Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CSA. Show all posts

The Rise of AI: New Cybersecurity Threats and Trends in 2023

 

The rise of artificial intelligence (AI) is becoming a critical trend to monitor, with the potential for malicious actors to exploit the technology as it advances, according to the Cyber Security Agency (CSA) on Tuesday (Jul 30). AI is increasingly used to enhance various aspects of cyberattacks, including social engineering and reconnaissance. 

The CSA’s Singapore Cyber Landscape 2023 report, released on Tuesday, highlights that malicious actors are leveraging generative AI for deepfake scams, bypassing biometric authentication, and identifying vulnerabilities in software. Deepfakes, which use AI techniques to alter or manipulate visual and audio content, have been employed for commercial and political purposes. This year, several Members of Parliament received extortion letters featuring manipulated images, and Senior Minister Lee Hsien Loong warned about deepfake videos misrepresenting his statements on international relations.  

Traditional AI typically performs specific tasks based on predefined data, analyzing and predicting outcomes but not creating new content. This technology can generate new images, videos, and audio, exemplified by ChatGPT, OpenAI’s chatbot. AI has also enabled malicious actors to scale up their operations. The CSA and its partners analyzed phishing emails from 2023, finding that about 13 percent contained AI-generated content, which was grammatically superior and more logically structured. These AI-generated emails aimed to reduce logical gaps and enhance legitimacy by adapting to various tones to exploit a wide range of emotions in victims. 

Additionally, AI has been used to scrape personal identification information from social media profiles and websites, increasing the speed and scale of cyberattacks. The CSA cautioned that malicious actors could misuse legitimate research on generative AI’s negative applications, incorporating these findings into their attacks. The use of generative AI adds a new dimension to cyber threats, making it crucial for individuals and organizations to learn how to detect and respond to such threats. Techniques for identifying deepfakes include evaluating the message, analyzing audio-visual elements, and using authentication tools. 

Despite the growing sophistication of cyberattacks, Singapore saw a 52 percent decline in phishing attempts in 2023 compared to the previous year, contrary to the global trend of rising phishing incidents. However, the number of phishing attempts in 2023 remained 30 percent higher than in 2021. Phishing continues to pose a significant threat, with cybercriminals making their attempts appear more legitimate. In 2023, over a third of phishing attempts used the credible-looking domain “.com” instead of “.xyz,” and more than half of the phishing URLs employed the secure “HTTPS protocol,” a significant increase from 9 percent in 2022. 

The banking and financial services, government, and technology sectors were the most targeted industries in phishing attempts, with 63 percent of the spoofed organizations belonging to the banking and financial services sector. This industry is frequently targeted because it holds sensitive and valuable information, such as personal details and login credentials, which are highly attractive to cybercriminals.

2024 Data Dilemmas: Navigating Localization Mandates and AI Regulations

 


Data has been increasing in value for years and there have been many instances when it has been misused or stolen, so it is no surprise that regulators are increasingly focused on it. Shortly, global data regulation is likely to continue to grow, affecting nearly every industry as a result.

There is, however, a particular type of regulation affecting the payments industry, the "cash-free society," known as data localization. This type of regulation increases the costs and compliance investments related to infrastructure and compliance. 

There is a growing array of overlapping (and at times confusing) regulations on data privacy, protection, and localization emerging across a host of countries and regions around the globe, which is placing pressure on the strategy of winning through scale.

As a result of these regulations, companies are being forced to change their traditional uniform approach to data management: organizations that excelled at globalizing their operations must now think locally to remain competitive. 

As a result, their regional compliance costs increase because they have to invest time, energy, and managerial attention in understanding the unique characteristics of each regulatory jurisdiction in which they operate, resulting in higher compliance costs for their region. 

As difficult as it may sound, it is not an easy lift to cross geographical boundaries, but companies that find a way to do so will experience significant benefits — growth and increased market share — by being aware of local regulations while ensuring that their customer experiences are excellent, as well as utilizing the data sets they possess across the globe. 

Second, a trend has emerged regarding the use of data in generative artificial intelligence (GenAI) models, where the Biden administration's AI executive order, in conjunction with the EU's AI Act, is likely to have the greatest influence in the coming year.

The experts have indicated that enforcement of data protection laws will continue to be used more often in the future, affecting a wider range of companies, as well. In 2024, Troy Leach, chief strategy officer for the Cloud Security Alliance (CSA), believes that the time has come for companies to take a more analytical approach towards moving data into the cloud since they will be much more aware of where their data goes. 

The EU, Chinese, and US regulators put an exclamation point on data security regulations in 2023 with some severe fines. There were fines imposed by the Irish Data Protection Commission on Meta, the company behind Facebook, in May for violating localization regulations by transferring personal data about European users to the United States in violation of localization regulations. 

For violating Chinese privacy and data security regulations, Didi Global was fined over 8 billion yuan ($1.2 billion) in July by Chinese authorities for violating the country's privacy and data security laws. As Raghvendra Singh, the head of Tata Consultancy Services' cybersecurity arm, TCS Cybersecurity, points out, the regulatory landscape is becoming more complex, especially as the age of cloud computing grows. He believes that most governments across the world are either currently defining their data privacy and protection policies or are going to the next level if they have already done so," he states.

Within a country, data localization provisions restrict how data is stored, processed, and/or transferred. Generally, the restriction on storage and processing data is absolute, and a company is required to store and process data locally. 

However, transfer restrictions tend to be conditional. These laws are usually based on the belief that data cannot be transferred outside the borders of the country unless certain conditions are met. However, at their most extreme, data localization provisions may require very strict data processing, storing, and accessing procedures only to be performed within a country where data itself cannot be exported. 

Data storage, processing, and/or transfers within a company must be done locally. However, this mandate conflicts with the underlying architecture of the Internet, where caching and load balancing are often system-independent and are often borderless. This is especially problematic for those who are in the payments industry. 

After all, any single transaction involves multiple parties, involving data moving in different directions, often from one country to another (for instance, a U.S. MasterCard holder who pays for her hotel stay in Beijing with her American MasterCard). 

Business is growing worldwide and moving towards centralizing data and related systems, so the restriction of data localization requires investments in local infrastructure to provide storage and processing solutions. 

The operating architecture of businesses, business plans, and hopes for future expansion can be disrupted or made more difficult and expensive, or at least more costly, as a result of these disruptions. AI Concerns Lead to a Shift in The Landscape The technology of the cloud is responsible for the localization of data, however, what will have a major impact on businesses and how they handle data in the coming year is the fast adoption of artificial intelligence services and the government's attempts to regulate the introduction of this new technology. 

Leach believes that as companies become more concerned about being left behind in the innovation landscape, they may not perform sufficient due diligence, which may lead to failure. The GenAI model is a technology that organizations can use to protect their data, using a private instance within the cloud, he adds, but the data in the cloud will remain encrypted, he adds.

Medusa Ransomware Group Takes Ownership for Cyber-attack on Canadian Psychological Association

Medusa ransomware

The Canadian Psychological Association (CPA), the main official body for psychologists in Canada, is said to have been the target of a cyberattack by the infamous Medusa ransomware group. 

The recent incident points out the rising risk posed by threat actors demanding confidential data from enterprises. The CPA, founded in 1939 and registered under the Canada Corporations Act in May 1950, is currently dealing with the fallout from this breach.

The cyberattack on the Canadian Psychological Association

Medusa, an infamous cyber threat actor, took involvement in the CPA attack. On its dark web channel, "MEDUSA BLOG," the gang released details of the Canadian Psychological Association data breach, adding a countdown timer to put heat to the situation at hand. 

They have issued deadlines, seeking $10,000 to postpone the release of hacked info for another day, and a whopping $200,000 to completely delete the data, which may then be retrieved again.

The CPA has yet to publish an official comment or statement in response to the Canadian Psychological Association data leak.

Victims of Medusa Ransomware group

This cyberattack on the CPA is not a single incident. The Minneapolis Public School (MPS) District suffered a massive ransomware attack. In this instance, highly sensitive data regarding children and teachers was revealed on the internet, including complaints of abuse and psychological reports.

MPS initially declined to pay a $1 million ransom, and their encrypted systems were successfully restored using backups. The Medusa hacker gang, on the other hand, had not only encrypted the data but also exfiltrated their own copy, which they then published on the web and promoted via links on a Telegram channel.

Let’s try to understand MedusaLocker ransomware

MedusaLocker Ransomware was discovered in September 2019 and mostly attacks Windows devices via SPAM. This malware has unusual characteristics, such as booting into safe mode before action and file encryption. Depending on the version, it uses BAT files or PowerShell. Due to changes made by the current edition, the infected machine may suffer issues at boot-up.

After initial access, MedusaLocker grows over a network by launching a PowerShell script via a batch file. It deactivates security and forensic applications, restarts the machine in safe mode to avoid getting caught, and then locks files with AES-256 encryption. In addition, it disables start-up recovery, disables local backups, and leaves a ransom notice in every folder holding compromised data.

CISA Unveils Logging Tool to Aid Resource-Scarce Organizations

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced a security tool named "Logging Made Easy" with the aim of assisting organizations, particularly those with limited resources, in safeguarding their Windows-based devices and sensitive information.

This tool, provided as an open-source log management solution, is available free of charge to both public and private sector entities. It serves to proactively monitor potential threats, conduct retrospective investigations, and offer guidance for remedial actions in the event of a cyber incident. CISA's decision to relaunch and widen the availability of this tool comes after its initial development and upkeep by the United Kingdom's National Cyber Security Centre.

Chad Polan, the product manager for cyber shared services at CISA, emphasized the agency's objective to promote the implementation of cybersecurity measures that are demonstrably effective. This includes furnishing cybersecurity capabilities and services to bridge existing gaps. He highlighted the tool's relevance for organizations with substantial data holdings but limited resources to shield against cyberattacks.

The updated version of Logging Made Easy serves as a ready-to-use log management solution for organizations that previously utilized the service under the auspices of the U.K.’s National Cyber Security Centre. CISA is also extending access to new users seeking an accessible logging tool.

The service offers clear-cut installation instructions and can be seamlessly integrated into various logging and protective monitoring strategies. It incorporates preconfigured security detection rules to expedite responses to cyber incidents. Additionally, it includes coding designed to lower financial barriers for organizations aiming to implement fundamental logging and monitoring capabilities.

Lindy Cameron, CEO of the NCSC, commended the tool's track record, stating that it has "undeniably delivered results" and supported numerous defenders in safeguarding their networks.

CISA Director Jen Easterly underscored that this new service offering aligns with the agency's commitment to aiding resource-constrained organizations with limited defenses against cyber threats.

At present, the tool exclusively covers Windows-based devices. However, CISA has expressed openness to considering the potential expansion of the service to encompass additional operating systems in the future.

Cyberattack That Stole Personal Data of 16,000 Law Society Members, What Was Lacking?

 


Law Society Members' personal information was leaked through the Law Society of Singapore's VPN. Ransomware headlines are making the rounds, however, the reality is even grimmer. There is a high probability that victims of domestic violence will never see their names in the media, since most of them are willing to pay to resolve the problem. It is becoming increasingly dangerous as threats multiply, sophistication increases, and hackers demand more ransoms. 

As a result of a vulnerability in the Law Society's virtual private network (VPN) system, in March ransomware was launched against more than 16,000 members who were affected by the attack, according to the Personal Data Protection Commission (PDPC). 

According to the PDPC's decision, which was published on Thursday (May 11), the society used an easily guessed password for its administrator account, making it an easy target for cybercriminals.  

In addition to using an easy-to-guess password, the Singaporean Personal Data Protection Commission (PDPC) investigation concluded that the Society failed to conduct periodic security reviews. An internal audit must be completed within 60 days after the event to ensure no security gaps have been discovered by the organization. 

The ransomware attack that compromised 16,009 Law Society members has prompted a court order for the society to plug security gaps. There has been a fine of $8,000 levied against the FortyTwo furniture store for a data breach involving customer information.

In a report published this Thursday, the Personal Data Protection Commission (PDPC) mentioned these topics as some of the findings of the investigation. 

LawSoc's administrative account, which was compromised as a result of the attack, had "Welcome2020lawsoc" as the password, which had been used over the years. 

According to PDPC, the society's password for the account had not been changed at "reasonable intervals".

The PDPC's Deputy Commissioner Zee Kin Yeong concluded that many members' personal information was leaked, including their full names, residential addresses, and dates of birth. According to Channel News Asia, the (Law Society) took prompt remedial action in response to the incident since there were no signs that any personal data of its members was exfiltrated or misused. 

In its latest warning, the Cyber Security Agency of Singapore (CSA) warned that ransomware has evolved into a “massive and systemic threat” in the first half of this year. During 2020, 16,117 cybersecurity cases were reported in Singapore and accounted for 43% of all crimes committed in the country. According to the available data, as many cases of ransomware attacks are not reported to the authorities, the number of ransomware attacks in the country is likely to be much higher. 

Singapore is facing a growing threat of ransomware, a threat that you need to strengthen your defenses against and develop a response plan for, as soon as possible. 

Despite a growing number of ransomware attacks, cybercriminals continue to multiply, attract new talent, innovate new malware, and operate with impunity. You need to ensure that your defenses and incident response plan are both at the very top of their game and are constantly evolving so as to mitigate the risks. Additionally, the right defensive plan for your organisation will be unique: it will take into account your critical needs, your existing and future defenses, your vulnerabilities, as well as your ethos as an organisation.

CSA Issue Cybersecurity Alert, Calls Emergency Meeting

 

Singapore's cybersecurity organization calls together representatives from critical information infrastructure industries for two emergency meetings, during which technical information and instructions were given to help these companies in dealing with possible threats from Log4j. The country's cybersecurity agency released alerts on the Apache Java logging library flaw and is "closely analayzing" developments. 

The first alarm went out on 14 December, CSA (Cyber Security Agency) of Singapore warned "critical vulnerability," when compromised successfully, lets a hacker take full access to compromised servers. "A briefing session also was held on Friday with trade associations and chambers to highlight the severity of the Log4j vulnerability and urgency for all organizations, including small and midsize businesses (SMBs), to immediately deploy mitigation measures," reports ZD Net. It also mentioned that there was only a small window opportunity to execute mitigation actions and organizations should do it immediately. 

CSA mentioned that alerts were sent out to CII sector leads and businesses, telling them to immediately update their systems with the latest security patches. The government agency was working in collaboration with these CII representatives to take out damage control measures. The cybersecurity bill of Singapore includes 11 critical information infrastructure (CII) sectors, which allows local agencies to take proactive measures to safeguard these CIIs. 

The bill highlights a regulatory framework that formalises the duties of CII providers in protecting systems under their accountability, which includes both before and after cybersecurity incidents. These 11 "essential services" also include water, healthcare, energy, aviation and, banking, and finance. As of now, no Log4j related breaches have been reported, after the CSA issued an alert on December 14th. According to ZD Net, "CSA on Friday issued another update, raising the alert on the security flaw. It noted that because Log4j was widely used by software developers."