Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Concerns. Show all posts
Software
Cyber Attacks CyberCrime Cybersecurity Cyberthreart Google Mandiant Scam Alarms Security Concerns Software

North Korea’s Innovative Laptop Farm Scam Alarms Cybersecurity Experts

 


A group of software engineers, many of whom secretly work on behalf of North Korea, has infiltrated major U.S. companies, many of which are Fortune 500 companies, by masquerading as American developers to obtain money from them. This has been confirmed by a coordinated investigation conducted by the U.S Treasury Department, State Department, and the FBI. This elaborate deception, which has been performed for several years, has allowed North Korea to generate hundreds of millions of dollars in revenue every year. 

It has been reported that these operatives, embedded within legitimate remote workforces, have been sending their earnings back to Pyongyang so that they will be used to finance Pyongyang's prohibited weapons of mass destruction and ballistic missile programs. National security officials and cybersecurity experts alike are both alarmed by the scale and sophistication of this operation. Because it represents a massive manipulation of the global digital economy to finance a sanctioned regime's military ambitions, it has raised serious security concerns. 

As detailed in a recent report published by Google's Mandiant division, this North Korean operative pursued employment opportunities within high-level sectors whose security has been deemed especially sensitive, including defence contractors and government agencies within the United States. Apparently, the individual was engaged in a sophisticated pattern of deceiving recruiters, using fabricated references and cultivating trust between recruiters, as well as using alternate online personas as a means to reinforce their legitimacy, as reported by the investigators. 

The case illustrates a more extensive and persistent threat that Western organisations have faced over the years—unwittingly hiring North Koreans under false identities as freelancers or remote workers. As a consequence, these operatives, often embedded deep within corporate infrastructures, have been implicated in a wide range of malicious activities, including intellectual property thefts and extortions, as well as the planting of digital backdoors that can then be exploited at a later date. 

In addition to the illicit earnings from these operations, North Korea also generates revenue through forced labour in Chinese factories, cigarette smuggling, and a high-profile cryptocurrency heist, all of which contribute to North Korea's strategic weaponry programs. Consequently, U.S. authorities have increased their efforts to break down the infrastructure that enables these schemes, raiding laptop farms, issuing sanctions, and indicting those involved. 

It has been noted by Mandiant researchers that North Korean cyber activities are expanding across Europe, indicating that both the scope and scale of the threat have increased considerably over the past few years, with the primary targets remaining U.S.-based companies. There has been a long history of exploiting platforms such as Upwork and Freelancer to pose as highly skilled developers who specialise in fields such as blockchain technology, artificial intelligence, and web development to gain unauthorised access to sensitive corporate environments. 

Besides the fact that North Korea wanted to collect wages illegally from Western companies, there were many other reasons why they infiltrated them. In addition to gaining access to and exfiltrating sensitive internal data once they were embedded in corporate networks, these operatives also had access to and stole proprietary business data, proprietary intellectual property, and confidential communications. It has been proven that this activity is related to both the pursuit of financial gain through ransomware operations as well as the pursuit of state-sponsored espionage objectives. 

Several confirmed incidents have taken place involving North Korean employees who were caught covertly downloading and sending internal company files abroad to unauthorised locations, exposing the organisation to significant security breaches as well as potential financial liabilities. As an incident response manager for cybersecurity firm Sygnia, Ryan Goldberg provided further insights into the scale and sophistication of these operations.

During Goldberg's analysis of a laptop seized from a single such operative, he found advanced surveillance tools suited for infiltrating remote work environments, as reported in The Wall Street Journal. As a result of the tools, Zoom meetings could be monitored live, and sensitive data from the employer's system could be extracted silently. There were several things Goldberg noted about the way they were utilising the remote control that he had never seen before, pointing out that the tactics employed were unprecedented. 

It is a clear indication that traditional cyber defences are no longer adequate against adversaries who leverage human access, social engineering, and stealthy digital surveillance in tandem, demonstrating how the threat landscape has evolved over the years. According to FBI officials and cybersecurity researchers, North Korea’s remote work scam is not a disorganised effort but a meticulously coordinated operation involving specialised teams assigned to different stages of the scheme. 

Dedicated units are reportedly responsible for guiding North Korean IT operatives through every phase of the recruitment process, leveraging artificial intelligence tools to craft convincing résumés and generate polished responses for technical interviews. As a result of FBI officials and cybersecurity researchers' efforts, the North Korean remote work scam is not a disorganised scheme, but rather a meticulously planned operation, where teams of experts are assigned to various stages of the scam. 

It is reported that North Korean IT operatives are being guided by dedicated units through every stage of the recruitment process, using artificial intelligence tools to create convincing summaries and composing polished answers for technical interviews, using artificial intelligence tools. As part of these groups, operatives work systematically to embed themselves within legitimate companies, with a particular focus on roles in software development, IT infrastructure, and blockchain technology. 

In the past few years, law enforcement agencies have issued public warnings about the scam, but analysts, including the intelligence chief of DTEX Systems, have seen a disturbing evolution of the scam. It is becoming increasingly apparent that some of these IT workers have begun to attempt extortion from their employers or have given their credentials to North Korean hacking groups as a result of increased scrutiny. 

Once these advanced persistent threat actors gain access to a computer system, they are able to deploy malware, steal sensitive data, and carry out large-scale cryptocurrency thefts. The scam, as Barnhart emphasised, is not isolated fraud, but is instead part of a broader national strategy. The scam is directly linked to state-sponsored hacking groups, digital financial crime, and the funding of North Korean nuclear and ballistic missile programs. 

A large number of these IT workers are reportedly located in call centre-style compounds in Southeast Asia and parts of China, where they are housed. In addition to being under strict surveillance and under intense pressure, their monthly financial quotas are set - initially around $5,000 for each individual - and there is only a small percentage of the earnings that can be used for personal reasons, sometimes as little as $200. Those who fail to meet these targets often face physical punishments or fear being deported back home to North Korea. 

There has been a dramatic increase in these quotas over the past few months, according to Barnhart, with many workers now being required to earn as much as $20,000 per month through any means possible, regardless of whether that means legitimate freelance work or illegal cyber operations such as crypto scams. A review of the internal communications of the workers by investigators has revealed that they are operating in a high-pressure environment. 

Often, workers are comparing earnings, trading tactics, and strategising to increase their monthly income to meet the demands of the regime by boosting their salaries. They frequently share apartments with up to ten individuals, and together they maintain dozens of jobs at the same time, and can sometimes pay over 70 individual paychecks per month under different aliases, often occupying the same apartment. 

In light of the industrial scale of this operation and its aggressive nature, global cybersecurity officials have expressed concerns regarding the threat that North Korea's hybrid cyber-economic campaigns pose to them as a growing threat. It has become increasingly clear that North Korea is infiltrating its workforce through cyber means, and industry leaders and security professionals are urging businesses to adopt far more stringent procedures for verification and internal monitoring of their employees.

In the age of artificial intelligence and social engineering, traditional background checks and identity verification processes are failing to protect organisations against state-sponsored deception campaigns that leverage artificial intelligence and social engineering at large scales. In order to protect themselves against this evolving threat, organisations in critical infrastructure, finance, defence, and emerging technologies must adopt proactive strategies such as advanced behavioural analytics, continuous access audits, and zero-trust security models. 

There is a need for more than just technical solutions; it is critical that all departments—from human resources to information technology—develop a culture of cybersecurity awareness. This North Korean laptop farm scheme serves as a stark reminder that geopolitical adversaries can easily bypass sanctions, fund hostile programs, and compromise sensitive systems from within by exploiting the digital workforce.

Defeating this challenge, however, calls for not only vigilance, but also the implementation of a coordinated global response- one that brings together policy enforcement, international intelligence exchange, and private sector innovation as well as other components that will lead to success against the next wave of cyber attacks.
Read more »
trending news
AI adoption AI news cyberattacks news Security Concerns trending news

AI Adoption Accelerates Despite Growing Security Concerns: Report

 

Businesses worldwide are rapidly embracing artificial intelligence (AI), yet a significant number remain deeply concerned about its security implications, according to the 2025 Thales Data Threat Report. Drawing insights from over 3,100 IT and cybersecurity professionals across 20 countries and 15 industries, the report identifies the rapid evolution of AI, particularly generative AI (GenAI) as the most pressing security threat for nearly 70% of surveyed organisations. Despite recognising AI as a major driver of innovation, many respondents expressed alarm over its risks to data integrity and trust. 

Specifically, 64% highlighted concerns over AI's lack of integrity, while 57% flagged trustworthiness as a key issue. The reliance of GenAI tools on user-provided data for tasks such as training and inference further amplifies the risk of sensitive data exposure. Even with these concerns, the pace of AI adoption continues to rise. The report found that one in three organisations is actively integrating GenAI into their operations, often before implementing sufficient security measures. Spending on GenAI tools has now become the second-highest priority for organisations, trailing only cloud security investments. 

 
“The fast-evolving GenAI landscape is pressuring enterprises to move quickly, sometimes at the cost of caution, as they race to stay ahead of the adoption curve,” said Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research. 

“Many enterprises are deploying GenAI faster than they can fully understand their application architectures, compounded by the rapid spread of SaaS tools embedding GenAI capabilities, adding layers of complexity and risk.” 

In response to these emerging risks, 73% of IT professionals reported allocating budgets either new or existing towards AI-specific security solutions. While enthusiasm for GenAI continues to surge, the Thales report serves as a warning that rushing ahead without securing systems could expose organisations to serious vulnerabilities.
Read more »
Security Concerns
CyberCrime Cybersecurity Darkweb Data Breach Jaguar Land Rover Security Concerns

Major Data Breach at Jaguar Land Rover Raises Security Concerns



It has been revealed that a cybercriminal, described as "Rey" on the dark web, has publicly claimed responsibility for a substantial cyberattack that occurred against Jaguar Land Rover over a period of two months. The disclosure was made on a well-known dark web forum, in which the threat actor alleged that he had breached the company's internal systems. 

There has been a report that Jaguar Land Rover, a British automobile manufacturer that specializes in luxury and off-road vehicles, has been experiencing a data breach. This has resulted in the exposure of significant amounts of internal company data which has been kept secure. There are still unclear details regarding what kind and how much data was compromised, but cybersecurity experts are closely monitoring the situation to see what happened next. 

Despite the ongoing challenges facing large corporations concerning cybersecurity, the incident underscores the growing threat posed by threat actors operating on the dark web, which is of increasing concern. A thorough investigation into the breach is expected to provide further insight into the impact of the breach and any potential security vulnerabilities that may have been exploited. A cyber-attack, believed to have occurred in March 2025, has resulted in approximately 700 confidential Jaguar Land Rover documents becoming exposed as a result of the cyber-attack, according to reports. 

These documents include critical development logs, tracking records, and proprietary source codes that have been exposed as part of the hack. It is extremely risky for Jaguar Land Rover to have such sensitive information exposed to unauthorized parties, as it could provide competitors and malicious actors with strategic insights which could adversely affect the company's competitiveness in the automotive industry, potentially compromising the company's position in the marketplace. 

In addition to the breach affecting a large employee dataset, the breach exposed a considerable amount of personally identifiable information about the employees, including their usernames, email addresses, display names and time zones. As a result of this data leakage, serious security concerns are raised, as it increases the probability that impacted employees will be subjected to identity theft, phishing scams, and other targeted cyber threats. 

Considering how sensitive corporate and employee information is, this incident emphasizes the need for enhanced cybersecurity measures to reduce potential risks and safeguard crucial information. There is a possibility that Jaguar Land Rover will suffer significant repercussions from this cybersecurity incident, potentially compromising the company's competitiveness in the automotive industry as a result. By divulging confidential internal documents, competitors might gain valuable insight into the company's proprietary technologies, strategic initiatives and plans by reviewing these documents. 

The unauthorized access could result in JLR losing its competitive edge in a highly competitive industry where innovation and intellectual property are critical to success. This breach of security also raises serious concerns about the security of employees. The leaked dataset, which contains personal identifiers such as usernames, emails, and time zones, exposes individuals to the risk of cyberattack by revealing such information. 

Employees should exercise enhanced vigilance to protect themselves from phishing attempts, identity fraud, and other types of targeted attacks that exploit compromised credentials at this time Jaguar Land Rover has not made an official statement regarding the breach at this time. Even though there is still no clear information about the company's response strategy and remediation efforts, an internal investigation is planned to determine the extent of the attack and to identify security vulnerabilities. 

To prevent future breaches of cyber security, cybersecurity infrastructure must be strengthened as well as additional protective measures implemented. In response to the data exposure, employees affected by the breach are encouraged to take immediate precautionary measures, including updating their passwords and turning on two-factor authentication, as well as exercising caution when responding to unsolicited emails or messages. 

The automotive sector is facing increasing cybersecurity challenges due to the increasing connectivity of modern vehicles and the increasing dependency on advanced software systems. This breach highlights these challenges. Organizations need to implement proactive security strategies to secure sensitive corporate data and mitigate the risk posed by evolving cyber threats to prevent data losses.

A critical part of determining the long-term consequences of this incident is going to be the way stakeholders monitor Jaguar Land Rover's response, as well as any potential law enforcement action that may occur. Moreover, the exposure of Jaguar Land Rover's development logs and source code will present a long-term security risk that could negatively affect the integrity of the company's products and intellectual property. 

By obtaining access to such critical information, threat actors might be able to exploit system vulnerabilities in the future, which could lead to security concerns and competitive disadvantage in the future. Also, there are significant legal and reputational risks involved in the compromise of employee data, particularly regarding data privacy regulations. It has been suggested that the company might be exposed to legal scrutiny if it discloses sensitive personal information without permission and erodes stakeholder trust as a result. 

When organizations experience such an incident, they usually begin a comprehensive investigation to determine the extent to which the breach occurred and implement remediation measures based on the findings. It is often necessary for affected employees to be notified, cybersecurity protocols are strengthened, and law enforcement agencies are consulted to identify the perpetrators and prevent future attacks from occurring. The incident highlights the increasing cybercrime threats to large multinational corporations. 

Cybercriminals are continually evolving their tactics as technology advances, which requires organizations to constantly adjust their security strategies to mitigate the new threats that are emerging. Cyberattacks continue to target companies entrusted with sensitive and valuable information, often motivated by financial incentives or the desire to gain fame or recognition. There has been an increase in scrutiny regarding Jaguar Land Rover's data protection practices following the breach. 

The situation demonstrates just how difficult it can be for businesses to safeguard the information they have about their employees and their companies against persistent cyber threats. In the meantime, industry experts and cybersecurity experts will continue to watch for further developments closely until an official statement is issued. The event also raises concerns relating to the effectiveness of existing cybersecurity frameworks and the necessity for continuous investments in advanced cybersecurity measures.

To enhance corporate resilience against cyberattacks, companies need to raise employee awareness, implement cutting-edge security technologies, and adopt a proactive strategy to combat threats. As the situation unfolds, attention will be directed toward Jaguar Land Rover’s response strategy and the steps taken to address any vulnerabilities that may have contributed to this security breach.
Read more »
Security Concerns
Chinese-made surveillance cameras Cyber Security cybersecurity risks Dahua data vulnerabilities Hikvision National Security NATO alliance Romanian military sites Security Concerns

Security Concerns Arise Over Chinese-Manufactured Surveillance Cameras Deployed at Romanian Military Locations

 

A routine procurement made by the Romanian military on January 16 for surveillance equipment manufactured in China has sparked concerns regarding national security implications.

Valued at under $1,000, an employee of the Romanian Defense Ministry purchased an eight-port switch and two surveillance cameras from Hikvision, a Chinese company with purported ties to the Chinese military. Notably, both the United States and Britain have blacklisted Hikvision due to identified data and security vulnerabilities.

Although there is currently no evidence of breaches at the Deveselu military base, an investigation by RFE/RL's Romanian Service revealed that Hikvision and Dahua, another Chinese company partly owned by the government, supply surveillance equipment to at least 28 military facilities and numerous other public institutions involved in national security across Romania.

While Romanian authorities assert that the equipment is used in closed-circuit systems without internet connectivity, experts argue that vulnerabilities in firmware could still pose risks, enabling remote access, data interception, and network attacks. Despite these concerns, Romania does not impose restrictions on the use of Hikvision or Dahua equipment, unlike some NATO allies such as the United States and Britain.

Both Hikvision and Dahua refute allegations of being security risks and claim to promptly address vulnerabilities. However, critics like Romanian parliament member Catalin Tenita argue that existing legislation could justify banning these companies' products.

The Romanian Defense Ministry maintains that its surveillance systems are secure, emphasizing strict testing and evaluation procedures. Similarly, the Deveselu Naval Facility, operated by U.S. forces, declined to comment on Romanian military purchases but emphasized their commitment to regional security.

NATO, while not formally banning third-country equipment, encourages vigilance against potential security risks. Secretary-General Jens Stoltenberg cautioned against reliance on Chinese technology in critical infrastructure, echoing concerns about Hikvision and Dahua's involvement.

Despite assurances from Romanian authorities, the history of vulnerabilities associated with Hikvision and Dahua equipment raises concerns among experts. Romanian institutions, including law enforcement and intelligence agencies, defend their procurement decisions, citing compliance with national legislation and technical specifications.

Some Romanian lawmakers, like Senator Adrian Trifan, advocate for further investigation and scrutiny into the prevalence of Hikvision and Dahua equipment in national security sites, underscoring the need for immediate clarification and review of procurement procedures.
Read more »
Security Concerns
Cyber Security Default End-to-End Encryption Facebook messenger Meta Security Concerns

Meta Rolls Out Default End-to-End Encryption on Messenger Amid Child Security Concerns

 

Meta Platforms (META.O) announced on Wednesday the commencement of the rollout of end-to-end encryption for personal chats and calls on both Messenger and Facebook. This heightened security feature, ensuring that only the sender and recipients can access messages and calls, is now immediately available. 

However, Meta acknowledges that the process of implementing default end-to-end encryption may take some time to be fully carried out across all Messenger accounts. While users previously had the option to activate end-to-end encryption for individual messages, Meta's latest update aims to establish this advanced privacy measure as the default setting for all users. This signifies a noteworthy enhancement in safeguarding user data. 

Privacy Safety Issues 

In introducing encryption, Meta emphasized that the content of messages is now inaccessible to everyone, including the company itself, unless a user opts to report a message, as mentioned by Loredana Crisan, the head of Messenger, in a post unveiling this update. To make this decision, Meta collaborated with external experts, academics, advocates, and governmental entities. Their joint efforts aimed to pinpoint potential risks, ensuring that the enhancement of privacy goes hand-in-hand with maintaining a safe online environment, as highlighted in Crisan's announcement. 

Why Law Agencies Criticizing the Move? 

Meta Platforms' move to introduce default encryption on Messenger has drawn criticism from various quarters, with notable voices such as Home Secretary James Cleverly and James Babbage, director general for threats at the National Crime Agency, expressing concerns about its potential impact on detecting child sexual abuse on the platform. 

In a disappointed tone, Home Secretary James Cleverly highlighted the significance of Meta's decision as a setback, particularly in light of collaborative efforts to address online harms. Despite this disappointment, he stressed a continued commitment to working closely with Meta to ensure the safety of children in the online space. 

James Babbage, director general for threats at the National Crime Agency, echoed this sentiment, characterizing Meta's choice to implement end-to-end encryption on Facebook Messenger as highly disappointing. He emphasized the increased challenges their team now faces in fulfilling their role of protecting children from sexual abuse and exploitation due to this development. 

Let’s Understand E2EE 

End-to-end encryption (E2EE) in messaging ensures the confidentiality of messages for all parties involved, including the messaging service. Within the framework of E2EE, a message undergoes decryption exclusively for the sender and the designated recipient, symbolizing the two "ends" of the conversation and giving rise to the term "end-to-end." 

"When E2EE is default, we will also use a variety of tools, including artificial intelligence, subject to applicable law, to proactively detect accounts engaged in malicious patterns of behaviour instead of scanning private messages," the company wrote. 

While numerous messaging services claim to provide encrypted communications, not all genuinely offer end-to-end encryption. Typically, a message undergoes encryption as it travels from the sender to the service's server and subsequently from the server to the intended recipient. Nevertheless, in certain instances, the message may be briefly decrypted when it reaches the server before undergoing re-encryption. 

The nomenclature "end-to-end" encryption is apt because it renders it practically impossible for any intermediary to decrypt the message. Users can place confidence in the fact that the messaging service lacks the technical capability to read their messages. To draw a parallel, envisage sending a letter secured in a locked box, of which solely the sender and the recipient possess the key. This physical barrier for anyone else mirrors the digital functionality of E2EE.
Read more »
Tech giants
AI Artificial Intelligence Business AI ChatGPT ChatGPT Enterprise Cyber Security Security Concerns Tech giants

ChatGPT Enterprise can Boost AI Adoption by Addressing Business Concerns


With the introduction of ChatGPT in November 2022, interest in AI has seen a massive lift. While it has made people envision the revolutionary potential for enterprises, it has also raised several concerns. 

Security concerns in regard to adopting AI have resulted in several tech giants restricting the usage of ChatGPT. One of the security concerns is the fear that their users’ information will be used by AI to enhance their model, which seems quite possible. 

Further concerns include trustworthiness, training data up to 2021, limited customization, and occasionally inaccurate responses. 

In order to allay these concerns, OpenAI has introduced ChatGPT Enterprise, designed specifically for enterprises. In addition to advanced features like customization options, this edition promises improved security and quicker replies.

According to Rowan Curran, a senior analyst for Forrester, these security updates and plugins will eventually motivate enterprises to adopt AI technology. Early adopters of ChatGPT Enterprise include Canva and PwC. Danny Wu, the head of AI products at Canva, emphasizes the advantages of productivity. Users will be able to train the AI using their own data thanks to OpenAI, which will increase its utility. 

However, it seems like ChatGPT Enterprise should also not be trusted. According to legal consultant Emma Haywood, ChatGPT Enterprise could still possess risks when generating content. Compliance with SOC 2 and OpenAI’s data usage promise enhances its status, but GDPR and contractual duties still apply.

It must also be noted that ChatGPT Enterprise is not one of its kind, since it now has several competitors from other AI platforms such as Microsoft’s Azure AI and Bard, Google’s generative AI. In order to find the most suitable AI platform, businesses look into several attributes like cost, performance, and security.

Regulatory concerns have also been raised with the developments in AI regulations made in the EU, the US and the UK. Customization could make the distinction between user and provider more hazy and complicate regulatory issues.

ChatGPT Enterprise attempts to address security and usability issues for enterprises, yet obstacles still exist, highlighting the changing face of AI in the corporate world.

Several other reasons indicate why ChatGPT might not be ready for enterprises, such as: 

  • Developing malware: Malware can be created by the same generative AI that creates ethical code. Additionally, users have discovered that they can easily get around ChatGPT's restrictions, despite the fact that it rejects requests that are overtly illegal or sinister.
  • Phishing scams: Cybercriminals may quickly create highly convincing content using generative AI, personalize it to target particular victims (spear phishing), and adapt it to match a variety of mediums, including email, direct messaging, phone calls, chatbots, social media commentary, and phony websites.
  • API attacks: It is being speculated that cybercriminals might utilize generative AI to discover the specific vulnerabilities in APIs. Theoretically, attackers may be able to direct ChatGPT to examine API documentation, compile data, and create API queries in order to find and exploit vulnerabilities more quickly and proficiently. 

Read more »
zero Trust architecture
Cyber Threats Security Concerns User Security VPN zero Trust architecture

Security Concerns Escalate as Unsafe VPNs Pose Major Threat to Businesses

New research conducted by Zscaler has revealed that an overwhelming majority of organizations worldwide are facing a significant issue with unsafe Virtual Private Networks (VPN). According to the report, a staggering 88% of these organizations expressed deep concerns about the potential for breaches stemming from VPN vulnerabilities. 

The primary worries among respondents were related to phishing attacks, accounting for 49% of the concerns, closely followed by ransomware attacks at 40%. These findings highlight the critical need for enhanced security measures and vigilance when using VPNs for regular business operations. 

What is VPN? 

A Virtual Private Network (VPN) plays a vital role in ensuring cybersecurity by establishing a secure and encrypted network connection for users accessing the internet via public networks. The encryption process employed by VPNs serves to safeguard sensitive data and communications, preventing unauthorized access. 

Furthermore, VPNs obscure users' online identities, making it difficult for malicious individuals to monitor their internet activities or compromise personal information. This real-time encryption and privacy mechanism offers organizations and individuals an added layer of online security, guaranteeing the confidentiality and integrity of data during internet usage. 

How VPN works? 

Imagine a Virtual Private Network (VPN) as your secret online protector. When you use a VPN, your internet traffic takes a detour through a special remote server managed by the VPN host. So, instead of your data directly coming from you, it appears to come from the VPN server. 

This clever trick hides your real IP address from your Internet Service Provider (ISP) and snoopy third parties. It's like wearing an invisible cloak online. The VPN acts like a filter, turning all your data into a secret code that nobody can understand. 

Even if someone manages to catch your data, it will be gibberish to them – totally useless. So, you can surf the web with peace of mind, knowing that your online activities stay private and secure. 

How is it becoming a threat? 

A significant number of organizations, almost half of those polled, reported being targeted by cybercriminals who exploited vulnerabilities in their chosen VPN services. The vulnerabilities mainly stemmed from using outdated protocols or experiencing data leaks. 

Over the past year, one-fifth of the organizations experienced at least one attack, while one-third encountered ransomware attacks specifically aimed at their VPNs. These findings highlight the importance of keeping VPN services up to date and implementing robust security measures to safeguard against potential threats. 

Another concerning aspect is the potential for third-party vendors to become targets of exploitation, leading to successful supply chain attacks. External users, such as contractors and vendors, often have varying security standards and may not provide adequate visibility to their partners. 

Managing external third-party access is a really tough challenge, as the researchers pointed out. Making sure these external connections are secure is super important because it helps prevent any possible breach that could mess up the entire network and compromise data integrity. It's like locking the doors tightly to keep the bad guys out.

To combat these challenges, businesses are turning to an exciting approach called Zero Trust architecture. Imagine it as a digital bouncer at the entrance of your network party. In this model, no one gets a free pass. Every user and device must prove their identity, even if they are already inside the trusted corporate network.

Picture this: before anyone can join the party, they have to show their ID, and their devices must pass a security check. Once they are in, they only get access to the areas they really need – no sneaking into the VIP section. It is all about granting the least privilege access to keep potential threats at bay.

By adopting Zero Trust, companies create a super-safe environment where everyone has to earn their place and only gets what they need. This way, the network stays protected from any unwelcome gatecrashers.


Read more »
Vulnerabilities and Exploits
5G Network Flaws Mobile Operators Research Security Concerns Vulnerabilities and Exploits

5G Security Vulnerabilities Concern Mobile Operators

 

As 5G private networks become more widely available in the next years, security may become a major concern for businesses. According to a report presented at the Mobile World Congress on Monday, significant gaps in mobile operators' security capabilities still prevail. 

According to the GSMA and Trend Micro report, 68 percent of carriers already sell private wireless networks to enterprise customers, with the rest expecting to do so by 2025. However, these may not be ready for prime time in terms of security: For example, 41% of surveyed operators claimed they are having difficulty addressing vulnerabilities connected to 5G network virtualization. 

In addition, 48% of them indicated they don't have adequate internal knowledge or resources to find and fix security flaws at all. For 39 percent of surveyed operators, a restricted pool of mobile-network security professionals is a contributing cause to the problem. 

5G Networks: Diverse Architecture, Diverse Risks 

As 5G networks are essentially software-defined and virtualized, they are a significant change from previous wireless networks. In 5G, network operations that were previously defined in hardware are transformed into virtual software capabilities that are orchestrated by a flexible software control plane. In 5G, even the radio access network (RAN) air interfaces are software-defined. The concern is that this opens the door for a slew of new exploitable flaws to appear throughout the architecture, in places where they have never been exposed before. 

William Malik, vice president of infrastructure strategies at Trend Micro, told Threatpost, “Because so much of the environment is virtualized, there will be a lot of software creating images and tearing them down – the volume of virtualization is unlike anything we have experienced so far. The risk there is that we do not know how well the software will perform under such huge loads. Every experience with distributed software under load suggests that things will fail, services will drop and any vulnerability will be wide open for exploitation.” 

“Think about the traffic at a major port – much of the work is not done by individuals but by application software coordinated by scheduling and orchestration software. If you can take this over, you can dump containers into Long Beach Harbor, or ship 2,000 pounds of Cream O’ Wheat to your neighbor. In the port of Amsterdam, the bad guys took over the scheduling software and actually had containers full of guns, drugs, and in some cases, criminals delivered without inspection into the port then smuggled onwards throughout Europe,” he added.

Moreover, rather than transmitting all data to the cloud for processing, 5G employs multi-access edge computing (MEC), which implies that data created by endpoints is analyzed, processed, and stored at the network edge. Collecting and processing data closer to the client decreases latency and gives high-bandwidth apps real-time performance, but it also creates a new footprint to secure, with new data pools distributed over the network. 

Malik added further, “We’re focusing on corporate 5G implementations, generally called NPN – non-public networks. In these environments the 5G signal is restricted to a specific area – a port, a distribution center, a manufacturing facility – so we don’t have random devices connecting, and every application and device can be authenticated (note that this is not an architectural requirement but it is a really good idea). Even with that, the 5G network will be a very efficient way to move data around the site, so if malware gets into something, it will spread fast.” 

According to the survey, MEC is a crucial part of half (51%) of the operators' plan for serving enterprises' private network demands in the next two years. Only 18% of the operators polled that they provide security for both the edge and endpoints. 

Best Practices for 5G Private Network Security:

“The bad guys will try to take over the 5G network by either sneaking some rogue software into the mix, using a supply-chain attack like SolarWinds; or sneaking past authentication to launch their own processes that can crypto mine (steal resources), exfiltrate data, or initiate a ransomware attack,” Malik predicted. 

Even though security skills are currently lacking, nearly half of the operators polled (45%) believe it is essential to invest in security to meet their long-term enterprise revenue targets – compared to only 22% in 2020. 

Due to COVID-19, 44 percent of operators have observed a spike in demand for security services from their enterprise clients, and 77 percent of operators see security as major income potential, with 20 percent of 5G revenue expected to come from security add-on services. 

The 3GPP, which is in charge of wireless network specifications, has included various security features in the 5G specification. 

According to Malik, certain security practices must be implemented: 

-employ technologies to detect activities that are malfunctioning like a process that starts encrypting everything it can touch. 

-take frequent backups and double-check that they are valid to aid recovery from an assault. 

-purchase technology from reputable sources and make use of reliable integrators to hook things up. 

Malik told Threatpost, “Best practices for securing these NPN environments would include authenticating everything and everyone – that’s the idea behind zero trust. You have to prove you are who you say you are before you can do anything on the network.” 
Read more »
Subscribe to: Posts (Atom)