Security Stop Press : ConnectWise LockBit Alert

Just days after it was announced that the UK’s National Crime Agency (NCA), the FBI, and Europol had taken down the Russian LockBit ransomware gang’s website, it’s been reported that LockBit ransomware is still being deployed via flaws in a popular remote access tool.

Researchers at cybersecurity companies Huntress and Sophos have highlighted how two bugs in the ConnectWise ScreenConnect remote access IT support tool, usually used by IT technicians, are being exploited to launch LockBit attacks.

ConnectWise has issued an alert urging IT administrators to take quick action to patch the two critical vulnerabilities. Details are available here.

Security Stop Press : Google Launches AI Cyber Defence Initiative

In a bid to “tilt the cybersecurity balance from attackers to cyber defenders,” Google has announced the launch of its AI Cyber Defence Initiative. The initiative involves the introduction of:

– Secure AI Framework (SAIF) – a conceptual framework for secure AI systems, to help collaboratively secure AI technology.

– $2 million in research grants and strategic partnerships to help strengthen cybersecurity research initiatives using AI.

– An open sourced, in-house machine-learning-powered file identifier called Magika, which can help network identifiers to quickly identify (and at scale) the true content of files.

Google says it’s “excited about AI’s potential to solve generational security challenges while bringing us close to the safe, secure and trusted digital world we deserve.”

Tech News : Cyber Attacks Burn Out Security Experts

A new survey from CyberArk has revealed that increased workloads caused by a surge in cyber threats and attacks has led to 59 per cent of UK senior cyber security professionals facing burnout.

Cyber Crime Levels High 

The results of the survey highlight the growing workload pressure on cyber security professionals because in just the past 12 months alone, a staggering 80 per cent of UK organisations have experienced a ransomware attack, a 10 per cent increase on last year. Also, almost half of those affected (47 per cent) have opted to pay the ransom (at least twice) to enable recovery.

Workload And Other Challenges 

In order to protect businesses from growing threat levels, cyber security teams have, therefore, been required to work long hours whilst facing the challenges caused by the limited budgets and resources that are the result of economic pressures, as well as the challenges of a skills gap and global shortage of cybersecurity professionals. For example, a recent ISC2 report shows that there was a 3.4 million global shortage of cyber security professionals last year, compared with a total cyber workforce of 4.7 million.

Other Supporting Research 

Other research that supports the plight of under-pressure cyber security workers includes a Chartered Institute of Information Security (CIISec) survey that found almost a quarter of security practitioners work more than 48 hours per week, and Gartner research (2023) highlighting how high levels of stress could see nearly half of security leaders switching careers by 2025.

Taking A Break Or Leaving The Profession 

Consequently, even though cyber security professionals need to be performing at their absolute best, instead they are experiencing burnout (according to the CyberArk survey), and are choosing to either take a break from work to concentrate on their wellbeing or leaving the professions, thereby adding to the lack of security professionals in businesses, increasing the vulnerability of those businesses to cyber-attacks.

More Than Two-Thirds Of Senior Decision Makers Affected

CyberArk’s survey shows, for example, that 66 per cent of C-level executives (senior cyber defence decision makers in businesses) feel that they are experiencing burnout, which raises concerns about their ability to deal with the increasing and evolving threats effectively.

For example, as David Higgins, senior director, of the field technology office at CyberArk puts it: “Burnout is alarming in that context, because it impairs the ability to defend their organisation. One wrong decision or missed signal can open the door to reputational and monetary damage for an organisation.” 

What Does This Mean For Your Business? 

The findings from CyberArk paint a stark picture for UK businesses, showing the front-line against cybercrime is wearing thin. The apparent burnout epidemic among cybersecurity professionals is not only a health crisis but a strategic business vulnerability. When these specialists are overworked and stressed, their capacity to guard against cyber threats is compromised, and as a result, the risk to business operations, sensitive data, and company finances escalates.

UK companies should, therefore, take immediate steps to prioritise the well-being of their security teams. This means cultivating an environment where work-life balance is possible and supported by management. It also includes re-evaluating workloads to ensure they are sustainable and providing access to mental health resources. These measures may help in maintaining a vigilant and capable cybersecurity workforce.

Equally critical is addressing the shortage of cybersecurity professionals through targeted talent development and diversified recruitment strategies. Training programs and professional development opportunities can be powerful incentives for both recruitment and retention, and recruits that can grow with the company.

C-level executives (cyber security decision-makers) experiencing burnout themselves need to set the right tone for the organisation’s work culture, for example by openly acknowledging the issue and advocating for sufficient resources. This could (in some measure) help bring the change that reinforces the company’s defence against cyber threats.

Preventing cybersecurity burnout, therefore, is more than a human resources issue and is an essential investment in a business’s operational security. As cyber threats increase, it is clear that protecting the protectors through a compassionate and comprehensive approach to workforce management is not just beneficial but necessary for sustaining business integrity in the digital age.

Security Stop Press : Booking.com Customers Targeted By Phishing Emails

It’s been reported that following a hack of online travel agency Booking.com’s email system, customers have been receiving phishing emails asking for their bank card details to avoid cancellation of their hotel booking.

The emails, which have been reported to come from a standard booking.com email address, appear to be targeting customers who have checked-in or are due to check in, and although they vary slightly in content, give customers a limited time (4 to 12 hours) to provide their card details following the fraudulent payment request.

It’s been reported that booking.com denies having its email hacked and blames the breach on partner hotels’ email systems being hacked following phishing attacks. The advice for those who have received the emails and are suspicious is to contact Booking.com’s customer service team, contact the hotel directly, or if payment has been made, to contact their bank.

Security Stop Press : Mass WS_FTP Exploitation Warning

Researchers at Rapid7 have reported a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server (a program that enables the upload and download files to and from a server).

Rapid7 reported that from September 30, it has observed “multiple instances of WS_FTP exploitation in the wild”.

With secure file transfer technologies continuing to be popular targets for attackers, the advice is to update/upgrade to a patched version of WS_FTP Server such as 8.8.2.

Also, those using the Ad Hoc Transfer module in WS_FTP Server who can’t update to a fixed version are advised to consider disabling or removing the module.

Security Stop Press : LLM Malicious “Prompt Injection” Attack Warning

The UK’s National Cyber Security Centre (NCSC) has warned of the susceptibility of existing Large Language Models (LLMs) to malicious “prompt injection” attacks. These are where a user creates inputs intended to cause an AI model to behave in an unintended way e.g., generating offensive content or disclosing confidential information.

This means that businesses integrating LLMs like ChatGPT into their business, products, or services could be leaving themselves open to risks like inaccurate, controversial, or biased data content, data poisoning and concealed prompt injection attacks.

The advice is for businesses to establish cybersecurity principles and make sure that they are able to deal with even the worst case scenario of whatever their LLM-powered app is permitted to do.

Security Stop Press : FraudGPT

Researchers from Netenrich have reported finding “FraudGPT” being sold on the dark web. It’s been described as a subscription-based generative AI tool for creating malicious cyberattacks. It’s been reported that the tool can do anything from writing malicious code and malware to creating phishing campaigns, thereby making putting advanced attack methods available to even inexperienced attackers, potentially democratising weaponised generative AI at scale.

This highlights the importance, not just of businesses prioritising their cyber defences, but also the need for AI-based defences at the start of what some have described as an ‘AI arms race.’

Security Stop Press : 60 Million Individuals & 1000 Businesses Hit By MOVEit Hack

It’s been reported (Emsisoft) that the hack of MOVEit software by the Russian Cl0p ransomware gang may have impacted nearly 1,000 organisations and 60 million individuals.

The supply chain attack ‘payroll hack,’ which exploited a vulnerability in Progress’s popular MOVEit software (used to move sensitive files like employee addresses or bank account details), is reported to have stolen and exposed the information of major companies including British Airways, Boots, the BBC, and almost 1000 others worldwide.

This highlights the importance of businesses having comprehensive cyber security in place including effective backup, and business continuity and disaster recovery plans.

Security (P3) : Securing Staff In Summer Holidays

In this final instalment of a three-part series, here are more ways that staff can maintain the right level of security when using their devices in the summer holidays:

Make Use Of Two-Factor Authentication (2FA). Enable 2FA for all your important accounts. This adds an extra layer of security, making it harder for unauthorised users to gain access.

Limit Sharing of Location Information. Be careful about sharing your location on social media. This can alert potential thieves that you’re not at home or in your office.

Lock Your Devices. Always lock your devices when you’re not using them, even if you’re just stepping away for a few minutes. This can prevent unauthorised access.

Disable Auto-Connect. Turn off the auto-connect feature on your devices to prevent them from automatically connecting to public Wi-Fi networks, which can be insecure.

Monitor Your Accounts. Regularly check your financial and digital accounts for any suspicious activity. Early detection can help mitigate damage.

Security (P2) : Securing Staff In Summer Holidays

In this second instalment of a three-part series, here are more ways that staff can maintain the right level of security when using their devices in the summer holidays:

– Install a Reliable Security Suite. Being away from the home/office means re-installing everything on laptop for example would be a nightmare. Make sure you have a reliable security suite installed on your devices, which includes antivirus, anti-malware, and firewall protection.

– Backup Your Data. Regularly backing up your data ensures that if your device gets lost, stolen, or compromised whilst you’re on your travels, you’ll still have access to your important files.

– Use Encrypted Messaging Apps. If you need to share sensitive information (e.g. giving family members a hotel door code), use encrypted messaging apps to ensure your communication is secure.

– Avoid Public Charging Stations. Being on holiday means you’re often away from secure charging ports more often and scammers know this. Public USB charging stations can be a security risk. Use your own charger and plug it into a power outlet whenever possible. Alternatively, use a mobile-power-bank.

– Use a Password Manager. Remembering passwords whilst you’re out and about is a challenge! Password managers can help you create and store complex, unique passwords for each of your accounts, improving your overall security.