Category Archives: Internet Security

NCD Pledges Strong Push to Improve Internet Routing Security – MeriTalk

National Cyber Director (NCD) Harry Coker is promising a strong effort by the Federal government to shore up internet router security particularly in the area of Border Gateway Protocol (BGP) rules that determine the best network route for data transmission on the internet in light of attacks over the past 15 years that have leveraged weak BGP security.

Coker made that commitment at a May 23 meeting of the National Security Telecommunications Advisory Committee (NSTAC). The committee is housed within the Cybersecurity and Infrastructure Security Agency (CISA) and is made up of private sector experts who advise the White House on telecommunications issues that affect national security and emergency preparedness.

During his remarks, Coker said the security effort centers around increasing the Federal governments adoption of Resource Public Key Infrastructure (RPKI), which he said is an existing and available security upgrade through which we can ensure that BGP hijacking is a thing of the past.

While RPKI technology has been around for more than a decade, it was only recently that a bare majority of global Internet addresses were appropriately registered in RPKI to allow internet service providers to filter false routing advertisements and prevent attempts to hijack them, the NCD said.

On the government front, Coker said were working with interagency partners and the private sector on a roadmap to drive RPKI adoption across the board.

As part of that effort, he said several Commerce Department component agencies two weeks ago signed model contracts Registration Service Agreements to register their address space and create route origin authorizations, or ROAs.

Those contracts, he said, are based on work done by the National Oceanic and Atmospheric Administration (NOAA), and are models for other agencies across the government to follow.

Coker said hes looking for strong progress on the effort this year.

By the end of the year, we expect over 50 percent of the Federal advertised IP space to be covered by Registration Service Agreements, paving the way to establish ROAs for Federal networks, he told the NSTAC.

We recognize that implementing RPKI is a first step in improving internet routing security, Coker said. Collectively, we have much more to do to secure the technical foundations of the Internet going forward, and we look forward to the government and private sector working together to address these critical challenges.

During his NSTAC presentation, Coker recounted BGP security problems stretching back as far as 2008, and a finding from 2018 that internet traffic from western countries was being routed far out of its way through servers in China.

More recently, we have seen the sophistication of BGP hijacks increase, Coker said. These hijacks are often used as stepping-stone attacks to subvert other foundational Internet Protocols, including domain name systems and the web public key infrastructure. The end objective of these BGP attacks is often to gather account credentials or install malware used to steal cryptocurrency. Recent incidents have resulted in losses in the millions of dollars.

Read the original post:
NCD Pledges Strong Push to Improve Internet Routing Security - MeriTalk

Hays cyber expert discusses security in light of attacks – Hays Post

By CRISTINA JANNEYHays Post

Multiple cyberattacks have hit Kansas in recent weeks.

The City of Wichita and Via Christi Hospital in Wichita were affected, and Trego County Lemke Memorial Hospital announced Tuesday it was the subject of a ransomware attack.

Dallas Haselhorst, owner of TreeTop Security in Hays, discussed cyber threats and prevention on Thursday on Eagle Radio's Morning Blend show.

Haselhorst said everyone is vulnerable to cyberattacks.

"It's definitely one of those things that now that technology has become so ubiquitous to everything we do that if you are connected to the internet, in any way, shape, or form, there's a good chance that you could be attacked in some way, shape or form," Haselhorst said.

Haselhorst said hackers are not just after big companies and government agencies.

"We have done [incident responses] for billion dollar companies that are multinational. The smallest response we did was a local business here that had a total of four computers," he said. "It can absolutely affect anyone."

Haselhorst said prevention is the best action.

"I always tell people if you want to be secure, you should have started six months ago," he said, "because it's not an overnight thing even in small environments and businesses we work with. It can take a few months to get them more secure there's no such thing as 100 percent."

He suggested working with a company that can offer comprehensive services and is not just a reseller of hardware, firewalls and software.

He said to look for frameworks and best practices developed by the National Institute of Standards in Technology or the Center for Internet Security.

"You have a burglar that could go through a 20-foot brick wall, or they could go to the house that has an unlocked door. Which one are they going to do?" Haselhorst said. "They are going to do the unlocked door every single time, regardless of what's inside."

"You need to get your doors all locked and do some basic security measures so the attacker bangs on the door enough and decides it's not worth it and goes to the next one that's a lot easier," he said.

Some basics of securing medical data or energy systems are the same for small companies with sales data.

Although security measures can be expensive, much of what TreeTop does also brings businesses into compliance with regulations.

If a business that accepts credit cards or digital payments is breached, it is liable for any data that might be compromised, Haselhorst said.

"You are basically out of business because you will fined out of business," he said.

Sometimes, cyber security comes down to people.

"If I'm an attacker, why would I go through all of these hoops if I could simply call up Cristina and act like I'm the IT help desk?" Haslehorst said. "'Hey, Cristina, it looks like you got locked out of your account. I can help with that. What's your old password?'"

Unfortunately, Haselhorst said often those tactics work.

"Your people can be the weakest link," he said. "Your people can also be the strongest link."

TreeTop offers free cybersecurity training.

If a hacker makes it past all of the technical barriers, but an employee is adequately trained to recognize phishing attempts, they can stop the hacker, Haselhorst said.

Haselhorst described a phishing attack in which a hacker posed as someone high in a company. A hacker sent 73 emails within 30 minutes, but several employees alerted cybersecurity of the emails.

Those emails were blocked and labeled as missed attacks, which helped train the AI security program, and the emails were removed from users' accounts.

As a user or consumer, there's not much you can do if an entity you do business with has been attacked, Haslehorst said.

However, if you are a business, he recommends cutting digital ties with the affected business or entity. He said he helped some companies do this when the Kansas court system was a cyberattack victim.

Businesses can also limit access to networks and data without completely cutting ties.

If an affected business or entity offers you free ID protection or credit monitoring, Haselhorst said it can help in some regards, but your information is already out there.

He did not suggest buying ID theft protection/credit monitoring.

"It's a running joke among cybersecurity professions, don't buy credit monitoring because your next free year is right around the corner because there's going to be another breech from someone," he said.

"Unfortunately, that's the world we live in that your data is all over the place. Once that cat's out of the bag, it's really hard to put it back in," Haselhorst said.

He suggested watching credit reports and card transactions and signing up for transaction alerts.

He also recommends having regular discussions with your spouse or anyone else on your bank or credit card about charges so you can better track transactions and spot fraud.

Read this article:
Hays cyber expert discusses security in light of attacks - Hays Post

How to install antivirus and scan your computer – Komando.com – Komando

If youre online, youre at risk, plain and simple. Theres more out there after your info and wallet than you realize, from phishing scams to ransomware and malicious apps to malware.

Thats why its critical to protect your personal and business devices correctly. When it comes to your computer, tablet and phone, you need a robust security suite.

You can find free antivirus software online or in the various app stores, but can you trust it? Remember, when something is free, you are the product. At best, these free solutions dont work very well. At worst, they are the malicious software you need to worry about.

Instead of doing a Google search and hoping for the best, go with Kims pick for total online security, our sponsor, TotalAV.

TotalAVs industry-leading security suite is easy to use and offers the best protection in the business. Its received the renowned VB100 award for detecting over 99% of malware samples for the last three years.

Not only do you get continuous protection from the latest threats, but its AI-driven Web Shield browser extension blocks dangerous websites automatically, and its Junk Cleaner can help you quickly clear out your old files.

Kim has arranged a deal for Komando listeners to make it even sweeter. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. Thats over 85% off the regular price.

Step one is signing up for an account. To sign up for TotalAV, go to ProtectWithKim.com. Fill out your details and payment info, and youre all set. You get a year of protection on five devices for just $19.

After that, youll be prompted to install the TotalAV software. From here, youre just a few clicks away from protecting your Windows PC, Mac, Android or iPhone.

Throughout the process, you must allow full access to your system. This will enable TotalAV to scan for malware and thoroughly review junk files. This step is easy, too. The on-screen prompts will walk you through what permissions to allow.

You can scan your system after following all the on-screen steps and allowing appropriate permissions. Open TotalAV and from the Dashboard, hit Run a Smart Scan. It doesnt take long for TotalAV to scan for malware, junk files, duplicate files, startup programs, web browser data, data breaches and tracking cookies.

After the scan is complete, you can click to get more details on any suspected threats. Then, youre good to go. TotalAV works in the background to protect your devices, and you can run a scan whenever you choose.

Were willing to bet the process is even easier than you thought. There are a lot of threats online, but TotalAV makes it easy to stay safe. What are you waiting for? Get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com.

Go here to read the rest:
How to install antivirus and scan your computer - Komando.com - Komando

The Minnesota Vikings have the same internet password as your parents – SB Nation

Its that time of year in the NFL calendar where teams are releasing behind-the-scenes videos from their war rooms, and the decision making that went into the draft picks. This can often lead to some interesting discoveries like how bad the Vikings internet security is.

This comes to us from the teams video about picking J.J. McCarthy and Dallas Turner. You can freeze the video at 15:02 and double check, but yes its the same WiFi password that your parents used ten years ago, but even theyre wise enough know to have a little more security.

Now, before you get all huffy and say this is common for a guest password, please keep in mind that the footage is from INSIDE THE VIKINGS WAR ROOM. This isnt a public lobby or a meeting room, but one of the most closely-guarded areas during draft season. Its not outside the realm of possibility to imagine someone cracking this basic-ass password and gaining access to all sorts of documents on the Vikings network. You know if this is their password then someone out there is keeping the big board in a shared folder.

Never change. Actually please change, but just your password. That really needs to be changed.

Read this article:
The Minnesota Vikings have the same internet password as your parents - SB Nation

Report reveals cybersecurity anxiety among Australians – IT Brief Australia

The .au Domain Administration (auDA) has unveiled its Digital Lives of Australians 2024 report, highlighting the crucial role of the internet in Australian society while also drawing attention to increasing cyber security concerns.

Based on a survey that involved 1,500 consumers and 400 small businesses, the report reveals that nearly all Australian consumers (99%) and the majority of small businesses (97%) find significant value in using the internet. Despite this, approximately 64% of consumers and 55% of small businesses are limiting their online activities due to fears over cyber security.

This annual research, now in its fourth year, assesses the online experiences of Australians. It covers various aspects, including the benefits of the internet, views on emerging technologies, and attitudes towards cyber security and digital skills for the future. It is clear from the survey results that anxiety over internet security is a dominant issue for both consumers and small businesses.

The report discloses several key findings:

Nine out of ten working Australians (88%) rely on the internet for their jobs, while 78% of small businesses struggle to operate without it. There is also growing confidence in Artificial Intelligence (AI), with 39% of employed Australians believing AI skills will enhance their job prospects, and 48% of small businesses thinking AI tools will boost their operational efficiency.

Nonetheless, cyber security threats have touched a vast majority, with 77% of consumers recalling a cyber threat or attack in the past year. Many have received scam messages or suffered hacking incidents.

According to the survey, two out of five consumers (43%) and small businesses (40%) express a desire to enhance their online security but lack the know-how. Moreover, nearly half of consumers (48%) and over a third of small businesses (35%) do not know where to report a data breach. High expectations are placed on companies, with 83% of consumers and 79% of businesses believing that firms should do more to protect personal information.

There is also a significant skill gap in cyber security. While 62% of consumers and 77% of small businesses view cyber security skills as crucial for their future, only 13% of consumers and 24% of businesses feel highly competent in this area.

auDA CEO Rosemary Sinclair AM stated that the report reinforces the indispensable value of a secure and open internet for Australias social and economic fabric. Sinclair noted that even though Australians appreciate the benefits of the internet, their engagement is hindered by concerns over cyber security.

Sinclair emphasised the need for reliable and accessible cyber security training and resources to build confidence among Australians. She likened the effort needed to improve cyber security awareness to that of nationwide road safety campaigns.

In closing, Sinclair urged industry leaders, government entities, businesses, and educational institutions to utilise the findings of the Digital Lives of Australians 2024 report to make informed decisions that would help Australia fully leverage the potential of the internet in a secure manner.

See more here:
Report reveals cybersecurity anxiety among Australians - IT Brief Australia

More than antivirus: What to expect from your security software – PCWorld

Antivirus is just one part of keeping your PC secure. What about backups, password storage, and software updates? Do you use a VPN? Are you monitoring the dark web for your personal data? Thats where security suites come in they bundle all the tools you might need into a convenient package. Everything is available in one place for a single payment, no juggling eight different applications with different subscription fees.

There are all kinds of features youll find in premium security suites. Well use Norton 360 Deluxe as an example here, as its our top antivirus security suite pick here at PCWorld. But all popular security suites from Avast One and AVG Internet Security to Avira Prime and McAfee Total Protection offer a variety of similar features.

Security suites frequently include dark web monitoring for details like your e-mail addresses, phone numbers, and credit cards. The dark web is a place where people can better hide their identity and be anonymous. It may involve using software like the Tor web browser and anonymous .onion sites, for example.

Given the vastly improved anonymity, theres a seedy underbelly of criminal dark web sites where databases full of e-mail addresses and passwords, payment details, and other private information are sold. The dark web scan feature will let you know if your information appears in one of these breaches. Youll be able to see what appears in various leaks.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Norton 360, like many other security suites, offers dark web scanning for your e-mail addresses as well as any phone numbers and credit card numbers you may want to provide. Youll get reports about the contents of each breach the scan finds.

You can get this kind of monitoring in a lot of places. For example, Googles Google One subscription offers dark web monitoring, too.

Premium online security suites usually include built-in VPN services. While our top-rated VPN services arent the ones built into online security applications, VPNs built into security apps work fine. A VPN is a nice to have security feature and having it built into your security app means you dont have to juggle a pile of different system tray icons. Everything is in one place.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

The VPN built into Norton 360, for example, can be configured to automatically start and protect your connection whenever you connect to a public Wi-Fi network. You can turn it on and off whenever you want on any connection and choose what region it connects to. It supports optional features like split tunneling (only sending traffic from some apps through the VPN) and a kill switch (automatically cutting off all network access when the VPN connection goes down to protect your privacy).

Dedicated VPN apps may be shinier and have more bells and whistles, but you may not need them. A capable VPN is a great additional value in a security application. You wont have to pay for a VPN subscription separately and you wont have to deal with the drawbacks of a free VPN like a limited monthly data allowance.

Everyone should use a high-quality password manager. After all, you need to use strong, unique passwords for all your accounts and unless you have a photographic memory, theres no way to remember them all.

Online security suites have bundled password managers. For example, you get Norton Password Manager with Norton 360. Like with other password managers, you can generate and autofill passwords and access them on any browser you use with Android and iPhone apps, too.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

If youre seeking out the absolute best password manager, you may want to look for a dedicated one (check out PCWorlds top password manager picks). But Nortons password manager is perfectly capable.

In fact, there are a wide variety of solid password managers these days. We even think using Google Chromes built-in password manager is fine. An online security suite that bundles a solid password manager means you dont have to pay for anything extra.

Online security suites also often bundle some cloud backup capabilities. Norton 360 Deluxe gives you 50GB of online storage so you can back up your personal files.

These built-in cloud backup tools are nice to have in a pinch. If you need to back up a lot of files, you may want a dedicated cloud backup service.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Likewise, its worth noting that if you pay for a Microsoft 365 subscription, you get 1TB of cloud storage with OneDrive and OneDrive can sync folders like your PCs Documents folder to the cloud.

Still, you only get 5GB of OneDrive storage with Windows unless you pay. That 50GB of cloud backup storage in Norton, for example, will be more than enough for many people, no extra payments required.

Windows application updates are messy. Unlike on an Android phone or iPhone, apps have to update themselves on a PC. You can easily end up with outdated applications installed and they might have security flaws.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Thats why security suites often include software updaters: Theyll scan your computer for installed software, let you know which ones have updates, and tell you how important they are for your security. They may even be able to auto-update these programs for you.

You can get features like this with other free apps, but they may be rather technical. Im a big fan of the free WingetUI tool for updating apps, for example, but it doesnt have the most user-friendly interface. Software updaters in security suites will have an easier-to-understand interface and be easy to find.

Data broker websites collect all sorts of public records on you and make them available to people who want to pay up. You can remove your data from these websites, but its a time-consuming task.

Some security suites have features that will scan for your personal information on these data broker sites and perhaps let you remove it. Norton 360, for example, has a privacy monitor feature that will scan data broker sites for your personal data and let you know where its found.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

You can then contact these sites on your own to get them to remove your data. Unfortunately, Norton charges you extra for the Privacy Monitor Assistant if you want Norton to do the legwork of removing the data on your behalf. Still, its good that Norton and other security suites are letting people know about this privacy concern data broker sites are big business, but they arent often talked about.

Security suites are increasingly bundling their own unique web browsers with their security suites. For example, Norton 360 offers Norton Private Browser. These are totally optional you can keep using Chrome, Edge, Firefox, or whatever other browser you might prefer instead.

These browsers will feel familiar to use. They tend to be based on the same open-source technology that underlies Google Chrome. They also bundle extra features: Nortons browser has Nortons password manager built-in, naturally.

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Security suites also tend to offer browser extensions that warn you about dangerous websites in your browser of choice. For example, Norton has the Norton Safe Web extension for Chrome, Edge, and Firefox. Its the kind of thing thats built into Nortons own browser.

In my opinion, a dedicated web browser isnt a critical feature modern web browsers are pretty secure and you probably already have a web browser you use and trust. You can also install your security suites browser extension in whatever browser you currently use. But security-focused browsers are clearly in high demand and theyre fine if you want to use them. Theyre just customized versions of Google Chrome, after all.

Youll often find parental control features built into security suites, too. For example, Norton 360 has Norton Family built in. You can monitor what children are doing on the web, set screen time limits, and access other similar features. With the associated mobile apps, you can also keep track of a childs location (or at least the location of their phone!).

Chris Hoffman/IDG

Chris Hoffman/IDG

Chris Hoffman/IDG

Available parental control features will vary depending on the application you choose. Its worth doing some research to see whether the parental controls in a security suite fit your needs, or whether you may want a different tool with different features. But once again, its nice to have this thrown in: You get a useful package of software that youd often have to pay for bundled with all the other tools in your security suite of choice.

Security suites offer a lot of features. Many of them, like password managers, VPNs, and online backup, often require separate subscription fees if you go for dedicated apps.

Thats a big difference between paid premium security suites and free antivirus programs: Security suites go beyond antivirus. Free antivirus programs often stick to the basics just antivirus software and youll have to look elsewhere for any extras. Free antivirus software does the job, but paid security suites often have some nice-to-have extras.

Which you prefer is up to you. Maybe you want to seek out the best password manager, top-tier VPN, and and assemble your own security suite from parts. Go right ahead!

But its easy to see the value of a security suite in providing everything in a convenient bundle. Theres a lot of value in simplifying things and saving time. Having all those tools in one dashboard is a much cleaner experience that will be much easier for many people to understand.

Why get eight different pieces of software when you can install one to do the same job?

Read this article:
More than antivirus: What to expect from your security software - PCWorld

Top 5 Global Cyber Security Trends of 2023, According to Google Report – TechRepublic

It is taking less time for organisations to detect attackers in their environment, a report by Mandiant Consulting, a part of Google Cloud, has found. This suggests that companies are strengthening their security posture.

The M-Trends 2024 report also highlighted that the top targeted industries of 2023 were financial services, business and professional services, tech, retail and hospitality, healthcare and government. This aligns with the fact that 52% of attackers were primarily motivated by financial gain, as these sectors often possess a wealth of sensitive and therefore valuable information.

Financially-motivated activity was found to have gone up by 8% since 2022, which is partially explained by the parallel rise in ransomware and extortion cases. The most common ways that threat actors gained access to a target network were through exploits, phishing, prior compromise and stolen credentials.

Dr Jamie Collier, Mandiant Threat Intelligence Advisor Lead for Europe, told TechRepublic in an email: Despite the focus on ransomware and extortion operations within the security community, these attacks remain effective across a range of sectors and regions. Extortion campaigns therefore remain highly profitable for cyber criminals.

As a result, many financially-motivated groups conducting other forms of cyber crime have transitioned to extortion operations in the last five years.

TechRepublic takes a deeper look into the top five cyber security trends of 2023 and expert recommendations highlighted by the 15th annual M-Trends report:

According to the M-Trends report, the median dwell time of global organisations decreased from 16 days in 2022 to 10 days in 2023 and is now at its lowest point in more than a decade. The dwell time is the amount of time attackers remain undetected within a target environment and indicates the strength of a businesss cyber posture. This figure suggests that companies are making meaningful improvements to their cyber security.

However, there could be another contributing factor; the average proportion of attacks due to ransomware increased to 23% in 2023 over 18% in 2022.

Dr. Collier explained to TechRepublic: The impact of extortion operations is immediately obvious. In the event when ransomware is deployed, a victims systems will be encrypted and rendered unusable. Alternatively, if data is stolen, a cyber criminal will quickly be in touch to extort a victim.

SEE: Top 7 Cybersecurity Threats for 2024

Organisations in the Asia-Pacific region saw the biggest reduction in median dwell time, with it decreasing by 24 days over the last year. Mandiant analysts link this to the fact that the majority of attacks detected were ransomware-related, and this majority was higher than any other region. Meanwhile, companies in Europe, the Middle East and Africa saw the average dwell time increase by two days. This is thought to be due to the regional data normalising following a concerted defensive effort by Mandiant in Ukraine in 2022.

Another proof that businesses are getting better at detecting cyber threats is that Mandiant found that 46% of compromised organisations first identified evidence of compromise internally rather than by an outside entity like a law enforcement agency or cyber security company, up from 37% in 2022.

Cyber criminals are increasingly targeting edge devices, using living off the land techniques, and deploying zero-day exploits, suggesting a renewed focus on maintaining persistence on networks for as long as possible.

Dr. Collier told TechRepublic: With network defenders increasingly on the lookout for extortion campaigns, evasive tactics increase the chances of a successful operation. Ransomware operations are far more effective when cyber criminals can reach the most sensitive and critical areas of a targets network and evasive tactics help them to achieve this.

Edge devices typically lack endpoint detection and response (EDR) capabilities, so they are solid targets for cyber criminals looking to go under the radar. In 2023, Mandiant investigators found that the first and third most targeted vulnerabilities were related to edge devices. These were:

The report authors wrote: Mandiant expects that we will continue to see targeting of edge devices and platforms that traditionally lack EDR and other security solutions due to the challenges associated with discovery and investigation of compromise. Exploitation of these devices will continue to be an attractive initial access vector for Chinese espionage groups to remain undetected and maintain persistence into target environments.

SEE: Q&A on how Dell sees security at the edge

About 20% of malware families detected by Mandiant in 2023 did not fit into a typical category, which is a higher proportion than previous years. Furthermore, 8% of attacks in this other category involved the use of remote administration tools and other utilities. These are less likely to be flagged by default by EDR, or other security tools, which can keep the attacker undetected, and are often coupled with living off the land techniques.

Living off the land is the use of legitimate, pre-installed tools and software within a target environment during a cyber attack to help evade detection. This can reduce the overall complexity of the malware by allowing the attacker to weaponize existing features that have already been security tested by the organisation. It is particularly effective with edge devices because they are typically not monitored by network defenders, allowing them to remain on the network for longer.

A recent example the Mandiant researchers spotted is a backdoor named THINCRUST, which was appended into the web framework files that were responsible for providing the API interface for FortiAnalyzer and FortiManager devices. The threat actors were able to harness the native API implementation to access and send commands to THINCRUST by simply interacting with a new endpoint URL they had added.

In 2023, Mandiant researchers tracked 97 unique zero-day vulnerabilities exploited in the wild, representing a more than 50% growth in zero-day usage over 2022. The zero-days were exploited by espionage groups and financially-motivated attackers looking to steal valuable data to turn a profit.

The reports authors anticipate the number of identified zero-day vulnerabilities and exploits that target them will continue to grow in the coming years due to a number of factors, including:

Cloud adoption is continuously growing Gartner predicts more than 50% of enterprises will use industry cloud platforms by 2028 and, therefore, more attackers are turning their attention to these environments. According to CrowdStrike, there was a 75% increase in cloud intrusions in 2023 over 2022.

Mandiant analysts say attackers are targeting weakly implemented identity management practices and credential storage to obtain legitimate credentials and circumvent multifactor authentication (MFA).

SEE: UKs NCSC Issues Warning as SVR Hackers Target Cloud Services

Mandiant observed instances where attackers gained access to cloud environments because they happened across credentials that were not stored securely. Credentials were discovered on an internet-accessible server with default configurations or had been stolen or leaked in a previous data breach and not been changed since. They also gained access using different techniques to bypass MFA, covered in more detail in the next section.

Once inside the cloud environment, the authors observed bad actors performing a number of tactics to abuse the cloud services, including:

Now that multifactor authentication has become a standard security practice in many organisations, attackers are exploring new, creative tactics to bypass it. According to Mandiant, the number of compromises against cloud-based identities configured with MFA is increasing.

In 2023, the firm observed an increase of adversary-in-the-middle (AiTM) phishing pages that steal post-authentication session tokens and allow bad actors to circumvent MFA. In an AiTM campaign, attackers set up a proxy server that captures a users credentials, MFA codes and session tokens issued by the logon portal while relaying the connection to the legitimate server.

SEE: New phishing and business email compromise campaigns increase in complexity, bypass MFA

The majority of business email compromise cases Mandiant responded to in 2023 involved the threat actor circumventing the users MFA via AiTM. In the past, the relative complexity of setting up AiTM phishing infrastructure compared to traditional credential harvesting forms may have kept the number of these attacks low. However, there are now a number of AiTM kits and phishing-as-a-service offerings advertised in the cybercriminal underground, according to Mandiant. These products significantly lower the barrier to entry for AiTM phishing, resulting in an uptick.

Other techniques the Mandiant researchers observed attackers using to bypass MFA include:

Red teams consist of cyber security analysts who plan and execute attacks against organisations for the purposes of identifying weaknesses. In 2023, Mandiant consultants used generative AI tools to speed up certain activities in red team assessments, including:

Dr. Collier told TechRepublic: The role of AI in red teaming is highly iterative with a lot of back and forth between large language models (LLMs) and a human expert. This highlights the unique contribution of both.

AI is often well suited for repetitive tasks or fetching information. Yet, having red team consultants that understand the trade craft and possess the skills to apply context provided by LLMs in practical situations is even more important.

AI was also used in Mandiants purple team engagements, where analysts must become familiar with a clients environment from the perspective of an attacker and defender to foster collaboration between red and blue teams. Generative AI was used to help them understand the customers platform and its security more quickly.

SEE: HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking

In the report, the authors speculated on how cyber security analysts could use AI in the future. Red teams generate a substantial amount of data that could be used to train models tuned to help secure customer environments. However, AI developers will also have to find novel ways to ensure models have appropriate guardrails in place while simultaneously allowing for the legitimate use of malicious activity by red teams.

The combination of red team expertise and powerful AI leads could result in a future where red teams are considerably more effective, and organisations are better able to stay ahead of the risk posed by motivated attackers, the authors wrote.

The metrics reported in M-Trends 2024 are based on Mandiant Consulting investigations of targeted attack activity conducted between January 1, 2023 and December 31, 2023.

See original here:
Top 5 Global Cyber Security Trends of 2023, According to Google Report - TechRepublic

Bots are Taking Over the Internet: What That Means for Security Erez Hasson RSA24 #2 – SC Media

Traditional Managed Detection and Response (MDR) methods, centered on threat-based security, often miss the bigger picture of evolving cyber risks. This segment explores the shift towards a proactive, risk-based MDR approach, emphasizing the importance of anticipating and mitigating risks before they escalate into threats. We'll discuss the benefit...

See the rest here:
Bots are Taking Over the Internet: What That Means for Security Erez Hasson RSA24 #2 - SC Media

Saints secure with signing of NordVPN – St Kilda FC

St Kilda Football Club is pleased to welcome leading cybersecurity company NordVPN as an official partner.

By saints.com.au

2 days ago

St Kilda Football Club is pleased to welcome leading cybersecurity company NordVPN as an official partner.

The worlds most advanced VPN service provider, NordVPN is used by millions of internet users across the globe.

Were excited to enter this partnership with NordVPN, EGM Commercial and Consumer Chris Larkins said.

We know how much our fans enjoy connecting with the club online, so were excited to partner with NordVPN to help ensure their safety as they do so.

The partnership will aim to educate Saints fans on the potential risks of using unsecured networks to ensure privacy and safety online.

NordVPN Head of PR Laura Tyrylyt said the software not only allows users to stay private online, but also protects them from malware and trackers, as well as screening the dark web to see if other online service providers have leaked accounts associated with users email addresses.

Strong defence is crucial not only on the football field but also in our activities online, thus were honoured to establish our partnership with St Kilda Football Club NordVPN Head of PR Laura Tyrylyt said.

We are sure this partnership will bring more awareness about cybersecurity and online privacy to football fans. Were looking forward to providing them with robust internet security solutions across their devices.

NordVPN is currently running a 75% off sale, including a 30-day money-back guarantee for new customers. In addition, St Kilda members are eligible to an extra month of NordVPN subscription for free.

To learn more about NordVPN or to access the St Kilda member exclusive deal click here.

The rest is here:
Saints secure with signing of NordVPN - St Kilda FC

SANS Institute to Empower Cyber Professionals in the Middle East at SANS Dubai May 2024 – Global Security Mag

SANS Institute to Empower Cyber Professionals in the Middle East at SANS Dubai May 2024

SANS Institute has announced SANS Dubai May 2024 from 11-16 May at the Hilton Dubai, Palm Jumeirah. The course is expertly designed to equip cyber professionals with the skills needed to identify, counter, and prevent emerging cybersecurity threats, particularly those security professionals interested in expanding their knowledge of Red Team engagements and security control requirements.

Recent high-profile cyberattacks indicate that offensive attacks are bypassing defensive strategies, and cybersecurity experts, auditors, engineers and compliance officers are actively seeking practical solutions to protect their systems and data. In line with this, the UAE is witnessing a surge in demand for cybersecurity professionals with the necessary skills, with market projections indicating substantial growth from $0.52 billion in 2023 to an anticipated $0.95 billion by 2028.

SANS Dubai May 2024 offers two specialized courses through both in-person training and simultaneous live online sessions: the newly-launched SEC565: Red Team Operations and Adversary Emulation, and SEC566: Implementing and Auditing CIS Controls.

SEC565 will teach students how to develop and improve Red Team operations for security controls through adversary emulation, cyber threat intelligence, Red Team tradecraft, and engagement planning, ultimately improving the overall security posture of the organization.

In SEC566, students will learn how an organization can defend its information by using a vetted cybersecurity control standard, specifically how to implement, manage, and assess security control requirements defined by the Center for Internet Securitys (CIS) Controls across an organizations complex networks, including cloud assets.

"As threats advance and become more sophisticated, organizations in the Middle East must proactively assess their security measures. Mastering offensive security techniques is necessary today, and thats where the SANS Institute comes in, says Ned Baltagi, Managing Director Middle East, Turkey and Africa, SANS Institute. By leveraging threat intelligence and emulating real-world environments, we teach professionals how red teams provide invaluable insights into an organizations vulnerabilities by identifying weaknesses, enhancing defense strategies, and strengthening incident response capabilities.

Moreover, understanding what to do when addressing threats can be overwhelming when organizations must meet various compliance and framework requirements. We aim to teach professionals how to defend their information systems by the implementation of foundational safeguards, measure control implementation and effectiveness, then report back to leadership at each level."

On May 13, 2024, SANS will also hold a Community Night session on How to Prevent Social Engineering based on Successful Red Team Exercises. Organizations spend a large amount of effort to lock down their technology and the associated process to prevent intrusions, but many times breaches end up happening due to the human factor. David Mayer, Principal Instructor at SANS Institute will present successful social engineering campaigns and provide tips on how companies can train their employees to prevent social engineering from being successful.

For more information and to register for SANS Dubai May 2024 in person or online, please click here. To register for SANS Dubai May 2024 Community Night, please visit: https://www.sans.org/mlp/community-night-dubai-may-2024/

Read the original here:
SANS Institute to Empower Cyber Professionals in the Middle East at SANS Dubai May 2024 - Global Security Mag