Biden Administration to Release National Cyber Strategy
The Biden Administration is set to release a comprehensive National Cyber Strategy that will work to strengthen the security of our nation’s digital infrastructure and protect us from malicious cyber threats. This strategy comes when cybersecurity is more important than ever, as cybercriminals are constantly finding new ways to exploit vulnerabilities in networks and technology. This strategy will outline the steps necessary for the government to protect itself from these threats and ensure our digital safety. What Is Included in the National Cyber Strategy? The strategy outlines several initiatives the federal government can take to better protect against cyberattacks. These include creating more substantial standards for federal agencies and departments; increasing agency collaboration on security matters; developing new technologies and processes to detect emerging threats better; improving public-private partnership efforts; and implementing a whole-of-government approach to dealing with cyber threats. The strategy also calls for closer partnerships with industry, academia, civil society organizations, international partners, state and local governments, and other stakeholders to build a more secure cyberspace. It also seeks to develop ways for agencies and departments to collaborate on information sharing related to cybersecurity issues and methods for them to share best practices that one can implement across the board. Finally, it calls for “robust diplomatic engagement” with other countries to establish shared norms of responsible behavior in cyberspace and develop effective responses when incidents occur. These initiatives aim to strengthen our nation’s cybersecurity posture while promoting an open Internet safe from malicious actors. What Makes The Strategy Unique It is common for a new administration to release a national cybersecurity strategy, as it allows them to set the priorities and direction for their approach to cybersecurity. However, what may be unique about the Biden administration’s national cyber strategy is the specific challenges and threats that it will address. For example, the system may emphasize addressing the threat of state-sponsored cyberattacks or prioritize strengthening critical infrastructure cybersecurity. Additionally, the strategy may outline new initiatives or approaches to managing cyber threats, such as increased collaboration with the private sector or developing new technologies. How Will This Help Improve Security? The Biden Administration’s National Cyber Strategy will help improve security by guiding how federal agencies respond when faced with a security incident or threat. It will also help provide clarity on what steps must be taken when sharing information or data between agencies or departments so that they can stay ahead of potential threats. Additionally, it will foster collaboration between public and private entities to work together toward building more robust defenses against cyber threats. Finally, it will provide direction on how the government should engage internationally to work with other countries to establish shared norms of responsible behavior online. Conclusion As cybercriminals become increasingly sophisticated in their tactics, strong national guidelines must dictate how our government handles cybersecurity issues internally and externally. The Biden Administration’s National Cyber Strategy provides a comprehensive set of steps to strengthen our nation’s digital infrastructure while protecting us from malicious cyber threats. By following these guidelines, one can ensure that they remain one step ahead of those who seek to do them harm online.
Holiday Breaches and Scams 2022-2023
For most Americans, the holidays are full of shopping, festive candlelight dinners, and family gatherings. However, for some consumers, one number on their credit card statement stands out among all those other numbers—the dollar amount from unauthorized charges made during the holidays. In light of this fact, credit card fraud, in general, is on the rise, and so is retailers’ enthusiasm to reach potential customers. Between 2011-2012 alone, retailers doubled spending during this time of year. While this holiday spending is unsurprising and arguably to be expected, the way that those in charge of financial transactions expect to manage this growth is what has industry experts (and many other people) worried. Such data points to a worrying trend in which businesses tend to put security measures on the back burner to make more money or save time. For many companies and customers alike, an increase in holiday spending results in a corresponding rise in holiday credit card fraud. This phenomenon is even more problematic because this holiday season may be the most lucrative for businesses. Many are expected to sell billions of dollars worth of goods and services, potentially making this season’s credit card fraud statistics even more alarming. According to a report published by Javelin Strategy & Research, in 2012, holiday shopping topped $465 billion. This figure is expected to grow this year and might even hit $500 billion, a significantly large sum. As the holiday season progresses, the amount of money that goes through the card networks and into bank accounts will increase. Businesses will be looking at a very profitable period. Therefore they will be increasing their efforts to reach consumers, which inevitably means an increase in online sales and e-commerce transactions. Not surprisingly, these trends have led experts to wonder what will happen to the number of credit card fraud cases and if it will, like many other things this season, become more prolific than usual. As it turns out, these concerns may be justified since a report published by Trustev revealed that credit card fraud rates have increased during the holidays and that online shopping is often the cause of the said increase. During the last holiday season alone, 2% of all e-commerce sales were fraudulent. The new holiday season is already starting to exhibit this trend, which is expected to continue throughout the upcoming months. This trend has led major retailers and financial institutions alike to begin taking steps to prevent fraud. For example, Target worked with not one but two security firms to boost their credit card fraud detection system and guard against rogue salespeople. Retailers such as Nordstrom are joining them in the effort by setting up their plans to detect fraudulent transactions. While retailers take measures to protect themselves and their customers, there is also no denying that these efforts have little impact on the overall problem. There is only so much that retailers can do to protect themselves from fraud, so it has become increasingly clear that banks must also be able to help lessen the impact of this type of fraud.
Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up
Sullivan was arrested and charged with two felonies: obstruction of justice and misprision. During his tenure as Chief Security Officer (CSO) at Uber (April 2015–November 2017), the firm suffered a data breach in which over 50 million customers and drivers’ personal information was compromised. In an effort at extortion, hackers demanded six figures from Uber. In return, Uber paid the hackers $100,000 via its HackerOne bug bounty program and instructed them to delete the stolen information to conceal the incident. Even though the event happened in the autumn of 2016, it wasn’t made public until after Uber’s new CEO, Dara Khosrowshahi, had been in office for over a year. U.S. regulators were unhappy with how the hack was handled, and Sullivan was dismissed. At the time, the FTC was looking into a different, minor cybersecurity problem that the ride-sharing company had in 2014. How Could Sullivan Have Avoided Data Breach in Uber? Hiring managed security service providers (MSSPs) can help to avoid security breach problems. Emerging technological developments in today’s digitalized world make it imperative for businesses of all sizes to secure their most precious data and assets against infiltration and breach. Most organizations lack the means to respond quickly enough to new security threats, like Uber’s data breach. This is when an MSSP comes in handy. MSSPs offer their services locally or remotely, most frequently using cloud computing. They provide comprehensive security solutions, from initial infrastructure setup to ongoing security monitoring and incident response. While some MSSPs offer partial outsourcing of an organization’s information security program, others provide comprehensive services across the board. Access to security professionals and additional personnel is the key perk of managed security services. By ensuring that corporate IT is constantly informed about security concerns, audits, and maintenance status, MSSPs free up the employing organization to concentrate on security governance rather than administrative duties. Despite a growing understanding of the necessity of preventative security measures, many businesses continue to delay putting sensible security measures into place until they have suffered a loss due to a data breach. Managed security service companies are a wise choice since they provide constant supervision, 365 days per year and 24 hours per day. Without the right security tools and resources, it may be a significant drain on resources to keep up with constantly shifting threats, deal with them as they appear, and recover from incidents discovered too late.
2022: Ransomware Attacks Are on the Rise
Cyberspace has enjoyed relative peace over the past few years due to a significant decline in ransomware attacks. This tranquility may be attributed to the combined efforts of several international intelligence agencies and various tech companies to eradicate cyberterrorism. Unfortunately, the past few months have steadily increased ransomware attacks. A report by NCC Group reveals that the attacks are being staged by groups offering cyber attacks as a service. Moreover, the report highlights that Lockbit, one of the most notorious ransomware syndicates, is behind more than half the attacks. In July alone, Lockbit managed 62 attacks compared to BlackBasta’s 24 and Hiveleaks’ 27, more than the latter and the former groups combined. BlackBasta and Hiveleaks have also increased their activities significantly in the past few months. In 2021, there was a 105% increase in ransomware attacks worldwide. According to a 2022 Cyber Threat Report, these attacks mainly targeted healthcare facilities. Although the root cause of the sudden increase in cybercrime activity is still unknown, many experts allude to employees handling work in remote areas as the most likely cause. What Caused the Sudden Rise in Ransomware Attacks? The American government offered a 15 million dollar reward in May 2022 for information about Conti in a bid to deal with the organization permanently. American security agencies believed that Conti was undergoing some administrative and functional restructuring during that period. Thus, it was an opportune time to finish the organization for good. Unfortunately, the remnants of Conti, after their ruin, sought out BlackBasta and Hiveleaks. The two were small groups at the time. Hence, the former Conti members easily captured the leadership and continued their terror reign. Intelligence agencies were content that their efforts to dismantle Conti were successful and further surveillance of smaller ransomware groups. They never anticipated that the former leader of Conti would influence the activities of the smaller groups. However, the Conti influence was too great, and their actions led to a spike in ransomware attacks in 2021 and 2022. The current trend projections indicate their activities will continue well into 2023.
Zeppelin Ransomware Resurfaces with New Compromise
A Zeus variant that first surfaced in August 2016 called Zeppelin has resurfaced and is now being used to compromise Web servers to distribute its payload. The threat researchers at Forcepoint Security Labs said they first started seeing new Zeppelin malware samples on July 31, 2018. They said it is unclear where the infection process begins, but evidence suggests that it starts with a phishing email attachment carrying an embedded iframe tag that loads a remote script. The iframe directs the browser to a remote site hosting an HTML application that fetches and executes the malware. Zeppelin is also one of the more rare examples of a malware variant branching out from just being banking malware. Research from Forcepoint reported that the initial activity observed had been confined to Web servers with content management systems (CMS). What drove researchers crazy, however, was its ability to compromise CMS-powered websites without stealing credentials or other sensitive data. The researchers noted that the phishing campaign used email attachments containing a malicious iframe tag to load an HTML file. This iframe is hosted on a server hosting a code editor tool. The HTML file then fetches a remote script that, in turn, downloads the malware payload. Forcepoint is unsure how the iframe gets injected into the email, but they believe it could be done through a compromised website. “The ZeuS variant itself is fairly basic,” wrote the researchers. “It has only one module for stealing credentials from browsers and one for checking its C&C server for new commands.” It is about 20KB in size and uses HTTP for communication with its command server. A new infection attempt was found targeting an undisclosed CMS platform on September 17, 2018. This attempted infection differed from previous attempts by using a script to fetch Zeppelin rather than an HTML file that downloads it remotely. The way to protect yourself from Zeppelin is to avoid opening an email from an unknown sender, especially from a sender you don’t expect to send you anything. The recommendation To protect against any data leakage through the Web server is to use your CMS’s most recent version of the software. You should also make sure you are using a web application firewall (WAF) to block any malicious requests and a web application firewall to protect the server. It would be best if you also implemented regular security patches and password changes on your CMS. This way, the criminals won’t be able to break into your system.
DEF CON returns with “Hacker Homecoming”
Organizers of DEF CON, the world’s largest hacker conference, have announced a date for its 20th anniversary in Las Vegas. The event took place from August 7 to August 10, just after Black Hat USA in a move organizers say will allow both events to grow and be successful together. DEF CON is an annual conference that includes speakers, exhibitors, and attendees with interest in computer security. It should not be confused with “DEFCON,” the name of a global military defense system. “The core of DEF CON is the community it’s built,” said Jeff Moss, founder of DEF CON and counter-terrorism expert ranked as one of the top 10 most influential people in the hacker community. “We wanted to celebrate more than 20 years of an event that has brought together the best hackers on the planet.” The event hosted about 2,000 attendees, almost double last year’s event, and was a necessity for organizers after Black Hat grew to become one of the top security conferences in the world. The two events have had a strong history together. Moss helped organize Black Hat after it was created as a spinoff from DEF CON in 2005. “I wanted another Vegas conference that focused on security,” said Jeff Moss, better known as the Dark Tangent. “I took a bunch of people from DEF CON and put them on a stage. It was the first time I’d ever done it.” The main event is held at the Rio Casino and Hotel, which has been the event’s home for the past three years. A third more minor event is also to be hosted at The Orleans Casino and Hotel that takes place the same weekend. The events have been held separately in recent years after Checkpoint acquired Black Hat from Inverse in 2010 and sold it to Cylance this year. However, they’re back together again after organizers say they wanted to bring them together again as a new tradition is created. The two events hosted some new additions that were added to appease both DEF CON and Black Hat attendees. There will be a Def Con Arcade area for kids of all ages to play video games and have a chance to get up close with vendors and industry experts for hands-on experience. The DEF CON Social Club will also be created as a place for attendees to interact, share their knowledge, ask questions and learn from other experts in the field. The social club will include topics such as “Hackers Guide To Voting Machines” to meetings like “Hacking How-Tos,” where attendees are encouraged to form groups and work on specific projects. DEF CON and Black Hat have partnered with Bugcrowd, a bug bounty program that allows hackers to find and report vulnerabilities. Bugcrowd will be offering a $1 million top prize for anyone who finds the most severe security flaws in the two events’ systems. The company has already awarded more than $1.6 million since it started in 2012, adding another $1 million to its kitty by last year’s DEF CON alone.
The U.S. Health Organizations Targeted With Maui Ransomware
North Korea’s state-sponsored ransomware operators have launched a campaign targeting healthcare organizations in the United States. This is according to an advisory issued by the Federal Bureau of Investigations (FBI) and the Infrastructure Security Agency (CISA). The Maui ransomware has been used by threat actors in North Korea since May 2021. They use ransomware to target healthcare organizations in the United States and other countries worldwide. Federal agencies are warning organizations to be on the lookout for any signs of compromise and take preventive action against such attacks. If an organization realizes that it has been attacked by ransomware, the security agencies advise against paying any requested money. They said that paying a ransom isn’t a guarantee that the affected files will be recovered. According to a report issued by Stairwell, a cybersecurity firm, Maui has existed since April 2021. It says that the ransomware has distinct features that make it different from other regular ransomware mainly used. Silas Cutler the principal reverse engineer at Stairwell asserts that Maui stands out due to the absence of several characteristics commonly seen in Ransomware-as-a-service (RaaS) provider tooling. These include the absence of a ransom note to offer recovery instructions or an automatic method of transmitting encryption keys to attackers. Security professionals say that this makes it even more difficult to discover that one has been attacked by ransomware. “Cyber criminals usually want to be paid as quickly as possible. They want to ensure the victim is desperate enough to pay the ransom without delay. This is what Maui ransomware aims at”, observed McQuiggan James, a security awareness advocate. Another prominent feature that sets Maui apart from other ransomware is that it is designed to be executed manually by the attacker. “This gives them an opportunity to decide which files to encrypt when executing an attack,” wrote Cutler. Manual execution is a growing trend among advanced malware operators. This is because the technique allows cybercriminals to only attack targeted and the most important assets on a network. John Bambenek, a principal threat hunter at Netenrich, says that Maui is one of the most dangerous ransomware that has ever existed. “For ransomware to be effective, threat actors have to manually pinpoint the important assets as well as weak points to cripple a victim. Automated tools can’t pick out all the unique aspects of a company to enable a proper ransomware execution”, said Bambenek. The healthcare sector has been on the receiving end since the discovery of Maui ransomware. The attacks started during the COVID-19 pandemic and have continued since then. Experts believe that there are a number of reasons why the healthcare industry has been a target for threat actors. One reason is that health is a financially lucrative sector that still uses outdated IT systems. The lack of sophisticated security systems makes it easy for attackers to penetrate and demand ransom. Citing a report from Stairwell, security agencies offered detailed information on how an attack by Maui ransomware gets installed as an encryption binary known as “maui.xe” and encrypts targeted files in an organization. Through a command-line interface, a threat actor is able to interact with the ransomware to pick out the files to encrypt with the help of Advanced Encryption Standard (AES), XOR, and RSA encryption. During the encryption process, the ransomware creates a temporary folder for every file it encrypts using GetTempFileNameW. According to researchers, it then uses this file to generate output from encryption.
CISA Suggests That Organizations Use the Most Recent Version of Google Chrome
Users and administrators should update to a new version of Chrome released by Google last week to address seven flaws in the browser, according to the US Cybersecurity and Infrastructure Agency (CISA). Google published an advisory on January 6, 2019. Four of the bugs were addressed in the advisory: three were reported to Google by external researchers, who identified them as posing a significant risk for businesses. The firm stated that it had decided to keep access to bug information limited until most users have updated to the new version of Chrome (102. One of the flaws is a so-called use after free bug in the WebGPU application programming interface for operations such as calculation and rendering on a Graphics Processing Unit. According to a description of the flaw on the vulnerability database VulDB, the bug (CVE-2022-2007) is remotely exploitable. It has an impact on affected systems’ confidentiality. In May, Google rewarded the security researcher who discovered the vulnerability with $10,000. According to VulDB, an exploit for the flaw would cost between $5,000 and $25,000. The second flaw is an out-of-bounds memory access using the WebGL API for rendering 2D and 3D graphics. Two VinCSS Internet Security Services researchers discovered the bug (CVE-2022-2008). VulDB characterized the vulnerability as being remotely exploitable but requiring user interaction. The third high-severity vulnerability addressed by the new Chrome version (CVE-2022-2010) is a Web page content rendering out-of-bound read vulnerability. In May, a Google Project Zero security researcher discovered the flaw. Like the other two flaws, this one also has an impact on the affected systems’ confidentiality, integrity, and availability. Talk to our experts today! The use-after-free vulnerability discovered by Google in June is the fourth high-severity bug they’ve published. An external security researcher brought it to Google in May. According to an outside source, ANGLE, a function that Google describes as an “almost native Graphics Layer engine” in Chrome, is vulnerable (CVE-2022-2011). Google’s Chrome update note has been updated. The firm advised organizations to check it out and install the upgrade to reduce risk. For Windows, Mac, and Linux users, Google’s browser has been upgraded to version 102.0.5005.115. This version addresses security flaws that an attacker might exploit to gain access to a system. Google’s most recent Chrome version addresses seven flaws, fewer than the number of other recent Chrome-related bugs reported by the firm. On May 24, Google released a Chrome update that it had discovered in an internal testing program. One of the bugs was rated as being of critical importance, while seven others were considered to be extremely severe. Another update, also issued in May, included fixes for 13 flaws, eight of which were deemed high-risk.
Defending Your Business Against Russian Cyber Warfare
As the West tightens its sanctions and supplies further assistance to Ukraine, we may anticipate Russian state-sponsored assaults to increase. The conflict in Ukraine is drawing attention from around the world. Russia has launched cyberattacks against Ukraine first, as predicted, and much of the West is concerned that Russia will retaliate against countries that support Ukraine later. Most experts believe that some assaults are already underway, and further attacks on Western organizations are certain to increase as the war continues and more sanctions are The first wave of businesses targeted by the Russian state, as well as threat actors it supports, will be those that cease operations in Russia or take direct action to assist Ukraine. Information warfare and subversion against these firms are likely. When defending against Russian cyberwarfare, examining the sectors, styles, and goals of their assaults may help organizations prepare. Industries Targeted by Russian Cyberattacks While we anticipate that businesses openly assisting Ukrainians will be targeted by Russian cyber assaults, it’s worth noting that industries have been targeted in the previous year. You’ll notice that governments, infrastructure, and technology services have consistently been among the most-targeted sectors. Cyber attacks can be divided into five categories: state-sponsored, private-sector sponsored, criminal/insurgent sponsored, criminal/insurgent Ransomware – since 2021, the most popular cyber threat to target private businesses has been ransomware. Email Phishing – the most popular approach to access sensitive information and networks is by hacking. Credential Stuffing – one of the most popular approaches, which is frequently used by C-Suite executives and gamers to obtain access to their accounts in order to acquire privileged These attacks are not new, but they are growing more worrisome. Objectives of High Profile Cyber Attacks By Russian Cyber Actors Over the last year, the Russian government and cybercriminals affiliated with it have targeted commercial enterprises in several assaults. Common but effective methods—including spear phishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—have long been used by these APT actors to gain early access to target networks. We believe there are three major goals for which Russian cyber actors, both criminal, and government, will target those networks: Influence Retribution Gain The following is a three-step best practice approach to defending organizations, locations, and people from becoming successful targets that may be vulnerable to attack: Step 1: Influence To identify and combat influence campaigns while also ensuring sensitive IP is not leaked or compromised, utilize open-source monitoring. Conduct robust open-source and dark web monitoring, which may or may not include actor engagement, to determine the following: Is your company’s reputation being damaged by false claims or disinformation? Has your intellectual property been stolen and offered for sale on the dark web or in private forums? Step 2: Retribution To prevent and detect cybercrime, ransomware, and other aggressive network exploitation, keep an eye on the external attack surface. Understand how adversary-operated malware is spread via these channels. Step 3: Gain Keep a record of everything from the beginning. From time to time, I’ll be able to share some important tips and tactics on how we can further streamline our procedures in order to make them more aggressive, successful, and efficient. Maintain a strong online presence for all executives and reduce their public exposure and exposure. Impose alerts when inauthentic social media accounts are established for executives and employees.
World Password Day 2022: All You Want to Know
One of the most fun and effective ways to spread public awareness about a topic or issue is to commemorate it by devoting a specific day in its honor. With the help of powerful social media forums and passionate advocates, everything from puppies to pirates can be brought to the forefront of our collective awareness. In light of this trend, it’s no wonder that digital security advocates will be once again celebrating World Password Day in 2022. What Is World Password Day? On the first Thursday in May of every year, strong passwords are emphasized. As our awareness of the significance of these uniquely personalized access codes increases, advocates hope that end-users on all systems will improve the strength of their customized passcodes and enhance their focus on cybersecurity in their daily lives. History of Password Day Security researcher Mark Burnett most notably began to focus on the importance of passwords in his book Perfect Password: Selection, Protection, Authentication, published in 2005. He suggested that people devote a specific day to updating and strengthening their internet passwords. Few would argue with the sagacity of his advice. After all, strong passwords serve as the gatekeepers protecting digital accounts and websites from unauthorized access. Inspired by Burnett’s foresight to bring password strength to everyone’s attention, Intel Security took it to heart. They recommended that World Password Day be commemorated yearly on the first Thursday of May. How do you celebrate password day? Some might be led to wonder why so much fuss is being made about the humble password. The reality is that recent and widespread incidents of data breaches emphasize how vital it is for organizations and end-users alike to make information security their top priority. In recent years, the cloud-based data storage services that have gained such popularity have become the repositories of seemingly infinite amounts of sensitive data. Bank account information, health details, shopping facts, and work-related specifics are now stored online, usually off-site and far away from the people, they pertain to. When digital safety perimeters such as passwords are lax, this information is ripe for the picking by criminals worldwide. Information security experts continue to develop more sophisticated protective measures to safeguard our digital treasure troves. Two of the most effective are password managers that can generate and store passcodes, making them easier to retrieve and make complex, and multi-factor authentication that requires an additional layer of identification before a user can gain access to their information. World Password Day can act as a tangible date on which people focus on learning about these strengthening techniques and incorporating them into their daily habits. How to Observe World Password Day How do you celebrate World Password Day? As you might imagine, the answers lie online. Here are just a few suggestions about how to make this day a memorable and effective one: • Visit Passwordday.org • Take the World Password Day pledge • Leverage the power of social media to share password tips. (Using the hashtag #WorldPasswordDay, advise your followers to adopt passwords containing at least 16 characters, including numbers, upper and lower-case letters, and special characters. Encourage them to use two-factor authentication, and urge everyone to change their passwords regularly) • Follow our advice on changing your weak passwords into strong ones • Turn on two-factor authentication for all accounts • Host a password party, inviting friends in person and virtually • Launch a campaign to raise public awareness about this special day. On your own or with help from your friends or work colleagues, take steps to preach the gospel of good cyber hygiene far and wide. You might consider printing banners or flyers or even creating T-shirts that you can market. When is World Password Day in 2022? In 1961, the Massachusetts Institute of Technology (MIT) created the first internet password, making it possible for two or more individuals to share the same computer system. Over the next six decades, the use of the internet has skyrocketed, further underscoring how crucial cybersecurity has become. This year, World Password Day will be celebrated on Thursday, May 5. While it might get a run for its money because it coincides with Cinco de Mayo, there is no doubt that cybersecurity enthusiasts everywhere will be embracing it. After all, spreading the news about setting and maintaining strong passwords will keep the internet safer for everyone.
