Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label security measures. Show all posts

Overly Complex Passwords Could Weaken Security Measures

 


The creation and use of passwords is one of the areas where websites and mobile apps lay down rules for making them as safe as possible. However, a federal agency thinks some of the requirements do more harm than good to the industry. 

A new proposal from the National Institute of Standards and Technology (NIST) has been proposed to protect people's digital identities from fraud by developing some guidelines. One of them is banning password requirements, which cybersecurity experts have long considered obsolete. It is no longer necessary to request special characters, like "%" and "$," for instance, for some type of input. It is also no longer necessary to ask users to identify their children's favourite pet or their first pet as security questions.

First and foremost, it is important to understand why it is not only ineffective to change the password every six months but can make it more difficult to secure users' accounts. When people are forced to change their passwords every few months or so due to security restrictions, they tend to choose the path of least resistance by simply changing a couple of characters within their existing passwords to achieve maximum security. This indeed makes the user's new password easier to remember, however, it also means that hackers who have already accessed a user's system or have run into an existing password they might have used before can easily guess the new password. 

Passwords should be created with a combination of different character types, and they should be changed regularly, these are no longer best practices for password management. It is based on new guidelines that have been released by the United States National Institute of Standards and Technology (NIST), which is charged with developing and releasing guidelines that will assist organizations in keeping their data safe. It was the second public draft of the National Institute of Standards and Technology's Digital Identity Guidelines (SP 800-63-4) that appeared in September of 2024, making these guidelines the latest version that has been published.

For security purposes, it is much better to use strong, unique passwords for each account rather than rotating them as a means of achieving security. There are a variety of letters and numbers that can be used in this system, which means that not just words from the dictionary can be used, which can be picked up by an automated attack program. Furthermore, users should make sure that they don't use any variations on a specific theme in the passwords that they create; don't use variations on a theme (such as "password1" then "password2"). 

It is highly recommended that users always use passphrases instead of traditional passwords if they are really serious about their security. Passphrases are much harder for attackers to guess when compared to traditional passwords. Make sure to check out our blog on how to create a strong password by clicking here. For those who don't want to remember all of their strong unique passwords to keep their online accounts secure, it is recommended to use a password manager like NordPass. 

Because of this, it has become more straightforward to determine whether a password is effective, in comparison to complexity, by measuring its length. Under the guidelines, online services require users to create passwords that are a mix of character types, however, several analyses of breaches of password databases have found that they do not have as great an effect as initially thought. Due to the vast number of online accounts it manages, maintaining a unique password for every single one of them can still be a daunting task, even if users keep their passwords short and memorable at the same time. 

Password managers can play a very important role in preventing this from happening. In addition to this, this type of tool also achieves the goal of archiving all passwords in an encrypted vault that users can access securely, so they don't need to worry about forgetting all their passwords for every account. When a password manager is installed, the user only needs to remember one strong password to access their vault, thus streamlining their online security as well as reducing the risk associated with reusing passwords. 

The password manager is also capable of creating secure, long passwords for the user on their behalf, thereby further enhancing their level of security. It is of course vital to have robust passwords, but they are merely one of the layers of security that must be considered. There are several reasons why two-factor authentication (2FA) may be a viable authentication method. One of these is the fact that it requires a second verification method, such as a code sent to the mobile phone of the user or an authentication app, before giving the user access to their account. 

As long as a hacker has managed to get their hands on the passwords of a user, the 2FA feature is guaranteed to prevent them from gaining access to the user's account even if they manage to obtain the user's passwords. Even though some passwords are compromised, hackers will find it much more difficult to breach users' accounts as a result of this. People tend to make the mistake of selecting easy-to-guess personal information when choosing passwords during the creation process, which is one of the biggest errors they make. 

The information that they disclose could be anything from their name, birth date, or even the name of their favourite sports club they support. Many individuals make the error of using easily accessible personal information in their passwords, such as names, birthdates, or favourite sports teams. This information is often available through social media platforms or public records, making it a convenient target for cybercriminals attempting to gain access to accounts. To minimize this risk, it is highly recommended that personal details be avoided in password creation. 

Instead, users should create complex and unpredictable passwords that are significantly harder for attackers to guess, thereby providing a higher level of security. Another critical mistake is storing passwords in plain text on personal devices. Some individuals may resort to saving passwords in unprotected documents for the sake of convenience, without considering the significant security risks involved. If the device is compromised, these plain text files can be easily accessed, leaving sensitive information vulnerable to unauthorized users. 

A safer alternative is to use password management software, which securely stores passwords while also encrypting them. This adds an essential layer of security and ensures that even if the device is breached, the stored passwords remain protected. It is also crucial for users to pay attention to security notifications issued by websites and online services. These alerts are often triggered by unusual or suspicious activity and serve as an early warning system for potential security breaches. Unfortunately, such warnings are frequently ignored or overlooked, which can leave accounts exposed to further exploitation.

By promptly addressing these notifications, individuals can take immediate action, such as changing passwords or enabling additional security measures, to mitigate the threat before it escalates. Lastly, neglecting to regularly update software and applications can lead to unnecessary security vulnerabilities. Software updates frequently contain critical security patches designed to address newly discovered threats.

By failing to install these updates promptly, individuals leave themselves susceptible to attacks that could have been prevented. Maintaining up-to-date software is an essential practice for ensuring the latest security features are in place, reducing the chances of a successful cyberattack.

Lessons from the CrowdStrike Falcon Sensor Defect: Enhancing Ransomware Recovery and Business Continuity

 


In recent times, a significant IT disruption was caused by a defect in a content update for CrowdStrike’s Falcon sensor, affecting approximately 8.5 million PCs across diverse sectors. This issue, which disrupted organizations ranging from small businesses and global conglomerates to government agencies and hospitals, highlighted severe vulnerabilities in how entities handle large-scale IT failures. The impact was widespread, leading to delayed flights, transaction failures at gas stations and grocery stores, and significant delays in emergency services such as police and fire departments. 

The scale of this disruption serves as a critical reminder of the importance of robust ransomware recovery and business continuity plans (BCPs). Although the immediate cause of the disruption was not a ransomware attack, the parallels between handling this IT issue and responding to ransomware are striking. This event underscores the need for organizations to evaluate and improve their preparedness for various types of cyber threats. One of the key lessons from this incident is the importance of efficient detection. The mean time to detect (MTTD) is a crucial metric that measures how swiftly an organization can identify a security breach. 

The quick identification of the Falcon sensor defect was vital in managing its effects and preventing further damage. Organizations should focus on strengthening their detection systems to ensure they can quickly identify and respond to potential threats. This includes implementing advanced monitoring tools and refining alert mechanisms to reduce response times during a real cyber incident. Recovery and restoration processes are equally critical. After the Falcon sensor issue, organizations had to mobilize their BCPs to recover systems and restore normal operations from backups. This situation emphasizes the need for well-documented, regularly updated, and thoroughly tested recovery plans. 

Businesses must ensure their backup strategies are reliable and that they can quickly restore operations with minimal disruption. Effective recovery plans should include clear procedures for data restoration, system repairs, and communication with stakeholders during a crisis. The incident also highlights the importance of continuous assessment and improvement of an organization’s cybersecurity posture. By analyzing their response to the Falcon sensor defect, organizations can identify gaps in their strategies and address any weaknesses. This involves reviewing incident response plans, updating communication protocols, and enhancing overall resilience to cyber threats. 

Furthermore, the disruption reinforces the need for comprehensive risk management strategies. Organizations should regularly evaluate their exposure to various types of cyber threats, including ransomware, and implement measures to mitigate these risks. This includes investing in cybersecurity training for employees, conducting regular security audits, and staying informed about the latest threat intelligence. 

In conclusion, the CrowdStrike Falcon sensor defect offers valuable lessons for enhancing ransomware recovery and business continuity planning. By learning from this event, organizations can improve their ability to respond to and recover from cyberattacks, ensuring they are better prepared for future threats. Regular updates to BCPs, enhanced detection capabilities, and robust recovery processes are essential for safeguarding against disruptions and maintaining operational resilience in today’s increasingly complex digital landscape.

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.

Android App Security Alert: Proactive Measures to Prevent Unauthorized Control

 


Approximately a billion Android users have been threatened by a new malware infection. The latest security alert comes from Microsoft's team who discovered a new vulnerability that may give hackers complete control of your smartphone. The latest security alert is triggered by the discovery of a new security flaw which can allow hackers complete access to users' devices. 

Security vulnerabilities in multiple Android apps discovered last week by Microsoft could be exploited to gain access to apps and sensitive information on a mobile device without the user's permission. As it turns out, the security flaw is not caused by the system code itself but instead by developers who improperly use the system, leading to loopholes that can be exploited by malicious actors. 

It is important to note that Google has been made aware of this flaw, and it has taken steps to inform the Android app developer community about the issue. This flaw is caused by improper use of Android's content provider system, which facilitates the sharing of structured data sets among different applications via a mechanism called the content provider system. 

To prevent unauthorized access, data leaks, and path traversal attacks, this system incorporates data isolation, URI permissions, and path validation security measures. Earlier this week, Microsoft Threat Intelligence published a post on its Security Blog stating, “Microsoft discovered a path traversal vulnerability pattern related to multiple popular Android apps. 

This vulnerability can be exploited to overwrite files located within the home directory of vulnerable Android applications.” Additionally, the researchers noted that the vulnerability was found in several apps on Google Play with over four billion installations in total, revealing an important fact about the vulnerability. It is possible to bypass these security measures when custom intents, which are messaging objects that facilitate communication between components across multiple Android apps, are implemented incorrectly. 

Intents that are incorrectly implemented include trusting unvalidated filenames and paths, using the 'FileProvider' component incorrectly, and ignoring path validations properly. A malicious application can use Dirty Stream to send manipulated files to another app using a custom intent, but this method requires a custom intent to be used. A malicious application is tricked into trusting a filename or path and executes or stores the file in a critical location after being fooled into believing it.

A common OS-level function can be transformed into a weaponized tool when it is manipulated between two Android apps and may result in unauthorized code execution, data theft, or another malicious outcome resulting from the manipulation of the data stream. 

To secure data exchange between different applications on a smartphone, the content provider system on Android is designed to protect data when a developer incorrectly uses it. Several security measures are used to prevent unauthorised access to the application by apps as well as by anyone else who may be trying to break into the app. These measures include data isolation, URI permissions, and path validation, among others. 

There is one major issue related to the implementation of the system, however, and that is the custom intents component of the system. The various messaging objects in the app are what enable the app to communicate with each other two-way to accomplish their goals. As long as this vulnerability exists, apps can ignore the security measures introduced to prevent data theft, allowing other apps (or hackers under their control) to access sensitive information stored inside of them. Dirty Stream's deviousness comes from how it manipulates the system to exploit it in such a devious way. 

It has been found that hackers have been able to create custom intents to bypass these security measures via messaging objects, which enable communication between components across Android apps, which are distributed across different apps. A malicious app being able to exploit this loophole allows it to send files to another app using a custom intent, allowing harmful code to be sent disguised as legitimate files to sneak into the system. 

Upon a hacker succeeding in fooling a vulnerable app into overwriting critical files within its private storage space, they can then cause the app to be compromised - and the consequences can be devastating. Dirty Stream allows bots to hijack apps, execute unauthorized code, steal data, and even hijack apps without the user being aware of any of this, according to BleepingComputer, which describes it as an OS-level attack tool that can behave like a normal one.  

Xiaomi's File Manager application, which has more than a billion installations worldwide, and WPS Office, which has more than 500 million installs, are two apps which have been highlighted within Microsoft's report as being vulnerable to Dirty Stream attacks. Both companies responded to the findings and collaborated with Microsoft to deploy patches to mitigate the risks posed by the vulnerabilities that had been discovered. 

Through an article published on the Android Developer's website, Microsoft shared its findings regarding similar vulnerabilities with the Android developer community to prevent the disclosure of similar flaws in future releases. Google has recently revised its app security guidelines to underscore prevalent implementation errors within the content provider system, which could potentially facilitate security breaches. 

Regarding end users, while their proactive measures may be limited, there are still actionable steps they can take to bolster their security posture. Primarily, users should prioritize maintaining the latest versions of the applications they utilize, as updates often include patches for known vulnerabilities. Furthermore, users must exercise caution when sourcing applications, avoiding downloading APKs from unofficial third-party app repositories and other inadequately vetted sources. By adhering to these precautions, users can significantly reduce their exposure to security risks associated with app usage on the Android platform.

Panera Bread and Omni Hotels Hit by Ransomware Outages: What You Need to Know

 

In a tumultuous turn of events, Panera Bread and Omni Hotels were thrust into the chaos of ransomware attacks, unleashing a cascade of disruptions across their operations and customer services. 

Panera Bread, celebrated for its culinary delights and pioneering loyalty programs, found itself in the throes of a massive outage that paralyzed its internal IT infrastructure, communication channels, and customer-facing platforms. The ransomware strike, striking on March 22, 2024, encrypted critical data and applications, plunging employees and patrons into disarray amidst the ensuing turmoil. 

Among the litany of grievances, Panera Sip Club members were left disheartened by their inability to savour the benefits of their subscription, notably the tantalizing offer of unlimited drinks at a monthly fee of $14.99. The frustration reverberating among members underscored the profound repercussions of cyber incidents on customer experience and brand loyalty. 

As of January 23, 2024, Panera Bread and its franchise network boasted an extensive presence with 2,160 cafes sprawled across 48 U.S. states and Ontario, Canada. However, the ransomware onslaught cast a shadow over the company's expansive footprint, laying bare vulnerabilities in cybersecurity defenses and underscoring the imperative for robust incident response protocols. 

In tandem, Omni Hotels grappled with a parallel crisis as ransomware-induced IT outages wreaked havoc on reservation systems and guest services. The bygone week witnessed a flurry of disruptions, from protracted check-in delays averaging two hours to resorting to manual interventions to grant access to guest rooms. 

The financial fallout of these cyber calamities remains nebulous, yet the toll on customer trust and brand reputation is palpable. The opacity shrouding the attacks has only exacerbated apprehensions among employees and patrons alike, accentuating the exigency for fortified cybersecurity measures and transparent communication strategies.

Amidst the evolving threat landscape, organizations must fortify their cybersecurity defenses and hone proactive strategies to avert the pernicious impact of cyber threats. From regular data backups and comprehensive employee training to the formulation of robust incident response blueprints, preemptive measures are pivotal in blunting the impact of cyber onslaughts and fortifying resilience against future incursions. 

The ransomware assaults on Panera Bread and Omni Hotels serve as poignant reminders of the pervasive menace posed by cyber adversaries. By assimilating the lessons gleaned from these incidents and orchestrating proactive cybersecurity initiatives, businesses can bolster their resilience and safeguard the interests of stakeholders, employees, and patrons alike.

Insights into Recent Malware Attacks: Key Learnings and Prevention Strategies

 

In an era where cybersecurity threats loom large, recent malware attacks have underscored the critical need for robust protective measures. Understanding the modus operandi of these attacks and learning from them can empower individuals and organizations to bolster their defenses effectively. 

Let's delve into the biggest takeaways from these incidents and explore preventive strategies to safeguard against future threats. One of the striking revelations from recent malware attacks is the evolving sophistication of malicious actors. Advanced techniques such as polymorphic malware, which can change its code to evade detection, pose significant challenges to traditional security protocols. This highlights the importance of investing in next-generation cybersecurity solutions capable of adaptive threat detection and mitigation. 

Furthermore, the rise of ransomware attacks has been particularly alarming. These attacks encrypt valuable data and demand a ransom for its release, often causing substantial financial losses and operational disruptions. Implementing a multi-layered defense strategy encompassing regular data backups, network segmentation, and employee training on phishing awareness can mitigate the risk of falling victim to ransomware extortion. 

Additionally, the proliferation of supply chain attacks has raised concerns about the interconnected nature of modern digital ecosystems. Attackers target third-party vendors and service providers to infiltrate their primary targets indirectly. Vigilance in vetting and monitoring supply chain partners, along with implementing robust access controls and encryption protocols, is paramount to mitigating this threat. Moreover, the exploitation of software vulnerabilities underscores the importance of timely patch management and software updates. 

Neglecting to patch known vulnerabilities provides attackers with an entry point to exploit systems and compromise sensitive data. Establishing a proactive patch management framework that prioritizes critical vulnerabilities and expedites the deployment of patches can significantly enhance cybersecurity posture. Social engineering tactics remain a prevalent avenue for malware dissemination, emphasizing the crucial role of user education and awareness. Phishing emails, fraudulent websites, and deceptive messages continue to lure unsuspecting individuals into inadvertently downloading malware or divulging sensitive information. 

Educating users on recognizing and reporting suspicious activities, coupled with implementing email filtering and web security solutions, can mitigate the effectiveness of social engineering attacks. Furthermore, the emergence of fileless malware represents a significant paradigm shift in cyber threats. By residing solely in system memory without leaving a footprint on disk, fileless malware evades traditional antivirus detection mechanisms. Deploying endpoint detection and response (EDR) solutions capable of behavior-based anomaly detection and memory analysis can effectively identify and neutralize fileless malware threats. 

In conclusion, recent malware attacks serve as potent reminders of the evolving threat landscape and the imperative of proactive cybersecurity measures. By staying abreast of emerging threats, investing in cutting-edge security technologies, fostering a culture of cybersecurity awareness, and adopting a multi-faceted defense approach, individuals and organizations can fortify their resilience against malicious actors. As the digital landscape continues to evolve, continuous vigilance and adaptation are essential to staying one step ahead of cyber adversaries.

Protect Yourself: Tips to Avoid Becoming the Next Target of a Microsoft Hack

 

The realm of cybersecurity, particularly within the Microsoft 365 environment, is in a constant state of evolution. Recent events involving major tech firms and cybersecurity entities underscore a crucial truth: grasping security best practices for Microsoft 365 isn't synonymous with effectively putting them into action.

According to Kaspersky, 2023 witnessed a significant 53% surge in cyber threats targeting documents, notably Microsoft Office documents, on a daily basis. Attackers increasingly employed riskier tactics, such as surreptitiously infiltrating systems through backdoors. 

For instance, in one scenario, a non-production test account lacking multifactor authentication (2FA/MFA) fell victim to exploitation, while in another case, a backdoor was implanted into a file, initiating a supply chain attack. These incidents serve as stark reminders that even seemingly low-risk accounts and trusted updates within Microsoft 365 can serve as conduits for security breaches if not adequately safeguarded and monitored.

Despite the profound expertise within organizations, these targeted entities succumbed to advanced cyberattacks, highlighting the pressing need for meticulous implementation of security protocols within the Microsoft 365 realm.

The domain of artificial intelligence (AI) has experienced exponential growth in recent years, permeating nearly every aspect of technology. In this era dominated by AI and large language models (LLMs), sophisticated AI models can enhance cloud security measures. AI is rapidly becoming standard practice, compelling organizations to integrate it into their frameworks. By fine-tuning AI algorithms with specialized domain knowledge, organizations can gain actionable insights and predictive capabilities to preemptively detect and address potential security threats. These proactive strategies empower organizations to effectively safeguard their digital assets.

However, the proliferation of AI also heightens the necessity for robust cloud security. Just as ethical practitioners utilize AI to advance technological frontiers, malicious actors leverage AI to unearth organizational vulnerabilities and devise more sophisticated attacks. Open-source LLM models available online can be utilized to orchestrate intricate attacks and enhance red-team and blue-team exercises. Whether wielded for benevolent or malevolent purposes, AI significantly influences cybersecurity today, necessitating organizations to comprehend its dual implications.

Ways to Enhance Your Security

As digital threats grow increasingly sophisticated and the ramifications of a single breach extend across multiple organizations, the imperative for vigilance, proactive security management, and continuous monitoring within Microsoft 365 has never been more pronounced.

One approach involves scrutinizing access control policies comprehensively. Orphaned elements can serve as goldmines for cybercriminals. For example, a departing employee's access to sales-related data across email, SharePoint, OneDrive, and other platforms must be promptly revoked and monitored to prevent unauthorized access. Regular audits and updates of access control policies for critical data elements are indispensable.

Moreover, reviewing delegations and managing permissions consistently is imperative. Delegating authentication credentials is vital for onboarding new programs or personnel, but these delegations must be regularly assessed and adjusted over time. Similarly, ensuring segregation of duties and deviations is crucial to prevent any single individual from wielding excessive control. Many organizations grapple with excessive permissions or outdated delegations, heightening the risk of cybersecurity breaches. Emphasizing delegation and segregation of duties fosters accountability and transparency.

Maintaining oversight over the cloud environment is another imperative. Solutions supporting cloud governance can enforce stringent security policies and streamline management processes. When selecting a cloud governance provider, organizations must exercise discernment as their chosen partner will wield access to their most sensitive assets. Security should be viewed as a layered approach; augmenting layers enhances governance without compromising productivity or workflows.

Given the alarming frequency of security breaches targeting Microsoft 365, it's evident that conventional security paradigms no longer suffice. Gone are the days when basic antivirus software provided ample protection; technological advancements necessitate significant enhancements to our defense mechanisms.

Implementing rigorous security measures, conducting regular audits, and upholding governance can markedly fortify an organization's defense against cyber threats. By remaining vigilant and proactive, it's feasible to mitigate security risks and shield critical data assets from potential breaches before they inflict harm on organizations or their clientele.

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.

Report: Retailers Face Challenges in Coping with Ransomware Attacks

 

In a disconcerting revelation, a recently released report suggests that retailers are finding themselves increasingly outmatched in the ongoing battle against ransomware operators. Conducted by cybersecurity experts Sophos, the survey enlisted the perspectives of 3,000 IT and cybersecurity leaders from small and medium-sized businesses (SMBs) and enterprises worldwide, with a particular focus on 355 respondents hailing from the retail sector. 

The findings are rather sobering, indicating that a mere 26% of retailers were successful in thwarting a ransomware attack before succumbing to having their valuable data encrypted. This figure represents a noticeable decline from the preceding year's 28%, and even more starkly from the 34% recorded two years prior.

Chester Wisniewski, the Director of Global Field CTO at Sophos, sounds a cautionary note, deeming the survey a resounding wake-up call for organizations within the retail industry. His message is clear: retailers must urgently fortify their security measures in the face of the escalating ransomware threat.

The report also sheds light on the protracted recovery process faced by victims who opt to meet the ransom demand. Among those who acquiesced, the median recovery cost, excluding the ransom payment itself, surged to four times that of those with a functional backup, reaching a staggering $3 million compared to $750,000. 

Approximately 43% of victims opted to pay the ransom, prompting Wisniewski to caution against shortcuts, underscoring the imperative of rebuilding systems to prevent cybercriminals from reaping the rewards of their malicious activities.

While there is a glimmer of optimism for retailers in the report - the percentage of firms targeted by ransomware threats dropped from 77% to 69% compared to the previous year - the recovery times have taken a hit. The proportion of companies able to recover in less than a day dwindled from 15% to a mere 9%, while those grappling with recovery periods exceeding a month increased from 17% to 21%.

Ransomware, as the report highlights, typically gains entry through the actions of unwitting employees, such as downloading malware or inadvertently providing attackers access to crucial endpoints. 

Consequently, the report underscores the critical importance of comprehensive employee education regarding the perils of cyberattacks. In addition to fostering employee awareness, safeguarding against ransomware necessitates strategic measures such as regular backups of critical systems and data, coupled with the implementation of robust endpoint protection services. The call to action is clear - retailers must fortify their cybersecurity defenses comprehensively to navigate the evolving threat landscape successfully.

US Government Surveillance Reform Act (GSRA), What It Will Change?

 

A cross-party group of U.S. legislators has put forth fresh legislation aimed at limiting the extensive surveillance authority wielded by the FBI. They argue that the bill addresses the gaps that currently enable officials to access Americans' data without obtaining a warrant. This move comes after over ten years of discussions surrounding the surveillance powers granted in the aftermath of September 11, 2001. 

These powers permit domestic law enforcement to conduct warrantless scans of the immense volumes of data collected by America's foreign surveillance systems. If the Surveillance Reform Act (GSRA), gets approved, would compel law enforcement agencies to secure a legitimate warrant prior to conducting searches under Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Opponents argue that the present absence of a warrant prerequisite for accessing the 702 database represents an unconstitutional circumvention of Americans' Fourth Amendment safeguards. This proposed legislation arrives as the culmination of a year-long, intense struggle over the fate of profoundly contentious surveillance practices, scheduled to conclude on December 31. 

Section 702 was enacted in 2008, it was originally presented as a tool for foreign surveillance, primarily aimed at tracking terrorists. However, due to antiquated and inadequately defined language in the policy, intelligence agents and law enforcement have been provided with a covert means to amass extensive volumes of U.S. communications. 

Subsequently, these private exchanges are routinely subjected to surveillance without the need for a warrant, and in certain instances, are even utilized as evidence in criminal proceedings. This creates a significant policy gap, allowing law enforcement to gather personal communications of American citizens that would typically be safeguarded by the Fourth Amendment. 

The paramount objective of the 206-page GSRA bill's proposed reforms is to bring about a modernization and enhancement of U.S. surveillance capabilities. This aims to align privacy safeguards and basic rights with the rapid technological progress that has significantly streamlined data acquisition processes. 

"We're introducing a bill that protects both Americans' security and Americans' liberty," Senator Ron Wyden - a Democrat and a longtime critic of government surveillance reported at a press conference on Tuesday. 

Officials in the executive branch have consistently emphasized the importance of the expiring surveillance authority, asserting its critical role in combatting foreign espionage and terrorism. They have actively advocated for its reauthorization.

Navigating the Risks: Is Airport Wi-Fi Safe for Travelers?

Airport Wi-Fi has become a need for travelers in a time when keeping connected is crucial. It acts as a lifeline for anything from last-minute travel adjustments to professional correspondence. However, worries about its security have led some people to wonder whether utilizing public networks comes with any inherent risks.

According to a report by Explore.com, accessing airport Wi-Fi networks might not be as secure as one would hope. The convenience it offers often comes at the cost of compromised cybersecurity. Cybercriminals can exploit vulnerabilities in these networks, potentially gaining access to sensitive information.

Aura, a cybersecurity company, emphasizes that travelers should exercise caution when connecting to airport Wi-Fi. "Public networks are prime targets for cyberattacks. It's like leaving your front door unlocked in a high-crime area," warns their security expert. Hackers can employ various techniques, such as "Man-in-the-Middle" attacks, to intercept data transmitted over these networks.

MarketSplash echoes these concerns, urging travelers to take proactive measures. Using a Virtual Private Network (VPN) is one of the most effective ways to secure online activities. A VPN creates a secure tunnel between the device and the internet, encrypting data and making it significantly harder for cybercriminals to intercept.

Additionally, it's advised to avoid accessing sensitive information, like banking accounts or private emails, while on public Wi-Fi. Instead, it's safer to use cellular data or wait until connecting to a trusted network.

While these warnings might sound alarming, it's important to note that not all airport Wi-Fi networks are equally risky. Some airports invest heavily in cybersecurity measures, offering safer browsing experiences. As a rule of thumb, using well-known airports and verifying the network's legitimacy can reduce risks.

Airport Wi-Fi is a useful tool for travelers, but it's important to be aware of any security hazards. One can find a balance between staying connected and remaining secure by taking steps like using a VPN and avoiding important tasks on public networks. Better safe than sorry, as the saying goes. Travelers can avoid future hassles by making a minor investment in cybersecurity.

FTX Reinforces Security Measures After Recent Cyber Breach

 

A notable cryptocurrency exchange called FTX recently experienced a security compromise that briefly caused its gateway to be unavailable. The event sparked worries about the security of users' assets on the network among users and the larger crypto community. To strengthen its defenses against potential attacks, FTX quickly implemented stronger security measures as a response.

FTX CEO, Sam Bankman-Fried, assured users that their funds were safe and that the breach was quickly contained. He stated, "Our team acted promptly to isolate the breach and secure the affected systems. No user funds were compromised, and we have taken steps to prevent such incidents in the future."

Following the breach, FTX collaborated closely with cybersecurity experts to conduct a thorough investigation. The findings led to the identification of vulnerabilities that were promptly addressed. The exchange has now implemented additional security protocols, including multi-factor authentication and advanced intrusion detection systems.

Cybersecurity experts lauded FTX's swift response and proactive approach to fortifying their platform. Dr. Emily White, a leading cybersecurity analyst, commended FTX's efforts, saying, "FTX's rapid response and commitment to shoring up their security measures demonstrate a proactive approach to safeguarding user assets. This incident serves as a reminder of the evolving nature of cyber threats and the importance of continuous vigilance."

In the wake of the breach, FTX has taken steps to enhance communication with its user base. The exchange has established a dedicated channel for updates on security-related matters, providing users with real-time information and transparency about any potential risks.

The incident at FTX serves as a wake-up call for the entire cryptocurrency industry. As the digital asset space continues to grow, exchanges must prioritize security measures to protect user funds and maintain trust in the ecosystem.

The FTX response to the latest security issue emphasizes how crucially important strong cybersecurity procedures are in the cryptocurrency business. FTX has proven its dedication to protecting user assets by quickly fixing vulnerabilities and deploying improved security processes. This incident should serve as a reminder to all exchanges to emphasize security and keep lines of communication open with their user base.


Security Changes at Australian Supermarket Raise Privacy Concerns

 

Our daily lives have been infused with technology, yet the ease and advancements it brings are not without drawbacks. A few of them even have effects on privacy.

It is difficult to ignore a situation like this, especially in light of recent reports that Coles supermarket is testing "innovative" security measures including "smart gateway technology" in an effort to minimise the theft issue at its stores. 

Australia's two largest supermarkets have begun to implement a variety of tough security measures, which have been described as a necessary action to tackle the theft problem, which costs $9 billion annually. However, some experts have expressed concerns about a background of "trauma" or even "distrust" for some customers while in businesses.

Coles has integrated a number of cutting-edge devices into its stores nationwide in an effort to deter crime and safeguard employees from an apparent rise in aggressive conduct. Among them are 'smart gates' that automatically lock if customers attempt to leave without paying for their purchases, artificial intelligence (AI)-enabled cameras at checkouts, and overhead cameras intended to monitor shoppers' every move. 

Body-worn cameras, which some Woolworths customers are already accustomed to seeing on police officers and bouncers, are a recent Coles tactic that has also been adopted by other retailers. The purpose of this action is to protect Coles' employees against violence of any kind in all of their "high-risk" locations. 

Privacy advocates, however, have not been slow to criticise these developments. Dr. Mary Ilias, a senior lecturer in criminology at Deakin University, has warned of a culture of fear sparked by excessive surveillance and suggested that such surveillance could burden consumers unnecessarily.

According to Dr. Illias, those who are vulnerable may also have "exacerbated feelings of trauma and mistrust" as a result of the cameras. She voiced concern about innocent people being unfairly singled out—those who might seem uneasy or unsure owing to medical or mental conditions—and creating unnecessary suffering. 

Retailers argue that if customers were not satisfied with the technology, it would not have been implemented.

"New technology such as body cameras is being tested by some stores here and overseas and is being done so within privacy laws and with careful attention to staff and customer feedback," Paul Zahra, Australian Retailers Association Chief Executive explained.

"It's in retailers' interests to keep their customers comfortable and at ease in stores and this kind of technology is first and foremost to keep frontline retail staff and customers safe," Zahra added.

Coles and Woolworths representatives assured customers that their cameras comply with Australian privacy regulations and that video from these cameras would only be preserved for "a few weeks."

Israeli Cyber Firms Unveil Groundbreaking Spyware Tool


Israeli cybersecurity companies have made an unparalleled spyware tool available, which has shocked the whole world's computer sector. This new breakthrough has sparked discussions about the ethics of such sophisticated surveillance equipment as well as worries about privacy and security.

According to a recent article in Haaretz, the Israeli cyber industry has unveiled a cutting-edge spyware tool that has been dubbed InsaneT.This highly advanced technology reportedly possesses capabilities that make it virtually impervious to existing defense mechanisms. As the article states, "Israeli cyber firms have developed an insane new spyware tool, and no defense exists."

The tool's sophistication has caught the attention of experts and cybersecurity professionals worldwide. It has the potential to reshape the landscape of cyber warfare and espionage, making it both a remarkable achievement and a significant cause for concern.

The InsaneT spyware tool's capabilities remain shrouded in secrecy, but it is said to be capable of infiltrating even the most secure networks and devices, bypassing traditional security measures with ease. Its existence highlights the ever-evolving arms race in the world of cybersecurity, where hackers and defenders constantly vie for the upper hand.

While the Israeli cyber industry boasts about this technological breakthrough, ethical concerns loom large. The Register, in their recent report on InsaneT, emphasizes the need for a robust ethical framework in the development and deployment of such powerful surveillance tools. Privacy advocates and human rights organizations have already expressed their apprehension regarding the potential misuse of this technology.

As the world becomes increasingly interconnected, issues related to cyber espionage and surveillance gain prominence. The introduction of InsaneT raises questions about the balance between national security interests and individual privacy rights. Striking the right balance between these two conflicting priorities remains an ongoing challenge for governments and technology companies worldwide.

An important turning point in the history of cybersecurity was the appearance of the spyware tool InsaneT created by Israeli cyber companies. Considering the ethical and security ramifications of such cutting-edge technology, its unmatched capabilities bring both opportunities and risks, highlighting the necessity of ongoing discussion and international cooperation. Governments, corporations, and individuals must manage the complexity of cybersecurity as we advance in the digital era to ensure that innovation does not compromise privacy and security.


How the FBI Hacked Hive and Saved Victims

Earlier this year, the FBI achieved a significant milestone by dismantling Hive, a notorious cybercrime group, employing an unconventional approach. Instead of apprehending individuals, the agency focused on outsmarting and disrupting the hackers remotely. This marks a notable shift in the FBI's strategy to combat cybercrime, recognizing the challenges posed by international borders where many cybercriminals operate beyond the jurisdiction of U.S. law enforcement. 

In the past, Hive gained infamy as a highly active criminal syndicate, renowned for its acts of disrupting American schools, businesses, and healthcare institutions by disabling their networks and subsequently demanding ransoms for restoration. However, FBI field agents based in Florida successfully dismantled the group using their cyber expertise. 

They initially gained unauthorized access to Hive's network in July 2022 and subsequently countered the syndicate's extortion activities by aiding the targeted organizations in independently regaining access to their systems. 

According to Adam Hickey, a former Deputy Assistant Attorney General in the Justice Department's national security division during the Hive operation, the FBI's method proved effective and saved victims worldwide approximately $130 million. After conducting thorough investigations, the FBI discovered that Hive had rented its primary attack servers from a Los Angeles data center. 

Acting swiftly, the FBI seized the servers within two weeks and subsequently announced the takedown. This rapid action was motivated by the agency's recognition of an opportunity to halt Hive's activities, which had previously been difficult to preempt. However, while the announcement marked a significant milestone, Special Agent Smith and Director Crenshaw emphasized that the case is far from over. 

Hickey, who is now a partner at Mayer Brown law firm, stated that relying solely on arrests to combat cyber threats would be an oversimplified approach. He emphasized the need for a broader perspective and alternative strategies to address the evolving cyber threat landscape. 

The FBI initially became aware of Hive in July 2021 when the group, which was still relatively unknown at the time, targeted and encrypted the computer network of an undisclosed organization in Florida. This occurred during a period when prominent ransomware groups were carrying out severe attacks on gas pipelines and meat processors in the United States. 

In the following 18 months, Hive conducted more than 1,500 attacks worldwide, resulting in the collection of approximately $100 million in cryptocurrency from the victims, as estimated by U.S. law enforcement. The group's rapid expansion can be attributed, in part, to its strategic utilization of ruthlessness as a catalyst for growth. 

They targeted organizations, including hospitals and healthcare providers, that other cybercriminals had refrained from attacking. Data gathered by researcher Allan Liska, reveals that despite the FBI's covert presence within Hive, the group continued to carry out attacks at a consistent rate. 

On a hidden website where Hive disclosed the identities and sensitive details of victims who refused to pay, they listed seven victims in August, eight in September, seven in October, nine in November, and 14 in December. These numbers remained similar to the group's attack patterns before the FBI's infiltration. 

Hive members are still at large, and the seized servers could potentially aid in exposing the network of affiliates who collaborated with Hive during the 18-month period. As a result, the takedown has the potential to lead to additional arrests in the future.

Critical Manufacturing Organizations Face Significant Risk of Cyber Attacks


Recent years have seen an alarming increase in the number of cyberattacks against critical infrastructure, many of which involved ransomware. Particularly in terms of cyber resilience, the industrial industry appears to be falling behind. 

Statistics 

Research by SecurityScorecard shows that the vast majority of the Global 2000 Forbes list's essential manufacturing organizations have high-severity vulnerabilities in their systems that have not been patched. 

  • Over 75% of manufacturing organizations have high-severity vulnerabilities in their systems that have not been patched. 
  • In 2022, early 40% of manufacturing companies reported malware infections, which is a considerable percentage. 
  • Around half of the critical manufacturing organizations, i.e. 48% obtained low-security ratings. The platform considers a number of important risk criteria, including DNS health, IP reputation, network security, web application security, leaked information, hacker chatter, endpoint security, and patching schedule. 
  • Unpatched high-severity vulnerabilities increased by 38% in the critical industrial sector year over year, and 37% of companies experienced malware infestations. 

Underlining the Trend 

  • Last week, CISA published numerous advisories cautioning the ICS industry of critical security flaws impacting products from organizations like GE Digital, Mitsubishi Electric, and Contec. 
  • Another advisory advised against flawed products from Sewio, Siemens, Sauter Controls, and InHand Networks. 

Advisories and Reports Underlining the Trend

CISA last week published multiple advisories warning the ICS industry of critical security vulnerabilities impacting products from GE Digital, Mitsubishi Electric, and Contec. Another advisory warned against flawed products from Sewio, Siemens, Sauter Controls, and InHand Networks.

Researchers from Trend Micro identified the Agenda ransomware group developing a new version of their ransomware in Rust, during the same month. The ransomware group has been targeting manufacturing and IT sectors in multiple different countries and made off with $550 million in earnings. 

The rising cases of cyberattacks against critical infrastructure have made it necessary for policymakers and business professionals to have an in-depth understanding of the security measures in place for their manufacturing environment. It is being advised to strive for a more collaborative and integrated approach to cybersecurity resilience, that would bring together the public and commercial sectors to safeguard critical infrastructure all across the world.  

In Q2 2022, NCSC Plans to Launch a New Assurance Scheme for IR and SimEx

 

In Q2 2022, the National Cyber Security Centre (NCSC) plans to implement a new assurance scheme for incident response (IR) and simulated exercises (SimEx), which might be a game-changer in the security sector. This will essentially result in the standardization of IR and SimEx across the board, as well as the expansion of commercial reach, opening up new markets for assured suppliers. Previously, the NCSC only offered the Cyber Incident Response (CIR) Service – shortly to be renamed CIR Level 1 – to UK Central Government and major corporations with complex IT systems that were regarded to have "national significance" networks. 

The new CIR service will dramatically broaden its reach to include local businesses, major businesses, and SMEs, while the new Cyber Incident Exercising Service will target large and medium organizations, as well as central and regional UK government. Because of the scope of the undertaking, the NCSC aims to hire Assured Scheme Partners to assess and onboard Assured Service Providers to police the scheme. 

The government agency is presently selecting its Assured Scheme Partners, with whom it will collaborate to develop the operating model and define how it will execute its technical standards across both services. 

SimEx can range from simple desktop exercises to full-fledged simulations, allowing corporate teams to respond to a given attack scenario. They could take the shape of a ransomware or phishing assault, DDoS simulation, or sensitive data being released on the dark web. A simulated exercise's purpose is to practise, analyze, or enhance the IR plan, so the true learning comes from how effectively the incident response process functions. 

Although it is unclear how the new Cyber Incident Exercising Service can support this wide range of activities, the NCSC has announced that it will include table-top and live-play formats. It will likely provide a sliding scale of increasingly complicated services, bringing much-needed clarity to the market. 

One of the main difficulties with SimEx today is that once the business considers testing its IR, prices may quickly escalate, so a formal framework with multiple techniques would help teams know precisely what they've signed up for and how much bang for their buck they're getting. 

Rather than the organization blindly investing in technology and presuming that its policies are being followed, these tests evaluate the effectiveness of security protocols by using attack scenarios that the organization is likely to face in the current threat landscape, informing the business of what is/isn't working and where the disparities are so that future spend can be focused.

Some useful Cybersecurity tips every Work-from-home Employee must know


Amid the Coronavirus (COVID-19) panic, numerous corporates and organizations have told their employees to work from home as a safety concern for the employees' health. This precautionary step indeed is a good measure to take care of the employees' health while maintaining the work productivity in balance, but it also brings up concerns about the cybersecurity or the company's networks and data. It would be the 1st time for many companies to start this work-from-home initiative, which means that these organizations lack the precautionary measure to prevent their company's networks and data from potential cyberattacks from hackers. Incidents of cyberattacks have already appeared amid the coronavirus outbreak.

How to protect your system while working from home

Password Manager
Password Management Systems are a great way to keep all the online passwords encrypted. This way, your team's online accounts, and passwords are safe. This feature allows safe sharing of the password, which means that the team can securely log in to the accounts without the risk of exposing the password.

2-Step Authentication
Most of the organizations work on a cloud platform, which means the employees have collaborative access. However, using cloud also exposes your network to cybercriminals if you have weak passwords, as they can pretend to be the user and gain access to your company's network. This is why 2 step verification is crucial for cloud-based software, and therefore it should be made a standard login protocol for all the work-from-home employees.

Inform your employees about the security of devices
Safety of the employees' devices is crucial while working from home, as the devices can be stolen or lost. Therefore, it is very important to keep your devices safe as it can provide cybercriminals access to your company's network. Follow these steps to ensure device safety:

  •  Always use lock screens and passwords on your device.
  •  Don't plug your untrusted USB into your device. 
  • Keep a regular backup of your device. 
  • Always use 'find my device' option, just in case your device gets lost. 
  • Encrypt important data and files
 Don't use Unsecured and Public Wifi networks
Avoid using public wifi at all costs as it can make your device vulnerable to cyberattacks.