By Puneet Gupta, Vice President and Managing Director, NetApp India/SAARC Propelled by the evolving trends in data, data virtualization is emerging as a new-age avenue, revolutionizing the way businesses leverage their data assets. The global market for this disruptive technology is poised to take a steep growth curve, with projections estimating a value of USD 12878.39 million by 2028, with a whopping CAGR of 24.88% during 2022–2028. This underscores the immense significance of data virtualization, particularly for India, where it presents a promising opportunity to maximize the efficiency of enterprise AI ecosystems. As outlined by NetApp’s 2024 Cloud Complexity report, 70% of surveyed companies in India already have AI projects up and running or in motion, which is commendably higher than the global average of 49%. Given this increasing readiness to adopt AI models and projects, data virtualization could be the ticket for Indian industries to optimize operations, making them more flexible and scalable than ever before. Essentially, this technology offers the abstraction of data from its physical confines, facilitating seamless access and utilization across the enterprise. Legacy IT infrastructure often grapples with the demands of modern-day business operations. The significance of this advancement lies in its ability to transcend the constraints of conventional data management approaches, offering agility, scalability, and efficiency in managing extensive and diverse datasets. Within AI ecosystems, it proves to be crucial in optimizing access to critical data and expediting the development and deployment of AI-driven solutions.

Advantages of Data Virtualization

In today's hyper-competitive business landscape, rapid modernization is the key to staying ahead of the curve. Virtualization empowers corporations to unlock a wealth of new opportunities and drive competitiveness through enhanced decision-making and accelerated time-to-market. By furnishing real-time access to actionable insights, it equips businesses to make informed decisions and capitalize on budding trends and emergent opportunities. Among the many advantages that data virtualization offers, a significant one is its ability to optimize resource utilization. By consolidating virtual environments, organizations can realize considerable cost savings whilst simultaneously enhancing operational efficiency. This not only mitigates the complexity of IT infrastructure but also augments scalability, enabling businesses to swiftly adapt to changing demands and market dynamics. In the world of enterprise AI, agility is crucial. By facilitating rapid deployment of such solutions, it allows businesses to capitalize on emerging opportunities and respond swiftly to evolving customer needs. Its inherent flexibility enables businesses to adapt their AI strategies in real-time, ensuring maximum impact and value creation. Centralized management and monitoring capabilities are also essential for effective data governance and control. Simplifying IT operations by providing a unified platform for managing and monitoring data assets is yet another benefit observed. This streamlined approach not only reduces administrative overhead but also enhances visibility and compliance, ensuring data integrity and security across the corporation. Access to timely and accurate data is the lifeblood of AI-driven decision-making. Through this innovation, access to critical data can be accelerated, enabling organizations to derive actionable insights with unmatched speed and accuracy. By breaking down data silos and facilitating seamless integration, it empowers businesses to make informed decisions that drive growth and improvement. It is well-founded that digital transformation thrives on experimentation and iteration. Data virtualization fosters a culture of innovation within AI ecosystems by providing a platform for rapid prototyping and testing. Its flexible architecture enables data scientists and AI developers to explore new ideas and concepts, leading to the development of ground-breaking solutions that drive business value and competitive advantage.

The Future of Data

As we embrace the future facilitated by the adoption of enterprise AI, the strategic importance of data virtualization cannot be overstated. By leveraging this technology, businesses can streamline operations, drive efficiency, and unlock new opportunities for growth and competitiveness. Looking ahead, the evolving role of this innovation will continue to shape the future of AI, providing companies with the tools they need to stay ahead of the curve and thrive in the digital age. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

This week on TCE Cyberwatch, we delve into the recent hackings of major organizations, including the International Baccalaureate, Boeing, and BetterHelp, which have sparked widespread concern online. We also highlight ongoing developments in enhancing cybersecurity measures.

National governments are also grappling with cybersecurity challenges. TCE Cyberwatch examines how these issues have affected countries and the proactive steps organizations are taking to stay ahead in the evolving landscape of cybersecurity. Keep reading for the latest updates.

TCE Cyberwatch: A Weekly Round-Up

IB Denies Exam Leak Rumors, Points to Student Sharing

The International Baccalaureate Organization (IBO) faced allegations of exam paper leaks, but it denied any involvement in a cheating scandal. Instead, the organization acknowledged experiencing a hacking incident, unrelated to the current exam papers circulating online.

The breach was attributed to students sharing exam materials on social media platforms. Concurrently, the IBO detected malicious activity within its computer networks.

The act of students sharing exam content online is commonly known as "time zone cheating," wherein students who have already completed their exams disclose details about the questions before others take the test. Additionally, the malicious activity targeted data from 2018, including employee names, positions, and emails. Screenshots of this leaked information surfaced online. Read More

Boeing Hit by $200 Million Ransomware Attack, Data Leaked

The aeronautical and defense corporation, Boeing, recently confirmed that it had been targeted by the LockBit ransomware gang in October 2023. They also acknowledged receiving a $200 million demand from the attackers to prevent the publication of leaked data. On November 10, approximately 40GB of data was leaked by LockBit, though Boeing has not yet addressed the situation. The ransomware group initially identified Dmitry Yuryevich Khoroshev as the principal administrator and developer behind the LockBit ransomware operation. However, this claim has since been denied by the actual developer. Additionally, Boeing has not announced whether it paid the $200 million extortion demand. Read More

Lenovo Pledges Stronger Cybersecurity with "Secure by Design" Initiative

Lenovo recently joined the Secure by Design pledge initiated by the US Cybersecurity and Infrastructure Security Agency (CISA) to enhance its cybersecurity measures. This announcement was made on May 8th, and the initiative covers various areas including multi-factor authentication and vulnerability reduction. Doug Fisher, Lenovo’s Chief Security Officer, emphasized the importance of industry collaboration in driving meaningful progress and accountability in security. "It’s good for the industry that global technology leaders are able to share best practices," he stated. Many other tech companies have also joined this effort to ensure their security. Read More UK’s AI Safety Institute releases public platform which furthers safety testing on AI models. UK’s AI Safety Institute has recently made its AI testing and evaluation platform available publicly. Inspect, the platform that aims to start more safety tests surrounding AI and ensuring secure models. It works by assessing capabilities of models and then producing a score. It is available to AI enthusiasts, start-up businesses and international governments, as it is released through an open-source licence. Ian Hogarth, the Chair of the AI Safety Institute, has stated that, “We have been inspired by some of the leading open-source AI developers - most notably projects like GPT-NeoX, OLMo or Pythia which all have publicly available training data and OSI-licensed training and evaluation code, model weights, and partially trained checkpoints.” Inspect works by evaluating models in areas such as their autonomous abilities, abilities to reason, and overall core knowledge. Read More 

NASA Names First Chief Artificial Intelligence Officer

NASA announced its first Chief Artificial Intelligence (AI) Officer. David Salvagnini, who previously served as the Chief Data Officer, has now expanded his role to incorporate AI. His responsibilities included developing strategic vision and planning NASA's AI usage in research projects, data analysis, and system development.

NASA Administrator Bill Nelson stated, “Artificial intelligence has been safely used at NASA for decades, and as this technology expanded, it accelerated the pace of discovery.” Salvagnini also worked alongside government agencies, academic institutions, and others in the field to ensure they remained up to date with the AI revolution. Read More. Read More 

DDoS Attacks Target Australia Amidst Ukraine Support

The Cyber Army Russia Reborn launched Distributed Denial of Service (DDoS) attacks targeting prominent Australian companies like Auditco and Wavcabs. While the exact motive remains unclear, the timing suggests a political backlash against Australia's solidarity with Ukraine.

Wavcabs experienced disruptions to its online services, while Auditco encountered technical difficulties believed to be linked to these attacks. Despite the cyber onslaught, Australia remained steadfast in its support for Ukraine, announcing a $100 million aid package comprising military assistance and defense industry support. Read More

British Columbia Thwarts Government Cyberattack, Strengthens Defenses

British Columbia’s government recently confirmed an attempt to infiltrate their information systems. The incidents were identified as “sophisticated cybersecurity incidents” by B.C.’s solicitor-general and public safety minister. There is no current evidence suggesting that personal information, such as health records, was compromised. The government's proactive measures in 2022 played a significant role in detecting the breach.

The government ensured to further secure systems, including requiring government employees to change their passwords. Officials and cybersecurity experts continue to work to ensure sensitive information remains secure and to prevent unauthorized access. The country appears to be using this incident to prepare itself for future cyber threats. Read More

Urgent Chrome Update: Google Patches Sixth Zero-Day of 2024

A new vulnerability in Google Chrome was uncovered, marking their sixth zero-day incident in 2024. Google swiftly released an emergency update to patch the issue, ensuring users' safety. Updates were promptly distributed across Mac, Windows, and Linux platforms.

For those concerned about their security, updating their devices is crucial. Users can navigate to Settings > About Chrome to initiate the update process. While Google has not disclosed specific details about the breach, the urgency conveyed by their release of an "emergency patch" underscores the severity of the situation. Read More

To Wrap Up

Cyberattacks continue to dominate headlines, but this week's TCE Cyberwatch report also reveals positive developments. Governments are taking action, with proactive measures in British Columbia and the UK's AI safety testing platform. Organizations are prioritizing security, as seen in Lenovo's "Secure by Design" initiative.

Individuals play a crucial role too. The recent Google Chrome update reminds us to prioritize software updates. While cyber threats persist, these advancements offer a reason for cautious optimism. By working together, we can build a more secure digital future.

Remember, vigilance is key. Update your software regularly and follow best practices to minimize vulnerabilities. TCE Cyberwatch remains committed to keeping you informed.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

This May, the heartbeat of the cybersecurity industry will resonate through Dubai, where The Cyber Express is set to host the much-anticipated third iteration of the World CyberCon META Edition 2024.   Scheduled for May 23, 2024, at Habtoor Palace Dubai, this premier event promises a comprehensive day filled with immersive experiences tailored to address the dynamic challenges and innovations in cybersecurity.  This year’s theme, "Securing Middle East’s Digital Future: Challenges and Solutions," lays the foundation for a unique gathering that is crucial for any professional navigating the cybersecurity landscape.   The World CyberCon META Edition will feature a stellar lineup of more than 40 prominent Chief Information Security Officers (CISOs) and other cybersecurity leaders who will share invaluable insights and strategies. Notable speakers include: 

• Sithembile (Nkosi) Songo, CISO, ESKOM  
• Dina Alsalamen, VP, Head of Cyber and Information Security Department, Bank ABC  
• Anoop Kumar, Head of Information Security Governance Risk & Compliance, Gulf News  
• Irene Corpuz, Cyber Policy Expert, Dubai Government Entity, Board Member, and Co-Founder, Women in Cyber Security Middle East (WiCSME)   
• Abhilash Radhadevi, Head of Cybersecurity, OQ Trading  
• Ahmed Nabil Mahmoud, Head of Cyber Defense and Security Operations, Abu Dhabi Islamic Bank 

The World CyberCon META Edition 2024

[caption id="attachment_68285" align="alignnone" width="1140"] Highlights from the 2023 World CyberCon in Mumbai.[/caption] A Comprehensive Platform for Learning & Innovation  The World CyberCon META Edition 2024 promises a rich agenda with topics ranging from the nuances of national cybersecurity strategies to the latest in threat intelligence and protection against advanced threats. Discussions will span a variety of crucial subjects including: 

• Securing a Digital UAE: National Cybersecurity Strategy 
• Predictive Cyber Threat Intelligence: Anticipating Tomorrow’s Attacks Today 
• Navigating the Cyber Threat Terrain: Unveiling Innovative Approaches to Cyber Risk Scoring 
• Fortifying Against Ransomware: Robust Strategies for Prevention, Mitigation, and Swift Recovery 
• Strategic Investments in Cybersecurity: Leveraging AI and ML for Enhanced Threat Detection 

Who Should Attend?  The World CyberCon META Edition 2024 is tailored for CISOs, CIOs, CTOs, security auditors, heads of IT, cybercrime specialists, and network engineers. It’s an invaluable opportunity for those invested in the future of internet safety to gain insights, establish connections, and explore new business avenues.  Engage and Network  In addition to knowledge sessions, the conference will feature interactive workshops, an engaging exhibition zone, and plenty of networking opportunities. This event is set to honor the significant contributions of cybersecurity professionals and provide them with the recognition they deserve.  Secure Your Place  Don’t miss this unique chance to connect with leading professionals and gain insights from the forefront of cybersecurity. Reserve your spot at World CyberCon META Edition 2024 by visiting (https://thecyberexpress.com/cyber-security-events/world-cybercon-3rd-edition-meta/).  More Information  For more details on the event sponsorship opportunities and delegate passes, please contact Ashish Jaiswal at ashish.j@thecyberexpress.com.  About The Cyber Express  Stay informed with TheCyberExpress.com, your essential source for cybersecurity news, insights, and resources, dedicated to empowering you with the knowledge needed to protect your digital assets.   Join us in shaping the digital future at World CyberCon META Edition 2024 in Dubai. Let’s secure tomorrow together! 

As the Central Board of Secondary Education (CBSE) in India released the CBSE results 2024 for its class 10th and 12th examinations, a significant cybersecurity flaw was discovered on the official website. This vulnerability, identified by The Cyber Express, could potentially allow unauthorized individuals to view and alter students' examination results. The exams for Class 12 were held from February 15 to April 2, and for Class 10 from February 15 to March 13, conducted using traditional pen-and-paper methods where a total of 3,860,051 students appeared. Of these, 1,621,224 students participated in the Class 12 exams, while a significantly larger group of 2,238,827 students took the Class 10 exams. On Monday, students could access their results online by entering details such as their date of birth, roll code, and roll number. But the security loophole, discovered early this morning, could potentially lead to a massive CBSE data leak, affecting millions of students across India.  The vulnerability was first noticed early this morning when the results were supposed to be securely accessible to students and their families. The flaw on the CBSE website revolves around the exposure of administrative credentials and a technical misconfiguration in the SQL database system, specifically within a stored procedure called 'Getcbse10_All_2024'. To the average person, this might merely seem like a glitch, but it's a significant security flaw that provides an opportunity for malicious actors to manipulate and misuse crucial information, including outcomes. The ramifications are profound, as this vulnerability endangers the personal and academic data of countless students, potentially impacting their future opportunities.

CBSE Results 2024: Student Data Risk Explained

[caption id="attachment_68160" align="alignnone" width="2648"] The error message also includes connection string details, which are critical for connecting to the database but should never be exposed as they can lead to security risks.[/caption] The code message displayed on the website originates from a database query related to retrieving data concerning CBSE (Central Board of Secondary Education) Class 10 results for the year 2024. 'Getcbse10_All_2024' refers to a stored procedure in the database. A stored procedure is a prepared SQL code that you can save and reuse. In this case, it's likely a procedure intended to retrieve all data related to the CBSE Class 10 results for the year 2024. The procedure 'Getcbse10_All_2024' is expecting a parameter named '@admid', but it was not provided in the call to the procedure. The '@admid' likely stands for "Administrator ID" or a similar identifier that should be passed to the procedure to execute properly. The absence of this parameter means the procedure cannot run as intended, leading to an error. The error message also includes connection string details, which are critical for connecting to the database but should never be exposed as they can lead to security risks. provider=MSOLEDBSQL: This specifies the provider used for SQL Server. MSOLEDBSQL is a Microsoft OLE DB provider for SQL Server. server=10.***.10.***: This is the IP address of the server where the database is hosted. Knowing the server address can allow unauthorized users to attempt connections to the database. Database=****results**: This is the name of the database. Knowing the database name helps in directing queries and commands to the correct database. uid=cbseresults24; pwd=****************** : These are the credentials (username 'uid' and password 'pwd') used to authenticate to the database. With these credentials, an unauthorized user could potentially gain full access to the database, allowing them to view, modify, or delete data. Although the exposed data presents a significant risk, a researcher from the AI-powered threat intelligence platform, Cyble, noted that the threat potential is somewhat mitigated by incomplete information disclosure. “The IP address is internal and not public, which means that for a threat actor to extract information or gain access, they would need to engage in offensive actions like SQL injections or other methods. However, this does not diminish the seriousness of the exposed ID and password, which could still be exploited if the correct server address is discovered,” the researcher explained. The error message not only indicates a technical issue in the database query execution but also highlights a potential vulnerability. If exploited by an individual skilled in database management and privilege escalation, this vulnerability could allow unauthorized access to the database. Such unauthorized access could lead to various security risks, including data manipulation, deletion, or use for malicious purposes such as phishing or blackmail. Immediate steps should be taken to secure the database, which include changing the database credentials, reviewing logs to check for unauthorized access, and implementing better security practices like not exposing sensitive information in error messages or logs.

Why CBSE Matters

The Central Board of Secondary Education (CBSE) is a prominent national education board in India, overseeing both public and private schools. It is under the direct purview of the Ministry of Education, Government of India. The CBSE administers comprehensive examinations for students completing their 10th and 12th grades, which are crucial for advancing to higher education and professional pathways. The board is recognized for its rigorous curriculum and is influential in setting educational standards across the country. The Cyber Express has contacted officials at the Central Board of Secondary Education (CBSE) to notify them of a detected vulnerability. We inquired if they are aware of the issue, the causes of this glitch, and the steps they intend to take to address it. We are currently awaiting a response from the organization.

Technical Aspect of the CBSE Data Exposure: Potential Risks

The exposure of the admin database ID and password in the CBSE data leak opens up several potential risks. While none of these events have occurred, the exposure of such critical credentials could lead to severe consequences if not addressed promptly. 1. Unauthorized Access and Control: With the admin credentials exposed, there is a potential for unauthorized users to gain full access to the CBSE's SQL database. This would allow them to view, copy, and manipulate sensitive data, including examination results and student personal information. 2. Risk of Data Manipulation: The ability to alter data is a significant risk. Although no data has been reported as altered, the possibility exists. Unauthorized changes could include tampering with examination results or modifying student records, which could severely undermine the integrity of the CBSE's educational assessments. 3. Threat of Data Theft: The exposed credentials could potentially be used to access and extract sensitive information. This data, which could include personal details of students and staff, is at risk of being used for malicious purposes such as identity theft or fraud. 4. Potential for Operational Disruption: While no disruptions have occurred, the exposed credentials could be used to damage data integrity or lock out legitimate users, potentially causing significant disruptions to CBSE's operations and affecting educational activities. 5. Foundation for Further Attacks: The leak itself could facilitate further attacks. With administrative access, attackers could deploy additional malicious software, establish backdoors for continued access, or leverage the compromised database to launch attacks on connected systems. The situation remains fluid, and updates are expected as more information becomes available. Stay subscribed to The Cyber Express to learn more about the story as it proceeds. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The NIST Cybersecurity Framework (CSF) is a framework designed to provide cybersecurity risk-management guidance to private and public industries, government agencies, and other organizations . It is intended to be applicable for use by any organization regardless of it's size or scale, age, or sector. The version 2.0 of the cybersecurity framework is much more extensive with its core guidance and lists additional subcategories as well as links to online resources that offer further guidance on practices to achieve these objectives. The guidance is divided into six areas of focus: identify, protect, detect, respond, recover, and govern. This article unravels the NIST Cybersecurity Framework, the major changes outlined in CSF 2.0, and some of the ways in which it can be adopted.

The NIST Cybersecurity Framework

Overview

The NIST Cybersecurity Framework (NIST CSF) was first introduced in 2014 by the National Institute of Standards and Technology to bolster the security of infrastructure within the United States. By establishing a common set of standards, goals, and terminology to reduce the risk and impact of cyberattacks. By promoting the shared framework, the NIST CSF aids in better decision-making and encourages security standards to address threats such as phishing and ransomware. The initial version was updated to Version 1.1 in 2018, adopting major changes such the inclusion of the Identify core function, additional sub-categories and improved clarity. The draft copy for version 2.0 of the framework was released with the intention of receiving public feedback in August 2023 and closed for comments in November 2023, the final release of Version 2.0 was released in February 2024. Since the new framework demonstrates increased flexibility to various situations, the NIST has recommended its voluntary self-adoption by organizations of all sizes.

Target Audience

The primary audience for the framework comprises of individuals responsible for developing and overseeing cybersecurity planning and strategization within organizations. It is also relevant for other roles involved in risk management, such as executives, board of directors, acquisition professionals, technology experts, risk managers, legal professionals, human resource specialists, and auditors who specialize in cybersecurity and risk management. Additionally, the CSF can serve as a useful asset to those involved with the making and influencing of private and public policy (e.g., associations, professional organizations, regulators) who establish and communicate priorities for cybersecurity risk management.

Major Changes in NIST Cybersecurity Framework 2.0

Released in February 2024, the NIST Cybersecurity Framework 2.0 is the latest revision to the framework.

Inclusion of 'Govern' Core Function

While the previous framework stated 'Identify, Protect, Detect, Respond, and Recover' as its core functions in implementation, the new framework includes 'Govern.' Govern seeks to addresses the establishment of cybersecurity strategy, cybersecurity supply chain risk management, roles, responsibilities, authorities, policy, and the oversight of cybersecurity strategy within the  organizational context.

More Extensive Sub-categories and References within Core Functions

CSF version 2.0 includes additional categories and subcategories of cybersecurity goals and standards within the listed core functions, as well as hundreds of other helpful references to assist readers. The new framework is much more extensive with its definitions and resources.

Expanded Scope

The new framework’s scope has expanded beyond just the protection of critical infrastructure, such as water facilities and power plants, to providing safety standards for all organizations regardless of sector or size. This expanded scope is reflected in the change of the CSF’s official title to “The Cybersecurity Framework,” from the earlier “Framework for Improving Critical Infrastructure Cybersecurity.” This reflects an earlier request from the US Congress for the framework to expand its guidance to aid small businesses.

Framework Tiers

The new tiers define how a company handles cybersecurity risks, allowing them to adopt the tier that best fulfills their objectives, decrease cyber risk to a desirable level while accounting for difficulties in implementation. The tiers offer progress starting from 1 ('Partial') to 4  (‘Adaptive’) with rising level of sophistication but additional efforts in implementation.

Framework Profiles

The CSF profiles aid companies in finding the right path that’s right for them to reduce cybersecurity risks. Each profile lays out an organization’s “current” and “target” positions and in meeting the criteria in transforming from one profile to the other.

Focus on Supply-Chain and  Third-Party Risk

The framework incorporates new supply chain guidelines as part of the core 'Govern' function, and expects that cybersecurity risks within software supply chains should be considered while an organization carries out its functions. Moreover, the NIST framework reminds organizations to plan and conduct due diligence to reduce risks prior to entering agreements with supplier or other third-party contractors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Cyber Defense Magazine (CDM), marking its 12th anniversary as the leading electronic information security magazine, announced the winners of the prestigious Global InfoSec Awards at the RSA Conference 2024.   After an exhaustive six-month search across 3500 companies worldwide, CDM has identified the top innovators in cybersecurity, awarding nearly 10% of these as winners for their outstanding contributions to the industry.  This year's RSA Conference, a cornerstone event for cybersecurity professionals, has been especially significant. It showcased groundbreaking advancements amid increasing challenges such as sophisticated ransomware, business email compromise, and exploits targeting Cloud, IoT, and OT environments, alongside a surge in cyber-crime and cyber-terrorism.  In a new age of hybrid workforces and advances in AI, there's an equally exponential growth in new kinds of ransomware, business email compromise, Cloud, IoT and OT exploitation, deep phishing attacks, cyber-crime and cyber terrorism. Only the most innovative and forward-thinking Cybersecurity solutions will give us a fighting chance," said Yan Ross, Editor-in-Chief of Cyber Defense Magazine.  [caption id="attachment_67131" align="alignnone" width="1600"] Cyble Team at RSAC 2024[/caption]

Global Infosec Awards 2024: Cyble Clinches 9 Honors

Shortly thereafter, Cyber Defense Magazine also published a list of Global Infosec Awards for 2024 Winners by category -- Company. Among the standout recipients, AI-based cyber threat intelligence firm Cyble has notably excelled, securing multiple accolades in key cybersecurity arenas. Renowned for their proactive and visionary approach, Cyble has been honored with: 

• Cyble: Editor's Choice – Account Takeover Protection 
• Cyble: Trailblazing – Attack Surface Management 
• Cyble: Pioneering – Continuous Threat Exposure Management (CTEM) 
• Cyble: Pioneering – Cyber Exposure Management 
• Cyble: Pioneering – Data Loss Prevention (DLP) 
• Cyble: Pioneering – Digital Risk Protection 
• Cyble: Pioneering – Third Party Cyber Risk 
• Cyble: Trailblazing – Threat Intelligence 
• Cyble: Trailblazing – Vulnerability Intelligence 

These awards emphasize Cyble's commitment to building strong cybersecurity defenses aimed at protecting businesses from today's most critical threats.  "Receiving these accolades at the Global InfoSec Awards is a tremendous honor for us," said Beenu Arora, the co-founder of Cyble. It’s a testament to the hard work and dedication of our team, particularly in our innovative AI technology. As we face increasingly complex cyber threats, these recognitions reinforce our commitment to pushing the boundaries of AI-driven cybersecurity solutions to better protect our clients."  Cyble, the leading provider of AI-driven cybersecurity solutions, is currently participating at the prestigious RSA Conference 2024, held at Moscone South Expo, San Francisco, from May 6 to May 9.  Visitors at Cyble's Booth N-2353 at RSAC 2024 can see firsthand how Cyble is transforming cybersecurity practices and strengthening network resilience. At RSA Conference 2024, Cyble is showcasing its innovative Cyble Vision Platform through engaging live demonstrations, illustrating how it enables organizations to proactively address cybersecurity threats.  For more information or to schedule a personal meeting with any of the leadership team members, please visit the event page at https://cyble.com/upcoming-events/rsa-conference-2024/  RSA Conference is the global stage for the cybersecurity industry, providing a platform for professionals to connect, share insights, and advance security technologies. This annual event brings together the brightest minds in cybersecurity, featuring in-depth sessions, keynotes, and training from leading experts in the field.   About Cyber Defense Magazine  With over five million monthly readers, Cyber Defense Magazine is the premier source of IT Security information. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. About Cyble Cyble, a trailblazer in Cyber Threat Intelligence, is committed to democratizing Dark Web Threat Intelligence through advanced AI and Machine Learning solutions. Recognized as one of the most sought-after workplaces, Cyble’s culture fosters innovation, collaboration, and professional growth. With a proven track record in delivering cutting-edge research and proactive monitoring, Cyble stands at the forefront of the cybersecurity landscape. Headquartered in Atlanta, Georgia, and with a global presence spanning Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is the trusted authority empowering organizations to proactively combat evolving cyber threats.

San Francisco, May 6, 2024 — Cyble, the leading provider of AI-driven cybersecurity solutions, is excited to announce its participation in the prestigious RSA Conference 2024, held at Moscone South Expo, San Francisco, from May 6th to May 9th. Visit Cyble at Booth N-2353 to discover how Cyble is revolutionizing cybersecurity practices and enhancing network resilience. At RSA Conference 2024, Cyble will introduce attendees to its innovative Cyble Vision Platform through compelling live demonstrations, highlighting how it empowers organizations to proactively tackle cybersecurity threats. The Cyble team, including Founder and CEO Beenu Arora, Co-founder and COO Manish Chachada, and other key members of the leadership team, will be present to discuss and provide insights into the latest trends and challenges in cybersecurity.

Engage with Our Founders and Experts at RSA Conference 2024

Beenu Arora - Co-founder and CEO of Cyble. Beenu is a visionary leader with a deep understanding of the cybersecurity landscape and a passion for advancing cybersecurity measures through innovative technologies. Manish Chachada - Co-founder and COO of Cyble. Manish brings strategic oversight to operations and a commitment to delivering exceptional cybersecurity solutions to global clients. Dipesh Ranjan - Chief Partner Officer, SVP – Global Growth. Dipesh drives strategic partnerships and global expansion efforts at Cyble, leveraging his extensive expertise in cybersecurity and market development. Mandar Patil - SVP, Sales. Mandar leads the sales strategies at Cyble, focusing on accelerating growth and enhancing customer engagements through tailored cybersecurity solutions. Taylor Pettis - VP of Marketing. Taylor oversees Cyble’s marketing strategies, enhancing brand visibility and engagement through innovative campaigns and communications.

Event Details:

Date: May 6-9, 2024 Location: Booth N-2353, Moscone South Expo, San Francisco

What to Expect:

Insightful Engagements: Gain valuable insights from our founders Beenu Arora and Manish Chachada, and leadership team members Dipesh Ranjan, Mandar Patil, and Taylor Pettis. Interactive Product Demos: Experience the advanced capabilities of our AI-driven solutions and learn how they can safeguard your digital assets. Expert Discussions: Delve into discussions on the most pressing cybersecurity issues and explore tailored solutions with our experts. "We are excited to showcase our latest innovations and insights at RSA Conference 2024. Meeting with industry professionals and peers is a fantastic opportunity to discuss how Cyble’s solutions can be tailored to meet the evolving challenges of cybersecurity," said Beenu Arora, CEO of Cyble. Join our team at Booth N-2353 for a hands-on look at how our AI-driven solutions can empower your cybersecurity strategy and safeguard your operations. For more information or to schedule a personal meeting with any of our leadership team members, please visit our event page at https://cyble.com/upcoming-events/rsa-conference-2024/ About Cyble: Cyble, a trailblazer in Cyber Threat Intelligence, is committed to democratizing Dark Web Threat Intelligence through advanced AI and Machine Learning solutions. Recognized as one of the most sought-after workplaces, Cyble’s culture fosters innovation, collaboration, and professional growth. With a proven track record in delivering cutting-edge research and proactive monitoring, Cyble stands at the forefront of the cybersecurity landscape. Headquartered in Atlanta, Georgia, with a global presence spanning Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is the trusted authority empowering organizations to proactively combat evolving cyber threats. Media Contact: Cyble Inc enquiries@cyble.com Ph: +1 678 379 3241

By Eyal Arazi, senior security solutions lead for Radware The cybersecurity landscape evolved rapidly in 2023. In particular, there was a significant shift in Distributed Denial of Service (DDoS) attack patterns. Malicious actors are turning to a new form of DDoS attack, moving up the network stack from layers 3 and 4 to layer 7 with their sights set on compromising online applications and APIs as well as essential infrastructure such as the Domain Name System (DNS). Unlike traditional DDoS attacks, which often involve overwhelming network traffic, this new wave of HTTP Floods—also known as Web DDoS Tsunami Attacks—focus on the application layer, where they can go undetected by traditional defense systems, famously taking down websites or networks. These attacks know no boundaries, and strike without regard for company size, industry or geography. Some of the best intelligence for how to deal with Tsunamis comes from studying real-world attacks.

What is a Web DDoS Tsunami?

While HTTP Floods have been common for many years, they have been re-imagined by hackers combining network and application layer attacks to create new, more aggressive Web DDoS Tsunamis. The malicious actors claiming responsibility for many of these attacks are state-sponsored groups or cyber hacktivists. The real-world Tsunamis we’ve seen are characterized by multiple attack waves that often top several million requests per second (RPS) and last for hours and span days. In contrast to years past, today’s HTTP Floods ramp faster than their predecessors. To further confound security teams, they cleverly defy detection by appearing as legitimate traffic and using evasion techniques, such as randomized headers and IP spoofing, and more. Radware’s recent Global Threat Analysis Report underscores the alarming rise in malicious web applications and API transactions in 2023. The total number of these transactions surged by 171% in 2023 compared to 2022, representing a substantial escalation over the 128% increase observed in 2022 compared to 2021. A significant portion of the surge can be attributed to the rise in layer 7 encrypted web application attacks like the Web DDoS Tsunami.

Real World Case Studies

Large National Bank

According to Radware’s Global Threat Analysis Report, finance institutions saw the highest share of cyber attacks in 2023, shouldering nearly 30% of attacks globally. One prominent banking institution found itself the center of a relentless barrage of Web DDoS Tsunami Attacks. During a span of several days, it experienced 12 separate attack waves, typically 2-3 per day. Multiple waves exceeded 1 million RPS, with one wave peaking at nearly 3 million RPS, significantly more than the bank’s typical traffic level of less than 1000 RPS. Simultaneously, attackers launched multiple network-layer volumetric attacks exceeding 100 gigabits per second (Gbps). The attacks used a variety of attack vectors, including HTTP/S Floods, UDP Fragmentation Attacks, TCP Handshake Violations, SYN Floods, and more. Figure 1 below shows one of the attacks, with a peak wave of nearly 3 million RPS. [caption id="attachment_66323" align="aligncenter" width="412"] A Web DDoS Tsunami at a large bank[/caption]

Major Insurance Company

The volumetric and persistent nature of Web DDoS Attacks was also on display during a recent attack at a major insurance company. The company experienced several large-scale attack waves, reaching hundreds of thousands of RPS, with multiple waves peaking at more than 1 million RPS. The largest assault reached 2.5 million RPS. The attacks far surpassed the company's typical traffic rate of several hundred RPS, overwhelming its application infrastructure and disrupting operations. To make the situation even more complicated, attackers combined some of the attack waves with network-layer volumetric attacks, exceeding 100 Gbps in data volume. The attack vectors included Web DDoS Tsunamis (HTTP/S Floods), DNS Floods, DNS Amplification Attacks, UDP Floods, UDP Fragmentation Attacks, NTP Floods, ICMP Floods, and more. One of the attacks, represented in Figure 2, consisted of multiple waves during a three-hour period with several peaks reaching one million RPS and multiple spikes topping 2.5 million RPS. Figure 2:  [caption id="attachment_66324" align="aligncenter" width="335"] A Web DDoS Tsunami at a major insurance company[/caption]

Telecommunications Company

Like financial institutions, telecommunication organizations continue to be a high-value target among malicious actors because of the lucrative data they store and the widespread disruption and publicity they generate when breached. Case in point: A European telecommunications company was the repeated target of state-backed attack groups. It battled a persistent Web DDoS Tsunami Attack of approximately 1 million RPS almost continuously for nearly two hours. Traffic peaked at 1.6 million RPS. See Figure 3. Figure 3:  [caption id="attachment_66325" align="aligncenter" width="323"] A Web DDoS Tsunami at a telecommunications company[/caption] These are just a few examples of the profile of the modern Web DDoS Tsunami Attack. What we know is that they are relentless. Rates and volumes exceed the capacity of on-prem solutions. They are deceptive and sophisticated, appearing as legitimate traffic and morphing over time. And they can cause considerable disruption and damage to an organization.

How to Defend Against Web DDoS Tsunamis

To combat Web DDoS Tsunamis, there needs to be a fundamental shift in how organizations think about their defense strategies. Detecting these attacks requires decryption and deep inspection into the L7 traffic headers, which network-based DDoS protection solutions weren’t built to do. Standard on-prem or cloud-based WAFs fail to keep up with the scale and randomization. And rate-limiting techniques have a major negative effect on legitimate traffic. Instead, what organizations need are solutions that leverage adaptive, AI-driven algorithms designed to distinguish between legitimate traffic surges and malicious attack traffic. These algorithms can quickly detect and generate new signatures for unknown malicious requests on the fly, ensuring robust protection without impeding legitimate traffic flow. A new era of Web DDoS Tsunamis has arrived, and it requires companies to take a new proactive and adaptive approach to cybersecurity if they don’t want to be the next to be caught off guard. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

The digital world continues to spin at breakneck speed, and this week's TCE Cyberwatch brings you the latest updates on the ever-present dance between innovation and security. We delve into the exciting possibilities of Artificial Intelligence (AI), from its role in boosting corporate profits to its potential for national security advancements. However, the path to progress is rarely smooth. In TCE Cyberwatch, we also explore the persistent threat of cybercrime, with recent data breaches and malicious hacking attempts serving as reminders of our vulnerabilities. Encouragingly, governments around the world are taking a more proactive stance, implementing stricter regulations and pursuing those who exploit weaknesses in our digital infrastructure. As you'll see, this week's TCE Cyberwatch offers a comprehensive look at the current cybersecurity landscape, highlighting both the challenges and the glimmers of hope for a more secure future.

TCE Cyberwatch: A Weekly Round-Up

Keep reading to ensure your safety and stay up to date with the cyber world.

U.S. Charges Four Iranians with Hacking Government Agencies and Defense Contractors

Four Iranians in the U.S. were accused of alleged allegiance with hacking operations which attacked entities like the U.S. Treasury and State departments, defence contractors, and two New York-based companies. The Treasury Department of the U.S. believes that all four individuals have ties to IRGC front companies. Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab can face up to five years in prison for computer fraud conspiracy charges and up to 20 years for each count of wire fraud and conspiracy to commit wire fraud. Speaking on the development, Attorney General Merrick Garland stated,“ Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability… These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign.” Read More

Indian Telecom Giant BSNL Suffers Data Breach, Millions Potentially Affected

Bharat Sanchar Nigam Limited (BSNL), a major telecommunications provider owned by the Indian government, faced a data breach a while ago which has resurfaced and been claimed by threat actor ‘Perell’. They released a database which allegedly belongs to BSNL and contains more than 2.9 million records. Perell claims that the stolen data includes sensitive information from BSNL, and that although it claimed to be from BSNL in 2024, it actually comes from around 2023. However, it still raises concerns as it is of a large quantity and contains sensitive information. Read More 

Cybersecurity Giant Darktrace Acquired by Thoma Bravo for $4.6 Billion

Thoma Bravo, a U.S.-based private equity firm, recently acquired the British cybersecurity giant Darktrace for $4.6 billion. This acquisition carries significant implications for both companies and the cybersecurity industry at large. Following the announcement, Darktrace's shares surged by approximately 19%, demonstrating investor confidence in the deal.

Shareholders of Darktrace could now receive $7.75 for each share they hold, marking a 44.3% increase compared to recent stock prices. Darktrace, renowned for its AI-based cybersecurity solutions, has experienced a surge in demand for its services. Read More

Global Operation Shuts Down LabHost, Arrests 37

An online service called Lab Host, operating in 19 countries, which sells phishing kits to cybercriminals, has recently been shut down. It is alleged that they have made almost a million dollars from this activity and have directly and indirectly attacked thousands of people. Lab Host has been in operation since 2021 and provides tools for hackers to create fake websites that deceive people into revealing sensitive information such as email addresses, passwords, and bank details.

Following the shutdown, 37 people were arrested, and London’s police reported that 2,000 users were registered on the site, paying a monthly subscription fee. Lab Host is reported to have obtained 480,000 bank card numbers, 64,000 PIN numbers, and around 1 million passwords. Read More

Big Fines for AT&T, Verizon, T-Mobile in Privacy Scandal

Major phone carriers AT&T, Sprint, T-Mobile, and Verizon have been fined a total of $200 million for illegal data sharing of customer locations with third parties. T-Mobile, AT&T, and Verizon were fined approximately $80 million, $57 million, and $47 million, respectively. These companies sold customer location data to aggregators, who then resold it to third parties.

AT&T had connections with two aggregators, LocationSmart and Zumigo, which were then linked to third-party location-based service providers. According to the FCC, "In total, AT&T sold access to its customers’ location information (directly or indirectly) to 88 third-party entities." Informally, all three phone carriers stated that the program in question ended about five years ago. Read More

UK Cracks Down on Weak Passwords: "Admin123" No Longer an Option

The UK Government is banning weak passwords such as "admin" or "12345" to bolster cybersecurity. The initiative, named the 'UK Product Security and Telecoms Infrastructure (PSTI) Act 2022', mandates that manufacturers, distributors, and importers of products and services for UK consumers adhere to these new rules. Manufacturers and other vendors face significant fines for non-compliance. They could be fined up to £10 million, four percent of their global turnover, or £20,000 per day for ongoing violations. This move signals the government's commitment to tackling cybersecurity issues. Read More

ChatGPT Accused of Privacy Violations and Inaccurate Information

ChatGPT has recently faced criticism from a privacy advocacy group, along with the Austrian data protection authority (DSB), for generating inaccurate information that violates European Union privacy regulations. Noyb, the privacy advocacy group, pointed out that ChatGPT's method of guessing instead of providing accurate information poses problems. They also claim that OpenAI, the company behind the AI, refuses to correct inaccurate responses and is reluctant to share information about its data processing practices. Read More

 Okta Warns of Surge in Password Reuse Attacks

Okta recently issued a warning about a surge in credential stuffing attacks, in which usernames and passwords obtained from previous data breaches and attacks are used to target accounts.

According to Okta, they have "observed an increase in the frequency and scale of credential stuffing attacks targeting online services, facilitated by the broad availability of residential proxy services, lists of previously stolen credentials, and scripting tools."

This spike in credential stuffing attacks is believed to be linked to brute force attacks, as warned by Cisco a few weeks earlier. Cisco had observed a rise in attacks on VPN services, web application authentication interfaces, and others since around March 18. To address this, Okta recommends blocking requests from suspicious services, ensuring the use of secure passwords, implementing multi-factor authentication (MFA), and remaining vigilant in monitoring any suspicious activity. Read More

To Wrap Up

This week's TCE Cyberwatch painted a vivid picture of the ever-evolving cybersecurity landscape. While advancements like AI offer exciting possibilities, they necessitate enhanced security measures to mitigate potential risks. The increasing focus on regulations and enforcement by governments worldwide signifies a collective effort to combat cybercrime.

Remember, staying informed and practicing safe online habits are crucial in protecting yourself from cyber threats.

TCE Cyberwatch remains committed to keeping you informed about the latest cybersecurity developments. By staying vigilant and taking proactive measures, we can navigate the digital age with greater confidence and security.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

National Supply Chain Day, which was recently observed on April 29, serves as a dedicated day to recognize the critical role supply chain networks play in our everyday lives. A supply chain is the intricate network of organizations, people, activities, information, and resources that work together to transform raw materials from the supplier to the finished end product required by the customer. Damage or disruption to supply chain operations could lead to uncontrolled costs, chaos within delivery schedules, and loss of intellectual property. As supply chains modernize, increased reliance on digital systems simultaneously raises surface risks of these chains to a variety of cyberattacks.

Securing Your Supply Chain

[caption id="attachment_65951" align="alignnone" width="1000"] Source: Shutterstock[/caption] Efforts at bolstering supply chain security require close collaboration and execution between involved parties, presenting its own set of challenges. Regular Security Assessments To assess supply chain risk and compliance, you need to evaluate existing security governance – including data privacy, third-party risk, and IT regulatory compliance needs and gaps – against business challenges, requirements, and objectives. Additionally, security training of involved personnel are necessary to meet regulatory standards and compliance. Vulnerability Mitigation and Penetration Testing Supply chain parties can identify basic security concerns by running comprehensive vulnerability scans. Fixing bad database configurations, poor password policies, eliminating default passwords, and securing endpoints and networks can immediately reduce risk with minimal impact on productivity or downtime. Employ penetration test specialists to attempt to find vulnerabilities in programs, IT infrastructure underlying the supply chain, and even people, through phishing simulation and red teaming. Maintaining Awareness of Compromised Credentials Maintaining awareness of compromised credentials is crucial for securing your supply chain. According to a report by Verizon, 80% of data breaches involve compromised credentials. In May 2021, the Colonial Pipeline, a major fuel pipeline in the United States, fell victim to a ransomware attack that disrupted fuel supplies along the East Coast. The attack was facilitated by a single compromised credential, allowing the attackers to gain unauthorized access to the company's systems and infrastructure. The Colonial Pipeline attack serves as a stark reminder of the importance of implementing measures such as multi-factor authentication and regular credential monitoring to detect and mitigate potential security threats. Secure Modernization of Supply Chain It’s hard to secure data while relying on outdated technology. Solutions such as encryption, tokenization, data loss prevention, file access monitoring and alerting that make it convenient to bring security, reliability, and data governance to exchanges within the enterprise as well as with clients and trading partners. Additionally, supply chains parties can expect other involved parties to meet a certain security threshold while bringing along teams and partners for joint security awareness and training. Data Identification and Encryption Data protection programs and policies should include the use of discovery and classification tools to pinpoint databases and files that contain protected customer information, financial data, and proprietary records. Once data is located, using the latest standards and encryption policies protects data of all types, at rest and in motion – customer, financial, order, inventory, Internet of Things (IoT), health, and more. Incoming connections are validated, and file content is scrutinized in real time. Digital signatures, multifactor authentication, and session breaks offer additional controls when transacting over the internet. Permissioned Controls for Data Exchange and Visibility Supply chain networks can ensure secure and reliable information exchange between strategic partners through privilege- and role-based access. Identity and access management security practices are critical to securely share proprietary and sensitive data across a broad ecosystem. Trust, Transparency, and Provenance Supply chain partners can take steps to ensure proper transparency from multiple enterprises to track and provide accountability for the flow of data and materials from source to end customer or consumer. Third-Party Risk Management As connections and interdependencies between companies and third parties grow across the supply chain ecosystem, organizations need to expand their definition of vendor risk management to include end-to-end security. This allows companies to assess, improve, monitor, and manage risk throughout the life of the relationship. Incident Response Planning and Orchestration Supply chain partners can prepare by having a robust incident response plan for data breach, shutdown/ disruption events. You can share incident response expectations and plans while provide metrics and learnings your organization to aid in decision-making to prevent disruptions between parties.

Conclusion

Ultimately, a strong focus on supply chain security not only protects sensitive data and intellectual property but also safeguards against disruptions that can impact operations and customer trust. Embracing best practices, continuous monitoring, and adaptation to evolving threats are key strategies for staying ahead in today's interconnected and dynamic supply chain landscape. By prioritizing security at every level, organizations can build resilience and confidence in their ability to navigate complex supply chain challenges securely. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

By Lakshmi Mittra, SVP and Head, Clover Academy In the rapidly changing and dynamic tech environment of today, future-proofing the workforce is more essential than ever. With industries constantly innovating and adapting to new technologies, the demand for next-gen tech talent professionals capable of leading change and driving innovation is on the rise. This is where skilling steps in, acting as a key player in nurturing the next generation of tech talent. The concept of future-proofing the workforce revolves around equipping employees with the necessary skills and knowledge to adapt to new technologies and industry trends. With rapid advancements in technology, traditional job roles are evolving, and new roles are emerging. Therefore, it is essential for organizations to invest in continuous learning and development to ensure their workforce remains relevant and competitive.

The Role of Skilling in Cultivating Next-gen Tech Talent

Skilling plays a pivotal role in nurturing the next-gen tech talent through its tailored learning paths and hands-on experience. It offers industry-relevant courses and collaborates with experts to ensure up-to-date and practical training. Here’s how skilling equips learners to meet the demands of the evolving tech landscape and drive innovation:

Tailored Learning Paths

One of the key strengths of skilling is its ability to offer tailored learning paths that cater to the unique needs and aspirations of each learner. Whether it's data science, artificial intelligence, cybersecurity, or software development, skilling provides a range of courses and programs designed to develop the specific skills required in today's tech-driven world.

Hands-on Experience:

Skilling emphasizes hands-on learning, allowing learners to gain practical experience and apply their skills in real-world scenarios. Through projects, case studies, and practical assignments, learners not only acquire theoretical knowledge but also develop problem-solving and critical thinking skills essential for success in the tech industry.

Industry Collaboration

Skilling collaborates with industry leaders and experts to develop up-to-date and relevant content that is aligned with industry standards and practices.

Fostering Innovation and Growth

By empowering learners with hands-on and industry-relevant training, skilling promotes a culture of continuous learning. It provides learners with the tools and resources to explore and develop creative solutions, cultivating a workforce capable of driving innovation and sustainable growth.

Enhanced Employability

Skilling enhances the employability of learners by equipping them with industry-relevant skillsets and knowledge. This increased employability not only benefits the learners by opening up new career opportunities but also provides organizations with access to a pool of skilled and qualified talent.

Conclusion

Future-proofing your workforce is essential in today's rapidly evolving tech landscape. It benefits not only the employees but also provides organizations with a competitive edge by ensuring they have a skilled and adaptable workforce capable of driving innovation and growth. In this digital age, skilling is not just about acquiring new skills, but fostering a culture of continuous learning, adaptability, and achieving sustainable growth. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

By Roman Faithfull, Cyber Intelligence Lead, Cyjax 2024 will see more elections than any other year in history: the UK, the US, Russia, India, Taiwan and more. According to AP, at least 40 countries will go to the polls this year, and some of these contests will have ramifications way beyond their national borders. This will also make 2024 a year of misinformation, as groups both within and outside these countries look to exert their influence on the democratic process. As the US presidential election draws near, specialists caution that a combination of factors domestically and internationally, across conventional and digital media platforms, and amidst a backdrop of increasing authoritarianism, profound mistrust, and political and social turbulence, heightens the severity of the threats posed by propaganda, disinformation, and conspiracy theories. There are two terms that are frequently conflated. Disinformation is deliberately false content crafted to inflict harm, whereas misinformation is inaccurate or deceptive content shared by individuals who genuinely believe it to be true. It can be difficult to establish if people are acting in good faith or not, so the terms are often used interchangeably—and misinformation often starts out as carefully crafted disinformation. The overall outlook appears bleak, with governments already experiencing the effects of misinformation. The groundwork has been laid, evidenced by past initiatives that aimed to influence elections in favor of certain parties. In 2022, the BBC launched an investigative project, creating fake accounts to follow the spread of misinformation on platforms such as Facebook, Twitter, and TikTok, and its potential political impact. Despite attempts by social media platforms to tackle this problem, it was found that false information, particularly from far-right viewpoints, remains prevalent. Today, just two years on, the techniques and tools to manipulate information are even more advanced.

The Deceptive Side of Tech

AI is dominating every discussion of technology right now, as its uses are explored for good and ill. Spreading fake news and disinformation is one of those uses. In its 2024 Global Risks report, the World Economic Forum noted that the increasing worry regarding misinformation and disinformation primarily stems from the fear that AI, wielded by malicious individuals, could flood worldwide information networks with deceptive stories. And last year, the UK’s Cyber Security Center released a report exploring the potential for nations like China and Russia to employ AI for voter manipulation and meddling in electoral processes. Deepfakes have grabbed a lot of attention, but could they disrupt future elections? It’s not a future problem—we’re already here. Deepfake audio recordings mimicking Keir Starmer, the leader of the Labour Party, and Sadiq Khan, the mayor of London, have surfaced online. The latter of these was designed to inflame tensions ahead of a day of protest in London. One of those responsible for sharing the clip apologized but added that they believed the mayor held beliefs similar to the fake audio. Even when proven false, deepfakes can remain effective in getting their message across. Many would argue that the responsibility now falls on governments to implement measures ensuring the integrity of elections. It's a cat and mouse game—and unfortunately, the cat is not exactly known for its swiftness. There are myriad ways to exploit technology for electoral manipulation, and stopping all of it could simply be impossible. Regulation is out-of-date (the Computer Misuse Act was passed in 1990, though it has been updated a few times) and the wheels of government turn slowly. Creating and passing new laws is a long process involving consultation, amendment processes, and more. But is it solely the responsibility of governments, or do others need to step up?.

Is There a Solution?

Combating technology with technology is essential, there is simply too much misinformation out there for people to sift through. Some of the biggest tech companies are taking steps: Two weeks ago, a coalition of 20 tech firms including Microsoft, Meta, Google, Amazon, IBM, Adobe and chip designer Arm announced a collective pledge to tackle AI-generated disinformation during this year's elections, with a focus on combating deepfakes. Is this reassuring? It’s good to know that big tech firms have this problem on their radar, but tough to know how effective their efforts can be. Right now, they are just agreeing on technical standards and detection mechanisms—starting the work of detecting deepfakes is some way away. Also, while deepfakes are perhaps uniquely disturbing, they are just one method among many, they represent just a fraction of effective disinformation strategies. Sophistication is not always needed for fake news to spread—rumors can be spread on social media or apps like Telegraph, real photos can be put into new contexts and spread disinformation without clever editing, and even video game footage has been used to make claims about ongoing wars.

Fighting Misinformation During Election

Fighting against misinformation is extremely difficult, but it is possible. And the coalition of 20 big tech firms has the right idea—collaboration is vital.

Be proactive

A lie can travel halfway around the world while the truth is putting on its shoes, said… someone (it’s a quote attributed to many different people). By the time we react to disinformation, it’s already out there and debunking efforts are not always effective. As Brandolini’s Law states, the amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it. And often, when people read both the misinformation and the debunking, they only remember the lies. Warning people about what to look for in misinformation can help. Where did it originate? If it claims to be from an authoritative source, can you find the original? Is there a source at all?

Inoculate

Sander van der Linden, a professor of psychology and an expert on misinformation, recommends a similar approach to vaccinations—a weak dose of fake news to head off the incoming virus. By getting people to think about misinformation and evaluate it, and teaching people the tactics behind its creation, they can better deal with fake news stories they later encounter. Could we create a vaccine program for fake news? Perhaps, but it requires a big effort and a lot of collaboration between different groups.

Monitor

It’s not only governments and public figures that are attacked by fake news, corporations and businesses can find themselves the target or unwitting bystanders. Telecom companies have been the subject of 5G conspiracy theories, and pharmaceutical companies accused of being part of, rather than helping solve, the pandemic. But the problem can get weirder. A pizza restaurant in Washington DC and a furniture retailer have both had to react to being accused of child trafficking thanks to bizarre rumors circulating online. What are people saying about your business? Can you react before things get out of hand? Misinformation works for a number of reasons—people want to know “the story behind the story”, and it gives people a feeling of control when they have access to “facts” others do not—which is why misinformation spreads so fast during a pandemic that took away that feeling of control from so many of us. Those spreading misinformation know how to tap into these fears. In cybersecurity terms, they know the vulnerabilities and how to exploit them. We can’t distribute software patches to stop these attacks, but we can make them less effective by understanding them. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

This week's TCE Cyberwatch delves into a range of pressing cybersecurity issues impacting the world today. From the rise of malicious AI manipulation in elections to the ever-present threat of data breaches and ransomware attacks, no sector is immune. TCE Cyberwatch explores these concerns and more, along with groundbreaking advancements in the tech industry like Microsoft's new lightweight AI model. Whether you're a seasoned cybersecurity professional or simply someone navigating the digital world, staying informed is crucial.

TCE Cyberwatch Weekly Update

Let's dive into the latest developments and equip ourselves with the knowledge to stay safe online.

Samourai Wallet Founders Sentenced to Prison Over Money Laundering Charges

Samourai Wallet, a popular crypto app founders, Keonne Rodriguez and William Lonergan Hill, were recently arrested with serious charges regarding money laundering and unlicensed money transmitting. The allegations address over $2 billion in transactions and laundering more than $100 million in criminal proceeds. The transactions originated from dark web markets like Silk Road and Hydra Market, and the charges seem to be amounting to a maximum of 20 years in prison for Rodriguez and five years for Hill. Along with this, the company's web servers were seized, and prevention of further downloads of the Samourai mobile app in the U.S. was implemented. Read More

China Cracks Down on Messaging Apps: WhatsApp, Threads Removed from App Store

The Chinese government, pushed by concerns over censorship, recently ordered Apple to remove WhatsApp and Threads from their App Store in China. Reportedly, Telegram and Signal have also been removed. China’s Cyberspace Administration had asked Apple to remove the apps because they apparently contained political content that included negative comments and posts about President Xi Jinping. Apple is known to work alongside the Chinese government's wishes as in 2021, Apple had supposedly agreed to store the personal data of Chinese users in servers accessible by the government. Apple addressed in a statement that, “We are obligated to follow the laws in the countries where we operate, even when we disagree.” Read More

Cybersecurity Nonprofit MITRE Breached by Nation-State Actor

MITRE reports that they have recently been exposed to breaches and cyber threats despite working to safeguard themselves from them. A foreign nation-state threat actor was confirmed on their Networked Experimentation, Research, and Virtualization Environment, or NERVE, network. MITRE immediately took the network offline, making sure to start an investigation to find out the extent of the damages as well as contacting those affected. Jason Providakes, president and CEO, MITRE, shared his response to the incident stating that, “The threats and cyber-attacks are becoming more sophisticated and require increased vigilance and defence approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices.” Read More

Google Fires Employees Over Pro-Palestine Protest Against Israeli Contract

Google recently terminated 28 staff members after they had protested against the company’s contract with the Israeli government. The pro-Palestine employees had protested by staging hour-long sit-ins at their offices. In a statement, Google employees’ part of the “No Tech for Apartheid” campaign, revealed that some employees who had not directly participated in the protests had also been fired. Gabriel Schubiner, an ex-Google employee, revealed that he knew of co-workers who had to provide training on how to use Google Cloud directly to Israel’s national intelligence agency and that the contracts were not primarily meant for t civil services and society as claimed, but rather the military. Furthermore, he says that Palestinian and Muslim employees faced “the most intense retaliation bias” when speaking out against the contracts. Read More

Paris Olympics Braces for Cyber Siege: Millions of Hacking Attempts Expected

Paris Olympic organizers are preparing for a hoard of cyberattacks during this year’s events, as officials expect millions of hacking attempts. These attacks could entail minor issues like inconveniencing processes, or major damages that could result in the event being stunted. The organizers are preparing themselves by offering bug bounties to those who can scope out vulnerabilities in systems; Additionally, they are training staff to be able to recognize and respond to phishing scams. While fans and spectators are potential victims, there are also issues with smart equipment like CCTV cameras, alarm systems, badges, etc. The 2021 Tokyo Olympics reportedly faced about 450 million hacking attempts, and this year is predicted to be almost 8 to 12 times that number. Read More

PayPal Appoints Shaun Khalfan as New CISO

PayPal, a famous digital payments company, has recently appointed Shaun Khalfan as their new Senior Vice President and Chief Information Security Officer. Khalfan has over 20 years of experience in information security and risk management, and his presence in the company cements their cybersecurity fields further. PayPal is one step closer to ensuring the security and defence of the company’s digital infrastructure and everyone involved digital assets, data and payments. Khalfan stated, “I am excited to embark on a new challenge as SVP, Chief Information Security Officer at PayPal! I am inspired by the leadership team, growth strategy, and look forward securing a digital company on a global scale.” Read More

AI Deepfakes and Foreign Interference: Challenges in India's Elections

With India currently holding general elections to select members of Parliament, there seem to be a plethora of cybersecurity challenges present. There seems to be a large amount of  AI-generated content and deepfakes by political entities and foreign agents against one another to manipulate the game and cause tensions amongst the public and the politicians. Cybersecurity experts and Industry leaders, such as IBM and McAfee have already predicted a treacherous voting season, but the use of AI generated content adds to the stilted integrity of the election. Foreign interference also seems to be an issue for the Indian voting process. Chinese hackers are an example of those identified to try to manipulate public opinion and influence election outcomes. Read More

Australia Fines Social Media Platform for Refusing to Remove Stabbing Videos

On April 15, a bishop and a priest were stabbed in Sydney, with the entire event being live-streamed.  Graphic footage of the attack has been circulating online, leading to riots and the government calling the stabbing an act of terrorism. Due to this, Australia eSafety Commissioner Julie Inman Grant asked social media companies X and Meta to take down the videos due to the country’s Online Safety Act. Meta abided but X argued that some posts “did not violate X’s rules on violent speech,” and are now being threatened with a fine of AUD 785,000 (USD 500,000) if the posts aren’t taken down. Anthony Albanese, the Australian Prime Minister showed disapproval of Elon Musk and X’s actions by stating, “This isn’t about freedom of expression… Social media has a social responsibility.” Read More

TikTok Faces US Ban: Bill Demands App Sale or Removal Over Security Concerns

Lawmakers in the U.S. recently passed a bill that will ban the app in the country if TikTok’s Chinese owner, ByteDance, refuses to sell their stake in the American business. TikTok’s head of public policy for the U.S. stated that the bill was unconstitutional, going against the First Amendment and that TikTok would fight it in the courts. TikTok has always denied any affiliation with Beijing authorities and them having any access to user data. They have also stated they would always refuse if asked to do so. Yet, TikTok still faces scrutiny and pressure from lawmakers in the US, and other Western politicians including in the UK, over suspicion that users’ data is accessible by the Chinese government. The Bill is now headed toward President Joe Biden, who has stated that “I will sign this bill into law and address the American people as soon as it reaches my desk.” Read More

Tesla Cybertruck Woes Mount with Recalls and Rust

Teslas Cybertrucks have started mass malfunctioning recently, with the company receiving many complaints regarding faulty loose accelerator pedestals. This has led to future orders of the Cybertrucks being canceled as the company asks for their product to be recalled by the US National Highway Traffic Safety Administration (NHTSA). Elon Musk’s claims of the car being bulletproof, and the “best off-road vehicle” are shown to be untrue as users are unable to drive them properly through sand or snow, windows are broken by balls and windshields by hailstorms, rust occurs, along with some peoples cars just stopping to work at all. This doesn’t help Tesla as they currently face low earnings, having to cut staff by 10% globally, amounting to around 14,000 jobs. Read More

U.K. Phone Maker "Nothing" Faces Data Breach

Nothing, a U.K.-based phone manufacturer recently admitted to facing a data breach where 2,250 peoples information and privacy was endangered.  While no sensitive information like passwords seemed to be accessed, user emails themselves being exposed caused concerns surrounding the security of the community members. Nothing traced the breach back to a vulnerability first known from December 2022, and immediately responded and took action against the vulnerability during this event. However, there seems to be no indication that the company reached out to the people affected regarding the situation which causes concerns surrounding communication and transparency. Read More

UnitedHealth Group Pays Ransom After Change Healthcare Data Breach 

After Change Healthcare recently experienced a data breach, UnitedHealth has admitted to paying the ransom to retrieve patient information. The company stated, "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure." Wired magazine, analyzing forum posts and other sources, estimates that the company likely paid around $22 million.

The breached files, containing health information and personally identifiable information, have the potential to affect a large portion of the U.S. population if not reclaimed by the health group. Consequently, restoring pharmacy software, claims management, etc., along with financial assistance, has been a priority for the company. However, it seems that paying the ransom was the only way they could protect their members and their information from the hackers. Read More

Russian Malware "GooseEgg" Targets Government Networks: Microsoft Sounds Alarm

Microsoft recently discovered a new malware named GooseEgg being used by Russian hackers to gain elevated access, steal credentials, and facilitate lateral movement within compromised networks. The malware is attributed to a group called "Forest Blizzard," believed by the U.S. and U.K. governments to be associated with Unit 26165 of Russia’s military intelligence agency, the GRU.

According to Microsoft, Forest Blizzard has been using GooseEgg since around June 2020. The group has targeted various sectors including state, non-governmental, educational, and transportation institutions in Ukraine, Western Europe, and North America. GooseEgg is deployed after gaining access to a device, enhancing the hackers' capabilities within the network. Read More This week's TCE Cyberwatch has painted a sobering picture of the current cybersecurity landscape. From data breaches and ransomware attacks to government censorship and social media manipulation, no corner of the digital world seems immune. Yet, there's also reason for hope. Advancements in AI offer potential solutions, while increased awareness empowers individuals and organizations to fight back. Stay vigilant, stay informed, and remember – together, we can build a more secure digital future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Microsoft researchers uncovered a new tool in the Russian state hackers’ arsenal that helped them gain elevated access, pilfer credentials and allowed lateral movement within compromised networks. Dubbed GooseEgg malware, this sophisticated tool exploits a vulnerability identified as CVE-2022-38028 in the Windows Print Spooler service, responsible for managing printing processes. Redmond fixed the vulnerability that gave attackers system privileges in its October 2022 Patch Tuesday stating the bug’s exploitation is “most likely.” It is yet to flag the flaw as actively exploited in its assessment. 

Hackers Leverage the GooseEgg Malware to Exploit Windows Devices

GooseEgg malware is exclusively used by a group that the tech giant tracks as “Forest Blizzard,” which the United States and United Kingdom governments closely links to the Unit 26165 of Russia’s military intelligence agency, the GRU.  Forest Blizzard, also known as Fancy Bear and APT28, has deployed GooseEgg since at least June 2020, targeting state, non-governmental, educational and transportation entities across Ukraine, Western Europe and North America, Microsoft said.  “The use of GooseEgg in Forest Blizzard operations is a unique discovery that had not been previously reported by security providers,” Redmond said. Upon gaining access to a target device, Forest Blizzard used GooseEgg to escalate privileges within the network. Although GooseEgg itself functions as a basic launcher application, it enables attackers to execute remote code, implant backdoors and traverse compromised networks laterally.

The Rise of Forest Blizzard Hackers

Forest Blizzard additionally exploits other vulnerabilities including CVE-2023-23397, which impacts all versions of Microsoft Outlook software on Windows devices and is known to be exploited. This critically rated bug allows attackers to steal the Net-NTLM hash from the victims, enabling the attackers to assume a victim identity and to move deeper into the organization.  In a December warning, Microsoft cautioned that Forest Blizzard was leveraging the Microsoft Outlook bug to illicitly access email accounts within Microsoft Exchange servers since April 2022.   Forest Blizzard primarily targets government, energy, transportation and non-governmental organizations in the United States, Europe and the Middle East but Microsoft said it had observed the GRU hackers focus shift to media, information technology, sports organizations and educational institutions worldwide.   “Forest Blizzard continually refines its footprint by employing new custom techniques and malware, suggesting that it is a well-resourced and well-trained group posing long-term challenges to attribution and tracking its activities,” Microsoft said.   Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

By Andrew Hural, VP of Managed Detection and Response, UnderDefense Do you know how firefighters famously run to their stations and hop into their trucks every time an alarm rings? It’s quite the iconic scene and with that kind of response speed, the chances of saving the day are in their favor. But now imagine 100 fire alarms going off, and teams scrambling to manage their resources - just to find out there is no fire. This is how a lot of security teams feel. With a new high-profile security incident in the headlines every other day, it’s not surprising that these teams are trying to arm themselves with the best defenses, investing in tools that promise to make their lives easier and their assets more secure. However, we often see this having the opposite effect, with the growing number of tools resulting in increasingly complex configurations and an increasing amount of noise and alerts that are wearing down security teams.

Why CISOs Are Rethinking Their Approach?

To combat this phenomenon, CISOs are rethinking their approach as the model of 24/7 in-house threat hunting is no longer sustainable for many businesses.  Instead, we see an increasing focus on value-driven security solutions that make their own tools work better, harder, and more harmoniously together. This means prioritizing tools that leverage telemetry, deliver actionable insights and integrate into existing stacks seamlessly - and don’t just  create another source of noise.  This is where Managed Detection and Response (MDR) services come in. Managed Detection and Response (MDR) services offer a strategic solution to these challenges. MDR providers employ experienced security analysts who monitor your environment 24/7, leveraging advanced threat detection and analysis tools and techniques. This frees up your internal security team to focus on critical strategic tasks, such as incident response, vulnerability management, and active threat hunting.

Benefits of Managed Detection and Response

• Access to a team of security experts: Gain the expertise of MDR providers' seasoned analysts, enabling continuous monitoring and threat detection.
• Advanced threat detection and analysis: MDR services utilize sophisticated tools and techniques to identify and prioritize real threats, minimizing false positives.
• Reduced workload for internal teams: By outsourcing threat hunting, your security team can focus on areas where their expertise is most valuable.

Of course, there are some downsides to consider when looking into MDR, which can include time and investment into finding the right solution and a potential vendor lock-in with the wrong provider. That being said, there are steps to mitigate these risks by selecting the right MDR provider for your business.

What to consider when selecting an MDR partner

Choosing the right MDR partner requires careful consideration. Here's a breakdown of key steps to ensure a successful selection process: Self-Assessment: Understanding Your Needs Start by evaluating your current security posture. Identify your organization's specific security needs and vulnerabilities. This helps you understand how MDR can benefit you and what features are most important. Beyond Brand Names: Explore All Options Don't be swayed by brand recognition alone. While established players offer strong solutions, smaller MDR providers can be equally adept, often with greater flexibility and potentially lower costs. Test Drive Before You Commit Many providers offer MDR solution trials lasting 1-3 months. This allows you to test the service and ensure it meets your specific requirements before committing to a full deployment. Defining Success: Setting Clear Goals and KPIs Develop clear goals (SMART goals are ideal) and Key Performance Indicators (KPIs) for your MDR provider. These will serve as benchmarks to measure success. Look for a provider who can collaborate with you to define these based on your unique security needs. Going Beyond the Standard SLA While an SLA outlines basic service expectations, explore additional factors that impact your security:

• Communication and Availability: How easily can you reach the MDR team, and what are their response times?
• Automation Levels: To what extent does the provider leverage automation for faster response and reduced human error?
• MDR Provider Security: Evaluate the MDR provider's security controls to mitigate the risk of data breaches due to their internal practices. Look for relevant security certifications.
• MDR Response Scope: What actions constitute an MDR response? Does it include just notifications, recommendations, or even taking action items without requiring intervention from your team?
• Detection Testing: How does the MDR team validate the accuracy of their threat detections to minimize false positives and negatives?
• Proactive Security Measures: What proactive security services are offered beyond basic threat hunting? Look for services like monitoring industry news, assisting with new vulnerability remediations, staying updated on CVEs (Common Vulnerabilities and Exposures), and promoting security hardening of your organization's tools.

By leveraging MDR, smart CISOs can move beyond the limitations of traditional threat hunting and empower their security teams to focus on strategic initiatives. The right MDR service provides the continuous vigilance, advanced threat detection, and expert analysis needed to effectively combat today's ever-evolving cyber threats. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

By Nathan Wenzler, Chief Security Strategist, Tenable India is ranked third globally among nations facing the most severe cyber threats, as per the World Economic Forum. However, despite this alarming statistic, there exists a significant disparity between the escalating volume of threats and the resources allocated to combat them. The cybersecurity sector is grappling with a colossal skills deficit, with a shortage of 4 million professionals worldwide. Even seasoned cybersecurity experts find it daunting to navigate and decipher the increasingly intricate landscape of modern cyber threats across the ever-widening attack surface due to limited resources.

Role of Generative AI in Enhancing Cybersecurity Strategy

In response to this challenge, organizations are turning towards generative AI to bridge the expertise gap and enhance their resilience against risks. A survey reveals that 44% of IT and cyber leaders express high levels of confidence in the capacity of generative AI to enhance their organization’s cybersecurity strategy. Security teams are increasingly consumed by the arduous task of scrutinizing various attack vectors in their systems and analyzing the tactics, techniques, and procedures employed by potential threat actors. Often, they find themselves reacting to cyberattacks post-incident, rather than proactively thwarting them—a strategy far from ideal for robust cybersecurity. Organizations in India must shift towards a proactive stance, actively pursuing and understanding threats to establish a robust line of defense. The expanding attack surface, coupled with the rapid adoption of cloud services, virtualization platforms, microservices, applications, and code libraries has added immense complexity to the security landscape. Organizations now must contend with vulnerabilities, cloud misconfigurations, and risks associated with identity access, groups, and permissions. Conventional attack path analysis tools offer insights into threat actor entry points, which assets are key targets, and what threats may exist but this can demand painstaking manual effort to decipher implications step-by-step. While attackers require just one entry point to infiltrate and laterally move within a system, defenders face the formidable task of analyzing the entire threat landscape all at once, identifying all potential attack paths, and implementing security measures in the places that can mitigate the most risk, especially when operating with limited staff.

Empowering Security Teams with Generative AI

Generative AI emerges as a potent solution to these challenges, empowering security teams by providing them with the perspective of attackers to map out potential threats and prioritize mitigation strategies based on criticality. By consolidating data from disparate sources, generative AI offers an easier way to understand the complexity of the attack surface, enabling organizations to more quickly assess exposures, prioritize actions, and visualize relationships across the entire attack surface. This means security teams can make risk decisions more quickly, leaving less time for an attacker to take advantage of an exposed asset and begin their assault on the organization. Generative AI-powered attack path analysis amalgamates and distills insights from vulnerability management, cloud security, web application, and identity exposures, enabling organizations to comprehend their risk from the perspective of an attacker. This facilitates informed and targeted cyber defense strategies, allowing organizations to anticipate threats and fortify their defenses accordingly. Through succinct summaries and mitigation guidelines, generative AI equips security teams with a quicker and more efficient view of actionable insights, sparing them the tedious task of manually researching what the threats are and what the correct security controls should be, whether that’s identifying specific patches or version numbers or understanding how to correct unauthorized user access. Even team members with varying levels of expertise can draw actionable conclusions from generative AI, simplifying complex cyberattack paths and enabling effective threat mitigation. In summary, generative AI supports a more comprehensive and proactive approach to cybersecurity, empowering organizations to understand and address potential threats quickly. By breaking free from the constraints of siloed security data, organizations can develop strategies to predict, prevent, and mitigate cyber risks effectively and faster than ever before. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

by Neelesh Kripalani, Chief Technology Officer, Clover Infotech As businesses grapple with an ever-changing and increasingly hostile threat environment, the emergence of AI and machine learning technologies introduces fresh challenges to cybersecurity. While these technologies offer the potential to transform our security strategies, they also introduce new risks and vulnerabilities that need effective management. Here are some of the latest cyber threats that businesses need to be aware of:

Cyber Threats Businesses Need to be Aware of

Targeted Ransomware Attacks - This type of malware is designed to hold a victim’s information at ransom. The tactics involve denying users and system administrators access to individual files or even entire digital networks, followed by a “ransom note” demanding payment to regain access. IoT Creates New Cybersecurity Threats - The Internet of Things (IoT) enables billions of physical devices around the globe to collect and share data over the Internet. This creates new cyber threats by expanding the attack surface with diverse and often inadequately secured devices. Common issues include default credentials, lack of regular updates, and data privacy concerns due to the extensive collection and transmission of sensitive information. Deepfake and Synthetic Media Attacks - Such cyberattacks use AI to manipulate content, such as pictures, videos, or audio recordings, to deceive individuals or influence public opinion. Credential Stuffing and Brute Force Attacks - Credential stuffing and brute force attacks involve automated attempts to gain unauthorized access to user accounts using stolen or guessed credentials.

Cybersecurity Best Practices

Here are some key strategies and best practices that businesses can implement to enhance their overall security posture: Risk Assessment and Management - Conduct a comprehensive risk assessment to identify vulnerabilities and prioritize them based on potential impact. Implement risk mitigation strategies to address identified vulnerabilities and reduce the overall risk level. Implement Strong Authentication and Access Control - Add an extra layer of security by mandating users to verify their identity through multiple factors, such as passwords, biometric data, and OTP. Additionally, role-based access control allows enterprises to restrict access to sensitive information and critical systems based on users’ roles and responsibilities. Regular Software Updates and Patch Management - Regularly update and patch all software, operating systems, and firmware to address known vulnerabilities and reduce the risk of exploitation. Implement Endpoint Security Measures - Deploy endpoint protection platforms and endpoint detection and response solutions to secure endpoints from malware attacks. Implement Data Encryption and Privacy Measures - Encrypt sensitive data at rest and in transit to protect it from unauthorized access and data breaches. Implement Security Awareness and Training Programs - Provide regular cybersecurity training and awareness programs to educate employees about cybersecurity best practices, phishing awareness, and the importance of strong passwords. Conduct periodic incident response training to prepare employees for potential security incidents and ensure a coordinated and effective response. In the face of evolving cybersecurity threats, businesses must adopt enhanced strategies, including comprehensive risk assessment, strong authentication, regular updates, and employee training, to safeguard their assets and critical systems. Proactive measures and a culture of cybersecurity awareness are essential to mitigate risks effectively, ensure compliance, and protect the organization's reputation and business continuity in an interconnected world. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

Atlanta, Georgia, April 20, 2024 —Cyble, a leading force in AI-based cybersecurity, proudly unveils the relaunch of AmIBreached, marking a significant milestone in the realm of digital defense. AmIBreached 3.0, Cyble's dark web search engine, empowers consumers to detect, prioritize, and effectively mitigate dark web risks.   With cyber threats continuing to evolve in sophistication and scale, consumers and organizations face an ever-growing challenge to safeguard their digital assets. With the launch of AmIBreached 3.0, Cyble reinforces its commitment to providing cutting-edge tools that empower consumers to stay ahead of cyber adversaries.  "Today's cyber landscape demands continuous innovation to counter emerging threats effectively," noted Beenu Arora, Co-founder and CEO of Cyble. The launch of AmIBreached 3.0 underscores our dedication to equipping consumers with the tools and insights they need to mitigate risks and fortify their defenses against cyber attacks," he added. AmIBreached 3.0 stands as Cyble's most extensive dark web monitoring engine, boasting access to over 150,447,938,145 records sourced from a myriad of breaches, hacking forums, and indexed conversations. This vast repository of data enables organizations to gain unparalleled visibility into potential threats and vulnerabilities lurking in the dark corners of the internet.   Manish Chachada, Co-founder, and COO of Cyble, commented "By leveraging AmIBreached 3.0's advanced capabilities, consumers can proactively identify and neutralize cyber risks before they escalate into full-fledged security breaches."  With access to over 150 trillion records, AmIBreached 3.0 provides comprehensive coverage of the dark web, ensuring consumers and organizations have visibility into a vast array of potential threats.  AmIBreached 3.0 offers real-time monitoring capabilities, enabling organizations to stay abreast of emerging cyber threats and take proactive measures to mitigate risks. The platform delivers actionable intelligence tailored to each organization's specific needs, empowering them to prioritize and address vulnerabilities effectively.  AmIBreached 3.0's launch marks a significant step forward in Cyble's mission to empower consumers and enterprises with the tools and insights they need to defend against cyber threats. By enabling businesses to proactively monitor the dark web for signs of compromised data, AmIBreached 3.0 plays a pivotal role in strengthening their cybersecurity posture and safeguarding their critical assets.  About Cyble:  Cyble, a trailblazer in Cyber Threat Intelligence, is committed to democratizing Dark Web Threat Intelligence through advanced AI and Machine Learning solutions. Recognized as one of the most sought-after workplaces, Cyble’s culture fosters innovation, collaboration, and professional growth. With a proven track record in delivering cutting-edge research and proactive monitoring, Cyble stands at the forefront of the cybersecurity landscape. Headquartered in Atlanta, Georgia, and with a global presence spanning Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is the trusted authority empowering organizations to proactively combat evolving cyber threats.  Media Contact: Cyble Inc enquiries@cyble.com Ph: +1 678 379 3241 

The digital landscape continues to be a battleground, with cyber threats evolving and attackers targeting an ever-wider range of victims. This week's TCE Cyberwatch roundup highlights a surge in attacks against governments and national security infrastructure, alongside various other cybersecurity incidents. From a critical vulnerability in firewalls to a data breach impacting the United Nations, this week serves as a reminder of the constant vigilance required in the face of cyberattacks. Let's delve into the details to learn more about these incidents.

TCE Cyberwatch: Weekly Round-Up

Palo Alto Warns: Critical Firewall Flaw Could Lead to Cyberattacks

A new vulnerability named "Kaby Lake" was found in Palo Alto, a cybersecurity firm, Networks' firewall devices potentially exposing them to cyber threats, specifically devices running PAN-OS, the operating system produced for and used by Palo Alto Networks' firewalls. The vulnerability, which allows attackers to execute arbitrary code on affected devices, seems to have no patch released to address the issue and customers are currently being provided temporary fixes. Users are advised to stay informed about security updates from Palo Alto Networks and take necessary precautions to mitigate the risks. Read More

HTW Halts Work to Recover From Data Breach 

Herron Todd White (HTW), an Australian valuation firm is currently dealing with the aftermath of an alleged data breach, causing a pause in new work. Major banks that work with HTW regarding property-related assessments have taken precautionary measures as well.   National Australia Bank and Commonwealth Bank have taken action to suspend HTW from any further commercial and agricultural valuation work due to this breach but allow for residential valuations unaffected by it. The motive behind the attack, whether malicious or a security lapse within HTW’s infrastructure, remains uncertain. Australia has become vigilant against cyberattacks due to past reoccurring incidences and now requires organizations to make a report to the Australian Cyber Security Centre (ACSC) within 12 hours of the attack.  Read More

Cyberattack Disrupts French Municipal Governments, Investigation Underway

Multiple French municipal governments recently experienced a cyberattack, disrupting their operations. Attributed to a group identified as the "Shadow Kill Hackers,” the attack targeted numerous municipalities throughout France. Exploiting vulnerabilities in the computer systems of these municipalities, the attackers gained unauthorized access and disrupted essential services, including emails and administrative functions. The motive behind the attack remains unclear, prompting French authorities, including the National Agency for the Security of Information Systems (ANSSI), to launch an investigation and initiate efforts to restore the affected systems. Read More

Cisco Duo Data Breach Exposes User Information

Recently, Cisco's Duo security product encountered a breach that exposed information related to multi-factor authentication (MFA). The breach, facilitated by a phishing attack through SMS and VOIP, targeted employee details and impacted Duo's MFA service. As a result, usernames, email addresses, and MFA device information were potentially compromised. However, Cisco has reassured users that sensitive information such as passwords or authentication methods remained secure. In response to the incident, Cisco promptly notified affected users and implemented necessary security measures to prevent future breaches. Nevertheless, users are advised to remain vigilant and monitor their accounts for any signs of suspicious activity. Read More

Ransomware Attack Targets UNDP, Stealing HR Data

The United Nations Development Programme (UNDP) recently experienced a cyberattack resulting in the breach of human resources (HR) data. The attack compromised the personal information of current and former employees at a branch in Denmark, including staff contracts and internal documents. UNDP issued a notice acknowledging that they had received a threat intelligence notification indicating that a data extortion actor had stolen certain human resources and procurement information. Taking swift action, UNDP promptly implemented necessary precautions and is currently conducting a comprehensive assessment to determine the nature and extent of the cyberattack. Read More

UnitedHealth Takes $1.6 Billion Hit from Change Healthcare Cyberattack

UnitedHealth Group, one of the largest healthcare companies in the U.S., recently issued a warning about a cyberattack that resulted in a potential financial impact of $1.6 billion. The attack, targeting Change, led to disruptions in payments to doctors and healthcare facilities nationwide, as well as adversely affecting community health centers serving over 30 million impoverished and uninsured patients for a month. UnitedHealth estimates that the hack will reduce profits by $1.15 to $1.35 per share this year but emphasizes that the impact is not as severe as initially anticipated. While the company has not yet disclosed the extent of the personal data breached in the attack, federal law mandates that they do so within 60 days. Read More

Cyberattack Cripples Ukrainian Media Giant 1+1 Media

1+1 Media, a prominent media conglomerate in Ukraine, recently experienced a severe cyberattack targeting its satellite TV channels. In a statement released on Wednesday addressing the cyber assault, the media giant disclosed that 39 channels, including some of its flagship networks, became inaccessible, dealing a significant blow to the country's media infrastructure.

Officials stated that the cyberattack on 1+1 Media coincided with escalated tensions in the region, notably the "cynical attack" on the peaceful city of Chernihiv. The attack involved deliberate efforts to disrupt satellite communications on the Astra 4A 11766 H transponder. Read More

Trust Wallet Warns of $2 Million iMessage Exploit

Trust Wallet, a prominent provider of cryptocurrency wallets, has issued a cautionary notice to Apple users concerning a potential vulnerability in iMessage. The alert arises from reliable information suggesting the existence of a zero-day exploit within the iOS iMessage platform, which is reportedly being sold on the dark web for an exorbitant $2 million.

As per Trust Wallet, this zero-day exploit in iMessage poses a significant risk as it enables hackers to take control of iPhones without any interaction from the device user. Unlike conventional exploits that necessitate clicking on malicious links or downloading infected files, this exploit operates seamlessly, posing a particularly serious threat to high-profile targets. Read More

BreachForums Breached! Rival Hackers Claim User Data

The primary website of the infamous BreachForums, a forum known for data leaks and hacking activities, has been shut down by competing threat actors. The group of threat actors known as R00TK1T, in collaboration with the pro-Russian Cyber Army of Russia, declared that they had breached user data subsequent to the takedown of BreachForums.

Additionally, the hackers behind the BreachForums attack asserted their intention to release a roster containing user details, IP addresses, and email addresses from the forum. Despite the assault, the TOR version of the website remains functional. Read More

Benjamin Ambrose Appointed as CISO at NPCI

Benjamin Ambrose has been appointed as the Chief Information Security Officer (CISO) at the National Payments Corporation of India (NPCI), marking a strategic move aimed at bolstering cybersecurity measures in India's rapidly evolving digital payments sector.

Bringing with him extensive experience gained from notable roles at AWS and Citi, Ambrose offers a seasoned perspective to NPCI's cybersecurity initiatives. Read More

Wrap Up

This week's TCE Cyberwatch roundup paints a sobering picture of the ever-evolving cyber threat landscape. From critical infrastructure vulnerabilities to attacks on international organizations and healthcare providers, no entity seems immune.

However, amidst this complexity, there's a crucial takeaway: vigilance is key. By staying informed about the latest threats, implementing robust security practices, and fostering a culture of cybersecurity awareness, we can all play a vital role in mitigating these risks.

TCE remains committed to keeping you informed about the latest developments in the cybersecurity world. We encourage you to stay tuned for future updates and actively participate in building a more secure digital future.