A significant data breach related to the Internet of Things (IoT) was uncovered by cybersecurity researcher Jeremiah Flower. The breach was traced to an unprotected database belonging to Mars Hydro, a Chinese company specializing in lighting systems, and LG LED Solutions, a California-based business. Flower discovered that sensitive data had either been fraudulently accessed or copied, raising alarm about the security practices of these companies.

Interestingly, some cybersecurity researchers on Telegram speculate that the leaked database may be the same one that was exposed in 2019. That previous breach involved Orvibo, a Chinese brand known for its smart control panels and lights. Regardless of which company is ultimately responsible for the database, reports suggest that hackers may have gained access to a staggering 1.7 terabytes of data, which was distributed across 13 folders. Each folder contained roughly 100 million records.

The full extent of the breach remains unclear, and it’s uncertain whether the stolen data has been misused or sold to malicious parties. However, the compromised data is extensive and includes email addresses, Wi-Fi credentials, phone numbers, precise geolocation data, account reset questions and answers, usernames, IP addresses, user IDs, smart device names, IoT device schedules, and more. This wealth of personal and device-related information could lead to serious privacy concerns if it falls into the wrong hands.

Such breaches often result from a combination of misconfiguration errors, network vulnerabilities, outdated IT systems, and a lack of encryption measures. In many cases, IoT devices come with default passwords that users never change, giving hackers an easy entry point to exploit the system and compromise the network.

Experts in cybersecurity have repeatedly warned users of IoT devices to take precautionary steps to safeguard their information. These measures include encrypting logs, replacing default passwords with strong, alphanumeric passwords (incorporating special characters), extending password lengths to 15 to 18 characters, and ensuring private databases are not accessible via public cloud services.

By following these security best practices, users can significantly reduce the risk of falling victim to similar breaches in the future, ensuring their personal data and IoT devices remain protected.

The post IoT data breach leaks over 2.7 billion records, a repeat of 2019 appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/k93dQTy
via IFTTT

In the ever-evolving landscape of cybersecurity, detecting and responding to threats has become more complex. One of the more advanced techniques gaining traction is implied cyber threat hunting. Unlike traditional threat hunting, which often involves reacting to known threats and signature-based detection, implied threat hunting focuses on uncovering hidden or yet-to-be-identified threats based on contextual clues, anomalous behaviors, and patterns in data. This approach helps organizations identify potential risks before they manifest into active attacks.

Here are some effective tactics for undertaking implied cyber threat hunting:

1. Leverage Behavioral Analytics

One of the cornerstones of implied threat hunting is understanding normal behavior across your network. By establishing a baseline of what constitutes “normal” activity within your system, hunters can look for deviations that might signal a potential threat.

Anomaly Detection: Behavioral analytics tools can monitor network traffic, user behaviors, and application usage to identify abnormal patterns. For instance, if a user accesses sensitive data outside of their usual operating hours or from an unusual location, it could be a sign of malicious activity.

Machine Learning Algorithms: These can process vast amounts of data to detect subtle behavioral anomalies that may not immediately raise alarms. Over time, machine learning models become better at distinguishing between benign and malicious anomalies.

2. Focus on the Indicators of Compromise (IoCs) and Indicators of Attack (IoAs)

Although implied threat hunting focuses on emerging threats that might not yet have signatures, it’s still essential to identify subtle indicators that an attack might be underway.

IoCs: These are pieces of evidence that suggest an attack has already occurred or is in progress. Examples include unfamiliar IP addresses, unusual file hashes, or newly created user accounts.

IoAs: These are more behavioral-focused clues, showing the actions or tactics used by threat actors to initiate an attack. For example, a significant increase in failed login attempts across multiple accounts could signal an attempted brute force attack.

By hunting for IoCs and IoAs, you can uncover suspicious activity before it evolves into a full-scale breach.

3. Use Threat Intelligence Feeds to Predict Emerging Threats

Implied threat hunting requires staying ahead of potential attackers, which is where threat intelligence comes into play. By subscribing to threat intelligence feeds and continuously analyzing current cyber threats, you can detect patterns in attack methodologies.

Open-source Intelligence (OSINT): OSINT provides valuable data from a variety of online sources, such as forums, social media, or even dark web marketplaces, which can offer clues about emerging threats.

Collaborative Intelligence Sharing: Sharing threat intelligence within trusted networks, such as industry-specific Information Sharing and Analysis Centers (ISACs), can help identify patterns and tactics that could point to new forms of attack.

Predicting cyber threats based on these sources allows you to proactively adapt defenses before threats reach your systems.

4. Implement Threat Intelligence Correlation

Merely collecting vast amounts of raw threat data isn’t enough to detect implied threats. Threat intelligence correlation helps put that data into context by analyzing it across different sources.

Cross-referencing Logs: Cross-reference network logs, endpoint logs, and email security logs to identify patterns that might otherwise be missed. For example, you may detect a set of IP addresses that appear in both inbound and outbound traffic patterns, potentially indicating an exfiltration attempt.

Contextualization: Correlating threat intelligence with contextual information—such as recent organizational changes or employee behavior—can help pinpoint areas of vulnerability. A recent merger or acquisition, for instance, could create new entry points for attackers, especially if integration isn’t secure.

By connecting the dots between various data sources, you can spot emerging threats that don’t yet have clear indicators of compromise.

5. Investigate External Attack Surface Risks

One tactic often overlooked in implied cyber threat hunting is investigating the external attack surface—the entire digital perimeter of an organization that could be exposed to cyber threats. With the rise of cloud services, remote workforces, and third-party vendors, organizations may have unknown vulnerabilities.

Continuous Scanning: Use external attack surface management tools to scan for exposed assets, open ports, misconfigured cloud services, and unused accounts that could be exploited.

Third-party Risk Management: Monitor and assess the cybersecurity posture of external vendors, service providers, or partners.

Cybercriminals often use the “soft underbelly” of less-secure partners to infiltrate larger, more heavily fortified organizations.

By hunting for weak links in the external attack surface, you can prevent threat actors from gaining unauthorized access through overlooked points of entry.

6. Red Team and Purple Team Collaboration

Simulated attacks conducted by Red and Purple Teams offer a proactive method for implied threat hunting.

Red Teams: These ethical hackers perform simulated attacks to find gaps in your defenses. They attempt to mimic real-world attackers and can identify vulnerabilities that might not be apparent during traditional vulnerability scanning.

Purple Teams: Collaboration between Blue Teams (defenders) and Red Teams creates a more integrated approach to cybersecurity. Purple Team activities can enhance the ability to detect and respond to emerging threats that evade traditional signature-based tools.

These collaborative exercises offer an opportunity to simulate threats and explore how your organization might respond to new tactics or attack methods that haven’t been encountered yet.

7. Focus on User and Entity Behavior Analytics (UEBA)

User and Entity Behavior Analytics (UEBA) is a powerful tool for implied threat hunting, especially when it comes to detecting insider threats. UEBA focuses on monitoring and analyzing the behavior of users and other entities (such as devices, applications, or systems) within an organization.

Identifying Suspicious Users: UEBA can flag anomalous behaviors like privilege escalation, data access anomalies, or unusual login times, all of which could indicate an insider threat or compromised user credentials.

Detecting Lateral Movement: UEBA also helps identify patterns of lateral movement across the network, which is often a precursor to full exploitation of a system.

By leveraging UEBA tools, security teams can proactively hunt for malicious insiders or compromised accounts before they can do significant damage.

Conclusion

Implied cyber threat hunting is a forward-thinking approach that emphasizes the identification of latent risks before they evolve into active threats. By integrating behavioral analytics, threat intelligence, external attack surface management, and advanced detection techniques like UEBA and anomaly detection, security teams can stay one step ahead of cybercriminals. As the threat landscape becomes more complex, adopting these proactive strategies can significantly enhance an organization’s defense against emerging cyber threats.

The post Tactics to take up implied cyber threat hunting- proactive strategies to smartly thrwat hidden cyber risks appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/4f89lc6
via IFTTT

Cloud technology is redefining the financial services industry, serving as the backbone of modern operations by enabling flexibility, scalability, and rapid innovation. As financial institutions accelerate digital transformation, a cloud-first approach for enterprises is becoming essential. In fact, in 2021, Gartner forecast an 85% adoption rate by 2025.

As predicted, the cloud has become a pillar of modern technology, with factors such as AI integration and security dominating today’s taking points. As institutions embrace the cloud, they must also navigate the evolving regulatory frameworks that follow – most notably, the stringent requirements of the EU Digital Operational Resilience Act (DORA).

With DORA now in full effect, the regulatory landscape for financial institutions has changed dramatically. The regulation, which came into force in January, was a landmark move to strengthen operational resilience and cybersecurity across the financial sector. It imposes rigorous requirements, demanding that financial organizations safeguard their internal systems as well as their interactions with third-party cloud providers.

As institutions work to meet these high standards, cloud management platforms (CMPs) have become essential. These platforms serve as the critical infrastructure for managing risk, fortifying cybersecurity, and ensuring continuous compliance within an increasingly complex cloud ecosystem. 

For global banks or financial services providers, the ability to navigate DORA’s demands successfully depends heavily on how effectively they leverage CMPs to maintain resilience, mitigate risks in real time, and ensure long-term regulatory adherence.

DORA and Its Requirements for Financial Institutions

DORA was introduced to address the escalating cyber threats, operational disruptions, and vulnerabilities in digital infrastructure faced by today’s financial institutions. It provides a comprehensive framework for incident reporting, third-party risk management, operational resilience testing, and data protection. Aligning with DORA requires significant investment in both resources and technology, posing both an operational and financial challenge for organizations striving to stay compliant.

The regulation places particular emphasis on third-party risk management, mandating institutions to assess the compliance and performance of their cloud service providers to proactively minimize external risks. It also requires regular resilience testing, such as penetration tests and simulated cyberattacks, to validate system integrity and ensure systems can handle disruptions. DORA prioritizes robust data protection measures, ensuring the security of sensitive information both within internal environments and throughout third-party cloud networks.

The Role of Cloud Management Platforms in Achieving Compliance

As more and more financial institutions move to hybrid or multi-cloud environments, the complexity of securing and managing their operations has grown significantly. While multi-cloud offers flexibility, it also introduces challenges around compliance, security, and risk management. This is where CMPs become indispensable.

CMPs provide visibility and control across multiple cloud environments, allowing organizations to manage their infrastructure from a single platform. They help financial institutions meet DORA’s requirements for operational resilience, third-party risk management, and data protection by centralizing oversight across diverse cloud ecosystems.

One of the key benefits of CMPs is the real-time visibility they offer into cloud operations. Continuous monitoring allows financial institutions to detect and address threats as they emerge. Whether it’s a cyberattack, technical failure, or third-party issue, CMPs provide proactive tools to act quickly and mitigate risks. For instance, if a cloud provider faces an outage, CMPs immediately alert the organization, triggering disaster recovery protocols and ensuring backup systems remain operational. This approach is vital for maintaining compliance with DORA’s guidelines on minimizing disruption.

CMPs also play a critical role in managing third-party risks. Institutions are responsible for their own resilience while also ensuring their cloud providers meet DORA’s standards. By offering a unified view of third-party relationships, CMPs allow organizations to track the compliance and performance of their vendors. A unified view enhances security and strengthens regulatory alignment, ensuring that all parties involved adhere to the operational and cybersecurity standards set by DORA.

Additionally, CMPs simplify compliance reporting by automating regulatory processes. Financial institutions must demonstrate adherence to DORA’s standards, and tracking compliance across multiple cloud environments manually is resource-intensive and prone to human error. CMPs streamline this by generating real-time compliance reports and audit trails, giving institutions confidence in their regulatory preparedness. This automation ensures accuracy and enhances efficiency, freeing up internal teams to focus on strategic initiatives.

Enhancing Cybersecurity and Operational Resilience with CMPs

The ability to secure data across multiple cloud environments is another critical concern for financial institutions under DORA. With data often stored across various cloud providers, organizations must ensure that sensitive information is protected through encryption, access controls, and continuous monitoring. Cloud management platforms make it easier to enforce these security policies by providing centralized control over data security measures. Institutions can configure policies that automatically apply encryption to sensitive data, monitor who has access to this data, and track its movement across cloud environments helping to maintain DORA’s stringent data protection standards.

Another key cybersecurity requirement under DORA is ongoing operational resilience testing. To comply, institutions must regularly assess their systems’ resilience to cyberattacks and operational failures. CMPs facilitate this by offering built-in tools for testing system vulnerabilities. Institutions can conduct regular simulated cyberattacks, penetration tests, and other stress tests to ensure their systems remain resilient under real-world conditions. With proactive identification of security gaps, financial institutions can strengthen their defenses before vulnerabilities become major threats.

A Strategic Opportunity for Financial Institutions

DORA presents both a compliance challenge and a strategic opportunity for financial institutions to enhance operational resilience and cybersecurity. Through aligning with DORA’s stringent guidelines and adopting CMPs, institutions can modernize their cloud infrastructures, bolster defenses against cyber threats, and ensure ongoing compliance amid evolving regulations. Beyond compliance, these efforts position organizations for long-term success by strengthening security, operational stability, and regulatory confidence.

A cloud-first strategy, when combined with CMPs, helps support regulatory adherence and unlocks new opportunities for innovation. Institutions can stay agile, quickly adapt to market shifts, and deliver enhanced digital services that meet evolving customer demands. This dual focus on compliance and technological advancement fosters long-term efficiency and industry leadership.

DORA is reshaping how financial institutions approach resilience and security by redefining industry standards. While it poses challenges, it also provides an opportunity to strengthen digital infrastructure and future-proof operations. By leveraging CMPs, financial institutions don’t just achieve compliance with DORA – they gain a competitive edge in an increasingly risk-prone world.

Now is the time for institutions to modernize their cloud strategies, embrace these technologies, and transform regulatory compliance from an obligation into a business advantage.

 

The post Strengthening Cloud Resilience and Compliance with DORA: A Critical Focus for Financial Institutions appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/HNtI7hu
via IFTTT

Luxembourg, Luxembourg, February 11th, 2025, CyberNewsWire

Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2024, and businesses need to act fast to protect themselves from this evolving threat. The report reveals a significant escalation in the total number of DDoS attacks and their magnitude, measured in terabits per second (Tbps).

Key highlights from Q3-Q4 2024

●    Compared to Q3–Q4 2023, the number of DDoS attacks have risen by 56%, which highlights a steep long-term growth trend.

●    The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks.

●    In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

●    There was a 17% increase in the total number of attacks compared with Q1-Q2 2024.

●    The largest attack peaked at 2Tbps in Q3-Q4 2024, which is an 18% increase from Q1-Q2 2024.

●    DDoS attacks are becoming shorter in duration but more powerful.

Attackers are shifting their focus

The sectors that were targeted in Q3-Q4 2024 reflect a changing focus among DDoS attackers. The technology industry has seen a steady increase in its share of DDoS attacks, increasing from 7% to 19% since Q3-Q4 2023. This is because DDoS attackers recognise the wide-reaching disruption potential of attacking technology services. A single successful attack can take out a service that countless organizations depend on – causing significant harm to people and businesses. Another reason that technology platforms have seen an increase in DDoS attacks is due to their vast computational power, which malicious actors can exploit to intensify their attacks.

The gaming industry continues to be the most-attacked industry, although there were 31% fewer attacks compared with Q1-Q2 2024. The decline in attacks may be attributed to several factors. For instance, gaming companies are strengthening their DDoS defenses in response to ongoing attacks, which may result in fewer successful attacks. Another explanation is that attackers may be shifting their focus towards other high-value sectors, such as financial services, which saw a 117% increase in the number of attacks. The sector’s critical online services and susceptibility to ransom-based attacks make it a prime target.

Andrey Slastenov, Head of Security at Gcore, commented: “The latest Gcore Radar should be a wake-up call to businesses across all industries. Not only is the number and intensity of attacks increasing, but attackers are expanding the scope of their attacks to reach an increasingly wide range of sectors. Businesses must invest in robust DDoS detection, mitigation, and protection to prevent the financial and reputational impact of an attack.

The geographical distribution of DDoS attacks

With a presence that spans six continents, Gcore can accurately track the geographical sources of DDoS attacks. Gcore derives these insights from the attackers’ IP addresses and the geographic locations of the data centers where malicious traffic is targeted. 

Gcore’s findings have highlighted the Netherlands as a key source of attacks; leading application-layer attacks with 21% and ranking second for network-layer attacks at 18%. The U.S. ranked highly across both layers, reflecting its vast internet infrastructure for hackers to exploit.

Brazil featured prominently in network-layer attacks at 14%. Brazil’s growing digital economy and connectivity make it an emerging source of attacks. China and Indonesia also featured prominently, with Indonesia showing a growth in application-layer attacks at 8%, which reflects a broader trend of increased attack activity in Southeast Asia.

Short but potent attacks continue to take hold

DDoS attacks are becoming shorter in duration, but no less disruptive. The longest DDoS attack duration during Q3-Q4 2024 was five hours, which is a significant decrease from 16 hours in the first half of the year. This is reflective of an increasing trend towards shorter but more intense attacks. These ‘burst attacks’ can be more difficult to detect as they may blend in with normal traffic spikes. The delay in detection gives attackers a window of opportunity to disrupt services before cyber defenses can kick in.

The trend of shorter DDoS attack durations can in part be attributed to improvements in cybersecurity. As security tightens, attackers have learned to adapt with short burst attacks designed to bypass defenses. A short DDoS attack can also double as a smokescreen to conceal a secondary attack, such as ransomware deployment.

The full report is available at https://gcore.com/library/gcore-radar-ddos-attack-trends-q3-q4-2024

About Gcore  

Gcore is a global edge AI, cloud, network, and security solutions provider. Headquartered in Luxembourg, with a team of 600 operating from ten offices worldwide, Gcore provides solutions to global leaders in numerous industries. Gcore manages its global IT infrastructure across six continents, with one of the best network performances in Europe, Africa, and LATAM due to the average response time of 30 ms worldwide. Gcore’s network consists of 180 points of presence worldwide in reliable Tier IV and Tier III data centers, with a total network capacity exceeding 200 Tbps.

Users can learn more at gcore.com or follow them on LinkedIn, Twitter, and Facebook.

Contact

Gcore press contact
pr@gcore.com

The post Gcore Radar report reveals 56% year-on-year increase in DDoS attacks appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/L2NinRz
via IFTTT