Tag: Success | SpinSafe

MoD ethical hacking programme expands after initial success

February 9, 2024/in Computer Security

The Ministry of Defence (MoD) has revealed it has expanded an existing defensive security initiative with ethical hacking and penetration testing specialist HackerOne to include some of its key suppliers.

The original scope of the MoD’s defensive security programme included a vulnerability disclosure programme (VDP) paying out bug bounties through HackerOne, leveraging the creativity and expertise of the hacking community to help secure some of the UK government’s most critical digital assets.

Since its launch in 2021, more than 100 ethical hackers have been busy “attacking” the MoD’s systems, identifying and fixing vulnerabilities to enhance its cyber security posture.

“The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security,” said Paul Joyce, vulnerability research project manager for the MoD. “Our hacker partners are helping us to identify areas where we need to strengthen our defences and protect our critical digital assets from malicious threats.”

MoD CISO Christine Maxwell added: “Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.”

The MoD hopes that by including key suppliers within the VDP, it can help encourage a trickle-down of best practices through its supply chain, and maybe implement their own programmes. It said its long-term goal was for all firms that it partners with to run their own VDPs.

Among the suppliers that has already been involved with the expanded programme is Kahootz, which supplies cloud software-as-a-service collaboration platform services to public and third sector organisations.

“Kahootz’s VDP demonstrates our proactive commitment to promptly identifying and addressing potential security weaknesses to maintain the highest security standards for users,” said Peter Jackson, the organisation’s…

Source…

Ransomware attacks register record speeds thanks to success of infosec industry • The Register

October 10, 2023/in Internet Security

The time taken by cyber attackers between gaining an initial foothold in a victim’s environment and deploying ransomware has fallen to 24 hours, according to a study.

In nearly two-thirds of cases analysed by Secureworks’ researchers, cybercriminals were deploying ransomware within a day, and in more than 10 percent of incidents it was deployed within five hours.

This average dwell time has dropped significantly in 2023, down from 4.5 days in 2022 and 5.5 days the year before that.

The findings remained consistent across the year’s incidents, researchers noted, not being influenced by specific ransomware variants of cybercrime groups.

Dwell times in some cases were longer when data exfiltration occurred before ransomware was deployed – a double extortion scenario.

However, this wasn’t true in every case, and as Microsoft revealed last week in its annual threat intelligence report, double extortion events accounted for just 13 percent of ransomware incidents in the past year.

Secureworks said that ransomware attacks are being carried out with less complexity than in years gone by, with the days of organization-wide encryption incidents becoming increasingly more difficult to pull off.

“The cybersecurity industry is undoubtedly getting better at detecting the activity that has historically preceded ransomware, such as the use of offensive security toolkits like Cobalt Strike,” Secureworks said in its “State of The Threat Report.”

“This may be a factor in forcing ransomware operators to work more quickly.”

As detection technologies become more effective, cybercriminals are naturally forced to adapt to a changing defensive landscape, having to complete their attacks faster.

Secureworks’ experts also said the popularity of the ransomware-as-a-service (RaaS) model could also provide an explanation for shorter attacks.

With effective ransomware payloads, complete with easy-to-follow instructions for affiliates to use them, the RaaS model makes executing attacks possible for even the least-skilled criminals.

This lowering of the barrier to enter the ransomware market as an affiliate has led to an increase in attacks overall, and June broke the single-month record for…

Source…

Multilateral cooperation is key to success in securing nations from emerging cyber security threats, says Amit Shah

July 13, 2023/in Internet Security

Union Home Minister Amit Shah on Thursday raised concern regarding terrorists using the dark net to hide their identity and spread radical material, and find solutions by understanding the pattern of these activities.

Addressing the inaugural session of the ‘G 20 Conference on Crime and Security in the Age of NFTs, AI & Metaverse’, the home minister said that India has taken giant strides in empowering digital security systems.

“The conference will play a transformative role in building a global cooperation network to strengthen the capabilities of nations and international organizations to combat cyber threats, including terrorism, terror financing, radicalization, narco-terror, and misinformation in an effective way,” he added.

The brainstorming in this congregation will help all the participant nations to achieve remarkable feats in security, he said.

Multilateral cooperation is the key to success in securing nations from emerging threats to cyber security. Addressing the inaugural session of the ‘G 20 Conference on Crime and Security in the Age of NFTs, AI & Metaverse’.#G20India https://t.co/FlIJrd6Afb

— Amit Shah (@AmitShah) July 13, 2023

The minister also warned of cyber-attack threat which he said is hovering over all the major economies of the world and “many countries of the world have become victims of it”.

To create a “robust and efficient operational system”, Shah said, “Terrorists are using the dark net to hide their identity and spread radical material, and we have to understand the pattern of these activities running on the dark net and find solutions for the same.”

The Home Minister also specified the need to think coherently to crack down on the use of various virtual assets.

Speaking at the G20 Conference on Crime and Security in the age of the Non-Fungible Token (NFT), Artificial Intelligence (Al) and Metaverse’, Shah further said “The Metaverse, once a science fiction idea, has now stepped into the real world.”

He said the metaverse may create new opportunities for terrorist organizations primarily for propaganda, recruitment, and training.

“This will make it easier for terrorist organizations to select and target…

Source…

Cyber success: Citadel cadets beat out thousands of students in the National Cyber League

December 6, 2022/in Computer Security

Two cadets recently competed in the virtual National Cyber League, a competition giving students a chance to practice their cybersecurity skills. They competed against students from all over the country, and both placed in the top 100 out of more than 7,500 participants. Overall, The Citadel had 52 cadets and students participate in the NCL. The competition’s activities included answering questions on niche cyber topics and completing various tasks such as cryptography, open-source intelligence and web application exploitation.

Senior cadet Ben Race placed 75^th in the NCL and credited his previous experience with the NCL and other cyber competitions for his preparedness as well as his involvement on the Cyber Team at The Citadel.

“Being part of the Cyber Team has been a great opportunity. I’ve competed in unique competitions, such as the NCL, and gotten to travel to new places for them. For the NCL, I spend most of my time learning about the topics they’ll quiz me on. There’s always something new to learn,” said Race. “I’d tell any cadet considering getting a degree in cyber to get involved with the Cyber Team and other extracurriculars related to it. These clubs give you another unique and fun aspect of learning.”

Cadet Jacob T. Wood, a sophomore at The Citadel, placed 41st in the is also active in cyber-related extracurricular.

“My favorite part of being on the Cyber Team is working with other people on problem solving, so I enjoy competitions like this. My professors really helped me prepare for the NCL, and although you have to be willing to put in a lot of effort in a major like this, it’s worth it,” said Wood.

The Citadel is ranked 19 out of 470 colleges nationwide in the NCL’s Cyber Power Ranking for fall 2022. These rankings represent the ability of students to preform real-world cybersecurity tasks along with each school’s top performance and individual student performances. The Citadel’s highest scoring team took 39^th place nationwide in the NCL; Cadets Race and Wood were on the team along with four other cadets – Chotipat Metreethummaporn, Nathanael Ling, Jackson All and Kirin Chaplin – as well as graduate…

Source…

Tag Archive for: Success