Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Vulnerabilities. Show all posts
KnownBe4
AI Ransomware AI Threat Cyber Attacks Cyber Vulnerabilities CyberCrime Cybersecurity CyberThreat KnownBe4

Cybercrime Syndicate Escalates Global Threat Levels

 


During a time when global cybersecurity is experiencing rapid evolution, malicious actors are also employing new methods to accomplish their goals. As part of International Anti-Ransomware Day, leading cybersecurity company KnowBe4 is announcing a critical warning about a looming threat that could change the face of cyberattacks - agentic AI-powered ransomware. 

It has been predicted by KnowBe4, known for its comprehensive approach to human risk management, that a new wave of cyber threats dominated by autonomous artificial intelligence agents is just around the corner. This type of AI-enabled ransomware, referred to as the "agent AI ransomware," is designed to carry out every phase of the ransomware attack independently, with an increased degree of speed, precision, and adaptability. 

The agentic AI ransomware platform deploys intelligent bots capable of automating all aspects of an attack lifecycle, as opposed to traditional ransomware attacks, which typically follow a linear and often manual process. In addition to gaining access to systems, these bots have the capability of performing sophisticated environmental analyses, detecting vulnerabilities and then executing a series of escalating attacks, all in the hope that cybercriminals can maximise the financial gains they can make. 

Increasingly sophisticated and automated cyber attacks are not only allowing criminals to expand their reach and scale but are also shrinking the response window at the preemptive level for defenders to respond. This warning comes at a time when the demand for and payouts of ransomware have surged dramatically in recent years. 

A report released by the International Anti-Ransomware Day in 2024 highlights the alarming increase in ransom payments resulting from such attacks worldwide, which are increasingly affecting organisations around the world. During this year's International Anti-Ransomware Day, which is marked annually to raise awareness about the devastating effects of ransomware and promote cyber hygiene practices, enterprises as well as individuals are reminded to strengthen their cyber defences to prevent the spread of such infections. 

There is no denying that artificial intelligence remains a double-edged sword in cybersecurity, and it is imperative to take proactive measures, train employees, and use adaptive technologies to combat this danger. Recently, several of the country's most iconic retailers have been the victim of sophisticated ransomware campaigns carried out by a cybercriminal group known as DragonForce, which has been troubling in this respect. Several high-profile companies were reported to have been compromised, including Co-Op, Harrods, and Marks & Spencer — all of which had suffered serious data breaches involving the theft and encryption of sensitive customer data. 

Although the ransom demands haven't been disclosed yet, there are urgent concerns regarding the identity of this emerging threat actor and how they are executing these attacks. As a result of recent law enforcement operations that led to the arrests of five suspected members of the notorious cybercrime group known as Scattered Spider, researchers believe DragonForce is connected with Scattered Spider, which has been under increased scrutiny.

According to experts at Check Point Research, DragonForce is a ransomware cartel that began operating in late 2023 and is now referred to as a “ransomware cartel.” There has been speculation that the group's origins go back to Malaysian hacktivist collectives, but since then, the group has grown into an extremely organised cybercriminal organisation. As part of DragonForce's ransomware-as-a-service (Raas) business model, the company provides malicious tools to affiliates in exchange for a share of the ransom, usually around 20% of the ransom. 

By utilising this model, cybercriminals of all levels can create customised ransomware attacks, regardless of their technical skill level. Moreover, this group also facilitates the creation of data leak websites, which are used when attackers want to publicly disclose stolen information when victims don't want to pay their ransoms. As a result of offering an anonymised approach, operational flexibility, and a promise of a high level of financial return, DragonForce has evolved into one of the most effective ways to perpetrate digital extortion on a global scale. 

There is still a lot going on after the DragonForce ransomware attacks, with Co-op confirming that cybercriminals were able to access a considerable number of its members' personal data. While the company has previously maintained that the incident would only have a relatively minor effect on all aspects of its operations and that proactive cybersecurity measures are in place to guard against such threats, the scale and nature of the breach appear to be greater than initially expected. 

It is important to note that despite reassurances from Co-op that no customer data has been compromised, concerns remain elevated amid the attackers' claims that they have been able to obtain the personal information of up to 20 million people linked with its membership scheme, a figure that has been rejected by the company as inaccurate. There have been several claims by the threat actors behind this attack, operating under the alias DragonForce, for an ongoing attack on Marks & Spencer as well as an attempted intrusion into Harrods' systems. 

One of the striking revelations the hackers made was when they shared screenshots with the media outlet. This screenshot shows them contacting the COOP's head of cybersecurity via an internal communication platform on April 25, suggesting an alarming level of access and coordination that hasn't been reported before. It has been widely reported that senior government officials have urged businesses to make cybersecurity a top priority in response to the wave of attacks on major retailers. 

A major emphasis of Minister Pat McFadden's speech was that digital resilience was of paramount importance, stating that the complexity and frequency of such threats require constant vigilance across both the public and private sectors to protect against them. According to cybersecurity experts, organisations should strengthen their digital defences in light of recent attacks attributed to DragonForce and its suspected affiliate Scattered Spider.

In a recent announcement, Google's Mandiant cyber intelligence division has issued a series of strategic recommendations aimed at helping companies that are at risk of intrusions to mitigate those risks. As part of the recommendations, Mandiant highlights enhanced training for helpdesk personnel, often exploited through social engineering tactics as entry points for threat actors. 

Mandiant emphasizes also the necessity of implementing strong, multi-factor authentication protocols and maintaining comprehensive visibility across all IT environments, and underscores the importance of implementing strong, multi-factor authentication protocols. It notes that these measures are essential for identifying and neutralising threats before they grow into a full-scale ransomware attack, as the firm notes.

As cybercriminals are becoming increasingly sophisticated and persistent in exploiting human and technological vulnerabilities to breach even the most secure organisations, this guidance reflects growing concerns about cybercrime. Several facts have emerged regarding the Co-op data breach, and as these facts become more and more apparent, the severity of the cyberattack orchestrated by DragonForce has become increasingly evident as time goes by. 

Several members of Co-op’s executive committee are alleged to have been contacted by the hackers to escalate their extortion efforts. According to the hackers, they obtained sensitive information from internal systems of the Co-op. Several materials were reportedly accessed by the company, including internal communications, employee login credentials, and a sample database containing personal information such as names, address information, e-mail addresses, telephone numbers, and membership card numbers of 10,000 customers. 

It has since been confirmed that member information had been compromised by the company, but the company made it clear that passwords, financial information, and transaction details had not been compromised. In response to this, Co-op has taken more serious security measures. To prevent further unauthorised access, the organisation has instructed staff to keep cameras on during virtual meetings, to restrict recording and transcription, and to verify participants' identities. 

It seems that these protocols are a direct response to the attackers taking advantage of the internal collaboration tools of the company. It has several supermarkets is over 2,500, it has 800 funeral homes, an insurance company, as well as approximately 70,000 employees nationwide, so it is under tremendous pressure to rebuild trust and strengthen its digital defences. A well-known ransomware group operating under a ransomware-as-a-service (Raas) model, DragonForce, is still unable to share information on the plans it has for the stolen data if its is are not met with its demands. 

There is no clear indication of their affiliations, but their tactics closely match those of a loosely coordinated hacker group known as Scattered Spider or Octo Tempest. This group has young members, English-speaking actors who communicate through platforms such as Telegram and Discord. As an unusual twist in this attack, the individuals behind it have adopted aliases reminiscent of the characters from the American crime series Blacklist, stating ominously that they will be placing UK retailers on the Blacklist. 

It is important to note that even though the group declined to comment on the impact of their actions or how they were attacking other retailers such as Marks & Spencer and Harrods, their silence only furthers the uncertainty surrounding their motives. According to a statement issued by Co-op, the company will now be collaborating with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to resolve the situation. 

In light of the continuing increase in the threat of ransomware, this incident serves as a stark reminder that all organisations, especially those dealing with sensitive consumer data, must prioritise cybersecurity as part of their operational strategy. In the aftermath of the DragonForce cyberattack, organisations need to consider cybersecurity as a core business priority rather than a technical afterthought, as it underscores the importance of doing so. 

The threat of ransomware has become more advanced and accessible, which calls for companies to adopt a proactive approach - integrating cybersecurity into strategic plans, training employees, and implementing adaptive, layered defence techniques. For data protection standards to be strengthened and breach reporting to be more transparent, regulatory bodies must also be pushed by lawmakers to strengthen data protection standards. 

A world where data is increasingly digitised makes securing and maintaining trust even more imperative; it is a prerequisite for operating continuity and long-term credibility in an increasingly digital environment.
Read more »
Supplychain
Broker Support Comtel Cyber Security Cyber Vulnerabilities Cyberattacls CyberCrime Cyberhackers CyberThreat Supplychain

Critical Vulnerability Found in Cleo's File-Sharing Tools: Immediate Action Required

 


A critical security vulnerability has been discovered in Cleo's popular file-sharing tools, including Cleo Integration Cloud, Cleo Harmony, and Cleo VLTrader. This flaw puts businesses and users at significant risk of cyberattacks, prompting cybersecurity experts to urge immediate preventive measures.

The Vulnerability and Its Potential Impact

Security researchers have identified a critical flaw in Cleo's file-sharing platforms, which could allow remote attackers to access sensitive files and even manipulate data transfers. The vulnerability primarily affects enterprises using Cleo’s tools for B2B file transfers. This flaw makes it easier for attackers to intercept data during transmission or exploit weak authentication protocols to gain unauthorized access to the systems.

This issue is not just a theoretical risk—there have already been incidents where hackers have successfully exploited similar vulnerabilities in other systems. Given the widespread use of Cleo tools across industries such as healthcare, logistics, and finance, the potential damage is severe, with sensitive business data and personal information at risk.

Cleo's Response and Immediate Steps for Users

Cleo has acknowledged the issue and is working to release an updated patch that addresses the vulnerability. However, experts warn that until this patch is fully deployed, businesses should take immediate precautions. The following actions are recommended to reduce the risk:

  • Install the latest security updates from Cleo as soon as they are available.
  • Place all file-sharing tools behind a robust firewall to prevent unauthorized access.
  • Monitor network activity for unusual file transfers or signs of potential breaches.
  • Enforce strong authentication protocols, including multi-factor authentication wherever possible.

By following these best practices, organizations can minimize their exposure while awaiting a more comprehensive fix from Cleo.

The Broader Implications for File-Sharing Security

This incident highlights a growing trend in vulnerabilities affecting file-sharing and managed file transfer (MFT) tools. In 2023, a similar flaw was discovered in the MOVEit MFT solution, which was exploited by cybercriminals to access sensitive corporate data worldwide. As more organizations rely on file-sharing platforms to facilitate data exchange, the importance of securing these tools cannot be overstated.

Recommended Security Measures for File-Sharing Platforms

To protect against potential threats, companies using file-sharing tools should implement the following security measures:

  • Regularly apply security patches and updates provided by software vendors.
  • Ensure that all file-sharing systems are protected by firewalls and other protective layers.
  • Continuously monitor file transfer activities for any signs of unauthorized access or data manipulation.

As file-sharing tools are integral to the functioning of modern enterprises, prioritizing their security is essential for safeguarding sensitive data and ensuring operational continuity.

Read more »
Routers
CVE CVEs Cyber Security Cyber Vulnerabilities D-Link EOL firmware NAS Router vulnerability Routers

D-Link Urges Replacement of End-of-Life VPN Routers Amid Critical Security Vulnerability

 

D-Link has issued a strong warning to its customers, advising them to replace certain end-of-life (EoL) VPN router models immediately. This follows the discovery of a critical unauthenticated remote code execution (RCE) vulnerability that will not be addressed with security patches for the affected devices. The vulnerability was reported to D-Link by security researcher “delsploit,” although technical details have been withheld to prevent widespread exploitation. The flaw impacts all hardware and firmware versions of the DSR-150, DSR-150N, DSR-250, and DSR-250N models, particularly firmware versions 3.13 to 3.17B901C. 

These routers, which have been popular among home offices and small businesses worldwide, officially reached their end-of-service (EoS) status on May 1, 2024. D-Link’s advisory makes it clear that no further security updates will be issued for these devices. Customers are strongly encouraged to replace the affected models to avoid potential risks. For users who continue using these devices despite the warnings, D-Link suggests downloading the latest available firmware from their legacy website. 

However, it is important to note that even the most up-to-date firmware will not protect the routers from the RCE vulnerability. The company also cautions against using third-party open-firmware solutions, as these are unsupported and will void any product warranties. D-Link’s policy not to provide security fixes for EoL devices reflects a broader strategy within the networking hardware industry. The company cites factors such as evolving technologies, market demands, and product lifecycle maturity as reasons for discontinuing support for older models. The issue with D-Link routers is not an isolated case. 

Earlier this month, researcher “Netsecfish” revealed CVE-2024-10914, a command injection flaw affecting thousands of EoL D-Link NAS devices. Similarly, three critical vulnerabilities were recently disclosed in the D-Link DSL6740C modem. In both instances, the company chose not to release updates despite evidence of active exploitation attempts. The growing trend of security risks in EoL networking hardware highlights the importance of timely device replacement. 

As D-Link warns, continued use of unsupported routers not only puts connected devices at risk but may also leave sensitive data vulnerable to exploitation. By replacing outdated equipment with modern, supported alternatives, users can ensure stronger protection against emerging cybersecurity threats.
Read more »
Windows PC
Cyber Vulnerabilities CyberCrime Cybersecurity IP Address Kaspersky malware STeelFox Windows Windows PC

Windows PCs at Risk as SteelFox Malware Targets Driver Vulnerabilities

 


Several experts have warned that hackers are using malware to attack Windows systems with the intention of mining cryptocurrency and stealing sensitive information from their devices. The latest Kaspersky Security Report claims to have spotted tens of thousands of infected endpoints. Cybercriminals have obtained fake cracks and activators for several commercial software products, such as Foxit PDF Editor, JetBrains, or AutoCAD, which they are selling to users. 

There is a vulnerability in a driver called WinRing0.sys that is associated with some fake cracks. The victim of this attack has reintroduced the CVE-2020-14979 and the CVE-2021-41285 vulnerabilities back onto the system by adding this driver at the same time, two three-year-old vulnerabilities that extended the privileges of the attacker to the maximum possible. 

SteelFox is a malware package that has been designed to mine cryptocurrency and steal credit card details via SYSTEM privileges by taking advantage of the "bring your own vulnerable driver" attack method. In forums and torrent trackers, malware bundle droppers appear as crack tools. These tools act as crack tools that activate legitimate versions of various software, such as Foxit PDF Editor, JetBrains, and AutoCAD. 

To evade detection and evade detection, state-sponsored threat actors and ransomware groups are known to exploit vulnerable drivers to escalate privileges. As of late, however, this method seems to be extended to attack against information-stealing malware as well. According to Kaspersky researchers, the SteelFox campaign was discovered in August of this year, but they add that the malware has been active since February 2023 and has been distributed through various channels (such as torrents, blogs and forum posts) in the past few weeks. 

The Rhadamanthys data theft malware has been available for download for some time, but since July 2024 the virus' version has been updated with copyright-related themes in an ongoing phishing campaign. There is a large-scale cybercrime campaign being tracked by the checkpoint group under the name CopyRightAdamantys. In addition to targeting the U.S., Europe, East Asia, and South America, the organization targets other regions as well. 

The campaign tries to impersonate dozens of companies, while each email is sent from a different Gmail account, providing a tailored impersonation of the target company as well as a tailored language based on the targeted entity, according to a technical analysis provided by the company. In the case of impersonated companies, there is almost 70% of them from the entertainment/media/technology/software sector." 

There is an element that stands out about the attacks: the deployment of the Rhadamanthys stealer version 0.7, which, as described by Insikt Group, Recorded Future's security division, early last month, is utilized to carry out optical character recognition. Cisco Talos, an Israeli company that specializes in cyber security, disclosed last week that it had been targeting users of Facebook business and advertising accounts in Taiwan by delivering malware known as Lumma or Rhadamanthys, which is designed to steal information.

There are three components inside the RAR archive. A legitimate executable vulnerable to DLL side-loading, a malicious DLL containing the stealer payload, and a decoy document containing the stealer payload. After the binary has been executed, it will sideload the DLL file that will create the environment that will allow Rhadamanthys to be deployed. It is likely that the threat actors were using artificial intelligence tools to spread the malware, based on both the scale of the campaign and the variety of lures that were included in the campaign and the emails sent by the sender, which Check Point attributed to a possible cybercrime group. 

It seems likely that this campaign was orchestrated by a financially motivated cybercrime group and not a nation-state actor, particularly given the large number of organizations across multiple regions targeted in this campaign," he continued. In addition to its global reach, the use of automated phishing tactics, and the use of a variety of lures, this campaign demonstrates how attackers continue to enhance their success rates." 

As part of these findings, Kaspersky also revealed a full-featured crimeware bundle dubbed SteelFox, which has been spreading via forums posts, torrent trackers, and blogs, passing itself off as legitimate utilities like Foxit PDF Editor, JetBrains, and AutoCAD in order to steal personal information. In the last two years, the campaign of terrorism has claimed victims in nearly 50 countries. The majority of the victims were in Brazil, China, Russia, Mexico, the United Arab Emirates, Egypt, Algeria, Vietnam, India, and Sri Lanka, with many more in Brazil, China, Russia, and Mexico. 

At this point in time, there is no known threat actor or group associated with this attack. A security researcher, Kirill Korchemny, said: "Delivered via sophisticated execution chains, notably shellcode, this type of malware abuses both Windows services and drivers in an attempt to accomplish its objectives." As a result of it, he said that he used stealer malware to obtain details about the victim's device as well as his credit card information. 

A dropper program is the starting point of this setup, in the sense that it mimics cracked versions of popular software, so when it is run, the dropper application will request administrator permissions and drop a next-stage loader which, in turn, will establish persistence and launch the SteelFox module. It is Kaspersky's opinion that although SteelFox's C2 domain is hardcoded, it has managed to conceal its presence through the use of multiple IP addresses and using DNS over HTTPS to resolve its IP addresses in order to hide its presence. Although SteelFox attacks don't have specific targets, they seem to focus on users of AutoCAD, JetBrains, and Foxit's Adobe PDF Editor app. 

In accordance with Kaspersky's visibility information, Kaspersky indicates that the malware is compromising systems in Brazil, China, Russia, Mexico, the UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka among others. Researchers have identified a new and potent cyber threat: the SteelFox malware, a sophisticated crimeware bundle targeting Windows PCs through vulnerable drivers. This malware, still relatively new to the landscape, demonstrates advanced functionality and appears to be the product of a skilled C++ developer who has integrated multiple external libraries to enhance its capabilities. 

In a related development, analysts from FortiGuard Labs have reported the discovery of another malicious software framework named Winos4.0. This advanced framework, embedded in game-related applications, is engineered specifically to target Windows users. Originating as an evolved version of the Gh0strat malware, Winos4.0 enables attackers to remotely execute various actions, providing them with substantial control over compromised systems. The infection process for Winos4.0 is particularly deceptive. 

It spreads through game-related applications, such as installation utilities and performance enhancement tools, designed to appeal to gamers and other Windows users. Once an individual downloads and installs one of these compromised applications, a seemingly harmless BMP file is retrieved from a remote server. This file subsequently extracts and activates the Winos4.0 DLL file, initiating the malware’s operations. 

In its initial phase, Winos4.0 sets up an environment for deploying further modules and establishes persistence on the infected machine by modifying system registry keys or creating scheduled tasks. Through this multi-stage infection process, Winos4.0 builds a durable foothold on affected devices, opening avenues for continuous exploitation and control.
Read more »
Fortra
CVE CVE vulnerability CVEs Cyber Security Cyber Vulnerabilities cybersecurity research Fortra

New Windows Vulnerability CVE-2024-6768 Triggers Blue Screen of Death on All Versions of Windows 10 and 11

 

A recently uncovered Windows vulnerability, known as CVE-2024-6768, has raised alarm among cybersecurity experts due to its potential to cause widespread disruption by triggering the dreaded blue screen of death (BSOD) on a range of Windows operating systems. Discovered by cybersecurity researchers from Fortra, this vulnerability impacts all versions of Windows 10 and Windows 11, as well as Windows Server 2022, even if they have received the latest security patches. 

The flaw lies within the common log file system (CLFS) driver, which, when improperly validated, can result in a system crash by initiating the KeBugCheckEx function, causing the infamous BSOD. The vulnerability is significant because it can be exploited by a user with no administrative privileges. By using a specially crafted file, a malicious actor can crash the system, leading to potential data loss and disruption of services. Although the attack vector is local rather than remote, the ease with which the vulnerability can be exploited raises concerns about its potential impact. The vulnerability is graded as medium risk due to the requirement for local access, but the consequences of exploitation—especially in environments with multiple users—are severe. 

The discovery of CVE-2024-6768 dates back to December 2023, when Fortra initially reported the issue to Microsoft, providing a proof-of-concept (PoC) exploit. Despite Fortra’s efforts to demonstrate the vulnerability across various systems, including those with the latest security updates, Microsoft was unable to reproduce the flaw and therefore did not prioritize a fix. Fortra continued to provide evidence, including screenshots, videos, and memory dumps, but Microsoft remained unresponsive, ultimately closing the case in February 2024. In June 2024, frustrated by the lack of progress, Fortra announced its intention to pursue a Common Vulnerabilities and Exposures (CVE) designation and publish its findings. 

The vulnerability was officially cataloged as CVE-2024-6768 in July 2024, and Fortra planned to release its research publicly in August 2024. The report highlights the vulnerability’s potential to be exploited by low-privileged users to crash systems, which could be particularly damaging in multi-user environments or where system stability is crucial. Microsoft, for its part, has downplayed the severity of the issue, stating that the vulnerability does not meet its criteria for immediate servicing. The company noted that an attacker would need to have already gained code execution capabilities on the target machine and that the vulnerability does not grant elevated permissions. 

However, the lack of a workaround or mitigation has left many organizations concerned about the potential impact of this flaw. While the average Windows user may not be significantly affected by CVE-2024-6768, the vulnerability poses a serious risk to businesses and organizations that rely on stable and secure systems. The possibility of a low-privileged user crashing a system without warning could lead to significant operational disruptions, especially in environments where uptime is critical. For these organizations, the absence of a timely fix from Microsoft is a cause for concern, and they may need to take additional precautions to safeguard their systems. 

In conclusion, the discovery of CVE-2024-6768 underscores the ongoing challenges in maintaining the security and stability of widely used operating systems. As Microsoft considers whether to release a fix, the vulnerability serves as a reminder of the importance of proactive cybersecurity measures and the need for organizations to remain vigilant in the face of evolving threats.
Read more »
Leido
Cyber Vulnerabilities Cyberattacks CyberCrime Cyberhacking CyberThreat Data Breach Data Exposes IT Documents Leido

Hacking Group Exposes Pentagon IT Provider's Documents

 


A person familiar with the matter informed us that hackers stole internal documents from Leidos Holdings Inc., one of the largest IT service providers in the US government, in an attempted breach of security. There has been a recent discovery at Leidos and they believe they were the victim of a previously disclosed breach of a Diligent Corp. system they used, which was in use at the time, said the person who requested not to be named because it is an internal matter. According to the person who spoke with me, Leidos is currently investigating this issue. 

As one of the most highly regarded companies in the world, Leidos' clients include the Defense Department, Homeland Security Department, and NASA, as well as other national and international government agencies. Based on a filing in Massachusetts dated June 2023, it was reported that Leidos used the Diligent system to store information that was gathered during internal investigations. It has been reported that Leidos has refused to comment on the information that has been stolen. 

A request for comments was not immediately responded to by the Pentagon, the Department of Homeland Security, and NASA. As Bloomberg News discovered, some files purportedly from Leidos had been posted on a cybercrime forum, but the details of those files had been redacted, so Bloomberg could not verify the authenticity of the files. Even though Steele Compliance Solutions is owned by Steele, which acquired the company in 2021, a diligent spokesperson said it appears that the leak and its source are related to a hack in 2022. 

At that time, there were less than 15 customers, including Leidos, who were using the product, according to the company. Detailed in a data breach notice filed in Massachusetts on November 11, 2022, Diligent declared the breach to Leidos after discovering the data leak. The attack was carried out by an unauthorized party who exploited a weakness in Diligent's platform to download documents, which may have occurred as early as September 30th of last year. 

The third intruder exploited a second vulnerability around or around October 1, 2022, allowing him to gain access to data submitted through Leidos' enterprise case management system (ECMS), hosted by Diligent, as well as personal information submitted via the system. Earlier reports indicated that the leak of data was linked to Steele Compliance Solutions, one of Diligent's subsidiary companies acquired in 2021, and that was where the scandal originated. 

When mergers and acquisitions occur, there is chaos and sensitive information may be transferred between the two companies, giving hackers a prime opportunity to exploit the situation. An FBI report published in 2021 forecasted that cybercriminals will target organizations during "time-sensitive financial events" such as mergers and acquisitions to extract sensitive information. On February 9, 2023, Leidos received notification of a second data leak, which prompted an investigation into a possible security breach. 

During the investigation, it was discovered that the impacted documents contained personal information, and to allow victims to be able to protect themselves against identity theft, the defence contractor offered two years of identity theft protection. Leidos confirmed that this data leak was caused by an incident that occurred in 2023 that impacted a third-party vendor for which all necessary notification was made in the past. 

According to the Pentagon defence contractor, “our network or any sensitive customer data was not affected by the incident.” At the time of the incident, the product in question was being used by fewer than 15 customers, including defence contractor Leidos, as reported by the company. In a data breach notice filed in Massachusetts on November 11, 2022, Diligent Corporation disclosed the breach to Leidos after discovering unauthorized access to its data. The breach involved an unauthorized party exploiting a vulnerability in Diligent's platform to download documents. 

It is believed that this exploitation may have occurred as early as September 30, 2022. A subsequent intrusion was identified around October 1, 2022, where a third-party attacker exploited a second vulnerability. This allowed the intruder to access data submitted through Leidos' Enterprise Case Management System (ECMS), which was hosted by Diligent, and personal information submitted via the system. Previous reports had indicated that the data leak was associated with Steele Compliance Solutions, a subsidiary of Diligent acquired in 2021 and that this subsidiary was the origin of the breach. 

Mergers and acquisitions often involve transferring sensitive information between companies, creating opportunities for cybercriminals to exploit these transitions. An FBI report published in 2021 anticipated that cybercriminals would target organizations during "time-sensitive financial events," such as mergers and acquisitions, to extract sensitive information. On February 9, 2023, Leidos was notified of a second data leak, which triggered an investigation into a potential security breach. 

The investigation revealed that the compromised documents contained personal information. In response, Leidos offered two years of identity theft protection to allow affected individuals to protect themselves against identity theft. Leidos confirmed that the data leak was caused by an incident in 2023 that affected a third-party vendor. The company assured that all necessary notifications had been made in the past and emphasized that neither their network nor any sensitive customer data were impacted by the incident.
Read more »
Digital Platform
Cyber Security Cyber Vulnerabilities Digital Digital Age Digital Platform

Time to bring order to Cyber Chaos

 

In today's digital era, businesses are embracing rapid changes to enhance efficiency, but with it comes a surge in cybersecurity challenges. Last year saw a staggering 29,000 new IT vulnerabilities reported globally, emphasising the need for a strategic approach. 
 
The Challenge: Businesses face overwhelming data and fragmentation issues, operating across intricate networks that make it challenging to identify vulnerabilities. With interconnected systems, a vulnerability in one device can lead to widespread disruption, creating a need for effective risk management. 
 
Information Overload: 
 
The National Vulnerability Database reported over 25,000 vulnerabilities in 2022 alone, causing information overload for organisations. It's unrealistic for firms to patch everything; they can only address 5-20% of identified vulnerabilities per month. Prioritisation becomes crucial, focusing on the most critical vulnerabilities in real-time. 
 
The Need for Change: 
 
Traditional risk prioritisation methods need to be revised in complex network ecosystems. Shadow IT, data obsolescence and outdated asset inventories worsen the confusion. A new approach is essential to adapt to the evolving cyber landscape. 
 
Solution: Risk-Based Vulnerability Management (RBVM) 
 
RBVM shifts from the traditional tick-box approach to a nuanced method. It evaluates vulnerabilities based on severity and the organisation's unique context, industry, and operations. RBVM provides a holistic network view, integrating with existing security tools and utilising threat intelligence for dynamic prioritisation. 
 
Effective RBVM is not just about tools; it relies on people managing vulnerabilities. Establishing responsibilities, fostering accountability, and ensuring coherent team efforts are vital. People, processes, and tools together transform vulnerability chaos into manageable order. 

Businesses must align vulnerability management with compliance and regulatory requirements. The Common Vulnerability Scoring System (CVSS) 4.0 emphasises a granular framework, but relying solely on CVSS scores may lead to misguided priorities. Smaller organisations balance reactive and preventive measures, while larger enterprises delve into asset management and threat intelligence. 
 
Successful RBVM adoption requires efforts across the business. Aligning C-level strategy, streamlining IT processes, and fostering a culture of knowledge sharing create resilience in the face of cyber threats. 
 
So it appears, that navigating the complex cyber world demands a simplified yet comprehensive approach. By embracing RBVM, businesses can effectively manage vulnerabilities, protect against cyber threats, and build a strong defence system for the future.
Read more »
practices against data theft
Cyber Attacks Cyber Vulnerabilities Data Theft practices against data theft

Best Cybersecurity Practices to Instill in Your End-Users

Recently a study has been done on password reuse threats and it was discovered that password reuse is a big security threat to companies worldwide since 64% of people continue to use passwords that have been exposed in a breach. 

As we are spending a large amount of our time online, working from our own systems,  we also end up sharing our personal data over the internet since we are becoming more reliant on it for our daily services. 

It has become extremely important to protect our sensitive data from cybersecurity threats. Poor password hygiene by end-users can put your organization at great security risk, and also make your company’s sensitive data vulnerable to cyber-attack. 

To prevent cybersecurity attacks the company should start a defense mechanism that starts with educating employees. The security awareness program should include phishing and social engineering, access, passwords, connection, device security, physical security, etc. 

Cybersecurity awareness training will help employees to become more aware, and knowledgeable against the latest cybersecurity threats targeting end-users. 

There are various ways to protect your system but these 5 security practices are indispensable to prevent cybersecurity threats and to train your employees. 

 1. Don’t leave information unprotected 

The company should encourage employees to lock their systems when they are not around. Leaving your screen unlocked could increase the risk of someone viewing or accessing important data. 

2. Enforce password policy compliance 

It should be mandatory for employees to comply with the password policy rules of the organization. The organizations should enforce length and complexity and also make sure that the password should be blocking over 3 billion known breached passwords. 

3. Utilize MFA whenever possible 

The implementation of multifactor authentication (MFA) should be mandatory for end-users logging into work apps by the organization, and also changing, and resetting their passwords from time to time. 

4. Use a password manager 

Password manager is not only recommended to the end-user but to utilize shared vault features to prevent insecure password sharing among other employees. 

5. Data Privacy and Storage Policies 

Encouraging employees for data storage best practices, as well as implementing a zero-trust framework in your organization, ensures none of your end-users are unknowing putting your data at risk.
Read more »
Subscribe to: Posts (Atom)