Archive for May 17, 2023

Exploits, Botnets & Malware Spiked in Q1: Nuspire

Posted in Commentary with tags on May 17, 2023 by itnerd

Nuspire has just released their Q1 2023 Threat Report. 

The quarterly report provides a comprehensive analysis of the threat landscape, examining threat data as well as specific tactics, techniques and procedures (TTPs) organizations should watch out for.  Notable findings from the report include: 

  • Exploit activity grew by more than 150% in Q1 2023, with brute forcing far and away as the most popular tactic, followed by Apache Log4j.  
  • Malware jumped nearly 40% in Q1, with JavaScript and Microsoft variants clocking in the most activity.  
  • Botnets jumped almost 60% in Q1, and two new offenders emerged as top contenders: NetSupport RAT and FatalRAT. 

The report is available linked here,

Leave a comment »

Uber launches Teen Accounts & Video Gift Messaging in Canada

Posted in Commentary with tags on May 17, 2023 by itnerd

This morning, Uber hosted GO-GET, the annual product showcase introducing Uber’s latest innovations around the globe.This year, there are several new products coming to Canada and here’s the highlights.

Teen accounts

Teen accounts on Uber is a new feature to help parents manage all of their teen’s activities and busy life. From sports practices and mall trips to first job interviews and more, teens are always on the move – which means parents and caregivers are too. When parents set up a teen account with Uber, screened and experienced drivers can help get their teen wherever they need to go with safety tools built into every trip. Uber’s built-in safety features (not optional) include audio recordinglive trip trackingPIN verification, and RideCheck

Parents also have the ability to contact the driver directly during a trip, contact Uber’s support team, or report an issue. 

Teen accounts are a made-in-Canada innovation. Uber expanded and formalized processes initially developed for Innisfil Transit. Teen accounts were then piloted in Calgary in the fall of last year. Teen accounts will roll out in western Canada and Quebec starting today, followed by Ontario and Nova Scotia in the summer. 

Video gift messaging

Add a personalized touch when sending gifts on Uber Eats by recording your very own video message. This feature is launching today across Canada, starting with gift cards. Soon Canadians will be able to add video messages to thousands of gifts on the app, whether it’s a bouquet of flowers, a box of chocolates, a bottle of malbec, their favorite sourdough bread, or even an order of tacos. 

Group grocery orders 

Build the perfect grocery cart with your roommates, family members—or even a group trip—to help everyone get what they need hassle-free. Now group orders for groceries are easier than ever on Uber Eats with features that let you invite participants to add items, set ordering deadlines and divide costs by automatically splitting the bill. For select grocery stores, there is now the option to pay for the entire order, or split the bill based on what each individual orders. 

As a bonus feature that’s perfect for roommates, Canadians can now also make group grocery orders ‘recurring.’ Simply select the recurring frequency you want (weekly, monthly, etc.) and the group will receive reminders to add their items to the shopping list from your preferred grocery store on a regular basis. Available today across the country.  

Leave a comment »

Guest Post: 42% of IT Leaders Told To Keep Data Breaches Confidential

Posted in Commentary with tags on May 17, 2023 by itnerd

Data breaches can seriously threaten businesses, resulting in significant financial losses, legal ramifications, and reputational damage.

According to the data presented by the Atlas VPN team, 42% of IT leaders have been told to keep a data breach confidential. Furthermore, more than half of businesses admitted to experiencing a data breach in the last 12 months.

Nearly 30% of IT professionals had kept data breach a secret when they knew it should be reported. While these people should know better, they decided to side with the hackers and keep their crimes silent. In addition, customers whose information was stolen are also unaware that their data are in criminals’ hands.

When looking at the results by country, US businesses were the least responsible when dealing with data breaches. Over 70% of IT leaders were told to keep a data breach confidential, while 55% kept data theft a secret when they knew it should be reported.

Companies in Germany were the most responsible when dealing with data breaches. Of the IT leaders surveyed, 35% were advised to maintain confidentiality regarding a data breach, but only 15% kept it quiet. Furthermore, 54% neither were told nor kept a breach confidential.

​​Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on data breach management:

In an age where data breaches have become a grim reality, such practice undermines the fundamental principles of transparency, accountability, and proactive risk mitigation. Organizations must recognize that concealing data breaches erodes customers’ trust and hinders the collective effort required to combat cyber threats.”

US businesses in trouble

To stay ahead in the face of technological advancements, businesses must recognize the gravity of the situation and adjust their security measures accordingly.

Overall 52% of companies have experienced a data breach in the last 12 months. However, when we take a closer look at country statistics, one of them stands out among the others.

About 3 out of 4 IT leaders in the US admitted that their company suffered a data breach in the last 12 months. This statistic seems even worse when combined with the fact that 55% of professionals stayed silent about data breaches. In the US, if the data breach affects more than 500 people, it is legally required to report it in 10 business days.

Meanwhile, 51% of businesses in the UK experienced a data breach in the last year. IT leaders working in Germany and Italy disclosed that nearly 50% of their businesses suffered a data incident. Data breaches also affected 44% of companies in Spain, while French businesses were the least likely to suffer such incidents, with only 42% experiencing data thefts.

To read the second part and the full article, head over to: https://atlasvpn.com/blog/42-of-it-leaders-told-to-keep-data-breaches-confidential

42-of-it-leaders-told-to-keep-data-breaches-confidential

Leave a comment »

Rezonate Posts A Blog Detailing Github Misconfigurations That Can Lead To Account Takeovers

Posted in Commentary on May 17, 2023 by itnerd

Researchers at Rezonate have taken a deep dive into misconfigurations of GitHub integration with cloud native vendors and unsurprisingly found many critical misconfigurations, leaving connected AWS/GCP accounts vulnerable to potential takeover attacks. 

In a blog post on this research to be published this week, the team will:

  • Introduce their misconfiguration research process
  • Explain the OIDC implementation process that GitHub uses to authenticate to the cloud
  • Present the misconfigurations they identified across various organizations
  • Provide a step-by-step guide for discovering and fixing the problem(s)
  • Propose how to avoid the issue completely

The research team is also providing, for the general public, a script to their GitHub repository, which performs a quick scan against the AWS account or GCP project and reveals possible vulnerable roles and service accounts.

The blog will appear on their blog page here and it is worth a read: https://itnerd.blog/2023/05/17/rezonate-posts-a-blog-detailing-github-misconfigurations-that-can-lead-to-account-takeovers/

Leave a comment »

The Dark Web Is A Threat To The Oil And Gas Industry

Posted in Commentary with tags on May 17, 2023 by itnerd

Searchlight Cyber has released new research today describing how threat actors auction off access to oil and gas industry networks on the Dark Web. Someone should tell the oil and gas industry about this, as researchers found that more than 27% of energy industry CISOs said that they believe activity on the dark web has no impact on their company.

“The report we have released today –Dark Web Threats Against the Energy Industry – demonstrates conclusively that that is not the case by showing that energy companies are routinely discussed on dark web forums.” Searchlight report)

Cybercriminals have shifted their attention beyond banks and insurance companies and are now directing their efforts towards enterprises operating in various industries like healthcare, oil and gas (think Colonial Pipeline), and manufacturing.

“The global oil & gas industry experienced a 145% rise in company filings mentions of cybersecurity in Q1 2023 compared with the previous quarter … according to GlobalData’s analysis of over 338 oil & gas company filings.” URL: https://www.offshore-technology.com/dashboards/filings/cybersecurity-mentions-oil-gas-industry/

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

  1. I think it’s clear that threat actors have moved beyond the financial and insurance sectors, but this is still all about “the money”. Previously, attackers would look to compromise organizations in these sectors for the sole purpose of stealing PII and selling it to the highest bidder. But today, it’s easier to compromise an organization and hold them for ransom since the payouts are much larger. And as we have seen, cities, universities, non-commercial entities, and pretty much everyone other type of organization has experienced some form of ransom-based attacks.
  2. In nearly every attack that has resulted in a breach of security posture, threat actors first gain a foothold in the organization or find an attack vector where one can easily be obtained. In this case, they next auction that information off since they do not want to perform a potential ransom-based attack on their own. This is like someone who builds a list of consumers, then sells that list to someone else who wants to take it to the next level.
  3. I feel the energy industry is aware of the threats and understands the risks, but are they prepared for an attack? Likely not. The reason is that energy companies have much different infrastructures as compared to banks or insurance companies. Energy companies have networks so office employees can do their jobs. While at the same time, have other networks used for delivery and distribution of their energy products. Both are widely different in the context of what can be attacked and how an attack would progress.

You would think that the oil and gas industry would improve their security after the Colonial Pipeline incident. I for one hope they have as they’re clearly a target. And that means we’ll find out very quickly if they haven’t done everything possible to make themselves attack resistant.

Leave a comment »

Clouds Of Logs: An Evolving Malware Data Collective Marketplace

Posted in Commentary with tags on May 17, 2023 by itnerd

Cybersecurity intelligence firm KELA has compiled a report presenting the rise of variants and MaaS operations that have grown substantially in the first quarter of 2023, raising the associated risk for organizations and individuals.

KELA’s report highlights the evolving MaaS marketplace referred to as “Clouds of Logs,” focusing on threat actors’ subscription-based access to what is described as private, cloud-hosted log collections from their info-stealing malware operations.

2023 Emerging Info Stealers:

  • Titan: appeared on Russian-speaking hacker forums in November 2022. A Go-based info-stealer targeting 20 web browsers
  • LummaC2: Targets over 70 browsers, cryptocurrency wallets, and two-factor authentication extensions
  • Stealc: Analyzed by SEKOIA in February 2023. A lightweight stealer. Targets over 22 web browsers, 75 plugins, and 25 desktop wallets
  • WhiteSnake: Attacks Windows & Linux. First seen on hacker forums in February 2023 as an email, Telegram, Steam, and cryptocurrency wallet stealer

Clouds of Logs is presumably a safer alternative to automated log markets, created to give data sellers a simpler way to monetize their activity without the involvement of middlemen.

KELA believes that the MaaS market will preserve its popularity this year, so the use of info-stealers will continue to be substantial.

Dave Ratner, CEO, HYAS had this to say:

   “With the increase in info-stealing malware, visibility into the communication patterns coming out of an enterprise is increasingly important, across both corporate and production environments, to ensure that anomalous outbound communications are identified, inspected, and shut down quickly and efficiently.  Other than preventing the malware from breaching the environment in the first place, this can be the best protection for an organization and drive a true business resiliency strategy.”

This is another one of those cases where the bad guys are quickly evolving to make your life miserable. Thus you need to take action to make sure that you’re not a victim by doing everything that you can to make sure that your IT environment is safe from these threat actors.

Leave a comment »

Next DLP Announces SIEM Streaming Service and Enterprise Class Scalability

Posted in Commentary with tags on May 17, 2023 by itnerd

Next DLP today announced a new integration between Splunk and the company’s Reveal platform. The new technology partnership bolsters visibility, protection, and leverages customer’s investment in existing security solutions to improve incident response effectiveness. 

Reveal’s Security Information and Event Management (SIEM) streaming service provides a simple configuration process that enables organizations to reduce response times through the automated ingestion of detections into their existing SIEM tools and workflows. As part of this capability, the Next DLP Reveal Technology Add-on is now available in the Splunkbase. This add-on provides a simple way for insider risk and DLP activity observed by Reveal to be pulled into Splunk and correlated with other cybersecurity data sets for more effective incident response and investigation. 

The Reveal Platform was purpose built for the cloud. Reveal has been tested to handle the most complex data protection challenges for security conscious global organizations of all sizes. By leveraging modern cloud-based microservice architectures and scalable components, Reveal customers can rapidly expand deployments from hundreds of agents to hundreds of thousands  without increased complexity. 

Next DLP is a leading provider of insider risk and data protection solutions. Next is disrupting the legacy data loss prevention market with a user-centric, flexible, cloud-native, AI/ML-powered solution built for today’s threat landscape. The Reveal Platform by Next uncovers risk, educates employees and fulfills security, compliance, and regulatory needs. The company’s leadership brings decades of cyber and technology experience from Fortra (f.k.a. HelpSystems), DigitalGuardian, Forcepoint, Mimecast, IBM, Cisco, and Veracode. Next is trusted by organizations big and small, from the Fortune 100 to fast-growing healthcare and technology companies. For more information, visitwww.nextdlp.com.

Leave a comment »