Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security Guidelines. Show all posts

Global Governments Address Ransomware Threat with New Guidelines

 


In response to the recent publication of the Counter Ransomware Initiative (CRI), members of the initiative have provided new guidance to organizations so they can consider other possibilities before paying cyber criminals a ransom. The new guidelines aim to reduce the overall impact of ransomware incidents and help reduce the number of ransoms paid by victims and the size of the ransoms when victims decide to pay them. 

A new voluntary ransomware guide released in conjunction with the International Counter Ransomware Initiative meeting this week outlines recommendations that victims may need to report ransomware attacks more promptly - and that they should involve as many advisers as possible when deciding whether to pay a ransom. 

On Wednesday, the governments of the United Kingdom and Singapore, which are leading discussions as to how to increase the resilience of the country's network against ransomware attacks, published a voluntary guidance document aimed at helping victims respond to ransomware attacks in the best way possible. In the proposed legislation, victims are encouraged to report attack information and any ransom demands or payments they may be required to make to law enforcement agencies, cyber insurance companies, and other outside agencies that may be able to assist.

Ransoms are discouraged so victims don't have to pay them, but if victims decide to pay the ransom, it should only be done after ensuring that it has a strong chance of changing the outcome of the incident and is following any local regulations. In the guidance, it is strongly discouraged that firms make payments to victims, however, there is an acknowledgement that there may be times when consumers can afford to make payments to victims. 

Regardless, it should be noted that, for instance, the UK government does not endorse or condone the act of paying ransom for any reason.  In a recent Chainalysis study published earlier in the year, it was reported that ransomware actors will collect more than 1 billion dollars in payments by 2023. From 2019, when Blockchainalysis began recording the market for ransomware payments, the general trend has been that payment amounts have been on the rise. 

In this commentary, the CRI emphasizes that even if the decryption key has been obtained, that may not be sufficient to bring an end to the incident. Payment does not guarantee access to data and devices. A welcome statement was made by Jonathon Ellison, NCSC Director for National Resilience, when he stated, "Ransomware remains an urgent threat, and organizations need to act now to enhance their resilience." 38 countries, including the United Kingdom, Australia, Canada, Japan, the United States, and New Zealand, have joined the International Cyber Insurance Federation (ICIF) to back the guidance outlined in the CRI. 

According to Ellison, the endorsement of these best practice guidelines, both by nations and international cyber insurance bodies, represents an enormous push for organizations to upgrade their defence systems and enhance their cyber readiness in the coming year. As a part of the event, participants tackled several initiatives, more specifically the completion of a project to ensure secure software and labelling principles are in place by both the U.K. Government and the United States Government.

It was announced that Australia had launched the 'Member Portal' to share information with members and that a new U.S. Government fund has been established to strengthen the cybersecurity capabilities of its members. It was in response to an announcement made one day earlier by the U.S., U.K., and European governments announcing arrests, indictments, sanctions, and the downing of servers related to the Russian cybercrime network, all aimed at targeting Russian hackers.

Insights into Recent Malware Attacks: Key Learnings and Prevention Strategies

 

In an era where cybersecurity threats loom large, recent malware attacks have underscored the critical need for robust protective measures. Understanding the modus operandi of these attacks and learning from them can empower individuals and organizations to bolster their defenses effectively. 

Let's delve into the biggest takeaways from these incidents and explore preventive strategies to safeguard against future threats. One of the striking revelations from recent malware attacks is the evolving sophistication of malicious actors. Advanced techniques such as polymorphic malware, which can change its code to evade detection, pose significant challenges to traditional security protocols. This highlights the importance of investing in next-generation cybersecurity solutions capable of adaptive threat detection and mitigation. 

Furthermore, the rise of ransomware attacks has been particularly alarming. These attacks encrypt valuable data and demand a ransom for its release, often causing substantial financial losses and operational disruptions. Implementing a multi-layered defense strategy encompassing regular data backups, network segmentation, and employee training on phishing awareness can mitigate the risk of falling victim to ransomware extortion. 

Additionally, the proliferation of supply chain attacks has raised concerns about the interconnected nature of modern digital ecosystems. Attackers target third-party vendors and service providers to infiltrate their primary targets indirectly. Vigilance in vetting and monitoring supply chain partners, along with implementing robust access controls and encryption protocols, is paramount to mitigating this threat. Moreover, the exploitation of software vulnerabilities underscores the importance of timely patch management and software updates. 

Neglecting to patch known vulnerabilities provides attackers with an entry point to exploit systems and compromise sensitive data. Establishing a proactive patch management framework that prioritizes critical vulnerabilities and expedites the deployment of patches can significantly enhance cybersecurity posture. Social engineering tactics remain a prevalent avenue for malware dissemination, emphasizing the crucial role of user education and awareness. Phishing emails, fraudulent websites, and deceptive messages continue to lure unsuspecting individuals into inadvertently downloading malware or divulging sensitive information. 

Educating users on recognizing and reporting suspicious activities, coupled with implementing email filtering and web security solutions, can mitigate the effectiveness of social engineering attacks. Furthermore, the emergence of fileless malware represents a significant paradigm shift in cyber threats. By residing solely in system memory without leaving a footprint on disk, fileless malware evades traditional antivirus detection mechanisms. Deploying endpoint detection and response (EDR) solutions capable of behavior-based anomaly detection and memory analysis can effectively identify and neutralize fileless malware threats. 

In conclusion, recent malware attacks serve as potent reminders of the evolving threat landscape and the imperative of proactive cybersecurity measures. By staying abreast of emerging threats, investing in cutting-edge security technologies, fostering a culture of cybersecurity awareness, and adopting a multi-faceted defense approach, individuals and organizations can fortify their resilience against malicious actors. As the digital landscape continues to evolve, continuous vigilance and adaptation are essential to staying one step ahead of cyber adversaries.

Here's Why Businesses are Not Ready for DORA Compliance

 

The tension is palpable in the impending Digital Operational Resilience Act (DORA). An important new chapter in cybersecurity is being ushered in by this EU legislation. It will require financial institutions and specific third-party ICT vendors to have robust safety measures. 

The three main objectives of DORA are to strengthen the resilience of critical IT infrastructure, combat the scale and speed of cyberattacks, and provide a cohesive regulatory framework. ICT risk management, incident reporting, digital operational resilience testing, third-party risk management, and information and intelligence sharing are the five main pillars of DORA that will influence how financial services organisations handle ICT and cyber risks. Financial institutions and third-party vendors who operate in the European Union will be required to comply.

However, many organisations—as well as their security teams—will have difficulties in preparing and adhering to regulations. A penalty of up to 10 million euros, or 5% of annual turnover, will be imposed for noncompliance with these regulations. It is imperative that businesses take action today, whether it is by hiring security professionals to detect, monitor, and address risks; testing incident response strategies to satisfy reporting requirements; or obtaining insight into the ecosystems of their third and fourth parties. 

DORA is a cross-functional strategy involving collaboration from more than simply IT, even if it won't completely take effect until January 17, 2025. The CISO's teams—legal, compliance, risk management, and others—must work together to achieve their objective. Fast and effective DORA compliance is ensured by this partnership. Organisations need to get ready for the DORA journey over the course of the next 16 months. Existing procedures and policies need to be improved. And that objective is very clear: to increase cyber resilience and streamline cybersecurity. The following actions would be advantageous for security practitioners to take in light of this. 

Steps to take 

As part of their overall risk management strategy, organisations must establish and implement a comprehensive ICT risk management framework. Having a platform in place to assist with the development, implementation, and monitoring of this framework will meet regulatory requirements, whereas cybersecurity ratings will give a quantifiable, data-driven assessment of your organisation's cybersecurity posture. 

DORA requires financial institutions to timely report ICT-related issues to authorities. The number of users affected, the amount of data lost, the geographical distribution, the economic impact, and other factors should be disclosed. This plan should also include a clear description of how personnel will respond in the event of a cyberattack, as well as how operations would be restored in the event of a breach. 

Continuous monitoring of your cybersecurity posture will keep your organisation informed of any dangers, allowing it to resolve any concerns that occur as soon as possible. This includes regularly monitoring and reviewing your third-party vendors' security posture to discover any changes or vulnerabilities that may affect your organisation's overall risk profile.

DORA will require that third-party risk be managed as an integral component of total ICT risk in order to ensure that providers will support your company in the case of a cybersecurity incident and comply with stricter security standards. As a result, organisations must periodically review and manage these partnerships in order to gain rapid visibility and keep an eye on red flags and essential supply chain providers.

ICO Publishes New Guidelines for Employee Surveillance at Work

 

The ICO issued its guidelines alongside research on employee monitoring that it commissioned. Before conducting any workplace tracking, companies should examine their legal obligations under the Data Protection Act as well as their employees' rights. 

According to its findings, 19% of respondents feel they have been tracked by their employers, with 70% believing it would be "intrusive" if their employers monitored them. Some employees told the ICO that working for a company that monitored them would put them off, with less than one in five stating they would feel confident taking a new job if they knew they would be monitored. 

The ICO claims that the guidance provides "clear direction" on how employee monitoring can be carried out ethically and legally. It is directed at both private and public sector companies. It outlines a company's legal obligations and offers best practises guidance. 

The ICO's research shows how concerned employees are regarding their privacy at home when it comes to employee monitoring, Emily Keaney, deputy commissioner for regulatory policy at the ICO stated.

“As the data protection regulator, we want to remind organisations that business interests must never be prioritised over the privacy of their workers,” she explained. “Transparency and fairness are key to building trust and it is crucial that organisations get this right from the start to create a positive environment where workers feel comfortable and respected.” 

Workers privacy at risk 

While data protection law does not forbid monitoring, the ICO urges businesses in across all sectors to recall their "legal obligations" to their employees' rights, stressing that such monitoring must be "proportionate" as stated in its guidance: If we think that people's privacy is in danger, we will act, Keaney warned.

The ICO defines monitoring in its guidelines as keeping track of calls, texts, and keystrokes as well as taking screenshots, webcam recordings, and audio recordings. Additionally, it states that using specific software to track activities and using biometric data to measure attendance and timekeeping are both examples of employee monitoring. 

It advises organisations to take a number of steps before introducing worker monitoring if they wish to do so. Employees must be informed of the "nature, extent, and reasons" of any monitoring, and employers must have a "lawful basis" (such as consent) for processing employee data. 

The regulator also makes reference to the requirement for data protection impact assessments for any monitoring activity, which is not always supported by the Data Protection and Digital Information Act, the UK's GDPR replacement bill that is now being debated in the House of Commons. 

More than 1,000 UK citizens were surveyed by the ICO regarding their views and experiences with employee monitoring. 78% of respondents thought that recording audio and video was the most intrusive action an employer could take, while 83% thought that monitoring personal devices was the most intrusive action. 

According to Antonio Fletcher, head of employment at the legal firm Whitehead Monckton, employees' privacy concerns are growing, especially in light of the widespread usage of webcams and other video. In addition, he mentioned that if employees are working remotely, audio recordings might be used for surveillance and might record private conversations with children and adults.

DOJ Prioritizes Disruptions Over Arrests in Cyberattack Cases

 

The Department of Justice is requesting its prosecutors and investigators to focus less on prosecutions and more on disruption and protection when it comes to cyberattacks, according to US Deputy Attorney General Lisa Monaco, who spoke to attendees at the RSA Conference. 

Monaco agreed that there should be a "bias towards action to disrupt and prevent, to minimize harm if it's ongoing [...] and to take that action to prevent the next victim." That will not always result in a prosecution, Monaco said, adding that it's difficult for a prosecutor to say.

"We're not measuring our success only with courtroom actions and courtroom victories." This transition is necessary because nation-states are increasingly collaborating with criminal organizations to facilitate global cyberattacks. 

"We took a hard look in the Justice Department and said, 'how can we maximize our tools and what we can bring to this fight from a Justice Department perspective?'" she said. "We needed to pivot to disruption and prevention. We needed to put victims at the center of our approach." 

"We took a hard look at the Justice Department and said, 'How can we maximize our tools and what we can bring to this fight from a Justice Department perspective?'" she explained. "We needed to shift our focus to disruption and prevention.We needed to prioritize victims in our approach." 

Monaco cited the Department of Justice's response to the Colonial Pipeline attack as an example. In that case, oil pipeline operators paid ransomware operators in the hopes of unlocking their affected systems. According to Monaco, the DOJ used existing tools—a forfeiture warrant—to locate Colonial's contribution in the blockchain and return that money to the company.

The Hive organization was notorious for attacking over 1,500 individuals and demanding $100 million in ransom. Monaco said that shutting down the Hive group saved another $130 million in ransom payments.

Throughout the discussion, Monaco emphasized the DOJ's desire to collaborate with the industry in a non-adversarial manner. Chris Krebs, the former head of the Cybersecurity and Infrastructure Security Agency (CISA), then asked her if the prosecution of former Uber CSO Joe Sullivan had violated that trust. In that case, Sullivan concealed payments made to attackers who got data from Uber's internal systems through a bug bounty payout scheme. The move was not made public until a year later after Uber's leadership changed. Sullivan was found guilty of obstructing justice in 2022.

Although other companies had made ransom payments in the past, including during the Colonial Pipeline attack, Monaco said Sullivan's case was unique because his actions were "intentional acts as was proved at trial and as the jury found," he said. "Very, very different from and not a mistake made by a CISO or compliance officer in the heat of a very stressful time."

Sullivan's sentencing is set for May 4, according to Krebs and Monaco.


Ways in Which Online Merchants Scam Customers

When attempting to unsubscribe from an email newsletter that the user never subscribed to, one discovers a jumble of text—some of it practically grayed out—at the bottom of the message, making it virtually impossible to find an 'unsubscribe' link? A 'dark pattern' is a kind of internet design that serves to 'deceive, insinuate, and obfuscate,' as seen in that example.

The web has traditionally been rife with shady activities, from viruses to scams. Harry Brignull, a UX specialist, did not turn shedding light on the deceptive internet strategies even the most well-known brands employ until 2010. Harry coined strategies such as the moniker 'dark patterns' to emphasize how detrimental they may be to the victim's mental and financial health.

According to a Which poll, 45% of respondents said that dark patterns made them feel tricked or annoyed, and 13% said that they had been persuaded to spend more money than they had intended. According to the U.S. Federal Trade Commission, consumers end up spending 20% more money when ticket prices are not disclosed upfront. Additionally, a website's dark designs can persuade you to divulge more information than users are comfortable with.

Ways that internet shopping might lure you into splurging:
  • Free delivery minimums
  • Email reassurance
  • Advertisements with retargeting
  • Discounted loyalty programs
  • Discounts for new clients
  • Discounts dependent on subscription
Dark patterns include tricky questions, adding unwanted items to your online shopping cart, and coercing you into disclosing sensitive information. The world's most popular internet retailer, Amazon, is the one deceiving consumers the most. It employs 11 of the 12 identified forms of dark patterns listed above, some of which have sparked inquiries from the FTC and EU regulators. On the other hand, Walmart, probably Amazon's biggest rival, employs just four.

Even though some expenses might be necessary, being aware of the strategies that merchants employ to increase your purchase will prevent you from falling for them. You must have encrypted internet service to receive highly relevant adverts from businesses, that monitor your online activity across multiple websites. VPN offers the highest level of encryption. Your online activities are all susceptible to being recorded and examined by interested parties without Internet privacy protection.


Chipmaker AMD Discover Two New Flaws Against its SEV Techonology

 

The chipmaker AMD published guidelines for two new attacks (CVE-2020-12967, CVE-2021-26311) against its SEV (Secure Encrypted Virtualization) technology that protects virtual machines from rogue operating systems.

The two attacks, documented in two research papers, respectively titled as “Severity: Code Injection Attacks against Encrypted Virtual Machines” and “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation,” can allow cybercriminals to inject arbitrary code into the virtual machine, giving them full control over the VM’s operating system.

The two attacks, SEVurity and undeSErVed, work not only against AMD CPUs protected by SEV but also SEV-ES (Secure Encrypted Virtualization-Encrypted State), an improved version of the technology that AMD released in 2017, a year after adding SEV to its CPUs.

The chipmaker released its security advisory this week because the findings of the two attacks will be presented by two research teams at this year’s 15th IEEE Workshop on Offensive Technologies (WOOT’21).

The first vulnerability, discovered as CVE-2020-12967, is caused by the lack of nested page table protection in the AMD SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. 

The second vulnerability, tracked as CVE-2021-26311, resides in the AMD SEV/SEV-ES feature. According to the security advisory, the memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

The chipmaker said all AMP EPYC processors are affected by these vulnerabilities which include 1st/2nd/3rd Gen AMD EPYC™ Processors and AMD EPYC™ Embedded Processors. “The mitigation requires the use of SEV-SNP, which is only supported on 3rd Gen AMD EPYC,” the company added. The vendor has provided mitigation in the SEV-SNP feature which is available for enablement in 3rd Gen AMD EPYC™ processors. Customers could mitigate the attacks by enabling SEV-SNP, which is only supported on 3rd Gen AMD EPYC™. 

The researchers revealed the following acknowledgment: 

• CVE-2020-12967: Mathias Morbitzer, Martin Radev and Erick Quintanar Salas from Fraunhofer AISEC and Sergej Proskurin and Marko Dorfhuber from Technical University of Munich

• CVE-2021-26311: Luca Wilke, Jan Wichelmann, Florian Sieck, and Thomas Eisenbarth from University of Lübeck 

Earlier this month, AMD dismissed the allegations that its CPUs were impacted by an attack that bypassed the patches for the original 2018 Spectre attack, detailed in a paper called “I see dead µops: leaking secrets via Intel/AMD micro-op caches”.