In the Digital Identity Compass, we point you to developments in the world of Digital Identity, or Identity & Access Management.
Inhoudsopgave
Workforce Identity
Privileged Access Management
Customer Identity and Access Management
Zero Trust & Network Security
Government
Other developments
Podcast tip of the month
Cloudflare Hacked by Suspected State-Sponsored Threat Actor
Cloudflare disclosed a security breach where threat actors, likely state-sponsored, used stolen credentials from the Okta hack to access internal systems. The attackers probed Cloudflare's networks, accessing AWS, Atlassian Jira, and Confluence, but were thwarted from accessing critical systems. They downloaded code repositories related to network configuration and management but didn't exfiltrate data. Cloudflare swiftly terminated unauthorised accounts, rotated thousands of credentials, and enhanced security measures. Despite attempts to access numerous systems, no evidence suggests compromise beyond the Atlassian suite. CrowdStrike's investigation corroborated these findings. Cloudflare's response included system re-imaging, network segmentation, and heightened security protocols. Although equipment in a Brazilian data centre was not compromised, it was replaced as a precaution. The attack's aim was likely to gather infrastructure information for deeper access.
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks
Between November and December 2023, threat actor group ResumeLooters executed SQL injection attacks to pilfer over two million email addresses and personal data from 65 websites, predominantly in India, Taiwan, and Thailand. They targeted retail, recruitment, and various other sectors, mirroring tactics of GambleForce. Unlike GambleForce, ResumeLooters injected XSS scripts into legitimate job search sites, aiming to harvest administrative credentials and execute phishing attacks. They utilized open-source tools and penetration testing frameworks. Notably, they created fake employer profiles and injected XSS code into fake CVs to compromise websites. Group-IB traced their activities to Chinese-speaking hacking-themed Telegram groups, where they sold stolen data.
LastPass Warns on Password App Discovered in Apple App Store
LastPass warns users about a fraudulent app named "LassPass Password Manager" found on the Apple App Store. The legitimate LastPass is a password manager tool allowing secure storage of multiple passwords behind a master password. The fake app closely resembles the official one but has misspellings in descriptions and only one rating, with a different developer listed. LastPass, with 52,300 ratings and LogMeIn as the developer, distinguishes itself. While not a perfect imitation, its presence on the App Store is worrying, potentially misleading users. LastPass suggests the risk of data theft from the fraudulent app. The company is taking steps to remove it, emphasizing the importance of user vigilance.
Top 5 Data Security Incidents of 2023 and Predictions for 2024
SecurityWeek’s Cyber Insights 2024 delves into major issues facing cybersecurity professionals, focusing on the evolving landscape and key challenges. This year's edition examines pressures on CISOs, including new SEC liability rules, and covers seven primary topics. Among these, supply chain cybersecurity emerges as a critical concern, with a growing threat landscape and government responses led by the US’ CISA. The report highlights complexities within the supply chain, vendor consolidation, and threats from criminal gangs and nation-states. It also discusses challenges and potential solutions related to software and hardware supply chains, emphasizing the importance of initiatives like the software bill of materials (SBOM) in reducing risk. Despite growing threats, there's optimism for future improvements through increased transparency and collaboration within the cybersecurity community.
Verizon Says Data Breach Impacted 63,000 Employees
Around 63.000 Verizon employees were affected by a breach discovered three months after occurring in September 2023. The breach, labelled as ‘inadvertent disclosure’, was caused by an insider threat accessing files containing sensitive information like Social Security numbers and compensation details. Verizon assured no evidence of misuse or external sharing exists. Verizon is notifying affected individuals and enhancing technical controls. Jim Alkove, CEO of startup Oleria, emphasizes the necessity for a cultural shift towards restricting access and adopting a modernized approach to security tools. It suggests limiting access privileges, indicating not all executives require constant access to all information. Additionally, it advocates for embracing autonomous technology to enhance security measures.
Delinea to Acquire Fastpath to Revolutionize Privileged Access and Identity Governance
Delinea is acquiring Fastpath to enhance PAM with IGA, improving policy management, contextual authorization, and access controls for heightened security and risk mitigation. This strategic move, following Delinea's recent acquisition of Authomize, aims to offer a robust, AI-driven authorization security platform, addressing challenges in managing decentralized identities and reducing cybersecurity risks. The integration of Fastpath's IGA capabilities with Delinea's existing technologies positions the company to provide profound insights and control mechanisms over user access, facilitating automated remediation and enhancing data security and compliance.
Gartner: Three top trends in cyber security for 2024
ComputerWeekly.com, 21 February 2024
Gartner outlines three key cybersecurity trends for 2024: the rise of generative AI, the importance of continuous threat exposure management (CTEM), and the evolution of identity and access management (IAM). These trends reflect the need for security and risk management leaders to adapt to disruptions across technological, organizational, and human fronts. The integration of generative AI introduces new attack surfaces and requires organizations to address privacy concerns and potential threats. CTEM programs are expanding to manage the growing attack surface, focusing on business-aligned objectives and communication with senior leaders. IAM is evolving towards an identity-first approach, emphasizing fundamental hygiene and resilience improvements. Overall, Gartner advises a strategic and human-centric approach to cybersecurity, with a focus on continuous risk management efforts and alignment with business objectives.
Microsoft Adds Face Check to Entra Verified ID
Microsoft has introduced Face Check to its Entra Verified ID service, providing verifiable credentials for various claims like employment, education, certifications, and residence. This feature, currently in public preview, employs Azure AI Face API for real-time "liveness detection" selfie authentication against trusted identity documents, aiming to thwart impersonation and account takeover. Gartner predicts integration of Identity Verification (IDV) into access management by 2027, potentially reducing account takeover attacks by 75%. While privacy concerns persist, Microsoft's Ankur Patel describes Face Check as a "privacy-respecting facial-matching feature for high-assurance verifications" boasting a 91% accuracy rate. Gartner believes that the benefits of such solutions outweigh privacy concerns.
How is CIAM a Critical Part of DNBs’ Digital Transformation Strategy?
Security Boulevard, 15 February 2024
For Digitally Native Businesses (DNBs), CIAM is vital in their digital transformation journey. DNBs rely heavily on seamless customer experiences balanced with robust security, foundational elements of CIAM. In a highly competitive market, customer loyalty hinges on offering streamlined digital experiences. DNBs often debate outsourcing CIAM services for cost savings and expert advice, alleviating strain on internal teams.
Zscaler introduces Zero Trust SASE
Zscaler is introducing Zero Trust SASE, a new service aimed at minimizing cyber risks for businesses while simplifying traditional SD-WAN setups. This offering implements a zero-trust architecture, ensuring that all connections undergo authentication before being granted access. Leveraging Zscaler's Zero Trust Exchange platform, it provides protection against cyber threats and utilizes AI for ongoing risk assessment. Zero Trust SASE combines a Security Service Edge platform with Zero Trust SD-WAN to facilitate secure connectivity without the need for complex routing or additional firewalls.
How Zero Trust Network Access Promotes Cyber Resilience Across the Enterprise
The Fast Mode, 21 February 2024
The article discusses how Zero Trust Network Access (ZTNA) enhances cyber resilience in enterprises. Aaron Bugal, Field Chief Technology Officer at Sophos, highlights the importance of ZTNA in today's connected environment, emphasizing the need to move beyond traditional perimeter security. ZTNA requires organizations to evaluate device health and enforce strict access policies, leading to improved cyber resilience. Bugal also emphasizes the significance of traffic visibility for ZTNA vendors, enabling them to identify unauthorized applications and mitigate security risks. This interview is part of The Fast Mode's segment on Next-Gen DPI Traffic Visibility for ZTNA, featuring insights from various cybersecurity and networking experts.
UK, France Host Conference to Tackle ‘Hackers for Hire’
Britain and France are jointly hosting a conference in London to combat the growing threat of "hackers for hire" and the proliferation of cyberattack tools. Representatives from 35 nations and leaders from tech giants like Apple and Google are attending to address the commercialization of cyber snooping, recognizing its implications for international security and human rights. The event aims to foster joint action through initiatives like the Pall Mall process, which is an international agreement that has been signed by to show their willingness to collaborate.
Commission evaluating role of ENISA amid deadlock over cyber certificates
The European Commission is seeking feedback on Europe's Cyber Security Agency ENISA's performance and scope as EU countries grapple with voluntary cybersecurity certification schemes. The consultation aims to evaluate ENISA's effectiveness, mandate adjustments, and financial implications. With the EU's Cybersecurity Act up for review, the questionnaire seeks input on ENISA's leadership, guidance to member states, and adequacy of its size for its responsibilities amidst slow progress in certification schemes and tensions over sovereignty requirements in cloud services.
Law enforcement disrupt world’s biggest ransomware operation
Law enforcement from 10 countries has disrupted the LockBit ransomware group, known for its extensive cybercrime operations. Coordinated by Europol and Eurojust under 'Operation Cronos,' the operation dismantled LockBit's infrastructure, arrested key individuals, and froze over 200 cryptocurrency accounts. The investigation aims to target the group's leaders and affiliates. Decryption tools developed by law enforcement are available on the ‘No More Ransom’ portal to aid victims. Reporting cybercrime promptly and implementing robust cybersecurity measures are emphasized.
Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
Office of Public Affairs U.S., 15 February 2024
In January 2024, a court-approved operation neutralized a network of SOHO routers which were used by GRU Military Unit 26165 to conceal and enable a variety of cybercrimes. These crimes included spearphishing campaigns and credential harvesting which targeted governments and corporations. Using the Moobot malware, the GRU repurposed a botnet originally created by criminal groups for global cyber espionage. The operation, led by the Department of Justice, halted GRU's access to the compromised routers and restricted remote management access. The FBI advises router owners to take precautions to safeguard themselves from similar cyber threats.
Ex-Employee’s Admin Credentials Used in US Gov Agency Hack
SecurityWeek, 16 February 2024
The US cybersecurity agency CISA revealed that a threat actor penetrated a US government organization's network using compromised credentials from a former employee's administrative account. With these credentials, the attacker gained access to an internal VPN, conducted reconnaissance, and executed LDAP queries on a domain controller. The organization's failure to remove the former employee's account allowed the threat actor to gather critical information. Additionally, compromised credentials, sourced from a separate data breach, provided access to SharePoint and another employee's workstation. Administrative privileges were acquired after the attacker extracted credentials from SharePoint. Stolen data was subsequently posted on a dark web forum, prompting an investigation, and resulting in the disabling of compromised accounts.
US Government Expands Role in Software Security
The Biden administration is pushing for stronger public-private partnerships to enhance US information-technology infrastructure. They advocate for companies to adopt memory-safe programming languages like Python, Java, and Rust to mitigate vulnerabilities. The initiative aims to shift cybersecurity responsibility to those best positioned to defend cyberspace and improve incentives for companies to invest in security. However, creating standardized security metrics remains challenging. The administration emphasizes collaboration between sectors to promote more secure software. Nonetheless, caution is needed to avoid unintended consequences, as seen with the EU's Cyber Resilience Act, which faced criticism for potentially undermining software security.
Ransomware Payments Surpassed $1 Billion in 2023: Analysis
In 2023, ransomware payments surged to over $1 billion, doubling from the previous year, according to Chainalysis, which analyzed cryptocurrency wallets used by cybercrime groups. Despite a drop in 2022, attributed to factors like data backups and cyber insurance, 2023 marked a record high due to increased attack frequency and sophistication, involving 538 new ransomware variants. Cybercriminals target high-value organizations for bigger payments, facilitated by ransomware-as-a-service and initial access brokers, while money laundering methods have evolved to include centralized exchanges, mixers, and new services like bridges and instant exchangers. Chainalysis suggests monitoring initial access brokers could provide early warning signs for potential interventions against ransomware attacks.
The richer the country, the more ransomware
The Center for Cybersecurity Belgium (CCB) concludes after research that there is a strong correlation between a country's wealth and the number of ransomware victims. Countries with higher gross domestic product (GDP) tend to have more victims. North America and Europe are disproportionately affected, with eighty percent of victims in these regions. Although the Netherlands has relatively fewer victims than some other European countries, ransomware remains a major cyber threat of concern to businesses and organizations. The number of ransomware victims has more than doubled since 2021, according to the study.
NIST Releases Version 2.0 of Landmark Cybersecurity Framework
The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF), aimed at helping all organizations manage and reduce cybersecurity risks. This update expands the framework's scope to include governance and provides tailored resources for different types of users. The CSF 2.0 supports the implementation of the National Cybersecurity Strategy and includes a new reference tool for simplified implementation. NIST plans to continue improving its resources based on user feedback, aiming to help organizations better understand and manage cybersecurity risks.
Cyber Insights 2024: APIs – A Clear, Present, and Future Danger
SecurityWeek, 28 February 2024
SecurityWeek's Cyber Insights 2024 report discusses the escalating threat posed by APIs. APIs serve as access points for applications, but their widespread use makes them vulnerable to cyberattacks. Factors contributing to this threat include easy accessibility for hackers, API sprawl (uncontrolled proliferation of APIs), and the need for speed in API development. Additionally, the report highlights the lack of prioritization of API security, with many organizations neglecting proper defenses. SecurityWeek predicts that API attacks will continue to increase due to the expanding attack surface and the emergence of new vulnerabilities. The integration of AI by attackers is expected to further exacerbate the API security landscape. Ultimately, the report emphasizes that API attacks represent a significant and growing threat in 2024.
Podcast tip - Human Hacking
On the "Human Hacking" podcast, Dave Bittner and Joe Carrigan delve into the realm of social engineering scams, phishing schemes, and criminal exploits that are causing a stir in the cybersecurity world and wreaking havoc on organizations globally.
