Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT. Show all posts
Privacy
Cyberattacks CyberCrime CyberThreat Email Phishing IT Password Password Rest Privacy

Growing Concerns Over Deceptive Master Password Reset Emails

 


A network security risk associated with unauthorized password resets is very significant, as it can expose sensitive information and systems to cyber threats. IT administrators must take care to monitor and validate every password reset, particularly those that involve critical user accounts and service accounts. When such resets occur, administrators typically need detailed contextual information to maintain robust security whenever such resets occur. 

To enhance transparency in password resets and to prevent the possibility of unauthorized access, it is important to notify the respective users as soon as possible when their passwords are reset. Despite this, manual oversight of password resets poses a daunting challenge. It requires considerable effort and vigilance to track every reset, analyze its context, identify high-risk account changes, and validate that they are legitimate. 

As administrators, it can be difficult for them to mitigate security vulnerabilities arising from unauthorized or suspicious password changes, if there is no efficient mechanism in place. Microsoft users are constantly faced with cybersecurity threats, as well as sophisticated attacks based on system vulnerabilities. As the security landscape continues to evolve, it becomes increasingly complex as zero-day exploits actively compromise Windows users, as well as Microsoft Account takeovers that circumvent authentication measures. 

Cybercriminals have become increasingly aggressive against Microsoft 365 users, targeting them with technical loopholes that allow them to manipulate URLs or conduct large-scale brute-force attacks by utilizing basic authentication exploits. This persistent threat highlights the necessity of enhanced security measures within the Microsoft ecosystem. Recently, Microsoft 365 users have been warned of a highly sophisticated attack that manages to evade conventional email security measures. During this latest phishing attack, cybercriminals have embedded phishing lures within legitimate Microsoft communications, making detection considerably harder. 

As these tactics are constantly evolving, organizations and their users must remain vigilant, implement proactive security strategies, and make sure that potential risks are minimized. This type of cybercrime involves deceptive actors impersonating trusted organizations or individuals and deceiving recipients into divulging sensitive information as a result. The fraud is usually carried out by sending emails or sending attachments to unsuspecting recipients that contain harmful links or attachments, which are intended to harvest login credentials, financial information, and other confidential data from those unsuspecting. 

Even though there are different kinds of phishing, deceptive phishing remains one of the most prevalent since it bypasses security defences so effectively. Cybercriminals instead of attempting to compromise a system through technical vulnerabilities, exploit human psychology by crafting appealing messages that seem to be genuine to lure individuals into engaging with malicious content, rather than using technical vulnerabilities. In addition to raising awareness and educating users about the threats that can be posed by phishing, they must know how to identify and prevent such threats to improve their cybersecurity resilience. 

Types of Phishing Attacks


Several different types of phishing attacks operate by utilizing human trust to steal sensitive information. Below is a list of the most common types: 

Phishing emails (or deceptive phishing emails) take advantage of recipients' trust by looking like legitimate organizations so they will divulge their personal and financial information to them. 

Phishing traps: They are created to exploit the vulnerabilities in an organization's IT infrastructure to gain access to its data. An example of spear-phishing is a form of phishing that uses personalized information to look credible to a specific individual, such as an employee or manager. 

A phishing Angler: This type of fraud uses fake social media accounts to gain access to a user's account or to download malicious software onto their computer. Using urgent espionage-related pretexts to extract sensitive business information from high-level executives is referred to as whaling. It is a form of fraud in which someone calls someone who pretends to be an official of a trustworthy organization to obtain personal or financial information. 

A text phishing scam (smishing) takes advantage of SMS message spam to deceive users by sending malicious links or sending fake, urgent emails. In this case, the user is not aware of the fact that his browser settings have changed, causing him to be redirected to fraudulent websites without his knowledge. 

Due to the constantly evolving nature of phishing attacks, security awareness and proactive measures are becoming increasingly important. Several measures can be taken to prevent these attacks, such as multi-factor authentication, email filtering, and caution when dealing with online accounts. 

Understanding Password Reset Processes and Vulnerabilities


To assist users who forgot their passwords on online platforms that require user authentication, most platforms have implemented password reset mechanisms. Various methods of generating a unique, high-entropy reset token that is linked to the user's account are the most commonly used methods, although they vary greatly in security and complexity. 

The platform can request that a user be sent an email containing a reset link, with the token embedded as a query parameter in the link. When the user clicks the link, a verification process is conducted to ensure the token is valid before allowing the user to reset their password. It is generally considered secure because this method relies on the assumption that only the intended user to whom the token is sent has access to their email account. However, attackers can exploit vulnerabilities in this process by manipulating password reset data. 

Exploiting Password Reset Poisoning Attacks


An attacker who has manipulated the password reset URL to steal the user's reset token is called a password reset poisoner. The technique takes advantage of systems that automatically generate username and password reset links based on user-controlled input, such as the Host header. The routine goes as follows: 

As soon as the attacker has obtained the victim's email address or username, they send the victim an email asking for their password to be reset. During this process, they intercept the HTTP request and alter the Host header to replace the legitimate domain with one they control. In an official password reset email, the victim receives an official link that appears to contain a legitimate link. However, once the victim clicks on the official link, he or she is directed to the attacker's domain, so they are unable to reset their password. 

A token is sent to the attacker's server when the victim clicks on the link, whether by hand or automatically using security tools like antivirus scanners. Upon submitting the stolen token to the legitimate website, the attacker gains unauthorized access to the victim's account by resetting the password and then regaining access to the victim's account. 


Mitigation Strategies and Security Best Practices 


Sites need to implement strong security measures to prevent password reset poisoning, especially when it comes to Host header validation, and the enforcement of secure cookie-based authentication so that individual users are not able to access their passwords. The user should also exercise caution if he or she receives emails asking to reset their passwords unexpectedly, ensure URLs are verified before clicking links, and enable multifactor authentication to protect their accounts. Cybercriminals are constantly improving their attack methods. 

To mitigate these threats, proactive cybersecurity awareness and robust security implementation are key. According to the fraudulent email in question, recipients are informed that their email passwords are imminently about to expire, and are advised that once their passwords are about to expire, they will need to contact a system administrator to regain access. 

As a means of creating a sense of urgency, the message asks users to click on the "KEEP MY PASSWORD" button, which appears to authenticate and secure their account. The email communication appears to be carefully crafted so that it appears to be a notification from the web hosting server, which makes it more likely that unknowing individuals will be able to trust it. As a result of clicking the link provided, recipients will be taken to a fraudulent Webmail login page designed to capture their email credentials, which include usernames and passwords, when they click that link. 

As a result of this stolen information, cybercriminals can breach email accounts, obtaining access to personal communications, confidential documents, and sensitive information that is confidential or sensitive. When these accounts have been compromised, they may be used to launch further phishing attacks, distribute malware to contacts within the email system, or launch further phishing attacks once the accounts have been compromised. 

Besides immediate unauthorized access, threat actors may also use stolen credentials to reset passwords for other accounts connected to the account, such as a banking platform, a social media profile, or even a cloud storage platform. Aside from this, compromised accounts and harvested information are often sold on the dark web, thus increasing the risk of identity theft as well as financial fraud. 

Because of the significant security implications these emails have, it is highly recommended that users exercise caution whenever they receive unsolicited emails with links or attachments within them. It is important to verify the legitimacy of these communications before engaging with them so that potential cyber breaches, financial losses, and other cybersecurity threats can be prevented. 

An official representative of 1Password, known as 1PasswordCSBlake, recently provided some insights on how to counter a recent phishing attack targeting master password resets on the 1Password subreddit. A detailed explanation of how cybercriminals approach credentials compromises through fraudulent reset requests was provided, emphasizing the significance of vigilance against such insidious techniques used by cybercriminals to deceive their victims. 

Consequently, users who feel that they have been phished or have clicked on a fraudulent link as a result of this security threat are strongly advised to reach out to support@1password.com immediately for assistance. It is important to act promptly if you want to minimize potential risks and prevent unauthorized access to sensitive data. 

The 1Password infrastructure does not appear to have been compromised, and there are no indications at this time that the system is compromised. The password manager is still secure, and the users' accounts and stored credentials are not affected. To safeguard your personal information from emerging cyber threats, you must keep your personal information aware and adhere to best security practices. 

Best Practices for Preventing Malware Infiltration 


There are many ways for users to mitigate cybersecurity threats, but they need to be cautious when dealing with unexpected or unsolicited e-mails, especially those from unknown sources. As a consequence, one mustn't click on embedded links or open attachments within such messages, since they may contain malicious content that compromises the security of the system as a whole. 

The use of anti-virus software and anti-malware software to safeguard devices against potential threats is essential. Additionally, users should only download applications and files from trusted and official sources, such as verified websites and app stores. As a result, downloading pirated software, key generators, or cracking tools can significantly increase the risk of malware infection. 

Therefore, users need to avoid them as much as possible. Also, it is important to note that engaging with intrusive pop-ups and advertisements on untrustworthy websites may pose a considerable security risk, and this should be avoided if possible. This can be achieved by denying notification permissions for these sites, and by regularly updating operating systems and applications to keep them protected. 

If malicious attachments have already been accessed, it is recommended, to detect and effectively remove any malware infiltrated into the system, that the system be thoroughly scanned using security software that is considered reliable and provides reliable protection against malware.
Read more »
X
Data Breach EU Internet IT POLSA Space X

Polish Space Agency "POLSA" Suffers Breach; System Offline

Polish Space Agency "POLSA" Suffers Breach; System Offline

Systems offline to control breach

The Polish Space Agency (POLSA) suffered a cyberattack last week, it confirmed on X. The agency didn’t disclose any further information, except that it “immediately disconnected” the agency network after finding that the systems were hacked. The social media post indicates the step was taken to protect data. 

US News said “Warsaw has repeatedly accused Moscow of attempting to destabilise Poland because of its role in supplying military aid to its neighbour Ukraine, allegations Russia has dismissed.” POLSA has been offline since to control the breach of its IT infrastructure. 

Incident reported to authorities

After discovering the attack, POLSA reported the breach to concerned authorities and started an investigation to measure the impact. Regarding the cybersecurity incident, POLSA said “relevant services and institutions have been informed.”  

POLSA didn’t reveal the nature of the security attack and has not attributed the breach to any attacker. "In order to secure data after the hack, the POLSA network was immediately disconnected from the Internet. We will keep you updated."

How did the attack happen?

While no further info has been out since Sunday, internal sources told The Register that the “attack appears to be related to an internal email compromise” and that the staff “are being told to use phones for communication instead.”

POLSA is currently working with the Polish Military Computer Security Incident Response Team (CSIRT MON) and the Polish Computer Security Incident Response Team (CSIRT NASK) to patch affected services. 

Who is responsible?

Commenting on the incident, Poland's Minister of Digital Affairs, Krzysztof Gawkowski, said the “systems under attack were secured. CSIRT NASK, together with CSIRT MON, supports POLSA in activities aimed at restoring the operational functioning of the Agency.” On finding the source, he said, “Intensive operational activities are also underway to identify who is behind the cyberattack. We will publish further information on this matter on an ongoing basis.”

About POLSA

A European Space Agency (ESA) member, POLSA was established in September 2014. It aims to support the Polish space industry and strengthen Polish defense capabilities via satellite systems. The agency also helps Polish entrepreneurs get funds from ESA and also works with the EU, other ESA members and countries on different space exploration projects.  

Read more »
Telegram
Crypto CyberCrime Cyberhackers Cybersecurity CyberThreat Desert Dexter IT malware Telegram

Malware Alert as Desert Dexter Strikes Over 900 Victims Worldwide

 


Several countries in the Middle East and North Africa have been targeted by an advanced Trojan named Desert Dexter, identified by security experts at Positive Technologies. This malware campaign has compromised nearly 900 victims as a result of its sophisticated campaign. The AsyncRAT malware campaign began in September 2024 to spread a modified variant of the malware using social media platforms and geopolitical tensions in an attempt to exploit these platforms. 

Using deceptive tactics to lure unsuspecting users, hackers exploit the vulnerabilities in the Internet, highlighting the growing threat posed by cyber espionage and political cyberattacks. The Positive Technologies Expert Security Center (PT ESC) has discovered and analyzed a new malware campaign that has been orchestrated to target individuals in the Middle East and North Africa (MENA) region with the primary aim of infecting their systems and exfiltrating sensitive data as a result. 

The campaign has been active since September 2024 and has been using a modified version of AsyncRAT to compromise victims' systems and steal sensitive information. On social media, attackers disguised themselves as legitimate news outlets to spread malware, crafting misleading promotional posts containing links to file-sharing services and Telegram channels, which allowed them to spread malware. 

Once executed, the malware extracts cryptocurrency wallet credentials and establishes communications with a Telegram bot, enabling remote data theft and control over cryptocurrency wallets. About 900 individuals have been reported to be affected by this malware, primarily everyday users. The investigation indicates a significant number of victims are employees from key industries, including oil and gas, construction, information technology, and agriculture. This raises concerns about espionage and financial fraud, which could occur in these industries. 

Based on a geographical analysis of the infections, Libya (49%) has been the worst hit, followed by Saudi Arabia (17%), Egypt (10%), Turkey (9%), the UAE (7%), and Qatar (5%) with additional cases reported across other regions. This attack is widespread, which shows that cybercriminals are evolving their tactics, and enhanced cybersecurity measures are necessary to keep them from harm. This malicious campaign was orchestrated by the Desert Dexter threat group, a group that is named after a single employee suspected of running it. 

It was discovered by cybersecurity researchers that hackers were using temporary accounts and fake news channels to evade advertising filters and disseminate malicious content on Facebook, which enabled them to evade ad filtering mechanisms. There was a similar campaign reported in 2019, however this latest operation seems to incorporate enhancements aimed at improving the efficiency and impact of the malware. 

According to Denis Kuvshinov, Head of Threat Intelligence at Positive Technologies, the attack follows a multi-stage approach that involves several steps and attacks. The initial victim is lured to a file-sharing service or Telegram channel, where a RAR archive containing malicious files is downloaded unintentionally, causing them to unknowingly download them. 

After the files are executed, they install a modified version of AsyncRAT, which gathers data about the system, transmits it to the threat actors' Telegram bot, and then distributes it to them. This variant of AsyncRAT contains the upgraded IdSender module specifically designed for cryptocurrency wallet extensions, two-factor authentication plugins, and wallet management software that are specifically targeted by the latest version. 

Although Desert Dexter's campaign's success has been largely attributed to the use of social media advertising and legitimate online services, which are not highly technical, the tools used by the organization have not been highly sophisticated. There is an attack underway by malicious actors targeting both individuals and high profile officials within the Middle East and North Africa (MENA) region as a result of geopolitical tensions within the region. 

Due to ongoing political instability throughout the MENA region, cyber threats remain a top priority, with phishing campaigns increasingly focusing on politically charged themes to deceive and compromise victims in the region. While the majority of individuals involved in the cyberattack seem to be everyday consumers, cybersecurity researchers have identified individuals across a wide variety of industries, including those involved in oil production, construction, technology, and agriculture, who have also been affected by the cyberattack. 

With the widespread scale of these infections, it is clear that social engineering techniques are effective at deceiving victims and geopolitical narratives. Through the application of these tactics, the attackers managed to successfully infiltrate multiple devices in multiple countries, even though they utilized relatively simple tools. There is a malware campaign that is continuing to succeed, and cybersecurity experts are urging everyone to exercise caution when confronted with unverified links or attachments, particularly those that claim to contain sensitive political material. 

Several organizations operating within the affected regions are advised to adopt proactive cybersecurity strategies, enhance employee awareness regarding cybersecurity threats, and implement robust security protocols for mitigating the risks posed by this and similar emerging threats that are being faced by these organizations.
Read more »
Technology
Data Privacy data security Healthcare Hospitals IT Technology

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

In May, Ascension, a healthcare provider with a network of 140 hospitals across the U.S., suffered a major cyber-attack that disrupted its clinical operations for almost a month. Experts traced the problem to a malicious ransomware that had exploited an employee's computer. 

Healthcare: Juicy Target for Criminals

Threat actors see healthcare systems as lucrative targets for cybercrime because they hold crucial financial, health, and personal data. A 2023 survey research in health and IT professionals revealed that 88% of organizations had suffered around 40% of attacks in the past year. 

Complexity: Flaw in IT System

One major flaw is the rise of complexity in IT systems, says Hüseyin Tanriverdi, associate professor of information, risk, and operations management at Texas McCombs. He believes it's due to years of mergers and acquisitions that have made large-scale multi-hospital systems. 

After mergers, healthcare providers don’t standardize their tech and security operations, which results in causing major complexity in the health systems- different IT systems, different care processes, and different command structures. 

But his new research shows complexity can also offer solutions to these issues. “A good kind of complexity,” Tanriverdi believes can support communication across different systems, governance structures, and care processes, and combat against cyber incidents.

Understanding the Complex vs. Complicated

The research team found two similar-sounding IT terms that link to the problem. In “complicatedness,” an abundance of elements interconnect in a system for sharing info in structured ways. Whereas “complexity” happens when many elements interconnect to share information in unstructured ways- integrating systems following a merger and acquisition. 

Tanrivedi believes complicated structures are better because they are structured, despite being difficult, one can control them. Such is not the case with complex systems as they are unstructured networks. He believes healthcare systems got more vulnerable as they got more complex, 29% were more likely to get hit than average. 

Solution for Better Healthcare Security

Complex systems offer hackers more data transfer points to attack, and a higher risk for human errors, making it a bigger problem.

The solution lies in following a centralized approach for handling the data. “With fewer access points and simplified and hardened cybersecurity controls, unauthorized parties are less likely to gain unauthorized access to patient data,” says Tanrivedi. “Technology reduces cybersecurity risks if it is organized and governed well.”

Read more »
Waterfall Security
Data Breach Data Theft IoT IT OT Ransomware Waterfall Security

Rise of Hacktivist Groups Targeting OT Systems

Recent research from Waterfall Security Solutions has revealed important insights into the changing nature of cyberattacks on Operational Technology (OT) organizations. One key finding is the rise of hacktivist groups as major players in targeting OT systems. 

Additionally, the study emphasizes that most disruptions in OT environments do not occur directly through manipulation of OT systems but rather as a result of IT-based attacks, particularly ransomware incidents. In simpler terms, hackers are increasingly using ransomware to disrupt OT operations, and these disruptions are causing significant problems for OT organizations. 

Let’s Understand Operational Technology 

Operational Technology (OT) involves using both hardware and software to control industrial equipment, focusing on how it interacts with the physical world. This includes systems like programmable logic controllers (PLCs), distributed control systems (DCSs), and supervisory control and data acquisition (SCADA) systems. 

OT environments are responsible for overseeing and managing real-world processes in industries like manufacturing, energy, healthcare, building management, and environmental systems. 

Differences Between OT, IT, and IOT 

The blending of Operational Technology (OT) and Information Technology (IT) is changing industries in the era of the Internet of Things (IoT). OT deals with managing physical equipment, while IT deals with data systems. IoT connects ordinary objects to the internet, allowing smooth communication and automation. This merging presents fresh chances for making processes more efficient and fostering innovation in various fields. 

Following the report, it highlights a worrying trend a nearly 20% rise in cyberattacks causing physical consequences. 

As per report, last year, cyber incidents inflicted hefty financial blows on companies like Johnson Controls and Clorox, racking up costs of approximately $27 million and $49 million, respectively. In Massachusetts, MKS Instruments faced a staggering $200 million loss due to a cyberattack that halted its operations temporarily. Moreover, its supplier, Applied Materials Inc. based in California, reported an additional loss of $250 million stemming from the same incident. 

Further it reveals that only about 25% of cyberattacks cause problems for operational technology (OT) but instead compromise other parts of the network infrastructure directly. Various attacks happen by compromising machines in the IT network. 

Andrew Ginter, from Waterfall, explains that companies often shut down their OT systems as a precaution when there is a risk of nearby compromised processes. For example, Hahn Group GmbH turned off its systems after an attack last March, leading to weeks of recovery work. Similarly, UK Royal Mail had printers hijacked to print ransom notes, resulting in nationwide mail export suspensions and £42 million in losses. 

Furthermore, Ginter points out if there is a problem with the IT network, it can affect the OT network and vice versa, potentially leading to disruptions in physical operations that rely on these networks.
Read more »
Technology
IBM IT Organization security saaS Technology

SaaS Challenges and How to Overcome Them


According to 25% of participants in an IBM study conducted in September 2022 among 3,000 companies and tech executives worldwide, security worries stand in the way of their ability to achieve their cloud-related goals. Nowadays, a lot of organizations think that using the cloud comes with hazards. However, the truth is not quite that dire; if you follow certain security best practices, the cloud may be a safe haven for your data.

Businesses need to have a solid security plan in place to handle their SaaS security concerns if they want to fully benefit from cloud computing. In the first place, what are these worries?

SaaS Challenges

  • Lack of experts in IT security. Companies compete intensely to attract qualified specialists in the tight market for IT security professionals, especially those working on cloud security. In the United States, there are often insufficient skilled workers to cover only 66% of cybersecurity job openings.
  • Problems with cloud migration. A major obstacle to cloud adoption, according to 78% of cloud decision-makers surveyed by Flexera in 2023, was a lack of resources and experience. Inexperience with cloud systems can result in security-compromising migration errors.
  • Insider dangers and data breaches. Regretfully, the largest challenge facing cloud computing is still data breaches. 39% of the firms polled in the 2023 Thales Cloud Security Study reported having data breaches.
  • SaaS enlargement. Some businesses utilize more SaaS technologies than they require. According to BetterCloud, companies used 130 SaaS apps on average in 2022, which is 18% more than in 2021. Managing multiple SaaS apps increases the amount of knowledge and error-proneness that can arise.
  • Adherence to regulations. The technology used in clouds is quite recent. As a result, there may be gaps in some SaaS standards, and industry or national compliance standards are frequently different. Security is compromised when SaaS tools are used that don't adhere to international rules or lack industry standards.
  • Security and certification requirements. To protect client data, SaaS providers must adhere to industry standards like SOC 2 and ISO 27001. Although it requires more work for vendors, certifying adherence to such standards is crucial for reducing security threats.

Monitoring Leading SaaS Security Trends

Cyberattacks will cost businesses $10.5 trillion annually by 2025, a 300% increase over 2015, predicts McKinsey. Businesses need to keep up with the latest developments in data security if they want to reduce the risk and expense of cyberattacks. They must adopt a shared responsibility model and cloud-native solutions built with DevSecOps standards to actively manage their SaaS security.


Read more »
IT
APT Cyber Crime Cyber crimes Cybersecurity Data Theft IT

Data Theft Surge: How IT Admins Are Fighting Back

 


A survey conducted by the company between the 9th and 14th of August 2023 revealed that 55% of IT security decision-makers ranked data theft as their top concern among all IT security concerns they face. There is an interesting trend taking place in terms of ransomware, which has been a staple concern of ours, now slipping from first to third place (29%) behind phishing attacks (35%). 

Based on the results of a survey conducted by the CIO Institute, which collated responses from 205 IT security decision-makers, it was discovered that advanced persistent threats (APTs) and targeted attacks were of greater concern to CIOs (30%) and CTOs (33%), than ransomware (28%, 33%). 

As such, the majority of these APT attack methods are designed to achieve national-level objectives, such as the destruction of infrastructure or the conduct of espionage operations. Based on the data, it appears that data theft is the second most commonly encountered cybersecurity incident within organizations, ranking at 27% of cases reported in the study. 

With 46%, phishing is still at the top of the list when it comes to cybercrime. Therefore, it has become imperative to protect sensitive data, which is why nearly half of the professionals surveyed said they stayed up all night to do so (48%). 

What is Data Theft?


When someone steals data from a computer, server, or another device, to install malware on that device and obtain confidential information, it is considered data theft, as it violates the privacy of the victim. There are increasing numbers of computer users, corporations and organizations that are committing data theft as a major problem. 

At the corporate level, there is a real risk of insiders stealing data from the company as well as from outside its walls; minimizing the risk of insider data theft is anything but an easy task.  The emergence of ransomware has caused headlines over the last decade since it first gained prominence over a decade ago. 

The ransomware has since undergone several evolution cycles and is now capable of both encrypting and stealing sensitive data from a network. It has become increasingly complex for businesses to manage IT environments due to the proliferation of multi-cloud strategies and multiple products, as well as the fact that many enterprises are now using multiple products and multi-cloud strategies, which can lead to security breaches and businesses being forced to pay for tools that are underused or overlap. 

As a result of consolidating cybersecurity architectures, risks can be mitigated, instruments and vendors can be reduced, silos can be removed, costs can be decreased and overall security posture will be improved. A recent study found that security alerts are on the rise, with 89 per cent of respondents reporting an increase in security alert volumes over the past twelve months, while 76 per cent said that alerts have increased by between one and fifty per cent in the past year. 

As a result, 26 per cent of respondents stated a 26 to 50 per cent increase in alerts, which emphasizes that security teams are under increasing pressure and that businesses are facing an ever-increasing number of threats. As a result of losing data in this way, a business is not only at risk of losing customers due to a tarnished image, but they can also potentially lose profits due to disruption and be fined by law enforcement agencies, state legislators, and privacy watchdogs for failure to keep their business data protected. 

A further point to note is that in addition to ransomware, advanced persistent threats (APTs) and targeted attacks are seen as being a greater threat even among CIOs (30%) and CTOs (33%). To mitigate these risks, robust security measures must be implemented to protect these systems and data.
Read more »
Security Professionals
Chief Information Security Officer CISO CISO role Cyber Security Employees IT Security Professionals

With CISOs' Evolved Roles, They Must Also Evolve Their Ways


Evolving Role of CISO

Before the rapid development and popularity of digitization, the role of CISO (Chief Information Security Officer) was constrained to just being a part of IT teams, directing IT staff and planning cybersecurity defense. Regardless of conducting crucial tasks, CISOs were not traditionally a part of high management and had limited influence on the main business.

This has changed due to the rising risk of a cybersecurity breach and the rising expense of remediation. CISO is no longer a mere security evangelist, but holds much greater significance in the IT world. 

However, with more power comes more responsibility. The cyber landscape now has become more complicated than ever, with more frequent cybercrime activities being witnessed than ever before. As cyberattacks become more complex, frequent, and damaging, the CISO is ultimately responsible for any defensive blunders made in defending against existing and new risks.

Moreover, the shortage of security professionals only adds to the struggle and strain that comes with this profession. Thus, CISO is required to focus on this issue to maintain its efficiency, with their evolving jobs. They may both safeguard their businesses and reduce their stress levels by devoting time and money to important areas like cultivating loyalty, dealing with legacy systems, and developing a culture that prioritizes security.

Building Loyalty and Skills

Competing with one another, CISOs are striving to acquire qualified cybersecurity personnel. Because there is now a dearth of qualified cybersecurity professionals and great demand, the majority of them may select where they work and demand higher pay. It will be challenging to compete with this, especially for CISOs who increasingly have more budgetary authority but also more accountability for spending wisely.

CISO can instead employee professionals who are not much skilled in cybersecurity, or even work in IT. They might gradually transition into important new cybersecurity responsibilities with the correct training and assistance. After all, not all cybersecurity positions require technological expertise.

Moreover, for roles that do require technical skills, Many firms have an underutilized resource—their developer community. Developers are in a great position to upgrade their skills, could learn secure coding approaches, and share responsibility for security because of their solid understanding of how computers function. 

Looking internally eventually profits a firm’s morale and loyalty. Also, the corporation gains new cybersecurity expertise, and their employees gain whole new lucrative career.

Dealing with Legacy Systems

Patching systems and keeping them up-to-date is not an easy task. While many company are already equipped with built up infrastructure, including legacy equipment, frameworks, and equipment that has been tightly interwoven into their work processes, ripping out and replacing is not an easy alternative. CISOs are responsible for preserving and managing these older programs, while also using the most recent apps that are running in hybrid clouds and using contemporary frameworks. 

However, cybercriminals are smart. When attempting to hack into a network or steal data, they nearly always seek for the weakest link, and such outdated frameworks, apps, and infrastructures are frequently the chosen targets.

Thus, CISOs are required to work on their maintenance plans for all legacy software. External access should be completely eliminated, if at all possible, but it is crucial that teams receive training in security best practices for all active programming languages through practical training methods and courses. Nothing gets left behind when the most recent technologies are used alongside outdated languages that have proper security support.

Creating a Security-First Culture 

In order to improve security and ease the CISO's workload, the solution may not entirely depend on technology. The best way to genuinely establish a company where security is a top priority is through a shift in culture. CISOs are in a unique position to drive this transition, both with other executives and the people they lead. They are both members of senior management and members of the security team.

A security-first culture will thus implant security into every aspect of a company's operations. Instead of being a consideration until later in the SDLC, developers should be able to write secure code that is devoid of flaws and resistant to assaults right away. This effort should be led by designated security champions from among the developer ranks, who will serve as both a coach and a motivator. With this strategy, security is ingrained in the team's DNA and supported by management rather than being mandated from above.

While these changes cannot be met overnight, they may happen gradually with some combined efforts. Since, the threat landscapes remain complex, highly advanced and ubiquitous to be handled by any one individual or a small team. Thus, it requires every employee – no matter their role – to actively contribute to increased security; only then will a business have a chance to prevent costly breaches and downtime. 

Read more »
Ransomware attack
Cyber Attacks Dish Dish Network IT Lawsuits MyDISH Ransomware attack

DISH Network: Multiple Lawsuits Filed Against Dish After a Ransomware Attack


A multiple class action class lawsuit has been filed against Dish Network, following a ransomware incident that caused the company’s multi-day “network outage.” 

The lawsuit, filed across several states, asserts that DISH “overstated” its operating efficiency while operating with inferior cybersecurity and IT infrastructure. The objective of the lawsuit is to recover losses suffered by DISH investors who suffered adversities as a result of what has been referred to as "securities fraud." 

Dish Sued After Ransomware Incident 

After the issue came to light, at least six law firms are now pursuing a class action lawsuit against Dish to recoup losses for Dish stockholders due to the alleged "securities fraud" between February 22, 2021, and February 27, 2023. 

The complaint alleges Dish Network of attempting to conceal its operational effectiveness while maintaining "deficient" cybersecurity and IT infrastructure. 

"...As a result of the foregoing, the Company was unable to properly secure customer data, leaving it vulnerable to access by malicious third parties," states a court complaint, filed in the U.S. District Court of Colorado. 

The law firms representing the plaintiffs include Rosen Law Firm, Levi & Korsinsky, the New York-based Law firm of Vincent Wong, San Diego- based Robins LLP, Bragar Eagle & Squire, P.C., and Bernstein Liebhard LLP. 

"The foregoing cybersecurity deficiencies also both rendered Dish's operations susceptible to widespread service outages and hindered the Company's ability to respond to such outages; and... as a result, the company's public statements were materially false and misleading at all relevant times," states the complaint. 

Dish Stock Crumbled After Cyberattack 

DISH, a major American TV provider and satellite broadcaster, inexplicably went offline around February 24. Both its websites and applications ceased to work for several days. The "network outage" that the company had previously described also affected Boost Mobile. 

On February 28, in an SEC filing, DISH eventually confirmed being hit by a ransomware attack. 

After the disclosure, DISH continued to struggle for days to restore its IT infrastructure and the website Dish.com. Following the news of the ransomware attacks, the company’s stocks faced repercussions, with stock prices falling $0.79 per share, "or 6.48%, to close at $11.41 per share on February 28, 2023."

Since then, the company has kept up the battle against the widespread disruption to its cyber systems, notably the client site MyDISH. The company is informing its clients that they will be receiving paper bills for the month of March as a result.  

Read more »
Security Approach
Application Security Cisco Cyber Security DecSecOps IT IT Companies Organization security Security Approach

Utilizing an Integrated Approach for Application Security


Among every industry and organizations, application security has emerged as a progressively complex and challenging issue. Over the past few years, the rapid innovation in this field has resulted in the increase of attack surfaces, significantly where firms have shifted to modern application stacks on cloud-based security. Attack surfaces have also been expanded by the increased deployment of the Internet of Things (IoT) and connected devices, as well as by new hybrid working patterns. 

The volume and sophistication of cybercrime attacks have sharply increased at the same time, causing concerns inside IT departments. According to the most recent study from Cisco AppDynamics, the shift to a security approach for the full application stack, 78% of technologists believe that their company is susceptible to a multi-stage cybersecurity attack that would target the entire application stack over the course of the following 12 months. Indeed, such an attack might have catastrophic results for brands. 

The major problem for IT teams is the lack of the right level of visibility and insights in order to recognize where new threats are emerging across a complicated topology of applications. More than half of engineers claim that they frequently find themselves operating in "security limbo" since they are unsure of their priorities and areas of concentration. 

IT teams can safeguard the complete stack of modern apps throughout the entire application lifecycle by using an integrated approach to application security. It offers total protection for applications across code, containers, and Kubernetes, from development to production. Moreover, with coupled application and security monitoring, engineers can assess the potential business effect of vulnerabilities and then prioritize their responses instead of being left in the dark. 

Moving to a Security Approach for the Full Application Stack 

In order to improve the organization security, tech experts are recognizing the need for adopting a security strategy for the entire application stack that provides comprehensive protection for their applications from development through to production across code, containers, and Kubernetes. 

Moreover, IT teams are required to integrate their performances and security checks to gain a better understanding of the way security flaws and incidents could impact users and organizations. Tech experts can assess the significance of risks using severity scoring while taking the threat's context into account thanks to business transaction insights. This entails that they can give priority to threats that pose a risk to an application or environment that is crucial for conducting business. 

Due to the complexity and dynamic nature of cloud-native technologies, as well as the quick expansion of attack surfaces, IT teams are increasingly relying on automation and artificial intelligence (AI) to automatically identify and fix problems across the entire technology stack, including cloud-native microservices, Kubernetes containers, multi-cloud environments, or mainframe data centers. 

AI is already being used for continuous detection and prioritization, maximizing speed and uptime while lowering risk by automatically identifying and blocking security exploits without human interaction. Also, more than 75% of technologists think AI will become more crucial in tackling the issues their firm has with speed, size, and application security skills. 

To safeguard modern application stacks, companies must encourage much closer IT team collaboration. With a DevSecOps strategy, security teams analyze and evaluate security risks and priorities during planning phases to establish a solid basis for development. This adds security testing early in the development process. 

IT teams can be far more proactive and strategic in how they manage risk with a comprehensive approach to application security that combines automation, integrated performance, security monitoring, and DevSecOps approaches. A security strategy for the entire application stack can free engineers from their impasse and enable them to create more secure products, prevent expensive downtime, and advance into the next innovation era.  

Read more »
Vulnerabilities and Exploits
ConnectWise Cybersecurity Hackers IT RCE Software Vulnerabilities and Exploits

The RCE Vulnerability in ConnectWise Has Been Resolved

 


As part of the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions, ConnectWise has released security updates that address a critical vulnerability within those products. 

In an advisory published by the company today, the company describes the security flaw as being due to an injection vulnerability. This occurs when special elements in output are not adequately neutralized before entering a downstream component. 

Among the affected software, versions are ConnectWise Recover, earlier versions of the product, and R1Soft SBM versions 6.16.3 and earlier versions. 

Several security researchers have reported that this is a critical vulnerability that could expose confidential information or allow attackers to execute code remotely using the vulnerability.

Additionally, it categorized this as a high-priority issue, meaning that it may be exploited in attacks or at a high risk of being targeted in the wild if it is not addressed immediately. 

In a report released by Huntress Labs CEO Kyle Hanslovan, security researchers have discovered, rediscovered, and expanded on the vulnerability discovered by Code White security researcher Florian Hauser. According to Huntress Labs CEO Kyle Hanslovan, the vulnerability can be exploited to spread ransomware to thousands of R1Soft servers exposed to the Internet. This is done via R1Soft servers exposed to the Internet. 

Approximately 4,800 R1Soft servers that are exposed to the Internet may be vulnerable to attacks as a result of this RCE bug. According to a Shodan scan, these servers may not be patched since ConnectWise has released patches for this issue. 

There have been automatic updates applied to ConnectWise Recover SBMs that have been impacted by the vulnerability (v2.9.9), ConnectWise announced. 

It should be noted that Cryptree users are being advised to upgrade their R1Soft backup manager to the latest release, SBM v6.16.4, released on October 28, 2022, by following the steps detailed in the R1Soft upgrade wiki.

As part of the company's recommendation, all R1Soft backup servers that are impacted should be patched as soon as possible. 

Even though patching critical vulnerabilities is always something that cybersecurity professionals are strongly encouraged to do, they do not think it is wise to do it on a Friday evening, as it can be a potentially disastrous timing decision. 

As a result, all Internet-exposed servers such as websites will be compromised to the fullest extent by malicious actors as soon as they discover a vulnerability. 

There is also a tendency for hackers to be especially active on weekends since most IT teams and security teams are away from their computers during these busy times. 

As a result of an end-of-the-week release, it is also more difficult to patch any vulnerable servers before the weekend, potentially exposing more systems for a few days to attack, especially if the release takes place along with a holiday weekend. 

There is a concern that not patching the R1Soft SBM backup solution quickly may lead to a significant security incident. This is because the R1Soft SBM backup solution is a popular tool among managed service providers and cloud hosting providers.
Read more »
IT
Cloud Computing cloud storage Cyber Attacks Ethical Hacking IT

An In-Depth Exploration Of Cloud Hacking And Its Methods

 


Regardless of the size of a business or industry, cloud computing practices are becoming an increasingly popular IT practice among companies. It is a technological process that provides different services through the Internet on an on-demand basis. The resources involved in this process are various kinds of tools and applications, including software, servers, databases, networking, and data storage. It has become the most common threat in the industry because cloud hacking has become more popular due to its growing popularity.

Cloud computing, by using the Internet to store files, offers the possibility of saving files to a remote database instead of a proprietary hard drive or a local storage device. If an electronic device has access to the internet, it can access the data on the web and the software program that runs the data. This is as long as it has internet access.

It has therefore become the preferred option for both people and businesses for several reasons, including cost savings, increased productivity, speed and efficiency, performance, and security. 

As cloud computing is growing more and more popular, it is hardly surprising that the cloud is a target for hackers, the threat of cyber-hacking has seen a rapid increase following the widespread adoption of cloud computing. 

Cloud computing resources must be integrated into a company's cybersecurity strategy as an integral part of the defense against cybercrime to bolster the company's defenses. Using ethical hackers to scan cloud computing environments for vulnerabilities will allow businesses to maintain the highest degree of security. This will enable them to patch any security flaws before the attackers can exploit them.

How Does Ethical Hacking Work in Cloud Computing?


Because the choices for cloud computing are so diverse, cloud computing is now being used in some form or another by 98 percent of companies. Cloud services are often perceived as more secure than their counterparts, although they have their own set of problems when it comes to cloud hacking. 

In the wake of the exponential rise of cyberattacks on cloud-based applications, businesses need to find trusted security experts who can fix vulnerabilities and close any holes that could lead to attackers entering their systems through these channels.

It is important to protect cloud computing resources from security vulnerabilities in ethical hacking, just as it is essential to protect any other part of the information technology system. In terms of ethical hacking, there are many hats that ethical hackers wear when it comes to cloud computing. A major part of what ethical hackers do in cloud computing is identify security weaknesses and vulnerabilities in the computing infrastructure for organizations. This is being done to strengthen the security of the cloud service.


The Types of Cloud Computing: What Are They?


It is imperative to know that there are several different types of cloud computing that you can select according to your requirements. As a first step to classifying cloud services, you should start by determining where the cloud services are physically located:

Cloud services that are available to the general public are often called public cloud services because they are hosted and provided by third parties.

Private clouds are the cloud services available only to private individuals who want to use them for personal purposes.  Depending on their needs, they can either be hosted by the company itself or by a third-party service provider.

Alternatively, we can say that the customer uses a hybrid cloud strategy, in which the customer uses both public and private cloud services, for e.g., he uses a public cloud application and a private cloud database to store sensitive data.

Ethical hackers should familiarize themselves with the following cloud computing offerings as examples of how they can make use of the internet:

There is a common misconception regarding what Software as a Service means. Software as a service (SaaS) means that the cloud provider is responsible for updating and maintaining the software applications for the customer. The use of SaaS for business purposes includes the use of productivity applications such as Microsoft Office 365 as a common example.

'PaaS' stands for the platform as a service, and it provides customers with the ability to develop and run applications on a platform to that they have access. There are several examples of cloud computing services available, such as Microsoft Azure and Google App Engine.

As the name suggests, Infrastructure as a Service (IaaS) offers its customers access to hardware resources, such as computing, memory, storage, and networks through a subscription-based service. It should be noted, however, that customers have to provide their software that runs on the infrastructure.

Cloud hacking methodology: Essentials


Following the explanation of “What is cloud hacking?” and “What is cloud exploitation?" we will examine the methodology of cloud hacking. These are some examples of the kinds of attacks that ethical hackers must be aware of in the world of cloud computing to protect themselves.

Attacks using brute force, a brute-force attack is the easiest way to break into a cloud-based service, which involves trying several different combinations of usernames and passwords to see which one works. After gaining access to the system, adversaries can proceed to wreak havoc on the system and exfiltrate data from the cloud the same way they can do with any other kind of attacker.

Phishing is a different strategy than brute force attacks. This is because it impersonates a trusted third party to steal credentials from users by impersonating that third party. This is a more sophisticated kind of attack where the message is tailored to a particular individual consisting of data that is very specific.

A credential stuffing attack is one in which employees at an organization reuse their usernames and passwords across multiple services within their company. This puts the company at risk of being the victim of a credential-stuffing attack. An adversary can verify whether or not a list of user credentials stolen from a previous attack is a valid account on a different IT system. This is done by browsing through its database containing the stolen credentials.

As the cloud computing industry moves further towards the advancement of cloud computing, ethical hackers play an active role in the process. There have been an increasing number of cyberattacks on cloud infrastructure over the past few years. Ethical hacking is a key factor in making sure all businesses of any size and in any sector have appropriate defenses in place.
Read more »
Kaspersky
COVID-19 Cyber Security IT Kaspersky

The Covid-19 Pandemic Forces Businesses To Prioritise Investment In Cybersecurity Despite The Overall IT Budget Cuts

 


As per a Kaspersky report on ‘Investment adjustment: aligning IT budgets with changing security priorities’ organizations and businesses have focused around 'prioritizing investment' in cybersecurity in spite of the general IT budget cuts in the midst of the Coronavirus pandemic. 
The report said that “Cybersecurity remains a priority for investment among businesses. This is despite overall IT budgets decreasing in both segments amid the Covid-19 pandemic, and cybersecurity cuts affecting the most economically hit SMBs,”

And further included that, “external conditions and events can influence IT priorities for businesses. As a result of the Covid-19 lockdown, organisations have had to adjust plans to meet changing business needs – from emergency digitalisation to cost optimisation.” 

The current share of cybersecurity in IT spending has gone up from 23 percent in 2019 to 26 percent in 2020 for especially small and medium businesses (SMBs). For enterprises though, cybersecurity's offer in spending has expanded to 29 percent in 2020 from 26 percent a year ago. 

By and large, 10% of associations agree and implement the fact that they will spend less on IT security. The principle purpose behind the decreased spending on security in the endeavour was supposed to be a conscious choice by the top management to reduce spending, seeing no reason for investing “so much money in cybersecurity in the future.” 

Alexander Moiseev, Chief Business Officer at Kaspersky, nonetheless stresses on the fact that, “2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat…” 

He included later, “even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defences – by turning to free security solutions available on the market and by introducing security awareness programmes across the organisation. Those are small steps that can make a difference, especially for SMBs…”


Read more »
IT
COVID-19 Cyber Attacks Cyber Security IT

Enterprises Improving Their Response to Cybersecurity Incidents, Yet Contributing To Reduce the Effectiveness of Defense


IBM recently released the results of a global survey, which recommended that while investment and planning are on the uptake, adequacy isn't on a similar 'incline', with reaction endeavors hindered by complexity brought about by divided toolsets.

Conducted by the Ponemon Institute, the research highlighted reactions from more than 3,400 security and IT staff across the world.

This research was IBM's fifth annual Cyber Resilient Organization Report, which says that while organizations are improving in cyberattack planning, identification, and response, their capacity to contain a functioning threat has declined by 13%.

By and large, enterprises send 45 cybersecurity-related tools on their networks yet the widespread utilization of an excessive number of tools may add to an inability not only to distinguish, yet additionally to shield from dynamic attacks.

While it creates the impression that the enterprise cybersecurity scene is achieving another degree of development, in any case, with 26% of respondents saying that their organizations have now embraced formal, all-inclusive Cyber Security Incident Response Plans (CSIRPs), there's been an expansion from 18% five years ago.

In total, nonetheless, 74% of respondents said their cybersecurity planning posture despite everything fails to be desired, without any plans, especially ad-hoc plans, or irregularity still a thistle in its IT staff.

Furthermore, among the individuals who have adopted a reaction plan, just a third has made a playbook for basic attack types to keep an eye out for during daily tasks.

"Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face," the report notes.

As indicated by IBM, an absence of planning and response testing can prompt a damages bill up to $1.2 million higher than a cyberattack would have in any case cost a victim company and the expense can be high as far as disruption is concerned.

Thus IBM responded that "With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on out-dated response plans which don't reflect the current threat and business landscape."

This is all considering the COVID-19 pandemic and the rapid and sudden changes a large number of us have encountered in our workplaces, CSIRP arrangements should be inspected, and if need be, changed to adjust to the working from home environment.
Read more »
Scam Report
FIR IT Scam Report

IT Firm’s Directors Arrested In A Rs 3,000 Crore E-Tendering Scam




Officials of Osmo IT Solutions were arrested by the economic offenses wing (EOW) on Thursday; just a day after a FIR was lodged in the Rs 3,000-crore e-tendering case.

The police have arrested the firm's director's Vinay Choudhary and Varun Chaturvedi, along with the marketing head Sunil Golwalkar according to the EOW superintendent of police (Bhopal), Arun Mishra.

The case identifies with how a few firms purportedly illicitly figured out how to hack the e-procurement portal to see the e-tenders before the offer was to be opened and after that roll out the favourable changes in the bid.

Indeed, even after the inquiry was going on in the workplaces of Osmo in Man Sarovar Complex, Bhopal, Mishra said that the computer emergency response team report had called attention to altering in the e-tendering that had been done in the Osmo office.

 “They are in our custody and we are questioning them. We have also seized hard disks and analyzing the server data of the company,” he adds later.

EOW authorities said that in 2016, OSMO IT Solutions had been asked to organize a performance testing on for what reason the e-procurement portal was working so slowly. For that reason a "Demo department" was created in mid-2016 for preparing and practice for the department authorities and bidders.

Later when the scam broke, an internal inquiry by Madhya Pradesh state economic development corporation (MPSEDC), who facilitated the e-tendering portal, found that the user ID given to OSMO (PT_4) was utilized more than once to get to the e-procurement portal to change the 'tender document' and the CERT report checked that the progressions had been produced using the offices of OSMO.

 “We are contacting all the departments and taking data from MPSEDC. So far we had been investigating only nine tenders from five departments, but since we are sure that a crime has been committed, it is logical that we expand the ambit of our investigations and include all e-tenders floated so far,” said the officials.

In the FIR lodged yesterday, the cases had been enrolled against five departments and eight companies, which included OSMO IT Solutions.

Read more »
Subscribe to: Posts (Atom)