Tag: hackers

Weekly News: A crypto-worm is stealing AWS credentials

Post author By Mindquest
Post date 21st August 2020
No Comments on Weekly News: A crypto-worm is stealing AWS credentials

Researchers have discovered what they believe to be the first-ever crypto-mining worm that also manages to steal AWS credentials.

Crypto-mining worms have been around for a while, stealthily infiltrating a network and using its computing power to mine cryptocurrency. This new worm is actually not even that good at it, having only made a mere $300 in profits.

However, the attackers, who go by the name TeamTNT, have managed to incorporate the credential-stealing feature into their code. The researchers believe the attackers have recycled this functionality from a previous worm that targetted Alibaba’s cloud.

This points to an emerging trend of copy-and-paste, opening the door for future malware to replicate TeamTNT’s code and go onto steal AWS credentials and compromise cloud ecosystems.

Fired for skipping the firewall

A whopping four out of ten businesses in the UK admit having dismissed employees for breaching the company’s security protocols. That’s according to a new survey by Centrify, a privileged access management solutions provider.

Most incidents were related to work-from-home scenarios, as a large proportion of employees tends to circumvent safety measures in favour of comfort or portability.

As a result, 65% of companies have made important changes to their cybersecurity policy. Shadow IT was already a huge problem before the workforce transitioned to remote work. Now it’s become even more difficult to ensure that employees don’t use personal devices to access company networks and files.

Well, just keep in mind that you could get fired for it.

Tags AWS, crypto-mining, crypto-worm, cybersecurity, hackers, tech news

Press review Tech Magazine

Weekly News: Rise and Fall of a Hacking Empire

Post author By Mindquest
Post date 10th July 2020
No Comments on Weekly News: Rise and Fall of a Hacking Empire

Bringing to light an international hacking empire

More often than not, reality overcomes fiction. Why bother with whodunnit novels books when you can read newly-unsealed court documents?

An estimated $1.5 million in profits. Over 300 target companies across 44 countries. Under the moniker “Fxmsp,” a hacker made global headlines last year for stealing and selling source code and customer access to MacAfee, Symantec and Trend Micro.

More importantly, the hacker built backdoors into enterprise networks and then made them invisible to the system. He then sold these through Russian hacking groups for up to hundreds of thousands of dollars a piece.

Meet Andrey Turchin, a 37-year-old man from Kazakhstan whose name has just been made public by a U.S. court. He established a full-blown business almost overnight, even employing another reputed hacker as his sales manager.

Read the full story before Hollywood makes a movie out of it.

More on cybersecurity

Another week goes by, leaving us with new record-breaking cyber incident metrics.

British security provider Sophos published a comprehensive cloud security study, revealing that 70% of companies hosting data or workloads in the public cloud experienced a breach in the past year.

Businesses in the multi-cloud received almost twice as many attacks compared to those using a single cloud provider, highlighting why companies should be more worried about their cloud data.

On another note, be advised that there is a new kid on the block. A novel strain of ransomware called Conti can use 32 simultaneous CPU threads to encrypt your data.

The most in-demand IT pros

Remote work is here to stay, and that is re-shaping the IT talent needs of companies looking to remain competitive in this new reality.

Unsurprisingly, being knowledgeable in collaboration tools like Zoom or Teams comes in handy. So does expertise in cloud-based business suites like Microsoft 365 and G Suite.

Networking and infrastructure skills are also in high demand, as companies need to build stronger ecosystems that are able to withstand the surge in remote work and cyber attacks.

But general business acumen takes the spotlight in the post-COVID world. Here are the most sought-after business skills of the moment.

News from Microsoft

We got some updates from the Redmond-based company this week.

The wave 2 release plans for Dynamics 365 and the Power Platform are now available. Be sure to review all the upcoming changes and additions ahead of the October roll-out. Early access begins on August 3rd.

Also — Microsoft Teams will now present your team in a fake auditorium during video calls. It certainly looks strange, but apparently our brains process it better than the rectangular grid with everyone’s face on it.

Tags business skills, cybersecurity, hackers, IT news, Microsoft, tech news

DSI challenges IT Decision-makers

Finding security experts in the COVID-19 crisis: a major challenge for IT departments

Post author By Mindquest
Post date 30th March 2020
No Comments on Finding security experts in the COVID-19 crisis: a major challenge for IT departments

How to find the good security experts? About a third of the world’s population is estimated to be currently under confinement to stop the spread of the novel coronavirus. As a result, businesses across the globe are resorting to remote work to continue operations in those areas where that is possible. This is adding unprecedented amounts of stress to already understaffed IT departments.

CIOs and other IT leaders find themselves racing against the clock to adapt the whole company’s infrastructure to a work-from-home scenario while tackling their biggest concern: cybersecurity. And for good reason – threats are increasing exponentially.

But assembling the right security experts & security team is proving even more difficult than it usually is already.

Security threats give no quarter

Hackers are certainly not going to close shop because of a tiny microorganism. If anything, they are using it to their benefit. For instance; phishing emails; were already the most common form of attack experienced by organisations. But the past days have seen a great surge in attacks trying to lure employees into clicking on an email sent by “their boss” or containing virus-related information.

Among the most reprehensible of attacks are those being experienced by health and medical institutions. Not even the World Health Organisation was spared, targeted earlier last month by a false-domain attack aimed at stealing passwords from agency staffers. The situation is so dire that a group of 400 security experts from international giants like Microsoft and Amazon has volunteered to fight hacking tied to the coronavirus.

Yet that is not the main issue. The pressure being put on enterprise networks is quickly revealing system vulnerabilities. And especially for those companies least used to distributed work and that rely too much on local networks. In short, the soaring numbers of employees working from home are finally making most decision-makers aware of what IT leaders have been warning us for a while. The business world’s generalised lack of a comprehensive security policy and employee awareness training.

Although effective measures like VPNs have gained adoption in recent years, problems generated by shadow IT and BYOD remain largely unresolved. Many staffers will be accessing company resources through their personal devices and networks in the coming weeks. Multiplying exponentially the potential points of entry for attackers.

Experts are becoming even harder to find

In turn, this increase in cyberthreats is exacerbating the skill and personnel shortages the security sector was already experiencing. According to a recent study by ISC, the global security industry lacks more than 4 million security professionals. The world’s security workforce would need to grow 145% yearly just to meet the demand for skilled talent.

The shortage of skills impacts some of the most critical roles within IT security. Such as those related to identifying threats or patching and updating vulnerable systems. However, the deficit is more acute in areas tied to rapidly emerging or evolving technologies. For instance, and in this WFH crisis more than ever, security in multi-cloud environments is key. Unfortunately, few organisations have dedicated cloud security experts or proper encryption protocols for their data in the cloud.

Not surprisingly, the cost of security expertise has also become a problem as the lack of skilled talent drives wages up. And so the vicious circle goes.

Hire or outsource?

With everyone battling over the same security experts. Defining a solid talent strategy and identifying the right partners can make the difference; between a multi-million breach and your department’s success.

Regarding your talent strategy, you first need to decide whether you want to expand your team or rely on the temporary help of consultants. If you had been planning on bringing more people on board for some time, this might be the perfect time to create new permanent positions or fill vacant ones.

On the other hand, calling on a freelancer will most likely allow you to speed up the selection process and provide a quicker response to the crisis. Working with an independent contractor can also help you secure exactly the skills you need at a more competitive cost. As the freelance talent market tends to be more agile and flexible.

No matter which option you are leaning towards, don’t hesitate to seek the guidance and help of talent experts. Time is of the essence in the cybersecurity wars. Partnering up with the right IT staffing specialists will not only allow you to access the best talent; it will help you secure it before another company closes the deal.

Need Extra IT Support? Avoid Mistakes When Hiring Tech Freelancers

Join our community and find your next job or expert in IT

Tags COVID-19. coronavirus, cybersecurity, hackers, it recruiters, remote work, security, security experts