Security - Image by Ryan McGuire from PixabayHere is a brief look at some of the recent news from the last week. Over the last week in Enterprise Times, coverage included how Precisely location intelligence helped police in Devon and Cornwall protect the recent G7 summit. WithSecure highlighted a flaw in Microsoft Office 365 message encryption.

Europol

Europol continues to provide information and insights into its fight against crime.

Cybercrime conference

It held a cybercrime conference earlier this month under the theme of “The Evolution of Policing – do we need a social contract in cyber space?”

The conference had over 150 organisations represented, including 58 different law enforcement agencies. It summarised its findings in three points:

  • Policing requires a future-proof and agile legal framework to operate in the digital age; regulation and innovation have to complement one another
  • Public and private partnerships remain an essential dimension in the fight against cybercrime
  • While safety, security and privacy are the essence of our social contract, developments like the metaverse, artificial intelligence, quantum computing, etc. show the constant need for adaptation and evolution, at regional, national, and global level

Policing in the metaverse – report

The Europol Innovation Lab has published its second report under its Observatory function, entitled ‘Policing in the metaverse: what law enforcement needs to know’. The report, based on in-depth consultations with law enforcement experts, industry and academia, provides a detailed overview of the potential for criminal activities within the metaverse, alongside the opportunities and best practices of building a police presence online.

Europol Executive Director Catherine De Bolle said, “I believe it is important for police to anticipate changes to the reality in which they have to provide safety and security. The metaverse will bring about new ways of interacting and whole new virtual worlds to live in, potentially transforming our lives, just as the internet has done in the last three decades.

“As our discussions at the European Police Chiefs Convention this year demonstrated, this report from the Europol Innovation Lab will undoubtedly help law enforcement agencies to begin to grasp this new world, in order to adapt and prepare for policing in the metaverse.”

Arrests continue

On 6 October, a prolific scammer was arrested in Tenerife, Spain, by the National Police (Policía Nacional), resulting from a complex investigation involving four countries. The suspect – a 50-year-old Croatian national – is believed to have been running a large-scale, multi-layered investment fraud scheme which siphoned at least EUR 5 million out of unsuspecting investors. Over 70 German victims have been identified so far.

With the support of Europol and Eurojust, the French authorities, in cooperation with their Spanish and Latvian counterparts, have dismantled a car theft ring which used fraudulent software to steal vehicles without using the physical key fob.

F-Secure

F-Secure has launched the SENSE Partner Program to help makers of WiFi routers and gateways increase value by offering protection for the entire connected home in the simplest possible way.

Dmitri Vellikok, Vice President of Network Security at F-Secure, commented, “The number of internet-ready devices in our homes keeps increasing every day. However, the lack of ‘out-of-the-box’ solutions to secure connected homes and the people inside them is making consumers anxious.”

The program offers four key benefits:

  • A flexible business model that supports each unique strategy with a tailored offering
  • Proven marketing and sales enablement that ensures revenue growth
  • Easy integration and certification with a clearly defined process
  • Premium support with fast response times that ensure quality and customer loyalty

Ivanti

Ivanti published the Ransomware Index Report Q2-Q3 2022 conducted with Cyber Security Works and Cyware. The report revealed that ransomware has grown by 466% since 2019 and is increasingly being used as a precursor to physical war, as seen in the Russia conflict in Ukraine and the Iran and Albania cyberwar.

The report revealed 10 new ransomware families, bringing the total to 170. It also analyzed the impact of ransomware on critical infrastructure, with the three worst-hit sectors being healthcare, energy, and critical manufacturing. The report revealed that 47.4% of ransomware vulnerabilities affect healthcare systems, 31.6% affect energy systems, and 21.1% affect critical manufacturing.

Srinivas Mukkamala, Chief Product Officer at Ivanti, said, “IT and security teams must urgently adopt a risk-based approach to vulnerability management to better defend against ransomware and other threats. This includes leveraging automation technologies that can correlate data from diverse sources (i.e., network scanners, internal and external vulnerability databases, and penetration tests), measure risk, provide early warning of weaponization, predict attacks, and prioritize remediation activities.

“Organizations that continue to rely on traditional vulnerability management practices, such as solely leveraging the NVD and other public databases to prioritize and patch vulnerabilities, will remain at high risk of cyberattack.”

Logpoint

A new study by Logpoint looks at the ransomware threat landscape following the launch of LockBit in June 2022. Logpoint’s Global Services has identified 800 reported LockBit cases from May to September, which is twice as many as the closest competitors, BlackBasta, Alphpv/BlackCat, Hiveleak, and Clop, combined.

Doron Davidson, VP of Logpoint Global Services, commented, “Ransomware groups have come and gone, techniques and tactics have evolved significantly, and activity levels have risen and fallen. The latest variation, LockBit 3.0, also known as LockBit Black, represents yet another shift in the ransomware threat landscape. Organizations now face shorter time to detect attacks in the early stages and prevent ransomware deployment, and reduced opportunity to negotiate the ransom terms.”

Matrix42

In the week Oracle held OpenWorld, Matrix42 was confirmed as one of only a few solution providers to meet the brand-new Java (Inventory) verification. Matrix42 also supports Oracle Global License Advisory Services (GLAS) to ensure accurate verification.

John Dillon, CPMO at Matrix42, said, “Now we support customers to get full transparency across all Oracle Java installations and database products in their environment.”

Oracle

At CloudWorld, Oracle revealed how it has made security foundational and built into Oracle Cloud Infrastructure (OCI). It has adopted a multi-tiered approach.

  • Database and storage are secure, encrypting data and masking data to help prevent it from falling into the wrong hands with services such as Data Safe and the newest MySQL Heatwave database security capabilities
  • It has built security into the cloud compute level and operating system, with a hardware root of trust card and tenant isolation, as well as Autonomous Linux to help reduce the risk of attacks and malware
  • Oracle then helps manage your security posture easily, detect and address threats, and manage vulnerabilities with Oracle Cloud Guard and Oracle Security Zones
  • It is also building Configuration Management Database (CMDB) solution to give visibility and control to manage the software supply chain on OCI and allow one to quickly identify software packages and dependencies

Security News from the week beginning 3rd October 2022

LEAVE A REPLY

Please enter your comment!
Please enter your name here