Category: Industry

FBI has issued a warning for crypto investors to be vigilant about Pig Butchering. To those who know little about the term in Cryptocurrency investment, here’s a gist of it. It is nothing but winning the trust of investors and somehow pressurizing them to deposit more and more into wallets and websites that are eventually controlled by threat actors.

This issue came into light when the NSA discovered North Korea was indulging in tactics such as stealing digital currency to fund the nuclear ambitions of its leader, Mr. Kim Jong Un.

US Federal Bureau of Investigation is warning digital currency investors not to fall prey to such scams that promise either riches or romance and asked them to be more vigilant about the money that they are investing or about to invest.

Security experts state that Pig butchering scam starts with the threat actor sending a message via SMS or WhatsApp to victims and promising riches and romance. They do so by keeping an alluring profile picture that is not only attractive, but sometimes is filled with malware that drops as soon as the victim clicks on the profile pic.

Initially, the conversations are sweet and are convincing. Then the fraudster plays a ploy on the target to move their digital currency to the wallet of their choice, promising to return the sum after sometime with unrealistic interest pay or double the amount assurance after a certain period.

Coinbase, a noted cryptocurrency platform, has also issued a warning against such scams and asked investors to be vigilant while putting money into firms that claim to be international non-profit organizations, global anti scam organizations, easy money platforms and such firms.

NOTE- Estimates are in that Pig Butchering scam resulted in $429 million loss to companies and individuals worldwide and the presented numbers are just a guestimate and not the actual loss incurred in reality as most of the crypto investments and losses go unreported for various reasons.

 

The post FBI issues warning on “Pig Butchering” appeared first on Cybersecurity Insiders.

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average damage resulting from breaches is £176,000. […]… Read More

The post UK Construction: Cybersecurity Experts Defend Joint Ventures appeared first on The State of Security.

The number of cybersecurity incidents has risen sharply over the past two years: The compulsive digitization projects during the pandemic years left many organizations’ perimeters in shambles. Now, Russia’s war of aggression – which might go down in history as the first truly hybrid war, fought fiercely both on traditional and on cyber battlefields – is threatening these vulnerable infrastructures. This has not gone unnoticed by the political players and federal agencies of the transatlantic alliance: On both sides of the Atlantic, administrations are vehemently advocating holistic security approaches, be it in White House Executive Orders, the compendia of the German BSI (Federal Office for Information Security) or the British National Cyber Strategy.

A common component of the ambitious government frameworks is their holistic approach to cyber defense, leveraging principles such as Zero Trust, Least Privilege and Security-by-Design to help companies build stronger and more resilient environments and applications – and thus, to protect their assets and strengthen the overall economy. However, most IT teams in the private sector are understaffed, and many lack the cyber security expertise required to make this kind of fundamental changes to their IT and security stacks. This could prove fatal, especially for vendors in five select industries which represent especial attractive targets for attackers. Let’s take a look at these branches, and discuss how players in these sectors can confidently ensure a high degree of protection by following the Center of Internet Security’s (CIS) Critical Security Controls and Privileged Access Management (PAM) recommendations.

Financial Services Industry

The financial services industry has always been a prime target of cybercriminal activity. The attacks are usually financially motivated. In the worst case, a successful breach might even grant the attackers direct access to the deposits of bank customers and investors. In addition, most financial institutions also manage vast amounts of sensitive, highly valuable data for their customers: from personal financial data and business-critical information to insider information or data from data-driven businesses.

To exacerbate matters, the financial sector is currently undergoing a dynamic, if not disruptive, digital transformation: An agile swarm of aggressive young challenger banks is setting itself apart from the traditional market with innovative digital service offerings, forcing established institutions to digitize at full speed as well. All of this is rapidly increasing the dependency on technology and data across the industry, and the growing attack surfaces offer hackers countless new attack vectors.

Healthcare

The healthcare industry has also been one of the top targets for cybercriminals for many years. After all, healthcare providers’ servers arguably hold the most sensitive and tightly regulated data in the world – and these are of enormous value.

According to recent studies, healthcare saw a 200% year-over-year increase in cyberattacks in the first pandemic year alone. At a staggering 97%, web application and application-specific attacks accounted for the lion’s share of malicious activity. This can be attributed to the newly opened network infrastructures: During the pandemic, both medical staff and patients have increasingly started to access central resources as part of telemedicine concepts, and while this often improves patient care, it also creates additional points of attack.

In addition to the ubiquitous identity theft and ransomware attacks, cyber reconnaissance is playing an increasingly important role in healthcare institutions and healthcare research. A prime example is the recent attack on the European Medicines Agency (EMA), where attackers illegally accessed confidential vaccine documents.

Construction Industry

Let us have a look at the most unexpected entry on the list: According to several recent studies (e.g., the “Hiscox Cyber Readiness Report 2021” by specialist insurer Hiscox and Forrester Consulting), almost half (46%) of construction companies have been the victim of a cyberattack.

Even though many experts believe that the construction industry has been very reluctant to digitize, there is no doubt that more and more business processes are being shifted to the IT world. And as is always the case when digitizing, caution is advised: Anyone who is working with construction plans, project evaluations, and other confidential information needs to apply due diligence to avoid damage and financial losses.

The example of French construction company Ingérop illustrates how big the damage potential in the construction industry really is: In 2018, around 65 gigabytes of data were stolen from Ingérop via a German server – including a large number of documents from critical infrastructure facilities such as nuclear power plants and nuclear waste repositories, high-security prisons, and public transport networks, not to mention personal data from over 1,200 employees.

IT and Telecommunications Industry

The recent cloud and digitization boom has permanently changed the ICT industry and made it much more relevant, but also more complex. Multiple surveys document that a vast majority of IT executives worldwide consider the sprawling complexity of the tech stack as a major problem in their organization. They also expect cybercrime to increase in 2022: With the rapid rise of mobile endpoints, smart IoT devices, and open APIs, the volume and value of data processed worldwide will increase significantly and the companies’ attack surface will also continue to grow. ICT companies must therefore take care not only to advance their products and infrastructures but also to continuously optimize their security stacks.

Small & Medium Businesses

Last year’s digitization boom has fundamentally changed small and medium-sized companies: To maintain business continuity during the pandemic, extensive investments in new digital equipment were required – just think about hybrid workplaces –, which could not be postponed and were often carried by governmental digitization initiatives. However, these digitization projects were rarely accompanied by similarly ambitious security investments, so there is a lot of catching up to do in terms of cybersecurity.

While most large companies employ dedicated staff or entire departments for cybersecurity, SMEs are often inadequately protected due to a lack of resources: Only about half of them have access to well-rounded in-house security experts. For attackers, this naturally represents an attractive target, the proverbial “path of least resistance”.

So, SMEs have their work cut out for them: Despite their limited budgets, they need to mitigate potential attack vectors as comprehensively as possible. This also means they must prepare for the worst-case scenario – a successful breach – by preventing lateral movement through their network.

Privileged Access Management for a Secure Access
As different as the five industries may be, the majority of cyberattacks follow the same pattern: First, the attackers gain access to the network, often by stealing or phishing credentials. Then, they move laterally from system to system, escalating their access rights until they find the company’s crown jewels. These are then stolen, encrypted, or destroyed – depending on what promises the highest profit.

The only real protection against these kinds of attacks is a stringent Privileged Access Management (PAM), specifically for privileged accounts with far-reaching rights. The foundation of this strategy is the so-called least privilege principle, which also is a important component for Homeland Security’s Cybersecurity and Infrastructure Agency (CISA), as well as for the German BSI and the British National Cyber Strategy: Authenticated users are always only granted a minimum level of privileges for a limited period – and precisely get the access rights they need to fulfill their current task. A robust PAM solution should also support strong multi-factor authentication (MFA) and a seamless password management strategy, e.g., with automated password updates for network accounts and the secure storage of critical credentials in secure vaults. This allows IT teams to successfully restrict access to critical data such as infrastructure accounts, DevOps access, or SSH key pairs. For optimal protection, Red Team trainings, advanced audits, and dedicated employee trainings have proven effective in protecting against social engineering.

CIS Critical Security Controls
While most organizations have some PAM components in place, most lack a comprehensive strategy that addresses the issue holistically and offers full protection. This is why the non-profit Center for Internet Security (CIS) provides a set of holistic best practices through its regularly updated Critical Security Controls Framework (CSC). The 20-point framework helps companies put every aspect of their cybersecurity to the test. Particularly relevant for KRITIS-regulated companies: The current eighth edition puts a strong focus on the topics of “Access Control Management” and “Privileged Access Management” and includes multiple actionable recommendations for security practitioners to protect their privileged accounts and to implement a consistent cybersecurity strategy.

Conclusion
As recently as March 21, 2022, Joe Biden explicitly warned about Russian cyberattacks and called on companies to “harden your cyber defences immediately”. The powerful choice of words underscores the high level of risk that political decision-makers currently perceive. Cyberattacks have been on the rise for many years, but both the pandemic and the war could exponentially accelerate the threat levels. Organizations looking to ensure safe and resilient operations need to rethink their cybersecurity approach, and to position themselves more securely in cyberspace. This is especially true for enterprises from the financial, healthcare, construction and ITC sectors, as well as SMEs. These five are among the prime targets, and need to be aware of the relevance of their assets and data. Implementing a holistic PAM strategy is a very effective and quick measure to improve the security posture. In the long term, however, companies need revise their entire security stack along current best practices – and thus set the course for failsafe and resilient business operations with low operational risks.

The post Policy Recommendations for a Holistic Cybersecurity: Five Industries Under Attack, and What They Should Do? first appeared on Cyber Insights.

The post Policy Recommendations for a Holistic Cybersecurity: Five Industries Under Attack, and What They Should Do? appeared first on Cyber Insights.

Cisco Talos has discovered that Industrial Open Automation Software (OAS) that is used to operate Industrial Control Systems (ICS) is filled with critical vulnerabilities that are yet to be patched.

As OAS acts as a bridge for the data movement between two different industrial platforms like PLCs, applications, IoT devices, and databases, these systems play a crucial role in industrial operations and any disruption to them can make or break a business on a permanent note.

Although out of eight, 6 of these flaws were patched, most of the Industrial Control Systems are yet to be updated. The company advises companies to go for network segmentation to lessen the access to hackers who could exploit vulnerabilities.

Researchers from Cisco are also advising organizations to create custom groups and user accounts that have only the needed permissions so that their access is limited.

Additionally, they are also recommended to defend digital environments by using preventive Zero Trust Access Controls for authenticating device trust and user trust.

Coming to a separate study made on ransomware spread in the industrial sector, Cisco claims that no one ransomware family was observed targeting the same company twice in the first quarter of 2022.

All thanks to the democratization of ransomware adversaries that have led to the attack’s downtrend. However, the concerning part is the emergence of new file-encrypting malware families that include Cuba, Entropy, and Cerber along with the sophistication of Hive and Conti malware families.

 

The post Industrial Open Automation Software filled with vulnerabilities appeared first on Cybersecurity Insiders.