Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Business Security. Show all posts
Employee Training
AI technology Business Security cyber resilience Cyber Security Cybersecurity awareness data security Employee Training

Creating a Strong Cybersecurity Culture: The Key to Business Resilience

 

In today’s fast-paced digital environment, businesses face an increasing risk of cyber threats. Establishing a strong cybersecurity culture is essential to protecting sensitive information, maintaining operations, and fostering trust with clients. Companies that prioritize cybersecurity awareness empower employees to play an active role in safeguarding data, creating a safer and more resilient business ecosystem. 

A cybersecurity-aware culture is about more than just protecting networks and systems; it’s about ensuring that every employee understands their role in preventing cyberattacks. The responsibility for data security has moved beyond IT departments to involve everyone in the organization. Even with robust technology, a single mistake—such as clicking a phishing link—can lead to severe consequences. Therefore, educating employees about potential threats and how to mitigate them is crucial. 

As technology becomes increasingly integrated into business operations, security measures must evolve to address emerging risks. The importance of cybersecurity awareness cannot be overstated. Just as you wouldn’t leave your home unsecured, companies must ensure their employees recognize the value of safeguarding corporate information. Awareness training helps employees understand that protecting company data also protects their personal digital presence. This dual benefit motivates individuals to remain vigilant, both professionally and personally. Regular cybersecurity training programs, designed to address threats like phishing, malware, and weak passwords, are critical. Studies show that such initiatives significantly reduce the likelihood of successful attacks. 

In addition to training, consistent reminders throughout the year help reinforce cybersecurity principles. Simulated phishing exercises, for instance, teach employees to identify suspicious emails by looking for odd sender addresses, unusual keywords, or errors in grammar. Encouraging the use of strong passwords and organizing workshops to discuss evolving threats also contribute to a secure environment. Organizations that adopt these practices often see measurable improvements in their overall cybersecurity posture. Artificial intelligence (AI) has emerged as a powerful tool for cybersecurity, offering faster and more accurate threat detection. 

However, integrating AI into a security strategy requires careful consideration. AI systems must be managed effectively to avoid introducing new vulnerabilities. Furthermore, while AI excels at monitoring and detection, foundational cybersecurity knowledge among employees remains essential. A well-trained workforce can address risks independently, ensuring that AI complements human efforts rather than replacing them. Beyond internal protections, cybersecurity also plays a vital role in maintaining customer trust. Clients want to know their data is secure, and any breach can severely harm a company’s reputation. 

For example, a recent incident involving CrowdStrike revealed how technical glitches can escalate into major phishing attacks, eroding client confidence. Establishing a clear response strategy and fostering a culture of accountability help organizations manage such crises effectively. 

A robust cybersecurity culture is essential for modern businesses. By equipping employees with the tools and knowledge to identify and respond to threats, organizations not only strengthen their defenses but also enhance trust with customers. This proactive approach is key to navigating today’s complex digital landscape with confidence and resilience.
Read more »
Spear Phishing
Business Security Cyber Attacks Malicious Campaign Russian Hacker Spear Phishing

Microsoft Warns of Russian Spear-Phishing Campaign Targeting Multiple Organizations

 

Microsoft Threat Intelligence has discovered a new attack campaign by Russian hacker group Midnight Blizzard, targeted at thousands of users from over 100 organisations. The attack uses spear-phishing emails that contain RDP configuration files, allowing perpetrators to connect to and potentially compromise the targeted systems. 

The malicious campaign targeted thousands of users from higher education, defence, non-governmental organisations, and government institutions. Dozens of nations have been impacted, mainly in the United Kingdom, Europe, Australia, and Japan, consistent with previous Midnight Blizzard phishing attacks. 

In the most recent Midnight Blizzard assault campaign, victims received meticulously targeted emails including social engineering lures related to Microsoft, Amazon Web Services, and the concept of Zero Trust. 

According to Microsoft Threat Intelligence, the emails were sent using email addresses from legitimate organisations obtained by the threat actor during earlier breaches. Every email included an RDP configuration file signed with a free LetsEncrypt certificate and included multiple sensitive parameters. When the user accessed the file, an RDP connection was established with an attacker-controlled system. 

The threat actor could then use the established RDP connection to acquire information regarding the targeted device, such as files and folders, connected network drives, and peripherals such as printers, microphones, and smart cards. 

It would also allow for the collection of clipboard data, web authentication via Windows Hello, passkeys and security keys, and even point-of-sale devices. Such a link may also enable the threat actor to install malware on the targeted device or mapped network share(s). 

Outbound RDP connections were established to domains constructed to deceive the victim into thinking they were AWS domains. Amazon, which is collaborating with the Ukrainian CERT-UA to combat the threat, began grabbing affected domains immediately in order to stop operations. Meanwhile, Microsoft alerted all impacted customers who had been targeted or compromised.
Read more »
Spear Phishing
Business Security Consumer Data Cyber Attacks Infostealer Infostealer Malware Malvertising Malware Campaign Spear Phishing

Marko Polo Infostealer Campaigns Target Thousands Across Platforms

 

The cybercriminal group “Marko Polo” is behind a major malware operation, running 30 infostealer campaigns targeting a wide array of victims. Using techniques such as spear-phishing, malvertising, and brand impersonation, the group spreads over 50 malware payloads, including AMOS, Stealc, and Rhadamanthys, across different sectors like gaming, cryptocurrency, and software. 

According to Recorded Future’s Insikt Group, Marko Polo’s campaigns have compromised thousands of devices globally, posing a significant threat to consumer privacy and business security, with potential financial losses in the millions. The group primarily uses spear-phishing tactics via direct messages on social media, targeting high-value individuals like cryptocurrency influencers, gamers, and software developers. 

They impersonate popular brands such as Fortnite, Zoom, and RuneScape, creating fake job offers and project collaborations to deceive victims into downloading malware. In addition to these impersonations, Marko Polo even fabricates its own brand names like VDeck, Wasper, and SpectraRoom to lure unsuspecting users. The Marko Polo operation is highly versatile, capable of infecting both Windows and macOS platforms. On Windows, they use a tool called “HijackLoader” to deliver malware like Stealc, designed to extract data from browsers, and Rhadamanthys, which targets a wide array of applications and data types. 

Rhadamanthys has also added advanced features, such as a cryptocurrency clipper to redirect payments to the attackers’ wallets, and the ability to evade Windows Defender. When it comes to macOS, the group deploys Atomic (AMOS), an infostealer launched in 2023, which they rent out to cybercriminals for $1,000 per month. AMOS is highly effective at extracting sensitive data stored on macOS systems, such as Apple Keychain passwords, MetaMask seeds, WiFi credentials, credit card details, and other encrypted information. 

The Marko Polo campaign’s widespread nature highlights the dangers of information-stealing malware, and users need to be vigilant against unsolicited links and downloads from unknown sources. One of the most effective ways to protect against such malware is to download software exclusively from official websites and ensure your antivirus software is up-to-date. This ensures the detection of malicious payloads before they can compromise your system. 

Information-stealing malware campaigns are becoming increasingly common, with Marko Polo’s operation serving as a stark reminder of the sophisticated tactics cybercriminals employ today. These stolen credentials often enable hackers to breach corporate networks, engage in data theft, and disrupt business operations. Therefore, cybersecurity awareness and strong preventive measures are crucial for protecting against such malicious activities.
Read more »
threat report
AI Threat Artificial Intelligence Business Security Technology threat report

Nearly Half of Security Experts Believe AI is Risky

 

AI is viewed by 48% of security experts as a major security threat to their organisation, according to a new HackerOne security research platform survey of 500 security professionals. 

Their main worries about AI include the following: 

  • Leaked training data (35%)
  • Unauthorized usage (33%)
  • The hacking of AI models by outsiders (32%) 

These concerns emphasise how vital it is for businesses to review their AI security plans in order to address shortcomings before it becomes a major issue. 

While the full Hacker Powered Security Report will not be available until later this fall, further study from a HackerOne-sponsored SANS Institute report disclosed that 58% of security experts believe that security teams and threat actors could be in a "arms race" to use generative AI tactics and techniques in their work. 

According to the SANS poll, 71% of security professionals have successfully used AI to automate routine jobs. However, the same participants admitted that threat actors could employ AI to improve their operations' efficiency. Specifically, the participants "were most concerned with AI-powered phishing campaigns (79%) and automated vulnerability exploitation (74%).” 

“Security teams must find the best applications for AI to keep up with adversaries while also considering its existing limitations — or risk creating more work for themselves,” Matt Bromiley, an analyst at the SANS Institute, stated in a press release. 

So what is the solution? External assessment of AI implementations is advised. More than two-thirds of those polled (68%) said "external review" is the most effective technique to identify AI safety and security risks.

“Teams are now more realistic about AI’s current limitations” than they were last year, noted HackerOne Senior Solutions Architect Dane Sherrets. “Humans bring a lot of important context to both defensive and offensive security that AI can’t replicate quite yet. Problems like hallucinations have also made teams hesitant to deploy the technology in critical systems. However, AI is still great for increasing productivity and performing tasks that don’t require deep context.”
Read more »
Work Management
Business Security Cyber Security Generative AI IT Leaders Work Management

IT Leaders Raise Security Concerns Regarding Generative AI

 

According to a new Venafi survey, developers in almost all (83%) organisations utilise AI to generate code, raising concerns among security leaders that it might lead to a major security incident. 

In a report published earlier this month, the machine identity management company shared results indicating that AI-generated code is widening the gap between programming and security teams. 

The report, Organisations Struggle to Secure AI-Generated and Open Source Code, highlighted that while 72% of security leaders believe they have little choice but to allow developers to utilise AI in order to remain competitive, virtually all (92%) are concerned regarding its use. 

Because AI, particularly generative AI technology, is advancing so quickly, 66% of security leaders believe they will be unable to stay up. An even more significant number (78%) believe that AI-generated code will lead to a security reckoning for their organisation, and 59% are concerned about the security implications of AI. 

The top three issues most frequently mentioned by survey respondents are the following: 

  • Over-reliance on AI by developers will result in a drop in standards
  • Ineffective quality checking of AI-written code 
  • AI to employ dated open-source libraries that have not been well-maintained

“Developers are already supercharged by AI and won’t give up their superpowers. And attackers are infiltrating our ranks – recent examples of long-term meddling in open source projects and North Korean infiltration of IT are just the tip of the iceberg,” Kevin Bocek, Chief Innovation Officer at Venafi, stated. 

Furthermore, the Venafi poll reveals that AI-generated code raises not only technology issues, but also tech governance challenges. For example, nearly two-thirds (63%) of security leaders believe it is impossible to oversee the safe use of AI in their organisation because they lack visibility into where AI is being deployed. Despite concerns, fewer than half of firms (47%) have procedures in place to ensure the safe use of AI in development settings. 

“Anyone today with an LLM can write code, opening an entirely new front. It’s the code that matters, whether it is your developers hyper-coding with AI, infiltrating foreign agents or someone in finance getting code from an LLM trained on who knows what. We have to authenticate code from wherever it comes,” Bocek concluded. 

The Venafi report is the outcome of a poll of 800 security decision-makers from the United States, the United Kingdom, Germany, and France.
Read more »
threat report
Business Security Chinese Hackers Cyber Security Mexico threat report

Here's How Criminals Are Targeting Users and Enterprises in Mexico

 

A recent Mandiant report highlighted the increasing cyber threats that Mexico is facing, including a sophisticated blend of domestic and global cybercrime that targets both individuals and businesses. 

Mexico's economy, ranked 12th largest in the world, makes it an appealing target for both financially driven hackers and cyber criminals from countries like North Korea, China, and Russia.

Since 2020, cyber espionage groups from over ten nations have been identified attempting to breach Mexican organisations. Among these, attackers affiliated with the People's Republic of China (PRC), North Korea, and Russia have been the most active, with China accounting for one-third of government-sponsored phishing activity.

Chinese actors are focussing specifically on news, education, and government organisations in Mexico; this is consistent with similar targeting strategies observed in regions where China has made large investments. 

Since the start of the war in Ukraine, North Korean outfits have focused on financial technology and cryptocurrency firms, while Russian cyber espionage activities have fallen substantially as resources have been diverted to other areas. The use of commercial spyware in Mexico is also highlighted in the report, with politicians, human rights advocates, and journalists being among the targets.

These tools are frequently sold to governments or attackers and are used to detect and exploit vulnerabilities in consumer devices. While spyware attacks only affect a few people at a time, they have significant implications for Mexico's press freedom and political integrity. 

Mandiant's report highlights a significant increase in ransomware and extortion operations in Mexico. From January 2023 to July 2024, Mexico ranked second in Latin America in terms of data leak site (DLS) listings following ransomware attacks, trailing only Brazil. LockBit, ALPHV, and 8BASE have been the most active in Mexico, concentrating on industries including manufacturing, technology, and financial services.

Threats from financial malware distribution efforts persist in Mexico, as attackers use lures related to taxes and finance to trick unsuspecting victims into downloading malicious software. UNC4984 and other groups have been seen distributing malware to Mexican banks via spoofed Mexican government websites, including the Mexican Tax Administration Service (SAT).
Read more »
Threat Landscape
Business Security Cyber Security Decryptor Ransomware Attackers Threat Landscape

Ransomware Actors Refused to Provide Decryptor Even After Recieving Ransom Payment

 

For C-suite executives and security leaders, learning that your organisation has been infiltrated by network attackers, critical systems have been locked down, and data has been compromised, followed by a ransom demand, could be the worst day of their professional life. 

But, as some executives recently discovered who had contracted the Hazard ransomware, things can go far worse. The decryptor that was provided in exchange for paying the ransom to unlock the encrypted files did not function. 

Security researchers did not talk to the victim organization in this case – its executives declined to be interviewed about their experience – hence the specifics remain unknown. 

Still, researchers believe that deciding that paying the criminals was the best way out of the scenario - for concerns regarding customer and employee data privacy, to bring business operations back online, to minimise reputational damage, or simply because there were no backups (oops) - was a painful decision in and of itself. But what if you pay the extortionists and still are unable to recover the files? That's excruciating. 

"Ransomware as a whole is extremely stressful for the victim," stated Mark Lance, ransomware negotiator with GuidePoint Security. "Now in this circumstance, specifically, where they've made the payment and the decryption tools don't work," the stress levels ratcheted up several notches. 

"In this, and in a lot of situations like this one, they're relying heavily on those decryption capabilities working on certain systems so that they can recover operations," Lance added. "So the stress substantially increases because they're like, 'Hey, we made this large ransom payment amount with established terms that said if we paid we're going to get access.'” 

Following their initial failure to decrypt their files, the compromised organisation acquired a new decryptor version from the hackers; however, this was also not functioning. Following a call from a third party participating in the ransomware discussions, GuidePoint attempted to contact the perpetrators' "technical support" desk but was informed that a new version of the decryptor was required on behalf of the victim. 

Whatever the reason, the organisation was unable to access the encrypted files, and the Hazard ransomware gang vanished. Eventually, GuidePoint was able to patch the decryptor binary and then brute-force 16,777,216 potential values until some critical missing bytes in the cryptographic process were discovered, resulting in a functional tool for decrypting the files. It's a good reminder, though, that paying a ransom does not ensure data recovery.
Read more »
Threat Intelligence
Business Security CISOs Cyber Criminals Cyber Security Threat Intelligence

Here's Why Attackers Have a Upper Hand Against CISOs

 

Security experts have an in-depth knowledge of the technical tactics, techniques, and procedures (TTPs) that attackers employ to launch cyberattacks. They are also knowledgeable about critical defensive methods, such as prioritising patching based on risk and creating a zero-trust policy. 

However, the world for business security appears to be one step behind hackers, who successfully launch an increasing number of attacks year after year. Here's one reason: many CISOs underappreciate, overlook, and sometimes underestimate all of the knowledge that hackers bring to the table — the nontechnical insights that they use to gain an advantage. 

“Hackers know that the average CISO has a lot on their plates and they don’t have enough [resources] to get everything done. So CISOs really have to pay attention to what hackers are doing and what they know so they can best defend against them,” stated Stephanie “Snow” Carruthers, chief people hacker at IBM.

So, what do hackers know that may not be credible? According to security researchers, these are three main hacking tactics that may go unnoticed by CISOs. 

Hackers know business schedule 

It's not a coincidence that many attacks occur during the most challenging times. Hackers do boost their attacks on weekends and holidays when security teams are understaffed. They're also more likely to strike just before lunchtime and at the end of the day, when employees are rushed thereby less aware of red indicators indicating a phishing attack or fraudulent behaviour.

“Hackers typically deploy their attacks during those times because they’re less likely to be noticed,” stated Melissa DeOrio, global threat intelligence lead at S-RM, a global intelligence and cybersecurity consultancy.

DeOrio agrees that many hackers are based in regions where daytime working hours overlap with non working hours in the Americas and Western Europe. However, she claims that research suggests that hackers exploit this disparity by timing their attacks. 

Furthermore, Tomer Bar, vice president of security research at SafeBreach, adds that threat actors seek out moments of organisational upheaval (e.g., mergers, acquisitions, layoffs, etc.) to exploit. "Threat actors will try to launch an attack at the most difficult time for the CISO and the blue team.” 

To counter this hacking technique, long-time security leaders encourage CISOs to include it into their own defence strategies. They should use third-party services during off-business hours to supplement the security team's work schedule, increase automation to improve staff efficiency at all hours, add extra layers of security such as more monitoring or tighter filters at times of increased risk, ensure priority security work is completed before busy times such as holidays, and educate all employees about the heightened risks that exist during such times. 

Gathering insights on organisations 

The attackers actively gather open-source intelligence (OSINT) in order to plan attacks. It's hardly unexpected that hackers seek out information on transformative events such as large layoffs, mergers, and the like, she says. However, CISOs, their teams, and other executives may be astonished to hear that hackers hunt for news about seemingly innocuous activities such as technology installations, new alliances, hiring sprees, and CEO schedules that show when they are away from the office. 

To counter this, CISOs can monitor OSINT about their organisations, collaborate with other executives on announcements and their timing, and run simulations on how such announcements play out from a business perspective. All of this allows CISOs and their teams to see what hackers see, better understand their thinking, and prepare for potential targeted attacks. 

Ignorant corporate culture 

Security awareness training typically demands employees to take time to review emails or think through requests to help determine whether a request is legitimate or suspicious. Yet workplace culture today generally works against that approach, Huffman notes. “We praise ourselves for putting ourselves in an emotional hot state,” he says, pointing to job postings that use phrases such as “fast-paced,” “dynamic” and “high-intensity” to describe the workplace culture as evidence. 

According to Huffman, Employees do not have — nor are they encouraged to take — extra time to review incoming messages (whether via email, phone, video, text, or other means). "And that's why hackers are successful: they catch us in constant emotional hot states when you're clicking through 1,000 emails.”
Read more »
online misinformation
Bots Business Security Cyber Fraud cybersecurity challenges Digital threats fake users internet integrity online misinformation

The Threat of Bots and Fake Users to Internet Integrity and Business Security

 

 
The bots account for 47% of all internet traffic, with "bad bots" making up 30% of that total, as per a recent report by Imperva .These significant numbers threaten the very foundation of the open web.Even when a user is genuinely human, it's likely that their account is a fake identity, making "fake users" almost as common online as real ones.

In Israel, folks are well-acquainted with the existential risks posed by bot campaigns. Following October 7, widespread misinformation campaigns orchestrated by bots and fake accounts swayed public opinion and policymakers.

The New York Times, monitoring online activity during the war, discovered that “in a single day after the conflict began, roughly 1 in 4 accounts on Facebook, Instagram, TikTok, and X, formerly Twitter, discussing the conflict appeared to be fake... In the 24 hours following the Al-Ahli Arab hospital blast, more than 1 in 3 accounts posting about it on X were fake.” With 82 countries holding elections in 2024, the threat posed by bots and fake users is reaching critical levels. Just last week, OpenAI had to disable an account belonging to an Iranian group using its ChatGPT bot to create content aimed at influencing the US elections.

The influence of bots on elections and their broader impact is alarming. As Rwanda geared up for its July elections, Clemson University researchers identified 460 accounts spreading AI-generated messages on X in support of President Paul Kagame. Additionally, in the last six months, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) detected influence campaigns targeting Georgian protesters and spreading falsehoods about the death of an Egyptian economist, all driven by inauthentic accounts on X.

Bots and fake users pose severe risks to national security, but online businesses are also significantly affected.Consider a scenario where 30-40% of all digital traffic for a business is generated by bots or fake users. This situation results in skewed data that leads to flawed decision-making, misinterpretation of customer behaviors, misdirected efforts by sales teams, and developers focusing on products that are falsely perceived as in demand. The consequences are staggering. A study by CHEQ.ai, a Key1 portfolio company and go-to-market security platform, found that in 2022 alone, over $35 billion was wasted on advertising, and more than $140 billion in potential revenue was lost.

Ultimately, fake users and bots undermine the very foundations of modern business, creating distrust in data, results, and even among teams.

The introduction of Generative AI has further complicated the issue by making it easier to create bots and fake identities, lowering the barriers for attacks, increasing their sophistication, and expanding their reach. The scope of this problem is immense. 

Education is a crucial element in fighting the online epidemic of fake accounts. By raising awareness of the tactics used by bots and fake users, society can be empowered to recognize and reduce their impact. Identifying inauthentic users—such as those with incomplete profiles, generic information, repetitive phrases, unusually high activity levels, shallow content, and limited engagement—is a critical first step. However, as bots become more sophisticated, this challenge will only grow, highlighting the need for continuous education and vigilance.

Moreover, public policies and regulations must be implemented to restore trust in digital spaces. For instance, governments could mandate that large social networks adopt advanced bot-mitigation tools to better police fake accounts.

Finding the right balance between preserving the freedom of these platforms, ensuring the integrity of posted information, and mitigating potential harm is challenging but necessary for the longevity of these networks.

On the business side, various tools have been developed to tackle and block invalid traffic. These range from basic bot mitigation solutions that prevent Distributed Denial of Service (DDoS) attacks to specialized software that protects APIs from bot-driven data theft attempts.

Advanced bot-mitigation solutions use sophisticated algorithms that conduct real-time tests to verify traffic integrity. These tests assess account behavior, interaction levels, hardware characteristics, and the use of automation tools. They also detect non-human behavior, such as abnormally fast typing, and review email and domain histories.

While AI has contributed to the bot problem, it also offers powerful solutions to combat it. AI’s advanced pattern recognition capabilities allow for more precise and rapid differentiation between legitimate and fake bots. Companies like CHEQ.ai are leveraging AI to help marketers ensure their ads reach real human users and are placed in secure, bot-free environments, countering the growing threat of bots in digital advertising.

From national security to business integrity, the consequences of the “fake internet” are vast and serious. However, there are several effective methods to address the problem that deserve renewed focus from both the public and private sectors. By raising awareness, enhancing regulation, and instituting active protection, we can collectively contribute to a more accurate and safer internet environment.
Read more »
Vulnerability management
Business Security Cyber Security ransomware attacks Threat Management Vulnerability management

Here's Why Ransomware Actors Have a Upper Hand Against Organisations

 

Successful ransomware assaults are increasing, not necessarily because the attacks are more sophisticated in design, but because attackers have found that many of the world's largest companies lack adequate resilience to basic safety measures. Despite huge efforts in cybersecurity from both the private and public sectors, many organisations remain vulnerable to ransomware attacks.

Richard Caralli, senior cybersecurity advisor at Axio, has over 40 years of experience as a practitioner, researcher, and leader in the audit and cybersecurity fields. Based on his years of experience, he believes that there are two primary reasons of the lack of ransomware resilience that exposes numerous organisations to otherwise preventable flaws in their ransomware defences: 

  • Recent noteworthy intrusions, such as those on gaming companies, consumer goods manufacturers, and healthcare providers, highlight the fact that some organisations may not have implemented basic safety standards. 
  • Organisations that have put in place foundational practices may not have done enough to confirm and validate those practices' performance over time, which causes expensive investments to lose their efficacy more quickly. 

Given this, organisations can take three simple activities to boost fundamental resilience to ransomware: 

Recommit to core practices

According to Verizon's "2023 Data Breach Investigations Report," 61% of all incidents used user credentials. Two-factor authentication (2FA) is currently regarded as an essential control for access management. However, a failure to apply this additional layer of security is at the heart of UnitedHealth Group/Change Healthcare's ongoing ransomware nightmare. This intrusion affects not only patients, but also service providers and professionals, who face severe barriers to obtaining treatment authorisations and payments. An entire sector is under attack as a result of a major healthcare provider's failure to adopt this foundational control.

Ensure fundamental procedures are institutionalised

There is a "set and forget" approach that handles cybersecurity during the installation stage but fails to ensure that procedures, controls, and countermeasures are long-lasting throughout the infrastructure's life, particularly when these infrastructures expand and adapt to organisational change. 

For example, cybersecurity procedures that are not actively adopted with characteristics that enable institutionalisation and durability are at risk of failing to withstand developing ransomware attack vectors. But what exactly does institutionalisation mean? Higher maturity behaviours include documenting the practice, resourcing it with sufficiently skilled and accountable people, tools, and funding, supporting its enforcement through policy, and measuring its effectiveness over time. 

Implementing the basics 

The issue of implementing and maintaining essential cybersecurity measures is numerous. It necessitates a commitment to constant attention, active management, and a thorough understanding of emerging hazards. However, by confronting these obstacles and ensuring that cybersecurity procedures are rigorously established, measured, and maintained, organisations may better protect themselves against the ever-present threat of ransomware attacks. 

Focussing on the basics first — such as implementing foundational controls like 2FA, developing maintenance skills to integrate IT and security efforts, and adopting performance management practices — can lead to significant improvements in cybersecurity, providing robust protection with less investment.
Read more »
Threat Management
Business Security Cyber Security Ransomware attack SEC Settlement Threat Management

Here's What Businesses Can Learn From a $2 Million Ransomware Attack SEC Settlement

 

Business leaders and security teams can learn a lot from the recent $2.1 million settlement reached between the Securities and Exchange Commission and R.R. Donnelly & Sons Co. regarding a ransomware assault. The settlement brought RRD's negligence to light and emphasises how crucial it is for publicly listed firms to have robust safety policies and procedures in place. 

Here are key takeaways that private and public organisations can use to improve their cybersecurity posture and comply with SEC standards. 

RRD ransomware attack overview 

RRD is a publicly listed international provider of marketing and corporate communication services. The organisation used a third-party managed security services provider (MSSP) to safeguard and monitor their infrastructure. In late November 2021, RRD's intrusion prevention systems identified odd behaviour and sent notifications to both RRD and their MSSP supplier. Following assessment of these signals, the MSSP opted to escalate three issues to RRD's security personnel. 

  • Similar behaviours were observed on multiple computers throughout the RRD network, indicating that a threat actor was either making lateral movements or had compromised multiple endpoints.
  • Activities had some connection to a larger phishing campaign. 
  • It was revealed by open-source intelligence that the malware could allow arbitrary code to be executed remotely. 

Unfortunately, RRD decided not to remove the compromised devices from the network and did not carry out their own investigation to prevent further compromise until nearly a month later. Between November and December, the MSSP identified at least 20 more security alerts connected to the same incident, but failed to elevate them to RRD, including malware execution on the domain controller. 

The attacker then installed encryption software on RRD machines and stole 70 gigabytes of data, including financial and personal data from 29 of RRD's 22,000 clients. RRD eventually launched its ransomware response actions on December 23, 2021, and filed their 8-K on December 27, 2021. 

Overview of SEC's findings and judgement 

The SEC's filing cites RRD's incompetence in the following areas: 

  • RRD's policies and controls were not intended to ensure that all relevant information about security alerts and incidents were reported to RRD's disclosure decision makers on a timely basis. 
  • RRD failed to offer guidance to its internal and external people on reporting safety incidents and responding to them.
  • Even though RRD got alerts and escalations from its systems and service provider about three weeks before the encryption, it failed to analyse them and take appropriate investigative and remedial action. 

Based on these findings, the SEC claimed that RRD violated the disclosure controls and procedures requirements of Exchange Act Rule 13a-15(a) and the internal accounting controls provisions of Exchange Act Section 13(b)(2)(B). The SEC evaluated a $2.125 million penalty on RRD. 

Key takeaways for security teams

The RRD verdict highlights the SEC's tightening grasp on cybersecurity controls and laws. Here are some significant takeaways for security teams in publicly listed companies: 

Ensure close oversight of service providers: In your contracts and meetings with MSSPs, be clear about security requirements and adherence to security processes. Streamline the process for increasing notifications. All such contracts, protocols, and processes must be evaluated annually or on a regular basis to ensure that there are no gaps. 

Implement effective disclosure processes: RRD was fortunate that the new SEC disclosure standards were not in existence when this incident occurred. If those restrictions had been in effect, they may have faced far more severe fines. The present disclosure requirements compel organisations to file a disclosure (Form 8-K) within four days of the material determination of an incident. As a result, it is vital that organisations adopt rigorous disclosure procedures. 

Train your staff: There is a direct correlation between phishing and ransomware. Phishing emails are often successful because busy users are distracted by various jobs and communication channels, making them less vigilant in identifying phishing efforts. The Conti ransomware group, suspected to be responsible for the RRD attack, is known to use normal phishing tactics as an entry point. 

Phishing is clearly the result of poor security awareness, judgement, and consciousness among users. Organisations that use phishing simulation exercises and gamification can significantly reduce phishing attacks. Employees should also receive training on security escalation and incident response procedures.

The settlement between the SEC and RRD is a big wake-up call for organisations that have failed to prioritise cybersecurity enforcement and regulatory compliance. It is critical for organisations to actively supervise security providers, periodically train personnel on security awareness practices, update escalation and incident management policies, and prioritise security alerts and notifications. By implementing these key best practices, businesses can assure compliance with the most recent SEC standards while also improving their overall security posture.
Read more »
Ransomware
Business Security Cyber Attacks Financial Loss Manufacturing Firm Ransomware

Keytronic Lost Over $17 Million Due to a Ransomware Attack

 

Keytronic, an electronic manufacturing services supplier, has said that it lost more than $17 million as a result of a ransomware assault in May. The American technology firm established in 1969 as an Original Equipment Manufacturer (OEM) of keyboards and mice, but has since grown to become one of the leading global manufacturers of printed circuit board assembly (PCBA), with operations in the United States, Mexico, China, and Vietnam. 

In a filing with the Securities and Exchange Commission (SEC) last Friday, Keytronic stated that it detected the incident on May 6 after outages at its Mexico and U.S. sites affected business systems allowing bot operations and corporate services. 

"Due to this event, the Company incurred approximately $2.3 million of additional expenses and believes that it lost approximately $15 million of revenue during the fourth quarter," the company noted. "Most of these orders are recoverable and are expected to be fulfilled in fiscal year 2025. Partially offsetting these additional expenses was an insurance gain in the amount of $0.7 million that was also recorded during the quarter.” 

Keytronic originally disclosed in a May filing that the hack required it to suspend domestic and Mexican operations for two weeks during the incident response. The corporation also stated that the hackers stole private data from its systems during the intrusion. While Keytronic has yet to identify the attack to a specific threat group, the Black Basta ransomware gang claimed responsibility in late May and published all of the data stolen from the company's systems. 

The Black Basta ransomware gang claimed responsibility for the attack in late May and released what they claimed to be all of the data harvested from the company's systems, however Keytronic has not yet linked the attack to a specific threat group.

During the hack, the ransomware gang claimed to have access to several types of data such as HR, finance, engineering, and corporate files. Black Basta's dark web leak website published screenshots of employees' passports and social security cards, customer presentations, and company records. Black Basta is a Ransomware-as-a-Service (RaaS) operation that first appeared in April 2022 and has since claimed numerous high-profile victims, including government contractors and healthcare organisations.
Read more »
Technology
Business Security ChatGPT Data Privacy Generative AI Technology

Risks of Generative AI for Organisations and How to Manage Them

 

Employers should be aware of the potential data protection issues before experimenting with generative AI tools like ChatGPT. You can't just feed human resources data into a generative AI tool because of the rise in privacy and data protection laws in the US, Europe, and other countries in recent years. After all, employee data—including performance, financial, and even health data—is often quite sensitive.

Obviously, this is an area where companies should seek legal advice. It's also a good idea to consult with an AI expert regarding the ethics of utilising generative AI (to ensure that you're acting not only legally, but also ethically and transparently). But, as a starting point, here are two major factors that employers should be aware of. 

Feeding personal data

As I previously stated, employee data is often highly sensitive and sensitive. It is precisely the type of data that, depending on your jurisdiction, is usually subject to the most stringent forms of legal protection.

This makes it highly dangerous to feed such data into a generative AI tool. Why? Because many generative AI technologies use the information provided to fine-tune the underlying language model. In other words, it may use the data you provide for training purposes, and it may eventually expose that information to other users. So, suppose you employ a generative AI tool to generate a report on employee salary based on internal employee information. In the future, the AI tool can employ the data to generate responses for other users (outside of your organisation). Personal information could easily be absorbed by the generative AI tool and reused. 

This isn't as shady as it sounds. Many generative AI programmes' terms and conditions explicitly specify that data provided to the AI may be utilised for training and fine-tuning or revealed when users request cases of previously submitted inquiries. As a result, when you agree to the terms of service, always make sure you understand exactly what you're getting yourself into. Experts urge that any data given to a generative AI service be anonymised and free of personally identifiable information. This is frequently referred to as "de-identifying" the data.

Risks of generative AI outputs 

There are risks associated with the output or content developed by generative AIs, in addition to the data fed into them. In particular, there is a possibility that the output from generative AI technologies will be based on personal data acquired and handled in violation of data privacy laws. 

For example, suppose you ask a generative AI tool to provide a report on average IT salary in your area. There is a possibility that the programme will scrape personal data from the internet without your authorization, violating data protection rules, and then serve it to you. Employers who exploit personal data provided by a generative AI tool may be held liable for data protection violations. For the time being, it is a legal grey area, with the generative AI provider likely bearing the most or all of the duty, but the risk remains. 

Cases like this are already appearing. Indeed, one lawsuit claims that ChatGPT was trained on "massive amounts of personal data," such as medical records and information about children, that was accessed without consent. You do not want your organisation to become unwittingly involved in a litigation like this. Essentially, we're discussing an "inherited" risk of violating data protection regulations. However, there is a risk involved. 

The way forward

Employers must carefully evaluate the data protection and privacy consequences of utilising generative AI and seek expert assistance. However, don't let this put you off adopting generative AI altogether. Generative AI, when used properly and within the bounds of the law, can be an extremely helpful tool for organisations.
Read more »
Thread Landscape
Business Security Cyber defense Cyber Security Machine Identity Thread Landscape

Machine Identities Pose Major Threat to Indian Organizations: CyberArk

 

In an era where digital transformation is swiftly reshaping the business world, the most recent research from CyberArk, an identity security company, highlights a growing concern: identity-related breaches. 

The 2024 Identity Security Threat Landscape Report highlights a concerning trend among Indian companies, with 93% reporting two or more identity-related breaches in the previous year. This worrying number demonstrates how Artificial Intelligence (AI) boosts both cyber defences and attacker capabilities by increasing the rate at which these identities are created. 

The rise of machine identities 

As organisations implement multi-cloud strategies and integrate AI-driven programmes, the number of machine identities expands. These identities, which are frequently allowed sensitive or privileged access, are currently regarded as the riskiest category. 

Unlike human identities, machine identities usually lack effective security protections, making them ideal targets for cyber attackers. The report emphasises that machine identities are the key driver of identity expansion, with 50% of organisations expecting a threefold increase in identities over the next year.

Humans vs. Machines: A security gap

The findings reveal a huge discrepancy in how organisations approach human and machine identities. While 53% of organisations define privileged users as human exclusively, 46% broaden the definition to cover any identities with sensitive access, whether human or machine. This mismatch highlights a key vulnerability in identity security solutions, emphasising the necessity for a unified strategy. 

AI’s role in cyber defense 

The report also focuses on AI's dual function in cybersecurity. Nearly every organisation (99%) is using AI-powered solutions to strengthen their defences. However, attackers employ the same technologies to increase the sophistication of their attacks. 

Notably, 93% of respondents believe that AI-powered goods will create new security risks in the coming year. Despite these concerns, 84% of security professionals are confident that their employees can detect deepfakes in organisational leadership, demonstrating greater awareness and training in organisations. 

Conclusion

The findings of the CyberArk research serve as a sharp reminder of the changing threat landscape and the vital role of strong identity safety measures.

As organisations expand their digital footprints, a paradigm shift towards a more integrated and robust cybersecurity design is needed. Organisations can better safeguard themselves against the ever-expanding range of digital threats by prioritising identity security in their strategy.
Read more »
Threat Landscape
Business Security Cyber Attacks Dutch Firm Ransomware attack Threat Landscape

Dutch Threat Experts Issues Warning to Companies Regarding Ransomware Attack

 

Thousands of companies have received alerts about a global ransomware attack from the Dutch cybersecurity agencies. The perpetrators, known as the Cactus Gang, hail from Eastern Europe and have been operating since the end of last year.

The gang infiltrated the companies' networks because the companies used a Qlik Sense server. The Dutch experts stated they noticed that many of these systems are susceptible to ransomware attacks. The professionals work for Fox-IT of Delft, Northwave of Utrecht, Responders of Amsterdam, and ESET of Sliedrecht. 

The attackers were able to breach the security systems of 122 firms, at least ten of those based in the Netherlands. The security specialists exchanged details regarding the situation and realised that victims were being attacked in the same manner each time. The four companies reported their findings to the Dutch authorities.

Around 5,200 Qlik Sense servers are in use around the world, with around 3,100 of them vulnerable. According to Dutch security organisations, "the cooperation has potentially helped prevent a maximum of 3,100 victims of the Cactus Gang.”

Only recently have police, prosecutors, and security officials begun sharing details regarding ransomware attacks. This is why the collaboration project, Melissa, was established last year. Since then, additional operations against cybercriminals have been accomplished successfully. "Mutual confidence has grown strongly as a result of this," security expert Willem Zeeman from Fox-IT stated.

The Digital Trust Centre (DTC), which is part of the Ministry of Economic Affairs, notified Dutch enterprises so that they might take precautions. The Dutch Institute for Vulnerability Disclosure (DIVD) notified foreign cyber organisations, such as the American Cybersecurity & Infrastructure Security Agency (CISA) and the FBI. 

Ransomware attacks have wreaked havoc on numerous Dutch businesses and institutions in recent years. The victims included the Dutch football association KNVB, the VDL Group, Maastricht University, Hof van Twente, RTL Nederland, the Dutch Organisation for Scientific Research (NWO), and Mediamarkt. 

In the majority of cases, a ransom was demanded. Last year, the Digital Trust Centre notified more than 140,000 Dutch companies of specific cyber threats.
Read more »
Threat Landscape
Business Security Cyber Security Multi-Layer Security Threat Intelligence Threat Landscape

Defense-in-Depth: A Layered Approach for Modern Cybersecurity

 

The cybersecurity landscape has shifted dramatically in recent years. Malware, phishing attempts, and data breaches have grown in frequency and scope, prompting organisations to invest more time and money into enhancing their cybersecurity strategies. Organisations should be aware of the shifting threat landscape, asking themselves what issues they face today and what specific steps they can take to mitigate the risks of cybercrime

This was the topic of discussion between cybersecurity expert Jon Bernstein and John Shier, field CTO commercial at Sophos, as they analysed how the security landscape is moving with increasingly sophisticated crime and what this implies for the future of business security. 

Shier highlighted multiple critical takeaways, including the evolution of cybercrime professionalisation and specialisation. Firewalls and multilayering defences, such as multi-factor authentication (MFA), have become critical additions to current organisational security layers in order to react to changing hacker techniques.

“We are getting better at detection, and are able to catch these people in the act sooner, but they know that. They know we’re better at detection, we have better tools and services, to aid in this quest of detecting them sooner and so they move faster, naturally,” noted Shier. “The faster we attack, the more we start to prevent these attacks, then the faster we can break their cadence and get in the way.” 

Shier also reviewed Sophos' recent research, 'Stopping Active Adversaries,' which identifies the most prevalent and emerging ways hackers infiltrate organisations. The study, which is based on an evaluation of 232 large cyber incidents managed by Sophos X-Ops incident responders, provides helpful suggestions for security strategy. 

Among its primary results are that compromised credentials and exploited vulnerabilities remain the most common entry points, and attacks are becoming faster. Ransomware dwell duration was reduced to five days in 2023, down from larger levels in previous years, and 91% of ransomware assaults occurred outside of business hours, highlighting the necessity for organisations to invest in round-the-clock protection.

Three steps to enhance security 

Shier highlights the need of three elements for organisations in combating these threats: security, monitoring, and response. "Securing means increasing friction wherever possible, using strong levels of multifactor authentication. "That is critical, and it should be applied wherever possible," Shier added. 

Shier warns that cybercriminals will only adapt when absolutely necessary. He suggests raising the bar so high that some cybercriminals' tactics "won't be worth it anymore," but reminds businesses that they no longer need to navigate their cybersecurity journey alone, and can rely on beneficial partnerships to maintain airtight security for their organisation and employees.

“Getting security right can be difficult and time-consuming, it’s resource-consuming and expensive,” Shier added. “When you find yourself in a situation where you think, I’m having trouble doing this on my own, go ask for help. There are plenty of organisations out there, whether it’s people you can partner with for your IT infrastructure or vendors that can help you, ask for help, we’re here to help, and we’ve got the experience to keep you safe.” 

During this extensive discussion, Shier offere more insightful details and recommendations to help organisations create a thorough cybersecurity plan. The dynamic landscape of cybercrime and security underscores the significance of implementing multi-layered defences and the necessity for constant protection. Businesses can keep their digital assets safe and remain ahead of cyber threats by taking proactive measures to secure, monitor, and respond.
Read more »
Threat Landscape
Business Security CISO Cyber Security Dark Web Data Privacy Threat Landscape

Here's Why Tracking Everything on the Dark Web Is Vital

 

Today, one of the standard cybersecurity tools is to constantly monitor the Dark Web - the global go-to destination for criminals - for any clues that the trade secrets and other intellectual property belonging to the organisation have been compromised. 

The issue lies in the fact that the majority of chief information security officers (CISOs) and security operations centre (SOC) managers generally assume that any discovery of sensitive company data indicates that their enterprise systems have been successfully compromised. That's what it might very well mean, but it could also mean a hundred different things. The data may have been stolen from a supply chain partner, a corporate cloud site, a shadow cloud site, an employee's home laptop, a corporate backup provider, a corporate disaster recovery firm, a smartphone, or even a thumb drive that was pilfered from a car.

When dealing with everyday intellectual property, such as consumer personal identifiable information (PII), healthcare data, credit card credentials, or designs for a military weapons system, knowing that some version of it has been acquired is useful. However, it is nearly hard to know what to do unless the location, timing, and manner of the theft are known. 

In some cases, the answer could be "nothing." Consider some of your system's most sensitive files, including API keys, access tokens, passwords, encryption/decryption keys, and access credentials. If everything is carefully recorded and logged, your team may find that the discovered Dark Web secrets have already been systematically deleted. There would be no need for any further move.

Getting the info right

Most CISOs recognise that discovering secrets on the Dark Web indicates that they have been compromised. However, in the absence of correct details, they frequently overreact — or improperly react — and implement costly and disruptive modifications that may be entirely unnecessary. 

This could even include relying on wrong assumptions to make regulatory compliance disclosures, such as the European Union's General Data Protection Regulation (GDPR) and the Securities and Exchange Commission's (SEC) cybersecurity obligations. This has the potential to subject the organisation to stock drops and compliance fines that are avoidable. 

Establishing best practices

You must keep a tightly controlled inventory of all of your secrets, including intricate and meticulous hashing techniques to trace all usage and activity. This is the only way to keep track of all activity involving your machine credentials in real time. If you do this aggressively, you should be able to detect a stolen machine credential before it reaches the Dark Web and is sold to the highest bidder.

Another good strategy is to regularly attack the Dark Web — and other evil-doers' dens — with false files to add a lot of noise to the mix. Some discriminating bad guys may avoid your data totally if they are unsure if it is genuine or not.
Read more »
UK Firms
Business Security Corporate Finance Cyber Security Data Safety Threat Landscape UK Firms

City Cyber Taskforce Introduced to Safeguard Corporate Finance in UK

 

Two of the UK's main accounting and security agencies are forming a new taskforce today to help organisations enhance the security of their corporate finance transactions. 

The effort is being led by the Institute of Chartered Accountants in England and Wales (ICAEW) in partnership with the National Cyber Security Centre. Other representatives from banking, law, consulting, and other fields include the Association of Corporate Treasurers, the British Private Equity and Venture Capital Association, Deloitte, EY, KPMG, the Law Society, the London Stock Exchange, the Takeover Panel, and UK Finance.

During the task force's launch earlier this week, the 14 organisations published new regulations meant to help businesses mitigate cyber-risk while engaging in corporate finance activities, such as capital raising, mergers and acquisitions, and initial public offerings. 

Important guidelines regarding building resilience against cyberattacks, protecting commercially sensitive data shared during deal processes, and responding to breaches were all included in Cyber Security in Corporate Finance. Additionally, it will include important details about various cyber-risks. 

According to Michael Izza, CEO of ICAEW, organisations may be vulnerable to security breaches when confidential information is shared during a transaction. 

“A cyber-attack could have a potentially disastrous impact on the dealmaking process, and so it is crucial that boardrooms across the country treat threats very seriously and take preventative action,” Izza added. “We must do all that we can to ensure London remains a pre-eminent place to do deals, raise investment and generate growth.” 

Sarah Lyons, NCSC deputy director for economy and society, stated that chartered accountants are becoming an increasingly appealing target for threat actors due to the sensitive financial and risk data they handle. 

A breach in this sector can not only jeopardise organisations and their customers, but can also undermine trust, confidence and reputation. I'd encourage everyone from across the industry to engage with this report and the NCSC's range of practical guidance, to help increase their cyber resilience, Lyons advised.
Read more »
Subscribe to: Posts (Atom)