Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Threat Intelligence. Show all posts
network security insights
Cato SASE Threat Report Cyber Security Cyber Threat Intelligence enterprise cybersecurity holistic analysis network security insights

SASE Threat Report:Evolving Threat Actors and the Need for Comprehensive Cyber Threat Intelligence

 


Threat actors are continuously evolving, yet Cyber Threat Intelligence (CTI) remains fragmented across isolated point solutions. Organizations need a holistic analysis that spans external data, inbound and outbound threats, and network activity to accurately assess their cybersecurity posture.

Cato's Cyber Threat Research Lab (Cato CTRL) has published its inaugural SASE threat report, providing in-depth insights into enterprise and network threats. This report leverages Cato's extensive and detailed network analysis capabilities.

The SASE Threat Report examines threats from strategic, tactical, and operational perspectives using the MITRE ATT&CK framework. It covers malicious and suspicious activities, as well as the applications, protocols, and tools active on networks.

The report is based on:
- Detailed data from every traffic flow across the Cato SASE Cloud Platform
- Hundreds of security feeds
- Analysis through proprietary ML/AI algorithms
- Human intelligence

Cato's data encompasses:
- Over 2200 customers
- 1.26 trillion network flows
- 21.45 billion blocked attacks

These comprehensive resources give Cato unparalleled insights into enterprise security activities.

Understanding Cato CTRL

Cato CTRL (Cyber Threats Research Lab) combines top-tier human intelligence with comprehensive network and security insights, enabled by Cato's AI-enhanced global SASE platform. Experts, including former military intelligence analysts, researchers, data scientists, academics, and security professionals, provide a unique view of the latest cyber threats and actors.

Cato CTRL offers tactical data for SOC teams, operational threat intelligence for managers, and strategic briefings for executives and boards. This includes monitoring and reporting on security industry trends, which informed the SASE Threat Report.

The report provides valuable insights for security and IT professionals, highlighting the following key findings:

1. Widespread AI Adoption in Enterprises: Enterprises are increasingly adopting AI tools, with Microsoft Copilot and OpenAI ChatGPT being the most common. Emol, an application for recording emotions and interacting with AI robots, is also gaining traction.

2. Hacker Forum Insights – Monitoring hacker forums reveals that:
   - LLMs are enhancing tools like SQLMap for more efficient vulnerability exploitation.
   - Services for generating fake credentials and creating deep fakes are available.
   - A malicious ChatGPT startup is recruiting developers.

3. Spoofing of Well-Known Brands: Brands such as Booking, Amazon, and eBay are frequently spoofed for fraudulent activities, posing risks to consumers.

4. Lateral Movement in Enterprise Networks: Attackers can easily move laterally within enterprise networks due to unsecured protocols:
   - 62% of web traffic is HTTP
   - 54% of traffic is Telnet
   - 46% of traffic is SMB v1 or v2

5. Prevalence of Unpatched Systems Over Zero-Day Exploits: Unpatched systems and recent vulnerabilities, such as Log4J (CVE-2021-44228), are more frequently exploited than zero-day vulnerabilities.

6. Industry-Specific Security Exploitations: Different industries face distinct threats:
   - Entertainment, Telecommunications, and Mining & Metals sectors are targeted with T1499 (Endpoint Denial of Service).
   - Services and Hospitality sectors face T1212 (Exploitation for Credential Access).
   Practices also vary, with 50% of media and entertainment organizations not using information security tools.

7. Importance of Contextual Understanding: Seemingly benign actions can be malicious when viewed in context. AI/ML algorithms, combined with network pattern analysis, are essential for detecting suspicious activity.

8. Low Adoption of DNSSE: Despite its importance, DNSSEC adoption is only at 1%. The Cato CTRL team is investigating the reasons behind this low adoption rate.

The full report can be viewed here .
Read more »
Technology
Artifcial Intelligence Biomedial Informatics ChatGPT Cyber Threat Intelligence CyberCrime Doctors OpenAI Technology

Next-Level AI: Unbelievable Precision in Replicating Doctors' Notes Leaves Experts in Awe

 


In an in-depth study, scientists found that a new artificial intelligence (AI) computer program can generate doctors' notes with such precision that two physicians could not tell the difference. This indicates AI may soon provide healthcare workers with groundbreaking efficiencies when it comes to providing their work notes. Across the globe, artificial intelligence has emerged as one of the most popular topics with tools like the DALL E 2, ChatGPT, as well as other solutions that are assisting users in various ways. 

A new study has found that a new automated tool for creating doctor's notes can be so reliable that two doctors were unable to distinguish between the two versions, thus opening the door for Al to provide breakthrough efficiencies to healthcare personnel. 

An evaluation of the proof-of-concept study conducted by the authors involved doctors examining patient notes that were authored by real medical professionals as well as by the new Al system. There was a 49% accuracy rate for determining the author of the article only 49% of the time. There have been 19 research studies conducted by a group of University of Florida and NVIDIA researchers, who trained supercomputers to create medical records using a new model known as GatorTronGPT, which works similarly to ChatGPT. 

There are more than 430,000 downloads of the free versions of GatorTron models from Hugging Face, an open-source AI website that provides free AI models to the public. Based on Yonghui Wu's post from the Department of Health Outcomes and Biomedical Informatics at the University of Florida, GatorTron models are the only models on the site that can be used for clinical research, said lead author. Among more than 430,000 people who have downloaded the free version of GatorTron models from the Hugging Face website, there has been an increase of more than 20,000 since it went live. 

There is no doubt that these GatorTron models are the only ones on the site that would be suitable for clinical research, according to lead author Yonghui Wu of the University of Florida's Department of health outcomes and Biomedical Informatics. According to the study, published in the journal npj Digital Medicine, a comprehensive language model was developed to enable computers to mimic natural human language using the database. 

Adapting these models to handle medical records offers additional challenges, such as safeguarding the privacy of patients as well as the requirement for highly technical precision, as compared to how they handle conventional writing or conversation. Using a search engine such as Google or a platform such as Wikipedia these days makes it impossible for users to access medical records within the digital domain. 

Researchers at the University of Pittsburgh utilized a cohort of two million patients' medical records, which contained 82 billion relevant medical terms that provided the dataset necessary to overcome these challenges. They also trained the GatorTronGPT model using an additional collection of 195 billion words to make use of GPT-3 architecture, a variant of neural network architecture, to analyze medical data by using GPT-3 architecture, based on a dataset combined with 195 billion words. 

Consequently, GatorTronGPT was able to produce clinical text that resembled doctors' notes as part of its capability to create clinical text. A medical GPT has many potential uses, but among those is the option of replacing the tedious process of documenting with a process of capturing and transcribing notes by AI instead. 

As a result of billions upon billions of words of clinical vocabulary and language usage accumulated over weeks, it is not surprising that AI has reached the point where it is similar to human writing. The GatorTronGPT model is the result of recent technological advances in AI, which have demonstrated that they have considerable potential for producing doctors' notes that appear almost indistinguishable from those created by professionals who have a high level of training. 

There is substantial potential for enhancing the efficiency of healthcare documentation due to the development of this technology, which was described in a study published in the NPJ Digital Medicine journal. Developed through a successful collaboration between the prestigious University of Florida and NVIDIA, this groundbreaking automated tool signifies a pivotal step towards revolutionizing the way medical note-taking is conducted. 

The widespread adoption and utilization of the highly advanced GatorTron models, especially in the realm of clinical research, further emphasizes the practicality and strong demand for such remarkable innovations within the medical field. 

Despite the existence of certain challenges, including privacy considerations and the requirement for utmost technical precision, this remarkable research showcases the remarkable adaptability of advanced language models when it comes to effectively managing and organizing complex medical records. This significant achievement offers a promising glimpse into a future where AI seamlessly integrates into various healthcare systems, thereby providing a highly efficient and remarkably accurate alternative to the traditional and often labour-intensive documentation processes.

Consequently, this remarkable development represents a significant milestone in the realm of medical technology, effectively paving the way for improved workflows, enhanced efficiency, and elevated standards of patient care, which are all paramount in the ever-evolving healthcare landscape.
Read more »
User Security
Cyber Security Cyber Threat Intelligence Online crimes Threat Landscape TTPs Underground Criminals User Security

Cybersecurity Must Adopt a New Approach to Combat Underground Cybercrime Activities

 

Threat researchers at Cybersixgill published their annual report, The State of the Cybercrime Underground, earlier this year. The study is based on an analysis of data that Cybersixgill gathered from the deep, dark, and clear web in 2022. The study looks at how threat actors' tactics, techniques, and procedures (TTPs) have evolved over time in the digital age and how organisations can adjust to lower risk and maintain operational resilience. 

This article provides an overview of some of The report's key findings are briefly summarised in this article, covering trends in credit card fraud, cryptocurrency observations, improvements in artificial intelligence and how they are lowering the entrance hurdles for cybercrime, and the emergence of cybercriminal "as-a-service" operations. The necessity for a new security strategy that combines attack surface management (ASM) and cyber threat intelligence (CTI) to counter threat actors' constantly evolving tactics is covered in more detail below. 

Decline in credit card scams

For many years, fraudsters operating underground have employed credit card fraud as a regular and recurrent danger. But a number of recent changes are halting the trend and sharply lowering the number of instances of credit card theft. In recent months, the number of compromised credit cards being sold on illegal underground markets has significantly decreased. For instance, in 2019 dark web shops offered for sale almost 140 million compromised cards. By 2020, the number had dropped to roughly 102 million, and by 2021, it had fallen again by another 60% to just under 42 million cards. The amount finally fell to just 9 million cards in 2022.

Clever use of cryptocurrency

The decentralised nature of cryptocurrencies gives users privacy and anonymity. Therefore, it should come as no surprise that cybercriminals prefer to pay using cryptocurrency to buy illegal goods and services, launder money obtained from cyberattacks, and get paid for ransomware. In addition to becoming more widely used for legitimate purposes, cryptocurrencies have also attracted the attention of threat actors, opening up new potential for "crypto-jacking," hacking of digital wallets, crypto-mining, and stealing of digital assets from cryptocurrency exchanges. 

Even in the wake of the 2022 crypto meltdown, attackers continue to place a high value on cryptocurrency. In 2022, we observed a 79% increase in crypto account takeover attacks, as stated in our study. (In the end, fraudsters utilise crypto to shift money rather than to generate revenue. Prices are indicated in dollars even if subterranean transactions are conducted in cryptocurrencies.) However, if investors continue to flee the market because of its turbulence, threat actors may eventually give up using cryptocurrencies as fewer users make it simpler for law enforcement to detect illegal transactions and for lawmakers to enact stronger regulation. 

Use of artificial intelligence

Less than a year after it first appeared on the scene, cybercriminals are still very excited about ChatGPT and other recently revealed AI tools because of their potential to be a force multiplier for online crime. Threat actors can automate the creation of malware code and even replicate human language for social engineering with the correct prompts and direction, streamlining the entire attack chain. ChatGPT enables less experienced and less skilled cybercriminals to quickly and relatively easily carry out destructive acts. As highlighted in the study, AI technology is decreasing the entrance barrier for cybercrime and cutting the time required for threat actors to build harmful code and carry out other "pre-ransomware" preparations. 

Mitigation tips

Within an organisation's vast attack surface, every connected system offers possible attack entry points for cybercriminals. Today, it is nearly impossible to safeguard the growing organisational attack surface using only cyber threat intelligence to assess vulnerability. The modern attack surface is becoming more and more external, encompassing a wide ecosystem of unidentified assets from cloud-based resources, connected IPs, SaaS apps, and third party supply chains in addition to the known network perimeter.

As a result, the majority of organisations struggle with the copious quantities of cyber threat intelligence data and experience significant blindspots into their whole attacker-exposed IT system. Security teams require complete visibility into their individual attack surface and real-time knowledge into their threat exposure in order to effectively fight against cyber threats. 

The Attack Surface Management (ASM) solution from Cybersixgill, which is embedded with native, market-leading Cyber Threat Intelligence (CTI), eliminates visibility blindspots by automatically locating the invisible. With this unified solution, security professionals can continuously find, map, scope, and classify unknown networked assets that can put your business at danger, while also keeping track of your whole asset inventory in real-time across the deep, dark, and clear web. 

To focus on each organization's unique attack surface and provide the earliest possible alerts of threats targeting their company, the integration of ASM refines industry-leading threat intelligence. Security teams are reliably equipped to focus their efforts and resources where they are most needed thanks to complete insight of organisational threat exposure. This significantly reduces Mean Time to Remediate (MTTR) and speeds up remediation time.
Read more »
Cyber Threat Intelligence
2023 Global Threat Report Black Cat BlackBerry research Cyber Attacks Cyber Security Survey Cyber Threat Intelligence

New Threat Intelligence Report Provides Actionable Intelligence Against Cyberattacks


In today’s world scenario, it has become a prime requirement for security experts to expand their focus on vulnerabilities that the innovative technologies may possess. They must build expertise when it comes to managing security risk, which can be acquired by a continuous analysis on global threat landscape and study the affects of a business’ decisions on its threat profile. Likewise, business heads must also put efforts into attaining awareness of their security posture, risk exposure and cyber-defense tactics that can subsequently impact their business operations.

BlackBerry Global Threat Intelligence Report

According to the report, modern business leaders get an easy access to this information. The global BlackBerry Threat Research and Intelligence team provided an actionable intelligence on attacks, threat actors and campaigns. The report was based on the telemetry obtained from Blackerry’s AI-based products and analytical capabilities, supplemented by other public and private intelligence sources. This allows you to make informed decisions and take prompt, effective action.

Mentioned below, are some of the key highlights of the ‘Global Threat Intelligence Report’: 

  • 90 days by the numbers: In order to create the intelligence report, the team surveyed more than 1.5 million stopped cyberattacks that has occurred between the period Dec. 1, 2022 and Feb. 28, 2023. 
  • Top 10 countries experiencing cyberattacks during this period: The US continues to lead in the percentage of attacks that were thwarted. Brazil has just overtaken Canada as the second most frequently targeted nation, with Japan and Canada following. However, the danger landscape has altered. Singapore made its debut appearance in the top 10. 
  • Most targeted industries by number of attacks: The telemetry shows that consumers in finance, healthcare services, and retailing of food and essentials were the targets of 60% of all malware-based attacks. 
  • Most common weapons: The most often utilized tools were droppers, downloaders, remote access tools (RATs), and ransomware. A targeted attack employing the Warzone RAT against a Taiwanese semiconductor business, cybercriminal gangs using Agent Tesla and RedLine Infostealer, and increased use of BlackCat ransomware were all things BlackBerry noted during the data gathering period. 

  • Industry-specific attacks: During this time, the healthcare sector had a sizable number of cyberattacks. This report also goes in-depth on attacks against manufacturing, critical infrastructure, financial institutions, and other key targets of sophisticated and occasionally state-sponsored threat actors engaged in espionage and intellectual property campaigns. However, as this analysis reveals, these crucial sectors are also frequently affected by crimeware and commodity malware.

Moreover, the report also provided actionable defensive countermeasures that a business could adopt, against some of the most notable threat actors, cyber weapons and attacks that they have mentioned. The defenses are apparently in the form of MITRE ATT&CK® and MITRE D3FEND™ mappings.  

Read more »
Technology
AI ChatGPT Cyber Threat Intelligence Technology

Hackers with ChatGPT, Build Malware and Plot Fake Girl Bots

On Friday, a report from Israeli security company Check Point warned companies against the threat actors who have started using OpenAI’s artificially intelligent chatbot ChatGPT to quickly build hacking tools. 

Hackers are also working to build other chatbots which will impersonate young females to trap users, one expert monitoring criminal forums reported. Hundreds of users had already registered complaints against ChatGPT that the app is spying on users’ keyboard strokes or creating ransomware. The app was launched in December. 

The agency reported that the hacker who previously shared Android malware showcased code written by ChatGPT that stole files of interest compressed them, and sent them across the web. Additionally, another tool that was installed as a backdoor in a computer, could upload further malware to an infected system. 

Alex Holden, the founder of cyber intelligence company Hold Security, said that the dating scammers start using ChatGPT too, as they try to convince users with personas. “They are planning to create chatbots to impersonate mostly girls to go further in chats with their marks. They’re trying to automate idle chatter, ” he told. 

Rik Ferguson, vice president of security intelligence at American cybersecurity company Forescout, said that as of now we did not find any advanced tools in ChatGPT that are capable of coding something as complex as the major ransomware strains that have been witnessed in significant hacking incidents in recent years. 

However, OpenAI’s tool will make things easier for novices to enter into illicit markets by building more basic, but similarly effective malware, Ferguson further added. He also said that building code that steals victims’ data is not the only concern but ChatGPT could also be used to help build websites and bots that will trap users into sharing their important credentials. “It could industrialize the creation and personalization of malicious web pages, highly-targeted phishing campaigns, and social engineering-reliant scams,” 

ChatGPT is a language model chatbot that was developed by OpenAI based on GPT-3.5. It has remarkable functions that allow it to interact in conversational dialogue form and provide responses to users' questions.
Read more »
Social Blade
American Firm Cyber Threat Intelligence Data Breach Social Blade

Social Blade Confirms Data Breach

The company Social Blade has disclosed a security breach after a group of threat actors offered to sell a database illegally obtained from the company’s systems. 

Social Blade is an American social media analytics website that monitors tens of millions of social media accounts. The website primarily tracks the YouTube platform but also provides analytical information regarding other social media platforms such as Twitch, Twitter, Facebook, Instagram, and TikTok. 

Social Blade works as a third-party API, which facilitates its customers with the compilation of data from different social media platforms, it helps content creators boost their number of subscriptions and the channel's popularity. 

According to the reports, on Monday the threat actor offered the database of Social Blade for sale on a hacker forum which included Email addresses, Password hashes, Client IDs, Tokens for business API users, Auth tokens for connected accounts, and Various non-personal and internal data of users. 

The seller has also provided a sample of table names and content. Reportedly, the hacker obtained 5.6 million records. The sample that has been provided by the hacker shows that many of the records contain user credentials.  

"Even the smallest of flaws, if they go unnoticed, can compound into a huge problem for an organization. Without knowing the exact nature of the flaw we can assume it allowed full access to the Database as this is what the attacker had after running the breach. The overall response here was excellent including resetting passwords and flushing API keys as well as addressing the flaw,” Jason Kent, CEO of Social Blade said. 

Following the incident, the company reported that the matter is under investigation after the officials observed that a hacker offered its users data for sale on a criminal website. Also, the company reported that it has started contacting its customers regarding the incident. 

"Had the accounts or API keys been compromised and left valid, the damage could have been much much worse. Imagine having administrative access at the level of every one of their customers. They could sell social analytics to anyone for any purpose including reputational and/or brand damage. Moving on to the knock-on effect of this, now the people that possess the database know a good credential set to try on other platforms. Understand who the customers are for contextual phishing campaigns as well as other scams that can be run with such data. If you are/were a customer of Social Blade, be prepared for these kinds of attacks," he added.
Read more »
Russian Cyber Security
Cyber Attacks Cyber Threat Intelligence Cyber Threats Russia Russian Cyber Security

Russians will face even more serious cyber threats in 2022

In particular, users should be wary of targeted ransomware attacks. Moreover, the damage will increase, not limited to the demand for ransom for encrypted data. Phishing and other types of attacks using social engineering will also remain popular with cybercriminals. In addition, attempts to hack smart devices are expected to rise.

Experts warned that business will become the most obvious target for attackers. The main blow will fall on supply chains, which are a weak link in protection due to the large number of participants in the process - contractors, contractors and business partners.

In December, it was reported that the barriers in Russian courtyards turned out to be a source of cyber threats. A vulnerability has been found in the device management system of the private company AM Video, which leads to the leakage of personal data. According to analysts, the discovered error allowed anyone to gain access to any of the company's facilities. To do this, it was necessary to log into a test account and select the identifier (ID) of cameras or barriers. The system provided access to all user data - names, addresses, phone numbers and car brands. Through the website, it was possible to block or open the entrance to the territory of the house, send notifications to residents on mobile phones and use their personal data.

Earlier it became known that 12 programs were found in the Google Play app store for Android devices that steal banking data from infected devices. Applications mimic document scanners and QR codes. After installing the application on the user's device, the program itself decides whether to download the virus to the phone. If the decision is positive, then the malicious code gets to the victim through a fake request to update the program.

Read more »
Research
Activity Groups Analysis Cyber Security Cyber Threat Intelligence Dragos Research

Latest Activity in Dragos Tracked Activity Groups

 

This year, Dragos is working on three new Activity Groups, as well as discovering activity in three existing Activity Groups: KAMACITE, WASSONITE, and STIBNITE. As per the sources, the updates on the three AGs mentioned above are as follows:

KAMACITE: KAMACITE, which has been operating since 2014, has been linked to Russian military intelligence operations by many government and third-party groups. GREYENERGY, a modular malware and the successor to BLACKENERGY, is used by KAMACITE. GREYENERGY is linked to two different dropper variants. Dragos discovered two GREYENERGY dropper variations in the wild this year, one in March 2021 and the other in August 2021. Dragos believes that GREYENERGY could add ICS components in the future because of the modular structure, which is comparable to BLACKENERGY. The GREYENERGY dropper completes Stage 1: Install/Modify of the ICS Cyber Kill Chain. 

STIBNITE: In their 2020 campaigns, STIBNITE targeted wind turbine system firms in Azerbaijan. STIBNITE targeted Azerbaijani-speaking industry experts, researchers, and practitioners in the disciplines of environmental science, technology, and engineering in their February 2021 campaigns. With an Oil and Gas spearphishing lure, they continued to attack Azerbaijan government entities in March 2021, notably the Azerbaijan Ministry of Ecology and Natural Resources. Malwarebytes released a report revealing spearphishing activity targeting an Azerbaijan government institution utilising a State Oil Company of the Azerbaijan Republic (SOCAR) spearphishing lure. 

Dragos concluded that STIBNITE is linked to this activity with a high degree of confidence. The recipient of this spearphishing offer may unwittingly execute a macro in the document, resulting in the installation of a new Python version of PoetRAT. Dragos has documented the fifth variant of PoetRAT. The persistence approach used in this version of PoetRAT is identical to that used in earlier versions. This campaign's C2 infrastructure overlaps with previous STIBNITE campaigns. 

WASSONITE: Multiple victims in the Oil and Gas, Electric, and Component Manufacturing industries were detected connecting with a WASSONITE C2 server related to the Appleseed backdoor in June 2021, as per Dragos. Appleseed is a multi-component backdoor that can capture screenshots, log keystrokes, and gather information from removable media and specific victim documents. From the C2 server, it can also upload, download, and perform follow-on tasks. WASSONITE previously used DTRACK to infect the Indian nuclear power plant Kudankulam Nuclear Power Plant (KKNPP). 

Dragos found and evaluated two Appleseed backdoor variants. From the C2 server, it can also upload, download, and perform follow-on tasks. Dragos investigated Appleseed's network connection mechanism and discovered a hardcoded IP address for the C2 domain. Dragos then shifted his focus to network telemetry, discovering many victims in three ICS businesses that were connecting with the WASSONITE C2 server, which was linked to Appleseed infections. 

Dragos assess that the Appleseed backdoor infected five ICS verticals with moderate confidence. Dragos had previously discovered WASSONITE tools and behavior aimed at a variety of ICS institutions, including electric generation, nuclear energy, manufacturing, and space-centric research companies. 

VANADINITE: In July, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an alert about a People's Republic of China (PRC) state-sponsored campaign targeting US oil and natural gas firms between 2011 and 2013. 

The US Department of Justice has issued indictments linking VANADINITE-related operations to operators working for the People's Republic of China (PRC). Dragos hunters have noticed more recent activity in this AG, but no details are available at this moment as investigations into this activity continue.
Read more »
Vulnerability and Exploits
Cyber Threat Intelligence Cyber Threats Russia Vulnerability and Exploits

Business correspondence in messengers and social networks poses a cyber threat to companies

Experts believe that screenshots of work correspondence sent by company employees to third parties may fall into the hands of fraudsters. Such actions lead not only to reputational and financial risks for companies, but also to the risk of cyber threats.

"If the phone numbers of colleagues are visible in the correspondence, attackers can use this information: for example, for hacking, spam, data mining with the help of social engineering", says Alexander Tikhonov, general director of the SAS Russia/CIS IT company.

Kaspersky Lab said that the risks of cyber threats for companies became more relevant after the transition to remote work, since office workers began to use shadow IT more often for business correspondence that was not approved by the company.

"Employees are increasingly using personal gadgets, as well as programs installed on them, for personal use for work purposes," the company explained. Thus, 59% of Russians use personal mail to solve work issues, 55% communicate at work in messengers that are not approved by IT departments, and they admit that with the transition to a remote employment format, they began to do this regularly.

According to AlfaStrakhovanie analytical center, more than 60% of Russians send screenshots of work correspondence in messengers or post them on social networks. Moreover, 43% of respondents said that their company uses one of the standard instant messengers for corporate communication, and 23% responded that their company does not regulate the method of communication at all.

"People tend to think that social networks are not dangerous, that they are surrounded only by friends in the digital space," said Pavel Adylin, executive director of Artezio. He emphasized that the problem can only be solved by gradually improving the level of literacy and digital security of the business.

Read more »
Technology News
Cyber Risk Cyber Threat Intelligence Russian Security Researchers Technology Technology News

Russian researchers developed methodology to predict cyber risks

 Scientists from St. Petersburg Polytechnic University have developed a methodology for assessing cyber risks in smart city systems. The developed methodology has been tested on the "smart intersection" test bed (a component of smart transport system of smart city).

It should be reminded that St.Petersburg participates in the formation of Smart City program, which will provide new services for the residents of megacities, increasing the safety of citizens. Digital services are an integral part of such system.

Experts explained that cybercriminals have new goals: to disrupt the functioning of large enterprises and urban infrastructure, as well as to intercept control over them. Attackers using wireless channels can remotely penetrate a target subnet or device, intercept traffic, launch DoS attacks and take control of IoT devices to create botnets.

"At present, traditional cyber risk analysis strategies cannot be directly applied to the construction and assessment of smart city digital infrastructures, as the new network infrastructure is heterogeneous and dynamic," said Vasily Krundyshev, a researcher at the Institute of Cybersecurity and Information Protection.

At the same time, he stressed that the purpose of this project is to provide the level of protection of information assets of the smart city taking into account specific features of modern cyber threats.

The methodology of cybersecurity risk analysis of the smart city includes the stages of assets type identification, threat identification, risk calculation and analysis of obtained values. The proposed methodology is based on a quantitative approach. At the same time, according to scientists, it is easily and quickly calculable, which is especially important in conditions of modern dynamic infrastructures.

Experimental studies using a set of developed simulation models of typical digital infrastructures of a smart city (Internet of Things, smart building, smart intersection) have demonstrated superiority over existing Russian and foreign counterparts.

It is interesting to note that earlier St. Petersburg scientists created an innovative installation for cleaning water reservoirs.

Read more »
TruKno
Bank Security Cyber Threat Intelligence Information Security Technology Threat Intelligence TruKno

TruKno TTP based Threat Intelligence Platform

TruKno’s ThreatBoard is a platform that helps security professionals uncover the root causes behind emerging cyber-attacks, Improving proactive defense postures..

TTP Based Threat Intelligence

Trukno, a Community-based Threat Intelligence Platform uncovering the root causes behind the latest cyber-attacks, is set to release their open-access beta December 22nd.

Every second a new attack in cyberspace takes place, according to a report by Acronis, 32% of all major companies are attacked at least once a day. Unless the outcome of these attacks are notable (like the FireEye breach), the reports of these attacks often get buried in the never-ending flow of new cyber information. These reports, when in the hands of the right people, oftentimes contain valuable intelligence on the Tactics, Techniques, and Procedures used by adversaries. This knowledge can help cyber defenders better assess risk and take proactive measures to prevent these same attack techniques from being effective against their organization. It can give valuable insights on where to funnel resources for more effective defense postures.

Hunt Smarter, not Harder.

Traditionally, uncovering root causes and criteria behind emerging cyber attacks is done in one of two ways:

    1. Manually scrolling through vendor blogs, government reports, and news outlets to find long-winded reports of cyber-attacks (trivial & time-intensive)

    2. Getting hand-curated, confidential reports from your threat intelligence team (requires multiple employees dedicated full-time to threat analysis)

The thing is, cyber security professionals rarely have time to do the manual sourcing, and even if they did, there is no certainty they would be able to find that one attack report that is relevant to their situation. Additionally, Threat intelligence analysts are in high demand and low supply, making them reserved for only the most mature security operations. 

TruKno’s AI engine ensures with a high level of confidence that not breach, campaign, or attack report goes unnoticed. It is actively keeping a pulse on the industry’s leading intelligence sources, identifying critical reports in real-time. TruKno’s analyst team then does manual analysis on these reports, identifying affected industries, technologies, actors, malware, and more. Most importantly, TruKno analyses these cyber-attacks through the lens of the MITRE ATT&CK Framework, offering a universal lexicon and database of observed threat techniques. 

TruKno wants to make TTP-based threat intelligence the foundation of any organization’s (or individual’s) Security posture. 

E Hacking news had a discussion with TruKno’s Founding Team: 

Manish Kapoor (Founder & CEO), Ebrahim Saed (Co-Founder & CTO), and Noah Binstock (Co-Founder & COO), in which we talked about the importance of TTP-Based Security and their upcoming beta release on the 22nd.

Manish Kapoor discussed the origins of TruKno:

 “Trukno was founded with the mission of arming security professionals with the information they need to keep us safe. The name itself is a translation of Gyaan, or True Knowledge. It is the clarity that comes from knowing the right information, at the right time.”

Before Founding TruKno, Manish spent 10 years helping the world’s largest service providers better understand the evolving threat landscapes to build better cybersecurity solutions for their customers. 

“My job required me to always be up to date with the latest emerging attacks, but there was no way for me, as a busy professional, to quickly and accurately stay up to date with new adversarial techniques and procedures. I knew there had to be a better solution than scrolling through hundreds of articles a day.”

Manish commented on the ‘gray-space’ between advanced intelligence tools reserved for advanced analysts at mature security organizations, and tools available to the cyber security community as a whole.

“There are a lot of incredible intelligence tools out there. The issue is, they are reserved for a very select group within the industry due to price point and complexity. Cyber security is a team sport, and a winning team is built up of individuals. There is a need for universal tools that can benefit all security stakeholders.”

Noah Binstock, Head of Operations at TruKno, also commented on their mission and the power of accessible intelligence.

“Informed decision making starts with having a full understand of the subject matter, this is true no matter what industry you are in. People are at the core of cybersecurity, and it is our mission to arm them with the tools they need to make the best decisions on behalf of us all.”

TruKno built its foundation off of the MITRE ATT&CK Matrix, a globally accessible knowledge base of adversary tactics and techniques based on real-world observation.

“We are seeing MITRE ATT&CK become a staple in many security organizations, and we align very closely with their mission of empowering the cyber community as a whole. We use the ATT&CK Framework to offer a common lexicon for all defenders”

Ebrahim Saed, the CTO of TruKno, is at the core of TruKno’s technical capabilities, allowing TruKno users to access an infinite database of cyber intelligence with no load time on the user end. He commented on the importance of responsive & user-friendly interfaces when it comes to intelligence.

“Gathering the intelligence is one thing. The real differentiator is making this critical intelligence instantly available, all at the users fingertips.”

Ebrahim is currently developing a mobile application for TruKno as well, enabling users to access real-world intelligence anywhere anytime. 

The Product:

Since its founding in October of 2018, TruKno has interviewed over 500 cybersecurity professionals, from Threat Analysts to CISOs, working in close collaboration with the cybersecurity community during product development. Here is what they are unveiling:

CyberFeed: 

Trukno’s CyberFeed is a free, customizable cybersecurity news manager to help the community easily access and organize the industry’s top intelligence and news channels. Access key articles while avoiding information overload. 

ThreatBoard: 

TruKno’s Threat Intelligence platform, ThreatBoard uses an AI engine to identify cyber-attacks as they are first reported on the web. They are then broken down by TruKno’s analyst team, extracting & curating key information, affected Industries, Technologies, Actors, Malware, and more. Additionally, Techniques behind these latest breaches are documented and paired with MITRE’s ATT&CK Framework, enabling users to identify potential risks to their organization based off of real-world observations. 

Upcoming Features: 

    • TruKno has already developed team collaboration functionalities, enabling users to securely collaborate on intelligence from Threatboard with their teams. They are waiting for key user feedback before they release team collaboration (TeamBoards).

    • Cyberfeed is currently being developed to allow users to upload their own source URLs, social media intelligence feeds and more. Sharing functions will also be enabled to empower the security community to easily share valuable resources.

    • TruKno is actively finding new ways to present the data being extracted from these reports and are currently improving interoperability between Threatboard analysis and the MITRE Organization’s ATT&CK Framework. 

    • TruKno’s AI effort, led by Dr. Rob Guinness, is constantly improving, automating more and more analysis, meaning more insights.

    • The team is currently working with key industry stakeholders to enable API integration with TruKno’s intelligence data, enabling more actionable intelligence for security teams.

Hunt Smarter, Not Harder

In short, TruKno’s goal is to help the cyber security community get the intelligence they need to help keep us safe. TTP based threat intelligence is a valuable lens for all security professionals, and they hope that their tools can help make it a community staple.

The TruKno Open beta is live at  www.TruKno.com

Read more »
Subscribe to: Posts (Atom)