**PRESS RELEASE**

**BOSTON--(****BUSINESS WIRE****)--** Corvus Insurance, the leading cyber underwriter powered by a proprietary AI-driven cyber risk platform, today released its Q3 2023 Global Ransomware Report, which analyzes data from ransomware leak sites to track evolving trends. According to the report, ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY).

In its Q2 2023 Global Ransomware Report, Corvus noted a significant resurgence in global ransomware attacks, which has continued through the third quarter. Now, with two months remaining in the year, the number of ransomware victims in 2023 has already surpassed what was observed for 2021 and 2022. If the trajectory continues, 2023 will be the first year with more than 4,000 ransomware victims posted on leak sites (2,670 in 2022).

Two key factors drove the elevated Q3 ransomware numbers.

**CL0P Mass Exploits Peaked**

The CL0P ransomware group has played a major role in this spike in 2023 ransomware activity. CL0P sprung to life in Q1 by exploiting GoAnywhere file transfer software, which impacted more than 130 victims. In Q2, CL0P struck again with the solo use of a mass zero-day exploit by a ransomware group targeting a vulnerability in the MOVEit file transfer software, which impacted 264 victims at the time of this report. The single MOVEit vulnerability accounted for 9% of victims listed in Q2 and 13% of victims listed in Q3. Even without these CL0P spikes in attack activity, ransomware numbers would still be up 5% over Q2 and 70% YoY in Q3.

**Threat Actors Cut Summer Breaks Short**

Ransomware typically follows seasonal patterns, with incidents decreasing in early May and remaining low through early August. Driven largely by CL0P, this year’s dip in attacks occurred later in June and, rather than continuing to fall, spiked and remained high through the first half of August. Even without CL0P, ransomware activity would still amount to a 70% year-over-year increase.

“It’s clear that ransomware attacks are on a record-setting pace for 2023, and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years,” said Jason Rebholz, CISO, Corvus Insurance. “Aside from these overall numbers, this report demonstrates the impact that a single ransomware group like CL0P can have when they invest in new tactics, which is what we saw with the mass zero-day exploit that wreaked havoc over the second and third quarters.”

**Key Industries Trend Upward**

The Q3 report also examines which industries experienced the largest spikes in ransomware activity. These include:

*   Law practices – An uptick due in part to the ALPHV ransomware group, which accounted for nearly a quarter of all victims in this industry (+70%).
*   Government agencies – The impetus behind these attacks was LockBit, which tripled its government victims from Q2 to Q3 (mostly cities and municipalities) (+95%)
*   Additional Industries that experienced spikes include Manufacturing (+60%), Oil and Gas (+142%), and Transportation, Logistics and Storage (+50%).

“Ransomware actors can quickly pivot their focus, and no industry is immune. There's no better time to ensure the right security controls are in place to mitigate the threat,” said Rebholz.

Read the full Corvus Q3 2023 Global Ransomware Report here.

**About Corvus Insurance**

Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance® and Smart Tech E+O®. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Current insurance program partners include Crum & Forster, Hudson Insurance Group, certain underwriters at Lloyd’s of London, R&Q Accredited, SiriusPoint, and The Travelers Companies, Inc. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the UK, and Germany. For more information, visit corvusinsurance.com.

2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report

**PRESS RELEASE**

**MEXICO CITY and NEW YORK; Oct. 23, 2023 –** Accenture (NYSE: ACN) has acquired MNEMO Mexico, a privately held company specializing in managed cybersecurity services. Financial terms were not disclosed. 

Founded in Mexico City in 2012, MNEMO Mexico has 229 cybersecurity professionals and 180 cybersecurity industry certifications with key ecosystem partners. The company’s portfolio includes advanced cyber defense and response capabilities, a cyber intelligence platform powered by generative AI and other advanced technologies and a 24/7/365 security operations center in Mexico City. Its client base spans multiple industries, including telecommunications, banking and insurance.

“The combination of MNEMO Mexico’s managed cybersecurity services, extensive industry expertise and strong client base makes them an ideal partner to complement our existing capabilities. The addition of MNEMO Mexico’s team will help us grow our business in Mexico, expand our presence in Latin America and support our North America business,” said Paolo Dal Cin, who leads Accenture Security globally. “Together, we will help organizations build more cyber-resilient businesses and secure their digital cores, technologies and supply chains.”

MNEMO Mexico’s cybersecurity professionals will join Accenture Security’s workforce of more than 19,500 professionals globally, extending Accenture’s local resources and capabilities in Mexico / Latin America while addressing the growing regional demand for managed security services.

“The constantly shifting digital world is both a source of opportunity and risk, making it essential to have a well-trained and proficient cybersecurity team,” said Julian Garrido, General Director of MNEMO Mexico. “For more than 20 years our clients have counted on us to safeguard them against destructive cyberattacks. We are excited to join Accenture Security so we can collaborate across industries to help clients in Mexico and around the world build a secure future.” 

Mexico consistently ranks among the top countries in Latin America hardest hit by cyberattacks. Additionally, a report in collaboration with the World Economic Forum’s Global Cybersecurity Outlook 2023 and Accenture revealed that 59% of business leaders and 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience. And less than half of respondents reported having the people and skills needed today to respond to cyberattacks.

"We are proud to welcome the MNEMO Mexico team to Accenture. Their robust cybersecurity capabilities and commitment to a collaborative work culture are essential as we look to meet the increasing demand for managed security services in the market," said Andre Fleury, who leads Accenture Security in Latin America. "We are confident that we will bring tremendous talent and capability to our clients."

Accenture recently ranked No. 1 in managed security services (MSS) market share by revenue in the Gartner® Market Share: Managed Security Services, Worldwide, 2022 report, 18 April 2023 \*. **Last year, Accenture** was recognized **as a leader in strategic security services and MSS in Brazil by ISG.**

Since 2015, Accenture Security has made 17 acquisitions. Following its January 2020 acquisition of Symantec’s Cyber Security Services business, Accenture became one of the leading global providers of MSS. Accenture further strengthened its cyber defense and MSS capabilities in Latin America through the acquisition of Brazil-based Morphus earlier this year and its 2021 acquisition of Real Protect.

**Forward-Looking Statements**

Except for the historical information and discussions contained herein, statements in this news release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as “may,” “will,” “should,” “likely,” “anticipates,” “aspires,” “expects,” “intends,” “plans,” “projects,” “believes,” “estimates,” “positioned,” “outlook,” “goal,” “target” and similar expressions are used to identify these forward-looking statements. These statements are not guarantees of future performance nor promises that goals or targets will be met, and involve a number of risks, uncertainties and other factors that are difficult to predict and could cause actual results to differ materially from those expressed or implied. These risks include, without limitation, risks that: the transaction might not achieve the anticipated benefits for Accenture; Accenture’s results of operations have been, and may in the future be, adversely affected by volatile, negative or uncertain economic and political conditions and the effects of these conditions on the company’s clients’ businesses and levels of business activity; Accenture’s business depends on generating and maintaining client demand for the company’s services and solutions including through the adaptation and expansion of its services and solutions in response to ongoing changes in technology and offerings, and a significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect the company’s results of operations; if Accenture is unable to match people and their skills with client demand around the world and attract and retain professionals with strong leadership skills, the company’s business, the utilization rate of the company’s professionals and the company’s results of operations may be materially adversely affected; Accenture faces legal, reputational and financial risks from any failure to protect client and/or company data from security incidents or cyberattacks; the markets in which Accenture operates are highly competitive, and Accenture might not be able to compete effectively; Accenture’s ability to attract and retain business and employees may depend on its reputation in the marketplace; if Accenture does not successfully manage and develop its relationships with key ecosystem partners or fails to anticipate and establish new alliances in new technologies, the company’s results of operations could be adversely affected; Accenture’s profitability could materially suffer if the company is unable to obtain favorable pricing for its services and solutions, if the company is unable to remain competitive, if its cost-management strategies are unsuccessful or if it experiences delivery inefficiencies or fail to satisfy certain agreed-upon targets or specific service levels; changes in Accenture’s level of taxes, as well as audits, investigations and tax proceedings, or changes in tax laws or in their interpretation or enforcement, could have a material adverse effect on the company’s effective tax rate, results of operations, cash flows and financial condition; Accenture’s results of operations could be materially adversely affected by fluctuations in foreign currency exchange rates; changes to accounting standards or in the estimates and assumptions Accenture makes in connection with the preparation of its consolidated financial statements could adversely affect its financial results; as a result of Accenture’s geographically diverse operations and strategy to continue to grow in key markets around the world, the company is more susceptible to certain risks; if Accenture is unable to manage the organizational challenges associated with its size, the company might be unable to achieve its business objectives; Accenture might not be successful at acquiring, investing in or integrating businesses, entering into joint ventures or divesting businesses; Accenture’s business could be materially adversely affected if the company incurs legal liability; Accenture’s global operations expose the company to numerous and sometimes conflicting legal and regulatory requirements; Accenture’s work with government clients exposes the company to additional risks inherent in the government contracting environment; if Accenture is unable to protect or enforce its intellectual property rights or if Accenture’s services or solutions infringe upon the intellectual property rights of others or the company loses its ability to utilize the intellectual property of others, its business could be adversely affected; Accenture may be subject to criticism and negative publicity related to its incorporation in Ireland; as well as the risks, uncertainties and other factors discussed under the “Risk Factors” heading in Accenture plc’s most recent Annual Report on Form 10-K and other documents filed with or furnished to the Securities and Exchange Commission. Statements in this news release speak only as of the date they were made, and Accenture undertakes no duty to update any forward-looking statements made in this news release or to conform such statements to actual results or changes in Accenture’s expectations. 

**About Accenture**    
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 733,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com. 

**Accenture Security** is a leading provider of end-to-end cybersecurity services, including strategy, protection, resilience and industry-specific cyber services. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Cyber Fusion Centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Visit us at accenture.com/security.

\*Gartner, Market Share: Managed Security Services, Worldwide, 2022, April 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Accenture Expands Cybersecurity Services Capabilities in Latin America With Acquisition of MNEMO Mexico

Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements.

Password manager 1Password has become the second publicized victim of Okta's recent customer support breach, news of which came to light last week. It is just the latest in a string of cyberattacks aimed at gaining access to highly privileged Okta accounts.

Okta, a cloud-based, enterprise-grade identity and access management (IAM) service that connects enterprise users across applications and devices, is used by more than 17,000 customers globally. On Friday, it disclosed that a threat actor had used stolen credentials to access its customer support case management system. The attacker then leveraged its access to penetrate some of those thousands of customers via their recent customer support engagements.

This is what happened with 1Password. On Sept. 29, the password-management company observed suspicious activity within the Okta instance that it uses for managing its employee-facing apps, according to a company statement. The activity was quickly terminated, and while it didn't detail the extent of the infestation into employee apps, it did say that no user or employee data or other sensitive systems were compromised.

News of more victims may yet be coming. Okta wrote on Friday that it has informed other potentially affected customers.

This is the latest attack on Okta, which continues to be a popular target for cybercriminals because it offers access to so much sensitive information. In August, the company detailed a campaign in which threat actors used social engineering to convince IT desk personnel to reset multifactor authentication (MFA) for highly privileged Okta enterprise accounts, opening the door to lateral movement.

And the more recent, highly publicized MGM and Caesar's Palace ransomware incidents involved a subversion of Okta Agent via social engineering, leading to deep infections of the Vegas giants.

**Profile of an Okta Customer Service Breach**

The first news of Okta's latest breach was provided not by Okta, but by BeyondTrust, a separate IAM security vendor.

On October 2, the company reported, an attacker tried using a valid session cookie stolen from Okta's support system to gain access to BeyondTrust's Okta administrator account.

"They requested a HAR \[HTTP archive\] file in an email," recalls James Maude, director of research at BeyondTrust, "and within that HAR file was a session token which the attacker within 30 minutes had grabbed out of their support system. And then they used that session token to authenticate in and start to try and do malicious things."

That the attacker pounced so quickly was necessary, as session tokens expire quickly, but also suspicious. "That was one of the things that made us wonder — that someone was just sitting, waiting for these files to be uploaded," Maude says.

Logs revealed that the attacker was visiting from an IP address in Malaysia, routed through a VPN service. Like 1Password three days prior, BeyondTrust says it successfully terminated the attack before any infrastructure or customer data was damaged.

**What Affected Customers (& Everyone Else) Should Do**

Affected customers with less effective detection and response may find themselves in a great deal more trouble than Okta's first two reported victims.

"The big risk is that they wouldn't necessarily even notice they've been compromised," Maude explains. "If the attacker is able to use the token to authenticate himself with a level of privilege where he can create accounts, add users to privileged groups that are then under their control, then that's effectively a backdoor into an Okta environment. And once they're able to get into that environment, if they're able to add an identity provider, they can then impersonate other users within the organization to gain access to the apps and other technologies that Okta is the gateway to through single sign-on (SSO)."

Companies should be aware of the sensitivity in sharing data with even trusted customer service agents, and proactively protect their most sensitive accounts to prepare for a worst-case scenario.

"Even if it's not through a support portal, there are other ways that attackers will seek to compromise Okta users. Organizations really need to step up their monitoring around Okta authentication events involving admin users," Maude concludes.

1Password Becomes Latest Victim of Okta Customer Service Breach

Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.

Operating since last May, an emerging ransomware strain called Rhysida was deployed along with new stealer malware called Lumar for a potent new one-two punch against Brazil's popular PIX payment system users.

Researchers from Kaspersky reported Rhysida is functioning as a ransomware-as-a-service (RaaS) operation with a demonstrated ability to quickly evolve.

"It stands out for its unique self-deletion mechanism and compatibility with pre-Windows 10 versions of Microsoft. Written in C++ and compiled with MinGW and shared libraries, Rhysida showcases sophistication in its design," Kaspersky said in its findings about the group. "While relatively new, Rhysida faced initial configuration challenges with its onion server, revealing a group's rapid adaptation and learning curve."

The ransomware campaign targeting PIX has been ongoing since December 2022, the Kaspersky team noted, adding that Rhysida was deployed along with a complimentary malware-as-a-service (MaaS) infostealer called Lumar to target users of the payment system.

Lumar first emerged in July 2023, the report added, and can steal data on Telegram sessions, passwords, cookies, autofill information, desktop files, and even cryptographic wallets.

Notably, the Kaspersky team said the Lumar stealer is compact, without sacrificing functionality.

"The malware's efficient data collection is facilitated by the use of three separate threads," the report added. "The C2, hosted by the malware author as a Malware as a Service (MaaS), provides user-friendly features such as statistics and data logs. Users can download the latest version of Lumar and receive Telegram notifications for incoming data."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Meet Rhysida, a New Ransomware Strain That Deletes Itself

The ex-employee claimed that he believed the shared information would benefit Russia and harm the US.

Former National Security Agency (NSA) employee Jareh Dalke has pleaded guilty on six counts after his transmission of classified government materials in an espionage attempt.

While working as an information systems security designer in the summer of 2022, Dalke used an encrypted email to transmit three documents to someone he believed was a Russian Federation agent in an attempt to display his "legitimate access and willingness to share," according to court documents. In truth, the alleged Russian agent was a covert FBI employee. The information Dalke shared contained National Defense Information (NDI).

On Aug. 26, 2022, Dalke requested $85,000 for sharing the classified information, claiming it "would be of value to Russia."

On Sept. 28, Dalke transferred five more files, four containing "Top Secret NDI," by following instructions provided by the covert FBI employee. The fifth file contained a letter reading "My friends! I am very happy to finally provide this information to you … I look forward to our friendship and shared benefit. Please let me know if there are desired documents to find and I will try when I return to my main office."

Dalke was arrested by the FBI after this second transfer of classified information. He admitted as part of a plea deal that he transferred these files believing that the information would be used to aid Russia and harm the US.

Dalke's sentencing is scheduled for April 26, 2024; he faces a maximum penalty of life in prison.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Former NSA Employee Faces Life in Prison After Espionage Attempt

Zatik takes a fractional approach to AppSec leadership to help small firms access the expertise they need to build secure-by-design software.

One of the fundamental principles of secure-by-design software development is that organizations need to account for security concerns right out of the gate. It's built into the way the applications are designed, architected, and coded. The trouble for small companies that build software is that it can be really hard for them to access and pay for the kind of application security expertise necessary to fold that kind of accountability into the engineering or DevOps process. And so small companies build and ship their software — oftentimes innovative applications upon which their whole business model is based — without much consideration for security.

By the time a startup has "grown up" and built its business big enough to feasibly hire some application security professionals, secure-by-design has already gone out the window. The software stack has already accumulated a ton of security technical debt. That new AppSec team is behind the eight ball before they even start. And without expensive refactoring, oftentimes all they can do is bolt on security controls or apply Band-Aids to security problems that may run very deep.

It's an age-old problem, and one that's simply not practical to get all preachy about to small business owners or small dev teams.

"Experienced application security people are in short supply, and they're getting hoovered up by the big companies, by the Microsofts, Amazons, Apples, and Googles of the world, and if you are a smaller company, you're just not competing on that playing field," explains Kymberlee Price, who has led product security and AppSec teams, worked as a security researcher, and run red team and incident response operations for the likes of Microsoft, Amazon, and Bugcrowd.

Price has been around the block enough to recognize that not only are best-in-class product security pros and security-aware developers still the "unicorns" of the software engineering market, but also that most small businesses aren't big enough to even have enough work to keep one of them busy for very long.

"They don't need a unicorn full time. They need a unicorn maybe for a quarter to set some strategy, and then they need 10% of a unicorn for the rest of the year," she says.

**Sharing the Unicorns**

This is the underlying problem Price hopes to alleviate with her new consulting firm, Zatik. Together with co-founder Jon Callas, another security luminary known for founding PGP and Silent Circle, Price hopes to level the software security playing field for startups and small businesses. Zatik is a fractional security consulting firm that helps companies tap into that small percentage of unicorn-level AppSec expertise that they need to get a security program up and running. It's built in the same mold as a virtual CISO (vCISOs), with a slightly different focus.

"We love virtual CISOs. But they're frequently enterprise-focused and compliance-focused. And we're more looking at, how do you build your product securely by design, the DevOps pipeline, CI/CD, security controls, and things like that," Price explains. "So it's a really nice complement to that fractional model."

For some companies, if they're early enough in their arc, they may need the full package of building out an entire cybersecurity program — something she and Callas are equipped to help them navigate.

"Our sweet spot really is securing the developer experience, but we can help them look at their tech stack, make some recommendations, and make some introductions to other partners," says Price.

She says that she and Callas currently run the company themselves, but they plan on adding more staff as Zatik scales and also leaning on a network of partners to provide additional expertise in areas as necessary for their clients.

"I mean, I can't help you secure your product if you have no employee access control," Price says. "So we wouldn't turn our nose up at other areas."

Ultimately, the goal is to help smaller companies develop that security-by-design ethos from the outset. Price sees that not only as a great business opportunity, but a way to move the needle on security across the tech world.

"One of the things I love about the kind of small companies we're talking to is we're getting in early in their maturity cycle," she says. "So as they're growing, they're growing with a secure-by-design platform where the engineers they're hiring and managing understand that this is 'just how we do it.' Of course we have branch protection, of course we do these things because it was there from day one, versus the security team showing up later and demanding that they have to change things."

Do Small Companies Need Fractional AppSec Teams Akin to Virtual CISOs?

Creating a new regulatory framework to better secure Oman's banking system against future attacks.

On the blissful dawn of Jan. 1, 2020, an unexpected menace in the form of a ransomware intrusion shattered the jubilant spirit of the IT department of Oman United Insurance Company SAOG. 

The attackers hit the main servers, and infected and encrypted their data, leading to a loss of data dated from Dec. 10, 2019, to the day of the attack. Luckily, the attack lasted only for one day, and by Thursday, Jan. 2, 2020, the company was able to recover lost data, all thanks to a robust backup system.    

The Oman Insurance Company SAOG was undeniably fortunate, considering that that same year, Oman recorded a staggering 123 million Web application attempts with over 417,000 confirmed attacks and over $1 million in losses. 

The alarming number of confirmed attacks mentioned above actually represents a 13% decrease compared with the nearly 500,000 confirmed attacks reported by the Oman government in 2019. According to the annual report posted by the Ministry of Technology and Communication, this improvement in Oman's cybersecurity stance was due to the intense security assessments that government websites were subjected to. This assessment exposed over 41,000 vulnerabilities and 13,000 Internet Protocol addresses that were discovered, analyzed, and fixed by the ministry. 

Oman is one of the few Persian Gulf countries known for its high-level cybersecurity strategy, which was put in place in 2010 when the Oman Computer Emergency Readiness Team (OCERT) was launched. This organization was tasked to detect and analyze cyber-risks in the country and to raise cyber awareness at the nation's fundamental level. It's no wonder the number of attempted cyberattacks in Oman plummeted from 880 million in 2017 to 12 million in 2022. 

**A New Cybersecurity Framework by the Central Bank of Oman**

Speaking of a cybersecurity strategy and master plan, the Central Bank of Oman recently issued a new security framework to make it difficult for cyberattackers to successfully defraud its banks and citizens.

In September 2023, the Central Bank of Oman (CBO) issued a new Regulatory Framework for cybersecurity and Resilience. This new regulation mandates banks, financing and leasing companies, payment service providers, and money exchange companies to meet a set of minimum requirements to build a financial industry resilient against cybersecurity risks.

This new regulation is organized into six fundamental categories, referred to as "Control Domains" or pillars. Each domain represents a distinct area of focus and guidelines for implementing security measures. They include:

1.  Governance
    
2.  Compliance & Audit
    
3.  Technology & Operations
    
4.  Third-Party Supply Chain Management
    
5.  Online Financial Services
    
6.  Risk Management
    

By implementing this new framework, the CBO intends to establish guidelines for licensed institutions to have the ability to handle cybersecurity risks. The goal is to maintain the same standard of cybersecurity controls across all licensed financial institutions operating in Oman, ensuring uniformity in their ability to manage such risks. 

**Impacts**

By implementing and adhering to the regulatory Framework for Cybersecurity and Resilience, banks and financial institutions in Oman will have enhanced capabilities to safeguard themselves from various types of cyber threats. Not only this, but if the set minimum requirements are met, financial institutions in Oman will have predefined protocols in place to help them swiftly respond to cyber incidents and minimize potential damage control.

Since this new framework will decrease the likelihood of successful cyberattacks, Oman's financial industry can avoid significant financial losses associated with data breaches and cybercrimes. Moreover, a secure financial sector fosters confidence among investors and the general public, so this new framework could promote stability in Oman's financial market. 

By implementing this new framework, Oman's finance industry is a step closer to meeting international security standards and possibly attract international investments and partnerships. Also, it enhances customer trust as security measures assure customers that their financial transactions and sensitive information are safe.

Strengthening Oman's Economic Backbone

National response team attributes reduction to a cyber workforce with better training.

Kenya has attributed an 11% decrease in cyber threats to increased training of its frontline cybersecurity personnel, along with greater cybersecurity awareness.

According to the July-September 2023 report from the Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC), nearly 124 million cyber threat events were detected — a 11.36% decrease from the 139.7 million threat events detected the previous quarter.

Christopher Wambua, spokesman for the Communications Authority of Kenya, said Kenya's critical information infrastructure was the target for more than 855 million cyber threats between July 2022 and June 2023, making Kenya the third most targeted country in the region, behind South Africa and Nigeria.

Statistics from the report showed that system attacks accounted for over 100 million of the detections. A DDoS attack on its e-citizen digital platform in July was specifically named, as it was briefly inaccessible following a hit claimed by Anonymous Sudan.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cyberattacks on Kenya Drop in Third Quarter

As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations.

Researchers have uncovered hundreds of cyber scams leveraging the Israeli-Hamas conflict, including more than 500 scam emails and fraudulent websites capitalizing on people's willingness to aid those affected by the war.

Many of these emails contain links to scam websites that provide information about the ongoing situation and encourage individuals to make contributions, with the added convenience of various cryptocurrency payment options, according to Kaspersky researchers.

By tracking the wallet addresses used, security experts found additional fraudulent Web pages claiming to collect aid for various groups within the conflict area.

Andrey Kovtun, security expert at Kaspersky, says attackers often attempt to intimidate recipients by threatening severe consequences, such as financial losses, account suspensions, or even legal action, if the potential victims fail to click links, open attachments, or call specified phone numbers.

"Urgency often compels recipients to act swiftly," he adds. "In some instances, such as the recent campaign exploiting the Israeli-Hamas conflict, scammers try to appeal to sympathy, soliciting funds while presenting their actions as noble endeavors."

Callie Guenther, senior manager of cyber threat research at Critical Start, says threat actors have an uncanny ability to adapt their tactics based on current events and societal concerns. This emotional appeal, rooted in compassion and moral responsibility, often overshadows rational decision-making, rendering potential victims more susceptible.

**A Multitude of Tactics**

Fake charity scams often emerge during real disasters, with scammers posing as charitable organizations and using emotional language to lure users in. Tactics include the common methods of multiple text variations to evade spam filters or altered links and sender addresses.

"During conflicts or emergencies, situations can change rapidly, and news travels quickly," Kovtun says. "Fraudulent pages may adapt to the latest developments, such as incorporating current facts or photos to appear more credible."

They can also evolve with more sophisticated designs, aiming to resemble legitimate organizations — for example, they may replicate the visual layout of other well known charities or humanitarian organizations. "Additionally, scammers could add content to the fraudulent websites, for example, news updates, and more, to diversify it with pages other than a money transfer one," Kovtun adds.

**Ferreting Out the Fraud**

To protect against such scams, users are urged to thoroughly scrutinize websites before donating, as fake sites often lack essential information about the organizers, recipients, legitimacy, or transparency regarding fund usage.

"Apart from the simple use of a search engine to find reports of an organization being a scam, look up the provenance of the domain names involved using whois.com or another domain registrar's records," Hamilton advises. "If domains were recently registered it is less likely that the organizations are legitimate."

He also recommends looking for the owner of the IP address space used by the Web properties involved and the country where the hosting service originates.

"Legitimate charity organizations' websites rarely consist of a single page," Kovtun points outs. "Encountering such a landing page should prompt a search for the organization's name to explore the search results."

Upon discovering additional information in the search results, it is advisable to cross-reference the recipient's details on the website received in the email with the information on the official site from search results.

"Spelling or grammar errors often serve as indicators of fraudulent pages," Kovtun says. "If there is still uncertainty about the organizations you have checked, it is better to donate to well-known humanitarian support organizations."

Guenther says it's also beneficial to remember that while the guise may change — be it the Israeli-Hamas conflict, the Haiti earthquake, or the Syrian Refugee Crisis — the underlying strategies remain consistent. "Being informed and maintaining a healthy skepticism can be our strongest defenses against these opportunistic scams," she notes.

Israeli-Hamas Conflict Spells Opportunity for Online Scammers

Cybercriminals already operate across borders. Nations must do the same to protect their critical infrastructure, people, and technology from threats foreign and domestic.

Despite an onslaught of media coverage on cyberattacks and the impact of cybercrime on businesses and governments around the world, most people and, worse, most countries still don't view cybercrime as a national security issue.

Unlike some other areas of organized crime, cybercrime poses a direct threat to national security and the everyday lives of citizens. These malicious actors can target critical infrastructure like hospitals, pipelines, the financial system, energy facilities, shipping ports, and airports. One of the most well-known examples of the impact cybercrime can have on critical infrastructure and how quickly things can go wrong is the Colonial Pipeline ransomware attack and its aftermath, which disrupted economic activity.

**National Intelligence Agencies Are Focused Elsewhere**

However, even as the damages inflicted by cybercrime increase every year, national intelligence agencies remain focused on other national entities and terrorist groups. This leaves private organizations on their own, unarmed and incapable of dealing with malicious actors' growing sophistication and resources.

This is a colossal mistake that could lead to catastrophic consequences. Cybercrime is the central threat in cyberspace. To effectively combat it, nation-states must recognize the harm it can do and take proactive steps to lay the foundation for an international alliance for cybersecurity. Picture it as the NATO of cybersecurity. By coming together as a group, these nation-states can better protect their people, critical infrastructure, and proprietary technology from cyber threats, while also strengthening international relations.

To date, countries have failed to rise to the occasion. Some would even venture to say that we're moving backward, as international tensions rise as a result of the war in Ukraine and other conflicts. Additionally, the ever-growing patchwork of data privacy laws has created new roadblocks for information sharing and response times. In order to shift the narrative and get on the right course to establishing a new international organization geared to the mitigation of, protection against, and punishment of cybercriminals, we first must establish three overarching branches of enforcement.

1.  **The intelligence branch:** Whether you're in Asia, Europe, Latin America, or North America, cybercriminals use the same methods and tactics to conduct attacks. However, today, each country deals with cybercriminal activities independently, negatively impacting information sharing, resources, and expertise. Establishing an intelligence branch would serve as a hub that collects and centralizes information on malicious actors, and their methods, tools, and attacks. By developing a comprehensive database on cybercriminals, each member of this international cyber alliance would benefit from shared knowledge, enabling them to enhance their ability to prevent and respond to cyber threats effectively.
2.  **The policy and strategy branch:** Using the information and data collected by the intelligence branch, a policy and strategy team would be able to develop best practices, guidelines, and regulations that serve as the bedrock for a robust national cyber environment. By sharing and implementing these policies, the alliance can create a common framework that enhances cybersecurity measures and minimizes vulnerabilities across borders.
    
3.  **The** **operations branch:** Lastly, any new international cybersecurity alliance will need an operations branch. This branch would be responsible for implementing, executing, and enforcing laws, as well as taking actions to deter cybercriminals and legally pursuing them. By collectively responding to cyber threats, the alliance can demonstrate a unified front against cybercriminals, making it more challenging for them to exploit vulnerabilities across member countries.
    

In addition to establishing the three branches of the alliance, there are several other key components that are necessary. These include infrastructure, a host country, and like-minded member countries:

*   **Infrastructure:** An undertaking on this scale would require a robust physical and virtual presence to facilitate seamless information sharing, collaboration, and coordinated responses. Without this, nations and industries would continue to struggle with information sharing, mitigation, and enforcement.
*   **Host country:** Similar to other international organizations, it is advisable for the alliance to have a host country that can facilitate the organization's operations. The United States is the most obvious choice. Given the country's technological capabilities, innovative culture, and history of leadership in cybersecurity, it would be the ideal candidate for hosting the international alliance for cybersecurity.
*   **Like-minded member countries:** The success of the international alliance depends on member countries sharing common values such as liberal principles, a free market, democratic governance, and the protection of human rights. As in other military alliances, the member countries would form a unified attack surface, and operate together to fight attacks.

Cybercriminals already operate across borders, sharing knowledge and collaborating on a global scale. It's time for nations to do the same to protect their critical infrastructure, people, and technology from threats foreign and domestic.

Source

DARKReading