Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label IT Sector. Show all posts

Understanding and Combating Insider Threats in the Digital Age


Insider threats have emerged as a particularly insidious and costly problem. Organizations are experiencing a significant surge in cyberattacks originating from insider threats, with remediation costs soaring up to $2 million per incident.

Gurucul's research, which involved a survey of over 400 IT and cybersecurity professionals, highlights the growing issue of insider threats. In 2023, 60% of organizations reported insider attacks, but this figure escalated to 83% in 2024. Moreover, the number of organizations encountering six to ten attacks yearly doubled from 13% to 25%. Nearly half of the organizations surveyed by Gurucul indicated that insider attacks have become more frequent in the past year.

Understanding Insider Threats

Insider threats refer to security breaches from within an organization, typically involving employees, contractors, or business partners with legitimate access to the organization's systems and data. These threats can be malicious, such as employees intentionally stealing sensitive information, or unintentional, such as inadvertently exposing data through negligence or lack of awareness.

Factors Contributing to the Rise

Several factors contribute to the growing prevalence of insider threats. First, the complexity of modern IT environments makes it harder to detect and prevent unauthorized access. Second, the rise of remote work has expanded the attack surface, as employees access corporate networks from various locations and devices. Third, the increasing sophistication of cybercriminals means that traditional security measures are often insufficient to protect against advanced threats.

Mitigating Insider Threats

Gurucul researchers identified that the primary driver behind insider attacks is the increasing complexity of IT environments, which creates significant visibility gaps. As technology becomes more intricate, and with more employees accessing system networks, the attack surface expands, making it more challenging for cybersecurity staff to ensure protection. 

Moreover, the rapid adoption of new technologies like the Internet of Things (IoT), artificial intelligence (AI), cloud services, and software-as-a-service (SaaS) applications also contributes to this growth, outpacing the ability of organizations to keep up.

Impact of New Tech

The introduction of new technologies adds layers of complexity, posing difficulties for existing staff to counter threats, leading to overwork and burnout among IT personnel. Nearly 30% of respondents indicated insufficient staffing to implement and maintain security tools, and even when adequate staff is available, many lack the training and expertise to manage these tools effectively. 

The researchers recommended that organizations facing these challenges should transition to more intuitive tools that can "reduce alert triage and false positives by providing comprehensive evidence with context and advanced behavior analytics."

Security Budgets Rise Slowly, But Hiring Slows Down, Research Shows


 

According to the report by IANS Research and Artico Search, there is indeed a fair probability that expanded security budgets will continue to rise in 2024, albeit at a slower pace compared to the last couple of years. For this year, security spending has been jacked up some 8%, one notch higher than the 6% increase in 2023. That's still miles away from the increases of 16% and 17% seen in 2021 and 2022, respectively.

Meanwhile, the security budget grew rather insignificantly, and the share of security spending in an IT portfolio has grown from 8.6% in 2020 to 13.2% in 2024. This means that cybersecurity is finding its place as one of the critical components of an IT setup—at least for organisations which depend most on digital technologies today.

Security teams must become the protective force of organisations but are perennially challenged to not get subjugated by competitive priorities and small budgets. "Security is getting pulled closer to the core of the business," said IANS Senior Research Director Nick Kakolowski. "While the level of protection desired by companies goes up, the tools and skills given to security teams fall short of what would satisfy their growing expectations.".

Reduction in the Recruitment of Security Personnel

One of the most striking trends underscored in this report is the remarkable shrinkage in hiring that is taking place in the cybersecurity sector. Security teams were 12% higher in 2024 than a year earlier, but that growth was slower compared to the 31% jump in 2022 and a 16% increase in 2023. This takes place at a time of general economic uncertainty, with businesses placing greater control on the management of their overall costs.

While security remains a top priority for most organisations, economic pressure has held businesses back from increasing teams at the same rate. With shrinking budgets, most security teams have no alternative but to do more with less, further compounding the task of keeping pace with an unprecedented surge in threats. 

The Future of Cybersecurity Spending Analysts note that, with the world of business strategies hinging on cybersecurity, the budgeting for security will remain on an upward trend albeit at a slower and more incremental pace. The reasoning is that business success increasingly calls for comprehensive security due to increasing dependence on digital technologies in all its functions. Currently, security investments are set to reach $212 billion by 2025; Gartner has 15% growth estimated over its forecast levels by 2024. That kind of projection accentuates beliefs that spending on cybersecurity is going to remain one of the most critical investments for companies. Overall, with continued rises of security budgets—cybersecurity is on a higher spending bracket than IT budgets; the slow hire rate actually points to the hardship organisations face in trying to grow their security teams as fast as they would want. Because another major business function is the need for organisations to strategically pay attention not only to investment in but also to the management and sustainability of their security postures, especially in periods of economic disfavour.

New Ransomware Threat: Hunters International Deploys SharpRhino RAT

 

In a troubling development for cybersecurity professionals, the Hunters International ransomware group has introduced a sophisticated new remote access trojan (RAT) called SharpRhino. This C#-based malware is specifically designed to target IT workers and breach corporate networks through a multi-stage attack process. The malware’s primary functions include achieving initial infection, elevating privileges on compromised systems, executing PowerShell commands, and ultimately deploying a ransomware payload. 

Recent findings from Quorum Cyber researchers reveal that SharpRhino is distributed via a malicious site masquerading as Angry IP Scanner, a legitimate networking tool widely used by IT professionals. The deceptive website uses typosquatting techniques to lure unsuspecting users into downloading the malware. This approach highlights a new tactic by Hunters International, aiming to exploit the trust IT workers place in well-known tools. The SharpRhino RAT operates through a digitally signed 32-bit installer named ‘ipscan-3.9.1-setup.exe.’ 

This installer contains a self-extracting, password-protected 7z archive filled with additional files necessary for the malware’s execution. Upon installation, SharpRhino modifies the Windows registry to ensure persistence on the compromised system and creates a shortcut to Microsoft.AnyKey.exe, which is normally a Microsoft Visual Studio binary but is abused here for malicious purposes. Additionally, the installer drops a file named ‘LogUpdate.bat,’ which executes PowerShell scripts to run the malware stealthily. To facilitate command and control (C2) operations, SharpRhino creates two directories: ‘C:\ProgramData\Microsoft: WindowsUpdater24’ and ‘LogUpdateWindows.’ 

These directories are used to manage communication between the malware and its operators. SharpRhino also includes hardcoded commands such as ‘delay’ to set the timer for the next POST request and ‘exit’ to terminate communication. This enables the malware to execute various dangerous actions, including launching PowerShell commands. For instance, Quorum Cyber researchers demonstrated the malware’s capability by launching the Windows calculator. Hunters International, which began operations in late 2023, has been associated with several high-profile ransomware attacks. Notable victims include U.S. Navy contractor Austal USA, Japanese optics giant Hoya, Integris Health, and the Fred Hutch Cancer Center. 

In 2024 alone, the group has claimed responsibility for 134 ransomware attacks, ranking it among the top ten most active ransomware operators globally. The deployment of SharpRhino through a fake website underscores Hunters International’s strategic focus on IT professionals, leveraging their reliance on familiar software to infiltrate corporate networks. To protect against such threats, users should exercise caution with search results and sponsored links, use ad blockers, and verify the authenticity of download sources. Implementing robust backup plans, network segmentation, and keeping software up-to-date are essential measures to mitigate the risk of ransomware attacks.

KnowBe4 Avoids Data Breach After Hiring North Korean Hacker


 

American cybersecurity firm KnowBe4 recently discovered that a new hire, brought on as a Principal Software Engineer, was actually a North Korean state actor. This individual attempted to install data-stealing malware on the company's devices, but the threat was identified and neutralised before any data breach occurred.

This incident is the testament to the persistent threat from North Korean operatives posing as IT professionals, a danger that the FBI has been warning about since 2023. North Korea has a well-organised network of IT workers who disguise their true identities to secure employment with American companies. The revenue generated by these infiltrators funds the country's weapons programs, cyber operations, and intelligence gathering.

How the Hacker Bypassed Checks

Before hiring the malicious actor, KnowBe4 conducted extensive background checks, verified references, and held four video interviews. Despite these precautions, the individual used a stolen U.S. identity and AI tools to create a fake profile picture that matched during the video calls. This deception enabled the hacker to bypass the initial vetting process.

On July 15, 2024, KnowBe4's Endpoint Detection and Response (EDR) system flagged an attempt to load malware from the Mac workstation recently issued to the new hire. The malware, designed to steal information stored in web browsers, was intended to capture any leftover credentials or data from the computer's previous user.

When confronted by KnowBe4's IT staff, the state actor initially offered excuses but soon ceased all communication.

Deceptive Hiring Practices

KnowBe4 CEO Stu Sjouwerman explained that the scheme involved tricking the company into sending the workstation to an "IT mule laptop farm" near the address provided by the fraudster. The hacker then used a VPN to connect to the device during U.S. working hours, making it seem like they were working as usual.

To prevent similar incidents, KnowBe4 advises companies to use isolated sandboxes for new hires, keeping them away from critical network areas. Additionally, firms should ensure that new employees' external devices are not used remotely and treat any inconsistencies in shipping addresses as potential red flags.

This incident at KnowBe4 zeroes in on the intricate  methods employed by North Korean hackers to infiltrate American companies. By staying vigilant and implementing robust security measures, firms can protect themselves from such threats.


IT and Consulting Firms Leverage Generative AI for Employee Development


Generative AI (GenAI) has emerged as a driving focus area in the learning and development (L&D) strategies of IT and consulting firms. Companies are increasingly investing in comprehensive training programs to equip their employees with essential GenAI skills, spanning from basic concepts to advanced technical know-how.

Training courses in GenAI cover a wide range of topics. Introductory courses, which can be completed in just a few hours, address the fundamentals, ethics, and social implications of GenAI. For those seeking deeper knowledge, advanced modules are available that focus on development using GenAI and large language models (LLMs), requiring over 100 hours to complete.

These courses are designed to cater to various job roles and functions within the organisations. For example, KPMG India aims to have its entire workforce trained in GenAI by the end of the fiscal year, with 50% already trained. Their programs are tailored to different levels of employees, from teaching leaders about return on investment and business envisioning to training coders in prompt engineering and LLM operations.

EY India has implemented a structured approach, offering distinct sets of courses for non-technologists, software professionals, project managers, and executives. Presently, 80% of their employees are trained in GenAI. Similarly, PwC India focuses on providing industry-specific masterclasses for leaders to enhance their client interactions, alongside offering brief nano courses for those interested in the basics of GenAI.

Wipro organises its courses into three levels based on employee seniority, with plans to develop industry-specific courses for domain experts. Cognizant has created shorter courses for leaders, sales, and HR teams to ensure a broad understanding of GenAI. Infosys also has a program for its senior leaders, with 400 of them currently enrolled.

Ray Wang, principal analyst and founder at Constellation Research, highlighted the extensive range of programs developed by tech firms, including training on Python and chatbot interactions. Cognizant has partnerships with Udemy, Microsoft, Google Cloud, and AWS, while TCS collaborates with NVIDIA, IBM, and GitHub.

Cognizant boasts 160,000 GenAI-trained employees, and TCS offers a free GenAI course on Oracle Cloud Infrastructure until the end of July to encourage participation. According to TCS's annual report, over half of its workforce, amounting to 300,000 employees, have been trained in generative AI, with a goal of training all staff by 2025.

The investment in GenAI training by IT and consulting firms pivots towards the importance of staying ahead in the rapidly evolving technological landscape. By equipping their employees with essential AI skills, these companies aim to enhance their capabilities, drive innovation, and maintain a competitive edge in the market. As the demand for AI expertise grows, these training programs will play a crucial role in shaping the future of the industry.


 

Here's How to Solve Top Challenges in Data Storage

 

Data volumes are not only expanding, but also accelerating and diversifying. According to recent IDG research, data professionals state that data volumes are rising by 63 percent every month on average in their organisations. The majority of these organisations also collect data from 400 or more sources; 20% of respondents report having over 1,000 data sources. 

The result is an increasing demand for dependable, scalable storage. Companies want systems that can do more than just store data in an IT ecosystem informed by evolving compliance, agility, and sustainability requirements. Here are three of the most common data storage challenges, along with how suitable remedies can help. 

Top three challenges in data storage 

While more data opens up greater options for analytics and insight, the sheer volume of data collected and stored by companies creates issues. Three of the most major problems are security, complexity, and efficiency. 

Companies require storage security frameworks that prioritise cyber resilience, as cyberattacks are inevitable. According to Ben Jastrab, director of storage product marketing at Dell Technologies, “this is such a big topic, and such an important one. Every company in every industry is worried.”A zero-trust framework built on least privilege principles and advanced detecting technologies can assist businesses in identifying storage attacks and minimise the damage done. 

Storage faces additional challenges as complexity increases. IT teams can easily become complacent when it comes to purchasing, maintaining, and replacing physical hardware, as well as adopting, monitoring, and upgrading storage software. "Companies have more things to manage than ever," explains Jastrab. "To make the most of storage, they need to automate operations.” 

More data, less time. Higher expenses and lower costs. Higher demands and a smaller pool of skilled staff. These common challenges share a unifying thread: efficiency. Companies that can increase the efficiency of their storage solutions will be better prepared to manage the ever-changing storage landscape. 

Consider the recent data from the United States Energy Information Administration, which estimates that wholesale power rates would be 20% to 60% higher this winter than in 2022. As storage volumes grow, companies require a solution to cut physical footprints and energy costs.

Nvidia CEO Believes AI Would Kill Coding

 

When ChatGPT was first made public by OpenAI in November 2022, many were taken aback by its abilities. People discovered an array of opportunities for the AI chatbot, ranging from asking it to write poetry and music to debug and coding. Companies like Google and Microsoft also quickly released their own chatbots, Bard (now Gemini) and Bing. With ChatGPT, the popularity of generative AI reached new heights. 

AI has been heralded by many as the future. Notable figures in the IT industry, including Sam Altman, Satya Nadella, Bill Gates, and Sundar Pichai, have already spoken on the possible effects of AI on labour markets, highlighting its significance. While some IT professionals think AI will result in job losses in the IT industry, others think it will open up more opportunities. 

CEO of Nvidia Jensen Huang agrees that AI will have an impact on the labour market and argues that anyone can become a programmer with this new technology, so children don't need to learn how to code. 

The Nvidia CEO can be seen speaking at an event in a video that has gone viral. He claims that a decade or so ago, the consensus was that everyone should learn how to code. Now, however, things are entirely different because of artificial intelligence; everyone is a coder. He also said that children don't need to learn how to code and that it is our responsibility to create technology that would enable human language to be used in programming. Put another way, computers should be able to understand human language, minimising the necessity for coding languages like C++ or Java.

He explains, "Over the last 10-15 years, almost everybody who sits on a stage like this would tell you that it is vital that your children learn computer science, everybody should learn how to program. In fact, it is almost exactly the opposite. It is our job to create computing technology such that nobody has to program, and that the programming language is human. Everybody in the world is now a programmer. This is the miracle of AI."

"You now have a computer that will do what you tell it to do. It is vital that we upskill everyone and the upskilling process will be delightful and surprising,” Huang added. 

This is not the first time the Nvidia CEO has spoken about AI's ubiquitous effect across sectors. As one of the world's leading chipmakers, Nvidia was instrumental in the development of ChatGPT, which made use of hundreds of Nvidia GPUs. 

Huang announced the closure of the "digital divide" at a gathering held at the Computex convention in Taiwan last year. He emphasised how AI is bringing about a new era of computing, when previously unthinkable tasks are made possible. Huang highlighted how programming is now accessible to almost anyone, saying that all it takes to become a programmer is some computer involvement.

Rorschach Ransomware Gang Targets Chilean Telecom Giant GTD

 

Chile's Grupo GTD has issued a warning that a hack has disrupted its Infrastructure as a Service (IaaS) infrastructure. Grupo GTD is a telecommunications firm based in Chile, Spain, Columbia, and Peru which offers services throughout Latin America.

The company delivers a variety of IT services, such as internet access, mobile and landline phone service, and data centre and IT managed services. 

On October 23rd, GTD was the victim of a cyberattack that disrupted multiple services, including its data centres, internet access, and Voice-over-IP (VoIP).

"We understand the importance of proactive and fluid communication in the face of incidents, therefore, in accordance with what we previously discussed on the phone, I would like to inform you that we are experiencing a partial impact on services as a result of a cybersecurity incident," states a GTD security incident notification. "This impact is limited to part of our laas platform and some shared services (IP telephony services, VPNs and OTT television system). Our communication COR, as well as our ISP, are operating normally."

To prevent the spread of the attack, the company isolated its IaSS platform from the internet, resulting in the outages. Chile's Computer Security Incident Response Team (CSIRT) revealed today that GTD was the victim of a ransomware attack. 

"The Computer Security Incident Response Team (Government CSIRT) of the Ministry of the Interior and Public Security was notified by the company GTD about a ransomware that affected part of its IaaS platforms during the morning of Monday, October 23," reads a machine-translated statement published on the CSIRT website. 

Although the ransomware operation behind the GTD attack has not been named by CSIRT, the researchers have discovered that it was the Rorschach variation, which was previously identified in an attack on a US corporation. 

In April 2023, Check Point Research discovered the relatively new Rorschach ransomware, also known as BabLock. The researchers cautioned that the encryptor was extremely fast and smart, with the ability to encrypt a device in 4 minutes and 30 seconds, even if they were unable to connect it to a specific ransomware group. 

The threat actors are using DLL sideloading vulnerabilities in genuine Trend Micro, BitDefender, and Cortex XDR executables to load a malicious DLL, according to a report on the GTD attack seen by researchers. 

This is the Rorschach injector DLL, which will inject a "config[.]ini" ransomware payload into a Notepad process. Ransomware will start encrypting files on the device as soon as it loads. 

The CSIRT has published a set of recommendations to make sure that companies linked to GTD's IaaS were not compromised. Antivirus scans, software safety checks, server account reviews, hard drive and processor performance analysis, network traffic monitoring, and keeping current system records are a few of these. 

The attack on GTD comes after a similar incident that took place earlier this year, when the Rhysida ransomware targeted the Chilean military and thousands of stolen government documents were made public. Regarding the recent attack, GTD has not yet responded to inquiries, and the incident is still being investigated.

The Latest Tech Terms You Should Know About

 

The year 2022 has been turbulent for the IT sector, from Mark Zuckerberg's bizarre metaverse thoughts to widespread layoffs and Elon Musk's mayhem at Twitter. 

Along the way, numerous new expressions and terms that were essentially unknown and unheard of in January have gradually filtered into our conversations. As we continue to adjust to the contemporary - and frequently unfamiliar - post-pandemic workplace, it's possible that you'll hear these expressions even more frequently in 2023. 

Before 2022 comes to an end and a new year begins, let’s review a few key technical phrases. 

Decentralized VPNs 

Any VPN that does not have centralized control over the individual servers that make up its server network is referred to as a decentralized VPN or dVPN. 

According to prominent VPN provider Surfshark, "dVPN's servers are hosted by independent users, rather than a single VPN provider providing and managing the servers. They might be setting up dVPN software on their own computers or employing dedicated server workstations. 

The fact that your privacy is protected by the very nature of the network infrastructure, as opposed to a private entity (i.e., a VPN provider) giving you their word — however reliable — that they won't log your data, is possibly the largest benefit of decentralized VPNs. 

Quiet Quitting 

After being widely discussed among workers on social media throughout the year, particularly in younger millennial and Gen Z circles, the term "Quiet quitting" attracted considerable media attention.

The phrase means performing little more than the basic minimum required by your position. It's the exact opposite of "going above and beyond" at work, which Quiet Quitters believe has a detrimental effect on a positive work-life balance. 

Workfluencer 

In essence, workfluencers are influencers who write about their employment. those who are curious to learn more about their area of expertise and the nature of their day-to-day jobs. They frequently earn money from brand relationships like typical influencers do and seek engagement from followers in a similar manner, but they only target their material on the 9–5. 

Changes to business and career apps like LinkedIn, which have regularly adopted features from popular social media sites over the past few years to make their platforms more accessible and functional, have considerably helped "Workfluencers." 

Currently, "creator mode" is selected on the accounts of over 13 million LinkedIn users, which should, in theory, increase the number of people who read their posts. Whether we like it or not, workfluencers are here to stay, and in 2023, there will undoubtedly be a large number more people who try their hand at it. 

MFA Fatigue 

It is believed that MFA Fatigue, a cutting-edge hacking approach, served as the impetus for successful hacks of the networks of Uber, Microsoft, and Cisco throughout the year 2022. 

Hackers using stolen credentials will run a script in MFA Fatigue attacks in an effort to log into a target's account that has multi-factor authentication enabled. As the script continues to run, the victim will subsequently experience what seems like an endless series of authentication requests. 

The attackers are hoping that the victim would become so annoyed by the frequent barrage of notifications that they will reluctantly agree to one of the requests. They will then have access to the account and be free to cause any destruction they desire. 

Boomerang Employees 

Boomerang employees are, as the name implies, former employees who are still working for former employers, usually on friendly terms (hence the return). According to one examination of LinkedIn users' employment history, boomerang hires made up 4.3% of all US hiring in 2017. 

Some businesses now support this approach, creating alumni networks and other platforms to stay in touch with departing workers in an effort to lure them back into the building and onto the payroll in the future. 

However, some research indicates that staff morale may suffer when former coworkers return to more senior positions after previously departing, especially for those who are still in the same jobs they were in when their returning coworkers initially left. 

Productivity Paranoia 

Productivity paranoia is the term used to describe the discrepancy between the perceived productivity of employees by CEOs, supervisors, and managers and the real perceived productivity of employees. 

The difference is also glaring. In spite of the fact that 87% of workers think they are productive at work, only 12% of "leaders" think their staff members are making the most of their time, according to Microsoft Work Index research published this year. 

The emergence of hybrid, flexible, and remote working styles, which many bosses believe has given them less visibility over their workers, has probably made productivity concerns worse. 

Looking Toward the Future 

The year 2022 has been both fascinating and exhausting for many people working in and around the computer industry, leaving them with more questions than answers. 

Will this year's wave of mass layoffs last forever? Which online dangers will be exploited to attack businesses? Will Musk be able to keep Twitter running until the end of the year, or will Google's ominously sentient AI have already ruled the world by the time we find out? 

In 2023, no matter what transpires, we'll keep you informed with daily news updates on the cybersecurity and tech issues that concern you.