How Can Businesses Defend Themselves Against Cyberthreats?

/in


Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems capable of exploitation, thus increasing the profitability of a successful breach.

Furthermore, launching a cyberattack is becoming more accessible. Exploit kits and malware-as-a-service offerings are getting cheaper, while open-source AI tools are making masquerading as a trusted executive and exploiting vulnerabilities easier.

TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyber threats, which are:

  • Social engineering attacks.
  • Zero-day exploits.
  • Ransomware attacks and data theft.
  • IoT attacks.
  • Supply chain attacks.
  • AI deepfakes.

Social engineering attacks

What are they?

Social engineering is an umbrella term for some of the most common types of cyberattacks, all of which involve some form of human manipulation to obtain information about an organization or network. Social engineering attacks include, but are not limited to:

  • Phishing: Attackers impersonate legitimate entities to deceive individuals into giving up confidential information, like log-in credentials. Most often, this is in the form of an email, but it can be done over the phone (vishing) or text (smishing).
  • Baiting: The attacker leaves a physical device, like a USB stick or CD, containing malware in a public place in the hopes that someone will pick it up and use it, thus compromising their system.
  • Whaling: A more personalized version of phishing that usually targets a single, high-ranking individual.
  • Business email compromise: A targeted cyberattack where attackers impersonate a trustworthy executive via a compromised email account and deceive employees into transferring money or revealing sensitive information.

SEE: 6 Persuasion Tactics Used in Social Engineering Attacks

What are the most common attack entry points?

While social engineering attacks can be instigated through emails, phone calls and USB sticks, they all have one attack entry point in common: humans.

How can businesses protect themselves?

Zero-day exploits

What are they?

TechRepublic…

Source…

Bluesky adds new features to catch up with X

/in


As X (previously Twitter) plunges in numbers due to the mass exodus of users it has experienced ever since billionaire Elon Musk purchased it in 2022, alternatives like Bluesky have popped into existence to give it a little competition. Since then, some of these have exploded in numbers as others didn’t quite make it.

Bluesky was one of the ones that were able to thrive, mostly thanks to the help of Jack Dorsey (Twitter’s ex-CEO and co-finder) who was the hand behind it all. He originally started it in 2019 and officially rolled it out as an invite-only platform in 2023 (conveniently planned out it seems). Since then, the platform was eventually opened up to public registration and has been slowly adding features trying to catch up to the likes of Twitter and other social networks.

In the latest news, the platform has announced new features that will be coming in the next few months. These features include the ability to send DMs (direct messages) to other users, the ability to upload GIFs and videos, OAuth support for more secure sign-ins, improved custom feeds, and better additional anti-harassment features. Clearly trying to recreate what Twitter once was while adding some well-needed features that any network could benefit from.

It has been reported that Bluesky currently has over 5.6 million users and that number continues to grow at a steady rate as users look for alternatives to X and other platforms that just haven’t been cutting it or have fallen completely.

Source…

UAE participates in meeting on International Counter Ransomware Initiative in San Francisco

/in


San Francisco [US], May 13 (ANI/WAM): The United Arab Emirates recently participated at a meeting at RSA Conference here that brought together the members of the International Counter Ransomware Initiative (CRI), currently recognised as the largest international cybersecurity collaboration partnership for combating cybercrime at the state level, and specifically addressing ransomware. The CRI lead chair from the White House has increased its partners from 35 in 2022 to 60 as of today and continues to expand. The meeting discussed how to establish trust, exchange information, and work together on the Crystal Ball Platform for collective defense and global resiliency under the CRI.

During RSAC, the new operational platform was showcased to demonstrate the collaborative and threat sharing capabilities of the Crystal Ball Platform, which uses special models to boost third-party connectivity and artificial intelligence (AI) to improve the user experience. At present, more than 10 nations are actively using and sharing on the platform, with the goal to onboard the rest gradually by the end of the year. The Crystal Ball Platform, powered by Microsoft technology, is designed with the latest and most effective technologies for modern work with embedded security, automation, and AI. The platform also considers the data residency and geographic regions to meet the regulatory standards of the CRI partners.

The esteemed panel led an insightful discussion on, “The Crystal Ball Platform: Facilitating collaborative information sharing and capacity building among members of the Counter Ransomware Initiative.” Dr Mohamed Al Kuwaiti, Head of the Cyber Security Council, the United Arab Emirates, said: “CRI is a crucial global effort to tackle ransomware threats, promote resilience, and disrupt criminal networks involved in ransomware attacks. The Crystal Ball solution is equipped with AI innovative technologies to provide a collaborative and secure platform aimed at helping nations globally to deter cyber-attacks while understanding the adversaries behind them and continuously creating a cyber-aware culture.”

Amy Hogan-Burney, General Manager, Associate General Counsel, Cybersecurity Policy &…

Source…

B.C. confident that cybersecurity attacks on government were state directed

/in


VANCOUVER — A state or state-sponsored actor was likely responsible for a series of cybersecurity attacks targeting British Columbia government networks, Mike Farnworth, B.C.’s public safety minister and solicitor general, said Friday.

He said he personally did not know the identity of the state or state-sponsored actor, and was currently not prepared to identify them if he did, as the investigation continues involving police, the federal and provincial governments and the Canadian Centre for Cyber Security.

“What I can tell you is that it became evident to the technical experts within government and through the Canadian Centre for Cyber Security as well as the private sector Microsoft detection and response team that what they were seeing while investigating what was taking place was that this was a very sophisticated operation,” Farnworth said at a news conference.

He said there has been no ransom demand made in connection with the cybersecurity attacks and the investigation has found no evidence that information has been compromised.

“We have reason to believe that the attack was a state or state-sponsored actor who was involved in these cyberattacks,” Farnworth said. “Government staff with support from other agencies have worked to protect government systems and respond to the incident.

“Through their hard work they have been able to ensure that there has not been an interruption to government operations or services for British Columbians,” he said. “As we’ve also said, there’s no evidence at this time that sensitive government information has been compromised.”

Earlier Friday, Shannon Salter, head of B.C.’s public service and Premier David Eby’s deputy minister, told a background briefing the incidents were first noticed by government on April 10 and confirmed the next day.

She said there was a second incident on April 29, where the attacker attempted to broaden their actions, at which point the government directed all public employees to change their computer passwords.

Salter said investigators also determined on May 6 that the attacker was taking measures to cover their actions.

She said there was high confidence that the cybersecurity attacks were conducted by a state or…

Source…