What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-18 13:08:45 | Despite Lowest Software Flaw Frequency, Manufacturing\'s Fix Times Lag and Create Ransomware Risk (lien direct) | In 2021, manufacturing became cybercriminals' most targeted industry as a surge in global ransomware attacks disrupted manufacturing operations and exacerbated supply chain woes. This put even more pressure on manufacturing organizations that were already feeling the heat. Recognizing that ransomware attacks can stem back to software vulnerabilities, many manufacturers are exploring ways to strengthen their software security programs. Our recent State of Software Security report v12 (SOSS), which analyzed 20 million scans across half a million applications, identified several manufacturing-specific trends that may help focus these efforts. First up, some good news: The manufacturing industry now boasts the lowest number of software security flaws across all sectors, dethroning financial services from last year's top spot. However, the manufacturing sector is also tied for the lowest number of flaws that are fixed. This means that manufacturing companies have security flaws in… | Ransomware | ||
|
2021-05-21 12:06:56 | Live From RSAC: Anne Neuberger Addresses President Biden\'s Executive Order on Cybersecurity (lien direct) |  Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden???s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurity and modernize cybersecurity defenses.
As Neuberger explains, this executive order couldn???t come at a more critical time. The Biden administration was challenged with two cybersecurity incidents in the first 100 days ??? SolarWinds and Microsoft Exchange. Note that the session must have been pre-recorded because she didn???t even mention a third attack that disrupted the Colonial Pipeline.
The incidents proved three major lessons:
Adversaries will look for any opening to attack, including the government???s suppliers.
Partnerships are critical. The government needs the private sector, and the private sector needs the government.
The government needs to modernize cybersecurity defenses.
???[These lessons prove that] we need to shift our mindset from incident response to prevention,??? said Neuberger. ???We simply cannot let waiting for the next shoe to drop be the status quo under which we operate.???
In the software development world, we call this being stuck in a ???break/fix??? mentality. It is better to build a software development process that causes less ???breaks.??? That enables you to deliver more software with less failures. We are starting to see cybersecurity learn from software development principals, shifting our cybersecurity problems to the left.
Breaches are more detrimental than most organizations realize. Neuberger noted two staggering statistics. In 2019, Accenture reported an average company spends $13 million per breach. And CIS and McAfee reported that cybercrime cost 1 percent of global GDP in 2018. Organizations are far better off spending the money to secure their applications, including demanding better from their vendors, than waiting for a breach. How many small businesses, schools, hospitals, or government agencies have an extra $13 million to spend on an unexpected breach?
What Neuberger didn???t mention is that that same study from Accenture cited an increase of 67 percent in cyberattacks over the past five years. And if cyberattacks continue at this velocity, Accenture calculates a total value at risk of $5.2 trillion globally over the next five years.
The president???s approach is proactive and includes modernizing cyber defenses, returning to a more active role in cybersecurity internationally, and ensuring that America has a better posture to compete. It was the SolarWinds breach that opened our eyes to the fact that we don???t have modern cyber defenses in place. Software supply chain security is of particular concern.
???The current model of build, sell, and maybe patch means that the products the federal government buys often have defects and vulnerabilities that developers are accepting as the norm with the expectation that they can patch later. Or perhaps they ship software with defects and vulnerabilities that they don???t think merit fixes ??ヲ. That???s not acceptable,??? said Neuberger. ???Security has to be a basic design consideration.??? ツ?ツ?
Neuberger hinted that the executive order might require federal vendors to build software in a secure development environment. And that software leveraged by the federal government should include strong authentication, encryption and limit privileges. As for preexisting critical infrastructure that was built before the Internet, the orde |
Ransomware | Uber | |
|
2021-05-14 10:33:26 | 2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic (lien direct) |  Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world.
Despite the global pandemic, the DBIR uncovered that cybercrime continued to thrive. Like previous years, the majority of breaches were financially motivated, and most were caused by external actors illegally accessing data.
Phishing, ransomware, and web app attacks ??ヲ Oh my!
Phishing and ransomware attacks, along with the continued high number of web application attacks, dominated the data breaches for 2021. Phishing attacks were present in a whopping 36 percent of breaches in this year???s dataset, representing an 11 percent increase from last year.
Ransomware attacks increased by 6 percent, accounting for 10 percent of breaches. This increase can likely be attributed to new tactics where ransomware now steals the data as it encrypts it. Ransomware has also proven to be very efficient for cybercriminals. It doesn???t take a lot of hands on keyboards and it???s a relatively easy way for cybercriminals to make a quick buck.
Web applications made up 39 percent of all data breaches. Most of the web applications attacked were cloud-based, which isn???t surprising giving the increased shift to digital during the pandemic. The majority of web application attacks were through stolen credentials or brute-force attacks. 95 percent of organizations that suffered a credentials management attack experienced between 637 to 3.3 billion malicious login attempts throughout the year.
If you look at breaches by region, EMEA ??? comprised of Europe, the Middle East, and Africa ??? had the highest proportion of web application attacks. This is the second year in a row that web applications accounted for the majority (54 percent) of breaches in EMEA. Not surprisingly, the most commonly breached data type in EMEA was credentials ??? which goes hand-in-hand with web attacks.ツ?
In Asia, web application attacks fell second to social engineering attacks and in North America, web application attacks fell third ??? behind social engineering and system intrusion.
Web application threats were also prevalent across the 11 examined industries, especially in the information industry. The retail industry, which has notoriously been susceptible to web application attacks, has decreased its proportion of web application breaches.
What can organizations do to prevent web application attacks? |
Ransomware Data Breach | ||
|
2021-05-12 09:04:20 | Recent Pipeline Attack Highlights Our Vulnerable Infrastructure (lien direct) |  On Thursday, May 6, Colonial Pipeline, which operates a pipeline that delivers gasoline and jet fuel to nearly 45 percent of the U.S. East Coast, fell victim to a ransomware attack. The attack took over 100 gigabytes of data hostage, causing the company to halt all pipeline operations and shut down several of its systems. The attackers, identified as a criminal gang known as DarkSide, threatened to leak proprietary information unless a ransom is paid.
Not especially sophisticated, this attack seems to be a run-of-the-mill ransomware attack like those we???ve seen in recent years, expect that, instead of shutting down a school, a police department, or a small business, it has shut down a good portion of fuel delivery on the East Coast. What this highlights is that the same vulnerabilities and attack tools/techniques that seem commonplace can have devastating consequences based on the target. Clearly, critical infrastructure has to be more hardened than a small business, but we see this isn???t the case.
The attack comes just months after the SolarWinds and Microsoft breaches, which brought about a proposed executive order by President Joseph Biden to strengthen cybersecurity for federal agencies and contractors. According to The New York Times, which obtained a preliminary draft of the order, ???It would create a series of digital safety standards for federal agencies and contractors that develop software for the federal government.???
But many are now wondering if the executive order is enough. Top executives from firms like Amazon, Microsoft, and Cisco are calling for an international coalition to combat ransomware. As The New York Times states, ???Among the recommendations in the report by the coalition of companies is to press ransomware safe havens, like Russia, into prosecuting cybercriminals using sanctions or travel visa restrictions. It also recommends that international law enforcement team up to hold cryptocurrency exchanges liable under money-laundering and ???know thy customer??? laws.???
Would that deter cybercriminals? And what about preventing the ability to carry out these attacks in the first place? One big issue with prevention is that we typically don???t know how the attackers get in, including in the pipeline attack. Most ransomware attacks stem from phishing, but could also stem from a different vulnerability, including one in software. One noteworthy thing about the Colonial Pipeline attack is that they were first attacked through their IT systems, but shut the OT systems down out of caution.ツ? That means they were not confident the networks were sufficiently isolated.ツ? In the future this needs to be rock solid isolation, like the compartments in a submarine.
That is why I support the idea of an NTSB-like organization for cyber, which is what the government is intending with its upcoming executive order. If a criminal group can shut down 45 percent of the East Coast fuel supply, we need to know what went wrong. Can you imagine if we never found out why an airplane crashed, or why a particular model of car kept malfunctioning? Just as safety in the travel industry is dependent on information sharing and thorough investigating, it???s becoming clear that, in our increasingly digital world, the same can be said for safety in cyberspace. |
Ransomware | ||
|
2021-02-10 12:58:21 | 75% of Apps in the Healthcare Industry Have a Security Vulnerability (lien direct) |  In light of the current pandemic, our healthcare industry has been challenged like never before. Healthcare workers heroically stepped up to the plate, caring for those in need, while the industry itself digitally transformed to keep up with the influx of patient data and virtual wellness appointments.
The increase of digital activity has brought about new security threats with cyberattackers targeting patient data. In fact, according to a recent article in Modern Healthcare, ???the FBI and two federal agencies warned cybercriminals were ramping up efforts to steal data and disrupt services across the healthcare sector.??? In September, a ransomware attack affected over 250 U.S. hospitals and clinics, preventing the use of critical emergency room equipment that relies on ethernet cabling.
The increase in cyberattacks in the healthcare industry is important to note because, according to our recent State of Software Security (SOSS) report, 75 percent of applications in the healthcare industry have a security vulnerability and 26 percent have high-severity security vulnerabilities.
Our SOSS data shows that the healthcare industry has a fix rate of 70 percent, a lower rate than average when compared to other industries. But, on a positive note, the industry ranks second in the median time it takes to remediate flaws. This suggests that healthcare organizations move quickly to address security flaws in order to keep security debt from getting too out of hand.
The SOSS report also examines how ???nature??? and ???nurture??? influence applications. We found that the ???nature??? of applications ??? like organization or application size, application age, or flaw density ??? can affect how long it takes to remediate a security flaw. But, ???nurturing??? applications ??? like using multiple application security (AppSec) testing types, scanning frequently and steadily, and utilizing APIs to scan for security ??? can also influence how long it takes to remediate security flaws.
In terms of nature, healthcare organizations may be a little on the large side, but applications are fairly new and reasonably sized. The applications also have a low flaw density, which means flaws are present only in certain parts of the application.
In terms of nature, the healthcare industry is average compared to others for API usage and excels at scanning on a steady cadence and using dynamic application security testing. To improve its fix rate and median time to remediation, the healthcare industry needs to follow more DevSecOps best practices by improving its scan frequency and implementing software composition analysis. As Chris Eng, Chief Research Officer at Veracode notes, ???the healthcare industry scans on steady cadence, like clockwork, but they aren???t scanning frequently enough. By increasing the frequency of scans, we could start to see improved fix rates.???
The healthcare industry should be proud of its developers for doing a good job handing issues related to CRLF injection and cryptography. Injection flaws are considered by OWASP Top 10 to be the number one most critical security risk to web applic |
Ransomware Vulnerability | ||
|
2020-11-19 16:23:50 | Healthcare Orgs: What You Need to Know About TrickBot and Ryuk (lien direct) |  In late October, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) co-authored an advisory report on the latest tactics used by cybercriminals to target the Healthcare and Public Health (HPH) sector. In the report, CISA, FBI, and HHS noted the discovery of, ?????ヲcredible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,??? which they shared as a warning of potential ransomware attacks.
In the report, the agencies found that threat actors are targeting the HPH Sector using TrickBot and BazarLoader malware efforts, which can result in the disruption of healthcare services, the initiation of ransomware attacks, and the theft of sensitive data. As noted in the advisory, these security issues are even more difficult to handle and remediate during the COVID-19 pandemic; something healthcare providers should take that into consideration when determining how much to invest in their cybersecurity efforts.ツ?
The FBI first began tracking TrickBot modules in early 2019 as it was used by cyberattackers to go after large corporations. According to the report, ?????ヲTrickBot now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk and Conti.???
What makes it so dangerous? Researchers found that TrickBot developers created a tool called anchor_dns which uses a single-byte X0R cipher to obfuscate communications and, once de-obfuscated, is discoverable in DNS request traffic. When the malware is successfully executed, TrickBot is copied as an executable file and the copy is placed into one of the following directories:
C:\Windows\
C:\Windows\SysWOW64\
C:\Users\[Username]\AppData\Roaming\
From there, the executable file downloads modules from command and control servers (C2s) and places them into the host???s %APPDATA% or %PROGRAMDATA% directory. Every 15 minutes, the malware runs scheduled tasks on the victim???s machine for persistence, and after successful execution, anchor_dns deploys more malicious .bat scripts and implements self-deletion techniques through commands. The report notes that an open source tracker for TrickBot C2 servers is located here.
BazarLoader and Ryuk ransomware
CISA, FBI, and HHS note in the advisory report that around early 2020, threat actors believed to be associated with TrickBot began executing BazarLoader and BazarBackdoor attacks to infect targeted networks.
???The loader and backdoor work closely together to achieve infection and communicate with the same C2 infrastructure,??? the report says. ???Campaigns using Bazar represent a new technique for cybercriminals to infect and monetize networks and have increasingly led to the deployment of ransomware, including Ryuk. BazarLoader has become one of the most commonly used vectors for ransomware deployment.???
BazarLoader malware usually comes from phishing emails, the advisory says, with a link to a Google Drive document or another file hosting service housing what looks like a PDF file but is really an executable. The emails often appear personal with recipient or employer names in the subject l |
Ransomware Malware Tool Threat Patching | ★★★ |
1
We have: 6 articles.
We have: 6 articles.
To see everything:
Our RSS (filtrered)
