Workers were lured in by false job promises from Facebook ads, only to be tricked into committing cybercrimes with no way out.

Thousands of workers in China, Indonesia, the Philippines, Vietnam, and a host of other countries who were tricked into performing forced labor for cybercrime groups, including running fake online gaming sites, were rescued in a raid on June 27 by the Filipino police. 

Workers that had previously attempted to quit were forced to pay large amounts of money for the privilege, and others were afraid that they would be sold into other human-trafficking syndicates. They were lured in by Facebook ads with promises of high salaries and fair working conditions.

The head of the anti-cybercrime unit of the Philippines police, Brigadier General Sydney Hernia, said that police searched various buildings in Las Pinas with warrants, rescuing 1,534 Filipinos and 1,190 others from a variety of different countries. This comes after a police raid in May at the Clark Freeport in Mabalacat City, where roughly 1,400 workers were rescued after being forced to commit cryptocurrency crimes. 

Muhammah Mahfud, Indonesian Minister, said that the Association of Southeast Asian Nations (ASEAN) needs to make progress on a regional extradition treaty that has been long proposed, which would ultimately help authorities prosecute these kinds of offenders and mitigate the escalating human trafficking and cybercrimes in these regions.

It is currently unknown how many of the cybercrime syndicate leaders were arrested in the police raid. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Thousands of Filipinos, Others Rescued From Forced Cybercrime Labor

Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see.

Since the early 1990s, we've watched the internet evolve from dial-up connections to high-speed, cloud-based computing. Organizations have navigated a shifting maze of technology while defending against cyberattacks. Sadly, after three decades in cybersecurity, I see organizations wrestling with the same problems in 2023 that they grappled with in 1995 when they first plugged into the internet.

Attacks on users through email, attacks on availability through denial-of-service campaigns, and exploits of systems through vulnerable applications are longstanding strategies that remain fruitful for threat actors.

Even today, with increased awareness and public reporting of data breaches, business leaders and developers aren't taught to balance new technologies with the required security. Organizations still focus on functionality and time to market, not on ensuring secure, predictable behavior. This creates a weakened infrastructure that attackers continue to prey on successfully and daily.

So, why do cybersecurity losses continue growing despite a projected $188.3 billion global annual spending on information security and risk management products and services?

**We're Treating Symptoms, Not Causes**

Vendor messaging over the decades has trained the marketplace to believe the solution to cybersecurity challenges is technology. More and more technology. The same proposition leads people to think they can lose weight with a pill — not eating better or exercising more, but a quick and easy solution so that they can pay to make the problem disappear.

The growth of security budgets shows this line of thinking is pervasive and leads to a vicious cycle of trying to outspend risk. In truth, while much of the technology is valuable, cybersecurity issues arise in the gaps.

Like prescriptions that are stopped mid-course or bandages over broken bones, technology adopted without a plan can create misplaced confidence in an incomplete system. Many organizations focus on shiny, new attacks at the expense of solid foundational protection, and this misprioritization has continued a culture of victimization and never-ending vulnerabilities.

The rising cost and destructive power of cyberattacks aren't new; they're collateral damage from years of neglecting basic security policies and best practices. Increased security investment is spent on niche protection technologies promoted by analysts, vendors, press coverage, and practitioner curiosity.

The constant change in tooling and focus also leads to burnout and job dissatisfaction among experienced leaders, exacerbating the cybersecurity skills shortage. To address ongoing vulnerability and increasing stress, we need to think about cybersecurity differently, recognizing that successful businesses rely on a healthy security posture.

**Cybersecurity's Preventive Medicine**

Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see. The same principles you hear from the doctor apply to cybersecurity resilience: Diet, exercise, and regular checkups.

Security's basic food groups are prevention, detection, response, and remediation. Address each appropriately based on the specifics of your organizational need. Too little prevention and your detection, response, and remediation will be swamped. Too little response and security events will drag on. Your security program should consume only what it needs and what your team can digest and use. Any more than this, and you'll be carrying extra weight in your budget.

Cybersecurity conditioning means regularly conducting awareness training, tabletop exercises, practitioner certifications, asset inventory verifications, and penetration tests. Keep the team up to date on roles and responsibilities. Your response will be faster and more targeted, and your organization less disturbed, if you take the time to work out that security muscle regularly.

No one likes going for a yearly physical, but it's a great way to learn if you're as healthy as you think. Find time to run through your security program to make sure it's still balanced. Have your team double-check critical controls and compliance with relevant standards or best practices. Get a second opinion once in a while. Find a third party that doesn't have the context of your business and ask what they see. Good cybersecurity health means looking for even small indications something may have been missed. It doesn't take long for that blind spot to put your whole effort at risk.

**If You Do Get Sick…**

Maintaining a resilient, trustworthy security system is complicated by new capabilities and a diverse threat landscape. By some estimates, more than 250,000 new pieces of malware are detected daily. We need to diagnose and treat new problems like the healthcare industry addresses constantly changing epidemiological challenges.

The healthcare system keeps up with new and mutating diseases because specialists focus on a single condition, determining the best means to identify and diagnose it. Another group focuses on treatment to quell the problem early. Others develop the specialized equipment that powers diagnosis and treatment, while hospitals and the entire healthcare ecosystem support patients.

If we understand our organizations and the threats we're likely to face, we can begin to live the healthy, budgetable, and predictable corporate cybersecurity life we've sought for decades. By taking cyber health more seriously, we can cure the fundamental problems that have plagued the industry for the past 30 years and stop merely treating the symptoms and attacks.

Cybersecurity Is the Healthcare Your Organization Needs

Misconfiguration exposed the physical addresses of 60,000 patent filers over three years.

The US Patent and Trademark Office (USPTO) informed more than 60,000 trademark application filers that it mistakenly left their physical addresses exposed to the public Internet for three years.

A leaky API was the culprit, according to reports, and left data sets exposed, including addresses collected from applicants, which are mandatory when they file for a trademark with the USPTO.

"When we discovered the issue, we blocked access to all USPTO non-critical APIs and took down the impacted bulk data products until a permanent fix could be implemented," the notice sent to impacted filers and shared with TechCrunch read.

A spokesperson added the leak affected about 3% of the applications filed during the three-year time period.

"We regrettably failed to locate some of the more technical exit points and properly mask the data exported from those points," a USPTO spokesperson added. "We apologize for our mistake and will do better to prevent such an incident from happening again, while also preserving our ability to crack down on the historic amount of filing fraud we’re seeing originate overseas."

Jason Kent, hacker in residence with Cequence Security, said in a statement provided to Dark Reading that this type of API misconfiguration is precisely what cyberattackers are trawling for across the Internet.

"The more technical exit points are the ones the attackers tend to prefer," Kent said. "In 2023 API security parlance, they had API9:2023 Improper Inventory Management that allowed an attacker to find the endpoint, learn that it wasn’t authenticated API2:2023 Broken User Authentication that could have allowed an automated attacker to pull all of the impacted data in a very short period of time, API6:2023 Unrestricted Access to Sensitive Business Flows."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

US Patent Office Data Spill Exposes Trademark Applications

As cloud adoption grows, organizations need to rethink their approaches to securing hybrid cloud and multicloud environments.

Cloud technology is a powerful tool that facilitates collaboration among distributed workforces and allows businesses to quickly scale their digital workloads. According to a Microsoft survey, 95% of respondents said cloud technology was critical to their organizations' successes, and 86% planned to increase their investments in hybrid cloud and multicloud tech. 

However, cloud technology also comes with increased risks. The lack of visibility and coverage across hybrid and multicloud environments can make it difficult for security teams to identify and resolve risks. Security teams are also being asked to monitor fragmented tools across different clouds, which can make it difficult to create a unified view of their comprehensive security posture. 

Microsoft research from earlier this year found that 86% of surveyed decision-makers believed their current cybersecurity strategies were not sufficient to secure their multicloud environments. So how should organizations adapt their security approach?

**Create a Single-Pane-of-Glass View**

Cloud technology enables businesses to quickly scale their digital workloads because they are not constrained by managing physical devices or IT infrastructure. However, this agility can also make it difficult for them to keep track of their various workloads, data streams, and applications because they are scattered across a mix of different cloud platforms and on-premises locations. Securing a hybrid or multicloud environment requires organizations to have visibility and cross-platform control in a single-pane-of-glass view. That way they can visualize the security posture of multiple workloads at once, regardless of location.

**Use CNAPP For Code-to-Cloud Context**

For many organizations, security and compliance used to be distinct silos — making it difficult for development and security teams to protect applications in the cloud. More than half (54%) of enterprises do not integrate security into their DevOps pipelines, according to Microsoft's "Enterprise DevOps Report." Cloud-native application protection platforms (CNAPPs) integrate these silos into a single, easy-to-reference platform to help organizations secure and protect cloud-native applications.

Strong security hygiene means being able to monitor and remediate code within the same pane-of-glass view that organizations use to manage their overall cloud security posture. CNAPPs enable increased collaboration and integration between development and security teams while also reducing the possibility of code issues being moved into the cloud. By intaking all infrastructure-as-code scanning signals and combining them with data sensitivity, identity, and runtime intelligence, CNAPPs enable security teams to make recommendations and prioritize risks within the context of the entire hybrid or multicloud network.

**Fortify Security Hygiene With Threat Detection and Response**

Active threat detection is a critical component of securing the cloud environment against potential cybersecurity breaches. For example, organizations should examine the connections among applications, data stores, and workstreams to anticipate how threat actors could conceivably move through their environments to compromise operations.

When protecting workloads, it's critical that developers, security administrators, and security operations center analysts are all on the same page. It's also important that organizations take a cohesive, collaborative approach to cloud security by ensuring that all of the key players are working together to build security integrations that cover the full scope of your threat landscape. This can look like embedding anti-malware scanning tools into DevOps to ensure a company's code is protected against malware or preventing attackers from entering its network by hardening container security.

_— This article was written by Yuri Diogenes, a member of the Microsoft Security Team._

3 Tips to Increase Hybrid and Multicloud Security

We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues.

From the first rumbles of hype for the latest culture-shattering AI tools, developers and the coding-curious alike have been using them to generate code at the touch of a button. Security experts quickly pointed out that, in many cases, the code being produced was poor quality and vulnerable and, in the hands of those with little security awareness, could cause an avalanche of insecure apps and Web development to hit unsuspecting consumers.

And then there are those who have enough security knowledge to use it for, well, evil. For every mind-blowing AI feat, it seems there is a counter-punch of the same technology being used for nefarious purposes. Phishing, deep fake scam videos, malware creation, general script kiddie shenanigans — these disruptive activities are now achievable much faster, with lower barriers to entry.

There is certainly a lot of clickbait touting this tooling as revolutionary, or at least coming out on top when matched with "average" human skill. While it is looking inevitable that large language models–style (LLM) AI technology will change the way we approach many aspects of work — not just software development — we need to take a step back and consider the risks beyond the headlines.

And as a coding companion, its flaws are perhaps its most "human" attribute.

**Poor Coding Patterns Dominate Its Go-To Solutions**

With ChatGPT trained on decades of existing code and knowledge bases, it's no surprise that for all its marvel and mystery, it too suffers from the same common pitfalls people face when navigating code. Poor coding patterns are the go-to, and it still takes a security-aware driver to generate secure coding examples by asking the right questions and delivering the right prompt engineering.

Even then, there is no guarantee that the code snippets given are accurate and functional from a security perspective; the technology is prone to hallucination, even making up nonexistent libraries when asked to perform some specific JSON operations. This could lead to "hallucination squatting" by threat actors, who would be all too happy to spin up some malware disguised as the fabricated library recommended with full confidence by ChatGPT.

Ultimately, we have to face the reality that, in general, we have not expected developers to be sufficiently security-aware, nor have we as an industry adequately prepared them to write secure code as a default state. This will be evident in the enormous amount of training data fed into ChatGPT, and we can expect similar lackluster security results from its output, at least initially. Developers would have to be able to identify the security bugs and either fix them themselves or design better prompts for a more robust outcome.

The first large-scale user study examining how users interact with an AI coding assistant to solve a variety of security-related functions — conducted by researchers at Stanford University — supports this notion.

Between this and the inevitable AI-borne threats that will permeate our future, developers, now more than ever, must hone their security skills and raise the bar for code quality, no matter its origin.

**The Road to a Data Breach Disaster Is Paved With Good Intentions**

It should come as no surprise that AI coding companions are popular, especially as developers are faced with increasing responsibility, tighter deadlines, and the ambitions of a company's innovation resting on their shoulders. However, even with the best intentions, a lack of actionable security awareness when using AI for coding will inevitably lead to glaring security problems. All developers with AI/ML tooling will generate more code, and its level of security risk will depend on their skill level. Organizations need to be acutely aware that untrained people will certainly generate code faster, but so too will they increase the speed of technical security debt.

Even our preliminary test with ChatGPT in April revealed it will generate very basic mistakes that could have devastating consequences. When we asked it to build a login routine in PHP using a MySQL database, functional code was generated quickly. However, it defaulted to storing passwords in plaintext in a database, storing database connection credentials in code, and using a coding pattern that could result in SQL injection (although, it did do some level of filtering on the input parameters and spitting out database errors). All rookie errors by any measure:

    

Source: Pieter Danhieux and Matias Madou

Further prompting ensured the mistakes were amended, but it takes significant security knowledge to course-correct. Unchecked and widespread use of these tools is no better than unleashing junior developers onto your projects, and if this code is building sensitive infrastructure or processing personal data, then we're looking at a ticking time bomb.

Of course, just like junior developers undoubtedly increase their skills over time, we expect AI/ML capabilities to improve. A year from now, it may not make such obvious and simple security mistakes. However, that will have the effect of dramatically increasing the security skill required to track down the more serious, hidden, non-trivial security errors it will still be in danger of producing.

**We Remain Ill-Prepared to Find and Fix Security Vulnerabilities, and AI Widens the Gap**

While there has been much talk of "shifting left" for many years, the fact remains that, for most organizations, there is a significant lack of practical security knowledge among the development cohort, and we must work harder to provide the right-fit tools and education to help them on their way.

As it stands, we're not prepared for the security bugs we already encounter, not to mention the new AI-borne issues like prompt injection and hallucination squatting that represent entirely new attack vectors that are set to take off like wildfire. AI coding tools do represent the future of a developer's coding arsenal, but the education to wield these productivity weapons safely must come now.

When It Comes to Secure Coding, ChatGPT Is Quintessentially Human

A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.

The fledgling Akira ransomware group is building momentum and expanding its target base, following other cybercriminal groups by adding capabilities to exploit Linux systems as part of a growing sophistication in its activity, researchers have found.

The gang, which emerged as a cybercriminal force to be reckoned with in April of this year, is primarily known for attacking Windows systems, and maintains a unique data-leak site designed as an interactive command prompt using jQuery.

However, the group — named for a 1988 Japanese anime cult classic featuring a psychopathic biker — is now shifting its tactics to target Linux, with a new version of its ransomware that can exploit systems running the open source OS, researchers from Cyble Research and Intelligence Labs (CRIL) revealed in a blog post published June 29.

This move both reflects Akira's evolution as well as a growing trend among ransomware groups, who now see the opportunity in exploiting the popularity of Linux across enterprise environments. Linux has become the de facto standard for running virtual container-based systems, which are typically the back end for Internet of Things (IoT) devices and mission-critical applications.

"The fact that a previously Windows-centric ransomware group is now turning its attention to Linux underscores the increasing vulnerability of these systems to cyber threats," the researchers wrote in the post.

Indeed, the shift by Akira follows a move by other, more established ransomware — such as Cl0p, Royal, and IceFire ransomware groups — to do the same.

Akira is also expanding rapidly, having in just a few months already compromised 46 publicly disclosed victims — the majority of which are located in the US, the researchers said.

Victims span various industries, but the bulk of the victims have come from the education sector, followed close behind by manufacturing, professional services, BFSI, and construction. Other victims are scattered across assorted verticals, including agriculture and livestock, food and beverage, IT and ITES, real estate, consumer goods, automotive, chemical, and other industries, they said.

Akira primarily is focused on compromising and stealing data from its victims using double-extortion tactics, threatening to leak data on the Dark Web if they don't pay the requested ransom.

**How Akira's Linus-Targeting Works**

The new Linux ransomware file infects systems in the form of a console-based 64-bit executable written in Microsoft Visual C/C++ compiler, the researchers said. Upon execution, it uses the API function _GetLogicalDriveStrings()_ to obtain a list of the logical drives currently available in the system.

The malware then drops a ransom note in multiple folders with the file name "akira\_readme.txt," and proceeds to search for files and directories to encrypt by iterating through them using the API functions _FindFirstFileW()_ and _FindNextFileW()_.

The ransomware uses the "Microsoft Enhanced RSA and AES Cryptographic Provider" libraries to encrypt the victim's machine using a fixed hardcoded base64 encoded public key, renaming encrypted files with the ".akira" extension. It also uses several functions from CryptoAPI in its encryption process, the researchers said.

Akira ransomware also includes an additional features that prevents system restoration using a PowerShell command to execute a WMI query that deletes the shadow copy, they added.

The dropped ransom note provides instructions to the victims for contacting Akira to negotiate terms for paying a ransom. The group often threatens victims with plans to leak the data on its ransomware site (aka double extortion), which indeed displays a list of victims that didn't pay and associated leaks of their data, the researchers said.

**How to Prevent & Mitigate Ransomware**

Researchers made a number of recommendations for how organizations can prevent and mitigate ransomware attacks. They include conducting regular backup practices and keeping those backups offline or in a separate network so that systems can be restored in case of attack, they said.

Organizations also should turn on the automatic software update feature on computers as well as other mobile and connected devices wherever possible and pragmatic, and use reliable and trusted antivirus and Internet security software package on all connected devices, the researchers advised.

As ransomware often hitches a ride on files spread through phishing attacks, corporate users also should refrain from opening untrusted links and email attachments without verifying their authenticity, they added.

The steps taken after a ransomware attack also have an impact on how extensive the damage to a network is. If ransomware is detected on an enterprise system, organizations should immediately detach infected devices on the same network, disconnect any connected external storage devices, and inspect system logs for suspicious events, the researchers added.

Newbie Akira Ransomware Builds Momentum With Linux Shift

Two Mideast nations that were at odds until recently have announced the "Crystal Ball" project, aimed at better protecting against cyberattacks via collaboration and knowledge sharing.

In a watershed moment for two once-fractious regional neighbors, the United Arab Emirates (UAE) and Israel are to work together on a threat intelligence-sharing platform to battle cybersecurity threats.

Announced this week, the “Crystal Ball” project is a digital platform for detecting and repelling hackers via collaboration and knowledge sharing around national-level cyberthreats. It was described as being enabled to "design, deploy and enable regional intelligence enhancement," according to a presentation slide seen during this week's Tel Aviv Cyber Week.

The project will be backed by Microsoft, Israel's Rafael Advanced Defense Systems, and Abu Dhabi's CPX, and an unspecified number of countries will also participate, according to The Circuit.

**The Need for a Joined-up Response**

Emirati cybersecurity chief Mohamed Al Kuwaiti said the platform will enable partner countries to "easily and seamlessly share information," and will be strengthened by the combination of the countries' joint abilities, processing power, and a high volume of data.

In an address to the Cyber Week conference, Al Kuwaiti said, "Cyber threats do not distinguish between nations, do not distinguish between entities or people, and that is why we need to unite against those threats. The Crystal Ball that we are aiming for the whole community will be the first step toward that."

Nadir Izrael, co-founder and CTO of Armis, says he welcomes the joint effort in the Middle East because he is "a strong believer that nations need to work together to develop a comprehensive and effective response to cyber warfare, in order to build a more secure and resilient world."

He adds: "As we saw with the cyberattacks on Israel this late April, coordinated efforts from groups associated with Iran and Russia are looking to increase geopolitical tensions and create instability amongst citizens. In a world that has become polarized, it is a must to invest in cybersecurity measures to protect whole nations from these kinds of attacks."

Izrael also noted that the Crystal Ball project should be a model for others. "Governments and organizations need to take threats seriously, and allocate resources to build robust and resilient cybersecurity systems," he says. "Those advanced systems will allow for threat intelligence, which can help detect malicious behavior and stop an attack even before it happens."

**Improved Diplomatic Relations**

Al Kuwaiti said the UAE's connection with Israeli tech companies has been especially helpful in his country's transition to a digital economy, after the UAE and Israel normalized diplomatic relations as part of the September 2020 Abraham Accords, leading to the bolstering of both commercial and strategic ties between the countries.

Ryan Westman, senior manager of threat intelligence at eSentire, says the collaboration of threat intelligence sharing between Israel and the UAE will be key to better securing the region. "In general, any information-sharing agreement will likely benefit organizations in the countries covered, as the more insights we have on threats and vulnerabilities to organizations, the better the job we can do at responding to those the risk those threats and vulnerabilities present," he says. "By sharing information on those threats and vulnerabilities, the easier it is for security teams to respond to the risks." 

He notes that while information sharing and analysis centers (ISACs) have existed for some time now and are not novel, the collaboration between two states that used to be at geopolitical odds is notable.

"Partnerships like this can have a wider impact, improving the security posture for everyone, because it makes it easier to detect potential issues in the wider threat landscape," he says. "Working together in this way benefits everyone, whether they are in the two countries concerned or in others within the region."

UAE, Israel Ink Pivotal Joint Cyber-Threat Intelligence Agreement

Swiss intelligence warns that Russia ramping up cyberattacks on infrastructure and cyber espionage as on-the-ground options evaporate.

Russia's diminishing position on the world stage has limited its physical options on the ground both for kinetic attacks and traditional spycraft — leaving Putin's regime increasingly reliant on cybercrime to carry out its oppositional activities against Ukraine and the rest of the West.

Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment on June 26 predicting that Russia will increasingly launch cyberattacks on critical infrastructure as part of its war strategy not just in Ukraine, but against NATO member states as well.

It also pointed to Moscow's dwindling human spy apparatus — and few options for shoring it up — as driving an uptick in cyber activity.

**Russia's Cybercrime Spree, a Spark for WWIII?**

Although neutral Switzerland maintains some distance from the direct impact of Russian cyberattacks, the FIS is concerned about follow-on affects within its borders.

Worryingly, the report assesses that cyberattacks on NATO-member state infrastructures could ultimately trigger the North American Treaty's Article 5 commitments to join in war against any nation that attacks a member state. The FIS added that NATO has suggested in the past that a cyberattack on critical infrastructure could, in fact, be considered a trigger under Article 5, kicking off a third world war.

In late March, evidence was leaked by Russian contractor NTC Vulkan detailing how Russian intelligence agencies use private companies to launch cyber threat campaigns across the world. The documents included materials for trainings run by Vulkan on how to takeover railroads and power plants.

Cyber threats to critical infrastructure fall into two categories, according to the FIS report: direct cyber attacks against infrastructure; and ransomware attacks that could potentially hobble supply chains.

"Attacks against critical infrastructure have widespread impacts," Timothy Morris, chief security advisor with Tanium tells Dark Reading. "Damage can run the gamut from disruptive inconveniences to economic stress to catastrophic life altering or threatening impacts. Also, collateral damage can happen with cyberattacks, as often happens with kinetic warfare."

Dangerously, throughout the Russian war against Ukraine, many ransomware attacks against infrastructure are being carried out by non-state actor threat groups, making their actions often unpredictable. Erratic behavior by a threat group not directly affiliated with the Russian state could cause a miscalculation in attributing a cyberattack, or prompting unnecessary escalation of hostilities," the FIS warned.

"The activities of non-state actors engaged in the war are still the main problem," the report said. "The threat and the unpredictability which such activities give rise to should not be underestimated, even if these threat actors have so far attracted more attention by announcing their intentions that by carrying them out."

The challenge in protecting critical infrastructure across multiple nations is a lack of common rules, according to John Anthony Smith, CEO of Conversant Group. 

"There are widely varying degrees of cyber defenses in place across these critical infrastructure sectors and entities, since the entities protecting critical infrastructure as well as providing oversight include both private and public sector organizations: no one agency or institution provides guidance, rules, or controls on how cybersecurity is conducted, tested, and configured," Smith explains.

**Russian Cyberespionage Supplants Real Spies**

Russian cyber threat actors are also increasingly responsible for gathering intelligence in lieu of actual human operatives on the ground, according to the report. The FIS noted that the phenomenon dates as far back as 2018 and the attempted murder of Sergei Skripal, a former Russian intelligence officer living inside the UK and acting as a double agent for the West.

The poisoning started an expulsion of Russian diplomats and intelligence officers from throughout the world that has continued in force since the invasion of Ukraine in February 2022. Mistrust of Russian diplomats, many of whom were declared _persona non grata_ by Western governments, will have a hard time recruiting and developing new sources and operating for years to come, the FIS added — meaning that cyber espionage and advanced persistent threats will have to fill the gap.

"The Russian leadership's war of aggression against Ukraine has made the work of its intelligence services more important, but at the same time has made it harder to operate," the FIS report said.

Callie Guenther, cyber threat researcher with Critical Start noted in response to the FIS assessment that the correlation between expelling spies and increased cyber espionage would be difficult to verify but sounds reasonable.

"While there's no direct evidence linking the expulsion of spies to an uptick in digital espionage, it's plausible that countries compensate for lost physical assets by enhancing their cyber intelligence efforts," Guenther tells Dark Reading. "Increased digital espionage poses significant threats, potentially disrupting vital infrastructure and leading to serious societal and economic consequences, compromising national security, and even triggering an act of war."

**Russian Intelligence Eyeing AI and Machine Learning**

The increasing digitization of information coupled with the capabilities of artificial intelligence and machine learning will lure cyberattackers to massive stashes of data stored by organizations like financial services providers, social media platforms, hotels, and critical infrastructure operators, the FIS warned.

The promise of accessing this breadth of sensitive data is also driving investments in AI and ML cyber threat intelligence capabilities by Russia, as well as by China and Iran, the FIS added.

Troves of stolen sensitive data could be used in a variety of ways by authoritarian governments, including to harass and intimidate opposition activists, interfere in elections, circumvent sanctions to buy and sell goods, and more the FIS report added.

Democracies are urged by the FIS to get ahead of Russian, Iranian, and Chinese intelligence services' implementation of espionage AI and ML tools by starting to regulate now.

"For states governed by democracy and the rule of law, this means, among other things that there is an urgent need to legislators and supervisory bodies to take a detailed look at the use of these capabilities," the report said.

It's incumbent on the cybersecurity community to be aware of the emerging cybersecurity tools used in warfare, Darren Guccione, CEO of Keeper Security, explains to Dark Reading about the FIS assessment.

"Cybersecurity is both national and international security, and must be prioritized as such," he says. "In the digital age, it's clear that cyber and traditional warfare tactics will continue to converge as threat actors use cyberattacks to both support and supplement physical attacks."

Russian Spies, War Ministers Reliant on Cybercrime in Pariah State

Enterprises can now integrate 1Password with Duo, OneLogin, JumpCloud, Ping Identity, and more.

**TORONTO****,** **June 28, 2023** **/PRNewswire/ --** 1Password, the leader in human-centric security and privacy, today announced the availability of Unlock with Single Sign-On (SSO) for additional identity providers with the new generic OpenID Connect (OIDC) configuration for 1Password Business. Business customers can now integrate 1Password with more identity providers like Duo, OneLogin, JumpCloud, and Ping Identity, to strengthen their existing security infrastructure, enforce stronger and auditable security policies from their identity provider, and allow employees to easily access their passwords and sensitive information.

"While the single sign-on provider protects logins for approved apps that are specifically added to them, 1Password protects virtually everything else," said Steve Won, chief product officer at 1Password. "Making the easy thing the secure thing is at the core of everything we do, and unlocking 1Password with SSO benefits IT teams, employees, and businesses in that regard. Enterprises can continue to secure their employees, no matter how they need to sign in."

The OIDC identity protocol is a modern, secure identity layer built on top of the OAuth 2.0 protocol. It is simpler, more flexible, and includes support for native and mobile applications. Building a generic OIDC configuration has allowed 1Password to offer secure support for many providers at once using the same underlying zero-knowledge architecture, encryption, and trusted device model as Unlock with Okta and Azure AD.

*   **Unlock 1Password with your SSO identity provider**: Vaults can now be unlocked with a single click via SSO, with zero-knowledge architecture and end-to-end encryption.
*   **Set fine-grained permissions and customizable access controls**: Pair 1Password with existing identity and access management (IAM) infrastructure to simplify adoption, enable secure sharing, and strengthen auditing, compliance, and reporting workflows.
*   **Easy, secure access to passwords and sensitive information**: 1Password's integration with additional identity providers allows employees to authenticate 1Password without an account password and access their vaults in a single click.

"Unlocking 1Password with single sign-on has been a game changer for our organization. We pride ourselves on maximizing security and minimizing friction for our users, and with this capability, we've accomplished both of these goals," Jason Waits, CISO at Inductive Automation. "By eliminating the need to remember a separate password for 1Password, we've made it easier for our employees to access their accounts so they can get their jobs done without compromising security. Streamlining the login process is a win for both the security team and our employees."

The news comes on the heels of Unlock with Okta and Azure earlier this year. Effective today, 1Password Business customers can unlock 1Password with identity providers that support generic OpenID Connect. For more information, visit our website.

**About 1Password** 

1Password's human-centric security keeps people safe at work and at home. Our solution is built from the ground up to enable anyone – no matter their level of technical proficiency – to navigate the digital world without fear or friction. The company's award-winning security platform is reshaping the future of authentication, including passwordless. 1Password is trusted by over 100,000 businesses such as IBM, Slack, Snowflake, Shopify, and Under Armour and protects the most sensitive information of millions of individuals and families across the globe. The company's ultimate goal is to help consumers and businesses get more done in less time – with security and privacy as a given. Learn more at 1Password.com.

SOURCE 1Password

1Password Launches Unlock With Single Sign-On for OIDC-Supported Identity Providers

Generative AI chatbots like ChatGPT are the buzziest of the buzzy right now, but the cyber community is starting to mature when it comes to assessing where it should fit into our lives.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading