Category: Uncategorized

Deborah Klein thought she bought a safe and guaranteed investment through an online site, but as it turns out, it was an elaborate scam.
"To save that $100,000 it took working eight years, three days a week," Klein tells CTV News Ottawa, as she looks through stacks of paperwork representing a more than two-year record of her loss. "To put to my retirement and now it’s gone."
In April 2021, Klein was looking to invest a portion of her retirement to help with the cost of living. After conducting a search online, she thought she found what she was looking for.
"This GIC came up for Canada Life," Klein says. "Everybody knows Canada Life, it has been around for ages. I was in finance and I remember doing payrolls with benefits and everything."
Klein downloaded a detailed brochure to research and decided on a guaranteed investment certificate that offered a return of 3.13 per cent on a four-year term.
"I didn’t know it was a fake brochure and they asked you to leave an email and your name and they will get in touch," says Klein, which they did. "They said you have to talk to an advisor, so I talked to an advisor and they said you have to prove who you are, prove that the money is not used for laundering, then the application contract and then they get you to do the wire."
To Klein, this all seemed legitimate. She says she researched the company and saw it had recently purchased an Ireland-based firm. That made sense to her because the representatives she spoke with had an Irish accent.
Three weeks after she made the large-sum money transfer, it was pointed out to her that it may have been a fraud. 
And it was.
The website Klein had been navigating that whole time was a spoof, a cloned knockoff, designed to look identical and legitimate.
It’s a problem afflicting many financial institutions. 
"A spoof website … has the same logo as your bank or an insurance company or financial services organization that sells products, the graphics look spot on, the copy is professionally written, no errors," technology analyst Carmi Levy said.
"And unfortunately they are very, very good to the point that even if you do do your due diligence it can be very difficult to tell the differences between these not legitimate resources and a legitimate bank or institution."
In a statement, a spokesperson with Canada Life said that the company is aware of this incident and are deeply troubled by the distress it has caused.
"Our financial industry partners work closely with regulators and the authorities on these issues when they arise to protect consumers from becoming victims."
Which is getting more difficult each day. Cyber crimes are surging and in 2022, the Canadian Anti-Fraud Centre reported more than $500 million in losses, the majority are considered to be financial investment fraud.
"It’s devastating to see how much loss is occurring and how much funds are leaving Canada and being laundered overseas," OPP Det.-Const. John Armit said.
"We’re seeing with these investment scams where the fraudsters are using professional money mules and money launderers to move the funds out of Canada overseas,  which makes it difficult for law enforcement to investigate and get the funds back."
Armit says if you are a victim of cyber fraud, it’s important to call local police immediately. In some circumstances, overseas wire transfers can actually be reversed.
"Canada is trying to do its part to investigate these frauds but it’s limited on what reach we have around the world," said Det.-Const. Armit, adding that prevention begins with cyber awareness.
"Go to the Ontario Securities Commission or your local securities commission and look up are they registered and that will give you an indication of it they are legit or not."
Fraud continues to increase in #Ontario as new scams and schemes appear every day. Follow the #OPP and @canantifraud throughout March to learn about the latest scam techniques, get to #kNOwfraud and learn how to better protect yourself and your family. pic.twitter.com/lHM74qu1LB
Levy says there are some key indicators to prevent being victimized by cyber scams.
"The biggest mistake that people are making is that they are searching for things online then clicking those links … never Google search for financial products," Levy says.
"What you should be doing is going right to the main homepage of the bank or the insurance company or the financial services institution that you know and trust and take a closer look at the address of the website itself and then put it up to the actual website of the organization that you think you are dealing with.
"Read it very carefully, look for any differences in letters, maybe an additional letter or so, or it isn’t the same domain or they added something to the domain and then when you are messaging back and forth with these individuals look for the email addresses that they are using. Are these the email addresses from the domain of the institution? Criminals are raising their game; they are investing more and using increasingly sophisticated tools."
Klein says her investment is likely gone, but wants to share her story as a cautious tale to prevent others from making the same mistake.
"In the old way, you would go there and bring the money in person. So I’m saying, be careful out there, it’s really bad," Klein says. "Really make sure before you make any investments because you don’t want to go through what I did, it’s devastating.”
U.S. President Joe Biden arrived Thursday evening in Ottawa for a whirlwind 27-hour visit expected to focus on both the friendly and thorny aspects of the Canada-U.S. relationship, including protectionism and migration on both sides of the border.

Canada and the United States are negotiating a deal that could see asylum seekers turned back at irregular border crossings across the border, including Roxham Road in Quebec.

As the federal government looks to renegotiate the Safe Third Country Agreement with the U.S., an eastern Ontario mayor says his city needs more help from Ottawa to deal with the influx of asylum seekers arriving through irregular crossings like Roxham Road.

Amid renewed questions over the pervasiveness of alleged interference by China in Canadian elections and affairs broadly, opposition MPs voted Thursday afternoon to affirm a parliamentary committee's call for the federal government to strike a public inquiry.

Five mischievous boys had to be rescued after they crawled through a storm drain tunnel in New York City and got lost, authorities said.

A majority of Canadians have seen a mistake on their grocery receipts in the last year, according to a new survey conducted by Agri-Food Analytics Lab at Dalhousie University.

An asteroid discovered just last week will pass closer to the Earth than the orbit of the moon this weekend, an occurrence so rare it happens only once in a decade, according to NASA.

The number of Canadians receiving employment insurance benefits are at record lows and down 44 per cent from last year, new figures from Statistics Canada show.

Two Kanien'keha:ka (Mohawk) sisters from Montreal are on a mission that is close to their hearts: to save their ancestors' first language by developing video games young and old can play.

The Tim Houston PC government remains firm in their promise they'll fix the health-care system by spending more taxpayer money on health than any previous government before.

A couple in Shepody, N.B., has lost everything after their home was destroyed by fire Wednesday afternoon.

Potato farmers on Prince Edward Island are taking the federal government to court due to the decision to restrict the movement of P.E.I. seed potatoes.

The Ontario government says it is on track to balancing the budget by 2025 despite having the largest spending plan in the province’s history.

Pharmacists in Ontario are being given the power to prescribe new medications.

An Ontario man said he was shocked when his truck was stolen not once but twice, and the second time it was taken he was surprised to discover he was no longer covered for theft.

For the first time, the owner of a building in Old Montreal has responded to questions about the fire — through his lawyer — addressing allegations that the building was unsafe.

The political class at the National Assembly has condemned the 'violent' and 'hateful' remarks that columnist Gilles Proulx allegedly made about Quebec solidaire MNAs during Richard Martineau's show on Qub radio in recent weeks.

The RCMP arrested an 18-year-old Montreal man Thursday on allegations he was going to commit a terrorism offence based on a tip from the FBI.

Fire crews were called to the scene of an active fire in the Greater Sudbury community of Chelmsford Thursday evening.

The second-degree murder trial of Robert Steven Wright resumed briefly Thursday morning, with the defence formally wrapping up its case.

The co-owners of a new liquidation store in North Bay, Samuel Quesnel and Chloé Boivenue, say they want to bring a treasure hunt shopping experience to the city.

The new provincial budget features items specific to southwestern Ontario, including a new English public elementary school in London, Ont. that will serve 556 students and include 88 licensed childcare spaces.

A young Strathroy, Ont. man believes there's a promising way forward in the effort to fight his disease. But, he's being told, right now, that path isn't open to him. Friends and family are stepping up to try and make a case for Kyle McPhee to receive immunotherapy treatments.

A special weather statement is in effect across southwestern Ontario. Environment Canada said freezing rain and strong winds are possible Saturday.

Mounties in Lac du Bonnet have recovered a gun stolen more than two years ago from an RCMP officer's home in Winnipeg.

Manitoba First Nation police have arrested a man connected with a shooting on March 19 on Long Plain First Nation that resulted in the community going on lockdown.

Manitoba’s labour force is growing at a rate to supply enough workers for available positions into 2026, according to the province’s labour market outlook.

The ‘Catch the Ace’ jackpot is still up for grabs in Hagersville. There was no winner Thursday night so the total prize money is now an estimated $1,526,067.

The resurrection of Zellers is officially underway with the Cambridge location opening its doors to eager shoppers who lined up ahead of the store's official reopening.

A restaurant in Ayr, Ontario wants to warn others in the industry about what they believe to be a fake catering scheme.

The City of Chestermere staff member charged with assaulting another staff member pled not guilty Thursday.

The Alberta Energy Regulator has cited an energy company for causing a series of earthquakes, including the largest recorded tremblor in the province's history.

Calgary police say $1.6 million worth of cocaine was seized from a New Brighton home earlier this month.

An alleged victim of a former staff member of Legacy Christian Academy can now be identified after she successfully petitioned in court to have a publication ban lifted.

In the weeks leading up to Wednesday’s provincial budget, school divisions in Saskatchewan were expecting funding levels to increase, with the province repeatedly touting its $1 billion surplus.

Closing arguments are set for next week in the first-degree murder case of a man accused of killing his girlfriend.

The Alberta Energy Regulator has cited an energy company for causing a series of earthquakes, including the largest recorded tremblor in the province's history.

The homicide section is now investigating the death of a 43-year-old woman found on Whitemud Drive earlier this week.

Edmonton Police Service investigators believe the 16-year-old boy who fatally shot two EPS officers is the same person who shot a Pizza Hut employee.

Security cameras have captured a woman smearing and throwing human feces at a downtown Vancouver building more than once this month.

Following a court appearance Thursday, a B.C. woman facing more than 20 charges – including manslaughter – in connection with alleged druggings of men who used escort services was remanded into custody.

The man killed in West Vancouver earlier this week was a retired urologist who was involved in several legal disputes over valuable real estate, CTV News has learned.

The Mayor of Regina calls tourism slogans that were rolled out as part of a rebrand last week “sexist” and “wrong.”

A recent report from the province’s privacy commissioner says the Métis Addictions Council of Saskatchewan Inc. (MACSI) failed to take appropriate steps after patient treatment files were discovered in a recycling bin.

A location for the site of the new joint-use Harbour Landing Elementary School has been confirmed.

CTV News Programs
Local News
© 2023 All rights reserved. Use of this Website assumes acceptance of Terms & Conditions and Privacy Policy

source

Climate Change
Global Climate Agreements: Successes and Failures
Backgrounder by Lindsay Maizland November 4, 2022 Renewing America
Myanmar
Myanmar’s Troubled History
Backgrounder by Lindsay Maizland January 31, 2022
Health
How Tobacco Laws Could Help Close the Racial Gap on Cancer
Interactive by Olivia Angelino, Thomas J. Bollyky, Elle Ruggiero and Isabella Turilli February 1, 2023 Global Health Program
Ukraine
How Does the War in Ukraine End
Virtual Event with Philip M. Breedlove, Charles A. Kupchan and Alina Polyakova March 15, 2023
Social Issues
Social Justice Webinar: Social Safety Nets
Virtual Event with Chris Howard, Chris Howard and Arohi Pathak February 23, 2023 Religion and Foreign Policy Webinars
Americas
C.V. Starr & Co. Annual Lecture on China: Frayed Relations—The United States and China
Virtual Event with Ivan Kanapathy, Bonny Lin and Stephen S. Roach February 13, 2023 C.V. Starr & Co. Annual Lecture on China
As George Orwell might have said, when it comes to understanding the impact of cyber threats in different parts of the world: all regions are equal, but some are more equal than others. No region can afford to be complacent about cyber threats from criminals, “hacktivists,” or hostile states. Developing countries such as those in Latin America are expected to respond effectively to cyber threats, but so far the global cybersecurity debate has neglected some of the structural factors that make this difficult.
While cybersecurity in the region made headlines last year, after a pair of ransomware attacks on Costa Rica crippled the country’s medical, government, and commercial systems, too often the issue does not get the attention it deserves–both internationally and across the region. Recent reporting about an alleged ransomware attack suffered by the government of Saint Kitts and Nevis demonstrates that the problem isn’t going away.
More on:
Cybersecurity
Latin America
Structural barriers to a global conversation
There are at least three reasons why the region is overlooked. First, there are few incentives for threat intelligence companies to prioritize Latin America over larger markets. Second, there is a tendency in cybersecurity to focus only on high-visibility threat actors, rather than emerging ones. Third, disparities in development across the region mean that the cybersecurity needs of different countries can vary significantly.
These and other factors combine to produce an incomplete picture of threats and vulnerabilities in Latin America–all of which adds to the lack of political notoriety the agenda has received regionally. While technical cooperation has indeed increased through activities at Latin America and Caribbean Internet Address Registry (LACNIC), Organization of American States (OAS) and others, political initiatives remain ad-hoc and country-based. If Latin America is to take cybersecurity seriously, it needs to invest in a concerted dialogue for sustainable development with cyber at the heart of it. But dealing with structural challenges will also require better understanding of the threat landscape both from within and outside the region.
How can we raise the profile and political priority of cybersecurity in the region despite these barriers? What should countries in Latin America (and others) do to improve cybersecurity and resilience?
Cyber insecurity in Latin America
More on:
Cybersecurity
Latin America
The fact is that the region faces many of the same cyber threats as others, ranging from apparently global hackers-for-hire to groups more ostensibly aligned to the interests of specific states with strategic interests in the region. This is unsurprising, as the region’s relatively peaceful inter-state relations do not reduce the perennial temptation of states to spy on each other–and, as recent history has shown, on their citizens.
It is neither new nor rare for Latin America’s governmental and other sectors to be targeted in cyberspace.  Threat actors have been operating in the region for many years now–both those that originate from the region and those based outside it. Chinese and North Korean groups have been targeting the region’s governments, nongovernmental organizations, and private companies reportedly since 2017–and other groups such as Dark Caracal and El Machete have reportedly been active in the region since at least the early 2010s.
And yet, unlike more developed countries, many of the region’s governments are ill-prepared and under-resourced to deal with the growing costs and wider impacts of these incidents. 
A very public example of the inadequacy of current governmental safeguards was the widely-reported Guacamaya hack-and-leak campaign in October 2022. This campaign targeted several defense and security institutions throughout Latin America, including revelations about a large surveillance program run by the Mexican government. The apparent ability of so-called ‘hacktivists’ to break into what should have been highly-secure defense and national security systems demonstrated that governments and citizens alike are vulnerable in this domain.
More can and should be done, systematically, to integrate existing knowledge and expertise within the region to counter cyber insecurity.
Progress in adversity
The Organization of American States (OAS) was the first regional body in the world to start developing a cyber strategy, in 2003. It remains a key player in regional cybersecurity capacity-building and an important point of contact for donor states, non-profits, and others to contribute to cybersecurity initiatives in Latin America. But implementing a coordinated approach to improving cybersecurity is hard enough domestically, let alone at the regional or global level–especially in a region with such varying levels of digitalisation and development.
Fast forward two decades since the region’s first cybersecurity efforts and it is still grappling with institutional and political barriers to enhancing cybersecurity. According to the International Telecommunications Union (ITU) Global Cybersecurity Index (GCI): twenty eight countries in the region provided no incentives to improve private sector cybersecurity (only Africa ranked lower regionally); seventeen countries lacked a national cybersecurity strategy that addressed critical infrastructure and resilience; and fourteen countries lacked a national computer incident response team.
Some progress has been made, but outcomes are very uneven. Brazil has jumped from 70th to 18th in the ITU GCI, after having passed a data protection law, established a data protection authority, and developed a national cyber strategy. Other countries in the region, however, such as Bolivia (140^th) and Nicaragua (165^th), slid even further down the other end of the table. And, as repeated hacks of public and private sector networks in Brazil demonstrate, neither institutional nor policy developments are in themselves sufficient to protect citizens and consumers from cybercrime.
As incidents like the ransomware attacks on Costa Rica’s government systems have demonstrated in the last year, not only are there still severe capacity gaps that leave countries in the region exposed to serious threats, but the region also features increasingly prominently as a target.
Latin American countries’ pathways to cyber resilience are far from linear. Despite challenges, they have nonetheless reaffirmed their commitments to norms for responsible state behavior in cyberspace, nine of them acceded to the Budapest convention that enhances mechanisms for transnational cooperation in fighting cybercrime, and OAS member states have agreed on a series of Cyber Confidence Building Measures since 2017 that seek to promote greater exchange of information on initiatives and incidents from across the region.
These initiatives are commendable and welcome, but also insufficient to the challenge. The region’s continuing trend of major governmental cyber crises is strong evidence that coordinated effort at the national and regional levels must be intensified. Part of the solution is to better understand what has worked–and what has obstructed further progress–in the region’s 20 years of cyber capacity-building experience.
Getting priorities straight
Latin America cannot solve its cyber insecurity on its own, nor should it face it alone. The region’s most cyber-capable countries, such as Brazil and Chile, should embrace a more active leadership role improving regional cybersecurity cooperation, including through the OAS as the region’s pre-eminent cyber capacity-building forum. Welcome initiatives would include more integrated threat-information sharing and incident response assistance, as well as better inclusion of the region’s non-profits and local companies in the field. There are global networks of expertise and assistance, but raising the political prioritisation of cybersecurity must start within the region itself and be sustained with strategic patience.  
Beyond governmental efforts, think tanks and academia should develop a public repository of incidents, bibliographies–such as the one produced by the Latin American Cybersecurity Research Network–and bring the region’s existing expertise into wider global conversations in cooperation with other sectors. These would be the next steps in raising the profile and real-world impact of cyber research produced in Latin America.
The region stands to benefit significantly from expanding digital access and skills. That is true in social interaction, economic activity, and the provision of public services. But improved cybersecurity must be an integral feature of this process, or else the darker side of cyber insecurity will continue to blight the region’s citizens, consumers, companies, and governments. Closing the region’s cybersecurity gaps will require re-invigorated governmental leadership, but it will only succeed through coordinated effort with other stakeholders, and deeper cyber awareness amongst policymakers, legislators, companies, and civil society.
 
Louise Marie Hurel is a Research Fellow at the Royal United Services Institute for Security and Defense (RUSI), PhD Researcher at the London School of Economics and Political Science, and founder of the Latin American Cybersecurity Research Network (LA/CS Net).
Dr. Joe Devanny is a Lecturer in the Department of War Studies at King’s College London and currently a British Academy Innovation Fellow.
The views expressed in the article are solely the authors’ and do not necessarily reflect the viewpoints or opinions of organizations they are affiliated with.

source

Use the CRI to assess your organization’s preparedness against attacks, and get a snapshot of cyber risk across organizations globally.
Content added to Folio
Risk Management
With phishing attacks at an all-time high, phishing as a service (PhaaS) is turning this once-skilled practice into a pay-to-play industry. Understanding the latest attack tactics is critical to improving your email security strategy.
By: Jon Clay March 02, 2023 Read time:  ( words)
Save to Folio
According to Verizon, 78% of organizations experienced email-based ransomware attacks in 2021, with 15 million phishing messages containing malware being directly linked to later-stage ransomware. The arrival of the COVID-19 pandemic saw a dramatic rise in phishing attacks, with Trend Micro data showing a whopping 137.6% growth in 2020 alone.
Part of the proliferation of email-based attacks can be linked to the rise in the growing trend of the overarching notion of crime as a service (CaaS). Comprised of malicious actors with different specialized skills, these expert crime groups include ransomware as a service (RaaS), access as a service (AaaS), and most recently PhaaS.
While email remains to be the most common initial attack vector for cybercriminals, due to ease in nature, phishing attacks cost enterprises nearly $15 million USD annually. This is due to phishing attacks evolving in such a short period of time from simple advanced-fee scams to sophisticated advanced social engineering made possible by PhaaS. Effective attack surface risk management (ASRM) must start with proactive defense of initial attack vectors.
Learn more about crime as a service (CaaS) groups:
What is phishing as a service (PhaaS)?
Like RaaS or AaaS, this attack technique allows virtually anyone with even an entry-level knowledge of the cybersecurity landscape, to benefit from a phishing attack—often monetarily and often via email-based entry. Cybercriminals act as a “service provider” on behalf of others in exchange for a payment (often as little as $15 USD a day) and/or a portion of a ransomware payout. Alternatively, wannabe scammers can purchase a “phishing kit” for as little as a flat $40 USD fee (with some providers reportedly offering even steeper discounts as part of Black Friday deals).
These kits include the capabilities and tools required to launch a phishing attack, often including email templates, spoof website templates, contact lists of potential targets, detailed instructions on how to execute an attack, as well as access to “customer support.”
New technology like ChatGPT makes phishing more accessible. The AI chatbot has already proven its ability to write emails indistinguishable from a human, with perfect spelling and grammar as well as faster turnaround to news being shared publicly. Also, its built-in translation capabilities enable attackers with limited English skills to “write” convincing, high-quality phishing emails.
As reported by CNBC, Cody Mullenaux, a 40-year-old small business owner from California, was scammed out of more than $120,000 USD from a team of cybercriminals operating off of a phishing kit.
While banks in the United States of America are required to reimburse stolen funds to customers during such attacks, the Electronic Fund Transfer Act that governs these laws does not protect victims of wire-transfer scams, leaving Mullenaux unable to recoup his losses.
As shown by Cody Mullenaux’s case, PhaaS has made access to ransomware attacks more accessible than ever by removing the barrier of entry for malicious actors. This means more cybercriminal activity and an increased chance of your company falling victim.
Email security best practices
With the new threat of PhaaS only exasperating what was already a ransomware epidemic, your organization requires more than just native email security. A layered security approach, integrated with a broader platform, is your best defense against targeted threats. In 2021, Trend Micro detected and blocked over 33 million malicious emails that slipped past native defenses.
A typical layered security approach combines these four tactics to thwart attacks and mitigate cyber risk:
1. Email gateway
To protect your employees and your assets from potential attacks above and beyond native defenses, you need advanced filtering and protection. An email gateway featuring defenses powered by artificial intelligence (AI), machine learning (ML), and behavioral analysis within a single dashboard will reduce manual tasks for overstretched security teams. AI-assisted capabilities like authorship analysis (ex. Writing Style DNA) study the writing style of your company’s management team and can flag suspected spoof emails before they reach your employees.
2. Cloud app security
When it comes to the evolving world of cybersecurity, 100% protection does not exist. For those instances where a malicious email does penetrate defenses, Cloud Application Security Broker (CASB) will remove the flagged communication from all mailboxes across the environment. In addition, advanced CASB tools can prevent compromised email accounts from spreading phishing messages to other employees and peers.
3. Education
Phishing simulations like Trend Micro™ Phish Insight provide you with the tools to educate and test your users on the latest methods used in the most common phishing campaigns. These real-world simulations make use of templates extracted from actual phishing scams.
4. Secure web gateway (SWG)
By inspecting traffic between employees and the internet, an SWG uses ML to identify spoof websites that have the ability to spread ransomware across your organization. The addition of an acceptable use policy (AUP) can further mitigate risk by restricting access to any unsanctioned apps where users are asked to input personal information.
Next steps
Leveraging a layered security approach that is a part of a unified cybersecurity platform and backed by broad third-party integrations and extended detection and response (XDR) capabilities provides your team with high-resolution visibility and reporting capabilities. This allows for greater visibility across your attack surface, so you can better detect and respond to even the stealthiest phishing attacks.
Jon Clay
VP, Threat Intelligence

source

Dismissing the anticipatory bail of a man booked in an online fraud case, the Punjab and Haryana High Court has said that it was unfortunate that the “maximum number of cyber criminals operate” from India, “bringing a terrible name to the nation”.
The petitioner-accused, Mohammad Jubair, had been arrested for his alleged involvement in an online fraud wherein he allegedly pretended to be working for an insurance company and duped the complainant, who works in the Central Reserve Police Force, of Rs 14,46,662.
Hearing the petition on February 22, the bench of Justice Anoop Chitkara said, “Besides being middle-aged or old, most victims are simple, honest, and truthful people who believe these thugs [fraudsters] to be like them. They do not know any technology except some basic features of smartphones, and this little knowledge makes them vulnerable to cyber-thugs. Unfortunately, the maximum number of cyber criminals operate from our country, bringing a terrible name to the nation.”
The counsel for the state opposed the bail and stated that the petitioner’s custodial interrogation is required to trace the other accomplices and recover the money. He submitted that if the investigator gets evidence against those accused, who have been granted bail, the state shall file applications to cancel the bail orders.
After an FIR was registered in March 2022 at Pehowa police station in Kurukshetra district under Section 420 (cheating) of the Indian Penal Code – charges under several other IPC sections were subsequently added – a police investigation revealed the involvement of other accused, allegedly from Noida-based Haxar Insurance Service Private Limited company.
The investigation further revealed that the call centre operated by the company would allegedly target unsuspecting people and get money from their accounts transferred into accounts in the states of Chhattisgarh and Telangana. The investigation further pointed towards the involvement of Jubair after Rs 1,17,170 was transferred into his account from the account of co-accused Rishikesh Tiwari.
Hearing the matter, the high court held, “The modus operandi of these call centre thugs is that operating in a pack, one gets in touch with a vulnerable suspect through malicious links sent through phishing or by making calls on their numbers. They get access to these numbers from the dark web, where another set of criminals keeps selling people’s personal information, like their mobile numbers, e-mails, and even Aadhaar numbers, bank account details, PAN, passport details, date of birth, etc. They interact as per a specifically designed transcript. After taking such victims in confidence, they would pass on the call to their accomplices by referring to them as their managers.”
Justice Chitkara added, “Whenever these thugs find that the victim is slipping away, they bring another gang member by referring [to] them as a senior manager, who would again entrap the person. They also prefer female gang members to speak to the male victims. They work and operate in criminal conspiracy and target to siphon money from the victim’s accounts. All these thugs who attend such calls or become instrumental in the cycling of the funds, prima facie, are fully aware of the motive and style of the gang’s operations, which is to rob the susceptible victim of as much money as possible and continue to do so until such a person runs out of liquidity.”
The high court said that prima facie, there is sufficient evidence to connect the petitioner with the proceeds of crime and his operating as a conduit and an active member of gangs of cyber fraudsters. “The evidence indicates that the petitioner and his accomplices operate as online thugs. The sly way the petitioner’s accomplice, in connivance of the petitioner and other thugs, conned, tricked, deceived, swindled, and defrauded the gullible complainant pointed out the dangerous indicator that the thugee [fraud] has revived, and if not sternly dealt with now, it might upsurge, revisiting the history,” the court added.
Dismissing the bail plea, the high court said Jubair’s custodial interrogation is required to find out the involvement of other co-accused and the role of the management of the company.
The high court also made it clear that in case the investigator finds sufficient evidence connecting those accused who have been granted bail, it shall be permissible to file an application for cancellation of such bail by referring to such evidence.
Bengal bypoll: Blow to TMC, Congress wrests Muslim-dominated bastion



Jagpreet Singh SandhuJagpreet Singh Sandhu is a senior correspondent with The Indian Expres… read more

source

The drive towards a more digital future is key to the prosperity of manufacturing. However, digital transformation heralds a new era of connectivity which brings with it rising levels of cyber vulnerability. Indeed, the last few years has seen manufacturing overtake financial services as the most cyber attacked industry. Joe Bush reports.
With over 11 billion IoT devices worldwide in 2021 (rising to an estimated 29 billion by the end of the decade), we’re certainly no strangers to connectivity and the potential dangers of poor cyber security or hacking. While in years gone by the family PC may have been the only internet connected device in the house, now the average home can boast lights, speakers, phones, games consoles, children’s toys, cars and even fridges and washing machines as being smart, internet connected devices.
This is great for making our lives easier and more entertaining, but every connected device represents an avenue of attack for malicious actors with mischief in mind or devious designs on our data. By the end of 2021, cyber attacks cost the global economy an estimated $6tn, a figure which is estimated to almost double by 2025. Of course, cyber crime is nothing new, and we as consumers have long been aware of best practice around making our devices safe and secure, whether that be through firewalls, anti-virus software or password authentication.
However, what of manufacturing? A sector that in some instances is still in the early stages of digital transformation and as such, is perhaps not fully aware of the dangers that can be ushered through the doors of the plant or factory with the deployment of emerging, digital technology. To say nothing of the growing sophistication of the various threat actors at large.
There’s no doubt that smart factories, driven by technology, are the future of manufacturing and can lead to improved productivity and performance via increases in factory output, utilisation and labour productivity. This will also lead to the creation of a hyperconnected supply chain which offers a digital thread throughout the business and a real-time view of product lifecycles.

However, before manufacturers get too excited about digital transformation, it is vital that the cyber risks involved are known and understood, as Rob Hayes, Director at Deloitte explained: “To harness the business benefits and opportunities presented by technological developments, the cyber risks need to be better understood as many organisations are moving to a hyperconnected business without understanding the real risk to themselves and others.
“Hyperconnectivity increases the blast radius of an attack, which means that a cyber incident at a manufacturer is often not an isolated event. Compromising one area could impact the entire organisation, and consequently all of its business partners. Many incidents we have responded to have either been caused by or impacted other organisations in the supply chain. This can be detrimental for organisations with highly stringent quality assurance standards as their products risk being rendered completely unsellable.”
Back in 2018 a Make UK report highlighted the susceptibility of manufacturers to cyber risk, revealing that 41% of companies did not believe they had access to enough information to even assess their true cyber risk; 45% felt they did not have access to the right tools for the job; while 12% admitted they had no technical or managerial mitigation processes in place. This created a nervy environment where manufacturers were apprehensive about investing in digital technologies – and this back when manufacturing was only the third most targeted sector.
Fast forward and the events of recent years have shown how vulnerable manufacturing supply chains can be; a fact that has not gone unnoticed by cyber attackers. Downtime can be catastrophic within the manufacturing space, and that operational risk has been exacerbated by the challenges of the pandemic, war in Ukraine etc.. As such, a successful cyber attack has the potential to be seriously disruptive to manufacturing supply chains which are already under pressure.
Malicious actors are looking to capitalise on that vulnerability and it’s no surprise that 2021 saw manufacturing outpace the finance and insurance sectors in the number of cyber attacks for the first time in five years. Indeed, subsequent research late last year by Make UK, in partnership with Blackberry, revealed that nearly half of Britain’s manufacturers have been a victim of cyber crime over the last 12 months. Therefore, along with other challenges around energy and political instability, increasing cyber risk looks set to be one of the key business challenges of 2023.
To be cyber secure means constantly trying to hit a moving target. IBM’s X-Force Threat Intelligence Index 2022 shows that as defences grow stronger, malware gets more innovative. Attackers are increasingly using cloud-based messaging and storage services to blend into legitimate traffic, and some groups are experimenting with new techniques in encryption and code obfuscation to go unnoticed.
And in the world of connected supply chains, it may even be business partners who put you at risk. Triple extortion is an increasingly popular tactic of encrypting and stealing data, while also threatening to expose the data publicly and engage in a distributed denial of service (DDoS) attack against the affected organisation, unless a ransom is paid.
Ransomware gangs are also looking to their primary victim’s business partners to pressure them into paying a ransom to prevent their own data leakages or business disruptions caused by a ransomware attack.
Malware targeting Linux environments also rose dramatically in 2021; a surge that IBM predicts is possibly correlated to more manufacturing organisations moving into cloud-based environments, many of which rely on Linux for their operations.
Neil Matthews, Managing Director of MSP, a leading manufacturer of stampings and springs, claimed that the sector is currently falling short in terms of providing adequate protection against cyber attacks, and has urged manufacturers to start putting security at the top of their agendas both for themselves and their upstream customers.
He commented: “While cyber security affects every company in all industries, the manufacturing industry overall is particularly vulnerable, prone to cyber attacks and can face considerable challenges such as theft of IP.
“Malware and ransomware attacks are increasingly using sophisticated new tricks to infiltrate and exploit weaknesses. These attacks can result in a loss of competitive advantage, denial of access or damage to operational systems including production facilities. Significantly, it can also negatively impact a manufacturer’s trading reputation, leading to a loss of customers or suppliers.”
Manufacturing had a reported 23.2% share of cyber attacks and a further 33% increase in the number of incidents caused by vulnerability exploitations from 2020 to 2021. In that same period, 63% faced losses of up to £5,000, with 22% revealing a cost to their business of between £5,000 and £25,000. Neil added that with nearly half of British manufacturers having fallen victim to cyber crime since 2018, the industry can no longer adopt the notion that ‘it won’t happen to us’.
“As manufacturing businesses grow increasingly digital, it is now more important than ever that companies’ cyber security is just as proactive, because reactive improvements are too late, and damages will already have occurred.
“Vulnerabilities like single-layered protection, lack of firewall implementation, lack of protection to broadband connections and others can all be easily exploited by cyber criminals when the reality is that these vulnerabilities can be easily fixed and remote working infrastructures strengthened.
“The increasing tech-native nature of criminals, who have similarly adapted to the changing landscape of technology, and the lucrative nature of data, means that manufacturing experts agree that cyber security can no longer be taken for granted. Instead, we firmly believe it should become an integral element of all company’s strategies and plans for the future.”
There is certainly no silver bullet solution to cyber security issues, particularly due to its ‘moving target’ nature as mentioned earlier. However, as Rob explained, manufacturers can get off to a good start by adopting a ‘zero-trust’ security model and building incident response capabilities into their operations.
The level of connectivity within manufacturing organisations and the wider supply chain will continue to head in the same direction, and therefore, strong prevention, detection and response capabilities will be vital to reduce the negative impacts of hyperconnectivity and minimise the level of recovery required. Rapid recovery capabilities are also essential to limiting disruptions and getting operations back to the levels required for a viable business.
“Smart factories and digital supply networks need an approach that breaks down the perceptions of traditional ‘business-disabling’ cyber and brings them closer to something that is aligned with the principles of the digital supply chain,” said Rob. “We believe that the zero-trust security model could have significant potential, the core principle of which is ‘never trust, always verify’. The zero-trust model moves away from the traditional ‘perimeter-based’ concept that constrains business freedom, to one where trust is created between individual resources and customers.
“The zero-trust strategy is therefore uniquely placed to provide agility and scalability while minimising the costs and complexity of cyber management. This is important when moving to a borderless model where traditional technology boundaries no longer exist. It allows data to move freely as it interacts with the business across the digital thread. Accomplishing free movement of data is the prerequisite to realising a smart factory and its digital supply chain.”
We’re on a digital transformation journey and while cyber security is now on the agenda, we are some way off being an exemplar. We have put in place what we consider to be appropriate tools for our current systems, and these will be enhanced as we grow and implement our digital transformation strategy.
Greater connectivity will inevitably mean greater risk of attack, and this will be addressed as we build our next generation systems.
Cyber security has always appeared on MPE’s risk register but in recent years the consideration of this has become increasingly important. We now undertake an annual review of systems. This is carried out by an independent third party, so that we may gain the UK government approved Cyber Essentials certification. This certification is now required when bidding for and being awarded certain government funded work.
It is clear that in the future, cyber essentials certification or its equivalent will be increasingly demanded by clients. This alone means that manufacturers will have to invest a certain level of resource/time/ cost toward attaining and maintaining such accreditation. In addition, as more and more systems become reliant upon IT and digitally connected to the world outside the respective manufacturer, any negative impact from a cyber attack or event will become increasingly significant.
Cyber security has always been a top priority. However, this is increasing in our manufacturing processes as we adopt a more data driven approach. This is exemplified by our Digital Factories initiative which is delivering a new data-driven approach to design and manufacturing and building in secure by design from the outset.
The range of threats are increasing, so organisations need to be more aware and respond appropriately. That is why we are investing in our cyber capabilities and developing our Cyber Advantage product in the UK. We are also a National Cyber Security Centre Certified Cyber organisation and have a dedicated team of specialists making sure we deliver appropriate security across our organisation.
The cyber threat is going to increase as the drive towards increasing connectivity and use of data to drive efficiency continues. However, this presents opportunities for those organisations who adopt an approach to cyber security based around cyber resilience and secure by design, where security can act as a genuine business enabler and allow organisations to take advantage of new technologies without exposing themselves to unacceptable levels of risk.
As a key supplier to the MoD, emergency services and the nuclear industry, security has always been one of Babcock’s highest priorities and cyber security is a critical element of that. Increased connectivity in manufacturing has added to the threats we face, however, our understanding of the risks is well established and our protocols defined. We apply the same rigorous security processes to a sensor in the manufacturing environment as to a laptop connected to our network.
It takes significant dedication and effort from our information services, information assurance and security teams to maintain our networks and the information assets that Babcock use to securely deliver our work for our customers. People are considered our best defence and we are all comprehensively trained to spot and prevent cyber-attacks.
The threat landscape is constantly changing and the range and complexity of connected devices is increasing. Vulnerabilities in systems and applications are continuously being found, and while we wait on vendors to develop and test updates and patches, they remain vulnerable. In addition, cyber threat actors never cease looking for vulnerabilities and learning how to exploit them.
Industry Interview: Rob Clifford, Chief Data Officer for BAE Systems Maritime and Land Division
How are attitudes towards cyber security changing within manufacturing?
Increasing connectivity and the market facing nature of the manufacturing sector is creating more vectors of attack. And increasingly, an awareness of outside influences disrupting manufacturing processes through technology has risen through the chain of command.
Research suggests that the awareness and impact of cyber attacks on the manufacturing industry has increased in recent years so it’s easy to conclude that manufacturing is acutely exposed to cyber crime. Attitudes are hardening and it’s a topic that people don’t equivocate about. There’s a balance to be had as it’s important that manufacturers don’t become embroiled in the topic to the extent that they take a step backwards in terms of innovation and development, while at the same time recognising the existential risks that exist and take appropriate steps to manage them.

Within manufacturing the advent of IoT and connectivity has seen an acute threat to critical infrastructure reflected not just within businesses, but in terms of a national and transnational concern. In the US, there’s the IoT Cybersecurity Act of 2021 and in the UK, the Product Security and Telecommunications Infrastructure Act 2022, plus we have the National Cyber Security Centre.
It’s a subject that’s now part of the firmament and forms the backbone of the critical infrastructure of UK manufacturing.
Does BAE have personnel dedicated to cyber security?
Cyber is standalone, but also has the relevant connections into the broader information, management and technology (IM&T) and engineering spaces. It is a pan-sector issue and we have a senior individual who leads a discrete programme of work, both in terms of remediation and improvement, while keeping a watchful eye on the space as it develops.
There’s also working level, operational activity as well. Critically, we make sure that cyber security is not merely relegated to an IT issue; it’s much broader than that. And in the manufacturing space, it’s essential that the people doing the delivery, building the equipment, maintaining and supporting it, are just as aware and informed about the risks of cyber, and the opportunities to mitigate it, as the people who are involved in the technical and academic work.
How is BAE mitigating against cyber attacks?
Cyber security is an interesting topic, as it covers a broad spectrum from very bespoke, niche, technical risks that might be faced by different organisations, through to some fairly pragmatic elements of security that you’d expect everyone to take seriously. For BAE, education, planning and tighter orchestration of our data estate is at the top of the table. It’s important to take practical steps around updating your infrastructure, making sure you maintain your legacy systems and they remain secure.
As mentioned, there’s also a balancing act between tolerance of risk and being risk averse. One of the most pernicious side effects of cyber attacks is that they cause businesses to stand rigid and conclude that safety will be assured if everything is locked down. That might be the case, but that in turn will stifle momentum, innovation and progress, which is at the heart of the UK manufacturing industry, and why we’ve got such a profound tradition.
Critically, when we talk about cyber threats and attacks, we inevitably get into a conversation about technology. Yes, there’s a huge technology element involved, but many of the most effective attacks occur due to a lack of social awareness, so education and training is vital.
Whether it be watering hole attacks, infected USB sticks or spear phishing attacks; they’re all linked to a human element, and people are risk vectors too. Of course, the technology is important, but equally integral is making sure an organisation’s people are up to date.
How challenging are legacy systems as an attack vector?
It’s an ongoing challenge, and it always will be. If nothing ever changed within an organisation, then there would be no dynamism or progression and the benefits of Industry 4.0 and connectivity would not be realised.
However, with legacy systems it’s important that manufacturers are aware that you can’t just make a transition to something new and forget about the system being replaced. Historically in the UK, there have been some challenges associated with legacy systems.
We had the WannaCry ransomware attack a few years ago, and some of the worst affected industries have been those where legacy systems have been exposed. Manufacturers need to have a grasp on where data sits (and where the risk is), while also making sure that if patching or improving the estate is being considered, then all the ingress and egress points are being captured.
What is the potential impact of a cyber attack?
There’s a spectrum of severity but of course, for the manufacturing industry, we’re talking about stopping or slowing production, or otherwise making it harder to get back to the optimum levels of output that existed prior to the attack. Manufacturers are always looking for efficiency and the improvement of quality, so anything that interrupts or disrupts that is going to present a challenge.
You could also look at the law of unintended consequence. An impact to one part of the system, particularly in a high assurance and complex manufacturing space, might create a ripple effect and have an impact somewhere else in a way that might not be expected.
There’s a huge amount of dependency when delivering very complex platforms and systems, so manufacturers need to make sure they understand how their businesses fit together. And of course, it’s not just the attack itself. What also requires consideration is the chilling effect that cyber intrusion and disruption present; that can stymie innovation and deter investment in new areas because of the concern of what’s lurking outside the light of the campfire; there’s a fear of the unknown and that can cause you to move at a slower pace.
The balance of risk needs to be sensibly split. I genuinely think connected systems and data are good for the industry, but they need to be accompanied by a complete awareness of the risk/benefit equation. Yes, be innovative and connect your data, but do so in a logical manner that doesn’t expose you to more risk than is actually needed.
Is cyber security becoming more challenging as connectivity increases and malicious actors become more sophisticated?
Statistically, evidence would suggest cyber attacks are still on an upward trajectory in the manufacturing sector. And in terms of scale, it’s not that hard to launch a cyber attack (albeit it’s harder to make an attack successful). However, all these risks have to be combated and time and money has to be invested in making sure businesses are properly insulated from them. However, sophistication is no guarantee that an attack will be successful.
Indeed, we’ve seen some very large institutions, both in the UK and internationally, brought down by what on the surface are quite unsophisticated techniques. Again, there’s a slight misnomer behind the word ‘cyber’, where it is often assumed there must be, for example, some incredibly complex data mining going on. In the majority of cases however, the attack’s success is often down to, as discussed previously, those human factors or because the legacy estate hasn’t been attended to sufficiently and has been left vulnerable as a result.
What’s important here is forward planning and having the right tempo behind your training so it is calibrated effectively. Are things becoming more challenging as they become more connected? The answer is yes. But the real challenge is to make sure that your training and mitigations are keeping pace with the scale of expansion.
What does the future look like in terms of cyber security and the challenge it presents manufacturers?
As a data person, I’d say one of the things manufacturers should be up to speed with regardless is understanding their data ecosystem, from both a technology and business perspective. Where is the data that matters to you? Where is it sourced from? Where is it stored? And how is its quality validated? You need to understand the relative value of the information you hold. Once you’ve done that you can start to think about how to protect it?
Another big issue, and it’s ongoing, is getting comfortable with the shift from open access to all data to very tightly managed permissions models. IoT is exciting because it opens up connectivity; the whole system can talk to itself, and you can get information moved around the manufacturing floor and workspaces as you want.
That’s great. But does that mean that all data has to be opened up? There needs to be a close focus on identity management; a clear understanding of who needs to see what, when and how, and what is the appropriate level of granularity of information that you share? That’s something all businesses will need to become proficient at.
In terms of cyber security, manufacturers will need to compartmentalise their businesses in such a way that it can work to effectively deliver products and operations without leaving attack vectors open. The most damaging cyber attacks find a fairly routine way into the business, but in doing so can access the crown jewels and move freely around systems and processes.
As we make our businesses more sophisticated and complex, in some ways, we need to get back to more simplistic principles of command and control. In a positive sense, IoT is going to provide more information to us, and when orchestrated with the cloud, there’s an opportunity to perhaps de-risk the manufacturing space.
Some reports have claimed that the advent of cloud is a precursor to cyber risk in the manufacturing industry. I’m not sure that’s entirely the case. In many instances, utilisation of cloud will provide better security than many people have on their premises already.
Obviously, in most organisations, a hybrid approach is the appropriate way forward as not all information will need to be in the public cloud. However, you can reduce some of your risk by managing the cloud estate effectively and allowing some of its more enhanced security to protect your estate.
For more stories on Digital Transformation click here.

source

source

GONE PHISHING: Cyber crime on rise in Canada, and it’s proving costly  Toronto Sun
source

Cybercrimes—such as online identity theft, credit card fraud, and ransomware attacks—are multiplying in frequency and scale around the globe.
The Departments of State, Justice, and Homeland Security are working with foreign nations to help combat these technology-driven crimes. Collaboration activities include information sharing with foreign partners on current threats and providing cyber training to foreign law enforcement.
But as the lead agency responsible for foreign assistance, State hasn’t fully evaluated whether these activities have been effective in helping foreign nations combat cybercrime. We recommended that it do so.

The Departments of State, Justice (DOJ), and Homeland Security (DHS) officials, and experts from international entities identified six mutual challenges in building global capacity to combat cybercrime. These included a lack of dedicated resources, difficulties in retaining highly trained staff, and inconsistent definitions of “cybercrime.” The expert panel also identified challenges in working with the U.S. government, including obstacles in obtaining information, lack of collaboration, and lack of dedicated funding streams.
State, DOJ, and DHS have conducted a variety of activities to build foreign nations’ capacity to combat cybercrime. These activities include engaging in information sharing with foreign partners and providing cyber training to foreign law enforcement officers. Agencies’ activities can be grouped into four categories.
Four Categories of Activities to Build Capacity to Combat Cybercrime

These agencies have documented accomplishments for many activities, such as nations joining international treaties aimed at combatting cybercrime. Further, State’s plans include an evaluation of a regional forensics training center. This planned evaluation would meet the department’s requirements. However, State has not conducted a comprehensive evaluation of the agencies’ collective efforts. State is in the best position to conduct such an evaluation since it is authorized to provide foreign assistance funding to help build key allies’ and partners’ capacity to combat cybercrime. Until State conducts this comprehensive evaluation, the overall impact and results of federal assistance to global partners will likely remain unknown.
The U.S. and its global partners are experiencing the effects of a massive cybercrime wave, which is growing in frequency and scale. In 2021, the Federal Bureau of Investigation received a record number of cybercrime complaints, over 840,000, with potential losses exceeding $6.9 billion. Further, in 2022, the intelligence community noted an increase in ransomware attacks by transnational criminals, which threaten to cause disruptions of critical services worldwide.
GAO was asked to review federal efforts to build the capacity of allies and partner nations to combat cybercrime. This report’s specific objectives were to (1) describe challenges in building global capacity to combat cybercrime, and (2) determine actions selected federal agencies are taking to build foreign nations’ capacity to combat cybercrime and the extent to which they are evaluating the effectiveness of their efforts.
GAO interviewed agency officials and convened a panel of experts representing entities focused on capacity building to combat global cybercrime. GAO also analyzed documentation from State, DOJ, and DHS, which provide the majority of U.S. capacity building assistance.
GAO is making one recommendation to State to conduct a comprehensive evaluation of capacity building efforts to counter cybercrime. State concurred with the recommendation.

Stay informed as we add new reports & testimonies.

source

UK’s National Cyber Security Centre reviewing TikTok risks, minister says  CNBC
source

As companies deploy new IT solutions and technologies, they introduce new security risks. Cybercrime is growing increasingly professionalized, resulting in more numerous, subtle, and sophisticated threats. Cyber threat actors are constantly working to design, build, and evolve solutions to bypass or overcome the most advanced cybersecurity solutions.
All of these factors combine to create a cyber threat landscape in which companies face more significant cyber threats than ever before. In 2022, cyberattacks rose 38% over the previous year. As cyber threat actors refine their techniques, attacks will grow even more common, and companies will face novel and more dangerous cyber threats.
Cyber Security Report Risk Assessment
While some cyber threats stand the test of time, many others ebb and flow from year to year. In 2023, these are some of the most significant cybersecurity challenges that businesses should prepare to face.
Ransomware began as malware focused on extorting payments via data encryption. By denying legitimate users access to their data by encrypting it, the attackers could demand a ransom for its recovery.
However, the growth of ransomware threats has resulted in focused security research designed to identify and remediate these threats. The process of encrypting every file on a target system is time-consuming — making it possible to save some data by terminating the malware before data is encrypted — and companies have the potential to restore from backups without paying the ransom.
Double extortion attacks added data theft to data encryption, and some ransomware operators have shifted to focus solely on the extortion effort, skipping encryption entirely. These ransomware data breaches are faster to carry out, harder to detect, and cannot be fixed using backups, making them a more effective approach for cybercriminals and a greater threat to businesses.
Companies are increasingly adopting cloud computing, a move with significant security implications. Unfamiliarity with cloud security best practices, the cloud shared security model, and other factors can make cloud environments more vulnerable to attack than on-prem infrastructure.
While cybercriminals are increasingly targeting cloud infrastructure with exploits for new vulnerabilities, an emerging and worrying tactic is the targeting of cloud service providers. By targeting cloud service providers and cloud solutions with their attacks, a cybercriminal can gain access to their customers’ sensitive data and potentially their IT infrastructure. By exploiting these trust relationships between organizations and their service providers, attackers can dramatically increase the scale and impact of their attacks.
As mobile devices have become more widely used, mobile malware has emerged as a growing threat. Mobile malware masquerading as legitimate and harmless applications — such as QR code readers, flashlights, and games — have grown more common on official and unofficial app stores.
These attempts to infect users’ mobile devices have expanded from fake apps to cracked and custom versions of legitimate apps. Cybercriminals are offering unofficial versions of apps as malicious APKs via direct downloads and third-party app stores. These apps are designed to take advantage of name recognition to slip malware onto employee devices.
While ransomware and data breaches are some of the most visible threats to corporate data security, wipers and other destructive malware can have even greater business impacts. Instead of breaching information or demanding a ransom for its return, wipers delete the data entirely.
While wipers have been relatively rare in the past, they experienced a resurgence in 2022. Multiple families of wipers have been developed and deployed against Ukraine as part of its conflict with Russia. Other countries, including Iran and Albania, have also been targeted by destructive cyberattacks, indicating its growing popularity as a tool for hacktivism and cyberwarfare.
The line between legitimate penetration testing and system administration tools and malware can be a fine one. Often, functionality that cyber threat actors would build into their malware is also built into their targets’ operating systems or available via legitimate tools that are unlikely to be recognized as malware by signature-based detection tools.
Cyber threat actors have been increasingly taking advantage of this to “live off the land” in their attacks. By leveraging built-in features and legitimate tools, they decrease their probability of detection and improve the likelihood of a successful attack. Also, the use of existing solutions can help to scale attack campaigns and allow cybercriminals to use the state of the art in hacking tools.
Zero-day vulnerabilities pose a significant but transient risk to corporate cybersecurity. A vulnerability is a zero day when it has been discovered but no fix is available for the issue. During the window between the initial exploitation of a vulnerability and the vendor’s release of a patch for it, cybercriminals can exploit the vulnerability unchecked. However, even after a patch is available, it is not always promptly applied by businesses. Some cyberattack campaigns target vulnerabilities that have been known and “fixed” for months or years. Various reasons exist for these delays, including resource availability, security visibility, and prioritization.
One area where zero-day attacks and unpatched vulnerabilities are especially concerning is the software supply chain. Often, companies lack full visibility into the third-party, open-source code that their applications use. If these external libraries contain unpatched vulnerabilities, cybercriminals can leverage them to attack the organization. Additionally, widely-used vulnerable libraries create potential attack vectors against multiple organizations.
Cybercrime is a problem that is rapidly growing on a global scale. In Q3 2022, global cyberattacks increased by 28% compared to the same quarter in 2021. Going into 2023, this trend is only likely to continue. A mature corporate cybersecurity program needs to be capable of defending against threats originating from all around the world. This includes comprehensive threat protection, round-the-clock monitoring, and access to up-to-date threat intelligence.
When designing and upgrading a security architecture to address these challenges, keep the following considerations in mind.
Cybersecurity is growing increasingly complex as IT infrastructures expand and cyber threat actors develop and deploy new attack techniques. As a result, companies need an expanding suite of security capabilities to protect themselves against advanced attacks.
However, attempting to implement these capabilities via standalone, specialized solutions can actually harm corporate cybersecurity by making it more difficult to monitor, configure, and operate an organization’s security infrastructure. Security consolidation — in which an organization deploys a single security platform with all of the required security capabilities — improves the efficiency and effectiveness of the organization’s security architecture and team, enhancing its threat management capabilities.
Many corporate cybersecurity strategies are detection-focused. Once an active threat has been identified, the organization’s security solutions and personnel take action to mitigate or remediate the ongoing attack. However, a responsive approach to security means that the attacker has a window between launching their attack and its eventual remediation to take malicious actions. During this window, the cyber threat actor can cause harm to the organization and expand and entrench their foothold, making remediation more difficult and expensive.
Instead of focusing on detection, security should have a prevention focus. By identifying and blocking inbound attacks before they reach an organization’s systems, a company eliminates the potential threat, damage, and cost to the organization.
The evolution of corporate IT architectures has provided cybercriminals with numerous potential avenues of attack against an organization. Cloud adoption, remote work, mobile devices, and the Internet of Things (IoT) are only a few examples of new technologies that have introduced new security risks.
Cyber threat actors can identify and exploit a wide range of vulnerabilities to gain access to corporate systems. An effective cybersecurity program is one that provides comprehensive coverage and protection for all potential attack vectors.
The cyber threat landscape is constantly evolving as IT architectures change and cybercriminals develop new tools and techniques. Managing corporate cybersecurity risk requires designing and deploying defenses against the latest risks. Learn more about the main threats of 2023 in Check Point’s 2023 Cyber Security Report.
Check Point offers solutions that meet organizations’ security needs in 2023: Check Point Infinity offers consolidated, preventative, and comprehensive security across an organization’s entire IT infrastructure, both on-prem and off-prem. Check Point’s Infinity Enterprise License Agreement (ELA) provides an organization with access to the Check Point solutions it needs under a single, company-friendly license.
To learn more about how Infinity ELA can enhance your organization’s security, reach out today.
Quantum
IoT Protect
CloudGuard
Harmony Endpoint
Harmony Mobile
Ransomware Attack
Mobile Malware
What is Malware
Cloud Security
Cyber Security
Zero Day Attack

source