US Justice Takes Out Chinese Backed Threat Actor “Flax Typhoon”

Posted in Commentary with tags on September 20, 2024 by itnerd

The US Justice Deptment announced that it had taken out a Chinese cyberespionage group known as Flax Typhoon. Here’s the back story:

  • A global botnet of over 200,000 consumer devices, compromised by People’s Republic of China (PRC) state-sponsored hackers, has been dismantled through a court-authorized operation. The U.S. Department of Justice revealed that the botnet, managed by Beijing-based Integrity Technology Group—also known in the cybersecurity community as “Flax Typhoon”—infected devices such as SOHO routers, IP cameras, DVRs, and NAS devices. The malware covertly linked these devices into a botnet, facilitating cyberattacks disguised as routine traffic.
  • The FBI’s operation gained control of the attackers’ infrastructure, sending commands to disable the malware on infected devices. During the takedown, hackers attempted to thwart FBI efforts with a DDoS attack targeting the FBI’s infrastructure, though it failed to stop the operation.

Evan Dornbush, former NSA cybersecurity expert:

  “I cannot understate how important Ryan and his team at Black Lotus are to safeguarding our collective security. Kudos to Lumen for being transparent.

  “The reason this threat actor goes after SOHO devices like SOHO routers and DVRs and IP cameras is because the owner/operator is neither technical nor interested.

  “Network threat detection — inaccessible for most users — is critical.  Forward leaning ISP and telecom companies that can advance the reach of NDR (network detection & response) should be praised for sharing their findings and allowing big action, such as a botnet takedown, to occur.

  “By disrupting the threat actor’s operations, Black Lotus has made it more costly and challenging for them to carry out future attacks. Making attacks more costly is a critical and often overlooked aspect to protecting our digital infrastructure.”

I applaud the US Justice Department on executing this takedown. But I want to point out that this was consumer and SOHO based devices that this group was targeting. Which means that consumers and SOHO types are now the low hanging fruit for threat actors. And by extension need to step up their game to avoid being targets in the future.

Leave a comment »

CISA’s Releases Election Security Checklist Ahead of November Elections In The US

Posted in Commentary with tags on September 19, 2024 by itnerd

As the 2024 election nears, election officials finalize preparations to protect themselves against the most common threats seen targeting voters and campaigns. CISA recently released an Election Infrastructure Cybersecurity Readiness and Resilience Checklist, providing guidance on potential security incidents that may impact election infrastructure. 

Tom Marsland, VP of Technology for Cloud Range who has personally led live-fire simulation attacks on election infrastructure, including forensic analysis of voting machines and misinformation campaigns, has shared his thoughts on CISA’s checklist:

This checklist by CISA is a great reminder to election officials and participants about the basics – however, with less than two months until the election, many of these will be hard to implement if not at least begun already.  That said, it provides a clean slate for officials to take a step back and give their practices of cyber hygiene a holistic overview, and an honest look as they enter the final stages of preparation. I’ll repeat the findings from CISA that our elections are as secure as they’ve ever been. We really have to stay on top of misinformation campaigns and social engineering in that realm, but this is a great product for CISA, and I hope we see it used. 

A great way for election officials to test their readiness against the checklist provided by CISA is by conducting hands-on, tabletop exercises that test the organizations policies and playbooks against the very items called out in the checklist. Lessons learned from table top exercises should be incorporated into the organization’s continuous improvement, made actionable, and tracked to completion.

The CISA has put out a number of these sorts of checklists. But checklists aren’t good if they’re not followed. So here’s hoping that this one is followed as this November’s elections are going to be extremely important to the future of the US.

Leave a comment »

Trump Media Stock Tanks Again

Posted in Commentary with tags on September 19, 2024 by itnerd

At about this time last week, Donald Trump announced that he wasn’t going to sell any of his stock in Trump Media. That calmed fears that such a sale would tank the stock because he desperately needs cash from all reports, and caused the stock to soar. This was the value of the stock last Friday:

Fast forward to today and reality has set in for Trump and those who hold this stock. Here’s the value of that stock as I type this:

And if you want to see the downward trajectory of this stock over the last week, here you go:

That’s an almost 17% drop in value. And you have to think that this isn’t sustainable over the long term. At this point it’s only a matter of time before this stock crashes and burns. The only question is will it die slowly by losing value day after day, or will it be killed by Donald Trump cashing out his stake to get cash to deal with his various “problems”. But mark my words, this stock will crash.

Leave a comment »

Smart Space-Saving Tech For Your Home From Samsung

Posted in Commentary with tags on September 19, 2024 by itnerd

As more people embrace smaller living spaces—whether you’ve just sent your kid off into student housing or you’re looking to downsize as an empty nester—the demand for smart, space-saving tech has never been greater. Clutter can quickly take over, but with the right innovations, you can make the most of every inch of your home without sacrificing style or functionality. 

Samsung offers several innovative products designed to keep things organized and functional, including: 

  • Samsung 500 Series Laundry Hub with Auto Dispenser (Starting at $2,399.99) – This compact yet powerful Laundry Hub™ saves space and simplifies laundry day by allowing you to control both the washer and dryer from a single, centralized control panel—no step stool needed. 
  • Samsung’s The Freestyle 2nd Gen Smart FHD Portable LED Projector (Starting at $999.99) – Perfect for any room or outdoor space, this portable projector adjusts to different surfaces and angles, letting you enjoy your favorite content wherever you go. 
  • Samsung Music Frame (Starting at $599) – A stylish, space-saving photo frame that doubles as a speaker. Easily switch photos or artwork while playing music for study or entertainment. It’s a perfect blend of personal style and powerful sound for any space. 

Find out more at Samsung.ca.

Leave a comment »

HYAS Infosec Wins Best Threat Intelligence Technology at the 2024 SC Awards

Posted in Commentary with tags on September 19, 2024 by itnerd

 HYAS Infosec has announced its recognition as the Best Threat Intelligence Technology winner at the prestigious 2024 SC Awards. This award underscores HYAS Infosec’s unwavering commitment to innovation, leadership, and excellence in the cybersecurity industry.

Now in its 27th year, the SC Awards recognize top-performing solutions, organizations, and individuals for outstanding contributions to information security. With 33 categories this year, the awards celebrated both established leaders and emerging disruptors across the cybersecurity landscape.

The HYAS Insight threat intelligence solution stood out in a highly competitive category, showcasing its ability to address the evolving threat landscape through unparalleled infrastructure intelligence. The solution focuses on “VRA,” or Verdicts, Related Infrastructure, and Actor Attribution, which enables clients to be proactive against fraud and other threats they face. The win emphasizes HYAS Infosec’s dedication to providing practical, actionable solutions for efficient business outcomes that address today’s most complicated and complex cyber issues.

The SC Awards, hosted by SC Media, are judged by a panel of independent experts. Winners are selected based on their impact on cybersecurity, their capacity for innovation, and their effectiveness in addressing key industry challenges.

Throughout September, the SC Media editorial team will spotlight HYAS Infosec with exclusive interviews, video discussions, and a featured profile on the SC Media website, as well as promotion across LinkedIn and Twitter. To see the full list of this year’s SC Awards winners, visit the SC Awards page: https://www.scmagazine.com/sc-awards.

Leave a comment »

Nicholas Warner Joins Horizon3.ai as Independent Board Director

Posted in Commentary with tags on September 19, 2024 by itnerd

Horizon3.ai, a global leader in autonomous security, announces that Nicholas Warner has joined its board as an Independent Director. Warner brings over two decades of cybersecurity experience, marked by a proven track record in scaling companies and driving hyper-growth. As COO, he played an instrumental role in propelling SentinelOne from $1 million to over $500 million in annual recurring revenue (ARR) and overseeing its public offering in what was the largest cybersecurity IPO in history.

Prior to SentinelOne, Warner served as Worldwide VP of Sales at Cylance, where he was pivotal in growing the company’s sales from zero to over $200 million in under three years. His exceptional leadership in developing go-to-market strategies and operational execution has cemented his reputation as a trusted authority in the cybersecurity industry.

Warner’s extensive career also includes leadership positions at McAfee and Forcepoint, where he drove significant regional and global sales initiatives. His deep operational insight, coupled with his understanding of today’s evolving threat landscape, will further bolster Horizon3.ai’s mission to help organizations proactively manage and mitigate cybersecurity risks.

As companies face growing challenges in staying secure, assessing risk, and maintaining compliance, traditional security methods often fall short. The NodeZero™ platform, with its expanding capabilities now covering cloud and hybrid environments, is transforming how businesses tackle security issues by identifying their most critical risks in real time. With Nick joining Horizon3.ai’s board, his expertise will help drive product innovation and further fuel company growth, empowering organizations to proactively manage their security posture, streamline compliance, and address risks more effectively than ever before.

Warner’s appointment underscores Horizon3.ai’s commitment to strengthening its leadership team with industry veterans who can guide the company’s rapid growth and help shape the future of autonomous cybersecurity solutions.

Leave a comment »

IPv4.Global Expands IPv4 Address Capabilities, Launches New Leasing Hub

Posted in Commentary on September 19, 2024 by itnerd

IPv4.Global today launched a new IPv4 address leasing hub. The expanded capability increases choice and flexibility for businesses as they navigate network expansion and complexities. 

IPv4.Global’s new leasing hub offers the buy-sell marketplace the largest available inventory of IPv4 blocks in the world. By offering both buy and lease options, IPv4.Global’s expanded service capability is available to the largest community of IPv4 acquiring entities worldwide to ensure they have access to a flexible, cost-effective solution to scale their network infrastructure as needed. 

Leasing IP Addresses can be a flexible and cost-effective solution that allows businesses to expand their networks without the significant upfront costs associated with purchasing IP addresses outright. It also provides flexibility to accommodate uncertain future requirements. Alternatively, for organizations with surplus addresses that are not ready to sell, leasing transforms an idle asset into a source of recurring operating income.

IPv4.Global’s new leasing hub provides companies with a resource to enable their leasing activity with the same transparency that has been the IPv4.Global hallmark since its inception.  Market participants can list their blocks for lease and/or look for available blocks that meet their needs. IPv4.Global’s leasing hub will provide valuable market data about leasing prices, availability and demand to the IPv4 leasing community. Participants that lease addresses through the IPv4.Global hub will get the same award-winning expert service and support the company provides to its buy/sell customers, including streamlined contract negotiations, lease set-up and servicing. 

For those businesses unsure of whether buying, selling or leasing is the best fit, IPv4.Global’s consultants provide expert guidance to identify the best approach for the unique circumstances of each business. Tailored solutions include lease-to-own options in addition to unusual timeframe leases and option-to-buy agreements. 

For more information on IPv4.Global’s new leasing options, or to speak with an IPv4.Global consultant, visit: https://Leasing.IPv4.Global

Leave a comment »

Cybercriminals Use Evilginx To Bypass MFA… Gmail, Outlook, Yahoo Among Top Targets

Posted in Commentary with tags on September 19, 2024 by itnerd

Abnormal Security has released its latest blog reporting on how cybercriminals use Evilginx to bypass multi-factor authentication (MFA) in attacks targeting Gmail, Outlook, Yahoo, and more. 

Evilginx, a tool commonly used in phishing attacks, operates as a middleman between users and legitimate websites. It intercepts and manipulates traffic, allowing cybercriminals to steal login credentials, session cookies, and other sensitive information. 

Attackers typically configure Evilginx to mimic high-value targets such as online banking portals, cloud service providers, email platforms, and social media sites. These sites often rely on MFA as a security measure, and the tool offers a way to bypass that protection. 

Abnormal shows a custom price list for these configurations, including brands/services (LinkedIn, Intuit, Telegram, GitHub, Airbnb, and the previously mentioned email platforms), price, website, login URL, and details. Evilginx has also become a service that cybercriminals sell to each other. 

Abnormal Security’s research team demonstrates:

  • Why Evilginx has become a valuable tool for cybercriminals involved in phishing campaigns
  • What is the potency of the tool in real-world cyber espionage and nation-state-sponsored hacking
  • How organizations can protect themselves against AiTM Attacks

You can read the blog entry here.

Leave a comment »

API and Bot Attacks Cost Businesses $186 Billion Annually

Posted in Commentary with tags on September 18, 2024 by itnerd

A new report from Imperva Inc., reveals that API and bot attacks are costing businesses up to $186 billion annually as incidents surge. The report, titled “Economic Impact of API and Bot Attacks,” shares analysis of over 161,000 cybersecurity incidents. Conducted in conjunction with a study by the Marsh McLennan Cyber Risk Intelligence Center, the report highlights how large organizations with over $1 billion in revenue are two to three times more likely to experience automated API abuse by bots compared to smaller companies.

The report points to the sheer volume of APIs as a key vulnerability. On average, enterprises managed 613 API endpoints in 2022, exposing them to increasing risks as API ecosystems expand. Imperva Threat Research found that automated threats accounted for 30% of all API attacks in 2023, contributing to losses of up to $17.9 billion annually from API bot abuse.

Nanhi Singh, general manager of application security at Imperva, emphasized the urgency, stating, “It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden.” Singh warns that without proactive measures, the economic toll from these automated threats will continue to rise as API ecosystems grow and bots evolve.

George McGregor, VP, Approov Mobile Security had this to say:

  “It would have been interesting to see specific analysis of the economic impact of mobile originating bots which are a growing threat to APIs. These are hard to stop using back-end security techniques because of a lack of visibility to contextual information about use of mobile apps and devices. 

  “Blocking mobile bots and botnets effectively requires methods that capture detailed information about the devices and apps which originate requests to APIs. Also, there is limited coverage of applying a Zero Trust approach to API security where every request is validated in real time using contextual information.”

With the amount of money that is lost due to bots, this is a today problem that needs to be addressed in a meaningful way and done so quickly. Because this is a problem that is only going to get worse.

Leave a comment »

CISA announces “FOCAL”

Posted in Commentary with tags on September 18, 2024 by itnerd

This week, CISA announced a new plan to align the “collective operational defense capabilities” of over 100 US central Government agencies outside defense to reduce their cyber-risk.

CISA notes in the plan that there is currently “no cohesive or consistent baseline security posture” across agencies, which fails to consider the current threat environment and the complex digital ecosystem.

The plan, known as FOCAL, for Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment, sets out both “broad organizing concepts for federal cybersecurity” and tactical guidance agencies should implement in the coming year. It covers five areas of cybersecurity including:

  1. Asset management
  2. Vulnerability management
  3. Defensible architecture
  4. Cyber supply chain risk management
  5. Incident detection and response

While CISA stresses that each FCEB agency has its own mission, supported by its own networks and systems, with standardization and consistency, CISA also believes that a collective approach to cybersecurity will further reduce risks across all federal cyber defenses as agencies interact with each other and share data.

Emily Phelps, Director, Cyware had this to say:

  “CISA’s FOCAL plan highlights the value of collective defense in securing the federal cyber landscape. This approach leverages the strengths and knowledge of each entity to build a more robust defense against evolving threats. The interconnected nature of today’s digital ecosystem means that vulnerabilities in one area can ripple across others, making a collective defense strategy essential for reducing risk. By fostering collaboration, information sharing, and standardization, agencies can more effectively defend against sophisticated cyber adversaries while reinforcing the overall security of the nation’s critical infrastructure.”

Stephen Gates, Principal Security SME, Horizon3.ai follows with this:

  “This initiative is not just necessary—it’s long overdue. Now is the time to embrace a proven strategy that aligns with the five key objectives outlined in the plan. Organizations must begin by assessing their own environments, using the same tactics, techniques, and procedures (TTPs) that adversaries use. This ensures they’re effectively managing high-risk assets, identifying and mitigating exploitable vulnerabilities, and fortifying their architectures. This approach should extend to their supply chain, ensuring partners meet the same standards, and that incident detection and response systems are proven to be fully operational.”

This is a good move by the CISA who has a history of coming up with good initiatives to improve cybersecurity inside and outside government. This is something that seriously needs to be copied by the private sector as I think you will see that this is going to be highly effective in terms of deterring cyberattacks.

Leave a comment »

« Older Entries
Newer Entries »