In response to heightened cyber threats targeting political candidates, election officials and civil society groups, the National Cyber Security Centre (NCSC) in the UK, a part of GCHQ, has introduced a new initiative called the Personal Internet Protection (PIP) service. The service that was unveiled at CYBERUK 2024 in Birmingham, aims to provide an additional layer of security to individuals at “high-risk” of cyberattacks like spear-phishing, malware and other threats, ahead of the upcoming election year. The Personal Internet Protection service works by alerting users when attempting to access malicious domains known to the NCSC and by blocking outgoing traffic to these domains. The PIP offered to high-risk individuals is built on the NCSC’s Protective DNS service that was developed primarily for use by organizations. Since its inception in 2017, PDNS has provided protection at scale for millions of public sector users, handling more than 2.5 trillion site requests and preventing access to 1.5 million malicious domains, the NCSC said.

Cyber Threats Targeting Political Candidates

The Personal Internet Protection service is part of a broader effort by the UK government to enhance cyber support for individuals and organizations crucial to the democratic process, especially considering recent attempts by Russian and Chinese state-affiliated actors to disrupt UK's government and political institutions as well as individuals. While the Russian intelligence services had attempted to use cyberattacks to target prominent persons and organizations in the UK for meddling in the electoral processes, China is likely seen targeting various government agencies including the Ministry of Defence (MoD), whose payroll system was recently breached. Although both, Moscow and Beijing have rejected the use of hacking for political purposes, the relations between them remain strained over these allegations. Jonathon Ellison, NCSC Director for National Resilience and Future Technology, noted the importance of protecting individuals involved in democracy from cyber threats, highlighting the attractiveness of their personal accounts to espionage operations.

“Individuals who play important roles in our democracy are an attractive target for cyber actors seeking to disrupt or otherwise undermine our open and free society. That’s why the NCSC has ramped up our support for people at higher risk of being targeted online to ensure they can better protect their accounts and devices from attacks,” Ellison said.

Ahead of the major election year where more than 50 countries around the world cast their vote, Ellison urged individuals eligible for the Personal Internet Protection services to sign up and to follow their guidance to bolster defenses against various cyber threats. The initiative also extends support to civil society groups facing a heightened risk of cyber threats. A new guide, "Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society," which offers practical advice for individuals such as elected officials, journalists, activists, academics, lawyers and dissidents was released on Tuesday. This guide, developed by the U.S. Cybersecurity and Infrastructure Security Agency in collaboration with international partners, aims to empower high-risk civil society communities with limited resources to combat cyber threats effectively. These include customized risk assessment tools, helplines for digital emergencies and free or discounted cybersecurity services tailored to the needs of civil society organizations. The launch of the Personal Internet Protection service and the release of the guidance for civil society mark significant steps in bolstering the cybersecurity posture of individuals and organizations critical to the democratic process. By enhancing protection against cyber threats, the UK aims to safeguard the integrity of its democracy and promote collective resilience against global threats to democracy. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

CISA, in collaboration with DHS, FBI, and international cybersecurity entities, has revealed a comprehensive guide aimed at bolstering cybersecurity for civil society organizations, particularly those facing heightened risks from state-sponsored cyber threats.  The guide, titled "Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society," offers practical steps to enhance digital defenses for nonprofits, advocacy groups, academic institutions, journalists, and other high-risk groups. Talking about this cybersecurity plan for civil society organizations, Jen Easterly, Director of CISA, stated that threat actors aim to undermine democratic and humanitarian values upheld by civil society.  “These high-risk community organizations often lack cyber threat information and security resources. With our federal and international partners, we are providing this resource to help these organizations better understand the cyber threats they face and help them improve their cyber safety”, added Easterly.

CISA, FBI, and DHS Collaborate to Support Cybersecurity for Civil Society

Civil society organizations play a crucial role in upholding democratic values, making them prime targets for malicious cyber activities orchestrated by state-sponsored actors. These threats, often originating from countries like Russia, China, Iran, and North Korea, include sophisticated tactics such as social engineering and spyware deployment. The security guide emphasizes proactive measures and best practices tailored to the unique challenges faced by civil society entities. Recommendations include regular software updates, the adoption of phishing-resistant multi-factor authentication, and the implementation of the principle of least privilege to minimize vulnerabilities. Furthermore, the guide stresses the importance of cybersecurity training, vendor selection diligence, and the development of incident response plans. It also guides individual members of civil society, advising on password security, privacy protection, and awareness of social engineering tactics. The release of this security guidance highlights a broader effort to empower high-risk communities with the knowledge and tools needed to safeguard against cyber threats. International collaboration, as evidenced by partnerships with entities from Canada, Estonia, Japan, and the United Kingdom, further enhances the effectiveness of these initiatives. John Scott-Railton, senior researcher at CitizenLab, emphasized the need for cybersecurity for civil societies on X (previously Twitter). Talking about this new initiative, John stated, “Historically law enforcement & governments in democracies have been achingly slow to recognize this issue and help out groups in need.” Despite some exceptions, the lack of prioritization has resulted in damages, including missed opportunities for accountability and diminished trust. “That's why I'm glad to see this @CISAgov & UK-led joint initiative come to fruition”, added John.

Aiming for Better Protection Against Cyber Threats

Government agencies and cybersecurity organizations worldwide have joined forces to support civil society against online threats. For instance, the FBI, in conjunction with its partners, aims to equip organizations with the capacity to defend against cyber intrusions, ensuring that entities dedicated to human rights and democracy can operate securely. "The FBI and its partners are putting out this guidance so that civil society organizations have the capacity to mitigate the threats that they face in the cyber realm,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. Similarly, international partners like Japan's National Center of Incident Readiness and Strategy for Cybersecurity and Estonia's State Information Authority stress the importance of collective action in addressing global cyber threats. These collaborations reflect a shared commitment to bolstering cybersecurity resilience on a global scale. The guide also provides valuable insights into the tactics and techniques employed by state-sponsored actors, enabling organizations to make informed decisions regarding cybersecurity investments and resource allocation. In addition to the guidance document, a range of resources and tools are available to assist high-risk communities in enhancing their cyber defenses. These include customized risk assessment tools, helplines for digital emergencies, and free or discounted cybersecurity services tailored to the needs of civil society organizations. By leveraging these resources and fostering international cooperation, civil society can better defend against cyber threats and continue their vital work in promoting democracy, human rights, and social justice. Through collective efforts and ongoing collaboration, the global community can build a more resilient and secure cyber environment for all. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Google has brought together its Gemini AI model with its Mandiant cybersecurity unit and VirusTotal threat Intelligence to enhance threat landscape accessibility and efficiency. The company also plans to use its Gemini 1.5 Pro large language model, released in February, to ease the understanding of threat reports for a broader audience. At the RSA Conference in San Francisco, Google unveiled their latest AI-based solution to add more value to threat intelligence. Tackling the long-standing challenges of fragmented threat landscapes and cumbersome data collection processes, Google Threat Intelligence integrates Mandiant's frontline expertise, real-time contributions from VirusTotal's global community and Google's visibility into extensive user and device footprint to deliver a comprehensive defense against evolving cyber threats. Bernardo Quintero, founder of VirusTotal called this initiative a “sharing knowledge, protecting together” mission, which it has embraced with Google and Mandiant.

“I want to assure our entire community, from security researchers and industry partners to individual users, that VirusTotal's core mission remains unchanged. We remain deeply dedicated to collective intelligence and collaboration, fostering a platform where everyone can come together to share knowledge, access valuable threat information, and contribute to the fight against cyber threats,” Quintero said.

“VirusTotal remains committed to a level playing field, ensuring all partners, including Google Threat Intelligence, have equal access to the crowdsourced data VirusTotal collects. We also want to assure you that the core features and functionalities of VirusTotal will remain free and accessible to everyone, as always,” he added, clearing the air around VirusTotal’s future. “The strength of VirusTotal lies in its network of contributors and the vast amount of data they provide. This data serves as a valuable resource for the entire security industry, empowering our partners and others to enhance their products and contribute to a more secure digital world. This collaborative approach, based on transparency and equal access, strengthens the industry as a whole, ultimately leading to better protection for everyone.”

Challenges Addressed and Google’s Gemini AI Integration

For years, organizations have grappled with two primary hurdles in threat intelligence: a lack of holistic visibility into the threat landscape and the arduous task of collecting and operationalizing intelligence data. Google's new offering aims to address these challenges head-on providing insights and operational efficiency to security teams worldwide. The integration of Gemini, Google's AI-powered agent, enhances the operationalization of threat intelligence, streamlining the analysis process and accelerating response times. Using the Gemini 1.5 Pro large language model, Google claims to significantly reduce the time required to analyze malware attacks. For instance, the model took only 34 seconds to dissect the WannaCry virus and identify a kill switch, demonstrating its efficacy in threat analysis. Another key feature of Gemini AI is its ability to summarize threat reports into natural language, aiding companies in assessing potential attacks' impact and prioritizing responses. Threat Intelligence also offers a comprehensive threat monitoring network, empowering users to gain insights into the cybersecurity landscape and prioritize their defense strategies. Mandiant's experts, acquired by Google in 2022, play a vital role in assessing security vulnerabilities in AI projects through the Secure AI Framework. They conduct rigorous testing to fortify AI models against potential threats like data poisoning, ensuring their resilience against malicious exploitation. While Google is pioneering the integration of AI into cybersecurity, other tech giants like Microsoft are also exploring similar avenues, underscoring the growing significance of AI in safeguarding digital assets against evolving threats. As cyber threats continue to evolve, proactive defense strategies are more critical than ever. With Google Threat Intelligence, organizations can leverage cutting-edge technology to detect, analyze, and mitigate threats effectively, ensuring the security and resilience of their digital infrastructure in an increasingly complex threat landscape.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Understanding a country's cybersecurity readiness is vital in today's environment. Using data analytics and machine learning, we can assess each nation's cybersecurity strengths, weaknesses, and areas needing improvement. Exploring the cybersecurity rankings of different countries can help us make informed decisions, encourage global cooperation, and work towards a safer digital world for everyone.

The post Global Cybercrime Report 2024: Which Countries Face the Highest Risk? appeared first on Security Boulevard.

by Neelesh Kripalani, Chief Technology Officer, Clover Infotech As businesses grapple with an ever-changing and increasingly hostile threat environment, the emergence of AI and machine learning technologies introduces fresh challenges to cybersecurity. While these technologies offer the potential to transform our security strategies, they also introduce new risks and vulnerabilities that need effective management. Here are some of the latest cyber threats that businesses need to be aware of:

Cyber Threats Businesses Need to be Aware of

Targeted Ransomware Attacks - This type of malware is designed to hold a victim’s information at ransom. The tactics involve denying users and system administrators access to individual files or even entire digital networks, followed by a “ransom note” demanding payment to regain access. IoT Creates New Cybersecurity Threats - The Internet of Things (IoT) enables billions of physical devices around the globe to collect and share data over the Internet. This creates new cyber threats by expanding the attack surface with diverse and often inadequately secured devices. Common issues include default credentials, lack of regular updates, and data privacy concerns due to the extensive collection and transmission of sensitive information. Deepfake and Synthetic Media Attacks - Such cyberattacks use AI to manipulate content, such as pictures, videos, or audio recordings, to deceive individuals or influence public opinion. Credential Stuffing and Brute Force Attacks - Credential stuffing and brute force attacks involve automated attempts to gain unauthorized access to user accounts using stolen or guessed credentials.

Cybersecurity Best Practices

Here are some key strategies and best practices that businesses can implement to enhance their overall security posture: Risk Assessment and Management - Conduct a comprehensive risk assessment to identify vulnerabilities and prioritize them based on potential impact. Implement risk mitigation strategies to address identified vulnerabilities and reduce the overall risk level. Implement Strong Authentication and Access Control - Add an extra layer of security by mandating users to verify their identity through multiple factors, such as passwords, biometric data, and OTP. Additionally, role-based access control allows enterprises to restrict access to sensitive information and critical systems based on users’ roles and responsibilities. Regular Software Updates and Patch Management - Regularly update and patch all software, operating systems, and firmware to address known vulnerabilities and reduce the risk of exploitation. Implement Endpoint Security Measures - Deploy endpoint protection platforms and endpoint detection and response solutions to secure endpoints from malware attacks. Implement Data Encryption and Privacy Measures - Encrypt sensitive data at rest and in transit to protect it from unauthorized access and data breaches. Implement Security Awareness and Training Programs - Provide regular cybersecurity training and awareness programs to educate employees about cybersecurity best practices, phishing awareness, and the importance of strong passwords. Conduct periodic incident response training to prepare employees for potential security incidents and ensure a coordinated and effective response. In the face of evolving cybersecurity threats, businesses must adopt enhanced strategies, including comprehensive risk assessment, strong authentication, regular updates, and employee training, to safeguard their assets and critical systems. Proactive measures and a culture of cybersecurity awareness are essential to mitigate risks effectively, ensure compliance, and protect the organization's reputation and business continuity in an interconnected world. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.