Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label NIS. Show all posts
Security Report
Cyber Security Cybersecurity measures cybersecurity research ENISA EU European Commission NIS NIS2 Directive Security Report

ENISA’s Biennial Cybersecurity Report Highlights EU Threats and Policy Needs

 

The EU Agency for Cybersecurity (ENISA) has released its inaugural biennial report under the NIS 2 Directive, offering an analysis of cybersecurity maturity and capabilities across the EU. Developed in collaboration with all 27 EU Member States and the European Commission, the report provides evidence-based insights into existing vulnerabilities, strengths, and areas requiring improvement. Juhan Lepassaar, ENISA’s Executive Director, emphasized the importance of readiness in addressing increasing cybersecurity threats, technological advancements, and complex geopolitical dynamics. Lepassaar described the report as a collective effort to bolster security and resilience across the EU.

The findings draw on multiple sources, including the EU Cybersecurity Index, the NIS Investment reports, the Foresight 2030 report, and the ENISA Threat Landscape report. A Union-wide risk assessment identified significant cyber threats, with vulnerabilities actively exploited by threat actors. While Member States share common cybersecurity objectives, variations in critical sector sizes and complexities pose challenges to implementing uniform cybersecurity measures. At the individual level, younger generations have shown improvements in cybersecurity awareness, though disparities persist in the availability and maturity of education programs across Member States.

ENISA has outlined four priority areas for policy enhancement: policy implementation, cyber crisis management, supply chain security, and skills development. The report recommends providing increased financial and technical support to EU bodies and national authorities to ensure consistent implementation of the NIS 2 Directive. Revising the EU Blueprint for managing large-scale cyber incidents is also suggested, aiming to align with evolving policies and improve resilience. Tackling the cybersecurity skills gap is a key focus, with plans to establish a unified EU training framework, evaluate future skills needs, and introduce a European attestation scheme for cybersecurity qualifications.

Additionally, the report highlights the need for a coordinated EU-wide risk assessment framework to address supply chain vulnerabilities and improve preparedness in specific sectors. Proposed mechanisms, such as the Cybersecurity Emergency Mechanism under the Cyber Solidarity Act, aim to strengthen collective resilience.

Looking to the future, ENISA anticipates increased policy attention on emerging technologies, including Artificial Intelligence (AI) and Post-Quantum Cryptography. While the EU’s cybersecurity framework provides a solid foundation, evolving threats and expanding roles for authorities present ongoing challenges. To address these, ENISA underscores the importance of enhancing situational awareness and operational cooperation, ensuring the EU remains resilient and competitive in addressing cybersecurity challenges.

Read more »
TTP
bOOKcOVE Cyber Fraud Cyberattacks Kimsuky NIS Software Updates Spear-Phishing Emails TTP

Kimsuky's Attacks Alerted German and South Korean Agencies

 


In a joint warning issued by the German and South Korean intelligence agencies, it has been noted that a North Korean hacker group named Kimsuky has been increasing cyber-attack tactics against the South Korean network. With sophisticated phishing campaigns and malware attacks, the group has been suspected of being behind the attacks. It is believed that the North Korean government is behind them. Cyberattacks continue to pose a major threat to businesses and governments throughout the world as a result of increasing cyberattacks. 

Kimsuky (aka Thallium and SmokeScreen) is a North Korean threat group that has developed a reputation for utilizing cutting-edge tools and tactics in its operations. There have been two upcoming attack tactics developed by the group that enhances the espionage capabilities of the organization. These tactics raise no red flags on security radars. There are several malicious Android apps and YouTube extensions being abused as well as Google Chrome extensions.   

Kimsuky is believed to have expanded its tactics to attack a wide range of organizations in both countries, according to the German Office for Information Security (BSI) and South Korea's National Intelligence Service (NIS). Initially targeting U.S. government agencies, research institutions, and think tanks, the group has now spread to businesses in the technology and defense sectors as well. 

Kimsuky appears to be using a new malware called "BookCove" to steal sensitive information from its targets, according to a statement issued by the company. A spear-phishing email is designed to appear like it has been sent from a reputable source, but in reality, the message contains malware. Upon clicking the link or attachment in an email that contains malware, the user's computer is infected with the malware. The hacker can have access to the victim's data and can monitor the activities of the victim as a result of this. \

Various South Korean and German agencies suggest that organizations should implement the necessary precautions to safeguard themselves against these threats. Security measures must be taken, such as multi-factor authentication and regular updates, and employees must be educated on the risks associated with phishing. 

North Korean hacking group, Kimsuky, has been operating since 2013, providing malware for PCs. Several sources claim that the group is linked to the Reconnaissance General Bureau of the North Korean government. This Bureau gathers intelligence and conducts covert operations on behalf of the government. 

According to research, the apps, which embed FastFire and FastViewer, are distributed through Google Play's "internal testing" feature. This gives third-party developers the ability to send apps to a "small set of trusted testers." 

Nevertheless, it bears mentioning that these internal app testing exercises cannot exceed 100 users per app, regardless of the number of users. This is regardless of when the app is released into production. There is no doubt that this campaign has a very targeted nature, which indicates its focus. 

Two malware-laced apps use Android's accessibility services to steal sensitive information ranging from financial to personal information. APK packages for each app are listed below with their respective names in APK format:

  • Com. viewer. fast secure (FastFi) 
  • Com.tf.thinkdroid.secviewer (FastViewer) 
Organizations can take the following measures to protect themselves against Kimsuky's attacks 

A multi-factor authentication system protects the network and system from unauthorized access since it requires the attacker to possess at least two factors, such as a password and a physical device, such as a mobile phone. 

Even if cyber criminals could get past some existing security measures, this would make it far harder for them to access private data. In addition to the above-mentioned measures, organizations may also wish to consider taking the following measures to protect themselves: 
  • Maintaining a regular software update schedule is important. 
  • The best practices for protecting your company's information are taught to your employees. 
  • It is essential to use tools and techniques to detect and respond to advanced threats. 
A robust incident response plan is a crucial tool for organizations to develop to be prepared in case of an incident. If cyberattacks occur, they should be able to respond rapidly and effectively to mitigate their impact.

A growing number of companies are attacked by state-sponsored groups like Kimsuky due to cyberattacks. To reduce their risk of falling victim to these sophisticated cyber-espionage tactics, businesses and governments in Germany need to take proactive steps to protect themselves, including improving their security systems. 

Operating silently, Kimsuky has continuously evolved its TTPs to keep up with changing threats, as well as developing efficient tactics. The majority of attacks are conducted using phishing or spear-phishing. The most significant priority that must be addressed against this threat is to protect the accounts of individuals or organizations and other critical assets. Those involved in organizations and individuals are advised to keep abreast of the latest tactics and adhere to relevant agencies' recommendations.
Read more »
Subscribe to: Posts (Atom)