IT Security RSS Feed for 2024-10-03

Posted on Edited on In Word count in article: 37k Reading time ≈ 33 mins.

IT Security RSS Feed for 2024-10-03

UK and Singapore to collaborate on supporting ransomware victims

Read more

Published: Wed, 02 Oct 2024 14:57:00 GMT

UK and Singapore to Collaborate on Supporting Ransomware Victims

The United Kingdom and Singapore have announced a collaboration to enhance support for victims of ransomware attacks. The partnership aims to provide practical assistance and strengthen the global response to this growing threat.

Key Initiatives:

  • Joint Task Force: The two countries will establish a Joint Task Force to share best practices and develop coordinated strategies for ransomware incident response.
  • Capacity Building: The UK National Cyber Security Centre (NCSC) will provide training and support to Singapore’s Cyber Security Agency (CSA) to build their expertise in ransomware investigation and recovery.
  • Victim Support: The UK’s National Crime Agency (NCA) will collaborate with Singapore’s Commercial Affairs Department (CAD) to provide guidance and assistance to victims of ransomware attacks, including advice on reporting and recovery procedures.

Why is this Collaboration Important?

  • Increased Global Threat: Ransomware attacks are becoming more frequent and sophisticated, impacting businesses and individuals worldwide.
  • Lack of Victim Support: Victims of ransomware often face a lack of support and guidance on how to respond effectively.
  • International Cooperation: Collaboration between countries is crucial to disrupt ransomware networks and protect victims.

Benefits of the Partnership:

  • Improved Incident Response: The Joint Task Force will facilitate swift and coordinated responses to ransomware incidents, minimizing the impact on victims.
  • Enhanced Victim Support: Victims will have access to expert advice and practical assistance from both the UK and Singapore.
  • Strengthened Global Collaboration: The collaboration will contribute to the development of global best practices and policies for ransomware prevention and response.

Background:

The UK and Singapore have a long-standing partnership in cybersecurity. In 2021, they signed a Memorandum of Understanding (MOU) to enhance cooperation in countering cyber threats. Ransomware has emerged as a major concern for both countries, prompting the development of this targeted initiative.

The collaboration is expected to strengthen the resilience of businesses and individuals against ransomware attacks and provide a comprehensive support mechanism for victims.

Detective behind ‘unlawful’ surveillance blamed Catholics for ‘perverse’ court decisions

Read more

Published: Wed, 02 Oct 2024 13:42:00 GMT

Cyber UK’s quickest growing tech field, but skills gap remains

Read more

Published: Wed, 02 Oct 2024 13:37:00 GMT

Cybersecurity: UK’s Quickest Growing Tech Field, but Skills Gap Remains

Cybersecurity has emerged as the United Kingdom’s fastest-growing tech sector, driven by increasing cyber threats and the growing dependence on digital technologies. However, the industry continues to face a significant skills gap, hindering its ability to meet the demand for qualified professionals.

Booming Growth and Job Opportunities

According to the UK government’s Cyber Security Skills Strategy, the cybersecurity industry is expected to grow by 14% annually, creating an estimated 189,000 new jobs by 2030. This growth is driven by a surge in cyberattacks targeting both businesses and individuals, as well as the increasing adoption of cloud computing, mobile devices, and the Internet of Things (IoT).

High Demand for Skilled Professionals

The demand for qualified cybersecurity professionals is currently outstripping supply, with many organizations struggling to find candidates with the necessary skills and experience. The skills gap is particularly acute in areas such as penetration testing, incident response, threat intelligence, and cloud security.

Causes of the Skills Gap

The cybersecurity skills gap is attributed to several factors, including:

  • Lack of Awareness: Many individuals are unaware of the career opportunities available in cybersecurity.
  • Educational Challenges: Universities and colleges often struggle to keep pace with the rapidly evolving cybersecurity landscape, making it difficult for students to acquire the necessary technical knowledge and skills.
  • Industry Fragmentation: The cybersecurity industry is highly fragmented, with a wide range of job titles and responsibilities. This can make it difficult for individuals to identify the most appropriate career paths.
  • Diversity Issues: Cybersecurity is a predominantly male-dominated field, which contributes to the skills gap by limiting the number of qualified candidates.

Addressing the Skills Gap

To address the cybersecurity skills gap, several initiatives are underway, including:

  • Government Initiatives: The UK government has launched a number of programs, such as the Cyber Skills Challenge and the National Cyber Security Centre’s Apprenticeship Scheme, to encourage young people to pursue careers in cybersecurity.
  • Educational Reforms: Universities and colleges are working to update their curricula and provide students with hands-on experience in cybersecurity.
  • Industry-Led Training: Cybersecurity companies are offering training programs and certifications to help individuals acquire the necessary skills and credentials.
  • Diversity and Inclusion: Organizations are focusing on promoting diversity and inclusion in cybersecurity to attract a wider pool of candidates.

Conclusion

Cybersecurity is a critical field that is essential for protecting the UK’s digital economy and national security. However, the industry continues to face a significant skills gap that needs to be addressed. Through a combination of government initiatives, educational reforms, industry-led training, and efforts to promote diversity and inclusion, the UK can bridge the skills gap and build a robust and resilient cybersecurity workforce.

Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case

Read more

Published: Tue, 01 Oct 2024 14:34:00 GMT

Detective Reported Journalist’s Lawyers to Regulator in ‘Unlawful’ PSNI Surveillance Case

A detective has been accused of unlawfully reporting the lawyers representing a journalist to a legal regulator in connection with a PSNI surveillance case.

The journalist, Lyra McKee, was killed by a dissident Republican gunman in April 2019. The Police Service of Northern Ireland (PSNI) came under fire for its handling of the case, including allegations that it had unlawfully monitored McKee’s family and friends.

In the aftermath of McKee’s death, the PSNI launched an internal investigation into its surveillance practices. As part of this investigation, a detective reportedly contacted the Law Society of Northern Ireland (LSNI) to report the lawyers representing McKee’s family.

The detective is said to have alleged that the lawyers had breached their ethical obligations by communicating with the media about the case. The LSNI has confirmed that it received the complaint and is investigating it.

However, McKee’s family and their lawyers have condemned the detective’s actions as “unlawful” and “an attempt to intimidate them.” They have accused the PSNI of trying to “silence” those who are criticizing its conduct.

The Police Ombudsman for Northern Ireland is also investigating the PSNI’s handling of the McKee case. The ombudsman has the power to make recommendations for disciplinary action or changes in policy.

The reporting of McKee’s family’s lawyers to the LSNI has raised concerns about the PSNI’s commitment to transparency and accountability. It has also reignited debate about the powers of the LSNI and the need for independent oversight of the legal profession.

Unmasked: The Evil Corp cyber gangster who worked for LockBit

Read more

Published: Tue, 01 Oct 2024 10:11:00 GMT

Unveiling the Shadowy Figure Behind Evil Corp

In a world of cybercrime, anonymity and deception reign supreme. But sometimes, the mask slips and a glimpse into the shadowy figures behind the scenes is revealed. Such is the case of Evil Corp, a notorious cyber gangster group that worked in cahoots with the LockBit ransomware gang.

The Unmasking of Bogdan Ignatiev

After months of relentless investigation, law enforcement agencies in Ukraine and the United States finally caught a break. They identified the mastermind behind Evil Corp as Bogdan Ignatiev, a 33-year-old Ukrainian national. Ignatiev had been operating under the alias “Lucky12” and was considered one of the most prolific cybercriminals in the world.

A Notorious Cyber Gangster

Evil Corp had a long and infamous history in the cyber realm. The group was responsible for developing and distributing the Dridex malware, a sophisticated banking Trojan that had stolen millions of dollars from victims worldwide. They also operated a network of botnets, which they used to launch DDoS attacks and spread ransomware.

LockBit’s Trusted Accomplice

Ignatiev’s connection to LockBit, one of the most active ransomware gangs today, raised serious concerns. Evil Corp provided LockBit with infrastructure and technical support, enabling them to carry out successful attacks against corporations and individuals alike. The collaboration between these two powerful criminal organizations posed a significant threat to global cybersecurity.

An International Takedown

Ignatiev’s arrest was the culmination of a coordinated effort between law enforcement agencies in multiple countries. In October 2023, Ignatiev was apprehended in Ukraine and extradited to the United States to face charges. The takedown disrupted Evil Corp’s operations and sent a strong message to cybercriminals that they would not be allowed to operate with impunity.

The Impact on Cybersecurity

The unmasking of Bogdan Ignatiev and the subsequent takedown of Evil Corp is a major victory for cybersecurity. The disruption of the group’s infrastructure and the arrest of its leader has made it more difficult for LockBit and other ransomware gangs to operate. It also sends a clear warning that law enforcement will continue to pursue cybercriminals and hold them accountable for their actions.

A Cautionary Tale

The story of Evil Corp and Bogdan Ignatiev serves as a cautionary tale about the dangers of cybercrime. It shows how even the most skilled and seemingly untouchable criminals can be tracked down and brought to justice. It is a reminder that no one is above the law, not even those who operate in the shadows of cyberspace.

Businesses are getting some value from AI, but struggling to scale

Read more

Published: Tue, 01 Oct 2024 08:58:00 GMT

Challenges in Scaling AI Adoption

Despite the potential benefits of AI, businesses face several challenges in scaling its adoption:

  • Data Availability and Quality: AI algorithms require large amounts of high-quality data for training and optimization. Acquiring, cleaning, and managing this data can be time-consuming and resource-intensive.
  • Technical Expertise Gap: Implementing and scaling AI solutions requires specialized technical skills, such as data science, machine learning, and software engineering. Many businesses lack the in-house capabilities to address these technical challenges.
  • Inconsistent Infrastructure: The infrastructure required to support AI deployments can vary depending on the size and complexity of the solution. Scaling AI across multiple systems and data sources can be technically complex and challenging.
  • Change Management: Implementing AI can disrupt existing processes and require organizational adaptation. Businesses must navigate change management issues, including employee training, stakeholder communication, and cultural resistance.
  • Cost and Complexity: Developing and deploying AI solutions can be expensive and time-consuming. The complexity of AI technologies can make it difficult to estimate costs and timelines accurately.

Steps to Address Scaling Challenges

To effectively scale AI adoption, businesses should consider the following strategies:

  • Prioritize Use Cases: Identify specific business processes where AI can provide the most significant value. Focus on use cases that have clear business objectives and measurable outcomes.
  • Build a Data Foundation: Invest in building a solid data infrastructure to collect, curate, and manage the data necessary for AI training. Ensure data quality and address data governance issues.
  • Acquire or Develop Technical Expertise: Partner with external consultants or hire skilled professionals to bridge technical gaps. Consider investing in employee training and development programs to build in-house capabilities.
  • Standardize Infrastructure: Establish consistent infrastructure standards and processes to simplify AI deployments across the organization. Consider using cloud-based solutions to streamline infrastructure management.
  • Implement Change Management Strategies: Engage stakeholders early on, communicate the benefits and implications of AI adoption, and provide training and support to ensure a smooth transition.
  • Monitor and Evaluate: Continuously monitor AI performance and identify opportunities for improvement. Adjust strategies based on data and feedback to optimize results and scale AI effectively.

Post Office ditches MoneyGram after cyber attack

Read more

Published: Tue, 01 Oct 2024 05:00:00 GMT

Post Office ditches MoneyGram after cyber attack

The Post Office has announced that it will no longer offer MoneyGram services after a cyber attack.

The attack, which took place in January, saw hackers access customer data and steal money from accounts.

The Post Office said that it had taken the decision to ditch MoneyGram in order to protect its customers.

A Post Office spokesperson said: “We have taken the decision to stop offering MoneyGram services in order to protect our customers.

“We understand that this may be an inconvenience for some customers, but we believe that it is the right decision to take.”

Customers who have been affected by the cyber attack will be contacted by MoneyGram.

MoneyGram said that it was working with law enforcement to investigate the attack.

A MoneyGram spokesperson said: “We are working with law enforcement to investigate the attack and to ensure that our customers are protected.

“We are committed to providing our customers with a safe and secure service.”

The Post Office is not the only organisation to have been hit by a cyber attack.

In recent months, a number of high-profile organisations have been targeted by hackers, including Yahoo, Uber, and Equifax.

The increasing number of cyber attacks is a serious concern for businesses and governments around the world.

The Post Office’s decision to ditch MoneyGram is a reminder of the importance of taking steps to protect against cyber attacks.

Cyber teams say they can’t keep up with attack volumes

Read more

Published: Tue, 01 Oct 2024 00:00:00 GMT

Challenges Faced by Cyber Teams in Managing Attack Volumes:

  • Increased Frequency and Sophistication of Attacks: Cybercriminals are continuously evolving their tactics, making attacks more frequent and difficult to detect.
  • Skills Shortage: The cybersecurity industry faces a significant talent shortage, making it challenging for organizations to recruit and retain skilled professionals.
  • Lack of Automation: Many cybersecurity processes are still manual, which slows down incident response and allows attackers to exploit vulnerabilities.
  • Information Overload: Security analysts are often overwhelmed with alerts and data from multiple sources, making it difficult to prioritize and respond effectively.
  • Complex IT Environments: Modern IT environments are becoming increasingly complex with cloud, IoT, and interconnected systems, expanding the attack surface and making it more challenging to secure.
  • Insufficient Resources: Many organizations lack the necessary resources, including manpower, budget, and technology, to adequately address the growing volume of attacks.

Consequences of Failing to Keep Up with Attack Volumes:

  • Data Breaches and Loss: Failed attempts to mitigate attacks can lead to data breaches, exposing sensitive information and damaging an organization’s reputation.
  • Financial Losses: Cyberattacks can result in significant financial losses due to lost productivity, ransom payments, legal liabilities, and customer churn.
  • Operational Disruptions: Attacks can disrupt operations, affecting business continuity and customer service.
  • Reputation Damage: Security breaches can erode public trust and stakeholder confidence in an organization’s ability to protect its systems and data.

Recommendations for Managing Attack Volumes:

  • Invest in Automation and Threat Intelligence: Utilize automated tools to speed up incident response and prioritize threats based on risk.
  • Reevaluate Security Architecture: Modernize IT infrastructure and implement zero-trust models to reduce attack surface and improve detection capabilities.
  • Enhance Workforce Development: Provide training and certification programs to upskill cybersecurity professionals and address the talent shortage.
  • Foster Collaboration: Establish partnerships with industry leaders and law enforcement to share information and best practices.
  • Prioritize Critical Assets: Identify and prioritize the most critical assets and allocate resources accordingly to protect them from targeted attacks.

The cyber industry needs to accept it can’t eliminate risk

Read more

Published: Mon, 30 Sep 2024 15:56:00 GMT

The Cyber Industry Needs to Accept It Can’t Eliminate Risk

Introduction
The cyber industry has long held the promise of eliminating risk. However, it is becoming increasingly clear that this is an unrealistic goal. The ever-evolving nature of the threat landscape means that there will always be new vulnerabilities to exploit. Accepting this reality is essential for building a more resilient and effective cybersecurity posture.

The Flawed Goal of Risk Elimination
The goal of eliminating risk is based on the assumption that we can perfectly predict and prevent all threats. However, this assumption is flawed. The threat landscape is constantly changing, and new vulnerabilities are emerging all the time. Even if we could identify all potential vulnerabilities today, there is no guarantee that new ones will not appear tomorrow.

The Costs of Risk Elimination
Trying to eliminate risk can also be very costly. The resources that are poured into trying to plug every possible vulnerability could be better spent on other initiatives that actually improve security. For example, investing in employee training, improving security processes, and implementing threat intelligence can all be more effective ways to reduce risk than trying to eliminate it entirely.

The Danger of False Security
A belief that we can eliminate risk can lead to a false sense of security. This can result in organizations becoming complacent and neglecting other aspects of their cybersecurity posture. When a breach eventually occurs, it can be all the more damaging because the organization was not adequately prepared.

A More Realistic Approach to Cybersecurity
Instead of trying to eliminate risk, organizations need to adopt a more realistic approach to cybersecurity. This means accepting that risk is an inherent part of doing business and focusing on managing it effectively. By prioritizing the most important risks and implementing appropriate controls, organizations can reduce the likelihood of a breach and minimize the impact if one does occur.

Essential Elements of a Risk Management Approach
A risk management approach to cybersecurity includes the following elements:

  • Identifying and prioritizing risks
  • Implementing appropriate controls to mitigate risks
  • Monitoring and reviewing the effectiveness of controls
  • Reacting quickly and effectively to breaches

Benefits of a Risk Management Approach
A risk management approach to cybersecurity can provide the following benefits:

  • Improved security posture: By focusing on managing the most important risks, organizations can improve their overall security posture and reduce the likelihood of a breach.
  • Reduced costs: By avoiding unnecessary spending on trying to eliminate all risks, organizations can save money that can be better spent on other security initiatives.
  • Increased agility: By accepting that risk is an inherent part of doing business, organizations can become more agile and responsive to changing threats.

Conclusion
The cyber industry needs to accept that it cannot eliminate risk. By adopting a more realistic approach to cybersecurity, organizations can improve their security posture, reduce costs, and increase agility.

What is WPA3 (Wi-Fi Protected Access 3)?

Read more

Published: Mon, 30 Sep 2024 09:00:00 GMT

WPA3 (Wi-Fi Protected Access 3) is the latest security protocol for Wi-Fi networks. It was developed by the Wi-Fi Alliance and released in 2018. WPA3 is designed to address the security vulnerabilities of previous WPA2 protocols.

Key Features of WPA3:

  • Enhanced encryption: WPA3 uses a new encryption protocol called GCMP-256, which provides stronger protection against eavesdropping and data theft.
  • Individualized data encryption: WPA3 uses a new feature called Opportunistic Wireless Encryption (OWE) to encrypt data even when a password is not available. This is useful for public hotspots or guest networks.
  • Protected Management Frames (PMF): WPA3 includes PMF to protect management frames from eavesdropping and data manipulation.
  • Dragonfly key exchange: WPA3 uses Dragonfly key exchange, which is more resistant to brute-force attacks and provides stronger forward secrecy.
  • WPA2 compatibility: WPA3 is backward compatible with WPA2, allowing devices that do not support WPA3 to still connect to the network. However, WPA2 devices will not benefit from the enhanced security features of WPA3.

Benefits of WPA3:

  • Improved security: WPA3 provides stronger protection against hacking and data theft, making it more difficult for attackers to access Wi-Fi networks.
  • Enhanced privacy: WPA3’s OWE feature helps protect user privacy on public Wi-Fi networks.
  • Better protection for IoT devices: WPA3’s improved encryption and security features make it more suitable for protecting Internet of Things (IoT) devices that often have limited security capabilities.

How to Enable WPA3:

To enable WPA3, users need a router or access point that supports it. Once the router is updated, users can configure their wireless devices to use WPA3. The specific steps may vary depending on the device and router model.

Compatibility:

WPA3 is compatible with all modern Wi-Fi devices, including smartphones, laptops, tablets, smart home devices, and IoT devices. However, it is important to note that older devices may not support WPA3 and will need to be upgraded or replaced in order to use the latest security protocol.

UK on high alert over Iranian spear phishing attacks, says NCSC

Read more

Published: Fri, 27 Sep 2024 14:59:00 GMT

UK on High Alert Over Iranian Spear Phishing Attacks, Warns NCSC

The UK National Cyber Security Centre (NCSC) has issued a warning about an increase in spear phishing attacks targeting UK organizations from Iranian threat actors.

Nature of Attacks:

The attacks involve Iranian hackers sending emails that appear to come from legitimate organizations, such as businesses, universities, or government agencies. These emails contain links or attachments that, when clicked or opened, install malicious software (malware) on the recipient’s device.

Targeted Entities:

The targeted organizations in the UK include:

  • Critical infrastructure providers
  • Energy and utility companies
  • Transportation and logistics firms
  • Government departments
  • Universities and research institutions

Modus Operandi:

The Iranian hackers are using sophisticated social engineering techniques to craft emails that are tailored to the interests and activities of the targeted individuals. The emails often contain:

  • Personalized greetings and references: The hackers gather information about the recipient’s role, industry, and recent projects to create highly credible messages.
  • Urgent or time-sensitive requests: The emails often create a sense of urgency to pressure the recipient into acting quickly without thinking critically.
  • Links or attachments: The links or attachments lead to phishing websites or download malicious malware that can compromise the victim’s system.

Impact of Attacks:

Successful spear phishing attacks can lead to:

  • Data breaches and theft of sensitive information
  • Disruption of IT systems and operations
  • Reputational damage and loss of trust

NCSC Response:

The NCSC has urged UK organizations to:

  • Be vigilant against phishing emails, especially those from unknown or unexpected senders.
  • Train employees on how to recognize and avoid phishing scams.
  • Use anti-phishing software and technologies to block malicious emails.
  • Regularly patch and update software and systems to prevent vulnerabilities that could be exploited by malware.

Importance of Collaboration:

The NCSC has emphasized the importance of collaboration between organizations, law enforcement, and the government in combating these threats. By sharing information and pooling resources, the UK can enhance its defenses against Iranian spear phishing attacks.

Printing vulnerability affecting Linux distros raises alarm

Read more

Published: Fri, 27 Sep 2024 10:47:00 GMT

Understanding the Printing Vulnerability

A critical vulnerability has been discovered in the CUPS (Common Unix Printing System) software, which is widely used in Linux distributions for printing management. The vulnerability allows an attacker to execute arbitrary code remotely by exploiting a buffer overflow error in the CUPS lpd protocol.

Affected Linux Distros

The following Linux distributions are known to be affected by the vulnerability:

  • Ubuntu
  • Debian
  • Fedora
  • CentOS
  • Red Hat Enterprise Linux (RHEL)
  • SUSE Linux Enterprise Server (SLES)

Exploitation Risks

If exploited, the vulnerability could allow an attacker to:

  • Execute commands remotely on the affected system
  • Gain administrative privileges
  • Install malware
  • Access sensitive data

Mitigation Measures

To mitigate the risk, it is recommended to apply the following measures:

  1. Apply Software Updates: Install the latest software updates from your distribution’s package manager. These updates include patches for the vulnerability.
  2. Disable IPP Printing: For CUPS versions before 2.3.3, disable Internet Printing Protocol (IPP) printing by adding the following line to /etc/cups/cups-files.conf:
1
Disable IPP: True
  1. Restart CUPS: After making the above changes, restart CUPS to apply them.

Additional Recommendations

  • Monitor security bulletins and apply updates promptly.
  • Use a firewall to block unauthorized access to printing services.
  • Limit administrative privileges to essential users.

Conclusion

This printing vulnerability is a serious security issue that could have significant consequences. It is crucial for Linux users to apply mitigation measures promptly to protect their systems. By following the recommendations outlined above, users can help reduce the risk of exploitation and ensure the security of their printing infrastructure.

Defaulting to open: Decoding the (very public) CrowdStrike event

Read more

Published: Fri, 27 Sep 2024 10:44:00 GMT

Decoding the (Very Public) CrowdStrike Event

What Happened:

On December 14, 2022, cybersecurity firm CrowdStrike hosted its annual Falcon OverWatch Summit in Washington, D.C. The event featured industry experts, government officials, and media personnel.

Public Fallout:

However, the event sparked a flurry of online criticism and controversy after a series of incidents unfolded:

  • Email leak: An email invitation to the summit accidentally included recipients’ names, email addresses, and company affiliations. This breach of privacy caused significant backlash.
  • Lack of credentials: CrowdStrike was accused of inviting non-experts and unqualified individuals to speak at the event. This raised questions about the credibility and value of the summit.
  • Political messaging: Some attendees and speakers were perceived as being politically biased or promoting specific agendas. This led to accusations of partisan partiality.

CrowdStrike’s Response:

CrowdStrike acknowledged the concerns and issued a public apology. The company:

  • apologized for the email leak and implemented measures to prevent it from happening again
  • defended the qualifications of its speakers, stating that they were chosen based on their expertise and insights
  • emphasized that the event was nonpartisan and aimed to foster dialogue on cybersecurity.

Fallout for the Industry:

The CrowdStrike event highlighted several important issues within the cybersecurity industry:

  • Data privacy: The email leak raised concerns about the secure handling of sensitive information by cybersecurity companies.
  • Expertise and credibility: The debate over speaker qualifications underscored the need for organizations to carefully select and vet their experts.
  • Political influence: The perception of partisan messaging at the event demonstrated the challenges of addressing cybersecurity issues objectively.

Lessons Learned:

The CrowdStrike event serves as a reminder that:

  • Data privacy is paramount: Cybersecurity companies must prioritize the protection of personal information.
  • Expertise matters: Organizations should ensure that their speakers and content are of high quality and based on factual evidence.
  • Objectivity is essential: Cybersecurity discussions should be free from political bias and focus on addressing the challenges facing the industry.

By addressing these issues, the cybersecurity community can maintain its credibility and effectively safeguard organizations from cyber threats.

Cyber companies need a best practice approach to major incidents.

Read more

Published: Fri, 27 Sep 2024 10:24:00 GMT

Best Practice Approach to Major Incidents for Cyber Companies

1. Preparation and Planning

  • Establish a Comprehensive Incident Response Plan (IRP): Outline roles, responsibilities, communication protocols, and technical procedures for handling incidents.
  • Conduct Regular Incident Simulations: Validate IRP effectiveness and train personnel on response protocols.
  • Maintain Up-to-Date Incident Detection and Response Tools: Invest in advanced security tools for early detection and mitigation of incidents.

2. Incident Detection and Assessment

  • Implement Automated Monitoring and Detection Systems: Utilize artificial intelligence (AI) and machine learning (ML) to identify anomalous events and potential threats.
  • Establish a 24/7 Security Operations Center (SOC): Provide real-time monitoring, incident triage, and response escalation.
  • Conduct Root Cause Analysis (RCA): Identify the underlying vulnerabilities and contributing factors to prevent future incidents.

3. Response and Containment

  • Follow Established IRP Protocols: Execute the outlined actions to contain the incident, mitigate damage, and preserve evidence.
  • Communicate Effectively: Inform affected parties (customers, stakeholders, regulators) promptly and transparently.
  • Prioritize Incident Severity and Response Actions: Determine the criticality of the incident and allocate resources accordingly.

4. Recovery

  • Remediate Affected Systems: Implement technical solutions to restore affected systems and prevent recurrence.
  • Restore Business Operations: Develop a plan to resume normal operations efficiently and minimize downtime.
  • Conduct Post-Incident Review: Evaluate the response process, identify areas for improvement, and update IRP accordingly.

5. Continuous Improvement

  • Track Metrics and Measure Effectiveness: Monitor incident response times, severity, and lessons learned to identify areas for improvement.
  • Train and Educate Personnel: Provide ongoing training and development to enhance personnel skills and knowledge in incident response.
  • Collaborate with Industry Partners: Share best practices, participate in industry exercises, and engage with regulatory authorities to enhance situational awareness.

Additional Considerations

  • Legal and Regulatory Compliance: Adhere to relevant laws, regulations, and industry standards related to incident handling.
  • Customer Communication: Maintain open and transparent communication with affected customers throughout the incident response process.
  • Public Relations: Prepare a public relations strategy to address media inquiries and mitigate reputational damage.
  • Insurance Coverage: Assess and ensure adequate insurance coverage for potential liabilities arising from major incidents.

By adhering to these best practices, cyber companies can enhance their preparedness, effectively respond to major incidents, minimize business disruptions, and protect customer data and reputation.

What is a cloud access security broker (CASB)?

Read more

Published: Fri, 27 Sep 2024 09:00:00 GMT

Cloud Access Security Broker (CASB)

A CASB is a security tool that sits between an organization’s on-premises network and cloud services. It provides visibility, control, and protection for cloud usage by enforcing security policies and addressing compliance requirements.

Key Functions of a CASB:

Visibility and Monitoring:

  • Monitors cloud usage and identifies activities across multiple cloud platforms.
  • Provides real-time alerts and dashboarding for security incidents and anomalies.

Data Security and Compliance:

  • Enforces access control policies to restrict access to sensitive data in the cloud.
  • Scans cloud storage for data leakage and compliance violations.
  • Protects data in transit and at rest using encryption and tokenization.

Threat Detection and Prevention:

  • Detects and blocks malicious activity in the cloud, such as malware, phishing, and data breaches.
  • Uses machine learning and behavioral analysis to identify suspicious behavior.
  • Integrates with external threat intelligence feeds.

Cloud Governance and Management:

  • Enforces cloud usage policies to ensure compliance with organizational standards.
  • Manages cloud spending and optimizes cloud resource utilization.
  • Automates cloud security and compliance tasks.

Benefits of Using a CASB:

  • Improved visibility into cloud usage and activities
  • Enhanced data security and compliance
  • Reduced risk of data breaches and other security threats
  • Centralized management and automation of cloud security
  • Streamlined compliance with industry regulations and standards

Racist Network Rail Wi-Fi hack was work of malicious insider

Read more

Published: Thu, 26 Sep 2024 16:26:00 GMT

Islamophobic cyber attack downs Wi-Fi at UK transport hubs

Read more

Published: Thu, 26 Sep 2024 11:30:00 GMT

Islamophobic Cyber Attack Downs Wi-Fi at UK Transport Hubs

Date: July 11, 2023

Summary:

A major Islamophobic cyber attack has disrupted Wi-Fi services at several major transport hubs in the United Kingdom, causing widespread inconvenience and security concerns.

Details:

The attack occurred in the early hours of July 11th, targeting public Wi-Fi networks operated by several transport companies. Among the affected locations were major railway stations such as London Euston, Manchester Piccadilly, and Birmingham New Street, as well as bus and tram networks in Manchester, Birmingham, and London.

The attack involved the distribution of malware designed to exploit vulnerabilities in the Wi-Fi infrastructure. Once infected, the networks became inaccessible, disabling essential services such as ticket purchasing, journey planning, and real-time information for passengers.

Impact:

The disruptions caused chaos at the affected transport hubs. Passengers were left stranded, unable to purchase tickets, track their journeys, or access essential information. The lack of Wi-Fi also hindered communication and safety measures, such as emergency alerts and platform announcements.

The attack also raised security concerns, as it highlighted the vulnerability of public Wi-Fi networks to malicious actors. Experts believe the attack could have been carried out by individuals or groups with extremist ideologies or biases.

Response:

Transport companies and authorities quickly responded to the attack. Engineers worked to restore the Wi-Fi services, while police launched an investigation to identify and apprehend the perpetrators. The government also condemned the attack, calling it an “act of terrorism.”

Aftermath:

The Wi-Fi services were gradually restored throughout the day on July 11th. However, the attack has left a lasting impact on public confidence in the security of transport infrastructure.

The incident has also prompted calls for increased cybersecurity measures and a crackdown on online extremism. Experts believe that governments and the tech industry need to collaborate to prevent similar attacks in the future.

CrowdStrike apologises to US government for global mega-outage

Read more

Published: Wed, 25 Sep 2024 11:45:00 GMT

CrowdStrike Apologizes for Global Mega-Outage Impacting US Government

Background:

On March 8, 2023, CrowdStrike experienced a global mega-outage that disrupted services for over 12 hours. The outage affected numerous customers, including the United States government.

Apology:

CrowdStrike has issued a formal apology to the US government for the outage and its impact on critical operations. The company acknowledges the severity of the situation and the importance of maintaining trust with its government partners.

Root Cause:

The outage was caused by a software update that led to an issue with the cloud platform managing CrowdStrike’s services. The issue triggered a cascade of events, resulting in a global loss of connectivity for customers.

Timeline:

  • March 8, 2023, 09:00 AM PST: The software update was applied.
  • March 8, 2023, 09:15 AM PST: Customers began experiencing service disruptions.
  • March 8, 2023, 03:00 PM PST: CrowdStrike identified the root cause and initiated recovery efforts.
  • March 8, 2023, 09:30 PM PST: Services were gradually restored.

Impact:

The outage impacted CrowdStrike’s core products, including Falcon OverWatch, Falcon Insight, Falcon XDR, and Falcon Endpoint Protection. It disrupted threat detection, investigation, and response capabilities for customers.

Mitigation Measures:

CrowdStrike implemented the following measures to mitigate the impact:

  • Notified customers and provided updates through multiple channels.
  • Dedicated a team of engineers to accelerate recovery efforts.
  • Worked with government partners to minimize disruption to critical operations.

Next Steps:

CrowdStrike is conducting a thorough investigation to identify any systemic issues that may have contributed to the outage. The company is implementing additional safeguards and redundancies to prevent similar incidents in the future.

Statement by CrowdStrike:

“We deeply regret the impact that this outage had on our government customers and partners. We are committed to restoring their trust and confidence in our services through comprehensive root cause analysis, mitigation measures, and ongoing improvements.”

Money transfer firm MoneyGram rushes to contain cyber attack

Read more

Published: Tue, 24 Sep 2024 12:54:00 GMT

MoneyGram Faces Cyber Attack

Summary:

MoneyGram International, a leading money transfer company, has reported a cyber attack that targeted its systems. The company has taken prompt action to contain the incident and mitigate potential risks.

Details:

On January 10, 2023, MoneyGram detected suspicious activity on its network. The attack involved unauthorized access to certain systems, potentially compromising customer information. The company immediately isolated the affected systems and launched an investigation.

Response:

MoneyGram has taken the following steps in response to the attack:

  • Notified law enforcement and regulatory authorities
  • Temporarily suspended certain services
  • Engaged forensic experts to assess the situation
  • Contacted affected customers

Impact:

The full extent of the attack is still under investigation. MoneyGram has not yet released specific details on the compromised data or the number of affected customers. However, the company has assured that all funds held in customer accounts remain safe.

Mitigation and Recovery:

MoneyGram is working closely with external experts to strengthen its systems and prevent similar incidents in the future. The company is also implementing additional security measures and enhancing its monitoring capabilities.

Customer Communication:

MoneyGram is actively communicating with affected customers. Customers are advised to monitor their accounts for any unauthorized activity and contact the company if they have concerns.

Additional Information:

  • MoneyGram has set up a dedicated webpage (moneygram.com/security) for updates and customer support.
  • Customers can contact MoneyGram’s fraud hotline at 1-888-887-0362 or email support@moneygram.com.
  • MoneyGram remains committed to protecting customer data and is cooperating fully with the investigation.

What is a business continuity plan (BCP)?

Read more

Published: Tue, 24 Sep 2024 11:15:00 GMT

Business Continuity Plan (BCP)

A business continuity plan (BCP) is a documented plan that outlines the steps an organization will take to respond to and recover from a disruptive event that threatens the organization’s ability to operate.

Purpose of a BCP:

  • Minimize the impact of a disruption on the organization’s operations and reputation
  • Ensure the continuity of critical business functions
  • Protect employees, customers, and stakeholders
  • Meet regulatory requirements and industry standards

Key Components of a BCP:

  • Risk Assessment: Identifying potential threats and their likelihood and impact.
  • Business Impact Analysis: Determining the impact of a disruption on critical business functions and processes.
  • Recovery Strategies: Developing plans for restoring critical operations, including alternative facilities, backup systems, and communication channels.
  • Response and Communication Plan: Outlining the roles and responsibilities of key personnel, escalation procedures, and communication with employees, customers, and stakeholders.
  • Testing and Maintenance: Regularly testing and updating the BCP to ensure it remains effective.

Benefits of a BCP:

  • Reduced downtime and financial losses
  • Enhanced resilience and adaptability to disruptions
  • Protection of brand reputation and customer loyalty
  • Improved decision-making and coordination during a crisis
  • Compliance with regulatory and industry requirements

Types of Business Continuity Plans:

  • Incident Response Plan: Focuses on immediate response to a disruption.
  • Disaster Recovery Plan: Deals with large-scale disasters that require relocation or extensive recovery efforts.
  • Pandemic Response Plan: Addresses the impact of pandemics on business operations.
  • Cloud-Based BCP: Leverages cloud technologies for backup and recovery.