Category: Cyber Threats & Vulnerabilities

In today’s digital landscape, Advanced Persistent Threats (APTs) pose a significant challenge to organizations across various sectors. Unlike standard cyberattacks that might be opportunistic or automated, APTs are meticulously planned, highly sophisticated, and aimed at long-term infiltration and data exfiltration. Here’s a detailed guide on how to effectively combat these threats and safeguard your organization’s digital assets.

Understanding APTs

APTs are characterized by their stealth and persistence. Attackers behind APTs often employ a combination of techniques to gain unauthorized access, maintain it, and extract valuable information over extended periods. Common characteristics include:

    1. Targeted Approach: APTs are usually aimed at specific organizations or sectors, often with a strategic goal.
    2. Multi-Stage Attacks: The attack process includes initial compromise, internal reconnaissance, lateral movement, and data extraction.
    3. Stealth: Attackers use advanced techniques to avoid detection and maintain access.

Steps to Combat APT Cyber Threats

1. Strengthen Security Posture
    • Network Segmentation: Divide your network into segments to limit the lateral movement of attackers. Critical systems should be isolated from less sensitive parts of the network.
    • Regular Patching and Updates: Ensure that all software, hardware, and operating systems are up-to-date with the latest security patches to protect against known vulnerabilities.
    • Access Controls: Implement strict access controls and ensure that users have only the permissions necessary for their roles. Use multi-factor authentication (MFA) to add an extra layer of security.

2. Implement Advanced Detection Mechanisms
    • Behavioral Analysis: Employ security solutions that focus on detecting unusual behavior rather than relying solely on signature-based detection. Behavioral analysis can help identify anomalous activities that may indicate an APT.
    • Endpoint Detection and Response (EDR): Utilize EDR tools to monitor and respond to threats at the endpoint level. EDR solutions provide real-time visibility and can detect malicious activities that traditional antivirus programs might miss.
    • Network Monitoring: Use intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor network traffic for signs of suspicious activity.

3. Develop a Robust Incident Response Plan
    • Preparation: Develop and document an incident response plan (IRP) that outlines roles, responsibilities, and procedures for responding to an APT. Regularly review and update the plan.
    • Detection and Analysis: Establish procedures for detecting and analyzing potential APT incidents. This includes collecting and analyzing logs, network traffic, and other relevant data.
    • Containment and Eradication: Once an APT is detected, take immediate steps to contain the threat, prevent further damage, and eliminate the attacker’s presence from your systems.
    • Recovery: Restore affected systems and services while ensuring that all traces of the threat have been removed. Perform a post-incident review to identify lessons learned and improve future response efforts.

4. Enhance Employee Awareness and Training
    • Phishing Awareness: Conduct regular training sessions to educate employees about phishing and social engineering tactics. Ensure they understand how to recognize suspicious emails and other potential threats.
    • Best Practices: Encourage employees to follow security best practices, such as using strong, unique passwords and avoiding unsafe behaviors online.

5. Collaborate and Share Information
    • Information Sharing: Join industry groups and information-sharing organizations to stay informed about emerging threats and best practices. Sharing information with peers can help you understand the tactics and techniques used by APT actors.
    • Threat Intelligence: Invest in threat intelligence services that provide real-time information about current threats and vulnerabilities. This can help you stay ahead of potential attacks and adapt your defenses accordingly.

6. Regularly Test and Update Security Measures
    • Penetration Testing: Conduct regular penetration tests to identify and address vulnerabilities before attackers can exploit them. Engage with ethical hackers to simulate APT scenarios and assess your organization’s defenses.
    • Security Audits: Perform routine security audits to evaluate the effectiveness of your security measures and make necessary adjustments.

Conclusion

Combating Advanced Persistent Threats requires a multi-faceted approach involving robust security practices, advanced detection technologies, and ongoing vigilance. By strengthening your security posture, implementing advanced detection mechanisms, developing a comprehensive incident response plan, enhancing employee training, collaborating with industry peers, and regularly testing your defenses, you can better protect your organization from these sophisticated and persistent cyber threats. Adapting to the evolving threat landscape is crucial for maintaining resilience and safeguarding your critical assets.

The post How to Combat APT Cyber Threats: A Comprehensive Guide appeared first on Cybersecurity Insiders.

As security and identity management become increasingly more complex with 60% of breaches attributed to insider threats, compromising on access control just makes no sense. More importantly, choosing the right partner is more crucial than ever.

According to IDECO CEO Marius Coetzee, IDEMIA’s biometric readers are known for their exceptional high quality and longevity, ensuring that your investment in security technology is protected for years to come. “With a reputation for accuracy and cutting-edge technology, IDEMIA delivers robust access control solutions that provide peace of mind and operational efficiency.”

“Their commitment to quality, innovation, and customer satisfaction has positioned them as the Corporate Standard and go-to choice for organisations seeking reliable and long-term security solutions,” he stresses.

Quality and reliability

High quality is a hallmark of IDEMIA’s offerings. The company’s biometric solutions are crafted with precision, ensuring accuracy, reliability and reducing the likelihood of false acceptance. Businesses can trust IDEMIA to deliver consistent, high-quality performance that meets the rigorous demands of modern security environments.

IDEMIA ensures reliability through world-class matching algorithms, advanced manufacturing processes, and stringent quality assurance checks at every production stage. This meticulous approach minimises defects and guarantees best in class performance.

Understanding the Total Cost of Ownership (TCO)

When investing in biometric solutions, it’s essential to consider the total cost of ownership (TCO) beyond the initial purchase price. With IDEMIA, one is investing in longevity and quality, which stands the test of time. This approach prevents the costly cycle of replacing biometric readers every few years.

IDEMIA offers robust, scalable solutions that minimise implementation, maintenance, and operational costs. The company’s products are designed for durability and efficiency, delivering long-term savings and reducing the need for constant updates or repairs.

Vendor stability and reputation

Partnering with a stable and reputable vendor is crucial for long-term success. IDEMIA’s reputation for stability and long-term viability makes it a trustworthy partner. The company earns trust through a proven track record of delivering high-quality, innovative solutions.

Coetzee says their commitment to continuous technological advancements guarantees that your biometric solutions are always equipped with the latest innovations. “Regular updates and upgrades are included, ensuring your investment evolves with the latest technological trends and security standards.”

Compatibility and integration

IDEMIA’s technology stack is designed for seamless compatibility with existing infrastructure. Its solutions integrate smoothly with current systems, ensuring robust security and easy adoption. The advanced biometric and cryptographic technologies used by IDEMIA enhance overall security while facilitating integration across various platforms.

The company’s products are trusted by governments and leading corporations worldwide, solidifying IDEMIA’s status as a top-tier provider in the field.

Comprehensive support

IDEMIA excels in providing extensive support services, including training, implementation assistance, and ongoing local support. Its commitment to customer service ensures that organisations can maximise the benefits of their solutions, with expert guidance available every step of the way.

“This comprehensive support is crucial for maintaining their position as the corporate standard in biometrics. By offering tailored solutions and hands-on support, IDEMIA helps organisations achieve their security goals with minimal hassle and maximum return on investment,” he explains.

Longevity versus warranty

More importantly, IDEMIA’s products are engineered for longevity, surpassing standard warranty periods. This emphasis on durability means organisations experience fewer repairs and updates, minimising downtime and ensuring consistent performance.

By focusing on long-term reliability, IDEMIA provides a dependable security solution, reducing the total cost of ownership (TCO) for clients. The extended lifespan of IDEMIA’s products enhances their value proposition, offering peace of mind and sustained security.

Ethical practices and sustainability

IDEMIA is committed to ethical practices and sustainability. Its solutions are designed with a focus on environmental responsibility, ensuring that businesses can achieve their security goals without compromising on ethical standards. This commitment extends to data privacy and protection, aligning with global security practices.

For sustainability, IDEMIA incorporates eco-friendly materials in their products and designs solutions with energy efficiency in mind. The company’s operations emphasise waste reduction, recycling, and minimising resource usage, contributing to a sustainable future while upholding high ethical standards.

Global Security Practices: GDPR and POPIA Compliance

With the many stringent data protection regulations, IDEMIA’s solutions are meticulously designed to comply with global security practices like GDPR and POPIA, ensuring robust data protection and privacy. It incorporates advanced encryption techniques to safeguard personal data during collection, storage, and transmission.

IDEMIA’s comprehensive approach to data security helps organisations maintain compliance while leveraging cutting-edge biometric technologies, ensuring that businesses can operate confidently, knowing their biometric data is handled in accordance with the highest legal and ethical standards.

Vision

Coetzee says a vendor’s vision and future plans are critical to long-term success. “IDEMIA envisions a future where biometric solutions enhance security, convenience, and efficiency across various sectors. Their mission is to make it safer and easier for people to pay, connect, be identified, access, travel, and stay safe by continuously reinventing the way we interact.”

IDEMIA’s technical roadmap aligns with the evolving needs of modern businesses, focusing on innovation and scalability. The company’s strategic direction ensures that their solutions remain relevant and effective, keeping pace with technological advancements and market demands.

In conclusion, Coetzee states: “IDEMIA sets the corporate standard in biometrics by distinguishing itself through a combination of innovative technology, robust support services, a clear strategic vision, cost-effectiveness, and unwavering reliability.”

“Their commitment to quality, privacy, ethical practices, and global compliance ensures that businesses can trust IDEMIA for their biometric needs. By choosing IDEMIA, organisations align themselves with a leader in the industry, securing a reliable and forward-thinking partner for their biometric solutions,” he concludes.

The post Is your organisation at risk? appeared first on Cybersecurity Insiders.

In recent years, the landscape of cybersecurity threats has evolved, with attackers constantly refining their techniques to exploit vulnerabilities in increasingly sophisticated ways. Among the newer threats gaining attention is Kerberoasting—a method that targets weaknesses in the Kerberos authentication protocol used in many enterprise environments. This article delves into what Kerberoasting is, why it poses a significant threat, and how organizations can defend against it.

Understanding Kerberoasting

Kerberoasting is a technique used to exploit vulnerabilities in the Kerberos authentication protocol, which is widely employed in Windows-based networks. Kerberos, named after the mythical three-headed dog guarding the underworld, is designed to provide strong authentication for client-server applications by using secret-key cryptography.

In a typical Kerberos setup, a user requests access to a service on the network. The Kerberos Key Distribution Center (KDC) issues a Ticket-Granting Ticket (TGT) that the user presents to a Ticket-Granting Service (TGS) to receive a service ticket. This service ticket is then used to authenticate the user to the requested service.

Kerberoasting targets the process of obtaining and cracking these service tickets. Here’s a simplified breakdown:

1.    Ticket Request: The attacker, who has already compromised a user account or system, requests a service ticket for a service account within the domain.
2.    Ticket Acquisition: The KDC provides the ticket, which is encrypted with the service account’s password hash.
3.    Ticket Extraction: The attacker extracts this ticket from memory or network traffic.
4.    Cracking: Using tools such as hashcat or John the Ripper, the attacker attempts to crack the ticket offline to retrieve the plaintext password of the service account.

Why Kerberoasting is a Growing Concern

Kerberoasting has emerged as a significant threat due to several factors:
1.    Service Account Weakness: Service accounts often have weak or easily guessable passwords. These accounts typically have elevated privileges, making their compromise particularly damaging.
2.    Offline Cracking: By extracting and cracking service tickets offline, attackers bypass real-time detection mechanisms that might otherwise prevent such activities.
3.    Stealthy Attacks: Kerberoasting is difficult to detect since it exploits normal Kerberos traffic and relies on legitimate authentication requests, making it harder for security teams to identify malicious activity.
4.    Access to High-Value Targets: Successfully cracking a service ticket can grant attackers access to high-value systems or sensitive data, especially if the compromised service account has extensive privileges.

Defending Against Kerberoasting

To mitigate the risks associated with Kerberoasting, organizations can implement several defensive measures:
1.    Strengthen Service Account Passwords: Enforce strong, complex passwords for service accounts and regularly update them. Avoid using easily guessable or default passwords.
2.    Use Group Managed Service Accounts (gMSAs): gMSAs, which are managed by Active Directory, provide automatic password management and are less susceptible to brute-force attacks.
3.    Monitor for Anomalous Activity: Implement monitoring tools to detect unusual patterns in Kerberos ticket requests or other anomalies that may indicate an attempted Kerberoasting attack.
4.    Regularly Review and Audit Accounts: Perform regular audits of service accounts and their permissions to ensure they follow the principle of least privilege and are not over-privileged.
5.    Apply Security Patches and Updates: Keep systems and software up-to-date with the latest security patches to protect against known vulnerabilities that could be exploited in Kerberoasting attacks.
6.    Educate and Train Staff: Ensure that IT staff are aware of Kerberoasting and other emerging threats, and provide training on best practices for securing service accounts and responding to potential incidents.

Conclusion

Kerberoasting represents a sophisticated and emerging threat that capitalizes on the complexities of Kerberos authentication to gain unauthorized access to sensitive systems. As cyber threats continue to evolve, staying informed about new attack techniques and implementing robust security measures is essential for protecting organizational assets. By understanding and addressing the risks associated with Kerberoasting, organizations can better safeguard their networks and mitigate the impact of potential attacks.

The post The Rise of Kerberoasting: A New Cyber Threat on the Horizon appeared first on Cybersecurity Insiders.

Cyber threats are constantly evolving, targeting the very foundation of our nation’s security and economy. To combat this ever-present challenge, the Cybersecurity and Infrastructure Security Agency (CISA) recently launched a proactive program called Shields Up. The program’s core tenets emphasize the importance of continuous preparedness, collaboration, and adaptation to combat evolving cyber threats.

Shields Up and Shields Ready: Building a Comprehensive Defense

CISA’s Shields Up program furnishes organizations with the tools and resources necessary to implement robust cybersecurity practices. This includes recommendations for shoring up defenses, like maintaining offline data backups and crafting incident response plans. The Shields Ready program is a specific aspect and essential expansion of this initiative, focusing on elements such as heightened readiness or specific sector protection. Shields Ready addresses known cyber threats and utilizes CISA’s intelligence arm to communicate steps and tactics to improve cyber readiness and reduce the risk of a successful attack.

The development of programs like Shields Up and Shields Ready indicates several critical aspects of CISA’s cybersecurity approach:

  • Proactive Stance: CISA focuses on a proactive rather than reactive approach to cybersecurity threats. By providing tools, resources, and guidance in advance, the expectation is to prevent cyber incidents before they occur.
  • Comprehensive Readiness: CISA encourages organizations to be perpetually prepared for cyber threats, not just respond when attacked. This involves continuous monitoring, updating, and strengthening of cybersecurity defenses. This aligns with many of the Executive Orders over the last 24 months on data supply chain and security standards and is in line with the NIST 2.0 Cyber Framework.
  • Collaboration and Partnership: CISA’s programs emphasize the importance of collaboration between the government, private sector companies, and various governmental agencies. With cyber threats changing daily, this partnership between the government and industry is imperative. Without cooperation and information sharing, we will not be able to protect our infrastructure.
  • Adaptation to Emerging Threats: By evolving and expanding programs like Shields Up, CISA is demonstrating its commitment to adapting to the evolving nature of cyber threats while utilizing the government’s power to assist industry. This is critical to staying ahead of nation-state cyber activities, ransomware attacks, and other forms of cybercrime.
  • Education & Awareness: These initiatives elevate our sense of urgency and raise awareness to educate stakeholders about the importance of cybersecurity, promote best practices, and assist organizations in understanding their vital role in national security.

Why Proactive Preparation Matters

Given the speed and volume at which cyberattacks are happening today, government agencies should, must, and are expected to be prepared for cyber incidents ahead of time to ensure resilience. There are several crucial reasons for doing so.

Firstly, ensuring resilience for critical infrastructure is paramount. Government agencies play a vital role in protecting these systems, which underpin national security, economic stability, and public safety. A successful cyberattack could cripple essential services, cause significant financial damage, or even compromise national security.

Secondly, safeguarding sensitive information is critical. Government agencies manage a wealth of sensitive data, including personal information of citizens, classified national security data, and other confidential records. Protecting this data from breaches is essential to maintain public trust in government operations and national security. A stark example of the consequences of a data breach is the OPM hack, where millions of security clearance records were compromised. This incident not only exposed private citizens to identity theft risks but also raised concerns about potential misuse of stolen data for creating deepfakes or other malicious activities.

Thirdly, proactive measures are crucial for ensuring continuity of operations. Cyberattacks can disrupt the functioning of government agencies, hindering the delivery of essential public services. From water supply and food safety systems to transportation and other everyday services, a cyberattack can cause significant disruption. Proactive preparation ensures that these critical functions continue uninterrupted even in the face of an attack.

Furthermore, rapid response capabilities are essential. When a cyberattack occurs, an agency’s ability to respond quickly and effectively is vital. CISA provides guidance on developing clear incident response plans, ensuring trained personnel are available to implement them and establishing clear communication channels for government-wide coordination and information sharing during a crisis.

By setting a high standard for cybersecurity practices, government agencies serve as a model for others to follow. CISA plays a leadership role in establishing cybersecurity standards and promoting robust cyber defenses. This not only protects government assets but also fosters collaboration with the private sector and other stakeholders in adopting strong cybersecurity measures.

Finally, the ever-evolving nature of cyber threats necessitates constant adaptation. Attackers continuously develop new methods to exploit vulnerabilities. Proactive preparation requires ongoing efforts to update cybersecurity measures and stay ahead of these evolving threats, particularly advanced persistent threats.

Securing Our Future

The ever-present threat of cyberattacks demands a proactive defense. CISA’s Shields Up and Shields Ready programs exemplify this approach, empowering those who manage critical infrastructure with the tools they need, while fostering collaboration to build a strong defense. These dynamic programs, aligned with national security priorities, ensures the resilience of government services and the uninterrupted delivery of essential services we rely on daily. Preparation for cyber incidents is not just about defense; it’s about ensuring public trust in government operations and the effective functioning of government itself. By working together, government agencies, industry leaders, and CISA can stay ahead of cyber threats and safeguard the foundation of our nation’s security and economy.

The post CISA’s Shields Up and Shields Ready Programs: A Proactive Approach to Cybersecurity for Critical Infrastructure appeared first on Cybersecurity Insiders.

Customers increasingly rely on trusted vendors to protect their sensitive data, systems, and operations from sophisticated cyber threats in today’s dynamic threat landscape. Threats, ranging from ransomware to business email compromise (BEC), are constantly evolving. This demands a continuous, robust threat intelligence strategy from those protecting businesses. At SonicWall, we have just released our 2024 Mid-Year Cyber Threat Report, which provides insights into the evolving threat landscape, helping businesses better understand adversary behavior and enhance their security strategies. Our goal is to equip managed services providers (MSPs), managed security service providers (MSSPs), customers, partners, and the broader business community with actionable insights to develop and implement effective defensive strategies against both new and old threats.

Threat actors are employing more efficient and sophisticated tactics, significantly increasing various types of cyberattacks. Malware has surged by 30%, with an average of 526 new variants a day. This may speak to the impact artificial intelligence (AI) is having on the development of new malware, making it easier for threat actors to produce new variants. We have also seen significant spikes in IoT malware (107%) and encrypted threats (92%). These trends indicate threat actors are targeting more accessible attack surfaces and need to continually modify tactics to evade defensive technologies. Deploying tools for continuous monitoring and incident response, along with developing a robust incident response plan, can help mitigate and contain rising cyberattacks.

In the first five months of 2023, cyber threats put an average of 12.6% of an organization’s annual revenues at risk, on track to be around 30% annually. This is thanks to businesses enduring an average of 1,104 critical attacks during a work week. Without robust cybersecurity protection, this could have led to as many as 46 days of potential downtime. Within these attack hours, we saw the continued rise of ransomware attacks in North America and LATAM – up 15% and 51%, respectively.

By adding our Managed Security Services (MSS) offering this year, we enhanced our report to include insights into the threats affecting our MSP and managed detection and response (MDR) customers. Interestingly, 83% of the alerts received by our MSS team were related to cloud apps and compromised credentials. Therefore, augmenting cloud security with robust measures like Security Service Edge (SSE) and Zero-Trust Network Architecture (ZTNA) is vital as threat actors continue to focus on cloud applications. Additionally, implementing multifactor authentication (MFA) enhances cybersecurity by requiring additional verification steps beyond passwords, significantly strengthening access controls and thwarting unauthorized entry attempts. Microsoft has previously reported that only 38% of Office 365 customers have implemented MFA.

Reviewing threat data is crucial for a company to stay ahead of evolving cyber threats and protect sensitive information. It enables the identification of vulnerabilities and the development of effective defense strategies. By analyzing threat data, companies can anticipate potential attacks and mitigate risks before they cause damage. This proactive approach enhances overall security posture and ensures compliance with regulatory requirements.

###

Douglas McKee is the Executive Director of Threat Research at SonicWall, where he and his team focus on identifying, analyzing, and mitigating critical vulnerabilities through daily product content. For more information on SonicWall, please visit www.sonicwall.com, or to contact Mr. McKee directly, email dmckee@sonicwall.com

The post SonicWall Mid-Year Threat Report Highlights Increase in Cyberattacks – Call for MSPs appeared first on Cybersecurity Insiders.

According to the United Nations, the world witnessed a significant rise in violent conflicts in 2023 that reached unprecedented levels not seen since World War II. This trend will likely continue into 2024 as technology will enable nation state-level cyber operations to surge — further fracturing the geopolitical landscape. The increase in global tensions continues to impact the cyber security landscape profoundly. Three of the ‘Big Four’ nation-states, namely Russia, China, and Iran, are paving the way toward a new level of worldwide cyber tensions. We have seen evolving cyber threats from these regions throughout the first couple of months of the calendar year. January 2024 will likely be the harbinger of a particularly challenging year for almost any organisation with an internet-connected device.  

From Russia with love 

Since Russia’s military engagement with Ukraine, we have witnessed an unparalleled surge in cyber operations. These activities continue to target Ukrainian civilian and military infrastructure to gather intelligence and undermine the nation’s resistance. In 2023, Moscow-aligned cyber operations also extended beyond the borders of Ukraine, targeting NATO member states as well as other nations sympathetic to the cause of Kyiv. Russia likely conducted these activities via proxies such as cybercriminal groups and hacktivist collectives. It’s interesting to note that these attacks were most prominent during periods of Western support initiatives for the Ukrainian war efforts.  

Moscow will likely continue to employ proxies to implement destructive cyber-attacks involving the deployment of wiper malware, information operations (IO), and intellectual property (IP) theft to inhibit cooperation between entities involved in providing Ukrainian support. Fluctuating periods of targeting against the transportation and logistics sectors will likely occur during the delivery of support packages to Ukraine, as Russia will seek to disrupt their supply.  

As 2024 rolls out, we have assessed that Russia’s cyber operations will likely continue targeting Ukraine’s critical national infrastructure (CNI), the scope and duration of which are expected to widen, with likely expanded economic espionage targeting of sub-Saharan Africa. 

Made in China 

Offensive cyber operations conducted by The People’s Republic of China (PRC) remained extensive throughout 2023. Beijing’s operations focused heavily on IO and intelligence gathering, almost certainly due to the strategic objectives regarding the ‘Made in China 2025’ initiative, the national strategic plan to secure China’s position as a global leader in high-tech industries. The initiative aims to reduce Beijing’s reliance on foreign technology imports and invest in its own technology advances to establish Chinese organisations that can compete domestically and globally.  

In addition, Beijing’s cyber espionage efforts against the Taiwanese semiconductor industry is a significant concern. This year will likely see China escalating its cyber operations to advance its geopolitical objectives in the South China Sea, with expanded efforts including more direct sabotage aimed towards rival states in conjunction with concentrated cyber-attacks on Taiwan’s technology sectors. Chinese IO will likely continue to expand in scope and diversification, leveraging social media and enhanced artificial intelligence (AI) capabilities to influence the outcome of crucial elections and to undermine democratic integrity in favour of leaders that better suit Chinese interests. Finally, there is a realistic possibility that there will be an uptick in People’s Liberation Army Strategic Support Force (PLASSF) sponsored cyber espionage aggression aimed towards Ukraine with recent intelligence indicating that Pakistan, a Chinese rival, has imported Ukrainian-produced unmanned aerial vehicles (UAVs), which have been added to their armed forces’ inventory and will likely be utilised to counteract Chinese military threats.  

The Iranian Sandstorm 

Throughout 2023, Iranian cyber capabilities became increasingly sophisticated, allowing state-sponsored threat actors to expand beyond their traditional Western targets to include regions such as Asia, Africa, and Latin America. Their initiatives ranged from aggressive IO to support Palestinian causes to sophisticated espionage campaigns targeting various Middle Eastern states. Case-in-point: a highly sophisticated espionage campaign launched by the Tehran-aligned Advanced Persistent Threat (APT) unit, tracked as ‘Hazel Sandstorm,’ targeted multiple states across the Middle East, including the United Arab Emirates (UAE), Israel, Iraq, Jordan, Kuwait, Oman, and Saudi Arabia. Sectors of interest for this campaign are reported to have been government agencies, military branches, and telecommunications sectors, in addition to financial organisations and non-governmental organisations (NGOs).  

Extreme caution should be exercised regarding Iran. Following the ‘Transition Day’ of the Joint Comprehensive Plan of Action (JCPoA) on 18th October 2023, certain restrictions on Iran’s nuclear and missile programmes have been lifted. However, with Iran’s increasing non-compliance since 2019, the UN Security Council Resolution 2231 decided to maintain restrictions, denying nuclear weapons testing or ballistic missile activities. There is a realistic possibility that this will result in retaliatory Iranian cyber operations being aimed towards Western government, military, financial and higher education industry verticals, as the UK, with the support of fellow E3 member states France and Germany, continues to apply restrictive measures against Tehran.  

A pivotal year for global politics   

The beginning of every year has the potential to be pivotal on the global stage — and 2024 is shaping up to be no exception. The Paris Summer Olympic Games, the 75th anniversary of the PRC, and the US presidential elections present opportunities for nefarious cyber activities. However, unlike in previous years, 2024 will likely witness the tightest culmination of geopolitics and cybercrimes that the world has ever seen.  

Cyber security has become the responsibility of businesses, governments, and individuals around the globe. Each entity must therefore become aware of evolving cyber threats, adopt strategies to deflect attacks, and, most importantly, share information learned to develop and implement robust defensive measures. The unity of a collective and diligent mindset to cyber security will become paramount to safeguard the integrity and stability of all digital assets. 

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber, specializing in strategic and geopolitical intelligence.

The post An Analysis of the Rising Cyber Crime Levels Across the Globe appeared first on Cybersecurity Insiders.

While athletes worldwide descended on Paris for the 2024 Olympics, so did cyber threats. Franz Regul, Head of IT Security for Paris 2024, predicts at least eight to 12 times the number of attacks launched against the Tokyo Games in 2021.

Paris 2024 has been proactive in ensuring their systems are secure. They have been employing ‘ethical hackers‘ to conduct rigorous stress tests and utilizing artificial intelligence to assist in sorting through and prioritizing potential security threats. These measures should reassure everyone involved in the event.

However as the games continue to progress, Josh Jacobson, Director of Professional Services at HackerOne, discussed the probability and motivations behind cyberattacks, and their possible impact, complemented by insights from Kiran Chinnagangannagari, CTO at Securin.

Josh Jacobson, Director of Professional Services, HackerOne, shared, “We can be near certain that cybercriminals will target the Olympics in some way this year. We’ve already seen attacks on ancillary systems such as the French Rail Networks. While these attacks may not directly impact the Olympic Committee itself, they could impact the games, as there is a high chance that we will continue to see support systems and networks targeted and affected throughout the event. Targets could include infrastructure like transport all the way down to individuals such as athletes, Olympic employees, and production crews.

It’s important to note that the Olympians and the teams putting on the spectacle are not the only targets. There is also a significant risk of attacks against the attendees and spectators. These could be fake ticketing sites, social engineering campaigns, or phishing attacks. Who these cybercriminals target depends on what information they want to gather and from whom—it could be nations targeting their own people to track dissent or criminals looking for financial gain. The potential impact on individuals is a genuine cause for concern and must be managed.

Where criminal groups may care more about monetary gains, nation-state actors operate with the goals of disruption and embarrassment. As we’ve already seen, mass transit is an ideal target with likely outdated and under-supported interconnected systems. Public transport disruption causes mass people and reputational impact on the affected organs and the city of Paris and creates unrest among the attendees. That doesn’t even begin to factor in the mass cost repercussions. What makes these attacks even more concerning is that they could come from nation-states or hacktivist groups who are against the Olympics, each with their own unique motivations.

Only time will tell how the summer games will play out. Still, we hope that the security and IT teams behind the event and the surrounding systems have prepared for as many scenarios as possible to protect everyone involved, from the attendees to the Olympians to the people of Paris.”

Kiran Chinnagangannagari, CTO & CPO, Securin also commented, “As the highly anticipated 2024 Paris Olympics kicks off, there are a range of cyber-attacks that officials can expect and be prepared for. From one-off, non-threatening hackers looking to cause mischief to legitimate cyber threats affecting the games and Parisian critical infrastructure, French officials can expect hacktivists, state-sponsored groups and organized crime groups to be the main cyber threats during the 2024 games.

Chinnagangannagari also shared, “Franz Regul, the Head of IT Security for Paris 2024, has made it clear that they’re focusing on sabotage operations – and that significant resources, training and scenario planning/simulations have gone into that – including keeping the location of their SecOps center secret. After Regul estimated that these Olympic games would see eight to 12 times the number of attacks than those at the Tokyo Games in 2021, they should prepare for an uptick of ransomware attacks, phishing attempts, DDoS, misinformation/deep fakes, online scams and third-party exploitation during the duration of the games. Security teams have already begun conducting stress tests by carrying out ransomware and DDoS simulations, and that is a great starting place when training to take on Olympic-level cyber threats. French security teams should continue utilizing AI to assist in their defenses and be cautious when prepping for cyber threats.

International agencies can support France by sharing continuous asset discovery and having rapid response teams on standby to recover and restore when an attack happens. This must be a collective effort between France as the host city and other international agencies to protect the games and the athletes representing their country.”

While it’s been anticipated that the Paris 2024 Olympics will experience an increase in cyberattacks from criminals, nation-states, and hackers targeting event operations and attendees, Jacobson and Chinnagangannagari have highlighted the importance of international support for France to continue to secure the games and ensure safety. Despite the event’s onset, vigilance and preparedness against cyber threats remain vital.

The post With the Olympics underway, Attendees and Spectators at Risk of Cyberattacks appeared first on Cybersecurity Insiders.

The 2024 Paris Olympic Games, set to begin later this week and extend through mid-August, are anticipated to face significant cybersecurity risks according to experts. Here are the primary concerns:

1. State-sponsored Hacking: French intelligence agency ANSSI has issued warnings that state-funded actors, particularly from Russia, may target the digital infrastructure of the games. This comes in response to Russia’s ban from participation due to doping and geopolitical tensions. Hackers may aim to disrupt the event and attract global media attention through various cyber attacks including data breaches, DDoS attacks, and other forms of fraud. Groups like the People’s Cyber Army have already expressed intent by targeting French websites.

2. Fraudulent Mobile Applications: Organizers have developed mobile apps to aid visitors, volunteers, and athletes with navigation, accommodations, and transactions. How-ever, security experts caution that malicious apps disguised as legitimate ones have surfaced on app stores. These fake apps aim to steal personal data and financial information.

3. Dark Web Data Sales: Recent incidents, such as data sets being sold on the dark web, highlight the risk of sensitive information being compromised. Credentials and personal data can be sold for profit, posing a threat before and during the games.

4. Email and SMS Phishing: Cybercriminals are increasingly using phishing scams to ex-tract valuable information from volunteers, organizers, and visitors. Users are advised to avoid clicking on suspicious links that could lead to malicious websites designed to collect personal data.

5. Ticket Sale Frauds: Experts advise against disclosing personal information when purchasing tickets or using transit services related to the Olympics. Unauthorized access to personal information like dates of birth, social security numbers, and bank details can lead to identity theft and other fraudulent activities.

To mitigate these risks, it is recommended to download tickets exclusively from official plat-forms and use only verified apps like the official Olympic Games Paris 2024 mobile app. Additionally, monitoring bank statements regularly for unauthorized transactions is advised to detect and mitigate potential fraud promptly.

The post Major Cyber Threats lurking at Paris Olympic Games 2024 appeared first on Cybersecurity Insiders.

As the cyber workforce skills gap persists, companies that fail to upskill their IT teams with the knowledge to defend themselves in the ever-changing tech landscape are vulnerable to opportunistic attackers. In addition to prioritizing skills for emerging tech trends, organizations need to ensure their workforces have fundamental skills to conduct active cybersecurity measures effectively, including the know-how to defend against AI-powered threats.   

Against a backdrop of growing cyber skills gaps in the technology workforce, a recent survey conducted by Pluralsight found that 81% of surveyed IT professionals are concerned about the rise in AI-powered threats. Surveyed respondents indicated that threat intelligence is the most valuable skill for addressing emerging cyberattacks, with reverse engineering cited as the second most valuable security skill. IT workforces must possess the right skills to combat these threats and mitigate risk. 

These findings underscore AI-powered threats that organizations are facing as they seek to fill traditional positions or, in some cases, create new cybersecurity roles to bolster their resistance and better defend themselves in the future. As confirmed in a recent warning issued by the FBI, the threat posed by cyber criminals utilizing AI tools to conduct sophisticated phishing/social engineering attacks and deepfake scams is on the rise.

Bad Actors Gain Proficiency Using AI

While the proliferation of AI doesn’t necessarily drive an increase in threats, it enhances the proficiency and scale of bad actors to conduct cyberattacks, thus driving the need for workforces to be better prepared to address risks. In the same way that a legitimate developer can leverage AI tools, malware developers can also take advantage of these tools to find faster and more effective ways to launch an attack. Cybersecurity professionals should proactively be aware of these AI tools, their capabilities and how attackers use them to better educate themselves on how to defend against them.

To avoid common cybersecurity upskilling mistakes, organizations need to focus on active security operations, assessments, control measures, and consistently practicing their response to simulated AI attacks. Organizations can gain valuable insights into the tactics and techniques of threat actors by analyzing threat intelligence. To form better security strategies. This information helps security leaders make informed decisions about security strategies, resource allocation, and prioritization of cybersecurity defenses.

Take Action Now or Be Left Defenseless 

As threats continue to escalate, organizations that are not currently taking action to enhance the cybersecurity skills of their workforce will find themselves defenseless against attacks. To upskill teams to defend against AI-powered threats, all security related roles should incorporate threat intelligence into their day-to-day functions to establish actionable insights and proactive measures.

The benefits of threat intelligence measures include creating preemptive defense strategies, driving informed decision making, and enhancing incident response capabilities. Organizations that leverage threat intelligence are better positioned to stay ahead of potential threats by recognizing early warnings of malicious activities and executing timely mitigation to thwart a successful attack.  

Threat intelligence also enhances incident response capabilities by providing context related to security related incidents such as malware, phishing, social engineering, and password breaches. By enabling organizations to understand the scope and source of incidents, threat intelligence can increase the speed and efficiency of response efforts. 

Implement Threat Intelligence to Boost Defenses 

Cybersecurity measures against AI-powered attacks will accelerate and become more comprehensive as the threat landscape grows. As such, IT professionals need to be continually trained to protect against these threats by implementing threat intelligence into their workflow and leveraging the active security skills that are needed to boost their organization’s defenses.

 

The post IT Professionals: Threat Intelligence is the Most Valued Skill to Combat AI-Powered Cyber Threats appeared first on Cybersecurity Insiders.

Phishing is an ever-growing concern in cybersecurity. It was the most common attack type in 2023, accounting for 43.3% of email-based threats – and its danger has been supercharged by the rise of generative AI. Businesses are right to be worried.

GenAI has transformed the global cybersecurity landscape. As it evolves, criminals are using it to launch increasingly sophisticated attacks with alarming ease. Despite this, companies can protect themselves from falling victim to an attack and avoid becoming one of the many entities that collectively spent $1.1 billion globally on ransomware payments last year.

Why so many attacks?

Email has been a staple of communication for decades, becoming almost second nature in both personal and professional contexts. This familiarity, however, has led to complacency, making email the perfect channel for cybercriminals.

One malicious application of genAI in emails is to impersonate trusted companies. In 2023, e-commerce and delivery companies DHL (26.1%), Amazon (7.7%), and FedEx (2.3%) were ranked in the top ten most popular choices for impersonations. Typically, these attacks come with urgent messages asking for an equally swift response to verify an “anomalous transaction” or “validate a delivery”. This encourages hurried action, preventing the recipient from taking time to consider the source of the message, and is typically done to gain access to a person’s private information for financial gain or blackmail.

Cybercriminals can also use genAI in a more sophisticated way, to create malicious spear-phishing emails, generate spoofing kits, or even learn how to use more advanced tools like multi-factor authentication (MFA) bypass kits, and even how to generate ransomware. Ransomware remains a major issue as evident in the LockBit ransomware attack earlier this year, amongst many others.

There is more however, genAI has been a boon for many threat actors, and the number of possible ways it can assist an attacker is staggering.

How threat actors use genAI

Threat actors have become adept at leveraging genAI in many ways, but here are some of the most common:

1. Open-source intelligence (OSINT) involves gathering information from publicly available sources, such as security forums, news articles, and social media, in order to impersonate a service or contact in an attempt to add legitimacy and authority to a communication. GenAI has made this process significantly easier. AI’s capability to scour and analyse vast amounts of data quickly means attackers can compile lists of targeted information that they can use to further stage attacks. 

2. Attack Chain Assistance can be provided by popular LLMs to help cybercriminals learn how to build all stages of a given attack. This is particularly helpful for novice threat-actors. In order to levy an attack against a target, the attacker needs to know every step of the attack. GenAI can not only help the attacker learn about a given attack method, it can also help them learn how to carry it out. This provides the knowledge needed to launch attacks to a whole new generation of hackers that prior to genAI lacked the knowledge to do so.

3. Spear phishing generation involves highly customised lures sent in a meticulously targeted way. Criminals research and use detailed knowledge of their targets to ensure higher success rates. In these attacks, users are baited to click links, download attachments, or enter their login details to a fake but genuine-seeming sign-in page.  These attacks aim to derive success through their highly customised nature. MFA bypass kits, such as Evilginx and W3LL panel, have become more commonly paired with spear-phishing attempts.GenAI streamlines the process of setting up the delivery mechanism (an email) with a link to a reverse-proxy service that effectively becomes an adversary-in-the-middle attack. These kits present a convincing login page and capture session cookies during MFA prompts. After this, it redirects the user to the legitimate page, none the wiser to what has happened. 

What should organisations do?

GenAI attacks are on the increase and extremely concerning, but they can be addressed. With the right knowledge, products and expertise, companies can build a robust defence against this evolving threat landscape. 

Employees are an important line of defence, so companies must invest in ongoing employee education, training and awareness of these attacks to create a secure system. However, Hornetsecurity research indicates that 26% of organisations still provide no training, which places them at risk. 

Training should be regular and engaging to ensure employees can identify, deflect and report potential attacks. By combining robust technical defences with an empowered workforce, an organisation can establish a culture where security is important for all employees, regardless of their position.  

Cybersecurity providers are also using AI to counteract these threats. Many now offer comprehensive next-gen protection packages aimed at helping organisations strengthen their defences with AI support. 

One thing to remember is that humans initiate AI attacks, and phishing will always be phishing, regardless of how cleverly disguised it is. AI-enabled attacks are based on known tactics and current technology (so far), which means they have limitations. They can largely be recognised and blocked by email security tools and for the few that make it through, it’s a matter of employees being aware of what to do.  

Hornetsecurity’s mission is to continue to stay ahead of the AI game. We empower organisations of all sizes to focus on their core business, while we protect their email communications, secure their data, help them strengthen their employees’ cybersecurity awareness, and ensure business continuity with next-generation cloud-based solutions. 

 

 

The post The new face of phishing: AI-powered attacks and how businesses can combat them appeared first on Cybersecurity Insiders.