Archive for October 19, 2023

Five Eyes’ Intelligence Chiefs Accuse China Of IP Theft And ‘new cold war

Posted in Commentary with tags , on October 19, 2023 by itnerd

n an “unprecedented” joint call by the Five Eyes on Tuesday, the intelligence chiefs of the countries accused China of intellectual property theft and using AI for hacking and spying against its nations and called for private industry and academia to help counter those threats.

“China has long targeted businesses with a web of techniques all at once: cyber intrusions, human intelligence operations, seemingly innocuous corporate investments and transactions. Every strand of that web had become more brazen, and more dangerous,” FBI Director Christopher Wray said.

The FBI and the White House sent a warning Tuesday about how technology is being used dangerously, calling it the “new Cold War.”

“Because back in the day, it was more, ‘can I put more bombs and more missiles that point to you?’ Whereas these days it’s truly digital, where the information is, and also the spy component,” said Wray.

This meeting comes shortly after the Biden administration issued new restrictions on companies exporting AI technology to China and other countries.

Despite China having a bigger hacking program than that of every other nation combined, the Chinese government spokesman Liu Pengyu said the country was committed to intellectual property protection and denied the “groundless” allegations.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “Statements from the intelligence communities at the Five Eyes countries are a positive recognition of the persistent threat of Chinese espionage. However, this escalation is coming years, perhaps decades, after we had known about the blatant theft of intellectual property from China.

   “As open societies, we face significant challenges in competing against a closed society like China in the field of AI. China has a centralized governance structure, which gives it access to a large amount of diverse and centralized data, without a lot of ethical restrictions on how it will be used. In contrast, the Five Eyes countries face challenges in accessing similar volumes and types of data due to privacy concerns and legal frameworks that prioritize individual rights. China has also been aggressively investing in AI research and development, leading to a significant pool of talented scientists, engineers, and researchers.

   “The Five Eyes countries have well-established innovation ecosystems, including leading universities, research institutions, and a vibrant private sector that fosters a culture of innovation which can lead to breakthroughs in AI technologies. However, the question that remains is can open societies capitalize on these innovations, safeguard individual freedoms, and protect their valuable IP over the long term?”


David Mitchell, Chief Technical Officer, HYAS follows with this comment:

   “The PRC has been a cyber concern for as long as I can remember but has grown to become an existential threat over the last few years. The sheer number of motivated hacking teams, the scale of the toolsets and the coordination are unlike anything we’ve ever seen — and add AI to the equation and we have a serious problem. The private sector is not equipped to deal with such skilled nation state teams for a variety of reasons — a lack of network visibility, disjointed security platforms and understaffed organizations.

   “Without improvements in our security posture, products, and response, along with coordination between the private sector and government, it is hard to see this threat dissipating anytime soon.”

While China isn’t the only state actor that is out to steal all the IP that it can get, it is the biggest. Thus the threat that China poses must be taken seriously, along with doing everything possible to stop them from profiting from their desire to steal all the IP that they can.

Leave a comment »

Trend Micro Announces Next Generation Trend Vision One

Posted in Commentary with tags on October 19, 2023 by itnerd

 Trend Micro today announced the next evolution of its cloud container security capabilities for its flagship platform. The latest addition to the platform delivers end-to-end protection, detection, and response to drive secure digital transformation.  

The new capabilities simplify investigations by enabling analysts to prioritize incidents faster and with greater accuracy—reducing the time spent on each container security incident by up to two weeks.

The Trend Vision One platform is designed to deliver comprehensive, cross-layer capabilities that eliminate the cost, security gaps, and administrative overhead associated with point solutions. Trend’s latest innovation in container security brings unparalleled visibility to the security operations center (SOC) to accelerate threat detection, response, and containment. Specialized cloud security teams will benefit from a tailored approach that protects containerized applications and enables organizations to leverage the full potential of cloud environments securely. 

According to independent analyst firm Gartner, “Integrating previously isolated security capabilities simplifies security workflows and reduces the complexity associated with managing multiple tools, thus providing better visibility into the security landscape. A centralized platform allows for better coordination and communication between security and development teams, fostering collaboration and enabling incidents to be handled more efficiently.”** 

Trend Vision One – Container Security benefits include: 

  • Consolidated security: Centralizing container security within a unified platform streamlines security management while delivering unprecedented visibility through deep, correlated telemetry across more native security layers—including endpoint, server, workload, identity, email, and network. This consolidated approach enables security teams to identify threats earlier in the attack lifecycle leading to rapid and effective containment. A platform approach ensures security policies are consistently monitored and applied across the organization.  
  • Optimized operational efficiency: Drastically reduces the time spent by SOC teams on container security operations, saving up to two weeks per incident. This efficiency improvement can free up resources for other critical tasks, enabling organizations to operate in the cloud with less risk. 
  • Consistency across all cloud environments: Ensures seamless security management is in place across both Kubernetes clusters (multi-cloud and on-premises) and Amazon ECS by simplifying the management of security policies and minimizing the risk of potential security vulnerabilities. 
  • Enhanced security: Proactively mitigates risk by searching for bugs in Amazon ECS and Kubernetes. Supports end-to-end protection that secures containers from build to termination, ensuring seamless security across the container lifecycle. 

To find out more about Trend Vision One – Container Security, please visit: https://www.trendmicro.com/en_in/business/products/one-platform.html  

Leave a comment »

OVHcloud Is About To Roll Out Identity And Access Management

Posted in Commentary with tags on October 19, 2023 by itnerd

 OVHcloud today announced its latest security defining feature with advanced Identity and Access Management (IAM) is set to be available for all customers at no extra cost on October 25th.

OVHcloud Identity and Access Management is part of the Group’s ongoing product roadmap and commitment to continuous innovation. Accessible through a centralized user interface directly within OVHcloud control panel, as well as from the OVHcloud API, the feature allows granular control of an organization’s security privileges and provides total control over who can access digital resources. Available for Public Cloud, Hosted Private Cloud and Webcloud universes, including dedicated hosting, OVHcloud IAM helps to improve security, thwarting malicious attacks, supports enhanced compliance and productivity for IT teams and delivers a higher level of performance for users’ login.

With Identity Federation, OVHcloud IAM allows for customers to connect to the corporate directory of their choice (via SSO). With a fine-grained policy management that spans through the complete OVHcloud product portfolio, it’s easier than ever to create user groups, define the minimum set of authorizations granted by default and leverage OAuth2 tokens within IAM policies or authentication through OVHcloud API. OVHcloud Terraform provider also now includes IAM actions so IT teams can fully automate their OVHcloud deployments. Capabilities such as audit and logs help organizations keep tabs of access to help comply with regulations and standards related to data privacy and security.

An IAM to control them all on a secure and sustainable offer 

Offering a state-of-the-art Identity and Access Management, OVHcloud aims at answering IT organization needs for fine grained access policy management and identity federation on a trusted Cloud. The new OVHcloud IAM is totally integrated with other OVHcloud services and available for all solutions in the product portfolio.

OVHcloud has a well-known expertise in infrastructure, offering a trusted Cloud in environmentally friendly datacenters. Furthermore, OVHcloud datacenters take advantage of a unique industrial model with a bespoke watercooling system that contributes to a truly sustainable Cloud, allowing customers to reach best-in-class PUE/WUE indexes (see more here).

Availability

OVHcloud Identity and Access Management, currently available in Beta, will roll out globally for free to all customers on October 25th.

Leave a comment »

34K+ Malicious Implants In Cisco IOS XE: CERT Orange

Posted in Commentary on October 19, 2023 by itnerd

The CERT Orange Cyberdefense team (the first private CERT in Europe) noted today more than 34,000 malicious implants in Cisco’s IOS XE.

From the blog post:

We discovered early evidence of potentially malicious activity on September 28, 2023, when a case was opened with Cisco’s Technical Assistance Center (TAC) that identified unusual behavior on a customer device. Upon further investigation, we observed what we have determined to be related activity as early as September 18. The activity included an authorized user creating a local user account under the username “cisco_tac_admin” from a suspicious IP address (5.149.249[.]74). Instances of this activity ended on October 1, and we did not observe any other associated behavior at that time other than the suspicious account creation.  

This isn’t good. Corey Sinclair, Cyber Threat Intelligence Analyst, Horizon3.ai had this to say:

   “Cyber threat actors are already exploiting this vulnerability, allowing remote, unauthenticated attackers to create an account with privilege level 15 access on affected systems – potentially gaining full control. This is a significant alert for organizations using Cisco IOS XE devices with the Web UI feature enabled through the IP HTTP server or IP HTTP Secure Server commands. Cisco recommends disabling the HTTP server feature on internet-facing systems to mitigate this vulnerability. 

    “While there is no patch available just yet, it’s highly recommended to keep abreast of any updates or mitigation options from Cisco. And also, when implementing technologies and updating systems, we urge that it’s important that organizations Don’t keep default settings or credentials, and Do regularly do autonomous internal and external pentest operations to find, fix, and verify any weaknesses that can be actively exploited.”

Craig Harber, security evangelist at Open Systems (former US DOD, NSA and USCYBERCOM) had this to say: 

   “Today, Cisco warned its customers of a new zero-day vulnerability impacting the company’s IOS XE software. The warning explains how devices can be exploited locally from the network or from the internet if the targeted device is exposed to the web. Once the device is exploited, the attacker can create accounts with the highest privileges and take full control over the infected device. 

    “Until a patch is available, security teams should immediately disable the HTTP Server feature on their internet-facing systems and use the indicators of compromise provided by Cisco to hunt within their systems for infected devices. Security teams also should consider implementing network segmentation to control access to those vulnerable servers from the internet.”

Cisco has an advisory that you can read here. I would strongly recommend that you read it and take action as there is no patch available for this at present. And you should also consider implementation of these mitigations a today problem.,

1 Comment »

AI-Phishing Drives Demand For Alternatives To ‘Flawed Legacy Authentication’ 

Posted in Commentary with tags on October 19, 2023 by itnerd

The FIDO Alliance Online Authentication Barometer reports that 54% of survey respondents have seen an increase in phishing activity, while 52% believe phishing techniques have become more sophisticated as threat actors increasingly leverage AI.

AI-driven FraudGPT and WormGPT, created and shared on the dark web, have made executing a sophisticated social engineering attack far simpler and easier to do at scale. Also, voice and video Deepfakes are being used to add a convincing element to these social engineering attacks.

Researchers estimate that password usage without two-factor authentication remains dominant, people enter a password manually nearly four times a day on average (~1280 times/year) and 37% of respondents use passwords instead of MFA to log into work accounts.

Consumers rank biometrics as the top MFA log in solution, which they also believe is most secure, and passkeys have grown in consumer awareness in the last year: rising from 39% in 2022 to 52% today.

Ted Miracco, CEO, Approov had this comment:

   “AI-driven cybercrime certainly highlights the need for stronger authentication methods beyond traditional passwords. However even passkeys and Multi-factor authentication (MFA) are not immune to all types of attacks. While they provide better security compared to passwords alone, they may still be vulnerable to certain types of attacks, including the increasingly common man-in-the-middle (MITM) attacks. If the communication channel between the user and the authentication system is compromised, an attacker can intercept or manipulate the passkey or MFA during transmission and can effectively impersonate the user or gain unauthorized access. To mitigate the risk of MITM attacks, use secure communication protocols such as HTTPS to encrypt the data transmission between the user and the authentication system. 

   In addition, users should ensure they are using attested mobile devices and trusted networks for authentication. Avoiding public or unsecured Wi-Fi networks reduces the risk of MITM attacks.  Lastly, by using out-of-band verification methods, such as receiving authentication codes through a separate communication channel (e.g., SMS codes sent to a registered phone number), users can add an extra layer of security by making it more difficult for an attacker to intercept both the authentication code and the login session.”

Emily Phelps, Director, Cyware follows with this:

   “Passwords alone are not enough to secure accounts and sensitive data. Phishing remains so popular because there is a low barrier to entry and it remains effective. As AI technologies become more commonplace and sophisticated, adopting better security practices will be even more critical than it is today. The reality is no single authentication method is foolproof. Organizations and individuals must adopt multifactor solutions to reduce the risks of phishing attacks. It’s encouraging to see an increase in consumer awareness, but awareness alone does not reduce risk. Multifactor authentication is the minimum we should be requiring to defend against social engineering tactics.”

As far as I am concerned, passwords are dead. And the sooner people realize that and switch to other methods of authentication, the more secure that we all will be.

Leave a comment »

Elon Musk May Block The EU From Using Twitter To Avoid Having To Deal With His Disinformation Problem

Posted in Commentary with tags on October 19, 2023 by itnerd

Elon Musk has a problem with he EU. They’re holding him accountable for all the disinformation that Twitter is spreading. Along with the fact that he’s not interested in doing anything about it. So according to this story, his solution is going to be to block EU citizens from seeing Twitter:

In response to this new regulation, Elon Musk, the controversial tech mogul at the helm of X, is reported to be considering a dramatic move. Musk could remove the X platform entirely from Europe, or alternatively block European users from accessing the platform. It’s a clear sign of the tension between the platform’s libertarian ethos and the EU’s desire for regulation. The outcome of this standoff will set an important precedent for how digital platforms are governed in the future.

Elon clearly thinks that the has the upper hand here. As in Twitter is so big and so powerful that the EU will bend to his will if he threatens to keep the 27 nation bloc from seeing Tweets. But he’s wrong. Facebook a while back tried a similar tactic to strong-arm the EU, and when Europe called the company on that move Facebook backtracked. I can see a similar scenario playing out here. But there’s another scenario, Elon is actually trying to dodge EU rules at any cost. Even if it means taking money out of his own pocket to do so. Because you have to assume that pulling out of the EU is going to cost him big. And the fact that Twitter is bleeding money clearly doesn’t factor into his decision making.

Either way, my thinking is that the EU may just be happy enough to see the back of him and let Twitter’s downward spiral into oblivion continue as the demise of Twitter would solve the disinformation problem on the platform. And they would not be alone in hoping that he does something that speed up the death of Twitter.

1 Comment »

GuidePoint Research and Intelligence Team’s (GRIT) 2023 Q3 Ransomware Report Is Out

Posted in Commentary with tags on October 19, 2023 by itnerd

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q3 2023 Ransomware Report. This report is based on data obtained from publicly available resources, including threat groups themselves, and insight into the ransomware threat landscape. GRIT observed a nearly 15% increase in ransomware activity since Q2 due to an increased number of ransomware groups, including 10 new Emerging groups tracked during this quarter. In the third quarter, GRIT tracked 1,353 publicly posted ransomware victims claimed by 46 different threat groups. Through the first three quarters of 2023, GRIT has tracked a total of 3,385 publicly posted ransomware victims claimed by 57 different threat groups, representing an 83% YoY increase.

GRIT’s latest Ransomware Quarterly Report examines the large-scale ransomware attacks against MGM Resorts and Caesars Entertainment, highlighting possible seasonal targeting of the Entertainment, Hospitality, and Tourism (EHT) industry. Other notable Q3 ransomware events included the end of Clop’s MOVEit campaign, LockBit’s return to a high operational tempo, and Bianlian’s sustained capabilities despite moving to an exfiltration-only model, all of which have contributed to this quarter’s rise in ransomware activity.

Key Highlights of the Report:

  • The Manufacturing and Technology industries were the 1st and 2nd most impacted by ransomware, followed by Retail & Wholesale as the 3rd most impacted. The Retail & Wholesale vertical has experienced a steady quarterly climb in observed victims throughout the year, jumping from 9th place with 38 victims in Q1 to its current spot in the top three with 98 victims. 
  • While US-based organizations saw an increase in total observed victim count in Q3 2023, the percentage of attacks directed against US-based organizations – decreased by 3.3%, reflecting a marked increase in attacks impacting other nations. In particular, United Kingdom-based organizations saw an increase from 59 victims in Q2 to 83 in Q3, an approximate 40.7% quarter-over-quarter increase.
  • The top three most active ransomware groups were Lockbit, Clop, and Alphv. LockBit posted roughly the same number of victims in Q2 as in Q3, totaling 770 victims for the year thus far. Clop activity in Q3 stemmed almost entirely from its mass exploitation of a vulnerability in the MOVEit managed file transfer software, which resulted in a 5% total increase in victims from Q2 to Q3. While Alphv experienced a modest decrease in total victim volume and market share between Q2 and Q3, it retained its position as one of the most impactful ransomware groups, claiming responsibility for more than 10 healthcare victims as well as the MGM resorts breach.
  • Two of the top 10 most active ransomware groups, Bianlian and Akira, have continued to be impactful despite each group having a public decryptor released by security researchers in 2023.

For more information on GRIT’s 2023 Q3 Ransomware Report:

Leave a comment »

Living Security Announces Key Executive Hire and New Channel Partner Program

Posted in Commentary on October 19, 2023 by itnerd

Living Security, Inc. (“Living Security”), the global leader in Human Risk Management (HRM), announced today the launch of its channel partner program and the appointment of Peter Streips as Vice President of Channel Sales. The company’s new global channel program will open additional revenue streams, empower partners to expand their business horizons, and recognize and reward the efforts of both internal and external partners.

Bringing a wealth of experience and industry knowledge, Streips, a technology leader renowned for successfully launching, developing, and executing global channel and alliance strategies for cybersecurity and cloud computing industries, will guide the company’s channel sales strategy, fostering relationships and securing strategic collaborations. As an additional initiative, the channel program is growing Streips’ team with dedicated channel specialists to bolster partner pipeline-building endeavors, emphasizing the company’s commitment to enhancing partner benefits. 

Key features include:

  • Competitive Margins: Offering up to 30% margin for partner-sourced deals new to Living Security
  • Lead Flow: Assured lead flow to proactive partners, ensuring they can deliver robust sales, onboarding, and continuous support to clients
  • MDFs & SPIFs: Market Development Funds to increase market awareness and lucrative Sales Performance Incentive Fund (SPIF) for sales and technical teams who source net new business
  • Quarterly Incentives: Top performing partners will enjoy receiving Quarterly rebates allowing the partner to reinvest in future marketing campaigns
  • Channel Specialist: Access to a dedicated Living Security Channels Specialist to help build pipelines and acquire new customers

With an impressive background, Streips has already made notable strides by forming strategic partnerships that promise to amplify the company’s reach and impact as it launches its Living Security Partner Program. The program welcomes various partners globally across all industries, from resellers to full-service MSP/MSSPs. Living Security’s go-to-market channel partners include Defy SecurityGuidePoint SecurityOptiv, and is in the final negotiation stages of incorporating distribution into the program. 

Organizations spend billions of dollars on cybersecurity technology, yet 74% of security breaches result from human actions. Living Security, recognized by esteemed analysts such as Forrester and Gartner, prides itself on being at the forefront of the HRM platform. This novel toolset grants CISOs unparalleled real-time visibility into security discrepancies, facilitating proactive, informed decisions to protect organizations against potential threats.

For more detailed information on the Living Security Partner Program and its tiered benefits, visit https://www.livingsecurity.com/partner.

Leave a comment »