iNews - Around The World This Week

Date – 24th December, 2017

1)     Russia's Fancy Bear APT Group Gets More Dangerous – Fancy Bear, the Russian advanced persistent threat group associated with the infamous intrusion at the Democratic National Committee last year among numerous other break-ins, may have become just a little bit more dangerous. Encryption and code refreshes to group's main attack tool have made it stealthier and harder to stop, ESET says. The fourth and latest version of the malware comes with new techniques for obfuscating strings and all run-time type information. The techniques, according to ESET, have significantly improved the malware's encryption abilities. The Fancy Bear/Sednit group also has upgraded some of the code used for command and control (C&C) purposes and added a new domain generation algorithm (DGA) feature for quickly creating fallback C&C domains. 2)     Cybersecurity: A priority area for the Indian Government - India’s rapid transition towards digital economy coupled with national projects like Digital India, Smart Cities, National Broadband Network and so on are altering the digital landscape rapidly with direct impact on governance, transparency, and accountability. With the drive towards a digital economy, a large amount of consumer and citizen data will be stored digitally, and many transactions will be carried out online, by individuals, companies, as well as government departments. This rapid change towards a digital environment has brought to fore the challenges of certain security risks and concerns, particularly to human and nation’s cybersecurity. 3)     Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence - A recent report from Grand View Research predicts that the cyber threat intelligence (CTI) market will reach $12.6 billion by 2025. This growth in demand isn't surprising when you consider the ongoing success of so many high-profile and extremely damaging attacks. This climate of increasingly sophisticated breaches has moved many organizations — particularly, those that handle and retain sensitive data — to upgrade their cybersecurity measures by adding CTI and incident forensics. CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber-attack. 4)     Fileless Malware Attacks Hit Milestone in 2017 - Fileless malware attacks using PowerShell or Windows Management Instrumentation (WMI) tools accounted for 52% of all attacks this year, beating out malware-based attacks for the first time, according to Carbon Black's 2017 Threat Report. Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows. Kryptik, Strictor, Nemucod, Emotet, and Skeeyah were the five top malware families this year, according to the report. And the top three industries hit this year by malware authors included finance, healthcare, and retail. 5)     Google Sheds Light on Data Encryption Practices - Google explains the details of how it secures information in the cloud and encrypts data in transit. Following a year of major cyberattacks and security threats, Google has published two whitepapers to explain how it secures data. One focuses on encryption of data in transit; the other on service-to-service communication using Application Layer Transport Security (ALTS). 6)     What's next for cybersecurity in 2018? - We live in a world that is networked together, where companies rely on networked systems and their data is stored in the cloud. The year 2018 will bring more connectivity, digital transformation initiatives, and data to companies, along with a number of new cybersecurity threats and landscape changes making cybersecurity one of the most crucial issues that need to be addressed in the present scenario. 7)     CROOKS SWITCH FROM RANSOMWARE TO CRYPTOCURRENCY MINING - Criminals behind the VenusLocker ransomware have switched to cryptocurrency mining in their latest campaign targeting computer users in South Korea. Instead of attempting to infect targeted computers with ransomware, the group is now trying to install malware on PCs that mines for Monero, an open-source cryptocurrency. Researchers said the shift by threat actors is also spurred by anti-ransomware mitigation efforts that have made infecting systems with malware harder. 8)     Digital Transformation Emboldens Cyber Adversaries—Can Cybersecurity Keep Up? - Businesses are accelerating their digital transformation, seeking to leverage their online presence to enrich products, deepen customer relationships, and boost their brand ecosystems. However, with this rapid growth comes difficulty. As organizations expand into digital channels, their digital footprint, i.e., all their external-facing assets including websites, email servers, social landing pages, and pages created outside proper protocol, also expands to potentially unmanageable proportions. 9)     The Internet of Things Is Going to Change Everything About Cybersecurity - Cybersecurity can cause organizational migraines. In 2016, breaches cost businesses nearly $4 billion and exposed an average of 24,000 records per incident. In 2017, the number of breaches is anticipated to rise by 36%. The constant drumbeat of threats and attacks is becoming so mainstream that businesses are expected to invest more than $93 billion in cyber defenses by 2018. Even Congress is acting more quickly to pass laws that will — hopefully — improve the situation. Despite increased spending and innovation in the cybersecurity market, there is every indication that the situation will only worsen. The number of unmanaged devices being introduced onto networks daily is increasing by orders of magnitude, with Gartner predicting there will be 20 billion in use by 2020. 10)  How AI is the Future of Cybersecurity - The frightening truth about increasingly common cyber-attacks is that most businesses and the cybersecurity industry itself is not prepared. Beyond the lack of preparedness on the business level, the cybersecurity workforce itself is also having an incredibly hard time keeping up with demand. By 2021, there are estimated to be an astounding 3.5 million unfilled cybersecurity positions worldwide.

Courtesy - Ivalue.