Subterms
Ransomware is the biggest cybersecurity threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned. “Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. […] More
Getty Images Welcome to the latest installment of Ask ZDNet, where we answer the questions that make your IT guy reach for the Tums. In the mailbag this week: A user wants to get through one workday without having to recharge their laptop battery. As you’ve discovered, there’s really no industry standard to measure battery […] More
Getty Images/Nitat Termmee Many businesses will fail to see the benefits of their zero trust efforts over the next few years, while legislation around paying off ransomware gangs will be extended and attacks on operational technology may have real-life consequences, according to set of cybersecurity predictions. The list comes from tech analyst Gartner, which said […] More
StackCommerce The following content is brought to you by ZDNet partners. If you buy a product featured here, we may earn an affiliate commission or other compensation. ZDNet Recommends Cybersecurity is one of the tech sector’s most rewarding fields, which likely won’t change as long as big companies have data to protect. Unfortunately, it’s also […] More
StackCommerce The following content is brought to you by ZDNet partners. If you buy a product featured here, we may earn an affiliate commission or other compensation. ZDNet Recommends From your laptop to the servers at America’s biggest corporations, everybody needs cybersecurity. That’s doubly true for the government, and as you might imagine, the rules […] More
The cyber insurance market has matured fast in recent years but it may fall short when it comes to certain major attacks, the US government spending watchdog has warned.The US Government Accountability Office (GAO) has called for a federal response to insurance for “catastrophic” cyberattacks on critical infrastructure. A functioning insurance markets is essential for businesses, consumers and, as GAO highlights, for critical infrastructure operators.
ZDNet Recommends
The GAO, which audits the trillions of dollars the US government spends each year, warns that private insurers and the US government’s official terrorism risk insurance — the Terrorism Risk Insurance Program (TRIP) — may not be able to cover catastrophic financial loss arising from cyberattacks.”Cyberattacks may not meet the program’s criteria to be certified as terrorism, even if they resulted in catastrophic losses. For example, attacks must be violent or coercive in nature to be certified,” the GAO said.Ransomware and insurance is a tricky issue due to the vagaries involved in attribution. While ransomware is mostly driven by cybercriminals, some incidents that costed victims millions of dollars have been officially attributed by Western governments to the governments of Russia, North Korea and China. Some insurers have used these official attributions to avoid payouts to victims because those incidents can be construed in court as an act of war, which cyber insurance policies don’t cover. Insurance policies do cover acts of terrorism, but these also have clauses that limit coverage to acts of certified violence. “The government’s insurance may only cover cyberattacks if they can be considered “terrorism” under its defined criteria,” the GAO said in a statement.The question of insurance is now a bigger concern for the US government after Russia’s ongoing invasion of Ukraine, which it fears could spur cyberattacks from Kremlin-backed hackers on US organizations in response to US sanctions on Russia and Russian businesses. So what should the US and GAO do, at a national level, when the market for cyber insurance for enterprises could fail to support businesses?”Any federal insurance response should include clear criteria for coverage, specific cybersecurity requirements, and a dedicated funding mechanism with concessions from all market participants,” the GAO said.As GAO notes, some insurance firms are ring-fencing their policies to protect themselves from incidents that cause systemic problems. Insurers don’t cover attacks that technically could fall into the category of warfare, for example. The GAO says TRIP is the “government backstop for losses from terrorism”. Combined with cyber insurance, they do provide some protection but “both limited in their ability to cover potentially catastrophic losses from systemic cyberattacks”. “Cyber insurance can offset costs from some of the most common cyber risks, such as data breaches and ransomware,” says GAO. “However, private insurers have been taking steps to limit their potential losses from systemic cyber events. For example, insurers are excluding coverage for losses from cyber warfare and infrastructure outages. TRIP covers losses from cyberattacks if they are considered terrorism, among other requirements. However, cyberattacks may not meet the program’s criteria to be certified as terrorism, even if they resulted in catastrophic losses. For example, attacks must be violent or coercive in nature to be certified.”The GAO recommends Cybersecurity and Infrastructure Security Agency (CISA), the cybersecurity authority for federal agencies, should work with the Director of the Federal Insurance Office to “produce a joint assessment for Congress on the extent to which the risks to the nation’s critical infrastructure from catastrophic cyberattacks, and the potential financial exposures resulting from these risks, warrant a federal insurance response.” More
Google has warned of an enterprise-grade spyware strain targeting Android and iOS mobile device users. According to Google Threat Analysis Group (TAG) researchers Benoit Sevens and Clement Lecigne, as well as Project Zero, a distinct government and enterprise-grade iOS and Android spyware variant is now in active circulation.Victims have been located in Italy and Kazakhstan. The spyware, dubbed Hermit, is modular surveillanceware. After analyzing 16 out of 25 known modules, Lookout cybersecurity researchers said the malware will try to root devices and has features including: recording audio, redirecting or making phone calls, stealing swathes of information such as SMS messages, call logs, contact lists, photos, and exfiltrating GPS location data. Lookout’s analysis, published on June 16, suggested that the spyware is sent via malicious SMS messages. TAG’s conclusion is similar, with unique links sent to a target masquerading as messages sent by an internet service provider (ISP) or a messaging application. “In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity,” Google says. “Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity.” The Lookout team could only secure an Android version of Hermit, but now, Google’s contribution has added an iOS sample to the investigation. Neither sample was found in official Google or Apple app repositories. Instead, the spyware-laden apps were downloaded from third-party hosts. The Android sample requires a victim to download an .APK after allowing the installation of mobile apps from unknown sources. The malware disguised itself as a Samsung app and used Firebase as part of its command-and-control (C2) infrastructure. “While the APK itself does not contain any exploits, the code hints at the presence of exploits that could be downloaded and executed,” the researchers say. Google has notified Android users impacted by the app and made changes in Google Play Protect to protect users from the app’s malicious activities. Additionally, the Firebase projects associated with the spyware have been disabled. The iOS sample, signed with a certificate obtained from the Apple Developer Enterprise Program, contained a privilege escalation exploit that could be triggered by six vulnerabilities. While four (CVE-2018-4344, CVE-2019-8605, CVE-2020-3837, CVE-2020-9907) were known, two others — CVE-2021-30883 and CVE-2021-30983 — were suspected of being exploited in the wild as zero-days before Apple patched them in December 2021. The iPad and iPhone maker has also revoked the certificates associated with the Hermit campaign. Google and Lookout say that the spyware is likely attributable to RCS Lab, an Italian company in operation since 1993. RCS Lab told TechCrunch that the firm “exports its products in compliance with both national and European rules and regulations,” and “any sales or implementation of products is performed only after receiving an official authorization from the competent authorities.” Hermit’s circulation only highlights a broader issue: the thriving spyware and digital surveillance industry. Last week, Google testified at the EU Parliamentary Committee of Inquiry’s hearing on the use of Pegasus and other commercial-grade spyware. TAG is currently tracking over 30 vendors that offer exploits or spyware to government-backed entities, and according to Charley Snyder, Head of Cybersecurity Policy at Google, while their use may be legal, “they are often found to be used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers & politicians.” “That’s why when Google discovers these activities, we not only take steps to protect users, but disclose that information publicly to raise awareness & help the ecosystem,” Snyder commented. Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More
Image: Getty Images Scalper bots are causing chaos for the Israeli government by trying to turn access to public services into a cash cow. Bots, otherwise known as web robots, are automatic systems programmed to perform specific functions. Not all bots are bad; some index web content, others provide chat functions for business customers, and […] More
