News Feed

The Paramount Importance of Strong Passwords and Credential Hygiene

~ Reporter ~ Leave a comment

“This World Password Day is a timely reminder that strong passwords are more than just a best practice, they are critical to safeguarding our personal and professional digital lives. In a world where our data is stored, processed, and accessed online, the strength and security of our credentials can determine whether we remain protected or become vulnerable to cyber threats.

Strong passwords serve as the frontline defence against unauthorised access. They protect not only emails and personal files, but also critical infrastructure, cloud platforms, and autonomous systems that run in the background, such as service accounts, APIs, and automated workflows. As these digital agents increasingly interact without human oversight, securing their credentials becomes just as vital as protecting user logins.

Using complex, unique passwords—blending uppercase and lowercase letters, numbers, and symbols—significantly reduces the risk of brute-force attacks. However, password strength alone is not enough. Each credential should be unique and managed carefully, especially for software accounts with elevated privileges or persistent access.

Weak password practices can lead to devastating consequences: data breaches, identity theft, financial loss, and reputational harm. For organisations, compromised credentials—especially those tied to automation or backend systems can trigger widespread service disruptions, intellectual property theft, and costly compliance violations.

Organisations must adopt a layered approach to password security to combat these risks. This includes implementing multi-factor authentication (MFA), enforcing password complexity and rotation policies, and using secure credential management solutions to protect both human and machine accounts. Regular security training, audits, and awareness campaigns ensure that employees understand the stakes and uphold best practices.

Ultimately, securing our digital world means protecting every entry point—human or machine—with diligence and care.”

 

The post The Paramount Importance of Strong Passwords and Credential Hygiene first appeared on Cybersecurity Insiders.

The post The Paramount Importance of Strong Passwords and Credential Hygiene appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/Q6PIwj9
via IFTTT

Amazon Q Developer elevates the IDE experience with new agentic coding experience

~ Reporter ~ Leave a comment

Today, Amazon Q Developer introduces a new, interactive, agentic coding experience that is now available in the integrated development environments (IDE) for Visual Studio Code. This experience brings interactive coding capabilities, building upon existing prompt-based features. You now have a natural, real-time collaborative partner working alongside you while writing code, creating documentation, running tests, and reviewing changes.

Amazon Q Developer transforms how you write and maintain code by providing transparent reasoning for its suggestions and giving you the choice between automated modifications or step-by-step confirmation of changes. As a daily user of Amazon Q Developer command line interface (CLI) agent, I’ve experienced firsthand how Amazon Q Developer chat interface makes software development a more efficient and intuitive process. Having an AI-powered assistant only a q chat away in CLI has streamlined my daily development workflow, enhancing the coding process.

The new agentic coding experience in Amazon Q Developer in the IDE seamlessly interacts with your local development environment. You can read and write files directly, execute bash commands, and engage in natural conversations about your code. Amazon Q Developer comprehends your codebase context and helps complete complex tasks through natural dialog, maintaining your workflow momentum while increasing development speed.

Let’s see it in action
To begin using Amazon Q Developer for the first time, follow the steps in the Getting Started with Amazon Q Developer guide to access Amazon Q Developer. When using Amazon Q Developer, you can choose between Amazon Q Developer Pro, a paid subscription service, or Amazon Q Developer Free tier with AWS Builder ID user authentication.

For existing users, update to the new version. Refer to Using Amazon Q Developer in the IDE for activation instructions.

To start, I select the Amazon Q icon in my IDE to open the chat interface. For this demonstration, I’ll create a web application that transforms Jupiter notebooks from the Amazon Nova sample repository into interactive applications.

I send the following prompt: In a new folder, create a web application for video and image generation that uses the notebooks from multimodal-generation/workshop-sample as examples to create the applications. Adapt the code in the notebooks to interact with models. Use existing model IDs

Amazon Q Developer then examines the files: the README file, notebooks, notes, and everything that is in the folder where the conversation is positioned. In our case it’s at the root of the repository.

After completing the repository analysis, Amazon Q Developer initiates the application creation process. Following the prompt requirements, it requests permission to execute the bash command for creating necessary folders and files.

With the folder structure in place, Amazon Q Developer proceeds to build the complete web application.

In a few minutes, the application is complete. Amazon Q Developer provides the application structure and deployment instructions, which can be converted into a README file upon request in the chat.

During my initial attempt to run the application, I encountered an error. I described it in Spanish using Amazon Q chat.

Amazon Q Developer responded in Spanish and gave me the solutions and code modifications in Spanish! I loved it!

After implementing the suggested fixes, the application ran successfully. Now I can create, modify, and analyze images and videos using Amazon Nova through this newly created interface.

The preceding images showcase my application’s output capabilities. Because I asked to modify the video generation code in Spanish, it gave me the message in Spanish.

Things to know
Chatting in natural languages – Amazon Q Developer IDE supports many languages, including English, Mandarin, French, German, Italian, Japanese, Spanish, Korean, Hindi, and Portuguese. For detailed information, visit the Amazon Q Developer User Guide page.

Collaboration and understanding – The system examines your repository structure, files, and documentation while giving you the flexibility to interact seamlessly through natural dialog with your local development environment. This deep comprehension allows for more accurate and contextual assistance during development tasks.

Control and transparency – Amazon Q Developer provides continuous status updates as it works through tasks and lets you choose between automated code modifications or step-by-step review, giving you complete control over the development process.

Availability – Amazon Q Developer interactive, agentic coding experience is now available in the IDE for Visual Studio Code.

Pricing – Amazon Q Developer agentic chat is available in the IDE at no additional cost to both Amazon Q Developer Pro Tier and Amazon Q Developer Free tier users. For detailed pricing information, visit the Amazon Q Developer pricing page.

To learn more about getting started visit the Amazon Q Developer product web page.

— Eli

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/xUWYh8w
via IFTTT

Quantum computer threat spurring quiet overhaul of internet security

~ Reporter ~ Leave a comment

SAN FRANCISCO — Cryptography experts say the race to fend off future quantum-computer attacks has entered a decisive but measured phase, with companies quietly replacing the internet plumbing that the majority of the industry once considered unbreakable.

Speaking at Cloudflare’s Trust Forward Summit on Wednesday, encryption leaders at IBM Research, Amazon Web Services and Cloudflare outlined how organizations are refitting cryptographic tools that safeguard online banking, medical data and government communications. The aim is to stay ahead of quantum machines that, once powerful enough, could decode the math protecting today’s digital traffic.

“Over the next five to 10 years you’re going to see a Cambrian explosion of different cryptographic systems,” said Wesley Evans, a product manager for Cloudflare’s research team, referring to an evolutionary period with a rapid diversification of animal life that occurred roughly 540 million years ago. 

“Whether it’s nationalized cryptography out of South Korea [or] new standards from [the National Institute of Standards and Technology], this is a time to think about not just, ‘how am I doing my post-quantum migration?’ but ‘how am I doing my whole crypto-agility platform?’ and ‘how am I thinking through my audits and inventory?’” he said. 

“Harvest-now, decrypt-later” attacks already target data that must remain secret for decades, panelists said. Adversaries are stealing data like encrypted medical records or defense contracts and storing it on cheap cloud servers in hopes of unlocking them once quantum code-breaking matures.

Cloudflare, which routes roughly 20% of global web traffic, said it has spent eight years weaving post-quantum algorithms into its backbone. The company now secures more than 40% of its daily HTTPS requests with so-called hybrid handshakes that combine traditional RSA keys and newer lattice-based methods.

Executives described the rollout as intentionally low-profile. “Trillions of requests per day are already running across Cloudflare’s network in a post-quantum secure manner,” Evans said. “We did it without users noticing a speed decrease, performance impact or incurring any additional cost.”

IBM researchers, who develop quantum hardware as well as defensive tools, cautioned that this change could possibly take a decade before it’s the norm. 

“Moving to a new generation of cryptography, quantum-safe or otherwise, will take us roughly seven to 10 years, maybe longer,” said John Buselli, a business development executive and offering manager for IBM Quantum Safe, additionally pointing out that relics of older code, such as SHA-1, linger long after formal retirement.

NIST is finalizing a first batch of post-quantum algorithms, including the key-encapsulation mechanism known as ML-KEM. Cloudflare and browser makers have already adopted preliminary versions while awaiting NIST’s final parameters. Developers also wrap new keys inside legacy RSA exchanges to guard against unforeseen side-channel flaws.

Beyond mathematics, panelists emphasized logistics. Enterprises must inventory where encryption lives, from custom apps to vendor appliances, then gauge how quickly each layer can swap libraries. Much of that code is “black box,” owned by suppliers that set their own schedules.

“The rate of change is going to be determined by the least agile piece of infrastructure you have,” Buselli said, likening the process to mapping out all the connections in an infrastructure upgrade instead of addressing just a single security issue.

The panel also urged companies to fold cryptography into broader modernization budgets. Boards may balk at paying solely for an invisible security upgrade, they said, but will authorize spending tied to performance gains such as those seen with the newest TLS 1.3 protocol.

No panelist offered a firm deadline for full retirement of RSA and elliptic-curve keys. Instead they described “a long journey” marked by quiet iterations and cooperative testing across browsers, servers and chipmakers.

“Cryptography is a multi-party game,” Evans said. “You’ve got to work with everybody to make sure it’s secure for everyone.”

The post Quantum computer threat spurring quiet overhaul of internet security appeared first on CyberScoop.

from CyberScoop https://ift.tt/VdihU2J
via IFTTT

Context-Driven Security: Bridging the Gap Between Proactive and Reactive Defense.

~ Reporter ~ Leave a comment

As cyber threats become more sophisticated, security teams struggle to shift from reactive trouble shooting to deploying strategic, proactive defenses. Disconnected tools and siloed data limits security teams’ visibility into their environments, preventing them from having a clear understanding of their organization’s risk factors. This fragmentation also impacts a company’s business operations. Research shows that only 52% of executives agree that their security strategy is aligned with their business strategy. And less than half of these executives feel that their security strategy is aligned with their IT strategy.

A context-driven security approach changes the equation. It consolidates tools for asset discovery, vulnerability management, and threat detection into a single integrated platform, providing security teams with a cohesive picture of their security posture. Context-driven security also allows organizations to move beyond reactive models toward smarter prioritization, faster decision-making, improved resilience, and measurable progress in cybersecurity maturity.

From Blind Spots to Full Visibility: The Power of Context-Driven Security

Today’s cybersecurity gaps aren’t just the result of tool sprawl; they stem from a lack of full-spectrum context. When security teams can’t connect activity across endpoints, identities, cloud workloads, and applications, critical threats are missed, alerts aren’t prioritized, and adversaries exploit weaknesses.

Context-driven security closes these gaps by unifying detection and prevention. Instead of reacting to isolated signals, MSPs can correlate activity across the attack surface, uncover hidden attack paths earlier, and prioritize threats based on real business risk. Unified environments have also been shown to deliver breach detection 40% faster and threat remediation 35% faster than fragmented ones.

Connecting the Dots: How Automated Correlation Enhances Detection

Context-driven security also sets the foundation for automated correlation, enabling MSPs to move beyond isolated detection toward prioritized, strategic action. Automated correlation continuously analyzes signals across endpoints, identities, cloud workloads, and networks—linking related security events in real time to reveal attack patterns and threat chains.

Instead of forcing analysts to manually sift through thousands of alerts, automated correlation connects the dots automatically, providing a full view of multi-stage and identity-driven attacks before they escalate. This reduces noise, accelerates detection, and empowers faster, smarter decisions at scale.

Organizations leveraging automated correlation within a context-driven framework experience 60% fewer incidents caused by misconfigurations, underscoring how better context directly enhances both security outcomes and operational efficiency.

Beyond Activity Logs: Proving Security Value Through Measurable Outcomes

Clients expect more than activity logs; they demand proof that security investments are working. Quarterly posture assessments, maturity scorecards, and executive-level reporting are quickly becoming baseline expectations for client relationships.

MSPs can leverage security context to demonstrate measurable improvements to key metrics like reductions in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), improvements in security posture ratings, and progress against cybersecurity maturity frameworks like NIST CSF 2.0.

As security investments come under greater scrutiny, clients expect their partners to demonstrate clear, measurable improvements. The ability to quantify risk reduction, prove operational resilience, and show progress toward compliance goals has become a critical competitive advantage for MSPs.

This shift also creates an opportunity for MSPs to step in as strategic partners. Many clients lack a clear way to benchmark where they stand today or assess how their security investments are performing. By offering structured security posture assessments, MSPs can deliver tangible baselines that highlight strengths, identify critical gaps, and guide smarter investment decisions. It’s not about adding another tool—it’s about providing the clarity clients need to prioritize actions, improve maturity, and track progress over time.

Cybersecurity maturity models also provide a foundation for scaling services as client needs evolve. These models typically map organizations across stages such as Underprepared, Reactive, Proactive, and Anticipatory. Context enables MSPs to align services to each client’s current stage, demonstrate measurable outcomes, and build tiered offerings that help clients strengthen their overall security posture.

By embedding security context into client relationships, MSPs can drive recurring growth, strengthen retention, and stand apart based on the strategic value they deliver.

Turning Context into a Strategic Advantage for Cyber Resilience

The cybersecurity landscape demands more than piecemeal defenses. Context-driven security empowers MSPs to eliminate blind spots, prioritize critical risks, demonstrate security value, and help clients grow more resilient over time. In a threat landscape where complexity is the adversary’s weapon, context is the MSP’s most powerful defense.

Learn more about advancing your security posture here.

 

The post Context-Driven Security: Bridging the Gap Between Proactive and Reactive Defense. first appeared on Cybersecurity Insiders.

The post Context-Driven Security: Bridging the Gap Between Proactive and Reactive Defense. appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/DWrxsiU
via IFTTT

Amazon Nova Premier: Our most capable model for complex tasks and teacher for model distillation

~ Reporter ~ Leave a comment

Today we’re expanding the Amazon Nova family of foundation models announced at AWS re:Invent with the general availability of Amazon Nova Premier, our most capable model for complex tasks and teacher for model distillation.

Nova Premier joins the existing Amazon Nova understanding models available in Amazon Bedrock. Similar to Nova Lite and Pro, Premier can process input text, images, and videos (excluding audio). With its advanced capabilities, Nova Premier excels at complex tasks that require deep understanding of context, multistep planning, and precise execution across multiple tools and data sources. With a context length of one million tokens, Nova Premier can process extremely long documents or large code bases.

With Nova Premier and Amazon Bedrock Model Distillation, you can create highly capable, cost-effective, and low-latency versions of Nova Pro, Lite, and Micro, for your specific needs. For example, we used Nova Premier to distill Nova Pro for complex tool selection and API calling. The distilled Nova Pro had a 20% higher accuracy for API invocations compared to the base model and consistently matched the performance of the teacher, with the speed and cost benefits of Nova Pro.

Amazon Nova Premier benchmark evaluation
We evaluated Nova Premier on a broad range of benchmarks across text intelligence, visual intelligence, and agentic workflows. Nova Premier is the most capable model in the Nova family as measured across 17 benchmarks as shown in the table below.

Amazon Nova Premier Benchmark Evaluations

Nova Premier is also comparable to the best non-reasoning models in the industry and is equal or better on approximately half of these benchmarks when compared to other models in the same intelligence tier. Details of these evaluations are in the technical report.

Nova Premier is also the fastest and the most cost-effective model in Amazon Bedrock for its intelligence tier. For further details and comparison on pricing, please refer to the Bedrock pricing page.

Nova Premier can also be used as a teacher model for distillation, which means you can transfer its advanced capabilities for a specific use case into smaller, faster, and more efficient models like Nova Pro, Micro, and Lite for production deployments.

Using Amazon Nova Premier
To get started with Nova Premier, you first need to request access to the model in the Amazon Bedrock console. Navigate to Model access in the navigation pane, find Nova Premier, and toggle access.

Console screenshot.

Once you have access, you can use Nova Premier through the Amazon Bedrock Converse API providing in input a list of messages from the user and the assistant. Messages can include text, images, and videos. Here’s an example of a straightforward invocation using the AWS SDK for Python (Boto3):

import boto3
import json

AWS_REGION = "us-east-1"
MODEL_ID = "us.amazon.nova-premier-v1:0"

bedrock_runtime = boto3.client('bedrock-runtime', region_name=AWS_REGION)
messages = [
    {
        "role": "user",
        "content": [
            {
                "text": "Explain the differences between vector databases and traditional relational databases for AI applications."
            }
        ]
    }
]

response = bedrock_runtime.converse(
    modelId=MODEL_ID,
    messages=messages
)

response_text = response["output"]["message"]["content"][-1]["text"]

print(response_text)

This example shows how Nova Premier can provide detailed explanations for complex technical questions. But the real power of Premier comes with its ability to handle sophisticated workflows.

Multi-agent collaboration use case
Let’s explore a more complex scenario that showcases how Nova Premier works a multi-agent collaboration architecture for investment research.

The equity research process typically involves multiple stages: identifying relevant data sources for specific investments, retrieving required information from those sources, and synthesizing the data into actionable insights. This process becomes increasingly complex when dealing with different types of financial instruments like stock indices, individual equities, and currencies.

We can build this type of application using multi-agent collaboration in Amazon Bedrock, with Nova Premier powering the supervisor agent that orchestrates the entire workflow. The supervisor agent analyzes the initial query (for example, “What are the emerging trends in renewable energy investments?”), breaks it down into logical steps, determines which specialized subagents to engage, and synthesizes the final response.

For this scenario, I’ve created a system with the following components:

  1. A supervisor agent powered by Nova Premier
  2. Multiple specialized subagents powered by Nova Pro, each focusing on different financial data sources
  3. Tools that connect to financial databases, market analysis tools, and other relevant information sources

Multi-agent architectural diagram

When I submit a query about emerging trends in renewable energy investments, the supervisor agent powered by Nova Premier does the following:

  1. Analyzes the query to determine the underlying topics and sources to cover
  2. Selects the appropriate subagents specific to those topics and sources
  3. Each subagent retrieves their relevant economic indicators, technical analysis, and market sentiment data
  4. The supervisor agent synthesizes this information into a comprehensive report for review by a financial professional

Utilizing Nova Premier in a multi-agent collaboration architecture such as this streamlines the financial professional’s work and helps them formulate their investment analysis faster. The following video provides a visual description of this scenario.

The key advantage of using Nova Premier for the supervisor role is its accuracy in coordinating complex workflows, so that the right data sources are consulted in the optimal sequence and each subagent receives in input the correct information for their work, resulting in higher quality insights.

Multi-agent collaboration with model distillation
Although Nova Premier provides the highest level of accuracy of its family of models, you might want to optimize latency and cost in production environments. This is where the strength of Nova Premier as a teacher model for distillation becomes interesting. Using Amazon Bedrock Model Distillation, we can customize Nova Micro from the results of Nova Premier for this specific investment research use case.

Unlike traditional fine-tuning that requires human feedback and labeled examples, with model distillation you can generate high-quality training data by having a teacher model produce the desired outputs, streamlining the data acquisition process.

Amazon Bedrock Model Distillation diagram

The process to distill a model involves:

  1. Generating synthetic training data by capturing input and output from Nova Premier runs across multiple financial instruments
  2. Using this data as a reference to train a customized version of Nova Micro through custom fine-tuning tools
  3. Evaluating the difference in latency and performance of the customized Micro model
  4. Deploying the customized Micro model as the supervisor agent in production

With Amazon Bedrock, you can further streamline the process and use invocation logs for data preparation. To do that, you need to set the model invocation logging on and set up an Amazon Simple Storage Service (Amazon S3) bucket as the destination for the logs.

Customer voices
Some of our customers had early access to Nova Premier. This is what they shared with us:

“Amazon Nova Premier has been outstanding in its ability to execute interactive analysis workflows, while still being faster and nearly half the cost compared to other leading models in our tests,” said Curtis Allen, Senior Staff Engineer at Slack, a company bringing conversations, apps, and customers together in one place.

“Implementing new solutions built on top of Amazon Nova has helped us with our mission of democratizing finance for all,” said Dev Tagare, Head of AI and Data at Robinhood Markets, a company on a mission to democratize finance for all. “We’re particularly excited about the ability to explore new avenues like complex multi-agent collaborations that are not just highly performing but also cost effective and fast. The intelligence of Nova Premier and what it can transfer to the other models like Nova Micro, Nova Lite, and Nova Pro unlocks multi-agent collaboration at a performance, price, and speed that will make it accessible to everyday customers.”

“Accelerating real-world AI deployments—not just prototypes—requires the ability to build models that are specialized for the unique needs of real world applications,” said Henry Ehrenberg, co-founder of Snorkel AI, a technology company that empowers data scientists and developers to quickly turn data into accurate and adaptable AI applications. “We’re excited to see AWS pushing efficient model customization forward with Amazon Bedrock Model Distillation and Amazon Nova Premier. These new model capabilities have the potential to accelerate our enterprise customers in building production AI applications, including Q&A applications with multimodal data and more.”

Things to know

Nova Premier is available in Amazon Bedrock in the US East (N. Virginia), US East (Ohio), and US West (Oregon) AWS Regions today via cross-Region inference. With Amazon Bedrock, you only pay for what you use. For more information, visit Amazon Bedrock pricing.

Customers in the US can also access Amazon Nova models at https://nova.amazon.com, a website to easily explore our FMs.

Nova Premier is our best teacher for distilling custom variants of Nova Pro, Micro, and Lite, which means you can capture the capabilities offered by Premier in smaller, faster models for production deployment.

Nova Premier includes built-in safety controls to promote responsible AI use, with content moderation capabilities that help maintain appropriate outputs across a wide range of applications.

To get started with Nova Premier, visit the Amazon Bedrock console today. For more information, see the Amazon Nova User Guide and send feedback to AWS re:Post for Amazon Bedrock. Explore the generative AI section of our community.aws site to see how our Builder communities are using Amazon Bedrock in their solutions.

Danilo

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/zajKbXv
via IFTTT

North Korean operatives have infiltrated hundreds of Fortune 500 companies

~ Reporter ~ Leave a comment

SAN FRANCISCO — North Korean nationals have infiltrated the employee ranks at top global companies more so than previously thought, maintaining a pervasive and potentially widening threat against IT infrastructure and sensitive data.

“There are hundreds of Fortune 500 organizations that have hired these North Korean IT workers,” Mandiant Consulting CTO Charles Carmakal said Tuesday during a media briefing at the RSAC 2025 Conference. 

“Literally every Fortune 500 company has at least dozens, if not hundreds, of applications for North Korean IT workers,” Carmakal said. “Nearly every CISO that I’ve spoken to about the North Korean IT worker problem has admitted they’ve hired at least one North Korean IT worker, if not a dozen or a few dozen.”

Google, which ranks eighth on the annual list of the top global companies by revenue, is caught up in this widespread threat, too. 

North Korean technical workers have been detected in Google’s talent pipeline as job candidates and applicants, but none have been hired by the company to date, said Iain Mulholland, senior director of security engineering at Google Cloud.

Threat hunters, insider risk management firms and security analysts continue to raise the alarm about North Korean nationals gaining employment at major corporations, highlighting the expansive ecosystem of tools, infrastructure and specialized talent North Korea’s regime has established for this effort.

The latest warnings and intel from Mandiant and Google constitute an escalation of this threat. Insider risk management firm DTEX recently told CyberScoop that 7% of its customer base, representing a fair cross-section of the Fortune 2000, have been infiltrated by North Korean operatives working as full-time employees with privileged access

The risk of North Korean nationals working for any large organization has moved from being a possibility to an outright assumption. “If you’re not seeing this, it’s because you’re not detecting it, not because it’s not happening to you,” Mulholland said.

“The way that we’ve watched them put IT workers in Fortune 500 companies has been astounding,” said Sandra Joyce, VP of Google Threat Intelligence. 

For now, this group of specialized North Koreans mostly earn money for the jobs they do and send their salaries back to Pyongyang. 

Carmakal said he was baffled by this scheme a few years ago, because it appeared to be a relatively small amount of money in play. But the money earned by North Korea’s regime has accumulated over time and now has the potential to generate substantial revenue.

A thousand IT workers earning six-figure salaries that are funneled back to the North Korean government works out to $100 million a year, and many of these operatives are working multiple jobs at different organizations concurrently, Carmakal said. 

“Most of this activity is generally a fundraising activity,” said John Hultquist, chief analyst at Google Threat Intelligence Group.

Yet, as more North Korean operatives gain employment for technical roles, the potential threat their access to critical systems presents has grown in kind.

“When they start getting rooted out, it can sort of break bad on you and then start breaking things,” Hultquist said. “We’ve already seen evidence of them doing that, especially when their jobs are essentially threatened.”

Pressure is coming in the form of lost wages. Many enterprises are now aware of the threat posed by North Korean IT workers, and companies are detecting and removing them from systems more quickly.

Mandiant observed a change in activity about six months ago, as North Korea shifted tactics and started extorting companies to supplement the wages it lost from outed employees. 

These extortion scenarios, which represent “a very small percentage of cases,” took on a few forms, Carmakal said. Former employees have followed up with their supervisors, threatening to leak data they had access to during their time of employment if the company didn’t pay their signing bonus or the last month of their salary.

In other cases, new personas sent emails to victim organizations claiming to be a threat actor that had broken into their network and stolen data. 

“As we looked at that sample of data that they took, we were able to tie that back to an investigation that we ran six months prior, and learned that that was the exact data that a suspected North Korean IT worker had taken from the company as part of their employment,” Carmakal said. 

“The concern that we have is that there’s always the potential that at some point in time, these actors that have taken data as part of their employment may publish it on the internet,” Carmakal said. “We haven’t seen it happen yet, but that’s the fear that most of these organizations have today.”

Damage could potentially come in even more destabilizing forms, including outright disruption of critical services or infrastructure. 

Mandiant has seen North Korea’s Reconnaissance General Bureau, which has been linked to previous destructive and disruptive attacks, using the same IP addresses as North Korean IT workers, Hultquist said. 

“There’s various technical connections there, and so I think it’s a very real threat,” he said. “Any place they get, they’re essentially in-house. So they can easily hand it over to the intelligence services, if they’re not literally monitoring everything they did, which I think is very, very possible as well.”

The post North Korean operatives have infiltrated hundreds of Fortune 500 companies appeared first on CyberScoop.

from CyberScoop https://ift.tt/eXDNciJ
via IFTTT