Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber defense. Show all posts
Ransomware
AI threats Cyber defense Cybersecurity Microsoft report Nation-State Attacks public-private cooperation Ransomware

Microsoft Warns of 600 Million Daily Cyberattacks and Sophisticated Nation-State Tactics

 

A new security report from Microsoft reveals a complex and evolving cyber landscape where cutting-edge technologies, state-sponsored activities, and organized crime are converging, posing unprecedented challenges. To combat these threats, a united global effort is more critical than ever.

According to Microsoft's 2024 Digital Defense Report, over 600 million cyberattacks by criminals and nation-states take place daily, targeting individuals, businesses, and governments worldwide.

A key finding of the 110-page report is the increasing sophistication of cyber threats. Both criminal organizations and state-sponsored actors are leveraging advanced technologies, including generative AI, to enhance their attacks. This technological evolution has made cyber defenses more difficult to maintain.

One of the report’s most concerning observations is the growing collaboration between cybercrime syndicates and nation-state groups. These partnerships are leading to the sharing of tools and techniques, further blurring the lines between criminal and government-backed cyber operations and creating more diverse and effective attack methods.

State-sponsored actors, particularly, are ramping up their cyber activities, motivated by goals ranging from financial gain to intelligence collection, with a strong focus on military targets. For example, Russian threat actors have outsourced parts of their cyber-espionage campaigns to criminal groups, targeting at least 50 Ukrainian military devices with malware. Meanwhile, Iranian actors have combined ransomware attacks with influence operations, and North Korean groups are developing new ransomware variants like FakePenny, aimed at aerospace and defense industries. Chinese cyber efforts remain consistent, continuing to target Taiwan and Southeast Asia.

With the U.S. presidential election approaching, the report raises concerns about foreign interference. Although the public conversation around this issue has quieted since 2020, Russia, Iran, and China are exploiting geopolitical tensions to undermine trust in democratic systems. Other hotspots for cyber activity include countries involved in military conflicts or regional disputes, such as Israel, Ukraine, the UAE, and Taiwan.

Microsoft stresses that addressing these growing threats requires collaboration between the public and private sectors, as well as advancements in policy and cybersecurity practices. Enhanced multi-factor authentication, attack surface reduction, and stronger protections for cloud infrastructure are increasingly essential as the cyber threat landscape continues to evolve.
Read more »
Thread Landscape
Business Security Cyber defense Cyber Security Machine Identity Thread Landscape

Machine Identities Pose Major Threat to Indian Organizations: CyberArk

 

In an era where digital transformation is swiftly reshaping the business world, the most recent research from CyberArk, an identity security company, highlights a growing concern: identity-related breaches. 

The 2024 Identity Security Threat Landscape Report highlights a concerning trend among Indian companies, with 93% reporting two or more identity-related breaches in the previous year. This worrying number demonstrates how Artificial Intelligence (AI) boosts both cyber defences and attacker capabilities by increasing the rate at which these identities are created. 

The rise of machine identities 

As organisations implement multi-cloud strategies and integrate AI-driven programmes, the number of machine identities expands. These identities, which are frequently allowed sensitive or privileged access, are currently regarded as the riskiest category. 

Unlike human identities, machine identities usually lack effective security protections, making them ideal targets for cyber attackers. The report emphasises that machine identities are the key driver of identity expansion, with 50% of organisations expecting a threefold increase in identities over the next year.

Humans vs. Machines: A security gap

The findings reveal a huge discrepancy in how organisations approach human and machine identities. While 53% of organisations define privileged users as human exclusively, 46% broaden the definition to cover any identities with sensitive access, whether human or machine. This mismatch highlights a key vulnerability in identity security solutions, emphasising the necessity for a unified strategy. 

AI’s role in cyber defense 

The report also focuses on AI's dual function in cybersecurity. Nearly every organisation (99%) is using AI-powered solutions to strengthen their defences. However, attackers employ the same technologies to increase the sophistication of their attacks. 

Notably, 93% of respondents believe that AI-powered goods will create new security risks in the coming year. Despite these concerns, 84% of security professionals are confident that their employees can detect deepfakes in organisational leadership, demonstrating greater awareness and training in organisations. 

Conclusion

The findings of the CyberArk research serve as a sharp reminder of the changing threat landscape and the vital role of strong identity safety measures.

As organisations expand their digital footprints, a paradigm shift towards a more integrated and robust cybersecurity design is needed. Organisations can better safeguard themselves against the ever-expanding range of digital threats by prioritising identity security in their strategy.
Read more »
supply chain attacks
Cyber Culture Cyber defense Cyber Security Data protection Data Retention Employee Training HR Strategies Incident response Security Preparedness supply chain attacks

Boost Cybersecurity: HR's Key Role in Guarding Your Business

 

If your company were to fall victim to ransomware today, whom would you contact? Or perhaps a more pertinent question: How would you go about contacting them? 

This scenario might appear ludicrous, there are  instances where organizations have been immobilized during the initial hours following a breach simply due to the absence of readily available contact information. 

With email and messaging systems rendered inaccessible, communication grinds to a halt, causing confusion among employees, customers, and suppliers alike. What begins as mild panic rapidly escalates into a full-blown crisis.

Commonly, people tend to associate cybersecurity exclusively with the IT or security department. However, safeguarding your company hinges on two crucial factors: the prevailing organizational culture and meticulous planning. This is precisely why some of the most pivotal players in the realm of cyber defense aren't housed within the IT team – they reside within the human resources (HR) department.

The HR team occupies a unique vantage point, enabling them to seamlessly integrate cybersecurity preparedness into the daily operations of an organization. 

Their responsibilities encompass establishing policies and processes to mitigate risks and fostering a business environment equipped to withstand foreseeable challenges, cyberattacks included. Notably, HR teams are also prime targets for hackers, given their role as custodians of sensitive personal information belonging to employees.

Regrettably, the significance of this role often goes unnoticed. Thus, sharing five strategies by which HR can fortify your business against cybercriminals.

1. Foster a Culture of Cybersecurity

Maintaining eternal vigilance is the requisite price for preserving our liberty to navigate the internet. The sheer volume of threats is staggering – recent findings indicate that educational institutions fend off over 2,300 intrusion attempts on average each week, while healthcare organizations combat more than 1,600 attacks. Given the barrage of digital threats, capturing them all becomes an incredibly daunting task. Yet, a robust cybersecurity culture equips an organization to counter these attacks and minimize the scope of damage when they do breach defenses. The challenge lies in uniting everyone under a shared understanding of appropriate online conduct.

To initiate this process, it is imperative to provide training tools that equip employees with the knowledge of permissible and prohibited online behaviors. Most organizations excel in this aspect. However, the implementation of this information on a daily basis often falls short.

The most effective means of ingraining cybersecurity as an integral aspect of individual responsibilities is its incorporation into performance evaluations. Rather than chastising employees for inadvertently clicking on dubious links, the approach should be constructive, focusing on how they uphold their cyber literacy training. Cyber health-check tools can be employed by workers to analyze their online conduct and address vulnerabilities (such as employing identical passwords across multiple platforms or neglecting two-factor authentication). Moreover, these tools can be harnessed to monitor the progress towards cybersecurity objectives at an organizational level.

Regular discourse on safety measures will seamlessly integrate them into the modus operandi of your business.

2. Safeguard Sensitive Information

HR assumes custodial responsibility for some of the most sensitive data within an organization – a fact not lost on hackers. Over the past half-decade, numerous companies have embraced platforms that empower employees to independently manage routine tasks such as vacation requests. However, these third-party platforms carry inherent risks. Cybercriminals often target them through supply chain attacks, cognizant of the potential to access vast troves of data from multiple organizations. In 2021, a widely-used file transfer system fell victim to a breach, compromising over 300 organizations. The University of California was among those affected, with exposed information spanning employees' social security numbers, driver's licenses, and passport details (prompting the UC system to provide its staff with complimentary ID monitoring services).

Primary among the duties of HR professionals is to ensure the confidentiality of employee data. Rigorous due diligence is essential before enlisting the services of any third-party HR provider. Preference should be accorded to entities conforming to international standards (notably SOC 2 and ISO 27001), while online research should uncover any past security incidents associated with the provider. It is equally vital to ascertain the storage and backup mechanisms employed for your data. Depending on your geographical location and industry, compliance with data residency regulations may be obligatory.

3. Rationalize Data Retention Policies

Updating the data retention policy should be a priority for every HR department. Even if your organization's policy isn't documented, a policy nevertheless exists – the default being the indefinite retention of all data. This exposes you to significant risks. The severity of a breach is exacerbated by the volume of data at stake, especially if you retain unnecessary data. Many jurisdictions stipulate limits on the duration for which companies should retain sensitive information – typically around seven years for records pertaining to former employees.

4. Appoint an Incident Commander

While cybersecurity constitutes an ongoing collective responsibility, a designated individual should assume leadership during a breach. In cybersecurity parlance, this figure is known as the incident commander. Despite diverse perspectives on the most suitable course of action, decision-making authority rests with the incident commander.

The qualifications for an incident commander are succinct: they should possess a profound understanding of cybersecurity matters within your organization. Depending on the size of your enterprise, this individual could be a cybersecurity expert, the head of IT, or even an individual like Joanne from the accounting department, provided she has undergone relevant training. Regardless of the appointee's identity, their role should be pre-established, communicated clearly to your team, and ready to be activated in the event of an incident. Given the swiftness with which cybersecurity events unfold – exemplified by instances where hackers gave a mere 45-minute warning prior to disclosing sensitive information – identifying the incident commander ahead of time is critical to minimizing response delays.

5. Conduct Preparedness Drills

Effective cybersecurity hinges on both planning and practice. Numerous studies underscore the fact that individuals struggle to make sound decisions under stress. Much like fire or earthquake drills provide a framework for emergencies, the same principle applies to cybersecurity incidents. Allocate a two-hour window annually to execute a tabletop exercise involving key personnel, simulating the actions to be taken in the event of a hack. During these drills, a designated moderator outlines the attack's nature and scope, while participants collaboratively devise their responses.

Initial attempts at conducting such exercises may result in confusion, yet this is by design. The ensuing scramble highlights deficiencies in your strategies. Over time, these drills become second nature, enhancing your organization's capacity to effectively respond to cyber threats.
Read more »
Training program
Cyber defense Cyber Security Cybersecurity awareness cybersecurity solutions FortiGuard Fortinet Training program

Cybersecurity Defense: Employee Cybersecurity Awareness Now a Priority


Fortinet’s FortiGuard Labs, in their recent reports, discovered that ransomware threats are still at the top of the list in terms of cyber threat, with the cases only growing on a global level. Likewise, Fortinet discovered that in 2022, 84% of firms faced one or more breaches.

The research by Fortinet reveals that more than 90% of the cybersecurity experts agree that the surging frequency of cyberattacks can be reduced if organizations focus on increasing their employees’ cybersecurity awareness.

The report emphasizes the critical role of employees in serving as an organization's first line of defense in defending their firm from cybercrime as it becomes more common for businesses to confront cyber threat incidents.

Lack of Cybersecurity Awareness Among Employees

The report further revealed that among all the organizations surveyed, 81% of them confirmed to have experienced at least one cyber incident, be it malware, phishing or password breach over the course of last year. Most of the attacks were primarily targeted at organization’s employees, who apparently has access to the firm’s systems. This emphasizes how a company's employees could either be its weakest link or one of its strongest defenses.

Nearly 85% of the organization leaders claims that their organization has adequate security awareness and training program provided to its employees. However, 50% believed that their employees, regardless of the training programs still lack a proper cybersecurity knowledge.

This variation shows that the existing training programs may not be as successful as they could be, leading to inconsistent use of appropriate cyber hygiene measures by staff, or that instruction may not be effectively reinforced.

Board of Directors Prioritizing Cybersecurity 

Given the fact that many of these cyber-attacks are targeted to users, it is likely that boards already recognize—or will do so soon—that employee cybersecurity awareness is an essential component of the "defense equation". 93% of businesses said their board of directors often questions them about their cyber security and strategy.

John Maddison, EVP of Products and CMO at Fortinet says, “Our 2023 Security Awareness and Training Global Research Brief underscores the crucial role employees play in preventing cyberattacks. It also highlights the critical need for organizations to prioritize security awareness and training services to ensure employees serve as the first line of defense.”

One of the best solutions to avoid cybersecurity incidents an organization can adopt is by conducting better training program, setting the groundwork for a culture of cybersecurity that is ready and strong. This way, employees would attain a better cyber-risk awareness and further encourage them to defend their organization whenever the situation calls.

Organizations are aware that they require sophisticated cybersecurity solutions and that technological certifications help their IT employees' cybersecurity skills. Employee awareness may not have gotten the full attention it deserves up to this point, but it may become crucial in the years to come in the fight against cybercrime.  

Read more »
Microsoft Exchange
Algorithm attacks Cyber defense Cyber Security Machine learning Microsoft Exchange

A New Era is Emerging in Cybersecurity, but Only the Best Algorithms will Survive

 

The industry identified that basic fingerprinting could not maintain up with the rate of these developments, and the requirement to be everywhere, at all times, pushed the acceptance of AI technology to deal with the scale and complexity of modern business security. 

Since then, the AI defence market has become crowded with vendors promising data analytics, looking for "fuzzy matches": close matches to previously encountered threats, and eventually using machine learning to detect similar attacks. While this is an advancement over basic signatures, using AI in this manner does not hide the fact that it is still reactive. It may be capable of recognizing attacks that are very similar to previous incidents, but it is unable to prevent new attack infrastructure and techniques that the system has never seen before.

Whatever you call it, this system is still receiving the same historical attack data. It recognises that in order to succeed, there must be a "patient zero" — or first victim. Supervised machine learning is another term for "pretraining" an AI on observed data (ML). This method does have some clever applications in cybersecurity. For example, in threat investigation, supervised ML has been used to learn and mimic how a human analyst conducts investigations — asking questions, forming and revising hypotheses, and reaching conclusions — and can now carry out these investigations autonomously at speed and scale.

But what about tracking down the first traces of an attack? What about detecting the first indication that something is wrong?

The issue with utilising supervised ML in this area is that it is only as good as its historical training set — not with new things. As a result, it must be constantly updated, and the update must be distributed to all customers. This method also necessitates sending the customer's data to a centralised data lake in the cloud to be processed and analysed. When an organisation becomes aware of a threat, it is frequently too late.

As a result, organisations suffer from a lack of tailored protection, a high number of false positives, and missed detections because this approach overlooks one critical factor: the context of the specific organisation it is tasked with protecting.

However, there is still hope for defenders in the war of algorithms. Today, thousands of organisations utilise a different application of AI in cyber defence, taking a fundamentally different approach to defending against the entire attack spectrum — including indiscriminate and known attacks, as well as targeted and unknown attacks.

Unsupervised machine learning involves the AI learning the organisation rather than training it on what an attack looks like. In this scenario, the AI learns its surroundings from the inside out, down to the smallest digital details, understanding "normal" for the specific digital environment in which it is deployed in order to identify what is not normal.

This is AI that comprehends "you" in order to identify your adversary. It was once thought to be radical, but it now protects over 8,000 organisations worldwide by detecting, responding to, and even avoiding the most sophisticated cyberattacks.

Consider last year's widespread Hafnium attacks on Microsoft Exchange Servers. Darktrace's unmonitored ML identified and disrupted a series of new, unattributed campaigns in real time across many of its customer environments, with no prior threat intelligence associated with these attacks. Other organisations, on the other hand, were caught off guard and vulnerable to the threat until Microsoft revealed the attacks a few months later.

This is where unsupervised ML excels — autonomously detecting, investigating, and responding to advanced and previously unseen threats based on a unique understanding of the organization in question. Darktrace's AI research centre in Cambridge, UK, tested this AI technology against offensive AI prototypes. These prototypes, like ChatGPT, can create hyperrealistic and contextualised phishing emails and even choose a suitable sender to spoof and fire the emails.

The conclusions are clear: as attackers begin to weaponize AI for nefarious reasons, security teams will require AI to combat AI. Unsupervised machine learning will be critical because it learns on the fly, constructing a complex, evolving understanding of every user and device across the organisation. With this bird's-eye view of the digital business, unsupervised AI that recognises "you" will detect offensive AI as soon as it begins to manipulate data and will take appropriate action.

Offensive AI may be exploited for its speed, but defensive AI will also contribute to the arms race. In the war of algorithms, the right approach to ML could mean the difference between a strong security posture and disaster.
Read more »
Shared Services Program
Cyber defense Cyber Security data security New York Shared Services Program

New York Launches $30 Million Shared Services Program to Enhance Cyber Defense

 

Local counties in New York will receive resources and aid to mitigate cyberattacks under a shared services program, Gov. Kathy Hochul announced last week. 

The $30 million shared services program is meant to assist local counties and the State’s preliminary Joint Security Operations Center (JSOC) partners: the Cities of Albany, Buffalo, Syracuse, Rochester, and Yonkers. 

"My administration is laser-focused on providing cyber security resources for local governments," Hochul stated. "By launching this new $30 million program, we are bolstering the state's capabilities to respond to the evolving threat of cyberattacks and strengthening our ability to protect New York's institutions, infrastructure, citizens, and public safety." 

The local counties and JSOC partners will receive CrowdStrike endpoint detection and response services for no cost. The technology offers real-time monitoring of potential cyber threats. 

"We know local governments remain vulnerable to cyberattacks which can cripple critical systems that New Yorkers rely upon," said Jackie Bray, the commissioner of Homeland Security and Emergency Services. "As part of the governor's shared services plan, we are now offering reliable protection services to every county in the state. This is an important step forward in enhancing our cyber defenses and building out our JSOC partnerships." 

The JSOC, launched earlier this year by Governor Hochul, is a Brooklyn-based office staffed by each bodily and digital contributor from throughout the state. The middle is designed to boost defenses by permitting cyber groups to have a centralized viewpoint of risk knowledge, leading to higher collaboration between authorities’ partners on intelligence, response occasions, and remediation within the occasion of a cyber incident. 

With cyberattacks taking place every 40 seconds around the globe, and NYC being frequently targeted, the shared services program will help in boosting the cyber defenses of the state. Last year, Buffalo Public Schools suffered a ransomware attack, exposing students’ and families’ private data to hackers. 

And that’s just a fraction of the entities, small and large, that have been victims of cybercrime in New York. In 2014, the 8,000-person village of Ilion in Herkimer County paid $800 in ransom to regain access to its computer system after innocent-looking emails delivered malware to unsuspecting village employees.
Read more »
Technology Automation Tool
Artificial Intelligence Cyber defense security threat Technology Automation Tool

Artificial Intelligence: Main Weapon to Counter Cyber Attacks

 

The cyberattack surface in modern business environments is huge, and it’s continuing to evolve at a rapid pace. Cybersecurity staff often find themselves in a tricky situation to manage their cyber defenses. 

Threat actors are embracing AI and ML whole-heartedly, launching more sophisticated attacks that quickly learn and adapt to our inadequate defenses. On average business receives 10,000 alerts every day from the multiple software tools it uses to monitor cyber threats. To resolve the issues, there is a huge shortage of skilled security analysts, and they don’t want to be burdened by repetitive manual work. 

These challenges underscore the need for better ways to stem the tide of cyber-attacks. To analyze and enhance an organization’s cybersecurity posture artificial intelligence is particularly well suited. AI can help automate many tasks that a human analyst would often handle manually. These include automatically detecting unknown workstations, servers, code repositories, and other hardware and software on a network. 

Popular firms including FireEye, Microsoft, and Google are developing innovative AI approaches to detect malware, and monitor the spread of fake news. One notable success is Microsoft’s Cyber Signals program that uses AI to analyze 24 trillion security signals, 40 nation-state groups, and 140 hacker groups to produce cyber threat intelligence for C-level executives. 

American Federal agencies such as the Department of Defense and the National Science Foundation have invested tens of millions of dollars to develop advanced AI tools for extracting insights from data generated from the dark web and open-source software platforms such as GitHub. 

Additionally, AI-enabled analytics can assist in cracking the jargon and code words attackers develop to refer to their new tools, techniques, and procedures. One example is using the name Mirai to mean botnet. Hackers developed the term to hide the botnet topic from law enforcement and cyberthreat intelligence professionals. 

The path ahead 

Looking forward, there is massive room for growth for AI in cybersecurity. In particular, the predictions AI systems make based on the patterns they identify will help security analysts respond to emerging threats. 

AI is an intriguing tool that could help stem the tide of cyberattacks and, with careful cultivation, it could become a required tool for the next generation of cybersecurity professionals. The current pace of innovation in AI, however, suggests that fully automated cyber battles between AI attackers and AI defenders are likely years away.
Read more »
South Korea
CCDCOE Cyber defense Cyber Security NATO South Korea

South Korea Joins NATO's Cyber Research Centre, Becomes First Asian Member

South Korean intelligence agency on Thursday said that South Korea has joined a cyber defense group under NATO (North Atlantic Treaty Organization), becoming its first Asian member community. ZDNet reports "South Korea had suffered numerous cyberattacks in the past with targets ranging from state-run nuclear research institutes to cryptocurrency companies, most of which were allegedly committed by North Korean hacking groups." 

According to National Intelligence Service (NIS), South Korea, along with Luxembourg and Canada, have been added to the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), a think tank from Tallinn, Estonia. It supports member countries and NATO with cyber defense research, exercises, and training. CCDCOE was founded in 2008 by NATO countries, on behalf of Estonia's initiative, as a response to the country suffering intense cyberattacks done by Russia. 

With the inclusion of the three latest members, CCDCOE now has 32 members among which, 27 are sponsored members of NATO and 5 contributing members, which includes South Korea, which is not a part of NATO. NIS said that South Korea has been active since 2019 to become a member of CCDCOE to learn cyber defense expertise to safeguard the country's infrastructure backbone, and to plan out a global strategy. NIS is planning to send more staff to the center and increase the scope of joint training. Cyberattacks were making a massive impact on users and countries that need global cooperation to respond. 

South Korea will work alongside CCDCOE members to formulate a robust cyber defense system. "Even prior to becoming an official member of the center, South Korea had taken part in CCDCOE's large-scale, live-fire cyber defense exercise, Locked Shields, where thousands of experts from member nations and partners jointly defended a fictional country against simulated cyberattacks," says ZDNet.

Read more »
USA
Cyber defense Data Breach data security NSA USA

NSA Employee Indicted for 'Leaking Top Secret Info' To a Woman

 

Recently, the United States Department of Justice (DoJ) has claimed that an NSA employee has been sharing highly sensitive data of national security with an individual who allegedly is a private sector employee. 

According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz "held a TOP SECRET/Sensitive Compartmented Information (SCI) clearance and had lawful access to classified information relating to the national defense." 

The indictment has been unleashed on Thursday in U.S. District Court in Baltimore, which has accused Mark Unkenholz, 60 years old employee of the NSA office that engages with private industry, sent 13 unauthorized emails to the woman who was referred to as “RF” from February 2018 to June 2020, each email was containing top secret information relating to national defense. 

Following the incident, the court said that "reason to believe [the info] could be used to the injury of the United States or to the advantage of any foreign nation." Further, the justice departs reported that the RF also had a TOP SECRET/SCI clearance from April 2016 until approximately June 2019 through the company she was working for which was named Company 1, however when she switched the company 1 to company 2 her clearance lapsed. 

According to the indictment's timeline, Unkenholz sent the files to RF when she was working at Company 1 and at Company 2. It shows that RF's clearance was not sufficient for these sensitive materials. 
 
Also, Unkenholz used his personal email address for this act and according to the regulations, the personal email address is not considered as an authorized storage location for sensitive data. In this case, Unkenholz has been charged with 13 counts of willful retention of national defense information on top of the 13 counts of “willful transmission.” Each charge approves 10 years in federal prison.
Read more »
Subscribe to: Posts (Atom)