November 23, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
One reason attackers have taken to Web shells is because of their ability to stay under the radar. Web shells are hard to detect with static analysis techniques, because the files and code are so easy to modify. Moreover, Web shell traffic — because it is just HTTP or HTTPS — blends right in, making it hard to detect with traffic analysis, says Akamai's Zavodchik. "They communicate on the same ports, and it's just another page of the website," he says. "It's not like the classic malware that will open the connection back from the server to the attacker. The attacker just browses the website. There's no malicious connection, so no anomalous connections go from the server to the attacker." In addition, because there are so many off-the-shelf Web shells, attackers can use them without tipping off defenders as to their identity. The WSO-NG Web shell, for instance, is available on GitHub. And Kali Linux is open source; it's a Linux distribution focused on providing easy-to-use tools for red teams and offensive operations, and it provides 14 different Web shells, giving penetration testers the ability to upload and download files, execute command, and creating and querying databases and archives.
Based on what has been disclosed thus far, the breach sounds relatively minor, but ALPHV’s SEC complaint throws the company into the spotlight. “The SEC won’t take a criminal’s word, but the spotlight is harsh. ALPHV's motives seem less about ransom, more about setting a precedent that intimidates,” Ferhat Dikbiyik, Ph.D., head of research at cyber risk monitoring company Black Kite, tells InformationWeek via email. “MeridianLink's challenge now is to navigate this tightrope of disclosure and investigation, all while under the public and regulatory microscope.” Dikbiyik points out that ALPHV’s SEC complaint suggests that the group may have ties in the US. The group demonstrates a strong command of English and knowledge of American corporate culture, he explains. Its knowledge of the American regulatory system is particularly indicative of potential stateside ties. “ALPHV's clear English on the dark web could be AI, but their quick SEC rule exploit? That suggests boots on the ground,” says Dikbiyik.
“Cutting-edge advancements in neuroscience research have revealed the intricate relationship between brain structure and function, and the success of artificial neural networks has highlighted the importance of network architecture,” wrote the team. “It is now time to bring these together to better understand how intelligence emerges from the multi-scale repositories in the brain. By mathematically modeling brain activity, a systematic repository of the multi-scale brain network architecture would be very useful for pushing the biological boundary of an established model.” As that systematic repository, the team’s digital twin brain (DTB) would be capable of simulating various states of the human brain in different cognitive tasks at multiple scales, in addition to helping formulate methods for altering the state of a malfunctioning brain. ... “The advantages of this research approach lie in the fact that these methods not only simulate [biologically plausible] dynamic mechanisms of brain diseases at the neuronal scale, at the level of neural populations, and at the brain region level, but also perform virtual surgical treatments that are impossible to perform in vivo owing to experimental or ethical limitations.
Hybrid cloud and edge computing are not mutually exclusive. There has been significant growth in hybrid solutions, distributing computing intelligently to combine the benefits of cloud and edge. A bespoke hybrid approach with proper planning and management can enhance your business’s DR strategy. Hybrid cloud’s scalability allows businesses to allocate additional cloud resources during a disaster. These additional resources can be allocated to potentially replace failed edge platforms and devices, maintaining critical applications and systems that are servicing the business needs, while reducing the pressure of the recovery process. The speed benefits of dedicated resources in a hybrid cloud solution are multiplied when combined with the reduced latency and enhanced availability of edge computing. Edge devices can be used to process data locally, and cache essential data which can be recovered to a cloud platform in case of a disaster. Processing on the edge and transmitting key information to the cloud can enrich your data, and inform your DR planning.
There is no better way to showcase positive business outcomes than by tracking the ways in which good governance can help tackle obstacles over time. The most obvious of such tracking methods is a data audit. Though an audit may be slightly daunting in terms of its invasiveness in operations, it can be indispensable in uncovering lapses in data quality and risky security gaps in storage and retention. You can cover much of the same territory more informally – and less invasively – through interviews and surveys with stakeholders in the company. With a more open-ended, personalized intake of challenges in governance, these modes of recording can capture the nuances that arise in data integration and glitches in system compatibility, and they’re more likely to harvest the sorts of idiosyncratic insights that might fall through the cracks of a formal audit. Indeed, while Seiner advocates for methods of recording that fall on the more facts-and-figures end of the spectrum – single-issue tracking, analytics, and monitoring – he finds that “one of the most successful ways of doing assessments is simply to talk to people.
As cyberthreats loom large, enterprises of all sizes are increasingly recognizing the need for cyberinsurance. Cyberinsurance offers financial protection and support in the event of cyberattacks or data breaches. It is predicted that by 2040, the cyberrisk transfer market will become comparable in size to property insurance. However, navigating the cyberinsurance market can be complex and daunting. Understanding the key considerations and making informed decisions are crucial to ensuring adequate coverage and effective risk management. ... In this context, alternative risk transfer solutions such as the use of captive fronting are emerging as crucial tools for managing and transferring cyberrisk. By leveraging a captive solution, enterprises can enhance their cyberresilience, mitigate potential financial losses and navigate cyberinsurance more effectively. Captives help increase the attachment point for the insurance market and act as a solution to cover gaps in the insurance market’s capacity. Insurers are increasingly encouraging the use of captives for cyber.