Tag Archive for: THREATS.

How Can We Reduce Threats From the IABs Market?

/in


Question: How do we keep initial access brokers from selling access to our networks to any ransomware actors who wants it?

Ram Elboim, CEO, Sygnia: As ransomware continues to grow as a cyber threat, new specialization among cybercrime groups has given them an edge on efficiency. One of the fastest-growing areas of specialization involves operators that outsource the job of gaining access to victim networks to initial access brokers (IABs).

At the start of a ransomware attack, an attacker needs initial access to the targeted organization’s network, which is where IABs come in. IABs tend to be lower-tier, opportunistic threat actors that systematically obtain access to organizations — often via phishing or spam campaigns — and then sell that access on underground forums to other actors, including ransomware-as-a-service (RaaS) affiliates. Those affiliates, which constantly need more access to organizations to remain active, increasingly rely on IABs to provide that access.

Also known as access-as-a-service, the ready-made access offered by IABs has become an integral part of the ransomware ecosystem. IABs provide the initial information ransomware groups need for penetration so that operators can quickly target a wider array of victims, access their networks, and move laterally until they gain enough control to launch an attack. It’s an efficient model for perpetuating cybercrime, one that helps to fuel ransomware’s growth.

How IABs Gain Access

IABs generally provide the easiest route to gaining network access, most often via virtual private networks (VPNs) or Remote Desktop Protocol (RDP) technology. Threat actors can exploit some of the many VPN vulnerabilities that researchers have discovered in recent years, or they can scan a network for open RDP ports and follow up with various techniques to obtain login information.

Overall, about two-thirds of the access types put up for sale on the Dark Web are RDP and VPN accounts that enable direct connections to victims’ networks, according to Group-IB’s “Hi-Tech Crime Report.” Citrix access, various Web panels (such as content management systems or cloud solutions), and Web shells on compromised servers are less common. Leaked email…

Source…

New Jersey Takes Stock of Cybersecurity Threats, Protections

/in


There’s a cybersecurity concern that often doesn’t get enough attention, according to New Jersey CISO Michael Geraghty. That’s systemic cybersecurity risk, where an attack on one organization has effects that ripple out across the wider sector.

“Most of the time we think of, let’s say, a school system gets hit with ransomware, a system has to shut down, and it’s a localized incident,” said Geraghty, who is also director of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC).

But attacks like the recent ransomware incident that disrupted Change Healthcare show just how hard systemic impacts can hit. Through that attack, actors were able to affect hospitals across the country.


“Here we have one organization — Change Healthcare — where it’s an individual organization that’s affecting the rest of the health-care system in the United States,” Geraghty said.

UnitedHealth Group’s Change Healthcare is a major medical claims processor. BlackCat ransomware struck the company, leading to a prolonged outage that left many hospitals and other health-care providers struggling to submit claims to insurance. Many have been running low on funds. The CEO of independent physician practices network Aledade told the Washington Post that about a quarter of U.S. physician practices are in severe financial distress.

Systemic risk is especially high in sectors where many players rely on the same vendor or technology. That’s what’s made Change Healthcare, MOVEit and Citrix Bleed nationwide events.

New Jersey organizations suffered from the latter two, with MOVEit compromising the personal info of more than 1 million residents, based on incidents reported to NJCCIC, per the state’s 2024 Threat Assessment report. And Citrix Bleed disrupted New Jersey hospitals, forcing problems ranging from slow patient care to postponed surgeries.

In contrast, election infrastructure is highly diversified, so a single attack would not have wide-scale impacts on election security, Geraghty said. He added that vendor and technology diversification is just one possible security approach, and that organizations…

Source…

Security Threats – Dataset poisoning, 24/7 alert mode and AI – TEISS

/in



Security Threats – Dataset poisoning, 24/7 alert mode and AI  TEISS

Source…

New Malware, Hacker Recruitment, and Global Threats Unveiled

/in


Welcome to this week’s edition of the Cyber Security News Recap, diving into the forefront of cybersecurity advancements and the latest global threats. Our mission is to arm you with the knowledge needed to safeguard your digital landscape. From the recruitment of pentesters by a notorious hacker group to the discovery of innovative malware exploiting telecommunications protocols, we’ve got you covered.

Emerging Threats and Advanced Malware

One of the most concerning developments is the discovery of GTPDOOR, a Linux malware exploiting the GPRS protocol for stealthy command and control (C2) communication. Originating from the LightBasin hacker collective, this malware poses a significant threat to telecommunications networks, allowing attackers to spy on infected devices and exfiltrate sensitive data. Alongside, the Lazarus group’s exploitation of a Windows Kernel 0-day vulnerability in the wild demonstrates the increasing sophistication of cyber-attacks. Additionally, the startling revelation that millions of GitHub repositories have been infected with malicious code underscores the widespread vulnerability of open-source platforms.

Innovations in Cybersecurity Tools and Techniques

Amidst the alarming news, the cybersecurity community continues to innovate. The release of HackerGPT 2.0, a ChatGPT-powered AI tool for ethical hackers, marks a significant advancement in leveraging artificial intelligence for cybersecurity defense. Similarly, the deployment of the Stellar Cyber Open XDR platform by RSM US aims to enhance the security posture of clients by providing comprehensive threat detection and response capabilities. The publication of the NIST Cybersecurity Framework 2.0 offers updated guidelines for improving cybersecurity practices across industries.

Global Responses and Preventative Measures

On the global stage, the Five Eyes agencies’ exposure of Russian APT29 cloud attack tactics highlights the ongoing cyber espionage activities and the need for increased international cooperation in cybersecurity. Furthermore, the FBI and CISA’s warning about the ALPHV Blackcat ransomware targeting hospitals underscores the…

Source…