Connect with us
CCW 2024

Cyber Security

Uber Data Breach: What Companies Can Learn and Do to Protect Themselves

Published

on

The latest Uber data breach is a result of the common social engineering technique. A NordLayer expert explains how to prevent it and avoid suffering immense costs to business

Uber Technologies is currently investigating the circumstances of a high-scale data breach that resulted in the company’s engineering and internal communications systems being compromised. A hacker, who claimed to be an “information technology worker,” allegedly contacted an Uber employee and persuaded them to hand over a password to the company’s internal systems – a technique known as social engineering.

Social Engineering and Its Costs
“Social engineering is the main technique used by cybercriminals to gain access to companies,” says Martynas Paškauskas, head of development at NordLayer, Nord Security’s product for business network protection.  “It can be truly fatal to a company’s operations and cost an immense amount of money, averaging 4.35M USD per data breach, according to the latest data. Once a hacker persuades an employee to grant access to internal systems, say, pretending to be an ‘IT technician’ who really needs that password to ‘fix something,’ little can be done to stop them. Criminals will go as far as shutting down the entire system, commonly to demand a huge ransom to undo the damage.”

According to research conducted by NordVPN, 84% of internet users have encountered social engineering before, but only 51% can identify it at all, resulting in 36% having fallen victim to it at least once.

Why Social Engineering Happens
“Social engineering is based solely on exploiting normal human weaknesses, like trustfulness,” explains Paškauskas. “And we should not underrate how witty and persuasive modern cybercriminals have become. Remote work and lack of cybersecurity supervision increase risk, too. Yahoo, Facebook, Twitter, LinkedIn, and now Uber have experienced data breaches recently – that means it can happen to any company that doesn’t pay enough attention to who can gain access to internal systems and how. Lack of employee education is another contributing factor.

“That’s why the most advanced and up-to-date solutions for business protection use the zero-trust model, meaning literally: never trust anyone, and always verify who you let inside,” says Paškauskas.  “People make mistakes, so it’s important make sure your technology is reliable.”

To protect your company from a social engineering-induced data breach:

  1. Think about introducing regular training sessions on cybersecurity, commonly used techniques, and their consequences.
  2. Rely on a modern, zero-trust model-based business security solution to eliminate human factor-related security incidents.

Cyber Security

Kaspersky Warns of Android Malware Exhibiting Diverse Features

Published

on

Three new dangerous Android malware variants have been analyzed by Kaspersky researchers. The Tambir, Dwphon, and Gigabud malicious programs exhibit diverse features, ranging from downloading other programs and credential theft to bypassing two-factor authentication and screen recording, jeopardizing user privacy and security.

In 2023, Kaspersky Solutions blocked nearly 33.8 million attacks on mobile devices from malware, adware, and riskware, highlighting a 50% global increase in such attacks from the previous year’s figures. Android malware and riskware activity surged in 2023 after two years of relative calm, returning to early 2021 levels by the end of the year. That said, the number of unique installation packages dropped from 2022, suggesting that malicious actors were more frequently using the same packages to infect different victims: last year Kaspersky detected more than 1.3 million unique malicious installation packages targeting the Android platform and distributed in various ways. Among these were Tambir, Dwphon and Gigabud malicious programs with the diverse features below described.

Tambir is a spyware application disguised as an IPTV app. It collects sensitive user information, such as SMS messages and keystrokes, after obtaining the appropriate permissions. The malware supports over 30 commands retrieved from its Command and Control server and has been compared to the GodFather malware, both targeting users mainly in Turkey, though several other countries were also affected.

Gigabud, active since mid-2022, was initially focused on stealing banking credentials from users in Southeast Asia, but later crossed borders into other countries and regions. It has since evolved into fake loan malware and is capable of screen recording and mimicking tapping by users to bypass two-factor authentication.

Dwphon, discovered in November 2023, targets cell phones from Chinese OEM manufacturers, primarily targeting the Russian market. The same malware earlier had been found in the firmware of a kids’ smartwatch by an Israeli manufacturer distributed mainly in Europe and the Middle East. Dwphon is distributed as a component of a system update application and collects information about the device as well as personal data. It also gathers information regarding installed third-party applications and is capable of downloading, installing and deleting other applications on the device. One of the analyzed samples also included the Triada trojan, one of the most widespread mobile trojans of 2023, which suggests that Dwphon modules are Triada-related.

“As Kaspersky’s mobile threats report shows, Android malware and riskware activity surged in 2023 after two years of relative calm, returning to levels seen in 2021 by the end of the year. Users should exercise caution and should avoid downloading apps from unofficial sources, meticulously reviewing app permissions. Frequently, these apps lack exploitation functionality and depend solely on permissions granted by the user. Furthermore, using anti-malware tools can help preserve the integrity of your Android device,” comments Jornt van der Wiel, senior security researcher at Kaspersky’s GReAT.

Continue Reading

Cyber Security

Intercede Intros MyID MFA v5

Published

on

Intercede has announced the launch of MyID MFA (Multi-Factor Authentication) 5.0. The latest addition to the MyID product family raises the security bar, by enabling organizations to protect on-premise and cloud-based applications, as well as the Windows desktop logon (on and off-line) with a range of phishing-resistant MFA options including OTP (one-time passwords), mobile apps, syncable FIDO passkeys and biometric protected hardware devices.

Bringing enterprise-managed FIDO passkeys into MyID MFA makes it easy to FIDO-enable multiple applications and deploy passkeys to end users, enhancing security and improving the user experience. MyID MFA acts as both a FIDO authentication server and a passkey issuance solution. End users authenticate to MyID MFA with their passkey, and by support for standard federated identity protocols, MyID MFA provides authentication services to multiple applications including cloud, on-premise and Windows desktop logon.

Organizations can choose from syncable passkeys, that use the FIDO protocol built into mobile devices and web browsers, to deliver a simple, secure and passwordless authentication process, via fingerprint, face ID or PIN. For organizations requiring higher levels of security and control, MyID MFA supports device-bound passkeys, such as Yubikey and the innovative YubiKey Bio device, which delivers a similarly seamless authentication experience while ensuring the highest level of security.

MyID MFA also enables the federation of applications (the ability to share identity and authentication information between systems in a managed way), be they cloud-based or on-premise, with support for standards-based protocols such as OpenID Connect and SAML. With federated identity provider (IDP) capabilities built into MyID MFA, it is a natural successor to Microsoft ADFS (Active Directory Federation Services). In addition to acting as an IDP, MyID MFA enables federations with an organisation’s existing credentials and identity providers, including Google and Microsoft Authenticator apps. This allows users to use the apps they are already familiar with and enables organisations to use credentials that are already deployed, reducing operational costs and speeding up the time to deployment.

MyID MFA supports the delivery of a unified authentication experience across the entire application suite, including authentication to applications, accessing self-service portals (to reset credentials), as well as logging on to the Windows desktop. The Windows Desktop Agent has been enhanced in v5.0 with added support for federation, the inclusion of third-party authenticators and FIDO passkeys, meaning organizations have a wider choice than ever on how to protect the primary gateway to their data, networks and applications, regardless of whether they are on Windows 11 or Windows 10 devices.

Allen Storey, Chief Product Officer at Intercede, states: “It is our mission to help organizations protect themselves against data breach by deploying stronger authentication simply, securely and at scale, whether they are SMBs with hundreds of users, larger enterprises, or federal authorities with thousands of users. MyID MFA is the simplest way for any organization to protect their applications, data and networks against cyber-attacks, with phishing-resistant authentication that is easy to deploy, manage and use.”

MyID MFA is part of the MyID product family that includes MyID PSM (Password Security Management) and MyID CMS (Credential Management System), which enables organisations to choose the level of security that best fits their needs, from passwords to one-time codes, mobile apps, FIDO passkeys and public key infrastructure (PKI).

Continue Reading

Artificial Intelligence

Check Point to Secure AI Cloud Infrastructure with NVIDIA

Published

on

Check Point Software Technologies has announced it is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating with NVIDIA DPUs, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

“AI provides great benefits across healthcare, education, finance and more. At the same time, the rate and sophistication of cyber attacks are increasing, with threat actors increasingly looking at ways to disrupt AI workloads in the cloud,” said Gera Dorfman, Vice President of Network Security at Check Point Software Technologies. “We are working with NVIDIA to deliver a new secure AI cloud solution with Check Point AI Cloud Protect that guards even the most sensitive and private AI workloads against cyber threats.”

The rapid proliferation of AI has brought about a revolution in workplace efficiency and innovation. However, this growth also creates additional attack vectors specifically targeting AI, such as backdooring AI models to control a model’s output or to gain unauthorized access to the environment, data exfiltration to expose intellectual property, and denial of service to degrade performance and reduce capacity.

These threats compromise the integrity and security of AI systems and pose risks to business outcomes. They can also erode the foundational trust in AI operations, while potentially affecting other aspects of the data center. There is a critical need for a revamped security approach to protect not only the data in its traditional form but also the AI models themselves, which are central to innovation and competitive edge.

Check Point aims to address these challenges with NVIDIA by integrating network and host-level security insights, offering a comprehensive solution that protects AI infrastructures from both conventional and novel cyber threats. This integrated approach helps ensure the security system is cognizant of network activities and host-level processes, which is crucial for safeguarding AI’s future.

As AI becomes more pervasive, securing AI clouds becomes paramount,” said Yael Shenhav, Vice President of Networking Products at NVIDIA. “NVIDIA BlueField 3 enables innovators such as Check Point to offer robust cyber defence measures to secure AI cloud data centres, while also ensuring peak AI performance.”

In response to these emerging challenges, AI Cloud Protect emerges as a strategic solution, addressing the dynamic security requirements of the AI era. Designed for easy deployment and adaptability, it offers out-of-the-box security without impacting AI performance. Designed for effortless integration and scalability, the AI Cloud Protect provides a robust shield against sophisticated cyber threats.

Engineered with the NVIDIA BlueField 3 DPU, which powers a new class of AI cloud data centres, and the NVIDIA DOCA software framework, AI Cloud Protect is designed to seamlessly integrate into NVIDIA’s AI ecosystems, providing:

  • Robust Defense Against AI-Specific Threats: Empowers organizations to efficiently shield against model inversion, model theft and other attack vectors with unprecedented efficiency.
  • Scalable, Seamless Integration: Facilitates easy deployment across diverse AI environments, ensuring security measures grow in tandem with organizational needs.
  • Optimized Performance with Zero Compromise: Ensures AI operations continue unhindered, with security processes running discreetly, leveraging NVIDIA’s technological infrastructure without impacting AI performance.
Continue Reading
Advertisement CCW 2024

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.