The importance of mentoring and role models in helping women develop careers in cybersecurity was emphasized during the HackerOne Women in Cybersecurity Press Roundtable.

The panel, which comprised a range of leading female figures in the cybersecurity industry, discussed practical ways of improving gender diversity in the industry.

Marjorie Janiewicz, chief revenue officer at HackerOne, began by setting out a bleak picture regarding cyber’s gender imbalance. “It’s no secret that the cyber skills gap is rapidly growing, and women continue to be a minority in technical and cyber roles. We especially notice that underrepresentation in leadership roles,” she outlined.

The panelists then highlighted personal experiences that inspired them to successful careers in cyber. Keren Elazari, a cybersecurity analyst, researcher, author and speaker, described initially feeling “lonely” operating in the industry as an anonymous white hat hacker. However, when attending her first hacker conference, Y2hacK, she became inspired mixing and interacting with like-minded people. In addition, while there were only three women present at the event, “the fact the organizer of the event was a woman, that gave me the signal that although I don’t see anyone that looks like me around, there’s space for me in this community.”

Sandra McLeod, head of security assurance at Zoom, similarly emphasized the importance of role models during her career. “I had the opportunity to work among and alongside some incredible top talent that I learned from and had some amazing mentors who encouraged me to take that next step.”

While the panelists had female role models they could look up to while navigating the start of their career in the industry, this is often not the case for many women. Lynn Dohm, executive director of Women in CyberSecurity, noted: “It’s hard to be what you cannot see and when you have that power of community and you have those women in front of you that you aspire to be, it builds up your confidence and strength to think ‘yes this is a place where we belong’ and we can advance in our careers.”

Therefore, a key means of enabling women to succeed in cyber is “creating the power of community where there is that collective strength as a network and as a community to grow and expand our cyber careers collectively.”

Annika Erikson, senior security manager at Salesforce, concurred, explaining how mentoring helped open doors to her in the industry. “I’ve had mentors, both women and men, that have invited me to tables I would never have invited myself to and brought me into conversations.” She said that these experiences “gave me the confidence to then invite myself to more discussions.”

Erikson added that she now offers the same mentoring opportunities to help others in the sector. “Anybody can be a mentor to anyone in their organization or across organizations and invite them into those discussions and conversations. This will let them know their contributions are extremely valuable,” she commented.

Threat actors laundered $8.6bn in cryptocurrency last year, although the real figure could be much higher when “non-crypto” crimes are included, according to Chainalysis.

The firm provides analysis and investigation software to help shine a light on the murky world of blockchains and decentralized finance (DeFi).

Findings from an upcoming report released yesterday revealed a 30% year-on-year increase in the value associated with money laundering activity via cryptocurrency in 2021.

However, that’s not the whole story.

“We also need to note that these numbers only account for funds derived from ‘cryptocurrency-native’ crime, meaning cyber-criminal activity such as darknet market sales or ransomware attacks in which profits are virtually always derived in cryptocurrency rather than fiat currency,” the firm explained.

“It’s more difficult to measure how much fiat currency derived from offline crime – traditional drug trafficking, for example – is converted into cryptocurrency to be laundered. However, we know anecdotally this is happening.”

Despite its reputation for being something of a Wild West, it’s easier to monitor money laundering efforts where cryptocurrency is involved because of the transparent nature of blockchains.

To that end, DeFi protocols received the majority of illicit funds last year, the first since 2018 where centralized exchanges haven’t been the number one recipient, according to Chainalysis.

That amounts to a 1,964% year-on-year increase in total value received by DeFi protocols from illicit addresses to a total of $900m in 2021. North Korean hackers, who stole an estimated $400m of cryptocurrency last year, were heavy users of DeFi, Chainalysis claimed.

The good news is that money laundering is still concentrated on a small number of services, although slightly less so than in 2020.

The analysis revealed that over half 55% of all cryptocurrency sent from illicit addresses went to only 270 service deposit addresses.

Among these addresses were those associated with two exchanges sanctioned by the US Treasury last year: Suex and Chatex.

“Law enforcement can strike a huge blow against cryptocurrency-based crime and significantly hamper criminals’ ability to access their digital assets by disrupting these services,” Chainalysis claimed.

A leading maker of network-attached storage (NAS) devices is urging customers to upgrade to the latest software version and reconfigure their systems in order to thwart a new ransomware campaign.

Taiwan vendor QNAP released a statement yesterday in response to the mounting threat from a new variant known as “DeadBolt.”

It advised customers to ensure their devices are not exposed to the internet, by opening the Security Counselor and checking if the dashboard displays the following message: “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP.”

If it does, organizations should check the Virtual Server, NAT or port forwarding settings, and disable the port forwarding setting of the NAS management service port – which, by default, means port 8080 and 443.

Next, they should disable UPnP by going to “myQNAPcloud” on the QTS menu, clicking “Auto Router Configuration,” and de-selecting “Enable UPnP port forwarding,” the vendor explained.

“DeadBolt has been widely targeting all NAS exposed to the internet without any protection and encrypting users’ data for Bitcoin ransom,” it warned.

“QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP NAS and routers, and immediately update QTS to the latest available version.”

The threat actors behind DeadBolt are purportedly claiming to leverage a zero-day exploit in their attacks, which would presumably work even on updated QTS versions. However, disconnecting from the internet would keep organizations safe.

“Organizations right now should have critical insight into the use of SSH and Telnet into their QNAP devices as well as connections on port 8080 and 443 emanating from their QNAPs and historic levels of UPnP traffic,” advised Armis cyber risk officer, Andy Norton.

“There are threads surfacing on some of the support forums, where the decryption key did not work after payment, but it is also possible to remove DeadBolt using other utilities on the QNAP device.”

A report out yesterday warned that vulnerability exploits are an increasingly popular initial access vector for ransomware gangs, with the number of bugs associated with such attacks jumping 29% year-on-year in 2021.

This is far from the first time QNAP customers have been targeted by ransomware. Over the past year, AgeLocker and eCh0raix variants prompted warnings from the vendor.

IT staff are more likely to click on phishing links and are often worse at reporting threats than their peers elsewhere in the organization, according to new research from F-Secure.

The security vendor tested over 82,000 participants from four organizations to compile its study, To Click or Not to Click: What We Learned from Phishing 80,000 People. They were exposed to several tactics commonly used by cyber-criminals to steal data, deploy malware and conduct business email compromise (BEC).

Worryingly, in the two organizations studied where technical staff were tested, they showed a greater propensity to click.

In one of the companies, 30% of DevOps and 21% of IT staff clicked on test phishing emails, compared to an average of just 11% for all departments. In the other organization, the rate for DevOps was 26%, slightly higher than the average of 25% overall.

That’s despite more technical staff than the average claiming to be alert to the problem of phishing. In one organization, 17% of respondents said they had noticed a phishing email in their inbox in the past, versus 27% of IT and 29% of DevOps respondents.

In the other, the average for spotting phishing was 44% but shot up to 60% for those working in DevOps.

Technical staff members are also poor at flagging phishing attacks. In one organization, IT and DevOps came third and sixth out of nine departments in terms of reporting. In the other, DevOps was the twelfth best at reporting out of 17 departments, while IT came down in fifteenth place.

Matthew Connor, F-Secure service delivery manager and lead author of the report, claimed that over-confidence might be partly to blame for the results.

“I don’t believe you reduce susceptibility by teaching people about phishing. I believe you reduce susceptibility by making sure staff know the basics and by motivating them to want to spend the time and effort identifying and reporting phishing attacks,” he told Infosecurity.

“It is possible that the technical staff know what phishing is but have too much confidence in the technical protective measures in place and in their own ability to spot attacks. This leads them to be relaxed and susceptible, rather than alert and secure.”

Connor argued that reporting is a crucial link in the corporate security chain to help detect and prevent attacks and build resilience.

“Either technical staff in these organizations genuinely did not spot the phishing attempts and are not as adept as they may think, or they are not following the best practices to support the business,” he concluded.

“Ultimately for me, this study shows that technical staff need just as much support as the rest of the organization in combatting phishing.”

North Korea has experienced an internet outage that may have been caused by a cyber-attack.

The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks.

Junade Ali, a cybersecurity researcher who monitors various North Korean web and email servers from a location in Britain, told Reuters that the latest outage could have resulted from distributed denial-of-service (DDoS) attack.

Describing the recent incident, Ali said: “When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country.”

Within a few hours of the suspected DDoS attack, servers supporting email were back up and running. However, disruption and downtime continued to impact individual web servers of institutions, including North Korea’s ministry of foreign affairs, the Air Koryo airline, and Naenara – the official portal for the North Korean government.

Seoul-based news site NK Pro, which monitors events in North Korea, reported that log files and network records indicated that websites ending in .kp and hosted on North Korean web domains were mostly unreachable. The reason given for this was that North Korea’s Domain Name System (DNS) had ceased to communicate the routes that data packets are meant to take.

The news site observed that a similar incident had occurred in North Korea on January 14 2022. 

Ali said that how the server outage had occurred connoted that it was “the result of some form of network stress rather than something like a power cut.”

He said that no traffic was being sent to or from North Korea at the apex of the recent attack.

“It’s common for one server to go offline for some periods of time, but these incidents have seen all web properties go offline concurrently. It isn’t common to see their entire internet dropped offline,” said Ali.

He added: “During the incidents, operational degradation would build up first with network timeouts, then individual servers going offline and then their key routers dropping off the internet.”