Cyber Protection Magazine

The ISMS Approach to Effective Cyber-Risk Management - The rapid and continuous advances in information technology are among the greatest drivers of contemporary business. However, as with any technological progress, organizations must remain vigilant in securing these innovations against misuse and failure. As a result, managing cyber risks is a key priority for all enterprises. https://lnkd.in/eRdhkbnu

DDoS on X was avoidable, but inevitable - The DDoS attack on X.com this week provided a certain amount of schadenfreude for people less than enamored by Elon Musk. It also rang alarm bells in the cybersecurity community as that style of attack seems to be making a comeback, and not for financial gain. All indications are corporations, and, in particular, government institutions are not ready to repel attacks motivated by political revenge. Security intelligence company Fletch.ai this week identified multiple ongoing attacks around the world targeting corporations for a variety of political positions, depending on which side the entities supported. Issues include the Ukraine/Russia war, Palestine/Israel, immigration, tariffs and just plain political leanings. Musk blamed Ukrainian hackers for the attack on X (aka Xitter) but because DDoS attacks use multiple servers arrow the globe it is difficult to identify a particular source. However, Fletch and other analysts identify pro-Russian and pro-Chinese hacktivist groups behind most of the attacks using tried-and-true botnets. Cheap and easy Mithilesh Ramaswamy, a senior security engineer at Microsoft, said the cost of compute and cloud infrastructure are cheap now creating a low barrier to entry. “Even renting a botnet or using a DDoS-for-hire service is relatively simple and inexpensive.” Dependency on cloud services also make organizations vulnerable when they rely heavily on third-party services or microservices architectures, he explained, allowing attackers to exploit integration weak points and unleash large-scale disruptions with targeted floods of traffic. Cloudflare reported blocking a record-breaking 5.6 Tbps DDoS attack carried out by a Mirai-variant botnet. The significant increase in DDoS attacks in 2024, with a 53% rise from the previous year, underscores the growing threat. Fletch reported that the BadBox botnet infected over one million Android devices in 2024 “Despite efforts to disrupt it, the botnet continued to grow, indicating the persistent and evolving nature of DDoS threats.” A pro-Palestinian hacktivist group known as?Dark Storm claimed responsibility for attack on X.com, which caused major outages on the platform over the course of 48 hours. But that claim has not been verified. Lax security Ian Thornton-Trump, a well-respected security expert and current CISO for the Inversion6, blamed lax security standards at X.com for the breach. He pointed out that the section of the X.com servers the was hit was not covered by their Cloudflare subscription. Cloudflare is primarily a third-party service that provides a robust protection against DDoS attacks. The rise of these services helped drive the popularity of the attacks down over the past few years, but an organization still has to turn on the protection as they implement new data services. X apparently did not do that. https://lnkd.in/e3qeQZtV

Cybersecurity in Space Systems: A Growing Imperative - Space systems have become an indispensable component of modern infrastructure, supporting global communications, navigation, defense, and scientific exploration. Cybersecurity, once an afterthought in space mission design, is now a critical priority. https://lnkd.in/evQbA64D

International Women’s Day: Why we still need to push for gender equality - For this year's International Women's Day, considering what's going on in the world, it’s more important than ever to reflect on gender equality in the workplace. The theme for this year is "Accelerate Action," focusing on hastening the progress toward equality for women. https://lnkd.in/e24PBCb3

International Women’s day: Interview with Microsoft Europe’s Chief Security advisor, Sarah Armstrong-Smith - We recently sat down with Sarah Armstrong-Smith, Microsoft Europe’s Chief Security advisor and advocate for female representation in STEM subjects.more https://lnkd.in/emt-WpvY

Scam bucket: Tech support fraud - Dealing with wonky printers is a universal frustration. According to Gartner studies, printers are by far the biggest technology problem, racking up 50 percent of all technical support calls worldwide. And that makes them a very profitable scam.? Here’s how it works. You’re sitting at home and want to print out a bill, letter, or other document and the printer hangs up. The little wheel is just spinning and spinning. After multiple tries you decide to call tech support to fix the problem. After 2 hours of sitting listening to the same song, interrupted by the recorded voice telling you your “call is important,” you start surfing for some sort of help. Your results show three or four sites for printer support and a free chat service. You click one of them, still waiting on your phone for help, and immediately get someone in the chatbot who is very helpful and asks if they can be connected to your computer to see what the problem is. In the hope of being freed from frustration you click on a link and suddenly your “savior” is moving around your computer downloading “the latest printer driver.” It is only much later that you find he has found your banking information and has sucked your account dry. https://lnkd.in/eMnADWkb

Phishing grows but can be blunted - Phishing attacks are on the rise again with the help of sophisticated generative-AI tools. However, new defenses and increased wariness among potential victims are blunting phishing’s potential for widespread harm. For the uninitiated, phishing is a foundational practice for all cybercrime. For the most part, it is a scatter-gun methodology, sending out as many emails, texts, social media posts, and even phone calls as possible to get victims to give up personal information or access sensitive files. There are billions of phishing attacks going on around the world every year. According to FBI reports, the latest report shows losses inmore https://lnkd.in/eEsC7hft

Beyond the Wall: Why Data-Centric Security is the New Foundation of Enterprise Protection - Picture a fortress with impenetrable walls protecting valuable assets inside. For decades, organisations built digital security following this ancient model – constructing firewalls and intrusion detection systems around a trusted internal network. But business has fundamentally changed. Remote work, cloud services, and digital partnerships have blown holes through these walls, creating countless paths for data to flow beyond traditional boundaries. https://lnkd.in/e6r6ei6t

Multi-factor authentication (MFA) technologies are under significant pressure from threat actors, who are using highly sophisticated – and successful – strategies to circumvent what was once considered to be effective protection. Our Cyber Security Assurance Technical Director Andy Swift shares with Cyber Protection Magazine what you can do about it: https://hubs.la/Q037Z23W0

Cyberattack’s Origin: Rapid Detection Steps - Discovering a cyberattack requires combining people, processes, and technology. A proper detection system is needed to sound the alarm, but people with the right skills must react to the emergency. https://lnkd.in/e-7Xfd7R