Tag Archive for: THREATS.

Cybersecurity Threats in Global Satellite Internet

/in


By Gizem Yılmaz, Master Expert Data Analyst, Turkcell Technology

Internet via satellite was first used for military purposes in the 1960s and became available for wide-scale commercial use in the 1990s. Current satellite internet systems typically use low-orbit satellites and provide data transmission at low speeds due to limited bandwidth. Starlink, on the other hand, is a project developed by Elon Musk’s SpaceX company and aims to provide a faster, more reliable and more comprehensive internet experience with low latency and high bandwidth through a high number of low orbit satellites.

The surge in satellite internet usage has opened up a new frontier for cybersecurity threats, ranging from sophisticated hacking attempts to disruptive denial-of-service attacks.

[1] Last year, a security researcher at KU Leuven, Lennert Wouters, unveiled potential vulnerabilities in Starlink satellites, revealing that hackers could exploit hardware weaknesses in ground-based terminals. At the Blackhat Security Conference, Wouters demonstrated the feasibility of a low-cost mod chip, priced at around $25, to execute a “fault injection attack,” bypassing Starlink’s security measures and gaining unauthorized access to its systems. Recently, the Ukrainian Security Service (SBU) issued a warning about a new malware, “Malware 4. STL,” which utilizes a person’s mobile device to remotely gather data on Starlink systems, representing a distinctive threat compared to previous concerns about direct hacking or system disruption.

Hacking Satellites: Vulnerabilities and Risks:

As satellites play a pivotal role in global communication, they become attractive targets for malicious actors seeking to compromise sensitive data or gain unauthorized access. The vulnerabilities in satellite systems can manifest in various ways, from exploiting software vulnerabilities in ground control systems to physically tampering with the satellite hardware. Potential risks associated with satellite hacking include unauthorized access to sensitive data, manipulation of satellite functions, and disruption of communication services. Attackers may exploit vulnerabilities in satellite systems, ranging from software…

Source…

Deepfakes, Ransomware Identified As Imminent Threats For 2024 In India: Report

/in


(MENAFN– IANS) New Delhi, March 22 (IANS) Artificial Intelligence (AI)-generated deepfakes, multi-factor authentication (MFA) fatigue attacks, and complex ransomware incidents are identified as imminent threats for 2024 in India that require urgent attention, a new report said on Friday.

Looking ahead to 2024, Seqrite, the enterprise arm of global cybersecurity solutions provider Quick Heal, anticipated emerging challenges that demand vigilance and strategic preparedness.

“With the rise of AI-powered threats like BlackMamba and the prevalence of Living off the Land attacks, Chief Information Security Officers (CISOs) must adopt advanced evasion techniques and heightened defences to combat evolving threats effectively,” the experts said.

According to the report, the upcoming 2024 elections are poised to attract phishing attacks exploiting political interests, while supply chain vulnerabilities underscore the need for collaborative cybersecurity efforts between the public and private sectors.

Moreover, the report emphasised the importance of implementing resilient strategies to mitigate ransomware threats through practices such as regular data backups, network segmentation, and prompt isolation of affected systems.

“CISOs are encouraged to maintain vigilance regarding evolving cyber regulations and compliance standards, aligning security policies accordingly to ensure continual compliance and resilience,” the experts stated.

Further, the report highlighted the significance of embracing emerging technologies like AI, quantum computing, and IoT (Internet of Things), while remaining cognizant of the associated cybersecurity risks.

It also underscored the importance of fostering collaborative relationships among CISOs and security professionals to collectively enhance organisations’ cybersecurity posture and response capabilities.

MENAFN22032024000231011071ID1108010495


Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses,…

Source…

How Can We Reduce Threats From the IABs Market?

/in


Question: How do we keep initial access brokers from selling access to our networks to any ransomware actors who wants it?

Ram Elboim, CEO, Sygnia: As ransomware continues to grow as a cyber threat, new specialization among cybercrime groups has given them an edge on efficiency. One of the fastest-growing areas of specialization involves operators that outsource the job of gaining access to victim networks to initial access brokers (IABs).

At the start of a ransomware attack, an attacker needs initial access to the targeted organization’s network, which is where IABs come in. IABs tend to be lower-tier, opportunistic threat actors that systematically obtain access to organizations — often via phishing or spam campaigns — and then sell that access on underground forums to other actors, including ransomware-as-a-service (RaaS) affiliates. Those affiliates, which constantly need more access to organizations to remain active, increasingly rely on IABs to provide that access.

Also known as access-as-a-service, the ready-made access offered by IABs has become an integral part of the ransomware ecosystem. IABs provide the initial information ransomware groups need for penetration so that operators can quickly target a wider array of victims, access their networks, and move laterally until they gain enough control to launch an attack. It’s an efficient model for perpetuating cybercrime, one that helps to fuel ransomware’s growth.

How IABs Gain Access

IABs generally provide the easiest route to gaining network access, most often via virtual private networks (VPNs) or Remote Desktop Protocol (RDP) technology. Threat actors can exploit some of the many VPN vulnerabilities that researchers have discovered in recent years, or they can scan a network for open RDP ports and follow up with various techniques to obtain login information.

Overall, about two-thirds of the access types put up for sale on the Dark Web are RDP and VPN accounts that enable direct connections to victims’ networks, according to Group-IB’s “Hi-Tech Crime Report.” Citrix access, various Web panels (such as content management systems or cloud solutions), and Web shells on compromised servers are less common. Leaked email…

Source…

New Jersey Takes Stock of Cybersecurity Threats, Protections

/in


There’s a cybersecurity concern that often doesn’t get enough attention, according to New Jersey CISO Michael Geraghty. That’s systemic cybersecurity risk, where an attack on one organization has effects that ripple out across the wider sector.

“Most of the time we think of, let’s say, a school system gets hit with ransomware, a system has to shut down, and it’s a localized incident,” said Geraghty, who is also director of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).

But attacks like the recent ransomware incident that disrupted Change Healthcare show just how hard systemic impacts can hit. Through that attack, actors were able to affect hospitals across the country.


“Here we have one organization — Change Healthcare — where it’s an individual organization that’s affecting the rest of the health-care system in the United States,” Geraghty said.

UnitedHealth Group’s Change Healthcare is a major medical claims processor. BlackCat ransomware struck the company, leading to a prolonged outage that left many hospitals and other health-care providers struggling to submit claims to insurance. Many have been running low on funds. The CEO of independent physician practices network Aledade told the Washington Post that about a quarter of U.S. physician practices are in severe financial distress.

Systemic risk is especially high in sectors where many players rely on the same vendor or technology. That’s what’s made Change Healthcare, MOVEit and Citrix Bleed nationwide events.

New Jersey organizations suffered from the latter two, with MOVEit compromising the personal info of more than 1 million residents, based on incidents reported to NJCCIC, per the state’s 2024 Threat Assessment report. And Citrix Bleed disrupted New Jersey hospitals, forcing problems ranging from slow patient care to postponed surgeries.

In contrast, election infrastructure is highly diversified, so a single attack would not have wide-scale impacts on election security, Geraghty said. He added that vendor and technology diversification is just one possible security approach, and that organizations…

Source…