Tag Archive for: ramp

Army struggling to hire cyber staff as attacks on Britain ramp up

/in


The Army is struggling to hire cyber security experts amid intense competition from business, its recruitment chief has admitted.

Richard Holroyd, managing director of Defence and Security at Capita, which handles recruitment for the Armed Forces, said it was having difficulty attracting candidates given the wealth of jobs on offer.

He told the Telegraph: “You’re saying to people with an interest in it, come and be a cyber specialist in the armed forces, but Raytheon is saying come and be a cyber specialist, BT are saying come and be a cyber specialist. So in those spaces, you’re competing.

“In a labour market with full employment it’s a tough, tough play.”

Mr Holroyd said Capita was on track to only meet 80pc of its Army recruitment target this year, in part because of difficulties filling technical roles.

He said: “Anything related to STEM [science, technology, engineering and mathematics] is a highly competitive environment. So STEM skills are tough.”

Capita’s exact target wasn’t given and the Ministry of Defence declined to comment on it.

The admission comes despite the increasing importance of cyber for both offensive and defensive capabilities.

The Minister of Defence said last month there was an “urgent requirement to continue to modernise the force to keep pace with technological developments”.

Boosting the digital skills is a “matter of priority” over the next three years, officials wrote in the Defence Command paper.

Mr Holroyd said cyber security experts have “much more choice” than in previous years and admitted that private sector companies have proven faster at recruiting, sometimes making offers within a few weeks.

Source…

Crypto hack alarms ramp up as authorities crack down after $3.7 billion stolen

/in


The rapid growth of cryptocurrency theft over the past few years has become a major concern for U.S. authorities, who are ramping up efforts to crack down on hackers and illicit crypto schemes.

Just last year, crypto hackers managed to steal about $3.7 billion in digital assets, with North Korean state-sponsored cyber actors taking the lead as the main culprit in many of those heists, according to TRM Labs, a blockchain intelligence company.

Although this year has seen a decline in crypto hacks compared to 2022, about $400 million of virtual currency was stolen in the first quarter of 2023, TRM Labs reported

Over the last few years, North Korean state-sponsored cyber actors have aggressively targeted the crypto sector, often taking advantage of an industry that is not well understood by many and not well regulated.

North Korean flags are carried during a celebration of the nation’s 73rd founding anniversary in Pyongyang, North Korea, on Sept. 9, 2021. (Associated Press).

U.S. officials and the United Nations have reported that stolen crypto funds have become an important source of revenue for North Korea’s nuclear and ballistic missile program. 

“The problem has gotten very big and very serious with North Korea cybercriminals accounting for about $1 billion in stolen crypto last year,” said Ari Redbord, global head of policy and government affairs at TRM Labs.

“With North Korea, it is not about personal financial gain. Stolen crypto is used to fund weapons proliferation and other destabilizing activity,” Redbord said, adding that it has become a “serious national security threat.”

A top cyber official in the Biden administration also raised similar concerns regarding North Korea’s role in crypto hacks. 

Anne Neuberger, the administration’s deputy national security adviser for cyber and emerging technology, said last year she was “concerned about North Korea’s cyber capabilities,” adding that the country uses “up to a third of [stolen crypto] funds to fund their missile program.”

Neuberger added that North Korea’s expansion of its missile testing has been a top priority for the administration, which has taken several…

Source…

BlackLotus Secure Boot Bypass Malware Set to Ramp Up

/in


BlackLotus, the first in-the-wild malware to bypass Microsoft’s Secure Boot (even on fully patched systems), will spawn copycats and, available in an easy-to-use bootkit on the Dark Web, inspire firmware attackers to increase their activity, security experts said this week.

That means that companies need to increase efforts to validate the integrity of their servers, laptops, and workstations, starting now.

On March 1, cybersecurity firm ESET published an analysis of the BlackLotus bootkit, which bypasses a fundamental Windows security feature known as Unified Extensible Firmware Interface (UEFI) Secure Boot. Microsoft introduced Secure Boot more than a decade ago, and it’s now considered one of the foundations of its Zero Trust framework for Windows because of the difficulty in subverting it.

Yet threat actors and security researchers have targeted Secure Boot implementations more and more, and for good reason: Because UEFI is the lowest level of firmware on a system (responsible for the booting-up process), finding a vulnerability in the interface code allows an attacker to execute malware before the operating system kernel, security apps, and any other software can swing into action. This ensures the implantation of persistent malware that normal security agents will not detect. It also offers the ability to execute in kernel mode, to control and subvert every other program on the machine — even after OS reinstalls and hard drive replacements — and load additional malware at the kernel level.

There have been some previous vulnerabilities in boot technology, such as the BootHole flaw disclosed in 2020 that affected the Linux bootloader GRUB2, and a firmware flaw in five Acer laptop models that could be used to disable Secure Boot. The US Department of Homeland Security and Department of Commerce even recently warned about the persistent threat posed by firmware rootkits and bootkits in a draft report on supply chain security issues. But BlackLotus ups the stakes on firmware issues significantly.

That’s because while Microsoft patched the flaw that BlackLotus targets (a vulnerability known as Baton Drop or CVE-2022-21894), the patch only makes exploitation more difficult — not…

Source…

After cyberattacks, Ridgefield to ramp up internet security

/in


RIDGEFIELD — Due to recent cyberattacks, the town is ramping up its internet security under a new deal with Comcast. 

The Board of Selectmen approved a five-year contract with Comcast to “provide the next level up in security for the town’s internet connections,” Ridgefield First Selectman Rudy Marconi said. 

The selectmen OK’d about $15,900 for six months of an agreement for the upgrade during its meeting last Wednesday. The total cost will be about $30,000 a year or about $2,500 a month, which will be taken from the town’s contingency fund. The town has in the past paid $252 a month for its internet service. 

The upgrade includes much faster internet service, better service response and access from Comcast, much higher protection from internet attacks, and improved reporting of attacks.

Marconi said in September and October, Ridgefield experienced an attack that flooded its network. He said hackers clogged the amount of information the system could receive “to bring everything to a grinding halt.”

At the selectmen meeting, Andrew Neblett, the town’s information technology director, spoke in depth of the attacks. He said the attacks, called distributed denial-of-service or DDoS, “achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic.”  

“From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination,” Neblett said. “Everyone’s got their car, it’s all running, the road is not dead or broken, but you can’t do anything.” 

Ridgefield has two “lifelines” to the internet, Neblett said. One is the Connecticut Education Network, which, he said, has been “very stable” but has a cap on its speed. The other is called a Comcast coax connection, which is slower than the Connecticut Education Network. 

Neblett said due to the increasing number of hackers, DDoS protection is needed to provide a “stable, secure highway.”

“The problem is we have no protection now and if we get hit again, I have no answer for you,” he said.  

He…

Source…