Tag Archive for: industry

The Startup That Transformed the Hack-for-Hire Industry

/in


If you’re looking for a long read to while away your weekend, we’ve got you covered. First up, WIRED senior reporter Andy Greenberg reveals the wild story behind the three teenage hackers who created the Mirai botnet code that ultimately took down a huge swath of the internet in 2016. WIRED contributor Garrett Graff pulls from his new book on UFOs to lay out the proof that the 1947 “discovery” of aliens in Roswell, New Mexico, never really happened. And finally, we take a deep dive into the communities that are solving cold cases using face recognition and other AI.

That’s not all. Each week, we round up the security and privacy stories we didn’t report in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

For years, mercenary hacker companies like NSO Group and Hacking Team have repeatedly been the subject of scandal for selling their digital intrusion and cyberespionage services to clients worldwide. Far less well-known is an Indian startup called Appin that, from its offices in New Delhi, enabled customers worldwide to hack whistleblowers, activists, corporate competitors, lawyers, and celebrities on a giant scale.

In a sprawling investigation, Reuters reporters spoke to dozens of former Appin staff and hundreds of its hacking victims. It also obtained thousands of its internal documents—including 17 pitch documents advertising its “cyber spying” and “cyber warfare” offerings—as well as case files from law enforcement investigations into Appin launched from the US to Switzerland. The resulting story reveals in new depth how a small Indian company “hacked the world,” as Reuters writes, brazenly selling its hacking abilities to the highest bidder through an online portal called My Commando. Its victims, as well as those of copycat hacking companies founded by its alumni, have included Russian oligarch Boris Berezovsky, Malaysian politician Mohamed Azmin Ali, targets of a Dominican digital tabloid, and a member of a Native American tribe who tried to claim profits from a Long Island, New York, casino development on his reservation.

The ransomware group known as Scattered Spider has distinguished itself this year as one…

Source…

3 Top Stocks to Ride the Buoyancy in Security and Safety Services Industry – October 10, 2023

/in


The Zacks Security and Safety Services industry is poised to benefit from strong demand for security and safety solutions prompted by growing concerns of terrorist and criminal activities and the need to safeguard citizens and infrastructure. Improving supply chains and a deceleration in inflation augur well for the industry’s near-term prospects.

Companies like Axon Enterprise (AXON Free Report) , Brady Corporation (BRC Free Report) and Lakeland Industries (LAKE Free Report) are poised to take advantage of the buoyancy in the industry.

About the Industry

The Zacks Security and Safety Services industry comprises companies that provide sophisticated and interactive security solutions and related services, which are meant to be used for residential, commercial and institutional purposes. A few industry players develop electrical weapons for personal defense, as well as military, federal, law enforcement and private security. Some of them provide solutions for the recovery of stolen vehicles, wireless communication devices, equipment for the safety of facility infrastructure and employees, and products for detecting hazards. A few companies provide a variety of services to automobile owners and insurance companies. The industry serves customers belonging to various end markets, including manufacturing, electronics, hospitality, education, construction, telecommunications, aerospace and medical.

3 Trends Shaping the Future of the Security and Safety Services Industry

Demand for Security and Safety Services: Growing concerns of terrorism and criminal activities around the world are promoting demand for security and safety services. Political unrest across countries, prompting governments to safeguard citizens and protect infrastructure, acts as a key growth driver for the industry. With growing urbanization, governments are increasingly focusing on the safety and security of people, assets and the like, thus driving demand in the industry. Thanks to rising instances of hacking, the industry is seeing growing demand for Internet security products and services like firewalls and…

Source…

Ransomware attacks register record speeds thanks to success of infosec industry • The Register

/in


The time taken by cyber attackers between gaining an initial foothold in a victim’s environment and deploying ransomware has fallen to 24 hours, according to a study.

In nearly two-thirds of cases analysed by Secureworks’ researchers, cybercriminals were deploying ransomware within a day, and in more than 10 percent of incidents it was deployed within five hours.

This average dwell time has dropped significantly in 2023, down from 4.5 days in 2022 and 5.5 days the year before that.

The findings remained consistent across the year’s incidents, researchers noted, not being influenced by specific ransomware variants of cybercrime groups.

Dwell times in some cases were longer when data exfiltration occurred before ransomware was deployed – a double extortion scenario.

However, this wasn’t true in every case, and as Microsoft revealed last week in its annual threat intelligence report, double extortion events accounted for just 13 percent of ransomware incidents in the past year.

Secureworks said that ransomware attacks are being carried out with less complexity than in years gone by, with the days of organization-wide encryption incidents becoming increasingly more difficult to pull off.

“The cybersecurity industry is undoubtedly getting better at detecting the activity that has historically preceded ransomware, such as the use of offensive security toolkits like Cobalt Strike,” Secureworks said in its “State of The Threat Report.” 

“This may be a factor in forcing ransomware operators to work more quickly.”

As detection technologies become more effective, cybercriminals are naturally forced to adapt to a changing defensive landscape, having to complete their attacks faster.

Secureworks’ experts also said the popularity of the ransomware-as-a-service (RaaS) model could also provide an explanation for shorter attacks. 

With effective ransomware payloads, complete with easy-to-follow instructions for affiliates to use them, the RaaS model makes executing attacks possible for even the least-skilled criminals.

This lowering of the barrier to enter the ransomware market as an affiliate has led to an increase in attacks overall, and June broke the single-month record for…

Source…

CSA launches Cybersecurity Industry Call for Innovation 2023 with Challenge Statements by Three End-Users

/in


More than 50 Proposals Received for CyberCall 2022, Four Proposals Selected

The Cyber Security Agency of Singapore (CSA), together with National University of Singapore (NUS) Enterprise, launched the Cybersecurity Industry Call for Innovation 2023 (CyberCall 2023) today. The launch was announced by Mrs Josephine Teo, Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity at the Cybersecurity Innovation Day 2023 held today, 29 September 2023, at the Sands Expo and Convention Centre.

2      The CyberCall initiative, first launched in 2018, seeks to catalyse the development of innovative cybersecurity solutions. Through this, CSA aims to strengthen organisations’ cyber resilience and at the same time provide opportunities for cybersecurity companies to contribute to the development of innovative solutions that shows potential to be applied in many organisations’ systems.  Each selected solution that fulfils the eligibility criteria may receive a funding of up to S$1,000,000 under CSA’s Cybersecurity Co-Innovation and Development Fund (CCDF).

CyberCall 2023

3      This year’s CyberCall is looking for proposals in the following areas: 

a. Cybersecurity for Artificial intelligence (AI) 

To safeguard AI systems and the data they process from various cyber attacks in order to maintain the integrity, confidentiality, trustworthiness and reliability of AI applications in an increasingly connected and digital world.

b. Using AI for cybersecurity

To harness the power of AI to strengthen organisations’ cyber defences to protect their systems, data and networks, improve threat detection, and respond more effectively to cyber attacks.

c. Operational Technology (OT) / Internet of Things (IoT) security

To safeguard critical infrastructure, Industrial Control Systems (ICS) and internet-connected devices from cyber threats and vulnerabilities. 

d. Cloud security

To safeguard infrastructure, data and applications hosted in cloud environments, while maintaining the confidentiality, integrity and availability of resources in the cloud.

e. Privacy-Enhancing Technologies (PET)

To safeguard the privacy of individuals…

Source…