Mergers and acquisitions. Noteworthy US Federal contracts. Investments and exits. Executive moves. Company news. Labor markets. Read More
The CyberWire
The all in one place for non-profit security aid.
Mergers and acquisitions. Noteworthy US Federal contracts. Investments and exits. Executive moves. Company news. Labor markets. Read More
The CyberWire
Researchers Uncover New technique to Detect Malicious Websites
The internet domains serve as a launchpad for threat actors to launch several cyber attacks. By exploiting the internet domains as a launchpad platform, threat actors can perform the following activities on Malicious Websites:-
Distribute malware
Facilitate command and control (C&C) communications
Host scam
Perform phishing attacks
Perform cybersquatting
Detecting malicious domains is an ongoing challenge, and in this scenario, MDD (Malicious Domain Detection) plays a key role, as it helps in identifying the domains that are linked to cyberattacks.
The following cybersecurity researchers from the New Jersey Institute of Technology Qatar Computing Research Institute (QCRI), and Hamad Bin Khalifa University (HBKU) have recently discovered a new technique to uncover the websites associated with cyber attacks:-
Mahmoud Nazzal
Issa Khalil
Abdallah Khreishah
NhatHai Phan
Yao Ma
In this case, the Graph neural networks (GNNs) is one of the most efficient approach to combat this. The GNN-based MDD uses DNS logs, creates a domain maliciousness graph (DMG), and trains a GNN to conclude the domain maliciousness from known data.
While the GNNs revolutionize graph data with neural layers, creating powerful node embeddings for diverse applications. The Heterogeneous graphs have varied nodes and edges, while in this scenario, the hetGNNs play a key role, as it enhances them for top performance.
Network schema of a heterogeneous DMG (Source – Arxiv)
Cybersecurity analysts defined the following key elements of the threat actors to characterize the complete threat model:-
Goals of the threat actors
Knowledge of the threat actors
Limits in evading MDD detection
Overview of the attack (Source – Arxiv)
To perform a successful attack against the GNN-based MDD models, the following requirements are needed:-
The adversary owns multiple domains.
Interconnected adversary domains for efficient evasion in bulk.
No Interference among adversary domains.
Here below, we have mentioned all the study limitations:-
Scarce MDD data
Patented GNNs
Missing defense options for hetGNNs
Simulated adversary models
No real subgraphs impact findings
However, cybersecurity researchers affirmed that future research can boost MDD’s defense with DNS logs and heterogeneity; it also helps counter the MintA’s stealth since it uniquely evades the detection of multiple adversary nodes.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Researchers Uncover New technique to Detect Malicious Websites appeared first on Cyber Security News.
Cyber Security News
IBM Acquiring HashiCorp for $6.4 Billion
[[{“value”:”
IBM is acquiring HashiCorp for $6.4 billion for its infrastructure lifecycle management and security lifecycle management capabilities.
The post IBM Acquiring HashiCorp for $6.4 Billion appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
8-Point Security Checklist For Your Storage & Backups – 2024
On September 27th, Johnson Controls International announced a massive ransomware attack, that encrypted many of the company devices, including VMware ESXi servers. This impacted the company’s and its subsidiaries’ operations.
The company serves clients in the government, healthcare, and naval sectors, and they believe sensitive Department of Homeland Security (DHS) information may have been compromised in this attack.
What was unique about this incident was the ransom note sent by Dark Angels, the ransomware group, which included the following details: “Files are encrypted. Backups are deleted”.
While this isn’t the first time ransomware groups have successfully breached their victim’s backup environments (See recent News Headlines) it is one of most publicized attacks.
Document
Protect Your Storage With SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
A ransomware attack is a horrible time to discover that your backups are not secure, so to help, here’s an 8-point checklist to determine whether your backups are sufficiently secured, and whether data is fully protected by start your assessment.
Do your security incident-response plans include cyberattacks on your backups? If so, what’s included:
Recovery from a complete wipe of a storage array
Recovery from a complete corruption of the SAN fabric configuration
Recovery from ransomware
Is there a complete inventory of your storage and backup devices, that includes the current security status for each one?
All backups, archive environments, storage arrays (block, file, object), and SAN switches
Storage software versions (storage OS, firmware deployed), and, in particular: patching status, known CVEs, and actual resolution status
What is backed up? Where? How?
Which storage & backup protocols are allowed? Are all obsolete and insecure protocols disabled
Is there comprehensive and secure event logging and auditing of your backups?
Including: central log services, redundant and tamper-proof records, and redundant and reliable time service
Are you able to audit the configuration changes?
e.g., what changed and when – in device configuration, storage mapping, and access control?
Is there a well-documented, and enforced separation of duties for your backups?
e.g., separate admins for storage, backup, and disaster recover in each environment
Are all storage and backup administrative-access mechanisms documented?
e.g., which APIs are open, how many central storage management systems can control each storage device, and are there any servers or OS instances that can control storage
Are existing mechanisms for ransomware protection, air-gapping, and copy-locking used?
Is there an audit process to verify they are correctly deployed at all times?
Is the security of your backups regularly audited?
Does this audit process include: SAN communication devices, storage arrays (block, file, object), server-based SAN, and backup?
Take the 2-minute Cyber Resiliency Assessment for Backups, and get your own maturity score and practical recommendations – to help protect your data, and ensure recoverability.
The post 8-Point Security Checklist For Your Storage & Backups – 2024 appeared first on Cyber Security News.
Cyber Security News