Tag Archive for: Top

LockBit Remains Top Global Ransomware Threat

/in


The LockBit ransomware strain continues to be the primary digital extortion threat to all regions, and almost all industries globally, according to a report by ZeroFox.

Researchers found that LockBit was leveraged in more than a quarter of global ransomware and digital extortion (R&DE) attacks in the seven quarters analyzed from January 2022 to September 2023.

This includes 30% of all R&DE attacks in Europe and 25% in North America during the period.

However, ZeroFox said that the overall proportion of attacks that LockBit accounts for is on a downward trajectory. This is likely due to increasing diversification of the R&DE landscape, with ransomware-as-a-service (RaaS) offerings lowering the barriers to entry for threat actors.

LockBit Trends in North America

The researchers noted that historically LockBit has been consistently under-deployed in attacks against North America compared to other regions, such as Europe. An average of 40% of LockBit victims were based in North America, but there is evidence this is on an upward trajectory, expected to reach 50% by the end of 2023.

The industries most frequently targeted by LockBit in North America between January 2022 and September 2023 were manufacturing, construction, retail, legal & consulting and healthcare.

Meanwhile, LockBit made up 43.41% of R&DE attacks in Europe in Q1 2022, but decreased to 28.48% in the final quarter of the period, Q3 2023.

LockBit Intrusion Vectors

Due to the wide range of LockBit operators, a variety of intrusion methods have been used to deploy the payload.

The primary techniques identified were:

  • Exploiting Internet-Facing Applications. These were primarily a range of remote code execution and privilege escalation vulnerabilities.
  • Phishing. LockBit affiliates leveraged a variety of phishing lures to access victims’ networks, including attaching malicious documents and fraudulent resume and copyright-related emails.
  • External Remote Services. Threat actors leverage legitimate user credentials obtained via credential harvesting to access external-facing remote working services.
  • Drive-by Compromise. Operators have been observed accessing systems via a user visiting a website, often targeting…

Source…

Our top password managers of 2023 are virtually hacker-proof

/in


Here’s something to keep in mind the next time you need to set a password. Make it at least 15 characters, use a variety of upper and lowercase letters and symbols, and get yourself a password manager to save it in. 

A password manager is a reliable app that can help to store all of your passwords. It’s just good common sense to have a secure place to keep all of the passwords you use on a regular basis so that no one can get their hands on them and start messing about with your personal data. No one wants their identity or sensitive information stolen, after all. 

Password managers are affordable, easy to use, and versatile. All you need to do is enter all of your passwords into one when you decide which one to use, and go from there. You only have to remember one, and the program can do all the rest for you. 

What is a password manager, though? It’s not that complicated. It’s essentially a digital vault to store all the passwords and more, like your regularly used payment options, IDs, and other bits of personal information you might need to routinely use online. It’s also one of the most surefire ways you can avoid using that dreaded “Forgot Password” link to start the whole process of recovering the password you forgot. When you subscribe to a manager like Dashlane, 1Password, or NordPass, you get the peace of mind of knowing that once you have your master password entered, all the rest of them will come with it. 

Which password manager is right for you, though? To find out which one you should go with, you should take a look at the unique features each one provides. In fact, consider multiple aspects of each manager when making your decision, like the features each one offers, the companies behind them, and most certainly their data encryption policies. Of course, you should also consider the pricing of each company’s app, too. While there are free password manager options, they aren’t always necessarily the best.

If you’re busy, though, like the rest of us, you probably don’t have the time to sift through every single feature and password manager out there. We’ve taken care of the hard part already, so sit back, relax, and get ready to read. We took it upon ourselves to…

Source…

Top US Cyber Agency Pushing Toward First Hack Reporting Rule

/in


A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises.

Among the first-ever cyber regulations to be enforced by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the top US cyber authority, the proposed rules would require companies in 16 critical infrastructure sectors—including healthcare, energy, and finance—to report security incidents within three days and ransomware payments in 24 hours.

CISA’s proposed rule is part of a US effort to shore up defenses against the increasingly disruptive attacks of cyber criminals and nation-backed hacking groups, while simultaneously streamlining overlapping and inconsistent breach-notification reporting requirements across sectors. The rule would nudge companies toward new hiring and staff retraining, and push general counsel toward more active cybersecurity responsibilities.

The Biden administration set December 2025 as the deadline for the final rule, which was mandated in the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

“One glaring challenge has been our cyber incident reporting system, which has recently been revealed as a bureaucratic maze,” said Jackie Singh, a consultant who was a senior cybersecurity staffer in the Biden campaign. “With over 50 disparate reporting channels scattered across numerous government entities, this broken system represents a potential Achilles’ heel. Agility is key to withstand cyber threats in a resilient manner; convoluted reporting structures don’t fit into what we commonly think of as ‘agile.’”

Companies only compound cyber threats when they delay reporting information that could protect other companies or national security, Singh said.

The agency’s new rule is designed to encourage greater visibility into cyber incidents with security implications beyond a single company, so information submitted in the breach reports is guaranteed certain protections.

Chief among those: local, state, and federal governments can’t use the information in the reports to regulate a company providing notice, unless…

Source…

Our top password managers of 2023 will break a hacker’s heart

/in


Let’s face it: Most people make their passwords … and then forget them. Or they make insecure passwords that others can easily guess. 

No matter the password indiscretion, it’s terrible for personal security. You should have a reliable place to store all of your passwords. And that doesn’t mean keeping a logbook of everything you need to remember. If someone happened to get a hold of your passwords because of the low-effort way you’ve stored it, that could spell disaster for your personal information and identity. 

But don’t worry. There’s a very simple solution: a password manager. These apps are affordable for just about any internet user, and you only have to enter your password one time. The app can take it from there. 

What is a password manager? It’s about to be your new best friend. Put simply, it’s a digital vault to store all the passwords you need to access, whether it’s a daily login for your home office or a password to get to your Instagram account. And it’s a great way to not have to hit that annoying “Forgot Password” link every time you want to log in somewhere. You’re never far from your passwords when you use a manager like Dashlane, 1Password, or NordPass. Enter your master password, and you’re good to go.


But how do you know which password manager is worth your time? There are some features you’ll want to keep in mind. Before you commit to one, keep in mind that the variety of features each one offers, the companies that created them, as well as their data encryption policies. There’s no doubt you’ll keep an eye on their pricing options. 


You probably don’t even have the time to do the research needed to choose a password manager on your own. So we’ve done every bit of that for you. We’ve selected some of the best password managers on the market that you can choose from right now, with excellent free options and even better premium tiers that you’ll be thrilled to log in to every day. They’ll give you both security and peace of mind, and all for a few dollars a month. 


Below, find 10 of our favorite options for the best password managers in 2023. 




1Password




      1Password

Source…