Skip to main content
Category

Featured

Key takeaways from the 2024 Report on the Cybersecurity Posture of the United States

By FeaturedNo Comments

BLOG

Key takeaways from the 2024 Report on the Cybersecurity Posture of the United States

The Office of the National Cyber Director’s (ONCD) 2024 Report on the Cybersecurity Posture of the United States highlights significant trends and areas of concern in the evolving cyber threat landscape. Notably, it underscores the growing risks to critical infrastructure, the persistent threat of ransomware, the exploitation of supply chains, the proliferation of commercial spyware and the dual-edged impact of artificial intelligence.

Brian Borysewich, Chief Information Security Officer (CISO) at C8 Secure, provides his insights on the report, emphasizing the importance of enhanced public-private collaboration, robust incident response plans, advanced threat detection technologies and comprehensive training programs. By adopting these measures, organizations can build a resilient cybersecurity framework to defend against ever changing and increasingly sophisticated persistent cyber attacks.

Q&A with Brian Borysewich

What were your initial impressions after reading the 2024 Report on the Cybersecurity Posture of the United States?

The report identifies several areas needing significant improvement. These include the need for enhanced collaboration between public and private sectors, improved cyber hygiene practices across all industries, and the development of more robust incident response plans. Additionally, there is a call for greater investment in cybersecurity research and development to keep pace with the evolving threat landscape.

Was there anything in the report that surprised you or confirmed what you are already seeing in the industry?

The emphasis on commercial spyware was particularly striking. While we’ve been aware of its existence, the report’s detailed analysis confirms its rapid growth and the significant

threat it poses. The extent to which these tools are being developed and sold by private vendors to nation-state actors was eye-opening. This aligns with what we are already seeing in the industry, where the lines between nation-state and criminal activities are increasingly blurred. The sophistication and availability of these surveillance tools are growing at an alarming rate, making it easier for malicious actors to carry out highly targeted and invasive attacks.

Another point of confirmation was the continued threat posed by ransomware. The report’s findings on ransomware mirror what we’ve been observing: ransomware groups are becoming more organized and their tactics more advanced. They are continually finding new ways to evade detection and disrupt operations, which reinforces the need for constant vigilance and adaptive security measures within organizations.

Overall, the report validates many of the trends and threats that cybersecurity professionals have been monitoring, but it also highlights emerging areas that require immediate attention and action.

How do the findings of this report compare to some of your other governmental agency experiences?

The findings of the 2024 report are notably more detailed and forward-looking compared to other governmental agency reports I’ve encountered. One significant difference is the comprehensive integration of emerging technologies, such as artificial intelligence, into the broader discussion on cybersecurity. Many previous reports have touched on traditional cybersecurity threats and responses but have not delved as deeply into how rapidly advancing technologies are reshaping the threat landscape.

Additionally, this report places a strong emphasis on the interconnection of cyber threats and the broader geopolitical environment. It recognizes that cyber risks are not isolated incidents but are often part of larger strategic moves by nation-state adversaries. This holistic view aligns well with the realities we see in the industry, where cyber threats are increasingly used as tools of political and economic influence.

Another standout aspect is the report’s focus on the commercial spyware market and its implications. This is a relatively new area of concern that hasn’t been covered in as much depth by other reports. The acknowledgment of commercial entities contributing to the cyber threat landscape by selling advanced surveillance tools to nation-state actors is a critical insight that requires immediate attention and regulatory action.

Furthermore, the report’s recommendations for enhancing collaboration between the public and private sectors, as well as investing in cybersecurity research and development, reflect a progressive approach that is essential for addressing modern cyber threats. In my experience with other governmental reports, there is often a lag in recognizing the need for such proactive measures.

Overall, the 2024 report provides a more nuanced and forward-thinking perspective that is crucial for developing effective cybersecurity strategies in today’s rapidly evolving digital world.

What are the best measures government agencies or organizations should take in the face of ever-growing cyber attacks?

Government agencies and organizations must adopt a proactive and layered defense strategy to effectively combat the ever-growing threat of cyber attacks. Here are some of the best measures they should consider.

  • Enhanced collaboration
    • Foster stronger collaboration between public and private sectors.
    • Share threat intelligence, best practices and resources.
    • Establish partnerships and communication channels.
  • Regular security audits and assessments
    • Conduct regular security audits and assessments.
    • Perform internal and external evaluations.
    • Update vulnerability assessment and penetration testing (VAPT) regularly.
  • Advanced threat detection and response using latest technologies
    • Invest in AI-driven analytics, machine learning and behavioral analysis tools.
    • Implement Security Information and Event Management (SIEM) systems.
  • Robust incident response and mitigation plans
    • Develop and maintain clear procedures for detecting, responding to, and recovering from cyber incidents.
    • Regularly test and update these plans through simulations and drills.
  • Comprehensive training and awareness programs
    • Provide ongoing cybersecurity training and awareness programs for all employees.
    • Educate staff on recognizing phishing attempts, social engineering tactics and other common attack vectors.
  • Cyber hygiene practices – protecting the environment
    • Implement and enforce strong cyber hygiene practices.
    • Ensure regular software updates, patch management and the use of multi-factor authentication (MFA).
  • Supply chain security
    • Strengthen supply chain security by assessing and monitoring third-party vendors and partners.
    • Establish strict security requirements and conduct regular assessments.
  • Investment in research and development
    • Allocate resources to cybersecurity research and development.
    • Invest in innovative technologies and methodologies to stay ahead of emerging threats particularly around advancements in AI and artificial general intelligence (AGI).
  • Legislative and regulatory compliance
    • Ensure compliance with relevant cybersecurity regulations and standards, and not simply performing Checkbox Security.
    • Stay abreast of legal requirements and industry standards.
  • Public awareness campaigns using all mediums
    • Engage in public awareness campaigns to educate citizens about cybersecurity risks and best practices.
    • Increase public knowledge and vigilance to create a more secure digital environment.

With cyber threat incidents on the rise, C8 Secure is committed to working closely with corporations and governmental agencies to provide practical, adaptable, preventable and problem-solving security solutions.

Learn how our expertise can help your organization stay ahead of cyber threats – contact us today!

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


Cyber warfare escalates in Philippines: The Armed Forces of the Philippines forms exclusive ‘cyber command’ to combat growing menace

By FeaturedNo Comments

BLOG

Cyber warfare escalates in Philippines: The Armed Forces of the Philippines forms exclusive ‘cyber command’ to combat growing menace 

The Armed Forces of the Philippines (AFP) is taking a groundbreaking move in response to the growing threat of cyber attacks. The country’s military is forming an exclusive “cyber command” to combat digital threats, which have become as significant as physical ones.

Recently, Philippine corporations and governmental agencies have fallen victim to a spate of cyber attacks. To address this, AFP General Romeo Brawner announced plans to refine the recruitment process at a media event organized by the Foreign Correspondents Association of the Philippines on October 12, 2023.

What’s at stake

The Philippines is grappling with a surge in cyber attacks from state-sponsored and independent entities. According to the Philippine National Police (PNP), cyber crimes skyrocketed by 68.98 percent in 2023, jumping from 11,523 cases in 2022 to 19,472 incidents in 2023.

Recently, Philippine Senate legislative websites, including those of the House of Representatives and the Senate, were breached by anonymous hackers, resulting in temporary shutdowns. The Philippine Star reported further breaches involving major institutions like the Philippine Health Insurance Corp., the Department of Science and Technology and the Philippine Statistics Authority, leading to consequential data leaks.

In response to these escalating cyber threats, President Ferdinand Marcos Jr. has urged the Department of Information and Communications Technology to bolster its cyber defense protocols. Meanwhile, Microsoft has launched an educational-based initiative to train in artificial intelligence (AI) and cybersecurity.

This training program, a collaborative effort between various government agencies and educational institutions, aims to enhance cybersecurity knowledge among government workers by equipping them with the skills to identify cybersecurity threats. Philippine Trade Undersecretary Rafaelita Aldaba praised this initiative, emphasizing its potential to strengthen cybersecurity and foster trust in technology adoption.

The program is also seen as a strategic move to combat the pervasive issue of disinformation – which the North Atlantic Treaty Organization (NATO) defines as the deliberate creation and dissemination of false or manipulated information with the intent to deceive or mislead. By focusing on education, the initiative aims to enhance people’s ability to discern authentic content from manipulated information, ultimately empowering them to make informed decisions in the digital age.

Assessing vulnerability and high-profile cyber attacks

The Philippines is facing an unprecedented cyber crisis, with millions of personal records compromised and critical institutions crippled by ransomware attacks. The nation’s extensive internet use, lack of awareness about cybersecurity, and underdeveloped cybersecurity infrastructure have created a perfect storm of vulnerabilities.

  • In April 2023, a severe data breach exposed the personal details of millions, affecting vital institutions like the Philippine National Police, the National Bureau of Investigation, the Bureau of Internal Revenue, and the Special Action Force. Compromised data from Philippine government subdomains subsequently appeared in the Russian black market. This incident highlights the devastating consequences of cyber attacks on the country’s critical infrastructure.
  • Ransomware attacks have become a daily threat to key sectors, including finance, government, healthcare, education, and retail. General Brawner has warned that Philippine government institutions are facing near-daily cyber attacks. The situation is further complicated by the involvement of international actors like China’s People’s Liberation Army, which has launched several cyber attacks on the Philippines, targeting sectors related to trade, defense, and external affairs.
  • The country has also faced threats from Russian-speaking ransomware groups and South Korean hackers. This complex cyber threat landscape underlines the urgent need for strengthened cybersecurity measures in the Philippines.

To address these challenges, the government and military are investing in developing its cybersecurity infrastructure, raising awareness about online safety and collaborating with international partners to combat transnational cybercrime.

C8 Secure – Your partner in cybersecurity

As a leading cybersecurity provider, C8 Secure has safeguarded several renowned Philippine brands against the rising tide of cyber threats. Our collaboration with the Philippine National Bank (PNB) has yielded immediate returns and enhanced threat prevention, detection and response capabilities.

We have also partnered with Jollibee Foods Corporation (JFC), providing comprehensive end-to-end security solutions to safeguard their extensive operations.

Cybersecurity solutions for a safer tomorrow

With cyber threat incidents on the rise in the Philippines, C8 Secure is committed to working closely with corporations and governmental agencies to provide practical, adaptable, preventable and problem-solving security solutions.

Discover how we can protect your organization

Learn how our expertise can help your organization stay ahead of cyber threats – contact us today!

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


Partnership News

C8 Secure enters partnership with Corrata to deliver mobile endpoint security solution, Mobile Protect

By FeaturedNo Comments

NEWS

Partnership News

C8 Secure enters partnership with Corrata to deliver mobile endpoint security solution, Mobile Protect 

18 March 2024: C8 Secure (a Continent 8 company), a provider of comprehensive, multi-layered cybersecurity solutions that focus on threat prevention, has entered into an agreement with Corrata, a mobile endpoint security solution provider that offers complete protection against any mobile threat.

Through this agreement, C8 Secure has launched its Mobile Protect solution, a C8 Secure managed service which incorporates Corrata’s unique technology with other mobile centric security capabilities. The solution protects employee devices, strengthening mobile endpoints against contemporary security threats, ensuring safe access to corporate data while respecting personal usage.

Mobile Protect provides a complete defence against mobile threats, such as detecting and disabling malware, blocking smishing attacks, protecting WiFi communications and vulnerability management.

It complements the company’s SafeBait solution which simulates social engineering and phishing campaigns, a managed service that offers customized phishing defense solutions.

Patrick Gardner, Managing Partner at C8 Secure, a Continent 8 company, comments:

Mobile devices are an essential tool for today’s modern business, making this a huge target for cyber criminals. In 2022 alone, 46% of organizations suffered a mobile-related security breach, so it is essential that businesses are securing these devices.

We are thrilled to be working with Corrata to develop our Mobile Protect solution which enables businesses to protect all iOS and Android devices from cyber attacks, safeguarding their employees from malicious actors.

Dylan Fermoyle, VP at Corrata, comments:

We are delighted to partner with C8 Secure. Their track record in providing high-touch managed security services to marquee customers aligns directly with Corrata’s mission to provide the best possible protection to the mobile workspace.

C8 Secure leverages a comprehensive, multi-layered solution focused on threat prevention versus detection. This includes SIEM/SOC capabilities, EDR and MDR protection and DDoS and WAAP solutions. Learn more here: c8secure.com.

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


Insider Threat

Best practices for protecting your business from insider threats

By Featured, UncategorizedNo Comments

BLOG

Insider Threat

Best practices for protecting your business from insider threats

An insider threat is a cybersecurity risk coming from within an organization. This risk often arises when employees, contractors, vendors, or partners with proper access misuse it to harm the organization’s networks, systems and data. Whether intentional or not, such actions threaten the confidentiality, availability and integrity of the organization’s systems and data.

In the 2023 Insider Threat Report by Gurucul, it is revealed that over 70% of organizations believe that they are moderately to highly susceptible to insider threats. Over the past year, more than half of the surveyed organizations have faced at least one insider threat, with 8% encountering over 20 incidents.

According to the 2023 Cost of Insider Risks Global Report by Ponemon Institute, the average cost to address and mitigate the fallout of an insider threat that lasts for 91 days is $18.32 million. The report also highlights that only 13% of insider threats could be mitigated within 31 days.

Types of insider threat

Insider threats within organizations can manifest in various forms. These threats include:

  1. Unintentional Threats: Caused by negligence or accidents, these threats arise from insiders who disregard security protocols or make errors, like sending sensitive information to the wrong recipient or losing data storage devices.
  2. Intentional Threats: This involves malicious insiders who deliberately harm the organization for personal gain or due to grievances. Actions can range from data leaks to sabotage.
  3. Collusive Threats: These occur when insiders collaborate with external actors, like cybercriminals, to compromise the organization. This threat often involves fraud or intellectual property theft.
  4. Third-Party Threats: Often involving contractors or vendors, these threats stem from those with some level of access, who might directly or indirectly pose a risk to the organization.

Case examples of insider threat

High-profile cases of insider threats have demonstrated their significant impact on organizations. While some cases may not have immediate monetary implications, they still harm the company’s reputation and customer trust.

For instance, Tesla faced a data leak where two former employees disclosed over 75,000 employees’ personal information. The information compromised included personal and contact details, employment records and sensitive financial data. The two perpetrators also disclosed details about customer bank accounts, Tesla’s production secrets and feedback on its Full Self-Driving features. Tesla took legal measures against the individuals responsible, but the breach left lasting implications for its data security reputation.

In May 2022, Qian Sang, a then-Yahoo research scientist, downloaded Yahoo’s AdLearn product information. Sang transferred about 570,000 pages of intellectual property to his devices. This occurred shortly after he accepted a job offer from The Trade Desk, a rival company. Weeks later, Yahoo discovered the data theft. The company then issued Sang a cease-and-desist letter. Yahoo filed three charges against Sang, including the theft of IP.

Microsoft also experienced a security lapse when employees accidentally exposed login credentials in August 2022. The company did not disclose specific details about the systems impacted by the credential exposure. However, had the breach involved the personal data of EU customers, Microsoft would have to pay a substantial €20 million fine under GDPR.

In 2022, Apple initiated legal action against the startup Rivos. The tech giant accused Rivos of systematically hiring its former employees. Apple claimed that Rivos did this to obtain confidential information. At the time, Rivos had hired over 40 of its previous staff, including engineers who allegedly took gigabytes of sensitive data related to Apple’s System-on-Chip (SoC) technology. Apple had developed this SoC technology for over a decade with substantial investment. This technology was reportedly critical to Rivos’ accelerated SoC development. Apple’s lawsuit framed this as a data theft.

Protect your business from insider threats

To combat insider threats, organizations must integrate a series of strategic actions into their security plan. This begins with a comprehensive inventory and classification of data resources throughout the IT environment. The classification includes data stored onsite and in cloud infrastructures. Classifying data allows for the efficient and secure use of information across the organization.

Next, developing a detailed data handling policy is crucial. This policy should dictate how different types of data can be accessed and used and by whom. It’s essential to incorporate a system that flags violations of this policy, which could indicate potential insider threats.

Training employees is also essential in preventing insider threats as it enhances their awareness of security risks, including unintentional ones. Through training, employees better understand company policies and their roles in data security. They learn to recognize signs of potential threats and the correct response to suspected breaches. This reduces accidental security lapses and cultivates a strong culture of security within the organization.

Monitoring systems for signs of insider threats is also key. Implementing solutions like intrusion detection systems, privileged access management systems and user behavioral analytics helps in identifying suspicious activities. Investigating any unusual activities promptly can significantly mitigate risks posed by insider threats.

At C8 Secure, we provide comprehensive services tailored to combat insider threats. Our expertise includes conducting detailed cyber security assessments, vulnerability testing and crafting incident response plans. C8 Secure’s managed Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) services play a crucial role in mitigating insider threats. These services continuously monitor endpoints and network activity for suspicious behavior, enabling rapid detection and response to potential threats. For example, if an employee attempts to exfiltrate sensitive data via an unauthorized USB device, C8 Secure’s EDR solution would detect this anomalous activity and trigger an alert for investigation.

Similarly, C8 Secure’s managed Security Operations Center (SOC) and Security Information and Event Management (SIEM) services provide 24/7 monitoring and analysis of security events across an organization’s infrastructure. By correlating data from multiple sources, such as user activity logs, network traffic, and application events, C8 Secure’s SOC team can identify potential insider threats that might otherwise go unnoticed. For instance, if a privileged user suddenly starts accessing sensitive resources outside of their normal working hours, the SOC team would be alerted to investigate this anomalous behavior.

C8 Secure’s managed Web Application and API Protection (WAAP) services are also critical in defending against insider threats. These services protect an organization’s web applications and APIs from unauthorized access and abuse, which is particularly important given the growing reliance on cloud-based services. For example, if an employee attempts to exploit a vulnerability in a web application to gain unauthorized access to sensitive data, C8 Secure’s WAAP solution would detect and block the attempt.

Beyond these technical controls, C8 Secure also emphasizes the importance of employee training and policy development in mitigating insider threats. By working with organizations to develop comprehensive security policies and providing targeted training to employees, C8 Secure helps foster a culture of security awareness. This can help prevent unintentional insider threats, such as the accidental exposure of login credentials by Microsoft employees.

Insider threats pose a significant risk to organizations of all sizes and industries. By leveraging C8 Secure’s managed security services, including EDR, MDR, SOC, SIEM, and WAAP, organizations can significantly enhance their ability to detect and respond to insider threats. Combined with robust security policies and employee training, these services provide a comprehensive defense against the growing risk of insider threats.

RECENT POSTS

The alarming surge of Phishing and how to protect your business

01 March, 2024

The threat of phishing is escalating. Statista reported that there were over 1.62 million unique phishing sites globally in Q1 2023, over 50% higher than the same period in 2022.

READ MORE

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


Chand VAPT Engineer

Meet Chand: VAPT Engineer

By FeaturedNo Comments

BLOG

Chand VAPT Engineer

Chand Chauhan joined Continent 8 Technologies in January of this year as a VAPT Engineer, responsible for identifying and analyzing security flaws across systems and software. Based in Montreal, he is a highly experienced Network, Web, and API Penetration Testing specialist. He’ll be putting this vast knowledge to good use, working with the C8 Secure team and its growing customer base.

Tell us about your role and experience.

I’ve been deeply involved in bug bounties (where individuals report bugs and vulnerabilities in websites and organizations for a financial reward) since 2016, where I’ve achieved numerous milestones. I’ve found vulnerabilities in major companies like Google, PayPal, Yandex, ProtonMail, and many more. I would say that over time, I’ve discovered more than 700 vulnerabilities, although I stopped counting after a while!

To put this into context, in 2022 the National Vulnerability Database (US Department of Homeland Security) had 206,059 entries.

What inspired you to pursue a career in Vulnerability Assessment and Penetration Testing?

I’ve developed a habit of looking at things from a security perspective first, considering the negatives before the positives. This mindset fuels my curiosity to explore matters further and try to exploit vulnerabilities.

I became interested in finding vulnerabilities because I always questioned whether I could bypass them or manipulate things on behalf of others. This curiosity ultimately drove me to pursue a career in the Penetration Testing field.

I thrive on the excitement of uncovering weaknesses in software systems, knowing that my efforts contribute to making digital spaces safer. It’s truly gratifying to see how my work helps enhance security measures across various applications.

What are the most common cybersecurity vulnerabilities you encounter in your assessments?

In my assessments, I frequently come across vulnerabilities such as Cross-site Scripting (XSS), Insecure Direct Object Reference (IDOR), and SQL Injection (SQLi). However, lately, Privilege Escalation and Business Logic issues have become more prevalent, demanding a deeper understanding and innovative approaches to mitigation.

I’ve also uncovered account takeover vulnerabilities numerous times in cryptocurrency exchanges. Additionally, I’ve found vulnerabilities where domain names belonging to other users were transferred or can be hijacked multiple times. These findings have been some of the most interesting and rewarding aspects of my career in bug bounty hunting.

How do you stay updated with the latest cybersecurity threats and trends?

I rely heavily on platforms like Twitter (X) to stay up to date with the latest cybersecurity threats and trends. Engaging with the vibrant community of security researchers allows me to exchange insights, learn about new vulnerabilities, and stay ahead of emerging threats. Additionally, I actively participate in forums, webinars, and conferences to broaden my knowledge and skills in the ever-evolving field of cybersecurity.

What are the biggest challenges you face in your role as a VAPT specialist, and how do you overcome them?

As a VAPT specialist, one of the biggest challenges is staying ahead of constantly evolving attack techniques and technologies. To overcome this, I prioritize continuous learning and experimentation. I also collaborate with peers, engage in knowledge-sharing sessions, and invest time in research and development. By staying agile and adaptive, I ensure that my skills and techniques remain effective in addressing the diverse cybersecurity challenges encountered in my role.

In fact, this was a key factor in taking the role at Continent 8, being able to collaborate with a team of likeminded individuals, passionate about the cybersecurity landscape and protecting organizations from the ever-evolving threat landscape.

Learn more about our VAPT solution here.

The alarming surge of phishing and how to protect your business

By Featured, UncategorizedNo Comments

BLOG

The alarming surge of Phishing and how to protect your business

The threat of phishing is escalating. Statista reported that there were over 1.62 million unique phishing sites globally in Q1 2023, over 50% higher than the same period in 2022. On top of that, a 2024 survey involving 500 cybersecurity experts indicates a staggering 94% of organizations have faced phishing attacks.

Almost 80% of organizations faced financial implications due to phishing, with 64% experiencing direct monetary loss. Of these incidents, 74% led to disciplinary actions against employees.

Businesses typically spend about 11 months recovering from a phishing attack. With such implications, phishing has now become the primary method for initiating breaches (16%), surpassing stolen credentials (15%), according to data retrieved by IBM. The 2023 data also revealed that data breaches cost an average of over $4.5 million.

Types of phishing attacks

Phishing attacks come in various forms. Each of these has its own distinct characteristics. Here are some common types:

  1. Email Phishing: The most common type, where attackers send fraudulent emails resembling those from reputable sources. These emails aim to trick recipients into revealing sensitive information, such as passwords or credit card numbers.
  2. Spear-Phishing: A targeted form of phishing. Attackers personalize emails to specific individuals, often using personal information for authenticity. The goal is to steal data or install malware on the target’s device.
  3. Whaling: A specialized spear-phishing attack targeting high-profile individuals like executives. Whaling attacks often involve crafting highly sophisticated emails that address specific business concerns or personal interests of the target.
  4. Smishing (SMS Phishing): This type of phishing attack uses text messages instead of emails. Smishing messages often create a sense of urgency, prompting recipients to disclose personal information or click on a malicious link.
  5. Vishing (Voice Phishing): Conducted via phone calls. Attackers pretend to be from legitimate organizations, seeking personal or financial information. They often use fear tactics, like threatening legal action.
  6. Quishing: This involves the use of fake or manipulated QR codes whereby hackers carry out fraudulent activities, such as malware spreading or taking personal information.
  7. Pharming: Here, attackers redirect users from legitimate websites to fraudulent ones. This is typically achieved by exploiting vulnerabilities in DNS servers.
  8. Clone Phishing: Involves creating a nearly identical replica of a legitimate email with a safe attachment or link replaced by a malicious one. It often claims to be a resend or updated version of the original.
  9. Angler Phishing: Uses social media platforms for attacks. Fraudulent social media posts or messages, often pretending to be customer service accounts, aim to extract personal information from victims.

Well-known cases of phishing

Deepfake video attack

A multinational company recently lost $26 million after a Deepfake fooled employees, fabricating representation of the CFO and others. The scammers convinced the victim to make a total of 15 transfers to five different Hong Kong bank accounts, according to reports. The company attacked has not been identified.

Colonial Pipeline attack

In May 2021, the Colonial Pipeline ransomware attack starkly demonstrated the real-world impact of cyber attacks. The attack disrupted fuel supply across the East Coast of the United States. The breach, which likely began with a phishing email, compromised the company’s business network and billing system. Despite Colonial Pipeline paying about $4.4 million for a decryption key, the ripple effects were far-reaching.

The shutdown, lasting a week, halted the delivery of around 20 billion gallons of oil valued at about $3.66 billion. This incident spiked petrol prices and left over 10,000 petrol stations without fuel even after operations resumed. CEO Joseph Blount, in an interview with The Wall Street Journal, acknowledged the wider economic toll and defended his controversial decision to pay the ransom. This attack ranks as one of the most financially devastating phishing incidents ever.

NotPetya Malware attack

June 2017 saw the onset of NotPetya, a catastrophic cyber attack that rapidly spread across more than 60 countries. Originating as a supply chain attack through Ukrainian accounting software, NotPetya targeted Windows-based systems, encrypting hard drives and demanding ransoms. Unlike typical ransomware, NotPetya, likely a state-sponsored Russian wiper malware, rendered data irretrievable. This caused unprecedented damages exceeding $10 billion. Major companies like Maersk, Merck and FedEx suffered immense losses.

Sony Pictures attack

In November 2014, Sony Pictures fell victim to the ‘Guardians of Peace’ hacking group. The attackers gained access through phishing emails, eventually leaking 100 terabytes of sensitive data. The emails, disguised as communications from Apple, deceived top executives into providing their credentials on a fake website. This breach not only exposed employee and film information but also included a demand to withdraw “The Interview” under threats of violence. The total damages to Sony Pictures from this cyberattack were estimated to exceed $100 million.

Facebook and Google scam

Evaldas Rimasauskas, a Lithuanian man, orchestrated a cunning business email compromise (BEC) scam against Facebook and Google, defrauding them of over $100 million. Between 2013 and 2015, Rimasauskas and his associates created convincing forged email accounts. They pretended to be Quanta Computer, a real vendor for both tech giants. Through elaborately crafted phishing emails containing bogus invoices and contracts, they deceitfully billed millions of dollars. The scam resulted in these companies transferring the funds to Rimasauskas’ sham company accounts spread across multiple countries.

FACC business email compromise attack

In 2016, FACC, an Austrian aerospace manufacturer, was hit by a severe BEC attack. Impersonating the CEO, attackers convinced an employee to transfer roughly $50 million for a fake acquisition project. While $10 million was salvaged at the last minute, the company still suffered significant financial damage and the CEO was subsequently dismissed.

Tips to combat phishing

Phishing poses a significant threat to businesses of all sizes. However, companies can effectively combat this pervasive cyber threat through a blend of technological solutions, employee education and vigilant practices. Here’s what businesses can do to combat phishing:

  1. Recognize phishing scams: Stay informed about new phishing techniques and their common features. Regular updates and training can help you identify these threats early.
  2. Provide security awareness training: Technical defenses alone can’t stop phishing. Educate employees about phishing dangers and teach them to report suspicious activities. Regular simulated phishing exercises can test and enhance your team’s readiness.
  3. Strong passwords and Two-Factor Authentication: Encourage unique, complex passwords for each account and discourage password sharing. Implement two-factor authentication for an added security layer.
  4. Heed update alerts: Don’t ignore software update notifications. These updates often contain vital security patches protecting against the latest cyber threats.
  5. Be careful with emails and links: Avoid emails and links from unknown sources. Verify links by hovering over them and avoid clicking unless sure of their safety.
  6. Avoid unsecured websites: Don’t share sensitive information on websites without HTTPS encryption or a visible security certificate. There is a closed padlock icon on the URL bar when the website has HTTPS certification.
  7. Ignore pop-ups: Pop-ups can be phishing attempts. Use ad-blockers to prevent them and avoid clicking on any that slip through.
  8. Regularly change passwords: Regularly updating your passwords can prevent ongoing unauthorized access, especially if your accounts have been compromised without your knowledge.
  9. Deploy Anti-Phishing tools: Use anti-phishing technologies to block fraudulent sites and emails. Combine desktop and network firewalls for comprehensive protection from external threats.

SafeBait: How C8 Secure can help

Partnering with C8 Secure can significantly enhance your company’s defense against phishing attacks. Our SafeBait service offers a comprehensive, managed solution that focuses on both technological and human elements. Our key features include:

  1. Simulation: Customized simulations help combat various social engineering threats. Our Phishing Simulator offers AI-driven scenarios in over 160 languages. We also have an Email Threat Simulator that strengthens email gateways against cyber attacks.
  2. Awareness training: Focusing on the human element, C8 Secure’s training includes MFA, Smishing, Vishing and Quishing Simulators. These simulate real-life scenarios and enhance staff’s ability to identify and respond to threats. On top of that, a Security Awareness Training Platform with interactive modules fosters a security-conscious culture.
  3. Threat sharing: C8 Secure’s Threat Sharing Platform allows for a collaborative defense ecosystem, where clients exchange threat intelligence. This unique approach allows our ecosystem to improve its collective security measures.

Choose C8 Secure’s SafeBait for advanced, all-around defense against phishing. Our simulations, awareness training and threat-sharing platform build a secure, informed company environment. Get in touch today info@c8secure.com.

RECENT POSTS

A year in review: Cybersecurity trends and challenges in 2023

17 November, 2023

The year 2023 marked a significant evolution in the cybersecurity landscape as it adapted to an array of emerging digital threats.

READ MORE

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


Safeguard your business against cyber attacks caused by human error

By Featured, UncategorizedNo Comments

BLOG

Safeguard your business against cyber attacks caused by human error

October is Cybersecurity Awareness Month, a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity. This year’s theme is how to keep yourself cyber safe.

As the world becomes more reliant on digital technology, businesses, both large and small, face a growing risk of cyber attacks. A frequent weak point that attackers target is mistakes made by employees. This blog will outline effective strategies to keep your business safe.

Human error is an ever-present risk in cybersecurity. Whether it’s clicking on a suspicious link, falling victim to a phishing scam, or inadvertently sharing sensitive information, employees can unintentionally open the door to cyber threats.

IBM Security X-Force Threat Intelligence Index 2023 revealed that attempts to hijack threads in emails doubled in 2022 from the 2021 data, which highlights that cybercriminals are exploiting the human error factor within a system. The research also showed that ransomware was the most common attack, accounting for 17% of all incidents. Phishing emerged as the preferred choice for cybercriminals, with over 40% of all attacks employing this deceptive tactic.

Cyber attack cases due to human error

Victims felt the pressure in 27% of cyber attacks. This is why cybercriminals often focus on their extortion efforts. One notable example of such extortion tactics was demonstrated by the digital extortion gang Lapsus$ in early 2022. This group, which had surfaced in December, launched an extensive hacking spree, targeting high-profile and sensitive companies like Nvidia, Samsung, and Ubisoft.

They stole valuable source code and data and leaked it as part of their apparent extortion schemes. Their spree peaked in March when Lapsus$ announced its successful breaches of Microsoft Bing and Cortana source code. The group also compromised a contractor who had access to the widely used authentication service Okta. These attackers, suspected to be based in the United Kingdom and South America, primarily relied on phishing attacks to gain entry into their targets’ systems.

In February 2021, one of Silicon Valley’s oldest and renowned venture capital firms, Sequoia Capital, was hacked. This occurred due to human error. The hackers were able to access the company’s investors’ financial and personal information. The attack succeeded after one of the company’s employees was victim to a phishing email.

In August 2019, Toyota Boshoku Corporation, a subsidiary of Toyota Group in Europe, suffered a massive attack that cost the company almost $40 million. The attackers used a fraudulent fund transfer to steal from the company. They were able to use the funds after posing as a business partner. The hackers then sent phishing emails to the finance and accounting departments of the company.

Effective strategies to combat cyber attacks and human error

Cyber attacks are becoming more sophisticated. As IBM’s report showed, human error remains a significant vulnerability. To safeguard your company’s sensitive data and maintain your reputation, it’s imperative to implement robust cybersecurity measures such as:

1. Comprehensive employee training

The first line of defense against cyber threats is a well-informed workforce. Provide your employees with thorough training on cybersecurity best practices. This should encompass recognizing phishing attempts, understanding password hygiene, and staying updated on the latest threats. Regular workshops and seminars can go a long way in keeping your staff vigilant.

2. Strong password policies

Weak or easily guessable passwords are an open invitation to cybercriminals. Encourage the use of complex passwords with a combination of letters, numbers, and special characters. Implement multi-factor authentication (MFA) wherever possible to add an extra layer of security.

3. Regular software updates

Neglecting software updates can leave your organization vulnerable to cyber threats. Outdated software often contains known vulnerabilities that cybercriminals can exploit. To mitigate this risk, make it a standard practice to ensure that all your applications and systems have the latest security patches. Whenever possible, automate this process to reduce the chance of human error or oversight. By staying up-to-date, you not only enhance security but also benefit from improved software performance and functionality.

4. Robust Firewall and EDR/MDR

A reputable firewall paired with an EDR (Endpoint Detection and Response) or MDR (Managed Detection and Response) solution can help strengthen your prevention and response posture . These tools provide continuous monitoring of network traffic, detecting, and promptly addressing malicious activities. Utilize behavioral anomaly detection to identify unusual user behaviors, which can indicate compromised accounts. It’s crucial to maintain and regularly update these security solutions to adapt to your organization’s evolving needs and the ever-changing threat landscape.

5. Data encryption

Sensitive data is cybercriminals’ favorite target, and data breaches can have severe consequences. To protect your critical information, implement encryption protocols. Encryption ensures that data remains indecipherable to unauthorized individuals without the appropriate decryption keys. By applying encryption both in transit (when data is being transmitted between systems) and at rest (when data is stored), you add an extra layer of security.

6. Incident response plan

No organization is immune to security breaches, so it’s vital to prepare for the worst-case scenario. Developing a comprehensive incident response plan helps you outline the steps to take in the event of a security breach. This plan should encompass communication protocols, strategies for containing the incident, and procedures for recovering from it. Being well-prepared minimizes the impact of a breach and demonstrates your commitment to cybersecurity, instilling trust among stakeholders.

7. Regular security audits

Proactive measures are essential to maintain a secure environment. Regularly conducting security audits and penetration testing helps identify vulnerabilities in your systems before cybercriminals can exploit them. Stay ahead of potential threats by identifying weaknesses and addressing them promptly. This proactive approach enhances your overall security posture. This also makes it more difficult for attackers to find and exploit vulnerabilities.

8. Employee accountability

Employees play a crucial role in your organization’s cybersecurity efforts. Hold them accountable for their actions within the digital landscape. Implement user activity monitoring and enforce strict access controls to prevent unauthorized data access. By doing so, you not only reduce the risk of insider threats but also foster a culture of responsibility and security awareness among your workforce. Employees who understand their role in protecting digital assets become valuable allies in the ongoing battle against cyber threats.

9. Vendor security assessment

If your business relies on third-party vendors or cloud services, like Continent 8, assess their security measures rigorously. Ensure they adhere to high cybersecurity standards to prevent potential vulnerabilities throughout your supply chain.

10. Cybersecurity culture

Building a cybersecurity-conscious culture is essential in safeguarding your organization’s digital assets. It involves instilling a sense of vigilance and responsibility in every employee. Encourage all team members to proactively identify and report any suspicious activities they encounter. Recognize and reward those who diligently follow security protocols, as this reinforces the importance of cybersecurity throughout the organization.

11. Continuous education

Cyber threats evolve rapidly, so it’s crucial to stay informed. Encourage your IT team to prioritize continuous education. This means keeping up-to-date with emerging threats and staying informed about the latest cybersecurity technologies. Investing in ongoing training and professional development empowers your IT professionals to effectively combat new and sophisticated cyberattacks. Knowledge is a powerful defense, and a well-informed team can proactively adapt and strengthen your organization’s security measures.

12. Incident documentation and analysis

When a security incident occurs, responding swiftly and methodically is important. After a security incident, document the event and conduct a thorough analysis. This analysis is a valuable learning tool, enabling your organization to make informed decisions about strengthening its security posture. Implement necessary measures to prevent similar incidents in the future, turning each security breach into an opportunity for growth and improved resilience.

RECENT POSTS

ChattyGoblin: A new threat to iGaming and how C8 Secure can help

19 Jul, 2023

The iGaming industry is under a new threat. A malicious campaign, dubbed “ChattyGoblin,” has been targeting Southeast Asian gambling operations since October 2021.

READ MORE

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


ChattyGoblin: A new threat to iGaming and how C8 Secure, can help

By Featured, UncategorizedNo Comments

BLOG

ChattyGoblin: A new threat to iGaming and how C8 Secure, can help

Craig Lusher, Senior Product Specialist – Secure, Continent 8 Technologies

The iGaming industry is under a new threat. A malicious campaign, dubbed “ChattyGoblin,” has been targeting Southeast Asian gambling operations since October 2021. The threat actors, backed by China, have been using chatbots to target customer support agents of these companies. This article will discuss the ChattyGoblin threat in detail and highlight how Continent 8 and C8 Secure’s products and services can help protect our customers in the iGaming industry.

The ChattyGoblin campaign was first identified by researchers at ESET. The threat actors primarily rely on Comm100 (first identified by CrowdStrike) and LiveHelp apps to carry out their attacks. In one particular attack in March 2023, a chatbot was used to target a gambling company in the Philippines. The initial dropper deployed by the attackers was written in C#, named agentupdate_plugins.exe, and was downloaded by the LiveHelp100 chat application. The dropper deploys a second executable based on the SharpUnhooker tool, which then downloads the ChattyGoblin attack’s second stage, stored in a password-protected ZIP archive. The final payload is a Cobalt Strike beacon using duckducklive[.]top as its C&C server.

The ChattyGoblin campaign is a clear example of the evolving threat landscape in the Asian iGaming industry. As the industry changes and evolves in the region, so do the motives and techniques of threat actors. This is where our products and services come into play.

We offer a range of cybersecurity solutions that can help protect our customers from threats like ChattyGoblin. Our Security Operations Center (SOC) and Security Information and Event Management (SIEM) services provide round-the-clock monitoring and threat detection. By continuously monitoring network traffic and analysing event data, our SOC/SIEM services can identify suspicious activities and respond to threats in real-time, thereby preventing or minimising damage.

In addition to our SOC/SIEM services, our Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) services provide comprehensive protection for endpoints. These services can detect and respond to threats on endpoints, such as workstations and servers, where the ChattyGoblin attack initiates. By monitoring endpoints and responding to threats quickly, we can prevent the initial dropper from deploying and stop the attack in its track and before it moves laterally.

Furthermore, our Web Application and API Protection (WAAP) service can protect web applications and APIs, which are often targeted in attacks like ChattyGoblin. By protecting these critical assets, we can prevent threat actors from exploiting vulnerabilities and gaining access to our customers’ systems.

The ChattyGoblin campaign and other similar Artificial Intelligence (AI) based attacks represent a significant threat to the iGaming industry. However, with the right security measures in place, this threat can be effectively managed. At Continent 8, we are committed to providing our customers with the highest level of protection. Our SOC/SIEM, EDR/MDR, and WAAP services are designed to detect and respond to threats quickly and effectively, ensuring our customers can operate safely and securely.

As we continue to navigate the evolving threat landscape, it is essential to stay ahead of the curve. This requires not only robust security measures but also a commitment to continuous learning and adaptation.

At Continent 8 and through C8 Secure we are dedicated to staying at the forefront of cybersecurity trends and threats, ensuring we can provide customers in the iGaming industry with the most effective and up-to-date protection. As part of this commitment, we will continue to monitor and analyse threats like ChattyGoblin, adapting our services as necessary to provide the best possible protection for our customers.

RECENT POSTS

Securing a decentralized future: The importance of cybersecurity in Web3

7 Jun, 2023

The dawn of the decentralized web is upon us, and the rise of Web3 technology is a testament to this fact. Web3 is an alternative to today’s highly censored internet and is becoming increasingly popular, which calls for urgent measures to ensure that the foundation of this revolution remains secure and trustworthy.

READ MORE

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started