Author: Rohit Chavda

The Met Police, a long with a host of other global law enforcement agencies, have dismantled a criminal gang that used a technology service to facilitate fraudulent text messages, leading to theft from victims. The scam primarily targeted younger individuals familiar with the internet. The technology service, LabHost, aided scammers in sending deceptive messages and directing victims to fake websites resembling legitimate online payment or shopping services.

The criminals obtained identity information, including card numbers and Pin codes, resulting in significant financial losses. Though the exact amount stolen remains unknown, LabHost reportedly generated nearly £1m in profits. In the UK alone, around 70,000 victims are thought to have been deceived into providing their details online, with 25,000 identified victims receiving warning text messages about potential fraudulent sites.

Victims are advised to seek guidance on the Metropolitan Police website, and their cases have been reported to fraud investigators. Personal details discovered in data obtained from LabHost have been secured by authorities.

In light of this story, the cybersecurity community has been positive in hearing this news:

Adam Pilton, Cyber Security Consultant at CyberSmart, and former Detective Sergeant investigating cybercrime at Dorset Police: “This is another fantastic result for UK and international law enforcement. 

“In February, we saw the takedown of Lockbit, the largest ransomware gang. This was an international operation which stemmed from fantastic work by the South West Regional Organised Crime Unit.

“This operation will be no different, and we should not underestimate the amount of work put into operations such as this. It took two years to reach this point and there would have been many people involved. This kind of incident would most likely have started from the intelligence gathered by law enforcement and investigative agencies. 

“This is why it is so important to report cybercrime: Even reporting phishing emails helps to build that intelligence picture, which enables law enforcement to protect us.

“One area of particular concern is the increasing tendency to see cybercriminals offering services to unskilled criminals who want to venture into cybercrime. This, along with the continued evolution of AI means that we must continue to build our cyber defences, staying aware of the latest threats and how we can protect ourselves. As the NCSC stated in their 2023 annual review “We have the information and tools at our disposal to defend ourselves. We just need to use them better.”

 

Martin Kraemer, security awareness advocate at KnowBe4: “News like this is important when they hit the national media. These stories are timely reminders that cybercrime is omnipresent, and it would be foolish to assume that one could not be a target.

“Cybercrime gangs are becoming more common. Law enforcement must reduce the accessibility and attractiveness of online fraud schemes. We must put a stop to the increasing trend of cybercrime turning into an opportunity business for aspiring cyber criminals. Sending out videos to all 800 users of the illegal services to scare them off is therefore a good step by law enforcement.

“Taking down cybercrime networks is the way to go. Shutting down websites alone will obviously not stop people, but seizing their services, and resources, and arresting key people will have an effect.

“Phishing-as-a-service offerings like LabHost contribute to the massive growth of phishing scams worldwide. The quality of these offerings is remarkable. They include entire tool sets to harvest a range of private information including credit card information, multi-factor authentication, or address information. The platform also offered features such as email phishing, SMS phishing, and even management of stolen credentials. Criminals use such service offerings to target businesses and private individuals. Organisations must assume responsibility for empowering their workforce by educating them to make smarter security decisions.

“It is great to see international law enforcement collaborations in taking down cybercrime groups. This is another important step. The first big takedown that tackles phishing after the Lockbit ransomware takedown earlier this year. Phishing is the most used attack vector and ransomware as the most common monetisation scheme are two important areas to tackle. Law enforcement is clearly stepping up the game and rightly so.”

Mayur Upadhyaya, CEO at APIContext: “The recent takedown of LabHost, a service used for online scams, highlights the evolving tactics of cybercriminals and the need for proactive security measures. APIContext commends the collaborative efforts of law enforcement and financial institutions.

“This case emphasises the critical role of robust API security. APIs are often gateways to sensitive data, and the LabHost incident demonstrates how criminals exploit vulnerabilities. Organisations must prioritise API security with advanced protocols to control and monitor access, preventing unauthorised activity like the creation of fake payment services seen in this case.

“Law enforcement’s use of behavioural psychology to deter criminals further emphasises the need for a multi-layered approach to cybersecurity. APIContext advocates for a combination of robust API management, real-time threat detection, and ongoing education to combat cybercrime. This incident serves as a reminder for all sectors to strengthen their defences with comprehensive security frameworks that address both technological and human vulnerabilities.”

Simon Newman, CEO, Cyber Resilience Centre for London & International Cyber Expo Advisory Council Member. “Phishing continues to be the most common type of cyber-attack used by cyber criminals and its impact can be devastating for victims. Clicking on a malicious link that encourages users to input personal information can be used by criminals to commit fraud. This is a fantastic result demonstrating the importance of international collaboration between law enforcement agencies around the world. It also shows the importance of reporting cyber-crime to the authorities with nearly 70,000 victims in the UK alone”

Brian Higgins, Security Specialist at Comparitech: “Crime as a Service (CaaS) has been around for a long time, going back to the days of off-the-shelf banking Trojans, but ever more inventive criminal enterprises constantly research contemporary attack vectors if they think there is money to be made. One more modern aspect of their targeting strategies is to match vulnerable communities with CaaS methodologies and products, as in this case predominantly messaging younger, more tech-immersed victims via Text. Whilst the size of this disrupted operation is fairly small in terms of profit, the tools employed by law enforcement show a distinct evolution in online fraud countermeasures, particularly behavioural science input and follow-up messaging. Multi-jurisdictional physical arrests are also an encouraging impact of any operation of this kind so the deterrent effect, whilst near impossible to quantify, could also be counted as a win for the agencies involved.”

The post Police apprehend global cyber gang implicated in large-scale fraud first appeared on IT Security Guru.

The post Police apprehend global cyber gang implicated in large-scale fraud appeared first on IT Security Guru.

Lookout, the endpoint-to-cloud security company, today announced the launch of Lookout SAIL, the Company’s new generative artificial intelligence (gen AI) assistant that will reshape the way cybersecurity professionals interact with Lookout Mobile Endpoint Security and Lookout Cloud Security solutions and conduct cybersecurity analysis and data protection.  

In the rapidly evolving landscape of cybersecurity, companies are engaged in an ongoing battle against cyber criminals who are constantly innovating new tactics. As cyber threats become increasingly sophisticated, every organisation faces challenges such as a growing skills gap and resource constraints that hinder the operational efficiency of cyber defenders. 

Lookout SAIL’s functionalities focus on security education, platform navigation and security telemetry analysis. This gen AI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting. Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. Through its integration into Lookout’s existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness. 

Lookout SAIL capabilities include:  

  • Platform navigation and operational efficiency: Speeds up onboarding to the Lookout platform, guiding new users through relevant platform features and answering onboarding questions within the chat feature. Users can easily “sail” around the platform to obtain answers, visualise results, and perform desired actions. 
  • Example: “Help me add a new admin to the system. 
  • Security status: Allows users to ask questions about specific tenants and investigate their organisation’s security posture. 
  • Example: “Find high and medium-risk iOS devices that have anti-phishing features enabled.” 
  • Security education: Equips users with up-to-date industry knowledge on basic and emerging topics. 
  • Example: “What is the difference between Secure DNS and On-Device VPN?” 

 “Lookout SAIL is a force multiplier for cyber defenders. It allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide. It’s the start of a journey that fundamentally transforms how people interact with systems and information, touching everything from onboarding to training, as well as cybersecurity tasks like administration, policy creation, incident response, and threat hunting,” said Aaron Cockerill, Chief Strategy Officer, Lookout. “Think of Lookout SAIL as a helpful companion, providing useful information to the user and taking them directly where they need to be, even performing actions for the user on demand.” 

Lookout has a storied history with AI and machine learning. Since its founding 15 years ago, Lookout has treated mobile cybersecurity and anti-phishing as a Big Data problem — and one that requires machine learning to solve. The Company also applied the same strategy to security against insider threats and account takeovers, pioneering the use of machine learning to monitor user behaviour to prevent data leakage and exfiltration. 

The Company now has the world’s largest mobile security dataset. Lookout platform analyses telemetry from 215 million Android and iOS devices, 269 million apps from app stores worldwide and hundreds of millions of web destinations to uncover hundreds of phishing sites every day. This enables Lookout customers the ability to detect and respond to security threats in real-time on mobile endpoints and in the cloud. 

The post Lookout incorporates generative AI assistant to support security professionals and boost security appeared first on IT Security Guru.

The UK has announced a ban on TikTok on government phones, becoming the latest country to have banned the Chinese-owned video app over raised security concerns.

The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.

The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.

In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.

When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…

Javvad Malik, lead security awareness advocate at KnowBe4:

It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties. 

Tom Davison, Senior Director Engineering International at Lookout:

If this ban goes ahead it will follow similar decrees already issued by the European Commission and the US government. The concern here is the level of access to data which TikTok affords its parent company ByteDance, which is a Chinese company headquartered in Beijing. Governments and businesses are increasingly concerned by the volume of data which 3rd parties and foreign states might be collecting. 
Mobile apps in particular are a real source of risk given the the amount and type of data they are able to collect on their users. Upwards of 60% of internet traffic now originates from mobile devices making them the prime target for data collection and surveillance. Increasingly users mix personal and work apps on the same device, drastically increasing the risks for governments and business who are tasked with controlling data sovereignty, privacy and protection. All mobile apps will be sending data somewhere and it is essential that this is understood and considered. For example, Lookout tracks over 9 million other apps that have the capability to send data to China. While they may not necessarily be malicious there is a fundamental issue of lack of awareness which is only just beginning to be acknowledged.
Brian Higgins, Security Specialist at Comparitech:

“The National Cyber Security Centre publishes advice on drafting and implementing ‘Bring Your Own Device’ and ‘Acceptable Use’ policies so why they don’t have any for Government staff is unclear. Most Social Media platforms gather vast amounts of data that users would rather they didn’t, but personal choice allows individuals to trade their privacy for functionality. They really shouldn’t be allowed to apply the same approach whilst they are engaged in Government business at any level. We’re clearly jumping on the Bad-TikTok bandwagon here but a more useful exercise would be to review and restrict Social Media access across the estate.” 

Chris Handscomb, EMEA Solutions Engineer at Centripetal

Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.

The post TikTok to be banned from UK Government Phones appeared first on IT Security Guru.

Mobile phishing is an issue plaguing the masses and a growing concern for enterprises, particularly as  2022 had the highest percentage of mobile phishing encounter rates ever, according to Lookout‘s Global State of Mobile Phishing report. On average, more than 30% of personal and enterprise users exposed to these attacks every quarter.

In the U.K., there was a 35% increase in the average number of mobile devices exposed to at least one malicious phishing attack per quarter between 2020 and 2022. In the last two years, 20-30% of mobile devices in the U.K. have been exposed to at least one malicious phishing attack every quarter.

Lookout also found that users on all devices – whether personal or work provided – are tapping more on mobile phishing links in comparison to just two years ago. The report estimates the potential annual financial impact of mobile phishing to an organisation of 5,000 employees is nearly $4 million. Enterprises operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were found to be the most heavily targeted.

“Mobile as a threat surface will continue to grow, and hybrid work continues to grow in tandem, introducing huge numbers of unmanaged devices into the enterprise environment,” said Aaron Cockerill, chief strategy officer at Lookout. “It is more important now than ever for organizations to evolve their cybersecurity strategy to proactively combat mobile phishing. As one of the most effective attack vectors for threat actors, often serving as a starting-point for more advanced attacks, mobile phishing protection should be a top priority for organizations of any size.”

In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter, with the percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.

Users, endpoints and applications are now so closely connected that threat actors can initiate advanced attacks simply by stealing user credentials. Mobile phishing is one of the most effective tactics to steal login credentials, which means that mobile phishing itself poses significant security, compliance, and financial risk to organizations in every industry. It is likely that the rise of remote work has contributed to this, as organizations relax bring-your-own-device (BYOD) policies to accommodate employees accessing corporate networks outside the traditional security perimeter.

Lookout also claim mobile phishing attacks are also growing more sophisticated. The share of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications.

The post UK sees 35% increase in mobile phishing exposures – Global State of Mobile Phishing Report appeared first on IT Security Guru.

Stress, wellbeing and mental health has become an area of discussion in many industries, particularly on how best to address its impact on the workforce. There used to be a stigma attached to those with mental health problems, often leading to them being discriminated against. Thankfully, change is happening and awareness of this important issue is increasing.  

However, in cybersecurity, it seems as though the industry is a step or two behind, instead of being ahead of the curve in how it is handling this problem.  

Looking at the stats alone, research has shown that from 1000 security professionals, 51% had been prescribed medication for their mental health. In addition to that, almost a third of CISOs have considered quitting their organisation sighting ‘burnout’ as a significant factor for wanting out.  

It is a clear and present issue.  

With the sector already suffering from a global skills shortage, ensuring those working or seeking employment in cybersecurity are looked after is imperative for its survival. Without these individuals, no one would be safe in the digital world we live in. 

Well, how have we got to this stage and how can we, as an industry, address mental health before more damage is done? At the IT Security Analyst & CISO Forum 2022, questions were posed to both leading CISOs and analysts on how big of a problem stress and burnout was, whether is it was negatively impacting the workforce’s productivity to deliver its objectives and, what can be done to solve it.  

The consensus from the room was that the industry is suffering badly from stress, fatigue and burnout, which is filtering from the senior security positions down through the chain of command to the general workforce.  

One CISO believed stress came with the territory of the positions and responsibilities they handled daily. Of course, stress is found in every profession but when reality involves existing on coffee and a lack of sleep, this is a recipe for disaster.  

This has become the norm for many unfortunately, but they wanted this to be reversed as it was not conducive to their overall mental health. There was a perception that CISOs and security professionals have this “macho” or “heroic” exterior, yet there is underlying damage being done to their wellbeing due to their profession.  

Fortunately, as senior security leaders, they all understood change was necessary. They did believe this was more management than a sole information security issue which needed to be fixed. 

Each provided ways in which a change in working culture could be achieved. For instance, beginning with words of encouragement such as saying thank you, congratulating a team member on an achievement or recognising good work. These small gestures matter and can go a long way toward changing a person’s attitude, reducing anxiety levels and even de-stressing them.  

Furthermore, communication is key and advocating regular check-ins with colleagues can build a strong support base for everyone which in turn will benefit the team and overall productivity.  

Of course, there will be stressful moments which everyone will come across, but they don’t need to occur every day.  

The world has gone through some dramatic shifts during and since the pandemic, with many people experiencing strains and difficulties on their mental and physical health. What we want to avoid is our peers being drawn towards unhealthy coping mechanisms that will impact their psychological and physical health.  

Here are a few recommendations to try and avoid such a situation happening: 

  • Use words of encouragement  
  • Set clear achievable goals and celebrate the successes 
  • Have healthy amounts of sleep and exercise  
  • Have dedicated well-being programs that focus on mental health and neurodiversity 
  • Have a culture that normalises and advocates for mental health 
  • Seek out applications that can help improve wellbeing and productivity I.e. The Zensory 

Regardless of our profession, industry or role, we all have a duty to help support an individual in need. Thankfully, there are many resources available online to point you in the right direction. Just know, you are not alone and there will always be someone willing to listen and help.  

The post Is there a problem with stress and burnout in cybersecurity? appeared first on IT Security Guru.

At the inaugural International Cyber Expo, The Guru team got the opportunity to chat with Chris Roberts, Business Development at Fortinet to better understand how the cybersecurity industry is using automation, whether there will come a point where human intervention is needed as well as hearing how it is helping security teams during the current skills shortage.  

For Roberts, automation has helped the cybersecurity industry immensely, both in terms of the technology and solutions that have spawned from its arrival but also in alleviating some of the strain placed on organisations. 

With the lack of skilled people within our industry, with automation, you can address issues 24/7. Automation is helping the cyber industry enhance and distribute threat intelligence quicker than ever before. 

When speaking with customers, the need for better and quicker intelligence to lower their time to detect a threat is key and we want to get this as low as possible. This will in turn reduce their time to remediate metrics. We are seeing the productivity of threat actors rapidly increasing – for instance we are seeing double the number of ransomware attacks, so we want customers to protect their data and improve their detection and response times and automation is helping us achieve that.  

There is a lot of value in automation, and I think organisations are starting to realise that across all verticals. We will see a large increase in automation as we progress through the next 12 to 24 months. 

With that said, Roberts believes automation is only part of the answer when tackling modern threats seen today and explains how Fortinet has been harnessing its capabilities to remove mundane tasks. 

We [Fortinet] have automated the distribution of the latest indicators of compromise (IOCs) and saved a load of time for the SOC analysts to ultimately allow them to do more interesting threat hunting activities. So, they get less bored. They don’t wake up getting excited about firewalls etc.  

These individuals get excited about examining the latest behavioral movements of an ATP or malware. We are seeing huge rises in Ransomware as a Service where for less than a couple hundred dollars threat actors can get their own customisable malware service kit. Also, bug bounties are happening in this underworld whereby ransomware groups are offering bug bounties for their ransomware threats. It has become a fully-fledged industry now.  

So yes, automation is great in helping to tackle the difficult fight against the latest security threats.  

Yet, with this new reliance on Automation, is there a real risk that human intervention could be replaced entirely, and jobs being lost? Industry professionals surveyed felt that by 2030, AI would replace humans in cybersecurity… 

At the moment, no, but who can predict the future. Right now, automation is there to add value. Whenever I talk to customers the first thing, I say is we are not talking about automation to replace people. We are talking about utilising automation to remove boring mundane tasks. By taking these away, we enable your employees to have more time to train and elevate themselves by allowing them to concentrate on threat hunting or project related work. This ultimately creates more value to the organisation by removing the incredibly boring work that no one wants to do.  

There will always be a critical place for a human within cybersecurity and to be part of the process. 

The conversation then steered to how the industry can close the skills gap and how everyday people can play their part in improving cyber hygiene. Robert’s claimed that it is everybody’s responsibility whether they like it or not to participate in cyber hygiene.  

Everyone has an opportunity to improve their own understanding. As a result, it will make their use of technology more enjoyable, pleasurable and will probably have a lower level of fear when using these devices because of the raised cyber hygiene knowledge. This will then have a positive knock-on effect on industry as there should be less devices in use that are at risk of compromise – whether that be botnets, RATs etc. 

During the pandemic, Fortinet announced that our training material would be made free of charge allowing members of the public the opportunity to improve their cybersecurity awareness. Signing up was free and it was great for families to give them a level of understanding that would benefit them now and in the future. 

Bringing an end to the discussion, Robert’s has no doubt that automation is here to stay with its impact on the cybersecurity industry being more than noticeable in helping in the fight against cybercrime. Roberts believes more can be done, especially by the everyday person, to take responsibility upon themselves to improve their own cyber hygiene. However, to say that cybersecurity can totally depend on technology without human intervention is too bold to say. Instead, striking a balance between human expertise and automation will be the desired combination in years to come for successful cybersecurity. 

The post In conversation with Chris Roberts, Business Development Manager at Fortinet appeared first on IT Security Guru.

Lookout has announced the discovery of an enterprise-grade Android surveillanceware currently used by the government of Kazakhstan within its borders. Lookout researchers also found evidence of deployment of the spyware – which Lookout researchers have named “Hermit” – in Italy and in northeastern Syria.  

Hermit is likely developed by Italian spyware vendor RCS Lab S.p.A. and Tykelab Srl, a telecommunications solutions company that may be operating as a front company. RCS Lab, a known developer that has past dealings with countries such as Syria, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher. This discovery appears to mark the first time that a current client of RCS Lab’s mobile spyware has been publicly identified. 

Hermit is a modular surveillanceware that hides its malicious capabilities in packages downloaded after it has been deployed. Researchers were able to obtain and analyze 16 of the 25 known modules. The modules, along with the core malware’s permissions, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages. 

“This discovery gives us an in-depth look into a spyware vendor’s activities and how sophisticated app-based spyware operates,” said Justin Albrecht, Threat Intelligence researcher at Lookout. “Based on how customizable Hermit is, including its anti-analysis capabilities and even the way it carefully handles data, it’s clear that this is well-developed tooling designed to provide surveillance capabilities to nation-state customers. What’s also interesting is that we were able to confirm Kazakhstan as a probable current customer of RCS Lab. It’s not often that you are able to identify a spyware vendor’s clientele.” 

Lookout researchers theorize that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers. Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background. 

 

The post Lookout Discovers Android Spyware Deployed in Kazakhstan appeared first on IT Security Guru.

Humanity has always embraced technology and, today, we are seeing increased IoT integration, cloud adoption and vast wave of remote workers who are connecting to more online infrastructures. However, this is leading many to question the cyber resiliency of organisations, particularly at a time when cyber-attacks are at an all-time high. In fact, according to respected engineer and technology author Peter Diamandis, “over the next ten years, we are going to see roughly 100 years of technological change.”

This was how Dr. Lydia Kostopoulos, SVP Emerging Tech Insights, and James McQuiggan, Security Awareness Advocate at KnowBe4, opened their KB4Con 2022 talk Implementing Cyber Resilience Utilization for the Fourth Industrial Revolution.  

The discussion first delved into our past interactions with technology; because if you don’t know where you’ve come from, you don’t know where you’re going. And this famous quote held significance in this discussion as Lydia and James stated we had entered the fourth industrial revolution.  

However, to understand this, the audience were walked through the previous three industrial revolutions (from the 1800s to present day) to see how each brought about changes that moulded society, from our technological innovations to our education habits which would define the generations that came after. 

Lydia and James then explained how the fourth revolution has given birth to IoT, Automation, Machine Learning, Quantum, the Metaverse and cyber-physical systems. Human interaction with these technologies is growing because most things have become electrified or digitised.  

These systems are even being found in our homes in the form of Siri, Alexa and Google Home. While they are designed to aid us when called upon, there are instances where such AI IoT devices are being creepily invasive by listening to our conversations.  

Yes, there are issues to iron out but the convergence of technology, like AI, has benefited society in many ways, from healthcare to transportation.  Furthermore, the use of IoT devices is well documented within SCADA and Industrial environments as they help connect individuals to enterprises. The critical point though is human intervention will always be required to oversee these systems as the lack of security is becoming more apparent.  

The talk then moved onto quantum technology, cryptocurrency and blockchain. Quantum computing is a hot topic with many nations and enterprises claiming to have reached quantum supremacy. However, both commented the fear that Quantum will have the ability to break encryption (using Qubits) and so building quantum resistant encryption must be a priority.  

Furthermore, Lydia noted the rise in blockchain, cryptocurrency and NFT attacks. She stated that banks “are not as targeted and so threat actors are turning their attention to cryptocurrency because of the lack of security.” Indeed, in 2022 alone, a report found that users had lost crypto-assets worth over $700m in security breaches at exchanges and storage providers. This didn’t deter approximately 70% of the talk’s audience who raised their hands in stating they owned some form of cryptocurrency.  

With the creation of these new technologies, building cyber resilient cultures will be the lynchpin in organisational and societal growth and security. Lydia explained how organisations needed to achieve cyber resiliency built through effective, open and clear technology communication channels. This includes adopting a mindset that allows the workforce to understand what malicious attackers think, and therefore build a culture, so it becomes second nature – akin to a red-teaming mindset. Have education be the foundation by following a security culture playbook which embeds security into the organisation’s culture, from top to bottom – this is the next evolution that must be taken as we enter the fourth technological revolution.  

The post KB4Con 2022 – Cyber Resilience and the Fourth Industrial Revolution appeared first on IT Security Guru.

New research has revealed the top Chemical Manufacturers in the EU all have concerning levels of vulnerabilities and weak spots in their attack surface.

According to the 2022 Web Application Security for Manufacturers report by Outpost24, 60% of European Chemical Manufacturers had vulnerabilities that are critically exposed and open to attacks.

This new industry threat report examined the digital footprint and application security posture of the biggest Chemical Manufacturers in the EU, (as ranked by Chemical & Engineering News) and found these enterprises run a total of 22,507 internet exposed web applications over 6,175 domains.

In fact, one in six (16%) of the applications discovered are utilising outdated components which contain known vulnerabilities, while 4% of them were classified as being suspicious and 1% deemed dangerous.

UK’s Linde, Ineos and Johnson Matthey were among the companies running vulnerable web apps as was Germany’s BASF and France’s Air Liquide. In total, 15 European Chemical Manufacturers were evaluated.

The findings are extremely concerning given external facing applications are prime targets used by threat actors for initial access to launch malware or ransomware.

“From the web applications that were examined, the Chemical Manufacturing industry has a very insecure digital footprint and overall security posture,” said Nicolas Renard, Security Researcher at Outpost24. “We know the significance a cyberattack can have against these critical systems, especially as these relate to hazardous chemicals, national infrastructure, pharmaceutical and medical supplies, which can impact core services.”

Using, Scout, Outpost24’s attack surface management tool, it found that 60% of the manufacturers studied were over what Outpost24 considers ‘critically exposed’ with an aggregated risk score of 32 or higher (out of 58.24). This puts the manufacturers at a significantly higher risk of potential cyberattacks. When compared to other industries in previous studies, Chemical Manufacturers had an overall average exposure score of 35.2, scoring only below EU retailers (48.30) and EU insurance providers (38.1), but above pharmaceutical and healthcare (32.79).

Amongst the most common attack vectors in web applications, the following 3 pose the biggest risks to the Chemical Manufacturers:

  • Security Mechanism: 63% of organisations had this as a critical issue
  • Degree of Distribution: 38% of organisations had this as a critical issue
  • Active Content & Cookies: 31% of organisations had this as a critical issue

“Having continuous asset visibility into the number of web apps that are exposed, and the conditions they are in, will go a long way in reducing risk and remediating any critical vulnerabilities before hackers spot them,” said Stephane Konarkowski, Security Consultant at Outpost24. “With many of the systems internet-connected or external facing, adopting a proactive approach to improving security hygiene and vulnerability exposures could potentially save the company millions.”

To view the full research, click here.

The post Critically Exposed Web Apps Discovered Across Europe’s Top Chemical Manufacturers appeared first on IT Security Guru.