Apple’s iOS 16 and macOS Ventura will introduce passwordless login for apps and websites. It’s only the beginning.

Your passwords are terrible. Year after year, the most popular passwords leaked in data breaches are 123456, 123456789, and 12345—‘qwerty’ and ‘password’ come close behind—and using these weak passwords leaves you vulnerable to all sorts of hacking. Weak and repeated passwords are one of the most significant risks to your online life.

For years, we’ve been promised a more secure, password-free future, but it seems like 2022 will _actually_ be the year that millions of people start to move away from passwords. At Apple’s Worldwide Developer Conference yesterday, the company announced it will launch passwordless logins across Macs, iPhones, iPads, and Apple TVs around September of this year. Instead of using passwords, you will be able to log in to websites and apps using “Passkeys” with iOS 16 and macOS Ventura. It’s the first major real-world shift to password elimination.

So how does it work? Passkeys replace your tired old passwords by creating new digital keys using Touch ID or Face ID, Apple’s vice president of internet technologies, Darin Adler, explained at WWDC. When you are creating an online account with a website, you can use a Passkey instead of a password. “To create a Passkey, just use Touch ID or Face ID to authenticate, and you’re done,” Adler said.

When you go to log in to that website again, Passkeys allow you to prove who you are by using your biometrics rather than typing in a passphrase (or having your password manager enter it for you). When signing in to a website on a Mac, a prompt will appear on your iPhone or iPad to verify your identity. Apple says its Passkeys will sync across your devices using iCloud’s Keychain, and the Passkeys are stored on your devices rather than on servers. (The use of iCloud Keychain should also solve the problem of losing or breaking your linked devices.) Under the hood, Apple’s Passkeys are based on the Web Authentication API (WebAuthn) and are end-to-end encrypted so nobody can read them, including Apple. The system for creating Passkeys uses public-private key authentication to prove you are who you say you are.

A passwordless system would be a significant step forward for most people’s online security. As well as eliminating guessable passwords, removing passwords reduces the likelihood of successful phishing attacks. And passwords can’t be stolen in data breaches if they don't exist in the first place. (Some apps and websites already allow people to log in using their fingerprints or using face recognition, but these usually require you to first create an account with a password.)

Apple’s Passkeys aren’t entirely new—the company first detailed them at 2021’s WWDC and started testing them shortly after—and Apple isn’t the only one that wants to eliminate passwords. The FIDO Alliance, a tech industry group, has been working on the underlying standards needed to ditch passwords for almost a decade, and Apple’s Passkeys are the company’s implementation of these standards.

In recent months, FIDO has taken a series of important steps to bring the password’s demise closer to reality. In March, FIDO announced it has figured out a way to store the cryptographic keys that sync between people’s devices, calling them “multi-device FIDO credentials” or “passkeys.”

This was followed in May by Apple, Microsoft, and Google declaring their support for the FIDO standards. Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said adoption of the standards would keep more people safe online. At the time, the three tech giants said they would start rolling out the technology “over the course of the coming year.” Microsoft account owners have been able to ditch their passwords since September of last year, and Google has been working on its passwordless technology since 2008.

When all the tech companies have rolled out their version of passkeys, it should be possible for the system to work across different devices—in theory, you could use your iPhone to log in to a Windows laptop, or an Android tablet to log in to a website in Microsoft’s Edge Browser. “All of FIDO’s specs have been developed collaboratively, with inputs from hundreds of companies,” says Andrew Shikiar, the executive director of the FIDO Alliance. Shikiar confirms that Apple is the first company to start rolling out passkey-style technology and says this shows “how tangible this approach will soon be for consumers worldwide.”

Any success for a passwordless future depends on how it works in reality. At the moment, there are unanswered questions about what happens to your Passkeys if you want to ditch Apple’s ecosystem for Android or another platform. (Apple hasn’t yet responded to our request for comment.) And developers still need to implement changes to their apps and websites to work with Passkey. Plus, to gain trust in any system, people need to be educated about how it works. “Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” ​​Alex Simons, the head of Microsoft’s identity management efforts, said in May. In short: If cross-device systems are clunky or a pain to use, people may shun them in favor of weak but convenient passwords.

While Apple’s Passkey and Google and Microsoft’s equivalents are still some months away (at the very least), that doesn’t mean you should idly keep using your weak or repeated passwords. Every password you use—whether it’s for a one-time account used to buy DIY supplies or your Facebook account—should be strong and unique. Don’t use common phrases, names of friends or pets, or personal information linked to you in your passwords.

Instead, your passwords should be long and strong. The best way to achieve this is by using a password manager, which can help you create and store better passwords. You can find our pick of the best password managers here. And while you’re thinking about your security, turn on multi-factor authentication for as many accounts as possible.

Apple Just Killed the Password—for Real This Time

A coalition of over 25 industry leaders, led by NightDragon and non-profit NextGen Cyber Talent, partner to raise $1 million for collegiate cybersecurity education

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- NightDragon, an investment and advisory firm focused on the cybersecurity, safety, security, and privacy industries, and NextGen Cyber Talent, a nonprofit organization dedicated to increasing diversity and inclusion in the cybersecurity industry through education and career opportunities for underserved and underrepresented students, today announced the launch of the Coalition to Close the Cybersecurity Talent Gap ("Coalition"), a campaign to raise $1 million to help fund one year of community college courses for Bay Area students pursuing careers in cybersecurity.

The Coalition is composed of more than 25 industry-leading cybersecurity and technology leaders that are passionate about cultivating the next generation of cybersecurity talent and committed to closing the cybersecurity skills gap. Driven to make a difference in the lives of students and their local communities, at launch, the Coalition has raised more than $300,000 of the $1 million needed to fund the cybersecurity education initiative for Bay Area students.

Through leveraging its vast network, NightDragon led the formation of the coalition including NightDragon portfolio companies, go-to-market and investment partners. Founding members for the initial cohort include: AllegisCyber Capital, Carahsoft, Claroty, Coalfire, Cyderes, Deloitte, Exclusive Networks, ForgeRock, HUMAN Security, iboss, Immuta, Ingram Micro, Interos, Knight Group, Macnica, Marsh, Merlin, Mezmo, NightDragon, Onapsis, Optiv, Palo Alto Networks, Prosek, Team8, Ten Eleven Ventures, ThriveDX, SafeGuard Cyber, Snowflake, and vArmour.

"There are an estimated 2.7 million unfilled cybersecurity positions. These vacancies create a significant challenge as security teams everywhere struggle to hire talent to monitor and remediate cyberattacks, as well as develop new technology to combat today's latest threats," said Krishnan Chellakarai, Founder and Co-Chairman of NextGen Cyber Talent and CISO of Gilead Sciences. "Solving the cybersecurity talent shortage will take a collective industry-wide effort. We are calling on the industry during the RSA Conference to contribute to the campaign and look forward to the impact we can make together to close the cybersecurity talent gap."

"The cybersecurity talent shortage is an issue that impacts all of us and is one of the biggest challenges facing our industry and national security. Let's demonstrate that as an industry we can come together to help solve for the talent shortage and foster the next generation in cyber talent that will help us combat today's threats," said Dave DeWalt, Founder, and Managing Director, NightDragon, and Board Member, NextGen Cyber Talent.

"The partners who have pulled together on this important mission are an impactful group of leaders from across the industry, which speaks to the universal nature of this mission to close the cybersecurity talent gap. By reaching out to the broader industry at the RSA Conference, we hope to show the power and compassion of our industry to help the underserved and enrich the cybersecurity workforce with more diversity," said Amy De Salvatore, VP Business Development and Strategic Alliances, NightDragon, who initiated the campaign and led the formation of the Coalition.

NextGen Cyber Talent partners with Bay Area community colleges to offer several cohorts of training programs, continuous career development and mentoring, and grants to hundreds of students pursuing cybersecurity education. The funds will be distributed by NextGen Cyber Talent to students at participating Bay Area community colleges who have applied and met the qualifying grade criteria of a B- or better. In addition to capital, founding coalition partners have also contributed additional in-kind donations, including lectures, curriculum materials, and internships for students.

"As we continue to focus on the essential mission of making each day safer than the one before, we have a responsibility as an industry to encourage and educate the next generation of cyber leaders," said BJ Jenkins, President at Palo Alto Networks and NightDragon Board member. "We thank NightDragon and NextGen Cyber Talent for bringing us together on this shared vision. We look forward to helping students recognize all of the cybersecurity career possibilities."

Donations of any size can be made through the Coalition to Close the Cybersecurity Talent Gap campaign donations page.

**About NextGen Cyber Talent**

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry. It brings together cybersecurity experts, solution providers and enterprises to make a difference in the underserved and underprivileged community and address a mounting cyber skills shortage and talent gap. To learn more, visit www.NextGencybertalent.com.

**About NightDragon**

NightDragon is an investment and advisory firm focused on growth and late-stage investments within the cybersecurity, safety, security and privacy industries. Its platform and vast industry network provide unparalleled threat insights, deal flow, market leverage and operating expertise to drive portfolio company growth and increase shareholder value. Founded by Dave DeWalt, the NightDragon team has more than 25 years of operational and market expertise leading technology companies such as Documentum, EMC, Siebel Systems (Oracle), McAfee, Mandiant, Avast and FireEye. Read more about NightDragon at www.nightdragon.com.

Cybersecurity Industry Leaders Launch Campaign to Close the Cybersecurity Talent Gap

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

After years of data breaches, leaks, and hacks leaving the world desperate for tools to stem the illicit flow of sensitive personal data, a key advance has appeared on the horizon.

On Tuesday, MongoDB is announcing “Queryable Encryption,” a feature that will allow database users to search their data while it remains encrypted. The tool, which is debuting in preview as part of MongoDB 6.0, attempts to bridge academic cryptography findings and real-world environments so users can adopt the feature without needing advanced theoretical expertise. Crucially, Queryable Encryption is built to work with existing databases rather than requiring users to re-architect their systems before they can take advantage of it.

Institutions from businesses to governments, health care facilities, and critical infrastructure already lean on encryption to render data unintelligible (and therefore not worth stealing) when it's traveling across networks or sitting in storage. But none of that protects data when it's actively being used for legitimate reasons—looking up a patient's medical records, say, or setting up a car rental reservation. That means an attacker—including a rogue employee—could potentially gain access to data the same way a doctor or customer service agent does. This is a nut everyone wants to crack, and the database maker MongoDB has been working on possible solutions for years. Now, the company says, it has one.

“This is exactly the kind of thing that customers are wanting. We work with the biggest banks, pension systems, treasury exchanges, payment networks, pizza chains—and everyone wants better assurances,” says Kenn White, MongoDB's security principal. “And because of some practical engineering breakthroughs, it went from an academic kind of thing to something that actually could work on big databases.”

Queryable Encryption could let a bank agent investigate your account for possible fraud on a range of dates without knowing which dates specifically flagged the system. Or it could allow a customer service rep to type the first few letters of a name and start a claims process while leaving the name encrypted and indecipherable. 

Many of these breakthroughs came from Brown University cryptographer Seny Kamara and his longtime collaborator Tarik Moataz. Several years ago, the pair cofounded a searchable encrypted database startup known as Aroki Systems along with entrepreneur John Partridge. Aroki collaborated with MongoDB on a database security feature, announced in 2019, and Kamara and Moataz continued working on a prototype of a truly searchable encrypted database. In 2021, MongoDB acquired Aroki.

The Queryable Encryption system is built with a combination of established cryptographic protocols and conceptual advances Kamara and Moataz have been working on for years in an area of cryptography known as structured encryption. The approach involves encrypting data with a specific architecture so it can be searched with special tokens specific to each query without data ever being decrypted. Other techniques such as homomorphic encryption allow users to do computations on encrypted data, like adding two columns in an encrypted spreadsheet. But structured encryption is specifically focused on organizing encrypted data so it can be found without exposing the data itself.

“What we focus on is not how to do arithmetic operations on encrypted data, but how to find information fast—like really, really fast,” says Kamara, who is currently on leave from his associate professor role at Brown.

Speed is a challenge in encrypted operations, where every extra key check and computation add complications to basic operations. But MongoDB claims that searches performed with Queryable Encryption are impressively fast and won't cause unreasonable performance losses—a claim that customers will be able to test for themselves with the new preview. MongoDB is also open-sourcing much of the Queryable Encryption system, so users and other researchers can vet its underlying cryptography.

“A lot of the work is very theoretical in nature, algorithms, crypto security definitions, but for me at the end of the day I want to see something come out of it,” Kamara says. “There is a social imperative behind the work that scientists do. Working with a company at the scale of Mongo, this will be available to a huge number of people, a huge number of work loads.”

Moataz and Kamara say the big breakthrough that allowed them to move their concept from the academic world toward the real world was emulation, which enabled them to use the properties of structured encryption with existing databases that have different architectures. Like emulating Super Nintendo games on your PC or emulating Windows on a Mac, the approach creates a liminal space in which structured encryption can run on top of traditional databases.

Still, Kamara and Moataz emphasize that it's been a challenge and a learning process to collaborate with MongoDB engineers and turn the Aroki Systems prototype into something that can actually be deployed at scale around the world.

“Seny and I have been learning a lot about the constraints of real-world deployments that academics know nothing about,” Moataz says. “Models in academia are less restrictive. So we are enjoying being exposed to that and improving our models and our designs with respect to these constraints.”

Though Tuesday's release will be the first time that the public can vet Queryable Encryption in the wild, Aroki Systems had cryptographer JP Aumasson conduct technical due diligence on the cryptographic underpinning of their prototype system. And MongoDB invited University of Chicago cryptographer and searchable encryption researcher David Cash to take an early look as well. Both told WIRED that while they haven't audited the entire system deployment, the underlying cryptography appears sound. And they both emphasize that it's exciting to see a real-world searchable encryption scheme take shape after so long.

“A lot of crypto research since the 1980s has sort of been centered on how do we do this stuff, so this is a long time coming," Cash says. “Everything in cryptography is about trade-offs, and the world is complicated, so it's important to be careful about absolute statements, but that this vision is realized in some form is very exciting. And this is not at all snake oil or security theater. They're going deep on this and thinking about the important stuff carefully.”

Aumasson says that many others have claimed to offer searchable encryption without the technical depth or capability. “There have been other products advertising encrypted search, but academics would really laugh at those,” he says. “What Mongo is doing is something that is academic-compliant, and I’m very happy to see it.”

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

FortiRecon combines machine learning, automation, and human intelligence to continually monitor an organization’s external attack surface.

**SAN FRANCISCO, Calif., – RSAC 2022 - Jun 6, 2022**

**John Maddison, EVP of Products and CMO at Fortinet**

“The sooner in the attack cycle you identify and stop an adversary, the less costly and damaging their actions. Employing a powerful combination of human and artificial intelligence, FortiRecon provides organizations with a view of what adversaries are seeing, doing and planning. FortiRecon’s vendor agnostic SaaS delivery model combined with an intuitive interface and easily digestible reports enable executives across the organization to quickly understand the risks posed to their company, data, and brand reputation, while our team of FortiGuard Labs cybersecurity experts enhance the offering with takedown services, guidance on prioritization of remediation efforts, and targeted threat research and intelligence.”

**News Summary**

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced FortiRecon, a complete Digital Risk Protection Service (DRPS) offering that uses a powerful combination of machine learning, automation capabilities, and FortiGuard Labs cybersecurity experts to manage a company’s risk posture and advise meaningful action to protect their brand reputation, enterprise assets, and data. FortiRecon uniquely delivers a triple offering of outside-in coverage across External Attack Surface Management (EASM), Brand Protection (BP), and Adversary-Centric Intelligence (ACI) to counter attacks at the reconnaissance phase – the first stage of a cyberattack – to significantly reduce the risk, time, and cost of later stage threat mitigation.

**Organizations are Overwhelmed in the Fight to Protect their Network, Data, and Reputation and Mitigate Risk Early**

Before attacking an organization, a cybercriminal’s primary objective is to gather as much intelligence about their target as possible. This phase of early reconnaissance arms the adversary with everything they need to determine if and how they would exploit an organization. They will test a company’s defense and response tactics, look for unpatched systems, use social media to learn more about its employees and their normal behavior, and go as far as researching business partners, recent acquisitions, and any other third-party affiliation that could lead to a successful compromise. As organizations digitally accelerate their businesses and deploy hybrid IT architectures that expand the attack surface, identifying and mitigating these threats has become increasingly more difficult. In response to the velocity of threats, cybersecurity best practices have evolved from point-in-time evaluations to continual monitoring, ongoing reviews, and continuous enhancements to an organization’s security posture.

**Taking a Page Out of the Adversary Playbook to Mitigate Risk**

With the introduction of FortiRecon, Fortinet provides enterprise organizations with a powerful tool to understand how the adversary views an organization from the outside to help inform cybersecurity teams, the C-Level, and risk and compliance management on how to prioritize risk and improve the company's overall security posture. FortiRecon offers companies consistent and comprehensive coverage across three areas:

*   **External Attack Surface Monitoring:** Empowers organizations to understand their risk profile and mitigate risks early. Provides an outside-in view of an organization and its subsidiaries to identify exposed known and unknown enterprise assets and associated vulnerabilities, and prioritize the remediation of critical issues. EASM identifies servers, credentials, public cloud service misconfigurations, and even third-party partner software code vulnerabilities that could be exploited by malicious actors.
*   **Brand Protection:** Enables organizations to protect their brand and identify risks to their customers. Proprietary algorithms detect web-based typo-squatting, defacements, and phishing impersonations, as well as rogue mobile apps, credential leaks, and brand impersonation on social media, all common techniques used by cyber threat actors. The early detection of malicious activity allows teams to quickly take action (such as website or application takedown) to stop and prevent damage.
*   **Adversary-Centric Intelligence:** Increases the security awareness of an organization’s SOC team with industry and geography specific coverage to better understand their attackers and protect assets. FortiGuard Labs cybersecurity experts assess the underground and imminent threat risks posed by active cybercriminals to an individual company by proactively monitoring public and private forums, open-source, dark web, and other cybercriminal domains. By engaging in human intelligence collection, FortiGuard Labs experts assess and curate custom threat intelligence, providing recommendations specific to the company, industry, and geography.

For partners, FortiRecon can be sold on top of the Fortinet Security Fabric or as a stand-alone, vendor-agnostic solution that delivers easily digestible reports and enables their customers to quickly understand the risks posed to their company, data, and brand reputation. FortiRecon also extends the categories of risk for which partners can provide insight to customers and increases the opportunity to land new customers that have only invested in more traditional security solutions.

**Enhancing Fortinet’s Early Detection and Response Portfolio and Industry Leading Security Services**

FortiRecon complements Fortinet’s robust portfolio of early detection and advanced response products, including FortiNDR, FortiXDR, FortiDeceptor, in-line sandboxing, as well as advanced automation with FortiAnalyzer, FortiSIEM and FortiSOAR.

Fortinet is firmly committed to the success of SOC teams and the protection of organziations and offers an extensive portfolio of outsource services ranging from cybersecurity assessments and readiness, playbook development, tabletop training, Incident Response, MDR and SOC-as-a-service. This combined offering, alongside the many enhancements across the Fortinet Security Fabric and extended ecosystem deliver simplification and automation to help SOC teams regain focus, control, and speed by strengthening an organization’s SOC with FortiGuard Labs cybersecurity tools and experts.

**Get a demo of FortiRecon in the Fortinet booth at RSAC 2022**

Fortinet will be a Platinum Sponsor at this year’s RSA Conference and will feature product demos, a live theater, and a Fortinet Expert Bar at booth #5855 in the Moscone Center North Hall. Stop by the booth to get a demo of FortiRecon and other recent product, solution, and services innovations from Fortinet. Learn more about Fortinet at RSA and presentations featuring Fortinet executives in the media alert.

**Additional Resources**

*   Read our blog to learn more about the value security services can bring to any organization and find out more about Fortinet’s robust portfolio of AI-powered Security Services.
*   Learn more about Fortinet’s advanced detection offerings for the SOC: FortiNDR, FortiDeceptor, FortiXDR, and FortiGuard In-line Sandbox Service
*   Learn more about Fortinet SOC-as-a-Service.
*   Learn more about how the Fortinet Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital infrastructure.
*   Learn more about FortiGuard Labs threat intelligence and research or Fortinet’s AI-powered FortiGuard Security Services portfolio.
*   Learn more about Fortinet’s free cybersecurity training which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
*   Read more about how Fortinet customers are securing their organizations.
*   Engage in the Fortinet User Community (Fuse). Share ideas and feedback, learn more about our products and technology, and connect with peers.
*   Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on YouTube.

**About Fortinet**

Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 580,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Fortinet Unveils New Digital Risk Protection Offering

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. government targets via phishing campaigns.

Proofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify. Attacks consist of campaigns targeting victims U.S. and E.U. government workers. Malicious emails contain fake recruitment pitches promising a 20 percent boost in salaries and entice recipients to download an accompanying attachment.

The text states, “You’ll be getting a \[20%\]_sic_ increase in your salary.” The message prompts recipients to open an attached document “before this weekend” to learn more.

In a Twitter-based statement, Sherrod DeGrippo, vice president of threat research at Proofpoint, said about 10 Proofpoint customers had received over 1,000 such messages.

The malicious attachment targets the remote code execution bug CVE-2022-30190, dubbed Follina.

Discovered last month, the flaw exploits the Microsoft Windows Support Diagnostic Tool. As Microsoft explained in a blog post, the bug “exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.”

State-sponsored abuse of the flaw is just the latest in a string of Follina-related attacks.

If successfully exploited, attackers can use the Follina flaw to install programs, view, change or delete data, or create new accounts in the context allowed by the user’s rights, the company said.

“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word,” Microsoft explained in its guidance on the Microsoft Security Response Center. “An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.”

Microsoft’s workaround comes some six weeks after the vulnerability was apparently first identified. Researchers from Shadow Chaser Group noticed it on April 12 and patched by Microsoft in May.

Proofpoint says the malicious file used in the recruitment phishing campaigns, if downloaded, executes a script that can ultimately check for virtualized environment to abuse and “steals information from local browsers, mail clients and file services, conducts machine recon and then zips it for exfil.”

Proofpoint explained in a tweet, “The extensive reconnaissance conducted by \[a\] second Powershell script demonstrated an actor interested in a large variety of software on a target’s computer.” It is that behavior that raised concerns that the campaign had ties to a “state aligned nexus,” researchers noted.

Follina Exploited by State-Sponsored Hackers

Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year. 
May 6th, 2022 is a recent example.
The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January.
Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for

Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year.

May 6th, 2022 is a recent example.

_The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January_.

Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially spreading misery to individuals and hospitals, businesses, government agencies and more all over the world.

So, how different is a **ransomware attack** like Conti from the infamous "WannaCry" or "NotPetya"?

While other Ransomware variants can spread fast and encrypt files within short time frames, Conti ransomware has demonstrated unmatched speed by which it can access victims' systems.

Given the recent spate of data breaches, it is extremely challenging for organizations to be able to protect every organization from every hack.

Whether running a port scan or cracking default passwords, application vulnerability, phishing emails, or ransomware campaigns, every hacker has different reasons for infiltrating our systems. It is evident why certain individuals and companies are targeted because of their software or hardware weaknesses, while others affected do not have this common Achilles' heel due to planning and barriers put in place.

We can bring in support of security experts like **Indusface** to defend ourselves and pursue an attack-reduction strategy to reduce both the likelihood and impact of becoming the victim of a cyberattack.

But what characteristics do companies possess that tend to attract cyberattacks, and why do hackers target them?

And if you knew your company was a likely target, would it make sense for you to be wary of the many ways your information could be compromised?

**What Motivates a Hacker?**

When hackers hack, they do so for several reasons. We've listed the 4 most common motivations behind the hacking.

****1** — **It's About Money:****

One of the most common motivations for breaking into a system is monetary gain. Many hackers may try to steal your passwords or bank accounts to make money by taking off with your hard-earned cash. Your customer information wouldn't be safe if hackers made off with it as they could use this data in several ways, perhaps by blackmailing you or even selling it on the black market or deep web.

The average cost of a data breach was $3.86 million in 2004, according to IBM, and that number has since risen to $4.24 million as of 2021. It's even expected to rise even more in forthcoming years.

****2** — **Hack + Activism aka Hacktivism****

Some people look at hacking to start political and social revolutions, although the majority are interested in expressing their opinions and human rights or creating awareness over certain issues. However, they can target anyone they like - including terrorist organizations, white supremacist groups, or local government representatives.

Hacktivists, also known as 'Anonymous,' normally target terror groups like ISIS or white supremacist organizations, but they have also targeted local government groups. In January 2016, an attack on the Hurley Medical Center in Flint, Michigan, led to the leak of thousands of documents and records. The organization claimed responsibility with a video promising "justice" for the city's ongoing water crisis that resulted in 12 deaths over time.

Whether it's a single hacker or a simple online gang, the primary weapons of hacktivists include Distributed Denial of Service (DDoS) tools and vulnerability scanners- proven to cause financial losses for well-known corporations. Remember when donations to WikiLeaks were halted, and Anonymous rode high on a series of **DDoS attacks**?

****3** — **Insider Threats****

Insider threats can come from anywhere, but they are viewed as one of the organizations' greatest cyber security threats. Many threats can come from your employees, vendors, contractors, or a partner, making you feel like you're walking on eggshells.

Someone within your organization is helping a threat become a reality. Now that we think about it, almost all of your employees, vendors, contractors, and partners are technically internal to the organization. One major weakness enterprises have their core systems of protection; the firewalls and anti-virus programs are easily bypassed by whoever has access to these programs at any one time.

So when the next wave of cyberattacks comes, who better than someone you've always trusted with key security access, damage control measures need to be implemented to prevent a repeat of a situation as catastrophic as Sony's hack in 2014 (possibly perpetuated by its own employee).

****4** — **Revenge Game****

If you have an unruly employee looking for a way to get revenge on your company, they will more than likely take the time to think of a good attack, leaving you thinking twice about dismissing them.

If they have access to your system, you can be sure that they will try to find any way possible to use their privileged status to get back at you even after leaving the company. One way of doing this is by accessing databases and accounts that require logins and passwords. In other cases, disgruntled workers might even sell vital information in exchange for money and more favorable job opportunities only to mess with your organization's infrastructure.

****5** — **Attack Vectors****

Cybercriminals are utilizing a wide range of attack vectors so that they can infiltrate your system or take custody of it by using ransomware attacks like IP address spoofing, phishing, email attachments, and hard drive encryption.

****a) Phishing****

The most common way to spread ransomware is through phishing emails. Hackers send carefully crafted phoney emails to trick a victim into opening an attachment or clicking on a link containing malicious software.

There are lots of different file formats malware can come in. For example, it could be in a

PDF, BMP, MOV, or DOC.

Once hackers take control over your company's network, ransomware malware has a good chance of getting into your system, encrypting information, and taking hostage all the data stored on your devices.

****b) Remote Desktop Protocol (RDP)****

Running over port 3389, RDP is short for Remote Desktop Protocol, allowing IT administrators to remotely access machines and configure them or merely use their resources for various reasons - such as running maintenance.

The hacker begins by running a port scan on machines over the internet that have port 3389 open. 3389 is for SMB, or Server Message Block, which allows for basic file sharing between Windows computers and is often turned on in the early days of internet usage.

Once a hacker has gained access to open machines on port 3389, they often brute-force the password so they can log into them as an administrator. And then, it is a matter of time. Hackers can get into your machine and initiate the encryption operation to lock down your data by purposefully slowing or stopping critical processes.

****c) Attacks on Unpatched Software****

A weakness in the software is one of the most promising methods of attack deployment in today's environment. In some cases, when software is not fully up to date or patched, attackers can enter networks without having to harvest credentials.

****The Closure****

Cyber hackers can now do just as much analyzing and evaluating as security teams for their products. They have the same or even more tools to scan any given system, so it's practical to be able to foresee their motivation and profiles.

With hackers becoming more sophisticated, it is on top priority to have proactive cybersecurity mechanisms to maintain the health of your business.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hacking Scenarios: How Hackers Choose Their Victims

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady.
"The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up.
SVCReady is said to be in its early stage of development, with the

A new wave of phishing campaigns has been observed spreading a previously documented malware called **SVCReady**.

"The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up.

SVCReady is said to be in its early stage of development, with the authors iteratively updating the malware several times last month. First signs of activity date back to April 22, 2022.

Infection chains involve sending Microsoft Word document attachments to targets via email that contain VBA macros to activate the deployment of malicious payloads.

But where this campaign stands apart is that instead of employing PowerShell or MSHTA to retrieve next-stage executables from a remote server, the macro runs shellcode stored in the document properties, which subsequently drops the SVCReady malware.

In addition to achieving persistence on the infected host by means of a scheduled task, the malware comes with the ability to gather system information, capture screenshots, run shell commands, as well as download and execute arbitrary files.

This also included delivering RedLine Stealer as a follow-up payload in one instance on April 26 after a machine was initially compromised with SVCReady.

HP said it identified overlaps between the file names of the lure documents and the images contained in the files used to distribute SVCReady and those employed by another group called TA551 (aka Hive0106 or Shathak), but it's not immediately clear if the same threat actor is behind the latest campaign.

"It is possible that we are seeing the artifacts left by two different attackers who are using the same tools," Schläpfer noted. "However, our findings show that similar templates and potentially document builders are being used by the actors behind the TA551 and SVCReady campaigns."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update.
"macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a

Apple has introduced a **Rapid Security Response feature** in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update.

"macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a reboot," the company said in a statement on Monday.

The feature, which also works on iOS, aims to separate regular software updates from critical security improvements and are applied automatically so that users are protected against in-the-wild attacks. It's worth noting that Apple tested an analogous option in iOS 14.5.

Another key security feature announced by Apple at its annual Worldwide Developers Conference (WWDC) includes support for third-party two-factor authentication apps with the built-in Passwords feature in the Settings app.

What's more, iOS 16 will now permit users to edit strong passwords suggested by Safari to adjust for site‑specific requirements, not to mention requiring apps to request users' permission to access the clipboard to paste content from another app.

In a similar permissions-related update, USB-C and Thunderbolt accessories barring power adapters and standalone displays will be made to explicitly ask for users' consent before they can communicate with macOS devices.

"On portable Mac computers with Apple silicon, new USB and Thunderbolt accessories require user approval before the accessory can communicate with macOS for connections wired directly to the USB-C port," the release notes reads.

Apple, lastly, also confirmed it's bringing support for passkeys in the Safari web browser, a next-generation passwordless sign-in standard that allows users to log in to websites and apps across platforms using Touch ID or Face ID for biometric verification.

The mechanism, established by the FIDO Alliance and already backed by Google and Microsoft, aims to supplant standard passwords by providing unique digital keys that are stored locally on the device.

"Passkeys replace passwords with an easier and safer sign‑in method," the tech behemoth said. "Passkeys never leave your device and are specific to the site you created them for, making it almost impossible for them to be phished."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#mac