Category Archives: Cybersecurity

Cybersecurity, News

ThreatQuotient Launches ThreatQ v5 to Support the SOC of the Future with Key Data Management Capabilities

ThreatQ’s data-driven approach, open integration architecture and balanced automation empowers teams to work faster and more thoroughly when defending against evolving threats

ThreatQuotient™, a leading security operations platform innovator, today announced v5 of the ThreatQ platform, launching capabilities needed today to support the security operations center (SOC) of the future, where data is the foundation. ThreatQ’s newest features include a unique DataLinq Engine for connecting disparate systems and sources to enable extended detection and response (XDR), Smart Collections for driving automation, and an enhanced ThreatQ Data Exchange for bi-directional sharing of data, context and threat intelligence.

The typical SOC team has access to dozens of technologies, feeds and third-party data sources. ThreatQ connects the dots, bringing this wealth of data together into a common work surface, providing data-driven security context that enables teams to be more thorough in their investigations, collaboration, response and reporting. The result is more efficient and effective operations that can be directly measured by time savings and FTEs gained, improved risk management, and greater confidence when detecting and responding to an event.

“First generation SOAR, TIP and XDR technologies have helped SOCs wage their battle against evolving attacks, but not without limitations; it’s time for security solutions to evolve as well. ThreatQuotient believes the foundation for the SOC of the future is data, which is why we doubled down on our DataLinq Engine in v5 of the ThreatQ platform,” said Leon Ward, VP of Product Management, ThreatQuotient. “Enabled by Smart Collections, organisations have a strong foundation today to get more out of their data. We look forward to releasing more market leading innovations in 2022, because all data is security data and needs to be incorporated effectively into the security lifecycle.”

The SOC of the future uses a data-driven approach to improve efficiency, has an open architecture to ingest any data sources free of limitations, and enables balanced automation for teams to translate data-driven context to drive response, either natively using machine automation or with tooling for human analysts. Key updates available in ThreatQ v5 that support the SOC of the future include:

 

  • DataLinq Engine that “connects the dots” across data from all sources, internal and external, in an organisation, including SEIM/SOAR, identity, feeds, cloud, ticketing, etc. so it can be analysed and understood prior to taking a manual or automated response. Actions can be taken through integrations with the tools security teams already use.
  • ThreatQ Data Exchange provides improved flexibility and control over data shared between ThreatQ systems. Teams with separate instances of ThreatQ can collaborate by sharing IOCs, adversary, TTPs, etc. with one another. This increased data exchange provides more context for teams to do their jobs.
  • Smart Collections provide improved analysis speeds by automatically and dynamically categorising data. This is done through a process in which teams define key criteria in advance that automate how intelligence culled through data is enriched, curated, prioritised and expired.

 

“Data equals context in security, and the fact that the data is often so widely spread throughout the typical organisation means integrations are critical to detection and response,” said Jason Passwaters, COO, Intel 471. “ThreatQuotient’s open integration architecture makes bi-directional sharing easy between ThreatQ their DataLinq Engine and the Intel 471 TITAN Platform, which ultimately empowers our joint customers to make data-driven decisions and take the best course of action in response.”

“Data is critical to security because it gives the context needed to focus on relevant, high-priority issues. Ultimately, this focus empowers teams to work faster and more thoroughly when defending against evolving attacks,” said Michel Cazenave, President at Cyber Intelligence X sectors Alliance (CIX-A) and Regional CISO and CSO of PwC France. “ThreatQuotient’s data-driven approach to security operations is perfectly aligned with the way top performing teams work and capabilities like the DataLinq Engine, Threat Library and Data Exchange help them to work more efficiently and better manage risk.”

ThreatQ v5 is the company’s third product announcement in 2021 and, along with reaching nearly 300 integrations available on the ThreatQ Marketplace, is further proof of ThreatQuotient’s dedication to innovation and desire to help organisations defend against evolving threats. For more information, please visit www.threatquotient.com.

 

 

About ThreatQuotient

ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQuotient’s data-driven security operations platform helps teams prioritise, automate and collaborate on security incidents; enables more focused decision making; and maximises limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading data management, orchestration and automation capabilities support multiple use cases including incident response, threat hunting, spear phishing, alert triage and vulnerability prioritisation, and can also serve as a threat intelligence platform. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe and APAC. For more information, visit www.threatquotient.com.

Cybersecurity, News

Cybersecurity dangers of Black Friday and Cyber Monday 2021: NETSCOUT comments

This year’s Black Friday and Cyber Monday is set to represent a historic security challenge for retailers, as well as cybersecurity professionals operating in the retail sector.

In an eye-opening report, threat researchers at NETSCOUT found that cybercriminals are continuing to take advantage of our increased online interactions and transactions, by launching a staggering 5.4 million Distributed Denial-of-Service (DDoS) attacks from January to June 2021.

If this level of activity were to continue, the world would be on track to hit close to 11 million DDoS attacks in 2021 – a record for a calendar year. Looking specifically at the retail sector, NETSCOUT observed over 41,000 DDoS attacks against electronic shopping and mail-order houses in the first half of 2021, putting it in the top five for vertical industry targets and causing concern ahead of the holiday shopping season.

Hardik Modi, Associate Vice President of Engineering, Threat and Mitigation Products at NETSCOUT, has made the following comments about this increased risk and how retailers can ensure a safe and profitable experience this year:

“From supply chain to security, the retail sector faces a number of challenges as we approach the festive season. From a cybersecurity perspective, we’re seeing an increasing number of retail firms reporting DDoS extortion attacks – which is when cybercriminals threaten organisations with a DDoS attack unless they pay an extortion demand.

“These days, DDoS attacks are a matter of when, not if – and a successful attempt can lead to costly downtime and lasting reputational damage. To protect themselves, online retailers should invest in a robust DDoS mitigation system, which would effectively eliminate the need to worry about public-facing services should they experience a DDoS attack. As sophisticated tools exist to defend the infrastructure in a worst-case scenario, this gives retailers confidence that the fallout will be minimal.

“However, this cannot be a ‘set and forget’ or checkbox exercise. It is important to test any DDoS defence system on a semi-regular basis to ensure that any adjustments made to the online infrastructure are reflected in the overall DDoS mitigation strategy. There must also be a fool-proof plan of action and a full understanding of who to alert – from local regulatory bodies to key stakeholders and security suppliers – should a DDoS attack take aim. This is particularly true in the event of a DDoS extortion demand.”

 

Cybersecurity, News, Tech, Tech Thought Leadership

Surviving the Data Protection Horror Show

Whether you’re fending off Michael Myers or ransomware, common-sense solutions are often effective at keeping yourself and your critical data safe.

After a week spent polishing off leftover Halloween candy, binge-watching scary movies, and delaying the inevitable Holiday-season push, I had an odd thought: Protecting your data is a lot like protecting yourself in a horror film. The key ingredient is often just…common sense. Allow me to explain.

For example, if you ever find yourself in a horror movie and you hear a strange noise coming from the attic, don’t investigate. If you’re spending a night with friends at a cabin in the woods, never split up. If you think your house may be haunted, ditch the Ouija board and move. And, as Scream taught us, never, ever say, “I’ll be right back.” You won’t be. Common sense, right?

Nevertheless, countless unsuspecting horror movie victims fall into the same traps (tropes) year after year. They just can’t seem to help themselves. The beautiful minds over in the Geico marketing department nailed it: “If you’re in a horror movie, you make poor decisions.” But it doesn’t have to be this way.

The lesson here: instead of hiding behind those chainsaws, we simply need to jump in the running car and get the heck out of here!

Avoiding Common Cybersecurity Traps (Tropes)

The good news is, when it comes to protecting our data, we’re not living inside a horror movie (we might be living in a simulation, but that’s more Sci-Fi). The truth is, we aren’t unsuspecting victims, and we can help ourselves. The puzzling part is why so many of us don’t.

Recent iland research revealed that despite working diligently to evolve business needs and battle increasing threats to critical data like ransomware, disaster recovery solutions and testing remain somewhat of an afterthought for many organisations. The report, “When Plan B Goes Wrong: Avoiding the Pitfalls of DRaaS” surveyed 150 technical and business decision makers from organisations drawn from a wide cross-section of U.K. enterprises. The objectives were to establish what DR systems organisations currently have in place, how often plans are tested, and whether enterprises are confident in their ability to recover from disaster as swiftly and easily as possible. The results were akin to, well, a horror film — quite unsettling.

Despite two-thirds of those surveyed experiencing an outage within the last 12 months and half of those within 6 months, just over half had a documented, company-wide DR plan in place. Just over half of those surveyed were testing annually, some at even less frequent intervals. Six percent did not test their DR at all.

Like getting dropped off at Camp Crystal Lake or trying to outrun Michael Myers, that’s just downright frightening.

The number of data breaches this year has already exceeded the total for all of 2020, according to the Identity Theft Resource Center (ITRC). When it’s all said and done, 2021 will be a cybercrime record breaker. However, we also know that companies with a trusted backup and disaster recovery plan in place are far more likely to survive a ransomware attack.

So, what gives? It’s about time we make backup and DR just as mission-critical and common-sense as avoiding the attic or getting the heck out of dodge. Otherwise, we’re just tempting fate.

Keeping Your Critical Data Safe with iland 

The increase in cybercrime frequency, sophistication, and impact means security must be a top priority for all our workloads. Luckily, security is a part of the iland origin story. As internal and external threats evolve, so too does our platform approach to protecting data. iland provides the highest levels of security capabilities and features available today, integrated with all services, and ready to adapt to your ever-increasing security requirements.

Security should never be an afterthought. Have flashlight batteries fully charged, trained support team at the ready, and a Ouija board out of sight.

For more information on how to protect your business and avoid making common-sense data protection mistakes, download our free research white paper, titled, “When Plan B Goes Wrong: Avoiding the Pitfalls with DRaaS.” Stay smart and stay safe out there.

Cybersecurity, E-Commerce, EU, News

New report spells out ominous warning for European retailers facing a 350% increase in fraud pressure

Automated attacks, widespread consumer and policy abuse, new payments regulation and heightened fraud attacks will plague the holiday season and beyond, a new report warns

 

As the holiday shopping season hits full stride, ecommerce retailers across Europe face a new era of malicious attacks spurred by a COVID-inspired transformation in ecommerce and a 350% increase in fraudulent online orders, according to data published today by Signifyd, the market leader in guaranteed commerce protection.

Signifyd says in a new report that retailers can expect a more perilous fraud landscape through the holiday shopping season and beyond. The heightened threat is thanks in part to the growing sophistication and diversification of organized fraud rings.

“The State of Ecommerce Fraud in Europe” report  further reveals:

  • A 350% increase in fraud pressure by mid-2021, as measured by Signifyd’s Fraud Pressure Index. The Fraud Pressure Index charts the change in the number of presumably fraudulent orders detected on Signifyd’s Commerce Network, which comprises thousands of retailers.
  • A doubling of consumer abuse in the first half of 2021 — including false claims that an online order never arrived or that an order that did arrive was in unsatisfactory condition. Fraudsters and consumers make such claims in order to keep a product while receiving a refund.
  • A dramatic increase in fraud rings’ use of bots. Automated fraud attacks increased 146% in 2020.

“Between the acceleration of ecommerce, changes in consumer behavior and the arrival of SCA, few would argue that commerce is not in a state of great transformation,” said Signifyd Managing Director, EMEA Ed Whitehead. “The State of Fraud report lays out in detail how these changes came about and offers merchants actionable strategies and solutions to keep up in a dynamic industry at an historic time.”

The pandemic ushered in a “golden age of ecommerce fraud” fueled by several factors, the report says. They include:

 

  • The increasing share of retail revenue attributable to ecommerce.
  • A dramatic wave of first-time online shoppers.
  • The need for fraud rings to move from protected segments of the buying journey to more vulnerable ones.

“Fraud is a moving target,” said Ollie Marshall, managing director of Maplin, and one of several retailer leaders quoted in the report. “As fraud protection becomes more sophisticated, fraud rings find new vulnerabilities to attack. We shut them down and they move on. I have no doubt they’ll be back.”

European retailers are facing historic fraud pressure at a time when the payments landscape is undergoing upheaval due to the enforcement of PSD2’s Strong Customer Authentication (SCA) requirement. The addition of SCA’s robust two-factor authentication process has been rolled out across much of Europe and will be enforced in the UK beginning in March.

SCA was instituted to protect retailers and consumers from online fraud. The beginning of SCA enforcement across Europe has resulted in an average transaction failure rate of 26% post-SCA enforcement, according to payment services consultancy CMSPI.

The Signifyd report explores the conversion issue and reviews some of the strategies retailers are embracing to enjoy the benefit of added protection without introducing added friction to their customers’ buying experiences.

“Overall, the solutions which have been put in place have the potential to work well. A key factor for success is that all aspects of the payment ecosystem are ready and that there is effective communication and interoperability amongst the players,” Andrew Cregan, head of finance policy for the British Retail Consortium (BRC), said in the report. “The experience for the customer must be straightforward, but also it must be communicated well beforehand, so that it’s fully understood.”

Beyond offering a primer on best practices in the SCA era, The “State of Ecommerce Fraud in Europe” explores how several types of fraud attacks — including account takeover, automated card testing, synthetic identities, return fraud, mule fraud and unauthorized reselling — have morphed and are likely to remain prevalent.

“In our recent Global Payment and Risk Mitigation Survey, the majority of merchants surveyed reported increases in synthetic and account takeover fraud over the previous year,” John Winstel, global head of fraud product at FIS, said in the report. “As these and other new fraud trends emerge, the safeguarding of a merchant’s revenue requires smart, dynamic protection against fraud throughout the payment lifecycle.”

Cybersecurity, Marketing, PR and SEO, News

Certes Networks furthers global reach with Neo PR launching cyber security webinar campaign

Certes, a leading global data security provider specialising in providing customers with cyber security solutions, partnered with ngena in April 2021 to combine SD-WAN as a Service with High Assurance Data Security Overlay, and Certes relied on Neo PR’s knowledge and network to support its launch in to the industry.

In working with Neo PR, a leading B2B technology PR agency, Certes was able to leverage its latest partnership to expand further into the cyber industry. The combined offering maximises the value of Certes’ and ngena’s best-of-breed technologies in data security and encryption, and SD-WAN respectively, to enable Cisco VARs to deploy an SD-WAN solution that exceeds the increasing regulatory compliance requirements on data handling in sensitive data environments.

Security is at the top of mind for IT leaders seeking to accelerate digital transformation and increase connectivity in today’s cloud world, and even more so for those organisations requiring even higher levels of data assurance. The Certes and ngena team partnered to combine technologies to provide the industry’s first true SD-WAN as a Service for High Assurance offering. 

Both companies have a shared commitment to helping customers and partners solve complex challenges by simplifying networking. The new joint solution, pairing high assurance capabilities from Certes with the flexibility and security of the ngena platform provides an end-to-end solution for the unique challenges of High Assurance environments.

Neo PR has worked with both parties to position Certes as an expert thought leader and coordinated a webinar of which both Certes and ngena would launch its partnership to internal stakeholders, as well as the cyber industry. Driven by the need to prioritise the security of sensitive data, both private enterprises and public sector organisations alike continue to encounter challenges in adopting SD-WAN as a technology which Neo PR was tasked with informing the industry about. 

Paul German, CEO, Certes Networks, comments: “We utilised Neo PR’s knowledge to ensure that our webinar was launched into the industry seamlessly. The partnership messaging with ngena is hugely important and so the webinar and various other collaterals needed to be coordinated. Using Neo’s PR services, we were able to create and deliver exactly what we wanted to the cyber industry. We’re excited to continue developing such a successful relationship and PR campaign with the Neo team.”

Ashley Carr, Founder and Managing Director of Neo PR, concludes: “We have worked with Certes for a number of years. This partnership campaign with ngena has only strengthened our relationship. By working closely with both Certes and ngena, we were thrilled to deliver the desired marketing collateral and coordinate the launch webinar to a high standard.  It is important to work with a company who understands PR and Marketing and how to leverage it in the correct way, we are excited to continue our long standing relationship.”

 

Cybersecurity

At the start of the academic year, the education sector was hit hard by DDoS attacks

Analysts from StormWall, a company specializing in protecting online resources from cyberattacks, have noticed an increase in DDoS attacks on online services of educational institutions in September 2021. Last year, experts also observed a flood of attacks on the education sector, but this year the number of DDoS incidents has increased significantly. According to experts, the number of DDoS attacks on educational institutions has increased by 118% in September 2021 compared to September 2020.

According to experts, the increased hacking activity is related to the start of the school year. Despite the fact that most educational institutions in Russia are now operating normally, they continue to actively use digital platforms as part of the educational process. DDoS attacks on online resources of schools and universities can be organized by students trying to disable information systems and avoid homework.

Experts have analyzed the nature of cyber incidents and found that most DDoS attacks are low power (10-20 Gbps). This suggests that cheap available tools were used to organize the attacks, which could be used by inexperienced hackers. However, DDoS attacks with a capacity of up to 300 Gbit/s were also recorded. In this case, the cybercriminals needed more expensive tools, such as botnets, which cost between $100 and $200 per day.

Ramil Khantimirov, CEO and co-founder of StormWall, stated, “Education has always been one of the most attacked industries. During the pandemic, educational institutions have started to use innovative information systems more actively, which significantly improves the quality of education. However, most digital education platforms are poorly protected against cyber threats, which makes them easy prey for hackers. We are proud that for many years we have been helping many educational institutions create reliable protection against DDoS attacks, which allows them to conduct an effective educational process.”

 

Cybersecurity, News

Pentest People comments on GCHQ cyber offensive plan

Education is more effective than counter-attacks

Cybersecurity consultancy, Pentest People, has commented on GCHQ’s director’s statement that the signals intelligence agency could enlist the National Cyber Force (NCF) to hack ransomware gangs who target British organisations.

Sir Jeremy Fleming told the US Cipher Brief threat conference on 25th October that using the NCF to launch counter attacks was one of the measures being considered in response to ransomware attacks on the UK doubling in 2021.

Commenting on Fleming’s statement, Liam Follin, senior consultant at Pentest People warns, “Engaging in tit for tat action with organised criminal gangs is likely to lead to escalation on both sides. As we have seen time and time again, a ‘war on x’ rarely solves the problem and can exacerbate the issue. Attacks launched against state-sponsored ransomware groups could be viewed as an act of aggression against that state.

A concerted effort to educate people is required. Improving cyber security literacy, all the way from children in infant school to the elderly, is a more effective way to address this growing problem. Clearly, this is no easy task, however, I firmly believe that to combat cyber attacks at all levels, education is the way forward.”

Organisations commission Pentest People’s cybersecurity experts to test their websites, applications and IT systems for any weaknesses that could allow cybercriminals to steal information, damage IT systems, or hold data to ransom.

The company’s Penetration Testing as a Service (PTaaS®) provides an initial consultant-led test, followed by ongoing vulnerability testing via Pentest People’s SecurePortal®. This combined approach provides continuous testing, that allows businesses to be alerted to newly-discovered threats and software patches, so that they can respond more rapidly to protect systems and data.

 

References:

Financial Times, ‘GCHQ to use new cyber force to hunt ransomware gangs,’ 26th October 2021 https://on.ft.com/3ntvjEj

Cyber Brief Threat Conference: 24th – 26th October 2021 https://www.tcbconference.com

National Cyber Force: 19th November 2021 https://www.gchq.gov.uk/news/national-cyber-force

 

About Pentest People:

Pentest People is a cybersecurity consultancy that provides Penetration Testing as a Service (PTaaS®) to organisations in the public and private sectors. This innovative approach to security testing combines the benefits of a consultant-led penetration test, bolstered by continuous vulnerability testing delivered via its SecurePortal®, which provides a living threat monitoring system throughout the contract, rather than a vulnerability assessment taken at a single point in time.

Established by the cybersecurity experts who founded RandomStorm, which was acquired by Accumuli Secuity in 2014, itself acquired by NCC in 2015, Pentest People operates a growing team of talented consultants, to help leading organisations to manage cyber threats and minimise disruption.

Pentest People is a CREST- accredited company and a Check Service Provider for its Penetration Testing services and has attained NCSC Cyber Essentials and Cyber Essentials Plus, as well as earning a place on the G-Cloud 12 framework. Pentest People is also certificated to ISO:9001 and ISO:27001.

For more information, please visit https://www.pentestpeople.com

Cybersecurity, News

What to expect from industrial cybersecurity: visibility, manageability, and a unified platform

Kirill Naboyshchikov, Business Development Manager, Kaspersky Industrial CyberSecurity

Cybersecurity for industrial control systems (ICS) is experiencing strong growth. According to various estimates, by 2025-26, the sector will be worth between $22.5 billion and $22.8 billion, with an estimated CAGR of 5.81% to 7.2%. Thanks to researches, investigations of increasing attacks on industrial facilities, and growing interest from corporate and government sectors, the industry has already amassed a solid store of knowledge and protection offerings.

Now is the time to look at how cybersecurity for ICS will develop further and what challenges it will face in the future. Organizations can use this knowledge to shape or adjust their safety strategies today.

 

Layered cake of operational technology protection

But first, we need to look at the current state of play. Industrial infrastructure protection is a complex task, as it means using a variety of tools for each level – from field devices and operation management to boundaries of ICS and corporate IT. These are technologies for various industrial controllers, networks, computer protection, and the overall security management for enterprises or even a holding.

The primary cybersecurity task for any industrial organization and facility, such as factories or substations, is to timely detect and eliminate threats in endpoints and in the network to safeguard the perimeter. The sooner a malicious object or activity is found, the less negative impact the attack will have.

If the industrial site has complex automation and control systems, it is important to protect it from accidental failures or deliberate attacks. Some examples of how these systems are: substation or power plant automation, discrete or continuous process automation, distributed or centralized control systems, field, supervisory or telecontrol systems. That is, to use dedicated tools to track minor anomalies in performance indicators, for example, an indicator of pressure inside an oil refinery tank or power plant, to act before a breakdown occurs.

Organizing timely updates and vulnerability fixes in the industrial firmware is crucial to decrease the risk of cyberattack. The fewer vulnerabilities in the equipment, the less potential doors attackers have to compromise the network. Unfortunately, it is not always possible to detect and patch them by simply checking an update from the vendor’s website. There should be a process of obtaining information from a reliable source about vulnerabilities, which provides the most complete information about the affected device and its configuration. This helps make an informed decision whether to patch or use an optional mitigation measure if the patch is not available or justified.

Last but not least, organizations need dedicated threat detection and response capabilities against advanced threats. Ideally, the ICS security system must collect and analyze all security events across the entire network so that an internal security operation center or external expert service can identify signs of targeted attacks. This will help the company stop them in time and investigate the causes. This should work against APTs to prevent them lurking undetected inside the network, as it was for the Lazarus attack, targeting the defense industry with a custom backdoor that Kaspersky researchers highlighted in 2020. The backdoor moved laterally through infected networks gathering sensitive information.

 

And this is where the difficulties begin

The OT systems become more complex with all the variety of devices, remote connections and geographically distributed facilities, the same happens with protection. Different tools, including those listed above but not limited to them, work for different needs, some require integration, and each has its own control panel. As a result, managing protection for the entire system becomes the most challenging task for enterprises. Our global survey confirmed, that two thirds of industrial organizations consider the lack of visibility in the infrastructure and consistent security management as the harshest obstacles against advanced threats (67% and 68% respectively).

Configuring each tool separately and managing everything manually can be hard work, ineffective and may ultimately reduce the level of protection. Different solutions do not share threat intelligence, and there is no visibility within the entire OT system.

 

Bringing security to a common denominator

Addressing this issue means having all parts of security converged at a single point – an ecosystem  that should offer customers access to all possible solutions and services and adapt to the tasks of small, medium, and large enterprises. It should offer a single platform for managing all security tasks, including those from third-party services. Thus, all teams involved in OT security issues will be able to access the necessary data and processes.

An important feature of the platform should be monitoring and processing security events from different sources, be it an anti-malware agent at endpoints, EDR, threat intelligence, SIEM, or any other tool, and correlate them with events in the IT network. Data from different sources, analysis, and search for correlations with the help of a SOAR-like system (Security Orchestration, Automation, and Response) will make it possible to detect complex targeted attacks more effectively.

A similar task has a solution in cybersecurity for corporate IT already. To ensure that business data and continuity are safe, enterprises want to improve the speed and effectiveness of threat detection and investigation. The approach of XDR – Extended Detection and Response – combining threat detection, investigation and response across all infrastructure elements is already gaining momentum in corporate IT security. The same method can be adapted for OT security needs.

Such an ecosystem initiative will bring OT security up to a more mature level. According to Kaspersky’s vision, this will be the next step of the OT security evolution. This means that organizations will be able to protect their assets in a more systematic way, better understand what is happening in their networks, and build a secure foundation for subsequent digitalization. The platform will make it possible to create or strengthen centers for monitoring and ensure industrial safety within large enterprises. It can be used at the level of regions or even countries and unions, to empower state and international CERT organizations, as well as managed service providers.

 

Cybersecurity, Logistics, News, Supply Chain

2022 Predictions: Supply Chain Cyber Attacks to Increase and Ransom Demands by Hackers to Break Records

With 1 out 61 organizations impacted by ransomware each week, Check Point Research (CPR) issues its 2022 Cyber Security Predictions, stating that supply chain cyberattacks will become more common and proliferate next year.

  • Expect ransom demanded by hackers to break records next year. In May 2021, US insurance giant paid $40 million in ransom to hackers.
  • Mobile malware attacks will increase, as mobile wallets and mobile payment platforms are used more frequently
  • Cryptocurrency is anticipated to become a focal point for cyber attacks

Today, Check Point Software released its cyber security predictions for 2022, detailing the key challenges that organizations will face over the next year.

 

Why Supply Chain Attacks?

CPR believes that supply chain attacks will become more common and governments will begin to establish regulations to address these attacks and protect networks. They will also look into collaborating with the private sectors as well as other countries to identify and target more threat groups operating on a global and regional scale.

Supply chain attackers take advantage of a lack of monitoring within an organization’s environment. They can be used to perform any type of cyber-attack, such as data breaches and malware infections. The well-known SolarWinds supply chain attack stands out in 2021 due to its scale and influence, but other sophisticated supply chain attacks have occurred such as Codecov in April, and most recently, Kaseya.  Kaseya provides software for Managed Service Providers (MSPs) and the REvil ransomware gang exploited the company to infect over 1,000 customers with ransomware.  The group demanded a ransom of $70 million to provide decryption keys for all affected customers.

Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organizations and governments more to recover. In May 2021, US insurance giant paid $40 million in ransom to hackers. This was a record, and we can expect ransom demanded by attackers to increase in 2022.

 

Full List of Predictions

  • Misinformation campaigns will return and advent of fake news 2.0. In 2022, cyber groups will continue to leverage these types of fake news campaigns to execute various phishing attacks and scams.
  • Cyber-cold war to intensify. Improved infrastructure and technological capabilities will enable terrorists groups and political activists to further their agendas and carry out more sophisticated, widespread attacks. Cyber-attacks will increasingly be used as proxy conflicts to destabilize activities globally.
  • Supply chain cyber-attacks continue to grow, and governments will address the challenge. Supply chain attackers take advantage of a lack of monitoring within an organization’s environment.
  • Data breaches will be larger scale and costlier. We can expect ransom demanded by attackers to increase in 2022. Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organizations and governments more to recover.
  • Mobile malware attacks are to increase. As mobile wallets and mobile payment platforms are used more frequently, cybercriminals will evolve and adapt their techniques to exploit the growing reliance on mobile devices.
  • Cryptocurrency to become a focal point for cyberattacks globally. As reports of stolen crypto wallets triggered by free airdropped NFTs become more frequent, Check Point Research (CPR) investigated OpenSea and proved it was possible to steal crypto wallets of users by leveraging critical security. In 2022, we can expect to see an increase in cryptocurrency related attacks.
  • Attackers to leverage vulnerabilities in microservices to launch large scale attacks. With microservices becoming the leading method for application development, and microservices architecture being embraced by Cloud Service Providers (CSPs), attackers are using vulnerabilities found in microservices, to launch their attacks. We can also expect to see large-scale attacks targeting CSPs.
  • Attackers to weaponize deepfake technologies. Threat actors will use deepfake social engineering attacks to gain permissions and access sensitive data.
  • Penetration tools continue to grow. Hackers will increasingly use penetration tools to customize attacks in real time and to live and work within victim networks.

 

Maya Horowitz, VP Research at Check Point Software at Check Point Software, comments:

“In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid working, to target organizations’ supply chains and networks to achieve maximum disruption. The sophistication and scale of cyber-attacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks. Looking ahead, organizations should remain aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks including the most advanced ones. To stay ahead of threats, organizations must be proactive and leave no part of their attack surface unprotected or unmonitored, or they risk becoming the next victim of sophisticated, targeted attacks.”

Cybersecurity, News

Rethinking cybersecurity strategies to protect the anywhere workforce

Written by Rick McElroy, Principal Cybersecurity Strategist, VMware

It’s time for security teams to switch gears. We’ve reached a pivotal point in the history of cybersecurity where externally generated change has delivered a mandate for the industry to think differently and fundamentally alter our approach. The remote work environment is here to stay, so we need to assimilate what we’ve learned and devise a roadmap that will allow us to proactively protect the anywhere workforce. It’s a once-in-a-generation opportunity, so the question is, where should cybersecurity strategists focus as we set a course for the years ahead?

To answer that question, VMware surveyed more than 3,500 senior cybersecurity professionals to understand the current threat landscape and the impact of the past year. The insights we uncovered show a cybersecurity environment where malicious actors have thrived, and attack volume and sophistication have escalated. As entire industries pivoted to working remotely, breaches were the inevitable result. Here is what we learned, and what we believe security leaders need to do next.

Visibility is (still) everything – prioritise gaining oversight of the distributed network

The anywhere workforce has created a visibility problem. The volume of attacks has increased for three quarters of global organisations, and 78% say they saw more attacks due to increased remote working. However, the true scale of attacks is hard to discern as defenders can’t see into the corners where personal mobile devices and home networks have been grafted on to the corporate ecosystem. On top of this, the risk posed by third party apps and vendors has increased the number of blind spots.

Consequently, cybersecurity teams need contextual oversight and better visibility over data and applications – in fact, 63% of the professionals we surveyed said this was important. A key priority must be gaining visibility into all endpoints and workloads across the newly defined and highly distributed ‘work from anywhere’ network. This network looks and behaves differently to those of the past, so familiarising teams with its quirks and vulnerabilities is critical. Robust situational intelligence is needed so teams understand the context of what they’re looking at and have confidence that they are remediating the risks that matter.

Prepare for ransomware attacks

Familiar TTPs saw a resurgence last year and none more so than ransomware. It was the joint top cause of breaches among the organisations we surveyed, and our threat intelligence unit saw a 900% spike in attacks during the first half of 2020. Attacks have become multi-stage as attackers focus on gaining undetected access to networks, exfiltrating data and establishing back doors, before launching ransom demands.

To tackle this resurgent issue and avoid falling victim to repeated attacks, organisations need a dual approach that combines advanced ransomware protection with robust post-attack remediation to detect the continued presence of adversaries in their environment. This means committing resources to threat-hunting while also hardening the common attack channels, such as email, which remains the most common launch point for ransomware attacks.

Close the gaps in legacy technology and processes

The switch to remote working exposed weaknesses in security technology and processes, which subsequently led to breaches. Organisations that had not yet implemented multi-factor authentication found that remote workers could not securely access corporate networks without introducing significant risk.

Now that remote working has become a permanent feature, security teams have a strong mandate to demand strategic investment to close those gaps between their current security environment and what is now needed to protect the anywhere workforce.

Re-think security and deliver it as a distributed service

The top cause of security breaches among our surveyed organisations was third party applications, underlining the endemic security risk in the extended enterprise ecosystem. This, together with the distributed environment, reinforces the need to rethink security approaches.

Fundamentally, the security problem has changed. While this change has been under way for some time, as demand for mobility and flexibility has fractured the corporate perimeter, the events of the past year have obliterated it entirely. Gone are the days when IT is focused on securing company-owned desktops for employees working on campus, connecting to corporate applications running on servers in a company-owned data centre. Today, remote workers are connecting to applications running on infrastructure that may or may not be managed, owned, or controlled by the company.

With so many new surfaces and different types of environments to defend, endpoint and network controls must be highly adaptable and flexible. This means organisations must deliver security that follows the assets being protected. For the majority, this means turning to the cloud.

Cloud-first security comes with a cautionary note

The shift to a cloud-first security strategy is universal in the drive to secure the cloud-first environment.  Nevertheless, this shift brings its own challenges. The cloud is not a security panacea and controls must be vetted by organisations because if adversaries want to attack at scale, the cloud is the place to do it. In fact, cloud-based attacks were the most commonly experienced attack type reported globally. Adversaries are prepared to piggyback on companies’ digital transformation, and it is certain that we’ll see more sophisticated cloud attacks over the coming year.

The last year has shown just how important cybersecurity is to the resilience and continuity of businesses worldwide. With this rise in profile, the industry is in a strong position to take this once-in-a-generation opportunity to move beyond the siloes of legacy approaches and roll out strategies where security is unified, context-centric and intrinsic.

For the data behind the insights, read the full VMware Global Security Insights report here.

Photo by cottonbro from Pexels