Tag Archive for: calls

Ransomware Task Force calls for better incident reporting

/in


Members from the Ransomware Task Force called for better incident reporting during a panel at RSA Conference 2022.

The RSA panel was titled “Progress in the Year of Ransomware: Analysis with the Ransomware Task Force” and featured four members of the task force: Phil Reiner, CEO of the Institute for Security and Technology (IST); Megan Stifel, IST chief strategy officer; Michael Phillips, chief claims officer at cyber insurer Resilience; and Michael Daniel, president and CEO of Cyber Threat Alliance.

The Ransomware Task Force is a public-private partnership formed last spring by the IST and dedicated to disrupting the threat of ransomware. The panel acted as a look at efforts made over the past year, as well as an opportunity to discuss progress that still needs to be made.

A key piece of the panel focused on incident reporting, which requires ransomware victims to notify the U.S. government after they’ve been struck by a cyber attack. The panelists discussed how difficult it is to get a complete picture of ransomware when public- and private-sector sources often have very different tallies when it comes time to present attack statistics each year.

“The FBI, through its IC3 reporting mechanism, came out with its ransomware reporting statistics, and it’s extraordinarily low compared to what even a specialist cyber insurance company would see year in, year out,” Phillips said. “So we still see this this data gap, whether it’s per unit of government or institutions like insurance companies, which aggregate the victim’s data and experience. We’re all seeing very partial aspects of the picture, which makes the reporting requirements that we’ve been discussing so, so important.”

In a report that launched alongside the task force, four recommendations were made to support victims. These included clarity from the U.S. Treasury in its ransom payment guidance, a recovery fund for organizations that refuse to pay the ransom, creating a ransomware attack reporting standard and requiring organizations to disclose ransomware payments to the government prior to paying.

Stifel said progress has been made on all four fronts, and while there is still a ways to go in some aspects (specifically…

Source…

Pittsburgh calls itself the robotics capital of the world. But it’s also the birthplace of cybersecurity

/in


Robotics, medical research, bridges, Heinz Ketchup, the Pittsburgh Toilet — these are the signatures of innovation in the Steel City. But buried underneath the surface of its journey from kitschy and industrial to kitschy and tech-centric is a story about the origins of the global cybersecurity industry.

Pittsburgh’s tech economy has long been recognized for its prowess in robotics and artificial intelligence, largely stemming from a strong pipeline of expertise out of local schools like Carnegie Mellon University and the University of Pittsburgh. While autonomous vehicle companies and autonomous mobile robot providers alike have found ways to profit off of those opportunities, there’s a bedrock of a wider range of technical know-how still waiting to be leveraged into commercial possibilities.

Enter cybersecurity: an industry that was (arguably) born in Pittsburgh.

As the story goes, it all started with CERT, formerly an acronym for the computer emergency response team. The division was founded within CMU’s Software Engineering Institute in 1988 as a response to the internet vulnerabilities exposed by the Morris worm, the country’s first major internet attack.

“In the early hours of response to the Morris worm, you had a number of people working at DARPA at the time — the Defense Advanced Research Projects Agency — who had either ties to the SEI or to Carnegie Mellon School of Computer Science,” Bill Wilson, current deputy director of the CERT Division, told Technical.ly.

Bill Wilson. (Courtesy photo)

Those DARPA employees reached out to CMU contacts, “and they quickly kind of cobbled together a foundation and framework to begin to work with and build a community to as quickly as possible first, mitigate and solve the vulnerability underlying the Morris worm,” Wilson said. But really, the purpose was to respond to what had been a sort of “technical wakeup call” in the realm of internet security. From the outset, it was always clear that CERT would be a new kind of organization in tech, something to “work with a network of vendors and researchers to as best as possible, analyze and identify the [new internet] vulnerabilities and then rally the community to…

Source…

Warning for Android users over flaw which can let hackers listen in on calls

/in


ANDROID users are being warned over a flaw in their devices that could let hackers listen in on calls from the first time you turn it on.

Threat actors could target Android devices that are running on Qualcomm and MediaTek chipsets – who are two of the largest chip providers in the world.

Hackers could listen in on your phone calls due to a flaw in Android devices

1

Hackers could listen in on your phone calls due to a flaw in Android devicesCredit: Getty

Security experts at Check Point Research said two thirds of all smartphones sold in 2021 were vulnerable to the flaw.

This is due to both of these chipsets possessing a compromised Apple Lossless Audio Codec (ALAC) code in their audio decoders.

ALAC is an audio coding format for audio compression that was originally open-sourced by Apple in 2011.

The company responsible releases updates and security fixes for the software, however not every vendor that uses the software reportedly applies this.

A vulnerability of this sort can allow hackers to use remote code execution (RCE) to access a device without gaining physical access to it.

RCE attacks are considered very serious because their impact can range from malware execution to a hacker gaining total control over a device.

This means that threat actors can access personal files, messages, photos, and even a phone camera’s streaming functionality.

Speaking about the threat, Check Point said: “The ALAC issues our researchers found could be used by an attacker for remote code execution attack (RCE) on a mobile device through a malformed audio file. RCE attacks allow an attacker to remotely execute malicious code on a computer.

“The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.

“In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations.”

Bleeping Computer report that threat actors can take advantage of the vulnerability by sending a maliciously crafted audio file which the victim is tricked into opening.

For this reason, experts are recommending users update their Android devices immediately.

To update your Android device,…

Source…

The Intersection of Cloud and Ransomware Calls for Public Sector to Remain More Diligent

/in


The Intersection of Cloud and Ransomware Calls for Public Sector to Remain More Diligent

Cloud

Cloud and SaaS capabilities will continue to be staples for federal agencies and prevent ransomware attacks

When an individual interacts with a government agency, often, a small part of personal data is provided and stored in the system. This indicates that ransomware attacks can jeopardize both internal government data as well as citizen information. The government agencies are in a more precarious position as compared with the private companies because they are the proprietor of citizen data – from motor vehicle records to photo identification documents.

According to IDC, the overall Indian public cloud services market is expected to reach USD 10.8 billion by 2025, growing at a CAGR of 24.1% from 2020-to 25. Also, the pandemic helped cultivate cloud capabilities and by extension, SaaS, to become a necessity for government and private industries alike. Annual cloud spending has been at an all-time high over the last few years, with an unprecedented growth momentum for India at a CAGR of 45% over the last 5 years, as more and more sectors are leveraging cloud capabilities to grow their businesses

Within APAC, TMT and financial services sectors are heavily investing and rapidly innovating by leveraging cloud services. While we expect a similar momentum in India across these sectors, we also expect a significant positive shift in cloud policies among public sector organizations.

As we evolve in terms of how and where we store personal data, our adversaries adapt in terms of how they target it. And, as more personal information is being stored in the cloud, bad actors are increasingly targeting cloud capabilities.

The Office of Personnel Management (OPM.gov) recently released telework guidance, the recommendation to increase telework access means continued reliance on cloud and SaaS, and the accompanying potential for cloud-targeted ransomware attacks.

It is projected that by 2025, 75% of IT organizations will be hit with at least one ransomware attack. India has been the worst hit by ransomware in the APAC region, with 76% of the organizations having suffered a ransomware attack in 2021, it’s more…

Source…