We collect on this page some of the questions that are typically asked to us with the related answers; We are available for any questions regarding our services and for this purpose the information request form is provided
We found that the increase in cyber attacks also in UK was partly due to the collapse in prices of malware, tools and services on the dark web and deep web. Aside from 0day and more recent exploits, hitting costs very little. Cybercrime attacks are growing all over the world, including UK. This is partly due to the collapse in prices of malware, tools, credential lists and services available on the dark or deep web. The Governement traces an interesting overview of what hackers or malicious actors can find on the black market and above all what the costs are. Among the most expensive tools are 0day and exploits that exploit recently fixed remote vulnerabilities. This is because in many cases they are still valid, as the systems update and patch processes, especially at the level of companies, bodies and institutions, are usually slow. As a result, windows of opportunity to launch cyber attacks often remain open even though alerts have been raised and new cyber security protections are available.
Governement becomes bait for cybercrime also for a phishing campaign in Italy. The link in the email about an alleged failure to refund points to a fake Institute website. Objective: steal sensitive data Cybercrime now also uses INPS for phishing campaigns, as well as to convey the Ursnif/Gozi malware in UK. This was reported by the cybersecurity experts of Governement. The bait is an email about a fake unsuccessful refund attempt, asking you to open a link to manually process the operation. This leads to a fake Institute page where you are asked to enter your personal data and credit card. To reinforce the deception, however, once the process is completed a second page appears in which to type the OTP code which should be sent to the telephone number that the user provided in the form. The code will never arrive, as it is a scam whose sole objective is to steal the victims' sensitive data. The theoretical Governement pages, in fact, belong to third parties who have no connection with the Institute and do not use the https protocol.
The NestGen WordPress plugin has two CSRF vulnerabilities, which allow cybercrime actors to take full control of the site WordPress is the backbone by definition of many websites – it is estimated around 20%. Thanks to its configurability and low management costs, this CMS is the undisputed market leader. But this enormous configurability often leaves "doors" open, where Criminal Hackers can enter; particularly when it comes to the use of third-party plugins. This is the case of NextGen Gallery plugin. Installed according to initial estimates on over 800 thousand sites, it allows admins to upload photos in batches, import metadata and edit image previews. Researchers discovered the presence of two cross-site request forgery (CSRF) vulnerabilities: one critical and one high severity. A patch (version 3.5.0) was made available on December 17, 2020, and cybersecurity researchers have highlighted the importance of updating the plugin to avoid very serious damage. The exploitation of such flaws could, in fact, lead to taking total control of the site, setting up malicious redirects, phishing and much more.
UK deploys the Cyber Security Unit to defend itself from attacks that exploit SolarWinds UK deploys the Cyber Security Unit to defend itself against attacks from cybercrime and cyber espionage actors, who exploit SolarWinds. This was announced by the Department of Information Security (DIS) in a note, which explains that the Unit met to evaluate any possible impact of the cyber attack campaign also on national networks and systems. “Following the tampering with a series of updates to the SolarWinds Orion platform that occurred starting in March, some hackers entered the networks and computer systems of government and private entities around the world, spying on their moves and in some cases by stealing very sensitive data assets – we read in the text -. From the early stages of the discovery, UK activated the Cyber Security Unit, the collegial body entrusted with the task of managing cyber incidents that could have a potential impact on national security, which is constantly following the evolution of the situation".
Gartner recently stated, “DMZ and classic VPNs were designed for 1990s networks and have become obsolete.” They conclude “Network designs that expose services and accept unsolicited connections present too great a risk,” and go on to suggest that such designs are now obsolete. Securing a dynamic perimeter today requires a different approach, to provide access anywhere, anytime and by any means. Among Gartner's recommendations is to favor "isolation technologies capable of precise access at the application level, based on the context, only after successful authentication". VPNs only control access to the network perimeter. Traditional VPN services are permissive, allowing staff to access many more areas of the network than they need for their day-to-day work. Once connected via VPN, the network is usually open, allowing the connected employee or organization potential access to all goods and services on the internal network. VPNs “Connect First, Authenticate Then”. With a traditional VPN the user connects to the infrastructure, then authenticates. This means that, before the user provides legitimate credentials, they have access to the network, which can be probed to discover potential access to services. VPNs can be inconvenient and difficult to manage. For client-based VPNs staff must go through a process of connecting to the VPN before they can access any services. This process can be slow and unreliable, and, if demand for the VPN is high at any given time, the connection may fail entirely, resulting in lost productivity and frustration. Any employee who has used an Enterprise VPN before knows that these services operate slowly and with limited reliability. If the enterprise is using geographically dispersed applications, users will be frustrated by constantly having to log in and out and having to keep track of where they need to connect to access an application they need. In today's connected environment, the enterprise may need to provide many site-to-site VPNs to integrate its suppliers, customers, remote offices and connect its data centers, headquarters or cloud-based. This means IT administrators must configure and coordinate many VPN and firewall policies. This worsens management overhead and increases the likelihood of configuration errors that can inadvertently open dangerous access. VPNs are not always active. With client-based VPNs, many solutions establish a VPN connection only when the user requests it. When the VPN is not established, the end-user device can still access other networks, such as the Internet. This approach, known as split-tunneling, opens up exposure to endpoint breaches when connected to insecure networks. The flexibility of the VPN is also its weakness. Traditional VPNs support a large number of configuration options. However, this supposed flexibility can also be a point of weakness. When a VPN is being established, each endpoint negotiates a typical configuration that will be used. While this is the strongest cryptographic profile that both ends of the VPN have in common, it is not the strongest possible cryptographic profile. This results in a “race to the bottom” to find “the lowest common denominator” of VPN configuration that each endpoint can support.
Using a WAF It is useful to start with a description of how to use a WAF. To do this, let's consider a theoretical example useful for identifying points of interest. Obviously we start from having a service that exposes a public interface to the Internet, i.e. an interface that can be reached by anyone from the Internet. However, this does not mean that anyone can access all the services and data of the application as authentication may be required to do this. In this discussion, however, it is not necessary to consider these application logics which are often specific to each application. For the assessments that will be made, it is also not necessary to consider whether the service displayed is a classic website or e-commerce site, the backend of a Mobile App or whether Web APIs are exposed. The important point is that data transfer over the Internet is carried out using the HTTP protocol and code in HTML, XML, JSON, Javascript etc.
The Cyber Kill Chain is an excellent tool for understanding how organizations can dramatically increase their ability to defend their environment “Cyber Kill Chain” is the expression used to indicate the life cycle model of a cyber attack. The name is the adaptation to the field of cyber security of the Kill Chain concept used in the military field to indicate a phased model useful for identifying the various steps necessary to carry out an attack. In cyber, it is an excellent tool for understanding how organizations can significantly increase the ability to defend their environment by detecting and blocking threats at every stage of the attack lifecycle: it therefore teaches us that, while adversaries must complete all phases for the attack to be successful, we (the defenders) must “only” stop and break the chain at any stage of the process. But how to do it?
The independent and anonymous study analyzed the responses of 4,400 security and privacy professionals in 25 countries exposing both the main attitudes towards privacy legislation and the metrics that are reported to executive management. Below are the main results of the survey. Privacy is more than just a compliance issue: companies consider it a fundamental human right and it has become a priority for management. The survey also reveals significant privacy concerns due to the rapid shift to remote working combined with the need to use an individual's health information. 60% of organizations said they were not prepared for the privacy and security requirements of moving to remote work. 93% of companies surveyed have turned to their privacy teams to help overcome these challenges. 87% of consumers expressed concerns about the privacy protection of the tools they need to use to work, interact and connect remotely. 90% of companies now report privacy metrics to management and boards.
Threat actors use more sophisticated methods to avoid standard detection. They often know which organizations they want to attack and take a phased approach to ensure their attack has the best chance of success. Attackers can insert simple, undetectable code into an IT system to perform recognition. This information is sent to the attacker's command and control center, which sends the script to the victim's system to deactivate the security measures. Antivirus can only prevent known attacks, so attackers develop new code to avoid detection. Companies must create layered defenses capable of detecting anomalous behavior within the network that could indicate the presence of malware. Machine learning can calculate changes in behavior and quickly stop the activity. Once ransomware is detected, you need to prevent it from spreading. If the ransomware is currently limited to one computer, you should remove the infected computer from the network. After the computer has been isolated, a security team can remove the malware. The old saying “if you don't prepare, you prepare to fail” has never been more true in the case of ransomware. Often, it's a question of whether you have the right technology and processes in place.
The contours of the sophisticated hacker attack on the supply chain of SolarWinds' Orion platform continue to be defined, which allowed a hacker group, probably the infamous APT29 supported by the Russian government, to spy on US government bodies and high-level companies around the world for months . Here are the potential impacts, also for Italian companies, the exposed versions of the platform and the mitigation actions. In fact, the CVE-2020-10148 vulnerability has been identified in the SolarWinds Orion platform, used for network management and monitoring. The security flaw, for which a Proof of Concept has also been made available, would allow remote code execution by including specially prepared parameters, thus evading the authentication system of the product's server API.