lesson. 

On May 23, the streaming giant made its new "household" policy available to US consumers. Accounts will now be limited (with few exceptions) to a single Wi-Fi network and associated mobile devices. After months of stagnation and investor apprehension, it's a shot in the arm to treat the aftereffects of COVID and promote user growth. By banning the widespread practise of password sharing, the restriction may unintentionally enhance streamers' account security. 

"Sharing a password undermines control over who has access to an account, potentially leading to unauthorized use and account compromise," stated Craig Jones, vice president of security operations at Ontinue. "Once shared, a password can be further distributed or changed, locking out the original user. Worse yet, if the shared password is used across multiple accounts, a malicious actor could gain access to all of them. The practice of sharing passwords can also make users more susceptible to phishing and social engineering attacks."

With this new policy, Netflix is demonstrating how businesses may encourage or simply force its users to adopt better login practices, whether on purpose or not. However, changing client behaviour for the better isn't always as easy as it looks. 

Use of the gold biometric standard restricted for cloud services 

The mobile phone business is one area of tech that has long since found out how to assist users in logging in safely without sacrificing their experience.

Smartphone users have been selecting simple passcodes for years simply out of laziness or forgetfulness. When Apple debuted TouchID for the iPhone 5S in 2013, drawing inspiration from the Pantech GI100, things started to change. FaceID will soon make it even simpler for consumers to check in securely without slowing down anything, even if facial recognition technology wasn't nearly available at that point.

Even if biometric login is ideal, most businesses lack access to a ready-made solution, according to John Gilmore, head of research at DeleteMe.

"'Face unlock' on iPhones is an example of how this can be done in practice, but it is contingent on a specific device. For services which rely on users being able to access a service on multiple platforms, it is not yet feasible," he explained.

The main issue is that secure authentication frequently reduces usability when it comes to services. 

"Online services tend to resist implementing stronger security protocols because they see that it complicates the user experience. If you create a multistep barrier to entry, such as two-factor authentication (2FA), it is less likely people will actually engage with your platform," Gilmore added. 

Does this arrangement compel service providers to be clunky or unreliable? Experts argue against this. 

How to promote better account security behaviours

Both a carrot and a stick can be used for motivation. Epic Games, the maker of the online game Fortnite, is one business that has achieved success in the former. Epic developed new in-game awards for players who enabled two-factor authentication (2FA) on their accounts after a succession of security problems that affected thousands of the game's (sometimes very young) users. 

Never before have so many children "boogied down" over good internet behaviour! 

Consider Twitter as a case study in practise. Twitter said on February 15 that SMS-based 2FA would only be available to paid members. The decision was received with mixed feelings in the cybersecurity world because it seemed to discourage the usage of a crucial second layer of security, as explained by Darren Guccione, CEO and co-founder of Keeper Security. Although SMS 2FA is still an option, Twitter has switched to using the authenticator app or security key as the default for ordinary accounts. 

All of these instances show that businesses have a significant amount of control over how their customers interact with their security. All of these instances show that businesses have a significant amount of control over how their customers interact with their security.

In the end, Guccione says, "the ethical responsibility falls on the leaders of these companies to support and usher in changes that will ultimately protect their customers."

Cybersecurity Crisis: Anonymous Sudan Demands $3 Million from SAS Airlines

SAS Airlines cyber attack

Scandinavian Airlines (SAS) is currently facing a severe cybersecurity threat as the hacktivist group Anonymous Sudan continues its relentless distributed denial-of-service (DDoS) attacks. The group recently raised its ransom demand from an initial $3,500 to a staggering $3 million. These attacks have disrupted SAS's online services, prompting frustrated customers to voice their concerns about the airline's poor customer service.

The Growing Cyber Threat 

Anonymous Sudan, a hacktivist group with potential Russian connections, has been targeting SAS Airlines for several months. In their latest campaign, they have subjected the airline to a series of DDoS attacks, causing significant disruptions to SAS's website and mobile app. Initially demanding a small ransom of $3,500, the group has now increased its demand to $3 million. Shockingly, Anonymous Sudan has stated that the motive behind their attacks is to highlight the airline's poor customer service.

Customer Frustration and Social Media Outcry 

As a result of the ongoing cyber attacks, SAS customers have experienced difficulties accessing the airline's online services. Frustrated travelers have turned to social media platforms to express their dissatisfaction. Many have complained about the unavailability of the website and app, which has impacted their ability to check flight status, manage baggage claims, and obtain boarding passes. Customers are demanding answers from the airline, questioning the security of their personal information, and expressing their disappointment with the lack of transparency regarding the situation.

Anonymous Sudan's Motivation

Despite the name "Anonymous Sudan," it is unclear whether the hacktivist group actually originates from Sudan or has any direct affiliation with the country. Speculation suggests possible connections to Russia. Surprisingly, Anonymous Sudan has not cited any political motivations for their attacks on SAS. Instead, they claim to be targeting the airline due to its inadequate customer service. The group has expressed a willingness to intensify their attacks until their demands are met, as evidenced by their significant increase in ransom amount.

Impacts on SAS Airlines 

SAS Airlines, one of Scandinavia's leading carriers, has suffered significant disruptions as a result of the ongoing cyber attacks. With its website and mobile app intermittently going offline, the airline has apologized for technical difficulties but has not provided specific details about the cause. Anonymous Sudan's relentless campaign has further exacerbated the situation, leading to frustrated customers and a growing negative sentiment surrounding SAS's ability to deliver satisfactory customer service.

Scandinavian Airlines' ongoing battle with Anonymous Sudan highlights the increasing threat of cyber-attacks faced by companies in the aviation industry. The hacker group's demand for a $3 million ransom serves as a reminder of the potential financial and reputational damage that cybercriminals can inflict. SAS Airlines must prioritize the security of its online infrastructure and customer data to mitigate future risks. Additionally, enhanced customer service measures are necessary to restore trust and ensure a seamless experience for travelers.

Fraudsters Target Kolkatans With Message-Forwarding Software

 


As online financial transactions became simpler and easier to conduct, the number of fraudulent transactions involving digital financial transactions also increased. Taking advantage of the increased sophistication of the fraudsters does not seem to be a problem. Cybercriminals, especially those inexperienced with financial transactions, have slowly begun using other platforms to dupe naive and gullible people after phishing and lottery scams.

Another way fraudulent activity is being carried out by fraudsters is by sending links via text messages to Kolkatans who are being targeted by them. The links on the website are the ones that notify users that a substantial amount has been credited into the accounts of these players. 

The police said that if one clicks on such a link to claim the money, the entire amount of funds may be transferred from the victim's account to the fraudsters' account and they will not even require them to share any OTP as part of the fraud. 

The UPI platform is used for several fraud types. Neither of these is a result of UPI problems but rather a consequence of deceptions by criminals. 

Analysts call it APK fraud as victims are tricked into downloading APK files that compromise their phones. This is done by clicking links sent by fraudulent parties to download APK files.  

An APK file download will result in an SMS-forwarding application being installed on the device and it will divert all incoming text messages to another number, so the victim isn't alerted when the money is debited from his or her account because the SMS will be forwarded to another number. According to an officer at the Lalbazar cyber cell, an SMS alert isn't received by the victim. 

There is a new method of gaining remote access to the phones of their victims that has become a weapon of choice for fraudsters. According to the officer, the scammers are claiming in their fake message to have received a large amount credited to their gaming account. 

It was reported by the Calcutta Telegraph that some Calcuttans who have been contacted had received messages saying: "Hi 9830xxxxx9 (mobile number of the recipient), The transaction of Rs 96793 has been completed to your (the name of the online gaming app). "

According to the police, victims of fraud never realize how they were cheated because they had never given their personal identification number to anyone else before being duped. 

According to a senior police officer, unlike other fraud attacks that are sent from random phones and do not address the recipient directly, the messages sent as part of the APK scam target specific individuals and are customized to them. 

There was a time when text messages were sent randomly, but that has changed. There is one thing though, the officer said, that makes it look authentic and trustworthy to be sending these messages to someone, and that is the phone number of the person to whom the message is addressed. 

In the immediate aftermath of clicking the link in the message, the recipient will see two attachments appear on his or her screen.

If the first attachment is clicked, a screen-sharing application will be silently installed on the phone and will allow fraudsters to gain direct access to the phone. A second attachment, if clicked, triggers the installation of an SMS forwarding product in the person's phone so that if fraudsters are using this software to carry out transactions on our bank account, the person will not receive any text messages from their bank, the officer explained.

According to Assistant Commissioner Atul V., their top priority area is creating awareness among their officers about the APK fraud, which has been a major problem for some time. 

Moreover, a cyber expert told that the APK fraud program is designed to make it difficult for the police to track down the fraudsters through the link in the message if a victim reports such a matter to the authorities. This is because the link in the message is active for a short period. 

Several people have been scammed in this way by sending text messages with spurious links. The sender then asks them to click on the link. A browser on the computer after a certain period will only be redirected to a popular search engine if you click on the link after that time. This means that the links remain active for only a few hours, if that long, then even the law-enforcement agencies will have no way to track the APK files or the transactions that have taken place after that explained a cyber expert in Kolkata.

Harvard Pilgrim Health Care Hit by Ransomware Attack

 

Harvard Pilgrim Health Care, one of the largest health insurance providers in the United States, has recently experienced a major ransomware attack that has affected approximately 2.5 million individuals. The incident has raised serious concerns about data security and the potential risks to sensitive personal information.

The attack was first detected in early April when unauthorized activity was identified on the organization's systems. Upon investigation, it was revealed that the attackers had gained unauthorized access to sensitive data, including names, Social Security numbers, dates of birth, and health insurance information.

Harvard Pilgrim Health Care promptly launched an internal investigation and engaged leading cybersecurity experts to mitigate the impact of the attack and strengthen its security measures. The company has assured affected individuals that it is taking immediate steps to secure the compromised data and prevent any further unauthorized access.

In response to the incident, Harvard Pilgrim Health Care has also notified the affected individuals and is offering them complimentary credit monitoring and identity theft protection services. This is a crucial step to help mitigate the potential risks that arise from the exposure of personal information.

The breach has been reported to the U.S. Department of Health and Human Services Office for Civil Rights (OCR), as required by federal regulations. The OCR breach report provides an overview of the incident, the number of individuals affected, and the steps taken by Harvard Pilgrim Health Care to address the breach and protect affected individuals.

This incident serves as a stark reminder of the persistent threats posed by ransomware attacks in the healthcare sector. Cybercriminals continue to target healthcare organizations due to the vast amount of valuable personal and medical information they hold. The consequences of such attacks can be far-reaching, potentially compromising patient privacy, disrupting healthcare services, and causing financial harm to both the affected individuals and the organization.

In light of this incident, it is essential for healthcare organizations to reevaluate and reinforce their cybersecurity measures. Robust security protocols, including regular system audits, employee training on recognizing and reporting suspicious activities, and continuous monitoring of network systems, are crucial in combating these evolving cyber threats.

The Harvard Pilgrim Health Care ransomware outbreak highlights the urgent need for heightened awareness and investment in cybersecurity throughout the healthcare industry. Healthcare providers, insurers, and companies managing sensitive information should prioritize safeguarding patient data and upholding people's trust.

Here's How Script Kiddies are Targeting Internet Users Worldwide

 

Most people have an image of hackers in their minds. In our minds, imagery from motion pictures depicting skilled cybercriminals breaking into guarded networks practically instantly while typing at breakneck speeds come to mind. These are not Script kids, even though many real-life versions of these hackers are capable of some amazing and terrifying things. 

Script kids, often known as skiddies or skids, are amateur hackers and programmers who target networks and internet users with scripts and other programmes created by more experienced hackers and programmers. They may not be as adept as genuine hackers, but they have a lot of power and may cause a lot of harm. Find out here how to avoid script kids and how to be safe online. 

The script kiddies: Who are they?

The name speaks for itself. Script kiddies are persons who don't know how to programme and launch cyber attacks using other people's software. They are frequently kids or young adults. They frequently even utilise these programmes without realising their purpose or how they operate.

Children getting their first computer are an example of typical situations. They decide to become hackers after seeing a movie or television show about hacking. To learn how to turn the programme into a weapon, they might explore forums and perhaps look through a few tutorials. Once they have it on their targets, they will find a method to unleash it. 

Software exploitation against users

In order to target specific websites and users, script kids use the free and open-source software available on the internet. To launch DDoS attacks, for instance, they could utilise software meant for forensics or security. The damages and missed earnings might total thousands of dollars. 

Through the use of pen-testing apps or the planting of malware, script kids can also gain access to private networks. They are also keen on developing social engineering frauds. The extent of their capabilities truly doesn't extend beyond this. 

Do script kiddies pose a greater threat than real hackers? 

Yes and no. However, script kids are erratic, but real hackers can certainly cause far more damage if they so choose. Businesses, governments, or even hospitals are common targets for hackers that have specific goals in mind. The only thing script kids may have against you is a personal grudge. And to make matters worse, they can specifically target you based on information they have about you, such as your residence and place of employment.

You need to take digital security seriously, whether you're a hacker or a script kiddie. Only these two categories of cybercriminals exist. Other dangers like botnets, cyber terrorists, and simple con artists haven't even been mentioned yet.

Prevention tips

The online world can be a terrifying place because of thieves, script kiddies, hackers, and other bad actors. But a few straightforward, low-cost cybersecurity techniques and tools can make a significant difference in enhancing safety. 

You must first get a VPN. Your IP address is hidden, and your internet connection is encrypted when you use a VPN, or virtual private network. Your security and privacy have been increased as a result. Both hackers and script kids, who frequently utilise IP addresses to monitor user activities, are effectively stopped by it. 

Enabling a VPN whenever you connect to the internet is the best method to use one. Additionally, VPNs can help you get around content limitations and hide your browsing information from ISPs and network administrators. 

It's also a good idea to increase the security of your network, account, and devices. Make sure that all devices have secure passwords and PINs that are immediately required whenever you restart, shut down, or are inactive for more than two minutes or close the screen.

Use complex passwords to increase the security of your accounts. Consider using a password manager to store those complicated passwords in a secure digital vault. Not to mention fingerprint or facial recognition locks, two-factor authentication, and other security measures. 

Finally, you must strengthen the security of your network, especially your company network. Start with WEP encryption and a strong password. A variety of network security and monitoring tools should be researched and used. For instance, firewalls are excellent and successful at controlling network traffic. Programmes that track and obstruct attempts at authorised access are also available.

Most CEOs Increasingly Prioritise Cybersecurity Over Economic Performance

 

In accordance with a new survey from Palo Alto Networks, an increasing proportion of CEOs are realizing that cyberattacks pose a greater existential danger than economic instability. 

Palo Alto Research discovered, based on a poll of 2,500 CEOs from the United Kingdom, Germany, France, Brazil, and the United Arab Emirates (UAE), that CEOs fear what they don't know, and many don't even believe they are accountable for their organization's cybersecurity posture. 

However, this has not resulted in a loss of confidence, since the majority of respondents say they are well-prepared for a cyberattack situation. According to the report, 51% of CEOs believe that as the dangers of cyberattacks increase, their capacity to keep their companies' endpoints secure keeps them awake at night.

According to the report, 51% of CEOs believe that as the dangers of cyberattacks increase, their capacity to keep their companies' endpoints secure keeps them awake at night. 

However, the vast majority believe they are well-equipped. Almost four in five (78%) are confident in their (full and tested) strategies for threat protection and recovery, and 74% believe their companies can quickly react to evolving threats. Simultaneously, only one-third (36%) would collaborate with an incident response team in the event of an attack, and 34% would pay the ransom in the event of a ransomware attack.

Cybersecurity experts and law enforcement agencies strongly oppose paying the ransom and instead recommend using backup options. Paying the ransom demand does not guarantee that the firm will receive its data back, nor does it guarantee that it will not be attacked (either by the same or a completely other threat actor) as soon as tomorrow. They are merely worsening the problem by sponsoring future ransomware activities. Nonetheless, many businesses do so because it is the quickest way to restore operations.

PyPI Enforces the Usage of Two-factor Authentication for All Software Publishes

 

The Python Package Index (PyPI) has stated that by the end of the year, every account that maintains a project on the system will be compelled to enable two-factor authentication (2FA). PyPI is a software repository for Python programming language packages. 

The index contains 200,000 packages, allowing developers to identify existing packages that meet specific project needs, saving time and effort. The PyPI team said the decision to make 2FA required for all accounts is part of their long-term commitment to strengthening platform security, and it supports earlier steps such as barring compromised credentials and enabling API tokens.

The reduced danger of supply chain assaults is one advantage of 2FA protection. These attacks occur when an intruder obtains authority over a software maintainer's account and installs a backdoor or malware to a package that is used as a dependency in other software projects.

Depending on the popularity of the product, such attacks may affect millions of people. While developers are responsible for thoroughly checking the building components of their projects, PyPI's measures should make it easier to avoid this type of issue.

Furthermore, in recent months, the Python project repository has been plagued by frequent virus uploads, famous package imitations, and the re-submission of dangerous code using hijacked identities.

The problem became so severe that PyPI was forced to temporarily halt new user and project registrations last week until an adequate defense solution could be designed and implemented. 2FA protection will help to lessen the problem of account takeover attempts, and it should also limit the number of new accounts a suspended user may create in order to re-upload dangerous packages. The deadline for implementing 2FA on all project and organization maintainer accounts is the end of 2023.

In the next months, impacted customers should prepare for and implement the additional security precaution, which may be accomplished using either a hardware key or an authentication app.

“The most important things you can do to prepare are to enable 2FA for your account as soon as possible, either with a security device (preferred) or an authentication app, and to switch to using either Trusted Publishers (preferred) or API tokens to upload to PyPI.” - PyPI

In accordance to the PyPI team, the preparatory work performed in previous months, such as introducing 'Trusted Publishing,' combined with parallel initiatives from platforms such as GitHub that have helped developers familiarise themselves with 2FA requirements, make this year an ideal time to introduce the measure.

The Challenges with Passkeys: Addressing Limitations

Passkeys have become a popular method for authentication, offering an alternative to traditional passwords. However, despite their advantages, there are several key issues that need to be addressed. This article explores the problems associated with passkeys and the need for further improvements in authentication methods.

Passkeys, often referred to as passwordless authentication, aim to provide a more convenient and secure way to access accounts and devices. Unlike passwords, which can be forgotten, stolen, or easily guessed, passkeys utilize unique characteristics of the user's device, such as biometrics or hardware-based keys, to grant access.

One of the primary concerns with passkeys is their reliance on specific devices or platforms. For instance, a passkey that works on an Android device might not be compatible with an iOS device or a different operating system. This lack of cross-platform compatibility limits the usability and convenience of passkeys, as users may need multiple passkeys for different devices or services.

Additionally, passkeys are vulnerable to potential security risks. While they eliminate the need for passwords, which are often weak and prone to hacking, passkeys are not immune to threats. If a passkey is compromised, it could lead to unauthorized access to the associated account or device. Furthermore, if the passkey is stored insecurely, such as in the cloud or on an easily accessible device, it could be accessed by malicious actors.

Another challenge is the adoption and support of passkeys across various platforms and services. Although major tech companies like Google have introduced passkey support, it requires widespread adoption from service providers and developers to offer a seamless experience for users. If passkey support remains limited, users may still need to rely on traditional password-based authentication methods.

To address these issues, further advancements in passkey technology and authentication methods are necessary. First and foremost, there should be greater collaboration between tech companies and service providers to establish standardized protocols for passkey implementation. This would enable interoperability across different platforms, making passkeys more accessible and user-friendly.

Enhancing the security of passkeys is also critical. Additional layers of protection, such as multi-factor authentication, can be integrated with passkeys to add an extra level of security. This could include biometric verification, device attestation, or behavioral analysis to ensure the legitimacy of the user.

Furthermore, educating users about the importance of passkey security and best practices is crucial. Users need to understand the risks associated with passkeys and be encouraged to store them securely, preferably using hardware-based solutions or secure vaults.

Chinese-Sponsored Hacking Group Targeting Critical U.S. Infrastructure, Microsoft Claims

 

The employment of hackers to gather intelligence data is prevalent in practically every nation on earth. Intelligence organisations like the Fancy Bear and Equation Group are used by both the US and Russia. 

Microsoft Corp. stated last week that Volt Typhon was "pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises." Concern over the relationship between China and the US on Taiwan immediately arose after this statement. Pacific-wide cyberattacks may result from disputes between the US and China.

What precisely is a Volt Typhoon? 

A suspected hacker organisation goes by the name of "Volt Typhoon." The gang is thought to have China's support. The Volt Typhoon is reported to be capable of both digital sabotage and intelligence gathering. 

Is the Volt Typhoon a genuine threat to the infrastructure of the United States, or is it merely a new network of digital spies? 

Potential threats 

The American infrastructure is thought to be seriously threatened by the Volt Typhoon. The following are potential risks to the group: 

Espionage concerns: Spying is a concern for experts. In the midst of tensions over Taiwan, experts believe Volt Typhoon is a group of hackers ready to attack the American infrastructure. 

The assessment of Microsoft is given a "moderate confidence" rating, which denotes that the idea is plausible and backed by reliable sources but is not yet fully supported. Few experts believe there is any proof of sabotage planning, despite the fact that many researchers have discovered and evaluated the group's many elements.

According to Marc Burnard and Secureworks, the Volt Typhoon currently appears to be designed to steal data from organisations that hold information about the U.S. government or military.

Volt Typhoon is known as the "Bronze Silhouette" by Secureworks, and according to Marc Burnard, its primary function is espionage. 

Sneaky storm: Almost all cyber spies try to hide their tracks; Microsoft and other analysts believe Volt Typhoon was a quiet operator who camouflaged its activity by passing it through hijacked network equipment such as residential routers. These are well-planned wiped proof of intrusion from the victim's logs. 

China, on the other hand, has consistently denied any involvement in the Volt Typhoon cyberattack. However, Beijing has been preparing documentation of cyberespionage efforts for more than two decades. Spying has become a major emphasis in the recent decade, since Western experts have linked breaches to specific units of the People's Liberation Army. US law enforcement has indicted a slew of Chinese operatives with eavesdropping on US secrets. 

According to Secureworks in a blog post, the Volt Typhoon's interest in operational security may stem from the US claims, as well as increased pressure from Chinese leaders to refrain from scrutinising cyberespionage acts. 

Mitigation tips

In line with Microsoft's research on Volt Typhoon, spotting an activity that exploits standard sign-in channels and system binaries necessitates behavioural monitoring, and remediation necessitates shutting or resetting credentials for compromised accounts. In these circumstances, Microsoft recommends that security operations teams investigate the activities of compromised accounts for any dangerous actions or exposed data.

The Future of Data Security: Staying Ahead of AI Threats

 

Data security is an ongoing concern as technology continues to advance, and one of the emerging challenges is staying ahead of artificial intelligence (AI) in the realm of cybersecurity. As AI technologies evolve, so do the threats they pose to data security. It is crucial for organizations to understand and anticipate these risks to ensure they can effectively protect their valuable data assets.

AI-powered attacks have the potential to be highly sophisticated and evasive, making traditional security measures less effective. Attackers can leverage AI algorithms to automate and optimize their malicious activities, allowing them to breach defenses and exploit vulnerabilities more efficiently than ever before. To counter these threats, organizations must adopt proactive and adaptive security strategies that can keep pace with AI-driven attacks.

One key aspect of staying ahead of AI in data security is leveraging the power of generative AI for defense. Generative AI can be used to create realistic simulated environments that mimic real-world scenarios, enabling organizations to simulate and identify potential security vulnerabilities and test the effectiveness of their security measures. Using generative AI, organizations can proactively identify and address weaknesses in their defenses, reducing the risk of successful attacks.

Another critical factor in staying ahead of AI is continuous monitoring and analyzing network traffic and data patterns. AI-powered tools can be deployed to detect anomalies and suspicious activities in real time, allowing organizations to respond swiftly to potential threats. Machine learning algorithms can learn from past incidents and adapt to new attack vectors, improving their ability to detect and prevent emerging threats.

Furthermore, collaboration and information sharing among organizations and cybersecurity professionals are vital in the battle against AI-powered attacks. Threat intelligence platforms and sharing initiatives enable organizations to exchange information about the latest threats and attack techniques. By pooling resources and knowledge, the cybersecurity community can collectively stay ahead of evolving threats and develop effective countermeasures.

However, it is important to strike a balance between data security and privacy. With the increased adoption of AI technologies, concerns about privacy and the ethical use of data have come to the forefront. Organizations must ensure that they adhere to strict data privacy regulations and implement robust safeguards to protect sensitive information while leveraging AI for security purposes.




Three Ways AI-Powered Patch Management is Influencing Cybersecurity's Future

 

Approaches to patch management that aren't data-driven are breaches just waiting to happen. Security teams delay prioritising patch management until a breach occurs, which allows attackers to weaponize CVEs that are several years old.

More contextual knowledge about which CVEs are most vulnerable is now a part of the evolving cyber attacker tradecraft. As a result, unsecured attack surfaces with exploitable memory conflicts are left behind when patch management is done manually or endpoints are overloaded with agents. 

Attackers continue to hone their skills while weaponizing vulnerabilities with cutting-edge methods and tools that can elude detection and undermine manual patch management systems.

Up to 71% of all detections indexed by the CrowdStrike Threat Graph, according to CrowdStrike's 2023 Global Threat Report, are caused by intrusive activities without the use of malware. Security flaws that had not yet been patched were at blame for 47% of breaches. Remediating security vulnerabilities manually is done by 56% of organisations. 

Consider this if you need any additional evidence that relying on manual patching techniques is ineffective: 20% of endpoints are still not up to date on all patches after remediation, making them vulnerable to breaches once more.

A prime example of how AI can be used in cybersecurity is to automate patch management while utilising various datasets and integrating it into an RBVM platform. The most advanced AI-based patch management systems can translate vulnerability assessment telemetry and rank risks according to patch type, system, and endpoint. Nearly every vendor in this sector is advancing AI and machine learning quickly due to risk-based scoring.

When prioritising and automating patching operations, vulnerability risk rating and scoring based on AI and machine learning provide the knowledge security teams need. The following three examples highlight how AI-driven patch management is revolutionising cybersecurity: 

Real time detection 

To overpower endpoint perimeter-based protection, attackers rely on machine-based exploitation of patch vulnerabilities and flaws. Attack patterns are identified and added to the algorithms' knowledge base via supervised machine learning techniques that have been trained on data. As a result of the fact that machine identities now outweigh human identities by a factor of 45, attackers look for vulnerable endpoints, systems, and other assets that are not patched up to date.

In a recent interview, Ivanti's Mukkamala described how he sees patch management evolving into a more automated process with AI copilots supplying more contextual intelligence and forecast accuracy. 

“With more than 160,000 vulnerabilities currently identified, it is no wonder that IT and security professionals overwhelmingly find patching overly complex and time-consuming,” Mukkamala explained. “This is why organizations need to utilize AI solutions … to assist teams in prioritizing, validating and applying patches. The future of security is offloading mundane and repetitive tasks suited for a machine to AI copilots so that IT and security teams can focus on strategic initiatives for the business.” 

Automating remediation decisions 

Machine learning algorithms continuously analyse and learn from telemetry data to increase prediction accuracy and automate remediation decisions. The quick evolution of the Exploit Prediction Scoring System (EPSS) machine learning model, developed with the combined knowledge of 170 professionals, is one of the most exciting aspects of this breakthrough field.

The EPSS is designed to aid security teams in managing the rising tide of software vulnerabilities and spotting the most perilous ones. The model now in its third iteration outperforms earlier iterations by 82%. 

“Remediating vulnerabilities by faster patching is costly and can lead astray the most active threats,” writes Gartner in its report Tracking the Right Vulnerability Management Metrics (client access required). “Remediating vulnerabilities via risk-based patching is more cost-effective and targets the most exploitable, business-critical threats.” 

Contextual understanding of endpoint assets 

Another noteworthy aspect of AI-based patch management innovation is the speed with which providers are enhancing their usage of AI and machine learning to discover, inventory, and patch endpoints that require updates. Each vendor's approach is unique, but they all strive to replace the outmoded, error-prone, manual inventory-based method. Patch management and RBVM platform suppliers are rushing out new updates that improve prediction accuracy and the capacity to determine which endpoints, machines, and systems need to be patched.

Bottom line

The first step is to automate patch management updates. Following that, patch management systems and RBVM platforms are integrated to improve application-level version control and change management. Organisations will acquire more contextual information as supervised and unsupervised machine learning algorithms assist models discover potential abnormalities early and fine-tune their risk-scoring accuracy. Many organisations are still playing catch-up when it comes to patch management. To realise their full potential, organisations must leverage these technologies to manage whole lifecycles.

Netwrix Reports: Enterprises Experience More Cyber Security Incidents Than Smaller Organizations


Cybersecurity company Netwrix, that makes data security simple, has revealed further findings for the enterprise sector (organizations with more than 1,000 workers) in its recent annual global 2023 Hybrid Security Trends Report.

As per the reports, around 65% of the companies surveyed in the enterprise sector experienced a cyberattack in the previous 12 months, which is very identical to the figure of 68% of businesses of all sizes. Some of the most frequently occurring cyber security incidents includes phishing, ransomware and user account invasions.

However, larger firms are more frequently the target of ransomware or other malware attacks: 48% of enterprises reported such a security incident on site, compared to 37% of all organizations. In the cloud, malware attacks are less frequent with only 21% of respondents in the enterprise sector reported having encountered one in the previous year.

In regards to this, Dmitry Sotnikov, Vice-President of Product Management at Netwrix says “It is no surprise that the enterprise sector suffers malware attacks at a higher rate than smaller organizations. After all, ransomware operators want to maximize their profits, so they consider which organizations are most able to pay a ransom to reduce business downtime — and the larger an organization is, the costlier an operational disruption will be[…]On the other hand, larger organizations have more tools to spot the attack that might stay unnoticed for SMBs. In addition, enterprises have bigger infrastructure with more endpoints that statistically increases the chance of the security incident.”

Moreover, it has also been reported by the enterprise sector that, in comparison to their small peers, they claims higher costs as a result of cyberattacks. In fact, 28% of businesses reported that cyberthreats had cost them $50,000 or more in lost revenue, compared to just 16% of all organizations.

Dirk Schrader, Vice-President of Security Research at Netwrix says, "Smaller companies often underestimate their risk of attack, reasoning that cybercriminals tend to target enterprises because they store more intellectual property (IP) and other sensitive data. But our survey shows that organizations suffer cyberattacks with a similar frequency regardless of their size[…]Every organization has valuable data, such as customer and employee information, and is therefore a target for attackers. What's more, SMBs are not only a target on their own but as a way into the larger enterprises that consume their services."  

How is 3-2-1 Backup Policy now Out-dated?


With the growing trend of ransomware attacks, it has become important for individuals and organizations to adopt efficient backup policies and procedures.

According to reports, in year 2022 alone, around 236.1 million ransomware attacks have been detected globally. Cyber criminals have evolved into using innovative tactics malware, cryptography and network infiltration to prevent companies from accessing their data. As a result of these emerging ransomware attacks, companies are required to strengthen their security and data backup procedures which compel companies to financial constrains in exchange for the release of their systems and backups.

Current Status of Backups

Systems compromised with ransomware can be swiftly restored with the right backups and disaster recovery techniques, thwarting the attackers. However, Hackers now know how to lock and encrypt production files while simultaneously deleting or destroying backups. Obviously, their targets would not have to pay the ransom if they can restore their computers from backups.

Conventional The 3-2-1 Backup Policy

The 3-2-1 backup policy has been in place for many years and is considered the "gold standard" for guaranteeing the security of backups. Three data copies must be produced utilizing two different types of storage media, with at least one backup occurring offsite. The backup should ideally also be immutable, which means that it cannot be deleted, altered, or encrypted within the time period specified.

The "two diverse media" has typically indicated one copy on traditional hard drives and the other copy on tape for the past 20 years or so. The most popular methods for achieving immutability involved physically storing the tape in a cardboard box or destroying the plastic tab on the tape cartridge, which rendered the tape unwritable. While most often done by replicating the backup files between two company data centers to create the offsite copy.

Growing Popularity of Cloud Security

The cloud has grown in popularity as a place to store backups in recent years. Since its launch, the majority of businesses have reconsidered the conventional 3-2-1 policy. The majority of firms are using a mixed strategy. Backups are first sent to a local storage appliance because the cloud has a limited amount of bandwidth, which is typically faster than backing up directly to the cloud. In the same way, restoring from backups works. Always, restoring from a local copy will be quicker. However, what if the local backup was deleted by the hackers? in that case, one may have to turn to the copy stored in the cloud.

Today, the majority of cloud storage providers offer "immutable" storage, which is secured and cannot be changed or deleted. You actually need this immutability to prevent hackers from eliminating your backups. Additionally, since the cloud is always "off-site," it satisfies one of the key demands of the 3-2-1 backup scheme. one may still have the cloud backup even if there is a fire, flood, or other event that damages the local backup. People no longer see a need for two different types of media, especially the third copy. 

Replicating the cloud copy to a second cloud site, preferably one that is at least 500 kilometers away, is the practice used most frequently nowadays. The two cloud copies ought to be immutable.

In comparison to on-premises storage systems, cloud storage providers typically offer substantially higher levels of data durability. Amazon, Google, Microsoft, and Wasabi have all chosen the gold standard of 11 nines of durability. If you do the arithmetic, 11 nines of durability indicates that you will statistically lose one object every 659,000 years if a user offers you one million objects to store. Because of this, you never hear about cloud storage providers losing client information. 

The likelihood of losing data due to equipment failure is nearly zero if there are two copies spread across two distinct cloud data centers. The previous requirement of "two different media" is no longer necessary at this level of durability.

Moreover, alongside the added durability, the second cloud copy considerably improves backup data availability. Although the storage system may have an 11-nine durability rating, communications issues occasionally cause entire data centers to fall offline. A data center's availability is typically closer to 4 nines. If one cloud data center goes offline, one can still access their backups at the second cloud data center since they consist of two independent cloud copies. 

One may anticipate that the local copy will be lost during the course of a ransomware attack, thus they would be depending on cloud restoration. A company may as well shut down until the backups are accessed if the cloud goes offline for any reason. This thus makes two having two cloud copies a good investment.