Tag Archive for: tackle

Latest Edition of Mitre Cybersecurity Evaluation Program to Tackle Ransomware, Threats to macOS

/in


Common behaviors associated with ransomware campaigns will be tackled in the sixth round of MITRE Engenuity‘s ATT&CK Evaluations, a program that seeks to assess the capabilities and performance of enterprise cybersecurity solutions.

MITRE said Tuesday that applications are already being accepted for the latest round of ATT&CK Evals, whose focus on ransomware stems from the malware type’s persistence as “one of the most significant cybercriminal threats across industry verticals,” according to Amy Robertson, the program’s principal cyber threat intelligence analyst.

Due to the Democratic People’s Republic of Korea targeting macOS, the latest Evals round will also tackle Apple‘s laptop and desktop operating system.

“The DPRK has emerged as a formidable cyber threat, and they have progressively been expanding their focus to macOS as they work to evade international sanctions,” Robertson noted.

For his part, ATT&CK Evals General Manager William Booth said he and his organization were thrilled to expand the scope of the program to include macOS, a move that underscores a “commitment to comprehensive, platform-diverse assessments.”

Results of the evaluations will be released in the fourth quarter of 2024. Those interested in undergoing assessment have until April 30 to apply.

Source…

It is time to tackle mobile malware head on

/in


Hybrid working has been a game changer for people and businesses across the globe. It has accelerated the adoption of digital technologies, transformed day-to-day operational processes, and shown the world that it could function, no matter the situation.

However, a fragmented workforce adds further complexity to the threat landscape. Security teams have a multitude of new vulnerabilities to deal with and face the near-impossible task of securing multiple networks and IoT devices.

With millions of us now adopting a hybrid working model, smartphones have become a primary tool for day-to-day business transactions. According to App Annie’s State of Mobile 2022 report, users from the world’s top ten mobile markets collectively spent 3.8 trillion hours looking at their mobile devices in 2021. That is an average of 4.8 hours per day, a 30 percent increase compared to the previous two years and while the use of mobile malware is declining, mobile devices still present a significant risk to organizations. According to our Check Point research, there has been a 45 percent increase in cyberattacks since the shift to remote working, which has led to serious strain on IT teams as they look to secure users’ devices.

With such huge usage across a fragmented landscape, it is no wonder cybercriminals view mobiles as the ideal launchpad for a wide-scale attack.

Rise of vishing, smishing cyberattacks

Modern mobile devices are more powerful than ever before, with sophisticated operating systems and a wide range of applications and services. While this complexity could create more opportunities for attackers to find vulnerabilities and exploit them, manufacturers such as Apple, Samsung, and Google have developed handsets with strict security settings. This makes traditional attack methods like malware more difficult in civilian settings. It is still possible to bypass the security measures and we have seen an increase in malicious applications masquerading as legitimate products on app stores, however, many do not make it pass the download phase.

The actions of these…

Source…

NY lawmakers vow to tackle cyber hack attacks against hospitals, schools

/in


New York state lawmakers have promised to make helping local governments, schools and hospitals protect against cyber ransomware attacks a top priority during the 2023 legislative session.

It comes after a wave of such attacks hit institutions across the Empire State, with the computer systems of a major Brooklyn hospital network and those of the Suffolk County government disabled by hackers last year.

“This is a top item on my agenda for 2023,” said Steven Otis, chairman of the Assembly Science and Technology Committee.

“I am especially sensitive to local government and school districts being targets of ransomware attacks,” said Otis. “We have to get into prevent mode.”

A study just published in the Journal of the American Medical Association found that the number of ransomware attacks against hospitals and other medical institutions more than doubled from 2016 to 2021 —  from 43 to 91 nationally, and that figure is likely under-reported.

Hospitals are among the top targets of hackers because of all the personal information they have stored about patients.

The computer database systems for Brooklyn One Health System containing private patient information and medical records were disabled by hackers last November. The hospital network — which includes Brookdale, Interfaith and Kingsbrook Jewish hospitals — was forced to go back to a manual system of pen and paper.

The hacking forced Interfaith Medical Center and other hospitals in the system to have to use a manual system for records.
The hacking forced Interfaith Medical Center and other hospitals in the system to have to use a manual system for records.
Paul Martinka

Hackers also breached a Suffolk County web server in a cyberattack on Sept. 8, 2022, demanding a $2.5 million ransom. An investigation found that the hackers had initially breached Suffolk’s database in December 2021, exploiting a flaw in the software and remaining there for nine months before posting a ransomware note demanding $2.5 million.

Even the Metropolitan Opera’s Box Office was hacked last month.

“Ransomware attacks and cyber hackers are the existential threat of our times,” said former state Sen. Diane Savino, who chaired the committee on Internet and technology and is now a senior adviser to New York…

Source…

Blockchain security companies tackle cryptocurrency theft, ransom tracing

/in


According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today’s value.

Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency, Web3 (a decentralized view of the web that incorporates blockchain technologies and token-based economics), and blockchain-related organizations are growing bolder and more lucrative for malicious hackers even as the value of cryptocurrencies stagnates. This month alone, Binance saw its BNB chain drained of $586 million, close to the all-time most significant cryptocurrency theft of $624 million from the Ronin Network in March 2022.

The threat actors in these and other instances likely didn’t keep all or even most of the astonishing amounts stolen but, in many cases, are increasingly granted handsome “bounties” in exchange for a return of some or most of the missing funds. Avraham Eisenberg, the man behind a $114 million exploit on Mango Markets in mid-October, got to keep $47 million of his allegedly ill-gotten gains in exchange for returning $67 million to the project.

A new crop of cybersecurity companies has emerged

The mind-boggling amount of money generated from crimes against an array of digital finance segments has no real parallels in the traditional cybersecurity world, which has yet to amass the expertise needed to discover, track, and remediate security incidents in the blockchain space. Part of the reason conventional cybersecurity professionals are reluctant to devote resources to the digital currency arena is the belief among many top experts that cryptocurrencies are little more than financial fraud, an opinion they feel is borne out by the current collapse in the cryptocurrency market.

Against this backdrop, a new crop of security companies has emerged to help Web3 firms cope with the chronic crime and assist…

Source…