Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label PwC. Show all posts
PwC
Cloud Security Cyber Security Cyber Security Threats Cyberattacks CyberCrime Cyberhackers CyberThreat Firewalls PwC

Cloud Security Challenges Catch Executives Off Guard

 


It is no secret that cloud computing is efficient and scalable, however, they do come with a price tag. Many top executives are concerned about specific security threats faced by cloud environments, and these are also the ones they are least prepared to deal with, as these are the risk areas that top executives are most concerned about. 

A new report by PwC, released today, indicates that cloud threats are the highest security concern for the majority of business leaders surveyed (42 per cent) said they feel threatened by cloud threats. In response to the PwC survey, a total of 4,020 respondents were surveyed. Of those surveyed, 38 per cent cited hacking and leak operations, 35 per cent named third-party breaches, 33 per cent cited attacks on connected products, and 27 per cent cited ransomware. 

There is an extensive array of policies, technologies, applications, and controls that are part of cloud computing security and are designed to safeguard applications, services, and the underlying cloud infrastructure when using cloud computing.  In the cloud, a system's security is only as strong as its weakest link, which means that to ensure data and applications are protected from all angles, multiple technologies need to work together to offer an effective system of protection.

In such instances, firewalls, identity management, network segmentation, and encryption are all common solutions that are included as part of this process. It is predicted that businesses will face a security issue as a bigger threat in 2024 and that cybercriminals will not operate selectively with their targets. In the absence of any precautionary measures, the following threats are the most likely to cause harm to users' organization, making them the most important threat to avoid or mitigate.

As it might come as a surprise, all of the threats listed in executives' top five most concerning reasons are also among the threats organizations believe are least prepared to address, though not exactly in the order in which they would like them to be addressed. The number of cloud-based attacks is the highest, and people are least prepared for them (42/34 per cent), whereas attacks on connected products are ranked second (31 per cent) in terms of defence preparedness with regards to cloud-based attacks.

It is a little surprising that third-party breaches followed just behind (28 per cent), while executives felt equally unprepared to deal with hacks-and-leak operations, as well as ransomware, which ranked 25 per cent of the time as the least prepared. "Although the cybersecurity landscape continues to evolve, organizations are still grappling with increasing instability and ambiguity when it comes to threats." reads the report, which was released before publication, but was previously available as a preview. 

"The increasing reliance on cloud, artificial intelligence, connected devices, and third parties means that enterprises must be agile and take a comprehensive approach to resilience. To maintain security and continuity of business, organizations need to align their priorities and readiness." There was a surprising finding by PwC in terms of business leaders who have a regulatory or legal requirement to improve security, and they do so in fact. 

Indeed, 96 per cent of organizations reported that regulations prompted them to improve their security, while 78 per cent of those organizations reported that the same regulations prompted them to change how they managed their security. With the advent of new regulations such as the Data Protection Act, the Cyber Resilience Act, and the NIS2 Directive - whose compliance deadline is in a few weeks in the process - organizations will have to meet more obligations when it comes to cybersecurity in addition to existing regulations such as GDPR. 

As a result, organizations that adopt regulations tend to have stronger security frameworks and will be better positioned to deal with emerging threats, according to a new PwC report. Unlike most compliance programs, compliance isn't just about checking boxes, but about building long-term resilience and trust with stakeholders rather than about spending time ticking them off." In addition to the new regulations, these regulations have also led to an increase in cybersecurity investments. In terms of cyber investments, roughly a third (32 per cent) of companies reported a "large" increase in the past 12 months compared to the year before. 

The percentage of people who said investment increased to a "moderate extent" was much greater than the percentage of people who said the investment increased significantly. A report published by the American Institute of CIOs notes that as regulations continue to modify the cybersecurity landscape, executives across the entire C-suite need to be aware of compliance issues and take advantage of regulations as a catalyst for innovation.  

As a result, integrity management teams, risk functions, and executive management teams must coordinate their efforts to advance compliance readiness and drive strategic improvements. As a cloud computing device, cloud computing will maintain its x-factor when it comes to affordability, scalability, and flexibility over the years, no matter what industry the person is in.  

There is no doubt that cloud computing will continue to grow in popularity, but it introduces new obstacles to security in the future.  Several methods are recommended to ensure users' cloud's security, including multi-factor authentication (MFA), end-to-end encryption, strong passwords, application controls, malware prevention, continuous monitoring, and testing. Sprinto is a company that specializes in solving problems like these.

In Sprinto, there is an integrated GRC software that can be used along with any cloud service users already have in place to give them a complete GRC solution. Sprinto is a company that is strong on safety, which is one of the reasons that it believes continuous compliance is closely related to security. The company's multi-cloud security features provide proof that Sprinto holds this belief to be true. 

It is their job to keep an eye on users' technology stacks around the clock to protect them against cyber threats, whether that be if they manage a complex cloud setup or just one cloud environment in the cloud. It is Sprinto's continuous monitoring and automated checks that enable users to manage security risks most efficiently and effectively, thereby always protecting their business data and applications.
Read more »
SentinelOne
C++ Chinese Hackers Cyber Security Hackers IT Environment Keypluggs Microsoft Threat PwC Sandmam APT SentinelOne

Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks

 


It has been discovered that there is a strong coincidence in the targeting and tactics of Sandman, a mysterious advanced persistent threat (APT) that has been identified to use backdoors referred to as "Keypluggs," and KEYPLUG, a China-based threat cluster. 

Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the victim network alongside each other. 

Microsoft, SentinelLabs and PwC have collectively alerted consumers and businesses to the fact that threat actors who were allegedly linked to Chinese cybercriminals have deployed an advanced persistent threat (APT) referred to as Sandman to infiltrate IT environments with malware. 

An expert at SentinelOne, Aleksandar Milenkoski, said that Sandman has now been linked to STORM-0866/Red Dev 40, a threat actor aligned with the Chinese government's national interests, meaning that STORM-0866/Red Dev 40 targets Chinese companies. 

Following a series of cyberattacks carried out on telcos across the Middle East, Western Europe, and South Asia, Sandman was first identified in August. These attacks utilized a backdoor referred to as "LuaDream," which is a programming language that is based on Lua, as well as a backdoor titled "Keyplug," which is a programming language that is based on C++. 

SentinelOne revealed the existence of Sandman for the first time in September 2023, covering attacks on telecommunications providers in Europe, the Middle East, and South Asia by using an implant codenamed LuaDream that was used in its attacks. 

In August 2023, a record of intrusions was made. On the other hand, Storm-0866/Red Dev 40 refers to a cluster of APTs primarily targeting entities located in the Middle East and South Asia, such as telecommunication providers and government agencies, that represent an emerging APT network. 

Storm-0866 has several powerful tools at his disposal, one of which is KEYPLUG. This backdoor was first exposed by Google-owned Mandiant in the context of attacks conducted by the Chinese-based APT41 (also known as Brass Typhoon or Barium) actor between May 2021 and February 2022 in which he infiltrated six state government systems. 

The Recorded Future company reported earlier this month that the use of KEYPLUG was being used by a Chinese state-sponsored threat activity group it is tracking under the name RedGolf, which they claimed was "closely aligned with the threat activity produced by APT41/Barium. As part of its report, Mandiant informed the public that they first discovered the Keyplug backdoor in March 2022, which was used by a known Chinese group, APT41. 

Additionally, Microsoft and PwC teams discovered that the Keyplug backdoor was passed around to multiple other Chinese-based threat groups, according to the report. Researchers believe that the new obfuscation tools provided by Keyplug malware give the group a new advantage compared to previous versions. 

According to the report, the STORM-0866/Red Dev 40 cluster differs from the others because of specific malware characteristics, such as the unique encryption keys used to communicate with KEYPLUG command and control servers, as well as an increased sense of operational security, which can be attributed to the use of cloud-based reverse proxy infrastructure to hide the real locations where their C2 servers are hosted," says the report. 

According to the researchers, when they analyzed both the C2 configuration and the LuaDream and Keyplug malware strains, the overlaps were overwhelming, which can be interpreted as suggesting that their operators were seeking similar functional requirements. To grow, and effectively collaborate between the increasing number of Chinese APT groups, the report concluded, cyber security community members must share similar knowledge. 

There is a great deal of certainty that the constituent threat actors will continue to cooperate and coordinate, exploring new ways to enhance the functionality, flexibility, and stealthiness of their malware to further enhance the threat actors' threat. 

An influential example of how this can be applied is the adoption by developers of the Lua development paradigm. Overcoming the threat landscape requires a constant flow of information sharing between members of the threat intelligence research community. 

A few instances of espionage-motivated APTs historically considered Western or Western-aligned have been associated with Lua-based modular backdoors, such as LuaDream. This has proven to be a very rare occurrence and is often associated with APTs that are espionage-motivated. In our research on Sandman, we found that a broader set of cyberespionage threat actors are utilizing the Lua development paradigm because of its modularity, portability, and simplicity.
Read more »
PwC
Australia CIop MOVEit Attack CLOP Clop Ransomware Cyber Security PwC

PwC Caught in the Crossfire: Australian Fallout from Major Cyber Breach Deepens

 


There has been a severe scandal going on at the accounting firm PwC over the past few weeks involving a tax scam and the company was dealt another blow as Russian hackers have just managed to steal sensitive information. 

It has come to the attention of PwC that a notable cyber breach has so far affected 267 Australian companies, and would also have a significant impact on many more corporations from other countries. In a recent attack on popular file-sharing software, cybercriminals with Russian connections broke into the system, which resulted in new high-profile attacks on the system. 

During the last week of May, clop, a cybercrime group, made its first attempt to break into the MOVEit file-sharing service. The company had begun the theft of data from various institutions, including agencies of the US federal government, Shell, the BBC, and many others. As more and more companies reveal that they have been targeted by the data breach, which has affected rival consultancy EY as well, this breach is expected to grow much larger by the day. 

The cybercrime group reportedly obtained client data after hacking third-party software called MOVEit, which PwC used to transfer confidential information. 

The hackers, who have executed two other global attacks in the last three years, have told companies to pay a ransom or have their files released online. “Pay attention to avoid extraordinary measures that may negatively impact your company,” Clop’s website reads. On Monday, PwC Australia confirmed it had used the software for a “limited number” of its clients, adding to its woes stemming from the Collins tax scandal. 

PwC said its initial investigations showed that the company’s internal IT network had not been compromised. The cyberattack on MOVEit had a limited impact on PwC. 

The firm had determined its own IT network had not been compromised, saying the breach was likely to have a "limited impact." PwC has reached out to the businesses whose files were affected and is discussing the next steps. The spokesman added that data security remained a "key priority" for the firm and that it was continuing to put "the right resources and safeguards in place" to protect its network and data.

Although the company appears to have escaped significant harm, the revelation comes at a poor time as it battles to regain governments' trust following the leaking of confidential tax information. 

Former PwC partner Peter Collins allegedly distributed documents describing the government's tax plans to other staff at the firm. This led to his registration termination with the Tax Practitioners Board. It also caused a slew of governments and their agencies to terminate agreements with the company. 

Clop demanded large ransoms for data return, but senior US officials have reportedly said no such demands have been made to federal agencies. It remains to be seen if the group will seek money from either of the Australian firms caught up in the breach. Progress, the company that created and maintains MOVEit software, patched the vulnerability within 48 hours. It also said it was aiding affected clients and had drafted in some of the world's best cybersecurity firms to assist with its response. 

In the face of a cybersecurity crisis that has hit Australia, PwC finds itself at the forefront, bracing for the expanding fallout. This incident serves as a stark reminder of the urgent need for robust cybersecurity measures and collaboration between organizations and government agencies. 

As the nation grapples with the aftermath, it becomes crucial for stakeholders to fortify their cybersecurity strategies, invest in advanced technologies, and enhance incident response capabilities. Australia must come together to address the immediate challenges and lay the groundwork for a more resilient and secure digital future.
Read more »
Ransomware
Babuk Cyber Crime Extortion PwC Ransomware

Serco Affirms Babuk Ransomware Attack

 

Outsourcing giant Serco has affirmed that parts of its infrastructure in mainland Europe have been hit by a double extortion ransomware assault from the new Babuk group, however, the parts of its operation relating to the NHS Test and Trace program are unaffected. “Serco’s mainland European business has been subject to a cyber-attack,” a Serco representative said. “The attack was isolated to our continental European business, which accounts for less than 3% of our overall business. It has not impacted our other business or operations.” 

The incident comes after security firms and insurers progressively have stressed that digital extortionists gain from other assailants' techniques, outsource a portion of their operations and depend on connections to infiltrate victim networks. Albeit the NHS Test and Trace program was unaffected by the incident, ThreatConnect EMEA vice-president Miles Tappin said the vulnerabilities in Serco's wider systems were of incredible concern, and the Babuk assault uncovered “inherent weaknesses of the system”. 

“Like many actors new to the world of ransomware, the actor behind Babuk ransomware has been learning on the job while drawing insights from other criminal groups,” said Allan Liska, an intelligence analyst at the threat intelligence company Recorded Future. In the ransom note, Babuk's operators professed to have approached Serco's systems for three weeks and to have as of now exfiltrated a terabyte of information. The cybercriminals made explicit references to Serco partners, including Nato and the Belgian Army, and threatened Serco with consequences under the General Data Protection Regulation (GDPR). 

The attacker has demanded $60,000 to $85,000 in ransoms, however, that is “likely to increase over time as the threat actor becomes more experienced in ransomware operations,” as indicated by a private analysis from PricewaterhouseCoopers got by CyberScoop. Babuk is a long way from sophistication. Its code has contained mistakes that held it back from executing on some targeted computers, as indicated by PwC. “We assess that, due to a disregard for error checking, Babuk would fail to execute altogether in some environments,” the analysis says. 

However, while Babuk is as yet a moderately low-level threat to associations, as indicated by Liska, that could change on the off chance that they can bring in more cash from assaults and put resources into new capabilities.
Read more »
Subscribe to: Posts (Atom)