AuthorTAFA Archives
April 2024
Categories
All
|
Back to Blog
Cloud computing has become a ubiquitous part of modern business operations, with more and more companies relying on cloud services for storage, software, and infrastructure. However, with the increased use of cloud computing, there has been a corresponding increase in cloud security breaches, with cybercriminals targeting cloud systems to steal data or disrupt operations.Hence, there is a need for robust cloud security measures to protect data and systems from cyber threats. Before going into detail on why cloud security is so important and the best practices for cloud security, we shall go back to the basics. What Is Cloud Security? Cloud security refers to the set of policies, procedures, and technologies that protect cloud-based systems, data, and infrastructure from cyber threats. Cloud security covers a range of areas, including access controls, data encryption, network security, and application security. Cloud security is crucial because, without it, cybercriminals can exploit vulnerabilities in cloud systems to steal data, disrupt business operations, or gain access to other systems on a network. Why Is Cloud Security So Important? These are a few high profile examples of data breaches related to cloud security that have occurred in the past. In 2022, the cloud security company Wiz was breached, resulting in the exposure of sensitive data belonging to some of their customers. The breach was caused by a vulnerability in Wiz's own infrastructure and affected companies such as Amazon, Google, and Microsoft. In 2021, the online game developer EA (Electronic Arts) suffered a data breach that involved the theft of source code, game development tools, and other proprietary information. The breach was caused by a vulnerability in an EA server that was hosted in the cloud. In 2020, the online retailer Shopify suffered a data breach that involved the theft of customer data, including names, addresses, and order details. The breach was caused by two rogue employees who accessed data from Shopify's cloud-based customer support system. These recent data breaches demonstrate the importance of implementing robust cloud security measures to protect against cyber threats. As more and more organizations move their data and applications to the cloud, it is essential to ensure that appropriate security controls are in place to protect against unauthorized access, data theft, and other security risks. Best Practices for Cloud Security 1. Secure Access Controls: Access control is an essential part of cloud security, and businesses should implement strong access control policies to restrict access to cloud systems and data to authorized personnel only. Multi-factor authentication, identity and access management (IAM) systems, and role-based access control (RBAC) are some of the best practices for access control.
2. Data Encryption: Data encryption is the process of converting data into an unreadable format to protect it from unauthorized access. Businesses should ensure that data stored in the cloud is encrypted both at rest and in transit. Encryption keys should be managed carefully to ensure that only authorized personnel can access them. Hence, this will help to protect against unauthorized access and data theft. 3. Network Security: Cloud systems are vulnerable to network-based attacks, and businesses should implement network security measures to protect their cloud infrastructure. Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are some of the best practices for network security. 4. Application Security: Cloud-based applications should be designed and developed with security in mind. Secure coding practices, regular security testing, and access controls are some of the best practices for application security. 5. Regular Security Audits: Regular security audits, such as vulnerability assessment and penetration test (VAPT), can help to identify vulnerabilities in cloud systems and ensure that security measures are up to date. 6. Disaster Recovery and Business Continuity: Businesses should implement disaster recovery and business continuity plans to ensure that they can recover from data breaches, system failures, or other disasters that may affect their cloud infrastructure. 7. Vendor Management: Businesses should ensure that their cloud service providers have robust security measures in place. The service level agreement (SLA) should clearly define the vendor's responsibilities for security, and the vendor's security practices should be regularly audited. 8. Employee Training: Employee training is an essential component of cloud security. Employees should be trained on best security practices, including identifying phishing scams, creating strong passwords, and identifying suspicious activity. Takeaway Cloud security is crucial for protecting cloud-based systems, data, and infrastructure from cyber threats. Access controls, data encryption, network security, application security, regular security audits, disaster recovery, vendor management, and employee training are some of the best practices for cloud security. Businesses should implement these best practices to ensure that their cloud infrastructure is secure and their data is protected. By following these best practices, businesses can minimize the risk of cyber attacks and ensure the continuity of their operations
Back to Blog
In today's digital age, software applications are an integral part of our lives. We use them for everything from online shopping to social media to online banking. However, with the increasing use of applications, there is also a growing need for application security. What is Application Security? Application security is the process of protecting software applications from security threats and vulnerabilities. It involves taking steps to ensure that applications are designed, developed, and maintained in a secure manner to prevent unauthorized access, data theft, or other malicious activities. To understand application security, it is helpful to think of it in terms of a castle. A castle has walls, gates, and guards to protect it from invaders. Application security is essential for protecting not only your personal information but also your business information. A data breach can be costly, not only in terms of financial loss but also in terms of damage to your reputation. Best Practices to Protect Your Company Protecting your company with application security requires a multi-layered approach. Here are some tips to get you started: 1. Conduct regular security audits: Regular security audits can help you identify vulnerabilities in your applications and infrastructure. You can use these audits to improve your security measures and ensure that you are meeting industry standards and compliance regulations. This is akin to regular health checkups to ensure that your systems are protected, and help point out any vulnerabilities that you can fix in your systems. Security audits can be done via third party penetration testing and vulnerability assessment, and security code reviews. 2. Use access controls: Access controls are one of the most effective ways to prevent unauthorized access to your applications. By requiring passwords, multi-factor authentication, or biometric identification, you can limit who has access to your applications and ensure that only authorized users can access sensitive data. 3. Implement encryption: Encryption is the process of converting data into an unreadable format that can only be accessed with the correct decryption key. By implementing encryption, you can protect sensitive data, such as credit card information and personal data, from being intercepted or stolen. 4. Secure data storage: Businesses should ensure that data storage is secure, and access to data is restricted to authorized personnel only. Encryption of data at rest and in transit, secure storage of backup data, and limiting the amount of data stored on local machines are some of the best practices. 5. Train employees on security best practices: Human error is one of the leading causes of data breaches. By training your employees on security best practices, you can reduce the risk of accidental data exposure. This includes teaching them about phishing scams, password hygiene, and how to identify suspicious activity. 6. Use third-party security services: Third-party security services, such as vulnerability scanning, penetration testing and security code reviews, can help you identify security gaps and weaknesses in your applications. They can also provide recommendations for improving your security posture. 7. Stay up-to-date on security patches: Security patches are updates released by software vendors to fix security vulnerabilities. It is important to regularly update and patch software applications as this will help to address known vulnerabilities and prevent new security threats. Businesses should ensure that software applications are updated regularly and that security patches are applied promptly. Takeaway In conclusion, protecting your company with application security is essential in today's digital age. By taking a multi-layered approach and implementing best practices, you can reduce the risk of data breaches and other security incidents. Remember, application security is not a one-time event but an ongoing process that requires vigilance and continuous improvement. Related Topics:
7 Types of Cybersecurity Measures SMEs Need to Protect Their Business What is Network Security? Definition, Threats & Best Practices What is Endpoint Security? Definition & Best Practices What is Data Security? Definition & Steps to Protect Your Company What is Physical Security? Definition & Best Practices
Back to Blog
A quick summary of what happened this week in the space of cyber security: OrangeTee & Tie fined SGD$37k for data breach that affected over 250,000 customers and staff OrangeTee & Tie, a real estate firm, has been fined SGD$37,000 after the Personal Data Protection Commission (PDPC) found that more than 250,000 customers’ and staff's information has been compromised. Compromised information included: names, bank account numbers, NRIC, passport numbers, property transactions and commission amounts. In PDPC’s written judgment, a fine was imposed as OrangeTee & Tie had failed to put in place “reasonable security arrangements to protect users’ personal data”.These included failure to conduct periodic security reviews and usage of “live” data for development and testing purposes without proper safeguards. Alleged data breach has caused Philippines’ police employee records to be leaked online Cybersecurity researcher, Jeremiah Fowler from VPNmentor, reported on a non-password protected database that contains over 1.2 million records of individuals who were employed or applied to work in law enforcement in the Philippines. Personal information found includes but not limited to, passports, birth certificates, marriage certificates, drivers’ licenses, academic transcripts, security clearance documents. In response, the PNP and DICT have begun investigations into this data breach, while the National Bureau of Investigation has stated after initial investigations this data breach does not involve any of their systems. Furthermore, Senator Ramon ReVilla Jr. has proposed Senate Resolution 573, stating that “data privacy and protection is a matter of national interest” and that it is vital for the Congress of the Philippines to put in place policies to deter future data breaches. For a more in-depth article: click here Optus hit with data breach class-action lawsuit A class action lawsuit has been lodged against Australian Telco, Optus. Law firm Slater and Gorden has lodged the class action on behalf of more than 100,000 current and former customers.The lawsuit claims Optus have breached laws and its own policies by failing to protect users from harm and destroy or de-identify former customer data. They intend to seek compensation on behalf of those current and former customers. The firm also stated that this breach has plausibly put vulnerable customers at risk of domestic violence and other crimes. An Optus spokesperson replied that they would vigorously defend any class action. American Bar Association data breach affected 1.4 million members Hackers have compromised the American Bar Association (ABA) system and gained access to credentials for 1,466,000 members. Network affected were ABA’s pre-2018 website and career center website. Personal information includes account usernames and passwords. ABA had notified members that a hacker was detected upon detecting unusual activity on their network. ABA has recommended members to change their passwords on their site, as well as passwords on other sites that utilize the same credentials. They also advised members to watch for spera-phishing emails that would impersonate the ABA. NCR datacenter struck by ransomware attack. A payment company, NCR datacenter, has suffered a ransomware attack, whereby a data center in Aloha, Hawaii has been breached. This ransomware incident has caused a system outrage. This breach is related to their Aloha restaurant point-of-sale product. Although, the company stated there was “no impact to payment applications or on-premises systems.” This ransomware incident has caused a system outrage. Black Cat, a ransomware group, has claimed the attack, but the post was later taken down. Cybercriminals utilize generative AI to perform more complex phishing attacks. Zscaler has found that in 2022, cyber criminals are using generative AI developments like ChatGPT to perform more complex phishing attacks. As these AI-driven phishing can successfully resemble legitimate messages, this increases the likelihood of victims falling for these scams. There was a nearly 50% increase in phishing attacks compared to 2021. Researchers predict that cybercriminals will use AI tools more regularly, and they are expected to find more sophisticated websites, SMS and email scams. Lockbit ransomware gang found targeting MacOS devices for the first time For the first time, the Lockbit ransomware gang has created encryptors to target Macs. This is likely to become the first huge ransomware operation to specifically target macOS. Although macOS is currently on their radar, their encryptors are not ready to be deployed yet as stated by macOS cybersecurity expert Patrick Wardle. However, it is still important for all computer users to practice good online safety habits. Lockbit representative, LockBitSupp, stated that they are currently actively developing the Mac encryptor. ‘AuKill’ malware kills EDR via Process Explorer driver Sophos X-Ops found a new defense evasion tool which attempts to disable EDR processes called AuKill. The AuKill tool takes advantage of an outdated version of version 16.32 of the Microsoft utility Process Explorer to disable EDR processes. This allows them to deploy ransomware or backdoor on the target system. Since the start of 2023, attackers have used AuKill prior to deploying Medusa Locker and Lockbit ransomwares. Trigona ransomwares targets Microsoft SQL servers AhnLab found threat actors are utilizing Trigona ransomware to target unsecured and internet-exposed Microsoft SQL (MS-SQL) servers. They breach using brute-force or dictionary attacks. Afterwards, they deploy a malware called CLR Shell. Followed by the installation and launching of a dropper malware which they use to launch the Trigona ransomware. The Trigona ransomware gang are behind a stream of attacks, with at least 190 submissions to the ID Ransomware platform since the beginning of 2023.
Back to Blog
Cybersecurity researcher, Jeremy Fowler, from vpnMentor allegedly found that there is a non-password protected database that contains 1,279,437 records. This data breach has, in total, exposed 817.54 GB of data. The exposed information includes records of individuals who were employed or applied to work in the law enforcement in the Philippines. Details of the Exposed Records Exposed records contain highly sensitive personal information. This personal information includes but is not limited to scans of passports, birth certificates, marriage certificates, drivers’ licenses, fingerprints, signatures, academic transcripts, tax identification numbers, and security clearance documents. Furthermore, this breach has also exposed certifications from the justice department, and the local and regional court records. Exposed records can be broadly categorized into:
These records come from multiple Philippine state agencies which includes but are not limited to, the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue, Special Action Force Operations Management Division, and the Civil Service Commission. This is dangerous as with this exposed personal information, they could become potential victims of phishing attacks, identity theft, financial fraud and other malicious activities that can damage the reputation of the individuals affected. Philippine Government Response As of Thursday, the PNP chief Gen. Rodolfo Azurin Jr, had stated that their Anti-Cybercrime Group (ACG) has begun investigation into this alleged data breach, and are currently waiting for ACG’s report. ACG are still conducting vulnerability assessment and penetration testing, and ACG director, Hernia, stated that as of now, they “cannot categorically say there was a leaked applicant’s data”. The Department of Information and Communications Technology (DICT) has stated on Thursday that their Cybersecurity Bureau and National Computer Emergency Response Team (NCERT) have “doubled down on its investigation on the matter.” They also called on all government agencies to coordinate with DICT to strengthen their cybersecurity measures. As of today, NBI had put out a statement that said after initial investigations, they are “reasonably certain that the alleged breach does not involve any of the NBI’s systems”. They added that this is also supported by the fact that the compromised data in the data breach, are not included in their hiring and selection process. NBI also stated that “while the breached records supposedly include copies of NBI clearance IDs, these are normally released to the applicants, who may then submit or upload it for their stated purposes”. Takeaway This latest breach serves as a reminder that cybersecurity is a critical concern for all organizations, and that data breaches can happen to anyone. To protect themselves from cyber threats, it is important for organizations to implement robust security measures, including strong passwords, regular software updates, and regular backups of important data. As cybercriminals continue to become more sophisticated in their attacks, it is crucial for organizations to stay vigilant and proactive in their efforts to protect their sensitive information.
Back to Blog
In today’s world, physical security has become a critical part of cybersecurity. However, unsurprisingly, this aspect of cyber security is often overlooked.
What is Physical Security? Physical security refers to the measures taken to protect physical devices and infrastructure that store or process sensitive information from unauthorized access, theft, or damage. Physical security in cybersecurity involves implementing measures to protect hardware, software, and data from physical threats, such as theft, natural disasters, or sabotage. As cyberattacks are becoming more sophisticated, attacker are also now targeting the physical infrastructure as well. Physical security in cybersecurity is critical because an attack on physical infrastructure can have a significant impact on the organization. For example, if a data center is attacked, it could result in the loss of critical data, system downtime, and significant financial losses. Physical security in cybersecurity can be broken down into three main categories:
Best Practices For Physical Security Some of the best practices for physical security in cybersecurity include:
Takeaway In conclusion, physical security is an important aspect of cybersecurity that should not be overlooked. By implementing access control measures, monitoring and surveillance, physical barriers and locks, training and awareness, disaster recovery planning, and regular testing and auditing, organizations can protect their physical devices and infrastructure from unauthorized access, theft, or damage. Regularly reviewing and updating physical security measures can help ensure that they remain effective against evolving cyber threats. Cybersecurity teams should work closely with physical security teams to ensure that all aspects of the organisation's security are working together to protect against cyber threats.
Back to Blog
Data security is an essential aspect of protecting your company's sensitive information from theft, loss, or unauthorized access. In today's digital world, it's crucial to take steps to secure your data to prevent costly data breaches that can harm your business reputation and bottom line.
Think of data security like a lock on a diary. Just like you wouldn't want anyone to read your private thoughts and feelings, you wouldn't want anyone to have access to your personal or confidential digital information. Here are some steps you can take to protect your company with data security: 1. Conduct a risk assessment: A risk assessment is an evaluation of potential security threats and vulnerabilities to your company's information systems. It can help you identify areas of weakness and develop a plan to mitigate those risks. 2. Implement access controls: Access controls are a crucial component of data security. By limiting access to sensitive information, you can prevent unauthorized access and minimize the risk of data breaches. Consider implementing multi-factor authentication, strong password policies, and biometric identification.
3. Use encryption: Encryption is an effective way to protect your company's sensitive data from being intercepted or stolen. By encrypting your data, you convert it into an unreadable format that can only be accessed with the correct decryption key.
4. Regularly backup your data: Backups are an essential part of any data security plan. They are like a spare key to your house. If you lose your key, you can still get in with the spare. By regularly backing up your data, you can ensure that you have a copy of your data in case of data loss or corruption. Regular backups help ensure that your data is not lost forever. 5. Train employees on data security best practices: Your employees play a significant role in data security. They need to be aware of best practices for protecting sensitive data, such as not sharing passwords, avoiding public Wi-Fi, and recognizing phishing scams. 6. Develop a disaster recovery plan: A disaster recovery plan outlines how your company will respond to a data breach or other emergency. It should include steps for containing the breach, notifying affected parties, and restoring systems and data.
7. Monitor your network for suspicious activity: Regularly monitoring your network can help you detect and respond to potential security threats. Consider implementing intrusion detection systems, firewalls, and security information and event management (SIEM) tools. Takeaway Data security is important for everyone, from individuals to businesses to governments. By implementing these steps, you can protect your company's sensitive data from potential security threats such as identity theft, financial fraud, and other types of cybercrime. It's important to regularly review and update your data security plan to ensure that it remains effective in protecting your business from evolving threats. Remember, data security is not a one-time event, but an ongoing process that requires diligence and attention to detail.
Back to Blog
A quick summary of what happened this week in the space of cyber security: Hyundai data breach exposed Italian and French car owners details. Hyundai has disclosed a data breach that exposed the personal data of Italian and French car owners, and those who had booked a test drive. Personal data exposed were: telephone numbers, physical address, email address and vehicle chassis numbers. Luckily, no financial information or identification numbers were stolen. Hyundai Italia did respond that they “had immediately informed the authorities and contacted the persons concerned beforehand”. Additionally, they also had engaged with IT experts, who took the impacted systems offline till they implemented more security measures. Capita ransomware attack by Black Basta ransomware group, data found to be on sale. Black Basta, an extortion group who holds companies’ data for ransom, has listed Capita as a recent victim on their platform - advertising their data for sale. Exfiltrated data includes primary and secondary school job applications with applicants personal information, BACS payment details for Capita Nuclear, confidential Capita documents, passport scans, security vetting for customers and internal building floor plans. Yum!Brand data breach after ransomware attack. Yum!Brands, Inc, the parent company of Pizza Hut, KFC, Taco Bell and The Habit Burger Grills, disclosed a data breach, which occurred in mid-January 2023. This breach caused Yum to take their systems offline to mitigate the cyber attack, and forced them to close roughly 300 UK restaurants for a day. Affected data include corporate data, and people’s personal information such as names, driver’s license information and other ID card details. Although Yum! Brands have noted that with the stolen data, there is “no indication of identity theft or fraud”. Furthemore, the company stated this incident would not affect operations or financial performance, but this data breach will cost. Kodi announced a data breach after their forum database was found for sale online. The Kodi Foundation, a cross-platform open-source media player, organizer and streaming suite, admitted a data breach after hackers stole their MyBB forum database, which contains user’s data and private messages, and attempted to sell it online. Kodi announced that the hackers used an inactive staff member’s credentials to gain access to the admin panel. They then downloaded and then deleted the database backups, which contained public and staff forum posts, user’s private messages, their usernames, email address and encrypted (hashed and salted) passwords. It is highly recommended for users to change their passwords, especially if the same username and password are used on other sites, as a safety precaution. Although the upside is that the site where the hackers tried to sell the data has been shut down and the founder and owner of the site has been arrested by the FBI. Western Digital breached, hackers demand ransom for data. Data storage company, Western Digital, suffered a security breach, which caused them to temporarily deny customers access to their cloud data as they had to turn off their servers. Hackers involved in this breach, claimed to have stolen around 10 terabytes of data from the company, including customers' data. To not publish the exfiltrated data, the hackers are demanding a “minimum 8 figures”. Western Digital has declined to comment about the hacker’s claims. Compromised websites spreading malware via fake Chrome updates. It has been found that hackers are compromising websites to display fake Google Chrome automatic update errors that distribute malware to unsuspecting visitors. NTT’s security analyst stated that after February 2023, this campaign has been expanding their target scope to cover users who speak Japanese, Korean and Spanish. It has also been uncovered that numerous sites have been hacked in this malware distribution campaign, which includes blogs, news sites and online stores. The malicious scripts are delivered through the Pinata InterPlanetary File system service, which obscure the origin server, hence making blocklisting ineffective and are resistant to takedowns. DDoS shifts to leveraging breached VPS for increased power. According to Cloudflare, high-volumetric DDoS (distributed denial of service) attacks have shifted from relying on IoT devices to leveraging breached Virtual Private Servers (VPS). As a result, this will help cyber attackers to build higher performance botnets much easier, quicker and stronger (up to 5,000 times more) than IoT-based botnets. Attackers can gain access to VPS via unpatched servers and using leaked API credentials to hack into management consoles. Cloudflare reports that in the first quarter of 2023, there was a 60% year-on-year increase in the random DDoS attacks, which represents only 16% of reported/recorded DDoS attacks. Furthermore, the number of larger attacks are growing, compared to the previous quarter, there was about a 6.5% increase. Cloudflare also reported the most targeted country by DDoS attacks in the first quarter of 2023 was Israel, the United States, Canada and Turkey. The most targeted sectors were internet services, software, marketing and gaming/gambling. Vice Society, deploys new PowerShell script to automate data theft. The Vice society, a ransomware gang, deploys a new fully automated data exfiltrator and basically uses tools that can evade detection from most security softwares, keeping them in stealth mode till the data encryption stage of the ransomware attack (the final step). Important Updates to Software You Need To Download
Links
https://apps.web.maine.gov/online/aeviewer/ME/40/b85bfcfb-4ff7-419e-8dd2-95e8f41a5ad1.shtml https://doublepulsar.com/black-basta-ransomware-group-extorts-capita-with-stolen-customer-data-capita-fumble-response-9c3ca6c3b283 https://www.thetimes.co.uk/article/capita-it-outsourcer-reels-from-being-locked-out-of-its-own-it-dhk9lgnd6 https://securityaffairs.com/144676/data-breach/yum-brands-data-breach.html https://www.bleepingcomputer.com/news/security/hacked-sites-caught-spreading-malware-via-fake-chrome-updates/ https://insight-jp.nttsecurity.com/post/102ic6o/webgoogle-chrome https://kodi.tv/article/important-kodi-forum-data-breach/ https://blog.cloudflare.com/ddos-threat-report-2023-q1/ https://www.bleepingcomputer.com/news/security/ddos-attacks-shifting-to-vps-infrastructure-for-increased-power/ https://twitter.com/squallstar/status/1646088736873107456 https://www.bleepingcomputer.com/news/security/hyundai-data-breach-exposes-owner-details-in-france-and-italy/ https://www.theregister.com/2023/04/10/apple_fix_ios_macos/ https://support.microsoft.com/en-us/topic/april-11-2023-kb5025221-os-builds-19042-2846-19044-2846-and-19045-2846-b00c3356-baac-4a41-8342-7f97ec83445a https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5025221-and-kb5025229-updates-released/ https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html https://unit42.paloaltonetworks.com/vice-society-ransomware-powershell/ https://www.bleepingcomputer.com/news/security/vice-society-ransomware-uses-new-powershell-data-theft-tool-in-attacks/ https://www.cpomagazine.com/cyber-security/storage-giant-western-digital-suffers-a-security-breach-denying-cloud-customers-access-to-their-data/ https://techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/?guccounter=1
Back to Blog
According to Maki Pulido's report on "24 Oras", the Department of Information and Communications Technology (DICT) in the Philippines has revealed that the country has experienced more than 3,000 high-level cyberattacks from 2020 to 2022. As a result, DICT stated that the Philippines are ranked fourth globally with the highest incidents of cyber attacks. According to the DICT, almost half of these attacks were aimed at the systems and networks of critical infrastructure and government agencies. Since January this year, DICT reported that 5 government agencies have been attacked by threat actors. As stated by DICT Assistant Secretary, Jeffrey Dy, one of the reasons why they are experiencing such significant cyber attacks is the lack of attribution, whereby the government does not catch them when they attack. Hence, threat actors might find it easier to practise in the Philippines. Another reason stated by Dy was the lack of cybersecurity specialists in the country - there are only 300 certified information security systems professionals from the needed 200,000. Furthermore, some of the professionals prefer working in private companies and overseas due to higher compensation and salary, which Dy acknowledged. Taking away more experts from the already small pool of certified professionals in the Philippines. Hence, DICT is also ramping up efforts to improve cybersecurity across the country. It was stated that they are trying to rectify and address the salary asymmetry in the National Cybersecurity Strategy for 2028. In hopes, this will give more incentives to certified professionals and potential certified professionals. Additionally, DICT is also pushing for the mandatory reporting of hacking incidents. Furthermore, DICT has also launched the “Hack for Gov” competition for students from 20 schools in Metro Manila, to inform youth about hacking and ways to prevent it. However, DICT also reported during this same period, they have monitored 54,000 cyber threats. Despite the lack of certified professionals, Dy has stated that in 2022, 95% of recorded attacks in the Philippines have been “remediated”. In which case, he defined “remediated” as successful cyber attacks but they have been able to inform the government agency, “for them to do something about it”. These attacks are a serious threat to the security and stability of the Philippines, and underscore the need for stronger cybersecurity measures and awareness among Filipinos. Hence, it is of utmost importance for organizations and individuals in the country to take proactive steps to protect themselves from cyber threats. This information was retrieved from GMA Integrated News. What can you do to protect yourself and your business from cyber threats These are some steps that you and your company can take to protect yourselves from cyber threats.
The growing number of high-level cyberattacks in the Philippines is a cause for concern, but it is also an opportunity to raise awareness about the importance of cybersecurity, and the steps that individuals and organizations can take to protect themselves from cyber threats. Securing Your Business with TAFA Shield
With the current cyber environment, securing your business against threat actors is now essential to your cybersecurity strategy. With our prevention first and zero-trust approach to security using ML and AI, TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information.
Back to Blog
As technology continues to advance, the need for secure and reliable networks is more important than ever before. Cyber attacks are on the rise, and businesses of all sizes are at risk of being targeted by cyber criminals. This is where endpoint security comes in. What is Endpoint Security? Endpoint security refers to the practice of protecting the various endpoints of a network against various forms of cyber threats. Endpoints include devices such as laptops, desktop computers, smartphones, tablets, servers, and other devices that connect to a network. These endpoints are the entry and exit points of a network, and therefore, securing them is crucial to prevent malicious actors from accessing sensitive data, stealing or manipulating data, or causing any other type of damage to the network. Endpoint security is an essential component of a comprehensive cybersecurity strategy. As cyber attacks have become more sophisticated and can result in severe consequences, such as loss of data, financial loss, and reputational damage. This is evident from the fact that 95% of cyber attacks start at the endpoint. Endpoint security, in effect, provides an additional layer of protection beyond network-level security measures. With the increasing sophistication and complexity of cyber threats, traditional security measures like firewalls and antivirus software are no longer sufficient to protect against advanced threats. Endpoint security solutions are designed to provide a more comprehensive and proactive approach to security by detecting and preventing security breaches at the device level. How Endpoint Security Solution Protect Your Endpoints Endpoint security solutions use several techniques to protect endpoints from cyber threats. These techniques include: 1. Antivirus and anti-malware: These tools scan endpoints for viruses, malware, and other malicious software that can compromise the system's security. The software then isolates and removes the infected files, preventing the malware from spreading to other endpoints.
2. Firewall: A firewall is a network security tool that monitors and filters network traffic. Endpoint security software includes a firewall feature that prevents unauthorized access to endpoints by monitoring inbound and outbound network traffic. 3. Encryption: Encryption is a process of converting data into a secret code to prevent unauthorized access. Endpoint security software can encrypt data stored on endpoints to protect it from theft or unauthorized access. 4. Application control: Endpoint security software can control and monitor the applications installed on endpoints to prevent unauthorized access to sensitive data. The software can block unauthorized applications from running and detect malicious applications. 5. Device control: Endpoint security software can control and monitor the use of external devices, such as USB drives, to prevent the transfer of data to unauthorized devices. 6. Patch management: Endpoint security software can manage and update endpoints with the latest software patches and security updates to ensure that endpoints are protected against the latest threats. EPP & EDR As Endpoint Security Solutions Security solutions such as endpoint protection platform (EPP) and endpoint detection and response (EDR) are now essential in ensuring that your endpoints are securely protected. They do so by creating security layers. EPP acts as the 1st line of defense - a preventative security measure which identifies and block malware, while EDR acts as the 2nd line of defense - which proactively identify threats and protect your endpoints from them. With both of these complementary solutions, this will help your company to fully secure your endpoints from cyber threats and attack. Therefore, it is highly recommended to use solutions that offers both EPP and EDR. Other Best Practices To Implement As cyber threats continue to evolve, it's crucial for businesses to implement best practices to protect their endpoints and sensitive data. Here are a few more tips for enhancing your organization's endpoint security:
On-Premise & Cloud Deployment Endpoint security solutions can be deployed on-premises or in the cloud, depending on an organization's needs. On-premises solutions require hardware and software to be installed on-site, while cloud-based solutions are hosted remotely by a service provider. Takeaway Endpoint security is a crucial aspect of any organization's cybersecurity strategy. Endpoint security solutions provide an additional layer of protection to prevent cyber attacks and protect sensitive data. These solutions use several techniques, including antivirus and anti-malware, firewalls, encryption, application control, device control, and patch management, to secure endpoints against cyber threats. By implementing endpoint security solutions, organizations can reduce the risk of security breaches and protect their sensitive data and assets. Securing the Endpoint with TAFA Shield
With the current cyber environment, endpoint protection is now essential to your cybersecurity strategy. There are many endpoint solutions that exists in this space, therefore selecting the right endpoint security protection is necessary to prevent and block cyber attacks and threats. With our prevention first and zero-trust approach to security using ML and AI, TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information.
Back to Blog
A quick summary of what happened this week in the space of cyber security: New Rorschach ransomware was found, and is deemed one of the fastest encryption researchers ever seen. Malware researchers from Check Point discovered a new ransomware with “technically unique features”, following a cyber attack on a US-based company. One of the most unique capabilities observed was its encryption speed, which according to researchers, are the fastest ransomware threat today. Furthermore, the ransomware is partly autonomous, which carries out tasks that are normally manually performed during enterprise-wide ransomware deployment. My Cloud network breached, locked users out of their data. A recent breach in the My Cloud network has resulted in users being locked out of their data. Some users are reporting that their data has been entirely lost, and others are struggling to access their data due to the security measures put in place following the breach. Western Digital, the company behind My Cloud, has issued a statement acknowledging the breach and promising to take steps to improve security going forward. However, many users are expressing dissatisfaction with the company's response, and some are calling for compensation for the inconvenience caused. Online university, Open University of Cyprus (OUC), suffers a breach. Medusa ransomware gang has claimed a cyberattack on the OUC, which caused severe disruptions of the organization’s operations, whereby several of their central services and critical systems went offline. The ransomware gang gave the institute 14 days to respond to their demand of $100,000. However, they are also willing to sell this data to any interested party for the exact same price. Taiwanese PC Vendor, Micro-Star International (MSI), confirmed a security breach following a ransomware attack. Money Message ransomware gang allegedly claimed to have stolen sensitive information such as financial and personal data, and this information will be leaked online if the company refuses to pay a $4 million ransom. The company reported the intrusion to the police and cybersecurity agencies. MSI also reported that the cyber attack has had “no significant” operational and financial impact. However, they did not state whether customer data was compromised during this network breach. It is highly advised to obtain firmware/BIOs updates only from their official website, and to avoid using files from other sources. Hackers released 16,000 Tasmanian education department documents on the dark web Hackers have leaked approximately 16,000 documents from the Tasmanian government on the dark web. The leaked documents are said to include sensitive information, such as financial details, email correspondence, and personal data of school students and their parents. This information is believed to be released by a Russian-linked hacker group called Cl0p. It has been stated that the data has been accessed via a third party file transfer service, and there has been no evidence that Tasmanian government IT systems have been breached. The Tasmanian government has issued a statement acknowledging the breach and stating that they are working with cybersecurity experts to investigate and contain the incident. It is advised that individuals who may have been affected by the breach to be vigilant and take steps to protect their personal information. Capita, a British outsourcing services provider, suffered a cyberattack. Capita announced that last Friday, they suffered from a cyberattack that prevented access to their internal Microsoft Office 365 applications. Among its customers are critical infrastructure organizations in the UK, such as the UK military, the National Health Service, Vodafone and the Royal Bank of Scotland. The incident occurred at 4am, and it was discovered when staff attempted to log into the system. The company also stated that they managed to isolate and contain the security issue. However, the attack limited parts of the network, and disrupted some services provided to individual clients. The company also stated that there has been no indication that any data has been exposed during this attack. STYX, a new dark web marketplace found that focuses on financial fraud services. STYX has become a thriving hub for buying and selling illegal services or stolen data, after its launch earlier this year. Services provided includes but are not limited to money laundering, identity theft, distributed denial of service (DDoS), bypassing 2-factor authentication (2FA), fake or stolen IDs and other personal data, renting malware, using cash-out services, email and telephone flooding, identity lookup. The money laundering section in particular is significant in STYX, as “cleaning” the stolen funds is an important part of cybercriminal activity. Resecurity highlighted some vendors that offer money laundering services in STYX, like “Verta” who requests a minimum of $15,000 for individuals, and $75,000 for businesses and keeps 50% of the laundered amount. STYX also hosts a plethora of cash-out shops that cover globally. They offer “clean” funds via Paypal business accounts, Apple Pay, and various financial institutions in the UK, US and Canada. Updated info-stealing malware - Typhon, announced. Developers of Typhon announced on the dark web forum that they have updated the malware. According to Cisco Talos, Typhon V2 has been modified to make the malicious code more robust, reliable and stable. V2 features additional anti-analysis and anti-virtual machine capabilities to evade detection and make analysis of the malware a more challenging task. Data collection capabilities have also been expanded, as it now targets a larger number of apps, including gaming clients. Typhon also targets multiple email clients, messaging apps, cryptocurrency wallet apps, and browser extensions, FTP clients, VPN clients, and information stored in web browsers. It can also capture screenshots from the compromised device. Another new feature is that it allows operators to search for and exfiltrate specific files from the victim’s environment. This will allow threat actors to harvest and exfiltrate sensitive information and use Telegram API to send the stolen data to attackers. Critical vulnerability found in VM2 JavaScript sandbox library A critical vulnerability has been discovered in the VM2 JavaScript sandbox library that allows an attacker to execute arbitrary code remotely. The vulnerability is said to affect VM2 versions 3.7.0 and earlier, and has been assigned a severity score of 9.8 out of 10. Furthermore, an exploit for the vulnerability has been made publicly available, increasing the risk of attacks. VM2 has more than 16 million monthly downloads via the NPM package repository, and is used by integrated development environments (IDEs) and code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, security tools, and various JavaScript-related products. It is highly advised that users of the affected library upgrade to the latest version (3.9.15) immediately, and to take other security measures, such as limiting access to the library and monitoring for suspicious activity. Balada Injector malware has been targeted WordPress sites since 2017 Long-running attack campaign that has been targeting WordPress sites with the Balada injector malware since 2017. The campaign is estimated to have compromised over one million WordPress sites, and the attackers have been exploiting vulnerabilities in WordPress plugins to gain access. Once access is gained, the attackers inject malicious code into the site, which can be used for various purposes, such as stealing sensitive data or distributing further malware. It is important to note that the campaign is still ongoing and it is advised that WordPress site owners take steps to protect their sites, such as regularly updating plugins and use security plugins to scan for vulnerabilities. A bug found in Wifi chips that allows snooping. A vulnerability that can allow threat actors to spy on victim’s data, has been found in at least 55 Wi-Fi router models. This security shortcoming can be found in the network processing units in Qualcomm and HiSilicon Chips found at various wireless access points. The flaw prevents devices from blocking forged Internet Control Message Protocol (ICMP) messages, which allows threat actors to hijack and observe your wireless connectivity when connected to the same Wi-Fi network. eFile.com, an IRS authorized tax return software, caught serving JavaScript malware It has been found that IRS-authorized eFile.com tax return software has been serving malicious JavaScript (JS) code to its users. Security researchers state that this code existed on eFile.com for weeks.This malware allows threat actors to give full access to a device, allowing threat actors initial access to a corporate network for further attacks. This allows them to deploy additional malware, steal credentials, spread laterally on a network or steal data for extortion. However, the full extent of the damage of this malware is yet to be learned. Link:
https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://arstechnica.com/information-technology/2023/04/users-fume-after-my-cloud-network-breach-locks-them-out-of-their-data/ https://www.documentcloud.org/documents/23745834-msi-twse-filing-regarding-information-service-systems-affected-by-cyberattack https://github.com/patriksimek/vm2 https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html https://www.ouc.ac.cy/index.php/en/news-events/news/2847-cyberattack https://www.bleepingcomputer.com/news/security/medusa-ransomware-claims-attack-on-open-university-of-cyprus/ https://www.begadistrictnews.com.au/story/8151728/hackers-leak-16000-tas-documents-on-dark-web/ https://www.theregister.com/2023/04/07/wifi_access_icmp/?&web_view=true https://www.bleepingcomputer.com/news/security/irs-authorized-efilecom-tax-return-software-caught-serving-js-malware/ https://www.capita.com/news/capita-plc-update-cyber-incident https://www.resecurity.com/blog/article/styx-marketplace-emerged-in-dark-web-focused-on-financial-fraud https://blog.talosintelligence.com/typhon-reborn-v2-features-enhanced-anti-analysis/ |