Tag Archive for: Organisations

How APAC organisations are hiring cyber security pros

/in


Organisations across the Asia-Pacific (APAC) region are relying on job postings, internships and even candidates from other fields to plug the cyber security talent gap, a new study has found.

Those were the key findings of the APAC cybersecurity hiring managers research report by The International Information System Security Certification Consortium, or (ISC)², which polled 787 respondents across Singapore, Hong Kong, Japan and South Korea.

Over half of respondents (58%) in Singapore rely on standard job postings in their search for cyber security talent while just under half in the city-state have identified or recruited talent through apprenticeship and internship programmes as well as recruitment agencies.

At the regional level, companies have also diversified their recruitment practices when it comes to candidate sourcing, with hiring managers turning to existing employees from non-traditional IT departments such as customer service (43%) and human resources (38%) for entry- and junior-level staff.

“Our research findings point to the widening cyber security workforce gap, which has been driven by geopolitical tensions, macroeconomic instability, as well as growing physical security challenges,” said Clar Rosso, CEO of (ISC)².

“With APAC registering the second highest year-on-year rise in shortage globally, organisations in the region need to be creative with their cyber security hiring. However, unlike conventional thinking, adopting an innovative approach doesn’t mean that organisations have to take on more hiring risks.”

The (ISC)² report noted that adopting a more collaborative hiring approach between HR and cyber security teams, identifying candidates with relevant attributes and skills, as well as investing in their professional development can help organisations build more resilient and sustainable cyber security teams.

When it comes to skills and experience, 62% of respondents would hire a candidate self-taught in IT or cyber security despite having no work experience, with those in Singapore and Hong Kong most likely to consider such candidates.

Across the region, 64% of hiring managers ranked previous professional experience as one of the most…

Source…

4 Ways Organisations Can Protect Themselves Against Ransomware

/in


With the ‘as a service’ business model gaining increased popularity with the convenience and agility of service offerings, it isn’t surprising to see this model being used by cybercriminals for nefarious purposes. Ransomware as a service (RaaS) involves cybercriminals purchasing and selling access to ransomware payloads, leaked data, RaaS “kits,” and many other tools on the dark web. Microsoft, in their Cyber Signals Report, discovered that in more than 80 per cent of ransomware attacks, cybercriminals exploited common configuration errors in software and devices. This means that ransomware actors are not using any new and novel techniques. Their attacks follow a template of initial access via malware infection or exploitation of a vulnerability then credential theft to elevate privileges and move laterally. 

The ease of RaaS for cybercriminals means it will continue to remain a challenge for organisations worldwide in the near future. Companies that limit their hunting efforts to looking for signs of just the ransomware payload are at a greater risk of a successful breach and extortion. 

With cyberattacks getting more sophisticated, and the criminals behind them growing bolder every day, here are four simple ways in which organisations can protect themselves from ransomware:  

1.Authenticate Identities 

More than malware, attackers need credentials to succeed. In nearly all successful ransomware deployments, attackers gained access to privileged, administrator level accounts granting broad access to an organisations’ network. Using Multifactor authentication (MFA) on all accounts is encouraged, and administrator and other sensitive roles must be prioritized. Passwordless authentication like FIDO keys or Microsoft Authenticator for apps that support it will also help ensure a secure experience.

2.Address Security Blind Spots

In almost every observed ransomware incident, at least one system exploited in the attack had missing or misconfigured security products that allowed intruders to tamper with or disable certain protections. Like smoke alarms, security products need to be…

Source…

FBI warns Rust-based ransomware has breached over 60 organisations

/in


The Federal Bureau of Investigation (FBI) has warned of BlackCat ransomware-as-a-service (RaaS) which it believes has compromised at least 60 entities around the world since last November.

BlackCat has been recruiting new affiliates since late 2021 and targeting organisations across multiple sectors across the world, according to Varonis Threat Labs. It has actively recruited former REvil, BlackMatter, and DarkSide operators and increased its activity since November 2021. Varonis found that it offers lucrative affiliate payouts, up to 90%, and uses a Rust-based ransomware executable. The group’s leak site also named over 20 victim organisations since January 2022, although the data security firm predicted that the total number of victims was likely to be greater.

The FBI released an alert earlier this month where it found that BlackCat, also known as ALPHV or Noberus, has compromised at least 60 entities worldwide through RaaS as of March 2022. It said it’s the first ransomware group to do so successfully using Rust, a programming language that offers high performance and improved safety features.

The advisory stated that the ransomware leverages previously compromised user credentials to gain initial access to the victim’s system. Once the malware establishes access, it compromises Active Directory user and administrator accounts. The malware utilises Windows Task Scheduler to configure malicious Group Policy Objects (GPOs) to deploy ransomware.

The initial deployment of the malware leverages PowerShell scripts, along with Cobalt Strike, and disables security features within the victim’s network. The ransomware also uses Windows administrative tools and Microsoft Sysinternals tools during compromise. BlackCat/ALPHV steals victim data before the execution of the ransomware, including from cloud providers where company or client data was stored. 

“BlackCat-affiliated threat actors typically request ransom payments of several million dollars in Bitcoin and Monero but have accepted ransom payments below the initial ransom demand amount,” stated the FBI in the advisory. “Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter,…

Source…

Security organisations form Nonprofit Cyber coalition

/in


A group of implementation-focused cyber nonprofits – including the likes of the Center for Internet Security, Crest International, and the Fido Alliance – have joined forces to create an umbrella coalition that will work to develop, share, deploy and increase awareness of security best practice, tools, standards and services.

Formed in the US, but globally relevant, the Nonprofit Cyber coalition is envisioned as a “collaboration of equals” and will initially focus on two priorities – building awareness of cyber nonprofits, and aligning the work of its 22 founding members, all of which must hold nonprofit status under US law or their home country equivalents.

The founding members are: the Anti-Phishing Working Group, the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, Crest International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the Fido Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, #ShareTheMicInCyber, and Sightline Security.

The group is also welcoming applications for new members, focusing only on those that work to implement security best practice and solutions at scale, and not lobbying, policy development or advocacy groups, nor industry bodies.

Philip Reitinger, CEO of the Global Cyber Alliance (GCA) and newly elected co-chair of the coalition, said: “A large number of nonprofits that focus on cyber security implementation are working within their own areas of action toward the joint goal of improving cyber security, but the lack of coordination and communication among them can lead to inefficiency and duplication of effort.

“Better communication and collaboration among these groups will enable programmatic and opportunistic action to improve cyber security.”

Tony Sager, Center for Internet Security vice-president and chief evangelist, and the…

Source…