Tag Archive for: smarter

Cybercrime matures as hackers are forced to work smarter

/in


hacker

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.

Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.

Pursuing new avenues

One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better.

As Kaspersky explains, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.

This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.

The case is similar with vulnerabilities, which are fewer and more expensive to discover.

Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits.

Becoming more efficient

Hacking groups are now optimizing its member structure and providing distinct functional roles to each person.

In modern cybercrime operations, there’s no longer a need for malware authors and testers, because actors are sourcing their tools from central selling points on the dark web.

Moreover, with much of stolen money being transacted in cryptocurrency, actors only need money mules or someone to manage cash withdrawal operations when cashing out into fiat currency.

The same goes for account credentials, webshell access to various organizations, and even DDoS attacks. All of these are bought from providers instead of “employing” an expert in the team.

Typical cybercrime group structure - 2016 left 2021 right
Cybercrime group structure – 2016 on the left, 2021 on the right
Source: Kaspersky

Another way of optimization for cybercriminals today is to turn to cloud service providers instead of choosing the more costly and risky option of renting or setting up their own physical server infrastructure.

The downside of this is that cloud servers are regulated and service providers are responsive to reports, but threat actors can always hop to other platforms or create new accounts when they’re…

Source…

In search of a smarter Einstein — GCN

/in


layered cybersecurity (PATTYARIYA/Shutterstock.com)

In search of a smarter Einstein

  • By Justin Katz
  • Feb 02, 2021

Einstein is the Department of Homeland Security’s intrusion detection system. It observes traffic flowing in and out of federal networks, allowing the government to target threats identified by a database of known malware. That makes it unlikely Einstein ever could have detected the malware implanted into SolarWinds Orion because it was delivered to agency networks through a trusted update.

However, overhauling Einstein to identify unknown or zero-day threats would be far too costly, cybersecurity analysts said. The most viable path forward, they argued, would be to install new capabilities, necessarily bolstered by private industry.

Kiersten Todt, formerly executive director of the Commission on Enhancing National Cybersecurity, was blunt about Einstein’s record. “There are no real strong success stories of Einstein,” she said. “When you look at what happened with SolarWinds, they essentially outsmarted Einstein.”

“The challenge with detecting activity like the SolarWinds hack is that the hack is accomplished through ‘authorized’ malware,” said Philip Reitinger, president and CEO of the Global Cyber Alliance.

To detect that malware, a defensive system would either have to deny all communications that are not explicitly whitelisted or establish a user activity baseline capable of singling out abnormalities for investigators to pursue. “That can be difficult to do and resource intensive,” he added.

Michael Hamilton, a former vice chair for a government coordinating council focused on critical infrastructure protection, described a similar method as the most likely way forward for DHS to improve Einstein. Although its precise capabilities are classified, Hamilton speculated the program’s age — Einstein was originally developed in 2003 — is a sign it may not be baselining user activity in the way he and Reitinger described.

Hamilton said that “it’s not likely they throw it out and start over,” noting the program’s sunk costs. “My understanding is that it cost $6…

Source…

Security Master Launch Signals Smarter Privacy and Mobile Security – Top Tech News

/in

Top Tech News

Security Master Launch Signals Smarter Privacy and Mobile Security
Top Tech News
SAN FRANCISCO, May 25, 2017 — Cheetah Mobile Inc. (NYSE: CMCM), the leading developer of mission-critical mobile utility and security applications, today announced the launch of Security Master. Security Master is the next generation of CM Security, …

mobile security – read more

Security Master Launch Signals Smarter Privacy and Mobile Security – CIO Today

/in

CIO Today

Security Master Launch Signals Smarter Privacy and Mobile Security
CIO Today
SAN FRANCISCO, May 25, 2017 — Cheetah Mobile Inc. (NYSE: CMCM), the leading developer of mission-critical mobile utility and security applications, today announced the launch of Security Master. Security Master is the next generation of CM Security, …

and more »

mobile security – read more