Search This Blog

Showing posts with label Data Theft. Show all posts

Cloud Data Theft is Booming According to CrowdStrike


An industry-leading cybersecurity company known as CrowdStrike reported that it had seen the largest increase in adversaries in one year. This was in comparison with what it had observed in the past. There was an increase in cloud attacks by 95% according to the study, which identified 33 re-new threat actors, approximately three times as many cases from 2021 involving cloud-conscious actors as they did in 2022. 

As a result of these trends, CrowdStrike believes that it will become more common for e-currency and nation-state actors to use their tradecraft and knowledge to greatly exploit cloud environments in the future, it stated in its global threat report for 2023. 

There has been a shift among bad actors away from deactivating antivirus and firewall technologies, and away from efforts to tamper with logs. Instead, they have turned toward modifications to authentication processes and attacks on identities, according to the report. 

There has been a dramatic rise in identity theft as a result of a wide range of threats. Identifying and privileged access credentials are among the most common targets targeted by hackers. Why? On the dark web, attackers want to sell compromised information to third parties for high prices to become access brokers and make money off the stolen information. 

As attackers reinvent themselves as access brokers, CrowdStrike's report provides a sobering look at their emergence. There is a 20% increase in adversaries engaging in extortion campaigns and theft of data related to the cloud as per the report. 

A broader analysis revealed an increase of 33 new adversaries in just one year. This was the biggest increase in the number of adversaries ever! Recent telecommunications, BPO, tech, and BPO companies have been the victims of sophisticated attacks carried out by both Scattered Spider and Slippery Spider malware. 

Cloud Security is Hampered by Overcast Skies

In addition to the multitude of new and unknown threat actors that CrowdStrike's report uncovered, CrowdStrike's report also noted a surge in identity-based threats, cloud exploits, national intelligence services, and attacks that re-pointed to previously patched vulnerabilities as weapons of mass destruction.

CrowdStrikeFalcon OverWatch measures the break-through time of adversaries according to the report by determining how far a compromised host is from a second host within the victim environment or how long the adversaries have to move laterally within the victim environment to gain access to the compromised host. This report from the National Institute on Crime and Law Enforcement suggests that for interactive eCrime intrusions, the average breakthrough time has decreased from 98 minutes in 2021 to 84 minutes in 2022. 

To minimize costs and ancillary damages caused by attackers, CISOs and their teams must respond more quickly as the breach window shrinks, and as attack windows become shorter. The 1-10-60 rule is one that CrowdStrikes recommends security teams follow: detect threats within the first minute, understand them within the first 10 minutes, and respond within the first 60 minutes.

It is well known that hackers, nation-states, and cybercriminals are growing at an exponential rate around the world. 

In an announcement made by Meyers, CrowdStrike has added Syria, Turkey, and Columbia to its list of malicious host countries it has already identified. As a result of interactive intrusions, Meyers reported there was a 50% increase compared to last year. Human adversaries try to bypass the computer's and antivirus defenses, contributing to the rise in human-computer crime. 

The Microsoft company published 28 zero days and 1,200 patches; however, only two out of 28 of those patches and zero days were exploited by nation-nexus and cybercriminal adversaries, who circumvented patches and bypassed mitigations, exploiting legacy vulnerabilities such as Log4Shell and keeping up with ProxyNotShell and Follina vulnerabilities. 

Engineers and Cloud Defenders Must be Versatile 

A variety of techniques are used by attackers to inject themselves into cloud environments and move laterally once they have entered them. There’s no doubt that CrowdStrike’s data shows an increase in both the number of valid cloud accounts used for initial cloud access and the number of public-facing applications being deployed. Also, according to the company, there has been an increase in the number of actors who are attempting to discover cloud accounts as opposed to cloud infrastructures and using legitimate higher-privileged accounts when looking for cloud accounts. 

To be successful in the cloud computing field, engineers need to be more versatile than ever before. For a business or enterprise to succeed, they need to be able to manage, plan, architect, monitor, and anticipate issues regarding cloud security and manage them as part of a continuous process.

LastPass Breach: CISA Warns of Exploited Plex Bug


An employee of LastPass was responsible for the massive breach at the company as he failed to update Plex on his home computer when he was updating Plex on his work computer. A potential danger lurks in failing to keep software up-to-date, as this is a sobering reminder of the risks involved. 

In a recent report on the embattled password management service, it was revealed that unidentified actors used information stolen from a previous incident that occurred before August 12, 2022, to launch a coordinated second attack between August and October 2022 based on information that was obtained from a third-party data breach and vulnerabilities in third-party media software packages. 

In the end, an intrusion led to the adversary stealing information about customers and password vault data, which was partially encrypted. 

Secondly, an attack targeted one of the DevOps engineers, forging credentials and breaching the cloud storage environment by infecting the engineer's home computer with keylogger malware. 

In addition to a critical severity vulnerability, CISA added a known exploited vulnerability to its Known Exploited Vulnerabilities (KEV) section (tracked as CVE-2021-39144), exploited by third parties since early December. 

U.S. federal agencies have been made aware that, by a binding operational directive (BOD 22-01) issued by the Army in November 2021, they are now mandated to secure their systems against attacks until March 31st to prevent potential attacks exploiting the two security holes that could impact their networks. 

As part of its ongoing effort to identify security flaws exploited by hackers, CISA has discovered a high-severity and relatively older remote code execution (RCE) vulnerability in Plex Media Server that was discovered almost three years ago.

This issue has been tracked as CVE-2020-5741 and it has been described as a deserialization flaw in Plex Media Server that can be exploited remotely to execute arbitrary Python code, which is also described as a high-severity flaw. 

It should be noted that this vulnerability has been addressed with the release of Plex Media Server 1.19.3, which means the attacker would need administrator rights to exploit the vulnerability successfully. Due to this, it is unlikely that it will be a target of an attack in the future. 

In August 2022, Plex reported that there had been a data breach that could adversely affect over 15 million customers. In this breach, usernames, emails, and passwords were stolen, resulting in the loss of personal information. 

The implications of this are that unpatched Plex Media Server instances are still vulnerable to CVE-2020-5741 attacks and could be exploited by malicious individuals. 

Although the CISA team added the vulnerability to the KEV list without providing any information about its potential in-the-wild exploitation, media reports recently suggested that a Plex bug exploited to hack a DevOps engineer's computer may have been responsible for the data breach at LastPass last year that led to the theft of user vault data.

Fake ChatGPT Chrome Extension Targets Facebook Accounts


As ChatGPT becomes increasingly well-known, more and more individuals desire to use cutting-edge chatbot. In turn, this makes them a desirable target for cybercriminals. 

This time around, hackers are using a browser extension called "Quick access to Chat GPT" as a ruse to trick unwary users, claims a recent blog post from the online privacy company Guardio. A while back, fake ChatGPT apps were used to spread malware and steal passwords. The extension, which has since been taken down from the Chrome Web Store, does, however, genuinely provide users access to the chatbot, unlike other fraudulent ChatGPT apps. 

The extension does this while also stealing every cookie that is saved in your browser, including security and session tokens for websites like YouTube, Twitter, and even your Google account. The hackers behind the extension can access your online accounts and steal your passwords with this information, while the primary target of the extension is Facebook accounts. 

Targeting prominent Facebook business accounts 

The hackers who created the extension, according to CyberNews, are closely monitoring people who have prominent Facebook business accounts. This makes sense considering how lucrative LinkedIn and Facebook Business accounts may be, and how frequently attackers target them. 

Those who install the extension will not only have their Facebook accounts compromised but also have bots utilise them to promote "Easy access to Chat GPT" even further.

Even worse, the hackers behind this effort have discovered a means to get around Facebook's security by renaming queries made through Meta's Graph API to the social media platform's servers. This allows them to handle a victim's "linked WhatsApp and Instagram accounts" according to Guardio's security analysts. 

You must exercise extreme caution while downloading and installing new browser extensions because so much of our daily activities now take place online. Bad extensions can manage to evade detection, just like malicious programmes. For this reason, before downloading an extension, you should always check its rating and reviews on the Chrome Web Store. When you click "Add to Chrome," you should, however, search for external evaluations on other websites or even videos that demonstrate an extension in use.

How to use ChatGPT securely and safely

The most recent trends are well known to hackers, who exploit them to develop fresh phishing schemes and other intrusions. In order to encourage you to click or download something, companies typically aim to create a sense of urgency, but in this case, ChatGPT has already done the legwork for them. 

The only option to skip the line and gain early access to ChatGPT is to pay $20 per month for ChatGPT Plus or to fulfil all conditions to gain early access to Microsoft's Bing with ChatGPT. 

There isn't an official browser plugin for ChatGPT yet. Indeed, "" is the only place where you may now access OpenAI's chatbot online. It's possible that this will change in the future, and if it does, there will be several announcements and news stories regarding the new ChatGPT access method. 

You should probably make sure that the best antivirus software is loaded on your PC or the best Mac antivirus software is installed on your Apple computer if you're the impatient type who searches for quick ways to access ChatGPT. This will protect you from malware and other viruses if you encounter fraud similar to the one described above.

Hackers will probably continue to develop new strategies to utilise the well-known chatbot as bait until ChatGPT can be accessible by anybody without needing to join a waitlist or wait in a queue.

Dish Network Blames Ransomware for Ongoing Outage

Dish, a satellite television provider in the United States, has confirmed that a ransomware attack is responsible for an ongoing service outage. The company also warned that the malicious actors have also exfiltrated data from its systems during the breach. 

The outage, which has persisted for several days and was initially attributed to "internal systems issues," affects Dish's primary website, mobile applications, customer support systems, as well as the firm's Sling TV streaming and wireless services. 

The threat actors behind the breach compromised the company’s internal systems. “It is possible the investigation will reveal that the extracted data includes personal information,” Dish says. 

In a public filing released on Tuesday, the company acknowledged that the cause of the outage was a cybersecurity incident. The company has informed law enforcement authorities about the situation. 

However, as of now, the company reported that the effects of the attack continue to disrupt its “internal communications, customer call centers, and internet sites.” 

Additionally, the company has provided some details on how they are managing the situation. They are working to manage and contain the effects of the attack, assess the extent of the damage, and address any issues caused by the attack.

The company is also worried about the attack's potential impact on its employees, customers, business, financials, and operations. Following the matter, the company further reported that the threat actors have stolen some data from their computer systems, which could include personal credentials. 

Presently, it remains uncertain whether this data belongs to Dish's customers, employees, or both, and the extent of the data theft is also unknown. Dish has a big network, it serves 10 million customers through its satellite TV, streaming, and other services. 

The company on its website reported that “as a result of this incident, many of our customers are having trouble reaching our service desks, accessing their accounts, and making payments we’re making progress on the customer service front every day, including ramping up our call capacity, but it will take a little time before things are fully restored." 

The company stated that they are still evaluating the damage caused by the cyber-attack. However, their services, including Dish, Sling, and wireless and data networks, are running without issues.

Chinese Gadget: A Potent Tool to Spy on UK Citizens


Our smartphones, the websites we visit, and CCTV cameras are harvesting invaluable data about our lives by tracking every move we make hundreds of thousands of times per day. A large portion of this data is stored in China. This idea is terrifying. 

The Chinese-owned video-sharing app TikTok has software that can access our most private information, according to a cybersecurity company's demonstration last week. It's the newest and most concerning illustration of how technology constantly monitors us, endangering both our civil freedoms and the security of the country.

According to Asian Light International, China is "weaponizing" microchips placed in smart bulbs, refrigerators, vehicles, and credit cards to spy on you. Three Chinese firms, Quectel, Fibocom, and China Mobile, already control 54% of the worldwide device market and 75% of the connection industry.

Clients of the three Chinese companies include Tesla Motors, Dell, Lenovo, HP, and Intel, as well as Sumup, a company that processes credit card payments. According to Asian Lite International, devices with modules include laptop computers, voice-activated smart speakers, smart watches, smart energy metres, fridges, light bulbs, and other appliances that can be operated via an app. They also include body-worn police cameras, doorbell cameras, and security cameras, as well as bank card payment terminals, cars, and even hot tubs.

The modules gather information and then broadcast it over 5G networks, allowing China to track the movements of intelligence targets like people, weapons, and supplies while also using the gadgets for industrial espionage. In the UK, there are already millions of them in use. 

A report by Charles Parton, a former diplomat who advised parliament on China, claims that "trojan horse" technology poses a "widespread" threat to Britain's national security. Parton worked in China, Taiwan, and Hong Kong for 22 years of his diplomatic career. He has provided China-related advice to the Foreign Office, the European Union, and the Commons Foreign Affairs Committee.

Senior MPs have expressed concerns about the "widespread presence" of cellular IoT modules, according to the report, which claims that ministers have entirely failed to comprehend the harm they bring. It urges ministers to act right away to prevent the sale of Chinese-made cellular IoT in the UK before it's too late. 

Charles Parton stated, "We are not yet aware of the hazard. China has recognised a chance to control this market, and if it succeeds, it will be able to collect a lot of data and compel other nations to depend on them." 

According to a report released on Monday by Washington-based consultancy OODA, the potential threat to national security posed by Huawei products used in mobile infrastructure is greater than the threat posed by Chinese-made components in mobile phone masts. As a result, the government has decided to outlaw these products. Cellular IoTs, or Internet of Things, are tiny modules that are employed in everything from advanced weapon systems to smart refrigerators to track usage and transmit information to the owner and frequently the manufacturer utilising 5G.

Espionage has a lot of potential. According to Asian Light International, the research recommends monitoring American arms sales activity in conjunction with artificial intelligence and machine learning to handle enormous amounts of data. In order to track visiting ministers during advance security sweeps, it can also be used to identify and address royal and diplomatic protection personnel. 

Even seemingly innocent uses of the equipment, like farm gear, might enable the Chinese identify weak points in Western supply chains, like low crop harvests, and subsequently undercut British providers. gaining market share, increasing reliance on Chinese goods in the West. The West would become totally dependent on China for the supply of the crucial component if China were allowed to establish a monopoly on the manufacture of the equipment, which is subsidised by the Chinese government to make them less expensive than Western competitors, according to Asian Lite International. 

According to the OODA report, government assets should be thoroughly audited to determine whether equipment needs to be replaced and that task be delegated to corporations working in sensitive industries like defence by the end of 2025.

Evaluation by Chainalysis Declare 2022 to be "The Year of Crypto Thefts"


A recent Chainalysis analysis stated that ransomware and fraud increased cryptocurrency theft last year. "The 2023 Crypto Crime Report" was published by Chainalysis. The paper also discussed the reasons why 2022 established records for cryptocurrency hacking and the effects of sanctions against Hydra, Tornado Cash, and other companies on cryptocurrency crime. In addition, case studies on the greatest hacks, darknet markets, and ransomware variants of the year were included in the paper. 

Rise in crypto crime

Chainalysis is a well-known blockchain data platform that serves more than 70 nations' worth of exchanges, financial institutions, insurance organisations, and cybersecurity firms with data, software, services, and research.

The 2022 instability on the cryptocurrency markets was addressed in the 2023 crypto crime report. The paper also highlighted the most recent methods used by fraudsters for laundering money using cryptocurrencies. 

For cryptocurrency criminals, 2017 was a good year. Over $3.8 billion, more than any other year, was stolen from various services and processes, with $775.7 million of that total occurring in just one month, according to Chainalysis. The research also claims that fraudsters' and ransomware hackers' overall revenue decreased.

As stated in the papers, DeFi methods accounted for 82.1% of the stolen money. "In particular, cross-chain bridges, which are protocols that let users exchange assets between two separate blockchains."

"Bridges are an enticing target for hackers as the smart contracts in effect become massive, centralised warehouses of monies backing the assets that have been crossed to the new chain – a more desirable honeypot could barely be imagined," the paper states. 

Oracle manipulation, according to Chainalysis, is a growing trend in DeFi hacks. This is when an attacker subverts the mechanisms used by a decentralised protocol to determine the price of traded assets and establishes favourable conditions for quick and extremely profitable trades.

DeFi protocols lost $386.2 million in 2022 as a result of 41 different oracle manipulation attacks. A case in point is the Mango Markets exploit, which led to the arrest of the suspected attacker, Avraham Eisenberg, who is now accused of manipulating commodities in a US court. 

The Lazarus squad of North Korean hackers surpassed their previous record in 2022, stealing $1.7 billion from numerous victims. The majority of that money was sent to decentralised exchanges and a number of mixers, including Tornado Cash, Blender(dot)io, and Sinbad after Blender was shut down

The Russian darknet marketplace Hydra, the exchange Garantex, the cryptocurrency mixers Blender(dot)io, and Tornado Cash were all sanctioned by the United States last year. However, not all of the money processed by these sanctioned services had criminal origins; according to the Chainalysis analysis, just 6.1% of the money Garantex received and 34% of the money received by Tornado Cash came from illegal sources. 

Sanctions, as stated by Chainalysis, significantly reduced the amount of money that could enter Tornado Cash, however, Garantex continued to operate as usual and reported an increase in receiving funds from recognised darknet and fraud sites.

An Exploit on Reddit Shows MFA's Limitations


It is becoming increasingly obvious that attackers are finding ways to circumvent multifactor authentication mechanisms as a result of the latest hack of a well-known company. 

A threat actor sent out an email containing a link as part of a spearphishing attack on Reddit on January 9, and Reddit's users were informed as a result that one employee had been successfully convinced to click on the link in an email sent out as part of the spearphishing attack. Investigators found that the website mimicked the behavior of the intranet gateway, and attempted to steal second-factor tokens and credentials at the same time.  

According to Reddit, compromising the employee's credentials allowed the attacker to sift through Reddit's systems for a few hours. During this time, they accessed internal documents, dashboards, and code that were stored on the system. 

In a follow-up AMA video, Reddit CTO Chris Slowe (aka KeyserSosa) explained that while his company is investigating, there is still no evidence that the attacker accessed user data or production systems, as he explained in the video. 

Chris Slowe mentioned that the inability to prove a negative makes it extremely difficult for Reddit to determine anything at this point. Therefore, the team at Reddit is continuing its investigation. There is a burden of proof at the moment that suggests that access to the data was limited to several systems outside the main production environment. 

The Reddit social media community has become the latest company to fall victim to a cyberattack that harvests the credentials of its employees and enables access to sensitive systems through social engineering. In late January, Riot Games, the company responsible for making the popular game League of Legends, announced that they had been compromised. Threat actors had exploited a social engineering attack to steal code and delay updating the game, thereby delaying the release of updates. With compromised login credentials taken from Rockstar Games' Rockstar Studios, the maker of the Grand Theft Auto franchise, four months earlier, attackers were able to gain access to the Rockstar Data Warehouse and steal the source code. 

Phishing attacks and credential theft are two of the most common causes of breaches, even when the breaches are minor. As a result of the "2023 Email Security Trends" report published by Barracuda Networks, a provider of application and data protection services, more than three-quarters of IT professionals and IT security managers said their companies had experienced a successful email attack in the past year, according to the survey. Furthermore, there was an average number of fines and recovery costs associated with the most expensive attacks for the average firm. 

However, phishing and spear-phishing are considered common threats to businesses, with only 26% of respondents feeling unprepared for both attacks. Compared to 2019 when 47% and 36% of respondents claimed their firms were unprepared to face the threat of a data breach, this is an improvement. In the report, it was found that there has been an increase in concern over account takeovers in the past few years. 

The report states that although organizations may be better equipped to prevent phishing attacks, they may not have the capacity to resolve account takeovers, which are usually a consequence of phishing attacks that succeed. 

Cybersecurity Relies Heavily on Employees 

Aside from the irony of the Reddit hack, the incident provides a valuable lesson on the importance of employee training. As soon as the employee entered the credentials into the phishing website, he suspected something was amiss, and he immediately contacted Reddit's IT department to inquire about the incident. As a result, the window of opportunity available to the attacker was reduced, and the damage they could do was limited. 

"The time has come for us to stop looking at employees as weaknesses and instead begin to view their contributions to organizations as the strengths they are or can be," Dudley emphasizes. Technical controls are just a limited part of what organizations can do. Employees can also offer further context for why something does not seem right. 

Slowe, Reddit's account manager, said that, in the follow-up AMA, the employee who was at the center of the Reddit breach wouldn't be faced with a long-term punishment, but all access to the account would be revoked until the problem is resolved. 

As always, the problem is that it takes only one person to fall for something like [a phish], he explained. In this case, Slowe mentioned that he is exceptionally grateful that the employee reported it immediately after realizing it had happened.   

Telehealth Companies Monetizing and Sharing Health Data

These reports come despite company promises to prospective patients that their user data, including information about mental health and addiction treatment, will remain confidential. 

Senators Amy Klobuchar, Susan Collins, Maria Cantwell, and Cynthia Lummis expressed their concern over the protection of patients' sensitive health information by well-known telehealth companies. 

They referenced an investigation by STAT and The Markup that uncovered the deliberate sharing of patient data by telehealth companies with tech giants such as Meta, Facebook, Google, TikTok, Microsoft and Twitter, and other advertising platforms. 

It has been reported that these digital health companies are monitoring and distributing the personally identifiable health information of their clients, including their contact information, financial details, and more. 

“Telehealth…has become a popular and effective way for many Americans to receive care.  One-fifth of the U.S. population resides in rural or medically-underserved communities where access to virtual care is vital. This access should not come at the cost of exposing personal and identifiable information to the world’s largest advertising ecosystems,” the senators added. 

Senators Amy Klobuchar (D-Minn.), Susan Collins (R-Maine), Maria Cantwell (D-Wash.), and Cynthia Lummis (R-Wyo.) recently sent letters to telehealth companies Monument, Workit Health, and Cerebral, inquiring about their data sharing practices. 

“Recent reports highlight how your company shares users’ contact information and health care data that should be confidential. This information is reportedly sent to advertising platforms, along with the information needed to identify users. This data is extremely personal, and it can be used to target advertisements for services that may be unnecessary or potentially harmful physically, psychologically, or emotionally,” the letter reads.

Telehealth involves the provision of healthcare services and information through the use of electronic communication and information technologies. It enables remote patient-provider communication to provide services including consultation, education, monitoring, intervention, and even admission for treatment, overcoming the barriers of distance.

A Nunavut Ransomware Incident Was Not Reported by Qulliq Energy


Despite being locked out of its data in January's cyberattack, Qulliq Energy Corp. did not use the word, ransomware to describe what took place. 

A cyberattack that targeted QEC on January 15 was discovered, and QEC announced that it had fallen victim to it the previous month. QEC's information technology, such as the email system, billing, and payroll database, was impacted by the large cyberattack. However, no operating technology, such as the power plants' infrastructure, was affected. 

QEC's vice president of operations and engineering Bill Nippard explained that there are several levels of cyberattacks, and the level of these attacks can vary greatly. Sometimes, they steal data from you, and other times, they simply lock your data out of your computer and encrypt it.   

However, as far as the data is concerned, the team at QEC does not believe there has been any adverse impact on their data from this incident. This is still under investigation as they mentioned. 

During an interview with Nippard about the nature of the attack, he expressed that the investigation was still at an early stage. He was not sure if it was the former or the latter when QEC was cut off from its system and its data was encrypted. 

Nipard mentioned that they have encountered that type of cyberattack in this case, but it is quite early in the investigation stage. Many details need to be sorted out. 

As it turns out, it is very difficult to determine if this is a ransomware attack. This is because if the former had occurred if the former were the case, the GN would have been subjected to a cyberattack for the second time in more than three years. 

GN's entire IT system was hacked in November 2019, which led to a large amount of data breaches. All communities were able to regain core connectivity and applications within the last six weeks after being taken out of service. It was not affected since QEC is not part of the GN's information technology system, so the public utility was spared.  

A government report has reported that the department of community and government services alone had to spend more than $5 million to resolve the problem resulting from the 2019 attack. The recovery process involved replacing more than 1,400 workstations as part of the recovery process. It has been reported by Microsoft that more than 5,500 devices have been affected by the vulnerability. This is the company that was hired by the government to help rebuild the network. 

In light of the detailed information that is available, QEC is unable to comment on the details of the cyberattack, Nippard replied. He was asked directly if the cyberattack was, according to his description, a ransomware attack. 

The process may be similar to a knot that has been tangled very tightly if you understand me. Taking the time and being patient is something that takes a lot of effort. There is likely to be a little bit of time involved in getting to the bottom of this, but it will be well worth it in the long run. 

Nippard said that even though QEC operates independently of the government's IT infrastructure, QEC was informed about the lessons learned from the 2019 attack. 

Upon completion of this investigation, he said, there will be lessons learned, which we will share with the GN once the investigation is completed. However, it must be noted that during those three years, there was a lot of change in cybersecurity, cybercrime, and cyber terrorists. 

Quite a few changes have taken place since then, so it is challenging to keep up. Even though it is a continual struggle, it is not going away. 

The Email System Behaves Oddly. 

An employee of QEC attempted to send an email to an external recipient, and after sending it, Nippard says the issue was discovered during an investigation. During the past few weeks, however, Nunatsiaq News first reported a malfunction with the email system, as per the report. CBC News reported that Nippard's email system began behaving strangely almost as soon as he sent the email, citing that the system denied sending the email. 

There was a point where the employee communicated with the IT team at the company. The IT team began an investigation and shut down the network and the entire system within the company, believing that there had been some kind of cyberattack. 

As a result of the cyberattack, Nippard did not provide any information on whether or not QEC is still locked out because of the incident. Despite that, the interviewer made sure to emphasize several times throughout the interview that there had been no impact on any customer data. 

He said that as soon as QEC and its customers are sure that there is no safety risk, he would not plan to unlock anything until he is 100 percent sure there is no safety risk. 

The power systems continue to operate normally. The company advises all of its customers to continue to keep an eye on their financial card information and their credit card statements. This will enable them to avoid any unforeseen situations.

Zero Trust Cybersecurity Protocols Slow Companies to "Mask Up"


There is only one way to find out if you can trust someone, and that is by trusting them, according to Ernest Hemingway, considering that most organizations follow zero trust policies, which were developed nearly two decades ago by John Kindervag. These policies are now the default behavior. This is not a wise piece of advice for network security. As a result, we have seen an increase in the number of cases of infection due to the Coronavirus pandemic and remote work. 

Despite this, companies are a bit slow to adopt zero trust when it is about protecting against malware and data exfiltration. By 2026, Gartner has predicted that only 10% of large enterprises will have in place a zero-trust program that is mature and measurable by the end of this decade. 

Currently, less than 1% of organizations have automated their systems with zero trust. This is according to a consulting firm. It was reported that despite zero trust is a critical strategy for reducing risk for most organizations, few had implemented the system. 

The end of Implicit Trust is Here 

In his latest commentary for Gartner's VP Analyst Series, John Watts, VP Analyst at Gartner, said that many organizations have established their infrastructures with implicit rather than explicit trust models to facilitate access and operation for workers and workloads. 

John added that in the context of zero trust, the main risk that many companies face is the possible use of implicit trust by attackers. This can give them a competitive advantage over customers. In addition, damage can be limited by segmenting access to a network. It allows the attack to have a lesser impact on resources and systems during an attack. 

When spyware or other malware is infected into an environment through a vendor's software installed within it, the damage caused can be limited to a small segment of trusted applications within the environment. 

It is pertinent to note that implicit trust refers to workloads and devices that rely on limited factors when authorizing devices, workloads, and accounts. This includes requests originating from a local IP address behind a perimeter firewall. 

Explicit trust refers to when devices, workloads, and accounts for access need to be authenticated and authorized in a way that takes into account more context (e.g., location, time, posture, successful multi-factor authentication), Watts explained. 

The Engine Should Have (or not have) a Zero-Trust Policy. 

A zero-trust framework, including zero-trust software, under which zero-trust operations can be implemented, should be able to do the following: 

  • Several services and applications are created for extended workforces that are vulnerable to exploits and scan attacks that can be identified and prevented. 
  • As an alternative to allowing open connections on a network, you should limit access to specific network resources to prevent malware from moving laterally. 
  • Developing an access management “engine” based on risk and trust is critical to controlling access. 
These engines are based on analytics built on things such as account activity, the identity strength of the user, device attributes, and several other parameters to calculate a risk score in near real-time from real-time data. A risk score higher than a certain threshold could trigger an action such as isolating a device, enabling a second factor of authentication, or suspending a user's account. This depends on what level of risk that is. 

Moveable firewalls 

Rather than implementing one large perimeter around resources like the traditional firewall model, zero trust implements many smaller perimeters. As Watts pointed out, zero trust is not the only method by which one can reduce risk. There is an imperative aspect of scope which is to ensure that not everything can be controlled by a set of zero-trust procedures. In general, legacy systems, such as mainframes, are excluded from zero-trust architectures, and this is the case for public-facing applications used by citizens and consumers. 

Sadly, Gartner analysts also warned that the majority of cyberattacks through 2026 will focus on areas not covered by zero trust controls. This is because these attacks cannot be mitigated by these controls. Due to API threats, this problem has arisen. Watts said that some threats could be encountered during zero trust implementation, such as insider attacks and account takeovers. He said that advanced analytics would help organizations mitigate the threat posed by this threat. 

A Threat Stream of APIs: Islands of Danger

In addition, Gartner forecasted earlier this month that by 2023, the total cost of computing around the globe will reach $4.5 trillion. As a result, this has resulted in a growth of 2.4% compared to 2022, though it is slightly lower than the 5.1% growth forecast for the previous quarter. 

According to the firm, less consumer purchasing power and lower device spending will contribute to a continued rise in overall enterprise IT spending. This is even as inflation continues to erode consumer purchasing power. 

Cyber Thieves Target Retirement Accounts

Data security has become a priority for tax returns, credit cards, and other conventional targets of cyber criminals. Online thieves have recently been targeting employer retirement plans and the accounts in the plans. 

Data security at retirement plans varies, and there are numerous ways to breach it. Cybercriminals seek to exploit each plan's weakest link. 

In one of the instances, a retiree at a large employer recently discovered that his monthly pension cheque was not deposited on time. He got in touch with the retirement administrator, who, after some investigations discovered that the specified bank account for the contribution had been altered. 

The retired person did not alter the account. Instead, the request was made by an unidentified party. An employee of planning processed the change request since it was relevant and accurate. 

Fortunately, neither the retiree nor the plan lost financially. The payments were abruptly terminated, and the retirement account was changed from a payment method to a depository. After a brief investigation, the plan administrator found that change requests had been made for several other retirees, all of which were being paid to the same bank account. 

By monitoring his accounts carefully and noting that his monthly payment was not deposited on the usual day of the month, this retiree was able to avoid becoming a victim of cybercrime. He further got in touch with the administrator right away to make sure the modification did not happen. 

Methods Used by Hackers 

There are several methods used by threat actors in order to steal from retirement plans and accounts. 

  • One of the tactics used is the conventional method of accessing an email system. Cybercriminals may as well use “phishing” emails in order to deceive an employee or retiree into exposing access information.

Phishing attacks generally include threat actors sending an email to the target key employee or retiree and posing as a legitimate corporate employee (often a high-level executive) or a third-party vendor. 

The fraudulent email asks for specific information and, in the case of several employees or retirees, may request a list of personal information. Sensitive information can be given to criminals via email if the recipient is not watchful. 

  • Another method used by cybercriminals is purchasing personal details about the retirement account owners via the dark web and utilizing the data in order to access the retirement account. 

Whatever the method be, if cyber thieves get access to the data, they can utilize it to log into the account of a retiree or employee and reroute payments or disbursements. 

How to Protect Yourself 

  • One way to secure your data is to make yourself aware of the security measures of retirement planning. In particular, how to verify the validity of each request for an account change. What does it do to verify the identity of the user? Is two-factor authentication used before an account can be accessed or changed online?
Of course, none of the data security precautions are effective if online criminals make modification requests on paper. Thus, after confirming the accuracy of the information on the paper request, the user may inquire as to whether the plan administrator takes any further actions. 
  • Setting up your own personal cyber security procedures is another strategy to safeguard oneself. According to security professionals, most of the user's personal data is available for sale on the dark web. This makes it important to keep the information as secure as possible. 

This could be made possible by following precautions such as not sharing their Social Security number and other important information unless it is necessary. 
  • Keep a check on your accounts on a regular basis. If the deposit is due on a certain day, make sure deposits have been made by checking your accounts around that time each month. The plan administrator should be contacted if the deposit is not made. 
  • Moreover, log in to your account in order to monitor any suspicious activity. You may as well look for any unauthorized changes and transactions. Lastly, make sure that your address, beneficiary, and other details have not been changed.  

Ransomware Attacks Declined by 61% But Organizations Must Remain Vigilant


Despite WannaCry infecting thousands of PCs worldwide in 2017, ransomware has always remained one of the biggest threats to corporations worldwide. There is, however, new research that indicates that this persistent threat may be on the decline.  

Privileged access management (PAM) provider Delinea, in partnership with Censuswide, has released the 2022 State of Ransomware Report, a comprehensive study of the latest forms of ransomware. There was a survey of 300 U.S.-based IT decision-makers conducted by the research firm, and results showed that only 25% of companies had been affected by ransomware attacks over the last calendar year.  

This represents a 61% decline in incidents of theft from organizations over the last 12 months when 64% of organizations reported being victims in that period. Additionally, according to the report, the number of companies that paid ransoms decreased from 82% at the beginning of the study period to 68% at the end of the research.  

The fact that these attacks are still common enough to cause serious data breaches is encouraging news for enterprises. However, security leaders cannot afford to become complacent in the face of attacks. 

Ransomware: Why organizations should not be complacent  

However, organizations should not relax their security precautions, although ransomware attacks appear to be declining. As ransomware breaches cost an average of $4.5 million, this is particularly significant when there is potential for an increase. 

According to Joseph Carson, chief security scientist and advisory CISO at Delinea, ransomware remains a significant concern and a threat to any organization. He further continued that they saw some signs of complacency in the survey research. This could be a sign that ransomware will be on the rise in 2023. 

An example of complacency is the decline in the number of organizations that include incident response plans, which is one of the signs of complacency. As a result, this number dropped from 94% to 71%. These circumstances may make it less likely for these companies to be able to respond to data breaches effectively. This may give threat actors more opportunities to steal critical data assets from these companies. 

Actions to be taken proactively

Rather than succumbing to complacency, organizations should remain prepared while continuing to invest time, money, and effort in proactive security solutions to prevent breaches.  

The key to protecting networks and systems from these types of attacks is making organizations more proactive about cybersecurity. This is especially true in areas where they are most vulnerable, such as identity management and access controls.  

In Carson's view, the most pertinent aspect of this concerns adopting and enforcing the principle of least privilege and employing multifactor authentication (MFA) and password vaulting to decrease enterprises' vulnerability to ransomware attacks.  

Furthermore, other measures can be taken to mitigate additional risks including frequent data backups, comprehensive incident response plans, and investing in cyber insurance policies.

Train Platform RailYatri Again Suffered a Breach

On Wednesday, Train ticketing platform RailYatri released its statement in which it confirmed that the platform suffered a data breach in December 2022. The confirmation is coming after the Railway Ministry denied such an attack and also remarked that no user data has been sold on the dark web leaked from the Railways’ side. 

Reportedly, as a result of the breach, over 30 million users’ data have been sold on malicious sites including phone numbers, email addresses, house addresses, city, etc. Nevertheless, in 2020, RailYatri suffered a similar attack which targeted 7,00,000, users. 

“We observed a security breach in our system on December 28, 2022, we quickly established the source of the breach and fixed it within a few hours. Some RailYatri registered user information limited to age, email, preference city, and phone numbers may have been viewed by unauthorized individuals. No other sensitive customer information has been compromised. We have reported the incident to the government authorities and are exploring legal steps to be taken,” a RailYatri spokesperson said. 

Following the incident, the platform further reported that the platform is constantly investigating the attack with the Indian Computer Emergency Response Team (CERT-in) and also auditing its security systems against further security threats. 

“Our platforms have proper authorization and authentication in place and access to the applications is through HTTPS and servers are behind firewalls which can be accessed through VPN only by authorized teams,” the platform further added. 

Also, when the incident was reported to the authorities on December 28, the Railway Board did not name RailYatri when it confirmed the attack on December 30 denying that data were stolen from IRCTC. Along with this, all IRCTC business partners including reselling platforms like RailYatri have been instructed to evaluate their systems. 

The government has already proposed its bill in the parliament which was named the ‘Digital Personal Data Protection Bill, 2022’ to take strict actions against a data breach, however, the law is yet to be passed.

UAE's Sincere Efforts to Combat Cybercrime


The Abu Dhabi Judicial Department (ADJD) held an awareness-raising lecture on "Cybercrime and its Dangers to Society" in conjunction with "Majalis" Abu Dhabi at the Citizens and Community Affairs Office of the Presidential Court as part of its initiatives to foster legal awareness among the constituents of society in order to ensure their protection and to shield them from the risks conveyed by crimes involving the use of contemporary technologies and social media. 

The lecture, delivered by Chief Prosecutor Dr. Abdulla Hamad Al Mansouri, covered the nature and definition of cybercrime, the risks of cyber-extortion, and the legal sanctions. The lecturer also concentrated on the reasons and circumstances that cause members of society to fall victim to cyber-extortionists and provided a number of useful examples drawn from actual prosecution cases. 

In accordance with the terms of Federal Decree-Law No. 34 of 2021 on Combating Rumors and Cybercrime, Dr. Al Mansouri covered the dangers linked with the exploit of social media networks and the responsibility of users. On January 2, 2022, the Federal Decree Law No. 34 of 2021 on Combating Rumors and Cybercrimes went into effect.

It aims to increase protection against online crimes committed using networks, platforms, and information technology. Additionally, it aims to protect the databases and websites of the UAE's government, stop the spread of rumours and false information, protect against electronic fraud, and uphold individual rights and privacy. 

The Abu Dhabi Judicial Department has previously drawn attention to the risks posed by cybercrime. In order to ensure the defence and safety of society from crimes utilising modern technologies, particularly through the pervasive use of social media, the ADJD organised two lectures on "Cybercrime and its Risks to Society" in July of last year. One occasionally comes across news of people who fall prey to online predators or scammers; even children are a target of these crimes. 

The Dubai Police General HQ has urged the public to use social media platforms responsibly and to be on the lookout for online scammers and cybercriminals. These statements were made by Expert Major General Khalil Ibrahim Al Mansouri, Assistant Commander-in-Chief for Criminal Investigation Affairs at Dubai Police, as he discussed Operation "Shadow," which was carried out nearly three years ago and resulted in the arrest of 20 African gangs for extortion crimes against social media users and for blackmailing and cyber extortion. He added that the police had detained a married couple who had fooled users of social media by pretending to be a domestic helper recruitment agency. 

The world's largest trade fair for safety, security, and fire protection, Intersec 2023, will take place over 47,000 square metres at the Dubai World Trade Center from January 17 to 19, and the Dubai Electronic Security Centre (DESC), which works to ensure the emirate becomes a leader in cybersecurity and the protection of information from external cyber threats, has been named the official government partner. 

At Intersec's Cyber Security sector, specialists in the public and private sectors, national leaders, advisors, economists, and corporate buyers will be present. According to Dr. Bushra Al Blooshi, Head of Research & Innovation at DESC, "Given the rapidly developing technology of today, cybersecurity is an absolute necessity for businesses, especially with remote working culture and digital transformation."

Best Cybersecurity Practices to Instill in Your End-Users

Recently a study has been done on password reuse threats and it was discovered that password reuse is a big security threat to companies worldwide since 64% of people continue to use passwords that have been exposed in a breach. 

As we are spending a large amount of our time online, working from our own systems,  we also end up sharing our personal data over the internet since we are becoming more reliant on it for our daily services. 

It has become extremely important to protect our sensitive data from cybersecurity threats. Poor password hygiene by end-users can put your organization at great security risk, and also make your company’s sensitive data vulnerable to cyber-attack. 

To prevent cybersecurity attacks the company should start a defense mechanism that starts with educating employees. The security awareness program should include phishing and social engineering, access, passwords, connection, device security, physical security, etc. 

Cybersecurity awareness training will help employees to become more aware, and knowledgeable against the latest cybersecurity threats targeting end-users. 

There are various ways to protect your system but these 5 security practices are indispensable to prevent cybersecurity threats and to train your employees. 

 1. Don’t leave information unprotected 

The company should encourage employees to lock their systems when they are not around. Leaving your screen unlocked could increase the risk of someone viewing or accessing important data. 

2. Enforce password policy compliance 

It should be mandatory for employees to comply with the password policy rules of the organization. The organizations should enforce length and complexity and also make sure that the password should be blocking over 3 billion known breached passwords. 

3. Utilize MFA whenever possible 

The implementation of multifactor authentication (MFA) should be mandatory for end-users logging into work apps by the organization, and also changing, and resetting their passwords from time to time. 

4. Use a password manager 

Password manager is not only recommended to the end-user but to utilize shared vault features to prevent insecure password sharing among other employees. 

5. Data Privacy and Storage Policies 

Encouraging employees for data storage best practices, as well as implementing a zero-trust framework in your organization, ensures none of your end-users are unknowing putting your data at risk.

The 5 Most Common Types of Trojans You Should Know About


Cybercriminals create more complicated and diverse methods of obtaining sensitive data as we become more dependent on technology and entrust it with more of our personal information. There are many different types of harmful malware, including Trojan Horses. But there are various varieties of this malware. Trojan Horses come in a variety of forms and are created for various purposes. 

What are the most typical Trojan types that you should be on the lookout for? Let's quickly review what Trojan Horses are before we look at the various types of them.

The Odyssey, a work of Homer's from classical Greece, is where the phrase "Trojan Horse" first emerged. The city of Troy receives a large wooden horse as a gift, but the recipients have no idea that soldiers are concealed inside the animal. The soldiers can invade when the horse enters the city.

Similar to the original, a Trojan Horse program conceals itself in otherwise defenseless software. For instance, you might believe that an app is safe to download and install, but the developer may have added a Trojan to the program. Once the program has infected your device, it can be used for a variety of illegal activities, including remote control, data theft, and activity monitoring.

Different Trojan Types:

It's crucial to be aware of the various Trojan Horse types so you can better protect yourself.

1. Downloader trojans

The operation of downloader Trojans requires an internet connection. When a device is infected by the Trojan, it does not do anything until an internet connection is made, at which point it can download more malicious software to aid the hacker in their attack. On the infected device, this type of Trojan can also start up malicious software. They serve as a kind of opening salvo in the assault, giving the hacker a firm grip on the target.

2. Rootkit Trojan

Software tools called rootkits are utilized for remote administrative access. Frequently, unauthorized remote access serves as a launchpad for a cyberattack. The attacker can exploit the infected device by performing a variety of different tasks with administrative access provided by a rootkit Trojan. A cybercriminal might, for instance, run another malicious programme, steal confidential login information, or listen in on personal communications.

3. Fake Antivirus Trojans

False antivirus Trojans, as their name implies, pose as antivirus software. In this way, the victim will believe the programme is keeping them safe when the reality is completely the opposite. Even though the programme may try to trick you by imitating antivirus functions, its true objective is exploitation. By intimidating the user into purchasing additional security measures, such software defrauds them of their money.

4. Banking Trojans

Banking data is the main focus of banking Trojans. In the world of cybercrime, bank credentials are a highly sought-after type of data because they can give attackers direct access to a victim's money. This type of information is frequently traded on the dark web, where criminal enterprises will pay hackers to gain access to their stolen information. Banking Trojans frequently target the websites of financial institutions.

5. Game-Thief Trojans

An attacker can obtain the victim's banking credentials when a banking Trojan is downloaded onto the victim's device. Banking Trojans can assist the attacker get past two-factor authentication barriers in addition to login credentials, which is a security measure that many people use to protect their online bank accounts.

Game-thief Trojans, also known as "gaming Trojans," are used to hack into gaming accounts and steal personal data. There are currently millions of online gaming accounts, giving cybercriminals a market for data theft. When the Trojan gains access to important data, it will then send that information to the attacker. For instance, a user's Steam account might be targeted in order to gain access to payment data or steal virtual goods.

Trojan horses are so adaptable that they put internet users at risk in various ways, making it challenging to avoid them. But you can more effectively avoid Trojan Horses and protect yourself and your data by being aware of the risks and using extra caution when using your devices.

Twitter 400 Million User's Details Up for Sale

Recently, the threat actor, "Ryushi", allegedly reported having stolen data from Twitter, including details of some famous celebrities worldwide. He is demanding $200,000 (£166,000) to hand over the data back.

According to the data, the hacker stole email addresses, and phone numbers belonging to celebrities and politicians, however, the size of the hack has not been confirmed yet. 

The UK Information Commissioner's Office (ICO) reported, "We are engaged in dialogue with Twitter's data protection officer and will be making inquiries on this matter. The firm is also Co-operating with the Data Protection Commission of Ireland”. 

Following the appearance of the news, Ireland's Data Protection Commission (DPC) reported that “the agency will examine Twitter's compliance with data protection law in relation to that security issue". However, Twitter did not make any public statement about the hack. 

As per the Guardian,  the data of US Congresswoman Alexandria Ocasio-Cortez was included in the sample of data that was made public by the hacker. Also, the Twitter handle of broadcaster Piers Morgan was recently hacked and is also reported to be included in the sample. 

Only 60 emails out of the sample of 1,000 have been provided by the threat actor in the earlier incident, "so we are confident that this breach is different and significantly bigger", said the firm's chief technology officer, Alon Gal. "The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings." 

The threat actor is well aware of how damaging data loss can be for platforms. The hacker in the online post demanding money for the stolen data, also warns Twitter that it is the best chance of avoiding a large data-protection hack. 

"The DPC has engaged with Twitter in this inquiry and will examine Twitter's compliance with data protection law in relation to that security issue," DPC further said. 

Five Different Passive Attacks that are Simple to Miss


The most lethal strikes can occasionally be subtle attempts to subdue you all at once. Ironically, the most damaging assaults are those that wait patiently in the shadows until it is too late for you to take any action. The aim of passive attacks is to observe your behavior, and occasionally take your personal information, but never change your data. 

Define passive attack 

A network assault known as a passive attack involves monitoring and occasionally scanning a system for open ports and vulnerabilities. A passive attack doesn't directly harm the target; instead, its goal is to learn more about the system that is the target. 

Both active and passive reconnaissance are considered passive attacks. The term "reconnaissance" is derived from the military and describes the process of entering enemy territory to gather intelligence. Reconnaissance is the process of examining a system or network to acquire information before to launching a complete attack in the context of computer security. 

The following characteristics distinguish these two types of attacks: 

Active reconnaissance - The hacker interacts with the target system to learn about its weaknesses. To find out which ports are open and what services are operating on them, attackers frequently utilize techniques like port scanning. 

Passive reconnaissance - Without interacting, the intrusive party scans the system for vulnerabilities with the sole intent of learning more. The attacker frequently keeps tabs on a user's web session before using the data they gather to launch a subsequent attack. 

Passive assault forms

There are several types of passive attacks, including the following: 

Traffic analysis - In order to do this, network traffic going to and coming from the target systems must be examined. The patterns of communication transferred over the network are analyzed and deciphered by these assaults using statistical techniques. These attacks can be carried out on network traffic that is encrypted, but unencrypted traffic is more frequently the target of them. 

Eavesdropping - When an attacker listens in on phone conversations or reads unencrypted messages sent via a communication means, it is called eavesdropping. Snooping is comparable to eavesdropping, however, it can only access data while it is being transmitted. 

Wardriving - Wardriving is the practice of cruising around looking for unsecured wireless local area networks (WLANs) to access WiFi or personal data. Another name for it is access point mapping. WLAN-using businesses can avoid intrusions by implementing wired equivalent privacy (WEP) protocols or purchasing a reliable firewall. 

Dumpster diving - Dumpster diving is the practice of searching through trashed documents or deleted files on a person's or an organization's system in the hopes of discovering private data, such as passwords or log-in credentials. 

Packet sniffing - Here, the attacker sets up hardware or software to keep an eye on all data packets traveling over a network. Without interfering with the exchange process, the attacker keeps an eye on data traffic. 

How to defend yourself from passive assaults 

We now have a number of choices thanks to advancements in cybersecurity that will help prevent passive attacks. Here are a few tried-and-true defenses against passive assaults: 

Utilize an intrusion prevention system (IPS): IPS works by spotting and preventing unwanted port scans before they are fully completed and can inform intruders of all of your ports' vulnerabilities. 

Use encryption to protect sensitive data: Symmetric or asymmetric encryption can make it much more difficult for anyone attempting to access your data from the outside. To keep outsiders and intruders out of your data, encryption functions as a locked gate. 

Invest in a strong firewall: Firewalls monitor and regulate network traffic, preventing unauthorized users from using the network's resources. 

Keep private any critical information as much as you can: Do not enter your log-in information over a public network or share sensitive information online.