Author: Jane Devry

Traceable AI just released a report on the escalating concerns surrounding API security within the financial services sector. The comprehensive study, which canvassed insights from over 150 cybersecurity experts across the United States, reveals a landscape fraught with vulnerabilities and a pressing need for robust security protocols.

Financial Sector at a Regulatory Crossroads: API Security in the Spotlight 

The report paints a stark picture of the financial industry grappling with the complexities of API integration. With a staggering 82% of institutions voicing concerns over regulatory compliance, including adherence to FFIEC, OCC, CFPB, and PCI-DSS standards, the urgency for stringent API security measures has never been more apparent.

Visibility and Context: The Achilles’ Heel of API Security 

A concerning 64% of respondents admit to a lack of clarity in correlating API activities with user interactions and data trajectories, significantly impeding their threat detection capabilities. This blind spot in understanding the intricate dance of APIs, user behavior, and data movement is a glaring vulnerability in the sector’s defense strategy.

APIs: The Conduits to Sensitive Data 

APIs have become the linchpins of financial operations, routinely handling sensitive information such as personal identification (60%), authentication details (60%), payment card data (56%), and geolocation insights (55%). This makes them attractive targets for cyber adversaries, underscoring the need for fortified security measures.

The Triad of API Security Challenges 

The trifecta of unauthorized access (35%), data exfiltration (33%), and vulnerability detection (30%) constitutes the primary security hurdles for financial entities. These challenges underscore the sector’s struggle to safeguard against the unauthorized exploitation of API gateways.

Fraudulent Activities Dominate API Breach Landscape 

A significant 42% of institutions that have suffered API breaches attribute the incidents to fraudulent activities, highlighting a pervasive issue of abuse and misuse. Moreover, a mere 15% express high confidence in their ability to thwart API-centric fraud, indicating a critical gap in current security postures.

The Ripple Effects of API Breaches 

The repercussions of API breaches extend far beyond immediate data compromise. Brand integrity and customer trust, both affected in 41% of cases, emerge as the top casualties, followed closely by financial repercussions (36%) and client turnover (35%).

The Traceable AI report underscores the pressing need for heightened API security within the financial sector, highlighting an urgent call to action for institutions to address their vulnerabilities. As APIs become integral to financial operations, the sector faces significant challenges, including regulatory compliance, visibility issues, and safeguarding sensitive data.

The post Navigating the API Threat Landscape in Finance appeared first on Cybersecurity Insiders.

The ‘cybersecurity poverty line’ was a term coined over ten years ago by a Cisco security leader, Wendy Nather. We often hear it described as the resource “threshold” for adequate cyber protection. The companies beneath the line lack the budget, resources and skills to properly protect themselves from ongoing threats posed by cybercriminals. Those above the line have the resources and expertise to reasonably protect themselves. They include the largest organisations with the most mature IT environments – think financial services, healthcare and defence.

Not surprisingly, small businesses are the ones below the poverty line, and suffering for it. According to Accenture, 43% of cyberattacks target small businesses, yet only 14% have the capabilities to protect themselves. Cybercriminals see small organisations as low hanging fruit due to their lack of resources and expertise; as a result, they are more likely to be attacked, and the attacks are (more often than not) successful. Sometimes a ransomware attack on these small companies can demand such minimal and relatively affordable ransom payments, it becomes far easier for them to quickly and quietly pay up. In this environment, smaller businesses will always be on the back foot unless something changes. 

Skills, tools and insurance 

The cybersecurity poverty line is set by the many challenges of hiring talented people, retaining these people, and the costs of tools, insurance and more. This problem seems to only be growing.

It’s no secret that competition for skilled team members is steep. Those organisations without the resources to invest heavily in recruiting and retaining staff are losing out to the larger and better funded organisations that can afford top tier talent and have the mature security programs that interest prospective employees. It’s a similar situation with cybersecurity tools, which can be expensive to acquire and difficult to implement in an effective manner. 

At the same time, soaring cyber insurance premiums show no sign of slowing. Again, smaller companies are priced out and become more vulnerable to cyberattacks as a result. In some cases, those below the poverty line may not even recognise the extent of this problem.

It’s important to remember that the cybersecurity poverty line affects all organisations, regardless of whether they are above or below the threshold. These smaller companies are often part of wider supply chains with bigger, more mature organisations. They’re part of IT ecosystems in which data is being transferred across enterprise applications. Those companies below the threshold can become the penetrable backdoor that criminals use to breach and exploit those above the poverty line. Therefore, this problem affects everyone, sooner or later.

But it doesn’t require vast resources or expertise to significantly improve an organisation’s cybersecurity posture, regardless of size.

Excellence in the essentials 

The key is to approach cybersecurity with the mindset of “excellence in the essentials,” which emphasises doing the basics well, consistently and at scale. While the cyber landscape is a complex mix of varied threats, with myriad solutions to manage, we need to look at how we solve the most basic problems first and do this well, consistently.

The basics, as it turns out, is where most of the progress is made anyways (for all organisations). We know from years of incident and breach data (as noted in Verizon’s Data Breach Investigations Report, among others) that most cyberattacks exploit known vulnerabilities for which there are known solutions (i.e., patches), as well as misconfigurations of common operating systems and applications, and mismanagement of basic security controls. 

For resource-constrained organisations, focusing on essential cyber hygiene is the most effective way to improve their security posture in a meaningful way.

A good place to start is with prioritised security controls identified in reputable frameworks. The Centre for Internet Security for example, has organised their Critical Security Controls by Implementation Groups, beginning with Group 1: Essential Cyber Hygiene. By implementing essential controls in this manner, organisations can take a more productive, focused, and incremental approach to improving their defensive posture. NIST also regularly releases guidebooks on building a better security culture, to support its framework for ensuring organisations can understand, assess, prioritise, and communicate their cybersecurity efforts. 

The National Initiative for Cybersecurity Education (NICE), a program of NIST, has provided guidance on enabling the ‘everyday employee’ to contribute to their organisation’s cybersecurity posture. Security must be a shared responsibility, implemented as a community of collaborating professionals. 

This includes routine security awareness training across a business, and teaching everyone that interacts with corporate devices, or corporate information on personal devices, the basics of data management. Today’s organisations store far too much data that should be regularly sanitised and erased once it’s no longer needed, another area for shared implementation of security controls. Understanding best practices around data privacy and protection can have a huge impact on cybersecurity at a minimal cost to an organisation. 

Preparing for the worst

We can’t expect every organisation to have the best cyber expertise. However, like basic first aid and CPR, broad implementation of essential skills and actions can have a big impact (yes, we need the highly trained paramedics to show up in an emergency when someone has a heart attack, but there are certainly things you can do while you’re waiting for them to arrive that could make all the difference). 

It’s this essential cyber hygiene that can significantly improve the state of protection for those below the cybersecurity poverty line. From supporting the everyday employee, to understanding effective data management, bringing it back to the basics is a realistic approach to security for organisations that will continue to struggle with limited resources and expertise. Addressing this issue will be vital to boosting the cyber resilience of entire industries – not just the smaller players. 

 

 

 

The post Excellence in the essentials of cybersecurity – below the ‘poverty line’ appeared first on Cybersecurity Insiders.

Please see below comments by Kevin Surace, Chair, Token & “Father of the Virtual Assistant” for your consideration regarding ant coverage on Apple’s recent AI announcement:

Apple has taken a “privacy and security first” approach to handling all generative AI interactions that must be processed in the cloud. No one else comes close at this point, and no one else has spelled out with full transparency how they intend to meet that high bar. More information can be found here: https://security.apple.com/blog/private-cloud-compute/.

Note that, at least for now, this is for Apple hardware product users who must trust that what they say to the AI is private to them and can never be stolen or learned from. It’s possible that some enterprises will evaluate the strength of this and allow their employees to use Apple devices with Apple Intelligence without fear.

Apple didn’t exactly state what silicon they used here. Is it a custom GPU cluster they designed or their own M4 processors, which include a neural engine and substantial GPU resources? But in typical Apple fashion, they have vertically integrated everything and taken ownership of its security from top to bottom. It’s impressive and ahead of AWS, Microsoft, and Google cloud offerings for LLMs thus far, even if it is just in support of Apple Intelligence features.

Apple has set the bar for absolute privacy and security of generative AI interactions. Everyone else will need to scramble now to meet this bar. This may allow enterprises to trust the Apple infrastructure for routine Apple Intelligence interactions, even those that include some corporate data.

Apple has developed its own foundation models that are very impressive but don’t yet beat out GPT-4. They publish their comparisons here: https://machinelearning.apple.com/research/introducing-apple-foundation-models. While Apple has not said what its partnership with OpenAI entails, they hint that when GPT-4 (or GPT-5 perhaps) is required for more accuracy, they will use it. To ensure absolute privacy, they would need to host it themselves in their Private Cloud Compute. They didn’t state that yesterday, so I suspect that the ink is still drying on those agreements with details to be worked out. But bouncing out to GPT-4 anytime won’t work. They suggested there would be an opt-in to that, so perhaps users give up some privacy when they opt to use GPT-4. How safe is OpenAI? They do provide various levels of private operation, but no one really knows how safe, secure, and non-sharing it actually is. While Apple has published an extensive security white paper, OpenAI has a short ChatGPT Enterprise privacy note, which certainly isn’t convincing Elon Musk it’s safe.

Apple has set the bar for absolute privacy and security of generative AI interactions. This may allow enterprises to trust the Apple infrastructure for routine Apple Intelligence interactions, even those that include some corporate data. This is a world-class effort, one where they are inviting security experts to poke holes in their approach. I’d say it appears as rock solid as anything we have seen.

All data to the cloud is encrypted, so a simple man-in-the-middle attack won’t work. From what they are saying, one would have to break into their network, but they don’t even have any debugging tools enabled in runtime—no privileged runtime access. They even took major precautions against actual physical access (basically breaking into the data center). They state that they have made this so secure and so encrypted with no storage of your information that it isn’t a target. I’d say this is state-of-the-art from the silicon to the outer doors of the facility.

Apple is stating that they are using their own foundation models in the network and the devices. That’s first and foremost. Then they note a partnership with OpenAI, to be used only when required, and they will also use the best of breed models. They seem to be hedging their bets here. OpenAI is a bit of a black box. But I suspect either Apple will host it themselves or demand a very private instance for their users, and users have to opt-in to its use. They failed to give us more details on the partnership, so time will tell, but it’s clear Apple takes privacy and security seriously, and they realize the hesitancy when they mention OpenAI. My bet is they will do this right, and it won’t be an issue.

The post Expert comment: Apple AI safety & security appeared first on Cybersecurity Insiders.

The way we work has drastically changed over the last few years. Our data, users, devices, and applications are now everywhere. Just look at the hybrid workforce. According to the Society for Human Resource Management, by next year, 82% of businesses worldwide will have implemented a hybrid work model.

When you consider that number alone, it’s clear that traditional, office-centric models are no longer fit for purpose. In their place is a new hybrid landscape in which employees seamlessly access resources from anywhere and on multiple devices, including personal and corporate-owned phones, laptops, and more.

This digital transformation, coupled with the aforementioned explosion of hybrid work, the continued growing use of Internet of Things (IoT) devices, and Operational Technology (OT) systems, demands a comprehensive security overhaul, and this is where Universal ZTNA steps in.

The Genesis of Universal ZTNA

While ZTNA (Zero Trust Network Access) has been around for some time, Universal ZTNA represents a more holistic approach. Its roots lie in the limitations of traditional network security. Perimeter-based defenses, designed for a centralized workforce and static infrastructure, are struggling to adapt to the dispersed nature of today’s work environment and the ever-growing number of connected devices, which is leaving businesses susceptible to potential cyber-attacks.

A key turning point came in 2022. That’s when Gartner analyst Andrew Lerner authored a blog post titled “ZTNA Anywhere (Re-thinking Campus Network Security).” In his article, Lerner exposed the disparity between security solutions for traditional networks and those needed for the modern, remote-access world dominated by ZTNA. 

This sparked a conversation within the industry, highlighting the need for a more unified ZTNA approach that could secure not just remote users but the ever-increasing attack surface of devices.

Universal ZTNA: A Unifying Force for a Connected World

Universal ZTNA builds upon the core ZTNA principles of least privilege access and continuous verification. However, it extends these principles to encompass all users, devices, and applications, regardless of location or type. Imagine a single, unified security policy governing access for a marketing team member in New York, an engineer working remotely in London, a fleet of delivery vans with route optimization software, and even industrial robots on a factory floor – that’s the power of Universal ZTNA.

Use Cases: Unleashing the Power of Universal ZTNA

Universal ZTNA goes beyond securing just remote users and their devices. Here are some compelling use cases that showcase its versatility in today’s interconnected world:

  • Securing IoT Devices in Manufacturing: Factory floors are teeming with sensors, controllers, and robots that collect and transmit critical data. The impact of these IoT devices is significant, helping address everything from quality control and asset tracking to product optimization and worker safety, all while reducing downtime and increasing efficiency. But they can also introduce security concerns. Universal ZTNA ensures that only authorized devices can access essential systems, reducing the risk of unauthorized modifications or data breaches that could disrupt production.
  • Protecting OT Systems in Critical Infrastructure: Power grids, water treatment plants, and other OT systems offer greater operational flexibility and worker safety but, among other things, introduce new entry points for hackers. Universal ZTNA provides granular access control, ensuring only authorized personnel can manage these critical systems, preventing cyberattacks that could cripple infrastructure.
  • Enabling Secure Remote Maintenance for Industrial Equipment: Field technicians often need to remotely access industrial equipment for maintenance purposes, which can reduce costs and increase efficiencies. Naturally, this can come at a price, including new vulnerabilities. Universal ZTNA allows secure remote connections, eliminating the need for teams to physically visit each site, which can help to reduce downtime.

The Benefits of a Universal Approach

Universal ZTNA offers a compelling value proposition for organizations navigating the complex world of IoT and OT security:

  • Enhanced Security: Least privilege access and continuous verification significantly reduce the attack surface and potential breaches, even for non-traditional devices.
  • Improved Operational Efficiency: Rather than having multiple entry points, it delivers a single, secure remote access point to industrial equipment and systems, streamlining maintenance and troubleshooting processes. 
  • Simplified Management: A unified ZTNA policy simplifies security administration for a vast and diverse device landscape by eliminating the need to manage separate policies and utilize multiple enforcement mechanisms and tools for different user groups.
  • Future-Proof Scalability: As your digital ecosystem expands with more connected devices, Universal ZTNA easily scales to accommodate them, which, among other things, delivers significant cost savings.

Universal ZTNA: Building a Secure Foundation for the Future of Work

It’s no surprise that the way people and businesses operate today has changed dramatically, and in this ever-evolving work environment, Universal ZTNA is vital. With Universal ZTNA, organizations can secure their digital assets effectively, encompassing not just employees but the ever-growing web of devices. By adopting a zero-trust approach that transcends location and device type, you can empower your workforce, streamline security operations, and build a robust foundation for a secure digital future in the age of IoT and OT.

The post The Rise of Universal ZTNA appeared first on Cybersecurity Insiders.

It just takes one glance at the headlines of any major newspaper to see the devastating effects of a cyberattack. 

Unfortunately, the steps organizations have taken in response range from putting their heads in the digital sand to implementing a sophisticated series of security tools and best practices. 

In recent years, one of the most effective techniques includes making a shift toward a Zero Trust approach, which is built upon the principle that no entity—user, app, service, or device—should be trusted by default. Or, more simply, trust is established based on the entity’s context and security policies, and then continually reassessed for every new connection, even if the entity was authenticated before.

Given these benefits, it’s not surprising that a recent survey revealed that more than 60% of companies view a Zero Trust strategy as paramount. However, progress toward implementation, which depends on network segmentation for effective policy enforcement, points to a less promising state: Only 19% of the companies in the survey have micro-segmentation in place.

This gap is particularly concerning given the business importance of protecting critical assets and data, which Zero Trust does. Since many companies that have deployed micro-segmentation are just using it for visibility, the number of companies prepared to put a Zero Trust strategy into practice may be very small indeed.

Let’s explore the “Why?” and “What now?” behind this gap.

Why Companies “Roll the Dice” Instead of Following Advice

These are some of the most common reasons for a slow or missing shift toward network segmentation:

1. It’s too complicated.

Early methods that enabled segmentation required a shift in network infrastructure, involving the creation of new VLANs, subnets, and even re-IP addressing. This process could disrupt existing applications and requires meticulous documentation to ensure changes are made thoughtfully. 

2. It’s too expensive.

Many data center micro-segmentation projects are really visibility projects disguised as security. Visibility requires large-scale deployment, which can limit micro-segmentation’s cost-effectiveness for a critical workload. Also, to be effective, controls need to be turned on.

3. It faces user pushback.

If micro-segmentation is not deployed carefully, users could become frustrated when resources or applications they used to be able to access become inaccessible or experience minor disruptions. 

4. It creates Zero Trust integration headaches.

Micro-segmenting a workload provides a good starting point for Zero Trust, but many vendor solutions leave customers far from the finish line. Customer IT teams still have the unenviable task of figuring out how to enforce identity-based policies for all network packets.

How to Position a Micro-Segmentation Project For Success

Micro-segmentation has been around for some time, so even its name can come with preconceived notions, such as those mentioned above.

However, micro-segmentation implemented with the right tools is very different: It removes the need to technically (or even physically) restructure a network, instead providing the opportunity to put policy enforcement in front of each workload. This method allows legitimate traffic to move freely but stops malicious lateral attacks in their tracks.

In other words, with the right tools, planning, and preparation, micro-segmentation can put organizations and security teams on a solid path to Zero Trust. 

Here are some ways to ensure your micro-segmentation project can deliver:

Think about the big picture.

Visibility is important, but executive teams and boards buying into a micro-segmentation project expect it to deliver tangible security benefits. That means you can’t stop at visibility—you also need to turn on the controls.

Think about zones.

Micro-segmentation for Zero Trust should support the creation of virtual network zones to contain assets and devices. These define the implicit trust zone for a Zero Trust Architecture and allow you to easily target policies at a large set of similar workloads, rather than managing access to thousands of individual servers.

Think small.

Focus on a few critical applications or assets with real business impact, and use the project to segment and protect them. Achieving 100% Zero Trust for one project is far more impactful than achieving 5% for 1,000 projects, and you can avoid asking your CFO to foot the bill for a traditional “boil the ocean,” large-scale micro-segmentation project.

Think holistically.

Blocking access to an asset with micro-segmentation implies you also have to take responsibility for providing access to authorized users and software. On-premises and remote users may be impacted differently, so prioritize solutions that integrate and address the access challenge to minimize user disruption and ensure a smoother transition to a more secure network environment.

Tips for Implementing Micro-Segmentation

When micro-segmentation is properly implemented, it can be a big security (and operational) win for your organization.

So how can your organization make the shift successful?

Although every organization’s requirements, needs, and environment are unique, I’ve found some common best practices that can guide your journey toward implementing micro-segmentation:

Crawl, walk, run.

Start with a proof of concept (POC) using a test application to gauge the impact of micro-segmentation. Gradually expand the scope to include more applications, prioritizing those deemed most critical.

Choose a POC application that covers your use cases.

Selecting a POC application that reflects the diversity of your use cases ensures that the micro-segmentation strategy is comprehensive and addresses the unique needs of different parts of your organization. For example, how will your chosen segmentation method support application access from authorized users in the office or working remotely?

Consider all types of assets you need to protect.

Ensure that your micro-segmentation strategy accounts for all types of assets, including Internet of Things (IoT) and operational technology (OT) devices. Collaboration with vendors that offer native support for these devices is crucial for a holistic approach to security.

Consider where your assets are located.

Assets may be distributed across various locations, including branch offices and cloud environments. Integrating micro-segmentation with an overlay network or software-defined networking (SDN) can simplify management and enhance security across all locations.

Make Micro-Segmentation Part of Your Network

At first blush, a move to Zero Trust—and the micro-segmentation that enables it—can seem complex and time-intensive.

Fortunately, new tools and platforms, such as overlay infrastructure, are available to more easily implement a Zero Trust framework. These tools can eliminate the common hurdles and hangups while minimizing disruptions to your systems, users, and budget. 

My final thought? Test the waters with a POC application and keep your specific use cases in mind, and you will be well on your way to better cybersecurity. 

Dr. Jaushin Lee is the founder and CEO of Zentera Systems. He is a serial entrepreneur with many patents. He is also the visionary architect behind the CoIP® Platform—Zentera’s award-winning Zero Trust security overlay. Jaushin has more than 20 years of management and executive experience in networking and computer engineering through his experience with Cisco Systems, SGI, and Imera Systems.

The post The Security Step Too Many Companies Ignore: Tips for Micro-Segmenting into Your Network appeared first on Cybersecurity Insiders.

In an increasingly tech-savvy world, businesses are redefining the very core of transactions – the signature. The paradigm shift towards electronic signatures, however, is not merely a convenience. Electronic signatures have become a commodity when it comes to streamlining processes and reducing paperwork. With the rise of remote work and global digital transactions, the need for secure and efficient document processing has elevated electronic signatures into a near business-critical fundamental.

While there are many options for business leaders to incorporate digital signing into their business and agreement processes today, protecting their data while meeting legal and compliance requirements must be a priority. Many are unaware that only a solution offering zero-knowledge end-to-end encryption will guarantee the highest level of security for their data.

What is an electronic signature?

An electronic signature, or eSignature, refers to a signature created to sign an agreement or other document electronically and approve or agree to certain terms. Integrated e-signatures serve as electronic fingerprints, utilising cryptographic algorithms to verify document authenticity and user identity. This means that eSignatures can’t be removed and copied to other documents in an act of forgery.

An eSignature is an umbrella term, referring also to such simple forms like writing your name under an email or ticking a checkbox on a website. Some examples of use cases for electronic signatures include sales contracts, mortgage applications, quality control reports, non-disclosure agreements, job offer letters, purchase orders, maintenance logs, insurance claims, patient intake forms, and change requests.

Some documents that cannot be signed electronically due to special legal and formal requirements might include legal documents such as deeds, wills, adoption papers, product recall notices, divorce filings, court orders, leases as well as eviction notices. 

The evolution of eSignature solutions

The past decade has seen a surge in adoption of eSignatures, with the COVID-19 pandemic propelling the rapid adoption of eSigning that turned the global digital signature market into one of the fastest-growing in the world.

According to Deloitte, In 2020, the eSignature market size was estimated at somewhere between $2.3 and $2.8 billion, and is projected to reach over $14 billion by 2026. In fact, on a global scale, Deloitte predicts Europe along with Asia Pacific to become a fastest-growing region by 2026.

The business world clearly has no problem trusting eSignatures as secure and legally binding as traditional signatures. Yet organisations that are investing in eSigning platforms are now also turning to them for beyond classic reasons of speed and security. With integrated eSignatures they can enhance efficiency and streamline their small or medium-sized business’ document signing process by using an encrypted yet user-friendly solution.

Most eSignature services on the market see every contract that is signed by their customers. By using an end-to-end encrypted service, customers can sign agreements without sharing the contents with the service provider.

Benefits of a data room

Businesses frequently face the challenge of signing multiple documents each month, be it HR contracts, sales agreements, or NDAs. Traditional standalone eSignature solutions can entail security risks and often result in time-consuming processes and security bottlenecks.

In contrast, integrated eSignature solutions offer inherent efficiency. By adopting an integrated platform within a secure data room, businesses can dramatically reduce the time spent on sending, signing, and storing their essential documents. Electronic documents can be signed anytime, anywhere, on any electronic device, enhancing convenience for both senders and signees.

With an end-to-end-encrypted data room set-up, companies have a centralised file management system in place where documents are securely stored, shared and signed, without compromising security. Documents can seamlessly move between signing and storage within the same platform, decreasing disruptions to systems, minimising disjointed process scenarios without the need to build custom integration between systems.

Providing a secure portal for sharing documents and requesting files, guarantees the confidentiality of your clients’ information, ensuring compliance with regulations such as GDPR or industry-specific standards like FINRA throughout your collaboration.

Integration extends beyond eSignatures, encompassing cloud storage and file sharing, and offering a comprehensive solution, as a result. Where standalone solutions might lead to document management challenges, with files scattered across platforms and with different security measures applied, a unified end-to-end encrypted platform ensures transparency and accessibility across departments. This allows both internal and external stakeholders to collaborate easily and reduces the risk of overlooked or misplaced documents.

Features to consider when choosing an eSignature solution

To ensure that an eSignature solution will cover the greatest breadth of needs within the organisation, it’s best to choose features that enable you to:

  • Have ease and flexibility of creating eSignature requests from a browser, on Windows and Mac platforms.
  • Electronically sign any document, whether it’s an asset purchase agreement, employment contract or non-disclosure agreement, faster without sacrificing security.
  • Have the opportunity to design your signing workflows according to low-risk and high-liability contract cycles and ensure highest level of legal certainty whenever needed.
  • Take care of the signing process in three easy steps: create an eSign request, share the request link with your collaborators and get notified once they’re done.
  • Benefit from zero-knowledge end-to-end encryption, the gold standard for privacy, ensuring that no third parties can see your contracts.
  • Simplify the entire document management lifecycle with eSignatures integrated into a data room where files could not only be signed but stored and shared as well.
  • Create fine-grained eSignature policies and access controls to documents and share them securely with internal or external signatories through encrypted email or with encrypted links.
  • Add additional security features, such as watermarks, file expiration dates, and user verification, empowering your organisation with complete control over its data.
  • Intuitively manage your eSignature workflows by easily adding fillable fields and tracking the progress.
  • Set up a secure central contract repository for collaboration across departments and keep track of completed, pending, and rejected requests in one place. Having electronic signatures embedded into a zero-knowledge end-to-end encrypted document management platform can guarantee the highest level of security for sensitive business data.

Elevating document management to new levels

The benefits of electronic document signing to boost an organisation’s cybersecurity and productivity are clear – it speeds up the signature process considerably and makes document storage simpler and more cost-effective. eSignature solutions also help increase the security level of documents while improving efficiency and accuracy.

But beyond these advantages, integrated eSignature solutions within a secure data room offer a smarter way of document signing as part of a wider document management strategy: this allows organisations to boost productivity and keep their information safe and private at all times.

The post The future of online document signing in the era of digital transformation appeared first on Cybersecurity Insiders.

As online dangers keep changing, one type of attack really tricks people’s minds: business email scams. These scams rely a lot on tricking people rather than hacking into systems. It shows how important it is to know and protect against trickery in today’s online world.

Business email compromise (BEC) attacks are one type of attack particularly adept at manipulating human behaviour. These schemes heavily exploit social engineering tactics, emphasizing the need to grasp and counteract the skillful use of deception.

Social engineering, present in 90% of phishing attacks today, is the cornerstone of BEC attacks. These schemes exploit human vulnerabilities, leveraging urgency, emotional manipulation, and familiarity to trick individuals into divulging sensitive information or performing unauthorized actions.

Understanding common social engineering tactics and the threat groups behind them is crucial for businesses seeking to fortify their defences against BEC attacks.

Exposing threat actor groups

Diamond Sleet: Notorious for its software supply chain attack on JetBrains, Diamond Sleet poses a significant threat to organizations. By infiltrating build environments, this group jeopardizes the integrity of software development processes, warranting heightened vigilance from affected entities.

Sangria Tempest (FIN): Sangria Tempest specializes in targeting the restaurant industry, employing elaborate lures such as false food poisoning accusations to steal payment card data. Leveraging underground forums for recruitment and training, this Eastern European group has orchestrated numerous successful attacks, compromising millions of payment card records.

Octo Tempest: This group, driven by financial motives, employs sophisticated adversary-in-the-middle (AiTM) techniques and social engineering tactics. Initially targeting mobile telecommunications and business process outsourcing firms, Octo Tempest later partnered with ALPHV/BlackCat to amplify its impact through ransomware operations.

Midnight Blizzard: Operating primarily out of Russia, Midnight Blizzard targets governments, diplomatic entities, NGOs, and IT service providers across the US and Europe. Utilizing Teams messages as lures, this group aims to steal credentials by engaging users in multifactor authentication (MFA) prompts.

Safeguarding against social engineering fraud

Protecting against social engineering fraud requires a multifaceted approach. Firstly, maintain separation of personal and work accounts. By keeping personal and work accounts separate, individuals can mitigate the risk of attackers exploiting personal information to impersonate trusted entities and gain access to corporate data.

It is critical to implement Multi-Factor Authentication (MFA). While MFA adds an extra layer of security, businesses should be vigilant against emerging threats like SIM swapping. Linking MFA to authentication apps rather than phone numbers can mitigate this risk.

Educating users on the dangers of oversharing personal information online is also extremely important. Limiting the availability of personal details reduces the effectiveness of social engineering tactics that rely on establishing trust.

Businesses must deploy robust endpoint security, firewalls and email filters to safeguard against phishing attempts and other malicious activities. These defences serve as critical barriers against intrusions and data breaches.

By staying informed about ongoing threat intelligence and maintaining up-to-date defences, businesses can effectively thwart the increasingly sophisticated tactics employed by social engineering threat actors. Proactive measures are essential in safeguarding against the pervasive threat of social engineering fraud.

 

The post Don’t fall for the trap: The sneaky tactics of business email scammers revealed appeared first on Cybersecurity Insiders.

Trojans, ransomware, spyware, and other types of malware are significant threats to organizations. To stay informed and understand how the latest malware operates, cybersecurity professionals need to be able to analyze it. Here are five steps that security specialists can take to dissect malicious software and expose its functionality.

Step 1: Isolate the Malware

The first step in malware analysis is to isolate the malicious software from the rest of the system to prevent it from spreading or causing further damage. This isolation can be achieved by using a sandbox, a virtual machine, or a physical machine that is not connected to any network.

ANY.RUN lets you begin analysis of files and links in a couple of clicks

One of the easiest ways to achieve malware isolation is by uploading your malware samples to the ANY.RUN sandbox. This cloud-based service eliminates the need for any installation on your device and offers a free community plan that is sufficient for basic analysis.

Sign up for a free ANY.RUN account to analyze malware for free!

Step 2: Collect Static Information

Once the malware is isolated, the next step is to collect as much information as possible about it through static analysis. This involves examining the malware’s code without executing it. This can provide valuable insights into the malware’s functionality, its potential targets, and the techniques it uses to evade detection.

ANY.RUN provides you with the sample’s static analysis information in under 40 seconds. It is equipped with specialized modules for different file types, including:

  • PDF files: Extracts headers, HEX values, images, scripts, and URLs.
  • LNK files: Analyzes LNK files, revealing commands and potential malicious scripts.
  • MSG/Email files: Previews emails and lists metadata and IOCs to help spot spam and malicious elements.
  • Archives: Unpacks RAR, ZIP, tar.gz, and .bz2 formats, complementing the OLE module for Microsoft files.
  • Office documents: Extracts macros, scripts, images, and payloads from Office documents to help users spot and analyze potential threats.

Here is an analysis session of an email in the .eml format. 

Static analysis information of the files related to the email sample 

In this instance, the email contains a RAR format archive. The sandbox enables us to open this attachment and examine its contents, revealing a malicious executable file disguised as a PDF document. All static analysis information about each file is provided by the sandbox.

Step 3: Conduct Dynamic Analysis

Dynamic analysis involves running the malware in a controlled environment and observing its behavior. This can reveal additional information that is not apparent in the static analysis, such as network communications, registry modifications, and file system changes. 

ANY.RUN offers advanced dynamic analysis functionality with an interactive twist. It enables users to fully control the analysis environment and engage with it as they would with a standard virtual machine.

Dynamic analysis results in ANY.RUN reveal a wide range of important information, including:

  • Network activity: Incoming and outgoing HTTP calls, DNS requests, connections, as well as Suricata detection rules triggered during the analysis.
  • Processes: A hierarchical view of all the processes launched during the execution and their details, such as dumps.
  • Tactics, techniques, and procedures: All the TTPs used by the malware, mapped to the MITRE ATT&CK matrix.
  • Indicators of compromise: IOCs and malware configs, essential for further detection.

Just take a look at this analysis session to see how much information the ANY.RUN sandbox provides.

Sandbox analysis of an .LNK file revealed Formbook malware.

As part of the analysis, you get to view the entire execution chain and see exactly at which point the final Formbook payload was dropped. Plus, the service lists the malicious activities related to each process, including password stealing and PowerShell command execution.

Access all features of ANY.RUN in a 14-day free trial!

Step 4: Document the Findings

After the static and dynamic analysis, the next step is to document the findings. This should include a detailed description of the malware’s behavior, its potential impact, and any indicators of compromise (IOCs) that can be used for detection and mitigation. The documentation should be clear, concise, and accessible to both technical and non-technical stakeholders.

ANY.RUN offers ready-made malware reports that include all crucial information collected during the analysis.

ANY.RUN reports can be easily shared

These reports can be downloaded in different formats, such as PDF, HTML, or JSON.

Step 5: Ensure Mitigation and Prevention

The final step in malware analysis is to use the findings to mitigate the current threat and prevent future ones. This can involve updating the antivirus software, patching system vulnerabilities, or implementing new security policies and procedures. It’s also important to share the findings with the wider cybersecurity community to help others protect against the same malware.

Conclusion

Malware analysis is a complex and challenging process, but it is essential for effective cybersecurity. By following the steps outlined in this guide and using tools like ANY.RUN, cybersecurity professionals can gain a deep understanding of malware, its impacts, and how to defend against it.

The post How to Analyze Malware in 5 Steps appeared first on Cybersecurity Insiders.

As we approach the 2024 mid-year mark, it’s clear that businesses have been bombarded by a surge in dangerous advanced phishing schemes over the last six months. In fact, organizations of all types and sizes saw a 341% increase in sophisticated Business Email Compromise (BEC) attacks, according to the recent “The State of Phishing Mid-Year 2024” report by SlashNext.

Some of the most prevalent types of BEC threats included gift card scams (21%), social engineering investment scams (16%), purchase renewal scams (14%), social engineering beneficiary scams (12%), and social engineering donation scams (10%).

The latest spike in phishing attacks stem from 3D phishing attacks. Immersive multi-channel phishing attacks, these attacks are made up of phony attachment-based emails, bad web links, newer CAPTCHA-based attacks, and even imposter QR codes. In addition, clever attackers continued to prey on user trust by spoofing legitimate log-ins for Microsoft SharePoint, AWS, and Salesforce to launch phishing malware for credential stealing.

Credential phishing across all messaging makes up the largest category of phishing attacks today, as such threats regularly appear across the full range of email, mobile, social, and collaboration channels. The credential phishing risk is highest when the attack is hosted on legitimate, trusted infrastructure like Dropbox or Google Drive. In fact, SlashNext found a 217% increase in credential harvesting phishing attacks over the last six months. The bad actors usually attempt to harvest user credentials to launch ransomware attacks or data exfiltration attacks.

CAPTCHA-based attacks, particularly using CloudFlare, are also on the rise to mask credential harvesting forms. Attackers use generative AI tools to generate thousands of fake domains and implement CloudFlare’s CAPTCHAs to hide credential phishing forms from security protocols that are unable to bypass the CAPTCHAs.

Beyond newer CAPTCHA-based attacks, QR code-based attacks are also growing in popularity. QR code scams now make up 11% of all malicious emails, and they are often redirecting to attacks hosted on trusted infrastructure. In addition, SMS-based “smishing” attacks have steadily increased, making up 45% of all mobile threats over the last six months.

The threat from BEC phishing attacks continues to gain momentum, especially as ChatGPT and other generative AI chatbots have come into wider usage. The rapidity and heightened complexity of these AI attacks makes it almost impossible for employees to distinguish authentic emails and real messages from fake phishing attempts. Thankfully, new AI-based defense systems can automatically predict malicious phishing messages through a combination of generative AI tools, natural language processing, computer vision, relationship graphs, and contextual analysis.

These latest findings highlight the fast-growing security threats to organizations from BEC and advanced phishing attacks. Attackers are ramping up the use of generative AI, QR Codes, and CAPTCHAs as part of their sophisticated, multi-channel 3D phishing strategies.

Human users can no longer avoid or identify such sophisticated attacks, especially when relying on training and traditional cybersecurity tools that have been proven ineffective. The only solution to fight back against AI-based attacks is to implement AI-powered email and messaging security tools that can anticipate and intercept malicious messages, thereby preventing user inboxes from receiving them altogether.

 

 

The post New Surge in Risky Business Email Compromise Phishing Attacks appeared first on Cybersecurity Insiders.

A recent study by Lineaje has uncovered a startling lack of preparedness among organizations for the upcoming U.S. Cybersecurity & Infrastructure Agency’s (CISA) Secure Software Development Attestation Form deadline. The research, conducted at RSA Conference 2024, reveals that a mere 20% of companies are ready to meet the June 11, 2024, compliance deadline, a critical component of Executive Order (EO) 14028.

EO 14028, which mandates software producers to work with the U.S. government to confirm the deployment of key security practices, has been a focal point following a surge in software supply chain attacks. In 2023, these attacks affected over 2,700 U.S. organizations, marking a 58% increase from the previous year and underscoring the urgency of compliance.

Despite the clear risks and the mandate for Software Bills of Materials (SBOMs) since May 2021, Lineaje’s survey indicates that 84% of companies have yet to implement SBOMs into their development process. This gap in action suggests a disconnect between government cybersecurity efforts and industry implementation.

  • 65% of security professionals are unfamiliar with EO 14028.
  • 56% cite security vulnerabilities as their top concern, yet compliance adherence follows at only 22%.
  • 60% use open-source software, but only 16% are confident in its security.

Budget constraints and staffing shortages are cited as primary barriers to securing software and adopting necessary tools, with 45% pointing to budget limitations and 36% to lack of staffing resources.

This report serves as a wake-up call for the industry to prioritize cybersecurity compliance and awareness, as the consequences of inaction could be dire for both individual organizations and national security at large.

The post Upcoming June 11th CISA Deadline Exposes Widespread Unpreparedness in Software Security Compliance appeared first on Cybersecurity Insiders.