North Korean state-sponsored actors, who help economically prop up Kim Jong Un's dictatorship, continue to pummel US infrastructure.

The federal Rewards for Justice program has doubled, to $10 million, the available reward for useful information about North Korean state-sponsored actors' attacks on US healthcare systems and other critical infrastructure.

The State Department has a Tor-based tip line where anyone can submit information they have on North Korean-sponsored threat actors, including Lazarus Group, Kimsuky, BlueNoroff, and Andariel, all linked to the DPRK government apparatus.

Earlier this month, the FBI, US Cybersecurity and Infrastructure Agency (CISA), and the Treasury Department issued a warning that North Korean state-sponsored actors are attacking the US healthcare and public health sectors with a new ransomware tool called Maui.

Also in July, Microsoft warned that a North Korean APT threat it calls DEV-0530 has been using a custom ransomware dubbed H0lyGh0st to successfully compromise small businesses in multiple countries.

The hefty reward signals the success the DPRK has had using cybercrime to fund its activities as a way to work around stringent international sanctions, according to Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.

"This money is being funneled directly into weapons programs, and cybercrime has become an essential cog in the ongoing survival of Kim Jong Un's dictatorship," Bocek said via email, in reaction to the reward hike announcement. "Worryingly, this blueprint is also being mimicked by other rogue states. So, cutting North Korean cybercrime off at the source is essential to the national security of the U.S. and its allies."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

US Offers $10M Double-Reward for North Korea Cyberattacker Info

Call it a "cyber tax": Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services.

Sixty percent of breaches have resulted in companies recouping the cost of fines, clean-up, and technological improvements by increasing prices, essentially making consumers pay for breaches and companies' lack of preparedness, according to an annual report published on July 27.

The "Cost of Data Breach Report 2022" report, based on a survey of executives and security professionals at 550 companies, says the average cost of a data breach continued to rise in 2022, reaching an average of $4.4 million globally (up 13% since 2020) and $9.4 million in the United States. On average, companies required 277 days to identify and contain data breaches, down from 287 days in 2021, and 83% of companies had suffered more than one breach.  

"It is clear that cyberattacks are evolving into market stressors that are triggering chain reactions, \[and\] we see that these breaches are contributing to those inflationary pressures," says John Hendley, head of strategy for IBM Security's X-Force research team. "We have to think about cyber events as factors that are capable of straining the economy, similar to COVID, the war in Ukraine, gas prices, all of that."

    

Business email compromise and phishing attacks led to the most costly breaches (in millions of US$). Source: IBM Cost of Data Breach Report 2022

The annual report, based on surveys conducted by the Ponemon Institute, is not the first attempt to gauge the impact of breaches on businesses' balance sheets. Last year, a survey by security-operations firm IronNet found that most companies were affected by the supply chain attack on network management firm SolarWinds, with the average firm seeing an 11% drop in revenue due to dealing with the incident. 

Overall, experts estimated that the incident would cost SolarWinds about $18 million but would cost the 18,000 affected businesses and government agencies as much as $100 billion in clean-up costs.

**A "Cyber Tax" on Consumers**

While cybersecurity experts have increasingly urged companies to count on having their systems compromised, they continue to have problems stopping attackers, and they are passing costs onto consumers, Hendley notes. This suggests that data breaches and cyberattacks are creating a cyber tax, he argues, increasing costs for downstream consumers and clients.

"When you think about the fact that 83% of businesses have been breached at least once in their lifetime, I think it becomes difficult to say that we need to apply punitive damages to help prevent breaches," Hendley says. "There is always going to be a way in, so I think the best investment that we can have is to try to shift the line from protecting the perimeter to thinking like the attacker."

In addition to the labeling of breaches and fines as a cyber tax, the report highlighted various trends among industries dealing with cyberattacks. Companies that could reduce the overall breach detection and response time to less than 200 days saved $1.1 million, or 23% of the cost of the average breach.

**Data Breach Costs Worst in Healthcare **

The cost of a single data breach varied significantly based on the type of industry affected. The heavily regulated healthcare sector continued to pay out the highest amount for compromises of data, reaching an average of $10 million per breach in 2022, compared with financial firms that paid an average of $6 million per breach, the second most expensive breach cost. Pharmaceutical companies and technology firms essentially tied for third place, paying about $5 million for each breach.

Ransomware continued to have a significant impact on business, despite signs that — so far this year — ransomware attacks have declined somewhat. The survey found that companies that pay ransoms spend less on clean-up costs, but high ransom totals negate most savings. In addition, 80% of companies that pay ransoms are attacked again, according to the "Ransomware: The True Cost to Business" report published by security firm CyberReason last year.

**Ransomware Not as Costly as Phishing Attacks**

Other research has highlighted the impact of ransomware on companies that have not adequately prepared for destructive attacks. Two-thirds of global firms hit with ransomware suffered a significant revenue loss, they said, as did 58% of those surveyed at US companies specifically. The attacks overall have led to 31% of global companies shuttering some part of their businesses.

"It is interesting to see the cost difference between ransomware victims who chose to pay and those who chose not to," Nicole Hoffman, senior cyber-threat intelligence analyst at Digital Shadows, a digital-risk protection firm. "Those who pay are often targeted again within months of the original attack, which would increase financial losses significantly. These factors are important to consider when making the challenging business decision of whether or not to pay."

That said, the initial vector of the attack also had a significant impact on cost. Business email compromise (BEC) and phishing attacks led to the highest average breach costs — about $4.9 million per incident — with third-party vulnerabilities and compromised credentials accounting for damages of approximately $4.5 million per incident.

The IBM-Ponemon report also highlighted technologies that could have the largest impact on data breach costs. Companies that use artificial intelligence and machine learning (AI/ML) technologies, DevSecOps processes, and formed an incident-response team saved about $300,000, $276,000, and $253,000 per incident, respectively. 

In contrast, companies that suffered from security system complexity, were migrating the business to the cloud, and had compliance failures saw the largest increases in cost per incident.

The report is based on more than 3,600 interviews with individuals from 550 companies of various sizes, focusing on breaches that involved anywhere from 2,200 to 102,000 records. Breaches outside that range were not included.

Average Data Breach Costs Soar to $4.4M in 2022

Did you know that the standard router relied upon in homes and by thousands of small businesses is the most frequently attacked IoT device? James Willison, Project and Engagement Manager, IoT Security Foundation, explores the issue and reveals an ongoing initiative from the foundation that is designed to better secure the devices.

_This article is by James Willison, Project & Engagement Manager, IoT Security Foundation_  

Few of us realize that our Internet connection relies on the strength of our router's security. So much of what we depend on in our modern day lives comes into our homes and businesses via that box sitting near the front door. We pay attention to our front door and try and ensure it is locked and bolted. but what about that box supplied by the broadband provider?

Well, I am sorry to warn you that it is the most targeted IoT device – if an attacker can control it, then it's really game over for the rest of your home and small business. Software company Symantec has advised that 75% of all IoT attacks are on infected routers, with 15% against webcams, so that’s a concern to some of us too! Of course, everything comes through the trusty box at the front door.

So, while your house might be built on solid ground and the physical foundations are firm, it is unlikely that the Internet connection is as strong as you think. There are people who are entering your home and you have opened it to them. In the words of the song, "Who are you? I really want to know!"

Our problem is that we don't ask this question on a regular basis regarding our networks because we assume our broadband provider is looking after that for us. While they will of course be doing security at various levels, there is much on our networks which is simply not secure and should be of concern to us.

I have been aware of IoT security issues in the home, small business and the enterprise for some time, as I have worked closely with my good friend and colleague Sarb Sembhi for many years. It was when I met Dr. Nick Allott in November 2018 that I became more aware of the severity of the problem, as he explained that most of the home routers we use today are not secure and that the devices they manage have little or no security either. This is not to mention other complications like wireless extenders, smart speakers, and applications on your network to add to the mix.

**Join the Project to Help Protect Home Networks**

The great news is that for over two years, Nick's company, Nquiringminds, has led an Innovate UK consortium of partners including the University of Oxford Cyber Security Centre, Cisco, the IoT Security Foundation and recently BT to develop a range of solutions to improve the situation. The project is called "manysecured" and its objectives are to detect and protect against IoT vulnerabilities on the router and the network. It is a truly international collaboration based on open source software and has gained the interest of NIST and US government's CISA. I was privileged to join the project in March this year, and we are seeking to involve other professional stakeholders such as IoT manufacturers and security professionals.

I am confident that given the collaborative nature of the various solutions which comprise the manysecured project that the prototype will be launched at the IoT Security Foundation’s conference on Oct. 5.

In essence, there are five functions within the project's special interest group.

*   The first has produced a set of requirements for ISPs to ensure best practices for the router itself.
*   The second has proposed a secure user Internet browser which will help when you log on and configure your router
*   The third seeks to identify devices on your network. This includes describing what they are. We are looking for IoT manufacturers to help us with this. Many of our readers have been actively seeking to develop the cybersecurity of physical security devices and systems and so we appeal to you to join us to ensure we get this right.
*   The fourth solution monitors the security events and raises alerts for the hub
*   The fifth controls the threats

Most importantly, all these processes are interoperable such that the home network is protected. It seeks to address the principles of secure boot, storage, and secure processing. The place of AI is important because of the volume of data and the difficulty in knowing who and what is on your network. Hence concepts like "zero trust," which Nick has helpfully defined as "multifactor continuous verification," are foundational. Similarly, "cognitive security," which he summarizes as "AI based on human thought patterns to protect physical and digital devices and systems" is a cornerstone of the project.

As security convergence is a response to IoT risk, an area for all of us to improve is the security of the physical devices and systems in the supply chain and the business. If we can get the router, the front end of so many of our homes and small businesses and therefore 90% of the environment, into a better state than it is right now, then we will be on our way to rebuilding that wall which, at the moment, has a massive hole in it.

As J.R.R Tolkein wrote in _The Lord of the Rings_ : "A gaping hole was blasted in the wall. A host of dark shapes poured in." The response required an alliance of several large armies for victory to be achieved. The same is needed today if we are to secure our internet gateways and devices.

**Please get in touch with me and the IoT Security Foundation to join our cause and make a difference. You can reach me at the IoT Security Foundation or via my LinkedIn profile.**

**__This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.__  
**

Is Your Home or Small Business Built on Secure Foundations? Think Again…

New careers in IT open up for former footballers.

Friday 22nd July saw the very first students graduate from the PSM Cyber Stars Programme at an event held at the AXA Training Centre, the training facility for one the world’s most iconic football clubs, Liverpool FC.

For those young players who do not go on to have a career in the professional game, career paths can be difficult. Recognising the issue, Phoenix Sport and Media Group (PSMG) have opened the ‘state of the art’ PSM Digital Academy which is designed to help current and retired players into a career in cyber security. This week saw the first seven students graduate with many of them already lined up with their first roles in the sector.

Founded by a group of Premier League players who are determined to make a positive difference, PSM Digital Academy and the Cyber Star Programme will be providing technical skills training as well as help in transitioning from sport. Located at Silverstone race circuit, the courses will be delivered in a modern training facility on site, or virtually, dependent on the preference of the learner. The courses will be in offensive, defensive and threat intelligence and will help plug a significant skills gap in this specific area of the cyber industry.

This is a new partnership between PSMG, CompTIA, BIT Training and Hack The Box and it’s tasked with delivering the programme under the name Cyber Stars.

The first cohort launched in late April 2022 and was oversubscribed which is an indication of the level of demand for this type of learning. Looking forward, the Academy will be inviting applications from other sports and focus groups including cricket, rugby, and athletics. As part of its commitment to diversity and inclusion, they are also hoping to offer focused cohorts for female players and for Paralympians.

The course has been designed to go beyond traditional training and has been tailored to help sports stars excel. PSM Cyber Stars Programme has also entered into partnerships with cyber employers who are looking to interview successful graduates for roles in this fast-growing sector.

Commenting on the new projects, Carly Barnes CEO of PSMG said: “We’re incredibly proud to have successfully launched this course and even more proud to see the very first students graduate at such a well renowned venue. These new graduates are about to start on brand new career paths in the IT industry and we look forward to seeing how they progress as the months and years move on.”

One former Liverpool FC Academy player that graduated from the course this week is Josh Sumner, who said: “It was devastating to leave Liverpool FC at the age of 19 after being there for seven years because football was all I knew. I’m now 28 years old and I can safely say that the PSM Cyber Stars Programme has set me on a new and exciting career path in IT. It was always something that I was interested in but this have given me the opportunity to take the first real life step in to the sector.”

Commenting on the initiative, Caitlin Hawkins, Academy Education Manager, Liverpool Football Club said: “This is an amazing initiative, and we are fully behind it at LFC. The workshop delivered by PSM, BIT Training, Hack The Box and CompTIA is impressive and we’ve had real interest in this course from our alumni. We’re delighted to see that the graduates from this week include former LFC player Josh Sumner and we look forward to giving our continued support to the course and these former players as they embark on new career paths.”

**Background information:**

**_CompTIA_**

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for unlocking the potential of the tech industry and its workforce. Visit https://www.comptia.org/

“The number of open job roles in the cyber security sector in the UK is increasing, yet the number of skilled people to fill them still lags behind. Globally, we are facing a huge skills gap and a shortage of millions of skilled professionals in the coming years. Our mission at CompTIA is to close the IT skills gap and improve the talent pipeline for IT employers.

The PSMG Cyber Stars programme does just that. The programme is different and engaging and helps us attract a new demographic of talent to become a part of this booming industry. The students are able to bring something new with the transferrable skills they have picked up in their years of professional training in sport. Skills such as Leadership, Team work, Problem Solving and Commitment are all skills that can be used in Tech.

We are demystifying the idea of needing to be a 'rocket scientist' or 'mathematician' to get into to work in Tech and Cyber roles. We are thrilled to support the academy alumni as they reskill, certify and transition into their new careers in cyber security and help us achieve our mission of supporting a skilled workforce into industry.

**Luke Barton, Senior Manager, CompTIA**

**_Hack The Box_**

Hack The Box is an online cybersecurity training and upskilling platform that allows individuals, businesses, universities, and all kinds of organizations all around the world to level up their offensive and defensive security skills through the most gamified and engaging learning environment. Join a massive hacking playground and infosec community of 1.5 million platform members who learn, hack, level up, and exchange ideas and methodologies.

“At Hack The Box we are committed to creating a safer cyber world by making cybersecurity training accessible to everyone. Everyone can join and start learning and practicing cybersecurity, from theory to action. With that in mind, Hack The Box supported the PSM Cyber Stars Programme, providing cyber security training to a selected group of athletes - willing to explore a new line of work - and as such offer a pathway for these individuals to a new career opportunity.”

**Harris Pylarinos, Hack The Box, Founder & CEO**

**_BIT Training_**

Since 2004, BIT Training has provided award-winning commercial IT and Cyber Security training to support organisations and IT professionals across the world. Their dedicated team of in-house expert instructors, online platforms and learning partners provide cost-effective, flexible training solutions. They provide customers with the opportunity to learn ‘whenever’ and ‘wherever’ they need to achieve their learning goals.

“The PSM Cyber Stars Programme is unique and we’re proud to be involved. We’ve broken down the learning pathway so that academic and social backgrounds are unimportant; it’s all about talent and aptitude. We’re very excited to partner with PSMG, CompTIA and Hack The Box to grow the partnership as market demand for our courses grows.”

First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC

IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.

Read some the cybersecurity headlines and you'll notice a trend: They increasingly involve business applications.

For example, the email tool Mailchimp says intruders broke into its customer accounts via an "internal tool." Marketing automation software HubSpot got infiltrated. Corporate password wallet Okta was compromised. Project management tool Jira made an update that accidentally exposed the private information of clients like Google and NASA.

This is one of cybersecurity's newest fronts: your internal tools.

It's only logical that malicious actors would intrude here next, or that employees would accidentally leave doors open. The average organization now has 843 SaaS applications and increasingly relies on them to run its core operations. I was curious about what administrators can do to keep these apps secure, so I interviewed an old colleague, Misha Seltzer, a CTO and co-founder of Atmosec, who is working in this space.

**Why Business Applications Are Particularly Vulnerable**

The users of business applications tend not to think about security and compliance. Partly, because that's not their job, says Misha. They're already plenty busy. And partly, it's because these teams try to purchase their systems outside of IT's purview.

Meanwhile, the apps themselves are designed to be easy to launch and integrate. You can launch many of them without a credit card. And users can often integrate this software with some of their most vital systems of record like the CRM, ERP, support system, and human capital management (HCM) with as little as one click.

This is true of most apps offered within those major vendors' app stores. Misha points out that Salesforce users can "connect" an app from the Salesforce AppExchange _without actually installing it_. That means there's no scrutiny, it can access your customer data, and its activities are logged under the user profile, making it difficult to track.

So, that's the first issue. It's very easy to connect new, potentially insecure apps to your core apps. The second issue is that most of these systems haven't been designed for administrators to observe what goes on within them.

For example:

*   **Salesforce** offers many wonderful DevOps tools, but no native way to track integrated apps, extend API keys, or compare orgs to detect suspicious changes.
*   **NetSuite's** changelog doesn't provide detail on who changed what — only _that_ something changed, making it difficult to audit.
*   **Jira's** changelog is equally sparse, and Jira is often integrated with Zendesk, PagerDuty, and Slack, which contain sensitive data.

This makes it difficult to know what's configured, which applications have access to what data, and who has been in your systems.

**What You Can Do About It**

The best defense is an automatic defense, says Misha, so talk to your cybersecurity team about how they can roll monitoring your business applications into their existing plans. But for complete awareness and coverage, they, too, are going to need deeper insight into what's happening within and between these applications than what these tools natively provide. You'll need to build or buy tools that can help you:

*   **Identify your risks:** You'll need the ability to view everything that's configured in each application, to save snapshots in time, and to compare those snapshots. If a tool can tell you the difference between yesterday's configuration and today's, you can see who has done what — and detect intrusions or the potential for intrusions.
*   **Probe, monitor, and analyze for vulnerabilities:** You need a way to set alerts for changes to your most sensitive configurations. These will need to go beyond traditional SaaS security posture management (SSPM) tools, which tend to monitor only one application at a time, or to only provide routine recommendations. If something connects to Salesforce or Zendesk and alters an important workflow, you need to know.
*   **Develop a response plan:** Adopt a Git-like tool that allows you to "version" your business applications to store prior states which you can then revert to. It won't fix every intrusion, and may cause you to lose metadata, but it's an effective first line of remediation.
*   **Maintain your SaaS security hygiene:** Deputize someone on the team with keeping your orgs up to date, deactivating unnecessary users and integrations, and ensuring that security settings that were turned off are turned back on — e.g., if someone disables encryption or TLS to configure a webhook, check that it was re-enabled.

If you can put all that together, you can start to identify areas that malicious actors could get in — such as through Slack's webhooks, as Misha points out.

**Your Role in Business System Security**

It's not up to administrators alone to secure these systems, but you can play an important role in locking some of the obvious open doors. And the better you're able to see into these systems — a chore which they aren't always natively built to allow — the better you'll know if someone hacked a business application.

The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications

**Woburn, MA – July 26, 2022 –** No More Ransom, the initiative launched to help victims of ransomware decrypt their files, has celebrated its six-year anniversary. Since the launch, it has grown from four partners to 188 and has contributed 136 decryption tools covering 165 ransomware families. In doing so, it has helped more than 1.5 million people decrypt their devices all over the world, with the project available in 37 languages.

Ransomware encrypts valuable information stored on victims’ computers by infecting them using insecure and fraudulent websites, software downloads, malicious attachments, and through RDP (remote desk protocol) attacks and exploiting vulnerable internet-facing servers. Criminals then seek ransom from the victim, promising to retrieve their encrypted data in return. This type of malware has been a cybersecurity concern for many years, with attackers targeting all types of stakeholders, including both customers and enterprises, and evolving from separate gangs to full-fledged businesses with their own ecosystems.

To help people and organizations retrieve access to valuable information, the National High Tech Crime Unit of the Dutch National Police, Europol’s European Cybercrime Centre, Kaspersky and other partners jointly created the No More Ransom initiative in 2016. On the official website, participants can publish decryption tools, guidelines, and instructions on how to report a cybercrime, regardless of where it happened. These tools and materials have helped victims of 165 ransomware families get their data back without any payments. In addition to the decryption tools, the project also aims to spread information on how ransomware works and what measures can be taken to prevent infection.

Kaspersky is one of the founding partners that contributed to 9 decryption tools that helped to retrieve the data encrypted by 38 ransomware families. Since 2016, these tools have been downloaded more than 185,000 times.

“Ransomware is an effective way to get money from victims and remains one of the biggest cybersecurity concerns,” said Jornt van der Weil, security researcher at Kaspersky Global Research and Analysis Team. “In just the first three months of 2022, more than 74,000 unique users were found to have been exposed to this type of threat – and all these attacks were successfully detected. This has led to an increase in the tendency of helping these initiatives, and I’m extremely happy that we are able to assist people and companies in restoring their digital assets, without paying the attackers. This way we hit the criminals where it hurts - their business model - as users are no longer forced to pay to decrypt their data. We will keep on fighting ransomware with our existing and future partners.”

To find further information on helping in the fight against ransomware, or to learn more about the No More Ransom initiative, please visit the initiative’s website at nomoreransom.org.

No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices

A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

8 Hot Summer Fiction Reads for Cybersecurity Pros

Craig Newmark Philanthropies (CNP), the grantmaking organization launched by the founder of craigslist, has announced a three-year, $1.725M commitment to support the newly established Consortium of Cybersecurity Clinics, a network of organizations working to expand cybersecurity clinics at colleges and universities in the U.S. and around the world. Similar to clinics in schools of law and medicine, cybersecurity clinics provide students with hands-on experience as they work to strengthen the digital defenses of nonprofits, hospitals, municipalities, small businesses, small critical infrastructure providers and other under-resourced organizations.

The funding builds on more than half a million dollars gifted by CNP in 2020 and 2021 to incubate the clinic model; the combined gift of over $2M to UC Berkeley represents a core element in Newmark’s $50M pledge to support cyber civil defense.

“University-based clinics provide critical cybersecurity assistance in their communities, and create a pipeline of diverse talent to work on the frontlines of cyber civil defense in every state,” Newmark said. “Cyber civil defense depends on efforts across federal, state and local levels, and cybersecurity clinics are a crucial component to scale a national effort.”

“We’re incredibly proud to be part of Craig’s groundbreaking philanthropic commitment to cyber civil defense,” said Ann Cleaveland, Executive Director of the UC Berkeley Center for Long-Term Cybersecurity, which hosts the Consortium. “The Consortium is a key component of a National Cyber Workforce and Education agenda, which has risen all the way to the White House. The vision of the Consortium is to advance cybersecurity education for public good, and for university, college and community-college based clinics to be available in all 50 states.”

Newmark provided early seed funding to the University of California, Berkeley’s Citizen Clinic, a trailblazing public interest digital security clinic that trains and deploys student teams to help nonprofits, journalists, human rights defenders and social justice activists defend themselves against digital threats. Since its founding in 2018, Citizen Clinic has trained over 100 students from diverse disciplines to strengthen the cyberdefenses of 14 nonprofit clients, including women’s reproductive rights, LGBTQ rights and indigenous rights organizations.

In 2021, Citizen Clinic’s leaders teamed up with MIT and other founding members to launch the Consortium of Cybersecurity Clinics, an international network of institutions that serves as a forum for clinicians, trainers and advocates to network and share knowledge, expand the reach of cybersecurity clinics, and lower the barriers for other institutions of higher education to successfully establish their own clinics.

In addition to UC Berkeley and MIT, founding members of the Consortium include the Indiana University Cybersecurity Clinic; University of Alabama Cybersecurity Clinic; University of Georgia CyberArch; Global Cyber Alliance; Rochester Institute of Technology; and the R Street Institute. Consortium membership has since grown to include participants from three countries, and nine states, as well as the District of Columbia.

Each consortium-affiliated cybersecurity clinic operates independently, and focuses on unique audiences and service specialties. Every clinic has one or more faculty directors training students to provide digital security services, such as vulnerability and risk assessments, cybersecurity policy templates, incident response plans, ransomware training, NIST and CMMC certifications, and more.

“In _Fortune_ magazine’s first-ever ranking of online master’s degree programs in cybersecurity, Berkeley was named No. 1,” says Chancellor Carol T. Christ. “With Craig’s meaningful investment, we can do even more to prepare diverse, talented students at Berkeley and elsewhere to help vulnerable organizations become more resilient to cyberattacks. His support ensures we will continue to lead national and international efforts to make the digital landscape a safer, more humane place.”

With funding from CNP, the Consortium will establish a “gold standard” clearinghouse for the development and dissemination of tools, knowledge, and resources for cybersecurity clinics and their clients. The funding will enable the Consortium to bring on its first Director, convene members to support peer learning, expand the membership and number of clients served, and grow the Consortium’s public Cybersecurity Clinic Education Center.

“Our ambition is to dramatically grow the number of universities and students engaged in clinics, with attention to women and student bodies under-represented in cybersecurity, as well as to incubate new cybersecurity clinics through mentorship and direct funding,” Cleaveland said. “We are grateful to early funders of this work, including the William and Flora Hewlett Foundation, Microsoft, the Public Interest Technology University Network (PIT-UN), and the Fidelity Charitable Trustees’ Initiative.”

Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics

Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook.

TEMPE, Ariz., July 26, 2022 /PRNewswire/ -- NortonLifeLock's global research team, Norton Labs, today published its quarterly Consumer Cyber Safety Pulse Report, detailing the top consumer cybersecurity insights and takeaways from April through June 2022. Leveraging the company's global threat telemetry, the analysis includes new findings on how cybercriminals are using social media phishing attacks to steal people's private information.

Norton Labs analyzed a full year of phishing attacks on the top social media platforms, and while plenty of fake login pages designed to trick victims into inputting their login credentials were found, the diversity and complexity of lures went far beyond that one technique.

"Threat actors use social media for phishing attacks because it's a low-effort and high return way to target billions of people around the world," said Darren Shou, head of technology, NortonLifeLock. "As social media is intertwined in our daily lives, it's key to know how to spot the signs of a scam, and keep a sharp eye on where requests for your information are coming from. Even better, consider strong, multi-layered security that can be on the lookout for you."

Norton Labs uncovered the top tactics cybercriminals use to get victims to reveal personal information, and while classic login phishing pages are still the most common ploy, cybercriminals are finding new ways to deceive social media users. Tactics include account lockouts – making it seem that a victim's account has been locked luring victims to reveal login credentials or install malware on the promise of increasing follower count; and verified badge scams – prompting users to login to obtain, or not to lose, their verified status on the platform.

Another phishing campaign tactic aims to intercept temporary codes to break into profiles with two-factor authentication enabled. These tokens are generally tied to the victim's device and allow the scammer to perform privileged operations such as modifying personal details or login credentials.

This quarter, Norton also found that it's never too early for scammers to take advantage of the back-to-school season. As school-aged children enjoy their summer, cybercriminals are already at work, using the back-to-school time to inspire a variety of financial scams, such as bogus offers of scholarships and financial aid.

**By the Numbers**

From April through June 2022, Norton thwarted over 900 million threats, or around 10 million threats per day. Norton blocked:

*   22.6 million phishing attempts
*   103.7 million file threats
*   302 thousand mobile threats
*   78 thousand ransomware attacks

For more information and Cyber Safety guidance, visit the Norton Internet Security Center.

**About NortonLifeLock Inc.**  
NortonLifeLock Inc. (NASDAQ: NLOK) is a global leader in consumer Cyber Safety, protecting and empowering people to live their digital lives safely. We are the consumer's trusted ally in an increasingly complex and connected world. Learn more about how we're transforming Cyber Safety at www.NortonLifeLock.com.

SOURCE NortonLifeLock Inc.

Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media

Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.

Reverse-engineering the latest ransomware executables from the group behind LockBit shows that the developers have added capabilities from other popular attack tools and are actively working to improve LockBit's anti-analysis capabilities, according to researchers.

This significant evolution, seen in the recently debuted LockBit 3.0 (aka LockBit Black), is likely meant to offset better defenses, a greater scrutiny by researchers and investigators, and competition from other gangs, according to analyses by multiple researchers.

"There is no question that, whether it is law enforcement pressure or the defenders getting better, that we are seeing that these groups are forced to evolve — they have to get better at what they are doing," says Jon Clay, vice president of threat intelligence for Trend Micro.

They also have to keep up with the Dark-Web Joneses. To that end, the latest version now requires a key to obfuscate its main routines and hinders reverse engineering and analysis, for example — a technique used by other ransomware families, such as Egregor, cybersecurity firm Trend Micro stated in an advisory published on Tuesday. The new version of the ransomware program also enumerates available application programming interfaces (APIs), a feature identical to the BlackMatter ransomware program, the company stated.

**Ransomware Attack on Italy's Tax Agency**

Earlier this month, the Italian Revenue Agency became the latest purported victim of LockBit, with the group boasting that it encrypted and exfiltrated 78 gigabytes of files from the tax agency. If true, the organization will have to find a way to recover, but the attack also threatens Italian citizens, Gil Dabah, co-founder and CEO of data-protection firm Piiano, said via email.

"The second type of victim is the individual whose data was compromised," he said. "In this case, there is a high chance that the data of an individual taxpayer was compromised."

Following Russia's invasion of Ukraine, these ransomware groups have committed to supporting Russia and are increasingly facing requests to conduct operations against nation-state targets, says Paul Martini, CEO of iBoss, a provider of cloud-security solutions.

"The shadow cyber-war between nations that has been carried out through espionage, disinformation campaigns, and strategic attacks on critical targets is just starting to come out of the shadows," he said. "We can expect this to boil over and the West is going to need stronger defenses in place to protect government and civilian targets."

The group behind LockBit has had a good run so far in 2022. Despite an 18% drop in overall attacks, likely due to the disruption of the infrastructure behind the Conti cybercrime group or possibly fallout from Russia's invasion of Ukraine, LockBit has become the most commonly encountered ransomware family, accounting for 40% of all attacks detected by security firm NCC Group in May.

But evolution is necessary to stay on top.

**Major Improvements for LockBit 3.0**

The changes to the latest version of the LockBit ransomware includes functions that collect system APIs as a way to use legitimate functions as part of its attack and extensive — albeit fairly simple — encryption of configuration data and code, according to Trend Micro's advisory.

Perhaps most notably, a major addition to LockBit 3.0 is a set of features to slow down or prevent reverse engineering. The program includes, for example, a password required to decrypt the main body of executable code and a feature that attempts to crash debuggers.

"They pride themselves on their ability to regularly update their ransomware and ransomware-as-a-service offerings," says Trend Micro's Clay. "There are a lot more obfuscation capabilities in 3.0, and they put in a lot of features that try to minimize how much analysts and researchers can discover about their code."

Meanwhile, the adoption of BlackMatter tactics is unsurprising, given that both LockBit and BlackMatter are Russia-linked groups and cybercriminals are increasingly moving between groups.

**The Basics of Ransomware Defense Still Work**

For the most part, the new features found in LockBit 3.0 do not undermine current defenses, says Trend Micro's Clay. Multi-factor authentication can block the most common approach to gaining access — through stolen credentials — while modern endpoint detection and response (EDR) can detect and stop and attack before attackers start encrypting data. Finally, having a good backup process for critical data will make recovery easier.

"They \[ransomware groups\] claim that backups will not help, but if you have a proper procedure then you can recover your data," he says. "The good news is that the defenders have implemented a lot of these best practices, and they seem to be working."

Source

DARKReading