Tag: VPN

Posted on by

Perimeter security appliances source of most ransomware hits

Compromised or vulnerable perimeter security appliances and devices – especially virtual private networks (VPNs) – formed the initial access vector in over half of observed ransomware attacks during 2024, according to data released this week by cyber security insurance provider Coalition in its latest annual threat report, covering 2024.

US-based Coalition, which began offering its so-called Active Insurance policies in the UK back in 2022, said that cyber criminals compromised such appliances in 58% of claims with which it dealt during 2024, with the second most widespread access point being remote desktop products, blamed in 18% of claims.

“While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors’ ransomware playbook hasn’t evolved all that much – they’re still going after the same tried and true technologies with many of the same methods,” said Alok Ojha, head of security products at Coalition.

“This means that businesses can have a reliable playbook too, and should focus on mitigating the riskiest security issues first to reduce the likelihood of ransomware or another cyber attack. Continuous attack surface monitoring to detect these technologies and mitigate possible vulnerabilities could mean the difference between a threat and an incident.”

Unsurprisingly, the most commonly compromised products were all built by ‘household’ names in the industry, including the likes of Cisco, Fortinet, Microsoft, Palo Alto Networks and SonicWall. The most common initial access vectors (IAVs) were stolen credentials, used in 47% of such intrusions, and software exploits, seen in 29% of cases.

Coalition’s analysts warned that exposed logins were fast-emerging as an underappreciated and acute driver of ransomware risks. They claimed that the organisation detected more than five million remote management solutions and tens of thousands of login panels exposed on the public internet. It added that, according to its data, most applicants for cyber insurance (65%) had at least one internet-exposed web login panel, and securing these is a requirement for buying its products.

Out of these, the most commonly exposed admin login panels related to VPNs from Cisco and SonicWall, which between them accounted for over 19% of detected exposed panels, followed by Microsoft email services.

In 2024, Coalition also observed a significant number of exposed Citrix panels, which caused significant losses, including more than a billion dollars from the infamous Change Healthcare incident in the US, in which a ransomware gang used stolen Citrix credentials and exploited a lack of multifactor authentication to access the victim’s systems.

CVEs set to jump in 2025

As part of the set of services Coalition provides, it sends out zero-day alerts to its customers as and when new vulnerabilities are discovered, and constantly monitors for new vulnerabilities.

As such, its annual report also includes data on some of the more widespread common vulnerabilities and exposures (CVEs) it saw in 2024 – issues with Citrix, Fortinet, Ivanti and Palo Alto Networks prominent among them.

Looking ahead to 2025, Coalition’s analysts said the number of published vulnerabilities would likely increase to more than 45,000, a rate of nearly 4,000 every month, up 15% over the first 10 months of 2024.

This aligns closely with data released in February by the Forum of Incident Response and Security Teams (First), a non-profit, which suggested that CVE volumes may even top 50,000 this year.

A combination of new players in the CVE ecosystem, evolving disclosure compliance practices and a rapidly expanding attack surface are likely behind the growing number of vulnerabilities being reported on.

“This year’s report focuses on the most crucial security risks that under-resourced organisations should understand to better calibrate their defensive investments to bolster resilience,” said Daniel Woods, senior security researcher at Coalition.

“Calibration involves balancing security investment across vulnerabilities, misconfigurations and threat intelligence, while also responding to emerging threats, such as zero-day vulnerabilities exploited in the wild. That’s why Coalition issues Zero-Day Alerts to help businesses, especially SMEs with limited security resources, stay ahead of these vulnerabilities and reduce alert fatigue by prioritising those posing the greatest risk.”

Source

Posted on by

Top 10 cyber security stories of 2024

The year 2024 threw up another diverse crop of stories in the world of cyber security, with much to pay attention to, particularly in the realm of artificial intelligence (AI), which continued to dominate the headlines.

This year, we steer away from AI fear, uncertainty and doubt to focus on some of the other big issues, such as data privacy and protection, large scale breaches, and the tricky issues surrounding the security of widely used open source components.

There was also trouble at the mill for cyber security companies themselves, which often found themselves in the headlines, often after the privileged access afforded by their products and services was abused to attack their customers. Ivanti, Microsoft and Okta all make our top 10 this year – and we would be remiss not to mention CrowdStrike.

Here are Computer Weekly’s top 10 cyber security stories of 2024.

1. Leak of 26 billion records may prove to be ‘mother of all breaches’

At the end of January 2024, a data dump comprising 26 billion records and totalling more than 25GB in size was discovered by researchers. Dubbed the largest leak in history, and the “mother of all breaches”, the majority of the data related to Chinese social media platforms, but the likes of Adobe, Dropbox, LinkedIn, MyFitnessPal, Telegram and X were also included.

Much of the data appeared to have been compiled from various smaller leaks, likely a broker who intended to sell it on to others for use in identity theft, phishing attacks and account takeovers.

2. Okta doubles down on cyber in wake of high-profile breaches

In February, identity and access management (IAM) provider Okta announced plans to double its investment in security over the next 12 months and launched a Secure Identity Commitment. This came in the wake of the exploitation of its products and services during a series of cyber attacks during 2023, and earlier.

The company’s leadership said that as a security leader it recognised it needed to work a lot harder to stop ne’er-do-wells from taking advantage of the identity data its customers entrust to it.

3. Widespread Ivanti vulnerabilities make waves

Another cyber company was in the news at the start of 2024, Ivanti, a specialist in asset, identity and supply chain management found a series of vulnerabilities in its Policy Secure network access control (NAC), Ivanti Connect Secure secure socket layer virtual private network (SSL VPN), and Ivanti Neurons for zero-trust access (ZTA) products caused concern at organisations worldwide after being exploited by a threat actor.

The three vulnerabilities in question enabled attackers to access privileged data and obtain elevated access rights on their victims’ systems.

4. Open source alert over intentionally placed backdoor

In April, users of the open source XZ Utils data compression library narrowly avoided falling victim to a major supply chain attack, after evidence of an apparently intentionally placed backdoor in the code was revealed. The malicious code, embedded in versions 5.6.0 and 5.6.1 of the library, enabled unauthorised access to affected Linux distributions.

It later emerged that the dodgy code was placed there by a malicious actor who intentionally worked hard over a long period to gain the trust of the projects’ developers. The security of widely used open source components was to be one of the big themes of the year.

5. Microsoft beefs up cyber initiative after hard-hitting US report

In May, Microsoft doubled down on its Secure Future Initiative (SFI), expanding the programme – which set out to address the software and vulnerability issues frequently exploited by threat actors – in the wake of a damning US government Cyber Safety Review Board (CSRB) report.

Redmond said the rapid evolution of the threat landscape underscored the severity of the threats that face both its own operations and those of its customers, and admitted that given its central role in the world’s IT ecosystem, it had a “critical responsibility” to earn and maintain trust.

6. CrowdStrike update causes worldwide chaos

The biggest IT story of 2024 – arguably – was not strictly speaking a security incident, but appears here since it originated at a security company. On 19 July, IT pros all over the UK and beyond awoke to a fast spreading IT outage downing key systems, originating at cyber firm CrowdStrike after it pushed a flawed rapid response update to key threat detection sensors that caused Windows computers to enter a so-called boot loop.

The extensive disruption caused no major security incidents at the time, but the ramifications continue to this day, with CrowdStrike execs facing legal repercussions and even being called to account for the incident in front of politicians. As with the XZ Utils scare a couple of months previously, the CrowdStrike incident shows again the importance of paying close attention to one’s code.

7. Campaigners call for evidence to reform UK cyber laws

Those who have been following the CyberUp campaign for legal reform over the past few years will know well the difficulties the group has had in convincing Britain’s politicians that the time has come to reform the outdated Computer Misuse Act of 1990, which – thanks to archaic wording in regard to the offence of “unauthorised” access to a computer – puts security professionals in the UK at risk of prosecution simply for doing their jobs.

With Keir Starmer moving into 10 Downing Street, the campaign team seized the opportunity to launch a fresh call for evidence and views during the summer, saying that about a third of UK security firms had experienced monetary losses due to the law, putting at risk £3bn of the sector’s £10.5bn annual contribution to the economy.

8. NCSC celebrates eight years as Horne blows in

In eighth place on the Computer Weekly list, the National Cyber Security Centre celebrated its eighth birthday this year, although its new leader, Richard Horne, who took up the post in October, is only the organisation’s third official CEO.

Eight years may not be a particularly long time – the Brexit referendum was eight years ago – but the cyber security landscape has changed radically in that time, and looking ahead, as the interdependency between security and intelligence would become more critical, and the risks and opportunities of new technologies and more sophisticated threats increase, the NCSC’s work to get better at addressing the security of those technologies and how to use them to the UK’s advantage continues.

 9. Zero-day exploits increasingly sought out by attackers

In November, the NCSC and its US equivalent, CISA, published new annual data revealing that of the 15 most exploited vulnerabilities of 2023, the majority were zero-days compared with less than half in 2022. The trend has continued through 2024, and the NCSC warned that defenders need to dramatically up their game when it comes to vulnerability management and patching.

Among some of the most heavily exploited CVEs were some that are now widely known, including infamous issues in Progress Software’s MOVEit Transfer, Log4Shell and Citrix, many of them dating back years.

10. US TikTok ban imminent after appeal fails

At the end of 2024 came the news that TikTok is likely to be banned in the US in mere weeks after a Washington DC appeal court rejected representations from the China-owned social media platform, which claimed its First Amendment rights were being violated.

Legitimate concerns about the firm’s data protection and privacy practices – and the possibility that the data TikTok holds may be exploited by the Chinese government – lie at the core of the potential ban which would have global ramifications and impact millions of users, influencers and businesses alike.

Somewhat ironically, given he once tried to ban it himself, the platform’s best hope for a reprieve may now lie with president-elect Donald Trump, who will undoubtedly be an impactful force in the cyber security world in 2025.

Source

Posted on by

Norton VPN Plus is so much more than just a VPN, and it’s 54% off

This is a sponsored article. All content and opinions expressed within belong to the author.

There was a time not long ago when you could install basic antivirus software on your PC and then rest assured that you’d be protected. In 2024, however, that’s no longer the case. Sure, you still need antivirus software to protect your computer from viruses and malware. But antivirus is just one part of a much bigger equation.

If you want to ensure that you and your family are fully protected from online threats, you should also be using a VPN. If you’re a savvy user, you probably already know that. What you might not realize, though, is that one of the best VPN services out there comes from the same trusted company you might already be using for antivirus software. It’s called Norton VPN Plus, and we’re going to tell you all about what sets it apart from other VPNs.

For those unaware, VPN stands for “Virtual Private Network.” We don’t need to get too deep in the weeds here, but it’s important to understand what a VPN does.

A VPN service connects your computer, smartphone, or tablet to an intermediate secure server that acts as a go-between for everything you do online. Instead of transferring data directly from the sites you visit, everything passes through the VPN server first. Here’s the most important bit: All of the data that is transferred between your device and the VPN server is fully encrypted.

Tech. Entertainment. Science. Your inbox.

Sign up for the most interesting tech & entertainment news out there.

By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.

What does that mean in practice? It means that your privacy is protected because it’s much more difficult or even impossible to track what you do online. As an added bonus, it means you can often get around regional restrictions by connecting to a VPN server in a different country.

Many of our readers likely already knew all that. But what you may not be fully aware of is that not all VPNs are created equal. Our favorite VPN service here at BGR is Norton VPN Plus, and there are several key reasons why that’s the case.

Norton VPN Plus isn’t just a VPN

First and foremost, Norton’s VPN service is outstanding.

You get lightning-fast data connections with an average data transfer rate of more than 300 Mbps. That’s probably an order of magnitude faster than it needs to be for 99% of what you do online. To put that speed in perspective, you need an average of about 5 Mbps to stream Full HD 1080p video, and between 15 Mbps and 25 Mbps to stream Ultra HD 4K video.

Also important is how secure Norton VPN Plus is. It goes without saying that Norton is a leading cybersecurity company, and it has one of the most robust and secure VPN networks in the world. Also, you and your entire family are all covered. Norton VPN Plus includes protection for up to 5 computers, smartphones, and tablets, while Norton VPN Ultimate covers up to 10 devices.

On top of all that, it’s crucial to keep in mind that Norton VPN Plus isn’t just a VPN service — it’s so much more.

In addition to VPN, you also get:

  • Full-ledged antivirus, including Norton’s 100% Virus Protection Promise
  • Block scams, malware, and hacking
  • Password manager to create, store, and share passwords between your devices
  • Block annoying targeted ads
  • Dark web monitoring so you’re notified if your info is leaked
  • 10GB of secure cloud storage for your Windows PC files (or 50GB with Norton VPN Ultimate)
  • Parental controls, screentime limits, unfit content blocking, and the ability to pinpoint your children’s Android/iOS device locations (Ultimate plan only)

With all that in mind, it seems crazy to pick a different VPN service when Norton VPN Plus offers all these services. Plus, they’re all backed by one of the top cybersecurity brands on the planet.

Save over 50%

If you’re reading all this and you get the feeling that Norton VPN Plus might be cost-prohibitive, prepare to be pleasantly surprised.

Norton is offering a first-year discount that slashes 54% off your first year of Norton VPN Plus. That means you’ll pay just $49.99, which works out to $4.17 per month. How crazy is that?!

Or, if you want the best of the best, Norton VPN Ultimate is currently 53% off at $59.99 for the first year. That works out to $5 per month for a comprehensive online security suite with everything you need to keep you and your family safe.

Norton VPN Plus is worth every penny and more at its full price. With these deals, you’d have to be nuts to pass it up.

Source