Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Technology Threats. Show all posts
trending news
cyber attack news Cyberattack Technology Threats trending news

Cybersecurity and AI Challenges: How Companies Must Evolve to Stay Secure and Competitive

 

Cybersecurity remains a big concern, with a recent study from DataDome showing that 91% of websites are at risk from bot attacks. The study looked at over 14,000 sites in industries like healthcare, luxury goods, and e-commerce, revealing that many businesses with sensitive data are not well protected. Even large companies, though slightly better equipped, let through half of the basic bot threats. 

As cyberattacks become more advanced, companies need to improve their defenses to avoid being targeted. DataDome’s study used simple bots, but it’s a reminder that more sophisticated attacks could cause even more damage. On top of cybersecurity issues, many companies face challenges in managing their data, especially when it comes to using generative AI.
 
Lakshmikant (LK) Gundavarapu, Chief Innovation Officer at Tredence, points out that AI relies on clean, well-organized data to work effectively. Unfortunately, many businesses struggle to keep their data in order, making it hard to get the most out of AI tools. Gundavarapu emphasizes that having a clear picture of their data is key for companies to use AI successfully. 

Meanwhile, President Joe Biden has introduced a new policy that highlights the importance of AI in national security. This policy focuses on protecting AI development and addressing risks like biological, chemical, and nuclear threats, while encouraging collaboration with other countries to manage AI responsibly. 

This follows an earlier executive order aimed at setting rules for AI use in the U.S. As cybersecurity threats grow and AI regulations evolve, tech companies like Microsoft, Google, and Meta are also facing challenges. While all three reported strong earnings driven by cloud and AI services, investors are cautious about their future spending plans. 

In today’s fast-changing environment, businesses need to prioritize strong cybersecurity and proper data management to remain competitive and secure.
Read more »
Technology Threats
Cyber Attacks Global Chrome Ransomattacks Technology Threats

Sophos X-Ops Uncovers Major Qilin Ransomware Breach Targeting Chrome Browser Credentials

 

Cybersecurity firm Sophos X-Ops has exposed a significant ransomware breach by the Qilin group, which has introduced a new and highly concerning technique of stealing credentials stored in Google Chrome browsers on compromised systems. Qilin, active since at least 2022, is already notorious for its "double extortion" strategy. This method involves encrypting the victim’s data while simultaneously threatening to leak or sell the data unless a ransom is paid. 

The discovery of Qilin's latest tactic underscores the evolution of ransomware attacks into more sophisticated and damaging operations. The breach came to light following an attack on Synnovis, a UK governmental healthcare service provider. 

The attack began with the exploitation of compromised credentials to access the organization’s VPN portal, which lacked multi-factor authentication (MFA), allowing the attackers initial access. Once inside, the attackers spent 18 days conducting surveillance before moving laterally to a domain controller. 

Here, they modified the Group Policy Objects (GPO) to implement a malicious PowerShell script named `IPScanner.ps1`. This script was designed to harvest login credentials stored in Google Chrome browsers and was automatically executed every time users logged into their devices. 

The stolen credentials were stored in the SYSVOL share, labeled by the infected device's hostname, and subsequently exfiltrated to the attackers' command-and-control server. To avoid detection, the attackers cleared event logs and deleted the local data copies before deploying the ransomware. Given that Google Chrome holds over 65 per cent of the browser market share, the attackers were able to access a large array of usernames and passwords stored by users, raising the scale of the breach. 

This method of credential harvesting introduces a new layer of threat, potentially allowing Qilin to access multiple high-value targets, complicating response efforts for organizations. Affected organizations have been urged to reset all Active Directory passwords and advise users to change the passwords of any sites saved in Chrome. 

This tactic may serve as a "bonus multiplier" for attackers, increasing the chaos inherent in ransomware situations by gaining insights into high-value accounts, making future attacks even more damaging. This breach highlights a growing concern over organizations' abilities to defend against such multifaceted and evolving ransomware threats
Read more »
USA
Chinese Hackers CloudSorcerer Cyber Attacks Technology Threats USA

Chinese Hacking Groups Target Russian government, IT firms

At the end of July 2024, a series of targeted cyberattacks began, aimed at Russian government organizations and IT companies. These attacks have been linked to Chinese hacker groups APT31 and APT27. The cybersecurity firm Kaspersky uncovered this activity and named the campaign "EastWind."  

The attackers used an updated version of the CloudSorcerer backdoor, which was first seen in a similar campaign back in May 2024 that also targeted Russian government entities. 
However, CloudSorcerer has not only been used in attacks on Russia; in May 2024, Proofpoint identified a related attack on a U.S.-based think tank. 

To check if a system has been compromised, look for DLL files larger than 5MB in the 'C:\Users\Public' directory, unsigned 'msedgeupdate.dll' files, and a running process named 'msiexec.exe' for each logged-in user. 

The initial stage of the attack involved phishing emails. These emails carried RAR archive attachments that were named after the target. Once opened, the archive used a technique called DLL side loading to drop a backdoor on the system, while simultaneously opening a document to distract the victim. 

The backdoor allowed attackers to explore the victim’s filesystem, execute commands, steal data, and deploy additional malware. The attackers used this backdoor to introduce a trojan called 'GrewApacha,' which has been linked to APT31. 

The latest version of GrewApacha, compared to previous versions from 2023, has been improved to use two command servers instead of one. These servers' addresses are stored in base64-encoded strings on GitHub profiles, which the malware accesses. Another tool loaded by the backdoor is a refreshed version of CloudSorcerer. 

This version uses a unique encryption mechanism to ensure it only runs on the targeted system. If run on a different machine, the encryption key will differ, causing the malware to fail. The updated CloudSorcerer now fetches its command-and-control (C2) server addresses from public profiles on Quora and LiveJournal instead of GitHub. 

A third piece of malware introduced during the EastWind attacks is called PlugY. This is a previously unknown backdoor with versatile capabilities, including executing commands, capturing screens, logging keystrokes, and monitoring the clipboard. 

Researchers found that the code used in PlugY has similarities with attacks by the APT27 group and a specific library for C2 communications found in PlugY is also used in other Chinese threat actor tools.
Read more »
Technology Threats
Chinese App Ban Cyberspace India Social Media threats Technology Technology Threats

MCA to Strike Off 400 Chinese Companies for Fraud in India

 

The Ministry of Corporate Affairs (MCA) is preparing to strike off as many as 400 Chinese companies operating in India due to severe financial irregularities and incorporation-related fraud. These companies, which primarily deal in online loans and job services, are spread across 17 states, including key areas such as Delhi, Mumbai, Chennai, Bengaluru, Uttar Pradesh, and Andhra Pradesh. According to a report by Moneycontrol, which cited an anonymous government official, the action is expected to be completed within the next three months. 

The MCA has been investigating nearly 600 Chinese companies, focusing on those involved in digital lending and online job platforms. The official stated that the investigation phase has concluded, revealing that 300 to 400 of these companies are likely to be struck off the register. 

The primary reasons for this drastic action include predatory lending practices, financial fraud, and violations of India’s financial regulations. These Chinese companies have come under scrutiny for a variety of reasons. Many of them have been accused of engaging in aggressive tactics to recover loans, imposing exorbitant interest rates on borrowers, and resorting to harassment. 

Additionally, several companies have been found to have Indian directors but operate with Chinese bank accounts, with no recorded financial transactions in India. This has raised suspicions of money laundering and other financial crimes. Furthermore, some companies were not found at their registered office addresses, while others were discovered to be investing in businesses unrelated to their stated purpose, further indicating potential financial fraud. 

Under Section 248 of the Companies Act, the process of striking off a company from the register takes approximately three months. The MCA first issues a notice to the company, allowing time for a response. If the company fails to respond, a second notice is sent after one month. Should there be no reply even then, the company is removed from the register.  

This sweeping action by the MCA underscores the Indian government’s ongoing efforts to regulate the digital lending space and ensure financial transparency, particularly in light of the growing concerns around the proliferation of predatory lending apps in the country.
Read more »
Technology Threats
Advanced Technology Cyber Warfare malware Technology Threats

Sitting Ducks DNS Attack Hijack 35,000 Domains

 

Cybersecurity researchers have uncovered a significant threat affecting the internet's Domain Name System (DNS) infrastructure, known as the "Sitting Ducks" attack. This sophisticated method allows cybercriminals to hijack domains without needing access to the owner's account at the DNS provider or registrar. 

Researchers from DNS security firm Infoblox and hardware protection company Eclypsium revealed that more than one million domains are vulnerable to this attack daily. This has resulted in over 35,000 confirmed domain hijackings, primarily due to poor domain verification practices by DNS providers. The Sitting Ducks attack exploits misconfigurations at the registrar level and insufficient ownership verification. Attackers leverage these vulnerabilities to take control of domains through "lame" delegations, making the hijacking process more effective and harder to detect. 

Once in control, these hijacked domains are used for malware distribution, phishing, brand impersonation, and data theft. Russian threat actors have been particularly active, with twelve known cyber-gangs using this method since 2018 to seize at least 35,000 domains. These attackers often view weak DNS providers as "domain lending libraries," rotating control of compromised domains every 30-60 days to avoid detection. 

The Sitting Ducks attack has been exploited by several cybercriminal groups. "Spammy Bear" hijacked GoDaddy domains in late 2018 for spam campaigns. "Vacant Viper" began using Sitting Ducks in December 2019, hijacking 2,500 domains yearly for the 404TDS system to distribute the IcedID malware and set up command and control (C2) domains. "VexTrio Viper" started using the attack in early 2020, employing the hijacked domains in a massive traffic distribution system (TDS) that supports the SocGholish and ClearFake operations. 

Additionally, several smaller and unknown actors have used Sitting Ducks to create TDS, spam distribution, and phishing networks. Despite the Sitting Ducks attack being reported in 2016, the vulnerability remains largely unresolved. This highlights the critical yet often neglected aspect of DNS security within broader cybersecurity efforts. 

To effectively combat this pressing cybersecurity threat, a collaborative effort is essential involving domain holders, DNS providers, registrars, regulatory bodies, and the broader cybersecurity community. Infoblox and Eclypsium are playing a crucial role by partnering with law enforcement agencies and national Computer Emergency Response Teams (CERTs) to mitigate and diminish the impact of this critical security issue.
Read more »
Technology Threats
AI concerns Cybersecurity GenAI LLMs Technology Technology Threats

The Growing Cybersecurity Concerns of Generative Artificial Intelligence

In the rapidly evolving world of technology, generative artificial intelligence (GenAI) programs are emerging as both powerful tools and significant security risks. Cybersecurity researchers have long warned about the vulnerabilities inherent in these systems. From cleverly crafted prompts that can bypass safety measures to potential data leaks exposing sensitive information, the threats posed by GenAI are numerous and increasingly concerning. Elia Zaitsev, Chief Technology Officer of cybersecurity firm CrowdStrike, recently highlighted these issues in an interview with ZDNET. 

"This is a new attack vector that opens up a new attack surface," Zaitsev stated. He emphasized the hurried adoption of GenAI technologies, often at the expense of established security protocols. "I see with generative AI a lot of people just rushing to use this technology, and they're bypassing the normal controls and methods of secure computing," he explained. 

Zaitsev draws a parallel between GenAI and fundamental computing innovations. "In many ways, you can think of generative AI technology as a new operating system or a new programming language," he noted. The lack of widespread expertise in handling the pros and cons of GenAI compounds the problem, making it challenging to use and secure these systems effectively. The risk extends beyond poorly designed applications. 

According to Zaitsev, the centralization of valuable information within large language models (LLMs) presents a significant vulnerability. "The same problem of centralizing a bunch of valuable information exists with all LLM technology," he said. 

To mitigate these risks, Zaitsev advises against allowing LLMs unfettered access to data stores. Instead, he recommends a more controlled approach. "In a sense, you must tame RAG before it makes the problem worse," he suggested. This involves leveraging the LLM's capability to interpret open-ended questions and using traditional programming methods to fulfill queries securely. "For example, Charlotte AI often lets users ask generic questions," Zaitsev explained. 

"What Charlotte does is identify the relevant part of the platform and the specific data set that holds the source of truth, then pulls from that via an API call, rather than allowing the LLM to query the database directly." 

As enterprises increasingly integrate GenAI into their operations, understanding and addressing its security implications is crucial. By implementing stringent control measures and fostering a deeper understanding of this technology, organizations can harness its potential while safeguarding their valuable data.
Read more »
USA
Data Privacy Federal Agencies Privacy surveillance Technology Threats USA

Controversial Reverse Searches Spark Legal Debate


In a growing trend, U.S. police departments and federal agencies are employing controversial surveillance tactics known as reverse searches. These methods involve compelling big tech companies like Google to surrender extensive user data with the aim of identifying criminal suspects. 

How Reverse Searches Operate 

Under Reverse Searches Enforce Agencies order digital giant companies such as Google to give them vast reservoirs of user data. Under this law, these agencies have the power to demand information related to specific events or queries which include: 

  • Location Data: Requesting data on individuals present in a particular place at a specific time based on their phone's location. 
  • Keyword Searches: Seeking information about individuals who have searched for specific keywords or queries. 
  • YouTube Video Views: A recent court order disclosed that authorities could access identifiable information on individuals who watched particular YouTube videos. 

In the past, when law enforcement needed information for an investigation, they would usually target specific people they suspected were involved in a crime. But now, because big tech companies like Google have so much data about people's activities online, authorities are taking a different approach. Instead of just focusing on individuals, they are asking for massive amounts of data from these tech companies. This includes information on both people who might be relevant to the investigation and those who are not. They hope that by casting a wider net, they will find more clues to help solve cases. 

Following the news, critics argue that these court-approved orders are overly broad and potentially unconstitutional. They raise concerns that such orders could force companies to disclose information about innocent people unrelated to the alleged crime. There are fears that this could lead to prosecutions based on individuals' online activities or locations. 

Also, last year an application filed in a Kentucky federal court disclosed that federal agencies wanted Google to “provide records and information associated with Google accounts or IP addresses accessing YouTube videos for a one-week period, between January 1, 2023, and January 8, 2023.” 

However, it did not end here, the constitutionality of these orders remains uncertain, paving the way for a probable legal challenge before the U.S. Supreme Court. Despite the controversy, federal investigators continue to push the boundaries of this contentious practice.
Read more »
Technology Threats
collective progress Data Breach Technology Technology Threats

Decrypting Breach Realities: Beyond Isolation to Collective Progress


Upon discovering that the system has been breached, the initial reaction, marked by a skipped heartbeat, often prompts a common question: What steps should be taken next? 

According to a recent study, over the last two years, more than half of all organizations have experienced a breach from a third party. Regrettably, the predominant response to such incidents is to isolate the affected party. Surprisingly, as many as 83% of consumers confess to halting or discontinuing their transactions with an organization post-incident. 

While it is understandable for people to react to a security incident by distancing themselves from the affected organization, this response overlooks a valuable chance for the entire industry. The opportunity being discussed is the potential for shared learning and progress that arises when the specific details of an incident are made public. To put it differently, rather than merely reacting negatively, there is a prospect for the industry to unite, comprehend the incident, and leverage that understanding to enhance overall security practices and resilience. 

Let’s Understand What Do We Understand by Breach? 

The terms 'cyberattack,' 'data breach,' and 'breach' are sometimes used interchangeably. However, it's important to note that not every cyberattack results in a data breach, and conversely, not all data breaches are a result of cyberattacks. 

A data breach happens when unauthorized individuals infiltrate secure systems, pilfering credential data that encompasses personal details like Social Security numbers, bank account information, and healthcare records. Additionally, corporate data, such as customer records, intellectual property, and financial information, may also be compromised. 

What is More Concerning? 

Despite having a security program deemed commercially reasonable, breaches persist. No entity is impervious. When assessing potential partners and vendors, a crucial factor to consider is their ability to respond effectively and their willingness to be transparent in the event of a security incident. Employees are gaining more understanding when it comes to security incidents. 

There's a shift from immediately blaming individuals for falling victim to phishing attacks. Security experts recognize that phishing is a numbers game, and as attack tactics become more sophisticated, acknowledging the role of human trust and error in our risk landscape is crucial. While businesses often implement successful security policies internally, the same level of scrutiny is not consistently applied to partners and vendors. 

Recognizing that breaches can happen despite precautions, it is crucial for businesses to include an evaluation of security measures in their vetting process. Hasty decisions to sever ties with a reliable partner after an attack can introduce additional risks, including operational challenges. Although distinguishing between an unexpected breach and a pattern of risky behaviour is vital, the availability of compliance frameworks and security assessments facilitates a more informed evaluation of a potential partner's breach readiness. 

Ready and Transparent Future 

Being more understanding about breaches does not mean organizations should skip their checks. Instead, businesses should always confirm if their partners follow the rules. Security questionnaires and reports remain crucial for ensuring organizations handle data carefully.
Read more »
Subscribe to: Posts (Atom)