InfoSec Compliance & AI Governance For over 20 years, DISC InfoSec has been a trusted voice for cybersecurity professionals—sharing practical insights, compliance strategies, and AI governance guidance to help you stay informed, connected, and secure in a rapidly evolving landscape.
CloudGrappler is an innovative open-source tool designed to detect the presence of notorious threat actors in cloud environments.
This tool is a beacon of hope for security teams struggling to keep pace with the sophisticated tactics of groups like LUCR-3, also known as Scattered Spider.
CloudGrappler leverages the power of CloudGrep, a tool developed by Cado Security, to offer high-fidelity, single-event detections of activities associated with well-known threat actors in popular cloud platforms such as AWS and Azure.
It acts as a cyber detective, sifting through the vast amounts of data in cloud environments to identify suspicious and malicious activities that often go unnoticed.
Key Features Of CloudGrappler
Threat Actor Querying: CloudGrappler excels in identifying activities demonstrated by some of the most notorious cloud threat actors. It utilizes a subset of activities from Permiso’s extensive library of detections to help organizations pinpoint threats targeting their cloud infrastructure.
Single-Event Detections: The tool provides a granular view of potential security incidents, enabling security teams to quickly and easily identify specific anomalies within their AWS and Azure environments.
Integration with CloudGrep: By incorporating a set of Tactics, Techniques, and Procedures (TTPs) observed in the modern threat landscape, CloudGrappler enhances its threat detection capabilities.
How CloudGrappler Works
CloudGrappler includes several components designed to streamline the threat detection process:
Scope Selector: Users can define the scope of their scanning through an integrated data_sources.json file, choosing to scan specific resources or a broader range of cloud infrastructure services.
Query Selector: The tool comes with a queries.json file containing predefined TTPs commonly used by threat actors. Users can modify these queries or add custom ones to tailor the scanning process.
Report Generator: After scanning, CloudGrappler produces a comprehensive report in JSON format, offering detailed insights into the scan results and enabling security teams to address potential threats swiftly.
It is based on a subset of activity from Permiso’s library of hundreds of detections, and it helps organizations detect threats targeting their cloud infrastructure.
Users can scan specific resources within their environment
Practical Applications
CloudGrappler is not just about detecting suspicious activities. it also provides valuable threat intelligence to help security professionals understand the risks in their environment and develop targeted response strategies.
Threat Activity
The tool’s output includes information on the threat actor involved, the severity of the detected activity, and a description of the potential implications.
For those interested in enhancing their cloud security posture, CloudGrappler is available on GitHub.
The repository includes detailed instructions on setting up and using the tool, making it accessible to security teams of all sizes.
As cloud environments become increasingly complex and threat actors’ activities more sophisticated, tools like CloudGrappler are essential for maintaining a robust security posture.
CloudGrappler represents a significant step forward in the fight against cybercrime by offering an open-source solution for detecting and analyzing threats in cloud environments.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
This guide compiles U.S. and International resources for developing cybersecurity programs and establishing robust network protection. It covers trusted network operation and information systems security materials, focusing on confidentiality, integrity, and other key aspects. Aimed at fostering security cooperation, it includes information on cybersecurity norms, best practices, policies, and standards.
Cyber Security Toolkit for Boards
The Board Toolkit from the NCSC assists boards in embedding cyber resilience and risk management across an organization, encompassing its personnel, systems, processes, and technologies. The toolkit is designed for board members of medium to large organizations in any sector, including Boards of Directors, Boards of Governors/Advisors, Non-executive Directors, or Boards of Trustees.
Guide for Users of C2M2 and CMMC
This guide is designed for users of the Cybersecurity Capability Maturity Model (C2M2) seeking Cybersecurity Maturity Model Certification (CMMC) to fulfill DoD contractual obligations. It aims to assist these users in utilizing their existing C2M2 experience while pinpointing further actions needed for CMMC certification compliance.
Department of Defense (DoD) Cybersecurity Reference Architecture
The Cybersecurity Reference Architecture (CSRA) outlines principles, components, and design patterns for combating internal and external network threats, ensuring cyberspace survivability and operational resilience. Designed for entities needing access to DoD resources, the CSRA guides the establishment of cybersecurity, promoting integrated deterrence and strategic procurement planning.
Guide to Securing Remote Access Software
Authored by CISA, NSA, FBI, MS-ISAC, and INCD, this guide offers insights into prevalent exploitations and their related tactics, techniques, and procedures (TTPs). It also presents recommendations for IT/OT and ICS professionals and organizations on best practices in employing remote capabilities, along with strategies to identify and counteract malicious actors exploiting this software.
Incident Response Guide: Water and Wastewater Sector
In collaboration with the EPA, FBI, and sector partners, CISA has developed this Incident Response Guide (IRG) specifically for the Water and Wastewater Systems (WWS) Sector. This unique IRG offers vital information on federal roles, resources, and responsibilities throughout the cyber incident response lifecycle, enabling WWS Sector owners and operators to enhance their incident response plans and overall cyber resilience.
NIST Phish Scale User Guide
The NIST Phish Scale provides a system for those implementing cybersecurity and phishing awareness training to assess the difficulty of detecting phishing attempts in emails. This guide explains the Phish Scale and offers step-by-step instructions for applying it to phishing emails. Additionally, it includes appendices with worksheets to help trainers use the Phish Scale effectively, as well as detailed information about email characteristics and relevant research findings.
Phishing guidance: Stopping the attack cycle at phase one
This guide details common phishing techniques used by attackers and offers strategies for network defenders and software manufacturers to mitigate the impact of these attacks, including credential theft and malware deployment. Recognizing the resource constraints of some organizations, it includes specific recommendations for SMBs that lack dedicated IT staff for continuous phishing defense.
#StopRansomware Guide
This guide serves as a resource for organizations to mitigate the risk of ransomware attacks. It offers best practices for detection, prevention, response, and recovery, including detailed strategies to tackle potential threats. It was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
Using online services safely
This guide offers practical advice for securely utilizing online services, reducing the risk of cyber attacks for small organizations. It covers essential online tools such as email, instant messaging, cloud storage, online accounting and invoice management, website or online shop hosting, and social media interaction, which are crucial for daily operations even if their use isn’t always obvious.
“At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb.
These superpowers are most evident in the growing impact of fishing, smishing and vishing attacks since the introduction of ChatGPT in November 2022.
And then there are also malicious LLMs, such as FraudGPT, WormGPT, DarkBARD and White Rabbit (to name a few), that allow threat actors to write malicious code, generate phishing pages and messages, identify leaks and vulnerabilities, create hacking tools and more.
AI has not necessarily made attacks more sophisticated but, he says, it has made them more accessible to a greater number of people.
The potential for AI-fueled attacks
It’s impossible to imagine all the types of AI-fueled attacks that the future has in store for us. Jackson outlined some attacks that we can currently envision.
One of them is a prompt injection attack against a ChatGPT-powered email assistant, which may allow the attacker to manipulate the assistant into executing actions such as deleting all emails or forwarding them to the attacker.
Inspired by a query that resulted in ChatGPT outright inventing a non-existent software package, Jackson also posited that an attacker might take advantage of LLMs’ tendency to “hallucinate” by creating malware-laden packages that many developers might be searching for (but currently don’t exist).
The immediate threats
But we’re facing more immediate threats right now, he says, and one of them is sensitive data leakage.
With people often inserting sensitive data into prompts, chat histories make for an attractive target for cybercriminals.
Unfortunately, these systems are not designed to secure the data – there have been instances of ChatGTP leaking users’ chat history and even personal and billing data.
Also, once data is inputted into these systems, it can “spread” to various databases, making it difficult to contain. Essentially, data entered into such systems may perpetually remain accessible across different platforms.
And even though chat history can be disabled, there’s no guarantee that the data is not being stored somewhere, he noted.
One might think that the obvious solution would be to ban the use of LLMs in business settings, but this option has too many drawbacks.
Jackson argues that those who aren’t allowed to use LLMs for work (especially in the technology domain) are likely to fall behind in their capabilities.
Secondly, people will search for and find other options (VPNs, different systems, etc.) that will allow them to use LLMs within enterprises.
This could potentially open doors to another significant risk for organizations: shadow AI. This means that the LLM is still part of the organization’s attack surface, but it is now invisible.
How to protect your organization?
When it comes to protecting an organization from the risks associated with AI use, Jackson points out that we really need to go back to security basics.
People must be given the appropriate tools for their job, but they also must be made to understand the importance of using LLMs safely.
He also advises to:
Put phishing protections in place
Make frequent backups to avoid getting ransomed
Make sure that PII is not accessible to employees
Avoid keeping secrets on the network to prevent data leakage
Use software composition analysis (SCA) tools to avoid AI hallucinations abuse and typosquatting attacks
To make sure your system is protected from prompt injection, he believes that implementing dual LLMs, as proposed by programmer Simon Willison, might be a good idea.
Despite the risks, Jackson believes that AI is too valuable to move away from.
He anticipates a rise in companies and startups using AI toolsets, leading to potential data breaches and supply chain attacks. These incidents may drive the need for improved legislation, better tools, research, and understanding of AI’s implications, which are currently lacking because of its rapid evolution. Keeping up with it has become a challenge.
Every country is developing AI laws, standards, and specifications. In the US, states are introducing 50 AI related regulations a week (Axios 0 2024). Each of the regulations see AI through the lens for social and technical risk.
Trust Me: AI Risk Management is a book of AI Risk Controls that can be incorporated into the NIST AI RMF guidelines or NIST CSF. Trust Me looks at the key attributes of AI including trust, explainability, and conformity assessment through an objective-risk-control-why lens. If you’re developing, designing, regulating, or auditing AI systems, Trust Me: AI Risk Management is a must read.
Cybersecurity professionals are increasingly prepared to moonlight as cybercriminals in a bid to top up their salaries, according to new research from the Chartered Institute of Information Security (CIISec).
The institute enlisted the help of a former police officer and covert operative to analyze dark web forum job adverts from June to December 2023.
What he found was a surprising number of what seemed to be cybersecurity professionals at various stages of their career prepared to sell their skills for nefarious ends.
“After years of working in the cybersecurity and law enforcement fields, it becomes relatively easy to spot cybercriminals from professionals moonlighting from other industries,” he explained.
“These adverts might allude to current legitimate professional roles, or be written in the same way as someone advertising their services on platforms like LinkedIn. In an industry that is already struggling to stop adversaries, it’s worrying to see that bright, capable people have been enticed to the criminal side.”
The study revealed three types of professional touting for business on underground sites:
Experienced IT and cybersecurity professionals, including pen testers, AI prompt engineers and web developers. Some claimed to work for a “global software agency” while others stated they needed a “second job”
New starters in cybersecurity looking for both work and training. Professional hacking groups also advertise for young talent, with some offering on-the-job training in areas such as OSINT and social media hacking
Professionals from industries outside cybersecurity/IT, including PR, content creation and even one out-of-work voice actor advertising for work on phishing campaigns
CIISec warned that, in many cases, salaries do not reflect the long hours and high-stress environments that many security professionals find themselves in. CIISec CEO, Amanda Finch, cited Gartner research revealing that 25% of security leaders will leave the industry by 2025 due to work-related stress.
“Our analysis shows that highly skilled individuals are turning to cybercrime. And given the number of people projected to leave the industry, many of those will be desperate enough to seek work in an area that promises large rewards for their already-existing skills and knowledge,” she argued.
“Preventing this means ensuring we are doing all we can as an industry to attract and retain talent.”
Finch called on the industry to increase salaries and improve working conditions, or risk as many as 10% of the workforce leaving a profession already experiencing persistent skills shortages.
The term “digital trust” has gained traction in the business landscape, but many people hear “digital trust” and equate it to avoiding cybersecurity incidents.
In reality, security leaders hold a significant role in this mission, but building digital trust requires much more than a high-performing security team.
Viewed in this broader sense, digital trust is defined by ISACA as the confidence in the relationship and transactions among providers and consumers within the digital ecosystem, including the ability of people, organizations, processes, information and technology to create and maintain a trustworthy digital world.
Customers expect a reasonable degree of digital trust from every organization with a digital footprint – at least the ones with which they will be willing to do business. Although they might not consciously frame it in these terms, these fundamental elements of digital trust serve as the foundation upon which consumers base their judgments about an enterprise’s trustworthiness:
Quality: Quality must meet or exceed consumer expectations.
Availability: Consumers need to be able to access accurate information in a timely manner.
Security and privacy: Consumers need assurance that their data and information are safe and protected.
Ethics and integrity: Enterprises should live up to their promised values.
Transparency and honesty: Consumers should be informed about how their information is being used. If personal information has been compromised, consumers should know how the enterprise is addressing the current situation and preventing it from happening again.
Resiliency: Enterprises must provide assurances that they are stable and can withstand adverse circumstances while simultaneously evolving to leverage new technologies and advancements.
Although commonly associated with cybersecurity, digital trust extends far beyond that realm. It can be thought of as the invisible thread that establishes a common goal and focus among several distinct organizational roles.
Within the domain of security, one question that often arises is whether zero trust equates to digital trust. The answer is no, however, zero trust can be used as a technique to reach digital trust. It is a building block or a thread that is woven throughout the digital trust ecosystem. Digital trust allows individuals and businesses to engage online with confidence that their data and digital identity are safeguarded.
Implementing zero trust processes contributes to the protection of such information.
In the context of the modern business environment, how well companies manage customers’ data and the extent to which they can securely and responsibly implement emerging technology are key steps toward delivering digital trust.
Trust: The Core of All Interactions
Throughout human history, trust has formed the fundamental basis of nearly every human interaction we experience. This significance is particularly pronounced in our rapidly evolving, digitized world, where multiple parties frequently do not have in-person interactions to exchange the sensitive and confidential information necessary for transactional purposes.
Therefore, every interaction must reinforce that the organization cares about – and has instituted effective practices in – all areas of digital trust.
Trust is not a one-time achievement; it must be consistently earned, effectively communicated and actively reinforced. This creates a fertile environment to conduct business, which in turn fuels innovation, drives economic expansion and, ultimately, generates value for all parties engaged in the interactions. Trust becomes the bedrock upon which successful and mutually beneficial relationships are built.
Edelman, which has studied trust for 20 years, puts it this way: “Trust is the foundation that allows an organization to take responsible risk, and, if it makes mistakes, to rebound from them. For a business, especially, lasting trust is the strongest insurance against competitive disruption, the antidote to consumer indifference, and the best path to continued growth. Without trust, credibility is lost and reputation can be threatened.”
Consider any consumer-driven sector and you’ll likely recognize the significant advantage that major, well-known brands have due to the trust they have painstakingly cultivated with customers. Think about how frequently you have been willing to pay a higher price for a purchase because you trust the provider to deliver on their promises, especially when compared to various competitors with less established reputations.
This trust factor often becomes a compelling driver of consumer choices, reflecting the value of a well-earned reputation for reliability and quality.
A digitally trustworthy organization understands the importance of upholding customer trust. Digital trust must be instilled throughout the organization, and initiatives should be built with digital trust in mind. This trust accrues over time. Establishing digital trust is an ongoing process that involves the continuing efforts not only regarding the creation but the maintenance of the larger ecosystem.
“Digital trust is the logical progression on the digital transformation path”
The Business Benefits of Digital Trust
Digital trust is the logical progression on the digital transformation path – in fact, three quarters of respondents to ISACA’s State of Digital Trust 2023 research indicate that digital trust is very or extremely important to digital transformation.
As businesses undergo digital transformation, customer expectations are evolving accordingly. While IT plays a pivotal role in this transformation, the shift toward prioritizing digital trust is largely being driven by businesses to benefit businesses.
Given its paramount importance to consumers and overall brand reputation, digital trust should be a central consideration across all facets of an enterprise. According to the State of Digital Trust research, the top benefits of digital trust include a positive reputation, fewer privacy breaches, fewer cybersecurity incidents, more reliable data, stronger customer loyalty, faster innovation and higher revenues.
With a list of benefits this impactful, digital trust should command the attention of boardrooms across all industries and geographies.
Digital trust involves all of us as stakeholders – including security leaders responsible for preventing data breaches that undermine trust, IT professionals who support information and systems integrity, marketing professionals who champion and promote an organization’s brand, and third-party providers upon whom the organization is reliant.
Digital trust serves as a significant catalyst for consumers’ decisions which will ultimately manifest – for better or worse – in a company’s financial performance.
Leadership’s Responsibility in the Trust Ecosystem
Leadership plays a crucial role in establishing digital trust through a concerted, organization-wide push. As with most elements that dictate a company’s success, leadership matters.
Everyone in the organization has a role in building and maintaining digital trust, but the responsibility for setting the direction and governance needs to start with senior executives.
Organizational leaders set and communicate the culture, priorities and expectations of digital trust through policies and structures, which are disseminated throughout the organization. From a governance perspective, either the full board of directors or a board committee needs to be given responsibility for governance and oversight of digital trust.
It is critically important that a focal point is created for the management team to provide updates on the advancement of digital trust to the board, similar to the practices of cybersecurity or IT audit teams. In doing so, a connection point is established for the management team to report in on digital trust progress at the board level, much like how cybersecurity or IT audit teams operate.
A Digital Trust Executive Council is a valid option to ensure proper direction and control over digital trust efforts. This would serve as a management council that should report into the executive management team and then ultimately to the board or designated committee that oversees digital trust.
The purpose of the digital trust council is to address the needs of an organization’s digital product and service consumers through the appropriate evaluation, prioritization and direction of digital trust activities, funding and programs that ultimately contribute to a trusted relationship. Consider this council the expert review panel and point of contact on digital trust decisions, measurements, guidance and alignment with the organization’s goals and objectives.
This governance connection is critically important. If organizations merely give superficial acknowledgment to the pursuit of digital trust without a governance structure and framework that is accountable to the board, then they are deceiving themselves into believing that they are making any meaningful efforts toward establishing genuine digital trust.
This is reminiscent of the old days when many companies were convinced that they were doing a great job on security without anything in the organization having a true security focus or investment – it was really just IT personnel running the show. We have learned and evolved a great deal since then, and digital trust will have to go through a similar transformation.
The role of security leadership is also crucial in establishing digital trust as a business imperative. To be effective, today’s CISOs must demonstrate their capability to wield influence and make a meaningful impact across the business.
“I think that’s the most important trait right now, because there are many security jobs that are technical analysis or coding, but to be a CISO, you have to be business-focused and be an executive leader because you’re going to be interfacing with the board, CEOs and other executives,” wrote 2021 CISO of the Year, Brennan P. Baybeck, VP & CISO for Customer Services, Oracle.
“You can’t just be talking about compliance and security all the time. You have to be helping to drive the business and directly aligning the security strategy activities to the business strategy, with a focus on enabling business,” he added.
Digital trust serves as a significant avenue for security leaders, especially CISOs, to break away from the perception that they are solely engrossed in cybersecurity with limited perspective. CISOs can effectively achieve this by championing a cross-functional digital trust team (more on this below) and ensuring that the team is resourced and supported appropriately.
Millions of voices suddenly cried out in terror and were suddenly silenced
Tue 5 Mar 2024 // 16:16 UTC
UPDATED Those trying to log into Meta’s Facebook, Instagram, and Threads for their social media fixes are facing panic this morning after being locked out of their accounts.
“We’re aware people are having trouble accessing our services. We are working on this now,” Meta spokesperson Andy Stone said in a post on the social media site formerly known at Twitter. The latter site still up and running, presumably much to Elon’s delight.
“We are aware of an issue impacting Facebook Login. Our engineering teams are actively looking to resolve the issue as quickly as possible,” Meta said on its status page in a post timestamped at 0717 PT.
Folks trying to log into the Meta-owned accounts are told their passwords are wrong. Those trying to reset their password using two-factor authentication are told there’s an error and to try again. Needless to say it isn’t working.
According to Downdetector over half a million users logged complaints, a huge number given the reports are usually counted in the low thousands. The problems appear to have kicked off around 0700 PT (1500 UTC) but now appear to be dropping very slightly.
We’ll update this article as the situation progresses but in the meantime don’t panic – you haven’t been hacked. On the balance of probabilities it’s probably someone pushing the wrong button.
Let’s not forget, we’ve been here before and these things sort themselves out (usually). ®
Updated to add
The US Cybersecurity and Infrastructure Security Agency (CISA) was holding pre-scheduled press briefings this morning on election security and naturally the outage was one of the first questions asked.
“We are aware of the incident and at this time we are not aware of any specific election nexus or any specific malicious cyber activity nexus to the outage. But we are aware of the incident and the global scope of it,” a CISA spokesperson said.
It’s a big day for the US today: Super Tuesday, where 15 states elect delegates to decide which candidates will run for the presidency (Hint: It’s Trump v Biden). The outage has already set conspiracy theorists all aflutter, and some hacking groups are claiming responsibility for a cyber attack, in both cases without any evidence.
Final update
All services now appears to be coming back online.
“We are recovering from an earlier outage impacting Facebook Login, and services are in the process of being restored. We apologize for any inconvenience that this may have caused,” Meta said at 0907 PT.
In a recent unsettling development, American Express has confirmed that sensitive information related to its credit cards has been compromised due to a data breach at a third-party service provider. This incident has raised serious concerns about the security of financial data and the implications for customers worldwide.
THE BREACH EXPLAINED
The breach was reportedly executed by a third-party merchant processor, which inadvertently allowed the sensitive information of American Express cardholders to leak onto the dark web. This exposed data includes American Express Card account numbers, expiration dates, and possibly other personal information, putting customers at risk of fraud and identity theft.
American Express has been proactive in addressing the situation, notifying affected customers and urging them to remain vigilant for signs of unauthorized activity on their accounts. Despite the breach, American Express has emphasized that its own systems were not compromised, pointing to the external nature of the security lapse.
IMPACT ON CUSTOMERS
The exposure of credit card details in a third-party data breach is a stark reminder of the vulnerabilities that exist within the digital financial ecosystem. For customers, this incident underscores the importance of monitoring their financial statements regularly and reporting any suspicious transactions immediately.
American Express has assured its customers that it is taking the necessary steps to mitigate the impact of the breach. This includes offering free credit monitoring services to affected individuals to help protect their financial information from further misuse.
INDUSTRY-WIDE CONCERNS
This incident is not isolated, as data breaches involving third-party service providers have become increasingly common. The reliance on external vendors for processing financial transactions and handling sensitive data introduces additional risks that companies must manage. It highlights the need for stringent security measures and continuous vigilance to protect against cyber threats.
MOVING FORWARD
In response to the breach, American Express and other financial institutions are likely to reassess their relationships with third-party vendors and enhance their security protocols to prevent similar incidents in the future. This may involve more rigorous vetting processes, the implementation of advanced cybersecurity technologies, and closer collaboration between companies and their service providers to ensure the highest standards of data protection.
For customers, the breach serves as a critical reminder of the need to be proactive in safeguarding their personal and financial information. This includes using strong, unique passwords for online accounts, enabling two-factor authentication where available, and being cautious of phishing attempts and other online scams.
The exposure of American Express credit card details in a third-party data breach is a concerning event that highlights the ongoing challenges in securing financial data. As the digital landscape evolves, so too do the tactics of cybercriminals, making it imperative for both companies and consumers to remain vigilant and proactive in their cybersecurity efforts. American Express’s commitment to addressing the breach and supporting its customers is a positive step, but it also serves as a call to action for the industry to strengthen its defenses against future threats.
A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns.
Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account.
The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow. An attacker could have exploited the flaw to takeover any Facebook account by brute-forcing a particular type of nonce.
Meta awarded the researchers for reporting the security issue as part of Facebook’s bug bounty program.
The researchers discovered that the issue impacts Facebook’s password reset procedure when the user selects “Send Code via Facebook Notification.”
Analyzing the vulnerable endpoint the researcher discovered that three conditions opened the door for a brute-force attack:
The nonce sent to the user is active for longer than I expected (≈ 2 hrs)
The same nonce code was sent every time for the period.
I didn’t see any sort of code invalidation after entering the correct code but with multiple previous invalid tries (unlike in the SMS reset functionality).
Choosing the option “Send Code via Facebook Notification” will send a POST request to:
POST /ajax/recover/initiate/ HTTP/1.1
with the parameter; recover_method=send_push_to_session_login
Then the researchers attempted to send a 6-digit code ‘000000’ to analyze the POST request sent to the vulnerable endpoint:
POST /recover/code/rm=send_push_to_session_login&spc=0&fl=default_recover&wsr=0 HTTP/1.1
where “n” parameter holds the nonce.
At this stage, bruteforcing this 6-digit value had become a trivial task for the expert.
“there was no rate limiting on this endpoint, thus the matching code was responded back with a 302 status code. Use this code to log in/reset the FB account password for the user account.” reads the analysis published by Aryal.
The researcher noticed that upon exploiting this vulnerability, Facebook would notify the targeted user. The notification would either display the six-digit code directly or prompt the user to tap the notification to reveal the code.
The researcher reported the flaw to Meta on January 30, 2024, and the company addressed the issue on February 2nd, 2024. This vulnerability had a huge impact, Meta recognized it as a zero-click account takeover exploit. Aryal is currently ranked in first place in Facebook’s Hall of Fame 2024.
🔹Nipe – Script to redirect all traffic from the machine to the Tor network. 🔗https://lnkd.in/grhEtqdr
🔹OnionScan – Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators. 🔗https://onionscan.org/
🔹Tails – Live operating system aiming to preserve your privacy and anonymity. 🔗https://tails.boum.org/
🔹Tor – Free software and onion routed overlay network that helps you defend against traffic analysis. 🔗https://lnkd.in/g8Uc8nB2
🔹dos-over-tor – Proof of concept denial of service over Tor stress test tool. 🔗https://lnkd.in/gAEQPvbd
76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea.
Enterprises report significant losses from mobile fraud
61% of enterprises still suffer significant losses to mobile fraud, with smishing (SMS phishing) and vishing (voice phishing) being the most prevalent and costly.
Enterprises account for a significant share of communication service provider (CSP) subscribers and an even greater share of their revenues. They depend on their CSP to protect them from telecom-related fraud, with 85% saying security is important or extremely important for their telecoms buying decisions.
Since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%.
61% of enterprise respondents said their mobile messaging fraud costs were significant, yet more than three-quarters don’t invest in SMS spam or voice scam/fraud protection.
51% said they expect their telecom operator to protect them from voice and mobile messaging fraud, citing their role as more important than that of cloud providers, managed IT providers, systems integrators or direct software vendors.
85% of enterprises say that security is important or extremely important for their telecoms purchasing decisions.
Only 59% of CSPs say they have implemented a messaging firewall, and just 51% said they have implemented a signaling firewall. 46% report adopting some threat intelligence service, essentially leaving a majority blind to new or morphing threats.
CSPs that prioritize security are better positioned to win enterprise business
Security leaders, characterized by better capabilities, better funding, and a higher prioritization of security, are less than half as likely as the followers to have a security breach go undetected or unmitigated (12% vs 25%). CSP security leaders are more likely to see security as an opportunity to generate revenues (31% vs 19%).
“We’ve observed the rapidly evolving threat landscape with growing concern, particularly as AI-powered techniques become more accessible to cybercriminals,” commented John Hughes, SVP and Head of Network Security at Enea.
“The stark increase in mobile fraud, particularly following the advent of advanced technologies like ChatGPT, underscores a critical need for enhanced network security measures. This survey highlights a significant disconnect between enterprise expectations and the current capabilities of many CSPs, and our ongoing mission is to help the sector bridge that gap and safeguard networks and users,” concluded Hughes.
Maintaining and enhancing mobile network security is a never-ending challenge for CSPs. Mobile networks are constantly evolving – and continually being threatened by a range of threat actors who may have different objectives, but all of whom can exploit vulnerabilities and execute breaches that impact millions of subscribers and enterprises and can be highly costly to remediate.
To bridge this gap, CSPs must overcome challenges such as a lack of skilled staff to handle potential security breaches, a lack of budget to invest in adequate security tools, and internal organizational complexity preventing them from prioritising security.
France’s National Cybersecurity Agency (ANSSI) observed a significant rise in cyber espionage campaigns targeting strategic organizations in 2023.
These operations are increasingly focused on individuals and non-governmental structures that create, host or transmit sensitive data, ANSSI observed in its 2023 Cyber Threat Landscape report, published on February 27, 2024.
Besides public administration, the primary targets of cyber espionage activity included organizations associated with the French government, such as technology and defense contractors, research institutes and think tanks.
Overall, cyber espionage remained the top cyber threat ANSSI’s teams dealt with in 2023.
ANSSI has also noted an increase in attacks against business and personal mobile phones aimed at targeted individuals.
There has also been an upsurge in attacks that have used methods publicly associated with the Russian government.
“These attacks are not limited to mainland French territory: in 2023, ANSSI dealt with the compromise of an IT network located in a French overseas territory using an attack modus operandi publicly associated with China,” reads the report.
30% Rise in Ransomware
Meanwhile, financially motivated attacks were also on the rise, with an observed 30% increase in ransomware attacks compared to 2022.
Monthly and yearly breakdown of ransomware attacks reported to ANSSI in 2022 (in blue) and in 2023 (in green). Source: ANSSI
Small and medium enterprises (SMEs) and mid-sized businesses were the most targeted organizations, representing 34% of all cyber-attacks observed by ANSSI in 2023. Local administration came second, suffering 24% of all attacks in 2023.
In total in 2023, ANSSI recorded 3703 cyber events, 1112 of which were labeled as cyber incidents. In 2022, it recorded 3018 cyber events, including 832 cyber incidents.
The latest version of the LockBit ransomware, LockBit 3.0 (aka LockBit Black), was the most used malware in financially motivated cyber-attacks in 2023, taking over previous ransomware versions from the same threat group that dominated the ransomware landscape in 2022.
Top Ransomware versions detected by ANSSI in cyber-attacks targeting French organizations. Source: ANSSI
Overall, 2023 has seen significant changes in the structure and methods of attackers. They are perfecting their techniques in order to avoid being detected, tracked, or even identified.
“Despite efforts to improve security in certain sectors, attackers continue to exploit the same technical weaknesses to gain access to networks. Exploiting ‘zero-day’ vulnerabilities remains a prime entry point for attackers, who all too often still take advantage of poor administration practices, delays in applying patches and the absence of encryption mechanisms,” reads the report, translated from French to English by Infosecurity.
The top five vulnerabilities exploited by threat actors to compromise French organizations’ IT systems in 2023 include flaws in VMWare, Cisco, Citrix, Atlassian and Progress Software products.
Pre-Positioning Activities on ANSSI’s Radar for 2024
Finally, in a tense geopolitical context, ANSSI noted new destabilization operations aimed mainly at promoting a political discourse, hindering access to online content or damaging an organization’s image.
“While distributed denial of service (DDoS) attacks by pro-Russian hacktivists, often with limited impact, were the most common, pre-positioning activities targeting several critical infrastructures in Europe, North America and Asia were also detected.
“These more discreet activities may nevertheless be aimed at larger-scale operations carried out by state actors waiting for the right moment to act,” the report explained.
Vincent Strubel, ANSSI’s director general, commented: “While financially motivated attacks and destabilization operations saw a clear upturn in 2023, it was once again the less noisy threat, which remains the most worrying, that of strategic and industrial espionage and pre-positioning for sabotage purposes, which mobilised the ANSSI teams the most.”
These geopolitically driven threats will particularly be on ANSSI’s radar in 2024, as Paris is prepares to host the 2024 Olympic and Paralympic Games.
How to learn it…As a Cybersecurity professional you learn something new everyday, as this is an evolving field. Happy Learning!
Learning cybersecurity involves a combination of formal education, self-study, hands-on practice, and staying updated with the latest developments in the field. Here’s a step-by-step guide to help you get started:
Understand the Basics: Familiarize yourself with the fundamentals of computer science, networking, and operating systems. This will provide you with a strong foundation for understanding cybersecurity concepts.
Choose a Learning Path: Cybersecurity is a broad field with various specializations such as network security, ethical hacking, digital forensics, and cloud security. Decide which area interests you the most and focus your learning efforts accordingly.
Take Online Courses: There are numerous online platforms offering cybersecurity courses for beginners to advanced learners. Some popular ones include Coursera, Udemy, Pluralsight, and Cybrary. Look for courses that cover topics like cryptography, malware analysis, penetration testing, etc.
Earn Certifications: Certifications can validate your skills and knowledge in specific areas of cybersecurity. Some widely recognized certifications include CompTIA Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), and Offensive Security Certified Professional (OSCP).
Practice with Hands-on Labs: Hands-on experience is crucial in cybersecurity. Set up a lab environment using virtualization software like VirtualBox or VMware, and practice implementing security measures, performing penetration tests, and analyzing malware.
Read Books and Whitepapers: Supplement your online learning with books and whitepapers written by cybersecurity experts. These resources provide in-depth insights into advanced topics and real-world case studies.
Join Cybersecurity Communities: Engage with cybersecurity communities and forums to connect with fellow enthusiasts and professionals. Websites like Reddit’s r/netsec and Stack Exchange’s Information Security offer valuable discussions and resources.
Participate in Capture The Flag (CTF) Competitions: CTF competitions are cybersecurity challenges where participants solve various tasks related to hacking, reverse engineering, cryptography, etc. Participating in CTFs is an excellent way to sharpen your skills and learn new techniques.
Stay Updated: Cyber threats evolve rapidly, so it’s essential to stay updated with the latest news, trends, and vulnerabilities. Follow cybersecurity blogs, subscribe to industry newsletters, and attend conferences and webinars.
Consider Formal Education: If you’re serious about pursuing a career in cybersecurity, consider enrolling in a degree program or bootcamp specializing in cybersecurity. A formal education can provide you with structured learning and access to industry experts.
Remember that cybersecurity is a continuously evolving field, so be prepared to adapt and keep learning throughout your career. Good luck on your learning journey!
Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence.
Unlike similar services, Web Check is free. There’s no signup, tracking, logging, or ads. Anyone can deploy their instance easily.
Web Check features
Web Check provides insight into the inner workings of any specified website, enabling users to identify possible security vulnerabilities, scrutinize the underlying server architecture, inspect security settings, and discover the various technologies employed by the site.
Currently, the dashboard will show IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint.
“When you’re looking into any website or server, either as part of an OSINT investigation or just out of curiosity, there’s a couple of checks that you always start with. Think domain registrar records, SSL chain, server info, page list, tech stack, etc. None of these are hard to find individually, usually with a combination of bash commands and online tools. However, fetching, collating, and analyzing all this data is time-consuming. I created Web Check to automate this process. It locates, processes, and visualizes everything you need to provide a good starting point for your investigation. It takes just seconds to generate a full report, with no fluff,” Alicia Sykes, the creator of Web Check, told Help Net Security.
Future plans
“I’m always looking for ways to increase and improve the data returned. The web scene is constantly changing, so there are always new and interesting insights you can glean from sites. I’m working on some new checks to include this data. I’m also working on a public API to be used programmatically or integrated into researchers’ existing workflows. Due to it being free to use, I must also improve performance to keep compute costs down continuously,” Sykes concluded.
HackerGPT is a cutting-edge AI tool designed explicitly for the cybersecurity sector, particularly beneficial for individuals involved in ethical hacking, such as bug bounty hunters.
This advanced assistant is at the cutting edge of cyber intelligence, offering a vast repository of hacking methods, tools, and tactics. More than a mere repository of information, HackerGPT actively engages with users, aiding them through the complexities of cybersecurity.
There are several ChatGPT-powered tools, such as OSINVGPT, PentestGPT, WormGPT, andBurpGPT, that have already been developed for the cyber security community, and HackerGPT is writing a new chapter for the same.
What is the Purpose of HackerGPT:
It leverages the capabilities of ChatGPT, enhanced with specialized training data, to assist in various cybersecurity tasks, including network and mobile hacking, and understand different hacking tactics without resorting to unethical practices like jailbreaking.
HackerGPT generates responses to user queries in real-time, adhering to ethical guidelines. It supports both GPT-3 and GPT-4 models, providing users with access to a wide range of hacking techniques and methodologies.
The tool is available for use via a web browser, with plans to develop an app version in the future. It offers a 14-day trial with unlimited messages and faster response times.
HackerGPT aims to streamline the hacking process, making it significantly easier for cybersecurity professionals to generate payloads, understand attack vectors, and communicate complex technical results effectively.
This AI-powered assistant is seen as a valuable resource for enhancing security evaluations and facilitating the understanding of potential risks and countermeasures among both technical and non-technical stakeholders
Recently, HackerGPT released 2.0, and the beta is now available here.
Upon posing a query to HackerGPT, the process begins with authentication of the user and management of query allowances, which differ for free and premium users.
The system then probes its extensive database to find the most relevant information to the query. For non-English inquiries, translation is employed to ensure the database search is effective.
If a suitable match is discovered, it is integrated into the AI’s response mechanism. The query is securely transmitted to OpenAI or OpenRouter for processing, ensuring no personal data is included. The response you receive depends on the module in use:
HackerGPT Module: A customized version of Mixtral 8x7B with semantic search capabilities tailored to our database.
GPT-4 Turbo: The most recent innovation from OpenAI, enhanced with our specialized prompts.
Guidelines for Issues: The “Issues” section is strictly for problems directly related to the codebase. We’ve noticed an influx of non-codebase-related issues, such as feature requests or cloud provider problems. Please consult the “Help” section under the “Discussions” tab for setup-related queries. Issues not pertinent to the codebase are typically closed promptly.
Engagement in Discussions: We strongly encourage active participation in the “Discussions” tab! It’s an excellent platform for asking questions, exchanging ideas, and seeking assistance. Chances are, others might have the same question if you have a question.
Updating Process: To update your local Chatbot UI repository, navigate to the root directory in your terminal and execute:
npm run update
For hosted instances, you’ll also need to run:
npm run db-push
This will apply the latest migrations to your live database.
Setting Up Locally: To set up your own instance of Chatbot UI locally, follow these steps:
Navigate to the root directory of your local Chatbot UI repository and run:
npm install
Install Supabase & Run Locally:
Supabase is chosen for its ease of use, open-source nature, and free tier for hosted instances. It replaces local browser storage, addressing security concerns, storage limitations, and enabling multi-modal use cases.
Install Docker: Necessary for running Supabase locally. Download it for free from the official site.
Install Supabase CLI: Use Homebrew for macOS/Linux or Scoop for Windows.
Start Supabase: Execute supabase start in your terminal at the root of the Chatbot UI repository.
Fill in Secrets: Copy the .env.local.example file to .env.local and populate it with values obtained from supabase status.
Optional Local Model Installation:
For local models, follow the instructions provided for Ollama installation.
Run the App Locally:
Finally, run npm run chat in your terminal. Your local instance should now be accessible at http://localhost:3000.
Setting Up a Hosted Instance:
To deploy your Chatbot UI instance in the cloud, follow the local setup steps here . Then, create a separate repository for your hosted instance and push your code to GitHub.
Set up the backend with Supabase by creating a new project and configuring authentication. Connect to the hosted database and configure the frontend with Vercel, adding necessary environment variables. Deploy, and your hosted Chatbot UI instance should be live and accessible through the Vercel-provided URL. You can read the complete GitHub repository here.
In 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon for threat actors, according to IBM’s 2024 X-Force Threat Intelligence Index.
Attacks on critical infrastructure reveal industry faux pas
In nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, MFA, or least-privilege principals – indicating that what the security industry historically described as “basic security” may be harder to achieve than portrayed.
Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. With this growing pushback likely to impact adversaries’ revenue expectations from encryption-based extortion, groups that previously specialized in ransomware were observed pivoting to infostealers.
X-Force analysis projects that when a single generative AI technology approaches 50% market share or when the market consolidates to three or less technologies, it could trigger at-scale attacks against these platforms.
“While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown” said Charles Henderson, Global Managing Partner, IBM Consulting, and Head of IBM X-Force. “Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic.”
A global identity crisis poised to worsen
Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the dark web today. In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities – with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.
This “easy entry” for attackers is one that’s harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.
This wide reach into users’ online activity was evident in the FBI and European law enforcement’s April 2023 takedown of a global cybercrime forum that collected the login details of more than 80 million user accounts. Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across dark web forums, reaffirming these innovations have caught cybercriminals attention and interest.
Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets’ need for uptime to advance their objectives.
Nearly 85% of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts. The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organizations and state-level government bodies in 2022 involved the use of valid accounts. This highlights the need for these organizations to frequently stress test their environments for potential exposures and develop incident response plans.
For cybercriminals to see ROI from their campaigns, the technologies they target must be ubiquitous across most organizations worldwide. Just as past technological enablers fostered cybercriminal activities – as observed with ransomware and Windows Server’s market dominance, BEC scams and Microsoft 365 dominance or cryptojacking and the Infrastructure-as-a-Service market consolidation – this pattern will most likely extend across AI.
X-Force assesses that once generative AI market dominance is established – where a single technology approaches 50% market share or when the market consolidates to three or less technologies – it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals.
Although generative AI is currently in its pre-mass market stage, it’s paramount that enterprises secure their AI models before cybercriminals scale their activity. Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn’t require novel tactics from attackers to target – highlighting the need for a holistic approach to security in the age of generative AI.
Where did all the phish go?
Nearly one in three attacks observed worldwide targeted Europe, with the region also experiencing the most ransomware attacks globally (26%).
Despite remaining a top infection vector, phishing attacks saw a 44% decrease in volume from 2022. But with AI poised to optimize this attack and X-Force research indicating that AI can speed up attacks by nearly two days, the infection vector will remain a preferred choice for cybercriminals.
Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a ‘high’ or ‘critical’ CVSS base severity score.
X-Force observed a 100% increase in “kerberoasting” attacks, wherein attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.
X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.
Ransomware attacks against manufacturers, utilities and other industrial companies were up 50% last year.
The pace and sophistication of cyberattacks against industrial companies are escalating rapidly, as administration officials warn that nation-states are heavily targeting U.S. critical infrastructure sectors.
Ransomware attacks against industrial companies increased by around 50% last year, according to an annual report from cybersecurity company Dragos published Tuesday, which tracked 905 strikes.
The Hanover, Md.-based company, which specializes in protecting systems used by heavy industries such as electric grids and wastewater plants, said it tracked 28% more groups specifically targeting “operational technology” last year than the year before. The term refers to the heavy machinery and industrial control systems used by manufacturing plants, water utilities and similar organizations, as opposed to information technology, which generally comprises software such as accounting and human resources systems. Among industrial companies, manufacturers were targeted most, said Rob Lee, chief executive of Dragos.
“It’s not so much that they’re OT experts, it’s just they know that they’re impacting the revenue-generating portions of those companies,” Lee said, “so the companies are willing to pay, and pay faster.”
Even when ransomware attacks target manufacturers’ corporate technology systems and not their operational technology machinery, there can be collateral damage for production, said Mark Orsi, president of the Manufacturing Information Sharing and Analysis Center, a nonprofit that coordinates the sharing of threat data among manufacturers.
“The vast majority of ransomware variants only target the IT infrastructure of an organization, but all too often the manufacturing plant floor operations are disrupted as a result of compromise to IT systems,” he said.
But ransomware is just the tip of the iceberg, say industry observers. The tools used by hackers to specifically target operations have become more sophisticated in recent years.
The emergence of Pipedream, for instance, a tool believed to have been authored by a nation-state team, has many concerned. Pipedream is able to target industrial systems across industries, and doesn’t rely on common attack methods, such as exploiting vulnerabilities in software.
“When Pipedream or Pipedream-like capabilities leak out into the community, they will be the Cobalt Strikes of OT. That’s the stuff that worries me,” Lee said during a call with reporters on Jan. 30, referring to a suite of cybersecurity tools, Cobalt Strike, developed for network defenders, which gave rise to a slew of malicious hacking tools when it was leaked.
U.S. officials have also ratcheted up warnings of attempts to infiltrate U.S. critical infrastructure. Christopher Wray, director of the Federal Bureau of Investigation, on Sunday said Chinese efforts to secure footholds in critical infrastructure networks are occurring at an unprecedented scale.
While Beijing routinely denies involvement in hacking, Wray’s comments follow a series of similar remarks made by Rob Joyce, cybersecurity director of the National Security Agency. Last month, Joyce told an FBI-sponsored conference that Chinese hackers are positioning themselves within those networks so as to be able to strike at U.S. infrastructure in the event of a conflict. The U.S. government in January said it disrupted one such operation, without specifying the types of infrastructure targeted.
“It’s not just an electric company issue, it’s not just a water issue or a manufacturing issue. I think it’s an issue that affects all of us,” said Jason Nations, director of enterprise security at Oklahoma City-based
Critical infrastructure operators also face supply-chain security threats common to companies in many industries. German company
PSI Software, which said last week it had been the victim of a cyberattack, specified on Monday that it had been hit by ransomware, and took its systems offline to prevent further intrusions. PSI Software supplies software specialized for energy providers and other industrial processes. PSI didn’t respond to a request for comment.
One difficulty critical-infrastructure companies struggle with is finding cybersecurity experts to defend their networks. While there is a shortage of around 4 million corporate cyber professionals globally, according to trade association ISC2, some companies say it is especially difficult to hire people with both cyber skills and expertise in heavy machinery and industrial technology.
A wastewater treatment plant in Fountain Valley, Calif. U.S. officials have said Chinese hackers have been trying to position themselves inside critical infrastructure to be able to impede operations in the event of a conflict. PHOTO: MARIO TAMA/GETTY IMAGES
7 Cyberattacks faced by small businesses and how to prepare to counter them:
1. Phishing Attacks 🎣 Phishing attacks trick employees into revealing sensitive information. • Train staff to recognize suspicious emails. • Use email filtering tools to block malicious messages.
2. Ransomware 🔒💵 Ransomware locks your data until you pay a ransom. • Backup data regularly. • Ensure you have strong antimalware software and keep it updated.
3. DDoS Attacks 🌐💥 Distributed Denial of Service (DDoS) attacks overwhelm your servers with traffic. • Invest in DDoS protection services. • Have a response plan ready to mitigate downtime.
4. Insider Threats 👥🔪 Employees or partners can misuse access to harm your business. • Implement strict access controls. • Monitor user activities for unusual behavior.
5. Zero-Day Exploits ⚙️❗ Hackers exploit unknown software vulnerabilities. • Keep all software and systems updated. • Use intrusion detection systems to spot suspicious activity.
6. Man-in-the-Middle Attacks 🕵️ Attackers intercept communications between two parties. • Use encryption for all communications. • Implement secure VPNs for remote access.
7. SQL Injection 💾🐛 Hackers insert malicious code into your database queries. • Regularly update and patch your database systems. • Use parameterized queries to prevent SQL injection.
Being prepared can save your small business from disaster. 💼💥
Top UK universities have had their services impacted by a DDoS attack, which has been claimed by the Anonymous Sudan hacktivist group.
The University of Cambridge’s Clinical School Computing Service revealed the incident in a post on its X (formerly Twitter) account on February 19, stating that internet access will be intermittent.
It said that the attack started at 15.00 GMT on February 19, with “multiple universities” impacted.
In an update on the morning of February 20, the service said that disruption to the network appears largely over, although some systems remain impacted.
Varsity, the independent newspaper for the University of Cambridge, reported that the attack had affected access to student IT services such as CamSIS and Moodle.
The attackers targeted the Janet Network, a high-speed data-sharing network used by researchers, according to the Varsity report. This service is used by a number of UK universities.
The Janet network is managed by Jisc, a UK not-for-profit provider of network and IT services to the higher education sector.
The University of Manchester also reported connectivity issues as a result of the DDoS attack, stating on its X account on February 19 that the availability of IT services off campus were impacted.
Anonymous Sudan Claims Responsibility for University DDoS Attacks
Hacktivist group Anonymous Sudan claimed responsibility for the attack on the universities.
Hacktivist tracker X account CyberKnow shared a screenshot of a post by the gang, in which they cited the UK government’s support for Israel’s military action in Gaza and the bombing of the Houthi movement in Yemen as the reason for the attack.
Anonymous Sudan has frequently been linked to politically motivated DDoS attacks. It claimed to have launched numerous cyber-attacks against the Israeli government and media organizations in the wake of Hamas’ assault on Israel on October 7, 2023, which started the conflict in Gaza.
UK Institutions Targeted by Hackers
Renowned UK institutions appear to be a growing target for cyber-threat actors.
The British Library is still in the process of recovering its digital services as a result of a ransomware attack in October 2023.
Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, noted that the University of Cambridge’s Library itself is in the process of restoring systems following the British Library attack.
He said that well-known institutions like universities must be particularly vigilant at this time.
“While DDoS attacks themselves usually don’t result in data loss, they can be used to mask the real malicious intentions of cybercriminals.
“With AI lowering the bar of who can develop and carry out cyber-attacks and the ransomware-as-a-service industry further expanding that demographic to anyone with sufficient funds, universities must look at the state of their cybersecurity postures seriously,” he commented.
Research published by KnowBe4 on February 19 found an “exponential” increase in cyber-attacks against UK higher education institutions. The report cited research showing that only half of higher education institutions have a cybersecurity strategy.
Keiron Holyome, VP UKI & Emerging Markets, BlackBerry Cybersecurity, noted that universities are seen as a soft target by threat actors. This has been exacerbated by the expanded threat environment following the shift to remote learning, connected learning technologies and more connections to often-unsecured devices owned by the students.
“IT support is often limited, budgets tight, and many use standard software provided to the education sector. If a vulnerability is found in that software, it won’t take long for the criminals to find it and exploit it,” explained Holyome.
As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk.
According to publicly available data, eight of the top 10 data breaches of 2023 were related to application attack surfaces.1 These eight breaches alone exposed almost 1.7 billion records, illustrating the potential for tremendous data loss if applications are poorly configured and lack effective protection.
Application security has quickly become one of the most essential forms of security for the modern enterprise. That’s why we set out to understand how organizations are securing their applications today and the challenges they face in doing so. Our research team surveyed 400 application security professionals in the United States to learn how they are securing applications, the tools and processes they are using and how effective their work is.
