Phishing Attacks Surge 356% And Cloud Service Attacks 161% – Perception Point

Posted in Commentary with tags on May 29, 2023 by itnerd

According to Perception Point’s 2023 Annual Report: Cybersecurity Trends & Insights report, researchers observed a 356% growth in the number of advanced phishing attacks attempted by threat actors with the total number of attacks increasing by 87% in 2022.

Also, password-protected malware saw a trend in 2022, with attackers using encryption to protect their payloads and evade detection. Possibly correlating to the beginning of the Russian invasion of Ukraine, in March attacks increased tenfold to that of the February and then in October the numbers tripled that of September.

Furthermore, with email and browsers remaining the leading attack vectors, threat actors have adapted to organizations’ widespread adoption of cloud collaboration apps, storage and productivity services, with 2022 experiencing a 161% surge in attacks on cloud services. 

Overall, other notable figures from the report include:

  • Malware accounted for 28.6% of incidents behind phishing (67.4%) 
  • BEC attacks grew by 83%
  • Phone scam attacks made a comeback by 363%
  • Microsoft was most impersonated in emails – 3.3x more than the next most copied LinkedIn

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “The statistics are no surprise and only the beginning. The revolution in large language model (LLM) AI is opening up a whole new world for phishing attacks, increasing both the ease and sophistication of attacks. Sadly, these attackers are going to be wildly successful and as a consequence the number of attacks will continue to grow, as appropriate defenses are not yet in place. Businesses will be targeted, and as they become more sophisticated in the defense against Phishing, it will be redirected at consumers or high-net worth individuals. Most discouraging about these attacks is the victims who will be the most vulnerable, including seniors, who are often targeted, especially with the ‘Microsoft’ impersonating version of these scams.”

Given that I spend a lot of time and effort to fight threats like these, this is a very sobering report. I along with anyone who lives in this space is going to have a difficult time over the next year or two based on this.

Leave a comment »

Guest Post: Interest in cybersecurity and career opportunities surge in May 2023

Posted in Commentary with tags on May 29, 2023 by itnerd

Current data from Google Trends reveals that public interest in cybersecurity and careers in the field has grown significantly since the beginning of 2022 and reached an all-time high in May 2023.

Media coverage of cyber incidents, data breaches, and privacy violations has raised public consciousness about the importance of cybersecurity. People are becoming increasingly aware of the potential consequences of cyber threats. 

This increased awareness has fueled a desire to protect personal and organizational data, hence growing interest in cybersecurity careers. 

The shortage of skilled cybersecurity professionals has driven up the salaries in the field.

In turn, Google search interest for keywords ‘cybersecurity,’ ‘cybersecurity salary,’ and ‘cybersecurity jobs’ hit an all-time in May 2023, according to Atlas VPN findings

The global search volume figures show that interest in cybersecurity and jobs in the field has been steadily growing since the second half of 2015. 

However, a significant uptick in attention toward digital security and employment opportunities can be seen in Q1 2022, which continued until the end of the year, likely caused by remote work, media attention, and a rise in cyber attacks. 

The Google search popularity for keywords ‘cybersecurity salary’ and ‘cybersecurity’ jumped to 97 in September and October of 2022 and then declined to around 70 in December.

Since the start of this year, the search volume for ‘cybersecurity’ and ‘cybersecurity salary’ has hovered at around 90, and about 80 for the keyword ‘cybersecurity jobs’. 

However, in May 2023, the popularity of all three keywords quickly reached a relative interest of 100.

Causes for the record popularity could be multiple, including significant recent cybersecurity incidents, newly released influential industry reports, the favorable job market for cybersecurity professionals, and new government initiatives and regulations. 

Atmosphere of cybersecurity careers 

On top of attractive pay, cybersecurity is seen as one of the most stable careers for the foreseeable future. 

With the continuous evolution of technology and the ongoing need for protection against cyber threats, cybersecurity professionals can expect long-term job security and a variety of career advancement prospects.

At the same time, cybersecurity is a dynamic and multidisciplinary field that requires constant learning and adaptation. 

To read the full article, head over to: 

https://atlasvpn.com/blog/interest-in-cybersecurity-and-career-opportunities-surge-in-may-2023

Leave a comment »

Elon Musk Pulls Twitter From EU Code Of Practice On Disinformation

Posted in Commentary with tags on May 29, 2023 by itnerd

In 2018 Twitter joined a list of tech companies, social media services, and other organizations to abide by a voluntary Code of Practice on Disinformation. However as of Friday, Twitter has decided to opt out of this. TechCrunch has the details:

In a tweet last night — which confirmed earlier reports of Twitter’s impending exit from the EU Code— Breton issued the social media platform with a blunt warning: Telling Twitter it cannot hide from incoming legal liability in this area.

“Twitter leaves EU voluntary Code of Practice against disinformation. But obligations remain. You can run but you can’t hide,” Breton wrote — a reference to obligations the platform is legally required to comply with as a so-called very large online platform (VLOP) under the EU’s Digital Services Act (DSA).

“Beyond voluntary commitments, fighting disinformation will be legal obligation under #DSA as of August 25. Our teams will be ready for enforcement.”

The pan-EU law, which entered into force back in November, requires VLOPs like Twitter to assess and mitigate systemic risks to civic discourse and electoral processes, such as disinformation.

The deadline for VLOPs’ compliance with obligations in the DSA is three months from now.

So, this is going to get interesting in a hurry. If Elon Musk really wants to pick this fight, he may be fined 6% of annual turnover for every violation. And that’s cash that he doesn’t have. On top of that the EU could block Twitter outright. And that would cost him even more money. So why would he do this? It truly makes zero sense. But nothing that Elon does makes sense as he seems from those of us watching from the outside to be a really irrational person. All I know is that those who pick fights with the EU lose way more often than they win. And given Elon’s recent track record, he should be prepared to be on the losing end of this.

1 Comment »

Augusta Ga. Pwned By Hackers Who Are Bragging About The Pwnage Online

Posted in Commentary with tags on May 28, 2023 by itnerd

A group of hackers are holding the city of Augusta Ga. hostage via a ransomware attack:

Addressing an outage that’s crippled city of Augusta computer systems all week, Mayor Garnett Johnson said Friday the city isn’t in contact with hackers who say they’re holding the city’s data hostage.

Although a cybercrime group has claimed responsibility for a cyber-attack, Johnson said the city has gotten no ransom demand.

“At this time, Augusta is not in communication with this group,” he said.

He said the outage was definitely due to an “unauthorized actor,” however.

Bleeping Computer says that BlackByte ransomware is the ransomware that was used in this attack:

BlackByte has posted the City of Augusta on its extortion site, claiming responsibility for the recent attack.

The threat actors have even created a pop-up to highlight their latest victim to all site visitors, warning the city’s administration that “the clock is ticking” and asking them to make contact.

BlackByte claims to hold troves of sensitive data stolen from Augusta’s computers and has leaked a sample of 10GB of data as proof of their breach.

The leaked documents seen by BleepingComputer contain payroll information, contact details, personally identifiable information (PII), physical addresses, contracts, city budget allocation data, and other types of details.

It is important to underline that the origin and authenticity of the leaked data have not been verified.

The demanded ransom for deleting the stolen information is $400,000. BlackByte ransomware gang also offers to resell the data to interested third parties for $300,000.

The attack has somewhat crippled the computer operations of Augusta. And the city is trying to put its spin on this situation:

It will be interesting to see what they do to address this situation and restore normal service as soon as possible.

Leave a comment »

Zyxel Warns Of Critical Vulnerabilities In Firewall And VPN Devices

Posted in Commentary with tags on May 27, 2023 by itnerd

Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products. Unpatched, a threat actor could leverage the vulnerability without authentication. Here are the vulnerabilities:

CVE-2023-33009

A buffer overflow vulnerability in the notification function in some firewall versions could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. 

CVE-2023-33010

A buffer overflow vulnerability in the ID processing function in some firewall versions could allow an unauthenticated attacker to cause DoS conditions and even a remote code execution on an affected device. 

Here’s a list of affected devices:

  • Zyxel ATP firmware versions ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel USG FLEX firmware versions ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel USG FLEX50(W) / USG20(W)-VPN firmware versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel VPN firmware versions ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
  • Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2)

Zyxel has released patches for their firewalls. I’d strongly suggest installing them ASAP.

Leave a comment »

Hisense Launches Its latest Mini LED Televisions In Canada

Posted in Commentary with tags on May 26, 2023 by itnerd

The next generation of high performance, innovative and smart 4K televisions from Hisense have arrived in Canada.

Hisense introduced its new ULED series featuring innovative Mini LEDs earlier this year at the Consumer Electronics Show in Las Vegas. The Hisense TVs that boast this premium technology are now arriving at Canadian retailers, with options across the budget spectrum. 

Hisense Mini LED backlighting technology combined with Full-Array Local Dimming is engineered for high brightness levels with vibrant and accurate colour reproduction,” says Puneet Jain, Senior Director and Head of Marketing, Public Relations & E-commerce with Hisense Canada. “The result is a superior television with enhanced image quality with more precise and true-to-life images on the screen.”

Televisions with Mini LEDs produce an image that has more detail and brightness; the Mini LEDs used in Hisense televisions are much smaller than a conventional LED, allowing more LEDs to be installed on each panel delivering better processing of visuals. The outcome is sharper, brighter, and crisper picture quality for an enhanced viewing experience.

Hisense Canada is introducing three series of televisions with Mini LED technology for consumers to choose from, based on their needs and preferences:

  • U88KM Series — The U88KM Quantum Dot Mini LED is the flagship series making this an ideal choice for home entertainment and gaming. The native 144Hz refresh rate is great for action movies, sports, and gaming. The Mini LED backlighting technology with high brightness levels and accurate colour reproduction will make this TV stand out in any room. The U88KM features more local dimming zones, higher peak brightness, and picture upgrades like IMAX enhanced, Filmmaker Mode, Dolby Vision IQ, and HDR10+ to elevate the entertainment experience. 
  • U78KM Series — The U78KM brings next-level gaming upgrades with the native 144Hz refresh rate combined with enhanced on-screen response time, making this series an ideal choice for gaming, and watching sports. It also features Dolby Vision & Dolby Atmos, Filmmaker Mode as well as gaming features like Variable Refresh Rate (VRR), Auto Low Latency Mode (ALLM), and Game Mode Pro to eliminate lagging and frame tearing.
  • U68KM Series — The U68KM features Quantum Dot Mini-LED technology, Filmmaker Mode, Bluetooth connectivity, higher peak brightness, and Google Assistant.

The Hisense Mini LED Series price starts at $799.99 for a 55-inch U68 series and will be available in stores and online at several national and regional retailers across Canada including Visions, Best Buy, Costco, The Brick, Amazon, London Drugs, and other authorized retailers.

Hisense is the no. 2 TV brand in the North American market based on unit share and is the fastest growing TV brand in Canada. With its lineup earning 50+ awards in 2022, Hisense is taking its ULED technology even further with the launch of an innovative line of TVs to bring the most immersive entertainment experience to consumers.

Leave a comment »

Twitter To Academics: Delete Twitter Data Or Pay $42K/Month…. And Another Senior Figure At Twitter Leaves

Posted in Commentary with tags on May 26, 2023 by itnerd

I am of two minds on this on. I can’t decide if this is another attempt by Elon Musk to grab as much cash as he can. Or if Elon is trying to cover up how much of a racist, sexist, homophobic train wreck next to a dumpster fire it it. Either way, The Independent is reporting that Elon wants academics who got data from Twitter to either delete it, or pay him $42K a month:

An email, seen by the i, says researchers who don’t sign the new contract “will need to expunge all Twitter data stored and cached in your systems”. Researchers will be required to post screenshots “that showcase evidence of removal”. They have been given 30 days after their agreement expires to complete the process.

The requirement to delete the data was included in the original contract signed by researchers when they agreed to access the decahose, but it signals a U-turn on previous openness to scrutiny by academics. 

The contracts were signed with the previous Twitter regime, which had historically welcomed academic scrutiny of its platform and valued the importance of transparency. The researchers had no reason to believe that the contracts would ever end – nor that they would be asked to delete data they had previously obtained under its terms, regardless of what the text said.

“There is quite a bit of research underway to illuminate what has happened on Twitter the last several years, so it’s devastating both to that research, and to the transparency of the platform, and for the historical record of the public discussion on Twitter,” said one academic who received the demand. They asked not to be named because they are concerned about the ramifications. “It’s sort of the big data equivalent of book burning.”

At some point Elon is going to get called on this. Likely by the EU who has rules about this sort of thing. But Twitter has other issues at the moment. As in news that the head of engineering at Twitter has resigned following the debacle related to Ron DeSantis launching his bid for The White House on Twitter, and that turning into a train wreck next to a dumpster fire:

Foad Dabiri, the engineering lead for Twitter’s Growth organisation, tweeted: “After almost four incredible years at Twitter, I decided to leave the nest yesterday.”

And:

Mr Dabiri did not say why he had decided to leave the company, or whether it was linked to the problems with Mr DeSantis’s campaign.

In a thread on Twitter, he thanked his “remarkable” colleagues for their friendship, stating the company had experienced “massive and rapid” change under Mr Musk.

“We came through and emerged stronger,” he added. “To say it was challenging at the outset would be an understatement.”

He added that working with the Tesla founder “has been highly educational”, and that it was “enlightening” to see how his plans were shaping the future of Twitter.

It sounds like he was made to walk the plank because of the gong show that was the DeSantis campaign launch. Too bad for him. But it illustrates that Elon isn’t the type of person who takes responsibility for anything, seeing as he mass fired a lot of the people who likely could have supported this campaign launch and make sure that it went off without a hitch. However, Elon is also not a guy who thinks that far ahead. And that is starting to bite him as you have to wonder what Republicans think of the guy at the moment based on what happened with this brutal campaign launch.

1 Comment »

SMBs Targeted By State-Aligned Actors Through Their MSPs: Proofpoint

Posted in Commentary with tags on May 25, 2023 by itnerd

new study by Proofpoint researchers found that Advanced persistent threat (APT) actors are increasingly using vulnerable regional managed service providers (MSPs) to leverage attacks on the small and medium-sized businesses (SMB’s) they service. Once through the MSP’s defenses, the attackers are feeding off of the less well defended SMB’s for financial gain.

The report published this week found that the state aligned actors from Russia, Iran and North Korea were increasingly using this supply chain approach to breach SMB’s defenses.

Proofpoint: “Regional MSPs often protect hundreds of SMBs that are local to their geography and a number of these maintain limited and often non-enterprise grade cyber security defenses. APT actors appear to have noticed this disparity between the levels of defense provided and the potential opportunities to gain access to desirable end-user environments.”

David Mitchell, Chief Technical Officer, HYAS starts off the commentary with this:

   “MSP/MSSPs have been a concern for quite some time, primarily due to the access required into a customer network, along with varying degrees of technical and security expertise on the provider side. Managed services is no longer a high margin business and as such, many MSPs are still utilizing legacy technologies to provide services to their customers, which leaves everyone in that chain exposed.

   “Understanding the security posture of your third party providers is a difficult, if not impossible undertaking for small and medium businesses. Until there is a more scalable way of continuously auditing your service providers, the risk fully lies with whether the customer chose a capable MSP or not.“

Roy Akerman, Co-Founder & CEO, Rezonate adds this:

   “We’ve seen the increased risk around third-party access and supply chain risk increasing for the past few years. The Kaseya VSA software vulnerability used by many MSPs was a key part of distributing REvil ransomware all the way to SMB organizations managed by MSPs. So was the SolarWinds security breach. “Watching-the-watcher” was and will continue to be a focus for organizations who outsource their work externally while always being able to identify who’s doing what and for what reason. Zero trust principles can help tackle and reduce risk by limiting MSPs to only do what they need to and not take the path of a yet-another-superadmin across your network.”

For many small and midsize companies, having someone else remotely monitor and manage their computer network is perceived as a no-brainer. The managed service provider can improve efficiency, reliability, security, and maintenance — all while lowering costs and freeing up IT staff to work on more strategic projects. But there are risks, and this Proofpoint research illustrates that in black and white.

Leave a comment »

Apria Healthcare Was Pwned…. But You’re Finding Out About It Two Years After The Fact…. WTF??

Posted in Commentary with tags on May 25, 2023 by itnerd

This week, Apria Healthcare alerted nearly 1.9 million patients and employees that their personal and financial data may have been accessed by hackers who breached the company’s networks between April 5, 2019 to May 7, 2019, and then a second time from August 27, 2021 to October 10, 2021. It’s unclear, however, why Apria has only sent letters about the incident two years later.

Information potentially accessed may have included personal, medical, health insurance or financial information such as bank account and credit card numbers in combination with security codes, access codes, passwords and account PINs. 

According to Apria, the company took immediate action including working with the FBI and hiring a reputable forensic investigation team to investigate. I’ll comment on this in a moment and I will let Willy Leichter, VP, Cyware start off the commentary:

This is another example of the fundamental flaws in our breach notification system. Learning that your personal data was breached two years ago is practically useless, and all the free credit reporting in the world won’t help. While we try to mandate how quickly an organization must report a breach, there are no clear standards on how quickly breaches need to be discovered. In fact, there’s a perverse disincentive – the more lackluster your security, the longer you can wait to discover or disclose breaches that can be damaging to your business.

Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:

   “Unfortunately, we see an example where time to report an incident is not measured in days but in years. Healthcare PII data is considered premium in the dark web forums as one cannot simply alter their information with a new one. It is critical now to complete the investigation and truly understand the chain of attacks that occurred in 2019 and 2021 and validate there is no additional stealthy adversaries hiding and no backdoors left behind.”

Apria needs to be slapped here. Fines, Congressional hearings, whatever. The thing is that they took way too long to tell the world about this breach. And who knows if they have truly addressed whatever issues led to the breach in the first place. The fact is that Apria failed miserably here and that not only needs to be addressed with this healthcare provider, but by better laws that force immediate disclosure of breaches.

Leave a comment »

TELUS Gives The Results Of Its Investigation Into A Cyber Incident From Earlier This Year

Posted in Commentary with tags on May 25, 2023 by itnerd

Earlier this year, news came out that TELUS might have been the victim of a cyberattack. Here’s what was said to be out in the wild at the time:

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company.

At the time, TELUS said that they were investigating this. And today we have the results of that investigation:

We have concluded our investigation of this incident and have discovered that no systems used to support our customers were impacted, and that TELUS Health and TELUS Agriculture & Consumer Goods were not impacted in any way. 

We also discovered that a small amount of customer data may have been accessed by an unauthorized third party. While our ongoing monitoring has not discovered evidence of any personal information appearing in any public forum, we will be notifying impacted customers in the coming days.

So this confirms that TELUS was pwned. And I have to wonder what “a small amount of customer data” means. Plus whatever amount of customer data that “may have been accessed by an unauthorized third party” is too much as no amount of customer data should ever get out into the wild. It will be interesting to see how many people get notified by TELUS. And finally, I have to wonder what effect this will have on TELUS as a brand. You can expect me to keep an eye on all of this.

Leave a comment »

« Older Entries
Newer Entries »