20th April Cybersecurity News: Threats and Defenses

Attacks, Vulnerabilities, and Analysis Tools, CISO must know

Author

Pam C
April 21, 2024

This weekend's ZeroDay Alert newsletter highlights several significant cybersecurity developments. A Russian APT group's attack on a US automotive manufacturer was foiled. The Akira Ransomware gang, now targeting Linux systems, has amassed $42 million in extortions.  A new attack campaign exploits a Fortinet vulnerability.  Additional resources offer guidance on conducting advanced static analysis in a malware sandbox and highlight the security risks posed by GenAI integration in SaaS applications.

Table of Contents

Russian APT Group Thwarted in Attack on US Automotive Manufacturer

The article discusses a cyberattack by a Russian APT group that targeted a US automotive manufacturer. The attackers gained access by tricking employees into clicking a malicious link. The attack was stopped before any ransomware was deployed. Source:

Strengthen Linux security, update systems, back up data, train employees, prepare incident responses, and collaborate with cybersecurity firms. Source : Source :

New attack campaign exploits Fortinet FortiClient's SQL injection vulnerability (CVE-2023-48788) to deploy ScreenConnect and Metasploit Powerfun script. Source

The article on The Hacker News details how to conduct advanced static analysis in a malware sandbox. It explains the value of sandboxes not just for dynamic, but also static analysis of malware, providing specific examples like detecting threats in PDFs, investigating LNK files, analyzing suspicious emails, scrutinizing Office documents, and examining contents of malicious archives. Techniques include extracting URLs from PDFs, examining email headers, and analyzing embedded macros in Office files. The sandbox ANY.RUN is featured for its capabilities in both static and dynamic malware analysis. Source :

AI is increasingly being used to make ransomware attacks faster and more prevalent, as reported by experts in a U.S. House subcommittee hearing. This technology is not only enabling more sophisticated attacks but is also lowering the barrier to entry for criminals, contributing to record levels of online crime. There's a growing concern over AI-powered attacks, including the use of deepfakes in ransomware operations. The response includes proposals for more resources for law enforcement, tax credits for cybersecurity measures, and enhanced training for cybersecurity professionals.For more details, you can read the full article here

The rapid integration of Generative AI (GenAI) tools into SaaS applications is raising significant cybersecurity concerns. While GenAI enhances productivity and innovation, it also expands potential security vulnerabilities, including IP leakage and data exposure. The article discusses the widespread adoption of these tools, the risks they pose, and the necessary shift towards robust security frameworks like Zero Trust to manage these risks. It also covers the government's response and the importance of AI governance.

For more details, you can read the full article here.

Market Information / CISO Key read

Latest April 2024 cybersecurity market research for CISOs:

Aligning Security with Business Objectives

CISOs need to align their security strategies seamlessly with the core business mission and goals to maximize ROI. Failure to do so can lead to resource misallocation, missed opportunities, and fragmented security efforts. Source: 

Adopting Continuous Threat Exposure Management (CTEM)

By 2026, organizations prioritizing security investments based on a CTEM program will be three times less likely to suffer a breach. CTEM ensures security initiatives proactively defend against potential attacks, enabling effective risk prioritization, cost-efficiency, and demonstrating tangible value. Source :

Leveraging Automation

Automation is a game-changer, reducing costs, minimizing potential losses, enhancing scalability, improving consistency, and enabling better resource allocation. Tapping into automation's power directly contributes to maximizing cybersecurity ROI. Source:

Communicating Effectively with the Board

CISOs must improve how they communicate cybersecurity concepts to boards in a non-technical, engaging way. Highlighting real-world consequences, explaining social engineering tactics, and offering concrete examples can help secure long-term board support for initiatives like awareness training.[5]

Quantifying Cyber Risk

Cyber risk quantification simplifies the communication of risk exposure to business leaders. It enables data-driven decision-making, facilitates cost-benefit analyses, and justifies security investments by tying them to potential financial impacts. Source:

By focusing on these key areas, CISOs can navigate the complex cybersecurity landscape more effectively and maximize the return on their security investments.

What Cybersecurity Chiefs Need From Their CEOs

According to a PwC report, only 30% of CISOs feel they receive sufficient support from their CEO. Source:

Financial Insights on Cybersecurity Companies:

Cyber Security Stock of 2024: CRWD

CrowdStrike Holdings, Inc. (CRWD) A leader in cloud-native endpoint and workload security. Crowdstrike's Falcon platform utilizes AI and machine learning for superior threat detection and prevention.

BeyondTrust, an intelligent identity and access security firm, has acquired Entitle, a provider of privilege management solutions. The acquisition aims to integrate Entitle’s JIT access and identity governance into BeyondTrust’s platform. This will address challenges of privileged access management (PAM).Source:

HackerOne -New Cybersecurity start up

Started in 2019 , based out of San Francisco, California, North America, Current Series $159.4M (Series E), 5 years search growth at 98 %

HackerOne offers a unique business model that connects hackers with large enterprises seeking to test their cybersecurity competency, providing solutions ranging from compliance to attack surface testing. The company primarily serves the financial services industry and government sectors.

Footer:
Thank you for reading the ZeroDay Alert Zone Newsletter. Stay tuned for more cybersecurity updates in our next edition! 

Don't miss out on the latest cybersecurity updates and insights! Subscribe to the ZeroDay Alert Zone Newsletter today and stay ahead of evolving cyber threats. From implementing Zero Trust controls to financial insights on cybersecurity stocks, our newsletter delivers valuable information straight to your inbox. Join us in safeguarding your digital world. Subscribe now]