Tag: Cybersecurity
Closing the chasm between cyber and CEOs
Risk is the common language that will close the knowledge and credibility chasm that frequently separates chief information security officers (CISOs) from their boards. Even in large organisations, the CISO is rarely awarded the authority granted automatically to the chief financial officer (CFO) and some other c-suite executives. But this is already starting to change as new laws on both sides of the Atlantic are making not only CISOs but also chief executive officers (CEOs) responsible by law for significant but essentially preventable cyber-breaches. The US Securities and Exchange Commission (SEC) last year is known to have notified the CFO and the CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, which the company had disclosed in a regulatory filing with the agency. This was further compounded when in October, the SEC finally charged SolarWinds and its CISO Timothy Brown with fraud and internal control failures for allegedly misleading investors about its cybersecurity practices leading up to the Sunburst attack discovered in December 2020.
Game over for European criminal botnet networks
An international operation coordinated by Europol has resulted in several arrests and the takedown of numerous cybercriminal networks. The operation focused on tackling the growing problem of the weaponization of botnets, which are strings of connected computers. Cybercriminal gangs use botnets to install droppers, a type of malicious software designed to install other malware, such as ransomware, onto a targeted system. Between 27 and 29 May of this year, Europol’s “Operation Endgame” targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services, making arrests, taking down criminal infrastructures, and freezing illegal proceeds.
Law Enforcement Ramp-Up Efforts to Capture ‘Emotet’ Mastermind – June 3rd
The law enforcement agencies behind Operation Endgame are seeking information about Odd, who is allegedly behind the ‘Emotet’ malware. Initially a banking trojan, the 'Emotet' malware evolved into a tool that delivers an array of payloads, including TrickBot, IcedID, QakBot, and others.
Ticketmaster Breach Data Posted on New BreachForums – May 31st
The 'ShinyHunters' threat actor group posted data from a Ticketmaster data breach, potentially belonging to 560M users, asking for $500K in exchange for the data. Analysts at Vx-Underground analyzed a sample of the Ticketmaster data and determined that the data was authentic, containing entries dating back to 2011.
New cyber threat from North Korea
Microsoft has identified a new North Korean threat actor, Moonstone Sleet. Also known as Storm-1789, Moonstone Sleet has set up fake companies and job opportunities to engage with potential targets and has even created a fully functioning computer game designed to trap the unwary. The potentially hostile nation-state of North Korea has long been suspected of resorting to cybercrime, targeting the West to fund its military build-up and commit ongoing cyber espionage against countries such as the US and the UK. But Moonstone Sleet is taking cyber-attacks on the West to new levels of sophistication, posing a threat to all organizations. Microsoft says Moonstone Sleet “uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives.”
Officials Take Down the “911 S5 botnet” – May 30th
A US-led law enforcement sting operation against the global '911 S5 botnet' network was a major success. The 911 S5 botnet network of millions of compromised Windows computers was used to facilitate cyber-attacks, fraud, and child exploitation, among other illicit activities.
TeaBot banking malware infects 70k smartphones
TeaBot, a highly sophisticated type of malware, is increasingly infecting Android smartphones. Cybersecurity firm Zscaler’s ThreatLabz reported a sharp rise in malicious activity leveraging TeaBot this week. TeaBot, also known as “Anatsa,” is designed to impersonate seemingly harmless applications such as PDF and WR code readers. Once installed on an Android smartphone, it acts as a Trojan horse containing numerous financial scams. “[TeaBot] is a known Android banking malware that targets applications from over 650 financial institutions, primarily in Europe. We observed Anatsa actively targeting banking applications in the US and UK. However, recent observations indicate that threat actors have expanded their targets to include banking applications in Germany, Spain, Finland, South Korea, and Singapore,” explains Zscaler ThreatLabz.
34% of Organizations Lack Cloud Cybersecurity Skills – May 29th
According to a Cado Security report, 34% of organizations lack cloud cybersecurity skills. The report also discloses that 23% of cloud alerts remain uninvestigated due to various challenges and complexities.
Indian elections targeted by cyber-attacks
India’s current elections have become a prime target for malicious cyber activity on the part of foreign threat actors and independent hacktivist groups. With the results expected to be counted on June 4, the spike in cyber-attacks is a stark warning for other countries such as the US, the UK and the European Union (EU), which are also holding national elections later this year. Cybersecurity company Resecurity reports that the early stages of cyber-attacks have been observed since the launch of an #OpIndia campaign last year. Escalating geopolitical tensions across the globe are now heightening the threat to India at this crucial time, with the number of attacks increasing by nearly 300% following the launch of #OpIsrael, which coincided with heightened online protests in the context of the ongoing Israel-Gaza crisis.
‘Shadow AI’ is putting companies at risk
The increasing use of artificial intelligence (AI) tools by staff ahead of IT departments involvement has resulted in the growing problem of ‘shadow AI’. “Similar to the early days of cloud adoption, workers are using AI tools before IT departments formally buy them. The result is “shadow AI,” employee usage of AI tools through personal accounts that are not sanctioned by - or even known to - the company,” says Silicon Valley-based data protection company Cyberhaven’s report: How Employees are Leading the Charge in AI Adoption and Putting Company Data at Risk.
ID security acquisition to spark M&A growth
Identity security company CyberArk has announced that it is acquiring machine identity management specialist Venafi for US $1.54 billion from software-focused investor Thoma Bravo, which already manages US$138 billion in assets. The acquisition is being seen by some market sources as the start of more highly-focused acquisition-driven growth in the increasingly sharply defined and specialized cybersecurity sector. The logic behind the Venafi acquisition is clear. According to CyberArk, the number of machines is rapidly outpacing the growth of their human counterparts, with more than 40 machine identities for every human identity. By adding Venafi’s machine identity management to its dominant identity security position, CyberArk expects to expand its total addressable market by almost US$10 billion to around US$60 billion.
Chinese Hackers Using ORB Networks to Evade Detection – May 23rd
Mandiant revealed that Chinese-linked state-backed hackers rely on operational relay box (ORBs) network proxy meshes to avoid detection for cyber espionage campaigns. For example, Mandiant pointed out that these advanced persistent threat actors (APTs) used ORBs for the 'SPACEHOP' critical vulnerability campaign earlier this year.