Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Automation. Show all posts
Data Analytics
Automation cyber resilience Cyber Security Cyber Security Tool cybersecurity best practices Cybersecurity Experts Data Analytics

Integrating Human Expertise and Technology for Robust Cybersecurity

 

In today’s complex digital landscape, the role of human expertise in cybersecurity remains indispensable. Two pivotal approaches — human-led security testing and human-centric cybersecurity (HCC) — have gained prominence, each contributing distinct strengths. However, these strategies often function in silos, creating fragmented defenses. To achieve comprehensive cyber resilience, organizations must integrate these methods with advanced technologies like automation and data analytics.

Human-led security testing leverages the intuition and expertise of cybersecurity professionals. Ethical hackers and penetration testers bring invaluable insights, uncovering vulnerabilities that automated tools may overlook. Their ability to simulate real-world attack scenarios allows organizations to anticipate and neutralize sophisticated cyber threats dynamically. This approach ensures tailored defenses capable of adapting to specific challenges.

On the other hand, human-centric cybersecurity (HCC) focuses on empowering end users by designing security measures that align with their behaviours and limitations. Traditional tools often burden users with complexity, leading to risky workarounds. HCC addresses this by creating intuitive, accessible solutions that seamlessly integrate into daily workflows. When users perceive these measures as helpful rather than obstructive, compliance improves, enhancing overall security frameworks.

Technology acts as a vital bridge between these human-driven approaches. Automation and data analytics provide scalability and efficiency, handling repetitive tasks and processing vast data volumes. Real-time threat intelligence and continuous monitoring enable organizations to identify and respond to emerging risks quickly. This technological backbone allows human experts to focus on addressing complex, strategic challenges.

Integrating these elements fosters a proactive security culture where people, not just systems, are central to defense strategies. Educating employees, conducting regular threat simulations, and promoting secure behaviors through incentives help build shared responsibility for cybersecurity. Research forecasts that by 2027, half of large enterprises will adopt HCC strategies, prioritizing security behavior and culture programs (SBCPs). These initiatives utilize simulations, automation, and analytics to encourage informed decision-making and enhance incident reporting.

A holistic cybersecurity approach blends human intuition, user-friendly processes, and technology-driven efficiency. Human-led testing uncovers evolving threats, while HCC empowers employees to respond confidently to risks. Automation and analytics amplify these efforts, providing actionable insights and driving continuous improvements. Together, these elements create a robust, forward-thinking cybersecurity environment capable of meeting the challenges of an ever-evolving digital world.

Read more »
System Vulnerability
Automation Jenkins malware Ransomware System Vulnerability

Critical Jenkins RCE Vulnerability: A New Target for Ransomware Attacks


Recently, the CISA (Cybersecurity and Infrastructure Security Agency) warned about a critical remote code execution (RCE) vulnerability in Jenkins, a widely used open-source automation server. This vulnerability, CVE-2024-23897, has been actively exploited in ransomware attacks, posing a significant risk to organizations relying on Jenkins for their continuous integration and continuous delivery (CI/CD) processes.

Understanding the Vulnerability

The Jenkins RCE vulnerability stems from a flaw in the args4j command parser, a library used by Jenkins to parse command-line arguments. This flaw allows attackers to execute arbitrary code on the Jenkins server by sending specially crafted requests. The vulnerability can also be exploited to read arbitrary files on the server, potentially exposing sensitive information.

The args4j library is integral to Jenkins’ functionality, making this vulnerability particularly concerning. Attackers exploiting this flaw can gain full control over the Jenkins server, enabling them to deploy ransomware, steal data, or disrupt CI/CD pipelines. Given Jenkins’ widespread use in automating software development processes, the impact of such an exploit can be far-reaching.

The Impact of Exploitation

The exploitation of the Jenkins RCE vulnerability has already been observed in several ransomware attacks. Ransomware, a type of malware that encrypts a victim’s data and demands payment for its release, has become a prevalent threat in recent years. By exploiting the Jenkins vulnerability, attackers can access critical infrastructure, encrypt valuable data, and demand ransom payments from affected organizations.

The consequences of a successful ransomware attack can be devastating. Organizations may face significant financial losses, operational disruptions, and reputational damage. In some cases, the recovery process can be lengthy and costly, further exacerbating the impact of the attack. As such, it is crucial for organizations using Jenkins to take immediate action to mitigate the risk posed by this vulnerability.

What to do?

  • Ensure that Jenkins and all installed plugins are updated to the latest versions. The Jenkins community regularly releases security updates that address known vulnerabilities. Keeping the software up-to-date is a critical step in protecting against exploitation.
  • Apply any available security patches for the args4j library and other components used by Jenkins. These patches are designed to fix vulnerabilities and should be applied as soon as they are released.
  • Limit network access to Jenkins servers to only trusted IP addresses. By restricting access, organizations can reduce the attack surface and prevent unauthorized users from exploiting the vulnerability.
  • Use strong authentication mechanisms, such as multi-factor authentication (MFA), to secure access to Jenkins servers. MFA adds an additional layer of security, making it more difficult for attackers to gain unauthorized access.
  • Regularly monitor Jenkins logs and network traffic for signs of suspicious activity. Early detection of potential exploitation attempts can help organizations respond quickly and mitigate the impact of an attack.
  • Ensure that critical data is regularly backed up and stored securely. In the event of a ransomware attack, having reliable backups can facilitate data recovery without paying the ransom.

Read more »
Vulnerability management
AI Automation Cyber Threats Technology Vulnerability management

AI and Vulnerability Management: Industry Leaders Show Positive Signs

AI and Vulnerability Management: Industry Leaders Show Positive Signs

Positive trend: AI and vulnerability management

We are in a fast-paced industry, and with the rise of technological developments each day, the chances of cyber attacks always arise. Hence, defense against such attacks and cybersecurity becomes paramount. 

The latest research into the cybersecurity industry by Seemplicity revealed that 91% of participants claim their security budget is increasing this year. It shows us the growing importance of cybersecurity in organizations.

Understanding report: An insight into industry leaders' mindset

A survey of 300 US cybersecurity experts to understand views about breathing topics like automation, AI, regulatory compliance, vulnerability and exposure management. Organizations reported employing 38 cybersecurity vendors, highlighting sophisticated complexity and fragmentation levels within the attack surfaces. 

The fragmentation results in 51% of respondents feeling high levels of noise from the tools, feeling overwhelmed due to the traffic of notifications, alerts, and findings, most of which are not signaled anywhere. 

As a result, 85% of respondents need help with handling this noise. The most troubling challenge reported being slow or delayed risk reduction, highlighting the seriousness of the problem, because of the inundating noise slowing down effective vulnerability identification and therefore caused a delay in response to threats. 

Automation and vulnerability management on the rise

97% of respondents cited methods (at least one) to control noise, showing acceptance of the problem and urgency to resolve it. 97% showed some signs of automation, hinting at a growth toward recognizing the perks of automation in vulnerability and exposure management. The growing trend towards automation tells us one thing, there is a positive adoption response. 

However, 44% of respondents still rely on manual methods, a sign that there still exists a gap to full automation.

But the message is loud and clear, automation has helped in vulnerability and exposure management efficiency, as 89% of leaders report benefits, the top being a quicker response to emergency threats. 

AI: A weapon against cyber threats

The existing opinion (64%) that AI will be a key force against fighting cyber threats is a positive sign showing its potential to build robust cybersecurity infrastructure. However, there is also a major concern (68%) about the effects of integrating AI into software development on vulnerability and exposure management. AI will increase the pace of code development, and the security teams will find it difficult to catch up. 

Read more »
Technology
AI Automation Cyber Threats Security survey Technology

AI's Rapid Code Development Outpaces Security Efforts

 


As artificial intelligence (AI) advances, it accelerates code development at a pace that cybersecurity teams struggle to match. A recent survey by Seemplicity, which included 300 US cybersecurity professionals, highlights this growing concern. The survey delves into key topics like vulnerability management, automation, and regulatory compliance, revealing a complex array of challenges and opportunities.

Fragmentation in Security Environments

Organisations now rely on an average of 38 different security product vendors, leading to significant complexity and fragmentation in their security frameworks. This fragmentation is a double-edged sword. While it broadens the arsenal against cyber threats, it also results in an overwhelming amount of noise from security tools. 51% of respondents report being inundated with alerts and notifications, many of which are false positives or non-critical issues. This noise significantly hampers effective vulnerability identification and prioritisation, causing delays in addressing real threats. Consequently, 85% of cybersecurity professionals find managing this noise to be a substantial challenge, with the primary issue being slow risk reduction.

The Rise of Automation in Cybersecurity

In the face of overwhelming security alerts, automation is emerging as a crucial tool for managing cybersecurity vulnerabilities. According to a survey by Seemplicity, 95% of organizations have implemented at least one automated method to manage the deluge of alerts. Automation is primarily used in three key areas:

1. Vulnerability Scanning: 65% of participants have adopted automation to enhance the precision and speed of identifying vulnerabilities, significantly streamlining this process.

2. Vulnerability Prioritization: 53% utilise automation to rank vulnerabilities based on their severity, ensuring that the most critical issues are addressed first.

3. Remediation: 41% of respondents automate the assignment of remediation tasks and the execution of fixes, making these processes more efficient.

Despite these advancements, 44% still rely on manual methods to some extent, highlighting obstacles to complete automation. Nevertheless, 89% of cybersecurity leaders acknowledge that automation has increased efficiency, particularly in accelerating threat response.

AI's Growing Role in Cybersecurity

The survey highlights a robust confidence in AI's ability to transform cybersecurity practices. An impressive 85% of organizations intend to increase their AI spending over the next five years. Survey participants expect AI to greatly enhance early stages of managing vulnerabilities in the following ways:

1. Vulnerability Assessment: It is argued by 38% of the demographic that AI will  boost the precision and effectiveness of spotting vulnerabilities.

2. Vulnerability Prioritisation: 30% view AI as crucial for accurately ranking vulnerabilities based on their severity and urgency.

Additionally, 64% of respondents see AI as a strong asset in combating cyber threats, indicating a high level of optimism about its potential. However, 68% are concerned that incorporating AI into software development will accelerate code production at a pace that outstrips security teams' ability to manage, creating new challenges in vulnerability management.


Views on New SEC Incident Reporting Requirements

The survey also sheds light on perspectives regarding the new SEC incident reporting requirements. Over half of the respondents see these regulations as opportunities to enhance vulnerability management, particularly in improving logging, reporting, and overall security hygiene. Surprisingly, fewer than a quarter of respondents view these requirements as adding bureaucratic burdens.

Trend Towards Continuous Threat Exposure Management (CTEM)

A trend from the survey is the likely adoption of Continuous Threat Exposure Management (CTEM) programs by 90% of respondents. Unlike traditional periodic assessments, CTEM provides continuous monitoring and proactive risk management, helping organizations stay ahead of threats by constantly assessing their IT infrastructure for vulnerabilities.

The Seemplicity survey highlights both the challenges and potential solutions in the evolving field of cybersecurity. As AI accelerates code development, integrating automation and continuous monitoring will be essential to managing the increasing complexity and noise in security environments. Organizations are increasingly recognizing the need for more intelligent and efficient methods to stay ahead of cyber threats, signaling a shift towards more proactive and comprehensive cybersecurity strategies.

Read more »
Threat Intelligence
Accountability Automation collaboration Cyber Security Cybersecurity executives Microsoft organizational changes Secure Future Initiative security governance Threat Intelligence

Microsoft to Enforce Executive Accountability for Cybersecurity

 

Microsoft is undergoing organizational adjustments to enhance cybersecurity measures throughout its products and services, focusing on holding senior leadership directly responsible. Charlie Bell, Microsoft's executive vice president of security, outlined these changes in a recent blog post aimed at reassuring customers and the US government of the company's dedication to bolstering cybersecurity amidst evolving threats.

One key aspect of this initiative involves tying a portion of the compensation for the company's Senior Leadership Team to the progress made in fulfilling security plans and milestones. Additionally, Microsoft is implementing significant changes to elevate security governance, including organizational restructuring, enhanced oversight, controls, and reporting mechanisms.

These measures encompass appointing a deputy Chief Information Security Officer (CISO) to each product team, ensuring direct reporting of the company's threat intelligence team to the enterprise CISO, and fostering collaboration among engineering teams across Microsoft Azure, Windows, Microsoft 365, and security groups to prioritize security.

Bell's announcement follows a recent assessment by the US Department of Homeland Security's Cyber Safety Review Board (CSRB), highlighting the need for strategic and cultural improvements in Microsoft's cybersecurity practices. The CSRB identified areas where Microsoft could have prevented a notable cyber incident involving a breach of its Exchange Online environment by the Chinese cyber-espionage group Storm-0558, which compromised user emails from various organizations, including government agencies.

Microsoft previously launched the Secure Future Initiative (SFI) to address emerging threats, incorporating measures such as automation, artificial intelligence (AI), and enhanced threat modelling throughout the development lifecycle of its products. The initiative also aims to integrate more secure default settings across Microsoft's product portfolio and strengthen identity protection while enhancing cloud vulnerability response and mitigation times.

Bell's update provided further details on Microsoft's approach, emphasizing six key pillars: protecting identities and secrets, safeguarding cloud tenants and production systems, securing networks, fortifying engineering systems, monitoring and detecting threats, and expediting response and remediation efforts.

To achieve these goals, Microsoft plans to implement various measures, such as automatic rotation of signing and platform keys, continuous enforcement of least privileged access, and network isolation and segmentation. Efforts will also focus on inventory management of software assets and implementing zero-trust access to source code and infrastructure.

While the full impact of these changes may take time to materialize, Microsoft remains a prominent target for cyberattacks. Despite ongoing challenges, industry experts like Tom Corn, chief product officer at Ontinue, acknowledge the ambitious scope of Microsoft's Secure Future Initiative and its potential to streamline operationalization for broader benefit.
Read more »
Technology
Artifcial Intelligence Automation Cybersecurity Ransomware SOCs Technology

Cybersecurity Teams Tackle AI, Automation, and Cybercrime-as-a-Service Challenges

 




In the digital society, defenders are grappling with the transformative impact of artificial intelligence (AI), automation, and the rise of Cybercrime-as-a-Service. Recent research commissioned by Darktrace reveals that 89% of global IT security teams believe AI-augmented cyber threats will significantly impact their organisations within the next two years, yet 60% feel unprepared to defend against these evolving attacks.

One notable effect of AI in cybersecurity is its influence on phishing attempts. Darktrace's observations show a 135% increase in 'novel social engineering attacks' in early 2023, coinciding with the widespread adoption of ChatGPT2. These attacks, with linguistic deviations from typical phishing emails, indicate that generative AI is enabling threat actors to craft sophisticated and targeted attacks at an unprecedented speed and scale.

Moreover, the situation is further complicated by the rise of Cybercrime-as-a-Service. Darktrace's 2023 End of Year Threat Report highlights the dominance of cybercrime-as-a-service, with tools like malware-as-a-Service and ransomware-as-a-service making up the majority of harrowing tools used by attackers. This as-a-Service ecosystem provides attackers with pre-made malware, phishing email templates, payment processing systems, and even helplines, reducing the technical knowledge required to execute attacks.

As cyber threats become more automated and AI-augmented, the World Economic Forum's Global Cybersecurity Outlook 2024 warns that organisations maintaining minimum viable cyber resilience have decreased by 30% compared to 2023. Small and medium-sized companies, in particular, show a significant decline in cyber resilience. The need for proactive cyber readiness becomes pivotal in the face of an increasingly automated and AI-driven threat environment.

Traditionally, organisations relied on reactive measures, waiting for incidents to happen and using known attack data for threat detection and response. However, this approach is no longer sufficient. The shift to proactive cyber readiness involves identifying vulnerabilities, addressing security policy gaps, breaking down silos for comprehensive threat investigation, and leveraging AI to augment human analysts.

AI plays a crucial role in breaking down silos within Security Operations Centers (SOCs) by providing a proactive approach to scale up defenders. By correlating information from various systems, datasets, and tools, AI can offer real-time behavioural insights that human analysts alone cannot achieve. Darktrace's experience in applying AI to cybersecurity over the past decade emphasises the importance of a balanced mix of people, processes, and technology for effective cyber defence.

A successful human-AI partnership can alleviate the burden on security teams by automating time-intensive and error-prone tasks, allowing human analysts to focus on higher-value activities. This collaboration not only enhances incident response and continuous monitoring but also reduces burnout, supports data-driven decision-making, and addresses the skills shortage in cybersecurity.

As AI continues to advance, defenders must stay ahead, embracing a proactive approach to cyber resilience. Prioritising cybersecurity will not only protect institutions but also foster innovation and progress as AI development continues. The key takeaway is clear: the escalation in threats demands a collaborative effort between human expertise and AI capabilities to navigate the complex challenges posed by AI, automation, and Cybercrime-as-a-Service.

Read more »
VMware ESXi attacks
Automation Cyber Security double extortion tactics MrAgent tool Network Security RansomHouse gang ransomware-as-a-service VMware ESXi attacks

RansomHouse Gang Streamlines VMware ESXi Attacks Using Latest MrAgent Tool

 

RansomHouse, a ransomware group known for its double extortion tactics, has developed a new tool named 'MrAgent' to facilitate the widespread deployment of its data encrypter on VMware ESXi hypervisors.

Since its emergence in December 2021, RansomHouse has been targeting large organizations, although it hasn't been as active as some other notorious ransomware groups. Nevertheless, it has been employing sophisticated methods to infiltrate systems and extort victims.

ESXi servers are a prime target for ransomware attacks due to their role in managing virtual computers containing valuable data for businesses. Disrupting these servers can cause significant operational damage, impacting critical applications and services like databases and email servers.

Researchers from Trellix and Northwave have identified a new binary associated with RansomHouse attacks, designed specifically to streamline the process of targeting ESXi systems. This tool, named MrAgent, automates the deployment of ransomware across multiple hypervisors simultaneously, compromising all managed virtual machines.

MrAgent is highly configurable, allowing attackers to customize ransomware deployment settings received from the command and control server. This includes tasks such as setting passwords, scheduling encryption events, and altering system messages to display ransom notices.

By disabling firewalls and terminating non-root SSH sessions, MrAgent aims to minimize detection and intervention by administrators while maximizing the impact of the attack on all reachable virtual machines.

Trellix has identified a Windows version of MrAgent, indicating RansomHouse's efforts to broaden the tool's reach and effectiveness across different platforms.

The automation of these attack steps underscores the attackers' determination to target large networks efficiently. Defenders must remain vigilant and implement robust security measures, including regular updates, access controls, network monitoring, and logging, to mitigate the threat posed by tools like MrAgent.
Read more »
Tesla Security
Automated Machine Automation autonomous vehicles Autonomous-Car Technology Cars Cyber Security Technology Tesla Tesla Security

GM Cruise Halts Driverless Operations

General Motors' Cruise unit has suspended all driverless operations following a recent ban in California, halting their ambitious plans for a nationwide robotaxi service.

The decision comes in response to a regulatory setback in California, a state known for its stringent rules regarding autonomous vehicle testing. The California Department of Motor Vehicles revoked Cruise's permit to operate its autonomous vehicles without a human safety driver on board, citing concerns about safety protocols and reporting procedures.

This move has forced GM Cruise to halt all of its driverless operations, effectively putting a pause on its plans to launch a commercial robotaxi service. The company had previously announced its intention to deploy a fleet of autonomous vehicles for ride-hailing purposes in San Francisco and other major cities.

The suspension of operations is a significant blow to GM Cruise, as it now faces a setback in the race to deploy fully autonomous vehicles for commercial use. Other companies in the autonomous vehicle space, including Waymo and Tesla, have been making strides in the development and deployment of their autonomous technologies.

The California ban highlights the challenges and complexities surrounding the regulation of autonomous vehicles. Striking the right balance between innovation and safety is crucial, and incidents or regulatory concerns can lead to significant delays in the deployment of this technology.

While GM Cruise has expressed its commitment to working closely with regulators to address their concerns, the current situation raises questions about the timeline for the widespread adoption of autonomous vehicles. It also emphasizes the need for a unified regulatory framework that can provide clear guidelines for the testing and deployment of autonomous technologies.

In the meantime, GM Cruise will need to reassess its strategy and potentially explore other avenues for testing and deploying its autonomous vehicles. The company has invested heavily in the development of this technology, and overcoming regulatory hurdles will be a crucial step in realizing its vision of a driverless future.

The halt to GM Cruise's driverless robotaxi operations is a clear reminder of the difficulties and unknowns associated with the advancement of autonomous car technology. The safe and effective use of this ground-breaking technology will depend on companies and regulators working together as the industry develops.

Read more »
Subscribe to: Posts (Atom)