Search This Blog
Load More
Trendy Right Now

Popular Posts

Showing posts with label data security. Show all posts
Verizon
Cloud Security Cyber Security data security Security Breach Security Observability SIEM Verizon

Security Observability: How it Transforms Cloud Security


Security Observability 

Security Observability is an ability to gain recognition into an organization’s security posture, including its capacity to recognize and address security risks and flaws. It entails gathering, analyzing, and visualizing security data in order to spot potential risks and take preventative action to lessen them. 

The process involves data collection from varied security tools and systems, like network logs, endpoint security solutions, and security information and event management (SIEM) platforms, further utilizing the data to observe potential threats. In other words, unlike more conventional security operations tools, it informs you of what is expected to occur rather than just what has actually occurred. Security observability is likely the most significant advancement in cloud security technology that has occurred in recent years because of this major distinction. 

Though, a majority of users are still unaware of security observability, which is something that raises concerns. According to a 2021 Verizon Data Breach Investigations Report, cloud assets were included in 24% of all breaches analyzed, up from 19% in 2020. 

It is obvious that many people working in cloud security are responding slowly to new risks, and a select few need to act more quickly. This is likely to get worse as multi-cloud apps that leverage federated architectures gain popularity and cloud deployments become more varied and sophisticated. The number of attack surfaces will keep growing, and attackers' ingenuity is starting to take off. 

Organizations can embrace cloud security observability to get a more complete understanding of their cloud security position, allowing them to: 

  • Detect and Respond to Threats More Quickly: Cloud security allows firms to recognize and respond to threats fasters, in a much proactive manner, all by collecting data from numerous security tools and systems. 
  • Identity Vulnerabilities and Secure Gaps: With a better knowledge about the potential threats, organizations can take upbeat measures to address the issues before the bad actors could manage to exploit them. 
  • Improve Incident Response: Cloud security observability can help organizations improve their incident response skills and lessen the effect of attacks by giving a more thorough view of security occurrences. 
  • Ensure Compliance: Cloud security observability further aids organizations in analyzing and monitoring their cloud security deployment/posture to maintain compliance with industry rules and regulations, also supporting audits and other legal accounting.  

Read more »
Voice Cloning
Cyber Fraud data security Fraud Safety Scam Voice Cloning

Is Your Child in Actual Danger? Wary of Family Emergency Voice-Cloning Frauds

 

If you receive an unusual phone call from a family member in trouble, be cautious: the other person on the line could be a scammer impersonating a family member using AI voice technologies. The Federal Trade Commission has issued a warning about fraudsters using commercially available voice-cloning software for family emergency scams. 

These scams have been around for a long time, and they involve the perpetrator impersonating a family member, usually a child or grandchild. The fraudster will then call the victim and claim that they are in desperate need of money to deal with an emergency. According to the FTC, artificial intelligence-powered voice-cloning software can make the impersonation scam appear even more authentic, duping victims into handing over their money.

All he (the scammer) needs is a short audio clip of your family member's voice—which he could get from content posted online—and a voice-cloning program. When the scammer calls you, he’ll sound just like your loved one,” the FTC says in the Monday warning.

The FTC did not immediately respond to a request for comment, leaving it unclear whether the US regulator has noticed an increase in voice-cloning scams. However, the warning comes just a few weeks after The Washington Post detailed how scammers are using voice-cloning software to prey on unsuspecting families.

In one case, the scammer impersonated a Canadian couple's grandson, who claimed to be in jail, using the technology. In another case, the fraudsters used voice-cloning technology to successfully steal $15,449 from a couple who were also duped into believing their son had been arrested.

The fact that voice-cloning services are becoming widely available on the internet isn't helping matters. As a result, it's possible that scams will become more prevalent over time, though at least a few AI-powered voice-generation providers are developing safeguards to prevent potential abuse. The FTC says there is an easy way to detect a family emergency scam to keep consumers safe. "Don't believe the voice. Call the person who allegedly contacted you to confirm the story. 

“Don’t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs,” the FTC stated. “If you can’t reach your loved one, try to get in touch with them through another family member or their friends.”

Targeted victims should also consider asking the alleged family member in trouble a personal question about which the scammer is unaware.
Read more »
Security
Cyber Attacks data security EV EV Charging Station Safety Security

EV Charging Stations Prone to Cyber Attacks : Indian Govt to Parliament

 

Electric vehicle charging stations, like any other technological application, are vulnerable to cyber attacks and cyber security incidents, Indian Parliament was informed on Thursday. 

Union Minister Nitin Gadkari stated in a written reply to the Lok Sabha that the Indian Computer Emergency Response Team (CERT-In), which is tasked with tracking and monitoring cyber security incidents in India, obtained reports of security flaws in products and applications pertaining to electric vehicle charging stations. 

"The government is fully cognizant and aware of various cyber security threats and is actively taking steps to combat the issue of hacking," Gadkari said. 

According to the information reported to and tracked by CERT-In, the number of cyber security incidents reported in 2018, 2019, 2020, 2021, and 2022 is 2,08,456; 3,94,499; 11,58,208; 14,02,809 and 13,91,457, respectively.

In response to a separate question, the road transport and highways minister stated that Rs 147 lakh was paid out in compensation to victims of hit-and-run accidents during the current fiscal year until February.

The ministry  has announced the 2022 Compensation to Victims of Hit-and-Run Motor Accidents Scheme. It increases compensation for victims of hit-and-run accidents to Rs 50,000 (for serious injury) and Rs 2,00,000 (for death), with a detailed procedure for obtaining this compensation.

In reply to another question, Gadkari stated that the ministry has set a higher target of 12,200 km for National Highway construction in the current fiscal year than in the previous three fiscal years.

"The target of construction of NHs for financial year 2023-24 has not yet been finalized," he added.

The minister stated that 19 projects totaling Rs 21,864 crore have been delayed as a result of  land acquisition.
Read more »
Scam McAfee
Cyber Data Cyber Fraud Data Safety data security Fraud Scam McAfee

McAfee Invoice Fraud Email Pretending to be a Subscription Renewal Receipt

 

Readers should beware of clicking links in a McAfee invoice scam email that claims to be a "confirmation receipt" for the subscription renewal of the company's products. This email does not come from McAfee Corp. Email scams that use the names of antivirus and security companies are probably as old as the internet, but this particular one for McAfee apparently tried to combine two different threats into one: malware and phishing. 

Snopes reviewed one of the McAfee invoice scam emails. The subject line read, "Confirmation Receipt ID.6030955553." The following message came from an email address associated with uilsducoach.com, not the official company website mcafee.com:
  • Reassure your McAfee is up to date.
  • Check now as it may have ended.
  • Your subscription of McAfee for your computer may ended soon.
  • After the ending date has passed your computer will become susceptible to many different virus and threats.
  • Your PC might be unprotected, it can be exposed to viruses and other malware...
  • You are eligible for discount: -70%*
A malicious URL scanner scan of the links revealed that the email was "hosting malware" and contained a "phishing link."

The link started on an Amazon Web Services page. Vestingsupper.com was one of the redirects. More information was not available at the time this story was published. McAfee has previously published several articles about these types of scams, including details on what to do if you believe you've been a victim of one.

It's recommended, "if you accidentally enter data in a webpage linked to a suspicious email, perform a full malware scan on your device. Once the scan is complete, backup all of your files and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it's important to change all the passwords you use online in the wake of a suspected phishing attack."

Malwarebytes and Norton are two other companies that are recommended for malware scans. If readers provided financial information to scammers, such as a credit card number, we recommend contacting that financial institution right away to notify them of the problem. To ensure that scammers do not use the compromised card in the future, a new credit card with a new number may need to be mailed to you in some cases.
Read more »
Security
Breaches Cyber Security Data Data Breaches data security Safety Security

Exfiltration Malware: At the Forefront of Cybersecurity Issues

 

While massive public security breaches are understandably concerning, the increase in malware designed to exfiltrate data directly from devices and browsers is a significant contributor to continued user exposure, according to SpyCloud . Last year, over 22 million unique devices were infected by malware, according to the 2023 report. 
SpyCloud recovered 721.5 million exposed credentials, roughly half of which came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers allow cybercriminals to operate on a large scale, stealing valid credentials, cookies, auto-fill data, and other highly valuable information for use in targeted attacks or sale on the darknet.

“The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like Initial Access Brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals,” said Trevor Hilligoss, Director of Security Research at SpyCloud. “Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime. This broker-operator partnership is a lucrative business with a relatively low cost of entry.”

Critical business applications are easily accessible to cybercriminals

 Cybercriminals have doubled down and taken advantage of the economic downturn, expanding their hybrid workforce, creating ghost accounts from terminated employees, and rising outsourcing.

When employees enter corporate networks using malware-infected unmanaged or undermanaged devices, threat actors have a simple route into important company applications such as single sign-on platforms and virtual private networks.

In 2022, SpyCloud researchers recovered millions of credentials stolen from popular third-party business applications that had been impacted by malware. The data stolen from these apps, which include code repositories, customer databases, messaging platforms, and HR systems, provides bad actors with the information they need to launch damaging follow-up attacks such as ransomware.

If these credentials are not properly remediated and remain active, they will continue to pose a threat to organisations even after the malware has been removed from the device.

Organizations are oblivious to the threat of sophisticated malware-based attacks

“Organizations are overlooking the mounting threat of sophisticated malware-based attacks and the protracted business impact of infected devices. Leaders need a new approach that disrupts the flow of stolen authentication data and mitigates the ongoing threat of these exposures,” said Hilligoss.

“Collectively, we need to start thinking about protecting digital identities using a Post-Infection Remediation approach, rather than solely focusing on cleaning individual infected devices. Taking action on exposed employee data before it can be used by criminals is paramount to preventing account takeover, fraud, ransomware, and other forms of cybercrime,” concluded Hilligoss.

By resetting application credentials and invalidating session cookies syphoned by infostealer malware, security teams can supplement their traditional cyber incident response playbooks with additional steps to fully negate opportunities for ransomware and other cyberattacks.

Password hygiene remains a problem

Session hijacking enabled by stolen cookies is becoming more common: In 2022, SpyCloud researchers recovered nearly 22 billion device and session cookies. These records allow criminals to gain access to sensitive information by bypassing MFA and hijacking an active session, effectively turning bad actors into employee clones.

Users' personally identifiable information (PII) is as appealing as it has always been: In 2022, SpyCloud researchers found 8.6 billion PII assets, including 1.4 billion full names, 332 million national IDs/full social security numbers, and 67 million credit card numbers.

Despite increased cybersecurity training emphasis, password hygiene remains poor: 72% of users exposed in breaches in 2022 continued to use previously compromised passwords. SpyCloud recovered over 327,000 passwords related to artists Taylor Swift and Bad Bunny, over 261,000 passwords associated with streaming services such as Netflix and Hulu, and over 167,000 passwords related to Queen Elizabeth's death and the British royal family.

The government sector is more vulnerable to malware-infected devices than the private sector: In 2022, SpyCloud discovered 695 breaches containing.gov emails, a nearly 14% increase from 2021. Password reuse rates among government employees continue to be high, with 61% of users having more than one password exposed in the previous year.

123456, 12345678, and password are the three most commonly exposed plaintext passwords associated with government emails. Malware exfiltrated nearly 74% of exposed government credentials globally in 2022 (compared to 48.5% globally).
Read more »
Website
AI App Images Data Safety data security Technology Website

This Website Wants to Use AI to Make Models Redundant

 

Deep Agency is an AI photo studio and modelling agency founded by a Dutch developer. For $29 per month, you can get high-quality photos of yourself in a variety of settings, as well as images generated by AI models based on a given prompt. “Hire virtual models and create a virtual twin with an avatar that looks just like you. Elevate your photo game and say goodbye to traditional photo shoots,” the site reads. 

 According to the platform's creator, Danny Postma, the platform utilises the most recent text-to-image AI models, implying a model similar to DALL-E 2, and is available anywhere in the world. You can personalize your photo on the platform by selecting the model's pose and writing various definitions of what you want them to do. This website does the opposite of making models, photographers, and creatives obsolete.

Postma does state on Twitter that the site is "in open beta" and that "things will break," and using it does feel almost silly, like a glorified version of DALL-E 2 but only with female models. The site then reminds us of AI's limitations, showing how AI-generated images are not only stiff and easy to spot, but also biassed in a variety of ways.

So far, the prompt requires you to include "sks female" in it for the model to work, meaning the site only generates images of women unless you purchase a paid subscription, which unlocks three other models, one woman and two men, and allows you to upload your own images to create a "AI twin".

To create an image, you type a prompt, select a pose from the site's existing catalogue of images, and choose from a variety of settings such as "time & weather," "camera," "lens & aperture," "shutterspeed," and "lighting." Most generated images appear to be the same brightly lit female portrait, pictured in front of a very blurred background, indicating that none of those settings have been keyed in yet.
When you say "sks female," it generates an image of a blonde white woman, even if you chose an image of a woman of a different race or likeness from the catalogue. If you want to change the model's appearance, you must add additional words denoting race, age, and other demographic characteristics.

When Motherboard chose one of the site's pre-existing images and corresponding prompts of a person of colour wearing a religious headscarf to generate an image based on it, the result was a white woman wearing a fashion headscarf. The DALL-E 2 text-to-image generator from OpenAI has already been shown to have biases baked in. When asked to generate an image of "a flight attendant," for example, the generator only produces images of women, whereas when asked to generate an image of "a CEO," it mostly displays images of white men. 

Though examples like these are common, it has been difficult for OpenAI to determine the precise origins of the biases and fix them, despite the company's acknowledgement that it is working to improve its system. The deployment of a photo studio based on a biassed model will inevitably result in the same problems.

This AI model generator is being released at a time when the modelling industry is already under pressure to diversify its models. After massive public backlash, what was once a unique industry with a single body and image standard has now become more open to everyday models, including people cast from the street and platforms like Instagram and TikTok.  Though there is still a long way to go in the world of high fashion representation, people have taken to creating their own style-inclusive content on social media, proving that people prefer the more personable, casual "model"—in the form of influencers.

Simon Chambers, director at modelling agency Storm Management, told Motherboard in an email that “AI avatars could also be used instead of models but the caveat here is that compelling imagery needs creativity & emotion, so our take, in the near future, is that AI created talent would work best on basic imagery used for simple reference purposes, rather than for marketing or promoting where a relationship with the customer needs to be established.”

“That said, avatars also represent an opportunity as well-known talent will, at some point, be likely to have their own digital twins which operate in the metaverse or different metaverses. An agency such as Storm would expect to manage the commercial activities of both the real talent and their avatar. This is being actively discussed but at present, it feels like the metaverse sphere needs to develop further before it delivers true value to users and brands and becomes a widespread phenomenon,” he added. Chambers also said their use has implications under the GDPR, the European Union’s data protection law. 

It's difficult to predict what Deep Agency's AI-generated models will be used for, given that models cannot be generated to wear specific logos or hold branded products. When Motherboard attempted to generate an image of a woman eating a hotdog, the hotdog appeared on the woman's head, and she had her finger to her lips, looking ponderous.

An AI model has been in the works for several years. In 2020, model Sinead Bovell wrote in Vogue that she believes artificial intelligence will soon take over her job. She was referring to the rise of CGI models, rather than AI-generated models, such as Miquela Sousa, also known as Lil Miquela on Instagram, who has nearly 3 million followers. She has her own character story and has collaborated with brands like Prada and Samsung. Bovell stated that AI models that can walk, talk, and act are the next step after CGI models, citing a company called DataGrid, which created a number of models using generative AI in 2019.

Deep Agency's images, on the other hand, are significantly less three-dimensional, bringing us back to the issue of privacy in AI images. In its Terms and Conditions, Deep Agency claims to use an AI system trained on public datasets. As a result, these images are likely to resemble the likenesses of real women in existing photographs. As per Motherboard, the LAION-5B dataset, which was utilized by train systems such as DALL-E and Stable Diffusion, included many images of real people, ranging from headshots to medical images, without permission.

Lensa A.I., a viral app that used AI to generate images of people on different backgrounds, has since come under fire for a variety of privacy and copyright violations. Many artists pointed to the LAION-5B dataset, where they discovered their work was used without their knowledge or permission and claimed that the app, which used a model trained on LAION-5B, was thus infringing on their copyright. People complained that the app's images included mangled artist signatures and questioned the app's claims that the images were made from scratch. 

Deep Agency appears to be experiencing a similar issue, with muddled white text appearing in the bottom right corner of many of the images generated by Motherboard. The site claims that users can use the generated photos anywhere and for anything, which appears to be part of its value proposition of being an inexpensive way to create realistic images when many photography websites, such as Getty, charge hundreds of dollars for a single photo.

OpenAI CEO Sam Altman has repeatedly warned about the importance of carefully considering what AI is used for. Last month, Altman tweeted that  “although current-generation AI tools aren’t very scary, I think we are potentially not that far away from potentially scary ones. having time to understand what’s happening, how people want to use these tools, and how society can co-evolve is critical.”

In this case, it's interesting to see how an AI tool actually pushes us backwards and closer to a limited set of models.Deep Agency creator Danny Postma did not respond to Motherboard's request for comment.
Read more »
Security Management
Cloud Cloud Services Cyber Security data security Forrester Analysts Public Cloud Spending Security Management

Growing Public Cloud Spending is Leading to a Shadow Data Risk


Public cloud spending and adoption has emerged as a growing sector. As per the assumptions made by analysts, organizations will spend $591.8 billion on cloud infrastructure and services this year, more than 20.7% from last year. 

According to the Forrester, the public cloud market is set to reach $1 trillion by year 2026, with the lion’s share of investment directed to the big four, i.e. Alibaba, Amazon Web Services, Google Cloud, and Microsoft. 

So, What Is Going On? 

In the wake of pandemic, businesses hastened their cloud migration and reaped the rewards as cloud services sped up innovation, offering elasticity to adjust to change demand, and scaled with expansion. Even as the C-suite reduces spending in other areas, it is certain that there is no going back. The demand from businesses for platform-as-a-service (PaaS), which is expected to reach $136 billion in 2023, and infrastructure-as-a-service (IaaS), which is expected to reach $150 billion, is particularly high. 

Still, this rapid growth, which in fact caught business strategists and technologies by surprise, has its own cons. If organizations do not take the essential actions to increase the security of public cloud data, the risks are likely to grow considerably. 

Shadow Data Is Growing Due to Lax Security Controls 

The challenges posed by "shadow data," or unknown, uncontrolled public cloud data, is a result of a number of issues. Business users are creating their own applications, and programmers are constantly creating new instances of their own code to create and test new applications. A number of these services retain and utilize critical data with no knowledge of the IT and security staff. Versioning, which allows several versions of data to be stored in the same bucket in the cloud, adds risks if policies are not set up correctly. 

Unmanaged data repositories are frequently ignored when the rate of innovation quickens. In addition, if third parties or unrelated individuals are given excessive access privileges, sensitive data that is adequately secured could be transferred to an unsafe location, copied there, or become vulnerable. 

Three Steps to Improve Public Cloud Data Security 

A large number of security experts (82%) are aware of, and in fact, concerned about the growing issues pertaining to the public cloud data security problem. These professionals can swiftly aid in minimizing the hazards by doing the following: 

  • Discover and Classify all Cloud Data 

Teams can automatically find all of their cloud data, not just known or tagged assets, thanks to a next-generation public cloud data security platform. All cloud data storages, including managed and unmanaged assets, virtual machines, shadow data stores, data caches and pipelines, and big data, are detected. This data is used by the platform to create an extensive, unified data catalog for multi-cloud environments used by enterprises. All sensitive data, including PII, PHI, and transaction data from the payment card industry (PCI), is carefully identified and categorized in the catalogs. 

  • Secure and Control Cloud Data 

Security teams may apply and enforce the proper security policies and verify data settings against their organization's specified guardrails with complete insights into their sensitive cloud data. Public cloud data security may aid in exposing complicated policy breaches, which could further help in prioritizing risk-based mannerisms, on the basis of data sensitivity level, security posture, volume, and exposure. 

  • Remediate Risks and Monitor Activities Without Hindering the Data Flow 

The aforementioned is a process named data security posture management, that offers recommendations that are customized for every cloud environment, thus making them more effective and relevant. 

Teams can then begin organizing sensitive data without interfering with corporate operations. Teams will be prompted by a public cloud data security platform to implement best practices, such as enabling encryption and restricting third-party access, and practicing greater data hygiene by eliminating unnecessary sensitive data from the environment. 

Moreover, security teams can utilize the platform to enable constant monitoring of data. This way, security experts can efficiently identify policy violations and ensure that the public cloud data is following the firm’s mentioned guidelines and security postures, no matter where it is stored, used, or transferred in the cloud.  

Read more »
User Privacy
Cyber Attacks Data Breach data security User Privacy

U.S Marshals Service Suffers Data Breach, Hackers Steal Personal Data



The U.S. Marshals Service, one the oldest law enforcement agencies in the US, was hit by a major breach in which threat actors stole sensitive data. The attack highlights the rising problems of cyber attacks on government agencies and the necessity for robust cybersecurity actions.

Hackers steal sensitive data

The incident happened when threat actors got into the U.S. Marshals Service's internal systems, which stored confidential data on federal fugitives, as well as details of people involved in witness protection programs. The cybercriminals were able to get these details by abusing a flaw in the federal agency’s systems.

"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of USMS investigations, third parties and certain USMS employees," said Drew Wade, the chief of the Marshals’ public affairs office, to Reuters

About U.S. Marshals Service

The U.S. Marshals Service is an important law enforcement agency that plays a crucial role in hunting down criminals and making sure the protection of witnesses. The agency's capability to carry out these functions depends greatly on the functioning of its internal computer systems. The attack has impacted the U.S. Marshals Service's ability to do its operations.

Besides the potential damage to the agency, the cyber attack has also risked the security of victims whose data was stolen. The compromised data in the federal agency's computer system includes important personal data, like home addresses and social security numbers. Threat actors can misuse the stolen to perpetrate identity theft or other types of scams.

The rising threat of cyberattacks on government agencies

To prevent future breaches, the U.S. Marshals Service must take steps to strengthen its cybersecurity measures. This includes implementing stronger access controls, conducting regular security assessments, and providing ongoing training to staff on how to detect and respond to cyber threats.

The attack also raises questions about the urgent need for implementing strong cybersecurity measures throughout all levels of government. With the increase in numbers and the threat of cyber-attacks, it is important that government agencies prioritize cybersecurity and take preventive measures to safeguard their sensitive data.

The U.S. Marshals Service breach is a grave warning of the growing threat of cyber attacks on government and federal agencies. It is a sign that threat actors are becoming more sophisticated as each day passes. Therefore cybersecurity experts should be vigilant in finding and responding to cyber threats. If we follow these steps, it can help government agencies to perform their duties and protect the personal data of the individuals they serve.



Read more »
Security
Data data security iPhone Mobile Security Phone Safety Security

Fraudsters can Rob your Entire Digital Life Using this iPhone Feature

 

The Wall Street Journal has recently published a detailed article covering a technique that thieves are using to steal not only people's iPhones, but also their savings. The success of the attack is dependent on the thieves (often working in groups) learning not only physical access to the device but also the passcode — the short string of numbers that acts as a failsafe when TouchID or Face ID fails (or isn't used, for whatever reason). With the passcode and the device, thieves are able to change the password associated with an Apple ID "within seconds", while also remotely logging out of any other connected Macs or iPads.

After that, the phone can be freely used to empty bank accounts using any installed financial apps before being sold. The article contains numerous examples of victims who have lost tens of thousands of dollars as a result of the scam.

How the iPhone passcode scam works?

According to the Journal, incidents have occurred in New York, Austin, Denver, Boston, Minneapolis, and London. The attack usually occurs on nights out when people's guards have been lowered by alcohol. Thieves typically observe people entering their passcodes (sometimes filming to ensure accuracy) and then steal the phone when the victim's guard is down.

“It’s just as simple as watching this person repeatedly punch their passcode into the phone,” Sergeant Robert Illetschko, lead investigator on a case in Minnesota where a criminal gang managed to steal nearly $300,000 via this technique, told the Journal. “There’s a lot of tricks to get the person to enter the code.” 

According to the paper, in some cases, the criminals will first befriend the victim, convincing them to open a social media app. If the user has Face ID or TouchID, the criminal may borrow the phone to take a photo, then subtly restart it before returning it, as a freshly rebooted phone requires the passcode to be entered.

If a thief obtains your iPhone and passcode, your phone can be wiped and sold for a quick profit. However, the negative consequences multiply if you keep banking apps on there, and they become even worse if you keep other personal data on there.

Apple Card accounts have been opened in a couple of cases, according to the Journal. Given the amount of personal data required, that shouldn't be possible, but many people keep that on their phones as well. And Apple's technology can work against users in this case; for example, the ability to search for text within photos appears to have revealed one man's Social Security number.

Concerningly, the paper also claims that hardware security keys, which were introduced in iOS 16.3, did not prevent the passcode from changing the Apple ID password. Worse, the stolen passcode could be used to remove the hardware keys from the account.

“We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare,” an Apple spokesperson said. “We will continue to advance the protections to help keep user accounts secure.”

The Journal notes that while Android phones aren’t immune to this kind of attack, law enforcement officials say that the higher resale value of iPhones makes them a far more common target.

What can you do to protect yourself from an iPhone passcode scam?

The first point to make is that you are significantly safer if you only use Face ID or Touch ID in public. This is due to the fact that the Apple ID password reset requires the passcode, and biometric logins will not suffice.

If you find yourself entering a passcode in public, cover your screen: you never know who is watching. Of course, this is useless if someone demands your passcode and iPhone at gun or knife point, as has been reported in some areas. However, if you create an Apple ID recovery key, the damage will be significantly reduced. This means that criminals won't be able to reset your password using the stolen passcode and will instead need a 28-character code.

While this may not prevent some short-term financial losses, the Journal reports that "most" banks and financial apps have refunded money stolen through such fraudulent activity.

It does have some disadvantages. If you forget your 28-character code, you're locked out for good, but at least your precious memories saved to iCloud won't be lost forever, as they were for one victim interviewed by the Journal.

“I go to my Photos app and scroll up, hoping to see familiar faces, photos of my dad and my family — they’re all gone,” said Reyhan Ayas, who had her iPhone 13 Pro Max snatched by a man she’d just met outside a bar in Manhattan. “Being told permanently that I’ve lost all of those memories has been very hard.”
Read more »
Technology
Business Security Cloud Security Cloud Services data security Malicious Hackers Technology

Future of the Cloud is Plagued by Security Issues

 

Several corporate procedures require the use of cloud services. Businesses may use cloud computing to cut expenses, speed up deployments, develop at scale, share information effortlessly, and collaborate effectively all without the need for a centralised site. 

But, malicious hackers are using these same services more and more inappropriately, and this trend is most likely to continue in the near future. Cloud services are a wonderful environment for eCrime since threat actors are now well aware of how important they are. The primary conclusions from CrowdStrike's research for 2022 are as follows. 

The public cloud lacks specified perimeters, in contrast to conventional on-premises architecture. The absence of distinct boundaries presents a number of cybersecurity concerns and challenges, particularly for more conventional approaches. These lines will continue to blur as more companies seek for mixed work cultures. 

Cloud vulnerability and security risks

Opportunistically exploiting known remote code execution (RCE) vulnerabilities in server software is one of the main infiltration methods adversaries have been deploying. Without focusing on specific industries or geographical areas, this involves searching for weak servers. Threat actors use a range of tactics after gaining initial access to obtain sensitive data. 

One of the more common exploitation vectors employed by eCrime and targeted intrusion adversaries is credential-based assaults against cloud infrastructures. Criminals frequently host phoney authentication pages to collect real authentication credentials for cloud services or online webmail accounts.

These credentials are then used by actors to try and access accounts. As an illustration, the Russian cyberspy organisation Fancy Bear recently switched from using malware to using more credential-harvesting techniques. Analysts have discovered that they have been employing both extensive scanning methods and even victim-specific phishing websites that deceive users into believing a website is real. 

However, some adversaries are still using these services for command and control despite the decreased use of malware as an infiltration tactic. They accomplish this by distributing malware using trusted cloud services.

This strategy is useful because it enables attackers to avoid detection by signature-based methods. This is due to the fact that many network scanning services frequently trust cloud hosting service top-level domains. By blending into regular network traffic, enemies may be able to get around security restrictions by using legitimate cloud services (like chat).

Cloud services are being used against organisations by hackers

Using a cloud service provider to take advantage of provider trust connections and access other targets through lateral movement is another strategy employed by bad actors. The objective is to raise privileges to global administrator levels in order to take control of support accounts and modify client networks, opening up several options for vertical spread to numerous additional networks. 

Attacks on containers like Docker are levelled at a lower level. Criminals have discovered ways to take advantage of Docker containers that aren't set up properly. These images can then be used as the parent to another application or on their own to interact directly with a tool or service. 

This hierarchical model means that if malicious tooling is added to an image, every container generated from it will also be compromised. Once they have access, hostile actors can take advantage of these elevated privileges to perform lateral movement and eventually spread throughout the network. 

Prolonged detection and reaction

Extended detection and reaction is another fundamental and essential component of effective cloud security (XDR). A technology called XDR may gather security data from endpoints, cloud workloads, network email, and many other sources. With all of this threat data at their disposal, security teams can quickly and effectively identify and get rid of security threats across many domains thanks to XDR. 

Granular visibility is offered by XDR platforms across all networks and endpoints. Analysts and threat hunters can concentrate on high-priority threats because they also provide detections and investigations. This is due to XDR's ability to remove from the alert stream abnormalities that have been deemed to be unimportant. Last but not least, XDR systems should include thorough cross-domain threat data as well as information on everything from afflicted hosts and underlying causes to indicators and dates. The entire investigation and treatment procedure is guided by this data.

While threat vectors continue to change every day, security breaches in the cloud are getting more and more frequent. In order to safeguard workloads hosted in the cloud and to continuously advance the maturity of security processes, it is crucial for businesses to understand current cloud risks and use the appropriate technologies and best practises.
Read more »
Safety
Cyber Attacks Dark Web Data data security Safety

The Initial Indications of a Cyberattack on the Dark Web

 


According to research, organizations were subjected to 38% more cyberattack attempts last year than in 2021. While some industry sectors performed better than others (education and research topped the table with 43 percent more attempted attacks, while hardware vendors ranked last with 25 percent), none of the figures are encouraging, no matter what business you're in. 

In reality, attempts and breaches are not synonymous. While you've probably heard from a slew of industry experts that it's "not a matter of if, but when" you'll be targeted, that's not the entire story. As the statistics show, attempted cyberattacks are unavoidable in today's world; however, perseverance and success are two very different metrics.

Cyberattacks rarely occur "out of the great blue yonder," particularly the structured attacks such as ransomware that keep security(opens in new tab) professionals awake at night. Threat actors, like everyone else, organize themselves. They conduct due diligence, perform reconnaissance on the organizations they are targeting, and look for and frequently purchase vulnerabilities that can be used to breach a company's defenses. 

This means that there are opportunities to detect malicious activity in the planning stages before an organization is attacked. Businesses can inform their cybersecurity(opens in new tab) efforts by monitoring the deep and dark web, which are used by threat actors when they are in the reconnaissance phase.

Understand your enemy

Organizations devote significant resources to bolstering their cybersecurity defenses, but they frequently have little understanding of who their attackers are and how they operate. At best, they are stretching their people and budgets thin by attempting to prioritize all risks at the same time. At worst, it can result in a defense misalignment for the threats they face - the cyber equivalent of erecting walls while criminals tunnel underground.

Dark web intelligence is one method for organizations to gain a better understanding of the specific threats to their business. For example, if a company discovers that the credentials and passwords of its employees are available for wholesale online, authentication becomes the obvious priority. Whereas high volumes of dark web traffic to a network port would necessitate increased network security.

Sometimes the hints are not even subtle. Many aspects of a data breach have been outsourced as cybercrime has become more professional. The same criminals launching a ransomware attack may not be the same gang that breached the network in the first place; they may have purchased that access from the aptly named "access brokers," who sell vulnerabilities on the dark web for others to exploit. They, like anyone else who sells a product, must market it. As a result, a company that monitors the dark web for its company name, IP address, or credentials may be able to detect access to its network as it is being sold.
Read more »
Technology
Data Safety data security Endpoint Self-healing Endpoints Technology

Consolidating Tech Stacks and Enhancing Cyber Resilience Require Self-healing Endpoints

 

Self-healing endpoint platform suppliers are being pushed to develop fresh approaches to assist CISOs in combining tech stacks while enhancing cyber-resilience. Self-healing platforms have the ability to lower expenses, improve visibility, and collect real-time data that measures how resilient their systems are to cyberattacks. The risk profile that their boards of directors desire is one that lowers costs while boosting cyber-resilience. 

A self-healing endpoint is one that uses adaptive intelligence and self-diagnostics to recognise a suspected or actual breach attempt and take prompt action to thwart it. Self-healing endpoints can automatically turn off, verify that all OS and application versions are accurate, and then reset to an optimum, secure configuration. 

Enterprise end-user expenditure on endpoint protection solutions is expected to skyrocket from $9.4 billion in 2020 to $25.8 billion in 2026, growing at a compound annual growth rate of 15.4%, according to Gartner. By the end of 2025, according to Gartner's forecast, more than 60% of businesses will have switched from traditional antivirus software to endpoint protection platform (EPP) and endpoint detection and response (EDR) solutions that integrate prevention with detection and response. But for the market to grow to its full potential, self-healing endpoint suppliers must quicken innovation.

In a recent analysis titled "The Future of Endpoint Management," Forrester, a major market research company worldwide, identified the key themes that will propel evolution in the endpoint management market. For organisations that adopt these trends, they lead to an enhanced employee experience, more operational effectiveness, and a smaller attack surface.

According to Forrester, "modern endpoint management" is guided by six principles: automation, context awareness, self-service, cloud-centricity, and analytics. By utilising them, the end user experience is brought front and centre and the flexibility of the hybrid workforce is enabled. Although progress has been made and steps have been taken in the direction of implementing these principles, Forrester admits that endpoint management as a practise still has issues, including high costs, a lack of integration with security, and poor employee privacy. The research gives professionals advice on how to overcome these challenges by paying attention to cutting-edge market trends like self-healing. 

A business endpoint can only be dependable if it runs smoothly and according to plan. By downloading unsupported third-party programmes or falling for phishing scams, employees have the potential to maliciously or accidentally compromise their endpoints. Many nefarious threat actors use human mistake as an excuse to disable security software on enterprise equipment. A self-healing solution ensures that critical applications are monitored for tampering, degradation, and failure so that automation can be used to repair or even reinstall the problematic or missing app. This mitigates against such compromises. 

Self-healing can exist on three levels: the application, the operating system, and within the firmware. Forrester states that Absolute is among the “firmware-based technologies that ship embedded within the device and ensures that everything operating on the device functions correctly, e.g., endpoint agents, VPNs, and software. Even if administrators replace or reimage the hard drive, this persists.

By Forester's collaboration with nearly 30 system manufacturers, we are able to leverage the patented Absolute Persistence technology that is present in over 500 million devices for our Secure Endpoint solutions. Once turned on, the device is ferociously tough and can withstand attempts to deactivate it, even if the firmware is flashed, the hard drive is changed, or the device is re-imaged. 

Forrester recently examined anonymized data from various subsets of more than 14 million Absolute-enabled devices that were in use by around 18,000 global customers over a two-week timeframe. Additionally, it used data and details from reliable outside sources. Although we noticed a slight increase in the adoption of Windows 11 in the enterprise, we found more Chrome OS devices in education. Many of the devices were running Windows 10. 

The researchers found that the average Windows 10 device is 59 days behind on patches, with the biggest delays reported by the government and professional services (83 and 75 days). The delay worsens when education is included, with gadgets being, on average, 115 days behind. These devices were vulnerable to more than 200 vulnerabilities that have a cure available, including 21 that are judged critical and one that is currently being exploited, according to the total number of vulnerabilities fixed on Patch Tuesday in July and August. 

Every endpoint is a possible target for hackers, but those that have sensitive data on them, including PII and PHI, are more dangerous. Additionally, as a result of users being widely dispersed and highly mobile, they are now able to access systems and data from off-network locations, increasing the possibility that data will be stored locally and, consequently, the attack surface. According to our analysis, sensitive data was stored on 76% of enterprise devices on average, with financial services having the greatest percentage (84%).
Read more »
User Security
Blockchain Data Breach Data Leak Data Privacy Data Safety data security Decentralized User Data User Privacy User Security

How Blockchains Can Prevent Data Breaches?

 

Today, data breaches have become all too common. Based on the Varonis 2021 Data Risk Report, most businesses have poor cybersecurity practices and unprotected data, putting them at risk for cyberattacks and data loss. Mitigating risks is no longer a luxury, with a single data breach costing a company an average of $3.86 million and eroding a firm's image and consumer trust. 

However, as cyberattacks become more widespread and sophisticated, simply patching up traditional cybersecurity measures may not be sufficient to prevent future data breaches. Instead, it is critical to look specifically for more advanced security solutions. As far as innovative solutions go, using blockchain to prevent data breaches may be our best bet.

The fundamentals of blockchain technology

Blockchain technology, also known as distributed ledger technology (DLT), is the result of decades of cryptographic and cybersecurity research and development. The term "blockchain" was popularised by cryptocurrency because it is the technology underlying record-keeping in the Bitcoin network.

Since it enables data to be recorded and distributed but not copied, this technology makes it extremely difficult to change or hack a system. It can be a promising solution for data breaches in any environment with high-security requirements because it provides a completely new method to securely store information.

A blockchain, which is based on the concept of peer-to-peer networks, is a public, digital ledger of stored data that is shared across an entire network of computer systems. Each block contains several transactions, and whenever a new transaction occurs, a record of that transaction is added to the ledger of every network participant.

Its strong encryption, decentralized and immutable nature and decentralized and immutable nature could be the answer to preventing data breaches.

Tim Berners-Lee, the inventor of the World Wide Web, recently stated that "we've lost control of our personal data." Companies store massive amounts of personally identifiable information (PII), such as usernames, passwords, payment details, and even social security numbers, as demonstrated by Domino's data leak in India (among others).

While almost always encrypted, this data is never as secure as it would be in a blockchain. Blockchain can finally put an end to data breaches by utilizing the best aspects of cryptography.

How is a shared ledger more secure than traditional encryption methods?

Blockchain uses two types of cryptographic algorithms to safeguard stored data: hash functions and asymmetric-key algorithms. This way, the data can only be shared with the member's permission, and they can also specify how the recipient of their data can use the data and the time frame within which the recipient is permitted to do so.

Asymmetric Encryption

Asymmetric encryption, also known as public-key cryptography, uses two keys to encrypt plain text: a private key generated by a random number algorithm and a public key. The public key is freely available and can be transferred via unsecured channels.

The private key, on the other hand, is kept secret so that only the user knows it. It is nearly impossible to access the data without it. It functions as a digital signature, similar to physical signatures.

In this way, blockchain empowers individual consumers to manage their own data and choose who they share it with via cryptographically encoded networks.

Hash functions

When a chain's first transaction occurs, the blockchain's code assigns it a unique hash value. As more transactions occur, their hash values are hashed and encoded into a Merkle tree, resulting in the formation of a block. Every block is assigned a unique hash that is encoded with the hash of the previous block's header and timestamp.

This creates a link between the two blocks, which becomes the chain's first link. Because this link is created with unique information from each block, the two are inextricably linked.

Immutability

Blockchains, in addition to being decentralized, are also designed to be immutable, which increases data integrity. Because blockchains are immutable, all data stored on them is nearly impossible to alter.

Because each member of the network has access to a copy of the distributed ledger, any corruption in a member's ledger is automatically rejected by the rest of the network members. As a result, any change or alteration to the block data will cause inconsistency and break the blockchain, rendering it invalid.

Despite the fact that blockchain technology has been around since 2009, it has a lot of unrealized potential in the field of cybersecurity, particularly in terms of preventing data breaches. Blockchain protocols use top-tier cryptography to ensure the security of all data stored in the ledger, making it a promising solution.

Since nodes running the blockchain must always check the legitimacy of any transaction before it is executed, cybercriminals are almost always stopped in their tracks before gaining access to any private data.
Read more »
Safety
ASCON Code Cyber Security Data data security Safety

US NIST Uncovers Winning Encryption Algorithm for IoT Data Protection

The National Institute of Standards and Technology (NIST) has declared that ASCON has won the "lightweight cryptography" programme, which seeks the best algorithm to protect small IoT (Internet of Things) devices with limited hardware resources. Small IoT devices are becoming progressively popular and ubiquitous, being used in wearable technology, "smart home" applications, and so on. 

However, they are still utilized to store and handle sensitive personal information such as health records, financial information, etc. Having stated that, implementing a standard for data encryption is critical in securing people's data. However, the weak chips inside these devices necessitate the utilization of an algorithm capable of providing robust encryption while using very little computational power.

Kerry McKay, a computer scientist at NIST stated, "The world is moving toward using small devices for lots of tasks ranging from sensing to identification to machine control, and because these small devices have limited resources, they need security that has a compact implementation. These algorithms should cover most devices that have these sorts of resource constraints."

ASCON was chosen as the best of 57 proposals submitted to NIST after several rounds of security analysis by leading cryptographers, implementation and benchmarking results, and workshop feedback. The entire programme lasted four years and began in 2019.

As per NIST, all ten finalists demonstrated exceptional performance that exceeded the set standards without raising security concerns, making the final selection extremely difficult. ASCON was eventually chosen as the winner due to its flexibility, seven-family support, energy efficiency, speed on slow hardware, and low overhead for short messages.

The algorithm had also withstood the test of time, having been formed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University, and winning the CAESAR cryptographic competition's "lightweight encryption" category in 2019.

AEAD (Authenticated Encryption with Associated Data) and hashing are two of ASCON's native features highlighted in NIST's announcement. AEAD is an encryption mode that combines symmetric encryption and MAC (message authentication code) to prevent unauthorized access or tampering with transmitted or stored data.

Hashing is a data integrity verification mechanism that generates a string of characters (hash) from distinct inputs, allowing two data exchange points to verify that the encrypted message has not been tampered with. NIST continues to recommend AES for AEAD and SHA-256 for hashing; however, these are incompatible with smaller, weaker devices.

Despite its lightweight nature, NIST claims that ASCON is powerful enough to withstand attacks from powerful quantum computers at its standard 128-bit nonce. This is not, however, the goal or purpose of this standard, and lightweight cryptography algorithms should only be used to protect ephemeral secrets.

The National Institute of Standards and Technology (NIST) treats post-quantum cryptography as a distinct challenge, with a separate programme for developing quantum-resistant standards, and the effort has already produced results.

The National Institute of Standards and Technology (NIST) treats post-quantum cryptography as a separate challenge, with a separate programme for developing quantum-resistant standards, and the effort has already yielded its first results.

More information on ASCON, it can be found on the algorithm's website or in the technical paper submitted to NIST in May 2021.

Read more »
User Privacy
Data Breach Data Privacy data security Menstrual History User Data User Privacy

Nobody Except Your Doctor Should be Aware of Your Menstrual History

 

Last August, two months after the Supreme Court overturned Roe v. Wade, parents in Florida's Palm Beach County School District began questioning a rule requiring student-athletes in the state to submit detailed medical history forms to their schools prior to sports participation.
 
The forms have included a set of optional questions about students' menstrual cycles for at least two decades. However, with abortion being made illegal in many states, there is growing concern that menstrual data could be used to identify and prosecute people who have terminated pregnancies. (Florida banned abortions after 15 weeks in 2022, and its leadership has expressed interest in further restricting access to the procedure.
This school year, the Palm Beach County school district began offering students the option of submitting the form through a third-party software product, raising concerns about data privacy. Some district parents preferred that the period questions be removed. The incident also raised broader concerns about whether any of the medical data collected by these forms should be kept by a school or district at all.
The Florida High School Athletic Association (FHSAA), which makes the rules governing student involvement in school sports statewide, has taken a hard line on both issues over the course of several meetings.
According to the Palm Beach Post, the organization's sports medicine committee recommended making the menstrual history questions mandatory and requiring students to turn in their answers to the school in January. Florida isn't the only state that requests menstrual histories from student-athletes. In fact, only ten states explicitly instruct student-athletes to keep menstrual data and other health data private.
Regardless, the proposal to require this information is extremely difficult to justify: it creates privacy risks and goes against the advice of national medical associations, and it contradicts the state's current educational trends, which prioritize parental rights over almost everything else.
In a microcosm, the episode exemplifies a new reality in post-Roe America: Period data should be shared only between patients and their healthcare providers.
Periods are health indicators, and people should discuss them with their clinicians
Menstrual cycles are such an important indicator of health that many doctors refer to them as the "fifth vital sign." Period changes, in particular, can indicate that a person isn't getting enough calories to offset high levels of activity.
Yes, athletes with periods should monitor and seek care for changes in their cycles, according to Judy Simms-Cendan, a pediatric and adolescent gynecologist in Miami and president-elect of the North American Society for Pediatric and Adolescent Gynecology.
But the physician or clinician assessment of a menstrual history, and what it may or may not signify, is different than a school’s use of that information,” said Simms-Cendan . Coaches aren't typically healthcare providers, so they aren't equipped to evaluate people medically based on menstrual symptoms. However, and most importantly, schools and sports programmes are not required by federal HIPAA laws to keep health information private. (Although schools are subject to other rules regarding student data sharing, those rules allow access to data for a broader range of reasons than HIPAA does.
When evaluating an athlete prior to participation in a sport, the American Academy of Pediatrics (AAP) publishes separate forms for medical providers to complete. One form is only for the eyes of the health care provider: A physical evaluation form with a disclaimer that it should not be shared with schools or sports organizations. Then there's a separate eligibility form that the doctor must submit to the school, with much less room for detail.
The AAP keeps unnecessary medical details off the eligibility form for a reason, said Simms-Cendan. “That’s nobody’s business. You shouldn’t have to disclose it, because it doesn’t have anything to do with your sports activity,” she said.
Good arguments against (and no arguments for) sharing period information outside a clinician’s office
Parents' concerns about sharing their children's health information with schools are understandable. Without HIPAA safeguards, disclosing health information can jeopardize an individual's right to privacy.
Less scrupulous period-tracking apps, as well as some apps aimed at treating addiction disorders, depression, and HIV, pose risks. In 2019, the Missouri health department's director was caught using a period-tracking spreadsheet to identify patients who may have had "failed" abortions; there's reason to be concerned that an activist state government seeking to criminalize abortion would attempt to use period information tracked online in service of that goal.
However, it is unclear why the FHSAA's sports medicine committee is so eager to collect menstrual data from Florida's student-athletes, or how that data could be used to discriminate against students.
Florida Governor Ron DeSantis reportedly favors a near-total abortion ban and signed legislation in 2021 prohibiting transgender girls from playing on girls' teams in public schools. Could the questions be designed to identify and punish students who do not conform to the gender politics of the state? It does not appear likely. The questions, which inquire about the date of menstrual onset as well as the timing and frequency of periods, do not yield the type of information that would aid in identifying teens seeking abortion services, using contraception, or being evaluated for sexually transmitted infections.

They would not be effective screening questions for identifying transgender students

Insisting on the questions’ inclusion over the objection of parents is also weirdly out of sync with the state’s Florida’s Parental Rights in Education bill, often called the “Don’t Say Gay” bill, said Simms-Cendan. “Our governor is incredibly supportive of parental control over student education,” and parents should also have the right to control and protect their children’s health information, she said. “I really don’t know what they’re trying to get at by asking this information.”
Overall, Simms-Cendan considers it "really positive" that more people are discussing their periods openly. But educating students about menstrual health is one thing; assessing and analyzing someone's personal menstrual history outside of a healthcare setting is quite another.
Young people need to be aware of the risks that can arise when they lose control over that information, she said. “We call our reproductive health system ‘our privates’ for a reason.

Read more »
Malware attacks
cyber threat data security DNS malware Malware attacks

Malware Attacks can be Thwarted by Tampering with DNS Communications


The notion that you can defend yourself against all malware is absurd, especially given that malware is a catch-all term that does not refer to any particular exploit, vector, objective, or methodology. There is no magic solution that will thwart every attack since the variety and breadth of cyber dangers are so great. As a result, it won't be long until your network environment is compromised, putting you in a position where you must make some extremely difficult choices. 

Successful cyberattacks, for instance, in the medical industry have significant legal and reputational ramifications in addition to affecting an organisation's capacity to function. These factors lead to medical business victims paying ransomware demands more frequently than those in any other sector. Healthcare institutions might save an average of $10.1 million per event avoided if they could spot warning signs of issues before they develop into full-blown attacks. 

None of the security solutions can completely stop all threats at the gate; instead, they each focus on a particular subset of malware and/or penetration pathways. Even if they could, the gate is occasionally completely skipped. As demonstrated by the Log4J exploit and the most recent compromise of the well-known Ctx Python package, "trusted" resource libraries hosted on websites like GitHub can be attacked by outside parties and used to disseminate malware payloads to a large number of endpoints without raising any alarm bells right away. 

Threats are present everywhere, not just online. By using the healthcare sector as an example once more, we can illustrate a different attack vector that can bypass all of your perimeter security: physical access. The majority of hospitals, doctors' offices, pharmacies, and other healthcare institutions rely on networked terminals and gadgets that are unintentionally left in locations where patients, visitors, or other unauthorised users can access them. In these circumstances, it makes little difference how well your network is protected from external attacks because a malicious party only needs to insert a USB stick or use a logged-in device to access malware, which compromises the network from within. 

Despite the fact that it may appear hopeless, there is one characteristic that unites the vast majority of malware: a weakness known as the Domain Name System (DNS). In the fight against cyber threats, DNS is a crucial choke point because more than 91% of malware leverages DNS connectivity at some stage in the attack life cycle. 

A malware infection initially seeks to avoid detection when it enters your network. During this period, it leverages the network environment as a reconnaissance phase in an effort to expand to other devices, find important resources, and compromise backup storage. 

This is also the time that the malware has to contact the command-and-control (C2) system of the hackers to get instructions and report the network-related data it has discovered. It must submit a request to a domain name server, like all other Internet traffic, in order to communicate with the outside world. Network administrators can use a protective DNS solution to monitor DNS traffic for signs of malicious behaviour and then take action by blocking, quarantining, or otherwise interfering with it.

Unfortunately, due to the constant development of new threats and the constant possibility of a physically initiated attack, businesses must be ready for the inevitable successful penetration of their networks. The use of DNS communication by malware, however, is nearly inevitable once it has gained access to your network. In order to render the virus inert and enable you to get started on cleaning up your systems and strengthening your defenses for the next time, a defensive DNS solution can identify these unusual requests and completely stop them.
Read more »
Subscribe to: Posts (Atom)