Authorities believe the E-Root marketplace listed more than 350,000 computer credentials for sale

Read More

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction.

Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have informed the FTC of the 2016 incident, but instead went out of his way to conceal it from them.

Prosecutors also accused Sullivan of attempting to conceal the breach itself by paying $100,000 to buy the silence of the two hackers behind the compromise. Sullivan had characterized the payment as a bug bounty similar to ones that other companies routinely make to researchers who report vulnerabilities and other security issues to them. His lawyers pointed out that Sullivan had made the payment with the full knowledge and blessing of Travis Kalanick, Uber’s CEO at the time, and other members of the ride-sharing giant’s legal team.

But prosecutors described the payment and an associated nondisclosure agreement that Sullivan’s team wanted the hackers to sign as an attempt to cover up what was in effect a felony breach of Uber’s network.

[…]

Sullivan’s fate struck a nerve with many peers and others in the industry who perceived CISOs as becoming scapegoats for broader security failures at their companies. Many argued ­ and continue to argue ­ that Sullivan acted with the full knowledge of his supervisors but in the end became the sole culprit for the breach and the associated failures for which he was charged. They believed that if Sullivan could be held culpable for his failure to report the 2016 breach to the FTC ­- and for the alleged hush payment—then so should Kalanick at the very least, and probably others as well.

It’s an argument that Sullivan’s lawyers once again raised in their appeal of the obstruction conviction this week. “Despite the fact that Mr. Sullivan was not responsible at Uber for the FTC’s investigation, including the drafting or signing any of the submissions to the FTC, the government singled him out among over 30 of his co-employees who all had information that Mr. Sullivan is alleged to have hidden from the FTC,” Swaminathan said.

I have some sympathy for that view. Sullivan was almost certainly scapegoated here. But I do want executives personally liable for what their company does. I don’t know enough about the details to have an opinion in this particular case.

Read More

Microsoft has warned organizations using JetBrains TeamCity server to take immediate steps to mitigate this threat

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

With the changing security landscape, the most daunting task for the CISO and CIO is to fight an ongoing battle against hackers and cybercriminals. Bad actors stay ahead of the defenders and are always looking to find new vulnerabilities and loopholes to exploit and enter the business network. Failing to address these threats promptly can have catastrophic consequences for the organization.

A survey finds that, on average, it takes more than five months to detect and remediate cyber threats. This is a significant amount of time, as a delayed response to cyber threats can result in a possible cyber-attack.  One can never forget the devastating impacts of the Equifax breach in 2017 and the Target breach in 2013  due to delayed detection and response. This is concerning and highlights the need for proactive cybersecurity measures to detect and mitigate rising cyber threats. Amidst this, it’s also crucial to look into why it is challenging to detect cyber threats.

Why do organizations fail to detect cyber threats?

Security teams are dealing with more cyber threats than before. A report also confirmed that global cyber attacks increased by 38% in 2022 compared to the previous year. The increasing number and complexity of cyber-attacks make it challenging for organizations to detect them.

Hackers use sophisticated techniques to bypass security systems and solutions – like zero-day vulnerabilities, phishing attacks, business email compromises (BEC), supply chain attacks, and Internet of Things (IoT) attacks. Some organizations are unaware of the latest cyber threat trends and lack the skills and resources to detect them. For instance, hackers offer professional services like ransomware-as-a-service (RaaS) to launch ransomware attacks. Surprisingly, two out of three ransomware attacks are facilitated by the RaaS setup, but still, companies fail to have a defensive strategy against them.

Enterprises relying on legacy devices and outdated software programs are no longer effective at recognizing certain malicious activities, leaving the network vulnerable to potential threats. Additionally, the lack of trained staff, insider threats, and human errors are other reasons why many organizations suffer at the hands of threat actors. Besides this, much of the company’s data is hidden as dark data. As the defensive teams and employees may be unaware of it, the hackers take complete advantage of dark data and either replicate it or use it to fulfill their malicious intentions.

Moreover, cloud migration has rapidly increased in recent years, putting cybersecurity at significant risk. The complexity of the cloud environments, poorly secured remote and hybrid work environments, and sharing security responsibilities between cloud service providers and clients have complicated the situation. In addition, cloud vulnerabilities, which have risen to 194% from the previous year, have highlighted the need for organizations to look out for ways to strengthen their security infrastructure.

Security measures to consider to prevent cyber threats

Since businesses face complex cyber threats, mitigating them requires a comprehensive and proactive approach. Here are the most effective tips organizations can employ to strengthen their cybersecurity posture:

Practice a multilayered cybersecurity approach

Adopting a multilayered cybersecurity approach is a great way to combat rising threats before they manifest into a cyber-attack. In a multilayered security approach, if one layer is compromised, other layers can offer protection and help detect and respond promptly to threats.

A multilayered approach is vital in the ever-evolving security landscape where cyber-attacks are increasing in number and becoming more sophisticated. It comes with a variety of tools and security solutions to safeguard the organization’s network, including endpoint detection and response (EDR), data security posture management (DSPM), security information and event management (SIEM), network detection and response (NDR), and user and entity behavior analytics (UEBA). These solutions provide visibility into the organizational network and protect against different types of threats.

Having multiple layers of protection is good but focusing on basic security hygiene also helps reduce the risk of cyber threats. Setting up multi-factor authentication (MFA) and data backups are fundamental to cybersecurity; however, many companies still get them wrong. Data backup can be a mere failure because of human error, infrastructure failure, or improper software updates. Implementing robust cloud or immutable backups is the best way to overcome this issue. As immutable backups are out of the range of SMBs, the cloud backup is easier to adopt and disconnects from the main network, guaranteeing more protection.

Similarly, MFA is not as safe as it used to be because hackers have introduced various tactics and attacks to bypass MFA controls. However, the introduction of phishing-resistant MFA that includes various authenticators like FIDO2, PKI, or CBA increases security and mitigates the risks.

Develop a comprehensive incident response plan

With cybercriminals evolving and becoming more sophisticated, organizations must have a well-defined incident response plan (IRP) to stay ahead of potential threats. Without an incident response plan, enterprises usually panic with no idea who to call and what to do. With an adequate plan in place, the chief security officers (CSOs) and other members of the security teams know what to do and ensure that the disaster recovery measures work properly.

IBM’s Cost of a Data Breach Report 2022 found that organizations having an incident response plan had an average data breach cost lower than organizations without an IRP. Creating and implementing an IRP is an invaluable step. It enables enterprises to manage better, helps the security teams detect and respond promptly to potential cyber threats, and mitigates the risk of future incidents.

An incident response plan is a comprehensive approach that includes guidelines for detecting, containing, and recovering from security incidents. In addition, it highlights the roles and responsibilities of the stakeholders across the organizations, the CISO, and the SOC involved in the process. Most IRPs follow the general framework based on the incident response models developed by the National Institute of Standards and Technology (NIST), the SANS Institute, and the Cybersecurity and Infrastructure Agency (CISA).

Many organizations do have common security controls to support the incident response plan. But now, with advancement, dedicated tools like SOAR or SIEM help guide a team through its incident response workflow and provide all the necessary details to make an informed decision. These tools must be implemented long before because they provide critical information that helps recognize, investigate, and respond to an incident.

Establish cybersecurity policies and focus on employee education

Cybersecurity policies are crucial in preventing cyber threats and attacks. Businesses of all sizes must adhere to stringent policies such as access control, insider threat programs, vendor management, and remote access policies to ensure that all employees know their roles and responsibilities. Additionally, with strict guidelines in place, it’s easy for companies, mainly security staff, to stop unauthorized persons from accessing sensitive data and, therefore, mitigate the chances of potential data leaks.

Verizon’s Data Breach Investigation Report 2022 reveals that 82% of data breaches involve a human element. To combat this issue, having a people-centric cybersecurity approach is the best possible solution. This approach mainly focuses on educating and monitoring the employees, and various ways exist.

Organizations can conduct regular cybersecurity training sessions to teach staff at all levels to detect and respond to cyber threats like ransomware or phishing attacks. They can also introduce the concept of gamification to make employees understand how various cyber-attacks work playfully. Besides this, security teams must monitor the workers’ actions, especially when dealing with critical data. Also, they can perform background checks and have a proper termination procedure for anyone not following the cybersecurity policies and putting the company’s security at risk.

Final thoughts

With the high risk of cyber threats, organizations must take steps to protect their systems and data. One of the best ways to do this is by leveraging a multilayered cybersecurity approach that includes a variety of security solutions that help recognize these threats and strengthen overall organizational security. In addition, having a robust incident response plan further allows the CISO to have a planned strategy to combat rising cyber threats.

Remember that ensuring cybersecurity is an ongoing process and effort; staying updated on the latest threats and practicing basic security hygiene is also vital for the security teams and other organization members. To sum up, with proper measures, organizations can successfully reduce the number and severity of attacks and function and progress without hindrance.

Read More

The ex-hacktivist group is now fully involved with the ransomware-as-a-service market

Read More