Meanwhile, a recent industry report shows a 50% year-over-year increase in DDoS attacks during the first quarter of 2024. Why does DDoS remain such a potent and common threat? On the surface, the way DDoS attacks work seems to be a straightforward problem to solve, since their main goal is simply to overwhelm servers or network resources with illegitimate requests. However, the problem is more complex than it appears.
DDoS attacks evolve and find ways to evade existing detection and prevention solutions. Also, the way organizations use anti-DDoS tools impacts the effectiveness of their defenses. On the other hand, the growing sophistication of attacks cannot be an excuse for failing to address the DDoS threat. After all, leading DDoS protection services also evolve.
Here are three of the crucial reasons why enterprises continue to struggle when it comes to dealing with denial-of-service attacks.
Security firms work ceaselessly to counter the rise of new threats including new DDoS strategies. The leading DDoS protection services come with everything necessary to detect and prevent advanced DDoS attacks – including those that use multiple vectors, IoT botnets, dynamic IP addresses, short-burst attacks, and encrypted attacks. However, many organizations fail to deploy the right defenses. Worse, a considerable number of them maintain a false sense of protection.
One study shows that nearly 56% of the protection faults discovered by DDoS solutions are classified as critical, while around 12% are considered severe. No DDoS protection solution can ever be perfect, but it is alarming to learn that an overwhelming majority of their flaws are critical or severe. There is a need for organizations to revisit the defenses they have in place and consider switching to options that deliver better outcomes.
The right DDoS solution should have robust detection and mitigation capabilities. It should be able to analyze traffic in real-time, identify multi-vector attacks, analyze activity or behavioral patterns, and accurately distinguish legitimate traffic from malicious ones. In terms of mitigation, it should be backed by high-capacity scrubbing centers to absorb and sanitize huge amounts of traffic without becoming overwhelmed. It should also come with blackholing and rate-limiting functions to effectively block malicious traffic as well as automatic mitigation to minimize downtime.
Moreover, it is important for a DDoS solution to have elastic capacities, to handle even the largest DDoS attacks. It is important to be flexible in handling an attack and be scalable to meet the changing needs of a growing organization. Additionally, it helps to have a global network infrastructure to ensure rapid and efficient mitigation regardless of the origin of the DDoS traffic.
DDoS protection is not cheap. There are no adequately effective freeware options for it. Defending against DDoS requires active servers to handle web traffic whenever attacks are encountered.
The detection part may be addressed by free solutions, but mitigation is an entirely different challenge. There are no free services for traffic scrubbing and cleaning. The “free” services being offered by some providers are extremely limited – designed only to compel organizations to pay their way into the premium or enterprise version of the service.
In contrast, DDoS perpetrators have the advantage of launching their attacks with minimal cost. Darknet prices for DDoS-as-a-service packages cost as low as $5 per hour or $30 per day. It is not necessary to undergo any training or learn a skill to deploy DDoS against a target. However, perpetrators can reduce the cost of an attack even further by creating their own malware. A multitude of basic DDoS attack scripts are readily available online.
Attackers might also employ social engineering tricks to direct large amounts of traffic or requests to a website or app with limited bandwidth or network resources. Additionally, attackers can use free tools to build botnets. This entails infecting a massive number of devices, mobile and IoT devices in particular, to make them overwhelm servers with incessant requests or traffic.
There is a massive divergence between the cost of launching a DDoS attack and the cost of defending against it. Organizations have limited resources to sustain defenses, but threat actors have an abundance of free tools and resources to stage attacks. In this sense, it is understandable why many organizations cannot keep up with DDoS attacks.
DDoS solutions cannot be fully foolproof, but their vulnerabilities can be significantly worsened by misconfigurations. One example is the failure to update denylists, which leads to either the inability to detect anomalous traffic or the blocking of legitimate traffic. The faulty tuning of rate-limiting thresholds can impair the effectiveness of DDoS solutions, as it can also lead to erroneously allowing malicious traffic or the restriction of legitimate website visits.
Additionally, automation in DDoS defenses can go awry. If automation parameters are not properly set, the effects may mean more harm than good. Automatic mitigation systems need to be carefully fine-tuned to make sure that they yield minimal false positives and do not lead to unnecessary and costly interruptions. It is also possible for automatic DDoS response systems to become entirely unresponsive because of mistakes in the configuration.
On the other hand, the integration of DDoS tools with the rest of a company’s cybersecurity tech stack may also be problematic. Communication gaps between tools may exist, resulting in the lack of real-time information to enable timely and accurate security decisions.
It is important to perform sufficient system testing and monitoring, to make sure that everything works as intended. Configuration issues may appear minimal, but their impact can mean the considerable degradation of threat detection and mitigation.
DDoS continues to be a major threat in the current IT landscape because of three main reasons: the failure to choose the right protection solution, the inability to allocate enough resources for protection, and human errors. If it’s not obvious enough, all of these factors eventually come down to human decisions.
]]>In a groundbreaking move set to redefine the landscape of cybersecurity, IBM and Palo Alto Networks have announced a strategic partnership aimed at leveraging the power of artificial intelligence to bolster security measures across the globe. This alliance, which brings together the advanced AI capabilities of IBM’s Watson and the robust security solutions of Palo Alto Networks, marks a significant step forward in the ongoing battle against cyber threats.
“This partnership represents a monumental shift in how we approach cybersecurity,” said Arvind Krishna, CEO of IBM. “By combining our strengths, we can offer a comprehensive, AI-driven security platform that is unparalleled in the industry.” This collaboration is expected to provide enhanced threat detection and response capabilities, utilizing AI to predict and mitigate cyber threats more efficiently than ever before.
Nikesh Arora, CEO of Palo Alto Networks, echoed Krishna’s sentiments, emphasizing the transformative potential of the partnership. “This is a historic day for our companies and our customers. Together, we are setting a new standard in cybersecurity,” he said. “Our combined expertise and innovative technologies will enable us to deliver superior security solutions that are both scalable and highly effective.”
The integration of IBM’s Watson AI with Palo Alto Networks’ security platforms is poised to deliver significant advancements in threat intelligence, incident response, and overall security management. “The synergy between our AI capabilities and Palo Alto’s security solutions will create a formidable defense against cyber threats,” Krishna added. “We are committed to pushing the boundaries of what’s possible in cybersecurity.”
As the digital landscape continues to evolve, the need for robust, AI-enhanced security solutions has never been greater. This partnership is not only a strategic business move but also a response to the escalating complexity and sophistication of cyber threats facing organizations today. “Our goal is to provide our customers with the most advanced security tools available, ensuring they can protect their data and operations in an increasingly digital world,” said Arora.
With regulatory approvals expected by October, the partnership between IBM and Palo Alto Networks is set to usher in a new era of cybersecurity, characterized by unprecedented levels of innovation and collaboration. “We are excited about the future and the possibilities this partnership brings,” concluded Krishna. “Together, we will redefine the standards of cybersecurity and set a new benchmark for the industry.”
The partnership between IBM and Palo Alto Networks signifies more than just a business collaboration; it represents a strategic alignment aimed at redefining cybersecurity for the AI era. By integrating their extensive portfolios, both companies aim to address the increasing sophistication of cyber threats through advanced AI-driven solutions.
Creating a Comprehensive Security Solution
Nikesh Arora highlighted the comprehensive nature of the agreement, stating, “We are not just combining products; we are creating an integrated ecosystem that leverages the best of what both companies have to offer. This will enable us to provide a seamless and highly effective security solution to our customers.”
This integrated ecosystem will see IBM incorporating Palo Alto Networks’ entire security portfolio, including its highly regarded Cortex XSIAM platform. The collaboration will enhance IBM’s capabilities in threat detection, prevention, and response, providing a more robust defense against cyber attacks. “The goal is to create a unified platform that can anticipate and neutralize threats before they cause significant damage,” Arora explained.
Leveraging AI for Enhanced Security
Arvind Krishna emphasized the transformative role of AI in their joint efforts. “AI is at the heart of this partnership. By leveraging AI, we can significantly improve our ability to detect and respond to threats in real time. This is crucial as cyber threats become more sophisticated and faster,” he said.
IBM’s Watson X, an advanced AI platform, will be integrated with Palo Alto Networks’ security systems to provide enhanced analytical capabilities. This integration aims to reduce the time it takes to identify and mitigate threats, thus minimizing potential damage. “AI allows us to automate many of the processes that were previously done manually, increasing efficiency and effectiveness,” Krishna added.
A Historic Milestone
For both companies, this partnership marks a historic milestone. Arora reflected on the journey leading up to the agreement: “This has been almost a year in the making. Arvind and I, along with our teams, have worked tirelessly to bring this vision to life. Today, we are not just announcing a partnership; we are setting a new standard in cybersecurity.”
The strategic alignment is expected to yield significant benefits for both companies, expanding their market reach and enhancing their product offerings. IBM will adopt Palo Alto Networks’ security solutions internally, showcasing their confidence in the capabilities of the partnership. “Our internal adoption of these solutions is a testament to our belief in their efficacy. We are committed to leading by example,” Krishna noted.
Historic day, exciting times. https://t.co/q3AaCsqH7j
— Nikesh Arora (@nikesharora) May 15, 2024
Industry Impact and Future Prospects
The partnership is poised to have a far-reaching impact on the cybersecurity industry. By combining their strengths, IBM and Palo Alto Networks aim to offer unparalleled protection to their clients, addressing the complex challenges posed by modern cyber threats. Arora emphasized the broader industry implications: “This partnership is not just about us. It’s about raising the bar for the entire industry and ensuring that organizations are better protected against cyber threats.”
Looking ahead, both CEOs expressed optimism about the future of their collaboration. “We are just getting started,” Krishna said. “There is immense potential for growth and innovation as we continue to integrate our technologies and expand our offerings.”
In conclusion, the strategic alignment between IBM and Palo Alto Networks represents a significant advancement in the field of cybersecurity. By leveraging their combined expertise and the power of AI, both companies are well-positioned to lead the industry in delivering comprehensive, effective, and innovative security solutions. This partnership not only strengthens their market positions but also sets a new benchmark for the future of cybersecurity.
The collaboration between IBM and Palo Alto Networks aims to revolutionize cybersecurity by leveraging the transformative power of artificial intelligence. With cyber threats becoming increasingly sophisticated, the integration of AI into security operations is seen as a critical step in enhancing threat detection, response, and mitigation.
AI-Driven Threat Detection
Arvind Krishna underscored the importance of AI in modern cybersecurity strategies: “AI allows us to analyze vast amounts of data in real time, identifying patterns and anomalies that would be impossible for humans to detect. This capability is essential in staying ahead of cyber threats that are constantly evolving.”
The use of AI in threat detection enables faster and more accurate identification of potential attacks. By integrating IBM’s Watson X with Palo Alto Networks’ Cortex XSIAM platform, the partnership aims to provide clients with advanced threat intelligence and automated responses. “With AI, we can reduce the time it takes to detect a threat from hours or days to mere seconds,” Krishna explained. “This speed is crucial in preventing breaches and minimizing damage.”
Automated Response and Mitigation
Nikesh Arora highlighted the role of AI in automating response actions: “Automation is key in cybersecurity. It allows us to respond to threats instantly, without waiting for human intervention. This not only speeds up the response time but also ensures consistency and accuracy in how threats are handled.”
The integration of AI-driven automation within their security platforms is expected to enhance the overall efficiency of security operations. “Our systems can automatically isolate affected systems, block malicious traffic, and initiate remediation processes without delay,” Arora added. “This level of automation is essential in managing the sheer volume and complexity of modern cyber threats.”
Advanced Analytics and Predictive Capabilities
Another significant advantage of AI in cybersecurity is its ability to provide advanced analytics and predictive insights. By analyzing historical data and current threat landscapes, AI can predict potential attack vectors and vulnerabilities. “AI gives us the ability to anticipate threats before they occur,” Krishna noted. “This predictive capability is invaluable in developing proactive security measures and staying one step ahead of attackers.”
The partnership’s focus on AI-driven analytics aims to equip organizations with the tools they need to protect their assets effectively. “Our goal is to provide our clients with a comprehensive understanding of their security posture and the potential risks they face,” Arora said. “With AI, we can deliver insights that were previously unattainable, enabling better decision-making and more robust security strategies.”
Transforming Security Operations
Ultimately, the integration of AI into cybersecurity operations is expected to transform how organizations approach security. By combining the strengths of IBM and Palo Alto Networks, the partnership aims to set a new standard for AI-powered security solutions. “This partnership is about more than just technology,” Krishna emphasized. “It’s about transforming the way we think about and approach cybersecurity. Together, we are creating solutions that are not only powerful but also adaptable to the ever-changing threat landscape.”
Arora echoed this sentiment, stating, “The future of cybersecurity lies in the intelligent use of AI. Our collaboration with IBM represents a significant step towards realizing this vision. We are committed to delivering innovative, AI-powered security solutions that protect our clients and drive the industry forward.”
In conclusion, the partnership between IBM and Palo Alto Networks represents a bold move towards enhancing cybersecurity through the strategic use of AI. By leveraging advanced AI-driven threat detection, automated response capabilities, and predictive analytics, the collaboration aims to provide unparalleled protection against the increasingly complex and sophisticated cyber threats of today and tomorrow.
The cybersecurity landscape is fraught with challenges, from the ever-evolving tactics of cybercriminals to the sheer volume of data that needs protection. The partnership between IBM and Palo Alto Networks is designed to tackle these challenges head-on, leveraging their combined expertise and resources to create more robust and resilient security solutions.
Combating Evolving Threats
Arvind Krishna highlighted the dynamic nature of cyber threats and the need for adaptive security measures. “Cyber threats are constantly changing, becoming more sophisticated and harder to detect. Our collaboration with Palo Alto Networks allows us to stay ahead of these threats by combining our strengths in AI and cybersecurity,” he said.
Nikesh Arora added that the integration of AI is crucial in this battle. “AI is the game-changer here. It enables us to detect patterns and anomalies that traditional methods might miss. By incorporating AI into our security operations, we can anticipate and respond to threats more effectively,” he noted.
Handling Data Overload
One of the significant challenges in cybersecurity is managing and analyzing the vast amounts of data generated by modern digital environments. IBM’s watsonx platform, combined with Palo Alto Networks’ Cortex XSIAM, aims to address this issue by providing advanced data analysis capabilities. “Our platforms are designed to handle large-scale data analytics, making it easier for organizations to identify potential threats and vulnerabilities,” Krishna explained.
Arora emphasized the importance of real-time data processing in preventing cyberattacks. “In cybersecurity, timing is everything. The ability to process and analyze data in real-time allows us to respond to threats as they emerge, rather than after the fact. This proactive approach is essential in today’s fast-paced digital world,” he said.
Enhancing Security Posture
Improving an organization’s overall security posture is another key goal of the partnership. By offering comprehensive security solutions that integrate seamlessly, IBM and Palo Alto Networks aim to provide organizations with a unified approach to cybersecurity. “Our joint solutions are designed to work together, providing a cohesive security strategy that covers all aspects of an organization’s digital environment,” Arora explained.
Krishna also pointed out the importance of customization and scalability in their offerings. “Every organization has unique security needs. Our solutions are highly customizable and scalable, allowing businesses to tailor their security measures to their specific requirements. This flexibility is crucial in addressing the diverse challenges faced by different industries,” he said.
Training and Support
Addressing cybersecurity challenges also involves ensuring that organizations have the right expertise and support. As part of their partnership, IBM and Palo Alto Networks are committed to providing extensive training and resources to their clients. “We are not just providing technology; we are also investing in the training and development of our clients’ security teams,” Krishna said. “This includes over 1,000 IBM security consultants who will be trained on Palo Alto Networks’ platforms to ensure seamless adoption and implementation.”
Arora echoed the importance of education and support. “Effective cybersecurity requires a combination of advanced technology and skilled professionals. By offering comprehensive training and support, we empower organizations to make the most of our security solutions and enhance their overall security posture,” he stated.
Future-Proofing Security
Finally, the partnership aims to future-proof cybersecurity strategies by continuously innovating and adapting to new challenges. “Cybersecurity is not a one-time effort; it’s an ongoing process. Our collaboration with IBM ensures that we are constantly evolving and improving our solutions to meet the demands of the future,” Arora said.
Krishna concluded, “This partnership represents a significant step forward in the fight against cyber threats. By combining our strengths and focusing on innovation, we are well-positioned to help organizations navigate the complex and ever-changing cybersecurity landscape.”
Through their strategic alliance, IBM and Palo Alto Networks are not only addressing current cybersecurity challenges but also paving the way for a more secure and resilient digital future.
The partnership between IBM and Palo Alto Networks is set to expand both companies’ capabilities and market reach significantly, leveraging their complementary strengths to offer more comprehensive and integrated security solutions. This collaboration is expected to accelerate innovation and provide new opportunities for both companies in the cybersecurity market.
Integration of Advanced Technologies
One of the key aspects of this partnership is the integration of advanced technologies from both companies. IBM’s watsonx platform and Palo Alto Networks’ Cortex XSIAM will combine to offer unparalleled security solutions. Arvind Krishna emphasized the significance of this integration: “By bringing together our AI capabilities with Palo Alto Networks’ advanced threat detection and response technologies, we are creating a powerful security ecosystem that can address the most complex challenges faced by our clients.”
Nikesh Arora highlighted the potential of AI in enhancing cybersecurity measures. “The integration of watsonx with Cortex XSIAM allows us to leverage AI in ways that were previously unimaginable. This combination not only enhances our threat detection capabilities but also enables us to provide more precise and effective security solutions,” he said.
Reaching New Markets
The partnership also aims to expand the market reach of both companies by tapping into new customer segments and geographical regions. IBM’s extensive global presence and Palo Alto Networks’ leading cybersecurity solutions create a powerful synergy that can drive growth in untapped markets. “Our collaboration with IBM allows us to reach new customers and markets that were previously beyond our reach. This partnership provides us with the resources and expertise needed to expand our footprint and deliver our solutions to a wider audience,” Arora explained.
Krishna added, “IBM’s global network and market expertise, combined with Palo Alto Networks’ innovative security solutions, enable us to offer a comprehensive range of services to clients worldwide. This partnership is about expanding our capabilities and reaching new markets to better serve our clients’ needs.”
Palo Alto Networks @IBM
We’re excited to announce our expanded partnership with IBM to deliver AI-powered security and consulting services across platforms.
What does this mean? Details pic.twitter.com/ZXovG07Gjd
— Palo Alto Networks (@PaloAltoNtwks) May 15, 2024
Strengthening Customer Relationships
Strengthening customer relationships is another critical goal of the partnership. By offering integrated solutions and seamless customer support, IBM and Palo Alto Networks aim to enhance customer satisfaction and loyalty. “Our joint efforts are focused on providing a superior customer experience. By integrating our technologies and offering comprehensive support, we can ensure that our clients receive the best possible service,” Krishna said.
Arora emphasized the importance of trust and reliability in cybersecurity. “In the world of cybersecurity, trust is paramount. Our partnership with IBM allows us to build stronger relationships with our customers by offering reliable, integrated solutions that they can depend on. This collaboration is about creating long-term value for our clients,” he stated.
Driving Innovation and Growth
The partnership between IBM and Palo Alto Networks is also expected to drive innovation and growth in the cybersecurity industry. By pooling their resources and expertise, the companies can develop new technologies and solutions that address emerging threats and challenges. “Innovation is at the heart of our partnership. Together with IBM, we are committed to pushing the boundaries of what is possible in cybersecurity. This collaboration allows us to innovate at a faster pace and bring new solutions to market more quickly,” Arora said.
Krishna echoed this sentiment, highlighting the potential for growth. “Our partnership with Palo Alto Networks positions us at the forefront of cybersecurity innovation. By working together, we can accelerate our growth and deliver cutting-edge solutions that help our clients stay ahead of the curve,” he said.
Through this strategic alliance, IBM and Palo Alto Networks are not only expanding their capabilities and market reach but also setting the stage for future growth and innovation in the cybersecurity industry. The partnership represents a significant step forward in the fight against cyber threats, offering a comprehensive and integrated approach that is poised to redefine the landscape of cybersecurity.
The proliferation of SaaS applications has transformed how businesses operate. Their ease of use and accessibility are undeniable advantages. However, this very ease can create security vulnerabilities. Employees can readily connect various SaaS applications, potentially bypassing established security protocols and creating a “shadow IT” network. This network operates outside the IT department’s control, increasing the risk of data breaches and unauthorized access.
Furthermore, the rise of negligent insider incidents adds another layer of complexity. These incidents involve unintentional data leaks or lax security practices by authorized users. Imagine a marketing team member or any other employee uploading customer data to a public cloud storage platform for easy access by collaborators, completely unaware of the security risks involved.
The increasing prevalence of both shadow IT and negligent insider behavior necessitates a proactive approach to mitigating insider threats.
Insider threats come in two main forms:
In today’s SaaS-driven landscape, robust security tools are crucial for mitigating insider threats. SSPM emerges as a powerful solution. It’s a cloud-based, automated security platform specifically designed to secure your SaaS environment. Here’s how SSPM helps you combat insider threats:
By automating security tasks, providing comprehensive visibility into your SaaS environment, and offering tools to streamline user access and offboarding, SSPM empowers you to proactively manage insider threats. However, a truly comprehensive security strategy goes beyond technology. Incorporating SSPM alongside user education and strong security policies is essential for protecting your organization’s data and resources in the ever-evolving world of SaaS. This multi-layered approach can significantly reduce the risk of insider threats and improve your organization’s overall cybersecurity posture.
]]>Charlie Bell, EVP of Microsoft Security, pointed out the company’s recent Secure Future Initiative (SFI) that it rolled out last November, saying the company must do more given its role in the world’s digital ecosystem.
Microsoft plays a central role in the world’s digital ecosystem, and this comes with a critical responsibility to earn and maintain trust. We must and will do more.
We are making security our top priority at Microsoft, above all else—over all other features. We’re expanding the scope of SFI, integrating the recent recommendations from the CSRB as well as our learnings from Midnight Blizzard to ensure that our cybersecurity approach remains robust and adaptive to the evolving threat landscape.
Bell says that everything Microsoft does moving forward will be based on three key principles:
- Secure by design: Security comes first when designing any product or service.
- Secure by default: Security protections are enabled and enforced by default, require no extra effort, and are not optional.
- Secure operations: Security controls and monitoring will continuously be improved to meet current and future threats.
Bell then outlines six prioritized security pillars, including protecting identities and secrets; protect tenants and isolate production systems; protect networks; protect engineering systems; monitor and detect threats; and accelerate response and remediation.
We are delivering on these goals through a new level of coordination with a new operating model that aligns leaders and teams to the six SFI pillars, in order to drive security holistically and break down traditional silos. The pillar leaders are working across engineering Executive Vice Presidents (EVPs) to drive integrated, cross-company engineering execution, doing this work in waves. These engineering waves involve teams across Microsoft Azure, Windows, Microsoft 365, and Security, with additional product teams integrating into the process weekly.
Bell emphasized the importance of existing standards, or paved paths, that “significantly improves the developer or operations experience or security, quality, or compliance.”
Notably, Microsoft is instituting new governance in an effort to hold the entire company accountable and ensure teams are putting security first:
We are also taking major steps to elevate security governance, including several organizational changes and additional oversight, controls, and reporting.
Microsoft is implementing a new security governance framework spearheaded by the Chief Information Security Officer (CISO). This framework introduces a partnership between engineering teams and newly formed Deputy CISOs, collectively responsible for overseeing SFI, managing risks, and reporting progress directly to the Senior Leadership Team. Progress will be reviewed weekly with this executive forum and quarterly with our Board of Directors.
Finally, given the importance of threat intelligence, we are bringing the full breadth of nation-state actor and threat hunting capabilities into the CISO organization.
Bell acknowledged that one of the biggest challenges is building a culture that puts security first, outlining how the company is doing this, and the importance of Microsoft earning the trust so many organizations have place in it.
Culture can only be reinforced through our daily behaviors. Security is a team sport and is best realized when organizational boundaries are overcome. The engineering EVPs, in close coordination with SFI pillar leaders, are holding broadscale weekly and monthly operational meetings that include all levels of management and senior individual contributors. These meetings work on detailed execution and continuous improvement of security in context with what we collectively deliver to customers. Through this process of bottom-to-top and end-to-end problem solving, security thinking is ingrained in our daily behaviors.
Ultimately, Microsoft runs on trust and this trust must be earned and maintained. As a global provider of software, infrastructure, and cloud services, we feel a deep responsibility to do our part to keep the world safe and secure. Our promise is to continually improve and adapt to the evolving needs of cybersecurity. This is job number one for us.
Much of Bell’s post seems a direct response to the Cyber Safety Review Board’s conclusion, in which it said:
The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.
Similarly, Senator Ron Wyden called out Microsoft “for its negligent cybersecurity practices.”
The company seems to realize it has played fast and loose with cybersecurity for far too long and must work hard to regain the trust it has lost. Only time will tell if Microsoft can deliver on its promise.
]]>Crypto crime has its own set of hurdles that are caused by the mainstream blockchain system which is anonymous and decentralized. Regular fraud investigation methods aimed at duplicated events, smothering systems and manual checking may simply not be able to effectively distinguish complex crypto-investment schemes in the process to buy Bitcoin, based on the anonymity of Bitcoin transactions. Failure to address Bitcoin scams also leads to the financial loss of individual people in addition to harming the cryptocurrency industry which makes its widespread adoption unlikely.
Artificial Intelligence (AI) such as Machine Learning and Natural Language Processing are viable options for software specialized in the prevention of Bitcoin fraud. These tools can distinguish relevant data sets from a wide range of sources, including for instance transaction databases and social media, so that the patterns of activity that indicate fraudulent activity will emerge. One of the major benefits of machine learning algorithms is fraud pattern recognition and timely responsiveness to modern-day threats. This can reshape anti-fraud activities in the Bitcoin ecosystem becoming rather revolutionary.
Increasingly, different AI-based strategies and instruments have been specially designed to stem fraud or scams related to Bitcoin. For instance, there are encryption technologies, blockchain analytics tools, and transaction monitoring systems among others that rely on AI algorithms to analyze transaction data and flag suspicious behaviors. This plowing through the judicial stream follows the contrail of the money on the blockchain, assisting law enforcement agencies in the apprehension and recovery of ill-gotten assets.
Fraud detection, which is AI-powered, has numerous benefits that include: improved accuracy, enhanced efficiency, and scalability. Machine learning algorithms help quick detection of various minute frauds earlier than before due to their ability to touch tremendous volumes of data and discover fraud patterns which means the detection rates are increased and the rates of wrong detection are decreased.
The likelihood of AI-assisted fraud detection applications in the Bitcoin network is bright thanks to the continuing enhancement of AI technology and combined efforts between the players and regulators. Studies and innovations in AI-generated fraud detection systems of the future will have an answer to more complex and advanced problems.
However, taking into account ethical, legal, and technological challenges will need to be a priority. Proactivity will be the key component in the fight against fraud which includes the implementation of AI solutions for detecting fraud in the field of cryptocurrency. This will ensure the integrity of the cryptocurrency market and encourage trust among the users of the market and its investors.
Through utilizing AI technologies, the cryptocurrency industry can augment the ability to detect and reduce risks and thus contribute to the restoration of trust among users and investors. AI-enabled fraud detection is full of promises to continue the good fight against criminal activities and try to come up with innovative solutions. However, their use and impact are not free from questions related to privacy, justice, and security. Moving ahead, cooperation, research, and innovation will be crucial in strengthening the security of the Bitcoin system and protecting its reputation against the wide range of new threats.
]]>LastPass is one of the leading password management solutions, used by countless individuals and corporations alike. The company previously announced its plans to become independent, and has been building out its executive team in preparation of the separation.
The company has also established a dedicated threat intelligence team, indicating the company’s increased focus on broader cybersecurity.
In addition, LastPass has invested in establishing a dedicated threat intelligence team. This specialized team is designed to protect the broader LastPass community by proactively monitoring for, analyzing, and helping to mitigate potential threats targeting LastPass, its customers and the greater industry. In 2023, the team helped drive a 98% decrease in credentials offered for sale by information-stealing malware families.
“Our journey forward as an independent company is filled with excitement and gratitude,” said Karim Toubba, CEO, LastPass. “We are entering this new era with a strong market position, underpinned by an unmatched threat intelligence apparatus and an executive team with vast experience spanning multiple security fields. Together, we are all committed to delivering solutions that never compromise on security, quality, or performance – helping to set new standards in the cybersecurity landscape on behalf of our valued customers, dedicated employees, and the industry for years to come.”
]]>Credential stuffing attacks involving use credentials stolen from various data breaches to attempt to log in to various online services and platforms. Roku recently suffered a breach of 576,000 user accounts in a credential stuffing attack.
Okta says this type of attack is on the rise and bad actors are using anonymizing services, as well as residential proxies, to help cover their tracks:
All recent attacks we have observed share one feature in common: they rely on requests being routed through anonymizing services such as TOR. Millions of the requests were also routed through a variety of residential proxies including NSOCKS, Luminati and DataImpulse.
The company goes on to describe how bad actors are using residential proxies:
Residential Proxies are networks of legitimate user devices that route traffic on behalf of a paid subscriber. Providers of residential proxies effectively rent access to route authentication requests through the computer, smartphone or router of a real user, and proxy traffic through the IP of these devices to anonymize the source of the traffic.
Residential Proxy providers don’t tend to advertise how they build these networks of real user devices. Sometimes a user device is enrolled in a proxy network because the user consciously chooses to download “proxyware” into their device in exchange for payment or something else of value. At other times, a user device is infected with malware without the user’s knowledge and becomes enrolled in what we would typically describe as a botnet. More recently, we have observed a large number of mobile devices used in proxy networks where the user has downloaded a mobile app developed using compromised SDKs (software development kits). Effectively, the developers of these apps have consented to or have been tricked into using an SDK that enrolls the device of any user running the app in a residential proxy network.
The company says accounts that proceeded to authentication all shared similar configures:
The small percentage of customers where these suspicious requests proceeded to authentication shared similar configurations: The Org was nearly always running on the Okta Classic Engine, ThreatInsight was configured in Audit-only mode (not Log and Enforce mode), and Authentication policies permitted requests from anonymizing proxies.
Customers using Okta Identity Engine that (a) enabled ThreatInsight in log and enforce mode and (b) deny access requests from anonymizing proxies were protected from these opportunistic accounts. These basic features are available in all Okta SKUs. Upgrading to Okta Identity Engine is free, often highly automated, and provides access to a range of features including CAPTCHA challenges for risky sign-ins and passwordless authentication using Okta FastPass.
Okta provides a number of recommendations for combating this type of attack in its blog post. Customers should implement the mitigations as soon as possible.
]]>As Rubrik’s annual recurring revenue approaches $780 million, the company faces stiff competition from legacy players like Convault and emerging firms like Cohesity. However, Sinha articulated a vision of transforming the backup and recovery industry into a robust data security platform. This pivot positions Rubrik at the forefront of a market transition that promises resilience and recovery, distinguishing it from competitors primarily focused on preventive measures.
Innovative Approach to Cybersecurity and Market Dynamics
Sinha emphasized the evolving nature of cybersecurity threats, noting that the landscape now includes sophisticated nation-state actors and internal threats alongside less conventional threats from individual rogue elements. This complexity underpins Rubrik’s strategy to continually enhance its platform’s capabilities, aiming to protect and manage data securely across all stages. Looking forward, Sinha underscored the potential for market expansion, referencing Gartner’s forecast of a $50 billion market opportunity in the coming years.
Moreover, Sinha reflected on his venture capital experience, suggesting that Rubrik might pursue strategic acquisitions to bolster its market position. “As we go public, our goal is to further build out our cybersecurity framework and ensure all data stages are protected,” said Sinha. This proactive approach addresses immediate market needs and sets the stage for Rubrik to deliver innovative products and services, enhancing its value proposition in a competitive industry increasingly defined by the ability to manage and mitigate cyber risks effectively.
]]>Microsoft has been in the crosshairs of late, as a result numerous high-profile breaches, some of which have exposed US government accounts. In an interview with The Register, Grotto places the blame squarely with Microsoft, saying the company has been largely uncooperative with efforts to increase security.
“If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies,” rather than providing them by default, Grotto said. “As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach.”
Grotto went on to tell the outlet that Microsoft had to be “dragged kicking and screaming” into providing the government logging capabilities OOTB. The former official says the company has “a ton of leverage, and they’re not afraid to use it.”
Grotto says a lack of competition in the government space is one of the biggest issues, since it means Microsoft has little incentive to improve its products.
“The government needs to focus on encouraging and catalyzing competition,” Grotto said, adding he believes the government should call out the company for its security mishaps.
“At the end of the day, Microsoft, any company, is going to respond most directly to market incentives,” Grotto told the outlet. “Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be.”
]]>China is one of the biggest state sponsors of hacking groups, using them to target and undermine rivals. According to Wray, nothing is off limits for Beijing.
“The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist,” he said in remarks at the Vanderbilt Summit on Modern Conflict and Emerging Threats in Nashville.
Wray says China represents a three-prong danger: crime, counterintelligence, and cybersecurity, “driven by the CCP’s aspirations to wealth and power,” Wray said, adding that China wants to “seize economic development in the areas most critical to tomorrow’s economy,” even if it means stealing it. The Chinese government has tried to pilfer “intellectual property, technology, and research” from nearly every industry in the U.S. economy, he noted.
Wray went on to say that China is actively targeting US infrastructure, including energy grids, transportation, water treatment facilities, and IT systems.
“The fact is, the PRC’s targeting of our critical infrastructure is both broad and unrelenting,” he said. Wray also said China’s hacking program was expanding, with a goal of not just stealing data but also causing disruptions.
“It’s using that mass, those numbers, to give itself the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” he added.
Wray said the FBI is fighting back, partnering with a combination of government and private sector entities.
“As part of those operations, we’re often sharing targeting and other information with partners like U.S. Cyber Command, foreign law enforcement agencies, the CIA, and others, and then acting as one,” he said.
Responding to the Microsoft Exchange attack, the FBI “leaned on our private sector partnerships, identified the vulnerable machines, and learned the hackers had implanted webshells—malicious code that created a back door and gave them continued remote access to the victims’ networks.”
As the threat continues to grow, Wray says companies need to do their part to help secure the IT supply chain and work with the FBI.
“Vetting your vendors, their security practices, and knowing who’s building the hardware and software you’re granting access to your network is crucial, so push for transparency into what vendors and suppliers are doing with your data and how they will maintain it,” he said.
“We’ve seen the best outcomes in situations where a company made a habit of reaching out to their local FBI field office even before there was any indication of a problem, because that put everyone on the same page and contributed to the company’s readiness,” he added.
]]>According to an SEC filing, Frontier became aware of the breach on April 14, 2024. The company says bad actors gained access to portions of the company’s IT systems. In response, Frontier shut down parts of its systems to contain the breach.
Frontier says that shutting down its systems has caused disruptions to its operations. While it is still investigating the breach, the company does believe personally identifiable information was accessed.
Below is the company’s statement to the SEC:
On April 14, 2024, Frontier Communications Parent, Inc. (the “Company”) detected that a third party had gained unauthorized access to portions of its information technology environment. Upon detection, the Company initiated its previously established cyber incident response protocols and took measures to contain the incident. As part of this process, the containment measures, which included shutting down certain of the Company’s systems, resulted in an operational disruption that could be considered material. Based on the Company’s investigation, it has determined that the third party was likely a cybercrime group, which gained access to, among other information, personally identifiable information.
As of the date of this filing, the Company believes it has contained the incident and has restored its core information technology environment and is in the process of restoring normal business operations.
The Company continues to investigate the incident, has engaged cybersecurity experts, and has notified law enforcement authorities. The Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
Users whose data was accessed will no doubt be contacted in the near future.
]]>The SEC enforces record-keeping rules for public companies, action that has seen billions of dollars in fines for companies that fell short, thanks to the use of messaging apps like WhatsApp and Signal. According to Bloomberg, the agency is now working to ensure it operates by the same rules it is enforcing.
Much of the issue stems from the fact that WhatsApp, Signal, and similar apps allow for disappearing messages, a clear issue when it comes to maintaining a record of communication. The agency is also restricting the use of SMS and iMessage as well, telling Bloomberg that doing so is “to lower risk that our systems could be compromised and to enhance recordkeeping.”
The agency hopes the measure will help it improve its cybersecurity following an embarrassing incident in which its X account was compromised by bad actors.
]]>Microsoft has had one major breach after another in the last few years, including the following:
While data breaches and cybersecurity threats are becoming more common, it’s worth pointing out that Microsoft’s two biggest competitors—AWS and Google Cloud—have not experienced a single major breach of the magnitude of any one of Microsoft’s, let alone all of them.
Needless to say, Microsoft has taken significant flak for its security issues.
There are a number of significant factors that are contributing to Microsoft’s issues.
One of the biggest factors in Microsoft’s security issues is that the company’s products are used everywhere. Windows is still the dominant operating system in the desktop space despite losing ground in recent years. Individuals, companies, organizations, governments, and government agencies use Windows.
As a result, for decades, there has been no greater and more desirable target for bad actors than the Windows operating system. Compromising it opens a potential gold mine of opportunity, given the number and breadth of Windows users.
The same is true of the company’s office and email products. In fact, they are so popular that they are used on competing platforms, such as macOS, iOS, and Android.
Microsoft leveraged its dominance on the desktop to expand into other markets, including the cloud and messaging. In fact, the company has integrated its services so much that it has run into regulatory trouble for unfairly leveraging its dominance on the desktop, leading the company to back off some of its bundling efforts.
That integration, however, helps make the company a prime target, in many ways more than its competitors. For example, while AWS is the largest cloud provider, Amazon does not have a desktop operating system or office suite. In contrast, because Microsoft’s products share code, libraries, and more across desktop and server products, compromising one Microsoft product can open the door to possibly compromising many of them.
Microsoft is famed for providing backward compatibility, allowing users to run software that is years or even decades old.
That backward compatibility comes with security risks. As the application and development landscape has changed, modern applications are built with security best practices that were not even thought of years ago. As a result, running those apps on a modern OS requires various measures to safeguard the system from an app that potentially represents a security risk.
Unfortunately, none of these measures are fool-proof, and there is always the risk that a bad actor can exploit an issue, escalate privileges, or find another way to use an old app to compromise a modern system.
Microsoft started as an office suite and desktop OS maker before branching into a plethora of other internet and cloud-based services. Unfortunately, this puts the company at a disadvantage compared to its younger competitors.
Companies like Google and AWS benefit from their services being designed and built from the outset for the internet and the cloud, with the necessary security and safeguards built in from the ground up.
In contrast, Microsoft had to adapt much of its code, products, and services from a single-user desktop environment to a multi-user internet/cloud environment, complete with the plethora of security differences that come with that.
Microsoft has a long history of missing out on some of the tech industry’s most significant shifts. The company botched its attempts to capitalize on the MP3 player bandwagon, completely blew the smartphone revolution, fumbled the rise of usable tablets, missed the boat on search, and was late to transition to the cloud. Microsoft execs have publicly lamented the company’s failures in some areas.
Unfortunately, whenever a company and its executives develop “missed-out syndrome,” it can set a company up for failure. When new opportunities arise, the fear of missing out once again can cause a company to move too quickly, make reckless choices, and not put the necessary safeguards in place.
While no one outside of Microsoft can be 100% certain of the mindset within the company, some of its security issues have resulted from such amateurish mistakes that it’s hard to argue the company isn’t suffering from “missed-out syndrome,” rushing ahead without the proper safeguards.
It’s hard to analyze Microsoft’s security issues without comparing it to its long-time rival, Apple. Despite starting as a personal computer company and having highly integrated services, Apple has not been plagued with security issues like Microsoft has. What accounts for the difference?
In many ways, the difference comes down to culture. Since Apple began its turnaround under Steve Jobs, the company has firmly focused on protecting user privacy. To be clear, privacy and security are not the same thing. Nonetheless, many overlapping design principles and factors go into creating private and secure systems.
As Apple expanded beyond its core hardware and desktop OS, it focused on creating private and secure products and services for its customers, sometimes to the company’s detriment in other areas. For example, focusing on on-device processing and consumer privacy has made it more difficult for Apple to compete in the AI market.
In contrast, Microsoft’s culture has often revolved around partnerships, collaborations, and sharing data with other companies. As a recent example, the company’s Outlook email and PIM software now share data with 801 other companies. There’s an argument to be made that when a company is not focused on user privacy, it also impedes its ability to provide a truly secure experience for its customers.
Unfortunately, this culture has permeated Microsoft from the top down. Founder and former CEO Bill Gates famously voiced his belief that Microsoft and other companies should cooperate with the NSA to provide back doors into products for the intelligence agency to exploit.
Unfortunately, as security experts and mathematicians have explained ad nauseam, there is no way to create a back door for the “good guys” to use that won’t also be exploited by the “bad guys.” The fact that the founder of Microsoft doesn’t understand that speaks volumes about the security culture within a company whose software is used by the majority of organizations around the world. In contrast, Apple has always understood this principle and fought tooth-and-nail against the security back doors that Microsoft happily embraces.
It’s no wonder that, as outlined above, the US government’s own review board found “that Microsoft’s security culture was inadequate and requires an overhaul.”
Given the litany of issues Microsoft faces overhauling its security model, it’s unclear exactly what will happen next. One thing is clear, however: Lawmakers and regulators’ patience is growing thin.
Senator Ron Wyden recently announced draft legislation to end the government’s “dependence on insecure, proprietary software,” largely in response to Microsoft’s repeated and devastating data breaches. Senator Wyden’s legislation would “set mandatory cybersecurity standards, save taxpayers money, and break the anti-competitive lock-in effect caused by proprietary, walled-garden software.”
“My bill will secure the U.S. government’s communications from foreign hackers, while protecting taxpayer wallets. Vendor lock-in, bundling, and other anticompetitive practices result in the government spending vast sums of money on insecure software,” said Wyden. “It’s time to break the chokehold of big tech companies like Microsoft on government software, set high cybersecurity standards and reap the many benefits of a competitive market.”
Others have come out in favor of Senator Wyden’s legislation, endorsing elements of the legislation that run contrary to Bill Gates’ views.
“Through this legislation, the federal government has the opportunity to set an example for workplaces, organizations, and institutions across the country on how to fundamentally improve online safety. Protecting digital communication with end-to-end encryption is essential to data privacy and security, and should be the standard across the board. Without it, messages can be intercepted and abused by hackers, repressive law enforcement agencies, foreign governments, or the company that owns the platform itself. Everyone from the former director of the NSA, to Big Tech companies, to human rights defenders working under authoritarian regimes have highlighted the life-saving importance of end-to-end encryption. The issue of data privacy has never been more urgent, and decisive lawmaker action is needed in this moment to bring about tech platform policies that truly center our privacy and needs as users—not corporate profits,” said Leila Nashashibi, campaigner at Fight for the Future.
If Senator Wyden’s legislation becomes law, Microsoft will stand to be the biggest loser and will only have itself to blame. The company has a small window of opportunity to completely overhaul its culture, making security and privacy core components moving forward.
Whether the company’s leadership has what it takes to do so is another matter; only time will tell if they can overcome decades of heading in the wrong direction.
]]>Section 702 gives US intelligence agencies the authority to monitor the communications of foreign citizens and collect any related data. Because the bill targets foreign citizens outside US borders, a warrant is not necessary. Unfortunately, American citizens’ communications and data are often swept up as part of the dragnet, especially when Americans communicate with friends, family, or business associates abroad. To make matters worse, once the communications data is collected, it remains available for years, with law enforcement able to search it without a warrant.
The ACLU has long warned of the dangers involved in this kind of data collection:
Once the government collects vast amounts of information — including emails, text messages and other communications — under Section 702, that content is stored in databases for years at a time. FBI, CIA, and NSA officials routinely search through this vast trove of data for information specifically about Americans, even though these communications were all collected without a warrant. Information found through these “backdoor searches” can be used to prosecute Americans for crimes, even if they are not related to national security.
As the ACLU goes on to point out, abuses of the surveillance program have been rampant:
The NSA admitted in 2013 that analysts, in a number of instances, improperly used surveillance databases to monitor their exes in a practice known by some as LOVEINT. Additionally, a recent opinion from the Foreign Intelligence Surveillance Court regarding Section 702 surveillance, revealed a significant number of other violations that raised significant Fourth Amendment concerns, and were not properly disclosed to the court. These violations were so significant that the NSA even ended some of its surveillance practices — though it could restart them at any time.
Donald Trump had called on Republicans to kill the bill, claiming FISA had been used to illegally spy on him and his campaign. With Trump opposed to the bill, Republicans struggled to gain enough support to renew Section 702 but finally succeeded Friday.
A major point of contention was an amendment to the bill that would have required a warrant before accessing Americans’ information. The bill ultimately passed without that amendment, meaning warrantless data collection and surveillance can continue unabated.
Critics are warning that the renewal of Section 702 represents a major expansion of the surveillance of Americans.
“Anti-reformers not only are refusing common-sense reforms to FISA, they’re pushing for a major expansion of warrantless spying on Americans,” US Senator Ron Wyden told WIRED. “Their amendment would force your cable guy to be a government spy and assist in monitoring Americans’ communications without a warrant.”
“Three million Americans’ data was searched in this database of information,” said Representative Jim Jordan, chair of the House Judiciary Committee. “The FBI wasn’t even following its own rules when they conducted those searches. That’s why we need a warrant.”
The US routinely calls out its adversaries for surveilling their citizens, with China and authoritarian regimes being popular targets. Despite trying to take the moral high ground, the critics say the US has been sliding closer to becoming a surveillance state all its own.
For example, the FBI was recently called out for questioning individuals about posts on Facebook. With the renewal and expansion of Section 702, the door is now wide open for the continued and warrantless surveillance of Americans.
]]>According to Roku, bad actors used a method called “credential stuffing” in both attacks, a method that uses “stolen usernames and passwords from one platform and attempt to log in to accounts on other platforms.” The method is often successful because many individuals reuse their usernames and passwords across various services and platforms.
Roku says it discovered the larger breach while investigating the initial one impacting 15,000 customers. The company maintains that there is no evidence its own data was breached.
There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident. Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials. In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.
Roku says the vast majority of its 80 million users are not impacted. As a result, the company has reset passwords for the affected accounts, and is notifying customers. The company has also enabled two-factor authentication (2FA) for all accounts, including those not impacted.
Rokus’s breaches emphasize the value of a good security practices, including using different passwords for various services. As data breaches become more common, it’s all too easy for bad actors to automatically use stolen credentials on hundreds, or even thousands, of services where those credentials may be duplicated.
]]>Microsoft notified customers of an attack on its corporate email systems on January 12, 2024. The breach began in November 2023 and was carried out by the Russian state-sponsored actor known as Midnight Blizzard.
According to Microsoft’s report at the time, “the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.”
Unfortunately, CISA says Midnight Blizzard is using the information it exfiltrated to gain a further foothold and compromise Microsoft customers and government agencies.
“As America’s cyber defense agency and the operational lead for federal civilian cybersecurity, ensuring that federal civilian agencies are taking all necessary steps to secure their networks and systems is among our top priorities. This Emergency Directive requires immediate action by agencies to reduce risk to our federal systems,” said CISA Director Jen Easterly. “For several years, the U.S. government has documented malicious cyber activity as a standard part of the Russian playbook; this latest compromise of Microsoft adds to their long list. We will continue efforts in collaboration with our federal government and private sector partners to protect and defend our systems from such threat activity.”
CISA’s emergency directive underscored the danger Microsoft’s security breach exposed various agencies to.
The threat actor is using information initially exfiltrated from the corporate email systems, including authentication details shared between Microsoft customers and Microsoft by email, to gain, or attempt to gain, additional access to Microsoft customer systems. According to Microsoft, Midnight Blizzard has increased the volume of some aspects of the intrusion campaign, such as password sprays, by as much as 10-fold in February, compared to an already large volume seen in January 2024.
Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies (emphasis ours). This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure. CISA has assessed that the below required actions are most appropriate to understand and mitigate the risk posed by Midnight Blizzard’s possession of the exfiltrated correspondence between FCEB agencies and Microsoft.
Microsoft has been under increased scrutiny for its security issues and data breaches. Homeland Security’s Cyber Safety Review Board recently released its report on Microsoft’s Exchange breach last year, slamming the company’s “inadequate” security culture.
The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.
The review board went on say that Microsoft needed to completely overhaul its security culture, from the CEO down. It’s a safe bet that CISA having to issue an emergency directive over yet another Microsoft breach is only going to increase the heat on the Redmond giant.
]]>Sisense provides artificial intelligence and machine learning insights across a wide array of industries, including healthcare, retail, manufacturing, tech, financial services, pharma/life sciences, customer service, marketing, IT, finance, and human resources.
According to CISA, independent security researchers discovered that Sisence customer data had been compromised.
CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations. We will provide updates as more information becomes available.
CISA recommends the following actions:
- Reset credentials and secrets potentially exposed to, or used to access, Sisense services.
- Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services.
At the time of writing, there is no notification on Sisense’s website
]]>According to EconomicTimes, Apple has notified users that their iPhones have been “targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone.”
Apple’s notification goes on to say:
“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
Apple’s threat notification support page provides additional details regarding who is likely to be targeted by such attacks.
Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.
According to public reporting and research by civil society organisations, technology firms and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group. Though deployed against a very small number of individuals – often journalists, activists, politicians and diplomats – mercenary spyware attacks are ongoing and global. Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total. The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.
Hacking phones has become a big business, with companies like NSO Group selling their services to authoritarian governments and intelligence agencies around the world. Apple and Google have been working to stay one step ahead, with threat notifications being an important part protecting users.
]]>Microsoft engineer Andres Freund discovered that XZ Utils, a popular compression library used by nearly every major Linux distro, was compromised with a malicious backdoor. Rather than being a brute-force attack, initial investigation revealed that the backdoor had been inserted by one of the project’s legitimate maintainers.
In what can only be described as a years-long concerted effort, the bad actor bullied the project’s original maintainer into handing over co-maintainer rights before proceeding to carefully insert the backdoor code, pressure distro maintainers into adopting the compromised version, and taking effort to hide their real motives.
Fortunately, Freund discovered the backdoor before the compromised version made its way into any stable distro, such as Ubuntu, Fedora, or Debian. Nonetheless, development builds of Ubuntu and Fedora were compromised.
As a result the impact, Ubuntu is taking an extra week to rebuild all of its binaries for the upcoming 24.04 Noble Numbat release, according to a post on the company’s site:
Canonical never stops working to keep Ubuntu at the forefront of safety, security, and reliability. As a result of CVE-2024-3094 264, Canonical made the decision to remove and rebuild all binary packages that had been built for Noble Numbat after the CVE-2024-3094 264 code was committed to xz-utils (February 26th), on newly provisioned build environments. This provides us with confidence that no binary in our builds could have been affected by this emerging threat. As a result of this, the Beta release for Ubuntu 24.04 LTS (Noble Numbat) has been pushed to April 11, 2024 (previously April 4, 2024).
We appreciate your understanding and thank the community members who are collaborating on our collective understanding of this emerging issue.
It’s good to see Canonical take the threat seriously and take whatever steps necessary to protect the security of its users.
]]>In a recent interview, Chris Krebs, Chief Public Policy Officer at SentinelOne and former Director of the Cybersecurity and Infrastructure Security Agency (CISA), offered insights into the report’s findings. Krebs, who played a pivotal role in shaping cybersecurity policies during his tenure at CISA, expressed disappointment over Microsoft’s response to the breach, particularly in light of its previous leadership in the field.
“It is pretty disheartening to read as a former Microsoft employee, particularly as part of a Trustworthy Computing team,” remarked Krebs. “In 2002 and 2003, Bill Gates sent a Trustworthy Computing memo that effectively shut down all development across Microsoft… They got their security culture back in order and effectively led the industry.”
Krebs continued, emphasizing Microsoft’s historical commitment to security: “They developed the Software Development Life Cycle, integrated security into software engineering, and were at the top of the game for a decade or more.”
Reflecting on the report’s revelations, Krebs noted, “This report highlights that they drifted away from that security culture. It is hard to read. It is consistent and echoes many things I saw at SISSIA [CISA] in the last couple of years, including this compromise of the systems.”
The report’s recommendations call for greater involvement from Microsoft’s senior leadership in overseeing the company’s security program, including CEO Satya Nadella and President Brad Smith. “They [the report’s recommendations] outline that the CEO and the board need to get in a hands-on oversight administration of the security program. They need to hold senior leaders accountable. They need to prioritize security over feature development,” Krebs emphasized.
Krebs also stressed the importance of Microsoft’s role in the tech industry, stating, “Microsoft is one of the most important, if not the most important, technology companies in the world. We all depend upon it for hardware, software, productivity, cloud, and security. It is a lot we’re placing on them.”
As Microsoft navigates the fallout from the breach, it faces a critical juncture in restoring trust and confidence in its security measures. The company must heed the report’s recommendations and take decisive action to strengthen its security posture, lest it face further repercussions in an increasingly unforgiving cybersecurity landscape.
Ultimately, the report underscores the paramount importance of cybersecurity in today’s digital age, reminding companies like Microsoft of their responsibility to safeguard against emerging threats and uphold their users’ trust. Only time will tell whether Microsoft can rise to the challenge and emerge stronger from this ordeal.
]]>