Archive for March 7, 2024

EU’s ‘Cyber Solidarity Act’ creates a cooperative mechanism for effective defenses

Posted in Commentary with tags on March 7, 2024 by itnerd

On Tuesday, the EU agreed to the Cyber Solidarity Act, a new set of rules intending to make the EU more resilient and reactive to cyber threats via cooperation mechanisms.

An EU-wide cybersecurity alert system will be established to rapidly share information and will comprise of national cyber hubs which will be responsible for detecting and acting on cyber threats, helping authorities respond more effectively to major incidents.

The new regulation will allow for the creation of a cybersecurity emergency mechanism that will support:

  • Preparedness actions, including testing entities in highly critical sectors, such as healthcare, transportation and energy.
  • Shared financial assistance for impacted entities.
  • A ‘cybersecurity reserve’ made up of incident response services from the private sector as well as associated partnering countries that are ready to intervene during a large-scale cybersecurity incident.

The EU Council and Parliament have also agreed to amend the 2019 Cybersecurity Act in order to establish European certification schemes for managed security services. This aims to boost the quality and comparability of these service providers and avoid fragmentation of the internal market.

Formal adoption of the provisional agreements will come once they have been endorsed by the Council and Parliament. 

Emily Phelps, VP, Cyware had this comment:

   “The Cyber Solidarity Act recognizes and addresses the critical nature for the EU to more effectively prepare, detect, and respond to cyber threats. Threat actors often work together, increasing the challenges nations and organizations face to defend against adversaries. These collaborative efforts to improve resiliency are an important step to protecting critical infrastructure, national security, and economic continuity.

Dave Ratner, CEO, HYAS follows with this comment:

   “Sharing information the way that the EU Cyber Solidarity Act does is a great start and a good initiative — too many times the right information is not shared quickly enough. However, if the goal is to make everyone, especially critical infrastructure, truly proactive and cyber resilient then they need to do more than just share information about ‘what’s happened in the past’ and ‘what’s happening now’.  They need to endorse the use of proactive threat intelligence capable of identifying what is going to happen, and mandate the implementation of cyber resiliency solutions like Protective DNS — which other governments are already recommending — that are capable of automatically identifying attacks in real-time and shutting them down.”

George McGregor, VP, Approov had this comment:

   “The EU continues to flesh out the EU Cybersecurity Strategy laid out 4 years ago.

   “The newly announced Cyber Solidarity Act is intended to drive readiness and cooperation and includes infrastructure investments and financial incentives. Because of this it will certainly prove less controversial than the Cyber Resiliency Act of 2023 which imposed strict breach reporting requirements on companies operating in the EU.

   “Key, however, will be the effective execution of the work needed to implement this Act. For example, the creation of a “state-of-the-art” European Cybersecurity Alert System is certainly aspirational but could prove quite challenging to implement. Further information and regular updates on the status of the various projects required to implement the Act will be welcome as a next stage. “

By making sure that everyone shares info and plays nice in the metaphorical sandbox, it ensures that everyone is a lot safer. Thus I see this as a very good move by the EU and one that should be copied far and wide.

Leave a comment »

PetSmart Hit With A Credential Stuffing Attack

Posted in Commentary with tags on March 7, 2024 by itnerd

PetSmart is warning customers their passwords were reset due to an ongoing credential stuffing attack.

DarkWebInformer was the first to post the company’s notice to customers on “X” (formerly Twitter) wherein the company confirmed that during a period of increased “password guessing attacks” the customers account was logged in to. 

As a precaution, PetSmart reset all passwords of accounts that had been logged in during the credential stuffing attack and now those users must reset their passwords.

As the largest Pet focused retailer in the US, PetSmart has over 60 million customers and 1,600 stores nationwide. PetSmart did not say how many customers were affected.

“We want to assure you that there is no indication that petsmart.com or any of our systems have been compromised,” the PetSmart alert said.

“In an abundance of caution to protect you and your account, we have inactivated your password petsmart.com. The next time you visit petsmart.com, simply click the “forgot password” link to reset your password.”

Ted Miracco, CEO, VP, Approov had this to say:

   “PetSmart’s reliance on password resets alone is necessary, but entirely insufficient in addressing the complexities of modern cyber threats like credential stuffing. Securing APIs requires more than just credentials and MFA, it demands a comprehensive security strategy that encompasses multiple layers of protection. 

   “The adoption of advanced security measures like token-based systems is often perceived as the domain of banks, cryptocurrency platforms, and other high-security sectors. However, the reality is that any business handling personal information – be it an eCommerce platform, a healthcare provider, or, indeed, a pet retailer – must prioritize these enhanced security measures.“

This hopefully will spur PetSmart to do better when it comes to security. Because getting pwned is never good for business.

Leave a comment »

Several Canadian women-led startups join Google’s Women Founders Cohort

Posted in Commentary with tags on March 7, 2024 by itnerd

Hi there, International Women’s Day is tomorrow and this year’s theme is #InspireInclusion. Around the world, underrepresented founders face a disproportionate lack of access to capital and support networks. Here in Canada, women entrepreneurs, in particular, make up only 17% of small and medium-sized business owners.  

Google launched the Google for Startups Accelerators: Women Founders cohort in 2020, to help level the playing field for women founders across North America, and inspire inclusion in the startup ecosystem. Over the past four years, they’ve worked with 47 women-led startups, who have collectively raised $93.22M USD since graduating from their cohorts. 

Today, ahead of International Women’s Day, Google is excited to welcome 15 new women-led businesses to the Google for Startups Accelerator community including MedReddieNimble Science, and SkyAcres, three Canadian startups that are driving transformation in agriculture and healthcare spaces. Learn more about the program here.

Leave a comment »

Guest Post: China-aligned Evasive Panda leverages religious festival to target and spy on Tibetans, ESET Research discovers

Posted in Commentary with tags on March 7, 2024 by itnerd

ESET researchers have discovered a cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans via a targeted watering hole (also known as a strategic web compromise), and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for both Windows and macOS to compromise website visitors with MgBot as well as a backdoor that has not been publicly documented yet; ESET has named it Nightdoor. The campaign by the China-aligned Evasive Panda APT group leveraged the Monlam Festival — a religious gathering — to target Tibetans in several countries and territories. Targeted networks were located in India, Taiwan, Hong Kong, Australia, and the United States.

ESET discovered the cyberespionage operation in January 2024. The compromised website abused as a watering hole (the attacker infests a website that the victim likely or regularly uses) belongs to Kagyu International Monlam Trust, an organization based in India that promotes Tibetan Buddhism internationally. The attack might have been intended to capitalize on international interest in the Kagyu Monlam Festival that is held annually in January in the city of Bodhgaya, India. The network of the Georgia Institute of Technology (also known as Georgia Tech) in the United States is among the identified entities in the targeted IP address ranges. In the past, the university was mentioned in connection with the Chinese Communist Party’s influence on education institutes in the U.S.  

Around September 2023, the attackers compromised the website of a software development company based in India that produces Tibetan language translation software. The attackers placed several trojanized applications there that deploy a malicious downloader for Windows or macOS.

In addition to this, the attackers also abused the same website and a Tibetan news website called Tibetpost to host the payloads obtained by the malicious downloads, including two full-featured backdoors for Windows and an unknown number of payloads for macOS.

“The attackers fielded several downloaders, droppers, and backdoors, including MgBot — which is used exclusively by Evasive Panda — and Nightdoor, the latest major addition to the group’s toolkit and that has been used to target several networks in East Asia,” says ESET researcher Anh Ho, who discovered the attack. “The Nightdoor backdoor, used in the supply-chain attack, is a recent addition to Evasive Panda’s toolset. The earliest version of Nightdoor that we’ve been able to find is from 2020, when Evasive Panda deployed it onto the machine of a high-profile target in Vietnam. We have requested that the Google account associated with its authorization token be taken down,” adds Ho.

With high confidence, ESET attributes this campaign to the Evasive Panda APT group, based on the malware that was used: MgBot and Nightdoor. Over the past two years, we have seen both backdoors deployed together in an unrelated attack against a religious organization in Taiwan, in which they also shared the same Command & Control server. 

Evasive Panda (also known as BRONZE HIGHLAND or Daggerfly) is a Chinese-speaking and China-aligned APT group, active since at least 2012. ESET Research has observed the group conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. Government entities were targeted in Southeast and East Asia, specifically China, Macao, Myanmar, The Philippines, Taiwan, and Vietnam. Other organizations in China and Hong Kong were also targeted. According to public reports, the group has also targeted unknown entities in Hong Kong, India, and Malaysia.

The group uses its own custom malware framework with a modular architecture that allows its backdoor, known as MgBot, to receive modules to spy on its victims and enhance its capabilities. Since 2020 ESET has also observed that Evasive Panda has capabilities to deliver its backdoors via adversary-in-the-middle attacks hijacking updates of legitimate software.

For more technical information about the latest malicious campaign of the Evasive Panda group, check out the blogpost “Evasive Panda leverages Monlam Festival to target Tibetans” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.image005.png

Leave a comment »

Guest Post: The Application Generation is fed up as digital disruption rises across the world 

Posted in Commentary with tags on March 7, 2024 by itnerd

By Joe Byrne, CTO Advisor, Cisco Observability 

In the ever-evolving landscape of digital interactions, a new type of application user has emerged over the last two years – the ‘Application Generation.’ These users, have a heightened sophistication and demands for their use of applications and digital services, and are reshaping the expectations for organizations across industries. While these users actively pursue innovative, intuitive, and secure digital experiences, many brands find themselves at a crossroads, facing the challenge of meeting these elevated standards.  

The growing gap between Application Generation’s expectations and the current digital landscape is becoming increasingly frustrating, causing serious trouble for organizations who fail to keep up.  

The latest research from Cisco, The App Attention Index 2023: Beware the Application Generation, sheds light on this transformative group of global consumers ages 18 to 34 who are changing the criteria of what digital experience needs to be. 

Consumers’ expectations for digital experiences skyrocket 

According to the global research of more than 15,000 consumers, appetite for applications and digital services has remained strong in the two years post pandemic. However, today’s consumers feel they have more control of the applications they use and are more empowered to seek alternatives after poor experiences. 

During the pandemic, applications and digital services were a lifeline for many. With enforced lockdowns, relying on digital platforms became the only viable option for shopping, accessing essential services, and staying connected with friends. Today, things are back to normal. People can once again meet up face to face, shop in stores and visit offices and bank branches. This return to regular or pre-pandemic activities has provided individuals with choices, significantly influencing their interaction with digital services. 

A notable 59 per cent of Canadian consumers state their expectations for digital experiences are far higher now than they were two years ago. Additionally, 53 per cent feel some of the applications they relied on during the pandemic no longer meet their current expectations for digital experience. What was good enough during the pandemic is now inadequate. This evolving landscape underscores the necessity for digital platforms to adapt and exceed heightened user expectations.  

Consumers are encountering more bad digital experiences 

Alarmingly, while expectations for seamless digital experiences have reached new highs, as many as 94 per cent of the Application Generation globally report they have experienced performance issues when using digital services over the past 12 months. This figure is up from 83 per cent of consumers in 2021, when the App Attention Index was last published. 

63 per cent of Canadian consumers report they are now less forgiving of poor digital experiences. This means people are deleting applications at an unprecedented rate, with a staggering 70 per cent of Canadian consumers reporting they have stopped using digital services or deleted applications from their devices because of performance issues over the last 12 months.  

As well as banishing poorly performing applications, global consumers are also becoming far more vocal when they encounter issues – 67 per cent claim they are now more likely to warn people of applications that don’t perform than they were 12 months ago. 

Application observability is key for brands to avoid consumer outrage 

In order to retain and attract customers through their digital services, application owners need to consistently deliver seamless and secure digital experiences. But this is easier said than done. Rapid digital transformation has left IT teams struggling to manage a highly dynamic and dispersed application landscape. Many don’t have full visibility into cloud native technologies, and this is making it almost impossible to detect and fix issues before they impact end users. 

Application observability provides a solution to this critical and growing challenge. It provides IT teams with full and unified visibility across their hybrid environments so they can rapidly detect issues and understand root causes. Additionally, by correlating application availability, performance and security data with key business metrics, teams can prioritize those issues with the potential to do the most damage to digital experience. 

Application owners urgently need to recognize they can’t afford to maintain current levels of disruption and downtime to their applications and digital services. The Application Generation won’t tolerate anything less than the very best, most seamless and secure digital experiences.

Leave a comment »

HP launching PCs that protect firmware with quantum-resistant cryptography

Posted in Commentary with tags on March 7, 2024 by itnerd

HP is launching the world’s first business PCs to protect firmware against quantum computer hacks. The HP Endpoint Security Controller (ESC) chip will be built into select HP devices to futureproof PCs with quantum-resistant cryptography.

There has long been talk of quantum computers capable of breaking encryption and the risk this poses to security, particularly software. But the risk to firmware is often overlooked – threat actors could use quantum attacks to access and modify firmware to gain control of devices. 

This is what HP is innovating to solve, and there announcement is significant because:

  • The great firmware migration must begin now: While software cryptography can be updated, firmware can’t be. Given typical PC refresh cycles are now every 3 to 5 years, even longer due to efforts to improve sustainability – businesses need an eye on the future and to start migrating their fleets. 
  • Regulation is tightening: The USUKFrench and Dutch governments have outlined recommendations and timelines for migrating to quantum-resistance. For example, the US Commercial National Security Algorithm Suite says firmware migration to quantum-resistant cryptography is recommended from 2025, and required by 2033.

Please see the blog post for more details.

Leave a comment »

FBI Releases Their 2023 Internet Crime Report

Posted in Commentary with tags on March 7, 2024 by itnerd

The FBI has released it’s Internet Crime Report for 2023, which shows that the US lost a record $12.4 billion to online crime in 2023. For 2023, the types of crimes that increased were tech support scams and extortion.

Darren Williams, CEO and Founder, BlackFog had this comment:

    “Extortion pays so it comes as little surprise that it continues to be one of the most used tactics for attackers.  Many organizations make it easy for attackers to access and steal sensitive data by focusing on perimeter defense instead of watching the back door. Once a hacker infiltrates a device or network and data is exfiltrated, the extortion that follows can be endless for the victims. Anti data exfiltration technology ensures that even when attackers gain access, they are unable to leave with any data, ultimately putting an end to extortion.”

I for one am not surprised by anything that this report says. Thus it highlight the fact that organizations and individuals need to do everything possible to protect themselves from being the next victim of these scumbags who carry out these crimes.

Leave a comment »

Darktrace Releases 1H FY 2024 Results Along With New Threat Landscape Data

Posted in Commentary with tags on March 7, 2024 by itnerd

 Darktrace released its half year financial results today, and you can find the full announcementhere.

Alongside its financials, Darktrace released new data from across its customer base that shows how phishing attacks are continuing to evolve:

  • ‘Novel social engineering’ attacks – phishing attacks that use more sophisticated language and punctuation than a typical phishing email – grew by 35% between September and December 2023.
  • This follows data previously released by Darktrace showing a 135% increase, on average, in these attacks in January and February last year, coinciding with the general adoption of ChatGPT.
  • The ongoing rise in these sophisticated techniques suggests attackers are continuing to increase their use of generative AI tools to make their attacks more potent.
  • It’s not just the sophistication of phishing attacks that is increasing, but also the scale, with Darktrace customers receiving 2,867,000 phishing emails in December alone, a 14% increase on September.

As they grow, AI threats have become a critical priority on the agendas of security teams, and they are questioning whether their organizations are prepared. In new data Darktrace is also releasing today, the company recently surveyed over 1700 security experts around the world to understand how they perceive this challenge:

  • 89% of IT security experts believe AI-augmented cyber threats will have a significant impact on their organization within the next two years. 
  • Yet, 60% believe they are currently unprepared to defend against these attacks.
  • Their two greatest concerns, both rated as 3.84 by respondents, on a 1-5 scale of risk are:
    • Increased volume and sophistication of malware attacks – like those delivered by phishing emails – that target known vulnerabilities in software.
  • Employee use of generative AI tools, leading to sensitive data being leaked.

The growing adoption of AI adds to the impact automation and as-a-service attacks are already having on the threats organizations face. The Darktrace threat report, released in January, showed that as-a-service attacks, which provide cybercriminals with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines, make up the majority of attacks.

You can find a blog post from Darktrace’s Chief Product Officer, Max Heinemeyer, delving more deeply into the findings here.

Commenting on the cybersecurity landscape, Darktrace CEO Poppy Gustafsson, said: “We continue to see the cyber-crime landscape evolve rapidly in a challenging geopolitical environment and as the availability of generative AI tools lowers the barrier to entry for hostile actors. Against this backdrop and in the period ahead, we are preparing to roll out enhanced market and product positioning to better demonstrate how our unique AI can help organizations to address novel threats across their entire technology footprint.”

Leave a comment »

NSA Issues Guidance On Adopting A Zero Trust Stance

Posted in Commentary with tags on March 7, 2024 by itnerd

The National Security Agency has issued new guidance for adopting zero-trust network principles: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar. 

The NSA first issued guidance for a zero-trust (ZT) framework in February 2021, inspired by the 2020 Verizon breach and then again in April 2023 with – Advancing Zero Trust Maturity Throughout the User Pillar

This week’s release focusses on the third pillar of the seven ZT pillars, the network and environment component of Zero Trust, comprised of hardware and software assets, non-person entities, and protocols for inter-communication.

The Zero Trust maturity model network is secured in-depth through key functions of the four networking and environment pillar capabilities:

  • Data flow mapping
  • Macro segmentation
  • Micro segmentation
  • Software Defined Networking

The NSA CSI, Embracing a Zero Trust Security Model, defines the concept of ZT as a security strategy with core principles: acknowledgement of the ubiquity of cyber threats, and elimination of implicit trust favoring instead continuous verification of all aspects of the operational environment.

A zero-trust security model requires stringent access controls for accessing network resources, whether inside or outside the physical perimeter, to limit the breach consequences.

In contrast to the conventional IT security model, where all network entities are presumed trustworthy, zero-trust architecture assumes the presence of existing threats and restricts network access accordingly.

Mark Cooper, President & Founder, PKI Solutions had this comment:

   “Public Key Infrastructure (PKI) supports the zero-trust model by managing and securing digital certificates and keys. PKI is core to critical infrastructure protection environments. It ensures authenticated and encrypted communication within a network, aligning with zero-trust principles by verifying every user and device before granting access. PKI is core to critical infrastructure protection environments. What is often missing and overlooked is the required level of posture management that focuses on proactive monitoring for misconfigurations and remediating them before they become vulnerabilities that get exposed. “

   “This approach highlighting the required level of security posture management complements the NSA’s guidance by enhancing trust verification and limiting adversaries’ network access.”

I’m a big fan of zero trust as it reduces the chance that you could get pwned by a threat actor. Which is why I am glad that the NSA is offering guidance that organizations of all sizes should be following.

Leave a comment »