Tag Archive for: step

Companies warned to step up cyber security to become ‘insurable’

/in


Businesses are at risk of finding that they are unable to secure cyber insurance cover as the volume of cyber attacks reaches new levels.

Companies are increasingly being required to put in place higher levels of cyber protection for their systems before they will be considered for cyber insurance.

According to insurers, the cost of cyber risks insurance has rocketed as demand for cover outstrips supply.

Their comments came as the World Economic Forum (WEF) published its Global risk report 2023, which identifies widespread cyber attacks and cyber insecurity as one of the top 10 risks facing governments and organisations over the next 10 years.

Carolina Klint, risk management leader for continental Europe for insurance broker Marsh, and one of the contributors to the report said that insurance companies were now coming out and saying that “cyber risk is systemic and uninsurable”.

That means, in future, companies may not be able to find cover for risks such as ransomware, malware or hacking attacks.

“It’s up to the insurance industry and to the capital markets whether or not they find the risk palatable,” she said in an interview with Computer Weekly, “but that is the direction it is moving in.”

In recent days, cyber attacks have disrupted the international delivery services of the Royal Mail and infected IT systems at the Guardian newspaper with ransomware.

The Global risks report rates cyber warfare and economic conflict as more serious threats to stability than the risks of military confrontation.

“There is a real risk that cyber attacks may be targeted at critical infrastructure, health care and public institutions,” said Klint. “And that would have dramatic ramifications in terms of stability.”

Risk of Russia stepping up cyber attacks

Russia’s cyber attacks against the Ukraine could, depending on how the war goes, lead to more generalised attacks against inadequately protected IT systems in the West.

“I do think with Russia’s attacks, depending on the level of frustration and the success or failure of the war, we might be looking at broader spray attacks, which are going to be less targeted, which means that more companies or…

Source…

Renewing car tags online might take an extra step after security breach to county provider

/in


Arkansans are experiencing a few hiccups when renewing their car tags online as a result of a service provider for many counties being hacked last year, Scott Hardin, spokesman for the Department of Finance and Administration, said Tuesday.  

The state’s 2.7 million passenger vehicles are required to be assessed at the county level before they can be renewed at the state level each year. As a consequence of the hacking of Apprentice Information Services of Rogers in November, many counties’ computer systems were unable to provide online services, according to reports from KAIT-TV in Jonesboro to the Texarkana Gazette. The county computer systems are still unable to communicate with the state’s computer systems, Hardin said. 

Pulaski County, the state’s most populous, is among the counties impacted by the security breach, Hardin said. 

The county systems have not been linked back up to the state’s computer system to ensure there’s no chance the state’s computer system could be made vulnerable to hackers. 

As a workaround for the online car tag renewals, the state is allowing residents unable to renew online to call the Department of Finance and Administration’s motor vehicle help desk to explain the situation. The help desk can override the requirement to assess the vehicle before renewing with the state. The help desk will notify the county that the vehicle has been renewed but has not been assessed, Hardin said. 

We want to be sure Arkansans understand vehicle renewal remains available both in person and online,” Hardin said via email. “However, for customers using the online option, one extra step (calling or emailing to request an override) may be required for those in counties affected by the security breach.”

An assessment is an owner’s declaration of personal property to the county so that property taxes can ultimately be paid on the vehicle, Hardin said. 

The issue only impacts online renewals. Arkansans who prefer to avoid these hiccups can still physically go to a county assessor’s office for assessment and one of the 134 state revenue offices for renewal. 

Hardin said the department recommends car owners try to renew online first. If…

Source…

How To Update a Windows 10 Computer / Security Updates Driver Updates Operating System Updates

/in



Blocking Macros Is Only the First Step in Defeating Malware

/in


  • Microsoft’s decision to block macros will rob threat actors of this popular means for distributing malware.
  • However, researchers note that cybercriminals have already changed tacks and significantly reduced using macros in recent malware campaigns.
  • Blocking macros is a step in the right direction, but at the end of the day, people need to be more vigilant to avoid getting infected, suggest experts.

Ed Hardie / Unsplash.

While Microsoft took its own sweet time deciding to block macros by default in Microsoft Office, threat actors were quick to work around this limitation and devise new attack vectors.


According to new research by security vendor Proofpoint, macros are no longer the favorite means of distributing malware. The use of common macros decreased by approximately 66% between October 2021 to June 2022. On the other hand, the use of ISO files (a disc image) registered an increase of over 150%, while the use of LNK (Windows File Shortcut) files increased a staggering 1,675% in the same timeframe. These file types can bypass Microsoft’s macro blocking protections.


“Threat actors pivoting away from directly distributing macro-based attachments in email represents a significant shift in the threat landscape,” Sherrod DeGrippo, Vice President, Threat Research and Detection at Proofpoint, said in a press release. “Threat actors are now adopting new tactics to deliver malware, and the increased use of files such as ISO, LNK, and RAR is expected to continue.”



Moving With the Times

In an email exchange with Lifewire, Harman Singh, Director at cybersecurity service provider Cyphere, described macros as small programs that can be used to automate tasks in Microsoft Office, with XL4 and VBA macros being the most commonly used macros by Office users. 


From a cybercrime perspective, Singh said threat actors can use macros for some pretty nasty attack campaigns. For instance, macros can execute malicious lines of code on a victim’s computer with the same privileges as the logged-in person. Threat actors can abuse this access to exfiltrate data from a compromised computer or to even grab additional malicious content from the malware’s servers to pull in even more…

Source…