Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label IT. Show all posts

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

In May, Ascension, a healthcare provider with a network of 140 hospitals across the U.S., suffered a major cyber-attack that disrupted its clinical operations for almost a month. Experts traced the problem to a malicious ransomware that had exploited an employee's computer. 

Healthcare: Juicy Target for Criminals

Threat actors see healthcare systems as lucrative targets for cybercrime because they hold crucial financial, health, and personal data. A 2023 survey research in health and IT professionals revealed that 88% of organizations had suffered around 40% of attacks in the past year. 

Complexity: Flaw in IT System

One major flaw is the rise of complexity in IT systems, says Hüseyin Tanriverdi, associate professor of information, risk, and operations management at Texas McCombs. He believes it's due to years of mergers and acquisitions that have made large-scale multi-hospital systems. 

After mergers, healthcare providers don’t standardize their tech and security operations, which results in causing major complexity in the health systems- different IT systems, different care processes, and different command structures. 

But his new research shows complexity can also offer solutions to these issues. “A good kind of complexity,” Tanriverdi believes can support communication across different systems, governance structures, and care processes, and combat against cyber incidents.

Understanding the Complex vs. Complicated

The research team found two similar-sounding IT terms that link to the problem. In “complicatedness,” an abundance of elements interconnect in a system for sharing info in structured ways. Whereas “complexity” happens when many elements interconnect to share information in unstructured ways- integrating systems following a merger and acquisition. 

Tanrivedi believes complicated structures are better because they are structured, despite being difficult, one can control them. Such is not the case with complex systems as they are unstructured networks. He believes healthcare systems got more vulnerable as they got more complex, 29% were more likely to get hit than average. 

Solution for Better Healthcare Security

Complex systems offer hackers more data transfer points to attack, and a higher risk for human errors, making it a bigger problem.

The solution lies in following a centralized approach for handling the data. “With fewer access points and simplified and hardened cybersecurity controls, unauthorized parties are less likely to gain unauthorized access to patient data,” says Tanrivedi. “Technology reduces cybersecurity risks if it is organized and governed well.”

Rise of Hacktivist Groups Targeting OT Systems

Recent research from Waterfall Security Solutions has revealed important insights into the changing nature of cyberattacks on Operational Technology (OT) organizations. One key finding is the rise of hacktivist groups as major players in targeting OT systems. 

Additionally, the study emphasizes that most disruptions in OT environments do not occur directly through manipulation of OT systems but rather as a result of IT-based attacks, particularly ransomware incidents. In simpler terms, hackers are increasingly using ransomware to disrupt OT operations, and these disruptions are causing significant problems for OT organizations. 

Let’s Understand Operational Technology 

Operational Technology (OT) involves using both hardware and software to control industrial equipment, focusing on how it interacts with the physical world. This includes systems like programmable logic controllers (PLCs), distributed control systems (DCSs), and supervisory control and data acquisition (SCADA) systems. 

OT environments are responsible for overseeing and managing real-world processes in industries like manufacturing, energy, healthcare, building management, and environmental systems. 

Differences Between OT, IT, and IOT 

The blending of Operational Technology (OT) and Information Technology (IT) is changing industries in the era of the Internet of Things (IoT). OT deals with managing physical equipment, while IT deals with data systems. IoT connects ordinary objects to the internet, allowing smooth communication and automation. This merging presents fresh chances for making processes more efficient and fostering innovation in various fields. 

Following the report, it highlights a worrying trend a nearly 20% rise in cyberattacks causing physical consequences. 

As per report, last year, cyber incidents inflicted hefty financial blows on companies like Johnson Controls and Clorox, racking up costs of approximately $27 million and $49 million, respectively. In Massachusetts, MKS Instruments faced a staggering $200 million loss due to a cyberattack that halted its operations temporarily. Moreover, its supplier, Applied Materials Inc. based in California, reported an additional loss of $250 million stemming from the same incident. 

Further it reveals that only about 25% of cyberattacks cause problems for operational technology (OT) but instead compromise other parts of the network infrastructure directly. Various attacks happen by compromising machines in the IT network. 

Andrew Ginter, from Waterfall, explains that companies often shut down their OT systems as a precaution when there is a risk of nearby compromised processes. For example, Hahn Group GmbH turned off its systems after an attack last March, leading to weeks of recovery work. Similarly, UK Royal Mail had printers hijacked to print ransom notes, resulting in nationwide mail export suspensions and £42 million in losses. 

Furthermore, Ginter points out if there is a problem with the IT network, it can affect the OT network and vice versa, potentially leading to disruptions in physical operations that rely on these networks.

SaaS Challenges and How to Overcome Them


According to 25% of participants in an IBM study conducted in September 2022 among 3,000 companies and tech executives worldwide, security worries stand in the way of their ability to achieve their cloud-related goals. Nowadays, a lot of organizations think that using the cloud comes with hazards. However, the truth is not quite that dire; if you follow certain security best practices, the cloud may be a safe haven for your data.

Businesses need to have a solid security plan in place to handle their SaaS security concerns if they want to fully benefit from cloud computing. In the first place, what are these worries?

SaaS Challenges

  • Lack of experts in IT security. Companies compete intensely to attract qualified specialists in the tight market for IT security professionals, especially those working on cloud security. In the United States, there are often insufficient skilled workers to cover only 66% of cybersecurity job openings.
  • Problems with cloud migration. A major obstacle to cloud adoption, according to 78% of cloud decision-makers surveyed by Flexera in 2023, was a lack of resources and experience. Inexperience with cloud systems can result in security-compromising migration errors.
  • Insider dangers and data breaches. Regretfully, the largest challenge facing cloud computing is still data breaches. 39% of the firms polled in the 2023 Thales Cloud Security Study reported having data breaches.
  • SaaS enlargement. Some businesses utilize more SaaS technologies than they require. According to BetterCloud, companies used 130 SaaS apps on average in 2022, which is 18% more than in 2021. Managing multiple SaaS apps increases the amount of knowledge and error-proneness that can arise.
  • Adherence to regulations. The technology used in clouds is quite recent. As a result, there may be gaps in some SaaS standards, and industry or national compliance standards are frequently different. Security is compromised when SaaS tools are used that don't adhere to international rules or lack industry standards.
  • Security and certification requirements. To protect client data, SaaS providers must adhere to industry standards like SOC 2 and ISO 27001. Although it requires more work for vendors, certifying adherence to such standards is crucial for reducing security threats.

Monitoring Leading SaaS Security Trends

Cyberattacks will cost businesses $10.5 trillion annually by 2025, a 300% increase over 2015, predicts McKinsey. Businesses need to keep up with the latest developments in data security if they want to reduce the risk and expense of cyberattacks. They must adopt a shared responsibility model and cloud-native solutions built with DevSecOps standards to actively manage their SaaS security.


Data Theft Surge: How IT Admins Are Fighting Back

 


A survey conducted by the company between the 9th and 14th of August 2023 revealed that 55% of IT security decision-makers ranked data theft as their top concern among all IT security concerns they face. There is an interesting trend taking place in terms of ransomware, which has been a staple concern of ours, now slipping from first to third place (29%) behind phishing attacks (35%). 

Based on the results of a survey conducted by the CIO Institute, which collated responses from 205 IT security decision-makers, it was discovered that advanced persistent threats (APTs) and targeted attacks were of greater concern to CIOs (30%) and CTOs (33%), than ransomware (28%, 33%). 

As such, the majority of these APT attack methods are designed to achieve national-level objectives, such as the destruction of infrastructure or the conduct of espionage operations. Based on the data, it appears that data theft is the second most commonly encountered cybersecurity incident within organizations, ranking at 27% of cases reported in the study. 

With 46%, phishing is still at the top of the list when it comes to cybercrime. Therefore, it has become imperative to protect sensitive data, which is why nearly half of the professionals surveyed said they stayed up all night to do so (48%). 

What is Data Theft?


When someone steals data from a computer, server, or another device, to install malware on that device and obtain confidential information, it is considered data theft, as it violates the privacy of the victim. There are increasing numbers of computer users, corporations and organizations that are committing data theft as a major problem. 

At the corporate level, there is a real risk of insiders stealing data from the company as well as from outside its walls; minimizing the risk of insider data theft is anything but an easy task.  The emergence of ransomware has caused headlines over the last decade since it first gained prominence over a decade ago. 

The ransomware has since undergone several evolution cycles and is now capable of both encrypting and stealing sensitive data from a network. It has become increasingly complex for businesses to manage IT environments due to the proliferation of multi-cloud strategies and multiple products, as well as the fact that many enterprises are now using multiple products and multi-cloud strategies, which can lead to security breaches and businesses being forced to pay for tools that are underused or overlap. 

As a result of consolidating cybersecurity architectures, risks can be mitigated, instruments and vendors can be reduced, silos can be removed, costs can be decreased and overall security posture will be improved. A recent study found that security alerts are on the rise, with 89 per cent of respondents reporting an increase in security alert volumes over the past twelve months, while 76 per cent said that alerts have increased by between one and fifty per cent in the past year. 

As a result, 26 per cent of respondents stated a 26 to 50 per cent increase in alerts, which emphasizes that security teams are under increasing pressure and that businesses are facing an ever-increasing number of threats. As a result of losing data in this way, a business is not only at risk of losing customers due to a tarnished image, but they can also potentially lose profits due to disruption and be fined by law enforcement agencies, state legislators, and privacy watchdogs for failure to keep their business data protected. 

A further point to note is that in addition to ransomware, advanced persistent threats (APTs) and targeted attacks are seen as being a greater threat even among CIOs (30%) and CTOs (33%). To mitigate these risks, robust security measures must be implemented to protect these systems and data.

With CISOs' Evolved Roles, They Must Also Evolve Their Ways


Evolving Role of CISO

Before the rapid development and popularity of digitization, the role of CISO (Chief Information Security Officer) was constrained to just being a part of IT teams, directing IT staff and planning cybersecurity defense. Regardless of conducting crucial tasks, CISOs were not traditionally a part of high management and had limited influence on the main business.

This has changed due to the rising risk of a cybersecurity breach and the rising expense of remediation. CISO is no longer a mere security evangelist, but holds much greater significance in the IT world. 

However, with more power comes more responsibility. The cyber landscape now has become more complicated than ever, with more frequent cybercrime activities being witnessed than ever before. As cyberattacks become more complex, frequent, and damaging, the CISO is ultimately responsible for any defensive blunders made in defending against existing and new risks.

Moreover, the shortage of security professionals only adds to the struggle and strain that comes with this profession. Thus, CISO is required to focus on this issue to maintain its efficiency, with their evolving jobs. They may both safeguard their businesses and reduce their stress levels by devoting time and money to important areas like cultivating loyalty, dealing with legacy systems, and developing a culture that prioritizes security.

Building Loyalty and Skills

Competing with one another, CISOs are striving to acquire qualified cybersecurity personnel. Because there is now a dearth of qualified cybersecurity professionals and great demand, the majority of them may select where they work and demand higher pay. It will be challenging to compete with this, especially for CISOs who increasingly have more budgetary authority but also more accountability for spending wisely.

CISO can instead employee professionals who are not much skilled in cybersecurity, or even work in IT. They might gradually transition into important new cybersecurity responsibilities with the correct training and assistance. After all, not all cybersecurity positions require technological expertise.

Moreover, for roles that do require technical skills, Many firms have an underutilized resource—their developer community. Developers are in a great position to upgrade their skills, could learn secure coding approaches, and share responsibility for security because of their solid understanding of how computers function. 

Looking internally eventually profits a firm’s morale and loyalty. Also, the corporation gains new cybersecurity expertise, and their employees gain whole new lucrative career.

Dealing with Legacy Systems

Patching systems and keeping them up-to-date is not an easy task. While many company are already equipped with built up infrastructure, including legacy equipment, frameworks, and equipment that has been tightly interwoven into their work processes, ripping out and replacing is not an easy alternative. CISOs are responsible for preserving and managing these older programs, while also using the most recent apps that are running in hybrid clouds and using contemporary frameworks. 

However, cybercriminals are smart. When attempting to hack into a network or steal data, they nearly always seek for the weakest link, and such outdated frameworks, apps, and infrastructures are frequently the chosen targets.

Thus, CISOs are required to work on their maintenance plans for all legacy software. External access should be completely eliminated, if at all possible, but it is crucial that teams receive training in security best practices for all active programming languages through practical training methods and courses. Nothing gets left behind when the most recent technologies are used alongside outdated languages that have proper security support.

Creating a Security-First Culture 

In order to improve security and ease the CISO's workload, the solution may not entirely depend on technology. The best way to genuinely establish a company where security is a top priority is through a shift in culture. CISOs are in a unique position to drive this transition, both with other executives and the people they lead. They are both members of senior management and members of the security team.

A security-first culture will thus implant security into every aspect of a company's operations. Instead of being a consideration until later in the SDLC, developers should be able to write secure code that is devoid of flaws and resistant to assaults right away. This effort should be led by designated security champions from among the developer ranks, who will serve as both a coach and a motivator. With this strategy, security is ingrained in the team's DNA and supported by management rather than being mandated from above.

While these changes cannot be met overnight, they may happen gradually with some combined efforts. Since, the threat landscapes remain complex, highly advanced and ubiquitous to be handled by any one individual or a small team. Thus, it requires every employee – no matter their role – to actively contribute to increased security; only then will a business have a chance to prevent costly breaches and downtime. 

DISH Network: Multiple Lawsuits Filed Against Dish After a Ransomware Attack


A multiple class action class lawsuit has been filed against Dish Network, following a ransomware incident that caused the company’s multi-day “network outage.” 

The lawsuit, filed across several states, asserts that DISH “overstated” its operating efficiency while operating with inferior cybersecurity and IT infrastructure. The objective of the lawsuit is to recover losses suffered by DISH investors who suffered adversities as a result of what has been referred to as "securities fraud." 

Dish Sued After Ransomware Incident 

After the issue came to light, at least six law firms are now pursuing a class action lawsuit against Dish to recoup losses for Dish stockholders due to the alleged "securities fraud" between February 22, 2021, and February 27, 2023. 

The complaint alleges Dish Network of attempting to conceal its operational effectiveness while maintaining "deficient" cybersecurity and IT infrastructure. 

"...As a result of the foregoing, the Company was unable to properly secure customer data, leaving it vulnerable to access by malicious third parties," states a court complaint, filed in the U.S. District Court of Colorado. 

The law firms representing the plaintiffs include Rosen Law Firm, Levi & Korsinsky, the New York-based Law firm of Vincent Wong, San Diego- based Robins LLP, Bragar Eagle & Squire, P.C., and Bernstein Liebhard LLP. 

"The foregoing cybersecurity deficiencies also both rendered Dish's operations susceptible to widespread service outages and hindered the Company's ability to respond to such outages; and... as a result, the company's public statements were materially false and misleading at all relevant times," states the complaint. 

Dish Stock Crumbled After Cyberattack 

DISH, a major American TV provider and satellite broadcaster, inexplicably went offline around February 24. Both its websites and applications ceased to work for several days. The "network outage" that the company had previously described also affected Boost Mobile. 

On February 28, in an SEC filing, DISH eventually confirmed being hit by a ransomware attack. 

After the disclosure, DISH continued to struggle for days to restore its IT infrastructure and the website Dish.com. Following the news of the ransomware attacks, the company’s stocks faced repercussions, with stock prices falling $0.79 per share, "or 6.48%, to close at $11.41 per share on February 28, 2023."

Since then, the company has kept up the battle against the widespread disruption to its cyber systems, notably the client site MyDISH. The company is informing its clients that they will be receiving paper bills for the month of March as a result.  

Utilizing an Integrated Approach for Application Security


Among every industry and organizations, application security has emerged as a progressively complex and challenging issue. Over the past few years, the rapid innovation in this field has resulted in the increase of attack surfaces, significantly where firms have shifted to modern application stacks on cloud-based security. Attack surfaces have also been expanded by the increased deployment of the Internet of Things (IoT) and connected devices, as well as by new hybrid working patterns. 

The volume and sophistication of cybercrime attacks have sharply increased at the same time, causing concerns inside IT departments. According to the most recent study from Cisco AppDynamics, the shift to a security approach for the full application stack, 78% of technologists believe that their company is susceptible to a multi-stage cybersecurity attack that would target the entire application stack over the course of the following 12 months. Indeed, such an attack might have catastrophic results for brands. 

The major problem for IT teams is the lack of the right level of visibility and insights in order to recognize where new threats are emerging across a complicated topology of applications. More than half of engineers claim that they frequently find themselves operating in "security limbo" since they are unsure of their priorities and areas of concentration. 

IT teams can safeguard the complete stack of modern apps throughout the entire application lifecycle by using an integrated approach to application security. It offers total protection for applications across code, containers, and Kubernetes, from development to production. Moreover, with coupled application and security monitoring, engineers can assess the potential business effect of vulnerabilities and then prioritize their responses instead of being left in the dark. 

Moving to a Security Approach for the Full Application Stack 

In order to improve the organization security, tech experts are recognizing the need for adopting a security strategy for the entire application stack that provides comprehensive protection for their applications from development through to production across code, containers, and Kubernetes. 

Moreover, IT teams are required to integrate their performances and security checks to gain a better understanding of the way security flaws and incidents could impact users and organizations. Tech experts can assess the significance of risks using severity scoring while taking the threat's context into account thanks to business transaction insights. This entails that they can give priority to threats that pose a risk to an application or environment that is crucial for conducting business. 

Due to the complexity and dynamic nature of cloud-native technologies, as well as the quick expansion of attack surfaces, IT teams are increasingly relying on automation and artificial intelligence (AI) to automatically identify and fix problems across the entire technology stack, including cloud-native microservices, Kubernetes containers, multi-cloud environments, or mainframe data centers. 

AI is already being used for continuous detection and prioritization, maximizing speed and uptime while lowering risk by automatically identifying and blocking security exploits without human interaction. Also, more than 75% of technologists think AI will become more crucial in tackling the issues their firm has with speed, size, and application security skills. 

To safeguard modern application stacks, companies must encourage much closer IT team collaboration. With a DevSecOps strategy, security teams analyze and evaluate security risks and priorities during planning phases to establish a solid basis for development. This adds security testing early in the development process. 

IT teams can be far more proactive and strategic in how they manage risk with a comprehensive approach to application security that combines automation, integrated performance, security monitoring, and DevSecOps approaches. A security strategy for the entire application stack can free engineers from their impasse and enable them to create more secure products, prevent expensive downtime, and advance into the next innovation era.  

The RCE Vulnerability in ConnectWise Has Been Resolved

 


As part of the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions, ConnectWise has released security updates that address a critical vulnerability within those products. 

In an advisory published by the company today, the company describes the security flaw as being due to an injection vulnerability. This occurs when special elements in output are not adequately neutralized before entering a downstream component. 

Among the affected software, versions are ConnectWise Recover, earlier versions of the product, and R1Soft SBM versions 6.16.3 and earlier versions. 

Several security researchers have reported that this is a critical vulnerability that could expose confidential information or allow attackers to execute code remotely using the vulnerability.

Additionally, it categorized this as a high-priority issue, meaning that it may be exploited in attacks or at a high risk of being targeted in the wild if it is not addressed immediately. 

In a report released by Huntress Labs CEO Kyle Hanslovan, security researchers have discovered, rediscovered, and expanded on the vulnerability discovered by Code White security researcher Florian Hauser. According to Huntress Labs CEO Kyle Hanslovan, the vulnerability can be exploited to spread ransomware to thousands of R1Soft servers exposed to the Internet. This is done via R1Soft servers exposed to the Internet. 

Approximately 4,800 R1Soft servers that are exposed to the Internet may be vulnerable to attacks as a result of this RCE bug. According to a Shodan scan, these servers may not be patched since ConnectWise has released patches for this issue. 

There have been automatic updates applied to ConnectWise Recover SBMs that have been impacted by the vulnerability (v2.9.9), ConnectWise announced. 

It should be noted that Cryptree users are being advised to upgrade their R1Soft backup manager to the latest release, SBM v6.16.4, released on October 28, 2022, by following the steps detailed in the R1Soft upgrade wiki.

As part of the company's recommendation, all R1Soft backup servers that are impacted should be patched as soon as possible. 

Even though patching critical vulnerabilities is always something that cybersecurity professionals are strongly encouraged to do, they do not think it is wise to do it on a Friday evening, as it can be a potentially disastrous timing decision. 

As a result, all Internet-exposed servers such as websites will be compromised to the fullest extent by malicious actors as soon as they discover a vulnerability. 

There is also a tendency for hackers to be especially active on weekends since most IT teams and security teams are away from their computers during these busy times. 

As a result of an end-of-the-week release, it is also more difficult to patch any vulnerable servers before the weekend, potentially exposing more systems for a few days to attack, especially if the release takes place along with a holiday weekend. 

There is a concern that not patching the R1Soft SBM backup solution quickly may lead to a significant security incident. This is because the R1Soft SBM backup solution is a popular tool among managed service providers and cloud hosting providers.

An In-Depth Exploration Of Cloud Hacking And Its Methods

 


Regardless of the size of a business or industry, cloud computing practices are becoming an increasingly popular IT practice among companies. It is a technological process that provides different services through the Internet on an on-demand basis. The resources involved in this process are various kinds of tools and applications, including software, servers, databases, networking, and data storage. It has become the most common threat in the industry because cloud hacking has become more popular due to its growing popularity.

Cloud computing, by using the Internet to store files, offers the possibility of saving files to a remote database instead of a proprietary hard drive or a local storage device. If an electronic device has access to the internet, it can access the data on the web and the software program that runs the data. This is as long as it has internet access.

It has therefore become the preferred option for both people and businesses for several reasons, including cost savings, increased productivity, speed and efficiency, performance, and security. 

As cloud computing is growing more and more popular, it is hardly surprising that the cloud is a target for hackers, the threat of cyber-hacking has seen a rapid increase following the widespread adoption of cloud computing. 

Cloud computing resources must be integrated into a company's cybersecurity strategy as an integral part of the defense against cybercrime to bolster the company's defenses. Using ethical hackers to scan cloud computing environments for vulnerabilities will allow businesses to maintain the highest degree of security. This will enable them to patch any security flaws before the attackers can exploit them.

How Does Ethical Hacking Work in Cloud Computing?


Because the choices for cloud computing are so diverse, cloud computing is now being used in some form or another by 98 percent of companies. Cloud services are often perceived as more secure than their counterparts, although they have their own set of problems when it comes to cloud hacking. 

In the wake of the exponential rise of cyberattacks on cloud-based applications, businesses need to find trusted security experts who can fix vulnerabilities and close any holes that could lead to attackers entering their systems through these channels.

It is important to protect cloud computing resources from security vulnerabilities in ethical hacking, just as it is essential to protect any other part of the information technology system. In terms of ethical hacking, there are many hats that ethical hackers wear when it comes to cloud computing. A major part of what ethical hackers do in cloud computing is identify security weaknesses and vulnerabilities in the computing infrastructure for organizations. This is being done to strengthen the security of the cloud service.


The Types of Cloud Computing: What Are They?


It is imperative to know that there are several different types of cloud computing that you can select according to your requirements. As a first step to classifying cloud services, you should start by determining where the cloud services are physically located:

Cloud services that are available to the general public are often called public cloud services because they are hosted and provided by third parties.

Private clouds are the cloud services available only to private individuals who want to use them for personal purposes.  Depending on their needs, they can either be hosted by the company itself or by a third-party service provider.

Alternatively, we can say that the customer uses a hybrid cloud strategy, in which the customer uses both public and private cloud services, for e.g., he uses a public cloud application and a private cloud database to store sensitive data.

Ethical hackers should familiarize themselves with the following cloud computing offerings as examples of how they can make use of the internet:

There is a common misconception regarding what Software as a Service means. Software as a service (SaaS) means that the cloud provider is responsible for updating and maintaining the software applications for the customer. The use of SaaS for business purposes includes the use of productivity applications such as Microsoft Office 365 as a common example.

'PaaS' stands for the platform as a service, and it provides customers with the ability to develop and run applications on a platform to that they have access. There are several examples of cloud computing services available, such as Microsoft Azure and Google App Engine.

As the name suggests, Infrastructure as a Service (IaaS) offers its customers access to hardware resources, such as computing, memory, storage, and networks through a subscription-based service. It should be noted, however, that customers have to provide their software that runs on the infrastructure.

Cloud hacking methodology: Essentials


Following the explanation of “What is cloud hacking?” and “What is cloud exploitation?" we will examine the methodology of cloud hacking. These are some examples of the kinds of attacks that ethical hackers must be aware of in the world of cloud computing to protect themselves.

Attacks using brute force, a brute-force attack is the easiest way to break into a cloud-based service, which involves trying several different combinations of usernames and passwords to see which one works. After gaining access to the system, adversaries can proceed to wreak havoc on the system and exfiltrate data from the cloud the same way they can do with any other kind of attacker.

Phishing is a different strategy than brute force attacks. This is because it impersonates a trusted third party to steal credentials from users by impersonating that third party. This is a more sophisticated kind of attack where the message is tailored to a particular individual consisting of data that is very specific.

A credential stuffing attack is one in which employees at an organization reuse their usernames and passwords across multiple services within their company. This puts the company at risk of being the victim of a credential-stuffing attack. An adversary can verify whether or not a list of user credentials stolen from a previous attack is a valid account on a different IT system. This is done by browsing through its database containing the stolen credentials.

As the cloud computing industry moves further towards the advancement of cloud computing, ethical hackers play an active role in the process. There have been an increasing number of cyberattacks on cloud infrastructure over the past few years. Ethical hacking is a key factor in making sure all businesses of any size and in any sector have appropriate defenses in place.

The Covid-19 Pandemic Forces Businesses To Prioritise Investment In Cybersecurity Despite The Overall IT Budget Cuts

 


As per a Kaspersky report on ‘Investment adjustment: aligning IT budgets with changing security priorities’ organizations and businesses have focused around 'prioritizing investment' in cybersecurity in spite of the general IT budget cuts in the midst of the Coronavirus pandemic. 
The report said that “Cybersecurity remains a priority for investment among businesses. This is despite overall IT budgets decreasing in both segments amid the Covid-19 pandemic, and cybersecurity cuts affecting the most economically hit SMBs,”

And further included that, “external conditions and events can influence IT priorities for businesses. As a result of the Covid-19 lockdown, organisations have had to adjust plans to meet changing business needs – from emergency digitalisation to cost optimisation.” 

The current share of cybersecurity in IT spending has gone up from 23 percent in 2019 to 26 percent in 2020 for especially small and medium businesses (SMBs). For enterprises though, cybersecurity's offer in spending has expanded to 29 percent in 2020 from 26 percent a year ago. 

By and large, 10% of associations agree and implement the fact that they will spend less on IT security. The principle purpose behind the decreased spending on security in the endeavour was supposed to be a conscious choice by the top management to reduce spending, seeing no reason for investing “so much money in cybersecurity in the future.” 

Alexander Moiseev, Chief Business Officer at Kaspersky, nonetheless stresses on the fact that, “2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat…” 

He included later, “even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defences – by turning to free security solutions available on the market and by introducing security awareness programmes across the organisation. Those are small steps that can make a difference, especially for SMBs…”


Enterprises Improving Their Response to Cybersecurity Incidents, Yet Contributing To Reduce the Effectiveness of Defense


IBM recently released the results of a global survey, which recommended that while investment and planning are on the uptake, adequacy isn't on a similar 'incline', with reaction endeavors hindered by complexity brought about by divided toolsets.

Conducted by the Ponemon Institute, the research highlighted reactions from more than 3,400 security and IT staff across the world.

This research was IBM's fifth annual Cyber Resilient Organization Report, which says that while organizations are improving in cyberattack planning, identification, and response, their capacity to contain a functioning threat has declined by 13%.

By and large, enterprises send 45 cybersecurity-related tools on their networks yet the widespread utilization of an excessive number of tools may add to an inability not only to distinguish, yet additionally to shield from dynamic attacks.

While it creates the impression that the enterprise cybersecurity scene is achieving another degree of development, in any case, with 26% of respondents saying that their organizations have now embraced formal, all-inclusive Cyber Security Incident Response Plans (CSIRPs), there's been an expansion from 18% five years ago.

In total, nonetheless, 74% of respondents said their cybersecurity planning posture despite everything fails to be desired, without any plans, especially ad-hoc plans, or irregularity still a thistle in its IT staff.

Furthermore, among the individuals who have adopted a reaction plan, just a third has made a playbook for basic attack types to keep an eye out for during daily tasks.

"Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face," the report notes.

As indicated by IBM, an absence of planning and response testing can prompt a damages bill up to $1.2 million higher than a cyberattack would have in any case cost a victim company and the expense can be high as far as disruption is concerned.

Thus IBM responded that "With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on out-dated response plans which don't reflect the current threat and business landscape."

This is all considering the COVID-19 pandemic and the rapid and sudden changes a large number of us have encountered in our workplaces, CSIRP arrangements should be inspected, and if need be, changed to adjust to the working from home environment.

IT Firm’s Directors Arrested In A Rs 3,000 Crore E-Tendering Scam




Officials of Osmo IT Solutions were arrested by the economic offenses wing (EOW) on Thursday; just a day after a FIR was lodged in the Rs 3,000-crore e-tendering case.

The police have arrested the firm's director's Vinay Choudhary and Varun Chaturvedi, along with the marketing head Sunil Golwalkar according to the EOW superintendent of police (Bhopal), Arun Mishra.

The case identifies with how a few firms purportedly illicitly figured out how to hack the e-procurement portal to see the e-tenders before the offer was to be opened and after that roll out the favourable changes in the bid.

Indeed, even after the inquiry was going on in the workplaces of Osmo in Man Sarovar Complex, Bhopal, Mishra said that the computer emergency response team report had called attention to altering in the e-tendering that had been done in the Osmo office.

 “They are in our custody and we are questioning them. We have also seized hard disks and analyzing the server data of the company,” he adds later.

EOW authorities said that in 2016, OSMO IT Solutions had been asked to organize a performance testing on for what reason the e-procurement portal was working so slowly. For that reason a "Demo department" was created in mid-2016 for preparing and practice for the department authorities and bidders.

Later when the scam broke, an internal inquiry by Madhya Pradesh state economic development corporation (MPSEDC), who facilitated the e-tendering portal, found that the user ID given to OSMO (PT_4) was utilized more than once to get to the e-procurement portal to change the 'tender document' and the CERT report checked that the progressions had been produced using the offices of OSMO.

 “We are contacting all the departments and taking data from MPSEDC. So far we had been investigating only nine tenders from five departments, but since we are sure that a crime has been committed, it is logical that we expand the ambit of our investigations and include all e-tenders floated so far,” said the officials.

In the FIR lodged yesterday, the cases had been enrolled against five departments and eight companies, which included OSMO IT Solutions.