adplus-dvertising
Connect with us

Tech

Microsoft: Some ransomware attacks take less than 45 minutes – ZDNet

Published

 on



Image: Microsoft

For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape.

While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report.

Just like the previous SIR reports, Microsoft has yet again delivered.

300x250x1

Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers.

The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft’s main findings, and general threat landscape trends.

Cybercrime

2020 will, without a doubt, be remembered for the COVID-19 (coronavirus) pandemic. While some cybercrime groups used COVID-19 themes to lure and infect users, Microsoft says these operations were only a fraction of the general malware ecosystem, and the pandemic appears to have played a minimal role in this year’s malware attacks.

Email phishing in the enterprise sector has also continued to grow and has become a dominant vector. Most phishing lures center around Microsoft and other SaaS providers, and the Top 5 most spoofed brands include Microsoft, UPS, Amazon, Apple, and Zoom.

Microsoft said it blocked over 13 billion malicious and suspicious mails in 2019, and out of these, more than 1 billion contained URLs that have been set up for the explicit purpose of launching a credential phishing attack.

Successful phishing operations are also often used as the first step in Business Email Compromise (BEC) scams. Microsoft said that crooks gain access to an executive’s email inbox, watch email communications, and then spring in to trick the hacked users’ business partners into paying invoices into wrong bank accounts.

msft-bec.pngmsft-bec.png

Image: Microsoft

Per Microsoft, the most targeted accounts in BEC scams were the ones for C-suites and accounting and payroll employees.

But Microsoft also says that phishing isn’t the only way into these accounts. Hackers are also starting to adopt password reuse and password spray attacks against legacy email protocols such as IMAP and SMTP. These attacks have been particularly popular in recent months as it allows attackers to also bypass multi-factor authentication (MFA) solutions, as logging in via IMAP and SMTP doesn’t support this feature.

Furthermore, Microsoft says it’s also seeing cybercrime groups that are increasingly abusing public cloud-based services to store artifacts used in their attacks, rather than using their own servers. Further, groups are also changing domains and servers much faster nowadays, primarily to avoid detection and remain under the radar.

Ransomware groups

But, by far, the most disruptive cybercrime threat of the past year have been ransomware gangs. Microsoft said that ransomware infections had been the most common reason behind the company’s incident response (IR) engagements from October 2019 through July 2020.

And of all ransomware gangs, it’s the groups known as “big game hunters” and “human-operated ransomware” that have given Microsoft the most headaches. These are groups that specifically target select networks belonging to large corporations or government organizations, knowing they stand to receive larger ransom payments.

Most of these groups operate either by using malware infrastructure provided by other cybercrime groups or by mass-scanning the internet for newly-disclosed vulnerabilities.

msft-ransomware.pngmsft-ransomware.png

Image: Microsoft

In most cases, groups gain access to a system and maintain a foothold until they’re ready to launch their attacks. However, Microsoft says that this year, these ransomware gangs have been particularly active and have reduced the time they need to launch attacks, and especially during the COVID-19 pandemic.

“Attackers have exploited the COVID-19 crisis to reduce their dwell time within a victim’s system – compromising, exfiltrating data and, in some cases, ransoming quickly – apparently believing that there would be an increased willingness to pay as a result of the outbreak,” Microsoft said today.

“In some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes.”

Supply-chain security

Another major trend that Microsoft chose to highlight was the increased targeting of supply chains in recent months, rather than attacking a target directly.

This allows a threat actor to hack one target and then use the target’s own infrastructure to attack all of its customers, either one by one, or all at the same time.

“Through its engagements in assisting customers who have been victims of cybersecurity intrusions, the Microsoft Detection and Response Team has observed an uptick in supply chain attacks between July 2019 and March 2020,” Microsoft said.

But Microsoft noted that while “there was an increase, supply chain attacks represented a relatively small percentage of DART engagements overall.”

Nonetheless, this doesn’t diminish the importance of protecting the supply chain against possible compromises. Here, Microsoft highlights dangers coming from the networks of Managed Service Providers (MSPs, third-parties that provide a very specific service and are allowed to access a company’s network), IoT devices (often installed and forgotten on a company’s network), and open-source software libraries (which make up most of a company’s software these days).

Nation-state groups

As for nation-state hacking groups (also known as APTs, or advanced persistent threats), Microsoft said this year has been quite busy.

Microsoft said that between July 2019 and June 2020, it sent out more than 13,000 nation-state notification (NSN) to its customers via email.

According to Microsoft, most were sent for hacking operations linked back to Russian state-sponsored groups, while most of the victims were located in the US.

msft-apt-nsn.pngmsft-apt-nsn.png

Image: Microsoft

These email notifications were sent for email phishing attacks against its customers. Microsoft said it tried to counter some of these attacks by using court orders to seize domains used in these attacks.

Over the past year, Microsoft seized domains previously operated by nation-state groups like Strontium (Russia), Barium (China), Phosphorus (Iran), and Thallium (North Korea).

Another interesting finding of the Microsoft Digital Defense Report is that the primary targets of APT attacks have been non-governmental organizations and the services industry.

This particular finding goes against the grain. Most industry experts often warn that APT groups prefer to target critical infrastructure, but Microsoft says its findings tell a different story.

“Nation state activity is more likely to target organizations outside of the critical infrastructure sectors by a significant measure, with over 90% of notifications served outside of these sectors,” Microsoft said.

As for the techniques that have been preferred this past year (July 2019 to June 2020) by nation-state groups, Microsoft noted several interesting developments, with the rise of:

  • Password spraying (Phosphorus, Holmium, and Strontium)
  • Use of penetration testing tools (Holmium)
  • The use of ever-more-complex spear-phishing (Thallium)
  • The use of web shells to backdoor servers (Zinc, Krypton, Gallium)
  • The use of exploits targeting VPN servers (Manganese)
msft-apt.jpgmsft-apt.jpg

Image: Microsoft

All in all, Microsoft concludes that criminal groups have evolved their techniques over the past year to increase the success rates of their campaigns, as defenses have gotten better at blocking their past attacks.

Just like in years prior, the entire cybersecurity landscape appears to be sitting on a giant merry-go-round, and constant learning and monitoring is required from defenders to keep up with the ever-evolving attackers, may them be financially-motivated or nation-sponsored groups.

Let’s block ads! (Why?)

728x90x4

Source link

Continue Reading

Tech

Apple announces Worldwide Developers Conference dates, in-person event – CityNews Toronto

Published

 on


Apple has announced their annual developers conference will take place June 10 through June 14.

The big summer event will be live-streamed, but some select developers have been invited to attend in-person events at Apple’s campus in Cupertino, California, on June 10.

The company typically showcases their latest software and product updates — including the iPhone, iPad, Apple Watch, AppleTV and Vision Pro headset — during a keynote address on the first day.

300x250x1

Contributing to a drop in Apple’s stock price this year is concern it lags behind Microsoft and Google in the push to develop products powered by artificial intelligence technology. While Apple tends to keep its product development close to the vest, CEO Tim Cook signaled at the company’s annual shareholder meeting in February that it has been making big investments in generative AI and plans to disclose more later this year.

The week-long conference will have opportunities for developers to connect with Apple designers and engineers to gain insight into new tools, frameworks and features, according to the company’s announcement.

The Associated Press

Adblock test (Why?)

728x90x4

Source link

Continue Reading

Tech

iPhone 16 Rumors Point to Action Button and New, Vertical Camera Layout – CNET

Published

 on


The upcoming iPhone 16 and iPhone 16 Pro are still months away from their expected launch this fall, but a new set of images published online may give us a better sense of their potential features. Among the revelations, the iPhone 16 may include an action button, similar to the one on last year’s iPhone 15 Pro, and it may have redesigned cameras in a vertical stack.

AppleInsider published a series of photos it says show dummy 3D prints of the upcoming iPhone 16 and iPhone 16 Pro from an unnamed leaker. Aside from the action button and reworked cameras on the iPhone 16, AppleInsider also said its source found the iPhone 16 Pro to be “slightly larger” than its predecessor. Analysts had earlier said they expect the Pro model screens will grow somewhat.

Read more: iPhone 16: All the Major Rumors on Apple’s Next iPhone

300x250x1

The new details suggest that a series of expected hardware updates are likely for this year’s new iPhones. Apple typically announces new iPhones around September, and the company tends to offer incremental upgrades to each new phone, introducing, over the period of several years, better cameras, screens and battery life, features that end up seeming like major upgrades when people get around to buying a new phone

Last year, Apple added a new titanium frame, action button and USB-C charging to its iPhone 15 Pro, which starts at $999. For its entry-level iPhone, Apple followed its well-worn strategy of trickling pro features down to the mainstream, adding the iPhone 14 Pro’s well-received Dynamic Island to the $799 iPhone 15, along with USB-C charging.

AppleInsider didn’t indicate whether its leaker had divined a reason for the iPhone 16’s shifted camera placements, but the two lenses will now reportedly be stacked one on top of the other, instead of diagonally. Apple has previously said it uses stacked lenses on the iPhone 15 Pro for spatial video capture, a key new technology the company highlighted as part of its $3,499 Apple Vision Pro headset, released in February.

Though AppleInsider’s leaks appear to confirm many previous rumors, not all renders and 3D prints are accurate, something the rumor blog notes itself in its report. Apple didn’t immediately respond to a request for comment about the veracity of the leaks.

Watch this: What Google Gemini AI on the iPhone Could Look Like

08:16

I Took 600+ Photos With the iPhone 15 Pro and Pro Max. Look at My Favorites

See all photos

Adblock test (Why?)

728x90x4

Source link

Continue Reading

Tech

Leaked iPhone 16 dummy units hint at larger sizes and new buttons

Published

 on

The iPhone 15 Pro Max, with a 6.7-inch screen
(Image credit: Future)

We’re already counting down to the arrival of the iPhone 16 series – most probably sometime in September – and a leak showing dummy units of the upcoming phones has revealed a few of the changes we can expect to see later this year.

These dummy units are usually based on supply chain information, and have various business uses – like helping case manufacturers get their wares ready for new phones before they’re launched, for example. In this case, the images were posted to Chinese social network Weibo, as spotted by MacRumors.

Perhaps the most interesting reveal from these blocks of plastic and metal is that they show the previously rumored increase in size for the iPhone 16 Pro and iPhone 16 Pro Max displays – up to 6.3 inches (from 6.1 inches) and 6.9 inches (from 6.7 inches) respectively.

That’s not a huge jump of course, but it does mean more screen space for apps and media. The bezels are apparently shrinking down to accommodate the larger screens, which means the increase in the physical size of these handsets is only a slight one.

300x250x1

On the button

iPhone 16 dummy units leak

The next iPhones might look a bit like this, but less blue (Image credit: Weibo)

Further reveals from this leak match up with what we’ve heard before: that all four models are going to get the Action button that replaced the Ring/Silent switch on the 2023 Pro models, as well as a brand-new Capture button for getting more creative with photos.

Also of note is the redesigned rear camera module that we think is coming to the back of the iPhone 16 and iPhone 16 Plus. The new vertical, pill-shaped look has been leaked already, but this is more evidence that it’s on the way – taking us back to a design that’s more reminiscent of the iPhone 12, which came out in 2020.

As always with such rumors, be somewhat cautious about reading too much into the look of these dummy units. That said, as more and more similar leaks pile up, it becomes more likely that they’re based on accurate information.

The next big Apple date for your calendar is WWDC 2024 – its Worldwide Developers Conference starts on June 10, at which time we should hear much more about what’s coming this year with iOS 18 and Apple’s other software platforms.

You might also like

Freelance Contributor

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.

Leaked iPhone 16 dummy units hint at larger sizes and new buttons

Adblock test (Why?)

728x90x4

Source link

Continue Reading

Trending