What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-28 16:53:39 | Read MoreJanuary 28, 2025Impact of Technogenic Risk on CRQExplore dollar-denominated technogenic risks, supply chain attacks, and Kovrr\\\'s advanced methodologies for forecasting and mitigating cyber vulnerabilities. (lien direct) | Impact of Technogenic Risk on CRQâSupply chain attacks, which target a third-party software dependency, hardware component, or service provider within a specific technologyâs value chain, have risen in both prevalence and severity over the past few years. The 2023 MOVEit incident, for instance, impacted thousands of organizations and has been estimated to cost upwards of $12.25 billion, which, if correct, makes it one of the top 5 most expensive cyber attacks in history. âIndeed, these types of attacks can be especially insidious as they are often hidden from the technologyâs users, difficult to track, and nearly impossible to contain. This catastrophic nature underscores the critical need to establish proactive, data-driven management approaches that specifically address technology-driven cybersecurity risks, minimizing both the likelihood of occurrence and the potential severity should such an event take place.âHowever, with the number of known vulnerabilities growing by roughly 20,000 on an annual basis since 2021, the rising adoption of cloud and SaaS solutions, and the increasing trend of organizations using a third-party service provider to manage devices and servers, patching all vulnerabilities within a technologically diverse environment is an insurmountable task. The solution for cybersecurity teams, instead, is to develop a prioritization strategy for vulnerability mitigation that will not only maximize risk reduction per unit effort but also align with business goals by focusing on the vulnerabilities that are most likely to be exploited by threat actors in the wild and cause material financial harm.Kovrrâs Technogenic Vulnerability Modeling MethodologyâWithin cyber risk quantification (CRQ), we need to move beyond simply ranking currently reported vulnerabilities. A risk forecast typically covers a period from today to 12 months, over which time new vulnerabilities will be identified and reported, with a range of severities (under CVSS and EPSS). âWe, therefore, produce a risk adjustment based on a forecast of the frequency and severity of future CVE occurrences. Our models can then adjust for the potential risk of individual technologies and assign numerical risk adjustments to the frequency of successful attacks originating from or propagating into said technology.Drivers of Technology Risk We have studied the historic CVE reports and severity indicators from CVSS and EPSS strategies and identified three main drivers that influence the risk presented by a technology or service:âOperation: What does each technology do? For example, operating systems, network software, and hardware have a high level of attention from both adversaries and security researchers looking for weaknesses.Vendor: Who made it? We found a high level of consistency between vendors with multiple products, indicating that a secure coding culture and business practices are good indicators.Attack Surface Breadth: How wide is the attack surface? How does the risk scale as the company grows? If there is one asset with the technology, or 10,000, this has become an indicator of the IT scale. A diverse software and hardware estate is much more challenging to maintain, patch, and track than a simple one. Operation To look at the operation of each technology, we categorize each of the reported CVEs into product types (e.g., DB, web server) and assign product type-related risk parameters. Figure 1 below shows the relative risk presented by different operational types of technology, as calculated using CVE and EPSS scores. For this example, we have considered CVEs, which are both exploitable and are likely to allow initial access to be gained (e.g., attack surface breach).âFigure 1: Relative Exploitation Frequency Scores by Operation TypeâBy comparing the exploitation scores in Figure 1, we can immediately conclude that exploitation risk stems primarily from certain product types within the organization, such as serv | Ransomware Malware Vulnerability Threat Patching Prediction Cloud Technical | Wannacry | ★★★ |
|
2024-08-08 12:18:25 | En savoir plus le 8 août 2024 Le coût britannique de l'incident de la crowdsstrike Le coût britannique de l'incident de la crowdsstrike: a & acirc; & Pound; 2,3b Shock Read MoreAugust 8, 2024The UK Cost of the CrowdStrike IncidentThe UK Cost of the CrowdStrike Incident: A £2.3B Shock (lien direct) |
The UK Cost of the CrowdStrike IncidentâCrowdStrike made global headlines when an automatic update to their Falcon sensor software crashed more than 8.5 million Microsoft Windows machines globally. This incident resulted in major disruption, including supermarkets being unable to take card payments, TV broadcasters going off the air, and airlines canceling thousands of flights.âThis is a fascinating case because, although not a malicious attack, the repercussions mimic those of one that was. Moreover, this case demonstrates that a single point of failure, including third-party software, can cause outsized impacts. This impact is particularly significant when the specific third-party software is pervasive throughout an organization. An exacerbating feature of the CrowdStrike incident is the relatively small number of vendors dominating the market, which meant that when something went wrong, a large part of the market was affected. The common doomsday scenario has recently been an outage in a major cloud provider (Azure, GCP, AWS). Still, here we again see the potential for errors or attacks via third-party software to cripple businesses on a global scale. It seems that in many cases, the expensive lesson of SolarWinds, that unquestioningly accepting updates can be catastrophic, has not been learned. Hopefully, updates to security software will now get at least the same level of scrutiny as other software updates.âAnother thought-provoking side to the CrowdStrike incident is that an anti-monopoly agreement between the European Commission and Microsoft in 2009 is one of the reasons why CrowdStrike had kernel-level access to Windows, and along with other factors, allowed it to produce the infamous blue screen of death. This instance illustrates that agreements and laws made over a decade ago can have serious unforeseen consequences and that everyone may not always understand the actual risks resulting from these decisions.Economic ImpactâEstimates of the economic impact are few and far between, but Kovrr has calculated that the total cost to the UK economy will likely fall between £1.7 and £2.3 billion ($2.18 and $2.96 billion).âThis value is based upon the uptake of endpoint detection software across the market in combination with CrowdStrikeâs market share and assumes an average downtime of 1 working day, 24 hours. For the downtime, we know that 97% of systems have been fixed after nine days, and CrowdStrike released a fix within 20 hours. Examples show that business-critical systems were restored on varying timescales, with Sky News going off air for only a couple of hours and American Airlines grounding 400 flights on the first day and 50 flights the following day. Clearly, fixes continue much beyond 24 hours, and IT staff are still fighting to get all systems back online. However, the later fixed systems are likely to be less business-critical in the short term, so they are unlikely to contribute significantly to business interruption costs.âKovrrâs estimate considers the costs associated with business interruption, the response, and post-response expenses, such as litigation, based on Kovvrâs deep understanding of system outage data from past incidents and detailed cost analysis.âTo put the financial consequences of this cyber event in context, Verisk PCS estimated that NotPetya caused a global economic impact of around $10 billion (~$13 billion inflation-adjusted), and Wannacry approximately $4 billion (~$5 billion inflation-adjusted).âMany larger companies likely have cyber insurance, so they will not have to bear the total cost of this event. Moreover, because of the existence of these policies, the resulting impact on the cyber insurance market is still unfolding. Estimates of the global insured losses range from âmid to high single digit billion USDâ and are unlikely to be material for the (re)insurance market. Beazley, the largest insurer of cyber risk in 2023 | Cloud | NotPetya Wannacry | ★★★ |
 |
2024-04-29 14:00:00 | De l'assistant à l'analyste: la puissance de Gemini 1.5 Pro pour l'analyse des logiciels malveillants From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis (lien direct) |
Executive Summary A growing amount of malware has naturally increased workloads for defenders and particularly malware analysts, creating a need for improved automation and approaches to dealing with this classic threat. With the recent rise in generative AI tools, we decided to put our own Gemini 1.5 Pro to the test to see how it performed at analyzing malware. By providing code and using a simple prompt, we asked Gemini 1.5 Pro to determine if the file was malicious, and also to provide a list of activities and indicators of compromise. We did this for multiple malware files, testing with both decompiled and disassembled code, and Gemini 1.5 Pro was notably accurate each time, generating summary reports in human-readable language. Gemini 1.5 Pro was even able to make an accurate determination of code that - at the time - was receiving zero detections on VirusTotal. In our testing with other similar gen AI tools, we were required to divide the code into chunks, which led to vague and non-specific outcomes, and affected the overall analysis. Gemini 1.5 Pro, however, processed the entire code in a single pass, and often in about 30 to 40 seconds. Introduction The explosive growth of malware continues to challenge traditional, manual analysis methods, underscoring the urgent need for improved automation and innovative approaches. Generative AI models have become invaluable in some aspects of malware analysis, yet their effectiveness in handling large and complex malware samples has been limited. The introduction of Gemini 1.5 Pro, capable of processing up to 1 million tokens, marks a significant breakthrough. This advancement not only empowers AI to function as a powerful assistant in automating the malware analysis workflow but also significantly scales up the automation of code analysis. By substantially increasing the processing capacity, Gemini 1.5 Pro paves the way for a more adaptive and robust approach to cybersecurity, helping analysts manage the asymmetric volume of threats more effectively and efficiently. Traditional Techniques for Automated Malware Analysis The foundation of automated malware analysis is built on a combination of static and dynamic analysis techniques, both of which play crucial roles in dissecting and understanding malware behavior. Static analysis involves examining the malware without executing it, providing insights into its code structure and unobfuscated logic. Dynamic analysis, on the other hand, involves observing the execution of the malware in a controlled environment to monitor its behavior, regardless of obfuscation. Together, these techniques are leveraged to gain a comprehensive understanding of malware. Parallel to these techniques, AI and machine learning (ML) have increasingly been employed to classify and cluster malware based on behavioral patterns, signatures, and anomalies. These methodologies have ranged from supervised learning, where models are trained on labeled datasets, to unsupervised learning for clustering, which identifies patterns without predefined labels to group similar malware. | Malware Hack Tool Vulnerability Threat Studies Prediction Cloud Conference | Wannacry | ★★★ |
 |
2023-08-29 10:00:00 | Lutte contre les logiciels malveillants dans la chaîne d'approvisionnement industrielle Battling malware in the industrial supply chain (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here\'s how organizations can eliminate content-based malware in ICS/OT supply chains. As the Industrial Internet of Things (IIoT) landscape expands, ICS and OT networks are more connected than ever to various enterprise systems and cloud services. This new level of connectivity, while offering benefits, also paves the way for targeted and supply chain attacks, making them easier to carry out and broadening their potential effects. A prominent example of supply chain vulnerability is the 2020 SolarWinds Orion breach. In this sophisticated attack: Two distinct types of malware, "Sunburst" and "Supernova," were secretly placed into an authorized software update. Over 17,000 organizations downloaded the update, and the malware managed to evade various security measures. Once activated, the malware connected to an Internet-based command and control (C2) server using what appeared to be a harmless HTTPS connection. The C2 traffic was cleverly hidden using steganography, making detection even more challenging. The threat actors then remotely controlled the malware through their C2, affecting up to 200 organizations. While this incident led to widespread IT infiltration, it did not directly affect OT systems. In contrast, other attacks have had direct impacts on OT. In 2014, a malware known as Havex was hidden in IT product downloads and used to breach IT/OT firewalls, gathering intelligence from OT networks. This demonstrated how a compromised IT product in the supply chain could lead to OT consequences. Similarly, in 2017, the NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems. These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including: Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making. Access control challenges: Proper identity and access management within complex environments are crucial. Compliance with best practices: Adherence to guidelines such as NIST\'s best practices is essential for resilience. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions. Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems. Supply chain defense: The power of content disarm and reconstruction Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious. What does CDR do? In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety. Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while mainta | Malware Vulnerability Threat Industrial Cloud | NotPetya Wannacry Solardwinds | ★★ |
1
We have: 4 articles.
We have: 4 articles.
To see everything:
Our RSS (filtrered)
