Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Corporate. Show all posts
Ransomware Gangs
Corporate Cyber Security cyber threat data security Ransomware Ransomware Gangs

Ransomware Gangs Targeting CEOs with Stolen Data

Ransomware Gangs Targeting CEOs with Stolen Data

Ransomware gangs are now employing a terrifying tactic—using stolen data to coerce and threaten CEOs. 

Understanding Ransomware Attacks

Ransomware is a type of malicious software that encrypts the victim's data, rendering it inaccessible until a ransom is paid. Over the years, ransomware tactics have evolved, becoming more sophisticated and damaging. Originally, ransomware attacks were more indiscriminate, targeting individuals and organizations alike. However, cybercriminals have become more strategic, now focusing on high-value targets.

The Rise of CEO Extortion

Ransomware gangs have discovered that targeting CEOs can yield higher returns. By threatening to release sensitive data, they put immense pressure on CEOs to comply with their demands. This method of extortion not only threatens the individual's reputation but also jeopardizes the entire organization's security and financial stability.

Why They Rarely Get Caught

Anonymity: Cybercriminals use encryption and the dark web to hide their identities, making it challenging for law enforcement agencies to trace them.

Jurisdictional Challenges: Ransomware attacks are often transnational, complicating legal processes. Different countries have varying laws and levels of cooperation with international authorities.

Sophisticated Techniques: These criminals are adept at covering their tracks, using advanced encryption, and frequently changing their digital footprints to evade detection.

Resource Limitations: Law enforcement agencies often lack the resources and specialized knowledge required to effectively tackle these sophisticated cybercrimes.

The consequences of a ransomware attack can be devastating. For CEOs, the personal and professional stakes are incredibly high. They face potential damage to their reputation, legal ramifications, and significant financial loss. For the organization, it can result in operational disruption, loss of sensitive data, and a breach of trust with customers and stakeholders.

Combating the Threat

  • Regularly update software, use advanced firewalls, and employ comprehensive security solutions to protect against ransomware attacks.
  • Conduct regular cybersecurity training for employees to recognize phishing attempts and other common tactics used by cybercriminals.
  • Ensure that all critical data is backed up regularly and stored securely. This can help recover data without paying the ransom.
  • Have a well-defined plan in place for responding to ransomware attacks, including steps to isolate affected systems and communicate with stakeholders.
  • Report ransomware incidents to law enforcement agencies to help track and apprehend cybercriminals.

Read more »
Threat Intelligence
Corporate Cyber Security Organization security Risk Assessment Threat Intelligence

Beyond Prioritization: Security Journey for Organizations

Prioritization tools typically rely on factors like severity, exploitability, and potential impact. While these criteria are valuable, they don't provide the full picture.

Organizations face an overwhelming number of vulnerabilities, and deciding which ones to address first can be a challenge for many. However, it's essential to recognize that prioritization is merely the beginning of a more comprehensive security journey.

The Limitations of Prioritization

Prioritization tools typically rely on factors like severity, exploitability, and potential impact. While these criteria are valuable, they don't provide the full picture. Here are some limitations:
  1. Context Matters: Prioritization tools often lack context. They don't consider an organization's unique environment, business processes, or specific threats. A high-severity vulnerability might be less critical if it doesn't align with an organization's risk profile.
  2. Dynamic Threat Landscape: Threats evolve rapidly. A vulnerability that seems low-risk today could become a weaponized exploit tomorrow. Prioritization models need to account for this dynamic nature.
  3. Resource Constraints: Organizations have finite resources—time, budget, and personnel. Prioritization doesn't address how to allocate these resources effectively.

The Holistic Approach

To move beyond prioritization, consider the following steps:
  • Risk Assessment: Start by understanding your organization's risk appetite. Conduct a risk assessment that considers business impact, regulatory compliance, and threat intelligence. This assessment informs your vulnerability management strategy.
  • Asset Inventory: Create a comprehensive asset inventory. Knowing what you're protecting allows you to prioritize vulnerabilities based on critical assets. Not all systems are equal; some are more vital to your operations.
  • Threat Intelligence: Stay informed about emerging threats. Collaborate with industry peers, subscribe to threat feeds, and monitor security forums. Threat intelligence helps you contextualize vulnerabilities.
  • Attack Surface Reduction: Minimize your attack surface. Remove unnecessary services, close unused ports, and segment your network. Fewer entry points mean fewer vulnerabilities to manage.
  • Patch Management: Prioritize patching based on risk. Critical systems should receive immediate attention, while less critical ones can follow a staggered schedule.
  • Security Hygiene: Regularly review configurations, permissions, and access controls. Misconfigurations often lead to vulnerabilities. Implement security baselines and automate hygiene checks.
  • Incident Response Readiness: Prepare for incidents. Develop an incident response plan, conduct tabletop exercises, and ensure your team knows how to respond effectively.

Transparency and Communication

Transparency is crucial. Communicate with stakeholders—executives, IT teams, and end-users. Explain the rationale behind vulnerability management decisions. Transparency builds trust and ensures everyone understands the risks.

Vulnerability prioritization is essential, but it's not the destination—it's the starting point. Embrace a holistic approach that considers context, risk, and resource constraints. By navigating the security journey with diligence and transparency, organizations can better protect their digital assets.
Read more »
Privacy
Biometric Information Privacy Act Corporate financial risks Illinois Privacy

Illinois Amends Biometric Privacy Law to Limit Corporate Liability



SPRINGFIELD, IL – Illinois has recently amended its Biometric Information Privacy Act (BIPA), essentially reducing the financial risks for companies that mishandle biometric data such as eye scans, fingerprints, and facial recognition information. The changes, signed into law by Governor J.B. Pritzker on August 2, followed a growing trend of legal adjustments aimed at balancing consumer privacy rights with corporate concerns.

Key Changes to BIPA

Originally passed in 2008, BIPA was one of the first laws in the United States to establish strict guidelines for the collection, storage, and use of biometric data. The law required companies to obtain written consent before collecting biometric information and allowed individuals to sue for damages if their data was mishandled. Previously, victims could seek $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.

However, the recent amendment dramatically alters this infrastructure. Under the new rules, multiple violations involving the same person's biometric data will now be treated as a single infraction. This change effectively limits the potential damages a company might face, even if it repeatedly mishandles an individual's biometric information.

Impact on Legal Liability

This amendment overturns a 2023 Illinois Supreme Court ruling that held companies accountable for each instance of biometric data misuse. The ruling had stemmed from a class-action lawsuit against White Castle, where an employee accused the restaurant chain of repeatedly violating BIPA by improperly collecting her biometric data. With the new law in place, such claims will now result in lower financial penalties for companies, reducing the incentive for large-scale settlements.

Legal and Industry Reactions

Legal experts and industry groups have noted the implications of this amendment. Alan Friel, a lawyer with Squire Patton Boggs, observed that the change would likely decrease the settlement value of BIPA claims. He also underlined that the new law allows companies to fulfil the written consent requirement through electronic signatures, further easing the burden on businesses.

In the past, BIPA has led to substantial settlements, such as Facebook’s $650 million agreement in 2020 to settle claims that it violated the law by using facial recognition without user consent. This settlement resulted in individual payouts of over $400 to affected users. Illinois’ law is unique in allowing individuals to directly sue companies for violations, a provision that other states, such as Colorado, have not adopted.

The amendment comes amid a broader national debate over privacy laws and the responsibilities of corporations handling sensitive data. While Illinois has maintained a more consumer-focused approach, other states have taken different paths. For example, Texas recently secured a $1.4 billion settlement with Facebook’s parent company, Meta, over similar biometric privacy violations. However, in Texas, enforcement of such laws is handled by the state, not individual consumers.

The Information Technology and Innovation Foundation (ITIF), a think tank supported by various corporations, welcomed the changes to BIPA. Ash Johnson, ITIF’s Senior Policy Manager, argued that the amendment brings much-needed balance to the law, which had previously imposed steep fines for even minor infractions. According to Johnson, the previous version of BIPA had driven some companies to limit their technological offerings in Illinois or avoid the state altogether.

The recent amendment to Illinois’ Biometric Information Privacy Act marks a notable shift in how biometric data violations are handled, reducing the financial risks for companies while still aiming to protect consumer privacy. As states across the U.S. continue to grapple with how best to regulate biometric data, Illinois' experience with BIPA will likely serve as a critical case study for future legislation.


Read more »
RBI
Banks CISO Corporate Cyber Security Opensource RBI

Enhancing API Security: CSPF's Contribution to Wallarm's Open-Source Project

 

In the ever-evolving landscape of digital security, the Cyber Security & Privacy Foundation (CSPF) remains a beacon of innovation and support. Our mission extends beyond mere advocacy for cybersecurity; we actively enhance the tools that fortify our digital world. A testament to this commitment is our recent focus on Wallarm's API Firewall, a robust tool designed to protect APIs from emerging cyber threats. 
 
Our journey with Wallarm's API Firewall began with a simple yet powerful intention: to make this tool not just effective but also adaptable to the stringent requirements of B2B and high-security environments. In doing so, we embarked on a path that not only led us to add new functionalities but also to discover and rectify hidden vulnerabilities. 
 
Introducing the AllowedIPList Feature and Addressing the Denylist Bug 
 
The new feature we introduced, the AllowedIPList, is a game-changer for API security. It restricts API access to specific, pre-approved IP addresses, an essential requirement for secure, business-to-business communications and high-security domains. This addition ensures that only authorized machines can interact with the API, thereby enhancing the security manifold. 
 
In our journey of innovation, we encountered a critical bug in the existing Denylist feature. The Denylist, designed to block requests using certain compromised keys, cookies, or tokens, had a significant flaw. The bug stemmed from a cache implementation error, leading to the failure of adding entries to the Denylist if the list was shorter than 53 characters. This vulnerability was particularly concerning for shorter tokens, commonly used in HTTP basic authentication and cookies.  
 
Our team promptly addressed this issue, ensuring that the Denylist functioned as intended, regardless of the character count. The resolution of this bug, alongside the implementation of the AllowedIPList, marked a significant enhancement in the API Firewall's security capabilities. 
 
The Broader Impact of Open-Source Contributions 
 
This initiative underscores the importance of not just using open-source software but actively contributing to it. While the immediate financial returns might be non-evident, such contributions lead to a more secure and robust digital ecosystem. It is through diverse collaboration and multiple perspectives that we can uncover and rectify latent vulnerabilities. 

Link - 

https://github.com/CSPF-Founder/api-firewall/tree/main
 
Founder & TechCore Team
Cyber Security and Privacy Foundation
https://github.com/CSPF-Founder/
Read more »
Websites
Corporate Data Exfiltration Data Extortion Data Hacking Double extortion malware Night Sky Ransom Ransom note Ransomware Tor Site Websites

Night Sky: New Ransomware Targeting Corporate Networks

 

The new year has brought with it new ransomware named 'Night Sky,' which targets corporate networks and steals data in double-extortion attacks. 

The Night Sky operation began on December 27th, according to MalwareHunterTeam, which was the first to identify the new ransomware. The ransomware has since published the data of two victims. 

One of the victims got an initial ransom demand of $800,000 in exchange for a decryptor and the promise that the stolen material would not be made public. 

How Night Sky encrypts devices

A sample of the Night Sky ransomware seen by BleepingComputer has a personalised ransom note and hardcoded login credentials to access the victim's negotiation page. 

When the ransomware is activated, it encrypts all files except those with the.dll or.exe file extensions. The ransomware will not encrypt the following files or folders: 
AppData
Boot
Windows
Windows.old
Tor Browser
Internet Explorer
Google
Opera
Opera Software
Mozilla
Mozilla Firefox
$Recycle.Bin
ProgramData
All Users
autorun.inf
boot.ini
bootfont.bin
bootsect.bak
bootmgr
bootmgr.efi
bootmgfw.efi
desktop.ini
iconcache.db
ntldr
ntuser.dat
ntuser.dat.log
ntuser.ini
thumbs.db
Program Files
Program Files (x86)
#recycle

Night Sky appends the.nightsky extension to encrypted file names while encrypting them. A ransom letter named NightSkyReadMe.hta is included in each folder, and it provides details about what was stolen, contact emails, and hardcoded passwords to the victim's negotiation page. 

Instead of communicating with victims through a Tor site, Night Sky employs email addresses and a transparent website that runs Rocket.Chat. The credentials are used to access the Rocket.Chat URL specified in the ransom note. 

Double extortion tactic: 

Before encrypting devices on the network, ransomware operations frequently grab unencrypted data from victims. Threat actors then utilize the stolen data in a "double-extortion" scheme, threatening to leak the information unless a ransom is paid. 

Night Sky built a Tor data leak site to leak the data of victims, which now contains two victims, one from Bangladesh and the other from Japan. While there hasn't been much activity with the new Night Sky ransomware operation, one should keep a watch on it as we enter the new year.
Read more »
Subscribe to: Posts (Atom)