Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label security threat. Show all posts

Cybercriminals Impersonate Law Enforcement in New 'Digital Detention' Scam

 


As part of a collaboration between the Indian Cyber Coordination Centre (I4C) and Microsoft, an anti-cyber fraud agency has banned more than 1,000 Skype accounts that are believed to have been used to intimidate, blackmail, extort and digitally arrest citizens by cybercriminals posing as police officers, the Central Bureau of Investigation (CBI), the Narcotics Department, the RBI, or Enforcement Directorate. During the past few years, the Indian digital industry has grown at a rapid pace. 

It is increasingly necessary to rely on the Internet for everything from shopping and banking to travel and UPI. It is also important to note that because of this dependence on the digital space, threats such as scams are also present. The number of online scams has increased since a few months ago. Cybercriminals continue to find new ways to exploit technology to steal money from unsuspecting victims. It has been reported that a scam dubbed the 'Digital Arrest Scam' has been spreading rapidly over the past few days. 

Fraudsters are doing an increasingly good job of masquerading as law enforcement officers to trick unsuspecting victims with chillingly simple but extremely effective techniques. They pose as police officers or officers from the CBI or ED and launch online interrogations over platforms such as WhatsApp or Skype, where victims can be monitored over the camera while the fraudsters pose as officers from these agencies. 

As a result, the victims of these crimes are isolated, and forbidden from contacting anyone of importance, and the perpetrators threaten them in an attempt to extract money from them. As a result of "interrogation" a victim could be held in custody for anything from a few hours to a few days, and they would be told that they are locked up in a virtual prison. There was this new report about a 40-year-old doctor who was victimized by a scam called Digital Arrest Scam. 

The victim, a doctor in Noida, lost Rs 59.54 lakh as a result of cybercriminals. Fraudsters who posed as telecom officials called the victim on the phone and informed her that her name was associated with a case of money laundering and they wanted to expose her. After that, the phone was transferred to a supposed police officer from Mumbai's Tilak Nagar Police Station, who was later arrested. 

According to the "officer" the police informed the victim that an investigation had been opened into her sharing of pornographic videos, and an arrest warrant had been issued for her. Furthermore, the criminals claim that she had been implicated in a money laundering case involving Jet Airways founder Naresh Goyal and that the National Security Act of 1947 had been invoked against her to obtain her arrest. 

It was during this period that the victim was placed under digital arrest while the scammers asked for her details to steal money from her bank account between the 15th and 16th of July. As a first step in their scam strategy, scammers usually cast a wide net, calling individuals and claiming that drugs have been found inside their courier packages or that their personal information is being used to hide money. They are then subjected to a high-pressure interview process while being threatened with legal action or even arrest to obtain the details of the crime. 

An incident in which fraudsters informed the victim that his mobile number was discovered during an investigation of the criminal case against a former minister in the NCP, led to him believing that he had been targeted. Cybercriminals have developed elaborate setups that resemble police stations to enhance their credibility. These setups usually include men wearing uniforms and logos that appear to be officially licensed. 

In a disturbing case of cybercrime, scammers used a fake profile picture of a policeman on WhatsApp to deceive a businessman. The criminals accused the businessman of being involved in human trafficking, leveraging his fear and trust in authority to manipulate him. They sent him a fabricated arrest warrant and a seizure order via an online link, further escalating the pressure on the victim. In a brazen move, one of the scammers even impersonated a Supreme Court judge during a phone call with the businessman.

Through these deceptive tactics, the fraudsters convinced the businessman that he needed to undergo a "fund legalization process" and deposit his money into an account purportedly held by the Reserve Bank of India (RBI). The scam, which unfolded over a gruelling period of seven to eight hours, resulted in a significant financial loss of Rs 1.3 crore for the victim.

Despite the severity of such incidents, victims often find themselves without adequate support. While the government has publicized a cybercrime helpline number, 1930, it merely directs complainants to file their cases on the website www.cybercrime.gov.in. Even after a complaint is lodged, the responsibility to follow up and ensure action is taken largely falls on the victim.

This case highlights the broader issue of law enforcement agencies not playing a proactive role in assisting citizens who fall prey to online fraudsters. The lack of timely intervention and investigation into cybercrimes exacerbates the distress faced by victims. As cybercrime rates continue to rise, there is a pressing need for law enforcement to enhance their responsiveness and take on a more active role in protecting citizens from such sophisticated digital threats.

SEBI Circular Forces Stock Gaming Apps to Shut Down and Reevaluate

 


As of May 24, a circular was issued by SEBI prohibiting stock exchanges and intermediaries in India from sharing time-sensitive share price information with fantasy trading platforms that gamify stock trading in real-time.

In the week after the Securities and Exchange Board of India (SEBI) announced that such services should cease operation for the time being, nearly half a dozen startups focused on stock gaming have either shut up shop, paused operations, or are considering pivotal moves. It is becoming increasingly difficult for companies that use dated data to retain young customers, to continue to appeal to them as the appeal of leisure or educational live gaming and simulations is fading.

As part of the latest wave of startups to feel the heat, Trinkerr, founded and backed by Accel and Kunal Shah, has paused the development of its gaming product to contemplate its next move. An app for fantasy stocks backed by Dream Sports - Investro - has been discontinued and withdrawal requests are being accepted for it. Market regulators have ordered stock exchanges, clearing companies, and depositories to review the fees they charge members such as stock brokers and depository participants to ensure that they remain competitive. 

A market infrastructure institution (MII) refers to a market institution such as an exchange, clearing corporation, or depository. Brokers bear the cost of providing these services to investors, and they are recouped by investors as service charges. There have currently been several issues related to Trinkerr, such as the fact that the app has never been a pure-play gaming app (without rewards or incentives), but rather focuses on educational aspects and that the data is being delayed by five minutes. Due to the mandate that was placed upon exchanges and intermediaries, the product has become ineffective as a result of these changes. 

There is no doubt that delayed data, especially with the variability of expiration dates in F&O trading, can lead to confusion and be detrimental to the educational experience for our users if they introduce inaccuracies into the market conditions that are being studied by them. Investor and Trinkerr are not the only firms facing distress as regulations change as a result of several factors. SEBI's new norms apply to exchanges and market intermediaries, such as brokerages, on June 24, the first day they went into effect.

These norms prohibit exchanges and market intermediaries from sharing "live" data with third-party platforms offering virtual trading, thrilling fantasy games, or educational courses. It was announced on May 22 that "investor education and awareness activities (which do not involve monetary incentives for users) can be supported by delayed data feeds (with a 1-day lag)," said the Financial Services Authority in a circular. This move by SEBI to crack down on virtual trading and stock gaming apps comes at the same time as retail investors become more interested in futures and options (F&Os), as well as with concerns about a parallel market that lies outside of its jurisdiction.

There has been a heated discussion among investors regarding social trading apps, with some arguing that they should be viewed as skill-based games, according to Sanjam Arora, Partner at Trilegal. "SEBI is concerned that users of the above applications will not be provided with the same level of protections as investors typically receive in the market for securities daily.". Several concerns have been raised about the possibility that gamifying the trading experience could encourage high-risk behaviours among users that may lead to more dangerous behaviour in the real world, as well,” she stated.

Bridging the Gap Between Cloud vs On-premise Security

 

In the current landscape, the prevalence of the cloud era is undeniable, and the market is characterized by constant dynamism. Enterprises, in order to maintain relevance amid this competitive environment, are unmistakably demonstrating a keen interest in embracing cloud technologies. What motivates this significant shift? 

Cloud-centric security strategies, exemplified by initiatives like Secure Access Service Edge (SASE) and Security Service Edge (SSE), encompassing components such as Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Data Loss Prevention (DLP), and Zero Trust Network Access (ZTNA), efficiently extend security to wherever corporate users, devices, and resources are located—leveraging the cloud as the central hub. 

With all security functionalities seamlessly delivered and managed through a unified interface, the security of both inbound and outbound traffic, often referred to as north-south traffic, is significantly fortified. 

On the flip side, the internal network's east-west traffic, which moves within the confines of data centers and the network but does not cross the network perimeter, remains untouched by the security checks implemented through cloud-based measures. 

A potential workaround involves keeping a traditional data center firewall dedicated to overseeing and regulating internal, east-west traffic. However, this hybrid security approach introduces increased expenses and intricacies in handling diverse security solutions. Many organizations strive to address these challenges by opting for integrated, cloud-based security stacks to streamline management and mitigate the complexities associated with maintaining separate security measures. 

To ensure comprehensive security coverage for organizations, a solution is required that safeguards both north-south and east-west traffic. The key lies in orchestration through a centralized, cloud-based console. Achieving this can be approached in two ways: 

1. Via WAN Firewall Policy 

Cloud-native security frameworks like SASE and SSE can provide east-west protection by directing internal traffic through the nearest point of presence (PoP). Unlike traditional local firewalls with their own setup limitations, SSE PoP allows firewall policies to be managed centrally through the platform's console. Admins can easily create access rules in the unified console, such as permitting authorized users on the corporate VLAN with approved, Active Directory-registered devices to access specific resources in the on-premise data center, following Zero Trust Network Access (ZTNA) principles. 

2. Via LAN Firewall Policy 

In a security-conscious scenario, where an IoT VLAN's CCTV camera needs access to an internal server, disabling default internet/WAN access is wise to prevent cyber threats. Implementing data center firewall policies at the Point of Presence (PoP) may not affect devices like IoT cameras with no internet access. 

SASE and SSE platforms address this by empowering administrators to set firewall policies on the local SD-WAN device. Organizations connect to SASE/SSE PoPs through this SD-WAN device, allowing direct rule configuration for internal LAN traffic. Pre-defined LAN firewall policies are locally enforced, with unmatched traffic sent to the PoP for further assessment, enhancing security management efficiency.

Over Fifty Percent Businesses Feel Security Element is Missing in Their Data Policy

 

These days, the average business generates an unprecedented amount of data, and this amount is only expected to increase. 

According to a new report from Rubrik Zero Labs, this makes data security - an absolute must for any successful business - a Herculean task that will only become more difficult. 

The company discovered that a typical organisation's data has grown by nearly half (42%) in the last 18 months. Overall, data from SaaS grew the most (145%), followed by cloud (73%), and on-premises endpoints (20%). A typical organisation has 240 backend terabytes (BETB) of data volume, which Rubrik expects to increase by 100 BETB in the next year and by 7x in the next five years. 

Outpacing security practises 

A significant portion of this data is classified. Global organisations have an average of 24.8 million sensitive data records, with 61% storing them in multiple locations (cloud, on-premises, and SaaS). Only 4% have secure data storage facilities. 

Over fifty percent (53%) lost sensitive information in the last year, with 16% experiencing multiple data loss incidents in the previous year. The majority of the time, organisations would lose personally identifiable information (38%), company financial information (37%), and authentication credentials (32%). 

Worryingly, two-thirds of respondents (66%) said their company's data is increasing faster than their ability to control it. Almost every company (98%) have visibility issues, and two-thirds (62%) have difficulty complying with laws and regulations. More than half (54%) have only one senior executive responsible for data security.

According to the report, there is a notable disparity between the perceptions of IT leaders in India and security. Of them, 49% believe that their organization's data policy lacks security, and 30% believe that their organisation faces a significant risk of losing sensitive data in the next 12 months. 

As per the report, 34% of Indian IT leaders believe that their organization's data is at greater risk from malicious hackers, and 54% of them admit that their capacity to handle data security risks has not kept up with the increasing amount of data. 

Rubrik commissioned the study, which was carried out by Wakefield Research among more than 1,600 IT and security decision-makers at firms with 500 or more employees. Half of those polled were CIOs and CISOs, while the other half were Vice Presidents and directors of IT and security. According to the statement, the survey supplemented Rubrik telemetry by examining more than 5,000 clients from 22 industries and 67 countries. 

The report, according to Abhilash Purushothaman, Vice-President & General Manager, Rubrik (Asia), serves as a wake-up call for Indian IT leaders. It highlights the greater risks for private data, particularly in the face of rapidly changing, sophisticated ransomware attacks, he added.

Risks of Free VPNs: Proceed with Caution

Virtual Private Networks (VPNs) have developed into an essential tool for protecting online security and privacy in today's digitally connected society. Despite the wide range of options, a sizable portion of consumers favour free VPN services. However, it's important to be aware of any risks connected to these ostensibly cost-effective alternatives before jumping on the bandwagon.

Free VPN services frequently have restrictions that limit how much security and privacy they can offer. They might impose a data cap, slow connection rates, or impose server access restrictions. 'You get what you pay for,' is true in the world of VPNs. 

Free VPNs' data logging rules are among their most alarming features. Numerous of these services gather and keep track of user data, including browsing patterns, IP addresses, and even private data. Data breaches or targeted advertising may result from the sale of this information to outside parties. This lack of transparency poses a serious threat to user privacy.

  • Security Vulnerabilities: An additional weakness of free VPNs is their insufficient security measures. The strong encryption methods that paying equivalents offer are frequently absent from these sites. Users become more vulnerable to online dangers as a result, leaving them open to potential hacks or attacks from online criminals.
  • Malware and Adware ConcernsFree: VPNs have a reputation for injecting viruses or bothersome adverts during customers' browsing sessions. These intrusive activities, not only damage user experience but also offer serious security threats. 
  • Unreliable Customer Support: Free VPN providers typically offer limited or no customer support, leaving users on their own if they encounter technical issues or need assistance with the service. This lack of support can be frustrating and potentially detrimental in critical situations.

With VPNs, quality is a function of price. Although they may be alluring, free VPN services carry a number of dangers that could jeopardize your online privacy and security. Prioritizing trustworthy, paid VPN services with strong security, open policies, and dependable customer support is crucial. Keeping your online identity secure is ultimately a worthwhile investment. 





Role of Artificial Intelligence in Preventing Cyberattacks at K-12 Schools

 

Artificial intelligence (AI), according to cybersecurity professionals, might be a key component in averting ransomware attacks at K–12 institutions. There were roughly 1,619 ransomware assaults on school systems between 2016 and 2022, K12 Security Information Exchange (K12 SIX) stated. Sensitive information regarding kids, parents, and teachers has been made public as a result of these attacks, in addition to causing financial losses. 

A potential solution to this problem, according to Doug Levin, director of K12 SIX, is artificial intelligence. When IT staff is not accessible, he thinks AI can serve as a substitute set of eyes to keep a check on school networks. The technologies that schools already employ already include AI thanks to several manufacturers. This technology actively guards against cybercriminals trying to hack into systems and steal important data by keeping an eye on the network and taking preventative actions. 

“They’ve resulted in the publication of some incredibly sensitive information about students, about parents and about educators themselves,” explained Doug Levin. “One of the benefits of AI is that they can be that set of virtual eyes on the school networks when the IT staff are not able to do that.” 

However, Levin expressed his concerns regarding the expected high cost of implementing this cutting-edge technology into use. While AI could save schools from hiring more security-focused IT staff, the cost of these solutions might go up over time. 

The U.S. Department of Education has established a federal council to help school districts prepare for, respond to, and recover from such attacks in light of the growing threat posed by security incidents. 

Beyond the classroom, AI's potential for cybersecurity exists. It is increasingly being used to detect and prevent threats in an array of enterprises. AI can enhance security measures and offer early warnings for potential threats thanks to its capability to analyse vast quantities of data and detect patterns. 

While AI has the potential to strengthen cybersecurity defences, it is vital to continue to be on guard and prioritise cybersecurity education and training for all parties involved in the educational systems. Education institutions' level of safety can be significantly improved by better education combined with cutting-edge technologies like AI.

Security Breach: Clearweb Sites Attacked by MOVEit, Data Exposed

 


A cybercrime syndicate used by the Clop ransomware gang is substantially more prevalent than any other cybercrime syndicate in exploiting the MOVEit vulnerability than any other. As an additional complication, the ransomware gang's data stolen through the MOVEit vulnerability is now leaked onto the Clearweb domain.

It was reported in May of this year that a ransomware gang known as the Clop ransomware group exploited a vulnerability in the MOVEit file transfer software. This vulnerability exposed the data of hundreds and thousands of companies and organizations, including Boots, British Airways, the BBC, and many others.  

As a result of the ransomware gang's efforts to leak data stolen through MOVEit, publicly accessible websites have been set up. In general, ransomware leak sites are commonly hosted on open-source privacy networks that allow web users to surf anonymously, so law enforcement has trouble accessing the infrastructure. As opposed to this, this type of website is hosted on a public server. This allows the site to be indexed by search engines and amplified through these means.  

A report published by Bitdefender reports that many of those who made payments handed out substantially more than the global average ransomware amount, just $740,144 (£577.34), an increase of 126% from the first quarter of 2023, which is a record level. Coveware estimates that it earned approximately $75-100 million from victims hit with extremely high ransoms for a small number of victims. 

Based on the data provided by Coveware, the approximate earnings of the attackers range from $75-100 million (£58.7-78 million), from just a small number of victims who paid extremely high ransoms. 

It has been reported by security researcher Dominic Alvieri that the hacking group created and released its first public access website to leak data stolen from PWC, which is a business consulting firm, for the past two years during his research on the clop operation. In the last couple of years, the website has been taken down from the internet. 

A Clop ransomware gang exploits an ALPHV version of its extortion tactic to spread ransomware. It takes advantage of the Internet by creating websites that target specific victims to leak their data and further pressurise them into paying ransoms. 

Data is stolen from corporate networks when a ransomware gang attacks a target. As a result of the ransomware, this data is encrypted. When victims do not pay the ransom, they will receive a notification that their data will be leaked if payment is not made. This is the most common part of double-extortion attacks. 

There are usually sites on the Tor network that are responsible for leaking ransomware data in the form of leaks. The more secure the website is, the more difficult it is for law enforcement to seize the web infrastructure or take down the website if they want to take down the website. Despite this, running a ransomware operation is associated with many unique problems due to its hosting method.

There are several barriers to accessing leaked sites, including a specialised Tor browser. In addition, there is a lack of indexation of leaked data by search engines and very slow download speeds. 

ALPHV, also known as BlackCat, a ransomware operation from China, introduced an innovative extortion tactic last year by creating clear websites to leak stolen data. This was so that employees could check if their data was compromised and was designed to prevent it from being leaked in the future. 

As the name suggests, a clear website is hosted directly on the Internet. It does not need any special software to be accessed, like an anonymous network like Tor. Using this new method, we will be able to access and access the leaked data more easily and it will likely cause the data to be indexed by search engines in the future, thus causing the leak to spread increasingly.

Security researcher Dominic Alvieri has discovered that the Cl0p ransomware gang has just publicly posted the data that they have stolen from the MOVEit Transfer platform in May in the public domain. Due to a zero-day vulnerability found in the secure file transfer platform, the gang exploited a vulnerability in that platform to compromise hundreds of businesses and government institutions across the globe and lead to hundreds of data breaches.  

There are several differences between Clop's dumps and those of some previous infiltrations. The most noticeable is that the data has been released in large files rather than organized into specific searchable items. In addition, the site has not been hosted on the Tor network. 

Dark Web vs Clear Web 


A Clear Web is one of the portions of the internet that is easy to use and can be indexed by search engines like Google. It is also known as the Surface Web or Visible Web because it makes up a part of the web that is easily accessible. Generally speaking, it describes websites and web pages that are accessible through standard web browsers and do not require any special configuration to be used. 

Alternatively, the Dark Web is one of the areas of the internet that is intentionally hidden from traditional search engines and hence is not indexed by them. To access the Dark Web, you will need specialized software, such as the Tor browser, which allows you to perform anonymous and secure operations while browsing the Dark Web. 

In addition to anonymity, this domain name allows users to access hidden websites using the ".onion" extension. On the Dark Web, there are many illicit activities, illegal markets, and anonymous forums where users can communicate anonymously with one another without revealing their identities. These activities are often associated with illicit activities. 

Cybercrime has recently developed clearnet websites hosted on the surface web. These websites extort stolen data to blackmail their victims. As part of its blackmail campaign, Clop has recently developed this tactic. As to their first attempt to leak data, they had to upload four spanned ZIP archives, which they had stolen from the PWC business consulting firm. TD Ameritrade, Aon, Kirkland, Ernest & Young, and TD Ameritrade later used claims of leaks by Cl0p to leak data from their systems to the public. 

They aim to create panic among employees, executives, and business partners affected by stolen data. This is so that they will exert additional pressure on the company to pay the ransom to lower their security. 

Even though there may be some benefits to leaking data in this way, they also have their own set of problems. This is because they are much easier to take down when put on the internet rather than Tor. 

Currently, all known Clop Clearweb extortion sites have been taken offline, meaning they cannot be accessed. This is unclear whether these sites are being shut down because of law enforcement seizures, DDoS attacks carried out by cybersecurity firms, or because hosting companies and registrars are shutting them down until further notice. It's questionable whether this extortion tactic is worth the effort since it can easily be shut down, and that they can be shut down at any time.

Here's How ChatGPT is Charging the Landscape of Cyber Security

 

Security measures are more important than ever as the globe gets more interconnected. Organisations are having a difficult time keeping up with the increasingly sophisticated cyberattacks. Artificial intelligence (AI) is now a major player in such a situation. ChatGPT, a language paradigm that is revolutionising cybersecurity, is one of the most notable recent developments in this field. In the cybersecurity sector, AI has long been prevalent. The future, however, is being profoundly impacted by generative AI and ChatGPT. 

The five ways that ChatGPT is fundamentally altering cybersecurity are listed below. 

Improved threat detection 

With the use of ChatGPT's natural language processing (NLP) capabilities, an extensive amount of data, such as security logs, network traffic, and user activity, can be analysed and comprehended. ChatGPT can identify patterns and anomalies that can point to a cybersecurity issue using machine learning algorithms, assisting security teams in thwarting assaults before they take place. 

Superior incident response 

Time is crucial when a cybersecurity problem happens. Organisations may be able to react to threats more rapidly and effectively because to ChatGPT's capacity to handle and analyse massive amounts of data properly and swiftly. For instance, ChatGPT can assist in determining the main reason for a security breach, offer advice on how to stop the assault, and make recommendations on how to avoid future occurrences of the same thing. 

Security operations automation

In order to free up security professionals to concentrate on more complicated problems, ChatGPT can automate common security tasks like patch management and vulnerability detection. In addition to increasing productivity, this lowers the possibility of human error.

Improved threat intelligence

To stay one step ahead of cybercriminals, threat intelligence is essential. Organisations may benefit from ChatGPT's capacity to swiftly and precisely detect new risks and vulnerabilities by using its ability to evaluate enormous amounts of data and spot trends. This can assist organisations in more effectively allocating resources and prioritising their security efforts.

Proactive threat assessment 

Through data analysis and pattern recognition, ChatGPT can assist security teams in spotting possible threats before they become serious problems. Security teams may then be able to actively look for dangers and take action before they have a chance to do much harm.

Is there an opposite side? 

In order to create more sophisticated social engineering or phishing assaults, ChatGPT can have an impact on the cybersecurity landscape. Such assaults are used to hoodwink people into disclosing private information or performing acts that could jeopardise their security. AI language models like ChatGPT have the potential to be utilised to construct more convincing and successful phishing and social engineering assaults since they can produce persuasive and natural-sounding language. 

Bottom line

ChatGPT is beginning to show tangible advantages as well as implications in cybersecurity. Although technology has the potential to increase security, it also presents new problems and hazards that need to be dealt with. Depending on how it is applied and incorporated into different cybersecurity systems and procedures, it will have an impact on the cybersecurity landscape. Organisations can protect their sensitive data and assets and stay one step ahead of cyberthreats by utilising the potential of AI. We can anticipate seeing ChatGPT and other AI tools change the cybersecurity scene in even more ground-breaking ways as technology advances.

Shadow IT, SaaS Pose a High Security Threat for Businesses

 

Software as a service (SaaS) has undeniably reached the height of its popularity. Modern corporate operations and continuity depend today more than ever on software technologies. The right procurement procedures haven't yet been adopted by enough businesses, despite this, so they can't be sure they're safeguarding their reputations and preventing data breaches. 

The growing practise of "shadow IT," which refers to when employees download and utilise software solutions without informing their internal IT personnel, is a crucial factor causing worries about SaaS management. According to a recent poll, more than 65% of IT professionals claim their SaaS tools aren't getting approved, and 77% of them anticipate that shadow IT will become a serious issue in 2023. As the use of SaaS spreads, organisations are starting to struggle with managing security in addition to the obvious worries about overspending and the disruptions to operational effectiveness. 

Unfortunately, for many organisations, ignoring shadow IT is no longer an option. The average cost of data breaches and other security attacks to firms is $4.5 million, and a rising software market is largely to blame for many of these incidents. Organisations must implement an efficient procurement procedure when bringing on new software solutions and increase visibility over their SaaS stacks to prevent shadow IT and the high risks that go along with it. 

Why does Shadow IT pose such a risk? 

The lack of visibility within an organisation is the root cause of all shadow IT problems. IT teams have no control over the use and distribution of sensitive company data when a software stack is not maintained. Most organisations do not fully protect the data these tools retain because they do not properly vet them and do not monitor them. 

This sets up the ideal environment for hackers to quickly steal crucial data, such as private financial records or personal information. Because most, if not all, SaaS products require corporate credentials and access to an organization's internal network, crucial company data is at risk. According to a recent poll by Adaptive Shield and CSA, 63% of CISOs have reported security problems resulting from this kind of SaaS misuse in the previous year alone. 

Consequences of loopholes 

As previously said, the possibility of a data breach is a recurrent trend that many firms are encountering with shadow IT. However, it is also crucial to be aware of the potential regulatory fines and industry scrutiny that organisations may experience as a result of the widespread usage of shadow IT. 

Unauthorised software is likely to fall short of the compliance requirements set forth by laws like the General Data Protection Regulation (GDPR), the Federal Information Security Management Act (FISMA), and the Health Insurance Portability and Accountability Act (HIPAA), which businesses are required to uphold. For businesses in sectors with rigorous regulations, penalties for noncompliance can result in irreversible reputational harm, which cannot be remedied by merely paying the corresponding fine. 

Organisations are unaware of the wasted operating dollars spent on tools and applications, in addition to the costs related to a security failure and the reputational harm a business suffers. Due to issues like rogue subteams, departments providing their own software, or employees using corporate credentials to access freemium or single-seat tools, it can be difficult for large organisations to find all the applications that the company never approved. 

Mitigation Tips

Acquiring visibility into the current software stack is an essential first step in addressing an organization's SaaS sprawl and making sure that shadow IT never puts you in a precarious situation. Without visibility, a company won't know what tools are being utilised and won't be able to decide whether or not to centralise its software. IT teams should put their efforts into updating the documentation for their software portfolio and keeping track of application functions, software usage, the contract/subscription duration of each tool, and cost. 

IT teams can determine which tools are crucial and where modifications can be made after access to this information is gained and correctly maintained. After doing some housekeeping, firms can set up a centralised procurement system to make sure that all future purchases are coordinated between departments and that any security or compliance requirements are constantly satisfied to avoid security lapses and legal repercussions. With access to these records, organisations can easily keep track of every usage, cutting down on wasteful spending and security lapses.

APT43: Cyberespionage Group Targets Strategic Intelligence


APT43, also known as Kimsuky or Thallium, recently exposed by the Mandiant researchers, is a cyberespionage threat group supporting the objectives of the North Korean regime. By conducting credential harvesting attacks and successfully compromising its targets using social engineering, ATP43 concentrates on gathering strategic intelligence. 

Mandiant, which has been tracking APT43 since 2018, noted that the threat group supports the mission of the Reconnaissance General Bureau, North Korea's primary external intelligence agency. 

In terms of attribution indicators, APT43 shares infrastructure and tools with known North Korean operators and threat actors. Essentially, APT43 shares malware and tools with Lazarus. 

Targets of APT43 

Prior to 2021, the APT43 organization mostly targeted foreign policy and nuclear security challenges, but this changed in response to the global COVID-19 pandemic. 

APT43 primarily targets manufacturing products including fuel, machinery, metals, transportation vehicles, and weaponry whose sale to North Korea has been banned in South Korea, the U.S., Japan, and Europe. In addition to this, the group attacks business services, education, research and think tanks focusing on geopolitical and nuclear policy and government bodies. 

Spear Phishing and Social Engineering Techniques Used by APT 43 

Spear phishing is one of the primary methods used by APT43 to compromise its targets. The group frequently fabricates plausible personas, impersonating important figures. Ones they have succeeded in compromising one such individual, the threat group proceeds into using the person’s contact lists to aim further targets with spear phishing. 

In one such instance, exposed by Google, Archipelago (a subset of APT43) would send phishing emails where they portray themselves as a representative of a media outlet or think task asking the targeted victim for an interview. To view the questions, a link must be clicked, but doing so takes the victim to a phony Microsoft 365 or Google Drive login page. The victim is directed to a paper with questions after entering their credentials. 

According to the Google report, Archipelago tends to interact with the victim for several days in order to build trust before sending the malicious link or file. 

Another tactic used by Archipelago involves sending benign PDF files purportedly from a third party that alerts the recipient to fraudulent logins they should examine. 

Malware Families and Tools Used 

APT43 employs a variety of malware families and tools. Some of the public malware families used include Gh0st RAT, Quasar RAT, and Amadey. However, the threat group mostly uses a non-public malware called LATEOP or BabyShark, apparently developed by the group itself. 

How can you Protect Yourself from the APT43 Security Threat? 

Here, we have listed some measures that could ensure protection against  malicious APT43 attacks: 

  • Educate users about the social engineering techniques used by APT43 and Archipelago.  
  • Train users to detect phishing attempts and report them immediately to their security staff. 
  • Use security solutions to detect phishing emails or malware infection attempts. 
  • Keep operating systems and software up to date and patched. 

Moreover, professionals in the field of geopolitics and international politics are advised to be trained in detecting any approach from attackers or potential threat actors, posing as a journalist or a reporter. Careful identification and examination of such individuals approaching important figures must be taken into priority, prior to any exchange of information or intelligence.  

New Cybersecurity Vulnerabilities are Being Discovered Using 'Intelligent Mining'

 

When brute force attacks shut down operations and force mines to pay a ransom, "intelligent mining" activities have emerged as the gold mine for cybercriminals. 

Dr. Pierre Jacobs, the head of cybersecurity operations and compliance at CyberAntix, a member of the Sizwe Africa IT Group, holds this opinion. According to him, cyber security breaches have reached a point where they have legalised this dishonest behaviour, giving criminals the opportunity to commit cybercrimes in conditions that are very similar to those of legitimate organisations. Lone hackers are still around and may wish to stop production for fun or to see how far they can go. 

“South African mining companies are no exception,” Jacobs stated. “The transition from traditional mining practices to intelligent mining is exposing the industry to a new frontier of cyber threats.” 

74% of internet businesses have had serious Computer breaches, according to Fortinet research, and this problem was made worse by the Covid-19 outbreak. With an 11% increase in network intrusions, the mining and manufacturing industries in particular experienced a sharp rise in infiltration activity. 

Attackers are focusing their efforts on Industrial Control Systems (ICS) in a variety of industries because these systems regulate a wide range of automated processes, including measuring devices, packaging equipment, and all the other assembly-line parts that are essential to any production process. Attackers are aware that by focusing on these systems, they might negatively impact business operations. 

Although ICS devices are frequently specific to industries and used for specialised systems or activities, they are normally less well-known than enterprise information technology (IT) devices like laptops, desktops, and smartphones. In this sector, cybercriminal activity is becoming more organised and specialised. 

The bulk of cyberattacks on mining businesses aim to disrupt corporate operations and threaten supply chains by stealing intellectual property and other important data, such as geotechnical studies and production plans. According to Jacobs, the Internet of Things (IoT) is a threat to mines with any amount of automation (IoT). Criminals frequently use email platforms as their first method of entry in all sectors. 

Any of these devices—desktops, laptops, smartphones, even the workplace printer—can serve as entry points for hackers. The fact is that mining operations in South Africa are also impacted by geopolitical concerns, rising geopolitical dangers, and intermittent conflicts between other nations, especially Western nations and China. Mines from throughout the world compete with South African exporters. Competitors worldwide would benefit from any disruption to our supply systems.

Cybersecurity breaches are caused by a number of factors, including a lack of understanding of the Industrial Internet of Things (IIoT) and the Internet of Things (IoT), supply chain weaknesses, lax security procedures used both internally and by outside contractors, identity theft, and insufficient incident response. 

"Strategies to mitigate risk should seek to identify and understand the business models and motivation of the cyber criminals. Businesses also need to understand the risks and vulnerabilities of their industry and anticipate threats," Jacobs concluded. "People, processes, and technologies all pose risks, and to address cyber security threats, it’s important to take a three-pronged approach to security – one that focuses on people, processes, and technologies. The challenge is to secure the enterprise by locking all the information entrance gates to bridge any gaps in the system. Identify critical business systems and then identify risks against those systems. Secure protocols need to be in place wherever there is a connection to the Internet. Real-time monitoring and investigation are vital." 

2023: The Year of AI? A Closer Look at AI Trends

 

Threats to cyberspace are constantly changing. As a result, businesses rely on cutting-edge tools to respond to risks and, even better, prevent them from happening in the first place. The top five cybersecurity trends from last year were previously listed by Gartner. The need for artificial intelligence and machine learning tools to help people remain ahead of the curve is becoming more and more obvious with each passing development.

Even more compelling for this year are these estimates for 2022. To manage cloud environments, remote labour, and ongoing disruptions, businesses will require a versatile, adaptable toolkit powered by AI and ML. 

Trend 1: Increased attack surface 

Companies are at a turning point as a result of the increase in permanent remote job opportunities. Remote employment has been beneficial for employees and a relief for businesses who weren't sure if their operations would continue after the shift. The drawback is that because these employees need access to company resources wherever they are, businesses have had to move to the cloud, which has exposed more attack surfaces. 

Businesses, in Gartner's opinion, ought to think outside the box. And some businesses have without a doubt. By launching sophisticated algorithms that are completely observable, AI can provide continuous monitoring across all settings, managing even the temporary resources of the cloud. In order to give real-time insight into security-related data, for instance, Security Information and Event Management (SIEM) gathers and analyses log data from numerous sources, including network devices, servers, and apps.

Trend 2: Identity System Defense 

Similar to trend 1, trend 2 sees the misuse of credentials as one of the most typical ways threat actors access sensitive networks. Companies are putting in place what Gartner refers to as "identity threat detection and response" solutions, and AI and machine learning will enable some of the more potent ones. 

For instance, AI-based phishing solutions analyse email content, sender reputation, and email header data to detect and thwart phishing attempts. Businesses can also use anomaly detection. These AI-based detection solutions can employ machine learning algorithms to identify anomalies in network traffic, such as unusual patterns of login attempts or unusual traffic patterns. 

When threat actors attempt credential stuffing or use a huge volume of stolen credential information for a brute-force attack, AI can also warn admins. And while it may surprise humans to find how predictable we are, AI can also examine common behaviour patterns to spot unusual conduct, such as login attempts from a different location, which aids in the quicker detection of potential invasions. 

Trend 3: Risk in the Digital Supply Chain 

By 2025, 45% of firms globally are expected to have been the target of a supply chain assault, according to Gartner. Although supply chains have always been intricate networks, the advent of big data and swift changes in consumer behaviour have pushed margins to precarious levels. 

To avoid disruptions, reduce risk, and make speedy adjustments when something does happen, businesses are utilising AI in a variety of ways. With the help of digital twin techniques, hypothetical scenarios may be successfully tested on precise digital supply chain replicas to identify the optimum solutions in almost any situation. It can also do sophisticated fraud detection or use deep learning algorithms to examine network data and find unwanted activity like malware and DDoS attacks. AI-based response systems can also react swiftly to perceived threats to stop an attack from spreading.

Trend 4: Consolidation of suppliers 

According to Gartner, manufacturers will keep combining their security services and products into packages on a single platform. While this might highlight some difficulties—introducing a single point of failure, for instance—Gartner thinks it will simplify the cybersecurity sector. 

Organizations are becoming more and more interested in collaboration security. Businesses are aware that the digital landscape is no longer confined to a small, on-premises area protected by conventional security technologies. Companies may be able to lessen some of the vulnerabilities present in a complex digital infrastructure by establishing a culture of security throughout the organisation and collaborating with services providing the aforementioned security packages. 

Fifth Trend: Cybersecurity mesh 

By 2024, firms that implement a cybersecurity mesh should see a significant decrease in the cost of individual security incidents, according to Gartner. There is an obvious benefit that businesses that deploy AI-based security products may experience because these systems can: 

  • Automate tedious, time-consuming operations, such as incident triage, investigation, and response, to boost the cybersecurity mesh's efficacy and efficiency. 
  • Utilise machine learning algorithms to analyse data from numerous sources, including network traffic, logs, and threat intelligence feeds, to spot potential security issues in real time and take immediate action. 
  • Use information from multiple sources, including financial transactions, social media, and news articles, to discover and evaluate any potential threats to the cybersecurity mesh and modify the security measures as necessary. 
  • Employ machine learning algorithms to find patterns in network traffic that are odd, such as strange login patterns or strange traffic patterns, which can assist in identifying and addressing potential security issues. 

Gartner's predictions came true in 2022, but in 2023, we're just beginning to witness dynamic AI answers. Businesses are aware that disruptions and cloud migrations mean that security operations from before 2020 cannot be resumed. Instead, AI will be a critical cybersecurity element that supports each trend and encourages businesses to adopt a completely new cybersecurity strategy.

Top Cybersecurity Trends to Watch Out in 2023

 

The most recent research from Malwarebytes, which examines the situation of malware in 2023, has just been published. The research includes information on current significant security advancements, 5 cyber threat archetypes to watch out for this year, the most prevalent malware identified on Macs, and more. 

The 30-page 2023 State of Malware study was released earlier this week by Malwarebytes. The business states in its opening: 

"The traditional cybersecurity guidelines are obsolete. Your company can no longer only rely on the greatest security software to protect you from the most harmful malware used by your adversaries. The conflict is becoming more human; your best soldiers are up against their worst."

More than ever, malicious hackers are turning to social engineering as older assault routes have closed up. The report begins with six significant occasions from 2022 that had an impact on cybersecurity:

Conflict in Ukraine: The conflict in Ukraine was strategically significant, making it a good subject for social engineering lures. According to the Malwarebytes Threat Intelligence team, the war was a common theme in attacks against German targets by alleged Russian state actors and against Russian targets by alleged Chinese state actors. 

Ransomware: Throughout 2022, ransomware organisations tried out a variety of new strategies, but few of them were successful. Purchasing access to businesses through displeased employees is one strategy that might be more successful in 2023. Macros One of the most effective malware delivery mechanisms ever created was ultimately stopped in 2022 when Microsoft declared that it will prohibit macros in Office documents obtained from the Internet.

Authentication:  It has taken a while to find a truly viable replacement, but in May, Google, Apple, and Microsoft announced their strong support for FIDO2, an established, current, and widely used standard for password-free authentication.

Roe v. Wade: The US Supreme Court's decision to overrule Roe v. Wade in June 2022 represented the most significant shift to data privacy in that year. As previously innocuous data points—like whereabouts, purchasing preferences, search histories, and menstrual cycles—acquired a potentially life-altering meaning, worries about digital privacy suddenly became widespread. 

TikTok: Brendan Carr, a commissioner for the US Federal Communications Commission, called the social media app TikTok "an intolerable national security danger" in June due to its vast data collection and "Beijing's apparently unfettered access to that sensitive material." 

Mac malware that is most prevalent

Macs are not immune to malware, though they are less frequently attacked than Windows. Adware was the most typical detection on macOS in 2022, according to Malwarebytes. A single adware programme called OSX accounted for 10% of all detections on Mac. 

The "worst," according to the company, is Genio. Despite being categorised as adware, the report states that it exhibits malware-like behaviour in order to "dig deeper into the machines it's placed on, penetrating defences and compromising security in the name of making itself incredibly difficult to remove." 

OSX.Genio makes money by 'intercepting users' web searches and putting its own intrusive adverts into the results in order to work. 11% of the total came from malware detections, followed by 14% from adware operators and a variety of other sources.

Avoiding These WiFi Errors is Essential Because They Put Your Data at Risk

 

Your WiFi connection might go unnoticed by you. The world is in order as long as it is operational. But maintaining your privacy and keeping your data to yourself requires a secure WiFi network. And you might be unknowingly making one of the numerous WiFi errors that jeopardise your security and data. The most frequent WiFi errors that put your data at risk are discussed by tech expert and writer Monserrat Cancino at Tech Detective, along with the fixes you should keep in mind to address the issue. 

Public Wi-Fi 

When you need to connect at the airport, coffee shop, or mall, having a public Wi-Fi network is very helpful. However, Cancino warned that doing this might put your data in danger. "As you can see, when you join a Wi-Fi network, a connection is made between your device and a server that allows you to access the Internet. 

According to Cancino, public Wi-Fi makes it simpler for hackers to put themselves between any unprotected device connected to that hotspot and the server, which gives them easy access to your information. The solution is to use caution when connecting to a public WiFi network. 

"Avoid accessing your bank accounts, email, and any other apps that may contain sensitive personal information (home address, credit card number, phone, etc.) if you have to connect to a public Wi-Fi network because your mobile data has run out," Cancino advised. In order to avoid connecting to a public network, "I also advise purchasing a data plan." 

Keeping your system and apps outdated

Cancino reminds us that updates may include new security features to safeguard your information in addition to fixing any performance problems. So you're putting your data at risk if you haven't updated your device or installed apps in a while, Cancino said. To avoid having to install updates manually, make sure your device's 'Automatic Downloads' feature is turned on. Keep in mind that this feature will only operate if you have disabled low power mode and are using a fast Internet connection. 

Not altering the settings on your router

Cancino cautions that hackers can easily access router default settings because they are shared by all routers made by the same manufacturer. As soon as you purchase a new router, try changing your IP address and password.

Straightforward Wi-Fi password 

It's common to use simple passwords to access your Wi-Fi network, Cancino said, if you're forgetful like me. Because hackers might target you and use your information, doing this, unfortunately, puts your information at risk. For each of your accounts, use a different password that is at least eight characters long. Don't forget to include numbers, symbols, lowercase and uppercase letters, he advised. "When creating a new password, please avoid writing consecutive keyboard combinations, such as 123, and don't use any personal information like nicknames." 

Reluctancy in using VPN 

Virtual private networks (VPNs) are excellent for protecting your information because they prevent websites and hackers from tracking or accessing it. Additionally, they conceal your IP address, allowing you to browse and access content that was originally made available in a different country securely (great news if you enjoy streaming movies or TV shows! )," said Cancino. To protect your devices, consider setting up a VPN.

Zero Trust: The Need of the Hour

 

The continuous growth of network landscapes has demonstrated that traditional security methods like perimeter-based security architectures lack the finesse and control required to safeguard against new risks, both internal and external, hence, a new security technique is the need of the hour. 

Zero Trust: an all-in-one solution 

To mitigate future risks, Zero-trust, a security model designed in 2010 by John Kindervag of Forrester Research, will play an important role. It is a simple concept: trust nothing, scan everything. 

The model operates on the belief that by thwarting implicit trust and executing strong identity and access management (IAM) controls, businesses can ensure that only verified individuals, devices and apps can secure access to an organization's system. It greatly restricts the threat of unauthorized access, insider threats, and malicious assaults. 

The attackers specifically target small and medium-sized businesses due to their vulnerable security infrastructure. Recent research discovered that 94% of small firms face multiple challenges in maintaining their security posture because of a lack of skilled security personnel (40%), excessive manual analysis (37%), and the increasingly remote workforce (37%). 

According to the recent IBM report, zero-trust lowers the cost of data breaches by 43%. Additionally, Illumio reported that zero-trust segmentation saves nearly 40 hours per week and mitigates an average of five cyber attacks a year in a typical organization. 

The future of zero trust 

Over the past decade, zero trust has evolved from a concept discussed to tighten security to a widely deployed approach to increase securing organizations around the globe. According to the 2021 Microsoft report, 76% of organizations have at least started implementing a zero-trust strategy, while 35% believe they have fully installed it. 

However, multiple threat analysts believe that most organizations across all sectors have more work to do. Because zero trust requires layers of policies and technologies, hence, advancement will be required in the tools that can be employed, along with ways to refine how organizations deploy and use them.

The American government has already urged state and local governments, as well as universities and critical infrastructure firms, to move to a verify-then-trust principle. 

To help move zero trust forward, organizations around the globe will require to overhaul the entire cybersecurity department, as the current security team may not have the skills, experience, or staff. And they may need to recruit additional staff or services. 

During any transition period, security teams must practice tightly-controlled change management throughout, as hackers continue to challenge the security infrastructures. Businesses, specifically those with limited cybersecurity resources, as well as federal agencies, have an increasingly urgent need to implement zero-trust.

Critical Bug Identified in Kingspan TMS300 CS Water Tank Management System

 

Malicious hackers can remotely exploit a critical vulnerability in a water tank management system utilized by organizations in over 40 countries worldwide, and the manufacturer has not shown any inclination towards fixing the bug. 

The compromised product is designed by the water and energy wing of Kingspan building materials firm headquartered in Ireland. The Kingspan TMS300 CS water tank management system employs multiple mediums including screen, web server, application, online portal, or email to offer information on its products. It features wired and wireless multi-tank level measurements, alarms, and internet or local network connectivity. 

 Kingspan security bug

Earlier this week, Maxim Rupp, a researcher at CISA published an advisory regarding the product impacted by a critical vulnerability due to the lack of adequately implemented access-control guidelines, which allows an unauthenticated hacker to view or alter the product’s settings. 

The vulnerability paves a path for a hacker to access the product’s settings without verifying, and by merely searching for specific URLs. These URLs can be identified by browsing the web interface or via a brute force attack, the researcher explained. The flaw tracked as CVE-2022-2757 has received a CVSS score of 9.8. 

The malicious hacker attacker can exploit the security bug to alter various settings, including ones related to sensors, tank details, and alarm thresholds virtually from any part of the world, as long as they have access to the device’s web interface, Rupp explained. 

According to CISA, the impacted product is used worldwide in the water and wastewater systems sector, and it seems that the exploited settings could allow a hacker to cause some disruption in the targeted organization. 

“Kingspan has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact Kingspan customer support for additional information,” the researcher added. 

Mitigation Tips 

CISA has provided the following recommendations for minimizing the threat posed by these types of vulnerabilities. 

• Limit network exposure for all control system devices and/or systems, and ensure they are not reachable from the Internet. 
• Locate control system networks and remote devices behind firewalls and isolate them from enterprise networks. 
• If necessary, employ secure methods, such as Virtual Private Networks (VPNs), to access the devices.