Tag Archive for: Operations

The biggest threat to operations


Victor Lough, Cybersecurity Business Lead at Schneider Electric, speaks to The Manufacturer about the new NIS 2 legislative changes and the impact of this on the supply chain.

Victor’s role is to ensure that Schneider’s solutions and services are being delivered to the UK and Ireland business sector from a security perspective, as well as collaboratively with the government and market peers. Alongside this, he is raising awareness of ransomware and it being the current biggest threat to company operations.

In the UK industrial sector, there is currently a lot of collaborative work taking place around the government’s objective to make the UK the most secure location in the world to do business with. “In the last couple of years, the industry has seen a drive to ensure that everyone is pulling in the same direction. And the government is revising its Network and Information Security Directive-related legislation, aligning with the EU’s own NIS 2 update.”

The changes will have implications for the whole supply chain, requiring a wide ecosystem of essential service providers and manufacturers to rapidly advance cyber security maturity to minimise risk. In both the UK and EU, connected businesses throughout the supply chain will be expected to be cyber secure, with responsibility extending to friendly third-parties connected to systems through remote access. For utilities, this is especially crucial as any business involved in the supply chain risk huge fines.

There have been numerous changes that have impacted the sector over the last five years, specifically geopolitics, and they have influenced how businesses operate.

Because of the recent disruption, the sector has seen a stark increase in the level of ransomware attacks. “Ransomware is the biggest threat to operations right now and it is making annual profits of over $1bn per year, with more money being made from ransomware than narcotics,” Victor commented. He emphasised the call for regulation due to the fact that ransomware is being run like a business; sophisticated operations with product managers, technicians and specialists who are often backed by nation states.

Ransomware and a risk-based approach

To…

Source…

India Braces Against Phishing, Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and Automation for Security Operations


Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has revealed the outcomes of a new survey conducted by IDC on the state of Security Operations (SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable insights into the current SecOps landscape, emphasizing the role of Artificial Intelligence (AI) and automation. It explores various aspects, including prevalent security practices, attack frequency and impact, detection and response times, alert fatigue, the status, and impact of automation in SecOps workflows, and challenges related to skill development within the SecOps domain. Key findings from India include:

 

Current Security Challenges: Threats and Team Readiness

 

  • Most Common Cyber Threats: Phishing and Insider threats are the most predominant cyber threat in India, with Approximately 50% of organizations ranking them as their top concerns. The top five threats include phishing, insider threats, ransomware, unpatched vulnerabilities, and identity theft.

 

  • Ransomware Surge: Ransomware incidents have doubled across India, with 70% of organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, insider threats, and zero-day exploits.

 

  • Insider Threats and Remote Work: 88% of the respondents feel that Remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasizing the need to address human factors in cybersecurity.

 

  • Resourcing IT Security Teams: Only 44% of businesses have dedicated IT resources for security teams. This augments the challenges faced by organizations in strengthening their security measures.

 

  • Impact of Emerging Technologies: Hybrid work, AI, and IT/OT system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organizational vulnerability to cyber threats.

 

SecOps SOS: Struggles with Alert Fatigue and Threat Containment

 

  • Threat Containment and Preparedness: Approximately one out of three…

Source…

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations


macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Pierluigi Paganini
February 10, 2024

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations.

Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat.

RustDoor is written in Rust language and supports multiple features. The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures.

The malware has been active since at least November 2023, but it was fist spotted on February 2nd 2024.

Researchers identified multiple RustDoor variants, and most of the samples share the same core functionalities with minor variations. The experts grouped these variants into Variant 1, 2 and Zero.

All the variants support commands that allow operators to gather and upload files, and gather information about the machine.

The first variant of the backdoor that was detected in November 2023 was likely a test version that did not support a persistence mechanism. The researchers noticed that the backdoor contained a plist file named ‘test’.

The second variant was spotted at the end of November, it contained a complex JSON configuration as well as an embedded Apple script used for exfiltration.

“We identified multiple variants of the embedded Apple script, but all of them are meant for data exfiltration.” reads the report published by Bitdefender. “The script is used to exfiltrate documents with specific extensions and sizes from Documents and Desktop folders, as well as the notes of the user, stored in SQLITE format”

RustDoor
RustDoor

The configuration files included a list of applications for impersonation, the backdoor used this trick to spoof the administrator password presenting dialog.

“Some configurations also include specific instructions about what data to collect, such as the maximum size and maximum number of files, as well as lists of targeted extensions and directories, or directories to  exclude” Bitdefender continues.

The “Variant Zero,” first spotted on 02.11.2023, is less…

Source…

Chinese hacking operations have entered a far more dangerous phase, US warns


China’s cyber activity is moving beyond the last decade’s spying and data theft toward direct attacks on U.S. critical infrastructure, the directors of the FBA, NSA, and the Cybersecurity and Infrastructure Security Agency, or CISA, told lawmakers on Wednesday. 

The Volt Typhoon hacking group is planting malware on network routers and other internet-connected devices that, if triggered, could disrupt water, power, and rail services, possibly causing widespread chaos or even injuring and killing Americans, they said. 

While Russia is known for cyber attacks that cause real-world harm—for example, targeting U.S. political campaigns and Ukrainian power plants—China is viewed as far more risk-averse. It’s best known for cyber theft, of intellectual property or government information, such as the Office of Personnel Management hack uncovered in 2015. But Volt Typhoon, which Microsoft revealed last May, represents something far more threatening. 

At a meeting with reporters last week, a senior NSA official put the issue in starker terms. 

“They’re in places that they are not there for intelligence purposes. They are not there for financial gain. Those are two hallmarks of Chinese intrusions in other sets and other lanes,” the official said. 

China is still undertaking those activities, “but this is unique in that it’s prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on, you know, a domestic incident at a time when something’s flaring up in a different part of the world and they don’t want us facing the foreign aspects of that,” the official said.

FBI Director Christopher Wray underscored the seriousness to lawmakers on the House Select Committee on the CCP on Wednesday. 

“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. Now, China’s…

Source…