Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label IBM. Show all posts
Quantum computing
Algorithm Cyber Security data security Digital Communication IBM Quantum computing

NIST Approves IBM's Quantum-Safe Algorithms for Future Data Security

 


In a defining move for digital security, the National Institute of Standards and Technology (NIST) has given its official approval to three quantum-resistant algorithms developed in collaboration with IBM Research. These algorithms are designed to safeguard critical data and systems from the emerging threats posed by quantum computing.

The Quantum Computing Challenge

Quantum computing is rapidly approaching, bringing with it the potential to undermine current encryption techniques. These advanced computers could eventually decode the encryption protocols that secure today’s digital communications, financial transactions, and sensitive information, making them vulnerable to breaches. To mitigate this impending risk, cybersecurity experts are striving to develop encryption methods capable of withstanding quantum computational power.

IBM's Leadership in Cybersecurity

IBM has been at the forefront of efforts to prepare the digital world for the challenges posed by quantum computing. The company highlights the necessity of "crypto-agility," the capability to  modify cryptographic methods to prepare in the face of rapid development of security challenges. This flexibility is especially crucial as quantum computing technology continues to develop, posing new threats to traditional security measures.

NIST’s Endorsement of Quantum-Safe Algorithms

NIST's recent endorsement of three IBM-developed algorithms is a crucial milestone in the advancement of quantum-resistant cryptography. The algorithms, known as ML-KEM for encryption and ML-DSA and SLH-DSA for digital signatures, are integral to IBM's broader strategy to ensure the resilience of cryptographic systems in the quantum era.

To facilitate the transition to quantum-resistant cryptography, IBM has introduced two essential tools: the IBM Quantum Safe Explorer and the IBM Quantum Safe Remediator. The Quantum Safe Explorer helps organisations identify which cryptographic methods are most susceptible to quantum threats, guiding their prioritisation of updates. The Quantum Safe Remediator, on the other hand, provides solutions to help organisations upgrade their systems with quantum-resistant cryptography, ensuring continued security during this transition.

As quantum computing technology advances, the urgency for developing encryption methods that can withstand these powerful machines becomes increasingly clear. IBM's contributions to the creation and implementation of quantum-safe algorithms are a vital part of the global effort to protect digital infrastructure from future threats. With NIST's approval, these algorithms represent a meaningful leap forward in securing sensitive data and systems against quantum-enabled attacks. By promoting crypto-agility and offering tools to support a smooth transition to quantum-safe cryptography, IBM is playing a key role in building a more secure digital future.


Read more »
Paradoxical Cyberattacks
Cyber Breach Cyber Security Cyberattacks CyberCrime Cyberhackers CyberThreat IBM Paradoxical Cyberattacks

The Unyielding Struggle of Cybersecurity and Its Paradoxical Dilemma

 


The topic of cybersecurity has undoubtedly become one of the most pressing issues on the business agenda over the last few years. Despite the many technological advancements, malicious attacks are constantly on the rise as a result of the digitalization of business practices. IMF estimations claim that it has more than doubled since the beginning of the pandemic. 

During the year 2023, the number of data breaches has increased by 20 per cent over the year 2022, according to a recent report. Several threats can compromise sensitive information of both companies and their clients, halt enterprise operations, and result in substantial financial losses incurred by the organization. In 2023, IBM reported that the average cost of a data breach per venture was $4.45 million, which equates to a 30 per cent increase in the startup price. 

It represents a 14 per cent increase from last year, a 2.3 per cent increase from last year, and a 15.3 per cent increase from 2020, making it an all-time high. Depending on the size of the company, the financial burden may be greater for some than for others. Taking Equifax's major breach in the US credit reporting agency, which affected 150 million consumers, as an example, the company paid over $1 billion in penalties following the breach in 2017. 

Further, malicious activities have the potential to affect companies in several ways, including immediate financial losses, but also long-term issues with efficiency and effectiveness. It has been found that one of the consequences of these kinds of events is that they undermine the reputation of a company. It is in turn consequential in that it can lessen a company's chances for obtaining future funding or compromise its ability to expand its client base. 

The additional cost of patching a breach is also very great for organizations, often costing a lot of money. It was recently reported that one of the most prominent marketplaces for in-game goods globally lost 11 million dollars worth of goods due to a security breach. Despite its revenue increase, this incident has affected its audience in terms of repulsion, which has affected the site's revenue increase. During that period, the company was forced to suspend all operations as a result of securing the platform and strengthening its security. 

 Attempting to eliminate these issues from reoccurring, businesses are putting increasingly sophisticated barriers in place to prevent the possibility of hackers exploiting their systems. The amount of money being spent on various cybersecurity tools is an indication that this is the case. A recent study indicates that the market will reach an estimated $80 billion by 2023, based on the data provided. According to statistics, the total expenditure in 2022 is estimated to be $71.1 billion. The projected expenditure on cybersecurity is expected to reach $87 billion this year. 

Companies are investing in a diverse range of solutions, including advanced encryption, multi-factor authentication, and real-time threat detection systems. However, an ironic issue emerges: as cybersecurity advances, malicious actors simultaneously innovate and escalate their tactics. They scrutinize the technologies deployed to protect assets and identify weak points to breach these defenses. For example, the advent of quantum computing offers the promise of stronger encryption methods. 

Yet, it also poses a potential threat, as cybercriminals could exploit quantum capabilities to break current encryption standards. Similarly, while multi-cloud architecture enhances risk resilience by distributing data across multiple platforms, it also expands the attack surface. The broader network perimeter introduces more points of vulnerability. Microsoft reports that securing all cloud-native applications and infrastructure throughout their lifecycle is challenging for many businesses. 

Their 2023 report indicates that the average organization had 351 exploitable attack paths that threat actors could use to access high-value assets. This cat-and-mouse dynamic is particularly evident among large companies. A growing trend is that while big firms are enhancing their layers of protection, hackers are increasingly targeting small and medium-sized enterprises (SMEs). SMEs often have fewer resources to invest in cybersecurity, making them easier targets for malicious actors. As of 2023, 31% of SMEs experienced a cybersecurity breach in the previous 12 months. 

Another paradox is that these malicious organizations are often small-scale entities themselves, contrary to popular belief. These so-called private sector offensive actors usually have limited resources compared to giants like Microsoft or other large firms. However, they do not require large budgets, as identifying software vulnerabilities is significantly less complex and costly than creating the software itself. To illustrate, it is much easier for a teacher to check 30 homework than for a single student to prepare the same number of papers from scratch. 

While large malicious actors certainly exist in the field, their impact on cybersecurity is often overshadowed by the influence of thousands or even tens of thousands of independent hackers. Given this paradox, businesses must adopt a holistic and proactive approach to cybersecurity. Organizations should invest in comprehensive security frameworks that encompass prevention, detection, and rapid response to any suspicious activities. Employee training is also crucial. 

Human error remains one of the weakest links in cybersecurity. Indeed, 95% of modern cybersecurity breaches are caused by human mistakes, such as setting weak passwords. Moreover, only one-third of breaches identified in 2023 were detected by the company’s security team. This underscores the necessity for organizations to train their employees to recognize and respond to potential threats, thereby reducing the number of successful attacks. 

Furthermore, collaboration is essential. The public and private sectors must work together to share intelligence and develop unified strategies to combat cyber threats. Information sharing can lead to more robust defences and a collective understanding of emerging threats. Continuous monitoring of the cybersecurity field, adaptation, and modernization—or even radical changes to solutions—are imperative. As cybersecurity expert Bruce Schneier famously stated, security is a process, not a one-time product.
Read more »
Technology
AI energy efficiency brain-inspired computing cryptocurrency energy consumption IBM Intel Loihi 2 chip neuromorphic computing NorthPole chip NVIDIA rising energy demands SpiNNcloud Systems Technology

Could Brain-Like Computers Be a Game Changer in the Tech Industry?

 

Modern computing's demand for electricity is growing at an alarming pace. By 2026, energy consumption by data centers, artificial intelligence (AI), and cryptocurrency could potentially double compared to 2022 levels, according to a report from the International Energy Agency (IEA). The IEA estimates that by 2026, these sectors' energy usage could be equivalent to Japan's annual energy consumption.

Companies like Nvidia, which produces chips for most AI applications today, are working on developing more energy-efficient hardware. However, another approach could be to create computers with a fundamentally different, more energy-efficient architecture.

Some companies are exploring this path by mimicking the brain, an organ that performs more operations faster than conventional computers while using only a fraction of the power. Neuromorphic computing involves electronic devices imitating neurons and synapses, interconnected similarly to the brain's electrical network.

This concept isn't new; researchers have been investigating it since the 1980s. However, the rising energy demands of the AI revolution are increasing the urgency to bring this technology into practical use. Current neuromorphic systems mainly serve as research tools, but proponents argue they could greatly enhance energy efficiency.

Major companies like Intel and IBM, along with several smaller firms, are pursuing commercial applications. Dan Hutcheson, an analyst at TechInsights, notes, "The opportunity is there waiting for the company that can figure this out... it could be an Nvidia killer." In May, SpiNNcloud Systems, a spinout from the Dresden University of Technology, announced it would begin selling neuromorphic supercomputers and is currently taking pre-orders.

Hector Gonzalez, co-chief executive of SpiNNcloud Systems, stated, "We have reached the commercialization of neuromorphic supercomputers ahead of other companies." Tony Kenyon, a professor at University College London, adds, "While there still isn’t a killer app... there are many areas where neuromorphic computing will provide significant gains in energy efficiency and performance, and I’m sure we’ll start to see wide adoption as the technology matures."

Neuromorphic computing encompasses various approaches, from a brain-inspired design to near-total simulation of the human brain, though we are far from achieving the latter. Key differences from conventional computing include the integration of memory and processing units on a single chip, which reduces energy consumption and speeds up processing.

Another common feature is an event-driven approach, where imitation neurons and synapses activate only when they have something to communicate, akin to the brain's function. This selective activation saves power compared to conventional computers that are always on.

Additionally, while modern computers are digital, neuromorphic computing can also be analog, relying on continuous signals, which is useful for analyzing real-world data. However, most commercially focused efforts remain digital for ease of implementation.

Commercial applications of neuromorphic computing are envisioned in two main areas: enhancing energy efficiency and performance for AI applications like image and video analysis, speech recognition, and large-language models such as ChatGPT, and in "edge computing" where data is processed in real-time on connected devices under power constraints. Potential beneficiaries include autonomous vehicles, robots, cell phones, and wearable technology.

However, technical challenges persist, particularly in developing software for these new chips, which requires a completely different programming style from conventional computers. "The potential for these devices is huge... the problem is how do you make them work," Hutcheson says, predicting that it could take one to two decades before neuromorphic computing's benefits are fully realized. Cost is another issue, as creating new chips, whether using silicon or other materials, is expensive.

Intel's current prototype, the Loihi 2 chip, is a significant advancement in neuromorphic computing. In April, Intel announced Hala Point, a large-scale neuromorphic research system comprising 1,152 Loihi 2 chips, equating to over 1.15 billion neurons and 128 billion synapses—about the neuron capacity of an owl brain. Mike Davies, director of Intel's neuromorphic computing lab, says Hala Point shows real viability for AI applications and notes rapid progress on the software side.

IBM's latest brain-inspired prototype chip, NorthPole, is an evolution of its previous TrueNorth chip. According to Dharmendra Modha, IBM's chief scientist of brain-inspired computing, NorthPole is more energy and space efficient and faster than any existing chip. IBM is now working to integrate these chips into a larger system, with Modha highlighting that NorthPole was co-designed with software to fully exploit its architecture from the outset.

Other smaller neuromorphic companies include BrainChip, SynSense, and Innatera. SpiNNcloud’s supercomputers commercialize neuromorphic computing developed at TU Dresden and the University of Manchester under the EU’s Human Brain Project. This project has produced two research-purpose supercomputers: SpiNNaker1 at Manchester, operational since 2018 with over one billion neurons, and SpiNNaker2 at Dresden, capable of emulating at least five billion neurons and currently being configured. SpiNNcloud's commercial systems are expected to emulate at least 10 billion neurons.

According to Professor Kenyon, the future will likely feature a combination of conventional, neuromorphic, and quantum computing platforms, all working together.
Read more »
XDR Firm
CISO Cyber Security IBM Palo Alto Networks Software XDR Firm

IBM's Exit from Cybersecurity Software Shakes the Industry


 

In an unexpected move that has disrupted the cybersecurity equilibrium, IBM has announced its exit from the cybersecurity software market by selling its QRadar SaaS portfolio to Palo Alto Networks. This development has left many Chief Information Security Officers (CISOs) rethinking their procurement strategies and vendor relationships as they work to rebuild their Security Operations Centers (SOCs).

IBM's QRadar Suite: A Brief Overview

The QRadar Suite, rolled out by IBM in 2023, included a comprehensive set of cloud-native security tools such as endpoint detection and response (EDR), extended detection and response (XDR), managed detection and response (MDR), and key components for log management, including security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms. The suite was recently expanded to include on-premises versions based on Red Hat OpenShift, with plans for integrating AI capabilities through IBM's Watsonx AI platform.

The agreement, expected to close by the end of September, also designates IBM Consulting as a "preferred managed security services provider (MSSP)" for Palo Alto Networks customers. This partnership will see the two companies sharing a joint SOC, potentially benefiting customers looking for integrated security solutions.

Palo Alto Networks has assured that feature updates and critical fixes will continue for on-premises QRadar installations. However, the long-term support for these on-premises solutions remains uncertain.

Customer Impact and Reactions

The sudden divestiture has taken the cybersecurity community by surprise, particularly given IBM's significant investment in transforming QRadar into a cloud-native platform. Eric Parizo, managing principal analyst at Omdia, noted the unexpected nature of this move, highlighting the substantial resources IBM had dedicated to QRadar's development.

Customers now face a critical decision: migrate to Palo Alto's Cortex XSIAM platform or explore other alternatives. Omdia's research indicates that IBM's QRadar was the third-largest next-generation SIEM provider, trailing only Microsoft and Splunk (now part of Cisco). The sudden shift has left many customers seeking clarity and solutions.

Market Dynamics

This acquisition comes at a pivotal time in the cybersecurity industry, with SIEM, SOAR, and XDR technologies increasingly converging into unified SOC platforms. Major players like AWS, Microsoft, Google, CrowdStrike, Cisco, and Palo Alto Networks are leading this trend. Just before IBM's announcement, Exabeam and LogRhythm revealed their merger plans, aiming to combine their SIEM and user and entity behaviour analytics (UEBA) capabilities.

Forrester principal analyst Allie Mellen pointed out that IBM's QRadar lacked a fully-fledged XDR offering, focusing more on EDR. This gap might have influenced IBM's decision to divest QRadar.

For Palo Alto Networks, acquiring QRadar represents a significant boost. The company plans to integrate QRadar's capabilities with its Cortex XSIAM platform, known for its automation and MDR features. While Palo Alto Networks has made rapid advancements with Cortex XSIAM, analysts like Parizo believe it still lacks the maturity and robustness of IBM's QRadar.

Palo Alto Networks intends to offer free migration paths to its Cortex XSIAM for existing QRadar SaaS customers, with IBM providing over 1,000 security consultants to assist with the transition. This free migration option will also extend to "qualified" on-premises QRadar customers.

The long-term prospects for QRadar SaaS under Palo Alto Networks remain unclear. Analysts suggest that the acquisition aims to capture QRadar's customer base rather than sustain the product. As contractual obligations expire, customers will likely need to transition to Cortex XSIAM or consider alternative vendors.

A notable aspect of the agreement is the incorporation of IBM's Watsonx AI into Cortex XSIAM, which will enhance its Precision AI tools. Gartner's Avivah Litan highlighted IBM's strong AI capabilities, suggesting that this partnership could benefit both companies.

In conclusion, IBM's exit from the cybersecurity software market marks a paradigm shift, prompting customers to reevaluate their security strategies. As Palo Alto Networks integrates QRadar into its offerings, the industry will closely watch how this transition unfolds and its impact.




Read more »
Two Factor Authentication
CrowdStrike Cyber Attacks cybercriminals Employee Data Employees IBM Identity Theft MFA phishing Two Factor Authentication

Safeguarding Your Employee Data From Identity Theft

 

In today's digital age, where data breaches and cyberattacks are increasingly common, safeguarding against identity-based attacks has become paramount for organizations worldwide. Identity-based attacks, which involve the unauthorized access to sensitive information through compromised user credentials, pose significant risks to businesses of all sizes and industries. 

As CrowdStrike reported, 80% of attacks involve identity and compromised credentials, highlighting the widespread nature of this threat. Additionally, an IBM report found that identity-related attacks are now the top vector impacting global cybercrime, with a staggering 71% yearly increase. 

Cybercriminals employ various tactics to carry out identity-based attacks, targeting organizations through phishing campaigns, credential stuffing, password spraying, pass-the-hash techniques, man-in-the-middle (MitM) attacks, and more. Phishing campaigns, for example, involve the mass distribution of deceptive emails designed to trick recipients into divulging their login credentials or other sensitive information. Spear-phishing campaigns, on the other hand, are highly targeted attacks that leverage personal information to tailor phishing messages to specific individuals, increasing their likelihood of success.  

Credential stuffing attacks exploit the widespread practice of password reuse, where individuals use the same passwords across multiple accounts. Cybercriminals obtain credentials from previous data breaches or password dump sites and use automated tools to test these credentials across various websites, exploiting the vulnerabilities of users who reuse passwords. Password spraying attacks capitalize on human behavior by targeting commonly used passwords that match the complexity policies of targeted domains. 

Instead of trying multiple passwords for one user, attackers use the same common password across many different accounts, making it more difficult for organizations to detect and mitigate these attacks. Pass-the-hash techniques involve obtaining hashed versions of user passwords from compromised systems and using them to authenticate into other systems without needing to crack the actual password. This method allows attackers to move laterally within a network, accessing sensitive data and executing further attacks. MitM attacks occur when attackers intercept network connections, often by setting up malicious Wi-Fi access points. 

By doing so, attackers can monitor users' inputs, including login credentials, and steal sensitive information to gain unauthorized access to accounts and networks. To mitigate the risk of identity-based attacks, organizations must adopt a multi-layered approach to security. This includes implementing strong password policies to prevent the use of weak or easily guessable passwords and regularly auditing user accounts for vulnerabilities. 

Multi-factor authentication (MFA) should be implemented across all applications to add an extra layer of security by requiring users to provide a second form of authentication, such as a one-time password or biometric data, in addition to their passwords. Furthermore, organizations should protect against social engineering attacks, which often target service desk staff to gain unauthorized access to sensitive information. Automated solutions can help verify user identification and reduce the risk of social engineering vulnerabilities. 

 Identity-based attacks pose significant risks to organizations, but by implementing robust security measures and remaining vigilant against evolving threats, businesses can effectively mitigate these risks and safeguard their sensitive information from cybercriminals.
Read more »
X-Force
AI Cyber Attacks CyberCrime Cybersecurity IBM Valid Accounts X-Force

IBM Signals Major Paradigm Shift as Valid Account Attacks Surge

 


As a result of IBM X-Force's findings, enterprises cannot distinguish between legitimate authentication and unauthorized access due to poor credential management. Several cybersecurity products are not designed to detect the misuse of valid credentials by illegitimate operators, and this is a major problem for organizations seeking to detect illegitimate uses. 

Henderson added that these products do not detect illegitimate activity. In addition to widespread credential reuse and a vast repository of valid credentials that are being sold on the dark web for sale, IBM also stated that cloud account credentials account for almost 90% of the assets for sale on the dark web, which is also fueling the rise of identity-based attacks. 

The practice of credential reuse, Henderson said, can deliver the same results as single sign-on providers by allowing threat actors to gain access to a large number of accounts at once. It is well known that because users reuse credentials for many, many different accounts, the credentials themselves become de facto single sign-on. 

In the year 2023, the number of phishing campaigns that were linked to attacks declined by 44% from 2022 as threat actors flocked to valid credentials. Phishing accounted for almost one in three of the total number of incidents resolved by X-Force in 2016. 

It's not a technology shift for threat actors. They are taking low-cost routes of entry to maximize their return on investment. That's what Henderson said was not a technology shift, but rather a business strategy shift on their part. According to IBM's report, organizations still need to correct the mistakes cybersecurity experts have warned about for years. 

It is Henderson's belief that the industry would be dealing with newer and bigger problems by now, but he does not seem discouraged at all. The great thing about this report is that it simplifies what we need to do, and what's great about it is that there are no things that are insurmountable highlighted in it. 

Henderson explained that focusing on the right things and prioritizing them will solve the authentication problem. Henderson added that even if authentication is solved, it will be followed by another problem. 

However, as we get more and more successful, we reduce their return on investment, making it more difficult for them to commit crimes. It takes a lot of effort to toss out the business model that governs cybercrime, and that is exactly what companies are trying to do.
Read more »
Technology
IBM IT Organization security saaS Technology

SaaS Challenges and How to Overcome Them


According to 25% of participants in an IBM study conducted in September 2022 among 3,000 companies and tech executives worldwide, security worries stand in the way of their ability to achieve their cloud-related goals. Nowadays, a lot of organizations think that using the cloud comes with hazards. However, the truth is not quite that dire; if you follow certain security best practices, the cloud may be a safe haven for your data.

Businesses need to have a solid security plan in place to handle their SaaS security concerns if they want to fully benefit from cloud computing. In the first place, what are these worries?

SaaS Challenges

  • Lack of experts in IT security. Companies compete intensely to attract qualified specialists in the tight market for IT security professionals, especially those working on cloud security. In the United States, there are often insufficient skilled workers to cover only 66% of cybersecurity job openings.
  • Problems with cloud migration. A major obstacle to cloud adoption, according to 78% of cloud decision-makers surveyed by Flexera in 2023, was a lack of resources and experience. Inexperience with cloud systems can result in security-compromising migration errors.
  • Insider dangers and data breaches. Regretfully, the largest challenge facing cloud computing is still data breaches. 39% of the firms polled in the 2023 Thales Cloud Security Study reported having data breaches.
  • SaaS enlargement. Some businesses utilize more SaaS technologies than they require. According to BetterCloud, companies used 130 SaaS apps on average in 2022, which is 18% more than in 2021. Managing multiple SaaS apps increases the amount of knowledge and error-proneness that can arise.
  • Adherence to regulations. The technology used in clouds is quite recent. As a result, there may be gaps in some SaaS standards, and industry or national compliance standards are frequently different. Security is compromised when SaaS tools are used that don't adhere to international rules or lack industry standards.
  • Security and certification requirements. To protect client data, SaaS providers must adhere to industry standards like SOC 2 and ISO 27001. Although it requires more work for vendors, certifying adherence to such standards is crucial for reducing security threats.

Monitoring Leading SaaS Security Trends

Cyberattacks will cost businesses $10.5 trillion annually by 2025, a 300% increase over 2015, predicts McKinsey. Businesses need to keep up with the latest developments in data security if they want to reduce the risk and expense of cyberattacks. They must adopt a shared responsibility model and cloud-native solutions built with DevSecOps standards to actively manage their SaaS security.


Read more »
Websites
Cyberattacks CyberCrime Cybersecurity IBM JavaScript malware Software Web Injections Websites

Sophisticated Web Injection Campaign Targets 50,000 Individuals, Pilfering Banking Data


Web injections, a favoured technique employed by various banking Trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cybercriminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. 

In a new finding, it has been revealed that the malware campaign that first came to light in March 2023 has used JavScript web injections in an attempt to steal data from over 50 banks, belonging to around 50,000 used in North America, South America, Europe, and Japan.  

IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023. As IBM’s researchers explained, it all starts with a malware infection on the victim’s endpoint. 

After that, when the victim visits a malicious site, the malware will inject a new script tag which is then loaded into the browser and modifies the website’s content. That allows the attackers to grab passwords and intercept multi-factor authentication codes and one-time passwords.

IBM says this extra step is unusual, as most malware performs web injections directly on the web page. This new approach makes the attacks more stealthy, as static analysis checks are unlikely to flag the simpler loader script as malicious while still permitting dynamic content delivery, allowing attackers to switch to new second-stage payloads if needed. 

It's also worth noting that the malicious script resembles legitimate JavaScript content delivery networks (CDN), using domains like cdnjs[.]com and unpkg[.]com, to evade detection. Furthermore, the script performs checks for specific security products before execution. Judging by the evidence to hand, it appears the Windows malware DanaBot, or something related or connected to it, infects victims' PCs – typically from spam emails and other means – and then waits for the user to visit their bank website. 

At that point, the malware kicks in and injects JavaScript into the login page. This injected code executes on the page in the browser and intercepts the victim's credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts. The script is fairly smart: it communicates with a remote command-and-control (C2) server, and removes itself from the DOM tree – deletes itself from the login page, basically – once it's done its thing, which makes it tricky to detect and analyze. 

The malware can perform a series of nefarious actions, and these are based on a "mlink" flag the C2 sends. In total, there are nine different actions that the malware can perform depending on the "mlink" value. These include injecting a prompt for the user's phone number or two-factor authentication token, which the miscreants can use with the intercepted username and password to access the victim's bank account and steal their cash. 

The script can also inject an error message on the login page that says the banking services are unavailable for 12 hours. "This tactic aims to discourage the victim from attempting to access their account, providing the threat actor with an opportunity to perform uninterrupted actions," Langus said. Other actions include injecting a page loading overlay as well as scrubbing any injected content from the page.  

"This sophisticated threat showcases advanced capabilities, particularly in executing man-in-the-browser attacks with its dynamic communication, web injection methods and the ability to adapt based on server instructions and current page state," Langus warned. "The malware represents a significant danger to the security of financial institutions and their customers." Cybercriminals are exploiting sophisticated web injection techniques to compromise over 50,000 banks throughout the world as a threat escalating. 

DanaBot or similar malware entails the manipulation of user data through JavaScript injections, which allows them to steal login credentials with ease. In this dynamic attack detected by IBM Security, malicious scripts are injected directly into banking pages, evading conventional detection methods, and resulting in a dynamic attack. 

As a way to prevent malware infections, users are recommended to keep their software up-to-date, enable multi-factor authentication, and exercise caution when opening emails to prevent malware infections. To ensure that we are protected from the evolving and adaptive nature of advanced cyber threats, we must maintain enhanced vigilance in identifying and reporting suspicious activities.
Read more »
Subscribe to: Posts (Atom)