Category Archives: Internet Security
4 Areas of Cyber Risk That Boards Need to Address – HBR.org Daily
In our technology-dependent society, the effectiveness of cyber risk governance of companies affects its stock prices, as well as short-term and long-term shareholder value. New SEC cybersecurity rules provide a solid basis for transparency. Unfortunately, monitoring the long-term effectiveness of a cyber risk management strategy is not easy to grasp. This article provides four critical areas investors should be informed about for evaluating its long-term effectiveness.
As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organizations, it makes them increasingly susceptible to cyber threats. Fortune 1000 companies, for example, have a 25% probability of being breached, and 10% of them will face multi-million loss. In smaller companies, 60% will be out of business within six months of a severe cyberattack. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance and that investors need to know how vulnerable companies really are.
This need for transparency has been recognized by the regulators and facilitated by the new cyber security rules. Currently, the U.S. Security and Exchange Commission (SEC) has increased its enforcement to ensure companies maintain adequate cybersecurity controls and appropriately disclose cyber-related risks and incidents.
Unfortunately, our research shows that cyber risk is not easy to understand. Organizations seem often to underestimate the financial loss related to cyber threats. These can include:
There isnt a simple way forward, though. Overinvesting in cyber risk management or risk-management strategies that dont align with business needs can have equivalently negative impacts. This article explains the importance of the SECs new cybersecurity rules and addresses the four essential topics investors should discuss with the board for evaluating the long-term effectiveness of their companies cyber risk management strategy.
Being transparent about cybersecurity isnt just best practice, its now a requirement for U.S. companies. The SECs new cybersecurity rules require publicly enlisted companies to disclose their cybersecurity governance capabilities, including the boards oversight of cyber risk, a description of managements role in assessing and managing cyber risks, the relevant expertise of such management, and managements role in implementing the companys cybersecurity policies, procedures, and strategies.
This kind of disclosure allows investors to evaluate the attention of executives and business leaders to cyber risks. Management boards need to understand how these threats can cause material harm. For instance, the ransomware attack on Hanesbrands disrupted order fulfillment for three weeks, causing a $100 million loss in revenue. Another example is the IT outage caused by a cyber attack at Tenet Healthcare, which also resulted in $100 million of lost revenues. And the Kaseya VSA breach was the result of insecure operational software that ultimately let to the postponement of an initial public offering that sought to raise $875 million.
Under the new SEC guidelines companies are also required to report within four days of incidents that are deemed material. The materiality determination is influenced by the incidents impact on the companys business, operations, and financial conditions. This mandatory incident reporting allows investors to evaluate the effectiveness of the firms cyber risk policies and may provide learnings for future improvements in cyber risk management. And there is a significant opportunity for improvement since the cost of cyber crime including the cost for recovery and remediation are expected to grow to $10.5 trillion per year by 2025.
These new cybersecurity rules should be considered a starting point for the dialogue about cyber-risk governance. To shore up their cybersecurity and stay ahead of the curve, companies need to consciously anticipate to changing internal and external environment and prioritize their cyber risk efforts accordingly.
Cyber risk can be hard to understand. Board members already deal with a lot of different strategic challenges, and when faced with issues around cyber risk such asprioritizing product market growth versus its security, critical supplier dependency for secure service delivery, dealing with heinous aspects of ransomware attacks, or falling victim to geopolitical cyber tensions they can be overwhelmed by the complexity and dynamic nature of the problems. Ultimately, this may cause cybersecurity-related blind spots, impacting the effectiveness of intended decisions and even yielding unintended consequences, which can lead to what is the capability trap, an ongoing deterioration of essential organizational processes. An essential characteristic of this trap is that its effects remain hidden from management for a very long time, until it is too late. The capability trap happens more often than many decision-makers imagine.
To avoid this trap, companies need to focus on long-term effectiveness of their strategic decisions in four areas:
Boards have many corporate challenges to face and limited amounts of funding available to meet them, so being able to make the business case for this investment is essential. Clear insights into business, operational, and financial exposures: 1) generate language to discuss cyber risks, 2) connect to board members who do not have a technical background, and 3) put cyber risk on the agenda, as well as allow for comparing this risk with other corporate challenges. It also helps the board explain the cyber risk exposure of the firm to investors. The National Association of Corporate Directors (NACD) recognizes this need and deployed a commercially available solution to its members.
The people, processes, and technology that make up firms is changing and there are more and more areas that need protection, imposing an ever-increasing and dynamically shifting burden on the security capabilities of the organization, making lapses more likely. Solving these problems may require significant security capability improvements, which may take several months or even years.
Continuous monitoring is essential to establish if the cyber-risk management strategy performs as intended. Often management reporting dashboards, combined with insights from cyber event exercises are used for this purpose. Currently, in their most advanced form, these activities can capture the near real-time situation. Yet, for bridging the timing gap for utilizing improvements decision-makers have a need to see what the future outcome of their strategic decisions. This evokes the need for simulation aided approaches to strengthen managerial foresight capabilities.
Digital transformation also allows for faster, stronger, and more sophisticated attacks. This adversarial behavior strengthens the ongoing, changing, and emerging struggle between the offensive and the defensive. Both parties try to observe, learn, and anticipate each other. Consequently, adversaries introduce new, innovative techniques to remain successful.
Proactive cyber risk management enables defending organizations to learn from information sharing and exercises prior to cyberattacks. It contributes to security capability improvement prior to attacks and therefore reduces the number of significant security incidents. Reactive learning is significantly costlier because organizational improvement takes place based on the lessons learned from cybersecurity incidents that they have suffered. Currently, 56% of knowledgeable decision-makers make costly, suboptimal decisions when it comes to cyber risk management. The overspending on cyber risk management affects the profitability of the firm.
Cyber-risk-management strategy implementation can be a challenge. As previously mentioned, the ongoing increase in surfaces that require protection and increasing adversarial behavior require more efforts from cybersecurity teams to improve the defensive posture. However, these teams are struggling with a lack of qualified security resources. Currently, the United States alone has more than 750,000 cybersecurity job openings. This makes focusing on todays workload already difficult, let alone preparing for the defense posture of the future by running a cyber risk management program.
Effective ongoing workload reduction becomes essential. Therefore, secure by design, collaboration with other parties, automation, and the realization of economies of scale are critical to achieving a future state of security. Organizations that cannot properly make these adjustments become increasingly exposed to unintended control lapses and reactive learning mechanism.
The SECs new cybersecurity rules provide a solid basis for transparency about companies cyber-risk governance. These rules are a great basis for starting a dialogue about long-term effectiveness of cyber-risk governance with the board. This article provides four critical areas relevant to this dialogue.
Acknowledgements: This work is co-funded by Fondo Europeo di Sviluppo Regionale Puglia POR Puglia 2014 2020 Asse I Obiettivo specifico 1a Azione 1.1 (RS) Titolo Progetto: Suite prodotti Cybersecurity e SOC and BV TECH S.p.A. This work is co-funded by Cybersecurity at MIT Sloan (CAMS).
See the original post here:
4 Areas of Cyber Risk That Boards Need to Address - HBR.org Daily
VPN Proxy Master is Rolling out Latest Wi-Fi Protection to Keep … – PR Newswire
SINGAPORE, June 5, 2023 /PRNewswire/ --Lemon Clove Pte. Limited (Singapore) is proud to announce the release of Wi-Fi Protection for VPN Proxy Master. This latest enhancement reinforces VPN Proxy Master's commitment to providing cutting-edge technology and ensuring the safety and security of its users' internet data.
It is estimated that more than 40% of users had their information compromised while using public Wi-Fi , typically in restaurants and cafe, librabries and hotels. There are few secure networks on public Wi-Fi, which might harbor viruses and presents a great chance for hackers to illegally access users' personal information, including their financial data. In this case, users may need Wi-Fi protection.
Wi-Fi Protection, available on VPN Proxy Master for iOS, Android, Windows, and Mac, offers a comprehensive solution to safeguard users' online activities on public Wi-Fi networks such as hotels, airports, and cafes. By encrypting users' internet usage, including their IP address, browsing history, and online activities, Wi-Fi Protection prevents hackers from intercepting or tampering with users' private data. It also offers ultra-fast connection speeds, allowing users to access worldwide websites and content seamlessly, whether they are in a public space or at home.
Internet security is of paramount importance in today's digital landscape, especially when using public Wi-Fi networks. With the upgraded Wi-Fi Protection, users can browse the internet with peace of mind, knowing their personal information is shielded from potential threats.
As Father's Day approaches, VPN Proxy Master encourages users to protect their loved ones' internet privacy and security by gifting them the ultimate VPN experience. To celebrate this occasion, VPN Proxy Master is offering an additional 3 months for free, available at https://vpnproxymaster.com/.
To benefit from Wi-Fi Protection, users can download and install VPN Proxy Master from the official website: https://vpnproxymaster.com/download/.
About VPN Proxy Master
VPN Proxy Master, headquartered in Singapore, has been providing secure and fast VPN services since its launch in 2018. With over 150,000,000 trusted users worldwide, VPN Proxy Master offers 6000+ secure servers across 50+ locations. The industry-leading AES-256 encryption method ensures high level of data protection, shielding users' internet activity from hackers and malware. VPN Proxy Master aims to empower customers with remote access to network resources worldwide while ensuring online data security.
For more information about VPN Proxy Master, please visit https://vpnproxymaster.com/
SOURCE Lemon Clove Pte. Limited
Go here to see the original:
VPN Proxy Master is Rolling out Latest Wi-Fi Protection to Keep ... - PR Newswire
Cyber spotlight falls on boardroom privilege as incidents soar – ComputerWeekly.com
Three-quarters of all data breaches observed in the past year included a significant element of human failure, with social engineering attacks involving pretexting i.e. the invention of a scenario by a threat actor that tricks someone into giving up data or otherwise causing a breach on the rise, and now accounting for half of all social engineering attacks, including business email compromise (BEC).
This is one among many headline findings in Verizons mammoth annual Data breach investigations report (DBIR), released 6 June, and which Chris Novak, managing director of cyber security consulting at Verizon Business, described as one of the most staggering changes weve seen year on year.
Novak said that senior business leaders were particularly at risk of falling victim to this sort of attack, and as such represent a growing security threat for many organisations. Not only do they possess an organisations most sensitive information, they are often among the least protected, as many organisations make security protocol exceptions for them, he said.
With the growth and increasing sophistication of social engineering, organisations must enhance the protection of their senior leadership now to avoid expensive system intrusions, added Novak.
When you look at the grand scheme of social engineering, the reason we see this increasing is because its a relatively easy thing for a threat actor to throw out there and try to hit a lot of organisations with, Novak told reporters during a pre-briefing session attended by Computer Weekly.
This ties back to being financially motivated most of these events are about fraudulent movement of money and, typically, that results in them getting paid very quickly.
Indeed, based on data contributed by the FBIs Internet Crime Complaint Center (IC3), Verizon said that the median amount stolen in a BEC attack has doubled over the past year and now sits at $50,000 (40,400). This likely contributed to the growth in pretexting incidents.
Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and its not lost on business leaders, as it is front and centre at the board level, said IDC research vice-president Craig Robinson.
The research team added that the fact many organisations continue to rely on distributed workforces added to the challenges faced by defenders in creating and, crucially, enforcing human-centric security best practice.
Verizons team of experts analysed over 16,300 security incidents and almost 5,200 confirmed breaches to compile this 16th edition of the DBIR. The data relates to activity that occurred between 1 November 2021 and 31 October 2022.
Other significant findings in this years report include new insight into the cost of ransomware incidents, which has more than doubled since 2021. According to data provided by the IC3, the median loss in a ransomware incident stands at $26,000, and in 95% of incidents where losses occurred these losses were between $1.00 and $2.25m, Verizon revealed.
It is important to point out that not all ransomware incidents under 10%, in fact incurred losses, and it is worth noting that when adjusting for inflation, the median cost has actually dropped quite significantly.
Additionally, said Novak, Verizon has observed the number of ransomware attacks as a percentage of all incidents and breaches levelling off over the past 12 months, although he added that this was not necessarily a reason to get excited.
What I believe is leading to this levelling off is not that weve got better, but that the threat actors have reached a point of saturation. They typically need people and tools to conduct their actions and they reach a point where they dont have enough people to hit [their] targets, or their tools are getting stale, he explained.
If we see they are able to recruit more, or innovate and evolve their tools, theres a risk this will start picking up again. Its important for organisations to understand we cant look at this stat and say we can focus on something else because ransomware is going away we will see an upward trajectory again in the future, unfortunately, added Novak.
The full report, which is available now to download, contains additional insight into the nature of security incidents and breaches, including new data on how malicious actors get into their victims networks to begin with and what motivates them to do so. As usual, it also breaks out breach and incident data by region and by industry.
The 2023 DBIR additionally looks back over some of the most significant incidents seen during its focus period including Log4j which first came to light at the end of 2021 and has since become one of the most widely exploited vulnerabilities ever seen. In 90% of breaches that began with a vulnerability exploitation in the past 12 months, that vulnerability was Log4j, said Verizon.
The rest is here:
Cyber spotlight falls on boardroom privilege as incidents soar - ComputerWeekly.com
Operation Angel Leads to Fifth Federal Indictment for Sexual … – Department of Justice
Louisville, KY Earlier this year, several law enforcement agencies worked together in an undercover operation designed to identify individuals seeking to sexually exploit minors. That effort, called Operation Angel, resulted in the arrest of four individuals, Justin Aubrey, 26, Steven Earnest, 35, Kevin ODonnell, 26, and Alexander Young, 26, all of Louisville, Kentucky. A federal grand jury previously returned indictments against all four. Aubrey and Earnest were charged with attempted sex trafficking of children on March 15, 2023. Earnest was also charged with attempted online enticement. ODonnell, and Young were charged on February 22, 2023, with attempted online enticement. Today, a federal grand jury returned a new and additional indictment against Young for online enticement, transfer of obscene material to a minor, and production of child pornography.
U.S. Attorney Michael A. Bennett of the Western District of Kentucky, Kentucky Attorney General Daniel Cameron, Special Agent in Charge Robert Holman of the United States Secret Service Kentucky Field Division, Special Agent in Charge Rana Saoud of Homeland Security Investigations Nashville, Special Agent in Charge Jodi Cohen of the FBI Louisville Field Office, Chief Jacquelyn Gwinn-Villaroel of the Louisville Metro Police Department, Chief Richard Sanders of the Jeffersontown Police Department, and Chief Art Elum of the Owensboro Police Department made the announcement.
According to the latest indictment, in December 2022, Young met a girl, under the age of 16, online. He communicated with her and persuaded, induced, and enticed her to engage in sexual activity for which a person may be charged with a criminal offense, including the production of sexually explicit images which she sent to him. Young also sent the girl sexually explicit images of himself. The latest charges resulted from additional investigation following Operation Angel.
The earlier indictments charged Aubrey and Earnest after they showed up, with money, after negotiating to pay for sex with children under age 14. ODonnell and Young were charged after showing up to engage in sexual activity with minors under the age of 16. For all these charges, law enforcement officials were acting in online, undercover roles.
All defendants remain in federal custody pending resolution of their charges.
Assistant United States Attorney Jo E. Lawless is prosecuting the cases.
Multiple federal, state, and local officials participated in Operation Angel, led by the USSS. Other law enforcement agencies included the FBI, HSI, the Kentucky Attorney Generals Office Department of Criminal Investigations, the Louisville Metro Police Department, the Jeffersontown Police Department, and the Owensboro Police Department.
This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys Offices and the Criminal Divisions Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit http://www.usdoj.gov/psc. For more information about internet safety education, please visit http://www.usdoj.gov/psc and click on the tab resources.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
###
See the original post here:
Operation Angel Leads to Fifth Federal Indictment for Sexual ... - Department of Justice
Shadow IT is increasing and so are the associated security risks – CSO Online
Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned or on the radar of the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of vulnerabilities, entry points for bad actors, and malware.
In fact, it is as big a problem as ever and may even worsen. Consider the figures from research firm Gartner, which found that 41% of employees acquired, modified, or created technology outside of ITs visibility in 2022 and expects that number to climb to 75% by 2027. Meanwhile, the 2023 shadow IT and project management survey from technology review platform Capterra, found that 57% of small and midsize businesses have had high-impact shadow IT efforts occurring outside the purview of their IT departments.
Experts say that a shift in what comprises shadow IT and who is responsible for it is driving such statistics. In the early days, shadow IT might have been an unsanctioned server that a developer set up for skunk works. Later, it was systems implemented by business unit leaders without IT involvement because they favored a particular vendor or application over the one deployed and maintained by IT.
Although those earlier forms of shadow IT created risk, the main worries in such examples were additional work and costs that the extra systems added to the organizations technology bill as well as the inevitable absorption of the shadow systems into the official IT department portfolio.
Today, shadow IT is broader and more pervasive, and its being brought into the organization by a growing number of employees who are capable of quickly and easily launching tech products and services for their workplace needs without consulting IT or the security team.
Shadow IT is back, and its back in a big way. But its different today. Its individual employees creating, acquiring, and adapting technology for work. These people have become technologists, says Chris Mixter, a research vice president with Gartner. Now shadow IT is like 10,000 flowers blooming. And you cant stop it. You cant say to the employees, Stop doing that, because you as security dont even know what theyre doing.
A mix of tech products and services constitutes shadow IT today. IT can still be comprised of a few unauthorized servers tucked away somewhere, but the ease of operation of modern software means its more likely to be made up of more substantial and pervasive technology deployments. Cloud-based and software-as-a-service applications set up by a business unit or even a single employee are common culprits.
Cloud has made shadow IT easier to exist because in the past when you used to have to procure hardware and know how to get a network connection, there was a barrier to entry. Cloud has lowered that barrier, says Joe Nocera, leader of the Cyber & Privacy Innovation Institute at professional services firm PwC.
Of course, the cloud isnt the only factor in todays shadow IT. The ease of deploying internet of things (IoT) components and other endpoint devices also contributes to the problem.
Undocumented, non-tracked third-party application programming interfaces (APIs) are another type of shadow IT that has become common within many organizations. A May 2023 report from tech company Cequence Security found that 68% of the organizations analyzed had exposed shadow APIs.
The ease of accessing cloud resources is certainly a contributing factor to the proliferation of shadow IT today. You have all these things where all you need [to deploy them] is a credit card or not, sometimes theyre just free, says Raffi Jamgotchian, CEO of Triada Networks, an IT and cybersecurity services firm. That ease of access, however, belies the serious risks that shadow IT now presents.
Jamgotchian says workers typically dont know whether or what security layers the applications theyre buying have or whether anything needs to be added to them to make them secure. Then, to make things worse, theyre often putting sensitive data into these applications to get their work done.
As a result, these workers are creating entry points that hackers can use to access the enterprise IT environment to launch all sorts of attacks. Theyre also exposing proprietary data to leaks and possible theft. And theyre possibly violating data security and privacy regulatory requirements in the process.
Jamgotchian worked with one company fined by a regulatory agency because the apps being used by workers did not adequately secure and archive data as required by law; in that case, the companys manager had given workers tacit approval to download and work with apps outside ITs (and, thus, the security departments) view, which resulted in the compliance violation.
Furthermore, experts say shadow IT greatly increases the chances that products and services as well as the vendors selling them are excluded from any due diligence review, as IT and security are excluded from the selection process. This is part of the challenge when people are using these applications without asking if theyre from a trusted vendor, says Joseph Nwankpa, an associate professor of information systems and analytics at Miami Universitys Farmer School of Business.
The resulting cybersecurity risks are significant. Take the findings from a 2022 report by Cequence Security that noted 5 billion of the 16.7 billion malicious requests observed, or 31%, targeted unknown, unmanaged, and unprotected APIs. Capterras 2023 study found that 76% of the responding small and medium-sized businesses reported that shadow IT efforts posed moderate to severe cybersecurity threats to the business.
And Gartner found that business technologists, those business unit employees who create and bring in new technologies, are 1.8 times more likely than other employees to behave insecurely across all behaviors.
Cloud has made it very easy for everyone to get the tools they want but the really bad thing is there is no security review, so its creating an extraordinary risk to most businesses, and many dont even know its happening, says Candy Alexander, CISO at NeuEon and president of Information Systems Security Association (ISSA) International.
To minimize the risks of shadow IT, CISOs need to first understand the scope of the situation within their enterprise. You have to be aware of how much it has spread in your company, says Pierre-Martin Tardif, a cybersecurity professor at Universit de Sherbrooke and a member of the Emerging Trends Working Group with the professional IT governance association ISACA. Technologies such as SaaS management tools, data loss prevention solutions, and scanning capabilities all help identify unsanctioned applications and devices within the enterprise.
Jon France, CISO at (ISC), a nonprofit training and certification organization, says he advises CISOs to also work with their organizations procurement team and finance department to spot spending that could point to shadow IT. He says scanning worker expense reports is particularly useful in uncovering shadow IT because it helps find reimbursement requests for tech spending that is too small to go through the procurement process.
France and others say CISOs also need to educate workers on security risks posed by shadow IT, but temper expectations on how well that awareness training will help prevent it, Mixter says. He says most workers know the security risks theyre creating but move forward with their plans anyway: Gartner research shows that 69% of employees intentionally bypassed cybersecurity guidance in the last 12 months.
Mixter says workers who deploy shadow IT arent malicious in their activities. Rather, they are trying to get their job done more efficiently and looking for tools to help them accomplish that goal. This is why, in addition to awareness training, CISOs should work to empower them by building up their security competence.
CISOs need to shift to competence building, to Let me help you figure out how to do that safely, Mixter says. According to Mixter, that means:
CISOs have to figure out how much security skill they need, understanding that they cant make everyone into a security specialist so they must determine what is the minimum competency they need, Mixter says.
That work pays off, he adds. Gartner has found that those with training targeted to their technology-related activities are more are 2.5 times more likely to avoid introducing additional cyber risk and more than twice as likely to move faster than those business technologists without such training.
View original post here:
Shadow IT is increasing and so are the associated security risks - CSO Online
Ransomware as a Service (RaaS): Trends, Threats, and Mitigation … – EC-Council
Ransomware is an ever-evolving threat worldwide, affecting not only individuals but organizations, startups, governments, agencies, and high-profile enterprises. It is estimated that over 493.33 million ransomware attacks were launched globally in 2022, accounting for almost 9% of all malware attacks (Petrosyan, 2023a; Petrosyan, 2023b). As new vulnerabilities are being identified, companies are exercising scrutiny and investing more in their cybersecurity solutions.
In this blog, readers are introduced to the current state of the cybersecurity landscape and the impact of ransomware attacks on organizations. It discusses the latest ransomware trends, RaaS business models, and what threat actors are presently doing to evolve and grow sophisticated in their methodologies. Further, this blog covers the historical events associated with ransomware attacks, the top threats organizations face, and the steps that can be taken to combat and mitigate these threats.
The latest ransomware statistics show that attackers gain access to systems and plant ransomware through phishing, exploitation of software vulnerabilities, and stolen remote desktop protocols (RDP) credentials. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed that of ransomware events targeted 14 of the 16 critical infrastructure sectors in the United States. Some of these sectors were government facilities, food and agriculture businesses, and the U.S. Defense Industrial Base. Education was one of the top sectors targeted by ransomware threat actors, according to the United Kingdoms National Cyber Security Centre (NCSC-UK), which classified ransomware as the most prominent cyber threat facing the country (CISA, 2022).
The increasing sophistication of ransomware tactics requires cybersecurity authorities to evolve their mitigation, threat identification, and detection strategies. The following is a list of critical incidents that occurred in the 21st century:
1. REvil Attacks on Apple and President Donald Trump
The REvil ransomware group committed several ransomware attacks globally and became notorious for offering customized RaaS subscriptions to cybercriminals. Formed in 2019, REvil became one of the longest-running ransomware groups in history, having operated for nearly three years. They published 169 of U.S. President Donald Trumps Dirty Laundry emails after being branded as cyber terrorists publicly. They demanded 42 million USD in ransom from the involved law firm, Grubman Shire Meiselas & Sacks (Winder, 2020), and were said to be behind the leaking of legal documents of many A-list celebrities (Ilascu, 2020). The Qakbot banking trojan attacks and high-profile hits on Apple, including hacking into the companys schematics before the Apple Macbook Pros official launch, were also among their misdeeds.
2. 2022 Costa Rican Ransomware Attack
Costa Rica declared a national emergency after ransomware attacks plagued the country in 2022. The Russian ransomware gang Conti pressured citizens to force the government to pay a ransom of 20 million USD to aid their cause (Associated Press, 2022). Conti warned that they planned to overthrow the government and demonstrate its strength through a series of cyber attacks. The U.S. Department of State offered a 10 million USD reward to individuals who could pinpoint information about any member with a leadership role in the Conti group that could potentially lead to their arrest (U.S. Department of State, 2022).
Contis next attack targeted the Costa Rican Social Security Fund, which is responsible for managing the countrys health services. Later, the Ministry of Finance is said to have suffered damages, and the government was forced to declare a national emergency (Sharma, 2022).
3. Financial Trading Group ION Gets Hijacked by Ransomware Attacks
ION was hit during the first week of February by a ransomware attack and was forced to clear its derivative platform overnight to protect its clients. Wall Street Journal reported that the attack had far-reaching effects on global financial markets and had impacted them massively. Investors couldnt place bets on commodity prices, and the platform had problems with data submissions. The trading group disconnected its servers completely and restored its operations after the issue was resolved. Traders had to manually match prices during this downtime, and there were delays in financial reporting. This incident proved that even the best banks and financial institutions with cutting-edge technologies could be compromised, no matter how robust their cybersecurity policies or their level of cyber-readiness to face these threats (Toulas, 2023).
4. DarkSide Ransomware
DarkSide Ransomware is a unique ransomware strain that threat actors use to launch multiple large-scale attacks against global organizations. The first incident was seen in August 2020, and the DarkSide group evolved to operate as a RaaS provider. They have a deep history of conducting double extortion attacks, blackmailing victims into sending payments for unlocking systems, and also for retrieving exfiltrated information.
Popular tactics used by the group to target victims include privilege escalations, impairing defenses and exploiting vulnerabilities like CVE-2020-3992 and CVE-2019-5544, exploiting public-facing applications, and customized file notes and random extensions.
Many organizations invested in their cybersecurity efforts to implement effective incident response planning and mitigate their threats (Patil, 2021). Their most notable attack was the 6-day outage in the Colonial Pipeline during early May, which even the U.S. Government noted. The group even became a potential threat to national security.
The average cost of a ransomware invasion was 1.85 million USD in 2020, and attackers are getting bolder by using the latest ransomware strains to launch several threats (Sophos, 2022). Currently, the most prevalent ransomware strains in the world include the following:
Many other strains are impacting victims around the world, like Petya, Ryuk, Wannacry, GoldenEye, Cryptolocker, and NotPetya. Crypto ransomware strains encrypt files and make them inaccessible to victims unless they pay a ransom. More challenging strains are the locker strains, where victims can get locked out of the devices. In both cases, victims lose access to sensitive information and may fail to recover data on time without falling prey to cyber adversaries. It is essential to know how to protect organizations from ransomware attacks and take the steps necessary to prepare to face these threats. (Heinbach, 2020). Finally, evolving ransomware strategies include ransomware strains like HardBit, which includes explanations of how cyber liability insurance works and additional extortion. HardBit 2.0 includes text that that files were also exfiltrated with an explicit threat to release them for sale or onward publishing if contact is not forthcoming (Slaughter, 2023).
Ransomware is a significant issue faced in modern times, and its vital to minimize risks and not fall for these attacks. Some ransomware strains attack the people and not technologies, which means the use of social engineering methodologies is prevalent. Having good software as a service (SaaS) and on-premise backup programs is a start, and organizations must ensure that all their machines are kept up-to-date.
The following are some ways you can stay protected from ransomware attacks:
Conclusion
Ransomware threats have surged dramatically, and with the increased proliferation of the Internet of Things, AI, RPA, VR/AR, and 5G technologies, we can expect numbers to continue increasing in the next few years. Ransomware techniques prey on the victims gullibility and hijack systems in ways they arent even aware of. Universities, hospitals, legal offices, and several firms are facing these risks, and significant fines can be imposed on organizations if they fail to address them. The most common cause of ransomware attacks is a lack of proper data compliance, governance, and cybersecurity policy measures. Its critical to train employees to identify these threats and ensure they dont click or respond to malicious emails or links. Security efforts should also focus on identifying impersonation attempts, and organizations are beginning to take a proactive approach to threat monitoring, analysis, and security.
References
Read the rest here:
Ransomware as a Service (RaaS): Trends, Threats, and Mitigation ... - EC-Council
Artificial intelligence: As explosive, damaging as a nuclear bomb – The Jerusalem Post
Dozens of senior executives in Artificial Intelligence, academics and other famous people have signed a statement warning of global annihilation by AI, stating emphatically that fighting this threat of extinction should be a global priority and calling to reduce the grave risks of AI.
"Reducing the risk of extinction from AI should be a global priority alongside other risks on a societal scale such as epidemics and nuclear war, read a statement that emphasized "wide-ranging concerns about the ultimate danger of uncontrolled AI."
The statement was issued by the Center for AI Safety, or CAIS, a San Francisco-based research and field-building nonprofit, and was signed by leading figures in the industry including OpenAI CEO Sam Altman; the "godfather" of AI, Geoffrey Hinton; managers and senior researchers from Google DeepMind and Anthropic.
Others who signed the statement included Kevin Scott, Chief Technology Officer of Microsoft; Bruce Schneier, internet security and cryptography pioneer; climate advocate and environmentalist Bill McKibben; musician Grimes, among others.
The statement follows the viral success of ChatGPT from OpenAI which helped amplify the tech industry's arms race to develop various AI tools. In response, a growing number of legislators, advocacy groups and tech insiders have warned about the potential of AI-powered chatbots to spread misinformation and eliminate jobs.
Hinton, whose pioneering work helped shape today's AI systems, previously told CNN that he decided to leave his position at Google and "reveal the truth" about this tech after he suddenly realized that these systems are becoming smarter than us.
Dan Hendricks, director of CAIS, said in a tweet that the statement first proposed by David Krueger, Professor of Artificial Intelligence at the University of Cambridge, may also refer to other types of AI risk such as algorithmic bias or misinformation.
Hendricks compared the statement to warnings from atomic scientists who issued warnings about the tech they created. Hendricks stated on Twitter that companies can manage multiple risks at once; it's not 'either/or' but 'both/and' and that from a risk management perspective, just as it would be reckless to exclusively prioritize the current damages, it would also be reckless to ignore them.
See the article here:
Artificial intelligence: As explosive, damaging as a nuclear bomb - The Jerusalem Post
Internet of Things (IoT) Security Market Next Big Thing | Major Giants Symantec, Cisco Systems, IBM, Verizon E – openPR
Internet of Things (IoT) Security Market
Get Free Exclusive PDF Sample Copy of This Research @ https://www.advancemarketanalytics.com/sample-report/71217-global-internet-of-things-iot-security-market#utm_source=OpenPRKavita
Some of the key players profiled in the study are: PTC Inc. (United States), Symantec Corporation (United States), Cisco Systems, Inc. (United States), IBM Corporation (United States), Verizon Enterprises Solutions (United States), Trustwave (United States), Check Point Security Software Technologies Ltd. (Israel), Infineon Technologies (Germany),.
Scope of the Report of Internet of Things (IoT) SecurityInternet of things (IOT) security is the technology concerned with protection connected devices as well as networks in the internet of things (IOT). IOT platform is a multi-layer technology that allows straightforward provisioning, managing and automation of linked devices within the Internet of Things universe. There are various type of IOT security such as network security, endpoint security, application security, cloud Security and others. Growing incidences of cyber-attacks as well as rising dependency on connected devices will help to boost global IOT security market. According to AMA, the market for Internet of Things (IoT) Security is expected to register a CAGR of 33.6% during the forecast period to 2027.
The titled segments and sub-section of the market are illuminated below: by Type (Network Security, Endpoint Security, Application Security, Cloud Security, Others), Application (Healthcare & Life Science, Infrastructure & Cities, Industrial system & Sensors, Smart home & Consumer, Transport & Urban Mobility, Others), Services (Consulting, Maintenance, Training), Solutions (Identity Access Management, Intrusion Detection System/Intrusion Prevention System, Distributed Denial of Service Protection, Security Analytics, Others), End User (Healthcare, Information Technology (IT), Telecom Banking, Financial Services, Insurance (BFSI), Automotive, Others)
Market Drivers:Increasing Incidences of Cyber Attacks Rising Dependency on Connected Devices
Market Trends:Up Surging Demand of IOT Solutions in OrganizationsHigh Adoption of Smart DevicesGrowing Trend Of Bring Your Own Device (BYOD)
Opportunities:Growing IOT Security Expenditure in Developing Countries
Have Any Questions Regarding Global Internet of Things (IoT) Security Market Report, Ask Our Experts@ https://www.advancemarketanalytics.com/enquiry-before-buy/71217-global-internet-of-things-iot-security-market#utm_source=OpenPRKavita
Region Included are: North America, Europe, Asia Pacific, Oceania, South America, Middle East & Africa
Country Level Break-Up: United States, Canada, Mexico, Brazil, Argentina, Colombia, Chile, South Africa, Nigeria, Tunisia, Morocco, Germany, United Kingdom (UK), the Netherlands, Spain, Italy, Belgium, Austria, Turkey, Russia, France, Poland, Israel, United Arab Emirates, Qatar, Saudi Arabia, China, Japan, Taiwan, South Korea, Singapore, India, Australia and New Zealand etc.
Strategic Points Covered in Table of Content of Global Internet of Things (IoT) Security Market:Chapter 1: Introduction, market driving force product Objective of Study and Research Scope the Internet of Things (IoT) Security marketChapter 2: Exclusive Summary - the basic information of the Internet of Things (IoT) Security Market. Chapter 3: Displaying the Market Dynamics- Drivers, Trends and Challenges & Opportunities of the Internet of Things (IoT) SecurityChapter 4: Presenting the Internet of Things (IoT) Security Market Factor Analysis, Porters Five Forces, Supply/Value Chain, PESTEL analysis, Market Entropy, Patent/Trademark Analysis.Chapter 5: Displaying the by Type, End User and Region/Country 2018-2022Chapter 6: Evaluating the leading manufacturers of the Internet of Things (IoT) Security market which consists of its Competitive Landscape, Peer Group Analysis, BCG Matrix & Company ProfileChapter 7: To evaluate the market by segments, by countries and by Manufacturers/Company with revenue share and sales by key countries in these various regions (2023-2028)Chapter 8 & 9: Displaying the Appendix, Methodology and Data Source
finally, Internet of Things (IoT) Security Market is a valuable source of guidance for individuals and companies.
Read Detailed Index of full Research Study at @ https://www.advancemarketanalytics.com/reports/71217-global-internet-of-things-iot-security-market#utm_source=OpenPRKavita
Thanks for reading this article; you can also get individual chapter wise section or region wise report version like North America, Middle East, Africa, Europe or LATAM, Southeast Asia.
Contact Us: Craig Francis (PR & Marketing Manager) AMA Research & Media LLPUnit No. 429, Parsonage Road Edison, NJ New Jersey USA - 08837 Phone: +1(201) 7937323, +1(201) 7937193sales@advancemarketanalytics.com
About Author: Advance Market Analytics is Global leaders of Market Research Industry provides the quantified B2B research to Fortune 500 companies on high growth emerging opportunities which will impact more than 80% of worldwide companies' revenues.Our Analyst is tracking high growth study with detailed statistical and in-depth analysis of market trends & dynamics that provide a complete overview of the industry. We follow an extensive research methodology coupled with critical insights related industry factors and market forces to generate the best value for our clients. We Provides reliable primary and secondary data sources, our analysts and consultants derive informative and usable data suited for our clients business needs. The research study enable clients to meet varied market objectives a from global footprint expansion to supply chain optimization and from competitor profiling to M&As.
This release was published on openPR.
Read the rest here:
Internet of Things (IoT) Security Market Next Big Thing | Major Giants Symantec, Cisco Systems, IBM, Verizon E - openPR
Victims of MOVEit SQL injection zero-day mount up – ComputerWeekly.com
Multiple organisations are now coming forward to disclose that they have been affected by cyber attacks originating via a recently disclosed vulnerability in Progress Softwares MOVEit file transfer product, which is being widely exploited, including by ransomware operators.
In the past 24 hours, organisations including the BBC, Boots and British Airways (BA) have all confirmed they have been impacted, with the BBC telling staff that ID numbers, dates of birth, home addresses and National Insurance numbers were compromised in the incident. BA staff have also been told their banking details may have been stolen.
In the case of BA and others, the incident began via the systems of Zellis, a supplier of IT services for payroll and human resources departments. A Zellis spokesperson confirmed a small number of the organisations customers had been affected.
All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate, said the spokesperson.
Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring, they added.
Zellis said it has notified the relevant authorities in both the UK and Ireland, including the Information Commissioners Office (ICO) and the Irish Data Protection Commission (DPC).
A BA spokesperson said: We have been informed that we are one of the companies impacted by Zellis cyber security incident which occurred via one of their third-party suppliers called MOVEit. Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.
This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.
BAs parent, IAG, is understood to be working to support those who may be affected, and it has also reported the incident to the ICO of its own accord.
A spokesperson for the UKs National Cyber Security Centre (NCSC) said that the agency was closely monitoring the situation.
We are working to fully understand UK impact following reports of a critical vulnerability affecting MOVEit Transfer software being exploited, they said. The NCSC strongly encourages organisations to take immediate action by following vendor best practice advice and applying the recommended security updates.
The MOVEit managed file transfer (MFT) software product was initially developed and released in the early 2000s by a company called Standard Networks. This firm was subsequently acquired by network software specialist Ipswitch, which was itself bought by Progress in 2019.
On Wednesday 31 May 2023, Progress announced it had discovered and patched a critical vulnerability in MOVEit impacting all users of the MOVEit transfer product.
Tracked as CVE-2023-34362, the bug is a SQL injection vulnerability that could enable an unauthenticated actor to access the users MOVEit Transfer database and depending on whether or not they are using MySQL, Microsoft SQL Server or Azure SQL as their database engine infer information about the contents of the database, and execute SQL statements that alter or delete elements of it.
Multiple security firms have been tracking exploitation of CVE-2023-34362 over the past week, including Microsoft, Mandiant and Rapid7.
Microsoft said it was prepared to attribute attacks exploiting the vulnerability to a threat actor it is now tracking as Lace Tempest, a ransomware operator that is best known for running the Clop (aka Cl0p) operation.
Cl0p is a particularly virulent strain of ransomware and its operators are widely-known to be especially partial to issues affected file transfer processes. Earlier this year, they were behind a spate of attacks that exploited a vulnerability in the Fortra GoAnywhere MFT tool to attack the systems of more than 90 victims, including storage and security firm Rubrik.
Mandiant said it had also observed at least one actor associated with Clop seeking partners to work on SQL injection vulnerabilities, but that it did not have enough evidence to determine a link between activity associated with the MOVEit vulnerability and the ransomware gang. Its analysts said they expected more victims to begin receiving ransom demands in the coming weeks.
Rapid7 said that the behaviour it had observed exploiting CVE-2023-34362 was mostly opportunistic rather than targeted.
Its analysts said: The uniformity of the artifacts were seeing could plausibly be the work of a single threat actor throwing one exploit indiscriminately at exposed targets.
Darktrace head of threat analysis, Toby Lewis, said that although CVE-2023-34362 does not seem to provide sufficient access to directly deploy ransomware, nor allow an attacker to move laterally through the victims network, it was still possible for it to be of use to an operator such as Clop.
If sensitive material is being transferred through MOVEit, this exploit can expose enterprises to extortion with the threat of publication of stolen data, he said.
Zellis is just one customer of MOVEit and there will likely be other organisations affected that have not yet been disclosed. Zellis will likely have been a victim of opportunistic scanning and exploitation; this may have been occurring across a number of weeks, even though it was only publicly disclosed last week. This incident appears to be limited to data theft from customers of the MOVEit platform, he said.
ReliaQuest CISO Rick Holland said the incident was still in its early stages and would take some time to play out.
The number of victims in this current campaign remains to be seen, but any organisation that exposed the vulnerable MOVEit solutions to the internet must assume breach, Holland told Computer Weekly in emailed comments.
As we have seen with other vulnerabilities, there is a feeding frenzy once the vulnerability becomes publicly known; if Clop didnt compromise MOVEit, other threat actors might have. Organisations that have not received a ransom note shouldn't assume they are in the clear.
The threat group has likely compromised so many organisations that it may take them time to work through the victim queue, he added.
Read the original:
Victims of MOVEit SQL injection zero-day mount up - ComputerWeekly.com
Why millions of usable hard drives are being destroyed – BBC
5 June 2023
Image source, Getty Images
Millions of usable hard drives are destroyed every year
Millions of storage devices are being shredded each year, even though they could be reused. "You don't need an engineering degree to understand that's a bad thing," says Jonmichael Hands.
He is the secretary and treasurer of the Circular Drive Initiative (CDI), a partnership of technology companies promoting the secure reuse of storage hardware. He also works at Chia Network, which provides a blockchain technology.
Chia Network could easily reuse storage devices that large data centres have decided they no longer need. In 2021, the company approached IT Asset Disposition (ITAD) firms, who dispose of old technology for businesses that no longer need it. The answer came back: "Sorry, we have to shred old drives."
"What do you mean, you destroy them?" says Mr Hands, relating the story. "Just erase the data, and then sell them! They said the customers wouldn't let them do that. One ITAD provider said they were shredding five million drives for a single customer."
Storage devices are typically sold with a five-year warranty, and large data centres retire them when the warranty expires. Drives that store less sensitive data are spared, but the CDI estimates that 90% of hard drives are destroyed when they are removed.
The reason? "The cloud service providers we spoke to said security, but what they actually meant was risk management," says Mr Hands. "They have a zero-risk policy. It can't be one in a million drives, one in 10 million drives, one in 100 million drives that leaks. It has to be zero."
Shredding a hard drive is not necessarily secure, says Jonmichael Hands
The irony is that shredding devices is relatively risky today. The latest drives have 500,000 tracks of data per square inch. A sophisticated data recovery person could take a piece as small as 3mm and read the data off it, Mr Hands says.
Last year, the IEEE Standards Association approved its Standard for Sanitizing Storage. It describes three methods for removing data from devices, a process known as sanitisation.
The least secure method is "clear". All the data is deleted, but it could be recovered using specialist tools. It's good enough if you want to reuse the drive within your company.
The most extreme method is to destroy the drives through melting or incineration. Data can never be recovered, and nor can the drive or its materials.
Between the two sits a secure option for re-use: purging. When the drive is purged, data recovery is unfeasible using state-of-the-art tools and techniques.
There are several ways a drive can be purged. Hard drives can be overwritten with new patterns of data, for example, which can then be checked to make sure the original data has gone. With today's storage capacities, it can take a day or two.
By comparison a cryptographic erase takes just a couple of seconds. Many modern drives have built-in encryption, so that the data on them can only be read if you have the encryption key. If that key is deleted, all the data is scrambled. It's still there, but it's impossible to read. The drive is safe to resell.
More innovation in materials extraction and recycling is needed, says Seagates Amy Zuckerman
Seagate is a leading provider of data storage solutions, and a founding member of the CDI. "If we can universally, among all of our customers, trust that that we have secure erase, then drives can be returned to use," says Amy Zuckerman, sustainability and transformation director at Seagate. "That is happening, but on a very small scale."
In its 2022 financial year, Seagate refurbished and resold 1.16 million hard drives and solid-state drives (SSDs), avoiding more than 540 tonnes of electronic waste (e-waste). That includes drives that were returned under their warranty and drives that were bought back from customers.
A pilot take-back programme in Taiwan recovered three tonnes of e-waste. The challenge now, Ms Zuckerman says, is to scale the programme up.
Refurbished drives are tested, recertified and sold with a five or seven-year warranty. "We are seeing small data centres and cryptocurrency mining operations pick them up," she says. "Our successes have been on a smaller scale, and I think that's probably true for others engaged in this work too."
There are no projections for how many times each drive can be refurbished and reused. "Right now, we are just looking at that double use," Ms Zuckerman says.
There is huge potential for such schemes. A large proportion of the 375 million hard drives sold by all companies in 2018 are now ending their warranty.
For drives that can't be reused, Seagate looks first at parts extraction and then materials recycling. In the Taiwan pilot programme, 57% of the material was recycled, made up of magnets and aluminium. Innovation is needed across the industry to help recover more of the 61 chemical elements used in the drives, Ms Zuckerman says.
The principle of sanitising and reusing hardware also applies to other devices, including routers. "Just because a company has a policy of replacing something over three years, it doesn't mean it's defunct for the entire world," says Tony Anscombe, the chief security evangelist at IT security company ESET.
"A large internet service provider (ISP) may well be decommissioning some enterprise grade routers that a smaller ISP would dream of having."
It's important to have a decommissioning process that secures the devices, though. ESET bought some second-hand core routers, the type used in corporate networks. Only five out of 18 routers had been wiped properly. The rest contained information about the network, applications or customers that could be valuable to hackers. All had enough data to identify the original owners.
One of the routers had been sent to an e-waste disposal company, who had apparently sold it on without removing the data. ESET contacted the original owner. "They were very shocked," says Mr Anscombe. "Companies should sanitise devices themselves as best as they can, even if they're using a sanitisation and e-waste company."
Mr Anscombe recommends companies test the process of sanitising devices while they're still under support. If anything is unclear, help is available from the manufacturer then. He also suggests saving all documentation needed for the process in case the manufacturer removes it from their website.
Before sanitisation, Mr Anscombe says companies should make and store a back-up of the device. If any data does leak, it's easier to understand then what has been lost.
Finally, companies should make it easy for people to report security leaks. Mr Anscombe says it was hard to notify companies of what they had found on their old routers.
How can companies be sure the data has gone from a device? "Give it to a security researcher and ask them what they can find," says Mr Anscombe. "A lot of cyber-security teams will have someone who understands how to take the lid off and see if the device was fully sanitised."
By knowing how to clean the data from devices, companies can send them for reuse or recycling with confidence. "The days of the 'take-make-waste' linear economy need to be over," says Seagate's Ms Zuckerman.
Go here to see the original:
Why millions of usable hard drives are being destroyed - BBC