InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Find programming and software development online courses, created by experts to help you take your career to the next level.
Programming Online Courses
AWS Online Courses
You can choose the course based on your specific needs:
ISO 27001 Foundations course â youâll learn about all of the standardâs requirements and the best practices for compliance.
ISO 27001 Internal Auditor course â besides the knowledge about the standard, youâll also learn how to perform an internal audit in the company.
ISO 27001 Lead Auditor course â besides the knowledge about the standard, it also includes the training you need to become certified as a certification auditor.
ISO 27001 Lead Implementer course â besides the knowledge about the standard, it also includes the training you need to become an independent consultant for Information Security Management System implementation.
The online courses are suitable both for beginners and experienced professionals.
Learn at your preferred speed from any location at any time.
If you have any questions, feel free to send us an email to info@deurainfosec.com
For a limited time only, ITG is offering bestselling implementation guides free with each toolkit purchase.*
All the pre-written policies and procedures youâll ever need.
Written by our expert team of in-house consultants, who have been delivering cyber security and data privacy consultancy for years.
Reviewed throughout the year to ensure youâre always working from the most up-to-date documentation, in line with the latest guidance and standard revisions, including free upgrades.
Accessible on our Cloud-based platform, DocumentKits, so you can collaborate with team members, viewing, editing and downloading documents any time, anywhere.
Scammers are using cloud services to create and host web pages that can be used to lure victims into handing over their credentials
Criminals are slipping phishing emails past automated security scanners inside Amazon Web Services (AWS) to establish a launching pad for attacks.
Scammers have latched onto the ability for people to use an AWS service to build and host web pages using WordPress or their own custom code. From there they can send phishing messages carrying the AWS name into corporate emails systems to both get past scanners that typically would block suspicious messages and to add greater legitimacy to fool victims, according to email security vendor Avanan.
In a report this week, researchers with Avanan â acquired last year by cybersecurity company Check Point â outlined a phishing campaign that uses AWS and unusual syntax construction in the messages to get past scanners.
“Email services that use static Allow or Block Lists to determine if email content is safe or not are not immune to these attacks,” they wrote. “Essentially, these services will determine whether a website is safe or not. Amazon Web Services will always be marked as safe. It’s too big and too prevalent to block.”
Piggybacking on well-known brand names for phishing campaigns isn’t unusual. Avanan this year has documented such efforts leveraging QuickBooks, PayPal, and Google Docs to ensure messages land in an inbox.
Now the public cloud is a vehicle and using AWS makes sense. It is the largest public cloud player, owning a third of a global cloud infrastructure market that generated almost $55 billion in the second quarter, according to Synergy Research Group. Combined, AWS, Microsoft Azure, and Google Cloud account for 65 percent of the space.
“Attacks using public cloud is becoming my common for many reasons, in part because infrastructure is so transient, reputational systems cannot help. We can block bulletproof hosting providers but we can’t just block AWS,” John Bambenek, principal threat hunter at Netenrich, told The Register. “These services are cheap, easy to use, and can spin up and down services quickly. Public clouds are usually whitelisted, so IP reputation doesn’t work, and people are getting more and more used to services in public clouds so they don’t look as suspect.”
The trend will only grow, according to Davis McCarthy, principal security researcher at Valtix.
“As the enterprise embraces the multiple clouds, cybercriminals will have more options to choose from and abuse,” McCarthy told The Register. “Benefiting from the lack of visibility and the disjointed topology, attack surfaces will be difficult to fingerprint. Organizations will need to standardize on security across clouds and have the ability to consolidate visibility to ensure prevention and detection processes are implemented efficiently.”
Cybercriminals are “creating phishing pages on AWS using the site’s legitimacy to steal credentials,” Avanan researchers wrote. “Sending a link to this page via email is a way to bypass scanners and get users to hand over credentials.”
They pointed to a campaign where the cybercriminal sent a phishing message created and hosted on AWS telling recipients that their password was about to expire. The email came with a Microsoft logo and told the user to click on a button to either keep or change the password.
The use of AWS’ name isn’t the only tactic for getting past the scanners, according to the researchers. They also use unusual content in the email’s text to confuse scanners, they wrote. When the message in the example was opened, the text wasn’t related to the attack. Instead, it was written in Spanish that when translated talks about a price quote for an “earthquake monitoring system.”
When the user clicks on button, they’re taken to a fake password reset page that includes the domain name of the victim’s company and most of the fields populated. The user is asked only to type in their password. If that’s done, the scammers can steal the credentials.
“With an easy way into the inbox, plus a low lift from end-users, this type of attack can be quite successful for hackers,” the researchers wrote, who added that they notified Amazon of what they found.
Avanan researchers wrote that enterprise users need to hover over links to see the destination URL before clicking on it and look at the email content before clicking on it. Hank Schless, senior manager of security solutions at Lookout, told The Register that Secure web gateways (SWGs) can help identify risk behavior on the network beyond what typical scanners do. If part of a larger cloud security platform, administrators can implement more data protection tools to identify risk behavior, even if it’s coming from a legitimate source.
Automation also is key given the lack of in-house skills to run continuous monitoring, according to Ryan McCurdy, vice president of marketing at Bolster.
“Moreover, they do not have the relationships nor access to perform the takedowns, such as asking an internet service provider to take down a fake website, let alone have the access to underground forums and chat rooms, which is not something that can be acquired overnight,” McCurdy told The Register. “It’s critical that companies take a platform approach and leverage automation to detect, analyze, and take down fraudulent sites and content across the web, social media, app stores, and the dark web.”
(Reuters) – A team of hackers from two North American universities won the “Capture the Flag” championship, a contest seen as the “Olympics of hacking,” which draws together some of the world’s best in the field.
In the carpeted ballroom of one of the largest casinos in Las Vegas, the few dozen hackers competing in the challenge sat hunched over laptops from Friday through Sunday during the DEF CON security conference that hosts the event.
The winning team, called Maple Mallard Magistrates, included participants from Carnegie Mellon University, its alumni, and the University of British Columbia.
The contest involves breaking into custom-built software designed by the tournament organizers. Participants must not only find bugs in the program but also defend themselves from hacks coming from other competitors.
The hackers, mostly young men and women, included visitors from China, India, Taiwan, Japan and South Korea. Some worked for their respective governments, some for private firms and others were college students.
While their countries may be engaged in cyber espionage against one another, the DEF CON CTF contest allows elite hackers to come together in the spirit of sport.
The reward is not money, but prestige. “No other competition has the clout of this one,” said Giovanni Vigna, a participant who teaches at the University of California in Santa Barbara. “And everybody leaves politics at home.”
âYou will easily find a participant here going to another who may be from a so-called enemy nation to say ‘you did an amazing job, an incredible hack.'”
The game has taken on new meaning in recent years as cybersecurity has been elevated as a national security priority by the United States, its allies and rivals. Over the last 10 years, the cybersecurity industry has boomed in value as hacking technology has evolved.
Winning the title is a lifelong badge of honor, said Aaditya Purani, a participant who works as an engineer at electric car maker Tesla Inc (TSLA.O).
This year’s contest was broadcast for the first time on YouTube, with accompanying live commentary in the style of televised sports.
DEF CON itself, which began as a meetup of a few hundred hackers in the late 1990s, was organized across four casinos this year and drew a crowd of more than 30,000, according to organizing staff.
On Saturday afternoon, participants at the “Capture the Flag” contest sat typing into their laptops as conference attendees streamed in and out of the room to watch. Some participants took their meals at the tables, munching on hamburgers and fries with their eyes fixed on screens.
Seungbeom Han, a systems engineer at Samsung Electronics, who was part of a South Korean team, said it was his first time at the contest and it had been an honor to qualify.
The competition was intense and sitting for eight hours a day at the chairs was not easy. They did take bathroom breaks, he said with a laugh, “but they are a waste of time.”
Reporting by Zeba Siddiqui in Las Vegas Editing by Matthew Lewis
South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.
South Staffordshire plc, a UK water-supply company, has acknowledged it was the victim of a cyberattack. Around the same time, the Clop ransomware group started threatening Thames Water that it would release data it has stolen from the utility unless Thames Water paid up.
The problem? Thames Water wasn’t breached.
Apparently, Clop got its UK water companies confused.
South Staffordshire serves about 1.6 million customers and recently reported that it was targeted in a cyberattack and was “experiencing a disruption to out corporate IT network and our teams are working to resolve this as quickly as possible.” It added there has been no disruption on service.
“This incident has not affected our ability to supply safe water, and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers,” the water company said.
Meanwhile, Thames Water, the UK’s largest water supplier to more than 15 million people, was forced to deny it was breached by Clop ransomware attackers, who threatened they now had the ability to tamper with the water supply, according to reports.
“As providers of critical national infrastructure, we take the security of our networks and systems very seriously and are focused on protecting them, so that we can continue to provide resilient services to our customers and the environment,â the larger water company told the UK Mirror.
While Clop seems to have its records all wrong, both water utilities mounted capable responses to the ransomware group’s attack on critical infrastructure, according to Edward Liebig, global director of cyber ecosystem at Hexagon Asset Lifecycle Intelligence.
“Iâm impressed by South Staffordshire Waterâs ability to defend against the cyberattack in the IT systems and buffer the OT systems from impact,” Liebeg said. “And had Thames Water not done an investigation of the ‘proof of compromise,’ they may very well have decided to negotiate further. In both instances, each organization did their due diligence.”
It should be obvious why costs are on the rise; substantial disruption remains related to COVID-19, Russiaâs invasion of Ukraine has disrupted supply chains and interest rates have been raised several times this year.
Clearly, then, rising costs are not simply a temporary issue that we must get through. We must instead carefully plan for how we will deal with increased costs on a permanent basis.
One apparent measure is to look at ways your organisation can cut costs. For better or worse, the most likely targets will be parts of the business that donât contribute to a direct return on investment.
However, before you start slashing budgets, you should consider the full effects of your decisions.
Take cyber security for example. Itâs already notoriously underfunded, with IT teams and other decision makers being forced to make do with limited resources.
According to a Kaspersky report, a quarter of UK companies admit underfunding cyber security even though 82% of respondents have suffered data breaches.
The risk of cyber security incidents is even higher in the summer months, when staff holidays mean that cyber security resources are even more stretched than usual.
These are worrying signs for organisations, and an economic downturn will only make cyber criminals more determined to make money â especially as they know their targets are focusing on cutting costs.
But itâs not just the immediate costs associated with cyber attacks and disruption that organisations should be worried about. There are also long-term effects, whether thatâs lingering operational disruption, reputational damage or regulatory action.
Consider the ongoing problems that British Airways faced after it suffered a cyber attack in 2018. It took the airline more than two months to detect the breach, creating enduring difficulties and ultimately resulting in a ÂŁ20 million fine.
The ICO (Information Commissionerâs Office), which investigated the incident, found that British Airways was processing a significant amount of personal data without adequate security measures in place, and had it addressed those vulnerabilities, it would have prevented the attack.
There were several measures that British Airways could have used to mitigate or prevent the damage, including:
Applying access controls to applications, data and tools to ensure individuals could only access information relevant to their job;
Performing penetration tests to spot weaknesses; and
Implementing multi-factor authentication.
In addition to the fine, British Airways settled a class action from as many as 16,000 claimants. The amount of the settlement remains confidential, but the cost of the payout was estimated to be as much as ÂŁ2,000 per person.
Remarkably, the penalty and the class action represent a case of strikingly good fortune for British Airways. Had it come earlier, it would have been at the height of the COVID-19 pandemic when airlines were severely affected, and were it any later, it would have come during a period of massive inflation.
Failure to do so will result in unforeseen costs at a time when every precaution must be taken to reduce costs.
Invest today, secure tomorrow
Itâs long been accepted that itâs a matter of âwhenâ rather than âifâ you will suffer a cyber attack. When you do, youâll have to invest heavily in security solutions on top of having to paying remediation costs.
In times of uncertainty, you need your services to be as reliable as possible. The challenges your organisation will face in the coming months as a result of falling consumer confidence are enough to deal with without having to contend with cyber crime and its inevitable fallout.
Investing in effective cyber security measures will enable your organisation to make the most of its opportunities in straightened circumstances.
At the well-known DEF CON security shindig in Las Vegas, Nevada, last week, Mac cybersecurity researcher Patrick Wardle revealed a âget-rootâ elevation of privilege (EoP) bug in Zoom for Mac:
Dustin Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.
BLACK HAT USA â Las Vegas â Keeping up with security-vulnerability patching is challenging at best, but prioritizing which bugs to focus on has become more difficult than ever before, thanks to context-lacking CVSS scores, muddy vendor advisories, and incomplete fixes that leave admins with a false sense of security.
ZDI has disclosed more than 10,000 vulnerabilities to vendors across the industry since 2005. Over the course of that time, ZDI communications manager Childs said that he’s noticed a disturbing trend, which is a decrease in patch quality and reduction of communications surrounding security updates.
“The real problem arises when vendors release faulty patches, or inaccurate and incomplete information about those patches that can cause enterprises to miscalculate their risk,” he noted. “Faulty patches can also be a boon to exploit writers, as ‘n-days’ are much easier to use than zero-days.”
OCSF initiative will give enterprise security teams an open standard for moving and analyzing threat data
BLACK HAT AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats.
Seventeen security and tech companies at the Black Hat USA 2022 show this week unveiled the Open Cybersecurity Schema Framework (OCSF) project, which will use the ICD Schema developed by Symantec as the foundation for the vendor-agnostic standard.
The creation of the OCSF, licensed under the Apache License 2.0, comes as organizations are seeing their attack surfaces rapidly expand as their IT environments become increasingly decentralized, stretching from core datacenters out to the cloud and the edge. Parallel with this, the number and complexity of the cyberthreats they face is growing quickly.
“Today’s security leaders face an agile, determined and diverse set of threat actors,” officials with cybersecurity vendor Trend Micro, one of the initial members of OCSF, wrote in a blog post. “From emboldened nation state hackers to ransomware-as-a-service (RaaS) affiliates, adversaries are sharing tactics, techniques and procedures (TTPs) on an unprecedented scale â and it shows.”
Trend Micro blocked more than 94 billion threats in 2021, a 42 percent year-on-year increase, and 43 percent of organizations responding to a survey from the vendor said their digital attack surface is getting out of control.
Cybersecurity vendors have responded by creating platforms that combine attack surface management, threat prevention, and detection and response to make it easier and faster for enterprises to counter attacks. They streamline processes, close security gaps, and reduce costs, but they’re still based on vendor-specific products and point offerings.
Vendors may use different data formats in their products, which means moving datasets from one vendor’s product to that of another often requires the time-consuming task of changing the format of the data.
“Unfortunately, normalizing and unifying data from across these disparate tools takes time and money,” Trend Micro said. “It slows down threat response and ties up analysts who should be working on higher value tasks. Yet up until now it has simply become an accepted cost of cybersecurity. Imagine how much extra value could be created if we found an industry-wide way to release teams from this operational burden?”
Dan Schofield, program manager for technology partnerships at IBM Security, another OCSF member, wrote that the lack of open industry standards for logging and event purposes creates challenges when it comes to detection engineering, threat hunting, and analytics, and until now, there has been no critical mass of vendors willing to address the issue.
It’s “a revolutionary scientific advance in molecular data storage and cryptography.”
Scientists from the University of Texas at Austin sent a letter to colleagues in Massachusetts with a secret message: an encryption key to unlock a text file of L. Frank Baum’s classic novel The Wonderful Wizard of Oz. The twist: The encryption key was hidden in a special ink laced with polymers, They described their work in a recent paper published in the journal ACS Central Science.
When it comes to alternative means for data storage and retrieval, the goal is to store data in the smallest amount of space in a durable and readable format. Among polymers, DNA has long been the front runner in that regard. As we’ve reported previously, DNA has four chemical building blocksâadenine (A), thymine (T), guanine (G), and cytosine (C)âwhich constitute a type of code. Information can be stored in DNA by converting the data from binary code to a base-4 code and assigning it one of the four letters. A single gram of DNA can represent nearly 1 billion terabytes (1 zettabyte) of data. And the stored data can be preserved for long periodsâdecades, or even centuries.
There have been some inventive twists on the basic method for DNA storage in recent years. For instance, in 2019, scientists successfully fabricated a 3D-printed version of the Stanford bunnyâa common test model in 3D computer graphicsâthat stored the printing instructions to reproduce the bunny. The bunny holds about 100 kilobytes of data, thanks to the addition of DNA-containing nanobeads to the plastic used to 3D print it. And scientists at the University of Washington recently recorded K-Pop lyrics directly onto living cells using a “DNA typewriter.”
But using DNA as a storage medium also presents challenges, so there is also great interest in coming up with other alternatives. Last year, Harvard University scientists developed a data-storage approach based on mixtures of fluorescent dyes printed onto an epoxy surface in tiny spots. The mixture of dyes at each spot encodes information that is then read with a fluorescent microscope. The researchers tested their method by storing one of 19th-century physicist Michael Faraday’s seminal papers on electromagnetism and chemistry, as well as a JPEG image of Faraday.
Other scientists have explored the possibility of using nonbiological polymers for molecular data storage, decoding (or reading) the stored information by sequencing the polymers with tandem mass spectrometry. In 2019, Harvard scientists successfully demonstrated the storage of information in a mixture of commercially available oligopeptides on a metal surface, with no need for time-consuming and expensive synthesis techniques.
This latest paper focused on the use of sequence-defined polymers (SDPs)  as a storage medium for encrypting a large data set. SDPs are basically long chains of monomers, each of which corresponds to one of 16 symbols. “Because they’re a polymer with a very specific sequence, the units along that sequence can carry a sequence of information, just like any sentence carries information in the sequence of letters,” co-author Eric Anslyn of UT told New Scientist.
But these macromolecules can’t store as much information as DNA, per the authors, since the process of storing more data with each additional monomer becomes increasingly inefficient, making it extremely difficult to retrieve the information with the current crop of analytic instruments available. So short SDPs must be used, limiting how much data can be stored per molecule. Anslyn and his co-authors figured out a way to improve that storage capacity and tested the viability of their method.
First, Anslyn et al. used a 256-bit encryption key to encode Baum’s novel into a polymer material made up of commercially available amino acids. The sequences were comprised of eight oligourethanes, each 10 monomers long. The middle eight monomers held the key, while the monomers on either end of a sequence served as placeholders for synthesis and decoding. The placeholders were “fingerprinted” using different isotope labels, such as halogen tags, indicating where each polymer’s encoded information fit within the order of the final digital key,
Then they jumbled all the polymers together and used depolymerization and liquid chromatography-mass spectrometry (LC/MS) to “decode” the original structure and encryption key. The final independent test: They mixed the polymers into a special ink made of isopropanol, glycerol, and soot. They used the ink to write a letter to James Reuther at the University of Massachusetts, Lowell. Reuther’s lab then extracted the ink from the paper and used the same sequential analysis to retrieve the binary encryption key, revealing the text file of The Wonderful Wizard of Oz.
In other words, Anslyn’s lab wrote a message (the letter) containing another secret message (The Wonderful Wizard of Oz) hidden in the molecular structure of the ink. There might be more pragmatic ways to accomplish the feat, but they successfully stored 256 bits in the SDPs, without using long strands. “This is the first time this much information has been stored in a polymer of this type,” Anslyn said, adding that the breakthrough represents “a revolutionary scientific advance in the area of molecular data storage and cryptography.”
Anslyn and his colleagues believe their method is robust enough for real-world encryption applications. Going forward, they hope to figure out how to robotically automate the writing and reading processes.
We have build cybersecurity solution sheets for our clients which we would like to share with you. This can be a useful resource when there is a need to remediate risk. These are in pdf format which you can download.
You can choose the course based on your specific needs:
ISO 27001 Foundations course â youâll learn about all of the standardâs requirements and the best practices for compliance.
ISO 27001 Internal Auditor course â besides the knowledge about the standard, youâll also learn how to perform an internal audit in the company.
ISO 27001 Lead Auditor course â besides the knowledge about the standard, it also includes the training you need to become certified as a certification auditor.
ISO 27001 Lead Implementer course â besides the knowledge about the standard, it also includes the training you need to become an independent consultant for Information Security Management System implementation.
The online courses are suitable both for beginners and experienced professionals.
Learn at your preferred speed from any location at any time.
If you have any questions, feel free to send us an email to info@deurainfosec.com
Whether you are getting ready for back-to-school season, getting new work laptop or fancying a new gamerâs pc, learn the steps to protect your new PC from cyberthreats.
With Windows 11 making headlines for all the right reasons, it could be a great time to invest in a new PC for the family or the home office. But any new household computing device should come with an attendant safety warning. Hackers will be after your data the minute itâs connected to the internet. And they have numerous ways to get it.
Thatâs why you need to think about cybersecurity even before plugging your machine in and switching it on. Take time out now to refresh your memory and make cyber-hygiene a number one priority.
What are the main threats to my PC?
As soon as youâre connected to the internet, malicious actors will be looking to steal your data, encrypt and hold your machine ransom, lift financial details, secretly mine for cryptocurrency, and much more. Theyâll do so via some tried and true methods, which often rely on cracking, stealing or guessing passwords, or exploiting software vulnerabilities. Top threats include:
Phishing: One of the oldest con tricks in the book. Cybercriminals masquerade as legitimate and trustworthy sources (banks, tech providers, retailers etc) and try to persuade users into clicking on links and/or opening attachments in emails. Doing so will take users to a spoofed site requesting that they fill in personal information (like logins and/or address/financial details) or could trigger a covert malware download.
Drive-by downloads and malicious ads: Sometimes merely visiting an infested website or a site running a malicious ad could trigger a malware download. We may think that well-known sites may be less compromised in this way as they are better resourced and can afford enhanced protection. But there have been plenty of counter-example through the years showing that itâs not always the case. Thatâs why its essential to invest in security software from a reputable provider and ensure that your browserâs security settings are correct.
Digital skimming: Hackers may also compromise the payment pages of e-commerce sites with malware designed to silently harvest your card data as it is entered. This is difficult to guard against as the issue is with the provider. However, shopping with better-known sites can reduce risk. Malicious apps and files: Cybercriminals also hide malware inside legitimate-looking applications and downloads. Many of these are posted to online forums, P2P sites, and other third-party platforms. Thatâs why it makes sense to download only from trusted sources, and to use an effective security software tool to scan for malicious software.
Ten tips to keep your computer safe
Many of the below steps may be taken care of automatically by your PC manufacturer/Microsoft, but it pays to dig a little deeper to make sure all the settings are as secure as you need them to be. Here are our top 10 tips for computer safety:
Apply automatic updates for the OS and any software running on the PC
Remove bloatware that often comes with PCs. Check beforehand if you donât recognize any software to ensure removing it wonât degrade the performance. The fewer pieces of software on the machine, the less opportunity for attackers to exploit bugs in it
Install multi-layered security software from a reputable third-party vendor and keep it up to date
Configure backups, and ideally back up a copy of data to a remote storage device kept offline
Secure the browser by adjusting privacy and security settings and ensuring it is on the latest version
Switch on and configure your firewall on the OS and home router, ensuring it is protected with a strong password
Download a multi-factor authentication app in order to help protect your accounts from being hijacked via phishing and other attacks
Avoid using USBs that you donât own, in case they are loaded with malware
Use a password manager to ensure that all your credentials are unique, strong, and hard-to-crack
Only download apps/files from trusted sources and avoid pirated material, which can often be booby-trapped with malware
It goes without saying that, even by following these best practices, you could still be at risk when browsing online. Always proceed with caution, donât reply to unsolicited emails/online messages, and ensure device encryption is switched on.
Internet attack on computer systems is pervasive. It can take from less than a minute to as much as eight hours for an unprotected machine connected to the Internet to be completely compromised. It is the information security architectâs job to prevent attacks by securing computer systems. This book describes both the process and the practice of assessing a computer systemâs existing information security posture. Detailing the time-tested practices of experienced security architects, Securing systems explains how to deliver the right security at the right time in the implementation lifecycle.
State of Cybersecurity 2022, Global Update on Workforce Efforts, Resources and Cyberoperations reports the results of an eighth annual global study that looks at the following topics and more:
What are the top cybersecurity hiring challenges today?
Which cybersecurity skills are in highest demand?
How can companies improve retention?
How are cybersecurity budgets changing?
Which threat vectors are the most concerning?
How frequently are companies conducting cyber risk assessments?
See what your peers have to say and how your organizationâs challenges, actions and priorities compare to other companies around the world.
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.
Cybercriminals are tapping the built-in services of popular messaging apps like Telegram and Discord as ready-made platforms to help them perform their nefarious activity in persistent campaigns that threaten users, researchers have found.
Threat actors are tapping the multi-feature nature of messaging appsâin particularly their content-creation and program-sharing componentsâas a foundation for info-stealing, according to new research from Intel 471.
Specifically, they use the apps âto host, distribute, and execute various functions that ultimately allow them to steal credentials or other information from unsuspecting users,â researchers wrote in a blog post published Tuesday.
âWhile messaging apps like Discord and Telegram are not primarily used for business operations, their popularity coupled with the rise in remote work means a cybercriminal has a bigger attack surface at their disposal than in past years,â researchers wrote.
Intel 471 identified three key ways in which threat actors are leveraging built-in features of popular messaging apps for their own gain: storing stolen data, hosting malware payloads, and using bots that perform their dirty work, they said.
Storing Exfiltrated Data
Having oneâs own dedicated and secure network to store data stolen from unsuspecting victims of cybercrime can be costly and time-consuming. Instead, threat actors are using data-storage features of Discord and Telegram as repositories for info-stealers that actually depend upon the apps for this aspect of functionality, researchers have found.
Indeed, novel malware dubbed Ducktail that steals data from Facebook Business users was recently seen storing exfiltrated data in a Telegram channel, and itâs far from the only one.
Researchers from Intel 471 observed a bot known as X-Files that uses bot commands inside Telegram to steal and store data, they said. Once the malware infects a system, threat actors can swipe passwords, session cookies, login credentials and credit-card details from popular browsersâ including Google Chrome, Chromium, Opera, Slimjet and Vivaldiâand then deposit that stolen info âinto a Telegram channel of their choosing,â researchers said.
Another stealer known as Prynt Stealer functions in a similar fashion, but does not have the built-in Telegram commands, they added.
Other stealers use Discord as their messaging platform of choice for storing stolen data. One stealer observed by Intel 471, known as Blitzed Grabber, uses Discordâs webhooks feature to deposit data lifted by the malware, including autofill data, bookmarks, browser cookies, VPN client credentials, payment card information, cryptocurrency wallets and passwords, researchers said. Webhooks are similar to APIs in that they simplify the transmission of automated messages and data updates from a victimâs machine to a particular messaging channel.
Blitzed Grabber and two other stealers observed using messaging apps for data storageââMercurial Grabber and 44Caliberâalso target credentials for the Minecraft and Roblox gaming platforms, researchers added.
âOnce the malware spits that stolen information back into Discord, actors can then use it to continue their own schemes or move to sell the stolen credentials on the cybercrime underground,â researchers noted.
ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021.
ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021.
Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to ENISA at the start of every calendar year.
The reporting of security incidents has been part of the EUâs regulatory framework for telecoms since the 2009 reform of the telecoms package.
This year the report includes data related to reports of 168 incidents submitted by national authorities from 26 EU Member States (MS) and 2 EFTA countries.
The incident had a significant impact on the victim, the total user hours lost (resulted by multiplying for each incident the number of users by the number of hours) was 5,106 million user hours. Experts noticed a huge increase compared to 841 million user hours lost in 2020. The reason for this is the impact of a notable EU-wide incident that was reported separately by three MS. ENISA has published technical guidelines on incident reporting under the EECC1, including on thresholds and calculating hours lost.
Below are the takeaways from incidents that took place in 2021:
4,16% of reported incidents in 2021 refer to OTT communication services, for this reason the European Agency required further attention for security incidents related to OTT services.
This is the first time that incidents concerning confidentiality and authenticity were reported.
The number of incidents labeled as malicious actions passed from 4% in 2020 to 8% in 2021.
System failures continue to dominate in terms of impact but the downward trend continues. System failures accounted for 363 million user hours lost compared to 419 million user hours in 2020.
The number of Incidents caused by human errors is the same as in 2020.
Only 22% of incidents were reported as being related to third-party failures compared to 29%
Let me suggest reading the full report for additional information:
American investigative reporter Emma Best knows how arduous it is to ask for information from government agencies.
She made more than 5,000 such requests during her career at MuckRock, a non-profit âânews site that publishes original government documents and conducts investigations based on them. Best was so persistent that the FBI temporarily banned her from filing any more information requests.
She found a way to cut through the government bureaucracy. Together with an anonymous partner known as The Architect, Best founded the whistleblower site Distributed Denial of Secrets (DDoSecrets) in 2018.Â
Since then, it has distributed hacked and leaked data from more than 200 entities, including U.S. law enforcement agencies, fascist groups, shell companies, tax havens, and the far-right social media sites Gab and Parler.
Unlike cybercriminals who sell hacked data on the darknet for personal gain, DDoSecrets says it exposes leaked information for the public good. âSecrets can be used for extortion by threatening to make it public, while public information canât,â Best said.
Her website has become a go-to place for whistleblowers and hackers, especially given the absence of its most famous predecessor, WikiLeaks, which has been inactive for the last two years.
According to the report by researchers at Vade, phishing attacks abusing the Microsoft brand increased 266 percent in the first quarter of 2022, compared to the year prior. Fake Facebook messages are up 177 percent in the second quarter of 2022 within the same timeframe.
The study by Vade analyzed unique instances of phishing URLs used by criminals carrying out phishing attacks and not the number of phishing emails associated with the URLs. The report tallied the 25 most commonly targeted companies, along with the most abused industries and days of the week for phishing emails.
Phishing By the Numbers
Other top abused brands in phishing attacks include Credit Agricole, WhatsApp, and French telecommunications company Orange. Popular brands also included PayPal, Google and Apple (see chart).
Through the first half of 2022, 34 percent of all unique phishing attacks tracked by the researchers impersonated financial services brands. The next most popular industry for criminals to abuse is cloud and the firms Microsoft, Google and Adobe. Social media was also a popular target with Facebook, WhatsApp and Instagram leading the list of brands leveraged in attacks.
The report revealed the most popular days for sending phishing emails is between Monday and Wednesday. Less than 20 percent of malicious emails are sent on the weekend.
âPhishing attacks are more sophisticated than ever,â wrote Adrien Gendre, chief tech and product officer at Vade in an email to Threatpost.
âHackers have an arsenal of tools at their disposal to manipulate end users and evade email security, including phishing kits that can identify when they are being scanned by a vendor and trigger benign webpages to avoid detection. End users need to be continually trained to identify the latest phishing techniques,â he wrote.
Over 5.4 million Twitter users have reportedly been targeted in a major breach of personal data following revelations earlier this year that the site had a serious security flaw.
The security flaw came to light in January, when a user on HackerOne named âzhirinovskiyâ pointed out that Twitter was vulnerable to hackers seeking to use information for malicious purposes.
At the time, Zhirinovskiy detailed exactly how to exploit the bug and described it as a âserious threatâ even in the hands of those with only a âbasic knowledgeâ of scripting and coding.
Twitter acknowledged the problem five days later and appeared to have fixed the problem a week after that, when it rewarded Zhirinovskiy with a $5,040 bounty for bringing the vulnerability to its attention.Â
A seller with the username âdevilâ claims that âCelebrities, to Companies, randoms, OGs, etcâ are included in the data set and is asking for at least $30,000, RestorePrivacy says.
A spokesperson from Twitter told Fortune: âWe received a report of this incident several months ago through our bug bounty program, immediately investigated thoroughly and fixed the vulnerability.â
The spokesperson added that Twitter was âreviewing the latest data to verify the authenticity of the claims and ensure the security of the accounts in question.â
