Month: July 2024

How businesses can get back on time quickly following a ransomware attack or similar disaster.

Cyberattacks are an inevitability. Every day, thousands of businesses are threatened, and malevolent actors manage to penetrate defenses, stealing information and destroying infrastructure.

Too many businesses (and security professionals) are exclusively focused on reinforcing that wall, the barriers that will prevent unwanted entries. These have a place but can’t be the entire solution. Infiltrations will happen – the vast majority of victims of cybersecurity attacks already have some sort of defense in place – what matters then is how quickly businesses can get back online.

A particularly disruptive form of attacks are ransomware. Hackers plant malware on systems, which can make it impossible to access information. They demand a bounty, usually in cash or even more likely crypto, to remove blocks on the information. If not paid, data can be destroyed – or sensitive data can be leaked to the competition or the public. In fact, this can happen even if companies can pay up.

What makes ransomware so disruptive is that it can remove access to mission-critical information for an unknown amount of time. Hackers frequently target the most valuable, most important data inside a company, which in turn usually makes it the hardest to replace. This could mean weeks or months of critical downtime, with businesses falling behind and incurring unexpected expenses.

With so much at stake, truly comprehensive systems must contain both “proactive” and “reactive” approaches to preventing ransomware attacks. The proactive tools are perhaps more familiar – these include an active cyberdefense training program, along with up-to-date firewalls, intrusion detection systems and malware. But here, we’d like to go into more detail about those reactive tools that can get things back online faster. Together, these constitute truly impactful, effective risk management.

Data lifecycle

Data – increasing amounts of it – is generated from internal and external sources while doing business. Customers, third-party vendors and employees create and modify records that must be stored. This information must be easy to access so authorized users can store it securely and efficiently. There’s an emphasis on primary storage and systems that support high availability and performance. Data-sharing policies must also exist within and outside an organization, identifying who can access specific datasets, under what conditions, and which security measures apply. This helps maintain data security and ensure compliance.

As data ages, it may not need to be accessed as frequently. There should be a consistent, pre-planned schedule for archiving information and moving it to off-site backup facilities. These may not be as instantly accessible, but retrieving the data when needed is still possible. Finally, there needs to be proper procedures in place around data disposal. When data is no longer valuable or required for compliance or other purposes, it must be disposed of securely to prevent unauthorized access or data breaches. Data deletion strategies include data sanitization, where deleted data is cleansed of hidden content, such as metatags and document properties that could pose security risks.

Effective tools

Right in the middle of the data lifecycle is the creation of backup copies of data. The proper way to think about data backup is using the “3-2-1-1” method. This means a total of three types of backups, of which two need to be on different kinds of media (such as network-attached storage, tape, or a local drive), with one copy offsite and one immutable record.

Immutable backups are saved in a write-once-read-many-times format that can’t be altered or deleted – even by hackers and admins. This means bad actors can’t alter records, so they cannot be accessed, as immutable backups are unmodifiable. This significantly limits the leverage that hackers have over organizations and in many cases, should completely eliminate the need for paying ransoms.

Reducing downtime. The benefits of a comprehensive approach should be the ability to reduce or hopefully eliminate downtown after a ransomware attack. Data is frequently backed up, which means systems administrators can easily ‘rewind the clock’ to the exact moment there was an incursion. There’s no need to reconstruct material from scratch or from a backup that could have been days or weeks in the past. The system should be agile and scalable, so it doesn’t need to be replaced as a business changes strategy or goes through a period of rapid growth.

In an ideal world, all data would be safe and businesses wouldn’t need to worry about cybercrime. This is, unfortunately, not the world we all live in. By embracing a multi-factor, multl-modal approach, businesses can feel more secure that a successful penetration of their defenses won’t automatically lead to costly downtime.

We’ve featured the best encryption software.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

Threat actors found selling up to 400 Gen AI account credentials per day.

Hackers have been found selling stolen Generative AI data and account credentials on the dark web, exploiting the technology’s  growing popularity to net big rewards. 

New research from eSentire’s Threat Response Unit (TRU) has identified over 400 account credentials are sold by cybercriminals every day. Primarily obtained from corporate end users’ computers that are infected with infostealer malware which retrieves anything the user has entered into their internet browser. This could include sensitive information such as bank details, financial records, customer data, and log-in information. 

Additionally, if end-users are subscribed to a GenAI service or model, then these credentials are stolen. When an infostealer is used to capture information, the ‘Stealer log’ of stolen data is then sold for around $10. OpenAI credentials are reported to be the most commonly stolen, with an average of 200 daily listings.

LLM Jacking

Elsewhere, findings from security research organisation Sysdig also showed threat actors are also gaining control of extensive numbers of LLMs (Large Language Models) in a process dubbed ‘LLM Jacking’. TRU warns that hacker’s aims are to acquire, resell, and abuse access to LLMs. 

Sysdig has confirmed LLM Jacking often uses a reverse proxy to resell and monetize their LLM access, and has warned an attack of this kind could cost the victim up to $46,000 per day in consumption costs. 

Underground stores like LLM Paradise used this tactic to obtain and sell stolen GenAI credentials, even brazenly advertising on sites like TikTok. Whilst this site has since been closed down, a healthy market ensures many others remain in its place.  

As the use of AI has grown, so too has the threat of cybercriminals discovering new ways to profit from stolen data. Companies are advised to maintain rigorous security measures, such as establishing robust vulnerability management processes, monitoring for suspicious activity, and multi-factor authentication. 

More from TechRadar Pro

Watch out, Android fans – this banking malware threat is masquerading as a Google Play updateHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now

Read More 

If you’re a bit sick of streaming this could be just what you’ve been waiting for

One of the problems with music streaming services is that many of them don’t seem too focused on, y’know, music – so Spotify is trying to compete with Audible as well as podcasting platforms while planning to charge quite a lot more money for decent-quality audio (having already boosted its prices while alienating musicians), Tidal’s heading in a more social media direction and everybody seems to be implementing AI. 

And there are plenty of other issues with streaming and digital music generally, from artists’ tiny royalty payments to issues of ownership and disappearing music. So it’s perhaps not a surprise that more of us are turning away from the best music streaming services and switching to old-school audio formats; not just vinyl, but CD and cassettes too. 

That’s something TEAC has noticed: its TEAC AD-850-SE combined CD player and cassette player/recorder didn’t get tons of attention when it launched the most recent model in 2022, but over the last year or so it’s been going out of stock as soon as new stock is coming in. In some cases, eBay sellers are charging way more for second-hand ones than they go for new, so for example I’m just looking at a Japanese listing offering to sell you one for nearly $950. The US RRP is $549 and it’s £489 in the UK.

If you can get your hands on one, I reckon you’ve got exactly 50% of what you need for a deeply satisfying sonic experience. All you need is an amp and a turntable too – something like the Pro-Ject Juke Box E1, which delivers both in one package, and can also include speakers if you don’t already have your own. I’ve just reviewed that one and it’s a ton of fun.

Brand new retro

Although it’s relatively new (at least, compared to most CD players or tape players) and includes modern features such as USB recording and playback, the TEAC looks like exactly the kind of kit I’d have drooled over in the ’80s or ’90s: it supports chrome and metal tapes (I could bore you to death about those and why a Sony metal tape was absolutely superior to the best chrome TDK ones), it has lots of buttons because buttons are part of the fun, and it has a pitch control so you can turn Metallica into munchkins. You can even use it as a karaoke machine.

There’s only one problem, for me at least. I don’t have tapes any more. I used to have tons of them put precariously on every surface and in every conceivable car cavity, but I got rid of the lot in favor of compact disc – and then I got rid of the compact discs in favour of rips, downloads and streams. I’m back buying CDs again to replenish my collection, but for the stuff I really want I’m swallowing my horror at the prices and getting them on vinyl rather than tape (as are most people, if the popularity of the best turntables is anything to go by).

But if you’ve still got plenty of tapes hanging around, this particular deck, or something like it, could be a good solution to the streaming dilemma: you can use its USB to digitize your cassettes so you can listen on your smart speakers or phone, and if you talk loudly over the end of the songs you can pretend it’s the 1980s and you’re taping new songs from the radio. Once digitized, those songs are still yours – and you don’t need to pay a subscription to listen to them.

If you want something more portable, we recently covered very smart new portable options from Fiio: first the Fiio CP13 portable tape player, and then the new Fiio DM13 portable CD player.

Read More 

In the context of GenAI, the rapid proliferation of APIs can create a broad attack surface that is challenging to defend.

Business businesses increasingly rely on application programming interfaces (APIs) to enable seamless communication and integration between various systems and services. These APIs form the building blocks of online communications used both internally and externally, helping organizations push the boundaries of innovation. A prevailing concept throughout cybersecurity is that organizations cannot protect what they cannot see, which is particularly true for any organization’s API security journey. However, largely due to the growth of Generative AI (GenAI), which has enabled developers to create applications and APIs faster than ever at a vast scale, new risks are being created that current technology is not equipped to keep pace with.

The growth of Generative AI has revolutionized the creation and deployment of APIs, facilitating rapid prototyping, testing, and deployment and significantly accelerating the development cycle. While this accelerated development fosters innovation, it also introduces new risks that current technology may struggle to mitigate. The sheer volume and speed at which APIs are being generated can outpace traditional security measures, creating potential vulnerabilities.

In the context of GenAI, the rapid proliferation of APIs can create a broad attack surface that is challenging to defend. Given the dynamic nature of APIs, particularly those generated through AI, organisations face several challenges in keeping track of their APIs. Continuous updates and changes can make compliance difficult and traditional security tools may not be equipped to handle the evolving API landscape. To ensure security and compliance, organizations must adopt robust API management strategies, including comprehensive visibility, discovery, governance, threat detection and mitigation of all APIs.

API security has many stakeholders

API security is a shared responsibility among several stakeholders within an organization including developers who are responsible for implementing secure coding practices and adhering to security guidelines during API development; security teams who are tasked with monitoring, assessing, and mitigating security risks associated with APIs; operations personnel who ensure that API deployments are secure and compliant with organizational policies; and finally, business leaders who are ultimately responsible for fostering a culture of security, allocating necessary resources, and integrating security into every stage of the API lifecycle.

The involvement of multiple stakeholders in API security, as with many disciplines, can introduce several challenges that organizations must address to ensure a secure and efficient API ecosystem, stemming from varying priorities, responsibilities, expertise levels, and communication channels amongst them. These can be effectively managed through clear communication, collaboration, ongoing training and the adoption of robust security frameworks and tools. By taking a proactive approach, organizations stand a better chance of ensuring their APIs remain secure, compliant – and resilient – against evolving threats.

Risks of inadequate API security and non-compliance

Unsecured APIs are a prime target for attackers, posing a significant risk to organizations from data breaches stemming from unauthorized access to sensitive data. These can result in significant financial and reputational damage, as attackers exploit vulnerabilities to gain access to critical systems. Furthermore, non-compliance with regulations can result in legal consequences and fines.

Relevant regulations include GDPR, for privacy protections, HIPAA to protect medical information and PCI DSS that looks after cardholder data. In the financial sector, the revised PSD2 in the EU mandates that banks and financial institutions open their payment services and customer data to third-party providers through APIs. Therefore, PSD2 profoundly impacts API security, driving the need for robust authentication, encryption, access controls, and continuous monitoring. For financial institutions and third-party providers, ensuring API security is a compliance requirement and a critical component of protecting customer data and maintaining trust.

It’s also essential to stay informed about emerging regulations like the NIS2 Directive, which expands cybersecurity requirements for critical infrastructure providers from October of this year. Additionally, API security is increasingly tied to broader Zero Trust standards and initiatives, emphasizing the importance of strict access controls and continuous monitoring.

Enhancing API security maturity to counter common mistakes

Many organizations struggle with API management due to a lack of comprehensive inventory. Without a complete inventory of APIs, it is impossible to identify and address vulnerabilities. Moreover, APIs are often deployed without meeting robust security standards, exposing them to exploitation. As mentioned, traditional security tools may not keep pace with the dynamic nature of GenAI-generated APIs.

To increase the maturity of their API security programs, organizations should consider adopting a comprehensive API security platform that allows for continuous visibility, discovery, posture governance and behavioral threat detection. Additionally, to bring together dispersed stakeholder groups, making a concerted effort to integrate security into the development lifecycle through designated policies, particularly regarding GenAI, will help embed security throughout the entire API development process. Finally, by conducting regular security assessments, organizations can consistently evaluate the security posture of APIs to identify and mitigate vulnerabilities.

The convergence of GenAI and APIs creates both opportunities and challenges for organizations. By proactively addressing API security concerns and working amongst stakeholders to improve collaboration, communication and governance as well as leveraging API-specific technical controls, organizations can harness the power of GenAI while safeguarding their critical assets and data. Ensuring robust API security is essential for protecting sensitive information, maintaining compliance and fostering a secure business environment without compromising on innovation.

We’ve featured the best business VPN.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More