Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Business Security. Show all posts
User Privacy
Business Security Cyber Security Data Leak Insider Threat User Privacy

Three Ways To Prevent Insider Threat Driven Data Leaks

 

The United States is poised to undergo a period of highly disruptive transformation. The incoming administration has promised to make significant changes, including forming a new body, the Department of Governmental Efficiency (DOGE), with the aim of substantially reducing the size of the government. 

Many people in our hugely polarised society are unhappy with the upcoming changes. Some will even refuse to "go down without a fight" and attempt to sabotage the shift or the new administration's prospects for success. How? One popular disruption method is to leak bits and pieces of insider information in order to distract, provoke opposition, and ultimately stall the changes.

While insider leaks can occur at any organisation and at any moment, a controversial move can be a major driver for such threats. We don't need to look far back for examples of this. After Donald Trump was elected to his first term, someone explicitly got a job as an IRS contractor so that he could leak the tax returns of key leaders, including President Trump. There was also information disclosed concerning a Trump cabinet pick. 

It's possible that this behaviour will worsen significantly. Agencies and organisations can take proactive measures to prepare for this. 

Launch an insider threat program: Nearly 80% of organisations have noticed an increase in insider threat activity since 2019, and just 30% believe they have the ability to deal with the situation. While external threats are frequently addressed, according to IBM's Cost of a Data Breach report, breaches by people within an organisation were the most costly, averaging just shy of $5 million.

Having a formal security strategy in place can safeguard sensitive data, maintain operational integrity, and ensure that your organization's communication links remain open and secure. Start by assessing your risk, establishing guidelines for data sharing and management, and installing technologies to monitor user activity, detect irregularities, and notify security teams of potential risks. 

Individualize information: Organisations can also explore using steganographic technologies to personalise the information they send to their employees. Forensic watermarking technology allows sensitive information to be shared in such a way that each employee receives a completely unique copy that is undetectable to the human eye. With this technology in place, employees are more likely to think twice before giving a secret presentation on future strategy. If a leak still occurs, the organisation can easily identify the source.

Avoid sharing files: The world must shift away from using files to share personal information. At first glance, it may appear impossible, yet changing the way organisations share information might help them preserve their most valuable information. File sharing is more than a risk factor; it is also a threat vector, as files are the source of the majority of data exfiltration risks. As a result, deleting them would naturally eliminate the threat. What are the alternatives? Using SaaS applications in which no one can download anything. This strategy also helps to safeguard against external attacks.
Read more »
sophisticated attacks
Business Security Cyber Security IT Flaw Security flaw sophisticated attacks

Public Holidays And Weekends Make Companies More Vulnerable to Cyberattacks

 


 Cyberattacks Surge During Holidays and Weekends: Semperis Report

Companies are particularly susceptible to cyberattacks during public holidays and weekends due to reduced security manpower. A recent report on ransomware assaults, published by Semperis, a provider of identity-based cyber resilience, confirms this vulnerability.

The study revealed that an average of 86% of organizations assessed across the United States, United Kingdom, France, and Germany were targeted during public holidays or weekends. The findings also indicate that 75% of businesses reduced their security workforce by up to 50% during these periods, leaving critical systems exposed.

Targeted Attacks During Key Business Events

Half of the respondents who experienced cyberattacks reported being targeted during major business events such as mergers or acquisitions. For instance, after UnitedHealth acquired Change Healthcare, cybercriminals exploited a security flaw in remote access systems to breach the company’s infrastructure.

The report highlighted that 90% of ransomware attacks compromised a firm’s identity service, such as Microsoft Active Directory (AD) or Entra ID, as these are widely used and vulnerable. Additionally:

  • 35% of businesses reported insufficient funds to safeguard against cyberattacks.
  • 61% of organizations lacked adequate backup solutions for their identity services.

While 81% of respondents stated they possess the knowledge to defend against identity-related threats, 83% admitted to experiencing a successful ransomware assault within the past year. This disconnect underscores the need for better implementation of security measures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has repeatedly emphasized the need for vigilance during weekends and public holidays. Notably, the ransomware group Clop exploited a long weekend to take advantage of a vulnerability in the MOVEit data exchange software. This attack affected over 130 companies in Germany, leading to significant data breaches and blackmail attempts.

Solutions to Mitigate Risks

To address these vulnerabilities, enterprises must take the following measures:

  • Protect critical flaws, such as those in Active Directory (AD) and other identity services.
  • Ensure security operations centers (SOCs) are adequately staffed during off-hours.
  • Integrate cybersecurity into the broader business resiliency strategy, alongside safety, financial, and reputational risk management.

Prioritizing security as an essential component of business resilience can make the difference between surviving and thriving in the face of catastrophic cyber incidents.

Read more »
Vulnerabilities and Exploits
Business Security firewall exploits Security Patch SonicWall Vulnerabilities and Exploits

Thousands of SonicWall Devices Vulnerable to Critical Security Threats

 

Thousands of SonicWall network security devices are currently exposed to severe vulnerabilities, with over 20,000 running outdated firmware that no longer receives vendor support. This puts countless organizations at risk of unauthorized access and potential data breaches.

Key Findings of the Study

  • A Bishop Fox study identified more than 25,000 SonicWall SSLVPN devices exposed to the internet, making them easy targets for cybercriminals.
  • The research analyzed over 430,000 SonicWall devices globally and found that 39% of the exposed devices were running Series 7 firewalls, many of which lacked the latest security patches.
  • Over 20,000 devices were found to be running software versions no longer supported by SonicWall, with older Series 5 and Series 6 devices being the most at risk.

Impact of Vulnerabilities

The study highlighted that many of these devices remain susceptible to exploits, including authentication bypasses and heap overflow bugs disclosed earlier this year. Attackers could use these flaws to gain unauthorized access to networks, particularly when both SSL VPN and administration interfaces are exposed online.

Bishop Fox employed advanced fingerprinting techniques to reverse-engineer the encryption securing the SonicOSX firmware, allowing researchers to pinpoint the vulnerabilities specific to each device version.

Risks Posed by Unsupported Firmware

  • Many Series 5 devices, which are largely unsupported, continue to be exposed to the internet, leaving them highly vulnerable to attacks.
  • Series 6 devices, while better maintained, still include a significant number that have not applied the latest patches.
  • Approximately 28% of evaluated devices were found to have critical or high-severity vulnerabilities.

Recommendations for Companies

Organizations using SonicWall devices must take immediate steps to mitigate these risks:

  • Ensure all firmware is updated to the latest version to address known vulnerabilities.
  • Disable public exposure of SSL VPN and administration interfaces to reduce attack surfaces.
  • Regularly audit network security practices and implement robust patch management protocols.

The findings underscore the urgent need for companies to prioritize cybersecurity measures. Neglecting to update firmware and secure network devices can have severe consequences, leaving systems and sensitive data vulnerable to exploitation.

With threats growing increasingly sophisticated, staying proactive about network security is no longer optional—it’s essential.

Read more »
Threat Management
Business Security Citrix Cloud Platform Cyber Security Threat Management

Citrix Expands Platform Capabilities with DeviceTrust and Strong Network Acquisitions

 

Citrix, a business unit of Cloud Software Group, has acquired DeviceTrust and Strong Network to enhance the functionality of its platform. These acquisitions enable Citrix to offer more comprehensive access management and security solutions, expanding its capabilities in both on-premises and cloud environments. The integration of these technologies allows Citrix to provide customers with enhanced control over hybrid application deployments while reducing the risk of data loss.

Expanding Zero-Trust Access and Hybrid Work Solutions

The acquisitions enable Citrix to implement zero-trust access for both cloud and on-premises applications. This approach helps address a range of user needs in hybrid application deployments, improving security while lowering the risk of data loss. According to Ethan Fitzsimons, Citrix's Vice President and Head of Global Channels, the deals open up "significant" opportunities for partners by broadening the services and solutions they can offer their clients.

“With the integration of DeviceTrust and Strong Network, partners can now provide advanced zero-trust security capabilities for VDI (Virtual Desktop Infrastructure) and DaaS (Desktop as a Service) environments. This will meet critical customer needs for secure hybrid work solutions,” Fitzsimons explained. “Our partners will also be able to leverage demand for secure hybrid work environments and offer Citrix Secure Private Access and related services, including implementation, customization, and ongoing management.”

DeviceTrust and Strong Network Capabilities

DeviceTrust technology enables real-time, contextual access within VDI and DaaS systems. The platform allows organizations to track and respond to changes in device posture and user location. By continuously assessing device attestation, the Citrix platform gives IT teams the ability to grant or revoke access based on real-time security conditions, enhancing control over network access.

Strong Network provides secure cloud development environments, enabling enterprises to build, launch, and access applications more efficiently and cost-effectively. The platform offers robust protection against data breaches through features like data loss prevention (DLP) and data infiltration detection. These capabilities protect organizations from phishing, malware, and credential theft. In addition, Strong Network ensures compliance with key safety standards, including the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), while offering visibility and control throughout the application lifecycle.

Strengthening Citrix’s Competitive Positioning

Fitzsimons emphasized that these acquisitions strengthen Citrix’s competitive positioning, enabling the company to offer a comprehensive zero-trust security platform across all application types and use cases—a capability that many competitors currently lack.

“By embedding these technologies directly into the Citrix platform, customers gain seamless access to these advanced security features without requiring separate purchases. This positions Citrix and its partners to attract customers seeking to consolidate vendors, especially as businesses focus on streamlining operations and enhancing cybersecurity in hybrid environments,” he added.

Enhanced Support for Citrix Secure Private Access

In addition to these acquisitions, Citrix is increasing support for its Citrix Secure Private Access in hybrid environments. This expanded support includes extending zero-trust access controls to web and SaaS applications, virtual desktops, and traditional client/server applications. By offering secure management of application access across both on-premises and cloud environments, Citrix helps businesses strengthen their overall cybersecurity posture.

Read more »
Employee Training
AI technology Business Security cyber resilience Cyber Security Cybersecurity awareness data security Employee Training

Creating a Strong Cybersecurity Culture: The Key to Business Resilience

 

In today’s fast-paced digital environment, businesses face an increasing risk of cyber threats. Establishing a strong cybersecurity culture is essential to protecting sensitive information, maintaining operations, and fostering trust with clients. Companies that prioritize cybersecurity awareness empower employees to play an active role in safeguarding data, creating a safer and more resilient business ecosystem. 

A cybersecurity-aware culture is about more than just protecting networks and systems; it’s about ensuring that every employee understands their role in preventing cyberattacks. The responsibility for data security has moved beyond IT departments to involve everyone in the organization. Even with robust technology, a single mistake—such as clicking a phishing link—can lead to severe consequences. Therefore, educating employees about potential threats and how to mitigate them is crucial. 

As technology becomes increasingly integrated into business operations, security measures must evolve to address emerging risks. The importance of cybersecurity awareness cannot be overstated. Just as you wouldn’t leave your home unsecured, companies must ensure their employees recognize the value of safeguarding corporate information. Awareness training helps employees understand that protecting company data also protects their personal digital presence. This dual benefit motivates individuals to remain vigilant, both professionally and personally. Regular cybersecurity training programs, designed to address threats like phishing, malware, and weak passwords, are critical. Studies show that such initiatives significantly reduce the likelihood of successful attacks. 

In addition to training, consistent reminders throughout the year help reinforce cybersecurity principles. Simulated phishing exercises, for instance, teach employees to identify suspicious emails by looking for odd sender addresses, unusual keywords, or errors in grammar. Encouraging the use of strong passwords and organizing workshops to discuss evolving threats also contribute to a secure environment. Organizations that adopt these practices often see measurable improvements in their overall cybersecurity posture. Artificial intelligence (AI) has emerged as a powerful tool for cybersecurity, offering faster and more accurate threat detection. 

However, integrating AI into a security strategy requires careful consideration. AI systems must be managed effectively to avoid introducing new vulnerabilities. Furthermore, while AI excels at monitoring and detection, foundational cybersecurity knowledge among employees remains essential. A well-trained workforce can address risks independently, ensuring that AI complements human efforts rather than replacing them. Beyond internal protections, cybersecurity also plays a vital role in maintaining customer trust. Clients want to know their data is secure, and any breach can severely harm a company’s reputation. 

For example, a recent incident involving CrowdStrike revealed how technical glitches can escalate into major phishing attacks, eroding client confidence. Establishing a clear response strategy and fostering a culture of accountability help organizations manage such crises effectively. 

A robust cybersecurity culture is essential for modern businesses. By equipping employees with the tools and knowledge to identify and respond to threats, organizations not only strengthen their defenses but also enhance trust with customers. This proactive approach is key to navigating today’s complex digital landscape with confidence and resilience.
Read more »
Spear Phishing
Business Security Cyber Attacks Malicious Campaign Russian Hacker Spear Phishing

Microsoft Warns of Russian Spear-Phishing Campaign Targeting Multiple Organizations

 

Microsoft Threat Intelligence has discovered a new attack campaign by Russian hacker group Midnight Blizzard, targeted at thousands of users from over 100 organisations. The attack uses spear-phishing emails that contain RDP configuration files, allowing perpetrators to connect to and potentially compromise the targeted systems. 

The malicious campaign targeted thousands of users from higher education, defence, non-governmental organisations, and government institutions. Dozens of nations have been impacted, mainly in the United Kingdom, Europe, Australia, and Japan, consistent with previous Midnight Blizzard phishing attacks. 

In the most recent Midnight Blizzard assault campaign, victims received meticulously targeted emails including social engineering lures related to Microsoft, Amazon Web Services, and the concept of Zero Trust. 

According to Microsoft Threat Intelligence, the emails were sent using email addresses from legitimate organisations obtained by the threat actor during earlier breaches. Every email included an RDP configuration file signed with a free LetsEncrypt certificate and included multiple sensitive parameters. When the user accessed the file, an RDP connection was established with an attacker-controlled system. 

The threat actor could then use the established RDP connection to acquire information regarding the targeted device, such as files and folders, connected network drives, and peripherals such as printers, microphones, and smart cards. 

It would also allow for the collection of clipboard data, web authentication via Windows Hello, passkeys and security keys, and even point-of-sale devices. Such a link may also enable the threat actor to install malware on the targeted device or mapped network share(s). 

Outbound RDP connections were established to domains constructed to deceive the victim into thinking they were AWS domains. Amazon, which is collaborating with the Ukrainian CERT-UA to combat the threat, began grabbing affected domains immediately in order to stop operations. Meanwhile, Microsoft alerted all impacted customers who had been targeted or compromised.
Read more »
Spear Phishing
Business Security Consumer Data Cyber Attacks Infostealer Infostealer Malware Malvertising Malware Campaign Spear Phishing

Marko Polo Infostealer Campaigns Target Thousands Across Platforms

 

The cybercriminal group “Marko Polo” is behind a major malware operation, running 30 infostealer campaigns targeting a wide array of victims. Using techniques such as spear-phishing, malvertising, and brand impersonation, the group spreads over 50 malware payloads, including AMOS, Stealc, and Rhadamanthys, across different sectors like gaming, cryptocurrency, and software. 

According to Recorded Future’s Insikt Group, Marko Polo’s campaigns have compromised thousands of devices globally, posing a significant threat to consumer privacy and business security, with potential financial losses in the millions. The group primarily uses spear-phishing tactics via direct messages on social media, targeting high-value individuals like cryptocurrency influencers, gamers, and software developers. 

They impersonate popular brands such as Fortnite, Zoom, and RuneScape, creating fake job offers and project collaborations to deceive victims into downloading malware. In addition to these impersonations, Marko Polo even fabricates its own brand names like VDeck, Wasper, and SpectraRoom to lure unsuspecting users. The Marko Polo operation is highly versatile, capable of infecting both Windows and macOS platforms. On Windows, they use a tool called “HijackLoader” to deliver malware like Stealc, designed to extract data from browsers, and Rhadamanthys, which targets a wide array of applications and data types. 

Rhadamanthys has also added advanced features, such as a cryptocurrency clipper to redirect payments to the attackers’ wallets, and the ability to evade Windows Defender. When it comes to macOS, the group deploys Atomic (AMOS), an infostealer launched in 2023, which they rent out to cybercriminals for $1,000 per month. AMOS is highly effective at extracting sensitive data stored on macOS systems, such as Apple Keychain passwords, MetaMask seeds, WiFi credentials, credit card details, and other encrypted information. 

The Marko Polo campaign’s widespread nature highlights the dangers of information-stealing malware, and users need to be vigilant against unsolicited links and downloads from unknown sources. One of the most effective ways to protect against such malware is to download software exclusively from official websites and ensure your antivirus software is up-to-date. This ensures the detection of malicious payloads before they can compromise your system. 

Information-stealing malware campaigns are becoming increasingly common, with Marko Polo’s operation serving as a stark reminder of the sophisticated tactics cybercriminals employ today. These stolen credentials often enable hackers to breach corporate networks, engage in data theft, and disrupt business operations. Therefore, cybersecurity awareness and strong preventive measures are crucial for protecting against such malicious activities.
Read more »
threat report
AI Threat Artificial Intelligence Business Security Technology threat report

Nearly Half of Security Experts Believe AI is Risky

 

AI is viewed by 48% of security experts as a major security threat to their organisation, according to a new HackerOne security research platform survey of 500 security professionals. 

Their main worries about AI include the following: 

  • Leaked training data (35%)
  • Unauthorized usage (33%)
  • The hacking of AI models by outsiders (32%) 

These concerns emphasise how vital it is for businesses to review their AI security plans in order to address shortcomings before it becomes a major issue. 

While the full Hacker Powered Security Report will not be available until later this fall, further study from a HackerOne-sponsored SANS Institute report disclosed that 58% of security experts believe that security teams and threat actors could be in a "arms race" to use generative AI tactics and techniques in their work. 

According to the SANS poll, 71% of security professionals have successfully used AI to automate routine jobs. However, the same participants admitted that threat actors could employ AI to improve their operations' efficiency. Specifically, the participants "were most concerned with AI-powered phishing campaigns (79%) and automated vulnerability exploitation (74%).” 

“Security teams must find the best applications for AI to keep up with adversaries while also considering its existing limitations — or risk creating more work for themselves,” Matt Bromiley, an analyst at the SANS Institute, stated in a press release. 

So what is the solution? External assessment of AI implementations is advised. More than two-thirds of those polled (68%) said "external review" is the most effective technique to identify AI safety and security risks.

“Teams are now more realistic about AI’s current limitations” than they were last year, noted HackerOne Senior Solutions Architect Dane Sherrets. “Humans bring a lot of important context to both defensive and offensive security that AI can’t replicate quite yet. Problems like hallucinations have also made teams hesitant to deploy the technology in critical systems. However, AI is still great for increasing productivity and performing tasks that don’t require deep context.”
Read more »
Work Management
Business Security Cyber Security Generative AI IT Leaders Work Management

IT Leaders Raise Security Concerns Regarding Generative AI

 

According to a new Venafi survey, developers in almost all (83%) organisations utilise AI to generate code, raising concerns among security leaders that it might lead to a major security incident. 

In a report published earlier this month, the machine identity management company shared results indicating that AI-generated code is widening the gap between programming and security teams. 

The report, Organisations Struggle to Secure AI-Generated and Open Source Code, highlighted that while 72% of security leaders believe they have little choice but to allow developers to utilise AI in order to remain competitive, virtually all (92%) are concerned regarding its use. 

Because AI, particularly generative AI technology, is advancing so quickly, 66% of security leaders believe they will be unable to stay up. An even more significant number (78%) believe that AI-generated code will lead to a security reckoning for their organisation, and 59% are concerned about the security implications of AI. 

The top three issues most frequently mentioned by survey respondents are the following: 

  • Over-reliance on AI by developers will result in a drop in standards
  • Ineffective quality checking of AI-written code 
  • AI to employ dated open-source libraries that have not been well-maintained

“Developers are already supercharged by AI and won’t give up their superpowers. And attackers are infiltrating our ranks – recent examples of long-term meddling in open source projects and North Korean infiltration of IT are just the tip of the iceberg,” Kevin Bocek, Chief Innovation Officer at Venafi, stated. 

Furthermore, the Venafi poll reveals that AI-generated code raises not only technology issues, but also tech governance challenges. For example, nearly two-thirds (63%) of security leaders believe it is impossible to oversee the safe use of AI in their organisation because they lack visibility into where AI is being deployed. Despite concerns, fewer than half of firms (47%) have procedures in place to ensure the safe use of AI in development settings. 

“Anyone today with an LLM can write code, opening an entirely new front. It’s the code that matters, whether it is your developers hyper-coding with AI, infiltrating foreign agents or someone in finance getting code from an LLM trained on who knows what. We have to authenticate code from wherever it comes,” Bocek concluded. 

The Venafi report is the outcome of a poll of 800 security decision-makers from the United States, the United Kingdom, Germany, and France.
Read more »
threat report
Business Security Chinese Hackers Cyber Security Mexico threat report

Here's How Criminals Are Targeting Users and Enterprises in Mexico

 

A recent Mandiant report highlighted the increasing cyber threats that Mexico is facing, including a sophisticated blend of domestic and global cybercrime that targets both individuals and businesses. 

Mexico's economy, ranked 12th largest in the world, makes it an appealing target for both financially driven hackers and cyber criminals from countries like North Korea, China, and Russia.

Since 2020, cyber espionage groups from over ten nations have been identified attempting to breach Mexican organisations. Among these, attackers affiliated with the People's Republic of China (PRC), North Korea, and Russia have been the most active, with China accounting for one-third of government-sponsored phishing activity.

Chinese actors are focussing specifically on news, education, and government organisations in Mexico; this is consistent with similar targeting strategies observed in regions where China has made large investments. 

Since the start of the war in Ukraine, North Korean outfits have focused on financial technology and cryptocurrency firms, while Russian cyber espionage activities have fallen substantially as resources have been diverted to other areas. The use of commercial spyware in Mexico is also highlighted in the report, with politicians, human rights advocates, and journalists being among the targets.

These tools are frequently sold to governments or attackers and are used to detect and exploit vulnerabilities in consumer devices. While spyware attacks only affect a few people at a time, they have significant implications for Mexico's press freedom and political integrity. 

Mandiant's report highlights a significant increase in ransomware and extortion operations in Mexico. From January 2023 to July 2024, Mexico ranked second in Latin America in terms of data leak site (DLS) listings following ransomware attacks, trailing only Brazil. LockBit, ALPHV, and 8BASE have been the most active in Mexico, concentrating on industries including manufacturing, technology, and financial services.

Threats from financial malware distribution efforts persist in Mexico, as attackers use lures related to taxes and finance to trick unsuspecting victims into downloading malicious software. UNC4984 and other groups have been seen distributing malware to Mexican banks via spoofed Mexican government websites, including the Mexican Tax Administration Service (SAT).
Read more »
Threat Landscape
Business Security Cyber Security Decryptor Ransomware Attackers Threat Landscape

Ransomware Actors Refused to Provide Decryptor Even After Recieving Ransom Payment

 

For C-suite executives and security leaders, learning that your organisation has been infiltrated by network attackers, critical systems have been locked down, and data has been compromised, followed by a ransom demand, could be the worst day of their professional life. 

But, as some executives recently discovered who had contracted the Hazard ransomware, things can go far worse. The decryptor that was provided in exchange for paying the ransom to unlock the encrypted files did not function. 

Security researchers did not talk to the victim organization in this case – its executives declined to be interviewed about their experience – hence the specifics remain unknown. 

Still, researchers believe that deciding that paying the criminals was the best way out of the scenario - for concerns regarding customer and employee data privacy, to bring business operations back online, to minimise reputational damage, or simply because there were no backups (oops) - was a painful decision in and of itself. But what if you pay the extortionists and still are unable to recover the files? That's excruciating. 

"Ransomware as a whole is extremely stressful for the victim," stated Mark Lance, ransomware negotiator with GuidePoint Security. "Now in this circumstance, specifically, where they've made the payment and the decryption tools don't work," the stress levels ratcheted up several notches. 

"In this, and in a lot of situations like this one, they're relying heavily on those decryption capabilities working on certain systems so that they can recover operations," Lance added. "So the stress substantially increases because they're like, 'Hey, we made this large ransom payment amount with established terms that said if we paid we're going to get access.'” 

Following their initial failure to decrypt their files, the compromised organisation acquired a new decryptor version from the hackers; however, this was also not functioning. Following a call from a third party participating in the ransomware discussions, GuidePoint attempted to contact the perpetrators' "technical support" desk but was informed that a new version of the decryptor was required on behalf of the victim. 

Whatever the reason, the organisation was unable to access the encrypted files, and the Hazard ransomware gang vanished. Eventually, GuidePoint was able to patch the decryptor binary and then brute-force 16,777,216 potential values until some critical missing bytes in the cryptographic process were discovered, resulting in a functional tool for decrypting the files. It's a good reminder, though, that paying a ransom does not ensure data recovery.
Read more »
Threat Intelligence
Business Security CISOs Cyber Criminals Cyber Security Threat Intelligence

Here's Why Attackers Have a Upper Hand Against CISOs

 

Security experts have an in-depth knowledge of the technical tactics, techniques, and procedures (TTPs) that attackers employ to launch cyberattacks. They are also knowledgeable about critical defensive methods, such as prioritising patching based on risk and creating a zero-trust policy. 

However, the world for business security appears to be one step behind hackers, who successfully launch an increasing number of attacks year after year. Here's one reason: many CISOs underappreciate, overlook, and sometimes underestimate all of the knowledge that hackers bring to the table — the nontechnical insights that they use to gain an advantage. 

“Hackers know that the average CISO has a lot on their plates and they don’t have enough [resources] to get everything done. So CISOs really have to pay attention to what hackers are doing and what they know so they can best defend against them,” stated Stephanie “Snow” Carruthers, chief people hacker at IBM.

So, what do hackers know that may not be credible? According to security researchers, these are three main hacking tactics that may go unnoticed by CISOs. 

Hackers know business schedule 

It's not a coincidence that many attacks occur during the most challenging times. Hackers do boost their attacks on weekends and holidays when security teams are understaffed. They're also more likely to strike just before lunchtime and at the end of the day, when employees are rushed thereby less aware of red indicators indicating a phishing attack or fraudulent behaviour.

“Hackers typically deploy their attacks during those times because they’re less likely to be noticed,” stated Melissa DeOrio, global threat intelligence lead at S-RM, a global intelligence and cybersecurity consultancy.

DeOrio agrees that many hackers are based in regions where daytime working hours overlap with non working hours in the Americas and Western Europe. However, she claims that research suggests that hackers exploit this disparity by timing their attacks. 

Furthermore, Tomer Bar, vice president of security research at SafeBreach, adds that threat actors seek out moments of organisational upheaval (e.g., mergers, acquisitions, layoffs, etc.) to exploit. "Threat actors will try to launch an attack at the most difficult time for the CISO and the blue team.” 

To counter this hacking technique, long-time security leaders encourage CISOs to include it into their own defence strategies. They should use third-party services during off-business hours to supplement the security team's work schedule, increase automation to improve staff efficiency at all hours, add extra layers of security such as more monitoring or tighter filters at times of increased risk, ensure priority security work is completed before busy times such as holidays, and educate all employees about the heightened risks that exist during such times. 

Gathering insights on organisations 

The attackers actively gather open-source intelligence (OSINT) in order to plan attacks. It's hardly unexpected that hackers seek out information on transformative events such as large layoffs, mergers, and the like, she says. However, CISOs, their teams, and other executives may be astonished to hear that hackers hunt for news about seemingly innocuous activities such as technology installations, new alliances, hiring sprees, and CEO schedules that show when they are away from the office. 

To counter this, CISOs can monitor OSINT about their organisations, collaborate with other executives on announcements and their timing, and run simulations on how such announcements play out from a business perspective. All of this allows CISOs and their teams to see what hackers see, better understand their thinking, and prepare for potential targeted attacks. 

Ignorant corporate culture 

Security awareness training typically demands employees to take time to review emails or think through requests to help determine whether a request is legitimate or suspicious. Yet workplace culture today generally works against that approach, Huffman notes. “We praise ourselves for putting ourselves in an emotional hot state,” he says, pointing to job postings that use phrases such as “fast-paced,” “dynamic” and “high-intensity” to describe the workplace culture as evidence. 

According to Huffman, Employees do not have — nor are they encouraged to take — extra time to review incoming messages (whether via email, phone, video, text, or other means). "And that's why hackers are successful: they catch us in constant emotional hot states when you're clicking through 1,000 emails.”
Read more »
online misinformation
Bots Business Security Cyber Fraud cybersecurity challenges Digital threats fake users internet integrity online misinformation

The Threat of Bots and Fake Users to Internet Integrity and Business Security

 

 
The bots account for 47% of all internet traffic, with "bad bots" making up 30% of that total, as per a recent report by Imperva .These significant numbers threaten the very foundation of the open web.Even when a user is genuinely human, it's likely that their account is a fake identity, making "fake users" almost as common online as real ones.

In Israel, folks are well-acquainted with the existential risks posed by bot campaigns. Following October 7, widespread misinformation campaigns orchestrated by bots and fake accounts swayed public opinion and policymakers.

The New York Times, monitoring online activity during the war, discovered that “in a single day after the conflict began, roughly 1 in 4 accounts on Facebook, Instagram, TikTok, and X, formerly Twitter, discussing the conflict appeared to be fake... In the 24 hours following the Al-Ahli Arab hospital blast, more than 1 in 3 accounts posting about it on X were fake.” With 82 countries holding elections in 2024, the threat posed by bots and fake users is reaching critical levels. Just last week, OpenAI had to disable an account belonging to an Iranian group using its ChatGPT bot to create content aimed at influencing the US elections.

The influence of bots on elections and their broader impact is alarming. As Rwanda geared up for its July elections, Clemson University researchers identified 460 accounts spreading AI-generated messages on X in support of President Paul Kagame. Additionally, in the last six months, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) detected influence campaigns targeting Georgian protesters and spreading falsehoods about the death of an Egyptian economist, all driven by inauthentic accounts on X.

Bots and fake users pose severe risks to national security, but online businesses are also significantly affected.Consider a scenario where 30-40% of all digital traffic for a business is generated by bots or fake users. This situation results in skewed data that leads to flawed decision-making, misinterpretation of customer behaviors, misdirected efforts by sales teams, and developers focusing on products that are falsely perceived as in demand. The consequences are staggering. A study by CHEQ.ai, a Key1 portfolio company and go-to-market security platform, found that in 2022 alone, over $35 billion was wasted on advertising, and more than $140 billion in potential revenue was lost.

Ultimately, fake users and bots undermine the very foundations of modern business, creating distrust in data, results, and even among teams.

The introduction of Generative AI has further complicated the issue by making it easier to create bots and fake identities, lowering the barriers for attacks, increasing their sophistication, and expanding their reach. The scope of this problem is immense. 

Education is a crucial element in fighting the online epidemic of fake accounts. By raising awareness of the tactics used by bots and fake users, society can be empowered to recognize and reduce their impact. Identifying inauthentic users—such as those with incomplete profiles, generic information, repetitive phrases, unusually high activity levels, shallow content, and limited engagement—is a critical first step. However, as bots become more sophisticated, this challenge will only grow, highlighting the need for continuous education and vigilance.

Moreover, public policies and regulations must be implemented to restore trust in digital spaces. For instance, governments could mandate that large social networks adopt advanced bot-mitigation tools to better police fake accounts.

Finding the right balance between preserving the freedom of these platforms, ensuring the integrity of posted information, and mitigating potential harm is challenging but necessary for the longevity of these networks.

On the business side, various tools have been developed to tackle and block invalid traffic. These range from basic bot mitigation solutions that prevent Distributed Denial of Service (DDoS) attacks to specialized software that protects APIs from bot-driven data theft attempts.

Advanced bot-mitigation solutions use sophisticated algorithms that conduct real-time tests to verify traffic integrity. These tests assess account behavior, interaction levels, hardware characteristics, and the use of automation tools. They also detect non-human behavior, such as abnormally fast typing, and review email and domain histories.

While AI has contributed to the bot problem, it also offers powerful solutions to combat it. AI’s advanced pattern recognition capabilities allow for more precise and rapid differentiation between legitimate and fake bots. Companies like CHEQ.ai are leveraging AI to help marketers ensure their ads reach real human users and are placed in secure, bot-free environments, countering the growing threat of bots in digital advertising.

From national security to business integrity, the consequences of the “fake internet” are vast and serious. However, there are several effective methods to address the problem that deserve renewed focus from both the public and private sectors. By raising awareness, enhancing regulation, and instituting active protection, we can collectively contribute to a more accurate and safer internet environment.
Read more »
Vulnerability management
Business Security Cyber Security ransomware attacks Threat Management Vulnerability management

Here's Why Ransomware Actors Have a Upper Hand Against Organisations

 

Successful ransomware assaults are increasing, not necessarily because the attacks are more sophisticated in design, but because attackers have found that many of the world's largest companies lack adequate resilience to basic safety measures. Despite huge efforts in cybersecurity from both the private and public sectors, many organisations remain vulnerable to ransomware attacks.

Richard Caralli, senior cybersecurity advisor at Axio, has over 40 years of experience as a practitioner, researcher, and leader in the audit and cybersecurity fields. Based on his years of experience, he believes that there are two primary reasons of the lack of ransomware resilience that exposes numerous organisations to otherwise preventable flaws in their ransomware defences: 

  • Recent noteworthy intrusions, such as those on gaming companies, consumer goods manufacturers, and healthcare providers, highlight the fact that some organisations may not have implemented basic safety standards. 
  • Organisations that have put in place foundational practices may not have done enough to confirm and validate those practices' performance over time, which causes expensive investments to lose their efficacy more quickly. 

Given this, organisations can take three simple activities to boost fundamental resilience to ransomware: 

Recommit to core practices

According to Verizon's "2023 Data Breach Investigations Report," 61% of all incidents used user credentials. Two-factor authentication (2FA) is currently regarded as an essential control for access management. However, a failure to apply this additional layer of security is at the heart of UnitedHealth Group/Change Healthcare's ongoing ransomware nightmare. This intrusion affects not only patients, but also service providers and professionals, who face severe barriers to obtaining treatment authorisations and payments. An entire sector is under attack as a result of a major healthcare provider's failure to adopt this foundational control.

Ensure fundamental procedures are institutionalised

There is a "set and forget" approach that handles cybersecurity during the installation stage but fails to ensure that procedures, controls, and countermeasures are long-lasting throughout the infrastructure's life, particularly when these infrastructures expand and adapt to organisational change. 

For example, cybersecurity procedures that are not actively adopted with characteristics that enable institutionalisation and durability are at risk of failing to withstand developing ransomware attack vectors. But what exactly does institutionalisation mean? Higher maturity behaviours include documenting the practice, resourcing it with sufficiently skilled and accountable people, tools, and funding, supporting its enforcement through policy, and measuring its effectiveness over time. 

Implementing the basics 

The issue of implementing and maintaining essential cybersecurity measures is numerous. It necessitates a commitment to constant attention, active management, and a thorough understanding of emerging hazards. However, by confronting these obstacles and ensuring that cybersecurity procedures are rigorously established, measured, and maintained, organisations may better protect themselves against the ever-present threat of ransomware attacks. 

Focussing on the basics first — such as implementing foundational controls like 2FA, developing maintenance skills to integrate IT and security efforts, and adopting performance management practices — can lead to significant improvements in cybersecurity, providing robust protection with less investment.
Read more »
Threat Management
Business Security Cyber Security Ransomware attack SEC Settlement Threat Management

Here's What Businesses Can Learn From a $2 Million Ransomware Attack SEC Settlement

 

Business leaders and security teams can learn a lot from the recent $2.1 million settlement reached between the Securities and Exchange Commission and R.R. Donnelly & Sons Co. regarding a ransomware assault. The settlement brought RRD's negligence to light and emphasises how crucial it is for publicly listed firms to have robust safety policies and procedures in place. 

Here are key takeaways that private and public organisations can use to improve their cybersecurity posture and comply with SEC standards. 

RRD ransomware attack overview 

RRD is a publicly listed international provider of marketing and corporate communication services. The organisation used a third-party managed security services provider (MSSP) to safeguard and monitor their infrastructure. In late November 2021, RRD's intrusion prevention systems identified odd behaviour and sent notifications to both RRD and their MSSP supplier. Following assessment of these signals, the MSSP opted to escalate three issues to RRD's security personnel. 

  • Similar behaviours were observed on multiple computers throughout the RRD network, indicating that a threat actor was either making lateral movements or had compromised multiple endpoints.
  • Activities had some connection to a larger phishing campaign. 
  • It was revealed by open-source intelligence that the malware could allow arbitrary code to be executed remotely. 

Unfortunately, RRD decided not to remove the compromised devices from the network and did not carry out their own investigation to prevent further compromise until nearly a month later. Between November and December, the MSSP identified at least 20 more security alerts connected to the same incident, but failed to elevate them to RRD, including malware execution on the domain controller. 

The attacker then installed encryption software on RRD machines and stole 70 gigabytes of data, including financial and personal data from 29 of RRD's 22,000 clients. RRD eventually launched its ransomware response actions on December 23, 2021, and filed their 8-K on December 27, 2021. 

Overview of SEC's findings and judgement 

The SEC's filing cites RRD's incompetence in the following areas: 

  • RRD's policies and controls were not intended to ensure that all relevant information about security alerts and incidents were reported to RRD's disclosure decision makers on a timely basis. 
  • RRD failed to offer guidance to its internal and external people on reporting safety incidents and responding to them.
  • Even though RRD got alerts and escalations from its systems and service provider about three weeks before the encryption, it failed to analyse them and take appropriate investigative and remedial action. 

Based on these findings, the SEC claimed that RRD violated the disclosure controls and procedures requirements of Exchange Act Rule 13a-15(a) and the internal accounting controls provisions of Exchange Act Section 13(b)(2)(B). The SEC evaluated a $2.125 million penalty on RRD. 

Key takeaways for security teams

The RRD verdict highlights the SEC's tightening grasp on cybersecurity controls and laws. Here are some significant takeaways for security teams in publicly listed companies: 

Ensure close oversight of service providers: In your contracts and meetings with MSSPs, be clear about security requirements and adherence to security processes. Streamline the process for increasing notifications. All such contracts, protocols, and processes must be evaluated annually or on a regular basis to ensure that there are no gaps. 

Implement effective disclosure processes: RRD was fortunate that the new SEC disclosure standards were not in existence when this incident occurred. If those restrictions had been in effect, they may have faced far more severe fines. The present disclosure requirements compel organisations to file a disclosure (Form 8-K) within four days of the material determination of an incident. As a result, it is vital that organisations adopt rigorous disclosure procedures. 

Train your staff: There is a direct correlation between phishing and ransomware. Phishing emails are often successful because busy users are distracted by various jobs and communication channels, making them less vigilant in identifying phishing efforts. The Conti ransomware group, suspected to be responsible for the RRD attack, is known to use normal phishing tactics as an entry point. 

Phishing is clearly the result of poor security awareness, judgement, and consciousness among users. Organisations that use phishing simulation exercises and gamification can significantly reduce phishing attacks. Employees should also receive training on security escalation and incident response procedures.

The settlement between the SEC and RRD is a big wake-up call for organisations that have failed to prioritise cybersecurity enforcement and regulatory compliance. It is critical for organisations to actively supervise security providers, periodically train personnel on security awareness practices, update escalation and incident management policies, and prioritise security alerts and notifications. By implementing these key best practices, businesses can assure compliance with the most recent SEC standards while also improving their overall security posture.
Read more »
Ransomware
Business Security Cyber Attacks Financial Loss Manufacturing Firm Ransomware

Keytronic Lost Over $17 Million Due to a Ransomware Attack

 

Keytronic, an electronic manufacturing services supplier, has said that it lost more than $17 million as a result of a ransomware assault in May. The American technology firm established in 1969 as an Original Equipment Manufacturer (OEM) of keyboards and mice, but has since grown to become one of the leading global manufacturers of printed circuit board assembly (PCBA), with operations in the United States, Mexico, China, and Vietnam. 

In a filing with the Securities and Exchange Commission (SEC) last Friday, Keytronic stated that it detected the incident on May 6 after outages at its Mexico and U.S. sites affected business systems allowing bot operations and corporate services. 

"Due to this event, the Company incurred approximately $2.3 million of additional expenses and believes that it lost approximately $15 million of revenue during the fourth quarter," the company noted. "Most of these orders are recoverable and are expected to be fulfilled in fiscal year 2025. Partially offsetting these additional expenses was an insurance gain in the amount of $0.7 million that was also recorded during the quarter.” 

Keytronic originally disclosed in a May filing that the hack required it to suspend domestic and Mexican operations for two weeks during the incident response. The corporation also stated that the hackers stole private data from its systems during the intrusion. While Keytronic has yet to identify the attack to a specific threat group, the Black Basta ransomware gang claimed responsibility in late May and published all of the data stolen from the company's systems. 

The Black Basta ransomware gang claimed responsibility for the attack in late May and released what they claimed to be all of the data harvested from the company's systems, however Keytronic has not yet linked the attack to a specific threat group.

During the hack, the ransomware gang claimed to have access to several types of data such as HR, finance, engineering, and corporate files. Black Basta's dark web leak website published screenshots of employees' passports and social security cards, customer presentations, and company records. Black Basta is a Ransomware-as-a-Service (RaaS) operation that first appeared in April 2022 and has since claimed numerous high-profile victims, including government contractors and healthcare organisations.
Read more »
Technology
Business Security ChatGPT Data Privacy Generative AI Technology

Risks of Generative AI for Organisations and How to Manage Them

 

Employers should be aware of the potential data protection issues before experimenting with generative AI tools like ChatGPT. You can't just feed human resources data into a generative AI tool because of the rise in privacy and data protection laws in the US, Europe, and other countries in recent years. After all, employee data—including performance, financial, and even health data—is often quite sensitive.

Obviously, this is an area where companies should seek legal advice. It's also a good idea to consult with an AI expert regarding the ethics of utilising generative AI (to ensure that you're acting not only legally, but also ethically and transparently). But, as a starting point, here are two major factors that employers should be aware of. 

Feeding personal data

As I previously stated, employee data is often highly sensitive and sensitive. It is precisely the type of data that, depending on your jurisdiction, is usually subject to the most stringent forms of legal protection.

This makes it highly dangerous to feed such data into a generative AI tool. Why? Because many generative AI technologies use the information provided to fine-tune the underlying language model. In other words, it may use the data you provide for training purposes, and it may eventually expose that information to other users. So, suppose you employ a generative AI tool to generate a report on employee salary based on internal employee information. In the future, the AI tool can employ the data to generate responses for other users (outside of your organisation). Personal information could easily be absorbed by the generative AI tool and reused. 

This isn't as shady as it sounds. Many generative AI programmes' terms and conditions explicitly specify that data provided to the AI may be utilised for training and fine-tuning or revealed when users request cases of previously submitted inquiries. As a result, when you agree to the terms of service, always make sure you understand exactly what you're getting yourself into. Experts urge that any data given to a generative AI service be anonymised and free of personally identifiable information. This is frequently referred to as "de-identifying" the data.

Risks of generative AI outputs 

There are risks associated with the output or content developed by generative AIs, in addition to the data fed into them. In particular, there is a possibility that the output from generative AI technologies will be based on personal data acquired and handled in violation of data privacy laws. 

For example, suppose you ask a generative AI tool to provide a report on average IT salary in your area. There is a possibility that the programme will scrape personal data from the internet without your authorization, violating data protection rules, and then serve it to you. Employers who exploit personal data provided by a generative AI tool may be held liable for data protection violations. For the time being, it is a legal grey area, with the generative AI provider likely bearing the most or all of the duty, but the risk remains. 

Cases like this are already appearing. Indeed, one lawsuit claims that ChatGPT was trained on "massive amounts of personal data," such as medical records and information about children, that was accessed without consent. You do not want your organisation to become unwittingly involved in a litigation like this. Essentially, we're discussing an "inherited" risk of violating data protection regulations. However, there is a risk involved. 

The way forward

Employers must carefully evaluate the data protection and privacy consequences of utilising generative AI and seek expert assistance. However, don't let this put you off adopting generative AI altogether. Generative AI, when used properly and within the bounds of the law, can be an extremely helpful tool for organisations.
Read more »
Thread Landscape
Business Security Cyber defense Cyber Security Machine Identity Thread Landscape

Machine Identities Pose Major Threat to Indian Organizations: CyberArk

 

In an era where digital transformation is swiftly reshaping the business world, the most recent research from CyberArk, an identity security company, highlights a growing concern: identity-related breaches. 

The 2024 Identity Security Threat Landscape Report highlights a concerning trend among Indian companies, with 93% reporting two or more identity-related breaches in the previous year. This worrying number demonstrates how Artificial Intelligence (AI) boosts both cyber defences and attacker capabilities by increasing the rate at which these identities are created. 

The rise of machine identities 

As organisations implement multi-cloud strategies and integrate AI-driven programmes, the number of machine identities expands. These identities, which are frequently allowed sensitive or privileged access, are currently regarded as the riskiest category. 

Unlike human identities, machine identities usually lack effective security protections, making them ideal targets for cyber attackers. The report emphasises that machine identities are the key driver of identity expansion, with 50% of organisations expecting a threefold increase in identities over the next year.

Humans vs. Machines: A security gap

The findings reveal a huge discrepancy in how organisations approach human and machine identities. While 53% of organisations define privileged users as human exclusively, 46% broaden the definition to cover any identities with sensitive access, whether human or machine. This mismatch highlights a key vulnerability in identity security solutions, emphasising the necessity for a unified strategy. 

AI’s role in cyber defense 

The report also focuses on AI's dual function in cybersecurity. Nearly every organisation (99%) is using AI-powered solutions to strengthen their defences. However, attackers employ the same technologies to increase the sophistication of their attacks. 

Notably, 93% of respondents believe that AI-powered goods will create new security risks in the coming year. Despite these concerns, 84% of security professionals are confident that their employees can detect deepfakes in organisational leadership, demonstrating greater awareness and training in organisations. 

Conclusion

The findings of the CyberArk research serve as a sharp reminder of the changing threat landscape and the vital role of strong identity safety measures.

As organisations expand their digital footprints, a paradigm shift towards a more integrated and robust cybersecurity design is needed. Organisations can better safeguard themselves against the ever-expanding range of digital threats by prioritising identity security in their strategy.
Read more »
Subscribe to: Posts (Atom)