Connect with us

TechNews

Experts to Discuss ‘Sustainability and Company of the Future’ at AfriTECH 2.0

AfriTECH 2.0 will also feature award ceremony.

Published

on

Africa Tech Alliance Forum (AfriTECH 2.0)

Business subject matter experts are warming up for 2022 Africa Tech Alliance Forum (AfriTECH 2.0) scheduled to hold on Wednesday November 09, 2022 at Oriental Hotel, Lagos at 9:00am (WAT).

Mr. Chike Onwuegbuchi, the co-Convener of AfriTECH, said that the high profile speakers who will be unveiled soon will delve into the nitty-gritty of ‘Sustainability and the Company of the Future’, as many businesses are still responding to changes in the business environment brought on by the COVID-19 pandemic.

Reserve a space here: https://registration.africatechallianceforum.africa/.

According to him, the global crisis introduced the necessity to innovate, forcing many to rethink how they communicate with their customers and repackage product and service offerings for the new landscape – one that is defined by digital transformation.

“The numbers illustrate this evolution. According to Statista, 97% of respondents to a digital transformation survey stated that the pandemic sped up digital transformation processes in their respective organisations.

Global spending on digital transformation is projected to reach $1.78 trillion in 2022. But in what ways will this transformation manifest? The answer lies in trends that will shape the businesses of tomorrow.

“The case is no different for the Government: The current, incremental pace of economic and social advancement shows too many of Africa’s expanding youth population will be denied the opportunity to live up to their potential. Therefore, Africa should think big on digital development”.

He said, therefore, the theme for AfriTECH 2.0 was carefully selected for guided discussions around trends that will help businesses take a turn for good to achieve their desired goals in the coming year 2023 and beyond.

Also speaking, Peter Oluka, the co-Convener of AfriTECH said that digital technologies offer a chance to unlocking new pathways for rapid economic growth, innovation, job creation and access to services which would have been unimaginable only a decade ago.

“Yet there is also a growing ‘digital divide’, and increased cyber risks, which need urgent and coordinated action to mitigate.

“Access to the internet remains out of reach for many citizens in the continent. Too few citizens have digital IDs or transaction accounts – locking them out of access to critical services and e-commerce. Digital startups seek more funding and ‘traditional’ businesses are only slowly adopting digital technologies and platforms to boost productivity and sales.

“Few governments are investing strategically and systematically in developing digital infrastructure, services, skills and entrepreneurship.

“To become tomorrow’s innovators, entrepreneurs and leaders, Africa’s youth need to be empowered with the digital skills and access to technology and markets that are essential to thrive in an increasingly digitized global economy. Through that we would be focusing on the future”, he said.

He added that Government Representatives, International Organizations, Diplomats, Investors, Business leaders, CEOs of Companies and Organisations, Innovators, Academia, Start-ups and Entrepreneurs converge at AfriTECH 2.0 to discuss the need for integrated thinking and what that means for organizational structures and cultures; the traits of leaders of tomorrow’s companies; the connected company; new ways of thinking about value; and the role of regulations, transparency and accountability in the new business order, among other discussions.

How to participate:

Participation is Free however; potential participants are encouraged to register using the link here or click: https://registration.africatechallianceforum.africa/. For sponsorship, do email: [email protected].

AfriTECH 2.0 will also feature award ceremony. The Screening Committee has carefully nominated individuals and organisations driving digital transformation on the Continent for recognition.

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

TechNews

Sophos Show How ​Attackers Exploit Stolen Session Cookies to Bypass Multi Factor Authentication

With Stolen Session Cookies, Attackers can Impersonate Legitimate Users and Move Freely Around the Network, says Sophos

Published

on

Sopos Cookie

Sophos, a global leader in next-generation cybersecurity, today announced in the Sophos X-Ops report, “Cookie stealing: the new perimeter bypass,” that active adversaries are increasingly exploiting stolen session cookies to bypass Multi-Factor Authentication (MFA) and gain access to corporate resources.

sophos cookie

Key points:

  • Sophos is seeing a growing number of attackers—including active adversaries—using stolen session, or authentication, cookies to bypass MFA and access corporate resources
  • These stolen cookies allow attackers to impersonate legitimate users and move freely around a network. Once inside, there is really no limit to what they can do; they can tamper with cloud infrastructures, compromise business email, or even rewrite code for products
  • While bulk credential theft (including bulk cookie theft) is still common, Sophos is witnessing a growing number of targeted attacks to steal cookies from specific types of organizations
  • One common underground marketplace for these stolen cookies is Genesis
  • This is an important table setter piece for Sophos:
    • While other companies have discussed the theoretical rise of attacks bypassing MFA or spoken about isolated incidents involving stolen session cookies, we’re talking about an overall trend and what we’ve witnessed in the field and in the data from our own telemetry
    • We will be building on the cookie theft/MFA bypass angle in the coming months

In some cases, the cookie theft itself is a highly targeted attack, with adversaries scraping cookie data from compromised systems within a network and using legitimate executable to disguise the malicious activity.

Once the attackers obtain access to corporate web-based and cloud resources using the cookies, they can use them for further exploitation such as business email compromise, social engineering to gain additional system access, and even modification of data or source code repositories.

“Over the past year, we’ve seen attackers increasingly turn to cookie theft to work around the growing adoption of MFA. Attackers are turning to new and improved versions of information stealing malware like Raccoon Stealer to simplify the process of obtaining authentication cookies, also known as access tokens,” said Sean Gallagher, principal threat researcher, Sophos. “If attackers have session cookies, they can move freely around a network, impersonating legitimate users.”

Session, or authentication, cookies are a particular type of cookie stored by a web browser when a user logs into web resources. If attackers obtain them, then they can conduct a “pass-the-cookie” attack whereby they inject the access token into a new web session, tricking the browser into believing it is the authenticated user and nullifying the need for authentication.

Since a token is also created and stored on a web browser when using MFA, this same attack can be used to bypass this additional layer of authentication.

Compounding the issue is that many legitimate web-based applications have long-lasting cookies that rarely or never expire; other cookies only expire if the user specifically logs out of the service.

Thanks to the malware-as-a-service industry, it’s getting easier for entry-level attackers to get involved in credential theft. For example, all they need to do is buy a copy of an information-stealing Trojan like Raccoon Stealer to collect data like passwords and cookies in bulk and then sell them on criminal marketplaces, including Genesis.

Other criminals on the attack chain, such as ransomware operators, can then buy this data and sift through it to leverage anything they deem useful for their attacks.

Conversely, in two of the recent incidents that Sophos investigated, attackers took a more targeted approach. In one case, the attackers spent months inside a target’s network gathering cookies from the Microsoft Edge browser.

The initial compromise occurred via an exploit kit, and then the attackers used a combination of Cobalt Strike and Meterpreter activity to abuse a legitimate compiler tool to scrape access tokens. In another case, the attackers used a legitimate Microsoft Visual Studio component to drop a malicious payload that scraped cookie files for a week.

“While historically we’ve seen bulk cookie theft, attackers are now taking a targeted and precise approach to cookie stealing. Because so much of the workplace has become web-based, there really is no end to the types of malicious activity attackers can carry out with stolen session cookies. They can tamper with cloud infrastructures, compromise business email, and convince other employees to download malware or even rewrite code for products. The only limitation is their own creativity,” said Gallagher. “Complicating matters is that there is no easy fix. For example, services can shorten the lifespan of cookies, but that means users must re-authenticate more often, and, as attackers turn to legitimate applications to scrape cookies, companies need to combine malware detection with behavioral analysis.”

To learn more about session cookie theft and how adversaries are exploiting the technique to carry out malicious activity, read the full report, “Cookie Stealing: the new perimeter bypass,” on Sophos.com.

Continue Reading

TechNews

Sophos Introduces Sophos X-Ops

Sophos X-Ops links together SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against cyberattacks

Published

on

Sophos X-Ops

Sophos, a global leader in next-generation cybersecurity, has announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks.

Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities.

Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families.

Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries.

“Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.”

Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done.

“We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries.

“Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it,” said Michael Daniel, president and CEO, Cyber Threat Alliance.

Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise.

“The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.”

Continue Reading

TechNews

Sophos Survey Shows Increase in Ransomware Attacks on Education Institutions

Education Sector Suffers Highest Data Encryption Rate and Longest Recovery Time

Published

on

Sophos - The State of Ransomware in Education 2022

Sophos, a global leader in next-generation cybersecurity, has published a new sectoral survey report, The State of Ransomware in Education 2022.

 Sophos, a global leader in next-generation cybersecurity, has published a new sectoral survey report, The State of Ransomware in Education 2022.

The findings reveal that education institutions – both higher and lower education – are increasingly being hit with ransomware, with 60% suffering attacks in 2021 compared to 44% in 2020.

Education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors (4%).

Other key findings include:

  • Education institutions report the highest propensity to experience operational and commercial impacts from ransomware attacks compared to other sectors; 97% of higher education and 94% of lower education respondents say attacks impacted their ability to operate, while 96% of higher education and 92% of lower education respondents in the private sector further report business and revenue loss
  • Only 2% of education institutions recovered all of their encrypted data after paying a ransom (down from 4% in 2020); schools, on average, were able to recover 62% of encrypted data after paying ransoms (down from 68% in 2020)
  • Higher education institutions in particular report the longest ransomware recovery time; while 40% say it takes at least one month to recover (20% for other sectors), 9% report it takes three to six months

“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold,” said Chester Wisniewski, principal research scientist at Sophos. “Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimized schools with high recovery costs and sometimes even bankruptcy. Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritize building up anti-ransomware defenses to identify and mitigate attacks before encryption is possible.”

Interestingly, education institutions report the highest rate of cyber insurance payout on ransomware claims (100% higher education, 99% lower education).

However, as a whole, the sector has one of the lowest rates of cyber insurance coverage against ransomware (78% compared to 83% for other sectors).

“Four out of 10 schools say fewer insurance providers are offering them coverage, while nearly half (49%) report that the level of cybersecurity they need to qualify for coverage has gone up,” said Wisniewski.

“Cyber insurance providers are becoming more selective when it comes to accepting customers, and education organizations need help to meet these higher standards. With limited budgets, schools should work closely with trusted security professionals to ensure that resources are being allocated toward the right solutions that will deliver the best security outcomes and also help meet insurance standards,” he added.

In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:

  • Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organization’s needs
  • Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
  • Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
  • Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
  • Make backups, and practice restoring from them to ensure minimize disruption and recovery time

The State of Ransomware in Education 2022 survey polled 5,600 IT professionals, including 320 lower education respondents and 410 high education respondents, in mid-sized organizations (100-5,000 employees) across 31 countries.

Continue Reading

Trending