Tag: threat

Underestimating the dangers within: mitigating the insider cyber threat

Post author By lisa nichols
Post date April 18, 2024
No Comments on Underestimating the dangers within: mitigating the insider cyber threat

[ad_1]

The cybersecurity risks that businesses are often most concerned about come from external attacks. But at the same time, threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years.

As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.

Understanding the risk

Insider threat has always had the mystique of espionage and spies – but usually it’s nothing of the sort. At one end of the spectrum, you’ve got people who are trying to get access to company data and then accidentally share information, or disgruntled employees. And on the other end, you have nation state actors who could be attempting to access sensitive information from government and corporations or disrupt critical national infrastructure.

It’s a delicate issue for businesses to tackle, because anybody could intentionally or unintentionally be an insider threat, and a balance must be found between the security of an organization versus the personal liberty of an individual.

The first obstacle to implementing effective cybersecurity strategies is when the risk at hand is not fully understood. How do you determine what kind of protective controls you put into place to stop the potential exfiltration of data or disruption when there are so many different motives and methods?

Paul Lewis

Paul Lewis, CISO, Nominet.

Detection, not surveillance

Firstly, a line should be drawn between employee monitoring for possible signs of insider risk and employee surveillance. The latter could have a negative impact on company culture, and ignores the important balance between security and liberty and the legal safeguards that exist.

That being said, some form of threat mitigation and detection should still be in place. One useful tool in the armory is web content URL filtering that blocks malicious websites, for example if you click on a phishing email, or accidentally visit a malicious website and inadvertently open your organization to risk. Technology like this typically works hand in hand with Data Leakage Prevention (DLP). DLP uses keywords and analytics to look for data or information that is sensitive, such as credit card numbers or personally identifiable information and blocks that information leaving the organization.

Because these types of tools can effectively track browsing habits, they must be tightly controlled and only a small number of people in an organization should have access to that data. Even so, that must go through multiple layers of approval. Business leaders must trust their employees, demonstrate that they do, and only use these tools as safety nets. It’s better to try and detect, protect, and solve the problem.

Put effective intervention methods to use

Background checks and vetting are important measures for mitigating the possibility of an insider threat from the very outset. But when it comes to managing an existing team, other methods will have to be explored. For systems and services, audit records and the cyber equivalent of double entry book-keeping should be considered, for instance.

Organizations that are more mature may use honeypots or canary tokens to decoy information on their system that looks sensitive but is fake; if anybody accesses this system or releases information, it can be tracked very easily and, if disturbed, is a good indicator of an insider threat.

Adopting a deterrence strategy is also useful, such as information classification. Systems with a large amount of sensitive information stored in them, data that could be sold or retained to use against someone, are going to be clear targets for insiders. A protective marking on it, such as “confidential”, could either entice or deter these individuals, as it makes clear that certain information is important, tracked and handled cautiously. This allows organizations to ring fence and apply controls to the specific information that is sensitive to them.

Responding to an insider incident

Incident response to insider threats is very similar to other types of data breaches, but with one significant caveat. As an employee they are by default a trusted individual. Therefore, they are potentially able to do significantly more damage than an external threat actor as they know the internal workings of the company and their way around potentially complex systems. Revoking complete access for any employee, for instance, should be a matter of priority when trying to mitigate the impact of any insider threat when suspected of carrying out a malicious breach.

Reporting the incident is ultimately the same type of process, but the way organizations initially approach the individual will differ from third-party actors. It’s especially important, in these circumstances, to have irrefutable evidence, as accusing somebody who is innocent could also cause significant damage to a business and the individual.

Insider threats too often sit in the blind spot of businesses. But by focusing on external threats exclusively – perhaps in favour of avoiding tension or perceptions of mistrust in the workplace – organisations and their employees are left vulnerable to the genuine threat insiders pose, often greater than the threat posed by third-party actors. It is a crucial element of any robust cyber strategy, and not to be overlooked.

We’ve listed the best identity management software.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

[ad_2]

Source Article Link

Tags Cyber, Dangers, insider, mitigating, threat, Underestimating

Featured

Competition under threat as cloud giants selectively invest in startups, watchdog says

Post author By lisa nichols
Post date April 12, 2024
No Comments on Competition under threat as cloud giants selectively invest in startups, watchdog says

[ad_1]

In a recent address at the 72nd Antitrust Law Spring Meeting in Washington DC, UK Competition and Markets Authority (CMA) CEO Sarah Cardell delved into the potential impact of the current AI landscape on competition and consumer protection.

Emphasizing AI’s transformative benefits, Cardell implied that tech giants like Amazon, Google, and Microsoft have been selectively investing in specific startups.

Her speech, recorded via speaker’s notes, highlighted the need for proactive measures to ensure fair, open, and effective competition in the AI landscape.

Cloud companies are the subject of CMA scrutiny yet again

Reflecting on the CMA’s ongoing scrutiny of the cloud and AI industry, Cardell outlined a series of risks that current practices pose.

Concerns were raised about tech giants controlling critical inputs (such as compute and data) for foundation model development, potentially restricting access for other companies. Such restriction could lead to incumbent firms protecting their existing positions from disruption, which Cardell fears might even lead to market power in other markets beyond AI.

The CMA’s CEO also noted that partnerships involving key players in the AI landscape, such as the big three, could reinforce their existing positions of market power and dominance, making it even harder for smaller companies to reach the top.

To address these concerns, the CMA has already committed to enhancing its merger review process to assess the implications of partnerships and arrangements and to monitor current and emerging partnerships more closely, including that of Microsoft and OpenAI.

Finally, the CMA has plans to examine AI accelerator chips and their impact on the foundation model value chain.

As the AI landscape continues to evolve, it’s clear that the CMA remains committed to its existing investigations into dominant companies and encouraging competition.

Hospital helpdesks targeted by hackers — US Health Department warns health services are under threat

Post author By lisa nichols
Post date April 8, 2024
No Comments on Hospital helpdesks targeted by hackers — US Health Department warns health services are under threat

[ad_1]

The US Department of Health and Human Services (HHS) has issued a warning that hackers are attempting to target the helpdesks of hospitals in order to gain access to critical hospital systems.

The hackers have been observed contacting hospital IT help desks using local area code phone numbers and then pretending to be a hospital employee, providing the helpdesk with stolen identification.

The hackers then request that their device be set up to use the employee’s multi-factor authentication. Once they have access to the hospital’s internal systems, they are free to steal data and re-route transactions into their own bank accounts.

Hospital data and finances a honeypot for hackers

The Health Sector Cybersecurity Coordination Center (HC3) issued a warning for hospitals to be vigilant in the face of hackers using elaborate social engineering campaigns to gain access to hospital systems. The HC3 stated that the hackers “specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts” in order to steal money.

“Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts,” HC3 continued. “The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO).

While no threat actor has been formally identified as responsible for these attacks, HC3 issued a number of guidance points to IT help desks in order to avoid succumbing to such an attack: (PDF)

Require callbacks for employees requesting new device MFA enrollment or password resets using the number on file for the employee
Monitor ACH changes for suspicious activity and frequently revalidate users who have access to payer websites
Employees requesting MFA device enrollment, password resets, or ACH changes should report in person to the IT helpdesk
Where this is not possible, contact the employee supervisor for verification
Train helpdesk employees to identify social engineering techniques and spearphishing attempts

Via BleepingComputer

Linux servers targeted by dangerous espionage malware as Windows threat makes the jump

Post author By lisa nichols
Post date April 1, 2024
No Comments on Linux servers targeted by dangerous espionage malware as Windows threat makes the jump

[ad_1]

A dangerous espionage malware, previously only used against Windows devices, is increasingly being observed on Linux machines, too, experts have warned.

Following earlier reports by ESET and Trend Micro, Kaspersky is now warning of the Dinodas Remote Access Trojan (RAT), signaling the rising popularity of the malware.

Kaspersky claims the backdoor is “fully functional, granting the operator complete control over the infected machine, enabling data exfiltration and espionage”. DinodasRAT is designed to monitor, control, and steal data from target endpoints. Besides stealing data, it can run processes, create a remote shell for direct command, or file execution, update and upgrade itself, uninstall itself and delete all traces of its existence.

XDealer and DinodasRAT

Older reports indicate that DinodasRAT is a Linux version of a known Windows RAT dubbed XDealer. Earlier in March, Trend Micro observed the Chinese APT group known as “Earth Krahang” using XDealer against both Windows and Linux systems belonging to “governments worldwide”.

The researchers did not detail how the attackers managed to drop the malware onto target endpoints, but did stress that since October 2023, the targets were mostly located in China, Taiwan, Turkey, and Uzbekistan.

Today, many nation-states are engaged in cyber-warfare, disrupting operations and stealing sensitive data from their adversaries. Besides China, there are notable threats coming from North Korea (Lazarus Group, for example), Russia (Fancy Bear), Iran (Scarred Manticore), and others.

With war raging in Ukraine, China eyeing Taiwan, Israel engaged against Hamas, as well as other potential hotpots (the issues of migration in both Europe and the States, U.S. presidential elections), it is no wonder that not a day goes by without news of state-sponsored hacking groups engaging in cyber-espionage.

The rising popularity of DinodasRAT only demonstrates the increasing use of Linux-powered devices in government agencies around the world.

Via BleepingComputer

Bird-flu threat disrupts Antarctic penguin studies

Post author By lisa nichols
Post date March 15, 2024
No Comments on Bird-flu threat disrupts Antarctic penguin studies

[ad_1]

Brown Skua, Stercorarius antarcticus, calling in front of a King Penguin colony. — Avian flu has been detected sub-Antarctic king penguins.Credit: Education Images/Universal Images Group via Getty

A deadly strain of bird flu circulating worldwide is disrupting research in Antarctica and could lead to the cancellation of some projects to study penguins, seals and other animals next year.

“This is the first time I remember such reduced access to animal colonies since I started my Antarctic career in 1996,” says microbiologist Antonio Quesada del Corral, who manages the Spanish Antarctic research programme and is based in Madrid.

“Several projects were cancelled this year, because we wanted to reduce the risk of having an infection of people or being the vector that spreads sickness between different animal colonies,” he says. “We had scheduled for next year more new projects on animal colonies — some of these are now likely not going to take place.”

Antarctic seals recruited to measure effects of climate change

Researchers first detected avian influenza, caused by the circulating H5N1 subtype of the virus, in the wider Antarctic region in October 2023. They found the virus in dead birds, including skuas and gulls, in the sub-Antarctic territory of South Georgia and the South Sandwich Islands.

This sparked fears among scientists that bird flu would soon reach Antarctica itself. “We were very afraid,” says Quesada del Corral. As a result, he says, the Spanish Antarctic research programme was revised for the summer season, which runs from around October to late March. Since then, only researchers specializing in infectious diseases and viruses have been allowed access to animal colonies, he adds. In the sub-Antarctic, the virus is known to have spread to elephant and fur seals, albatrosses, terns, gentoo penguins and king penguins, suggesting that these animals are also at risk in Antarctica.

Data disruption

Researchers involved in about half a dozen projects have been unable to collect data from sensors that are located in animal colonies and gather information year-round, says Quesada del Corral. “We had several projects that needed to download information from some sensors [located] in colonies of penguins, sea lions, elephant seals, leopard seals — and they were not able to go in there.”

Some of these long-term projects aim to monitor animal behaviour — for example, to determine when penguins hatch, moult and move to or from a rookery. Others aim to track the impacts of the animals on the environment, or to sample bacteria in aerosols produced by the colonies.

How to stop the bird flu outbreak becoming a pandemic

In theory, data collected by sensors could still be retrievable next year. “The memory of the sensors is normally about two years,” says Quesada del Corral. “We usually change the battery every year. Hopefully next year they will have at least partial data collected.”

But there is a chance that the batteries will fail, or that restrictions could tighten. “I really am afraid that next year the season is going to be worse than this,” he adds.

The activities of Argentine researchers have also been disrupted by bird flu, says Martín Ansaldo, an ecologist at the Argentine Antarctic Institute in Buenos Aires. “We suspended all activities that had direct contact with animals, wherever we observed animals with unusual behaviour or an unusual increase in the number of dead,” he says. This affected scientists studying the reproduction, behaviour and physiology of birds and mammals.

Research carried out under the US Antarctic Program has not yet been disrupted by bird flu, according to the National Science Foundation (NSF), which funds the programme. Nonetheless, “it is possible that any future outbreak detected could impact research”, an NSF spokesperson told Nature. “Decisions will be made on a case-by-case basis.”

Tip of the iceberg

Researchers’ fears were confirmed in February, when H5N1 was detected on the Antarctic mainland for the first time. The virus was found in dead skuas near Argentina’s Primavera research station, located on the Antarctic Peninsula, which stretches north towards South America. “With this confirmation, we know that the infection can reach any colony in a few days,” says Quesada del Corral.

Scientists have just started a new expedition to sample for bird flu on the Antarctic Peninsula, says Antonio Alcamí, a virologist based at the Severo Ochoa Centre for Molecular Biology in Madrid, who was among those who first detected H5N1 on the mainland.

Monitoring the spread of the virus will help to protect researchers on Antarctica. “The confirmation of H5N1 [on the mainland] generated an early warning to take extreme care of the people working in Antarctica, both logistical and scientific,” says Ansaldo. “We must be prepared to protect both the Antarctic fauna and the human beings working there.”

[ad_2]

Source Article Link

Tags Antarctic, Birdflu, disrupts, penguin, studies, threat

News

Cyber attack trends for 2024 from the X-Force Threat Report

Post author By miranda cosgrove
Post date February 22, 2024
No Comments on Cyber attack trends for 2024 from the X-Force Threat Report

X-Force Threat Intelligence Index Report 2024

In the dynamic arena of cybersecurity, the stakes are high and the adversaries are relentless. The latest insights from IBM’s X-Force Threat Intelligence Index Report for 2024 provide a crucial glimpse into the cyber threats that dominated the previous year. For anyone with a stake in the digital world, these findings are not just informative; they are essential for the protection of your digital assets.

The report highlights a significant rise in the exploitation of legitimate user credentials, which saw a 71% increase in 2023, making it as prevalent as phishing in terms of methods used for initial access by cybercriminals. This alarming trend underscores the critical need for robust Identity and Access Management (IAM) protocols. Without strong IAM measures, your digital presence is at risk, as cybercriminals continue to refine their tactics to gain unauthorized access to systems and data.

Phishing attacks, a long-standing threat, remain a formidable challenge, with cybercriminals constantly updating their strategies to install malware or steal credentials. The malware that is particularly concerning is the kind that hijacks user accounts, potentially leading to significant data breaches. It is more important than ever to remain vigilant and to be able to recognize and respond to these deceptive tactics.

Cyber Attack Trends 2024

Here are some other articles you may find of interest on the subject of artificial intelligence

Data security has become increasingly important, with incidents of data theft and leakage now accounting for 32% of the major impacts on organizations. This represents a significant increase from the 19% reported in 2022. The rise of info stealers has contributed to this trend, emphasizing the need to protect your data from theft and unauthorized disclosure.

Application security is another area that demands continuous attention. The most common vulnerabilities are due to misconfigurations, failures in identity and authentication, and issues with access control. These vulnerabilities are often linked to poor password practices and the use of default settings. Addressing these issues through rigorous security measures is essential to safeguard your applications from potential breaches.

The report also touches on the emergence of Generative AI, including advanced chatbots, which has been a hot topic in 2023. While the use of this technology in attacks has been minimal so far, the interest shown in dark web forums suggests that it could pose future threats. Keeping up with the developments in generative AI is therefore an important aspect of your cybersecurity strategy.

X-Force Threat Intelligence Index Report for 2024

A review of 2023 identifying major threat trends in cybersecurity, drawing on data from IBM’s global team across 17 countries, including ethical hackers, incident responders, researchers, and analysts.

Identity and Access Management:
- Initial access factors highlighted, with valid accounts or improper use of a valid account and phishing tied for the top method at approximately 30%.
- A significant increase in valid account misuse, up by 71% over the previous year.
Phishing Details:
- Split into two main types: those involving attachments and those involving links, aiming to plant malware or steal credentials.
- A considerable portion of malware is intended to steal credentials.
Data Security:
- Data theft and leakage were the top impact on organizations, constituting 32%, up from 19% in 2022.
- The rise of info stealers, malware designed to exfiltrate sensitive information and credentials, saw an increase of 266%.
Application Security:
- Misconfiguration was the most frequent application security vulnerability, according to the OWASP Top 10 list.
- Identity and authentication failures, along with related access control issues, were significant, collectively accounting for 36% of the vulnerabilities.
Zero-Day Attacks:
- A significant decrease in 2023 compared to 2022, down by 72%, possibly due to easier attack methods being available.
Ransomware:
- A slight decrease in real-world cases, down by 12%.
- Early signs of better defense against ransomware attacks and a growing trend of organizations not paying the ransom.
Generative AI:
- 2023 marked a significant year for the adoption and discussion of generative AI technologies.
- Over 800,000 mentions of AI and generative AI in dark web forums, indicating both interest and experimentation by malicious actors.
- Concerns raised about the potential misuse of generative AI in cyber attacks, with some alternative chatbots lacking restrictions on generating malicious content.
Preventive Measures and Recommendations:
- Emphasis on the effectiveness of industry best practices in preventing 84% of attacks on critical infrastructure.
- Recommendations include multi-factor authentication, use of passkeys, data encryption, immutable backups, patching applications, system hardening, and staying informed about generative AI developments.

However, it’s not all grim news. The report notes a significant 72% decline in zero-day attacks and a 12% reduction in ransomware incidents, indicating that cybersecurity efforts are making a difference. These positive trends highlight the effectiveness of proactive prevention measures and the benefits of staying ahead of cybercriminals.

Prevention is, and always has been, the best defense. The report suggests that adhering to industry best practices could have prevented 84% of the attacks on critical infrastructure that occurred. Among the recommended practices are the use of multi-factor authentication, passkeys, data encryption, immutable backups, regular patching, system hardening, and staying informed about the latest developments in generative AI.

The X-Force Threat Intelligence Index Report for 2024 is a wake-up call to learn from the previous year’s cybersecurity challenges and to strengthen our defenses. It is imperative that you review the full report for a comprehensive analysis and adopt the suggested security practices. By doing so, you can enhance the security of your digital ecosystem and be better prepared to face the emerging threats that lie ahead.

Filed Under: Technology News, Top News

Latest timeswonderful Deals

Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, timeswonderful may earn an affiliate commission. Learn about our Disclosure Policy.

Tags attack, Cyber, Report, threat, Trends, XForce

News

Here’s why AI prejudice may not be a threat.

Post author By admin
Post date September 25, 2023
No Comments on Here’s why AI prejudice may not be a threat.

The News God
Here’s why AI prejudice may not be a threat.

Amazon and Google ruled their respective markets, but there will probably be a lot of AI systems.
OpenAI, which made the ChatGPT language model, is the best-funded and biggest AI platform company, with over $10 billion in funding and a value of nearly $30 billion. Microsoft uses OpenAI, but Google, Meta, Apple, and Amazon all have their own AI systems, and Silicon Valley is home to hundreds of other AI startups. Will the forces of the market make one of these a monopoly?

When Google started its search business, there were already a dozen other search engines like Yahoo, AltaVista, Excite, and InfoSeek. Many people asked why we need yet another search engine like Google. But Google became a monopoly online because it worked so well and had so many connections.

Networking effects are very strong, and Amazon, which has a share of nearly 60% of the online shopping market, is a great example. Buyers go there to find the most products from the most sellers, and sellers go there to reach the most people. Even if another site did better than Amazon, these networking effects would still make it hard to beat.
Google put out a new way to rank pages that users instantly saw was better than what had come before. Users went to Google because its list of online sites was growing quickly and its search results were more accurate. Advertisers also flocked to Google to reach this huge number of users.
The first search tools didn’t last long. As people left platforms like Friendster and MySpace to join Facebook, it became a monopoly with the same networking effects. It also became the largest platform where people could find their online friends more quickly.

AI platforms don’t seem to have the same effects on networking as search and social media platforms. AI platforms are more like online producers like the New York Times or Fox News. They gather information that is already out there and use that information and intelligence to make new content.
Instead of just sharing third-party content, these platforms get that content and study it so they can post new content and work like other companies like the New York Times and Fox News.

Training data is the information that AI platforms use as sources. It comes from online news sites and social media platforms like Twitter. If an AI platform only uses right-leaning news sites as training data, then the AI content it makes will have a right-leaning bias. In the same way, if an AI platform depends mostly on leftist news sources, the material it creates will have a tilt toward the left.

AI platforms only cause censorship problems if they hide the biases in the data they use to train their algorithms or if they put strict limits on the content their algorithms create. For example, they could allow certain types of content for leaders of one political party but not for leaders of the other political party.

Some science fiction movies like “The Matrix” and “Bladerunner” show how AI content could be used to only reflect the current consensus or government narrative. This is why it is so important for AI platforms to be required to be transparent by publishing the specific sources/sites of their training data.

There is no reason for the New York Times, Fox News, and other news sites to form a monopoly around one main news source. It looks like the many AI platforms will work as producers and are not likely to be taken over by one big company in the future.

If the AI companies work as authors instead of “computer services providers” as the Section 230 law calls them, they don’t get the liability rights that come with being a “computer services provider.”

Here’s why AI prejudice may not be a threat.
Alfred Abaah
The News God – Home of Current and Trending News Stories

Tags Heres, prejudice, threat