This month’s news shows that global governments are looking for ways to better defend against increasing cyber threats and are funding digital programs to encourage the procurement of cyber detection tools. Read on to find out what we’re talking about this month.
EU launches first phase of cross-border security operations centers
With the mission to secure EU cyberspace, The European Commission, in coordination with the European Cybersecurity Competence Centre (ECCC), is launching a call for expression of interest to select entities in Member States which will host and operate cross-border cyber threat detection platforms. It will include relevant public entities from several Member States, as well as private entities. The Digital Europe program will contribute €30 million allowing cross-border Security Operations Centres and ECCC to procure cyber threat detection tools and services. The program will also fund up to €72.5 million in grants for cyber threat detection, following a recently opened call for proposals.
“We have heard more and more over the last few years that in order to create effective strategies on cybersecurity you need a wider vision of threat actors, incidents, and definitely cyber threats. So reading that the first phase of the European cross-border SOCs is launched seems a positive step in this approach. Solidarity and cooperation, magic words for deception.” — Juan de la Fuente, Threat Intelligence Analyst
Source: Digital Strategy, November 24
Microsoft says attackers are hacking energy grids by exploiting decades-old software
Third-party software vulnerabilities are responsible for 13% of data breaches in 2022, IBM report says. Microsoft has discovered a vulnerable open source component in the Boa web server, which is still widely used in a range of routers and security cameras, as well as popular software development kits (SDKs), despite the software’s retirement in 2005.
One million internet-exposed Boa server components were discovered globally over the span of a one-week period by Microsoft, warning that the vulnerable component poses a “supply chain risk that may affect millions of organizations and devices.” The company has warned that mitigating these Boa flaws is difficult due to both the continued popularity of the now-defunct web server and the complex nature of how it is built into the IoT device supply chain. Microsoft recommends that organizations and network operators patch vulnerable devices where possible.
“This article clearly shows that critical infrastructure companies are being actively targeted by advanced threat actors. As David and Mario Castro explained on the webinar they hosted a couple weeks ago, deception can be very helpful to learn about attackers as a way to improve defenses.” — Fernando, Founder
Source: Techcrunch, November 23
Top 10 cybersecurity threats to emerge by 2030
ENISA seeks to improve the EU’s cybersecurity resilience, by increasing awareness of future threats and promoting countermeasures amongst EU member states and stakeholders. ENISA has identified and ranked the 10 top cybersecurity threats to emerge by 2030. With the support of the ENISA Foresight Expert Group, the CSIRTs Network and the EU CyCLONe experts, ENISA brainstormed in a Threat Identification Workshop to find solutions to the emerging challenges in the horizon of 2030. Read more if you want to find out about the top 10 emerging cybersecurity threats.
“Cybersecurity’s future is fast becoming more complex. As threats become more sophisticated, new technologies will be needed to fight them, and deception is a winning horse here. It helps with detecting attacks that go unnoticed to widely deployed cybersecurity tools.” — Member of the sales team
Source: ENISA November 12
A new report on how attackers abuse governmental infrastructure
VirusTotal has just launched “Deception at scale: How attackers abuse governmental infrastructure” report with the goal to help researchers, security practitioners and the general public better understand the nature of malicious attacks. The report shows how governmental domains are among the top categories used by attackers in 2022 to distribute malicious content. Although some affected domains seem to be victims of opportunistic attacks, there are indicators that some of them were targeted by sophisticated attackers who abused their infrastructure to deploy their toolsets. The report also observed an increase of phishing levels in 2022 along with a large distribution of suspicious PDFs. Compromising government-related infrastructure represents a potential major threat given the implicit trust it represents
“In this new VirusTotal report, we see how attackers abuse governmental infrastructure using the government domains for malware hosting. This allows the attacker to avoid alerts based on white or black list since government domains are usually considered safe. The report also provides additional technical details to monitor this malicious activity by yourself.” — Member of the development team
Source: Virus Total, November 17
Hackers are using a ‘concerning’ tactic to dodge multi-factor authentication
Token theft attacks are on the rise targeting multi-factor authentication (MFA). Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers. In these attacks, the attacker compromises a token issued to someone who’s already completed MFA and replays that token to gain access from a different device. Tokens are central to OAuth 2.0 identity platforms, including Azure Active Directory (AD), which aim to make authentication simpler and faster for users, but in a way that’s still resilient to password attacks. “When the user is phished, the malicious infrastructure captures both the credentials of the user, and the token,” Microsoft explains.
“I think it is important to make clear that even best practices are not enough to avoid being hacked. We have always assumed that any company or person can be hacked. Once you assume that it can happen to you, you need to consider what technologies you have to set up in order to achieve early detection, deflection, and if possible, learn about the attacker (skills, goal, etc.). Deception is, no doubt, the best technology to achieve all of this.” — Fernando, Founder
Source: ZDNET, November 18