Archive for January 13, 2025

New “Codefinger” Ransomware Abuses Amazon AWS to Encrypt S3 Buckets

Posted in Commentary with tags on January 13, 2025 by itnerd

Researchers have identified a new ransomware threat actor dubbed “Codefinger” targeting Amazon S3 buckets leveraging AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demand ransom payments for the symmetric AES-256 keys required to decrypt it.  This attack doesn’t require the exploitation of any AWS vulnerability but instead relies on the threat actor first obtaining an AWS customer’s account credentials. With no known method to recover the data without paying the ransom, this tactic represents a significant evolution in ransomware capabilities 

You can read more at the link below:

https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c

Darren James, a Senior Product Manager at Specops Software, commented:

“This is a great example of where password reuse or sticking with easy to guess passwords, along with no two-factor authentication, will come back to bite admins.

Admins are human just like the rest of us, and we all hate passwords and have too many to remember, so they, just like us, fall into bad habits, such as using default passwords or an easily guessable password, or reusing the same password across multiple systems. We’ve seen this on a number of occasions when we run our Specops Password Auditor tool and in our own analysis of stolen credentials.

It’s vitally important for admins especially to make sure that they use different passwords for all systems they use and enable strong, phishing resistant 2FA wherever possible.

If they had used these simple steps, this latest ransomware attack could have been avoided.

On the upside, at least SSE-C is a strong encryption method, but it is not good to see it used against the good guys rather than for them.”

This illustrates that doing the simple stuff will help you to not get pwned by threat actors. Thus this should serve as wake up call to do just that ASAP.

Leave a comment »

North American companies are at risk of losing employees to the Workplace Fulfillment Gap: Ricoh

Posted in Commentary with tags on January 13, 2025 by itnerd

The 2024 North American Workplace Fulfillment Gap Index released today by Ricoh USA, Inc., a leading provider of integrated digital workplace solutions and services, found that fulfillment is an often-overlooked factor employers should focus on in their talent retention strategies as companies implement return to office (RTO) policies. 

The report surveyed over 2,000 U.S. and Canadian adults between ages 18-64 who are employed full-time. The findings show that by nearly every measure, employers are falling short of their employees’ expectations to invest in organizational priorities that matter most to their fulfillment: work/life balance, purpose-driven work, a frictionless environment, and a growth-oriented culture. Workers ranked their overall fulfillment at a 6.89 out of 10, with pronounced fulfillment gaps between on-site (6.92) and remote workers (6.61).

Workplace fulfillment needs to factor into companies’ renewed RTO policies

Most employees (51%) reported feeling less fulfilled compared to five years ago, with hybrid workers feeling more fulfilled than their remote and on-site counterparts. And yet, most employees (84%) say their fulfillment is an important deciding factor in whether to stay at a company. This is particularly key for employers to balance with their enhanced enforcement of renewed RTO policies. 

Generations (and countries) are divided in how they view the role of work in their lives, and the sense of fulfillment that comes with it

Approximately four in five (82%) North American workers say their sense of fulfillment at work helps them feel happier at home, but less than a quarter (21%) of employees feel completely fulfilled through their work. This disparity signals that most workers could be happier in their personal lives if the gap in workplace fulfillment closed. The findings also show a stark difference between the United States and Canada, with Americans (29%) more likely to be fulfilled at work compared to Canadians (14%).  

Across generations, more Gen Z (63%) employees associate their personal identity with their profession than any other generation, with Boomers being the least likely to say this (52%). Gen Z employees are also the most likely (85%) to say that feeling fulfilled at work helps them feel fulfilled at home, yet they’re the least likely (79%) to say that they feel like they’ve contributed something positive to the world after a day’s work.

Most North American employees are optimistic that the advent of AI and other technology innovations will free up more of their time to do what they love

Contrary to popular belief, most employees view AI as a tool to enhance their productivity and support their current job roles as a collaborator instead of a replacement.  Approximately two-thirds of respondents agree that AI will allow them to work more efficiently, with hybrid employees (73%) more likely to say this than remote and on-site workers. Additionally, three in five (60%) employees agree that AI tools could allow them to have more time for passions outside of work.

People are the fulfillment glue

North American employees rank their comradery with colleagues in their organization higher than any other measure of what’s keeping them engaged in their current role. Moreover, respondent data shows a correlation between feeling more disconnected from coworkers (47%) to feeling less fulfilled at work (51%). Nine in ten (91%) employees say the culture among those they work with is important to feeling fulfilled in their job, with hybrid workers more likely to say this than onsite workers.

For more details and insights regarding the survey results and optimizing the workplace experience, visit: https://www.ricoh-usa.com/en/solutions/workplace-experience

Leave a comment »

CISA sees a 201% increase in enrolment for its Cyber Hygiene (CyHy) service

Posted in Commentary with tags on January 13, 2025 by itnerd

In a report released Friday, CISA said it saw a 201% increase in its Cyber Hygiene (CyHy) service enrollment from critical infrastructure organizations between Aug. 1, 2022, through Aug. 31, 2024.

Of the 7,791 critical infrastructure organizations that enrolled in the agency’s vulnerability scanning service during that period. The following industries lead the surge:

  • Communications – 300% 
  • Emergency services – 268%
  • Critical manufacturing – 243%
  • Water and wastewater systems 242%

CISA cited a steady decrease in the number of monitored exploitable services from 12 services per CyHy enrollee in August 2022 to roughly 8 apiece. The number of KEV tickets also declined, with critical-severity KEVs falling 50% and high-severity KEVs dropping by 25%. 

Remediation times for SSL vulnerabilities fell as well, with tickets resolved in less than 50 days, down from about 200 days as of August 2022.

CISA’s report also highlighted the high exposure rate of operational technology protocols to the public internet: 

  • 63% – Government services and facilities
  • 10% – IT
  • 10% – Energy
  • 5% – Healthcare

Lawrence Pingree, VP, Dispersive.io had this to say:

  “I think it’s admirable that CISA offers a free scanning service. It’s no surprise that enterprises leverage the free service to check for vulnerabilities, given you get a report regularly from the government for free (no cost). Seeking to find any vulnerabilities in your external attack surface is certainly one of the first priorities that enterprises should have. Keep in mind, it doesn’t necessarily represent the only way that attackers can breach an environment, and there’s no guarantee that a zero day isn’t used instead. Attackers just rotate to whatever they need to in order to accomplish their goals. So, if the external surface is too much of a challenge, they rotate to third parties, or malware+phishing, or even social engineering. The importance of my past research work in preemptive cyber defense (PCD) and automated moving target defense (AMTD) at Gartner was to point to the need to move to preemptive models instead of the whack-a-mole we play with vulnerabilities and patching.”

I am pretty impressed by this as it shows that organizations may actually be taking cybersecurity seriously. That is a good thing as we’ve seen what happens when cyber criminals are allowed to run wild.

Emily Phelps, Director, Cyware follows with this:

  “CISA’s Cyber Hygiene service growth reflects the critical sectors’ increasing focus on cybersecurity, but the report also highlights persisting risks, like high exposure of operational technology protocols. Improved remediation times are encouraging, but organizations must go beyond addressing vulnerabilities to build resilience against evolving threats. Protecting critical infrastructure demands real-time threat detection, intel and defensive strategy sharing, coordinated responses, and robust strategies to secure essential services.”

Leave a comment »

Ericsson enhances enterprise 5G portfolio with Generative AI Virtual Expert to simplify network operations

Posted in Commentary with tags on January 13, 2025 by itnerd

Ericsson today announced the launch of its generative AI-based NetCloud Assistant (ANA). This next generation of ANA is a virtual expert designed to further simplify enterprise 5G network administration. Unlike traditional chatbots, which leverage search to provide links to existing resources, ANA stands out with the ability to read, understand, and generate new text and graphical content. ANA provides personalized responses by correlating information from multiple technical documents and unique insights from the customer’s network, transforming hours or even days of work into seconds. 

ANA is the first generative AI virtual expert designed for enterprise Wireless WAN (WWAN) networks, utilizing large language models, with all its AI components hosted entirely within Ericsson’s environment. This design ensures user and data privacy by avoiding API calls to third-party consumer generative AI applications. 

Key functionalities of ANA:  

  • Knowledge Summarization: Correlates information from Ericsson’s library of technical documentations into concise summaries personalized to the customer’s network.
  • Configuration Assistance: Accelerates Day 1 deployments with step-by-step guidance for WAN edge device configuration based on best practices.  
  • Enhanced Troubleshooting: Automates common diagnostic tasks and provides step-by-step instructions to troubleshoot and resolve connectivity issues, speeding up mean time to repair. 
  • Policy Recommendation: Future releases will translate business requirements into recommended SD-WAN and WAN bonding policies to enhance WAN performance and application availability.  
  • Custom Graph Generation: Future releases will allow administrators to ask ANA to create detailed graphs that visualize more complex information not typically available in standard NetCloud dashboards or pre-canned reports. 

ANA complements Ericsson’s NetCloud AIOps dashboard which serves as a vital component in transforming network management. Through an intelligent fault management system, it detects performance-driven anomalies, such as latency and jitter, specific to each customer’s specific environment. By providing real-time insights into network performance, AIOps empowers IT teams to proactively address issues, leveraging ANA as needed, to ensure optimal network operations and enhance the overall digital experience. 

New ANA features and the NetCloud AIOps dashboard are available for demonstration at Ericsson’s NRF 2025 booth #3948. Both features will evolve to support Ericsson Private 5G solutions.  

For more details:  

Leave a comment »