ESET PROTECT Portfolio Now Includes New MDR Tiers and Features 

Posted in Commentary with tags on May 1, 2024 by itnerd

 ESET today announced the launch of two new Managed Detection and Response (MDR) subscription tiers: ESET PROTECT MDR for small and medium businesses (SMBs) and ESET PROTECT MDR Ultimate for enterprises. These offerings are built on the foundation of ESET PROTECT Elite and ESET PROTECT Enterprise, offering businesses of all sizes the most comprehensive, AI-powered threat detection and response capabilities, in combination with expert human analysis and comprehensive threat intelligence.

ESET’s MDR offerings are designed to cater to the specific needs of both SMBs and Enterprises. To that end, ESET PROTECT MDR delivers a comprehensive cybersecurity package, offering 24/7/365 superior protection that addresses the most common challenges of small and medium-sized businesses. This includes modern protection for endpoints, email, and cloud applications, vulnerability detection and patching, and managed threat monitoring, hunting, and response. It addresses the cybersecurity talent shortages and ensures compliance with cyber insurance and regulations, offering a remarkable 20-minute average time to detect and respond, a comprehensive MDR dedicated dashboard and regular reporting for complete peace of mind.

For enterprises, ESET PROTECT MDR Ultimate offers continuous proactive protection and enhanced visibility, coupled with customized threat hunting and remote digital forensic incident response assistance. This comprehensive service is designed to support overstretched SOC teams, providing them with 24/7 access to world-class cybersecurity expertise. It ensures enterprises stay one step ahead of all known and emerging threats, effectively closing the cybersecurity skills gap, and facilitating expert consultations for incident management and containment in a fully managed experience.

ESET also sets itself apart with its own telemetry and unique global coverage, leveraging its detections and ESET Research to gather unique data about attacks, a competitive edge not offered by many players in the market.

Enhancements to the ESET business portfolio

Additionally, all ESET PROTECT subscription tiers, starting from ESET PROTECT Advanced, are now enhanced with ESET Mobile Threat Defense (EMTD). This new value-added, standalone module extends attack vector coverage to an organization’s entire mobile fleet, seamlessly integrating into the ESET PROTECT Platform for efficient management, ensuring comprehensive protection for mobile devices. EMTD also includes a Mobile Device Management (MDM) functionality, with added support for Microsoft Entra ID.

Moreover, ESET Server Security introduces a firewall specifically designed for Windows servers, and Vulnerability & Patch Management, offering manual patch management and a 60-second delay of application process kill.

For more detailed information about ESET and its updated portfolio, please visit the dedicated offering pages forSMBs and Enterprises

Leave a comment »

Qantas Has An EPIC Privacy Breach On Their Hands

Posted in Commentary with tags , on May 1, 2024 by itnerd

This one is bad. Qantas as in the Australian airline has one hell of a privacy breach on its hands. The Guardian has the rather bad (if you’re Qantas) details:

Potentially thousands of Qantas customers have had their personal details made public via the airline’s app, with some frequent flyers able to view strangers’ account details and possibly make changes to other users’ bookings.

Qantas said late Wednesday its app had been fixed and was stable, after two separate periods that day “where some customers were shown the flight and booking details of other frequent flyers”.

The airline said this didn’t include displaying financial information, and that users were not able to transfer Qantas points from another account or board flights with their in-app boarding passes.

Clare Gemmell from Sydney said that she and four colleagues encountered the problem shortly after 8.30 on Wednesday morning.

“My colleague logged in and said ‘I think the Qantas app has been hacked because it’s not my account when I log in’.”

When Gemmell logged into the app, she was greeted with a message saying “Hi Ben”. The app told her Ben had more than 250,000 points and an upcoming international flight.

“Another colleague of mine said it looked like she was able to cancel somebody’s flight ticket,” she said.

“You could see boarding passes for other people, one of my colleagues could see a flight going to Melbourne and it looked like you could interact and actually affect the booking.”

Well, that’s one hell of a screw up that Qantas has apparently now fixed. But it’s still bad. Ted Miracco, CEO, Approov had this comment:

This incident with the Qantas mobile app is quite concerning from both a cybersecurity and privacy perspective. Many companies fail to implement adequate API security, which can lead to issues like the one potentially faced by Qantas. The security of APIs is critical as they often handle the logic, user authentication, session management, and data processing that apps rely on to function.

The problem described suggests a significant issue with how user sessions and data are being handled within the app. The Application Programming Interface (API) is incorrectly processing or validating session tokens, leading to unauthorized access to data. The exposure of such personal information, including booking details, frequent flyer numbers, and boarding passes, poses serious risks and liability. The data could be used for identity theft, phishing scams, or unauthorized access to further personal information. Such a breach should have significant legal and compliance implications, particularly under data protection regulations like the Australian Privacy Act (APA) or GDPR, if any EU citizens are affected, or other local privacy laws, depending on the nationality of the affected passengers.

The reliance solely on Google and Apple’s app store security measures for safeguarding mobile applications is indeed a common oversight that can lead to significant security challenges, as potentially evidenced by the Qantas incident. The security features provided by these platforms primarily focus on ensuring that apps are free from known malware at the time of upload and meet certain basic security criteria. However, these protections do not extend into the realms of runtime security, business logic, and specific data handling practices which are critical for ensuring application security.

Stephen Gates, Security SME, Horizon3.ai adds this:

Most people who utilize mobile apps don’t realize that these apps use APIs to communicate between the app and the app provider’s backend. And APIs are often full of potential vulnerabilities and subsequent risks due to how they are implemented. 

This is the primary reason why the OWASP API Security Project was created resulting in the most recent version: 2023 OWASP API Security Top 10. Being a contributor of the Top 10 2019 version, and spending time with founding leaders of the Security Project, the API risks organizations and consumers face today are quite clear. 

Today’s software (app) developers must not only become familiar with the API Top 10, but also become experts in understanding the intricacies associated with APIs. The API Top 10 provides highly detailed example attack scenarios as well as excellent recommendations on how to prevent such risks from occurring.

Qantas has some explaining to do to a whole lot of people because of this screw up. I hope they have detailed answers at the ready because this is one of these situations where people are going to want those answers. And they won’t be satisfied with anything less.

Leave a comment »

Volvo Study Reveals, 64% of Canadians Are Eyeing Electrified Vehicles for Next Purchase

Posted in Commentary with tags on May 1, 2024 by itnerd

Despite industry headwinds, 64% of Canadians looking to purchase a new vehicle say they would consider a hybrid, plug-in hybrid, or fully electric as their next vehicle in the next five years, according to new research released today.

This insight appears in the 2024 Mobility Trend Report, an exploratory study by Volvo Car Canada. The study comes as the country is experiencing mixed sentiment in the electric vehicles (EVs) category due to Canadians’ automotive preferences and evolving economic conditions.

The 2024 Mobility Trend Report highlights that amidst economic headwinds, three quarters of Canadians who wouldn’t consider an EV, say it’s because they’re too expensive. While other barriers center on infrastructure and charging aspects of the vehicle: 65% are worried they will get stranded if they run out of charge, and 59% say there are not enough places to charge one respectively.

New data points to help to illustrate the barriers that are top of mind and the current sentiment towards fully electric vehicles include:

  • Three-quarters (76%) of those not open to purchasing an EV say it’s too expensive.
  • Nearly four in five (78%) agree there currently isn’t enough publicly available charging infrastructure to make electric vehicles a good option and 72% say they aren’t worth the cost.
  • Only 15% of Canadians feel EVs are generally better than gas vehicles in terms of overall costs, including purchase price, gas/charging costs, maintenance, insurance, etc.
  • Two-thirds (64%) feel the environmental benefits of EVs are over-hyped.

Addressing these concerns is critical to making a difference in consumer willingness to purchase an EV, as 46% of respondents say vehicles with a longer maximum range would make a difference, 42% say easier to find charging stations, and 38% say better government rebates or incentives.

In 2023, Volvo Car Canada unlocked additional charging access with NACS that will come into effect this year as an effort to address consumers concerns around charging infrastructure. The agreement will enable access to Tesla’s Supercharger network providing access to an additional 12,000 fast-charge points.

Recently, Volvo Car Canada launched the EX30, its smallest and most affordable SUV yet, demonstrating its efforts to effectively meet consumers’ needs. The EX30 is designed to have the smallest CO2 footprint of any Volvo car to date, and to make people’s lives safer, more convenient, and more enjoyable through cutting-edge technology and Scandinavian design.

According to the 2024 Mobility Report, those most likely to consider a hybrid, plug-in hybrid, or fully electric vehicle are from BC (74%) and between the ages of 18 and 34 (76%).

March sales underscore Volvo Car Canada’s leadership in electrification and understanding consumer demands with electrified models — including both plug-in hybrids and fully electric vehicles — making up 50% of all sales.

Volvo Car Canada remains committed to its sustainability goals, continuously adapting to meet the needs of Canadians and paving the way for a greener future. The company plans to expand its discussions on consumer education about EVs and collaborate closely with stakeholders to enhance the EV ecosystem across Canada.

About This Study
These are the findings of a survey conducted by Volvo Car Canada from March 26th to 28th, 2024 among a representative sample of 1,000 online Canadians who are members of the Angus Reid Forum. The survey was conducted in English and French. For comparison purposes only, a probability sample of this size would carry a margin of error of +/- 3 percentage points, 19 times out of 20.

Leave a comment »

TELUS Volunteers Contributed 1.5 Million Volunteer Hours In 2023

Posted in Commentary with tags on May 1, 2024 by itnerd

TELUS has announced its 19th annual TELUS Days of Giving, a month-long initiative rallying TELUS team members, retirees, and partners around the world to volunteer and give back in their local communities. At a time when charities are seeing an increased need for services, and companies are facing increased levels of disengagement, giving back helps foster meaningful connections, driving short and long-term benefits for individuals, teams and the broader community. According to the most recent Canada Helps Giving Report, 55.2 per cent of charities have fewer volunteers than before the pandemic and an alarming 57 per cent of charities are already unable to meet their current demand. Meanwhile, Gallup’s latest research finds that 64 per cent of US employees are either actively disengaged or not engaged. Championed by TELUS team members for almost two decades, TELUS Days of Giving has since become its signature, global volunteer movement, supporting thousands of team members and charities alike. Last year alone, more than 80,000 volunteers gave back in 32 countries through thousands of volunteer opportunities, contributing to 1.5 million volunteer hours in 2023, more than any other company in the world. TELUS’ goal is to match these record-breaking results in 2024.

Companies with a strong social purpose experience a 52-per- cent lower turnover rate among new employees and have a more engaged workforce than ones that don’t. Driven by its philosophy, “Give where we live”, TELUS’ unwavering commitment to giving back has served to fuel its incredible strategic growth from regional telecom provider to global technology powerhouse, with over 132,000 team members and retirees around the world. From cleaning local shorelines and parks, donating blood, planting trees, recycling old mobile devices, or volunteering at neighbourhood food banks, TELUS Days of Giving enables team members, their families, customers and retirees to foster deeper connections with each other while helping make a meaningful difference in their own backyard. 

Throughout the month of May, TELUS is also encouraging customers to join them in raising funds for local animal charities by entering for a chance to win a special critter date experience and all expenses paid trip to Pegasus Animal Sanctuary, located in Ontario. For every entry TELUS will donate $1 to a local animal charity. Additionally, for less than $1/month customers can also join TELUS Change for Good, rounding up their monthly bill to support local youth charities through the TELUS Friendly Future Foundation

To learn more about how TELUS is helping create a friendlier future for all, visit telus.com/purpose.

Leave a comment »

The creators of NordVPN launches NordStellar

Posted in Commentary with tags on May 1, 2024 by itnerd

Leading cybersecurity company Nord Security introduces NordStellar, a threat exposure management platform for businesses. Created by developers of market-leading VPN solution NordVPN, the enterprise cyber threat exposure management platform helps businesses detect and respond to cyber threats, secure data access, safeguard accounts, prevent fraud, and reduce the risk of ransomware attacks.

Threat actors don’t need to look for complicated methods to access systems today. Instead, they can simply search for credentials that are probably already available on the dark web. This presents a risk that NordStellar can mitigate.

The number of cyberattacks targeting businesses is increasing at an alarming rate. According to recent statistics, ransomware attacks have seen a significant surge and now account for almost a quarter of all breaches. There was a 71% increase in attacks targeting identities in 2023. Additionally, cybercriminals now commonly abuse valid accounts, which account for 30% of all incidents.

NordStellar provides comprehensive protection and dark web monitoring for employee, brand, and corporate security. It bolsters enterprises’ resilience against cyberattacks by reducing ransomware risks, preventing account takeovers, identifying malware exposure, detecting compromised credentials, and protecting employees from identity theft. NordStellar is available as a platform and API.

It’s the third cybersecurity solution for businesses, created by Nord Security. The first two – a business password manager NordPass, that also servers individual customers, and an advanced network access security solution NordLayer were launched in 2019 and 2020. This year company also introduced Saily – a new global eSIM. Nord Security’s flagship product NordVPN is now considered to be the leading VPN service globally, featuring additional malware protection features, such as Threat Protection.

Leave a comment »

Debt Collector Pwned… 2 Million People Affected

Posted in Commentary with tags on May 1, 2024 by itnerd

In a data breach notification filed late last week, Financial Business and Consumer Solutions (FBCS) disclosed that the company suffered a data breach after discovering unauthorized access to its network impacting 1,955,385 individuals in the US.

According to the US licensed debt collection agency, on February 26, 2024, it discovered that attackers had breached their network on February 14, and the unauthorized actors had the ability to view or acquire certain information during that time.

FBCS specializes in debt collection from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. The data that the intruders could have accessed includes:

  • Full names
  • SSNs
  • DOBs
  • Account information
  • Driver’s license numbers or ID cards

FBCS says it has implemented additional security measures in a newly built environment to prevent similar incidents from occurring in the future.

BullWall Executive, Carol Volk had this comment:

   “The FBCS breach of PII of nearly two million individuals underscores the high value attackers place on this data. PII is often used for credential stuffing attacks and statistics reveal that over 80% of breaches involve compromised credentials, emphasizing the need for strong authentication and security measures.

   “This incident is a stark reminder that data breaches are nearly inevitable given the vast amount of personal information available to attackers. FBCS’s response, implementing enhanced security in a new environment, is vital but not sufficient. Organizations must integrate robust data containment systems as well as endpoint detection and response (EDR) solutions to limit damage and allow swift responses to breaches.”

Dave Ratner, CEO, HYAS:

   “Some may look at this event and say that identifying and stopping the breach only twelve days later is a good response, but in reality it highlights just how damage can be caused in a relatively short time.  It’s critical that organizations of all sizes implement cyber resiliency approaches that are capable of detecting breaches in real time, because detecting them even a small number of weeks later is too late.”

It’s easy to see where this data breach is going to go. Threat actors will use the information gained in this attack to launch secondary attacks which will comprise anything from phishing, to scams, to extortion. This isn’t going to end well for any of the two million people affected by this. And as for FBCS, the fact that they have (allegedly) mitigated this sort of thing from happening in the future is meaningless. Especially for those who have been affected.

Leave a comment »

CISA releases AI safety and security guidelines for critical infrastructure

Posted in Commentary with tags on May 1, 2024 by itnerd

Yesterday, CISA released MITIGATING AI RISK: Safety and Security Guidelines for Critical Infrastructure Owners and Operators, with the intent to address both possible opportunities for the technology and critical infrastructure but also the ways it could be weaponized or misused.

“AI can present transformative solutions for U.S. critical infrastructure, and it also carries the risk of making those systems vulnerable in new ways to critical failures, physical attacks, and cyber attacks. Our Department is taking steps to identify and mitigate those threats,” Homeland Security Secretary Alejandro Mayorkas said in a statement.

According to the guidelines, opportunities related to AI include operational awareness, customer service automation, physical security, and forecasting. At the same time, it also warns that AI risks to critical infrastructure could include attacks utilizing AI, attacks targeting AI systems, and “failures in AI design and implementation,” leading to potential malfunctions or unintended consequences.

CISA instructs operators and owners to govern, map, measure, and manage their use of the technology, incorporating the NIST’s AI risk management framework, and emphasizes understanding the dependencies of AI vendors and inventorying AI use cases. It also encourages critical infrastructure owners to create procedures for reporting risks and continuously testing the systems for vulnerabilities.

This release comes just days after the DHS announced the formation of a safety and security board focused on the same topic, including executives Sam Altman of OpenAI and Sundar Pichai from Alphabet.

Jason Keirstead, VP of Collective Threat Defense, Cyware had this to say:

   “I am pleased that CISA is highlighting the challenges AI presents for securing critical infrastructure. These guidelines underscore the need for robust AI system governance, urging infrastructure owners to adopt a structured framework for AI risk management. Simultaneously, CISA should work to highlight the opportunities that AI brings to assist in the defense of critical infrastructure, when leveraged effectively and with the goal of helping to break data silos in order to uncover hidden threats. If we want to avoid recreating the same siloed challenges that have impacted security operations tech and teams, we must encourage adopting consistent standardization and require defensive AI systems to interoperate with each other – this is key to both effectiveness and efficiency.”

This is a good move by the CISA because it is putting something out there that mitigates risk. And there are potentially many risks with AI that we simply aren’t aware of. Thus it would be wise to read and heed this advice.

Leave a comment »

HP Expands Gaming Portfolio with new OMEN Laptop and expanded line-up from HyperX

Posted in Commentary with tags on April 30, 2024 by itnerd

Building on their gaming news at CES 2024, HP continues to expand and refine their gaming portfolio to meet the needs of all gamers, everywhere. The new OMEN 17 Gaming Laptop is engineered to meet the demands of gamers who prefer bigger screens and wear many hats – whether it be as a content creator or even a student – to deliver great performance and high-quality visuals. HP is also launching the HyperX Pulsefire Haste 2 Core Wireless Gaming Mouse and the HyperX Cloud MIX™ Buds 2 to deliver incredible performance and audio that doesn’t get in the way of your play.

The new OMEN 17 boasts:

  • Immersive visuals: With its large 17.3-inch optional QHD display, refresh rate of 48-240 Hz VRR, rapid 3 ms response time, and IPS display technology, this laptop delivers quick and responsive gameplay with crystal-clear detail. 
  • AI enabled: The first OMEN gaming laptop equipped with a dedicated Copilot key for quick launch also benefits from AI-drive OMEN camera & voice enhancer for superb audio/ video experience. Exclusive to HP, meetings or lecture notes never need to be an issue with Otter.ai record function for transcribing audio, and AI-generated notes. 
  • Cool and customizable: OMEN Tempest Cooling keeps laptop cool even during intense play with three-side venting and dual 12V fans. Personalize the device with RGB keyboard lighting via OMEN Gaming Hub’s Light Studio to express a unique style.
  • Performance-driven design: The robust large screen laptop includes up to AMD Ryzen™ 9 8945HS NPU delivering outstanding performance for demanding games and applications 3 and includes up to Nvidia GeForce RTX 4070 Laptop GPU enabling stunning visuals and smooth gameplay.
  • Expertly tuned audio by HyperX: Sound performance is custom tuned for clarity and spectral balance to ensure that subtle details are not overshadowed by louder sounds.

To truly give an immersive experience, HP not only needs a great laptop or desktop but they also need to offer premium gaming gear. HyperX’s newest accessories are designed for gaming , offering reliable performance and sound without distractions: 

  • HyperX Pulsefire Haste 2 Core Wireless Gaming Mouse: Powered by a single AAA battery, and weighing only 70 grams, this mouse can game via a highspeed 2.4 GHz connection for up to 100 hours or Bluetooth mode for an even longer battery life. With a HyperX Custom Core Sensor, its capable of up to 12,000 DPI and TTC Gold switches with a lifespan of up to 20 million clicks for gaming reliability when you need it most.
  • HyperX Cloud MIX ™ Buds 2: These earbuds are designed to elevate your gaming and audio experience anywhere, anytime. Its ultra-low latency dongle provides a lag-free connection for seamless gaming on multiple platforms. Its Bluetooth® 5.3 LE Audio technology offers enhanced audio quality, longer battery life, and a more stable wireless connection. The hybrid Active Noise Cancelling (ANC) feature blocks outside disruptions to remain focused on the game. 

Pricing and Availability 

  • The OMEN 17 Gaming Laptop is expected to be available on in May at HP.com for a starting price of $1,999.99.
  • HyperX Pulsefire Haste 2 Core Wireless Gaming Mouse will be offered in black or white for an MSRP of $84.99.
  • HyperX Cloud Mix™ Buds 2 is expected to be available this fall for an MSRP of $214.99.

Leave a comment »

Horizon3.ai Unveils Rapid Response Service for Cyber Resilience

Posted in Commentary with tags on April 30, 2024 by itnerd

Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform. This one-of-a-kind capability marks a significant advancement in autonomous penetration testing solutions by addressing a critical gap in measuring the real-world impact of exploitable vulnerabilities within the software many organizations have come to rely on. Now, organizations can gain a clear understanding of their ‘likelihood of exploitability’ for the most critical vulnerabilities being announced.

As organizations continue to contend with both zero-day and N-day vulnerabilities, the window of time between the public disclosure of a vulnerability and threat actors exploiting them in the wild is steadily shrinking. Knowing this predicament, organizations spend vast amounts of time, money, and resources patching the software they use after hearing of a vendor vulnerability announcement. Yet, how often are organizations expending considerable effort not knowing if a vulnerability is actually exploitable or not? The answer to that is, “quite often.”

So far in 2024, the U.S. National Vulnerability Database (NVD) has tracked 11,709 new vulnerabilities in publicly released software. A common challenge for organizations is determining whether any software they are using that is identified as vulnerable is actually exploitable within their specific environments, a judgment often contingent on how the software is deployed. Since organizations often lack a proven method to assess the ‘exploitability’ of software, they may find themselves updating software that does not require immediate patching. NodeZero addresses this issue with its Rapid Response service, which is specifically tailored to manage many of the most critical vulnerabilities more effectively. The following outlines the workings of the Rapid Response service.

As Horizon3.ai’s attack team conducts original research and uncovers new vulnerabilities, they also keep an eye on public vulnerability disclosures. They assess the exploitability of these vulnerabilities, considering factors such as the ease of exploitation, their severity, and the prevalence of the vulnerable software. Following their assessment, they develop proof of concept (POC) exploits, integrate them into NodeZero as new attack content, and notify customers about these emerging vulnerabilities. With NodeZero, customers can probe their systems using this new attack content to gain immediate insights into their level of exploitability. Furthermore, Horizon3.ai alerts customers if known vulnerable software is present in their production environments and warns them about NodeZero being able to exploit these weaknesses.

The Rapid Response service doesn’t just focus on vulnerabilities; it zeroes in on the exploitability of known issues in production environments. As part of this service, organizations receive proactive measures to keep abreast of cyberattacks. The vulnerabilities that flow through this program typically revolve around publicly accessible assets since they are the most likely targets for exploitation.

Recognizing the critical role of response time to emerging exploits in the wild, Horizon3.ai’s Rapid Response service is designed to provide organizations with a proactive defense mechanism to stay ahead of evolving cyberattacks as they’re discovered or trending in the wild. The fundamentals of this type of rapid response effort are concentrated on enabling organizations to preemptively mitigate nascent vulnerabilities before threat actors target them. 

By leveraging Horizon3.ai’s expertise in using ‘offense to inform defense,’ and leaning into NodeZero’s autonomous capabilities, customers can schedule and/or immediately launch NodeZero using a single exploit-check to gain early detection of exploitability from an attacker’s perspective. Once finished, NodeZero prioritizes the most critical and exploitable vulnerabilities that must be patched because they have been deemed completely exploitable by the NodeZero platform.

Horizon3.ai’s Rapid Response service is a groundbreaking step forward in the field of cybersecurity, offering organizations an unprecedented level of preparedness against cyber threats. With its cutting-edge technology and proactive strategy, Horizon3.ai is redefining the landscape of cyber defense, providing a critical service that ensures organizations are not only aware of their vulnerabilities but are also equipped to address exploitability with unmatched speed and efficiency. This service, seamlessly integrated into the NodeZero platform, solidifies Horizon3.ai’s position as a leader in autonomous security solutions, empowering organizations to fortify their defenses against the unpredictable nature of cyber threats.

Learn more about the Horizon3.ai Rapid Response service here

Leave a comment »

Nuspire’s Q1 2024 Threat Report Is Out

Posted in Commentary with tags on April 30, 2024 by itnerd

Nuspire today unveiled its Q1 2024 Cyber Threat Report. This latest report provides an in-depth examination of the changing dynamics in cyber threats, highlighting rises in ransomware, dark web commerce and exploit activities, alongside measures to safeguard against these threats.

The Q1 2024 report spotlights a 3.69% rise in ransomware activities from Q4 2023, punctuating the persistent threat ransomware groups pose. Additionally, dark web market activity saw a staggering 58.16% increase in listings, indicating significant growth in the trade of stolen data and illicit goods.

Exploitation events also experienced a sharp uptick, with a 52.61% increase in total activity from Q4. The report specifically points to the exploitation of the Hikvision Product SDK WebLanguage Tag Command Injection vulnerability (CVE-2021-36260) as a leading concern.

Additional findings from Nuspire’s newly-released cyber threat report:

  • Despite the U.S. Department of Justice’s disruption of LockBit’s operations on Feb. 20, 2024, the group’s extortion publications experienced only a temporary decline before rapidly recovering, resulting in a 1.74% increase in LockBit’s publications by the end of Q1 2024 compared to Q4 2023.
  • The manufacturing sector, crucial to supply chains and rich in intellectual property, faced a jump in ransomware attacks from LockBit and CL0P. The growth in attacks highlights the vulnerabilities this industry often faces resulting from complex IT/OT systems, underinvestment in cybersecurity and the sector’s historical prioritization of operational continuity over security measures.
  • The report also revealed a more than twentyfold increase in exploit attempts against the Hikvision Product SDK WebLanguage Tag Command Injection vulnerability (CVE-2021-36260) compared to Q4’s data. This vulnerability allows for remote device hijacking without user interaction on Hikvision security cameras.
  • Listings on dark web marketplaces featuring Lumma Stealer saw a significant increase, more than doubling from Q4 2023. Lumma Stealer emerged in 2023 and quickly became a leader in infostealing malware.

To access the Q1 2024 Cyber Threat Report and learn more about protecting your organization, visit Nuspire’s website.

Leave a comment »

« Older Entries
Newer Entries »