What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-19 09:11:19 | Trend Micro analyse les nouveaux modes opératoires des cybercriminels, notamment en matière de rançongiciels (lien direct) | Trend Micro Incorporated publie les résultats d'un rapport d'alerte sur l'évolution du marché des rançongiciels. Intitulé, 'The Near and Far Future of Today's Ransomware Groups', ce dernier établit une projection de l'activité des groupes spécialisés dans la cyber-extorsion, que ce soit dans d'autres domaines de la cybercriminalité ou dans l'association avec des gouvernements hostiles ou d'autres groupes issus du crime organisé. - Malwares | Ransomware Prediction | ★ | |
|
2022-12-19 08:53:50 | (Déjà vu) Keeper Security dévoile ses prédictions pour l\'année 2023 (lien direct) | Keeper Security dévoile ses prédictions pour l'année 2023 L'année 2022 fut riche en rebondissements pour le secteur de l'IT. Est-ce que cela se poursuivra en 2023 ? Keeper Security révèle ses cinq prédictions majeures pour l'année à venir en matière de cybersécurité. - Points de Vue | Prediction | ★★ | |
 |
2022-12-19 00:00:00 | Improve Cyber Security Posture with 2023 Predictions (lien direct) | If a stronger cyber security posture is one of your organization's new year's resolutions, focus on what matters with these five essential highlights from the Trend Micro Security Predictions for 2023. | Prediction | ★★ | |
 |
2022-12-16 14:00:35 | 2023 Cybersecurity Trends We\'re Tracking (lien direct) | Cybersecurity doesn't happen in a vacuum. Evolving attack trends, world events, regulatory changes, shifting organizational priorities and many other factors influence enterprise programs. With 2023 just around the corner, cybersecurity teams are considering them all... | Prediction | ★★★ | |
 |
2022-12-16 11:29:25 | Nouvelles formes d\'attaques visant les entreprises et les instances publiques (lien direct) | Les acteurs de la menace vont intensifier les attaques à destination des installations soutenant le travail hybride, des chaînes d'approvisionnement logicielles et du cloud. | Prediction | ★★★ | |
|
2022-12-16 10:02:02 | Risques cyber : Trend Micro identifie les nouvelles formes d\'attaques visant les entreprises et les instances publiques (lien direct) | Risques cyber : Trend Micro identifie les nouvelles formes d'attaques visant les entreprises et les instances publiques Les chercheurs de Trend Micro analysent l'évolution des cybermenaces afin de contribuer à une meilleure adaptation des politiques de sécurité des systèmes d'information - Investigations | Prediction | ★ | |
 |
2022-12-16 00:00:00 | Trend Micro Joins Google\'s App Defense Alliance (lien direct) | Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store. | Prediction | ★★★ | |
 |
2022-12-15 20:51:24 | Expanding the App Defense Alliance (lien direct) | Posted by Brooke Davis, Android Security and Privacy Team The App Defense Alliance launched in 2019 with a mission to protect Android users from bad apps through shared intelligence and coordinated detection between alliance partners. Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment). With a new dedicated landing page at appdefensealliance.dev, the ADA has an expanded mission to protect Android users by removing threats while improving app quality across the ecosystem. Let's walk through some of the latest program updates from the past year, including the addition of new ADA members. Malware MitigationTogether, with the founding ADA members - Google, ESET, Lookout, and Zimperium, the alliance has been able to reduce the risk of app-based malware and better protect Android users. These partners have access to mobile apps as they are being submitted to the Google Play Store and scan thousands of apps daily, acting as another, vital set of eyes prior to an app going live on Play. Knowledge sharing and industry collaboration are important aspects in securing the world from attacks and that's why we're continuing to invest in the program. New ADA MembersWe're excited to see the ADA expand with the additions of McAfee and Trend Micro. Both McAfee and Trend Micro are leaders in the antivirus space and we look forward to their contributions to the program. Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever. According to Data.ai, the pandemic accelerated existing mobile habits - with app categories like finance growing 25% YoY and users spending over 100 billion hours in shopping apps. That's why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project. The project's mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. Developers can work directly with an ADA Authorized Lab to have their apps evaluated against a set of MASVS L1 requirements. Once successful, the app's validation is listed in the recently launched App Validation Directory, which provides users a single place to view all app validations. The Directory also allows users to access more assessment details including validation date, test lab, and a report showing all test steps and requirements. The Directory will be updated over time with new features and search functionality to make it more user friendly. The Google Play Store is the first commercial app store to recognize and display a badge for any app that has completed an independent security review through ADA MASA. The badge is displayed within an app's respective | Malware Guideline Prediction | Uber | ★★ |
 |
2022-12-15 16:20:20 | Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps (lien direct) | Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail. | Malware Threat Prediction | ★★★ | |
 |
2022-12-15 15:00:45 | (Déjà vu) #MIWIC2022: Camilla Currin, Trend Micro (lien direct) | Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2022's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the […] | Prediction | ★ | |
|
2022-12-15 13:48:43 | Les prédictions de BeyondTrust pour la cybersécurité en 2023 (lien direct) | Les prédictions de BeyondTrust pour la cybersécurité en 2023 Thomas Manierre, Directeur EMEA Sud de BeyondTrust livre ses prévisions sur les tendances émergentes qui risquent bien de marquer la décennie en cours. - Points de Vue | Prediction | ★★ | |
 |
2022-12-15 11:00:00 | Dark Data: What is it? How can you best utilize it? (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data continues to be a valuable asset for an organization and plays a crucial role in making operational and strategic business decisions. With the growth of hybrid, private, and multi-cloud models, much of the data is stored on these platforms and becomes vulnerable to malicious activities and potential data leaks. Amid the vast volume of data, some of the data remains unknown, untapped, and unused with an organization's architecture. This dark data is generated by users' daily online interactions between several devices and systems. Dark data might seem like a scary term, but it isn't, though it poses some risks. Since its percentage of data is rising more quickly than organizational data, business organizations are getting concerned about it. Hence, to grasp what dark data is and what issues it signifies, it's essential to understand it from a broader perspective. What Is dark data? Dark data is the type of organizational data whose value is not identified; hence, it can be crucial business data or useless data. A research report published by BigID reveals that 84% of organizations are seriously concerned about dark data. This data consists of the additional information collected and stored during daily business activities. But perhaps to your surprise, the organization may be unaware of the dark data and typically doesn't use it. Dark data tends to be unstructured data that contains sensitive and unclassified information. The research report further reveals that eight out of ten organizations consider unstructured data the most critical to handle and secure. Dark data can be classified as follows: Emails, images, audio, video, and social media posts. Application trials including API caches and encryption keys such as VPN or SSH support. Data stored in overlooked virtual images activated or installed in local or cloud infrastructure. Forgotten unstructured data created on various database engines a long time ago. Customers and the company's employees own data on the desktop and mobile devices. The hidden data file in a file system can be in the form of old pictures, scanned documents, pdf forms, notes on MS Word documents, and signed files. Dark data might seem benign, but it holds most of the organization's information. Thus, it can pose significant security risks if it falls into the wrong hands, like leaking a company's sensitive data and damaging its industry reputation. This is particularly alarming for organisations that do not use a reliable VPN or any other security tools to ensure data privacy and safety. How can you utilize dark data to help your business? Dark data seems challenging to handle and involves lengthy manual processes, but companies need to automate these processes. Technological advancements such as the use of AI have made it easier for companies to explore and process unstructured data. Another important use of dark data is its role in boosting AI-powered solutions. As more and more data exists, the information that AI can analyse to produce even deeper insights. Alongside Artificial Intelligence, you can also use Machine Learning technology to discover untapped and unused data and insights. These insights might help organizations make more informed decisions regarding incoming data. Also, it guides them toward taking practical steps in response to their data. Implementing AI and ML systems needs internal structural changes for businesses, costing organizations a great deal of time and money. H | Data Breach Threat Guideline Prediction | ★★★ | |
|
2022-12-15 00:00:00 | Trend Joining App Defense Alliance Announced by Google (lien direct) | Trend Micro's participation in Google's App Defense Alliance will ensure the security of customers by preventing malicious apps from being made available on the Google Play Store. | Prediction | ★★★ | |
 |
2022-12-13 10:10:00 | Aussie Data Breaches Surge 489% in Q4 2022 (lien direct) | Country bucks the global trend thanks to high-profile incidents | Prediction | ★★ | |
|
2022-12-13 09:33:52 | Key risk trends for directors and officers in 2023: potential recession, cyber and ESG concerns (lien direct) | Key risk trends for directors and officers in 2023: potential recession, cyber and ESG concerns • Allianz Global Corporate & Specialty (AGCS) highlights macroeconomic risks such as inflation and insolvency and their impact on Directors and Officers (D&O) insurance • Cyber and ESG-related risks are driving an increasing number of lawsuits and litigation against companies and their boards • US remains a securities class action hotspot, despite downward trend in new filings • D&O insurance market seeing a favorable shift for buyers, but inflation and current risk environment means the potential for more frequent and severe losses remains - Opinion | Prediction | ★★ | |
|
2022-12-13 00:00:00 | Forging Ahead in 2023: Insights From Trend Micro\'s 2023 Security Predictions (lien direct) | In 2023, cybercriminals and defenders alike will have to move forward with caution in the face of a business landscape that's fraught with security blindsides and economic ebbs and flows. | Prediction | ★★ | |
|
2022-12-12 19:58:19 | Cybersecurity Trends 2023: Überdenken der Datensicherheit und sicherer Datenaustausch (lien direct) | Cybersicherheit ist seit jeher ein dynamischer Bereich, der von einer sich ständig weiterentwickelnden Bedrohungslandschaft, neu eingeführten Technologien und in letzter Zeit von einer nicht zuletzt durch die Pandemie vorangetriebenen digitalen Transformation beeinflusst wird. Der Aufschwung und die Verlagerung in die Cloud haben eine Umgebung geschaffen, die für IT-Sicherheitsabteilungen weltweit immer komplexer zu verwalten ist. Und all dies wird sich im nächsten Jahr nicht ändern. Im Gegenteil, das Umfeld, in dem der Berufsstand arbeiten muss, wird sich sogar noch stärker verändern, und der Grund dafür liegt in den beiden Haupttrends, die wir sehen werden: Ein Umdenken bei der Datensicherheit und die Einführung einer sicheren gemeinsamen Datennutzung auf der Grundlage offener Standards. - Sonderberichte / Prognosen 2023, Sonderberichte, cybersecurite_home_gauche | Prediction | ★ | |
 |
2022-12-12 18:14:23 | Top 10 Cybersecurity Predictions and Statistics For 2023 (lien direct) | >What you need to know about the trillion-dollar cyber economy over the next 5 years – Steve Morgan, Editor-in-Chief Northport, N.Y. – Dec. 10, 2022 Cybercrime Magazine extrapolates the top 10 market data points from our research in order to summarize the cybersecurity industry through | Prediction | ★★ | |
|
2022-12-12 08:29:23 | Norton Labs dévoile ses prédictions en matière de cybersécurité pour 2023 (lien direct) | Norton Labs dévoile ses prédictions en matière de cybersécurité pour 2023 - Points de Vue | Prediction | ★★ | |
 |
2022-12-09 00:00:00 | Cyber Skills Ireland lance un nouveau service pour les consommateurs pour soutenir les achats en ligne plus sûrs Cyber Skills Ireland launches new service for consumers to support safer online shopping (lien direct) |
La recherche récente des consommateurs * montre que près de 40% des acheteurs irlandais prévoient de faire un mélange de magasins en magasin vs en ligne cette année.Alors que nous approchons de la saison des fêtes et que de plus en plus de gens achètent en ligne des cadeaux, Cyber Skills lance un nouveau service national en ligne pour aider les acheteurs à vérifier si les sites sont légitimes et sûrs à utiliser.L'initiative s'adresse aux acheteurs en ligne, qui peuvent visiter des sites Web pour promouvoir des offres et des prix de négociation. CheckMyLink (Check.Cyberskills.ie) est un nouveau service national qui sera dirigé par des cyber compétences en association avec Scamadviser et un Garda S & iacute; Och & Aacute; Na.L'objectif est d'augmenter les consommateurs \\ 'la confiance qu'un site Web en ligne qu'ils achètent est authentique et de s'assurer que le site Web n'est pas infecté par des logiciels malveillants.Le service est facile à utiliser et demande simplement aux utilisateurs en ligne de ne fournir que l'URL du site Web qu'ils visitent.Le service génère ensuite un rapport en ligne à partir de sources de confiance qui vise à accroître la confiance des consommateurs que le site Web ou le lien est authentique et sûr à parcourir. S'exprimant sur l'annonce, la professeure Donna O \\ 'Shea, présidente de la cybersécurité, MTU a déclaré: «Cette année, les escrocs et les fraudeurs tenteront probablement d'exploiter le fait que davantage d'entre nous sont sous pression financièrement avec une augmentation des coûts énergétiques et de l'inflation, le sensNous avons moins d'argent dans nos poches.Ils essaieront d'exploiter notre réponse comportementale naturelle en devenant plus savoureuse avec notre argent et rechercher des bonnes affaires dans les ventes et les achats en ligne. » "Cependant, pour vous occuper de votre argent ce Noël, les acheteurs en ligne avertis doivent être conscients que les escrocs sont très bons pour rendre les faux sites Web réels et que les sites Web inconnus devraient être vérifiés avant de remettre des liquidités bien méritées ou de fournir des informations sur les cartes de crédit." William Dalton, vice-président et directeur général de Trend Micro, qui parraine l'initiative, a ajouté: «Trend Micro est ravi de s'associer à CheckMylink dans notre mission conjointe pour protéger les consommateurs irlandais contre le crime lié à la fraude.À mesure que Noël se rapproche, nos amis et nos proches tenteront d'acheter des cadeaux difficiles à trouver et pourraient être tentés de les acheter sur un faux site Web.Il est important que nous soyons conscients des sites Web que nous utilisons. » Le surintendant en chef du détective, Barry Walsh, chef du Bureau national du cyber-crime de Garda, a également souligné: «Il y a un risque accru pour les consommateurs, en particulier vers cette période de l'année, car les pirates utilisent des liens contaminés cachés dans les e-mails, les médias sociaux et d'autres plateformes en ligne traditionnelles en lignePour accéder aux mots de passe, aux détails de la carte de crédit ou à d'autres informations sensibles. Un Garda S & iacute; Och & aacute; NA prend en charge la nouvelle initiative pour permettre aux utilisateurs de vérifier l'authenticité des adresses Web et des domaines de clics avant de s'engager avec les sites.Il permettra également aux utilisateurs de valider qu'ils sont des entités légitimes. » Le Service national est parrainé par le Lero de la Science Foundation of Ireland \'s (SFI), Centre (Center for Software), Connect (Center for Future Networks) et Confirm (Center for Smart Manufacturing) et Trend Micro etest disponible en anglais et en irlandais.Pour plus d'informations, veuillez visiter Check.Cyberskills.ie Cyber Skills est financé par l'initiative de capital humain (HAL) (HCI).Cyber Skills est hébergé par MTU avec un partenaire EIS, notamment UL, UCD et TU Dublin.Son objectif est de traiter la pénurie de compétences essentielles des pr | Malware Threat Prediction | ★★ | |
 |
2022-11-02 08:00:00 | Prévisions de cybersécurité mandiante 2023 Mandiant Cyber Security Forecast 2023 (lien direct) |
 Defenders must always be ready for the unexpected-everything from chasing down an alert to containing a compromise. In the cyber security realm, it\'s impossible to predict what we will experience day after day. However, that doesn\'t mean we cannot be ready for the threats that matter most. Organizations can always improve their preparedness and readiness, and part of that involves exploring the trends we are starting to see now so we are ready for them in the year ahead.
To help us clear up some of the fog surrounding 2023, we turned to Mandiant leaders and experts. We already heard from |
Prediction | ★★★ | |
 |
2022-10-25 00:00:00 | Importance des modèles de risque validés par l'assurance pour quantifier le temps de cyber-risque, les modèles de risque de haute qualité deviennent de plus en plus précis en raison de la validation et de l'étalonnage continus. Importance of Insurance-Validated Risk Models to Quantify Cyber RiskOver time, high-quality risk models become increasingly accurate due to continuous validation and calibration.Read More (lien direct) |
By its nature, cyber risk is dynamic. New events happen and evolve all the time, making it difficult for enterprises to financially quantify their financial exposure to cyber attacks. Around two years ago, for example, distributed denial-of-service (DDoS) attacks were making headlines, and now ransomware has come into heightened focus. It\'s reasonable to believe that other types of attacks will emerge in another two years and continue to change thereafter.Yet even though cyber risk evolves, itâs possible to understand what the financial implications of an attack might be by using whatâs known as a cyber risk quantification (CRQ) model. These models analyze past events to predict what the financial impacts of future cyber events might be.But not just any model will do. Enterprises need insurance-validated risk models, meaning the model is strong enough and has both the breadth and depth of data to be trusted to quantify cyber risk across an insurerâs large portfolio. Enterprises need this level of sophisticated models, which are continuously validated at scale, if they want to be prepared. Otherwise, they may be using a stagnant quantification method that limits their ability to account for their financial cyber exposure to current and future new threats.Modeling the UnknownPart of quantifying something dynamic like cyber risk means having a robust modeling framework. Using whatâs known as impact-based modeling allows for quantifying âknown unknowns.â In other words, a modeling framework that can reflect new emerging threats and utilize risk models that tie together multiple areas of risk â for example, certain events affecting an enterprise, the severity of past attacks, the frequency of events, etc. â can come to a conclusion about the financial impact of future events. Even if the specific type of attack remains unknown, enterprises can at least have a sense of what their exposure would look like by relying on impact-based modeling, which provides an estimation for potential financial losses that will be driven by cyber events. âContinuous Validation and Calibration Over time, high-quality risk models become increasingly accurate due to continuous validation and calibration. As new cyber threats emerge, so too does a deeper understanding of event footprints, the technology or third party service provider involved, and the propagation pattern of the infection. While itâs important for companies to be aware of evolving cyber threats and types of attacks from a risk management perspective, such as to educate employees and mitigate attacks, putting a financial quantification on cyber risk is the most efficient way to understand âhowâ the attack landscape can affect a specific company. A $1 million loss, for example, is still $1 million whether it came from ransomware or a DDoS attack. By focusing on an impact-based approach, the emphasis is still on quantifying the loss, rather than trying to predict exactly how cyber events may evolve. A cyber risk quantification model can also be calibrated by looking at what the model projected and seeing how that aligns with events that actually occur over time. Doing so requires data at scale. If you only know the financial implications of events that occurred at, say, three companies, then that doesnât give much information to feed and calibrate the model. Yet if there are thousands of events to analyze, such as by looking across an insurerâs entire portfolio, that provides a much better view into whatâs happening across the cyber risk landscape. From there, this data can be used to improve the model. âBreadth and Depth of Data SourcesAs alluded to, a robust cyber risk quantification model requires data scale. Yet itâs important to have both a significant breadth and depth of data sources. Doing so enables a model to understand whatâs happening across indust | Ransomware Prediction | ★★★ | |
|
2022-09-09 16:48:02 | US Sanctions Iran Over APT Cyberattack Activity (lien direct) | The Treasury Department links the MuddyWater APT and APT39 to Iran's intelligence apparatus, which is now blocked from doing business with US entities. | Prediction | APT 39 | |
|
2022-08-29 00:00:00 | Le nouveau certificat de cybersécurité offre aux PME une voie vers une plus grande résilience commerciale et un sauvetage en ligne New cyber security certificate offers SMEs a pathway to greater business resilience and online savviness (lien direct) |
Chair of Cybersecurity in Munster Technological University, Dr. Donna O\'Shea, and Head of School of Informatics & Cybersecurity at TU Dublin, Dr. Anthony Keane contributed to this article in the Independent.ie In recent years, cyber security has emerged as a key issue for businesses in Ireland and across the world. Small enterprises are exposed to the same digital threats as larger businesses, but may lack the resources to defend themselves. It has been estimated that almost half of SMEs that suffer a serious cyber attack can go out of business within months. Enhanced cyber security is a matter of great societal importance, because SMEs operating in myriad industries such as retail, health care and construction are the backbone of the Irish economy. They constitute 99pc of all businesses and account for more than half of EU Gross Domestic Product (GDP). SMEs play a vital role in adding value to all sector of the economy, but they may lack essential skills on how to protect their businesses, which are often heavily dependent on digital systems that are vulnerable to cyber-attacks. The urgency of addressing this skills gap was highlighted by the COVID-19 pandemic, which forced many businesses online, exposing them to a higher risk of cyber attacks with little support available. Irish businesses operating online often possess a low cyber security awareness, have inadequate knowledge of GDPR requirements in the protection of critical and sensitive information, and have a low level of Information and Communications Technology (ICT) skills to protect their business. They can also experience significant budgetary constraints that lead them to view cyber security as a relatively significant cost, rather than an important investment in their business resilience. In addition, many SMEs have direct and indirect business relationships with larger organisations. For this reason, cyber criminals often focus on SMEs as a gateway into the larger organisations, knowing that these smaller businesses\' cyber awareness and defensive structures are typically less robust than those of the criminals\' larger targets. Recently, the National Cyber Security Centre (NCSC) and the Garda National Crime Bureau have written to the Small Firms Association to warn business owners of the ongoing series of ransomware attacks. They have observed a growing trend of small and medium sized enterprises being targeted by cybercrime groups with ransomware malicious software that is designed to block access to a computer system. Another common cyber crime tactic is threatening to leak sensitive stolen data until a sum of money is paid. The NCSC said it has noticed a change in tactics whereby hackers are now turning their attention away from big business and Government departments, towards smaller businesses. Providing businesses with cyber skills Professor Donna O\'Shea is Chair of Cybersecurity in Munster Technological University and currently leads a Higher Education Authority (HEA) Human Capital Initiative (HCI) project called CYBER-SKILLS: a nationally funded project in collaboration with University of Limerick, Technological University (TU) Dublin, and Commonwealth Cyber Initiative, Virginia Tech U.S. This ground-breaking initiative aims to address the cybersecurity skills challenge in Irish SMEs. Prof. O\'Shea says, “Growing up, my family owned an electrical retail store, so I really understood the challenges that small businesses face, their limitations in terms of time and how cost can sometimes be a barrier. When designing the course Certificate in Cybersecurity for Business for CYBER-SKILLS, we really wanted a pathway to be open to everyone and we wanted to reduce the barriers to participating in the course, by reducing the cost, making it flexible in delivery, focusing on applied skills and providing the essential necessary knowledge and skills to protect small businesses everywhere against cyber attacks.” Irish professionals and businesses have expressed a growing interest in cybersecurity courses and careers, as borne out by the recen | Ransomware Data Breach Malware Patching Prediction Cloud | ★★ | |
|
2022-07-28 00:00:00 | 2022 semble être sur la cible de l'année la plus basse des violations signalées par les grandes sociétés américaines dans les six premiers mois de 2022, les grandes sociétés américaines [de revenus> 2 milliards] ont déclaré le moins de violations de données au cours des cinq dernières années. 2022 seems to be on target for the lowest year of reported breaches by large US corporationsIn the first six months of 2022, large [Revenue >2bn] US corporations reported the fewest data breaches in the past five years.Read More (lien direct) |
âThe number of data breaches reported in the first 6 months of 2022 has put this year on track to be the lowest year of reports in the last 5 years for large [Revenue >2bn] US corporations. By looking at the rate at which data breach events have been reported so far this year, we predict that the number of events reported is expected to be15-20% of the number of breaches reported in 2021âPossible causes:Increased reporting delays: But the time to report has shown a decreasing trend over the last 4 yearsGenuine improvement in cyber defenses preventing data exfiltration Reduction in reporting requirements, or public disclosure preventionIn this analysis we look at all the reported cyber events which involve data exfiltration (data breach), allocated to the year in which the event started. Comparing the number of events reported at each point during the year then gives us an indication for the rate which can be compared between years.The data and populationThe data collected represents public reports of data breaches from US companies with an annual revenue above $2bn (Excluding public services).The data used includes breach events reported up to end of Q2 2022It is this area where the cyber reporting requirements are highest, there is a high level of data available. It is important to note that this will not be all events which occur, only those disclosed, but by looking for changes in the behavior we can look at the potential causes.Overall Breach CountAs of the end of Q2 2022, we have seen 18 breach reports of events occurring in 2022 compared to the 160 cyber events reported from 2021, and 292 from 2020. While we are only 50% through 2022, the number of events reported so far from the first half is 25% of the 2021 total reported at the same point through 2021. To fully compare 2022 against prior years we need to take into account a number of factors:Events not yet reported: some events have occurred but have not yet been reported either because they have not yet been discovered, or because the have been discovered but not publicly disclosedEvents not yet occurred: events which have yet to occur, in the second half of 2022 (and have not yet been reported)âââHow the year unfoldsTo explore how 2022 is emerging, we can look at the rate at which events are being reported. That is to show not just the total report to date, but how the total number of events reported in a year has emerged from the start of the year. To do this we plot the cumulative number of events reported vs the number of days from the start of each incident year.What we see is an indication of how many incidents have been reported from each year have been reported after the same number of days. A steep curve indicates a greater number of incidents reported per month.** Note that the event counts are lower because we do not have exact disclosure dates for all events.ââFrom the chart we can see that the number of reported cyber incidents after 6 months (180 days) of experience is low for 2022 compared with all other years since 2015. This leads us to believe that 2022 is on track to have a very low number of overall incidents reported.There could be a few explanations for thisReporting Delay: The time taken to report incidents has increased in 2022, and there will be a correction in the later part of the yearCybersecurity Investment: The overall number of incidents reported will be lower due to improvements in security postureRegulatory Action: the overall number of incidents reported will be lower due to changes in how the events are reported (or required to be reported)âReporting DelayTo consider if the low reported number of events in 2022 is being driven by an increase in a delay between a cyber event starting and it being reported, we have looked at the trend over the last 10 yearsThe chart below shows the trend over the last 10 years.âââThere has been a steady reduction in median reporting delay from 204 days in 2017 to 63 days | Data Breach Prediction Cloud | ★★★ | |
 |
2022-05-25 16:54:12 | Utilisation de balises obscurcies dans \\ 'pymafka \\' La chaîne d'approvisionnement d'attaque signale une nouvelle tendance en macOS attaque TTPS Use of Obfuscated Beacons in \\'pymafka\\' Supply Chain Attack Signals a New Trend in macOS Attack TTPs (lien direct) |
Une nouvelle attaque de typosquat contre le référentiel PYPI cible les Mac d'entreprise avec une méthode d'obscurcissement distinctive.
A new typosquatting attack against the PyPI repository targets enterprise Macs with a distinctive obfuscation method. |
Prediction | ★★★ | |
|
2022-01-19 00:00:00 | Quelles tendances émergentes de cybersécurité devraient-elles être conscientes? Alors que le monde devient plus connecté numériquement, les entreprises doivent être conscientes des risques croissants de cybersécurité. What Emerging Cybersecurity Trends Should Enterprises Be Aware Of?As the world becomes more digitally connected, enterprises need to be aware of the growing cybersecurity risks.Read More (lien direct) |
As the world becomes more digitally connected every year â and with the pandemic further accelerating digital transformation â all types of enterprises need to be aware of the growing cybersecurity risks that come with this shift. In Europe, for example, significant attacks on critical sectors more than doubled in 2020 compared to 2019, according to data from the European Union Agency for Cybersecurity, as reported by CNN. In 2021, the picture arguably became even bleaker around the world, with major ransomware attacks causing disruption to companies in industries ranging from energy to meat processing.In the first six months of 2021 alone, ransomware-related reported activity in the U.S. had a higher total value ($590 million) than all ransomware-related reported suspicious activity in the U.S. in 2020, according to the U.S. Department of Treasury\'s Financial Crimes Enforcement Network (FinCEN). The total number of suspicious events filed in the first six months of 2021 in the U.S. also exceeded all of what occurred in the country in 2020 by 30%, the agency reports. Yet itâs not just ransomware thatâs wreaking havoc. Enterprises also need to be prepared for cyber threats like denial of service (DoS) attacks, where a flood of network activity can interrupt servers, thereby causing business interruption. Cisco predicts that distributed denial of service (DDoS) attacks (a subset of DoS, which involves using multiple devices to send a flood of traffic, as opposed to just using one device with a DoS attack) globally will roughly âdouble from 7.9 million in 2018 to 15.4 million by 2023.âIn addition to preparing for these types of cyberattacks, enterprises will also increasingly need to be aware of and comply with privacy-related regulations. As governments around the world try to bolster their cybersecurity responses, they are passing or at least considering new rules and guidance around how companies need to handle sensitive data and privacy issues. Amidst this preparation, enterprises also need to recognize that cybersecurity plans arenât foolproof, especially as attacks evolve. That means assets could be at risk even with solid defenses in place. So, enterprises increasingly need to think about not just how to prevent cyber attacks but also consider the dollar-value cost of risk, given that events will inevitably occur. This process, known as cyber risk quantification â a form of financial quantification â helps enterprises think about and discuss cyber risk in definitive business terms. Knowing how much money is at stake and how different cyber events could affect revenue and profit can help businesses prioritize defenses and take mitigating action like securing cyber insurance. In this report, weâll take a closer look at these emerging cybersecurity trends that enterprises should be aware of. Understanding these areas can help organizations potentially improve their risk management, both from a cybersecurity and overall governance standpoint. ââEvolving Ransomware RisksWhile ransomware is not a new type of threat, the scale and intensity of ransomware continue to broaden. Enterprises large and small, across all types of industries, need to be prepared for these cyber attacks.For one, ransomware-as-a-service, âwhere ransomware variants are licensed to individuals and accomplices to execute attacks,â as Reuters explains, has been on the rise. Based on suspicious activity reports, FinCEN identified 68 ransomware variants in the first half of 2021.âThe resulting emergence of new attackers has led to increased uncertainty and volatility for companies in responding to attacks due to the lack of information on the growing number of ransomware threat actors,â adds Reuters.Part of the problem is also that ransomware attacks arenât just being launched on an ad-hoc basis by individuals. Instead, thereâs in | Ransomware Tool Threat Prediction Cloud | ★★★ | |
|
2022-01-13 11:00:00 | Le parcours du cyber-risque, première partie: où allons-nous d'ici? The Cyber Risk Journey, Part One: Where Do We Go From Here? (lien direct) |
Le cyber-risque peut être un gros point d'arrêt pour les organisations.Heureusement, les conseils d'administration et les hauts dirigeants sont plus engagés que jamais et travaillent à développer une meilleure compréhension de la gestion des cyber-risques au sein de leurs organisations.Plus de dialogue avec la gestion des cadres concernant le cyber-risque et les impacts que les mesures proactives et réactives ont sur un profil de risque d'organisation est une excellente tendance à voir.
Les équipes de cybersécurité-Office en arrière-plan sur les tâches écrasantes de soutenir les opérations quotidiennes tout en étant constamment préparées pour les attaquants dans leur environnement.Équilibrage
Cyber risk can be a big blindspot for organizations. Fortunately, Boards and senior leaders are more engaged than ever before and working to develop a better understanding of how cyber risk is being managed within their organizations. More dialogue with executive management around cyber risk and the impacts proactive and reactive measures have on an organization\'s risk profile is a great trend to see. Cyber security teams-often in the background-take on the overwhelming tasks of supporting day-to-day operations while constantly being prepared for attackers in their environment. Balancing |
Prediction | ★★★ | |
|
2021-12-20 00:00:00 | 7 Rapports qui peuvent vous aider à comprendre l'assurance contre le paysage de cyber-assurance continue de faire face à des marges d'érodage, les assureurs ayant du mal à quantifier les risques 7 Reports That Can Help You Understand the Cyber Insurance LandscapeCyber insurance continues to face eroding margins, with insurers having trouble quantifying the risks enterprises faceRead More (lien direct) |
The explosion of ransomware attacks and cybersecurity risk as a whole have made life tough for so many organizations across industries globally. Enterprises need to face these risks in whatâs often a challenging business market anyway, and turning to potential solutions like cyber insurance comes with its own difficulties. The cyber insurance market continues to harden, with insurers facing eroding margins and often struggling to quantify the risk enterprises face. But itâs not all bad news. Cyber insurance companies and other enterprises who want to know the cyber landscape better have a wide range of resources to turn to. As the market matures, many quality research reports have emerged, including several that provide overviews and predictions for what will happen within cyber insurance and cybersecurity as a whole for 2021 and beyond. But which of these research reports should you read to strengthen your cyber knowledge and feel more prepared for what may come? In this article, weâll provide a brief overview of seven of the top cyber insurance research reports for you to consider diving into more.1) Munich Re: Cyber insurance: Risks and trends 2021In the report âCyber insurance: Risks and trends 2021,â the reinsurer Munich Re shares the results of the companyâs first âGlobal Cyber Risk and Insurance Survey.âSome of the key findings include that amidst rapid digitization within companies, approximately four out of five C-suite executives do not think their company has adequate cyber threat protection. The top cyber threats feared by this group include fraud, data breaches and ransomware. The survey also finds gaps in cyber insurance knowledge, but the market could soon grow, with 35% of C-level respondents likely to soon take out a policy.Munich Re also notes the importance of cyber risk accumulation. While the company mentions its own accumulation models, âit is important to monitor the market and seek external expertise from different vendors in order to assure state of the art accumulation management,â the company says.2) Aon: Cyber Insurance Market Insights Q1 2021In one report from Aon, âCyber Insurance Market Insights Q1 2021,â the firm highlights how the cyber insurance industry is changing amidst evolving cyber risks. In particular, the company highlights how issues such as ransomware, silent cyber exposure and the SolarWinds event have affected the cyber insurance market.With SolarWinds, for example, the âtheft of investigative tools from a globally recognised cyber security and forensics firm is likely to lead to improved hacking tools in the hands of cyber criminals,â notes Aon.Amidst this backdrop, Aon sees more hardening within the market through 2021 and 2022. Insurers are looking closely at their underwriting practices while also assessing retention, limits and premiums to figure out the right mix to make cyber insurance viable. 3) Aon: 2021 Cyber Security Risk ReportAnother report by Aon, the â2021 Cyber Security Risk Report,â focuses more on the overall risk landscape from an enterprise perspective. In particular, Aon highlights four main cyber-related risks facing organizations today:Digitization: As companies rapidly digitize, particularly with Covid-19 changing the way many companies work, only 40% say they have âadequate remote work strategies to manage this risk.âThird-Party Risk: Organizations need to be aware of risks in their supply chains and among the various vendors they work with, yet only 21% have implemented âbaseline measuresâ to oversee third-party risk.Ransomware: Ransomware attacks have been prevalent and damaging recently, and many are unprepared. Less than one-third of organizations say theyâve implemented âadequate business resilience measuresâ to handle this risk.Regulation: As stronger data security laws come into place, o | Ransomware Tool Threat Prediction | ★★★ | |
|
2021-10-19 00:00:00 | A Sneak Peek into Kovrrâs Data SourcesA sneak peek into Kovrr\\\'s unique data sources used exclusively for modeling purposesRead More (lien direct) | Modeling impacts from cyber events requires extensive understanding of the cyber threat landscape. A core aspect of Kovrrâs cyber risk modeling data pipeline combines unique data sources to better inform the data points taken into account when building out the frequency and severity of cyber events. Access to these data sources is derived via partnerships reserved for Kovrrâs use exclusively for modeling purposes, developed among others with Israeli cybersecurity emerging vendors which continuously bring new exciting data and create a unique ecosystem. Hudson RockHudson Rock is a cybercrime intelligence startup with a database composed of millions of machines compromised in global malware spreading campaigns. The data is augmented monthly with tens of thousands, to hundreds of thousands of new compromised machines. Data includes Info Stealers, ransomware bots and other types of malware. Hudsonâs high-fidelity data help protect employees, partners, customers, and digital assets with unprecedented granularity of threat vectors including Ransomware, Business Espionage, Breaches & Network Overtakes.âHow Kovrr uses this dataâKovrr has extended capabilities to recognize ransomware trends and emerging techniques. This information is crucial for formulating accurate attack distributions. Kovrr leverages the data in order to enrich different parameters of its datasets. We can improve our understanding of the target audience profile by applying additional analytics on the data, Kovrr can deduct the entities who have suffered from the breach, this information may include location, job description and company. We also have extended information on the attack vector. Kovrr uses metadata regarding the attack to understand the attack vector used to install the malware, which is critical to understanding attack and exploitation patterns. Cynerio Medical and IoT devices in healthcare environments grow more numerous and vulnerable every day, and mitigating their risk is becoming more complex. The Cynerio platform uses a granular inventory classification taxonomy which tracks device types, functions, vendors, models, serial numbers, firmware/OS, MAC, and IP+ methods of medical devices. Drilldowns into VLANs, ports, kernels, HW, services, browsers, and FDA class, classification, and recalls are also provided. Cynerio then leverages this data to monitor, verify, and reduce the risk of IoT and IoMT device vulnerabilities through direct communication with vendors, third-party solution providers, and cybersecurity governance organizations.How Kovrr uses this dataKovrr has secured unique cyber information sources per industry to have more detailed data reflecting the cyber risk landscape. Kovrr receives aggregated data on compromised medical IoT devices and relevant vulnerabilities, corresponding to companiesâ geographic location, size and industry that shows instances of potential attack per type of device. For this specific source, Kovrrâs extended insights surrounding healthcare cybersecurity feeds into the industry exposure database. In turn this provides more accurate data on the frequency and severity of events affecting organizations in the healthcare industry and assists in better analysis of understanding a companyâs cyber resilience.Sedric.me Sedric integrates into all communication systems of organizations and provides cyber risk management teams with a solution to securely store company interactions with internal and external users. By monitoring a wide range of interactions, Sedric uses AI to detect intentions related to regulatory, compliance, and company misconduct without the need for explicit exact phrase or rule matches.  The platform securely cleans ,encrypts and stores data associated with GDPR, PCI, PHI, and other violations before it enters a companyâs system.âHow Kovrr uses this dataKovrr receives aggregated data of sensitive data records corresponding to companiesâ g | Ransomware Malware Vulnerability Threat Prediction Medical | ★★★ | |
 |
2021-10-12 17:41:00 | Anomali Cyber Watch: Aerospace and Telecoms Targeted by Iranian MalKamak Group, Cozy Bear Refocuses on Cyberespionage, Wicked Panda is Traced by Malleable C2 Profiles, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Ransomware, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report
(published: October 7, 2021)
Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%).
Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions.
MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110
Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran
Ransomware in the CIS
(published: October 7, 2021)
Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto |
Ransomware Malware Tool Threat Guideline Prediction | APT 41 APT 41 APT 39 APT 29 APT 29 APT 28 | |
|
2021-09-12 00:00:00 | Règlements et ransomwares: un aperçu rapide de la vue d'ensemble de ce que les entreprises doivent savoir sur les ransomwares et les réglementations connexes. Regulations & Ransomware: A Quick OverviewAn overview of what enterprises need to know about ransomware and related regulations.Read More (lien direct) |
As cybersecurity threats continue to evolve, ransomware has recently come into focus as one of the more prominent and challenging types of attacks to deal with. Not only do companies need to face the security implications of having their data fall into the hands of cybercriminals, but there can be significant costs around paying ransoms and/or recovering systems and files. Plus, paying ransoms can raise some ethical if not legal issues. There are already several existing regulations that enterprises need to keep in mind if hit with a ransomware attack. And as the risk grows, a number of new regulations are under consideration around the world.In this brief overview, weâll explore what enterprises need to know about ransomware and related regulations.What Is Ransomware?Before diving into what to do about ransomware and what regulations to follow, itâs important to understand what ransomware is.âRansomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption,â explains the U.S. Cybersecurity & Infrastructure Security Agency (CISA).In other words, ransomware can lock a user out of their own files/systems, which can bring work to a halt. Even if the ransom is paid and everything gets unlocked, itâs possible that the cybercriminals stole data meanwhile. While some of the more headline-grabbing attacks have been at large, well-known companies, ransomware can essentially affect anyone, regardless of size, industry or location.How to Reduce the Risk of RansomwareAlthough ransomware is on the rise, there are still several steps organizations can take to reduce the risk of a ransomware attack or at least mitigate the damage.âAs with all risks posed by external actors, the likelihood that a ransomware attack is successful can be drastically reduced by tightening the security of the data controlling environment,â notes the European Data Protection Board (EDPB).From updating software and systems with appropriate security patches, to using anti-malware software or related monitoring services, there are many cybersecurity best practices that can potentially keep ransomware out, as the EDPB highlights.If ransomware does take hold, having complete backups can help. As the EDPB notes, the impact of ransomware âcould effectively be contained,â by resetting systems to wipe out the ransomware and then âfixing the vulnerabilities and restoring the affected data soon after the attack.âOrganizations can also get a better handle on ransomware risk via cyber risk quantification (CRQ), such as through Kovrrâs insurance-validated risk models. CRQ works by analyzing factors such as past cyber events and the technologies and service providers that a company uses to then quantify what companies might lose if a cyber attack like ransomware occurs. Part of being prepared means knowing how much is at stake financially, and CRQ can help organizations focus on the areas that present the largest financial risk. âWhat Ransomware Regulations Exist?Current ransomware regulations differ around the world, so the specific rules an enterprise needs to follow depends on factors like what markets they operate in and whether they fall under certain jurisdictions.Communicating AttacksOne of the more notable rules that relates to ransomware is the EUâs General Data Protection Regulation (GDPR), which can still apply to companies outside Europe, such as those that have customers in the EU. Under GDPR, explains the EDPB, a personal data breach needs to be reported to relevant authorities and potentially to the people whose data gets exposed. So, for example, if a ransomware incident involves a cybercriminal locking up files that contain personal information, such as financial or medical records, then the affected company may need to report that to those affected.In the U.S. the | Ransomware Data Breach Malware Vulnerability Prediction Medical | ★★★ | |
 |
2021-05-10 06:00:29 | Ep. 145 – Baking a Human Behavior Cake with Jack Schafer (lien direct) | In this episode, Chris Hadnagy and Maxie Reynolds are joined by industry professional Jack Schafer, PhD. Dr. Schafer is a psychologist, professor, intelligence consultant, and former FBI Special Agent. Dr. Schafer spent fifteen years conducting counter-intelligence and counterterrorism investigations, and seven years as a behavioral analyst for the FBI’s National Security Division’s Behavioral Analysis Program. May 10, 2021 Download Ep. 145 […] | Prediction | APT 39 | |
 |
2021-03-16 16:32:50 | BSidesSF CTF 2021 Author writeup: Hangman Battle Royale, where you defeat 1023 AI players! (lien direct) | Hi Everybody! This is going to be a challenge-author writeup for the Hangman Battle Royale challenge from BSides San Francisco 2021. This is actually a reasonable simple challenge, overall. I got the idea of using a bad mt19937 implementation (the Mersenne Twister PRNG used by Ruby and Python) from SANS Holiday Hack Challenge 2020 (which is still online if you want to play!), and wanted to build a challenge around it. I had the idea of Battleship originally, but ended up deciding on Hangman for reasons I no longer remember, but that I'm sure made sense at the time. The game When you run the game, it prompts for the number of rounds: $ ruby ./hangman.rb Welcome to Hangman Battle Royale! ================================ MAIN MENU ================================ How many rounds do you want to play? (2 - 16) If you play at least 8 rounds, you win the special prize! When you choose a round count, it picks a bunch of CPU names to build brackets: ================================ ROUND 1! ================================ This game's match-ups are: Meirina Tresvalles -vs- Gelbert Chhangte Kebede Boehmer -vs- Karthic Cassity Mairtin Piedrahita -vs- Winston Pawlowski Brendaliz Lumbang -vs- Josipa Perlow Unusual Ballenger -vs- Carmellia Agregado Jinnie Khalif -vs- Jeegar Madela Vjeran Saltarelli -vs- Rachella Newfield And finally... YOU -vs- Patience Saravana! The vulnerability The actual code powering the list of players uses Ruby's built-in PRNG, which uses a predictable Mersenne Twister to generate random numbers. I don't love how the name-choosing code was a little bit contrived, but it can leak enough state to predict future random numbers: def get_opponents(count) return 0.upto(count-1).map do || i = rand(0xFFFFFFFF) "#{ FIRST_NAMES[i & 0xFFFF] } #{ LAST_NAMES[i >> 16] }" end end Each pair of names is a single 32-bit integer from the Mersenne Twister PRNG. It turns out, if you can leak 624 32-bit outputs, you can recover the full state! That means if you play at least 10 rounds, you end up with 210-1 names, or 1023 32-bit numbers (because you're the 1024th player). Once you've gotten the state of the PRNG, you can predict everything else that's going to happen! The exploit My exploit is super quick and dirty. It can parse the output from the game and grab the seed using mt19937predict: predictor = MT19937Predictor() for _ in range(511): (a, b) = read_names(i) predictor.setrandbits(a, 32) predictor.setrandbits(b, 32) (and yes, this is probably the first time I've ever written a Python solution!) Then does a final validation on your opponent's name to make sure the solution is working: (_, actual) = read_names(i) first_actual = FIRST_NAMES[actual & 0x0000FFFF] last_actual = LAST_NAMES[actual >> 16] final_name_actual = "%s %s" % (first_actual, last_actual) print("Validating...") print(" -> Final name (predicted):", final_name_predicted) print(" -> Final name (actual): ", final_name_actual) assert(final_name_predicted == final_name_actual) And prints out the 10 words that will be chosen: for i in range(10, 0, -1): word = predictor.getrandbits(32) print("Round %d: %s" % (10 - i + 1, WORDS[word & 0xFFFF])) # Waste RNG cycles for _ in range(1, (2**i) >> 1): predictor.getrandbits(64) To use it, I just connect to the game and tee the outpu | Hack Prediction | ★★★★ | |
|
2021-02-02 00:00:00 | (Déjà vu) Mélanges clés de la montée des ransomwares en 2020: Ransomware-as-a-service et double extorse. Key Drivers of Rise of Ransomware in 2020: Ransomware-as-a-Service and Double ExtortionThe key drivers in the rise of ransomware have been double extortion and RaaS.Read More (lien direct) |
Ransomware-as-a-Service and Double ExtortionâRansomware has been a known method for cyber attacks for more than 30 years and has significantly evolved within this timespan. The growth in the number of ransomware attacks in 2020 has marked a pivotal milestone in the ransomware evolution. According to a Check Point study, Global Surges in Ransomware Attacks, in Q3 2020 the daily average of ransomware attacks has increased by 50%, and has specifically increased by 98.1% in the United States. Additionally, the average amount of money requested by attackers in Q3 2020 increased by 178% compared to Q4 of 2019. Supporting this trend, Coalitionâs Cyber Insurance Claims Report stated that more than 40% of the cyber incident claims in Q1 and Q2 2020 were due to ransomware attacks. âTaking into account these statistics, Kovrr has conducted research that included monitoring the activity of trending threats actors, the attacks they were involved with and the victims of these operations through 2020. The research included data from various proprietary and third party data sources including leaked data from the dark web. The research revealed that ransomware attacks have evolved in the following two areas:âMethodology - unlike ransomware attacks witnessed in the past, the last half year of 2020 was characterized by adoption of a new attack method which includes - stealing the companyâs data along with encrypting the attacked companyâs data. This practice is also known as âDouble Extortionâ because the attacker not only encrypts the data but also threatens to publish the companyâs stolen data.  Ransomware as - a - service (RaaS) - a method that recently became popular, which enables potential attackers to purchase already existing ransomware and use it for their desired purposes. âKovrr has researched 16 active âdouble extortionâ ransomware attack campaigns in the last year. Of the campaigns studied, 75% use social engineering (phishing emails) to propagate, while 25% of them involve exploiting a vulnerability in remote access software. In order to fully understand the effect of the ransomware campaigns, Kovrr applied the CRIMZON⢠framework to better analyze and report findings of the research. CRIMZON are an easy to use open framework to measure and understand cyber risk exposure that focus on the minimal elements needed to describe cyber risk accumulation. Elements of the CRIMZON include location, industry, and entity size. Applying the CRIMZON framework to the ransomware campaign research found the top 5 CRIMZON exposed were: âUS_NY_I_S [United States_New York_Services_Small Company]GB_I_S [Great Britain_Services_Small Company] CA_I_S [Canada_Services_Small Company] CA_E_S [Canada_Transportation & Communications_Small Company] US_CA_I_S [United States_California_Services_Small Company]âMost of the attacked companies are located in the U.S. (more than 50% of the targets), followed by Canada, the United Kingdom, Germany and France. Within the U.S., the main states affected were California, Texas, Florida and New York. The industries to which most of the attacked companies belong to are Services (20% of the services category is attributed to educational services), Transportation and Communication, and Manufacturing. âThese findings have a significant impact on the cyber insurance market both in terms of rising claim numbers and entity of the amount claimed. The increase in attacks is more concentrated in particular combinations of location, industry, and entity size (CRIMZON), meaning certain CRIMZON are more susceptible to an attack than others. This paper addresses new ransomware trend characteristics by providing an overview of two major ransomware campaigns encountered in the research; provides examples of ways in which a portfolio can be influenced as a result of the wide a | Ransomware Data Breach Tool Vulnerability Threat Prediction | ★★★ | |
 |
2020-09-17 23:41:21 | US sanctions Iranian government front company hiding major hacking operations (lien direct) | US says the Iranian government used the "Rana Intelligence Computing Company" as a front for the APT39 hacking group. | Prediction | APT 39 | |
|
2020-09-17 17:10:00 | Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data (lien direct) | Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign. | Malware Prediction | APT 39 | |
 |
2020-07-24 13:00:18 | Check Point CloudGuard Connect Protects Microsoft Azure Branch Office Internet Connections from Cyber Attacks (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprises are moving their applications, workloads and services out of the data center into the cloud. As enterprises become more distributed, organizations need flexible solutions that deliver secure and predictable application performance across a global footprint. Companies need to securely connect their branch offices to the… | Prediction | APT 39 | |
|
2020-07-17 10:00:58 | Check Point IoT Protect Uses Automation and Threat Intelligence to Prevent the most advanced IoT cyber-attacks (lien direct) | Integrated solution prevents attacks at both IoT network and device level, even on unpatchable devices: protects critical infrastructure, industrial, healthcare, smart city and smart building environments By Russ Schafer, Head of Product Marketing, Security Platforms It is estimated that over 41 billion IoT devices will be connected in the next few years. Given 127 new… | Threat Prediction | APT 39 | |
 |
2020-05-21 11:49:49 | Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia (lien direct) | Cybersecurity researchers uncovered an Iranian cyber espionage campaign conducted by Chafer APT and aimed at critical infrastructures in Kuwait and Saudi Arabia. Cybersecurity researchers from Bitdefender published a detailed report on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. The cyber espionage campaigns were carried out by Iran-linked Chafer […] | Prediction | APT 39 | |
 |
2020-05-21 01:11:42 | Iranian APT Group Targets Governments in Kuwait and Saudi Arabia (lien direct) | Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia.
Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known for its attacks on telecommunication and travel industries in the Middle East to collect personal |
Threat Prediction | APT 39 | |
|
2020-05-20 13:00:40 | Check Point and Citrix: Securing the SD-WAN Edge with Multi-layered Security (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms The coronavirus has challenged enterprises to quickly enable their employees to work productively from home. Enterprises are turning away from traditional WAN architectures and adopting SD-WAN to provide better support for cloud SaaS applications. SD-WAN enables users to connect through their local Internet providers instead of… | Prediction | APT 39 | |
|
2020-03-31 00:00:00 | Cyber Risk - du péril au produit adoptant une nouvelle approche pour gérer le cyber-risque silencieux Lire la suite Cyber Risk - From Peril to ProductTaking a New Approach for Managing Silent Cyber RiskRead More (lien direct) |
A New Approach for Managing Silent Cyber RiskâCyber is a multifaceted peril that is both a threat and an opportunity for the insurance industry: an opportunity because of the ever-evolving needs of coverage for businesses of any size, and a threat because of the systemic risk arising from its potential for overlap with other lines of business. Silent cyber refers to covered losses triggered by cyber events in P&C policies that were not specifically designed to cover cyber risk. Affirmative cyber refers to coverages specifically provided to protect policyholders against cyber events and presents a premium growth opportunity for insurance companies. As exposures to cyber continue to grow, insurance companies need tools to quantify the impact on allocated capital for cyber risk, regardless of whether the risk is silent or affirmative.With some estimates for accumulation across commercial lines running in the hundreds of billions, exposure managers are under pressure to more accurately estimate the potential impact of cyber events to ensure appropriate capital is held for this risk and enable decision makers, investors and regulators to quantify financial returns on a risk adjusted basis. Additionally, they are being forced to provide more transparency into methods used for measuring and controlling cyber accumulations. With various stakeholders and types of practitioners involved, the topic of cyber risk often presents seemingly conflicting priorities around managing capital at risk, estimating potential losses in existing lines of business, and finding new ways to market, through pricing new cyber specific business.Cyber events across different lines of business share a common trait. The key is to build tools capable of estimating realistic losses for both silent and affirmative cyber based on these shared traits. The focus of cyber risk for insurers should be gaining unique insights into events that truly matter -events capable of generating equity depleting losses. Measuring the impact of cyber events on capital is a three step process: identify, quantify and manage.Lately, the insurance industry seeks to consolidate most cyber risk into one dedicated line of business by implementing exclusion clauses in existing policies and inviting policy holders to âbuy backâ coverage. Several different wordings for such exclusions and endorsements have been introduced to the market. While intending to clearly define the scope of a cyber event and the coverage provided, the introduction of some of these clauses has produced unintended consequences. One example of this would be coverage for damage to a server due to flooding. In this example, the common expectation would be for the physical damage to the server as well as recovery of the data to be covered under flood insurance, however, the latest trend suggests data recovery might be excluded, as it relates to âdataâ, leaving a gap in coverage for property which some sources consider excessive.âSilent and AffirmativeThe issue with silent cyber, as with any circumstance presenting unexpected claims activity, is ensuring the premium charged is commensurate with the level of risk, usually referred to as pricing adequacy. Both cyber exposure and the potential impact of losses triggered by cyber perils continues to trend upwards annually. Unexpected claims lead to unexpectedly high loss ratios which clearly erode profits but can also lead to significant damage to an insurerâs financial stability.Insurance companies protect their balance sheets by purchasing reinsurance, but reinsurers face similar issues, they are also vulnerable to silent cyber. Therefore, insurers face the prospect of being denied recoveries from cyber losses and reinsurers are stepping up demands for clarity of coverage. Efforts to resolve the situation have taken two complementary directions: a conscious attempt to price for cyber risk and the introduction of increasingly restrictive exclusion clauses.âThe Status of Cyber ExclusionsCyber | Tool Vulnerability Threat Prediction | ★★★ | |
|
2020-03-23 07:00:00 | Surveillance des outils de cyber-opération ICS et des modules d'exploitation de logiciels pour anticiper les menaces futures Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats (lien direct) |
Il n'y a eu qu'un petit nombre de cyberattaques largement documentées ciblant les technologies opérationnelles (OT) / systèmes de contrôle industriel (ICS) au cours de la dernière décennie.Bien que moins d'attaques soit clairement une bonne chose, l'absence d'une taille d'échantillon adéquate pour déterminer les seuils de risque peut rendre difficile pour les défenseurs de comprendre l'environnement de menace, de hiérarchiser les efforts de sécurité et de justifier l'allocation des ressources.
Pour résoudre ce problème, Fireeye Mandiant Threat Intelligence produit une gamme de rapports pour abonnement Les clients qui se concentrent sur différents indicateurs pour prédire les menaces futures
There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, prioritize security efforts, and justify resource allocation. To address this problem, FireEye Mandiant Threat Intelligence produces a range of reports for subscription customers that focus on different indicators to predict future threats |
Tool Threat Industrial Prediction | ★★★★ | |
|
2020-03-22 00:00:00 | Comment l'IoT industriel pourrait déclencher le prochain cyber-catastrophieffect d'urgence / 11 sur l'industrie manufacturière américaine révèle 7 milliards de dollars pour les eaux autres How Industrial IoT could Trigger the Next Cyber CatastropheEffect of URGENT/11 on the US Manufacturing Industry Reveals $7 Billion ExposureRead More (lien direct) |
IntroductionOn 29th July 2019, the cyber security firm Armis announced that it had found eleven different vulnerabilities in the operating system âVXworksâ which they believe exposed around 200 million critical devices. The team at Armis dubbed this group of vulnerabilities: URGENT/11. This report explores how the discovery of URGENT/11 demonstrates the susceptibility of global manufacturing businesses to large losses from a cyber-attack event and the potential impact on commercial P&C (re)insurers.âThe Operating System at the Heart of the IssueVxWorks is a widely used, but lesser known, lightweight IoT real-time operating system (RTOS). This operating system is embedded in over 2 billion devices in the US and worldwide. These range from large-scale industrial machinery controlling installations such as nuclear power stations and oil production platforms, to smaller systems throughout the worldâs automotive, aviation, agri-business, textile, logistics and pharmaceutical facilities. A malicious attack could affect what is known as the SupervisoryControl and Data Acquisition (SCADA), the system that allows industrial organizations to gather and monitor real-time data in their manufacturing and distribution systems. Critically, VxWorks is also part of what are known as Industrial Control Systems (ICS) â software that manages the industrial processes themselves.âNot a Quick FixAs with any type of software vulnerability, affected organizations need to patch vulnerabilities quickly. However, in the case of URGENT/11, the necessary patches can be very expensive to apply immediately, because the affected devices are critical to day-to-day operations. Patching a vulnerability requires stopping or interrupting the device, which could lead to significant business disruption. Furthermore, while very large organizations have the financial and technical resources to implement system patches quickly, smaller manufacturers â who may nevertheless be critical to the supply chain â often do not. They may buy equipment that happens to contain VxWorks, but do not expect to have to maintain the software or even be aware of its existence.âQuantifying URGENT/11âs Potential Loss Scenarios for the US Manufacturing IndustryTo understand the extent of companies that were vulnerable to URGENT/11, their susceptibility to being attacked, and the effect an attack might have industry wide, Kovrr deployed its proprietary technologies. The first step was to gather real-time information about the distribution of VxWorks in the US manufacturing sector. To achieve this, Kovrr leveraged its ability to continuously collect relevant business intelligence, cyber threat intelligence, external and internal security data. As a result, we were able to identify companies with devices that were utilizing the VxWorks operating system. For internal mapping, access to multiple security vendors\' data is essential because each vendor has its own expertise and distribution, in terms of geolocation, served industries, defense level focus, mapped devices, etc. In the case below involving an industrial sector, unique data focused on IoT devices is needed. Kovrr partners with a diverse range of data providers to detect and map beyond the firewall devices and security control mechanisms. By having access to Armis\' proprietary IoT fingerprinting technology, we were able to produce a highly granular map of any IoT device being used by one organization.We can then accurately assess any IoT related emerging vulnerability on clients\' portfolios. In order to understand the nature of these businesses, including their sector, size and place in the supply chain; we use publicly available information linked to a variety of proprietary data-sources including our own. This technique is similar in principle to the exposure-data cleansing and augmentation used by catastrophe modelers. Having developed a sophisticated view of the affected businesses, we have selected a series of events fro | Ransomware Vulnerability Threat Industrial Prediction | ★★★★ | |
|
2019-12-06 13:00:09 | Protect Your Network Edge with VMware SD-WAN and Check Point Security (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms, published December 6th, 2019 As enterprise branch offices expand their use of cloud applications, they are adopting software defined wide area networking (SD-WAN) to improve application performance by intelligently routing traffic directly to the Internet without passing it through the data center. Connecting branch offices directly… | Prediction | APT 39 | |
|
2019-11-05 19:13:49 | Check Point Protects Branch Office Microsoft Azure Internet Connections and SaaS Applications from Cyber Attacks (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms, published November 5, 2019 Enterprises are moving their applications, workloads and services out of the data center into the cloud. As enterprises become more distributed, organizations need flexible solutions that deliver secure and predictable application performance across a global footprint. Companies need to securely connect their… | Prediction | APT 39 | |
|
2019-10-01 15:00:44 | Check Point and VMware Partner to Secure Branch Office SD-WAN Connections to the Cloud (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms As more applications move from the datacenter to the cloud, enterprise users rely on these applications to do their daily jobs. These SaaS applications range from productivity software like Office 365 to virtual meeting and collaboration tools like Zoom and Slack. Applications that include voice and… | Prediction | APT 39 | |
|
2019-09-05 13:00:43 | (Déjà vu) Check Point, VMware and Silver Peak Transform Branch Office SD-WAN with Cloud Security Services (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprise security solutions enable branch offices to connect safely and reliably to the data center, the Internet and cloud applications. In the past, branches relied on centralized security gateways at their data center to protect the entire enterprise. Enterprises sent branch traffic to the data center… | Prediction | APT 39 | |
|
2019-09-05 13:00:04 | Transforming Branch Security with Top-Rated Threat Prevention Cloud Services Integrated with VMware and Silver Peak SD-WAN (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprise security solutions enable branch offices to connect safely and reliably to the data center, the Internet and cloud applications. In the past, branches relied on centralized security gateways at their data center to protect the entire enterprise. Enterprises sent branch traffic to the data center… | Threat Prediction | APT 39 |
To see everything:
Our RSS (filtrered)
