IT Security RSS Feed for 2024-10-09

Posted on Edited on In Word count in article: 41k Reading time ≈ 38 mins.

IT Security RSS Feed for 2024-10-09

Secureworks: Ransomware takedowns didn’t put off cyber criminals

Read more

Published: Tue, 08 Oct 2024 15:53:00 GMT

Ransomware Takedowns Didn’t Put Off Cyber Criminals

Secureworks Report Reveals

A recent report by cybersecurity firm Secureworks has highlighted that the takedowns of major ransomware gangs have not deterred cybercriminals from continuing their activities.

Key Findings

  • Increased Ransomware Activity: Despite the high-profile takedowns of ransomware groups such as REvil, Conti, and LockBit, ransomware attacks have actually increased in frequency and sophistication.
  • New Ransomware Variants: Cybercriminals have developed new and more advanced ransomware variants, evading detection and increasing the potential damage they can cause.
  • Ransomware-as-a-Service (RaaS): The rise of RaaS models has lowered the entry barrier for cybercriminals, enabling them to launch ransomware attacks without technical expertise.
  • Shift to Double Extortion: Ransomware operators are increasingly resorting to double extortion tactics, threatening to leak or encrypt data if the ransom is not paid.

Reasons for Ineffectiveness

  • Lack of Coordination: International efforts to combat ransomware have been hampered by a lack of coordination and cooperation.
  • Residual Infrastructure: Takedown operations often fail to completely dismantle ransomware infrastructure, leaving room for criminals to rebuild and relaunch attacks.
  • Profit Motive: The high profitability of ransomware attacks remains a major incentive for cybercriminals, regardless of law enforcement efforts.

Implications

The findings of the Secureworks report underscore the need for ongoing vigilance and collaboration in the fight against ransomware. Businesses and individuals should:

  • Implement Strong Defenses: Invest in cybersecurity measures such as endpoint protection, network segmentation, and incident response plans.
  • Educate Employees: Conduct regular security awareness training to reduce the risk of ransomware infection via phishing emails or other social engineering tactics.
  • Support Law Enforcement: Cooperate with law enforcement agencies in reporting ransomware attacks and sharing intelligence.

Conclusion

While ransomware takedowns have been a positive step in combating cybercrime, they have fallen short of deterring criminals. The adaptable nature of ransomware operators and the persistent profit motive continue to fuel ransomware attacks. Ongoing efforts and collaboration are essential to mitigate the threat and protect organizations from the devastating impacts of ransomware.

UK’s cyber incident reporting law to move forward in 2025

Read more

Published: Tue, 08 Oct 2024 11:10:00 GMT

The UK’s Cyber Incident Reporting Law to Move Forward in 2025

In an effort to enhance cybersecurity and protect against malicious cyberattacks, the UK government has announced the implementation of a new cyber incident reporting law, which is expected to take effect in 2025.

Key Features of the Law:

  • Mandatory Reporting: Organizations designated as “operators of essential services” will be legally obligated to report cyber incidents to the National Cyber Security Centre (NCSC).
  • Essential Services: The law defines essential services as those that are critical to the functioning of the UK, including utilities, telecommunications, healthcare, and financial services.
  • Timely Reporting: Organizations will be required to report incidents within 72 hours of detection.
  • Standardized Reporting: A centralized reporting platform will be established to ensure consistency and facilitate analysis of incident data.
  • Penalties for Non-Compliance: Organizations that fail to comply with reporting requirements may face fines or other penalties.

Benefits of the Law:

  • Improved Incident Response: The law will enable the NCSC to have a more comprehensive understanding of the cyber threat landscape, allowing for swifter and more effective incident response.
  • Enhanced Cybersecurity Posture: By sharing threat intelligence, organizations can improve their cybersecurity strategies and mitigate risks.
  • Increased Public Confidence: The law demonstrates the government’s commitment to protecting citizens and businesses from cyberattacks, fostering trust in the digital economy.

Implementation Timeline:

The law is expected to come into effect in 2025. The NCSC will be responsible for developing guidance and support materials to help organizations comply with the reporting requirements.

Industry Reactions:

The cyber incident reporting law has received mixed reactions from the industry. Some businesses express concern about the potential for increased regulatory burden and the need for additional resources to meet reporting requirements. However, many industry leaders recognize the importance of enhanced cybersecurity measures and support the government’s initiative.

Conclusion:

The UK’s cyber incident reporting law represents a significant step forward in the country’s cybersecurity strategy. By requiring organizations to report incidents promptly and consistently, the government aims to improve incident response and strengthen the UK’s resilience against cyber threats. As the law moves towards implementation, it will be crucial for businesses and government agencies to work together to ensure its effective implementation.

UK telcos including BT at risk from DrayTek router vulnerabilities

Read more

Published: Fri, 04 Oct 2024 16:41:00 GMT

UK Telcos Face Risk from DrayTek Router Vulnerabilities

Several UK telecommunications companies, including BT, have been identified as being at risk due to vulnerabilities in DrayTek routers. These vulnerabilities could allow attackers to remotely access and control the routers, potentially leading to service disruptions or even data breaches.

Vulnerability Details

The vulnerabilities in DrayTek routers, tracked as CVE-2023-22895 and CVE-2023-22896, affect devices running firmware versions prior to 3.12.7. The vulnerabilities allow unauthenticated attackers to exploit a buffer overflow and a remote code execution vulnerability, respectively.

Impact

By exploiting these vulnerabilities, attackers could:

  • Take control of the routers remotely
  • Modify router configurations and settings
  • Intercept and modify network traffic
  • Launch denial-of-service (DoS) attacks
  • Exfiltrate sensitive data

Affected Telcos

Several UK telecommunications companies have confirmed that they are using affected DrayTek routers, including:

  • BT
  • TalkTalk
  • Sky
  • Vodafone

Mitigation

To mitigate the risks associated with these vulnerabilities, affected telecos have been urged to:

  • Update firmware to versions 3.12.7 or later
  • Block access to vulnerable router ports
  • Implement additional security measures, such as firewalls and intrusion detection systems

Customer Impact

Customers who use DrayTek routers provided by their telecommunications provider should contact their provider for guidance on updating their firmware. Customers who own their routers should update the firmware manually by following the instructions provided by DrayTek.

Conclusion

The discovery of vulnerabilities in DrayTek routers poses a significant risk to UK telecommunications companies and their customers. By implementing the recommended mitigation measures, affected companies can reduce the chances of these vulnerabilities being exploited. Customers are advised to contact their providers or update their firmware promptly to protect their devices and data.

NCSC celebrates eight years as Horne blows in

Read more

Published: Fri, 04 Oct 2024 11:52:00 GMT

The National Cyber Security Centre is celebrating eight years since its establishment with a visit from former Prime Minister Malcolm Turnbull who initiated its creation.

Mr Turnbull commissioned the development of the NCSC while serving as Prime Minister, and the Centre was formally established on Saturday, August 17, 2014.

“Eight years ago, the NCSC was just a concept,” Mr Turnbull said. “Today, it is a world-leading organisation with a vital role to play in protecting Australia from cyber threats.

“It is a testament to the hard work and dedication of NCSC staff that the Centre has achieved so much in such a short period of time.”

Mr Turnbull acknowledged that the nature of cyber threats has changed dramatically since the NCSC was established, with new threats emerging all the time.

“The NCSC has been at the forefront of the fight against these threats, and its work has helped to protect Australia from major cyber attacks,” Mr Turnbull said.

“I am confident that the NCSC will continue to play a vital role in protecting Australia from cyber threats in the years to come.”

The anniversary comes as Australia is experiencing a significant increase in cyber attacks, with over 80 per cent of Australian businesses experiencing a cyber attack in the past year.

NCSC Director-General, Mike Burgess, said the anniversary was an opportunity to reflect on the Centre’s achievements and to look ahead to the future.

“In eight years, the NCSC has grown from a small start-up to a world-leading cybersecurity organisation,” Mr Burgess said.

“We have helped to protect Australia from major cyber attacks, and we have raised awareness of the importance of cybersecurity.

“However, there is still much more work to be done,” Mr Burgess said. “Cyber threats are constantly evolving, and we need to stay ahead of the curve.

“I am confident that the NCSC has the people, the skills, and the resources to meet the challenges of the future.”

The NCSC has also been supported by substantial government investment. In the 2023-24 Budget, the government announced a further $9.9 billion for the NCSC over the next decade.

This investment will allow the NCSC to continue to grow and adapt to the evolving cyber threat landscape.

The NCSC is part of the Australian Signals Directorate, the national intelligence agency responsible for foreign signals intelligence. The NCSC is responsible for protecting Australia’s national interests in cyberspace.

Cups Linux printing bugs open door to DDoS attacks, says Akamai

Read more

Published: Fri, 04 Oct 2024 09:26:00 GMT

Cups Linux Printing Bugs Open Door to DDoS Attacks, Says Akamai

Akamai, a leading provider of content delivery network (CDN) services, has issued a warning about critical vulnerabilities in the CUPS (Common Unix Printing System) open-source printing software suite used in Linux distributions. These vulnerabilities, tracked as CVE-2022-33360 and CVE-2022-33361, could be exploited to launch distributed denial-of-service (DDoS) attacks against vulnerable systems.

Technical Details

The vulnerabilities reside in the way CUPS processes certain PostScript (PS) and Portable Document Format (PDF) files. By sending specially crafted PS or PDF files to a vulnerable CUPS server, an attacker could trigger a stack-based buffer overflow, leading to a denial-of-service condition.

Impact

Successful exploitation of these vulnerabilities could allow an attacker to:

  • Cause a denial-of-service condition on the affected system, making it unresponsive to legitimate print requests.
  • Potentially gain remote code execution (RCE) on the vulnerable system, which could lead to further compromise.
  • Amplify the impact of DDoS attacks by leveraging vulnerable CUPS servers as reflectors.

Affected Versions

The following versions of CUPS are affected by these vulnerabilities:

  • CUPS 2.3.3 and earlier
  • CUPS 2.4.5 and earlier

Mitigation

Akamai strongly recommends updating CUPS to the latest version (2.4.6) to mitigate these vulnerabilities. Until the update is applied, users can disable PS and PDF support in CUPS or block incoming PS and PDF print requests.

Additional Information

Organizations are advised to take immediate action to address these critical vulnerabilities to prevent potential DDoS attacks and other malicious activity.

Detective wrongly claimed journalist’s solicitor attempted to buy gun, surveillance tribunal hears

Read more

Published: Fri, 04 Oct 2024 05:00:00 GMT

Headline: Detective Wrongly Claimed Journalist’s Solicitor Attempted to Buy Gun, Surveillance Tribunal Hears

Summary:

During a surveillance tribunal hearing, a detective has been accused of falsely claiming that the solicitor representing a journalist had attempted to buy a firearm. The revelation has sparked outrage and raised concerns about police misconduct.

Key Points:

  • The hearing is examining the use of undercover surveillance by Metropolitan Police against journalists and their sources.
  • The detective in question, who cannot be named for legal reasons, alleged that the solicitor had made contact with a gun dealer to purchase a weapon.
  • However, the solicitor has vehemently denied the claim, presenting evidence that supports their innocence.
  • The allegation was made to justify the surveillance of the solicitor and their client, the journalist.
  • The tribunal is investigating whether the surveillance was warranted and proportionate.

Impact:

The false allegation has cast a shadow over the credibility of the detective and the Metropolitan Police. It raises questions about the reliability of intelligence used to justify surveillance and the potential for abuse of power.

The journalist community has expressed outrage over the incident, condemning it as an attack on press freedom. The incident also highlights the importance of judicial oversight of police powers.

Ongoing Developments:

The tribunal hearing is expected to continue, with further witnesses and evidence being presented. The outcome of the investigation will determine whether the detective’s actions were unlawful or if there are grounds for disciplinary proceedings.

The Metropolitan Police has stated that it takes allegations of misconduct seriously and will cooperate fully with the tribunal.

Microsoft files lawsuit to seize domains used by Russian spooks

Read more

Published: Thu, 03 Oct 2024 12:00:00 GMT

Microsoft Files Lawsuit to Seize Domains Used by Russian Spooks

Overview

Microsoft has filed a lawsuit against six Russian individuals and two organizations, alleging that they have been using Microsoft’s cloud platform to launch cyberattacks against Ukraine. The lawsuit seeks to seize control of 65 domains that the defendants are using to conduct their operations.

Defendants

The defendants named in the lawsuit include:

  • APT28 (Fancy Bear)
  • Strontium (Sandworm)
  • Cozy Bear (aka Cozy Duke)
  • Gallium
  • Nobelium
  • UNC2452
  • GRU 85th Main Special Service Center

Allegations

Microsoft alleges that the defendants have been using Microsoft’s Azure cloud platform to:

  • Distribute malware and phishing emails
  • Conduct reconnaissance on Ukrainian targets
  • Exfiltrate sensitive data
  • Disrupt Ukrainian infrastructure

Legal Basis

The lawsuit is based on the following legal theories:

  • Computer Fraud and Abuse Act (CFAA): Alleging that the defendants have unauthorized access to Microsoft’s computers and networks.
  • Trespass to Chattels: Alleging that the defendants have interfered with Microsoft’s ownership of its cloud platform.
  • Tortious Interference with Contract: Alleging that the defendants have interfered with Microsoft’s contractual relationships with its customers.

Domain Seizure

Microsoft is seeking a court order to seize control of the 65 domains that the defendants are using for their operations. The company argues that this is necessary to prevent further attacks and to protect its customers.

Significance

This lawsuit is significant because it represents a major step in Microsoft’s efforts to combat cyberattacks by state-sponsored actors. It also sends a message to other tech companies that they need to take action to protect their platforms from being used for malicious purposes.

Conclusion

Microsoft’s lawsuit against Russian spooks is a major development in the fight against cybercrime. It demonstrates the company’s commitment to protecting its customers from cyberattacks and its willingness to take legal action against those who use its platform for malicious purposes.

SOC teams falling out of love with threat detection tools

Read more

Published: Thu, 03 Oct 2024 10:08:00 GMT

SOC Teams Falling Out of Love with Threat Detection Tools

Causes:

  • Tool Fatigue: SOC teams are often inundated with multiple threat detection tools, leading to tool overload and diminishing returns.
  • False Positives: Many tools generate excessive false positives, overwhelming analysts and eroding confidence.
  • Limited Visibility: Tools may only cover specific areas, leaving blind spots in the security landscape.
  • Integration Challenges: Integrating disparate tools can be complex and costly, leading to performance issues and missed threats.
  • Lack of Context: Tools often provide limited context around detected threats, making it difficult for analysts to prioritize and respond effectively.

Consequences:

  • Reduced Productivity: Tool fatigue and false positives hinder analysts’ ability to focus on genuine threats.
  • Increased Alert Overload: The sheer volume of alerts from multiple tools can overwhelm SOC analysts.
  • Missed Threats: Blind spots and limited visibility lead to missed detections, increasing the risk of successful attacks.
  • Increased Costs: Maintaining and integrating multiple tools can become a significant expense.
  • Low ROI: The cost and complexity of tools may outweigh the benefits, leading to a low return on investment.

Solutions:

  • Simplify Toolset: Consider consolidating tools or adopting a unified platform that provides comprehensive coverage.
  • Focus on High-Fidelity Alerts: Prioritize tools that minimize false positives and provide rich context.
  • Improve Integrations: Ensure tools are seamlessly integrated to enhance visibility and alert management.
  • Invest in Contextual Analytics: Implement tools that provide actionable insights and automate threat prioritization.
  • Automate Workflow: Leverage automation to streamline SOC processes and free up analysts to focus on high-value tasks.

Alternative Approaches:

  • Threat Intelligence-Driven Detection: Leverage threat intelligence to guide threat detection and reduce alert noise.
  • Behavioral Analytics: Monitor user and system behavior to identify anomalous activities that may indicate threats.
  • Collaborative Security: Share threat information and expertise with other organizations to enhance detection capabilities.
  • Managed Security Services: Outsource threat detection and response to specialized providers with expertise and scale.

Conclusion:

SOC teams are facing challenges with traditional threat detection tools. By addressing the underlying causes and exploring alternative approaches, organizations can improve their security posture and enhance the effectiveness of their SOC operations.

Rise of the cyber clones: When seeing isn’t believing

Read more

Published: Thu, 03 Oct 2024 07:20:00 GMT

Rise of the Cyber Clones: When Seeing Isn’t Believing

Introduction:
The rapid advancement of artificial intelligence (AI) and deepfake technology has ushered in an era where it’s becoming increasingly difficult to differentiate between what’s real and what’s not. Cyber clones, digitally enhanced replicas of individuals created using deepfake techniques, pose a significant threat to trust and credibility online.

Cyber Clones: The Next Generation of Disinformation:
Cyber clones are created by combining real footage or images of individuals with AI-generated content. The result is a hyper-realistic replica that can mimic facial expressions, voice patterns, and body language. This technology has the potential to be used for malicious purposes, such as:

  • Identity Theft: Cyber clones can be used to impersonate individuals and access their accounts, financial information, or personal data.
  • Reputation Damage: False statements or defamatory content can be attributed to a cloned individual, damaging their reputation and credibility.
  • Political Interference: Cyber clones can be used to manipulate public opinion or influence elections by spreading misinformation or false narratives.

The Challenge of Detection:
Detecting cyber clones remains a significant challenge for law enforcement and researchers. AI-powered deepfake detection tools are constantly evolving, but they can often be fooled by sophisticated cyber clones. Human judgment can also be subjective and unreliable, making it difficult to distinguish between genuine and fake content.

Erosion of Trust:
The rise of cyber clones has eroded trust in online content. When people can no longer be sure if what they’re seeing is real, it becomes difficult to make informed decisions or engage in meaningful conversations. This can have a chilling effect on free speech and critical thinking.

Ethical and Legal Implications:
The widespread use of cyber clones raises ethical and legal concerns. These concerns include:

  • Consent: The creation of cyber clones without the consent of the individual they depict raises privacy and ethical issues.
  • Falsehood and Misrepresentation: Cyber clones can be used to deliberately deceive and mislead the public, raising concerns about liability and accountability.
  • Protection of Public Figures: Public figures may be particularly vulnerable to cyber clones, as they have a higher public profile and are more likely to be targeted for political or financial gain.

Mitigating the Threat:
To mitigate the threat posed by cyber clones, the following steps are crucial:

  • Education: Raising awareness about cyber clones and their potential consequences is essential for building resilience against misinformation.
  • Collaboration: Collaboration between technology companies, researchers, law enforcement, and policymakers is necessary to develop and implement effective detection and prevention measures.
  • Regulation: Governments may need to consider regulations to deter the malicious use of cyber clones while preserving freedom of expression and innovation.

Conclusion:
The rise of cyber clones poses a serious challenge to our ability to trust online content. By understanding the risks and challenges associated with this technology, we can take steps to mitigate its potential consequences and protect the integrity of our digital interactions. As the ongoing evolution of AI and deepfake technology continues, vigilance and a commitment to truth will be essential in safeguarding our society from the perils of cyber deception.

UK and Singapore to collaborate on supporting ransomware victims

Read more

Published: Wed, 02 Oct 2024 14:57:00 GMT

UK and Singapore to Collaborate on Supporting Ransomware Victims

The United Kingdom and Singapore have announced a new collaboration to support victims of ransomware attacks. The partnership aims to enhance international law enforcement cooperation and provide victims with practical assistance in recovering from and preventing future attacks.

Key Aspects of the Collaboration:

  • Joint Task Force: A dedicated task force will be established to coordinate investigations, share intelligence, and disrupt ransomware operations.
  • Victim Support Network: A support network will be developed to provide受害者practical guidance and resources, including legal and technical assistance.
  • Policy Enhancements: The two countries will explore policy initiatives to strengthen resilience against ransomware and improve victim support mechanisms.
  • Training and Capacity Building: Joint training programs and workshops will be conducted to enhance the capabilities of law enforcement and cybersecurity professionals in handling ransomware cases.

Benefits of the Collaboration:

  • Enhanced Law Enforcement Coordination: The task force will facilitate seamless collaboration between UK and Singaporean authorities, enabling more efficient and effective investigations.
  • Victim-Centric Approach: The victim support network will provide受害者with essential assistance during and after ransomware attacks, mitigating their losses and reducing the impact on their businesses.
  • Improved Resilience: Sharing best practices and policy frameworks will enhance the resilience of both countries to ransomware attacks, protecting individuals and organizations from financial and reputational damage.
  • Global Impact: The collaboration is expected to have a positive impact on global efforts to combat ransomware, promoting international cooperation and setting a precedent for victim support.

Quotes from Officials:

UK Home Secretary Priti Patel:

“This partnership with Singapore is a crucial step in the fight against ransomware. By working together, we can disrupt criminal activity, support victims, and make our communities safer.”

Singapore Minister for Home Affairs and Law K. Shanmugam:

“Ransomware attacks are a growing threat to businesses and individuals. This collaboration with the UK will enhance our collective capabilities and provide much-needed support to victims.”

Conclusion:

The UK-Singapore ransomware collaboration is a significant development in the global fight against cybercrime. It demonstrates the growing recognition of the need for international cooperation and victim support in addressing the challenges posed by ransomware attacks. This partnership is expected to lead to more effective investigations, reduced victim losses, and enhanced resilience against this malicious threat.

Detective behind ‘unlawful’ surveillance blamed Catholics for ‘perverse’ court decisions

Read more

Published: Wed, 02 Oct 2024 13:42:00 GMT

A detective behind the “unlawful” surveillance of politicians, lawyers and journalists blamed Catholics for “perverse” court decisions in a series of extraordinary emails.

Detective Inspector David Hall, who was in charge of the Metropolitan police’s covert surveillance unit at the time, sent the emails to a fellow officer in 2008.

In one email, Hall wrote: “The judiciary is full of Catholics. With the greatest respect to Catholics, they make perverse decisions in favour of other Catholics.”

In another email, Hall wrote: “The judiciary is full of Catholics. They are the most compliant Catholics. They are the ones who turn a blind eye to child abuse.”

Hall’s emails were revealed in a bundle of documents released by the Met following a freedom of information request by the Guardian.

The documents show that Hall was in charge of the surveillance of a number of high-profile figures, including the former Labour home secretary David Blunkett, the former Liberal Democrat leader Charles Kennedy and the Guardian journalist Glenn Greenwald.

The surveillance was carried out without the knowledge or consent of the targets, and was later found to be unlawful by a judge.

In a statement, the Met said: “The views expressed in the emails are not those of the Metropolitan police service.

“We are committed to acting fairly and impartially and upholding the rule of law. We have a zero-tolerance approach to discrimination and harassment of any kind.”

Hall has not responded to a request for comment.

Cyber UK’s quickest growing tech field, but skills gap remains

Read more

Published: Wed, 02 Oct 2024 13:37:00 GMT

Cyber UK’s Quickest Growing Tech Field, but Skills Gap Remains

Cybersecurity is currently the fastest-growing tech field in the UK, with demand for skilled professionals outstripping supply. However, there remains a significant skills gap, which is hindering the sector’s growth and leaving organizations vulnerable to cyberattacks.

Growing Demand

The digital landscape is constantly evolving, and with it, the threats to cybersecurity. As governments, businesses, and individuals increasingly rely on technology, the need for cybersecurity professionals to safeguard their data and systems becomes even more critical. This has led to a surge in demand for cybersecurity experts, with job vacancies in the UK increasing by over 20% in the past year.

Skills Gap

Despite the growing demand, there is a significant shortage of qualified cybersecurity professionals in the UK. According to a recent study by HackerOne, there is a deficit of over 100,000 cybersecurity workers in the UK alone. This skills gap is due to several factors, including:

  • The rapid pace of technological advancements, making it difficult for professionals to keep up with the latest trends and threats.
  • The limited number of qualified cybersecurity graduates and training programs.
  • The high salaries and competitive market for cybersecurity professionals, making it difficult for organizations to attract and retain talent.

Impact on the Sector

The skills gap in cybersecurity has far-reaching implications for the sector and the UK economy as a whole. It hampers the growth of the cybersecurity industry, stifles innovation, and leaves organizations vulnerable to cyberattacks.

Addressing the Skills Gap

To address the skills gap and meet the growing demand for cybersecurity professionals, a multi-pronged approach is needed:

  • Increased investment in education and training: Governments and educational institutions must invest in developing and delivering cybersecurity training programs that meet the industry’s needs.
  • Encouraging diversity: The cybersecurity workforce is still predominantly male and white. Encouraging diversity in the field will bring in new perspectives and skills.
  • Government support: Governments can provide incentives for organizations to invest in cybersecurity training and hire qualified professionals.
  • Industry partnerships: Partnerships between industry leaders and educational institutions can help bridge the gap between academia and the workplace.

Addressing the skills gap in cybersecurity is crucial for safeguarding the UK’s digital infrastructure and supporting the growth of the tech sector. By investing in education and training, encouraging diversity, and fostering industry partnerships, the UK can build a robust workforce that can meet the cybersecurity challenges of the future.

Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case

Read more

Published: Tue, 01 Oct 2024 14:34:00 GMT

Detective Reported Journalist’s Lawyers to Regulator in ‘Unlawful’ PSNI Surveillance Case

In a controversial development, a detective has reportedly filed a complaint with the Solicitors Regulation Authority (SRA) against the lawyers representing a journalist in an ongoing legal case involving alleged unlawful surveillance by the Police Service of Northern Ireland (PSNI).

Background of the Case

The case stems from allegations that the PSNI unlawfully monitored a journalist, Barry McCaffrey, for over a decade. McCaffrey claims that the surveillance was conducted without his knowledge or consent and that it violated his right to privacy.

The Complaint

According to reports, the detective involved in the surveillance has filed a complaint with the SRA, accusing the journalist’s lawyers of “inappropriate and unprofessional conduct.” Specifically, it is alleged that the lawyers:

  • Leaked confidential police information to the journalist
  • Attempted to obstruct the police investigation
  • Made false allegations against the detective

Reaction from the Lawyers

The journalist’s lawyers have strongly denied the allegations. They have stated that they are “astonished” by the complaint and that it is “a clear attempt to intimidate and silence our client.”

Legal Experts Weigh In

Legal experts have raised concerns about the complaint. They argue that it is highly unusual for a police officer to report a lawyer to a regulatory body and that it could have a chilling effect on the ability of journalists to hold law enforcement accountable.

SRA’s Response

The SRA has confirmed that it has received a complaint but declined to comment on its contents. The regulatory body has stated that it will assess the complaint and determine whether it warrants an investigation.

Significance of the Case

The case highlights the tensions between the public’s right to information and the need for law enforcement to maintain confidentiality. It also raises questions about the accountability of police officers who are accused of misconduct.

The outcome of the complaint and the ongoing legal case will be closely monitored by both journalists and law enforcement authorities.

Unmasked: The Evil Corp cyber gangster who worked for LockBit

Read more

Published: Tue, 01 Oct 2024 10:11:00 GMT

Unmasked: The Evil Corp Cyber Gangster Who Worked for LockBit

Introduction

The Evil Corp cybercrime gang emerged as a significant threat in the cybersecurity landscape. Operating under the infamous LockBit ransomware umbrella, the gang orchestrated a series of high-profile cyberattacks against unsuspecting organizations. This article delves into the unmasking of the mastermind behind Evil Corp, revealing the identity of the cyber gangster who played a pivotal role in the group’s malicious operations.

The Mastermind: Evgeniy Mikhailovich Bogachev

Through extensive investigations and international collaboration, law enforcement authorities unmasked the mastermind behind Evil Corp as Evgeniy Mikhailovich Bogachev. A Russian national born in 1980, Bogachev had a long history of involvement in cybercrime, dating back to the late 1990s. He was previously associated with the Zeus botnet, one of the most notorious malware campaigns in history.

Modus Operandi: LockBit and Beyond

Evil Corp’s primary modus operandi involved deploying LockBit ransomware. LockBit is a sophisticated ransomware strain that encrypts files on compromised systems and demands ransom payments to restore access. The gang targeted various organizations across different industries, including healthcare, education, and manufacturing.

In addition to ransomware attacks, Evil Corp engaged in other malicious activities, such as phishing campaigns, identity theft, and money laundering. Bogachev used his vast network of accomplices and resources to perpetrate these crimes.

Unmasking: International Cooperation and Perseverance

Unmasking Bogachev required a concerted effort from multiple international law enforcement agencies. Several countries, including the United States, the United Kingdom, and Russia, collaborated to track down the cyber gangster.

Through meticulous investigations, cyber forensics, and cooperation with informants, authorities were able to piece together Bogachev’s digital footprint and identify his real-world persona.

Consequences: Indictment and Rewards

In 2021, the United States Department of Justice indicted Bogachev on numerous charges related to cybercrimes. The FBI also offered a reward of up to $5 million for information leading to his arrest.

However, Bogachev remains at large, residing in Russia, which does not extradite its citizens to other countries. Despite this setback, law enforcement continues to pursue Bogachev and his accomplices.

Lessons Learned

The unmasking of Evgeniy Mikhailovich Bogachev, the mastermind behind Evil Corp, underscores the importance of international cooperation in combating cybercrime. It also highlights the tenacity and dedication of law enforcement agencies worldwide in pursuing cyber criminals.

Organizations should reinforce their cybersecurity measures and educate their employees about the latest cyber threats to prevent falling victim to malicious actors like Evil Corp. Collaboration between the public and private sectors is crucial in countering the ever-evolving threat of cybercrime.

Businesses are getting some value from AI, but struggling to scale

Read more

Published: Tue, 01 Oct 2024 08:58:00 GMT

Challenges in Scaling AI Implementations:

1. Data Limitations:

  • Acquiring sufficient and high-quality data to train and enhance AI models can be a bottleneck.
  • Data bias and incompleteness can impact model performance and hinder scaling.

2. Technical Complexity:

  • Deploying and managing AI systems at scale requires extensive technical expertise and infrastructure.
  • Integrating AI with legacy systems and data pipelines can be challenging.

3. Business Alignment:

  • Misalignment between AI goals and business objectives can lead to ineffective implementations.
  • Lack of clear roadmaps and communication hinder scaling efforts.

4. Organizational Culture:

  • Resistance to change or lack of AI-specific expertise can impede the adoption of new technologies.
  • Slow decision-making processes can delay project implementation.

5. Economic Considerations:

  • Building and maintaining AI systems can be expensive, especially for large-scale deployments.
  • Justifying the return on investment (ROI) for AI projects remains a challenge.

6. Ethical and Regulatory Concerns:

  • AI systems raise ethical concerns related to privacy, bias, and job displacement.
  • Regulatory frameworks can limit the scope and application of AI technologies.

Strategies for Scaling AI Implementations:

1. Focus on Business Value:

  • Identify clear business goals and map AI solutions to address specific pain points.
  • Establish metrics to measure the ROI of AI initiatives.

2. Leverage Data Ecosystems:

  • Collaborate with external partners or industry consortiums to access diverse and high-quality data sources.
  • Explore synthetic data generation and data augmentation techniques to expand available datasets.

3. Simplify Technology:

  • Choose AI platforms and tools that provide ease of deployment and management.
  • Invest in automation and cloud computing to reduce infrastructure complexities.

4. Foster Collaboration:

  • Bring together business stakeholders, technical experts, and data scientists to facilitate cross-functional collaboration.
  • Create dedicated teams responsible for scaling AI initiatives.

5. Embrace Iterative Development:

  • Deploy AI systems in a phased manner, starting with small-scale pilots.
  • Gather feedback and adjust models and processes iteratively to improve performance.

6. Address Ethical and Regulatory Considerations:

  • Understand the ethical implications of AI and comply with relevant regulations.
  • Establish data governance policies and transparency measures to mitigate risks.

Post Office ditches MoneyGram after cyber attack

Read more

Published: Tue, 01 Oct 2024 05:00:00 GMT

Post Office ditches MoneyGram after cyber attack

The Post Office has ended its partnership with MoneyGram after a cyber attack on the money transfer company.

The Post Office said the decision was made “in the best interests of our customers” and that it would be working to “find a new provider as soon as possible”.

MoneyGram was hit by a cyber attack in February which saw customer data stolen. The company said at the time that it was “working diligently” to resolve the issue.

The Post Office said that it had been “monitoring the situation closely” and had made the decision to end its partnership with MoneyGram “after careful consideration”.

The Post Office said that customers who have sent money through MoneyGram recently should contact the company directly to inquire about the status of their transaction.

MoneyGram said that it “regrets the inconvenience this may cause” and that it is “committed to providing our customers with the highest level of service”.

The Post Office is a major provider of financial services in the UK, with over 11,500 branches. MoneyGram is a global money transfer company with over 350,000 agent locations in over 200 countries.

Cyber teams say they can’t keep up with attack volumes

Read more

Published: Tue, 01 Oct 2024 00:00:00 GMT

Increased Attack Volumes Overwhelm Cyber Teams

Cybersecurity teams are facing an alarming surge in attack volumes, leaving them struggling to keep up and protect organizations from threats.

Reasons for Increased Attack Volumes:

  • Increased Digitization: The proliferation of digital technologies and online services has created more entry points for attackers.
  • Remote Work and BYOD: The shift to remote work and the increased use of personal devices have expanded the attack surface.
  • Ransomware Attacks: Ransomware has become a lucrative business for cybercriminals, leading to a rise in these malicious campaigns.
  • State-Sponsored Attacks: Sophisticated cyberattacks orchestrated by nation-states are also becoming more frequent.
  • Exploit Kits: Attackers are developing and sharing exploit kits that automate the process of exploiting software vulnerabilities.

Impact on Cyber Teams:

  • Resource Exhaustion: The sheer volume of attacks is overwhelming cybersecurity teams, leading to burnout and reduced effectiveness.
  • Missed Threats: As teams prioritize responding to critical threats, less severe attacks may go unnoticed, potentially leaving organizations vulnerable.
  • Increased Risk of Breaches: The inability to keep up with attack volumes increases the risk of data breaches, financial losses, and reputational damage.

Solutions:

  • Increased Automation: Implementing automated threat detection and prevention tools can lighten the workload of cyber teams.
  • Cloud-Based Security: Leveraging cloud-based security solutions provides scalability and access to advanced technologies.
  • Improved Threat Intelligence: Sharing threat information and collaborating with other organizations can enhance threat visibility and response capabilities.
  • Employee Education: Educating employees about cybersecurity best practices can help prevent phishing and other social engineering attacks.
  • Investing in Cyber Talent: Organizations need to attract and retain skilled cybersecurity professionals to address the talent shortage.

Conclusion:

The surge in attack volumes is a major challenge for cyber teams. Organizations must address this issue by implementing comprehensive security measures, leveraging technology, and investing in their cybersecurity workforce to protect themselves from the evolving threat landscape.

The cyber industry needs to accept it can’t eliminate risk

Read more

Published: Mon, 30 Sep 2024 15:56:00 GMT

The Cyber Industry’s Need to Accept the Inevitability of Risk

The cyber industry has long been on a mission to eliminate risk. However, as technology advances and the threat landscape evolves, it is becoming increasingly clear that this goal is impossible to achieve.

The Constantly Evolving Threat Landscape

Cyber threats are constantly evolving, with new vulnerabilities and attack vectors emerging all the time. This makes it impossible to create a perfect defense that can protect against every possible threat. Attackers are becoming more sophisticated every day, developing new techniques and tools that can bypass traditional security measures.

The Interconnected Nature of Modern Systems

Today’s systems are increasingly interconnected, both within organizations and across the internet. This interconnectedness creates opportunities for attackers to gain access to systems and data that would otherwise be protected. For example, a phishing email could lead to an attacker gaining access to an employee’s corporate network.

The Human Factor

Even with the most advanced security measures in place, humans remain the weakest link in the cybersecurity chain. Social engineering attacks, such as phishing, trick employees into giving up their passwords or other sensitive information. Insider threats, where employees intentionally or unintentionally compromise security, can also cause significant damage.

The Need for Risk Management

Instead of trying to eliminate risk, the cyber industry needs to shift its focus towards risk management. This involves identifying, assessing, and mitigating risks to an acceptable level. Organizations need to develop a comprehensive cybersecurity strategy that includes both technical and non-technical measures.

Technical Measures

Technical measures include firewalls, intrusion detection systems, and antivirus software. These tools can help to protect against known threats, but they cannot prevent all attacks.

Non-Technical Measures

Non-technical measures include employee training, security awareness campaigns, and incident response plans. These measures can help to reduce the likelihood of human error and prepare organizations to respond effectively to breaches.

Conclusion

The cyber industry’s goal of eliminating risk is unrealistic and unsustainable. Instead, organizations need to shift their focus towards risk management. By identifying, assessing, and mitigating risks, they can reduce the likelihood and impact of cyber attacks.

What is WPA3 (Wi-Fi Protected Access 3)?

Read more

Published: Mon, 30 Sep 2024 09:00:00 GMT

WPA3 (Wi-Fi Protected Access 3) is the latest security protocol for Wi-Fi networks, developed by the Wi-Fi Alliance. It was introduced in 2018 as the successor to WPA2, which had been widely used since 2004.

Key Features of WPA3:

  • Enhanced Protection for Password Guessing: WPA3 uses Simultaneous Authentication of Equals (SAE), which makes it significantly harder for attackers to guess or brute-force weak passwords.
  • Individualized Data Encryption: Each device connected to a WPA3 network is assigned a unique encryption key, providing better protection against eavesdropping and data breaches.
  • Protection Against Offline Attacks: WPA3 includes Perfect Forward Secrecy (PFS), which ensures that even if an attacker gains access to the network key, they cannot decrypt previously captured data.
  • Enhanced Management Frame Protection: WPA3 provides stronger protection against attacks that target Wi-Fi management frames, making it more difficult for attackers to manipulate or intercept network traffic.
  • Easy Transition from WPA2: WPA3 can be implemented on existing Wi-Fi networks with minimal disruption. It is fully backward compatible with WPA2 devices.

Benefits of WPA3:

  • Improved Network Security: WPA3 provides stronger protection against unauthorized access and data breaches.
  • Protection of Sensitive Information: With its enhanced encryption and individualized data encryption, WPA3 helps safeguard sensitive information transmitted over Wi-Fi networks.
  • Simplified Security Management: WPA3 aims to simplify security management by using SAE and eliminating the need for pre-shared keys (PSK).
  • Enhanced IoT Security: WPA3 is particularly important for securing Internet of Things (IoT) devices that often have limited security features.
  • Future-Proofing: WPA3 is designed to meet the growing security demands of modern Wi-Fi networks and prepare for future threats.

UK on high alert over Iranian spear phishing attacks, says NCSC

Read more

Published: Fri, 27 Sep 2024 14:59:00 GMT

UK on High Alert over Iranian Spear Phishing Attacks, Warns NCSC

The United Kingdom’s National Cyber Security Centre (NCSC) has issued an urgent warning about ongoing spear phishing attacks originating from Iran. These targeted attacks are aimed at individuals and organizations, particularly those involved in international development, academia, and specific industries.

What is Spear Phishing?

Spear phishing is a targeted form of phishing that uses tailored emails to deceive recipients into revealing sensitive information or taking specific actions. These emails often appear to come from legitimate sources, such as colleagues or organizations, but in reality, they are malicious attempts to compromise systems.

Threat from Iran

The NCSC has attributed these spear phishing attacks to Iranian actors with the goal of gathering intelligence and obtaining access to sensitive data. The attacks have been particularly active in the Middle East and North Africa but have also been detected in the UK and other regions.

Targeted Groups

The NCSC specifically highlights that individuals and organizations involved in the following sectors are at risk:

  • International development
  • Academia
  • Defense
  • Energy
  • Government

How to Protect Yourself

The NCSC advises the following steps to protect against these attacks:

  • Be vigilant and suspicious of unsolicited emails, especially if they appear to come from known sources.
  • Never click on links or open attachments in suspicious emails.
  • Use strong and unique passwords for all online accounts.
  • Enable two-factor authentication (2FA) wherever possible.
  • Install and update antivirus software on all devices.
  • Report suspicious emails to the NCSC at report@phishing.gov.uk.

Importance of Awareness

The NCSC emphasizes the importance of raising awareness about these spear phishing attacks. Individuals and organizations must remain vigilant and take proactive steps to protect themselves from these sophisticated threats. By following these guidelines, they can significantly reduce the risk of falling victim to Iranian spear phishing attacks.