Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Vulnerability management. Show all posts
Vulnerability management
Business Security Cyber Security ransomware attacks Threat Management Vulnerability management

Here's Why Ransomware Actors Have a Upper Hand Against Organisations

 

Successful ransomware assaults are increasing, not necessarily because the attacks are more sophisticated in design, but because attackers have found that many of the world's largest companies lack adequate resilience to basic safety measures. Despite huge efforts in cybersecurity from both the private and public sectors, many organisations remain vulnerable to ransomware attacks.

Richard Caralli, senior cybersecurity advisor at Axio, has over 40 years of experience as a practitioner, researcher, and leader in the audit and cybersecurity fields. Based on his years of experience, he believes that there are two primary reasons of the lack of ransomware resilience that exposes numerous organisations to otherwise preventable flaws in their ransomware defences: 

  • Recent noteworthy intrusions, such as those on gaming companies, consumer goods manufacturers, and healthcare providers, highlight the fact that some organisations may not have implemented basic safety standards. 
  • Organisations that have put in place foundational practices may not have done enough to confirm and validate those practices' performance over time, which causes expensive investments to lose their efficacy more quickly. 

Given this, organisations can take three simple activities to boost fundamental resilience to ransomware: 

Recommit to core practices

According to Verizon's "2023 Data Breach Investigations Report," 61% of all incidents used user credentials. Two-factor authentication (2FA) is currently regarded as an essential control for access management. However, a failure to apply this additional layer of security is at the heart of UnitedHealth Group/Change Healthcare's ongoing ransomware nightmare. This intrusion affects not only patients, but also service providers and professionals, who face severe barriers to obtaining treatment authorisations and payments. An entire sector is under attack as a result of a major healthcare provider's failure to adopt this foundational control.

Ensure fundamental procedures are institutionalised

There is a "set and forget" approach that handles cybersecurity during the installation stage but fails to ensure that procedures, controls, and countermeasures are long-lasting throughout the infrastructure's life, particularly when these infrastructures expand and adapt to organisational change. 

For example, cybersecurity procedures that are not actively adopted with characteristics that enable institutionalisation and durability are at risk of failing to withstand developing ransomware attack vectors. But what exactly does institutionalisation mean? Higher maturity behaviours include documenting the practice, resourcing it with sufficiently skilled and accountable people, tools, and funding, supporting its enforcement through policy, and measuring its effectiveness over time. 

Implementing the basics 

The issue of implementing and maintaining essential cybersecurity measures is numerous. It necessitates a commitment to constant attention, active management, and a thorough understanding of emerging hazards. However, by confronting these obstacles and ensuring that cybersecurity procedures are rigorously established, measured, and maintained, organisations may better protect themselves against the ever-present threat of ransomware attacks. 

Focussing on the basics first — such as implementing foundational controls like 2FA, developing maintenance skills to integrate IT and security efforts, and adopting performance management practices — can lead to significant improvements in cybersecurity, providing robust protection with less investment.
Read more »
Vulnerability management
Bank Security Bitcoin Digital Assets Technology Vulnerability management

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

 

Satoshi Nakamoto, the pseudonymous developer of Bitcoin, published the system's whitepaper in 2008, bluntly criticising financial institutions and the confidence they demand. However, in 2010, one of the most notable Bitcoin collaborators in its early days and the recipient of the first Bitcoin transaction in history, cypherpunk and cryptography specialist Hal Finney, predicted the existence of bitcoin banks. Today, bitcoin-native banks such as Xapo Bank exist in this grey area between the ethos and the potential deployment of this system across the global financial sector. 

Finney claims that Xapo Bank, which was founded in 2013, is among the leaders in the custodial space of Bitcoin. Wences Casares, an Argentinean entrepreneur and innovator who is well-known in Silicon Valley for his support of this technology, developed it as a solution for his friends and family. However, it expanded significantly. Currently, it is one of the few fully licensed banks in the world that deals with Bitcoin and other digital assets. 

Its business idea combines cutting-edge Bitcoin technology with a physical bunker in the Swiss highlands. This physical location blends old-fashioned Swiss standards with the latest safety technology. It's an atomic bunker that serves as the foundation of what Xapo provides its clients: high-quality security for digital assets. Xapo is exploring new technical opportunities. The custody business is dominated by multi-signature solutions, but the greatest alternative and security solution for the Gibraltar-registered bitcoin bank is the multi-party computation protocol. On a broad level, MPC enables several parties to share information without fully exposing the shared data. 

In the case of Xapo, this works by breaking the digital asset master private key into several unique fragments known as "key shares," which Xapo Bank has stored and distributed in hidden places around the world, including the Swiss bunker. The MPC protocol ensures that participants' contributions remain private during key creation and signing, without being revealed. This functionality assures that no single participant in the quorum has total access to or control over the stored assets, reducing the chance of collusion to nearly zero. 

"MPC is a much more modern and secure setup compared to a still more popular multi-signature approach. The fact that the private key is not put together at any point in the transaction means there is no moment it can be potentially exposed or hacked, which is not the case with the more traditional multi-sig technology," Xapo Bank's Chief Technology Officer, Kamil DziubliÅ„ski, stated. 

However, there are threats and concerns, even with a movie-style bunker and this novel method of securing the keys and transaction signing process. Security threats include hacking and phishing attempts. Financial risks include money laundering, terrorist financing, and various types of financial attacks.
Read more »
Windows
Cyber Security US Government Vulnerability management Window Systems Windows

Microsoft Update Alert: 70% Of Windows Users Are Now At Risk

 

Microsoft's end-of-support date for Windows 10 is approaching on October 14, 2025, and the operating system is already facing a serious security threat. With 70% of Windows users still operating Windows 10, the situation in terms of cyber-attacks has become increasingly perilous. This security bug has major consequences for individuals and organisations who rely on Windows 10. 

What's happening?

A 2018 Windows flaw has been added to the US government's known exploited vulnerabilities (KEV) database, cautioning of potential privilege escalation assaults and remote code execution. Researchers believe that the vulnerability, CVE-2018-0824, was exploited by the Chinese hacker outfit APT41. This threat actor is supported by the Ministry of State Security and has a high level of seriousness because it targets both government and private organisations. 

The US government has warned people to fix or stop using Windows if there is any risk by August 26. If this is not done, users will remain vulnerable to assaults. This vulnerability will not affect Windows 11. Additionally, it would not harm updated Windows systems, emphasising the importance of upgrades for users. The warnings appear to be insufficient, as many users continue to use Windows 10, with only 30% having updated their systems to Windows 11. 

Furthermore, as the end-of-support date approaches, hundreds of scam emails are likely to target Windows 10 customers' inboxes. The hackers would take advantage of this situation and jeopardise the security of users' data and systems, resulting in data breaches and other serious consequences such as system compromise and financial losses. 

Take a look at Reddit or the comments on this post to see the enormous number of Windows users who are waiting for Microsoft to pull a late rabbit out of the bag and expand Windows 10 support. It is unclear how this will affect all those who have invested in upgrading. 

Given the recent experience, with global images of blue screens of death all around, come October, this could be a hackers' paradise for a while. Another aspect to consider is that malicious actors would take advantage of the situation and send out scam after scam to nervous Windows 10 users.
Read more »
Vulnerability management
AI Automation Cyber Threats Technology Vulnerability management

AI and Vulnerability Management: Industry Leaders Show Positive Signs

AI and Vulnerability Management: Industry Leaders Show Positive Signs

Positive trend: AI and vulnerability management

We are in a fast-paced industry, and with the rise of technological developments each day, the chances of cyber attacks always arise. Hence, defense against such attacks and cybersecurity becomes paramount. 

The latest research into the cybersecurity industry by Seemplicity revealed that 91% of participants claim their security budget is increasing this year. It shows us the growing importance of cybersecurity in organizations.

Understanding report: An insight into industry leaders' mindset

A survey of 300 US cybersecurity experts to understand views about breathing topics like automation, AI, regulatory compliance, vulnerability and exposure management. Organizations reported employing 38 cybersecurity vendors, highlighting sophisticated complexity and fragmentation levels within the attack surfaces. 

The fragmentation results in 51% of respondents feeling high levels of noise from the tools, feeling overwhelmed due to the traffic of notifications, alerts, and findings, most of which are not signaled anywhere. 

As a result, 85% of respondents need help with handling this noise. The most troubling challenge reported being slow or delayed risk reduction, highlighting the seriousness of the problem, because of the inundating noise slowing down effective vulnerability identification and therefore caused a delay in response to threats. 

Automation and vulnerability management on the rise

97% of respondents cited methods (at least one) to control noise, showing acceptance of the problem and urgency to resolve it. 97% showed some signs of automation, hinting at a growth toward recognizing the perks of automation in vulnerability and exposure management. The growing trend towards automation tells us one thing, there is a positive adoption response. 

However, 44% of respondents still rely on manual methods, a sign that there still exists a gap to full automation.

But the message is loud and clear, automation has helped in vulnerability and exposure management efficiency, as 89% of leaders report benefits, the top being a quicker response to emergency threats. 

AI: A weapon against cyber threats

The existing opinion (64%) that AI will be a key force against fighting cyber threats is a positive sign showing its potential to build robust cybersecurity infrastructure. However, there is also a major concern (68%) about the effects of integrating AI into software development on vulnerability and exposure management. AI will increase the pace of code development, and the security teams will find it difficult to catch up. 

Read more »
Vulnerability management
Global Outage Tech Giant Technology Threat Landscape Vulnerability management

Are We Ready For The Next Major Global IT Outage? Here's All You Need to Know

 

Last Friday, a glitch in the tech firm led to a global disruption impacting cross-sector activities. Hospitals, health clinics, and banks were impacted; airlines grounded their planes; broadcasting firms were unable to broadcast (Sky News went off the air); emergency numbers such as 911 in the United States were unavailable; and MDA experienced several troubles in Israel. 

This incident had a significant impact in the United States, Australia, and Europe. Critical infrastructure and many corporate operations were brought to a halt. In Israel, citizens instantly linked the incident to warfare, namely the UAV that arrived from Yemen and exploded in Tel Aviv, presuming that Iran was attacking in the cyber dimension. 

What exactly happened? 

CrowdStrike, an American firm based in Texas that provides a cybersecurity protection system deployed in several companies across the world, announced on Friday morning that there was a glitch with the most recent version of their system given to customers. The issue caused Microsoft's operating system, Windows, not to load, resulting in a blue screen. As a result, any organisational systems that were installed and based on that operating system failed to load. In other words, the organisation had been paralysed. 

But the trouble didn't end there. During the company's repair actions, hackers "jumped on the bandwagon," impersonating as staff members and giving instructions that essentially involved installing malicious code into the company and erasing its databases. This was the second part of the incident. 

Importance of risk management 

Risk management is an organisational discipline. Within risk management processes, the organisation finds out and maps the threat and vulnerability portfolio in its activities, while also developing effective responses and controls to threats and risks. Threats can be "internal," such as an employee's human error, embezzlement, or a technical failure in a computer or server. Threats can also arise "externally" to the organisation, such as consumer or supplier fraud, a cyberattack, geopolitical threats in general, particularly war, or a pandemic, fire, or earthquake. 

It appears that the world has become far more global and technological than humans like to imagine or believe. And, certainly, a keyboard error made by one individual in one organisation can have global consequences, affecting all of our daily lives. This is the fact, and we should recognise it as soon as possible and start preparing for future incidents through systematic risk management methods.
Read more »
Vulnerability management
Cyber Security Ethical Hacker Financial Data Threat Landscape Vulnerability management

The Vital Role of Ethical Hacking in Cyber Security

 

The possibility of cyber attacks is a major issue, with the global average cost of a data breach expected to reach $4.45 million in 2023, a 15% increase over the previous three years, according to an IBM analysis. This stark figure highlights the growing financial and reputational threats companies face, emphasising the importance of ethical hacking in an increasingly interconnected world. 

Ethical hackers are the first line of defence, utilising their knowledge to replicate cyber attacks under controlled conditions. These individuals play an important role in averting potentially disastrous data breaches, financial loss, and reputational harm caused by cyber attacks by proactively fixing security vulnerabilities before they are exploited. 

This article explores the importance of ethical hacking, the tactics used by ethical hackers, and how to pursue a career in this vital sector of cyber security. 

What is ethical hacking? 

Ethical hacking, commonly referred to as penetration testing or white-hat hacking, is a technique for testing computer systems, networks, or online applications for security flaws. Unlike criminal hackers, who attempt to make money from vulnerabilities, ethical hackers utilise their expertise to uncover and patch them before they are exploited. 

They utilise their expertise with authorization, hoping to improve security posture before a real hacker exploits vulnerabilities. This preemptive strike against possible breaches is an important part of modern cyber security tactics and a technique of protecting against the most dangerous cyber security threats. Ethical hacking adheres to a fixed code of ethics and legal restrictions. 

Ethical hackers must have clear permission to explore systems and ensure that their actions do not stray into illegal territory. Respect for privacy, data integrity, and the lawful exploitation of uncovered vulnerabilities is critical. 

Methodologies of Ethical Hacking 

Ethical hackers employ a variety of methodologies to assess the security of information systems. These include: 

Risk assessment: Scanning systems and networks to identify known vulnerabilities. 

Penetration testing: Simulating cyber attacks to evaluate the effectiveness of security measures. 

Social engineering: Testing the human element of security through phishing simulations and other tactics. 

Security auditing: Examining the adherence of systems and policies to security standards and best practices. 

Process of ethical hacking

Step 1: Reconnaissance - The ethical hacker collects as much information about the target system or network as possible utilising techniques such as WHOIS databases, search engines, and social media to obtain publically available information. 
 
Step 2: Scanning – They look for live hosts, open ports, services running on those hosts, and vulnerabilities connected with them. Nmap may be used to scan ports, while Nessus or OpenVAS can be used to check for vulnerabilities that can be exploited. 

Step 3: Gaining Access – They use the identified vulnerabilities to gain unauthorised access to the system or network. Metasploit is commonly used to exploit vulnerabilities. Other tools include SQL injection tools for database attacks, as well as password cracking programmes such as John the Ripper or Hydra. 

Step 4: Maintaining Access – Ensure continued access to the target for further exploration and analysis without being detected. Tools like backdoors and trojans are used to maintain access, while ensuring to operate stealthily to avoid detection by security systems.

Step 5: Covering Tracks – Delete evidence of the hacking process to avoid detection by system administrators or security software. Log tampering and the use of tools to clear or modify entries in system logs. Tools such as CCleaner can also be used to erase footprints.
Read more »
Vulnerability management
Chinese Hackers Cyber Security Data Privacy Endpoint security Vulnerability management

Chinese APT40 Can Exploit Flaws Within Hours of Public Release

 

A joint government advisory claims that APT40, a Chinese state-sponsored actor, is focusing on recently discovered software vulnerabilities in an attempt to exploit them in a matter of hours.

The advisory, authored by the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency in the United States, as well as government agencies in Australia, the UK, Canada, New Zealand, Germany, South Korea, and Japan, stated that the cyber group has targeted organisations in a variety of arenas, employing techniques commonly employed by other state-sponsored actors in China. It has often targeted Australian networks, for instance, and remains a threat, the agencies warned. 

Rather than using strategies that involve user engagement, the gang seems to prefer exploiting vulnerable, public-facing infrastructure and prioritising the collection of valid credentials. It frequently latches on public exploits as soon as they become accessible, creating a "patching race" condition for organisations. 

"The focus on public-facing infrastructure is interesting. It shows they're looking for the path of least resistance; why bother with elaborate phishing campaigns when you can just hit exposed vulnerabilities directly?" stated Tal Mandel Bar, product manager at DoControl. 

The APT targets newly disclosed flaws, but it also has access to a large number of older exploits, according to the agencies. As a result, a comprehensive vulnerability management effort is necessary.

Comprehensive reconnaissance efforts 

APT40 conducts reconnaissance against networks of interest on a regular basis, "including networks in the authoring agencies' countries, looking for opportunities to compromise its targets," according to the joint advice. The group then employs Web shells for persistence and focuses on extracting data from sensitive repositories.

"The data stolen by APT40 serves dual purposes: It is used for state espionage and subsequently transferred to Chinese companies," Chris Grove, director of cybersecurity strategy at Nozomi Networks, stated. "Organizations with critical data or operations should take these government warnings seriously and strengthen their defenses accordingly. One capability that assists defenders in hunting down these types of threats is advanced anomaly detection systems, acting as intrusion detection for attackers able to 'live off the land' and avoid deploying malware that would reveal their presence.” 

APT40's methods have also advanced, with the group now adopting the use of compromised endpoints such as small-office/home-office (SOHO) devices for operations, allowing security agencies to better track it. Volt Typhoon's noted approach is just one of many parts of the group's operation that are comparable to other China-backed threat groups including Kryptonite Panda, Gingham Typhoon, Leviathan, and Bronze Mohawk, the advisory reads. 

The advisory provides mitigating approaches for APT40's four major types of tactics, techniques, and procedures (TTPs), which include initial access, execution, persistence, and privilege escalation.
Read more »
Vulnerability management
Cyber Security Stress-Testing Threat Landscape Vulnerability management

A World of Novel Risks: Stress-Testing Security Assumptions

 

The most severe security failures are generally those that we cannot anticipate – until they occur. Prior to 9/11, national security and law enforcement planners expected that airline hijackers would land their planes and reach a settlement — until they didn't. Prior to Stuxnet, control system engineers felt that air-gapped systems could work without interference—until a virus was installed. Prior to the SolarWinds breach discovery in 2020, IT managers believed that verified updates to a trusted network management platform were legal and safe—until the platform itself became the target of a devastating supply chain attack. 

The severity of injury caused by these accidents is often determined by the extent to which novel risks were unforeseen, or assumed not to be threats in the first place. In other words, the more basic the assumption, the more harmful the compromise. The objective of security is to be safe not only now, but also in the future, anticipating and mitigating threats that might arise at a later time and place through adequate preparation and security. And the assumptions we make about the future environment form the basis for that work. Assumptions are required for any security strategy to be cohesive. But they have a shelf life. 

It's doubtful that our presumptions from now will be true later on. We understand that growing interdependencies would inevitably lead to cross-domain and cross-disciplinary security concerns. We are aware that the endless cycles of discovery and patch, identify and neutralise, and detect and respond will be even more difficult to maintain than they are now due to the pace of change brought on by the rate of technological advancement. 

Adopting a future-resilience approach 

Recognising the shifting situation, we have endeavoured to speed this process by collecting and sharing more data, gaining deeper insights from more powerful analytics, detecting threat actors and their behaviours earlier, and responding faster to ongoing attacks. 

But we're falling further behind. It is too late to understand a threat actor's aims and attack methods, let alone identify their moves. The primary challenge is to plan for a future with an unknown risk profile. To become more resilient in a world of "unseen until it's too late" challenges, we must tighten our strategies and stress-test our assumptions. The future of security will be about resilience in the face of unknown hazards. Monitoring trends and anticipating threats is not sufficient. We must also reconsider the assumptions that support our current sense of security. 

A new, future-resilient strategy will need to incorporate a purposeful process of challenging existing assumptions while they are still relevant in order to predict a future in which those assumptions are undermined. Then, based on this new future "reality," we can devise strategies for survival. In other words, we move away from assessing the current environment, making assumptions about the future, identifying threats, and then mitigating those risks, and towards explicitly identifying our assumptions, "making up" threats to undermine those assumptions, and building resilience to survive that future.
Read more »
Subscribe to: Posts (Atom)