ThreatConnect Enables Customers to Operationalize Intelligence Requirements with New Industry-First Capability

Posted in Commentary with tags on August 7, 2023 by itnerd

ThreatConnect, Inc, maker of industry-leading AI and ML-powered threat intelligence operations (TI Ops) and cyber risk quantification solutions, today announced its new Intelligence Requirements capability. This new capability strengthens ThreatConnect’s TI Ops Platform by allowing customers to define, manage, and track their intelligence requirements (IRs), priority intelligence requirements (PIRs), and requests for information (RFIs) more effectively, making it easier to identify relevant intelligence, track the value of their intelligence sources, and take proactive action against the most dangerous threats. 

With limited resources, it’s more critical than ever that cybersecurity teams are deeply aligned with both business priorities and an evolving threat landscape. Too often, threat intelligence is produced ad-hoc and siloed without input from stakeholders leading to ineffectual intel and wasted efforts. IRs and PIRs represent a common language that drives stakeholder input and organizational alignment. A recent ThreatConnect customer survey found that 94% find PIRs highly or moderately helpful in improving cyber threat intelligence teams’ performance. However, 93% reported one or more challenges with communicating and operationalizing PIRs. 

ThreatConnect is tackling the problem of effectively operationalizing these requirements in its next release. With built-in support for defining, implementing, and identifying intelligence related to IRs and PIRs, ThreatConnect empowers security professionals to quickly and easily create optimally defined requirements and use them to identify relevant intelligence within the customer’s own Threat Library and ThreatConnect’s ML and AI-powered Global Intelligence.  

IRs and PIRs are a critical component of ThreatConnect’s Evolved Threat Intelligence Lifecycle planning stage. The planning and direction phase of the threat intelligence cycle is complex, often overlooked, and has a significant downstream impact on the rest of the process. CTI analysts are dealing with substantial data challenges, making it time intensive to process and prioritize what is specifically relevant to the organization. This new product feature helps articulate requirements and form the foundation of the evolved threat lifecycle, no matter the team’s maturity. IRs also save users time by automatically parsing incoming and relevant intelligence related to each requirement.

ThreatConnect’s new IRs feature enhances TI Ops capabilities by:

  • Streamlining the implementation, integration, and management of PIRs directly in the platform instead of with documents and spreadsheets.
  • Improving threat detection, response times, and risk mitigation actions through matching new intelligence relevant to your requirements.
  • Facilitating the efficient production and dissemination of relevant intelligence to stakeholders, empowering them with timely and accurate information to respond quickly and effectively to threats, substantially reducing risks.

Leave a comment »

Twitter Blue Is Now X Premium…. And Elon CLAIMS That He Will Cover Your Legal Bills If Your Twitter Habits Get You Into Trouble

Posted in Commentary with tags on August 6, 2023 by itnerd

Boy the last 24 hours on Twitter, or X, or whatever the hell it’s called has been eventful.

As part of this rather ill advised rebrand of Twitter to X, Twitter Blue is now X Premium. Elon sort of made the announcement early yesterday, along with some other details:

But that’s not the only thing that he did. He also said this on Twitter:

One thing to keep in mind is that Elon has a habit of Tweeting stuff that never comes true. Especially with Tesla. So I would take this with a grain of salt and nobody should expect that Elon will ever make good on this promise. If you want to call it that.

I wonder what else that Elon will randomly say and promise on Twitter?

Leave a comment »

Numerous Hospitals Pwned In Cyber Attack

Posted in Commentary with tags on August 5, 2023 by itnerd

ABC is reporting that a number of hospitals in a number of states that are part of Prospect Medical Holdings have been pwned in a cyberattack:

Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted.

Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the extent of the problem and resolve it.

John Riggi, the American Hospital Association’s national advisory for cybersecurity and risk, said the recovery process can often take weeks, with hospitals in the meantime reverting to paper systems and humans to do things such as monitor equipment and run records between departments.

“These are threat-to-life crimes, which risk not only the safety of the patients within the hospital, but also risk the safety of the entire community that depends on the availability of that emergency department to be there,” Riggi said.

The latest “data security incident” began Thursday at facilities operated by Prospect, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania.

“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” the company said in a statement Friday. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”

The White House has been monitoring the cyberattack, said Adrienne Watson, a spokesperson for the National Security Council.

Ani Chaudhuri, CEO, Dasera had this comment:

The recent cyberattack on Prospect Medical Holdings, leading to disrupted services in hospitals across several states, underscores a grim reality – no sector, no matter how critical, is immune to cyber threats. The impact on healthcare, already strained under the weight of the ongoing global health crisis, has immediate and far-reaching consequences on human lives. My heart goes out to the patients and healthcare providers grappling with the fallout from this event.

First and foremost, it’s essential to acknowledge that securing and governing data, especially in the cloud, is a Herculean task. We’re exploring uncharted territories where traditional security perimeters evaporate, and data sprawl is becoming increasingly common. The interconnectedness of data makes hospitals and healthcare systems particularly vulnerable as they handle massive amounts of sensitive and personal health data daily.

Moreover, the COVID-19 pandemic has accelerated the digital transformation in healthcare, pushing many providers to adopt cloud technologies quickly, often without the opportunity to implement robust security measures. It’s a harsh reminder that cybersecurity isn’t an ‘add-on’ but an integral part of our digital infrastructure that requires as much attention and investment as any other part of the system.

Empathy must also extend to understanding the colossal challenges of protecting sensitive data and maintaining services during a cyberattack. As a cybersecurity professional, I know that these are trying times, and while we aspire to prevent every attack, the truth is that no system is foolproof.

The incident also emphasizes the urgency of a multi-layered defense strategy. Zero trust security, robust data governance, regular cybersecurity audits, and continuous employee training are all vital components of such a strategy.

Even though the landscape might seem overwhelming, it’s important not to lose sight of our collective strength. Cybersecurity isn’t just the domain of security experts; it’s everyone’s responsibility. The healthcare sector and every industry need to work with cybersecurity companies, policymakers, and educators to raise awareness and build resilience at all levels of the organization.

In the face of this adversity, we must remind ourselves that while every company and sector is susceptible to attacks, we also possess the resourcefulness and resilience to adapt, learn, and grow stronger. It’s a steep mountain, but we’ll conquer it together.

This is not a good situation and again illustrates that cyberattacks can be very dangerous to us all. It also illustrates that more needs to be done to ensure that cyberattacks do not have this level of disruption.

Leave a comment »

Cyber-Attacks Targeting Government Agencies Have Increased By 40%

Posted in Commentary with tags on August 5, 2023 by itnerd

Cyber-attacks against government and public sector services rose 40% last quarter, according to BlackBerry Cybersecurity’s 2nd Quarterly Threat Intelligence Report published this week. The report claimed they stopped 1.5 million attacks from March to May of this year, 55,000 of which targeted government and public sectors.

Highlights:

90 days –Blocked over 1.5 million attacks

  • Approximately 11.5 attacks /minute.
  • Roughly 1.7 novel malware samples /minute
  • A 13% increase from the previous reporting period

Most targeted industries – Healthcare, Financial and Government services with information-stealing malware, or infostealers

Remote access increases cyber risk 

  • Rise of mobile banking malware targeting digital and mobile banking
  • Growing availability of commodity malware
  • Increase in Ransomware attacks

Researchers confirmed that the five most frequently used tactics were in the categories of discovery and defense evasion “demonstrating that attackers are diversifying their tooling in an attempt to bypass defensive controls, especially those legacy solutions based on signatures and hashes,” reads the report.Attacks during this period were predominantly focused on North America by groups such as LockBit, BlackByte and of course Clops MOVEit supply chain attacks.

George McGregor, VP, Approov had this to say:  

“This is another report which shows the increasing sophistication and frequency of cyberattacks.   “Although the geographic data in the report may reflect more the deployment of the Blackberry solutions, the conclusions that healthcare, financial services and government services are a primary focus for attackers does resonate with our own research as does the growth of discovery techniques. Specifically, we are increasingly seeing bad actors harvesting useful information from mobile apps for use in subsequent attacks.”

Governments are prime targets for threat actors. Hopefully that sector is doing everything possible to protect themselves from threats that are clearly out there.

Leave a comment »

Microsoft Warns Of Cybersecurity Complexities At Sporting Events

Posted in Commentary with tags on August 5, 2023 by itnerd

In a new study by Microsoft called the State of Play report, Microsoft highlighted the growing opportunities for threat actors to target high-profile sporting events, “especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities and attendees.”While managing the critical-infrastructure cybersecurity at the 2022 FIFA World Cup in Qatar, Microsoft observed attackers continuously attempting to compromise connected systems through identity-based attacks.

  • “What we saw was consistent, with cyber-criminals being opportunistic and seeing where they can infiltrate and find gaps between a lot of connected systems, in the context of a large event. The cybercrime economy’s sheer size and low barriers to entry make this kind of opportunism a significant risk to account for in planning and having layered defenses in place.
  • “What makes the sports landscape unique is that the IT assets and operations are so different, you have a lot of mobile devices across teams and staff, and a lot of connectivity across different stadiums, training facilities, hotels and other venues. And the nature of these connections is that they stand up and down as teams complete in seasons and tournaments,” said Justin Turner, Principal Group Manager, Microsoft Security Research.

Furthermore, this allows threat actors to simultaneously target mobile payment and retail systems, socially-engineer participants, and scan for unpatched/misconfigured devices. Also, security complexity is compounded as there are numerous parties managing a multitude of systems, such as corporate sponsors, municipal authorities and third-party contractors.

George McGregor, VP, Approov has this comment:  

“A key element are the apps which are launched for events (for example the FIFA Women’s World Cup app – 10M+ downloads on Android) which are intended to be a “one-stop shop” for events. Unless they are protected, they can leak personal financial data and also be a source of other information which can be used in broader infrastructure attacks.”

Amit Patel, SVP, Cyware follows up with this:  

“Anytime you gather tens of thousands of people together using shared infrastructure it’s an attractive target for attackers. Major sports leagues are realizing that they need to address security collectively – not relying on local capabilities. By monitoring threats globally, and sharing intel automatically across leagues and venues, and anticipating attacks, we can reduce risks considerably.”

Sporting events are clearly not the safe places that they once were. This is why not only the people who run these events have to make sure that there is a holistic view of their cybersecurity landscape, but we have to do our part by being mindful of the fact that there are threats that might be lurking at these events.

Leave a comment »

The UK Gov Fears That Cyberattacks On Infrastructure Could Kill Thousands

Posted in Commentary with tags on August 5, 2023 by itnerd

In the 2003 edition of the National Risk Register report, the UK government warns that a serious cyber-attack on UK critical infrastructure has a 5–25% chance of happening over the coming two years.

The report is based on the government’s internal, classified National Security Risk Assessment, and considers malicious risks such as terrorism and cyber-attacks alongside non-malicious risks like severe weather incidents. It lists several cyber-related risks, including attacks on:

  • Gas infrastructure
  • Electricity infrastructure
  • Civil nuclear facilities
  • Fuel supply infrastructure
  • Government
  • Health and social care systems
  • Transport sector
  • Telecommunications systems

The assessment ranks the likelihood of these attacks happening in the next two years as a “4” on a scale of 1–5. The predicted attacks involve “encrypting, stealing or destroying data upon which critical systems rely on or disruption to operational systems” resulting in economic cost measuring in the billions of pounds, possible fatalities of up to 1000 people and casualties of up to 2000.
 
The report also mentions AI as a “chronic risk” that poses “continuous challenges that erode our economy, community, way of life, and/or national security.”

George McGregor, VP, Approov had this to say: 

“This report presents quite a wide-ranging litany of threats and their consequences but unfortunately the “response capability requirements” for each one are very generic and do not make clear which players must take action. Linking this document to more specific mitigation and response guidelines for each area (eg cybersecurity) would make it more actionable.”

We’re past the point where cyberattacks are a mere inconvenience to businesses and the general public. They’re now in a place where they could kill people. If that isn’t an incentive for organizations of all sizes in all sectors to get their houses in order from a cybersecurity perspective, I don’t know what will make them do the right thing.

Leave a comment »

Ransomware Attacks Targeting Industrial Organizations Surge

Posted in Commentary with tags on August 4, 2023 by itnerd

Ransomware attacks targeting industrial organizations and infrastructure have doubled since the second quarter of 2022, according to a report from industrial cybersecurity firm Dragos. In the second quarter of 2023, Dragos observed 253 ransomware incidents, marking an 18% increase from the first quarter of 2023, which had 214 attacks. The rise in attacks is attributed to ransomware revenue plunging in 2022 as more victims refused to pay up.  

Dragos predicts that the third quarter of 2023 will witness increased business-impacting ransomware attacks against industrial organizations due to political tensions and ransomware groups shifting their focus towards larger organizations.  

North America is the most affected region, followed by Asia. The manufacturing sector remains the most targeted, with industrial control systems (ICS), transportation, and oil and gas sectors also experiencing significant attacks. Among the monitored ransomware groups, LockBit, Alpha V, and Black Basta are the most active in launching attacks. 

Carol Volk, EVP, BullWall leads with is comment:

“Industrial sector organizations must prioritize cybersecurity by strengthening defenses with advanced protection tools, network segmentation, regular data backups and for the inevitable breach, ransomware containment. Educating employees about cybersecurity risks, collaborating with reputable cybersecurity firms, and fostering cooperation among governments and industries for threat information sharing are crucial steps.” 

Emily Phelps, Director, Cyware follows with this comment:                  

“Ransomware attacks can devastate organizations. Adversaries don’t only outnumber cybersecurity pros; they collaborate effectively too. To mitigate the potential damage, enterprises should have preparations that enable them to maintain business continuity in case of an attack.    

“Organizations should regularly back up and test data and systems on an air-gapped network or at least on a network not constantly connected to the internet; segment their environments to contain outbreaks; regularly patch and update systems, applications, and software; invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics; and invest in context-rich threat intelligence that enable security teams to proactively identify and prioritize threats that are more likely to impact their business.”

Finally Stephen Gates, Principal Security SME, Horizon3.ai:

“Simply put, attackers who gain remote access to any internal computing device are the primary threat industrial organizations face. Once an attacker achieves access, they use it to take over networks and ransom critical systems.   

“In comparison to a natural disaster, fire, or other similar incident, a cyber event like ransomware that halts production is just as critical to plan for, especially in terms of risk management and business continuity.   

   “The most effective way to defeat ransomware-based attacks is to continuously assess your own infrastructure, find the attack paths an attacker would take, and then fix those issues and validate that your fixes defeated the discovered attack paths. Once complete, you rinse and repeat the process regularly to discover new attack paths. No other defensive or offensive method of reducing the risk of ransomware will be as effective as the method explained here.”

Clearly the threat actors are moving to attack sectors where they think they will get paid. The best way to stop that from happening is to make every sector as difficult to breach as possible. That way the threat actors have less opportunities for a big payday.

Leave a comment »

Fisker Unveils Ronin Supercar, PEAR Urban Vehicle, Alaska Pickup Truck Models

Posted in Commentary with tags on August 4, 2023 by itnerd

Fisker Inc. today showcased its future vehicle lineup in Huntington Beach, CA. The Manhattan Beach-based carmaker presented four vehicles, as well as technology and sustainability visions, to an audience of investors, analysts, employees, and the media. 

Chairman and CEO Henrik presided over reveals of the Fisker Ocean SUV with a Force-E offroad package; the 1,000-plus-horsepower Fisker Ronin grand-touring four-door convertible; the Fisker PEAR sustainable city EV; and the Fisker Alaska all-electric pickup truck.

In addition to the vehicles that were displayed on stage, the company detailed its Fisker Blade computer, a central computing platform that will greatly reduce complexity in forthcoming vehicles. Fisker also reviewed its Environmental, Social and Governance (ESG) objectives as it strives to become the world’s most sustainable carmaker.

After the conclusion of the Huntington Beach event, Fisker opened reservations for both the Fisker Ronin ($2,000 for first reservation, $1,000 fully refundable for second) and the Fisker Alaska ($250 for first reservation, $100 fully refundable for second).

Details on the newly revealed vehicles are as follows:

Fisker Ronin is the world’s first all-electric four-door convertible GT sports car.  

  • A true five-seat GT with a carbon fiber hard-top convertible, four butterfly doors, a high-tech luxury interior, and uniquely futuristic exterior design.
  • An integrated battery pack powers Ronin to a targeted 600-plus mile range
  • A triple motor all-wheel drive powertrain is projected to deliver massive 1,000-plus horsepower and 0-60 mph in approximately 2.0 seconds.
  • A showcase for Fisker engineering, powertrain, and software capabilities, Ronin will be ultra-luxury priced and built in limited quantities.

Fisker PEAR (Personal Electric Automotive Revolution) is Fisker’s vision of a sustainable EV as a connected mobility device. 

  • A category-breaking lifestyle vehicle built on Fisker’s SLV-1 platform, PEAR is built using Fisker’s Steel++ development process, resulting in the use of 35% fewer parts than other EVs in class.
  • Features a highly connected and revolutionary electrical engineering architecture, and the first implementation of the Fisker Blade central computing platform.
  • Unique Houdini Trunk (hideaway liftgate) and a front storage compartment called the Froot (“front boot”) simplify cargo loading in city parking.
  • Compact body length delivers sporty handling, while allowing room for spacious and modular interior with seating for up to six.
  • Futuristic design includes an ultra-wide wraparound windscreen, sculptural exterior design, and slim LED lighting.
  • Designed to be the future of clean and affordable mobility for a global mass market, PEAR is available in four trim levels, priced starting at $29,900, and scheduled to be available in mid-2025.

Fisker Alaska is Fisker’s versatile, advanced, and powerful all-electric four-door pickup truck. 

  • Built on an extended adaptation of Fisker Ocean’s platform called the FT31, Alaska is both a sporty everyday ride and a highly flexible utility pickup.
  • Built for multiple cargo configurations, including a cargo bed extendable from 4.5 feet to 7.5 feet to 9.2 feet, and a Houdini bed divider which hides away to connect cargo bed and rear cabin.
  • Designed to be the world’s lightest EV pickup truck.
  • Designed to be the world’s most sustainable truck.
  • Shares the Fisker Ocean’s modern design DNA and fast, road-holding EV performance, and has a projected range of 230-340 miles.
  • Expected deliveries in 2025 and priced starting at $45,400 before incentives.

Force E is the dynamic and durable off-road package for the Fisker Ocean SUV

  • Designed to maximize Fisker Ocean’s outstanding torque, power, and best-in-class range for sustainable off-roading adventure.
  • Will be available for all-wheel drive Ultra and Extreme trims, both at vehicle purchase and as a post-purchase add-on package.
  • Includes 33” tires on 20” wheels, higher ground clearance, specialized dampers, roof basket, front and rear skid plates, and an underbody plate for greater durability.
  • Scheduled to be available in Q1 2024, with pricing to be announced.

You can watch the event here to see all of Fisker’s new vehicles.

Leave a comment »

Threat Actors Are Abusing Cloudflare Tunnel in New Effort to Use Legitimate Tools for Attacks

Posted in Commentary with tags on August 3, 2023 by itnerd

Nic Finn, Senior Threat Intel Consultant at GuidePoint Security, released new research, which you can read here identifying a new legitimate tool that threat actors are using to execute attacks – Cloudflare Tunnel, also known by its executable name, Cloudflared. 

Background: Cloudflared is functionally very similar to ngrok, an ingress-as-a-service tool that’s been used by Threat Actors for quite some time now. However, Cloudflared differs from ngrok in that it provides a lot more usability for free, including the ability to host TCP connectivity over Cloudflared. Additionally, Cloudflared provides the full suite of Access controls, Gateway configurations, Team Management, and User Analytics.

Why this Matters: This tool is a legitimate binary, supported on every major operating system, and the initial connection is initiated through an outbound HTTPS connection to Cloudflare-owned infrastructure, followed by data exchanged to tunnel connections over QUIC on port 7844. This means that most firewalls or network-based defenses will allow this traffic, as most firewall rules are far more relaxed toward outbound connections. Threat Actors don’t have to expose any of their infrastructure, except the token assigned to their tunnel, to anyone except Cloudflare prior to a successful connection, and their ability to modify the configuration of the tunnel in real time means post-breach analysis is severely limited if the TA covers their tracks. 

Leave a comment »

Google rolls out new privacy features to help users stay safe online

Posted in Commentary with tags on August 3, 2023 by itnerd

Online safety and security is always top of mind for Google. Today, the company announced new ways to help users stay in control of their personal information, privacy and online safety, including:  

  • Results About You: Last year, Google launched the Results about you tool to make it easy for people to request the removal of search results that contain their personal details, right from the Google app or however they access Search. TomorrowGoogle will announce a new dashboard that will let you know if web results with your contact information are showing up on Search. This tool will be available in the U.S. in English to start, and Google is working to bring it to new languages and locations soon. 
  • SafeSearch Blurring Setting: SafeSearch blurring setting is rolling out for all users globally, and will, by default, blur explicit imagery on Search, such as adult, graphic or violent content.
  • Personal Explicit Images: Google has long had policies that enable people to remove non-consensual explicit imagery from Search. Now, it’s building on these protections to enable people to remove from Search any of their personal,  explicit images that they no longer wish to be visible in Search.  For example, if you created and uploaded explicit content to a website, then deleted it, you can request its removal from Search if it’s being published elsewhere without approval. More broadly, whether it’s for websites containing personal information, explicit imagery or any other removal requests, we’ve also updated and simplified the forms for users to submit removal requests. 

For more information and details please read the Google Blog post here

Leave a comment »

« Older Entries
Newer Entries »