The Rising Danger of Ransomware and How to Recover From an Attack

New Post has been published on https://thedigitalinsider.com/the-rising-danger-of-ransomware-and-how-to-recover-from-an-attack/

The Rising Danger of Ransomware and How to Recover From an Attack

When an organization begins to expand, they’ll likely be faced with a number of operational challenges they need to address. While all businesses have unique roadblocks they’ll need to navigate around, one of the most common issues that all organizations are dealing with today are cyber threats.

Considering the global surge in cybercrime year-over-year, it’s likely that most organizations will have to deal with at least one major security threat in the near future. Understanding how to adequately prepare and react to this scenario, especially a ransomware attack, is critical to ensure the business can mitigate its risks effectively.

Recognizing The Increasing Danger of Ransomware Attacks

Cybersecurity has become a growing concern for many organizations – and rightly so. Recent reports have shown that 71% of global businesses have faced some form of ransomware, and the trends aren’t slowing the way experts would like.

Many of the reasons why cybercrime has become so rampant has been due to the developments of supporting technologies that make digital attacks so effective. Next-generation AI tools and automated coding scripts have made it easier than ever for cybercriminals, even those with little experience, to plan and launch highly sophisticated attacks.

When it comes to ransomware, it has primarily become a numbers game for cyber attackers. While a good amount of organizations are taking digital threats seriously and implementing safeguards to better protect themselves, many others still lack adequate security protocols for their organizations.

The lack of resources or necessary security budgets for many businesses leads many to pay ransoms to attackers in the hopes of minimizing the damage their organizations face to lost mission-critical data or extended operational downtime. Unfortunately, this willingness to cooperate with extortion demands is only continuing to feed a vicious cycle of attacks.

How Can a Business Keep Themselves Protected?

Recognizing the dangers that businesses face is only half the battle when confronted with emerging cyber threats. To increase the likelihood of avoiding an attack altogether, businesses need to put into place a number of important initiatives. Some of these include:

Thorough Security Planning

Prioritizing organizational awareness of any and all existing risks or system vulnerabilities is critical when reducing exposure to cyber threats. This requires a combination of both internal and external support as well as detailed security auditing protocols.

Security auditing is an essential exercise that helps businesses identify important cybersecurity weaknesses and prioritize their remediation. In regulated industries, these audits are critical to ensuring that specific compliance standards are being met by the business. This is particularly true in healthcare sectors, where obtaining certifications like HITRUST is essential to helping businesses avoid non-compliance breaches.

Security audits should be a staple in helping businesses assess every element of their security readiness, right down to their incident response preparedness and their ability to recover successfully even if an attack does take place.

Assessing Vendor Risks

Modern businesses are increasingly dependent on external vendors and providers to help them grow. However, while embracing new AI technologies or cloud-based services can offer a number of benefits, they can also introduce certain vulnerabilities that need to be taken into consideration.

When you collaborate with third-party vendors, it’s important to recognize that this essentially expands your business’s digital footprint. While there isn’t anything wrong with this approach, this extended footprint can also increase your digital attack surface and give cyber attackers new areas to exploit.

Completing thorough vendor assessments is a crucial security measure that businesses should take to better understand the security weaknesses within their digital supply chain. This not only helps the organization better manage its overall risk profile but it also helps businesses make better decisions regarding their partnerships.

Hiring External Assistance

While investing in a great team or various cybersecurity tools is an important step forward Their real value will show after their effectiveness is validated by being able to withstand real-world attacks.

However, rather than waiting for an attack to take place and hoping for the best, businesses have the ability to use a penetration testing service, which provides a valuable way to assess an organization’s defenses against simulated cyberattacks.

Penetration testers work alongside security teams to help them identify discovered vulnerabilities that can be exploited and breached the same way a real attacker would. This provides a much safer way for businesses to validate the integrity of their security systems while also being provided a priority list to address in the event weaknesses are discovered.

What Steps Should Businesses Take To Help Them Recover from a Ransomware Attack?

It can be easy to fall into the trap of thinking that only large enterprises or high-profile brands are in the crosshairs of cybercriminals. In reality, smaller and mid-sized businesses are often prime targets, since they typically have less cybersecurity budgets and are more likely to pay the ransom.

Regardless of what type of business you have and its size, taking proactive steps to prepare for a potential ransomware attack is essential. Here are a few steps you should take:

Plan for the Worst Case Scenario

Deciding to pay a ransom in the event of a successful ransomware attack is a high-stakes risk. Even after paying their ransoms, only around 60% of businesses have been able to successfully recover their encrypted data. This makes this a very risky choice for most organizations.

One way to avoid needing to make this difficult decision is to proactively invest in cybersecurity insurance. This type of financial safety net is a must-have when needing to recover files and databases and can potentially save the business thousands of dollars rebuilding critical systems.

Create a Detailed Disaster Recovery Plan

Having a proactive approach to cybersecurity is critical when looking to minimize disruptions caused by major security incidents. Instead of having the mindset that your business isn’t likely to experience any issues, having a forward-thinking, anticipatory attitude will help the organization prioritize important initiatives like comprehensive disaster recovery planning.

A disaster recovery plan documents all of the individuals or outside partners that will play a role in helping to restore normal business operations in the event of a cybersecurity event. It outlines all of the protocols, procedures, and critical timelines that need to be adhered to in order to prevent significant financial losses.

Work with a Managed Service Provider

Many companies lack the resources to handle their business security in-house without assistance from outside sourcing. Partnering with a managed service provider (MSP) can be an effective way to strengthen these internal defenses and also help support recovery efforts when dealing with the aftermath of a ransomware attack.

MSPs employ skilled security professionals and usually have access to cutting-edge technologies to maximize an organization’s cybersecurity readiness. By leveraging their expertise, organizations can ensure continuous, round-the-clock protection of all their critical systems and networks.

Don’t Let Your Business Become a Victim

Although cybersecurity planning can be a complex process, it’s an undeniably important element of supporting sustainable business growth. By staying informed about new emerging threats and taking the necessary proactive security measures, your business will be able to effectively reduce its digital attack surface while having the necessary protocols in place to successfully navigate any worst-case scenarios.

Fortinet: Cybercriminals Exploit Vulnerabilities 43% Faster, Urgent Action

Fortinet’s 2H 2023 Global Threat Landscape Report reveals that cybercriminals are exploiting industry vulnerabilities 43% faster than in the first half of 2023. Key findings highlight the need for better cyber hygiene, faster patch management, and adherence to vulnerability disclosure best practices. Notably, 44% of ransomware and wiper attacks targeted the industrial sector, and botnets showed…

View On WordPress

Beware Of These Techniques That Cybercriminals Use To Steal Cryptocurrency

While the rise of cryptocurrency has brought about revolutionary changes in the financial landscape, it has also opened doors to new forms of cybercrime. The decentralized and anonymous nature of cryptocurrencies has made them attractive targets for cybercriminals.

Understanding the techniques that cybercriminals use to steal these digital assets is crucial for protecting oneself in the evolving landscape of cybersecurity. It is important that you stay vigilant, and informed, and prioritize security to protect yourself against these evolving threats.

Check out this list of techniques that cybercriminals use to steal cryptocurrency.  

1. Phishing Attacks

One of the most common techniques used by cybercriminals is phishing. They employ misleading emails, websites, or messages that look similar to legitimate platforms or communication from trusted entities. Unsuspecting users are tricked into revealing their private keys, passwords, or wallet information which allows the criminals to gain access to their cryptocurrency holdings.

To Read More Click here...

Global events fuel DDoS attack campaigns - Help Net Security

Cybercriminals launched approximately 7.9 million DDoS attacks in 1H 2023, representing a 31% year-over-year increase, according to NETSCOUT. Global events like the Russia-Ukraine war and NATO bids have driven recent DDoS attack growth. Finland was targeted by pro-Russian hacktivists in 2022 during its bid to join NATO. Turkey and Hungary were targeted with DDoS attacks for opposing Finland’s…

View On WordPress

STYX – A New Dark Web Marketplace Selling DDOS Tools & Banking Malware

Researchers from Rsecurity discovered a recently opened marketplace named STYX; it was found to be opened around January 19, 2023. Cybercriminals operating this marketplace primarily focus on financial fraud, money laundering, and identity theft. The portal was found to be designed using the escrow module, which enables threat actors to brokerage between the buyers and… STYX – A New Dark Web…

View On WordPress

SILLY GUAYYYYYYYYYYYYYYYYYYYY <3 closeups, human form, and ✨document✨under cut!

i have been putting him off for way too long tbh Transcript of doc:

Z-256 - Codename: "The Technician", real name "Hade Parabellum", is to be shot on sight by the EXR-P teams and any personnel without hesitation. 2-256 is a high-level threat in Urbanshade; caution is required if encountered. Given his partnership with Z-779, extreme caution should be taken when in a room equipped with turrets. It has been reported on multiple occasions that 256 is armed with a long range taser and a .45 ACP revolver. Z-256 was brought in as a LR-P in 2014, after he was found guilty of a worldwide DDOS attack, causing companies big and small to lose over $7.1 trillion USD collectively, as well as mining cryptocurrency for use in illicit trades. He had a natural knack for computers, and had a bachelor's in computer sciences. Given this, Urbanshade swept him away to be held in the Hadal division, and in his wake, created a cover story that he took his own life in his cell. From late 2016 onward, 256 was our lead programmer before the breach, despite his history as a cybercriminal. It was later realized his technological prowess could be put to better use outside Urbanshade's facilities, so the DNA of Penaeidae was spliced into his so he could work under the pressure of the Hadal zone comfortably. However, the changes to his appearance from experimentation left him appearing extremely nonhuman, earning him the classification of Z-256. After several months of planning, Z-256 momentarily formed an alliance with Z-13 and Z-763 to escape, additionally causing a breach in many of the other containment cells holding experiments at the Blacksite. He reportedly handled opening electronic locks with his sentient computer Z-779, who enthusiastically complied and assisted. Afterwards, as revenge, he proceeded to destroy several generators that powered the facility, as well as rip up several cables connected to the main power of the External Repellent System, causing several Vultus Linunaria to gather at the newly safened area around the cannon. At the Blacksite: EXR-P teams should report sightings of 2-256 immediately to HQ. Most commonly reported in proximity to Z-779. (Personnel Note: Look up you dimwits. Z-256 often resides in the control pits of rooms with artillery taken over by Z-779, outside of the action. He will try to turn the machine guns back on after they are disabled on the ground; shoot him so he does not succeed.) Under no circumstances can Z-256 be allowed to leave the Blacksite alive. Abandon previous objectives and, as Mr. Shade himself stated, 'Shred their mags until their trigger-finger bleeds."

Over nearly a decade, the hacker group within Russia's GRU military intelligence agency known as Sandworm has launched some of the most disruptive cyberattacks in history against Ukraine's power grids, financial system, media, and government agencies. Signs now point to that same usual suspect being responsible for sabotaging a major mobile provider for the country, cutting off communications for millions and even temporarily sabotaging the air raid warning system in the capital of Kyiv.

On Tuesday, a cyberattack hit Kyivstar, one of Ukraine's largest mobile and internet providers. The details of how that attack was carried out remain far from clear. But it “resulted in essential services of the company’s technology network being blocked,” according to a statement posted by Ukraine’s Computer Emergency Response Team, or CERT-UA.

Kyivstar's CEO, Oleksandr Komarov, told Ukrainian national television on Tuesday, according to Reuters, that the hacking incident “significantly damaged [Kyivstar's] infrastructure [and] limited access.”

“We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy's access,” he continued. “War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war.”

The Ukrainian government hasn't yet publicly attributed the cyberattack to any known hacker group—nor have any cybersecurity companies or researchers. But on Tuesday, a Ukrainian official within its SSSCIP computer security agency, which oversees CERT-UA, pointed out in a message to reporters that a group known as Solntsepek had claimed credit for the attack in a Telegram post, and noted that the group has been linked to the notorious Sandworm unit of Russia's GRU.

“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 computers, more than 4 thousand servers, all cloud storage and backup systems,” reads the message in Russian, addressed to Ukrainian president Volodymyr Zelenskyy and posted to the group's Telegram account. The message also includes screenshots that appear to show access to Kyivstar's network, though this could not be verified. “We attacked Kyivstar because the company provides communications to the Ukrainian Armed Forces, as well as government agencies and law enforcement agencies of Ukraine. The rest of the offices helping the Armed Forces of Ukraine, get ready!”

Solntsepek has previously been used as a front for the hacker group Sandworm, the Moscow-based Unit 74455 of Russia's GRU, says John Hultquist, the head of threat intelligence at Google-owned cybersecurity firm Mandiant and a longtime tracker of the group. He declined, however, to say which of Solntsepek’s network intrusions have been linked to Sandworm in the past, suggesting that some of those intrusions may not yet be public. “It's a group that has claimed credit for incidents we know were carried out by Sandworm,” Hultquist says, adding that Solntsepek's Telegram post bolsters his previous suspicions that Sandworm was responsible. "Given their consistent focus on this type of activity, it's hard to be surprised that another major disruption is linked to them.”

If Solntsepek is a front for Sandworm, it would be far from the first. Over its years of targeting Ukrainian infrastructure, the GRU unit has used a wide variety of covers, hiding behind false flags such as independent hacktivist groups and cybercriminal ransomware gangs. It even attempted to frame North Korea for its attack on the 2018 Winter Olympics.

Today, Kyivstar countered some of Solntsepek's claims in a post on X, writing that “we assure you that the rumors about the destruction of our ‘computers and servers’ are simply fake.” The company had also written on the platform that it hoped to restore its network's operations by Wednesday, adding that it's working with the Ukrainian government and law enforcement agencies to investigate the attack. Kyivstar's parent company, Veon, headquartered in Amsterdam, didn't respond to WIRED's request for more information.

While the fog of war continues to obscure the exact scale of the Kyivstar incident, it already appears to be one of the most disruptive cyberattacks to have hit Ukraine since Russia's full-scale invasion began in February 2022. In the year that followed, Russia launched more data-destroying wiper attacks on Ukrainian networks than have been seen anywhere else in the world in the history of computing, though most have had far smaller effects than the Kyivstar intrusion. Other major Russian cyberattacks to hit Ukraine over the past 20 months include a cyberattack that crippled thousands of Viasat satellite modems across the country and other parts of Europe, now believed to have been carried out by the GRU. Another incident of cybersabotage, which Mandiant attributes to Sandworm specifically, caused a blackout in a Ukrainian city just as it was being hit by missile strikes, potentially hampering defensive efforts.

It's not yet clear if the Kyivstar attack—if it was indeed carried out by a Russian state-sponsored hacker group—was merely intended to sow chaos and confusion among the company's customers, or if it had a more specific tactical intention, such as disguising intelligence-gathering within Kyivstar's network, hampering Ukrainian military communications, or silencing its alerts to civilians about air raids.

“Telecoms offer intelligence opportunities, but they're also very effective targets for disruption," says Mandiant's Hultquist. “You can cause significant disruption to people's lives. And you can even have military impacts.”

"He'll apologize after he's done here. Make it up to them somehow later, have a long talk with them about this." Assuming Dark did not execute cg/ they weren't there/ SOMETHING idk, and Dark was able to patch a very beaten and unconscious Chosen up and drag them back to the house, how would that conversation go? Would Beast take one look at Dark and attack him? Even if Killer or Chosen want to try diplomacy? Would They (one of the alters) wake up, realise their still in the house with the guy who is stronger than them and has harmed them, and book it? If so would Dark follow? Or let them leave Would they wake up to a note? Would one of them rip it up before the others have a chance to see it? Would they TRY diplomacy, only for the argument to immediately resume Theres so many possibilities, none of which can happen since Dark was blasted to kingdom come, BUT we can imagine for a moment

Oh man the convo would go so horribly so badly. Like let's be so honest Dark is the worst person to have a genuine and emotional conversation with he does NOT know what he's doing he's almost worse than Chosen 😭

I've never actually thought about this particular scenario before [as in it's actually like.. never crossed my mind somehow] so I can't really say for absolute certain what would happen, BUT . Let's indulge.

I think you're pretty right that if it were Beast still in front when they wake up, it'd probably immediately assume it was still in danger and attack Dark - that, or it'd absolutely book it the first chance it got, since it's not really looking for a repeat of the Virabot part of that whole thing. Sometimes it's just gotta do what's safest, and that doesn't always mean fighting back - sometimes it means retreat.

I think Chosen would still have some sort of faith in Dark and would like to stay and hear him out - and Killer by extension would, too, in a way. But both would be extremely hurt by everything and can be just as stubborn as Dark when they want to be, so it'd be pretty hard for them to not end up cutting him off a bunch to put their points in.

I think however, aside from Beast, Killer would also probably think about leaving. Maybe not forever, but definitely long enough to go sit outside and think about things for a while. They'd probably slip out when Dark is busy and he just comes back to them gone and briefly freaks out lol.

Honestly I'm certain the argument would just start back up eventually unless something changed REALLY fast you're totally right about that. These guys are sooo bad at emotions and Talking Things Out that it's almost comical if it wasn't borderline depressing.

HOWEVER ☝️ I think even during another argument, for Both of them their fight would just constantly be lingering in their minds - especially through Any Other Future Argument, the thought always rears itself back around. They're cautious of their actions, both of them - neither wants to get close during an argument anymore. If, say, Chosen instinctively tries to get closer - he stops, pulls back, then continues with what he was saying. It would do neither of them good if it got physical again, in fact thats the last thing EITHER of them want, so they do everything physically possible to remove even the possibility of an accident if they end up disagreeing about ANYTHING. No matter how small.

IDK THERES JUST SO MANY WAYS THIS COULD GO AND COULD EFFECT THEM ALL IF THEY DON'T HAVE THE TIME POST-SHOWDOWN TO HEAL FROM THEIR ISSUES. They love each other dearly and are each others best friend but they're also both so so so badly traumatized people and need a therapist SO much. So badly. Alas there's no therapists in the Outernet who work with cybercriminals who had a hand in nearly destroying their world unfortunately. 😔

Cyberspace Sentinels: Tracing the Evolution and Eccentricities of ICE

As we hark back to the embryonic stages of cyber defense in the late 1990s, we find ourselves in a digital petri dish where the first firewalls and antivirus programs are mere amoebas against a sea of threats. The digital defenses of yore, much like the drawbridges and moats of medieval castles, have transformed into a labyrinth of algorithms and machine learning guards in today's complex cybersecurity ecosystem. The sophistication of these systems isn't just technical; it's theatrical.

The drama unfolds spectacularly in the cyberpunk genre, where Intrusion Countermeasures Electronics (ICE) are the dramatis personae. Let's peruse the virtual halls of cyberpunk media to encounter the most deadly, and delightfully weird, iterations of ICE, juxtaposing these fictional behemoths against their real-world counterparts.

We commence our odyssey with William Gibson’s "Neuromancer," where ICE is not only a barrier but a perilous landscape that can zap a hacker's consciousness into oblivion. Gibson gives us Black ICE, a lethal barrier to data larceny that kills the intruding hacker, a grim forerunner to what cybersecurity could become in an age where the stakes are life itself.

CD Projekt Red’s "Cyberpunk 2077" gives us Daemons, digital Cerberuses that gnash and claw at Netrunners with malevolent intent. They symbolize a cyber-Orwellian universe where every keystroke could be a pact with a digital devil.

The chromatic haze of "Ghost in the Shell" offers ICE that intertwines with human cognition, reflecting a reality where software not only defends data but the very sanctity of the human mind.

In Neal Stephenson’s "Snow Crash," the Metaverse is patrolled by ICE that manifests as avatars capable of digital murder. Stephenson's vision is a reminder that in the realm of bytes and bits, the avatar can be as powerful as the sword.

"Matrix" trilogy, portrays ICE as Sentinels — merciless machines tasked with hunting down and eliminating threats, a silicon-carbon ballet of predator and prey.

On the small screen, "Mr. Robot" presents a more realistic tableau — a world where cybersecurity forms the battleground for societal control, with defense systems mirroring modern malware detection and intrusion prevention technologies.

"Ready Player One," both the novel and Spielberg's visual feast, portrays IOI’s Oology Division as a form of corporate ICE, relentless in its pursuit of control over the Oasis, guarding against external threats with a militaristic zeal that mirrors today's corporate cybersecurity brigades.

And let’s not overlook the anarchic "Watch Dogs" game series, where ICE stands as a silent sentinel against a protagonist who uses the city’s own connected infrastructure to bypass and dismantle such defenses.

Now, let us tether these fictional marvels to our reality. Today’s cybersecurity does not slumber; it's embodied in the form of next-gen firewalls, intrusion prevention systems, and advanced endpoint security solutions. They may not be as visceral as the ICE of cyberpunk, but they are no less sophisticated. Consider the deep packet inspection and AI-based behavioral analytics that cast an invisible, ever-watchful eye over our digital comings and goings.

Nevertheless, the reality is less bloodthirsty. Real-world cyber defense systems, as advanced as they may be, do not threaten the physical well-being of attackers. Instead, they stealthily snare and quarantine threats, perhaps leaving cybercriminals pining for the days of simple antivirus skirmishes.

But as the cyberverse stretches its tendrils further into the tangible world, the divide between the fantastical ICE of cyberpunk and the silicon-hardened guardians of our networks grows thin. With the Internet of Things (IoT) binding the digital to the physical, the kinetic potential of cybersecurity threats — and therefore the need for increasingly aggressive countermeasures — becomes apparent.

Could the ICE of tomorrow cross the Rubicon, protecting not just data, but physical well-being, through force if necessary? It is conceivable. As cyberpunk media illustrates, ICE could morph from passive digital barricades into active defenders, perhaps not with the murderous flair of its fictional counterparts but with a potency that dissuades through fear of tangible repercussions.

In the taut narrative of cybersecurity’s evolution, ICE remains the enigmatic, omnipresent sentinel, an avatar of our collective desire for safety amidst the binary storm. And while our reality may not yet feature the neon-drenched drama of cyberpunk's lethal ICE, the premise lingers on the periphery of possibility — a silent admonition that as our digital and physical realms converge, so too might our defenses need to wield a fiercer bite. Will the cyberpunk dream of ICE as a dire protector manifest in our world? Time, the grand weaver of fate, shall unfurl the tapestry for us to see.

- Raz

One of the world’s biggest botnet networks, responsible for stealing close to $6 billion (£4.7bn), has been shut down following an international effort from law enforcement agencies.

The US Justice Department, which led the operation, said the 911 S5 botnet comprised more than 19 million hijacked devices, which were being used to facilitate cyber attacks, large-scale fraud, bomb threats and even child exploitation.

Chinese national YunHe Wang, 35, was arrested on 24 May on suspicion of creating and operating the 911 S5 botnet from his home in St. Kitts and Nevis.

“This Justice Department-led operation brought together law enforcement partners from around the globe to disrupt 911 S5,” said US Attorney General Merrick Garland.

“This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web, and the Justice Department will never stop fighting to hold cyber criminals to account.”

The FBI said the 911 S5 botnet infected computers in nearly 200 countries around the world, which were then controlled through 150 dedicated servers allegedly set up by Mr Wang.

An indictment unsealed on 24 May claimed that malware was used to infect and compromise millions of residential computers between 2014 and 2022, forming the botnet that was then able to carry out the cyber crimes.

Mr Wang allegedly sold access to the botnet to criminals, who then used it to bypass fraud detection systems in order to steal billions of dollars from financial institutions.

One target was reportedly a pandemic relief program in the US, which saw the botnet used to fraudulently make insurance claims from the hijacked IP addresses. More than half a million false claims resulted in losses of $5.9 billion for the programs, according to the FBI.

“Working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet – likely the world’s largest botnet ever,” said FBI Director Christopher Wray.

“We arrested its administrator, Yunhe Wang, seized infrastructure and assets, and levied sanctions against Wang and his co-conspirators... We will work tirelessly to unmask and arrest the cybercriminals who profit from this illegal activity.”

Mr Wang made around $99 million by selling access to the botnet, according to the indictment, which he used to purchase real estate in the US, St. Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates.

Other assets subject to forfeiture are two BMWs, a Ferrari, a Rolls Royce and several luxury wristwatches.

“The conduct alleged here reads like it’s ripped from a screenplay: A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials – then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate,” said Matthew Axelrod of the US Department of Commerce’s Bureau of Industry and Security.

“What they don’t show in the movies though is the painstaking work it takes by domestic and international law enforcement, working closely with industry partners, to take down such a brazen scheme and make an arrest like this happen.”

Mr Wang faces a maximum penalty of 65 years in prison if convicted.

What the Crowdstrike outage means for AI in cybersecurity

New Post has been published on https://thedigitalinsider.com/what-the-crowdstrike-outage-means-for-ai-in-cybersecurity/

What the Crowdstrike outage means for AI in cybersecurity

In an era where our lives are increasingly intertwined with technology, the importance of robust cybersecurity measures cannot be overstated. Recently, a major player in the cybersecurity arena, CrowdStrike, faced an unexpected outage that left many pondering the implications and potential causes.

Was this a simple technical glitch, or could artificial intelligence (AI), often hailed as the knight in shining armor for cybersecurity, have played a role in this disruption?

The great outage: A wake-up call

CrowdStrike, renowned for its cutting-edge threat intelligence and endpoint protection, experienced a significant service disruption. For an organization dedicated to keeping the cyber world safe, this outage was a stark reminder that even the guardians need guarding.

As businesses scrambled to manage the fallout, questions arose: How could this happen? And more intriguingly, what role could AI have played in both causing and potentially preventing such an outage?

AI: The cybersecurity savior

Artificial intelligence has revolutionized the cybersecurity landscape. Its ability to analyze vast amounts of data in real-time, identify patterns, and predict potential threats has made it an invaluable tool for security experts. AI-powered systems can detect anomalies and respond to incidents much faster than any human, making them a crucial asset in the fight against cybercrime.

For instance, AI algorithms can sift through network traffic, pinpoint suspicious activities, and even anticipate attacks before they occur. Machine learning models continually evolve, learning from each encounter with malware or phishing attempts, thereby enhancing their accuracy and effectiveness over time.

When AI becomes the problem

However, as with any powerful tool, AI’s potential for good comes with inherent risks. In the case of the CrowdStrike outage, one plausible theory is that an AI system, while attempting to fortify the network, may have misinterpreted legitimate traffic as a threat, leading to an inadvertent shutdown. This phenomenon, known as a false positive, is a well-known challenge in the realm of AI-based cybersecurity.

Moreover, cybercriminals are also leveraging AI to craft more sophisticated attacks. AI-driven malware can adapt and mutate, making it harder for traditional defenses to keep up. In a twisted turn of events, the very technology designed to protect us can be manipulated to circumvent defenses, creating a cat-and-mouse game where the stakes are incredibly high.

The balancing act: Enhancing AI reliability

The CrowdStrike outage underscores the importance of balancing AI’s capabilities with human oversight. Here are some strategies to enhance the reliability of AI in cybersecurity:

1. Hybrid approaches: Combining AI with human intelligence can mitigate risks. While AI excels at data analysis, human intuition and contextual understanding remain crucial in making final decisions.

2. Regular audits: Continuous monitoring and auditing of AI systems can help identify and rectify potential issues before they escalate. Regularly updating algorithms ensures they adapt to new threats without overreacting to benign activities.

3. Fail-safes and redundancies: Implementing robust fail-safes and redundancy measures can prevent a single point of failure. In the event of an AI misjudgment, alternative systems can take over, maintaining security and service continuity.

4. Transparency and explainability: Developing AI systems with transparent and explainable decision-making processes can help security teams understand and trust AI-driven actions, reducing the likelihood of unexpected outcomes.

The exact cause of the CrowdStrike outage remains under investigation, and there are several potential scenarios that could explain it.

Here’s a look at some possibilities, including DevSecOps AI and security gates, internal bad actors, and external malicious intent:

DevSecOps AI and security gates

AI misconfiguration or failure: In the realm of DevSecOps, AI systems are often employed to automate and enhance security measures throughout the development and operational lifecycle. However, AI is not infallible. A misconfiguration, an erroneous learning model, or an unintended interaction between automated security gates could have led to the outage. For instance, an AI system might have incorrectly flagged legitimate traffic as malicious, triggering security protocols that inadvertently disrupted services.

Complexity and integration issues: DevSecOps environments are inherently complex, involving numerous tools and systems that must work seamlessly together. Any failure in the integration of these components, especially those controlled or monitored by AI, could result in unexpected outages. AI-driven security gates might have imposed overly restrictive policies, leading to operational disruptions.

Internal bad actor

Insider threat: Internal bad actors pose a significant risk to any organization, including those as security-conscious as CrowdStrike. An insider with access to critical systems could intentionally disrupt services for various reasons, such as financial gain, revenge, or coercion. Insider threats are particularly challenging to detect and mitigate because they often involve individuals who already have legitimate access to sensitive areas of the network.

Negligence or error: Not all internal disruptions are malicious. Human error or negligence, such as an employee inadvertently triggering a shutdown or making a configuration mistake, could also lead to an outage. Even in highly automated environments, human oversight and manual interventions play crucial roles and can sometimes go awry.

External malicious intent

Cyber attack: External malicious actors, such as cybercriminals or nation-state hackers, continually seek vulnerabilities to exploit. A coordinated cyber attack could have targeted CrowdStrike’s infrastructure, using sophisticated techniques to bypass defenses and cause a service disruption. Given CrowdStrike’s role in cybersecurity, it is a prime target for adversaries looking to make a statement or disrupt protective services.

Supply chain attack: An often-overlooked vector is the supply chain. Attackers might have compromised a third-party vendor or service integrated into CrowdStrike’s infrastructure. This type of attack can introduce vulnerabilities that are difficult to detect and mitigate, leading to potential service outages.

The need for oversight and accountability

Global impact and responsibility

Critical infrastructure: As a key player in cybersecurity, CrowdStrike’s services are integral to the protection of countless organizations worldwide. An outage can have far-reaching consequences, potentially exposing numerous entities to heightened risk.

Trust and reliability: Clients rely on CrowdStrike for consistent and robust protection against cyber threats. An unexpected disruption can erode trust and confidence, underscoring the need for reliable oversight mechanisms to ensure accountability and transparency.

Regulatory bodies and standards

Industry regulations: The cybersecurity industry is governed by various regulations and standards, such as GDPR, HIPAA, and CCPA, which mandate stringent data protection and security measures. However, the scope and effectiveness of these regulations can vary, and there might be gaps that need addressing, particularly for global service providers like CrowdStrike.

Independent oversight: Establishing an independent oversight body specifically for cybersecurity service providers could enhance accountability. This body could set standards, conduct regular audits, and ensure compliance with best practices. It could also provide a platform for reporting and investigating incidents, fostering a culture of continuous improvement.

Collaborative efforts

Public-private partnerships: Cybersecurity is a shared responsibility, and collaboration between the public and private sectors is crucial. Governments, industry leaders, and regulatory bodies can work together to develop comprehensive strategies and frameworks that address the complexities of modern cyber threats.

Information sharing: Enhanced information sharing among cybersecurity firms, governments, and industry groups can help in anticipating and mitigating threats. A centralized body could facilitate this exchange, ensuring the timely dissemination of critical information.

The role of AI and automation

AI Governance: As AI plays an increasingly central role in cybersecurity, establishing guidelines and oversight for its use is essential. This includes ensuring transparency in AI decision-making processes, regular audits of AI systems, and setting standards for AI ethics and accountability.

Risk management: Developing frameworks for risk management that incorporate AI’s potential risks and benefits can help organizations better prepare for and respond to incidents. This includes creating fail-safes and redundancy measures to minimize the impact of any AI-related issues.

Addressing internal and external threats

Insider threat programs: Organizations should implement robust insider threat programs that include regular monitoring, access controls, and employee training. An oversight body could set standards for these programs, ensuring they are effective and up to date.

Cyber attack response: In the event of an external cyber attack, having established protocols and collaborative efforts in place can significantly enhance response and recovery efforts. An oversight body could play a crucial role in coordinating these efforts, ensuring a unified and effective response.

While the specifics of the CrowdStrike outage are not yet public, it highlights the multifaceted nature of modern cybersecurity threats. Whether caused by AI-related issues within a DevSecOps framework, internal bad actors, or external malicious intent, the incident underscores the need for robust security measures, continuous monitoring, and a proactive approach to threat detection and mitigation.

CrowdStrike and similar organizations will likely conduct thorough investigations to understand the root cause and prevent future occurrences. The lessons learned from such incidents contribute to the evolving strategies in cybersecurity, ensuring better protection and resilience against the ever-changing landscape of cyber threats.

Looking ahead: The future of AI in cybersecurity

Despite the challenges, AI remains a cornerstone of modern cybersecurity strategies. As technology evolves, so too will AI’s capabilities, making it an even more formidable force against cyber threats. However, the key to harnessing AI’s full potential lies in understanding its limitations and ensuring it complements, rather than replaces, human expertise.

The CrowdStrike outage serves as a powerful reminder that in the quest for cybersecurity, vigilance, adaptability, and a healthy dose of skepticism are essential. By embracing a balanced approach, we can ensure that AI continues to be a force for good, safeguarding our digital future.

Interested in talks with some of the leading AI companies? Join us in Boston this October:

Round 3!

If you recognize the movies hiding behind the decoy titles, please do not give identifying details about them in the notes.

Movie n°1: Where we go, we don't need grass

So there's this dude, right? Typical Reddit user, sells pirated movies and junk, DESPERATELY needs to touch grass. Anyway, he's a true crime junkie and is obsessed with this ongoing case about, you guessed it, another cybercriminal. And wouldn't you know it, the cybercriminal contacts him! Dude gives the protagonist some sorta drug and all of a sudden, Mr. Protag is seeing some serious crap. He meets Cybercriminal and his gang of followers, who all, like, worship him except the hot girl and a dude with a goatee. Goatee regrets taking the drug and doesn't want to see all this crap anymore, so he seeks help from Protag's old boss. Goatee tells Bossman some gossip about Cybercriminal and co, and the gang ends up breaking up because of it. Protag and Girl (I swear, she's like the only girl in the movie except for a prostitute and an old lady who trains psychic children (the psychic children aren't relevant to the plot, really)) end up having to break Cybercriminal out of jail because the gossip Goatee gave Bossman ended up revealing his location, and whoops, yeah he's a wanted criminal, right. By the end, Girl practically worships Protag, too, the two of them commit serial murder, and it's implied they live happily ever after? I think?

Movie n°2: The real eldritch horror was in you all along

The leader of an isolated community, which lives in fear and reverence of the god they serve, is consumed with envy when a newcomer arrives who impresses the people with advanced outside technology and gains the favor of their deity. After alienating his people in an attempt to win back his god's love that seemingly ends in the manslaughter of the newcomer, the leader is surprised by his rival and they are both stranded in the outside world. Kidnapped by a sadistic torturer and his attack dog, the newcomer has an existential breakdown when he realizes his entire past is false implanted memories, while the leader has a crisis of conscience and rallies the mutilated prisoners to escape their torment.

Surge in Credential Compromises Driven by Social Engineering Attacks

A staggering 92% of organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023, according to a new report by cybersecurity firm Barracuda. These insidious tactics, which prey on human vulnerabilities, continued dominating the threat landscape, with scamming and phishing accounting for 86% of all social engineering attacks last year.

Emerging Trends in Social Engineering Techniques

Conversation Hijacking: A Sophisticated Impersonation Ploy While conversation hijacking, a technique where attackers compromise business accounts through phishing and monitor communications to craft convincing messages, accounted for only 0.5% of social engineering attacks in 2023, it represents a staggering 70% increase compared to the previous year. This sophisticated tactic allows cybercriminals to gather sensitive information about deals, payment procedures, and other operational details, impersonating trusted entities and tricking victims into authorizing fraudulent transactions or updating payment information. Business Email Compromise (BEC): A Persistent Threat Business email compromise (BEC) attacks, where hackers impersonate executives to trick employees into transferring funds or sensitive data, remained a prominent threat in 2023. These attacks accounted for 10.6% of all social engineering incidents, up from 8% in 2022, highlighting the persistent allure of this lucrative technique for cyber criminals. Extortion: Holding Data Hostage for Ransom Another alarming trend involved extortion attacks, where cybercriminals threaten to expose sensitive or embarrassing content to their victims' contacts unless a ransom is paid. These attacks accounted for 2.7% of the total social engineering attacks in 2023, underscoring the growing prevalence of this nefarious tactic.

Exploiting Legitimate Services for Malicious Gain

The report also sheds light on the evolving use of legitimate services by attackers to target employees through social engineering techniques. Gmail emerged as the most commonly abused email domain, accounting for a staggering 22% of all attacks last year. Other popular free webmail services exploited by hackers included Outlook (2%), Hotmail (1%), iCloud (1%), and Mail.com (1%), while all other domains accounted for 73% of attacks. Notably, attacks originating from Gmail domains were heavily skewed towards BEC, with over 50% of such attacks falling into this category, followed by scamming at 43%.

Malicious URL Obfuscation through Shortening Services Cybercriminals also demonstrated a growing reliance on popular commercial URL shortening services to embed malicious links in phishing emails, effectively disguising the true nature and destination of these links. The most widely used shortening service in 2023 was bit.ly, leveraged in nearly 40% of attacks involving shortened URLs. X's (formerly Twitter) shortening service came in second, utilized in 16% of such attacks, marking a significant shift from 2020 when it accounted for around two-thirds (64%) of these attacks.

The Rise of QR Code Phishing Attacks

Another notable development in the realm of social engineering was the significant rise in QR code phishing attacks towards the end of 2023. Approximately 5% of mailboxes were targeted with these attacks in the final quarter of the year, a concerning trend highlighting cybercriminals' ever-evolving tactics. In these attacks, cybercriminals embed QR codes in phishing emails, prompting unsuspecting users to scan the code and visit a fake page masquerading as a trusted service or application. These pages are designed to trick users into downloading malware or entering their login credentials, effectively compromising their accounts and data. Evading Traditional Security Measures QR code attacks pose a unique challenge as they circumvent traditional email filtering methods, which rely on detecting embedded links or malicious attachments. Furthermore, these attacks leverage personal devices, such as phones or tablets, which are often not protected by corporate security software, providing cybercriminals with a potential entry point into organizational networks and systems. Read the full article

Understanding Privacy Breaches in India: A Growing Concern

Privacy breaches are becoming a prevalent yet gravely worrisome problem in today's increasingly digital world, especially in India, where a plethora of new cyber threats have been brought about by fast digitization. Data breaches are more dangerous than ever as more people rely on digital platforms for banking, retail, communication, and even government functions. Protecting personal information is essential for both individuals and businesses and not doing so can have dire repercussions. This blog explores the definition of privacy breaches, their effects, and self-defence measures. Any unauthorized access, sharing, or theft of personal information constitutes a privacy breach. This may occur as a result of a deliberate hacking attempt or an unintentional disclosure. Privacy breaches are frequently more personal in nature, focusing on sensitive information like your name, financial information, or private chats, in contrast to data breaches, which usually involve the exposure of vast amounts of data. Millions of people have been impacted by these breaches, which have increased in frequency in India, where internet penetration is rising quickly.

Data leaks are among the most prevalent kinds of privacy violations. When private information is unintentionally made public by inadequate security measures, it is referred to as a data leak. These breaches can happen when businesses neglect to encrypt private information, making it open to illegal access. For instance, millions of people's names, addresses, and identification numbers were made public in 2021 due to a huge database leak in India, raising serious concerns about fraud and identity theft. Unauthorized access is another frequent way that privacy is violated. Cybercriminals obtain unauthorized access to networks or accounts using a variety of methods. For example, phishing is a popular technique where attackers deceive victims into disclosing personal information or login passwords. The attacker can access private accounts, steal information, or even perpetrate financial fraud once they have this data. Phishing assaults have increased in India, where the perpetrators frequently impersonate reputable organizations, such as banks or government offices, in order to trick their victims.  In India, identity theft is yet another common privacy violation. To impersonate someone, criminals take their personal information, including their Aadhaar number. They can start phony bank accounts, commit crimes, or make purchases using the victim's name using this stolen identity. This kind of privacy violation has become especially harmful to the victims, both financially and emotionally, as a result of the increased reliance on digital identification and financial systems.

Another important factor in privacy violations is social media. By excessively disclosing personal information on social media sites like Facebook, Instagram, and Twitter, many Indians unwittingly jeopardize their privacy.  Social media breaches happen when hackers make use of publicly accessible information to obtain additional private information or coerce users into disclosing even more private information. Alarming facts support the growing trend of privacy breaches in India. Over 1.16 million cybercrimes were reported in India in 2020 alone, a large percentage of which entailed privacy breaches, according to recent data. Victims may suffer terrible financial and psychological costs, and the consequences are frequently permanent. Since more personal information is being kept online than ever before, there is a greater chance of breaches, which makes cybersecurity a critical concern for both individuals and companies. The effects of privacy violations are extensive. Individuals may experience financial loss, reputational harm, or identity theft as a result of data breaches. Knowing that criminals have access to their personal information frequently causes victims to feel anxious or distressed. The repercussions are just as bad for corporations. Legal issues, significant fines, and a decline in customer trust might result from a privacy violation. After a major breach, some businesses may be compelled to close since the harm to their brand is irreversible.

Preventive actions are crucial in the fight against privacy violations. People should exercise caution when using the internet by creating strong, one-of-a-kind passwords for every account, turning on two-factor authentication, and being careful about what they post on social media. In order to guard against vulnerabilities, it's also essential to update programs and software often. Businesses need to make investments in robust cybersecurity procedures, like encrypting confidential information, carrying out frequent security audits, and teaching staff members how to spot phishing scams.

In conclusion, privacy violations are becoming a bigger issue in India that impacts both people and businesses. The threats of cybercrimes will only rise as long as we continue to rely on digital platforms. We can reduce the possibility of falling victim to a privacy breach by being aware of the risks and adopting preventative measures to safeguard personal data. Keep yourself informed, remain safe, and safeguard your online privacy.

Cyber Crime

Introduction

Crime and wrongdoing have been connected to people since ancient times. Even as societies develop, crime tries to hide itself. Different countries deal with crime in various ways, depending on their situation. It’s clear that a country with a lot of crime can’t grow or progress because crime goes against development. It has bad effects on society and the economy.

Cybercrime is when people commit crimes on the internet using computers. It’s hard to put crimes into specific groups since new ones come up often. In the real world, crimes like rape, murder, or theft can sometimes overlap. Cybercrimes involve both the computer and the person using it as victims. For example, hacking attacks a computer’s information and resources.

Computer as a Tool

When cybercriminals target individuals, the computer becomes a tool rather than the main goal. These crimes exploit human weaknesses and often cause psychological harm. Legal action against these crimes is challenging due to their intangible nature. Similar crimes have existed offline for centuries, but technology has given criminals new tools to reach more victims and evade capture.

Computer as a Target

Only a particular group of individuals carry out these actions. Unlike crimes where computers are merely tools, these activities demand the technical expertise of those involved. These kinds of crimes are relatively recent, coming into existence as long as computers have been around. This explains the lack of readiness in society and the world at large to combat these offenses. Such occurrences take place on the internet frequently. However, it’s worth noting that Africans and Nigerians, in particular, have not yet developed the technical knowledge required to engage in this type of activity.

Conventional Crime

Crime has been a part of human society for a long time and affects both society and the economy. It’s a term defined by the law and is subject to legal punishment. Crime is essentially a legal wrongdoing that can lead to criminal proceedings and penalties. The key aspect of a crime is that it breaks the criminal law. According to Lord Atkin, the determining factor for whether an act is criminal is whether it’s prohibited with penalties attached. A crime can be seen as any action or lack of action that goes against the law and results in legal penalties.

Cyber Crime

Cybercrime is the newest and most complex issue in the digital world. It can be understood as a type of crime where computers are either used as tools or are the focus of the criminal activity. Any illegal action that involves a computer as a means, target, or tool to commit further crimes falls under the category of cybercrime. A simple definition of cybercrime is “illegal activities where computers are involved as tools, targets, or both.” Computers can be tools in various activities like financial crimes, selling illegal items, pornography, online gambling, intellectual property theft, email deception, forgery, cyberbullying, and cyber harassment. On the other hand, computers can also be the target in cases like unauthorized access, stealing electronic information, email attacks, data manipulation, fraudulent actions, and physical harm to computer systems.

Distinction Between Conventional and Cyber Crime

Distinguishing between conventional and cybercrime might not seem obvious, but a closer look reveals an appreciable difference. The key distinction lies in the use of technology in cybercrime cases. The essential factor for cybercrime is the involvement of the virtual cyber medium at some point. In other words, cybercrime requires the use of digital platforms or the internet in its commission.