IT Security RSS Feed for 2024-10-28

Posted on Edited on In Word count in article: 36k Reading time ≈ 33 mins.

IT Security RSS Feed for 2024-10-28

Dutch critical infrastructure at risk despite high leadership confidence

Read more

Published: Fri, 25 Oct 2024 07:11:00 GMT

Despite high leadership confidence, Dutch critical infrastructure remains at risk. This is according to the National Cybersecurity Center (NCSC), which recently released a report highlighting the vulnerabilities facing the country’s essential services.

The report found that critical infrastructure in the Netherlands is increasingly reliant on digital technologies, which has made it more vulnerable to cyberattacks. Additionally, the NCSC found that there is a lack of awareness and understanding of cybersecurity risks among critical infrastructure operators.

The NCSC has made a number of recommendations to address these vulnerabilities, including increasing investment in cybersecurity, improving risk management practices, and raising awareness of cybersecurity risks.

The findings of the NCSC report are a reminder that critical infrastructure is a vital part of our society and that it is essential to protect it from cyberattacks.

Here are some specific examples of the vulnerabilities facing Dutch critical infrastructure:

  • The energy sector: The Dutch energy sector is heavily reliant on digital technologies, which makes it vulnerable to cyberattacks. In 2015, a cyberattack on the Ukrainian power grid caused widespread blackouts. A similar attack on the Dutch power grid could have devastating consequences.
  • The water sector: The Dutch water sector is also heavily reliant on digital technologies. In 2016, a cyberattack on a water treatment plant in the United States caused the plant to release millions of gallons of untreated water into the environment. A similar attack on a Dutch water treatment plant could pose a serious threat to public health.
  • The transportation sector: The Dutch transportation sector is also heavily reliant on digital technologies. In 2017, a cyberattack on the UK’s railway system caused widespread delays and cancellations. A similar attack on the Dutch transportation system could have a major impact on the economy and on people’s ability to travel.

The NCSC’s report is a wake-up call for the Netherlands. It is essential that the country takes steps to address the vulnerabilities facing its critical infrastructure.

Government hails Cyber Essentials success

Read more

Published: Wed, 23 Oct 2024 11:00:00 GMT

Government Hails Cyber Essentials Success

London, UK – 10th March 2023

The UK government has praised the success of the Cyber Essentials scheme, a certification that helps businesses protect themselves from cyberattacks. Launched in 2014, Cyber Essentials has certified over 50,000 businesses, making it one of the most widely recognized cybersecurity frameworks in the UK.

Commenting on the success, Digital Infrastructure Minister Julia Lopez said: “Cyber Essentials has played a vital role in helping businesses to protect themselves from the growing threat of cyberattacks. We are delighted to see that so many businesses have embraced the scheme and taken steps to improve their cybersecurity posture.”

The scheme is based on five key controls:

  • Firewalls and internet gateways
  • Secure configuration
  • Access control
  • Patch management
  • Malware protection

Businesses that achieve Cyber Essentials certification are given a badge that they can display on their website and marketing materials. This demonstrates to customers and partners that the business takes cybersecurity seriously.

Cyber Essentials is not just for large businesses. In fact, the majority of businesses that have achieved certification are small and medium-sized enterprises (SMEs). This shows that even the smallest of businesses can take steps to protect themselves from cyberattacks.

The government is encouraging all businesses to consider achieving Cyber Essentials certification. It is a cost-effective way to improve cybersecurity and protect against the growing threat of cyberattacks.

For more information on Cyber Essentials, visit the NCSC website: www.ncsc.gov.uk/cyberessentials

Notes to editors:

  • The Cyber Essentials scheme is managed by the National Cyber Security Centre (NCSC), a part of GCHQ.
  • The NCSC is the UK’s national authority on cybersecurity.
  • Cyber Essentials is a self-assessment scheme, but businesses can also choose to have an external assessment carried out by an accredited certification body.
  • The cost of Cyber Essentials certification varies depending on the size of the business and whether an external assessment is carried out.

Detect ransomware in storage to act before it spreads

Read more

Published: Wed, 23 Oct 2024 09:52:00 GMT

How to Detect Ransomware in Storage to Act Before It Spreads

Ransomware is a type of malware that encrypts files on a computer or network and demands a ransom payment to decrypt them. Ransomware attacks can be devastating for businesses, as they can cause data loss, downtime, and financial losses.

There are a number of things that you can do to detect ransomware in storage and act before it spreads.

1. Monitor for unusual activity.

Ransomware often uses high levels of encryption, which can cause unusual activity on your storage devices. You can monitor for this activity by using a tool such as a file integrity monitoring (FIM) tool. FIM tools can track changes to files and directories, and they can alert you to any unauthorized changes.

2. Use anti-malware software.

Anti-malware software can detect and remove ransomware from your storage devices. It is important to keep your anti-malware software up to date, as new ransomware variants are released all the time.

3. Back up your data regularly.

If your storage devices are infected with ransomware, you may be able to recover your data from a backup. It is important to back up your data regularly, and to store your backups in a secure location.

4. Educate your employees.

Employees can be a major source of ransomware infections. They may click on malicious links in emails or open infected attachments. It is important to educate your employees about the dangers of ransomware and how to avoid it.

5. Incident response plan.

In the event that your storage devices are infected with ransomware, it is important to have an incident response plan in place. This plan should outline the steps that you will take to contain the infection, recover your data, and restore your systems.

By following these tips, you can help to protect your storage devices from ransomware attacks.

Additional Tips

  • Use strong passwords. Strong passwords make it more difficult for attackers to gain access to your storage devices.
  • Enable two-factor authentication. Two-factor authentication adds an extra layer of security to your storage devices.
  • Keep your software up to date. Software updates often include security patches that can help to protect your storage devices from ransomware attacks.
  • Be careful when opening emails and attachments. Do not open emails from unknown senders, and do not open attachments that you are not expecting.

How AI helps junior programmers and senior managers

Read more

Published: Wed, 23 Oct 2024 08:22:00 GMT

How AI Helps Junior Programmers

  • Automated Code Reviews: AI-powered tools can automatically scan code for errors, bugs, and potential security vulnerabilities, saving junior programmers time and effort.
  • Code Recommendations: AI algorithms can analyze code patterns and suggest optimal solutions, helping junior programmers improve their code quality and efficiency.
  • Knowledge Assistance: AI chatbots and search engines can provide instant access to documentation, tutorials, and other learning resources, assisting junior programmers with problem-solving and knowledge gaps.
  • Personalized Learning: AI-based learning platforms can adapt to the individual learning styles and skill levels of junior programmers, providing targeted guidance and exercises.
  • Pair Programming with AI: AI assistants can assist junior programmers with debugging, suggesting solutions, and providing real-time support during coding sessions.

How AI Helps Senior Managers

  • Talent Assessment: AI algorithms can analyze candidate portfolios, interview data, and performance metrics to identify high-potential junior programmers for hiring and promotion.
  • Project Management Optimization: AI tools can track project progress, identify bottlenecks, and suggest resource allocation strategies to improve efficiency and productivity.
  • Team Performance Monitoring: AI analytics can monitor team communication, collaboration, and code changes to assess individual and team performance, providing insights for improvement.
  • Skill Gap Identification: AI algorithms can analyze codebases, project plans, and team discussions to identify areas where senior managers need to invest in additional training or resources.
  • Risk Management: AI-powered security tools can detect and mitigate potential software vulnerabilities and security breaches, reducing risks for the organization.

Additional Benefits for Both Junior Programmers and Senior Managers:

  • Improved Collaboration: AI facilitates communication and knowledge sharing between junior programmers and senior managers, fostering a collaborative work environment.
  • Reduced Redundancy: AI automation reduces repetitive tasks, freeing up time for more strategic and creative endeavors.
  • Greater Innovation: AI enables junior programmers to explore new technologies and solutions, while senior managers can leverage AI insights to make informed decisions.
  • Increased Productivity: AI tools enhance efficiency and accuracy, leading to improved project outcomes and reduced turnaround time.

Democracy campaigner to sue Saudi Arabia over Pegasus and QuaDream spyware in UK court

Read more

Published: Wed, 23 Oct 2024 05:00:00 GMT

London, United Kingdom - Democracy campaigner and former UKIP leader Henry Bolton is set to sue the Kingdom of Saudi Arabia over the alleged use of Pegasus and QuaDream spyware to target his phone.

Bolton claims that his phone was hacked by Saudi agents using the sophisticated spyware, which allowed them to access his private communications, including messages, emails, and location data. He alleges that the targeting was politically motivated and aimed at silencing his criticism of the Saudi regime.

The lawsuit, filed in the High Court of Justice in London, alleges that Saudi Arabia violated Bolton’s right to privacy and freedom of expression under the European Convention on Human Rights. Bolton is seeking damages and an injunction to prevent Saudi Arabia from further surveillance activities.

“This is an outrageous attack on my fundamental rights,” said Bolton. “I will not be silenced by the Saudi regime. They cannot be allowed to get away with this egregious violation of my privacy.”

Pegasus and QuaDream are powerful spyware programs developed by the Israeli company NSO Group. They have been linked to numerous human rights abuses worldwide, including the surveillance and targeting of journalists, activists, and political opponents.

The Saudi Arabian government has denied any involvement in hacking Bolton’s phone. However, there have been growing concerns about the kingdom’s use of spyware to suppress dissent both domestically and abroad.

Bolton’s lawsuit is the latest in a series of legal challenges against governments and tech companies over the use of Pegasus and other spyware. It comes amid increasing pressure on states to regulate the use of such intrusive surveillance technologies.

The outcome of Bolton’s lawsuit could have significant implications for the accountability of governments that employ spyware and for the protection of privacy rights in the digital age.

Danish government reboots cyber security council amid AI expansion

Read more

Published: Tue, 22 Oct 2024 08:00:00 GMT

Copenhagen, Denmark - The Danish government has announced the reboot of its national cyber security council, following the growing adoption of artificial intelligence (AI) technology. The council, established in 2016, will be tasked with developing and implementing a comprehensive cyber security strategy that addresses the evolving threats posed by AI.

The reboot of the council comes as AI becomes increasingly prevalent across various sectors, including critical infrastructure, finance, and healthcare. While AI offers numerous benefits, such as automating tasks and improving decision-making, it also introduces new vulnerabilities that can be exploited by malicious actors.

The government recognizes the need to adapt its cyber security measures to the changing technological landscape, and the council will play a crucial role in this effort. The council will be responsible for:

  • Identifying and assessing cyber security threats posed by AI
  • Developing and implementing strategies to mitigate these threats
  • Promoting collaboration and information sharing among public and private stakeholders
  • Raising awareness about AI-related cyber security risks and best practices

The council will be led by the Danish Center for Cyber Security (DCSS), the national authority responsible for coordinating cyber security efforts. Other members will include representatives from government agencies, industry, academia, and civil society.

“The reboot of the cyber security council is a testament to our commitment to protecting our critical infrastructure and ensuring the security of our digital society,” said Minister for Digitalization and Transport Trine Bramsen. “AI is a powerful technology that can revolutionize many aspects of our lives, but it also brings new challenges that we must be prepared to address.”

The council’s work will be supported by a dedicated budget of 10 million Danish kroner (approximately $1.5 million) over the next three years. The government expects the council to make significant progress in developing a comprehensive cyber security strategy that will safeguard Denmark from AI-related threats.

Labour’s 10-year health service plan will open up data sharing

Read more

Published: Tue, 22 Oct 2024 05:18:00 GMT

Labour’s 10-Year Health Service Plan: Opening Up Data Sharing

Labour’s recently unveiled 10-year health service plan includes measures to enhance data sharing, aimed at improving patient care and optimizing NHS services.

Key Elements of the Plan:

  • Establish a centralized Health Data Platform: This platform will act as a repository for patient data securely collected from various sources.
  • Implement data standards: Create consistent data formats and standards to ensure interoperability between different systems.
  • Develop a robust data governance framework: Establish clear guidelines and protocols for data access, use, and security.
  • Expand data linkage: Improve the linking of patient data across different data sets to obtain a more comprehensive view of their health records.

Benefits of Data Sharing:

  • Improved Patient Outcomes: Access to complete and up-to-date patient data enables healthcare professionals to make more informed decisions, leading to better treatment plans and reduced errors.
  • Enhanced Service Provision: Data sharing helps identify areas of need, allocate resources efficiently, and design services tailored to specific patient groups.
  • Research and Innovation: Researchers can access large-scale, anonymized patient data to conduct groundbreaking research and develop new treatments and technologies.
  • Prevention and Early Intervention: Data analysis can uncover trends and risk factors, allowing for proactive measures to prevent illnesses and detect conditions early on.
  • Patient Empowerment: Patients can access their own health data, enabling them to take ownership of their health and make informed choices about their care.

Challenges and Concerns:

While data sharing offers significant benefits, it also raises concerns about data privacy and security. Labour’s plan emphasizes the importance of:

  • Protecting Patient Data: Implementing robust data protection measures and anonymizing data before sharing it.
  • Ensuring Patient Consent: Obtaining explicit consent from patients before using their data for research or other purposes.
  • Providing Transparency and Accountability: Informing patients about how their data is being used and ensuring accountability for data breaches.

Conclusion:

Labour’s 10-year health service plan recognizes the potential of data sharing to transform the NHS. By establishing a centralized platform, implementing data standards, and safeguarding patient privacy, the plan aims to unlock the power of data to improve patient care, enhance service provision, and drive innovation in the healthcare sector.

What is tailgating (piggybacking)?

Read more

Published: Thu, 17 Oct 2024 18:01:00 GMT

How to build an incident response plan, with examples, template

Read more

Published: Wed, 16 Oct 2024 11:00:00 GMT

Building an Incident Response Plan

1. Identify and Classify Incidents

  • Define what constitutes an incident (e.g., data breach, system outage).
  • Categorize incidents by severity and impact (e.g., major, minor, operational).

2. Establish a Response Team

  • Designate a team of individuals responsible for incident response.
  • Clearly define roles and responsibilities within the team.
  • Ensure the team has the necessary skills and training.

3. Develop Communication Protocols

  • Establish clear communication channels for incident notification and updates.
  • Define escalation procedures for notifying key stakeholders.
  • Coordinate with external parties (e.g., law enforcement, vendors) as needed.

4. Determine Response Actions

  • Develop procedures for containing, mitigating, and resolving incidents.
  • Identify appropriate technical and business responses (e.g., isolating affected systems, notifying customers).
  • Consider external dependencies and resources required for incident response.

5. Define Recovery and Restoration

  • Outline steps to restore affected systems and services.
  • Establish processes for data recovery, system rebuilds, and security patching.
  • Ensure coordination with business continuity and disaster recovery plans.

6. Implement Monitoring and Detection

  • Establish mechanisms to monitor systems and detect potential incidents (e.g., intrusion detection systems, security information and event management).
  • Configure alerts and notifications to promptly identify and escalate incidents.

7. Conduct Training and Drills

  • Train the response team on the incident response plan.
  • Conduct regular drills to test and refine the plan’s effectiveness.
  • Identify areas for improvement and revise the plan accordingly.

Example Template

Title: Incident Response Plan

Section 1: Incident Definition and Classification

  • Incident Definition: Any event that disrupts or threatens the integrity, confidentiality, or availability of information, systems, or operations.
  • Classification:
    • Major: Incidents that have a significant impact on business operations or critical systems.
    • Minor: Incidents that cause temporary disruptions or affect non-critical systems.
    • Operational: Incidents that require immediate action to restore normal operations.

Section 2: Response Team

  • Team Members:
    • Incident Commander
    • Technical Lead
    • Communications Officer
    • Business Operations Representative
  • Roles and Responsibilities:
    • Incident Commander: Oversees the incident response and makes strategic decisions.
    • Technical Lead: Identifies and mitigates technical issues.
    • Communications Officer: Coordinates communication with stakeholders and external parties.
    • Business Operations Representative: Assesses the business impact and ensures continuity of operations.

Section 3: Communication Protocols

  • Notification Procedure:
    • Incidents should be reported to the Incident Commander immediately via email or phone call.
  • Escalation Procedures:
    • Major incidents should be escalated to C-level executives and external authorities within 24 hours.
  • Communication Channels:
    • Internal: Email, instant messaging, conference calls
    • External: Vendor support, law enforcement, regulatory agencies

Section 4: Response Actions

  • Containment: Isolate affected systems to prevent further spread of the incident.
  • Mitigation: Implement technical and business measures to reduce the impact and severity of the incident.
  • Resolution: Determine the root cause and implement corrective actions to prevent future occurrences.

Section 5: Recovery and Restoration

  • Data Recovery: Restore critical data from backups or alternative sources.
  • System Rebuild:* Reinstall and configure affected systems to restore operations.
  • Security Patching:* Apply necessary security patches and updates to prevent recurrences.

Section 6: Monitoring and Detection

  • Monitoring Tools:*
    • Intrusion detection systems
    • Security information and event management
    • Network monitoring systems
  • Alert Notifications:
    • Email alerts
    • Text messages
    • Phone calls

Section 7: Training and Drills

  • Training Program:
    • Regular training sessions for all team members on the incident response plan.
  • Drills and Exercises:
    • Conduct drills to test the effectiveness of the plan and identify areas for improvement.

Cato further expands SASE platform for ‘complete’ UK delivery

Read more

Published: Wed, 16 Oct 2024 04:22:00 GMT

Cato Networks Extends SASE Platform for Comprehensive UK Delivery

Cato Networks, provider of cloud-native Secure Access Service Edge (SASE) solutions, has announced significant expansion of its platform in the United Kingdom to meet the growing demand for comprehensive security and connectivity services.

Platform Enhancements

  • Additional Data Centers: Cato has established new data centers in London and Manchester, expanding its global footprint and ensuring low latency and high performance for UK businesses.
  • Local Network Connectivity: The new data centers provide direct access to UK-based networks, enabling seamless and secure connectivity for enterprises with operations across the country.
  • Enhanced Security Features: The expanded platform incorporates advanced security capabilities such as zero-trust network access, web application firewalling, and advanced threat protection.
  • Unified Management Console: A centralized management console offers comprehensive visibility and control over all Cato services, including network security, connectivity, and application performance.

Benefits for UK Enterprises

  • Improved Security: Cato’s SASE platform provides robust security measures to protect enterprises against cyber threats, ensuring data and network integrity.
  • Reduced Complexity: By consolidating multiple network and security services into a single platform, Cato simplifies IT operations and reduces management overhead.
  • Enhanced Connectivity: The expansion of data centers in the UK optimizes connectivity, ensuring reliable and efficient access to cloud applications, remote workforces, and branch offices.
  • Cost Savings: Cato’s subscription-based pricing model provides flexibility and cost-effectiveness, eliminating the need for expensive hardware and licensing fees.

Executive Quotes

“The expansion of our SASE platform in the UK underscores our commitment to providing our customers with the best possible experience,” said Shlomo Kramer, CEO of Cato Networks. “With our enhanced platform, UK businesses can now benefit from complete security, connectivity, and application performance solutions delivered locally.”

“Cato’s SASE platform has been instrumental in transforming our network security and connectivity,” said a spokesperson for a leading UK financial services company. “The expansion in the UK has further strengthened our infrastructure and enabled us to meet our growing business demands.”

Conclusion

Cato Networks’ SASE platform expansion in the UK provides businesses with a comprehensive solution for their security and connectivity needs. With the addition of local data centers, enhanced security features, and unified management capabilities, Cato empowers UK enterprises to securely and efficiently connect, collaborate, and protect their data and applications.

NCSC expands school cyber service to academies and private schools

Read more

Published: Tue, 15 Oct 2024 09:55:00 GMT

NCSC expands school cyber service to academies and private schools

The National Cyber Security Centre (NCSC) is expanding its school cyber service to include academies and private schools.

The service, which is already available to state-funded schools in England and Wales, provides schools with free tools and resources to help them protect themselves from cyber attacks.

The expansion of the service comes in response to the increasing number of cyber attacks targeting schools. In the past year, the NCSC has seen a 70% increase in the number of reports of cyber attacks on schools.

The most common types of cyber attacks targeting schools are phishing attacks, malware attacks, and ransomware attacks. Phishing attacks are emails or text messages that trick people into clicking on links or opening attachments that can lead to their personal information being stolen. Malware attacks are software that can damage or steal data from computers. Ransomware attacks are software that encrypts data on computers and demands a ransom payment in order to decrypt it.

The NCSC’s school cyber service provides schools with a range of tools and resources to help them protect themselves from these types of attacks. These include:

  • A cyber security assessment tool that helps schools to identify their vulnerabilities to cyber attacks.
  • A range of online training courses that teach school staff how to protect themselves from cyber attacks.
  • A dedicated helpline that schools can call for advice and support on cyber security.

The expansion of the NCSC’s school cyber service to include academies and private schools is a welcome step. It will help to protect more schools from cyber attacks and ensure that pupils and staff are safe online.

Here are some additional tips for schools to help protect themselves from cyber attacks:

  • Use strong passwords and change them regularly.
  • Be careful about what you click on in emails and text messages.
  • Don’t open attachments from unknown senders.
  • Keep your software up to date with the latest security patches.
  • Back up your data regularly.
  • Have a cyber security plan in place that includes procedures for responding to cyber attacks.

By following these tips, schools can help to protect themselves from the growing threat of cyber attacks.

Telefónica and Halotech integrate post-quantum encryption into IoT devices

Read more

Published: Tue, 15 Oct 2024 05:46:00 GMT

Telefónica and Halotech Integrate Post-Quantum Encryption into IoT Devices

Telefónica Tech and Halotech DNA have announced a groundbreaking partnership to incorporate post-quantum encryption (PQC) into IoT (Internet of Things) devices. This innovative collaboration aims to safeguard IoT devices from future quantum computing threats.

Rising Quantum Computing Threats

Quantum computing holds immense promise for solving complex problems, but it also poses a significant threat to current encryption standards. Quantum computers have the potential to break widely used encryption algorithms, rendering data vulnerable to unauthorized access.

PQC: Safeguarding IoT from Quantum Threats

PQC algorithms are designed to withstand quantum attacks, ensuring the long-term security of data. By integrating PQC into IoT devices, Telefónica and Halotech are taking proactive steps to protect IoT ecosystems from emerging quantum threats.

Partnership Details

Telefónica Tech will leverage Halotech DNA’s expertise in PQC and cloud-based management to develop a secure and scalable PQC platform. This platform will enable the deployment of PQC encryption capabilities on a wide range of IoT devices, including sensors, gateways, and smart home appliances.

Benefits of PQC Integration

Integrating PQC into IoT devices offers several key benefits:

  • Quantum-Proof Security: Protects data from potential quantum attacks, ensuring long-term data security.
  • Future-Proofing Devices: Prepares IoT devices for the advent of quantum computing, avoiding costly retrofits.
  • Enhanced Trust and Reliability: Enhances trust in IoT systems by implementing industry-leading encryption standards.

Strategic Collaboration

The partnership between Telefónica and Halotech represents a strategic move to address the growing threat of quantum computing on IoT security. By working together, the companies are showcasing their commitment to innovation and the protection of their customers’ data.

Conclusion

The integration of post-quantum encryption into IoT devices by Telefónica and Halotech is a significant step towards safeguarding the future of IoT. By leveraging the power of PQC, the partnership is ensuring that IoT ecosystems remain secure, reliable, and resilient in the face of evolving technological challenges.

Robust cloud IAM should align to zero-trust principles

Read more

Published: Fri, 11 Oct 2024 13:26:00 GMT

Alignment of Robust Cloud IAM with Zero-Trust Principles

Zero-trust is a security model that assumes any entity, whether inside or outside the network, should be considered untrusted until proven otherwise. This approach requires rigorous and continuous verification of authorization and access.

Robust Cloud Identity and Access Management (IAM) practices align seamlessly with zero-trust principles by:

1. Least Privilege:

  • Granting users and services only the minimum permissions necessary to perform their tasks.
  • Zero-trust eliminates implicit trust and requires explicit authorization for each access request.

2. Multi-Factor Authentication (MFA):

  • Requiring multiple factors of authentication, such as a password and a one-time code sent to a phone, to verify identity.
  • Zero-trust mitigates the risk of compromised credentials by adding extra layers of security.

3. Role-Based Access Control (RBAC):

  • Assigning users and services to roles that define their access permissions.
  • Zero-trust ensures that access is granted based on granular roles, reducing the risk of over-privileged accounts.

4. Continuous Monitoring and Auditing:

  • Actively monitoring and logging all access attempts to identify suspicious activity.
  • Zero-trust requires auditable logs and alerts to detect and respond to breaches in real-time.

5. Just-in-Time (JIT) and Just-Enough-Time (JET) Access:

  • Granting access only when needed, for a limited duration.
  • Zero-trust ensures that users do not have permanent access to resources, reducing the attack surface.

6. Microsegmentation:

  • Dividing the network into smaller, isolated segments to limit the impact of breaches.
  • Zero-trust assumes that breaches may occur and mitigates their spread by containing access within specific segments.

7. End-to-End Encryption:

  • Encrypting data in transit and at rest to protect against unauthorized access.
  • Zero-trust ensures data confidentiality even if the network is compromised.

By embracing these principles, Cloud IAM contributes to a comprehensive zero-trust security posture that:

  • Verifies identity: Through rigorous authentication and authorization processes.
  • Limits access: By granting only the necessary permissions and for the shortest possible time.
  • Monitors and responds: By continuously detecting and mitigating threats.

Robust Cloud IAM and zero-trust are complementary approaches that enhance overall security by minimizing the attack surface, preventing unauthorized access, and ensuring that only authorized users and services can access resources.

What is the Mitre ATT&CK framework?

Read more

Published: Fri, 11 Oct 2024 00:00:00 GMT

The MITRE ATT&CK Framework (formerly known as the Adversarial Tactics, Techniques, and Common Knowledge Base) is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It is a community-driven framework that is used by cybersecurity professionals to describe the tactics, techniques, and procedures (TTPs) used by adversaries in cyber attacks.

The ATT&CK framework consists of a matrix of techniques that are grouped by tactic. The tactics represent the high-level goals of an adversary, such as reconnaissance, lateral movement, and exfiltration. The techniques represent the specific actions that an adversary takes to achieve these goals, such as phishing emails, exploiting vulnerabilities, and stealing credentials.

The ATT&CK framework is used by cybersecurity professionals to:

  • Identify the tactics and techniques that are most likely to be used by adversaries
  • Develop defenses against these tactics and techniques
  • Detect and respond to cyber attacks
  • Track the evolution of adversary TTPs over time

The ATT&CK framework is a valuable resource for cybersecurity professionals. It provides a common language for describing adversary TTPs, and it helps to improve the understanding of the cyber threat landscape.

NCSC issues fresh alert over wave of Cozy Bear activity

Read more

Published: Thu, 10 Oct 2024 12:37:00 GMT

Cozy Bear Activity Alert

The National Cyber Security Centre (NCSC) has issued a fresh alert about a wave of malicious activity attributed to the Russian threat actor Cozy Bear.

Details:

  • Cozy Bear is known to target governments, businesses, and individuals worldwide.
  • The latest activity involves phishing emails and malicious attachments.
  • The emails are designed to appear legitimate, often impersonating trusted organizations or individuals.
  • The attachments contain malware that, once opened, can compromise systems and steal sensitive information.

Indicators of Compromise (IoCs):

  • Email subjects: “Your Invoice” or “New Order”
  • Attachment names: “Invoice.zip” or “Order Confirmation.docx”
  • Malware: Cobalt Strike beacon, Sysinternals Sysmon
  • Domain names: “formprovider[.]com”, “gatewayprovider[.]com”
  • IP addresses: 151.80.168.215, 151.80.166.173

Targeted Sectors:

  • Government
  • Healthcare
  • Energy
  • Finance

Mitigation Advice:

  • Be cautious of emails from unknown senders: Do not open attachments or click on links in emails that appear suspicious.
  • Use a reputable antivirus software: Keep your antivirus software updated to detect and block malware.
  • Enable multi-factor authentication (MFA): This adds an extra layer of security to your accounts.
  • Educate your employees: Make sure your employees are aware of the risks and how to protect themselves.
  • Report suspicious activity: If you receive a suspicious email or notice any unusual activity on your systems, report it to the NCSC or your IT security team.

Additional Information:

What is threat intelligence?

Read more

Published: Thu, 10 Oct 2024 12:00:00 GMT

Threat intelligence is the process of gathering and analyzing information about threats to an organization’s assets and the development of effective countermeasures to mitigate those threats. It is a continuous process that involves collecting, analyzing, and sharing information about threats, as well as developing and implementing strategies to mitigate those threats. Threat intelligence is essential for organizations of all sizes, as it can help them to protect their assets from a variety of threats, including cyber attacks, natural disasters, and terrorist attacks.

Government launches cyber standard for local authorities

Read more

Published: Thu, 10 Oct 2024 11:55:00 GMT

Government Launches Cyber Standard for Local Authorities

Summary:

The UK government has introduced a new cyber security standard specifically designed for local authorities. This standard aims to enhance the cyber resilience of local councils and protect critical services from cyber threats.

Key Features of the Standard:

  • Risk Assessment and Prioritization: Councils must conduct regular risk assessments to identify potential cyber threats and prioritize mitigation measures accordingly.
  • Cybersecurity Incident Response Plan: Councils must develop and maintain a robust incident response plan that outlines the steps to be taken in the event of a cyberattack.
  • Cybersecurity Awareness and Training: Councils are required to provide ongoing cybersecurity awareness training to all staff, including basic security measures and incident reporting procedures.
  • Secure Technologies and Practices: Councils must implement secure technologies and practices, such as firewalls, intrusion detection systems, and secure access controls.
  • Collaboration and Information Sharing: Councils are encouraged to collaborate with neighboring councils and other organizations to share information and best practices related to cyber security.

Benefits of the Standard:

  • Enhanced cyber resilience for local authorities, reducing the risk of successful cyberattacks.
  • Protection of critical council services, such as social care, education, and waste management.
  • Improved public trust in local government’s ability to protect sensitive information.
  • Alignment with national cyber security standards and best practices.

Implementation and Timeline:

The cyber standard is mandatory for all local authorities in England. Councils have until March 2024 to fully implement the standard. The government is providing support and guidance to councils to assist with implementation.

Quotes from Minister:

Oliver Dowden, Minister for the Cabinet Office, said: “Cyber security is vital for our national security. Local authorities play a crucial role in providing essential services to our communities, and we must ensure they are protected from cyber threats.”

“This new standard will help local councils to strengthen their cyber defenses, protect public services, and build resilience against cyberattacks.”

Internet Archive web historians target of hacktivist cyber attack

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

How Recorded Future finds ransomware victims before they get hit

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Intelligence Gathering and Analysis:

  • Open Source Intelligence (OSINT): Monitoring public forums, news outlets, and social media for discussions about ransomware attacks.
  • Private Intelligence Feeds: Subscribing to threat intelligence feeds from security firms and law enforcement agencies to gather insights on current ransomware campaigns.
  • Human Intelligence: Engaging with security professionals, industry experts, and victims to collect anecdotal evidence and corroborate information.

Pattern Recognition and Machine Learning:

  • Behavioral Analysis: Identifying patterns in ransomware behavior, such as target selection, attack techniques, and ransom demands.
  • Machine Learning Algorithms: Using machine learning algorithms to identify suspicious activity that resembles known ransomware indicators of compromise (IOCs).
  • Natural Language Processing (NLP): Analyzing text-based communications, such as ransom notes and phishing emails, to identify language patterns and keywords associated with ransomware.

Data Correlation and Predictive Analytics:

  • Correlation Analysis: Connecting data points from multiple intelligence sources to identify potential victims based on shared characteristics, such as industry, location, or cybersecurity practices.
  • Predictive Analytics: Building predictive models that estimate the likelihood of an organization becoming a ransomware target based on historical data and current threat indicators.

Proactive Victim Identification and Outreach:

  • Consensus Views: Collaborating with other security organizations to cross-validate intelligence findings and identify potential ransomware victims.
  • Contacting Victims: Proactively reaching out to organizations identified as high-risk victims to provide early warnings, threat intelligence, and mitigation advice.
  • Incident Response Coordination: Assisting victims during ransomware incidents by providing threat analysis, situational awareness, and guidance on recovery measures.

Additional Factors:

  • Industry Partnerships: Working with cybersecurity vendors, insurance companies, and law enforcement to share intelligence and mitigate ransomware threats.
  • Continuous Monitoring: Constantly updating intelligence feeds, refining machine learning models, and adapting to evolving ransomware tactics.
  • Human Expertise: Blending machine-generated insights with experienced security analysts’ knowledge and judgment to ensure accuracy and relevance of victim identification.

MoneyGram customer data breached in attack

Read more

Published: Wed, 09 Oct 2024 10:48:00 GMT

MoneyGram Customer Data Breached in Attack

Overview:

MoneyGram, a global money transfer company, has confirmed a data breach affecting customers’ personal and financial information. The breach was discovered on January 12, 2023, and affected customers who had used the company’s services between 2014 and 2022.

Affected Information:

The following customer information was potentially compromised:

  • Names
  • Addresses
  • Phone numbers
  • Email addresses
  • Account numbers
  • Transaction history
  • Social Security numbers (US customers)
  • Tax ID numbers (US customers)

How the Breach Occurred:

MoneyGram stated that an unauthorized third party gained access to their customer database. The company is currently investigating how the breach occurred and has notified law enforcement.

Potential Impact:

The compromised data could be used for identity theft, financial fraud, or other malicious purposes. Customers whose information was affected may be at risk of:

  • Unauthorized access to their bank accounts
  • Identity theft, including fraudulent credit applications
  • Scams and phishing attempts

Company Response:

MoneyGram has launched an investigation and is working to implement additional security measures. They have also notified customers who may have been affected and are providing free credit monitoring and identity theft protection services.

Steps to Take:

If you are a MoneyGram customer, you should:

  • Monitor your credit reports and bank statements for any suspicious activity
  • Change your passwords for any accounts associated with MoneyGram
  • Be wary of unsolicited emails or phone calls claiming to be from MoneyGram
  • Report any suspicious activity to MoneyGram immediately

Conclusion:

MoneyGram’s data breach is a reminder of the importance of protecting personal and financial information. Customers should take the necessary steps to safeguard their identity and monitor for any unauthorized activity. MoneyGram has committed to addressing the breach and providing support to affected customers.