Search
HomeNetwork Forensics
Network Forensics

Cybersecurity Overview: Agencies Share Best Practices for Network Edge Security as OWASP Identifies Key Risks of Non-Human Identities

Cybersecurity Insights: Key Developments for the Week Ending February 7

As the cybersecurity landscape continues to evolve, staying informed about the latest threats and protective measures is crucial for organizations of all sizes. This week, several significant developments have emerged, including new guidance on securing network edge devices, insights into non-human identity risks, a notable decline in ransomware payments, and the launch of a new non-profit in the U.K. dedicated to analyzing cyber incidents. Here’s a closer look at the top six cybersecurity topics that are making headlines.

1 – New Cyber Guides Unpack How to Secure Network Edge Devices

With the increasing reliance on network edge devices—such as routers, VPN gateways, IoT devices, and internet-facing operational technology (OT) systems)—the need for robust security measures has never been more pressing. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has collaborated with international cybersecurity agencies to publish comprehensive guidance aimed at preventing and mitigating cyberattacks on these critical devices.

CISA warns that foreign adversaries frequently exploit software vulnerabilities in network edge devices to infiltrate essential infrastructure networks. The newly released guidance documents provide a wealth of information, including:

  • Common Threats: Misconfigurations, vulnerability exploitation, and denial of service attacks.
  • Examples of Compromises: Real-world instances of edge device breaches.
  • Mitigation Strategies: Practical recommendations for enhancing security.

Key documents include the Security Considerations for Edge Devices by the Canadian Centre for Cyber Security, the Digital Forensics Monitoring Specifications from the U.K.’s National Cyber Security Centre, and two guides from the Australian Cyber Security Centre focusing on executive and practitioner-level strategies for threat mitigation.

Eric Chudow, a cybersecurity vulnerability analyst at the NSA, emphasizes the importance of prioritizing edge device security as organizations scale their operations, highlighting the critical role these devices play in protecting sensitive data and services.

2 – OWASP Ranks Top Cyber Risks of Non-Human Identities

As organizations increasingly adopt non-human identities (NHIs) like access keys and service accounts, the Open Web Application Security Project (OWASP) has published a list of the top 10 risks associated with these identities. The OWASP Non-Human Identities Top 10 project aims to raise awareness among software developers and security professionals about the vulnerabilities tied to NHIs and to promote best practices for their management.

The list includes critical risks such as:

  • Improper Offboarding: Failing to deactivate NHIs when they are no longer needed.
  • Secret Leakage: Insecure exposure of NHIs, such as API keys and tokens.
  • Insecure Authentication: Vulnerable authentication methods for NHIs.
  • Overprivileged NHIs: Assigning excessive privileges to NHIs, increasing risk if compromised.

This comprehensive list serves as a vital resource for organizations looking to secure their non-human attack surfaces and manage the associated risks effectively.

3 – Report: Ransomware Payments Dropped in 2024

A recent report from blockchain analytics firm Chainalysis reveals a significant decline in ransomware payments in 2024. Despite an increase in ransomware incidents, victims are increasingly reluctant to pay ransoms, with payments dropping from $1.25 billion in 2023 to approximately $814 million in 2024—a 35% decrease.

The report highlights that while ransomware payments in the first half of 2024 saw a slight increase, they plummeted by 40% in the latter half of the year. This shift can be attributed to improved victim resilience, heightened awareness of cybersecurity, and effective law enforcement actions against major ransomware groups.

Notably, the activities of prominent ransomware gangs like LockBit and ALPHV/BlackCat were significantly disrupted, contributing to the overall decline in ransom payments. Chainalysis notes that these trends reflect a changing landscape in ransomware dynamics, driven by increased resistance from victims and proactive measures from law enforcement.

4 – New Non-Profit Will Analyze and Rate U.K. Cyber Incidents

The newly established Cyber Monitoring Centre (CMC) in the U.K. aims to provide a standardized framework for assessing and rating the severity of cybersecurity incidents affecting businesses. This independent non-profit organization seeks to enhance understanding of cyber incidents’ implications, helping organizations improve their mitigation and response strategies.

The CMC will analyze incidents that could potentially lead to losses exceeding £100 million, using a rating system from 1 (least severe) to 5 (most severe). By providing free reports on cyber incidents, the CMC hopes to foster greater awareness and resilience among U.K. businesses.

Ciaran Martin, the CMC’s technical committee chairman, emphasizes the importance of measuring incident severity, stating that the organization will play a crucial role in improving how businesses tackle, learn from, and recover from cyber events.

5 – CISA Alerts Healthcare Organizations About Backdoor in Contec Tool

Healthcare organizations are on high alert following a warning from CISA regarding a backdoor vulnerability in the Contec CMS8000, a device used for monitoring patients’ vital signs. This backdoor could lead to data leakage, remote code execution, and unauthorized device modifications.

CISA has identified two Common Vulnerabilities and Exposures (CVEs) associated with this issue, urging healthcare facilities to take immediate action to secure their systems. The Contec CMS8000, also marketed under different names, poses a significant risk to patient data security, highlighting the need for vigilance in the healthcare sector.

6 – E-Marketplaces for Cybercrime Wares Shut Down

In a significant law enforcement operation, the U.S. Department of Justice and Dutch National Police have dismantled nearly 40 domains used by a Pakistan-based group to sell phishing toolkits and other cybercrime tools. This group, known as Saim Raza or HeartSender, had been operational since at least 2020, targeting U.S. victims and causing losses exceeding $3 million primarily through business email compromise schemes.

The seizure of these domains aims to disrupt ongoing cybercriminal activities and prevent the proliferation of hacking tools within the cybercriminal community. In addition to selling tools, the group also provided training on how to execute cyber fraud operations, underscoring the need for continued vigilance against organized cybercrime.

As cybersecurity threats continue to evolve, staying informed and proactive is essential for organizations to protect their assets and data. The developments highlighted this week serve as a reminder of the importance of robust security measures, awareness of emerging risks, and collaboration among stakeholders in the cybersecurity community.

Previous article
IIT Indore and NLIU Bhopal Launch Online Joint Master’s Program in Cybersecurity: Eligibility and Application Details Inside
Next article
CISA Alerts on Hackers Exploiting Trimble Cityworks Vulnerability for Remote Code Execution

Get in Touch

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related Articles

Get in Touch

0FansLike
0FollowersFollow
0SubscribersSubscribe

Latest Posts

Editor's Picks

Latest Updates

Trending

Network

Stay in touch

To be updated with all the latest news, offers and special announcements.