Search This Blog

Showing posts with label US Government. Show all posts

Indianapolis Housing Authority Hit by Ransomware

According to a senior agency official, a ransomware attack on the federal organization in Indianapolis which manages low-income housing has caused a delay in the distribution of rent payments to landlords.

During the attack, which started weeks ago, every employee of the Indianapolis Housing Agency blocked access to their email. That concerned its executive director, Marcia Lewis, who was unable to access her email for days before being able to do so again on Tuesday, according to a message she wrote to The Indianapolis Star.

The inability to send October rent payments to landlords under the federal housing choice voucher program, generally known as Section 8, on which 8,000 Indianapolis families rely, was caused by the ransomware attack on the Indianapolis Housing Agency. The organization oversees the administration of the Section 8 program in Indianapolis, which offers rental help to very low-income families, the elderly, and people with disabilities for housing on the private market.

Marcia Lewis stated that the attack was still continuing as of Wednesday and that an investigation by data security professionals, police enforcement, and the agency's IT service providers is in progress. The housing authority has not disclosed information regarding the purpose or identity of those responsible for the ransomware attack, which utilizes software to encrypt files within a victim organization in order to demand payment.

With the help of Section 8 or through residing in one of the organization's public housing complexes, almost 25,000 people rely on the Indianapolis Housing Agency for a variety of housing services.

Lewis claimed that as of Monday, the organization had successfully paid every Section 8 landlord's rent for the month of October. The company had to manually send out client power allowance checks and important vendor payments during the previous week since the IT system was unavailable.

The Indianapolis Star has previously written about the abuse that residents of Indianapolis Housing Agency buildings have experienced. Some of the issues residents have encountered include bed insect infestations, air conditioner outages on some of this summer's hottest days, or a lack of hot water at the beginning of October.

Landlords are prohibited from evicting residents for nonpayment by the agency under Section 8 laws set forth by the U.S. Department of Housing and Urban Development, including in the present instance.

US Government Contemplates on Launching Cyber Insurance Program to Help Private Insurance Firms


As cyberattacks continue to surge at a rapid pace, the US government is mulling over the creation of counterproductive incentives to help private insurance firms cover some of the costs related to catastrophic cyber incidents under the federal cyber insurance program. 

Last month, the Treasury Department and Cybersecurity and Infrastructure Security Agency (CISA) asked the representatives of multiple organizations to contemplate the requirement of a cyber insurance program and, if so, how such a program should be enforced across the country. 

Earlier this year in June, the Government Accountability Office (GAO) published a report advising Federal Insurance Office (FIO) and CISA to conduct a joint assessment to examine the federal government’s role in cyber insurance. 

The move comes after multiple private insurers were spooked by the possibility of having to cover such large losses and backed out of the market by excluding some of the most high-level cyberattacks from being covered by insurance policies. Currently, the U.S. government does not have a federally backed cyber insurance program to deal with destructive cyberattacks. 

“I think what you’re seeing is the government sort of thinking about this from their side … if they should be doing more to help companies that are hit and, if so, how should they define what the thresholds are. They’re clearly evaluating that and trying to think carefully about it right now,” stated Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School. 

The rapid surge in cyber incidents 

Cyber attacks, specifically ransomware, have disrupted critical services and businesses globally, including schools, government offices, hospitals, emergency services, transportation, energy, and food firms. Reported ransomware payments in the United States reached over $590 million in 2021, compared to a total of $416 million in 2020. Just this summer, ransomware attacks rose 47 percent from June to July, according to a report published by cybersecurity firm NCC Group. 

According to the most recent IBM Cost of a Data Breach report, each public sector incident costs $2.07 million on average. 

The cyberattack on the Colonial Pipeline that took a 5,500-mile-long fuel transporting operation offline had a spillover effect on the wider economy. The pipeline operator paid a ransom of $4.4 million to the hackers — despite advice from law enforcement agencies that ransom demands should always be rejected. 

According to the FBI and many other agencies, paying ransoms encourages attackers to launch further cyber attacks. Some suggestions for organizations from the FBI include: 

• Keep all operating systems and software up to date 
• Enforce a user training program and phishing exercises 
• Employ strong, unique passwords for all accounts with password logins 
• Enable multi-factor authentication (MFA) for as many services as possible 
• Maintain offline (i.e., physically separate) backups of data, and examine backup and restoration frequently 
• Ensure all backup data is encrypted and immutable

Twitter to Pay $150M Penalty for Selling Customers' Data


Twitter has agreed to pay $150 million to settle a federal privacy suit filed by the US government last week over privacy data violation. 

Between May 2013 and September 2019, Twitter asked users for private details to secure their accounts, but then used that information to target users with ads, the Federal Trade Commission (FTC) and Department of Justice, stated. 

"Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," said FTC Chair Lina Khan in a statement. "This practice affected more than 140 million Twitter users while boosting Twitter's primary source of revenue." 

This is not the first incident where Twitter violated the FTC Act, under which the agency is “empowered to prevent unfair or deceptive acts or practices in or affecting commerce.” In 2011, Twitter settled with the FTC, which had accused Twitter of serious loopholes in its data security that allowed attackers to secure unauthorized administrative control of the platform. 

The consent order between the Federal Trade Commission (FTC) and Twitter prevented the company from misrepresenting how it used individuals’ email addresses and phone numbers. 

The fine announced on Wednesday last week has been a couple years in the making. In August 2022, Twitter warned investors regarding an FTC probe and potentially a penalty of more than a hundred million dollars for both violating the FTC Act again and its 2011 settlement. 

“Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint, which was filed by the DOJ on behalf of the FTC, said. 

The social media giant said it will comply with the court’s decision, pay the fine and launch robust privacy and information security program, which will include independent security audits every two years until 2042. 

Further, Twitter will be required to notify all US users who joined its platform before September 17 2019 regarding the settlement and offer them options for guarding their privacy and security in the future.

 US Reclaimed $15 Million From an Ad Fraud Operation


The US government has recovered more than $15 million in earnings from the 3ve digital advertising fraud enterprise, which cost firms more than $29 million in unviewed ads. 

Sergey Ovsyannikov, Yevgeniy Timchenko, and Aleksandr Isaev, according to the Justice Department, accessed more than 1.7 million infected computers between December 2015 and October 2018, using tens of command and control (C&C) servers as the Kovter botnet, a click-fraud malware would quietly run in the background while connecting to sites to consume advertisements. 

A forfeiture order, according to the Justice Department, resulted in the transfer of $15,111,453.84 from Swiss bank accounts to the US government. The technique resulted in the falsification of billions of ad views and the spoofing of over 86,000 domains. According to the US Department of Justice, groups paid over $29 million for advertising never seen by real people. 

Ovsyannikov and Timchenko were arrested in 2018, pleaded guilty, and sentenced to jail terms in the United States. For this role in 3ve (pronounced "Eve"), Isaev and five others are accused of money laundering, wire fraud, computer intrusion, and identity theft, yet they stay free. 

The US also charged Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, and Dmitry Novikov, five Russian citizens, with running the Methbot ad fraud scheme, which is thought to have netted the fraudsters more than $7 million in illegal gains. 

"This forfeiture is the greatest international cybercrime recovery in the Eastern District of New York's history," said United States Attorney Peace in a press statement.

Multiple Organizations Targeted by Conti Ransomware Worldwide


The Conti ransomware gang is wreaking havoc with its assaults around the globe. The latest victim is the Peru MOF – Dirección General de Inteligencia (DIGIMIN), the premier intelligence agency in Peru. 

The ransomware group claimed to have stolen 9.41 GB of data from the agency responsible for national, military, and police intelligence, as well as counterintelligence. Targeting intelligence agency could lead to the disclosure of secret and confidential documents and pose a threat to national security. 

Last week, the US Department of State offered a reward of up to $15 million for information on the threat actor. The reward includes $10 million for the identification or the location of the leaders of the Conti ransomware gang. 

Additionally, $5 million is offered for information that results in the arrest /or conviction of any individual in any country conspiring to participate in or attempting to participate in a Conti variant ransomware incident. The reward is offered under the Department of State’s Transnational Organized Crime Rewards Program (TOCRP).

"The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years," the statement read. "The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti ransomware variant the costliest strain of ransomware ever documented." 

Costa Rica President Rodrigo Chaves declared a national cybersecurity emergency over the weekend, following a financially motivated Conti ransomware attack against his administration that has paralyzed the government and economy of the Latin American nation. Shortly after the incident occurred in April, the former President Carlos Alvarado publicly declined to pay a $10 million ransom demand. In turn, Conti has published nearly all of the 672 GB of data stolen from the government. 

After targeting the Costa Rican government, the ransomware group posted a message on their news site that the assault was merely a “demo version.” The group also said the attack was solely motivated by financial gain as well as expressed general political disgust, another signal of more government-directed attacks. 

The assaults by the Conti ransomware group are really concerning and even forced a nation to declare a national emergency. Thus, security experts recommended organizations invest in robust preventive strategies, including anti-ransomware solutions, frequent backups of data, network firewalls, and email gateways.

The Examination of the Seized Equipment of the Lurk Group did not Reveal the Fact of an Attack on the US Government


A law enforcement source said that the examination of the equipment seized from the members of the Lurk hacker group did not reveal traces of attacks on the servers of the American government. During the court session, hacker Konstantin Kozlovsky, who is being held as one of the defendants in the case of the Lurk hacker group, declared his involvement in hacking the servers of the Democratic Party of the USA, as well as in hacking Hillary Clinton's mail. 

However, the examination showed that this is not the case. "The examination was carried out by the security forces together with the leading companies in the field of information security in Russia, all seized equipment, media, communications were checked. No evidence of attacks on the U.S. government was found. Also, the group members did not discuss it in the seized correspondence," the source said. 

He added that the investigation did not establish a connection between Kozlovsky and any FSB officers. "If you follow his statements, they always follow the high-profile hacking topics in the media, to which he is trying to link his criminal case: first it was Russian interference in the US elections, then, when information about the arrest of employees of the FSB Information Security Center appeared in the media, he also mentioned it. 

Even in the list of those involved in the attack on American information resources, published by the US Department of Justice, there is neither Kozlovsky himself nor other members of the Lurk group," the source explained. 

The detention of a group of Lurk hackers became known on June 1, 2016. There are 22 people in the dock. According to investigators, the participants of the hacker group stole 1 billion 264 million rubles (16.7 million dollars) from commercial companies and banks. 

They also hacked the network of Yekaterinburg Koltsovo airport and copied information from servers. It should be noted that Kozlovsky is not the first to try on the role of a hacker of the servers of the Democratic Party. Previously, a hacker with the nickname Guccifer 2.0 took responsibility for hacking. The user called himself a Romanian hacker, but spoke Romanian with machine translation errors.

Ransomware Gang Offered a Decryptor After Realizing they Hit a US Government Agency


After discovering that they had encrypted a US government agency, the AvosLocker ransomware operation offered a free decryptor. AvosLocker infiltrated a US police department last month, encrypting devices and stealing data during the attack. 

Sophos researchers investigating AvosLocker ransomware deployment discovered that the main process begins with attackers utilising PDQ Deploy to run and execute a batch script on targeted workstations called "love.bat," "update.bat," or "lock.bat." The script issues and executes a series of commands that prepare the machines for the ransomware's release before rebooting into Safe Mode. Windows Safe Mode is an IT support solution for resolving IT issues in which most security and IT administration capabilities are disabled. 

The command sequence takes about five seconds to execute and includes disabling Windows update services and Windows Defender, attempting to disable the components of commercial security software solutions that can run in Safe Mode, installing the legitimate remote administration tool AnyDesk and configuring it to run in Safe Mode while connected to the network, ensuring continued command and control by the attacker, setting up a new account with auto-login details, and then connecting to the target's domain controller in order to remotely access and run the ransomware executable, called update.exe.

“The techniques used by AvosLocker are simple, but very clever. They ensure that the ransomware has the best chance of running in Safe Mode and allow the attackers to retain remote access to the machines throughout the attack,” said Peter Mackenzie, director of incident response at Sophos. 

According to a screenshot released by security researcher pancak3, when they learned the victim was a government entity, they offered a free decryptor. While providing a decryptor to the police department, the ransomware organization declined to offer a list of stolen files or details on how they gained access to the department's network. According to an AvosLocker operation member, they have no strategy on who they target but typically avoid encrypting government agencies and hospitals.

"You should note, however, that sometimes an affiliate will lock a network without having us review it first," the AvosLocker operator said. 

Over the last year, international law enforcement activities have resulted in numerous indictments or arrests of ransomware members and money launderers. These arrests include members of the ransomware groups REvil, Egregor, Netwalker, and Clop. This increased pressure has been proved to have a positive effect, resulting in the shutdown of various ransomware operations, including DarkSide, BlackMatter, Avaddon, and REvil.

FBI says Attackers Breached US Local Govt After Hacking a Fortinet Appliance


After issuing a cybersecurity advisory warning that APT hacker groups are purposefully targeting vulnerabilities in Fortinet FortiOS, the FBI now warned that after hacking a Fortinet appliance, state-sponsored attackers compromised the webpage of a US local government. 

Fortinet is a multinational security company based in Sunnyvale, California. It creates and sells cybersecurity solutions, which include hardware like firewalls as well as software and services like anti-virus protection, intrusion prevention systems, and endpoint security components.

"As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a web-server hosting the domain for a U.S. municipal government," the FBI's Cyber Division said in a TLP:WHITE flash alert published on 27th May. 

The advanced persistent threat (APT) actors moved laterally around the network after gaining access to the local government organization's server, creating new domain controller, server, and workstation user identities that looked exactly like existing ones. On compromised systems, attackers linked to this ongoing APT harmful activity have created 'WADGUtilityAccount' and 'elie' accounts, according to the FBI.

This APT organization will most likely utilize this access to capture and exfiltrate data from the victims' network, according to the FBI. "The APT actors are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors," the FBI added.

Last month, the FBI and the CISA issued a warning about state-sponsored hacking groups gaining access to Fortinet equipment by exploiting FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. The threat actors are also scanning for CVE-2018-13379 vulnerable devices on ports 4443, 8443, and 10443, and enumerating servers that haven't been patched against CVE-2020-12812 and CVE-2019-5591. 

Once they've gained access to a vulnerable server, they'll use it in subsequent attacks aimed at critical infrastructure networks. "APT actors may use other CVEs or common exploitation techniques—such as spear-phishing—to gain access to critical infrastructure networks to pre-position for follow-on attacks," the two federal agencies said.

"APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spear-phishing campaigns, website defacements, and disinformation campaigns." They further told. 

$571 Million to be Paid over Bitcoin Scam


The Commodity Futures Trading Commission on 26th March 2021 declared that the U.S. District Court for the Southern District of New York entered a default judgment against Benjamin Reynolds, purportedly of Manchester, England, finding that he worked a fake plan to request bitcoin from members of the public and misappropriated customers of bitcoin. This case was brought in connection with the Division of Enforcement's Digital Assets Task Force. 

The Commodity Futures Trading Commission (CFTC) is an independent agency of the US government made in 1974, that controls the U.S. derivatives markets, which incorporates futures, swaps, and certain kinds of options. The expressed mission of the CFTC is to promote the integrity, strength, and energy of the U.S. derivatives markets through sound guidelines. After the financial crisis of 2007–08 and since 2010 with the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFTC has been changing to carry more transparency and sound regulation to the multi-trillion dollar swaps market. 

Between May 2017 and October 2017, Reynolds utilized a public site, different social media accounts, and email communications to request at least 22,190.542 bitcoin, esteemed at around $143 million at that point, from in excess of 1,000 clients around the world, including at least 169 people living in the U.S. 

In addition to other things, Reynolds dishonestly addressed to clients that Control-Finance exchanged their bitcoin deposits in virtual currency markets and utilized particular virtual currency dealers who created ensured trading benefits for all clients. He likewise developed a detailed affiliate marketing network that depended on deceitfully encouraging to pay outsized referral profits, rewards, and bonuses to urge clients to allude new clients to Control-Finance. Truth be told, Reynolds made no trades for clients' benefit, procured no trading benefits for them, and paid them no referral rewards or bonuses. While Reynolds addressed that he would return all bitcoin deposits to clients of Control-Finance by late October 2017, he never did and rather held the deposits for his very own utilization. Clients lost most of the entirety of their bitcoin deposits because of the scheme.

The court's March 2, 2021 order expects Reynolds to pay almost $143 million in compensation to defrauded clients and a civil monetary penalty of $429 million.

Russians ‘InfoWarrior’ Hackers New Game Changer for the Geopolitical Agenda?

The worse cyber attack of the year 2020 on SolarWinds which was allegedly carried out by Russian state-backed threat actors is signs of advancement in different ways as Moscow is seemingly improving its technical abilities that might pose a bigger threat of cyber espionage globally. 

The attack has compromised many important departments of the U.S. government, big tech companies, hospitals, and universities, showing a big loop of online intrusion, which is illustrating how cyber espionage operations have become a left-hand job for Russian ‘infowarrior’. Should it make the West more concerned about the security of its government or should the whole world consider these attacks as a new normal? 

Russia’s diplomatic relation with the West has always been bitter since the World Wars, and even today the situation continues to border on bitterness. Moscow sees the cyber attacks as a cheap and effective way to achieve and win its geopolitical aspirations, and therefore Russia is unlikely to take a step back from such tactics, whilst facing U.S. sanctions or countermeasures. 

Bilyana Lilly, a researcher at think tank Rand Corp said, “Such operations are a relatively inexpensive and effective way to conduct geopolitics that is crucial for Russia, which is facing considerable economic and demographic challenges and whose economy is smaller than Italy’s. 

Referencing from an article in a Russian military journal, “the complete destruction of the information infrastructures” of the U.S. or Russia could be carried out by just one battalion of 600 “info warriors” at a price tag of $100 million’’. 

It’s been an ardent task for the West to vehemently retort to Moscow’s growing cyber abilities. Washington’s vengeance measures including sanctions, diplomatic expulsions, property seizures, and even big threats such as expulsion from the world-leading economic organizations appear to have little to no impact on its operations. 

Pavel Sharikov, a senior fellow at the Russian Academy of Science’s Institute for U.S. and Canadian Studies said, “Russia doesn’t see sanctions as an instrument of pressure but as an instrument of punishment. The Russian government says, ‘Yes we understand that you don’t like what we are doing, but we don’t really care”. 

Notably, US officials and tech companies have accused the Russian regime of cyber espionage attacks on multiple occasions, including attempts to intervene before the 2020 election. The WSJ discovered how Moscow’s cyber espionage and trolls have enlarged their 2016 toolbox with a new stratagem. 

Inferring from a paper co-written by Rand’s Ms. Lilly, “in recent years, so-called information confrontation has become an established part of Russia’s military doctrine”. In 2019, Gen. Valery Gerasimov, Russia’s General Staff chief, said that in modern warfare, cyberspace “provides opportunities for remote, covert influence not only on critical information infrastructures but also on the population of the country, directly influencing national security.” 

According to the authorities, Moscow is trying to advance its geopolitical agenda by using its cyberattack tactics; the initial target was ex-Soviet countries. It was in 2007 when Russia-backed hackers attacked Estonia which compromised websites government, bank credentials, and newspapers. 

Following up, Ukraine and Georgia have also been attacked. In most cases, states’ media firms, and election infrastructures have been targeted. “Russian state-backed hackers set their sights on the West. In 2014, they penetrated the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified schedule, U.S. officials said. 

According to the German authorities, in 2015, they got into the German parliament, in what experts described as the most significant hack in the country’s history’’. 

Interestingly, that's not all, Russia was accused of its interference in the French elections and the ‘Pyeongchang’ Winter Olympics and for the NotPetya malware attacks on the corporate webwork. And now, the Western administration is accusing Russia of cyber espionage attacks against the COVID-19 vaccine supply chain. Russia has denied its involvement. 

Trukno: "On A Mission To Deliver Cyber Intelligence, Not Cyber News"


Trukno: Virtual Threat Intelligence Analyst to launch their Broad Beta Version on 22nd December. Every second a new attack in cyberspace takes place, according to a report by Acronis 32% of companies are attacked at least once a day and to keep up with these threats and attacks is a mind picking process. There are two ways of keeping up with Cyber Security- a) being updated with cyber blogs or b) hiring your own cyber threat analyst. But Trukno is a platform that provides a virtual threat intelligence analyst for people who want to keep up with cybersecurity, be up to date on recent attacks as well as to know the threat actors and attack landscape trend with their syndicated search engine and threat curator. 

Set to launch their Broad Beta version on 22nd December, for individuals who are full-time cybersecurity analysts as well as for the majority of people who want to know the how and happenings in cybersecurity in a much faster, easier, and detailed way. 

Ehacking news had a discussion with Trukno CEO and Founder Manish Kapoor, Co-Founder Noah Binstock, and Team about their platform, how it works, features and advantages. 

I'm sharing below the details from the interview with you all, read to know about Trukno and how you can set up a beta account for yourself: 

The Story Behind Trukno Mr. Manish (CEO and Founder): We formed Trukno in Oct 2018 in Denver Colorado. Before that I was in Cisco, which is a big networking company also very focused on Cybersecurity, I was there for 10 years and what I did day to day was to help the world’s largest service providers like AT&T, Telstra help them understand the latest going on in cybersecurity and based upon that help them build cybersecurity services they could sell to their enterprise customers using Cisco system products - that was the essence of what my team and I did and when you do that you’re going in front of the world’s largest cybersecurity companies so they know what they’re talking about in cybersecurity and hence I had the constant pressure to keep up with cybersecurity latest threats and how those could be turned into new services and I tell you it’s easier said than done. In preparation, I would blog hop from one blog to another and very quickly I started to realize, there is a difference between keeping up with cyber news vs. keeping up with cyber threats. 

The whole process would take me hours leaving me more confused and that's when I realized something is missing either I don't have the right tools or there must be a better way since then we have probably talked to 504 folks in cybersecurity from Cisco to stock analyst to researchers and we realized that this problem was not just isolated for me that problem exists for the cyber community in general. So what tools that exist today in cybersecurity are targeted for deep-dive practitioners who want to see the bits and bytes and it's a full-time job just to keep up with it and only the largest corporations in the world can hire dedicated threat intelligence analysts and everybody else who wants to keep up with cyber threats really struggles. So that is the problem we are trying to solve, and the mission we are on is to deliver cyber threat intelligence and not cyber security news. We intend to do so in the most efficient comprehensive and affordable way to the masses so that is the story behind Trukno.  

Mr. Noah (Co-founder): We found that when it comes to threat researchers and external strategic analysts there is often one position that is providing these reports for an organization and what we realized is that those reports and those patterns and findings these people are curating; they have benefits of all cybersecurity and not just the organization they are working for, so we are actually trying to find ways to scale that information. The objective information about external threats landscapes and the inner workings and patterns that are occurring in front of our eyes so we can give that to organizations and individuals without access to a dedicated intelligence analyst.

Trukno Breakdown and Features: 

Newsfeed: A news feed that you can create based on your interests; it's basically a news feed from a hundred and fifty sources for people who want to keep up with cybersecurity news at one place and users can create their own feed and have all their news sources at one place 

Dashboard: You can choose your interests of information using filters from industry, Technology, Malware, and actors. The sweet thing about this threat analyst is you can go from shallow to deep in a way that’s organized and detailed. It informs you about threat actors, breach specifics; how many times the threat was used thus the user gets very detailed information in a very short time. 

My Boards (and Team Collaboration):  You can assign Custom Tags to threats, breaches, and discussions; and comment and converse with your team. 

Trukno Vision: Mr. Manish: Our Vision is to get critical vital threat information to the broad cyber community; you don’t have to have PhD. to keep up with cyber threats. That is what we believe. That is the reason we are going to the extent of not only breaking down TTPs (Tactics, techniques, and procedures) but breaking down text associated with that TTPs in each specific breach because we want to make it a ten-second visual that gives you the summary verses a thirty-minute read. 

How it works: Mr. Manish: What we are doing is with all this curation is we are building an automated engine which is AI-driven but with human intervention to maintain quality analysis and to do that we break down every single article until the AI takes over. That is to say, It’s a combination of Artificial and Human Intelligence as 90% of the breaches use the same TTPs and on a day to day basis there are new threats surfacing that have never been seen before and AI is not going to be able to that on its own; it will always be human aided AI. So our AI will become more and more efficient with more training data but it will always be human intelligence aided. 

Next Step: Mr. Manish: Add more sources for people who want more content, people who want details we will give them IUCs, people who want news feed but more flexibility customization we’ll add custom URL capabilities and people who want more collaboration, we’ll be adding integration slack and some basic team capabilities on our side. 

How is this threat intelligence different from MITRE? Mr. Manish: Think of MITRE as a US government organization, and it has created all the rules and regulations but you won’t go to MITRE to know what happened an hour ago, what breach happened, and how that happened in the MITRE framework. So, we are creating a dashboard that uses the MITRE framework to pull all that information together. 

EndNote: Mr. Manish: We are truly on a mission to solve this very critical problem in society, cybersecurity has become one of the biggest problem facing humanity and we think that cybersecurity is not about IT, bigger boxes, and fancy software; it's about threat risk management - the importance of knowing the right threats at the right time is so critical and right now it is so hard to do that we truly believe we can move the needle on this thing with the platform to make it simple, affordable and comprehensive – that’s our mission and that's what we stand for. 

The Trukno broad beta will be open for everyone, to avail go to their website ( In their Beta version, all features are free for everyone, with the full version coming in the first quarter of next year will have a freemium model that is free News Feed and My Board and subscription-based Dashboard.

US Government Issues Alert Warning against China Made Drones

As the Chinese-made drones pose a "cyber-espionage” threat to the American organizations and different businesses that utilize them the US government issued an alert cautioning against them.

The said warning does not allude to a particular organization or company but rather the notice included that those utilizing the flying aircraft for assignments identified with national security or critical infrastructure were at high risk.

Market-leader DJI, which represents over 70% of the US market in drones costing more than $500 said that it had found a way to keep its customers' information secure and gave a statement for the same, 

“We give customers full and complete control over how their data is collected, stored, and transmitted, for government and critical infrastructure customers that require additional assurances, we provide drones that do not transfer data to DJI or via the internet, and our customers can enable all the precautions DHS [Department of Homeland Security] recommends."

Chris Huhn, the Vice-President of business development of Yuneec - the second bestselling Chinese manufacturer - has additionally said that it gives users full control of their information.
"All our UAV [unmanned aerial vehicles] do not share telemetry or visual data with internal or external parties,"

As per CNN, which was the first to report the development, the notice was issued on Monday by the US's Cybersecurity and Infrastructure Security Agency. This cited the notice as saying,

"The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access,"

"China imposes unusually stringent obligations on its citizens to support national intelligence activities."