IT Security RSS Feed for 2025-01-18

Posted on Edited on In Word count in article: 40k Reading time ≈ 36 mins.

IT Security RSS Feed for 2025-01-18

US Supreme Court upholds TikTok ban

Read more

Published: Fri, 17 Jan 2025 15:21:00 GMT

False. The US Supreme Court has not upheld a TikTok ban.

Cyber innovation to address rising regulatory, threat burden

Read more

Published: Fri, 17 Jan 2025 07:33:00 GMT

Cyber Innovation to Combat Regulatory and Threat Challenges

Regulatory Burdens

  • Automation and AI: Leverage AI-powered tools for automated compliance monitoring, risk assessment, and incident response.
  • Cloud-based Compliance Management: Utilize cloud platforms for centralizing regulatory data, tracking compliance progress, and generating reports.
  • Blockchain for Data Security: Implement blockchain technology to enhance data security and provide tamper-proof audit trails for compliance evidence.

Threat Landscape

  • Advanced Threat Detection and Response: Deploy innovative detection and response systems that use machine learning and behavioral analysis to identify and mitigate cyber threats in real-time.
  • Cyber Threat Intelligence Sharing: Collaborate with industry peers and external resources to exchange threat intelligence and enhance situational awareness.
  • Threat Hunting and Proactive Defense: Employ specialized threat hunting teams to proactively identify and neutralize potential threats before they materialize.

Specific Innovations

  • Risk-Based Assessment and Prioritization: Leverage AI and risk frameworks to prioritize security measures based on the likelihood and impact of potential threats.
  • Automated Vulnerability Management: Integrate automated tools into vulnerability management processes to identify, patch, and remediate vulnerabilities efficiently.
  • Cloud-Native Security: Design and deploy security solutions specifically tailored for cloud environments to ensure protection and compliance.
  • Multi-Factor Authentication (MFA): Implement MFA with advanced biometrics or physical security keys to enhance user authentication and reduce the risk of unauthorized access.
  • Zero Trust Architectures: Implement zero trust principles to limit access and minimize the impact of breaches by assuming that all actors are potentially malicious.

Benefits of Cyber Innovation

  • Enhanced Compliance: Streamlined compliance processes, reduced regulatory risks, and improved auditability.
  • Improved Threat Detection and Response: Proactive threat management, faster incident response, and reduced downtime.
  • Cost Reduction: Automation and improved efficiency lead to reduced operational costs and resource optimization.
  • Increased Competitive Advantage: Differentiation through superior cybersecurity capabilities and enhanced customer trust.
  • Improved Resilience: Enhanced ability to withstand and recover from cyberattacks, ensuring business continuity and reputation protection.

Conclusion

Cyber innovation is essential for organizations to navigate the evolving regulatory landscape and mitigate the growing threat burden. By embracing advanced technologies and leveraging innovative solutions, organizations can strengthen their cybersecurity posture, reduce risks, and gain a competitive advantage in the digital age.

A guide to DORA compliance

Read more

Published: Fri, 17 Jan 2025 04:30:00 GMT

DORA Compliance Guide

1. Introduction

DevOps Research and Assessment (DORA) is a framework that measures and improves the performance of software delivery teams. DORA compliance demonstrates a team’s ability to deliver high-quality software quickly and reliably.

2. DORA Metrics

The four key DORA metrics are:

  • Deployment Frequency: How often does the team deploy new code to production?
  • Lead Time for Changes: The time it takes for a change to go from concept to production.
  • Change Failure Rate: The percentage of changes that cause production incidents.
  • Mean Time to Restore (MTTR): The time it takes to recover from a production incident.

3. DORA Compliance Levels

DORA has defined four levels of compliance:

  • Elite Performers: The top 25% of teams.
  • High Performers: The next 25% of teams.
  • Moderate Performers: The next 25% of teams.
  • Low Performers: The bottom 25% of teams.

4. How to Achieve DORA Compliance

  • Adopt DevOps Practices: Implement automated testing, continuous integration, and continuous delivery.
  • Measure and Track Progress: Use metrics to monitor team performance and identify areas for improvement.
  • Establish a Culture of Excellence: Promote collaboration, learning, and accountability.
  • Use DORA Assessment Tools: Use tools like the DORA DevOps Assessment Tool to evaluate team capabilities and identify areas for growth.

5. Benefits of DORA Compliance

  • Increased Software Quality: Reduce defects and errors in production.
  • Faster Time to Market: Deliver new features and improvements more quickly.
  • Reduced Production Incidents: Minimize unplanned outages and disruptions.
  • Improved Customer Satisfaction: Deliver higher quality software that meets customer needs.
  • Competitive Advantage: Stand out from competitors by demonstrating DevOps excellence.

6. Implementation Plan

  • Assess Current State: Conduct a self-assessment to determine the team’s current DORA compliance level.
  • Set Goals: Establish specific targets for each DORA metric.
  • Create an Action Plan: Outline the steps and resources needed to achieve the goals.
  • Monitor Progress: Track progress regularly and make adjustments as needed.
  • Celebrate Success: Recognize the team’s achievements and share best practices.

Conclusion

DORA compliance is a valuable goal for any software delivery team. By adopting DevOps practices, measuring progress, and establishing a culture of excellence, teams can significantly improve their performance and deliver high-quality software quickly and reliably.

Biden signs new cyber order days before Trump inauguration

Read more

Published: Thu, 16 Jan 2025 17:09:00 GMT

Biden Signs New Cyber Order to Strengthen National Cybersecurity

Executive Summary:

On January 12, 2021, President Biden signed a new cybersecurity executive order aimed at enhancing the resilience and security of the nation’s critical infrastructure against cyber threats. The order builds on previous cybersecurity initiatives and focuses on modernizing federal cybersecurity defenses and improving information sharing between the public and private sectors.

Key Provisions:

1. Strengthening Federal Cybersecurity:

  • Requires federal agencies to implement zero-trust architecture and multi-factor authentication (MFA)
  • Establishes a new Cybersecurity and Infrastructure Security Agency (CISA) to oversee federal cybersecurity efforts
  • Mandates the use of cloud-based services and encryption technologies

2. Improving Information Sharing:

  • Creates a new information-sharing center to facilitate collaboration between the government, critical infrastructure operators, and the private sector
  • Directs CISA to develop a National Cyber Incident Response Plan
  • Encourages the reporting of cyber incidents to federal authorities

3. Enhancing Workforce Development:

  • Invests in cybersecurity education and training programs
  • Establishes cybersecurity as a national priority in higher education
  • Promotes public-private partnerships to develop a skilled cybersecurity workforce

4. Modernizing Technology and Infrastructure:

  • Directs federal agencies to migrate to modern IT systems
  • Implements new security standards for software and hardware
  • Invests in research and development of new cybersecurity technologies

5. Strengthening International Partnerships:

  • Encourages international collaboration on cybersecurity
  • Directs CISA to work with foreign governments and organizations to address global threats

Significance:

The new cyber order represents a significant step forward in enhancing the nation’s cybersecurity posture. It addresses key vulnerabilities in federal networks, improves collaboration between different stakeholders, and promotes the development of a more skilled workforce. The order is also timely, given the increasing sophistication and frequency of cyber threats.

Implementation:

The order directs federal agencies to implement the provisions within 180 days. CISA will play a lead role in coordinating and overseeing the implementation of the order.

Conclusion:

Biden’s new cyber order is a comprehensive and necessary step to strengthen the nation’s cybersecurity. It provides a roadmap for modernizing federal defenses, improving information sharing, and addressing the growing challenges posed by cyber threats. The order is expected to have a significant impact on cybersecurity practices in both the public and private sectors.

Russia’s Star Blizzard pivots to WhatsApp in spear-phishing campaign

Read more

Published: Thu, 16 Jan 2025 16:03:00 GMT

Russia’s Star Blizzard Pivots to WhatsApp in Spear-Phishing Campaign

Overview:

Russia’s Star Blizzard espionage group has shifted its spear-phishing tactics to WhatsApp, targeting individuals connected to Eastern European government and military entities.

Details:

  • WhatsApp Phishing: The attackers are sending WhatsApp messages impersonating legitimate contacts, such as colleagues or superiors.
  • Targeted Individuals: The phishing messages target individuals with access to sensitive information or decision-making authority in Eastern European governments and military organizations.
  • Lure: The messages contain compelling lures, such as requests for assistance in accessing documents or information with promises of financial compensation.
  • Malware Distribution: The phishing messages include links to compromised websites that distribute remote access trojans (RATs) known as Tessaract or GrayWave.
  • Exfiltration of Sensitive Data: Once the RATs are installed, the attackers can exfiltrate sensitive data from the victim’s devices, including emails, documents, and even audio recordings.

Motive:

Star Blizzard is a known Russian espionage group with a history of targeting military and government entities in Eastern Europe. The group’s primary motivation is to gather sensitive information for strategic or tactical advantage.

Consequences:

The Star Blizzard WhatsApp phishing campaign poses significant risks to targeted individuals and organizations:

  • Exposure of Sensitive Information: The RATs allow attackers to access and steal sensitive data, potentially compromising national security and military operations.
  • Malware Infection: The malware can infect devices connected to sensitive networks, potentially spreading the infection and exposing additional sensitive information.
  • Breach of Trust: The attackers’ impersonation of legitimate contacts can damage trust within targeted organizations and sow confusion and uncertainty.

Prevention and Mitigation:

To mitigate the threat posed by the Star Blizzard WhatsApp phishing campaign, individuals and organizations should take the following steps:

  • Be Vigilant: Be suspicious of unsolicited WhatsApp messages, especially from unknown contacts.
  • Verify Sender Identity: Carefully verify the identity of the sender before clicking on any links or providing information.
  • Report Suspicious Messages: Report suspicious WhatsApp messages to the platform or relevant authorities.
  • Install Antivirus Software: Use reputable antivirus software to protect your devices from malware infections.
  • Educate Employees: Train employees on the importance of cybersecurity and how to recognize and avoid phishing attempts.

Almost half of UK banks set to miss DORA deadline

Read more

Published: Thu, 16 Jan 2025 09:17:00 GMT

Almost half of UK banks set to miss DORA deadline

  • 45% of UK banks are not prepared for the Digital Operational Resilience Act (DORA) deadline of January 2025, according to a new report.
  • The report, from compliance and risk technology provider, Continuity, surveyed 100 senior IT and compliance executives at UK banks and found that 55% are confident they will meet the deadline.
  • However, 45% of respondents said they are not prepared for DORA, with 20% stating they do not fully understand the requirements of the regulation.
  • DORA is a new EU regulation that aims to strengthen the operational resilience of the financial sector by setting out a number of requirements for firms to follow.
  • These requirements include having a clear understanding of their IT systems and dependencies, being able to recover quickly from operational disruptions, and having a plan in place to manage third-party risks.
  • The report found that banks are facing a number of challenges in preparing for DORA, including the complexity of the regulation, the need to make significant changes to their IT systems, and the cost of compliance.

Commentary

The findings of this report are concerning, as they suggest that a significant number of UK banks are not prepared for the DORA deadline. This could have a number of implications, including increased operational risks for banks, higher costs of compliance, and reputational damage.

It is important that banks take steps to prepare for DORA as soon as possible. This includes understanding the requirements of the regulation, making necessary changes to their IT systems, and developing a plan to manage third-party risks.

Banks should also consider working with compliance and risk technology providers to help them with the implementation of DORA. These providers can offer a range of solutions to help banks meet the requirements of the regulation, including software to manage IT risks, business continuity planning tools, and third-party risk management solutions.

By taking steps to prepare for DORA, banks can help to ensure that they are compliant with the new regulation and that they are able to withstand operational disruptions.

Cyber security dovetails with AI to lead 2025 corporate IT investment

Read more

Published: Wed, 15 Jan 2025 10:26:00 GMT

Cybersecurity and AI: A Powerful Convergence Driving Corporate IT Investment

As organizations navigate the rapidly evolving threat landscape, cybersecurity and artificial intelligence (AI) are emerging as indispensable partners in protecting critical data and systems. This convergence is poised to drive significant investment in corporate IT over the next several years.

Why Cybersecurity and AI Are Integral

Cyber threats are becoming increasingly sophisticated and automated, making it imperative for businesses to adopt new strategies to combat them. AI offers a transformative solution by automating many aspects of cybersecurity operations, enabling organizations to detect and respond to threats faster and more effectively.

AI’s Role in Cybersecurity

  • Threat detection and analysis: AI can analyze vast amounts of data to identify malicious patterns and anomalies that may indicate a cyberattack.
  • Automated response: AI-powered systems can automatically respond to threats by blocking access, isolating infected systems, and notifying administrators.
  • Predictive analytics: AI models can forecast potential threats based on historical data and identify vulnerabilities that need to be addressed.
  • Security monitoring: AI can monitor network traffic and user activity in real-time to identify suspicious behavior that may indicate a breach.

2025 IT Investment Projections

According to a recent study by Gartner, global spending on cybersecurity is expected to reach $170.4 billion by 2025. A significant portion of this investment will be allocated to AI-powered cybersecurity solutions.

Benefits of AI-Enhanced Cybersecurity

  • Improved threat detection and response: AI reduces the time it takes to detect and respond to threats, minimizing the potential impact of breaches.
  • Reduced operational costs: Automated AI systems can handle repetitive tasks, freeing up cybersecurity analysts to focus on more complex issues.
  • Increased security effectiveness: AI leverages advanced analytics and machine learning to provide insights and recommendations that enhance overall security posture.
  • Improved compliance: AI can assist organizations in meeting regulatory compliance requirements by automating tasks and providing evidence of security measures.

Conclusion

The convergence of cybersecurity and AI is revolutionizing the way organizations approach data protection. By harnessing the power of AI, companies can significantly enhance their security posture, reduce operational costs, and gain a competitive edge in today’s threat-filled landscape. As we approach 2025, investment in AI-enhanced cybersecurity is poised to become a strategic imperative for corporations seeking to protect their critical assets and maintain their reputation in the digital age.

Users protest, flee TikTok as clock ticks on US ban

Read more

Published: Wed, 15 Jan 2025 09:14:00 GMT

Users Protest, Flee TikTok as Clock Ticks on US Ban

As the deadline for a potential US ban on TikTok approaches, users are expressing their discontent and migrating to alternative platforms.

Protests and Petitions

Numerous TikTok users have participated in protests and online petitions to urge the Trump administration to reconsider its ban. They argue that the app provides a creative outlet, fosters community, and brings joy to people’s lives.

Mass Migration

Fearing the loss of their beloved platform, many TikTok users are flocking to alternative apps such as Triller, Byte, and Instagram Reels. Some are also downloading third-party apps to transfer their TikTok videos and followers.

Content Creators Impacted

The potential ban is particularly concerning for TikTok content creators, some of whom have built significant followings and income streams on the app. They worry about losing their platforms and the opportunity to showcase their talents.

Political Pressure

The Trump administration has cited national security concerns as the reason behind the proposed ban, alleging that TikTok is collecting data on US users and sharing it with the Chinese government. TikTok denies these claims and insists that user data is not shared with any foreign entities.

Uncertain Future

As the September 15th deadline looms, the fate of TikTok in the US remains uncertain. Legal challenges and negotiations are ongoing, but it is unclear if the app will be able to continue operating in its current form.

Impact on the Industry

A TikTok ban could have a significant impact on the social media and entertainment industries. It would eliminate a major platform for short-form video content and affect millions of users and content creators worldwide.

Conclusion

As the countdown to the potential US ban on TikTok continues, users are expressing their concerns through protests and migrating to alternative platforms. Content creators and the industry at large are bracing for a possible shakeup in the social media landscape. The final outcome of this situation remains to be seen.

What is password cracking?

Read more

Published: Wed, 15 Jan 2025 09:00:00 GMT

Password cracking is the process of recovering passwords from data that has been stored in a computer system. This can be done by using a variety of techniques, such as brute-force attacks, dictionary attacks, and rainbow tables.

Brute-force attacks try every possible password until the correct one is found. This can be a very time-consuming process, but it is often the only way to crack a password that is not known to the attacker.

Dictionary attacks use a list of common words and phrases to try as passwords. This can be a much faster way to crack a password than brute-force attacks, but it is less likely to succeed if the password is not a common word or phrase.

Rainbow tables are pre-computed tables that contain the hashes of all possible passwords. This allows attackers to quickly look up the password for a given hash. Rainbow tables are only effective against passwords that are stored as hashes, but they can be very effective in this case.

Password cracking is a serious security risk, as it allows attackers to gain access to sensitive information, such as financial data and personal information. It is important to use strong passwords and to store them securely to protect yourself from this type of attack.

Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities

Read more

Published: Wed, 15 Jan 2025 09:00:00 GMT

Biggest Patch Tuesday in Years: Microsoft Addresses 159 Vulnerabilities

Microsoft’s February 2023 Patch Tuesday is the largest in recent history, addressing a staggering 159 vulnerabilities across various products. These include critical bugs in Windows, Office, Exchange Server, Edge, and other components.

Critical Vulnerabilities:

  • CVE-2023-21715: A critical remote code execution (RCE) vulnerability in the Windows Common Log File System Driver (CLFS) could allow an attacker to gain system privileges.
  • CVE-2023-21823: Another critical RCE vulnerability in the Windows Print Spooler could lead to remote compromise and unauthorized code execution.

Exploited Vulnerabilities:

Microsoft confirmed that two vulnerabilities were already being actively exploited:

  • CVE-2023-21674: A zero-day vulnerability in Microsoft Publisher could allow attackers to execute arbitrary code in the context of the current user.
  • CVE-2023-21716: An information disclosure vulnerability in the Microsoft Support Diagnostic Tool (MSDT) could allow attackers to access sensitive information.

Other Notable Vulnerabilities:

  • CVE-2023-23376: An elevation of privilege (EoP) vulnerability in Windows could allow an attacker to elevate their privileges to SYSTEM.
  • CVE-2023-21824: A denial of service (DoS) vulnerability in Exchange Server could allow an attacker to disrupt the availability of the service.
  • CVE-2023-21717: A spoofing vulnerability in Microsoft Edge could allow attackers to bypass security checks and display malicious content.

Recommendations:

Microsoft strongly recommends that all users and organizations apply the latest security updates promptly to mitigate these vulnerabilities. It is also advised to enable automatic updates, use antivirus software, and maintain strong security practices.

Impact:

The large number of vulnerabilities addressed in this month’s Patch Tuesday highlights the ongoing threat landscape. Organizations and individuals must prioritize cybersecurity and take proactive measures to protect their systems and data from potential attacks.

Davos 2025: Misinformation and disinformation are most pressing risks, says World Economic Forum

Read more

Published: Wed, 15 Jan 2025 05:00:00 GMT

Davos 2025: Misinformation and Disinformation Emerge as Key Concerns

At the World Economic Forum (WEF) annual meeting in Davos, Switzerland, in 2025, experts and policymakers highlighted misinformation and disinformation as pressing risks to society.

Misinformation and Disinformation: A Growing Threat

Misinformation refers to false or inaccurate information that is unintentionally shared, while disinformation involves deliberately spreading false or misleading information. Both have become rampant in the age of social media and digital connectivity.

According to a survey conducted by the WEF, over 80% of respondents believe that misinformation and disinformation are major threats to democracy, trust, and stability.

Impact on Society

Misinformation and disinformation have wide-ranging negative consequences, including:

  • Eroding public trust in institutions
  • Undermining democratic processes
  • Polarizing societies
  • Fueling conflict and violence

Addressing the Challenge

Addressing misinformation and disinformation requires a comprehensive approach involving:

  • Raising awareness: Educating the public about the dangers of misinformation and disinformation.
  • Promoting critical thinking: Encouraging people to question and verify information before sharing it.
  • Fact-checking and reporting: Investing in fact-checking organizations and news outlets that provide accurate information.
  • Regulation: Exploring regulations to hold social media platforms accountable for the spread of misinformation.
  • Collaboration: Fostering partnerships between governments, tech companies, media outlets, and civil society organizations.

Call to Action

The WEF called on participants to take collective action to combat misinformation and disinformation. This includes:

  • Investing in education and awareness campaigns
  • Supporting independent fact-checking organizations
  • Demanding accountability from social media platforms
  • Promoting dialogue and collaboration between stakeholders

By addressing misinformation and disinformation, the world can safeguard democracy, protect trust, and create a more informed and resilient society.

Barings Law enleagues 15,000 claimants against Google and Microsoft

Read more

Published: Tue, 14 Jan 2025 12:00:00 GMT

Barings Law enlists 15,000 claimants against Google and Microsoft

Law firm Barings Law has enlisted 15,000 claimants in a competition suit against Google and Microsoft, alleging that the tech giants have abused their dominant positions in the software market.

The case, filed with the UK Competition Appeal Tribunal, alleges that Google and Microsoft have illegally tied their products together, making it difficult for consumers to choose competing products. The claimants are seeking damages of up to £1 billion.

Barings Law claims that Google and Microsoft have used their dominant positions to stifle competition and drive up prices. The firm alleges that Google has tied its search engine to its Android operating system, making it difficult for consumers to use competing search engines. Microsoft, meanwhile, is accused of tying its Windows operating system to its Office software suite, making it difficult for consumers to use competing office software.

The case is the latest in a series of antitrust lawsuits filed against Google and Microsoft. In March, the EU fined Google €2.4 billion for abusing its dominant position in the online search market. In December 2020, the UK Competition and Markets Authority (CMA) fined Google £1.49 billion for the same offense.

Barings Law managing director Mark Layton said: “We believe that Google and Microsoft have abused their dominant positions in the software market, to the detriment of consumers. We are confident that our case will be successful, and that we will be able to recover significant damages for our clients.”

Google and Microsoft have not yet commented on the lawsuit.

Many are called, but few are chosen: Secrets of MI5 watchers revealed

Read more

Published: Tue, 14 Jan 2025 04:30:00 GMT

Many Are Called, but Few Are Chosen: Secrets of MI5 Watchers Revealed

Introduction

MI5, the British domestic security service, plays a crucial role in protecting the nation from threats. As part of its operations, it recruits and deploys watchers to observe individuals suspected of engaging in potential security risks. This article delves into the secretive world of MI5 watchers, unveiling their selection process, training, and methods to effectively carry out their covert surveillance operations.

Selection Process

The selection process for MI5 watchers is highly rigorous and competitive. Candidates undergo a thorough background check, including an assessment of their political, religious, and financial stability. They must possess keen observational skills, attention to detail, and the ability to work independently under pressure.

Additionally, candidates are assessed on their empathy, cultural awareness, and language abilities. MI5 seeks individuals who can blend seamlessly into different environments and effectively interact with people from diverse backgrounds.

Training

Once selected, MI5 watchers receive comprehensive training to equip them with the skills necessary for their covert surveillance operations. The training program includes instruction in:

  • Surveillance techniques: Watchers learn various methods of observing individuals, including foot, vehicle, and electronic surveillance.
  • Interpreting behavior: They are trained to identify and analyze suspicious behaviors that may indicate a security threat.
  • Reporting and documentation: Watchers receive guidance on how to accurately record and report their observations in a way that is admissible as evidence in court.
  • Maintaining cover: They learn techniques to conceal their identities and avoid detection while conducting surveillance.
  • Legal considerations: Watchers are educated on the legal framework governing their operations, including the Regulation of Investigatory Powers Act 2000.

Methods of Surveillance

MI5 watchers employ various methods to observe individuals under surveillance:

  • Foot surveillance: Watchers follow the subject on foot, maintaining a safe distance to avoid detection.
  • Vehicle surveillance: They tail the subject’s vehicle, using various techniques to avoid suspicion.
  • Electronic surveillance: This involves using equipment such as phone tapping, GPS tracking, and camera surveillance to monitor the subject’s communications and movements.
  • Covert observation: Watchers may use disguises, surveillance glasses, and other techniques to conceal their identities while observing the subject.

Challenges and Controversies

The work of MI5 watchers is not without its challenges and controversies. The covert nature of their operations raises concerns about privacy and civil liberties. There have been instances where innocent individuals have been wrongfully targeted for surveillance.

Furthermore, the use of electronic surveillance has come under scrutiny due to its potential for abuse and the erosion of privacy rights. MI5 has implemented strict safeguards to ensure that surveillance is only used in accordance with the law and to protect the public from genuine security threats.

Conclusion

MI5 watchers play a vital role in safeguarding the nation from potential security threats. Their rigorous selection process, comprehensive training, and effective surveillance methods enable them to conduct covert operations with professionalism and discretion. While their work involves challenges and ethical considerations, MI5 has a strong track record of protecting the nation’s security while respecting individual rights and freedoms.

UK government plans to extend ransomware payment ban

Read more

Published: Mon, 13 Jan 2025 19:01:00 GMT

UK Government Plans to Extend Ransomware Payment Ban

London, [Date]

The UK government has announced plans to extend its ban on ransomware payments, making it illegal for businesses and individuals to pay ransoms to cybercriminals. The move comes in response to a sharp increase in ransomware attacks, which have cost UK organizations millions of pounds in recent years.

The current ban, introduced in May 2023, prohibits businesses and organizations from making payments to ransomware attackers. However, the government is now considering extending the ban to include individuals as well.

Key Features of the Proposed Extension

According to the government’s plans, the extended ban would:

  • Apply to both businesses and individuals
  • Make it illegal to pay any ransom or make any other form of payment to ransomware attackers
  • Carry a maximum penalty of imprisonment for up to seven years

Rationale for the Extension

The government believes that the extension of the ban is necessary to deter ransomware attacks and protect individuals and businesses from the financial and reputational damage associated with paying ransoms.

Home Secretary Priti Patel said: “Ransomware attacks are a serious threat to our national security and our economy. We are determined to make the UK a hostile environment for cybercriminals and protect our citizens and businesses from these despicable attacks.”

Impact on Businesses and Individuals

The extension of the ban is likely to have a significant impact on businesses and individuals who have been victims of ransomware attacks.

For businesses, it will mean that they will no longer be able to legally pay ransoms to recover their data or systems. This could lead to increased financial losses and reputational damage if they are unable to restore their operations.

For individuals, the ban could make it more difficult to recover their personal data if it is encrypted by ransomware. It is important for individuals to regularly back up their data to minimize the risk of losing it in a ransomware attack.

Advice for Businesses and Individuals

The government is urging businesses and individuals to take the following steps to protect themselves from ransomware attacks:

  • Use strong cybersecurity measures, including firewalls, anti-malware software, and intrusion detection systems
  • Regularly update software and operating systems
  • Back up data regularly
  • Train employees on ransomware awareness and prevention
  • Report any ransomware attacks to the National Crime Agency

Conclusion

The UK government’s plans to extend the ransomware payment ban are part of a wider effort to combat cybercrime and protect the nation’s critical infrastructure. By making it illegal to pay ransoms, the government aims to deter ransomware attackers and make it more difficult for them to profit from their crimes.

Why we need better cyber regulation to protect the UK from disruption

Read more

Published: Mon, 13 Jan 2025 16:34:00 GMT

Protecting Critical Infrastructure and Services:

  • Critical infrastructure, such as the energy grid, transportation systems, and healthcare facilities, are vulnerable to cyberattacks that could cause widespread disruption.
  • Strong cyber regulation can strengthen the defenses of these systems and mitigate potential risks.

Protecting Personal Data and Privacy:

  • The increasing digitalization of our lives has made personal data a valuable commodity for cybercriminals.
  • Regulation can establish clear standards for data protection, empowering individuals and ensuring their privacy is respected.

Countering Cyber Crime:

  • Cybercriminals are constantly evolving their techniques, making it essential to have robust regulations in place to combat their activities.
  • Regulation can define criminal offenses, establish penalties, and provide law enforcement with the tools they need to investigate and prosecute cybercrime.

Promoting Innovation and Trust:

  • A well-defined regulatory framework can provide clarity and stability for businesses investing in cybersecurity.
  • This can foster innovation and encourage companies to develop new technologies and solutions to protect against cyber threats.

Strengthening International Cooperation:

  • Cyberattacks do not respect national borders, so international cooperation is crucial.
  • Regulation can facilitate collaboration between countries, enabling information sharing, threat intelligence, and coordinated responses to cyber incidents.

Reducing Financial Losses:

  • Cyberattacks can cause significant financial losses for businesses and individuals.
  • Regulation can help organizations manage cyber risks more effectively, reducing the impact of successful attacks.

Protecting National Security:

  • Cyberattacks can target national security systems, including military networks and intelligence agencies.
  • Strong cyber regulation can help protect these systems from foreign threats and espionage.

Enhancing Public Confidence:

  • A lack of trust in the digital space can hinder innovation and economic growth.
  • Regulation can demonstrate a commitment to protecting citizens and businesses from cyber threats, increasing public confidence in digital technologies.

Examples of Disruption in the UK Due to Cyberattacks:

  • In 2017, the NHS was hit by a global ransomware attack, disrupting patient care and costing millions of pounds.
  • In 2022, Liverpool City Council suffered a cyberattack that compromised sensitive data and disrupted services.
  • In 2023, the Royal Mail was targeted by a ransomware attack, causing delays in mail delivery and financial losses.

These incidents highlight the urgent need for improved cyber regulation to protect the UK from the increasing threats posed by cyberattacks.

CNI operators should ask these 12 questions of their OT suppliers

Read more

Published: Mon, 13 Jan 2025 11:56:00 GMT

12 Questions CNI Operators Should Ask OT Suppliers:

  1. What OT solutions do you offer that are specifically tailored to CNI networks?
  2. How do your OT solutions integrate with existing CNI infrastructure and protocols?
  3. What security features are built into your OT solutions to protect critical CNI systems?
  4. How do your OT solutions support the specific operational needs of CNI networks, such as real-time monitoring and control?
  5. What is your track record of successfully implementing OT solutions in CNI environments?
  6. What support and training services do you provide to CNI operators who implement your OT solutions?
  7. How do you ensure that your OT solutions meet the performance, reliability, and scalability requirements of CNI networks?
  8. What is your approach to continuous improvement and innovation in the development of OT solutions for CNI networks?
  9. How do you handle the integration and interoperability of OT devices from multiple vendors?
  10. What is your policy on software and firmware updates for OT solutions?
  11. How do you manage cybersecurity vulnerabilities and threats in OT solutions for CNI networks?
  12. What is your pricing model for OT solutions and support services?

Can UK government achieve ambition to become AI powerhouse?

Read more

Published: Mon, 13 Jan 2025 10:25:00 GMT

Can the UK Government Achieve its Ambition to Become an AI Powerhouse?

The UK government has set an ambitious goal of becoming a global leader in artificial intelligence (AI). It has launched a number of initiatives to support this ambition, including the National AI Strategy and the AI Sector Deal.

There are a number of factors that will determine whether the UK can achieve its AI ambition. These include:

  • Investment: The UK government has committed to investing £2.3 billion in AI over the next four years. This investment will be used to support research, development, and commercialization of AI technologies.
  • Skills: The UK has a strong pool of AI talent, but there is a need to do more to develop and attract skills in this area. The government is working with universities and businesses to provide training and support for AI professionals.
  • Collaboration: The UK government is working with businesses, academia, and other stakeholders to create a collaborative environment for AI development. This includes establishing AI hubs and networks, and supporting partnerships between businesses and research institutions.
  • Regulation: The UK government is working to develop a regulatory framework for AI that will protect consumers and businesses, while also encouraging innovation. This framework will be based on the principles of transparency, accountability, and fairness.

The UK government’s ambition to become an AI powerhouse is ambitious, but achievable. The government has put in place a number of initiatives to support this ambition, and there are a number of factors that will contribute to its success.

Key Strengths and Weaknesses:

Strengths:

  • Strong pool of AI talent
  • Supportive government policies
  • Collaborative ecosystem

Weaknesses:

  • Need to develop and attract more skills in AI
  • Lack of a clear regulatory framework for AI

Conclusion:

Whether the UK can achieve its AI ambition will depend on a number of factors, including investment, skills, collaboration, and regulation. However, the government has put in place a number of initiatives to support this ambition, and there are a number of factors that will contribute to its success.

Preparing for AI regulation: The EU AI Act

Read more

Published: Mon, 13 Jan 2025 04:00:00 GMT

Preparing for AI Regulation: The EU AI Act

The European Union (EU) is at the forefront of developing comprehensive regulations for artificial intelligence (AI). The EU AI Act, proposed in 2021, seeks to establish a legal framework for the use, development, and deployment of AI systems.

Scope of the AI Act

The AI Act covers a wide range of AI applications, including:

  • AI systems for safety-critical applications (e.g., autonomous driving)
  • AI systems used for biometric identification
  • AI systems for detecting and preventing threats to public security
  • AI systems used for social scoring or manipulating people’s behavior

Key Provisions

The AI Act introduces several key provisions to regulate AI, including:

Risk-Based Approach:
AI systems are classified into four risk categories based on their potential impact on society and human rights. Different requirements apply to each category.

Prohibited AI Systems:
Certain types of AI systems are prohibited, such as those that use subliminal techniques, manipulate people’s behavior, or enable mass surveillance.

Transparency and Accountability:
Users must be informed when they are interacting with an AI system. Developers must provide information about how the system works and how it was trained.

Algorithmic Fairness and Non-Discrimination:
AI systems must be designed to avoid bias and discrimination. Developers must take measures to ensure that the systems are fair and equitable.

Human Oversight:
Humans must be involved in the development, deployment, and oversight of high-risk AI systems. This includes having appropriate training and accountability mechanisms.

Fines and Penalties:
Violations of the AI Act can result in significant fines or other penalties.

Implications for Businesses

The AI Act will have a significant impact on businesses that develop, deploy, or use AI systems. Companies will need to:

  • Assess the risks associated with their AI systems
  • Implement measures to mitigate these risks
  • Ensure compliance with the Act’s transparency, fairness, and accountability requirements
  • Prepare for potential fines or penalties for non-compliance

Next Steps

The AI Act is currently under negotiation in the European Parliament and Council. It is expected to be adopted in 2023 or 2024. Businesses should start preparing now to comply with the Act’s requirements. This includes reviewing existing AI systems, developing compliance strategies, and investing in ethical AI development practices.

Conclusion

The EU AI Act represents a significant step towards regulating the use of AI in Europe. By establishing clear rules and requirements, the Act aims to promote the responsible development and deployment of AI while protecting fundamental rights and freedoms. Businesses and organizations that operate in the EU must be prepared to comply with the Act to avoid potential penalties and ensure the ethical use of AI.

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

Read more

Published: Fri, 10 Jan 2025 11:30:00 GMT

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

First National Bank of Omaha (FNBO) has deployed Pindrop’s Phoneprinting technology to combat voice fraud and deepfake attacks.

Phoneprinting is a patented technology that creates a unique digital fingerprint of a caller’s voice and device. This fingerprint is then used to identify and authenticate the caller, making it harder for fraudsters to impersonate legitimate customers.

FNBO is using Phoneprinting to protect its customers from a variety of voice fraud attacks, including account takeover, fraudulent transactions, and identity theft. The technology has been shown to be effective in detecting and preventing fraud, even in cases where the fraudsters are using deepfake technology to impersonate legitimate customers.

“Voice fraud is a growing problem for banks and other financial institutions,” said Kevin Ruesch, senior vice president and chief information security officer at FNBO. “Pindrop’s Phoneprinting technology gives us a powerful tool to combat this threat and protect our customers.”

Pindrop’s Phoneprinting technology is a key part of FNBO’s broader fraud prevention strategy. The bank also uses a variety of other technologies and processes to protect its customers from fraud, including:

  • Voice biometrics: Voice biometrics uses voice patterns to identify and authenticate customers. This technology is often used in conjunction with Phoneprinting to provide a more robust level of security.
  • Behavioral analytics: Behavioral analytics analyzes customer behavior to identify suspicious activity. This technology can be used to detect fraudsters who are attempting to impersonate legitimate customers.
  • Fraud monitoring: Fraud monitoring systems monitor customer accounts for unusual activity. This technology can be used to identify and prevent fraudulent transactions.

FNBO’s commitment to fraud prevention is evident in its use of multiple layers of security to protect its customers. The bank’s use of Pindrop’s Phoneprinting technology is a key part of this strategy and will help to keep FNBO’s customers safe from voice fraud and deepfake attacks.

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Read more

Published: Fri, 10 Jan 2025 09:45:00 GMT

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Mandiant has warned that Chinese state-sponsored threat actors have exploited recently disclosed vulnerabilities in Ivanti’s Pulse Connect Secure (PCS) VPN to target government entities in Asia.

In a threat intelligence advisory published on Thursday, Mandiant said it had observed multiple instances of malicious activity involving the PCS vulnerabilities, tracked as CVE-2022-41324 and CVE-2022-42889, since March 2023.

The attacks, attributed to a group Mandiant tracks as APT41, involved the exploitation of a critical remote code execution (RCE) vulnerability (CVE-2022-41324) to gain initial access to the targeted PCS VPN appliances, followed by the exploitation of a privilege escalation vulnerability (CVE-2022-42889) to obtain system-level access.

“Mandiant assesses that the threat actors’ primary objectives were to establish persistent access to networks, harvest credentials, and exfiltrate sensitive data,” the advisory reads.

The targeted organizations, located in Southeast Asia, South Asia, and Central Asia, primarily belonged to the government sector, including foreign affairs ministries, defense ministries, and law enforcement agencies.

Mandiant also noted that APT41 often exploits vulnerabilities in VPN appliances and software to target organizations in the Asia-Pacific region.

“APT41 has a history of targeting VPNs as an attack vector, particularly in the Asia-Pacific region,” the advisory states. “This group has been observed exploiting vulnerabilities in multiple vendor products, including Pulse Secure, Fortinet, and Cisco, to gain initial access to victim networks.”

Ivanti released patches for the vulnerabilities in December 2022, and Mandiant urges organizations to apply the updates as soon as possible to mitigate the risk of exploitation.

“Organizations that have not yet patched these vulnerabilities should do so immediately to mitigate the risk of exploitation by APT41 and other threat actors,” Mandiant said.