Mediaboss Marketing

SAN FRANCISCO Russian hackers are focused on using ransomware to attack supply chains both within Ukraine and in European countries being used to provide weapons and humanitarian aid in support of the Ukrainian war effort, a top National Security Agency official said Wednesday.

And as the war drags on, Russian hackers could be looking to attack logistics targets more broadly, including in the United States, said Rob Joyce, the NSAs director of cybersecurity. The NSA is seeing a significant amount of intelligence gathering into the Western countries, to include the U.S., in that logistics supply chain, Joyce said during a briefing at the RSA Conference.

There are no indications yet that any U.S. companies have been attacked with ransomware in connection with logistics related to Ukraine, he added, noting that how the United States would respond to such a scenario would be a policymaker question. If Russia broadened its attacks beyond Ukraine and its near abroad, that would represent a significant escalation in tactics and capabilities,Joyce said.

Military and humanitarian supplies especially lethal aid from the United States and European countries have played a pivotal role in Ukraines relatively successful effort to fend off the Russian invasion. The U.S. has provided Ukraine with nearly $30 billion in support along with a range of military equipment, including tanks and ammunition. The conflict in Ukraine marks the first time in the history of the European Union that the bloc has supplied lethal aid to another country.

Undermining that external support could provide a boost to the Russian war effort. I think theyre trying to figure out what is the way to disrupt the logistics internal to Ukraine, but especially all of the surge that the West has been able to bring forth, both lethal and the humanitarian goods flowing in, Joyce said.

Joyces warning on ransomware attacks on supply chains comes six months after the first publicly known instance of such an attack. In October, the Russian military intelligence hacking unit known as Sandworm targeted transportation and logistics companies within Ukraine and Poland with ransomware in October, according to Microsoft researchers.

That attack relied on a previously unidentified ransomware variant dubbed Prestige, and some observers perceived the decision to deploy ransomware against supply chains in Poland, a NATO member, as an escalation in Russias willingness to use its cyber capabilities to prosecute the war beyond Ukrainian borders.

More here:
NSA sees 'significant' Russian intel gathering on European, U.S. supply chain entities - CyberScoop

SAN FRANCISCO Artificial intelligence, particularly generative forms such as ChatGPT, was on the lips and minds of many cybersecurity professionals at the RSA Conference, including Rob Joyce, director of cybersecurity at the National Security Agency.

You cant walk around RSA without talking about AI [and] machine learning, Joyce said during a keynote about the state of cyberthreats, emerging risks and predictions for the year ahead.

Generative AI is a technological explosion, Joyce said. I wont say its delivered yet, but this truly is some game-changing technology thats emerging.

Cybersecurity professionals have concerns about AI and large language models fueling more dangerous and sophisticated attacks. That hasnt happened yet, but it could within a year, according to Joyce.

The NSA is tracking advancements for defenders and adversaries, and focusing on three areas as ChatGPT and other generative AI tools gain momentum. Here is what theyre watching.

How adversaries ultimately leverage generative AI and what they do with it remains a top, but not overwhelming concern.

I dont expect some magical technical capability that is AI generated that will exploit all the things, Joyce said.

Adversaries linked to nation states and criminal organizations are just starting to experiment with ChatGPT in their workflows, according to Joyce. Generative AI will eventually reduce the cycle and dwell time for attackers and its already enabling more effective phishing attacks.

AI will help threat actors rewrite code, changing the signature and attributes, to give it a unique look and feel that will impose challenges on defenders in the near term, Joyce said.

Buckle up, Joyce said. A year from now I think well have a bunch of examples of where its been weaponized, where its been used and where its succeeded.

On the fringes of generative AI advancement, Joyce and his colleagues at the NSA are cautiously tracking how adversaries might sow distrust or poison the well-intentioned operation of AI, rendering its benefits ineffective.

As people understand models are out there, theres going to be folks who look to manipulate them, Joyce said. How do we get trust and assurance in some of the things that were going to start counting on in generative AI and other models?

The NSA is also studying how defenders can use AI or machine learning to regain advantages.

Its showing real promise in being able to do rote things at scale scanning across massive amounts of logs, being able to pull patterns out to be able to correlate known CVEs and other things into your data streams, Joyce said.

Generative AI is especially impressive when used to add machine-like focus to troves of data and help defenders prioritize activities.

Thats the accelerant for defense, Joyce said. Its a huge amplification capability to make our defenders better, and I think youll see some of that emerge as well.

Follow this link:
3 areas of generative AI the NSA is watching in cybersecurity - Cybersecurity Dive

By now, most of the industry has realized were seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders havent realized this, malicious actors certainly have, with 80% of web application attacks utilizing stolen credentials and 40% of breaches that dont involve insider threats and user error involving stolen credentials, according to sources such as the 2022 Verizon Data Breach Investigation Report.

Compromised credentials were involved in incidents such as the 2021 Colonial national gas pipeline breach, the 2021 Oldsmar Florida water treatment plant attack, and an attack on the South Staffordshire water treatment plant in the UK in 2022, illustrating that these incidents can and have spilled over from the digital realm to the physical, impacting critical infrastructure.

Luckily, were seeing a change in the industry to pivot to a zero-trust model of cybersecurity, underpinned by an emphasis on identity and data rather than the legacy castle-and-moat approach that preceded it and led to several decades of brittle defense and massive data breaches. This pivot includes guidance from leading organizations such as the National Security Agency (NSA), which in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) recently released a Recommended Best Practices for Administrations - Identity and Access Management (IAM) guide.

The guidance opens by discussing the current threat landscape along with an overview of threat mitigation techniques. The NSA points out that some of the most common techniques used by malicious actors include activities such as creating new accounts to maintain persistence, exploiting vulnerabilities to forge authentication assertions, exploiting existing users and their access, and exploiting insecure system defaults and configurations. The guides most salient sections are dedicated to identity governance, environmental hardening, identity federation and single sign-on (SSO), multifactor authentication (MFA), and auditing and monitoring, which we will discuss below.

Identity governance helps organizations centralize and orchestrate activities associated with both user- and non-person entities (NPE) such as service accounts to align with their organizational policies. These activities cover the entire lifecycle of an account or identity, such as when an individual joins, moves, or leaves an organization or a team, triggering activities associated with their credentials and associated permissions. That same concept applies to NPEs such as machine-based identities that need credentials and permissions to carry out activities within an architecture.

Determining who has access to what and the risks associated with that access and then dynamically managing the access appropriately is no easy task. Identity governance enables a centralized approach to ensure the broad application of organizational policies, as well as mitigating risks such as identity sprawl and permission creep, in which individuals accounts are properly managed but their associated permissions regularly extended beyond what they actually need for their jobs. When this occurs and those credentials are compromised or abused, it can wreak havoc on organizations.

Leveraging innovative and emerging technologies, organizations can enable this governance while also taking advantage of capabilities such as conditional-based access control and dynamic least-permissive access control rather than long-lived credentials and access. Implementing identity governance can help mitigate attacks such as phishing, insider threats, and malicious actors creating accounts to maintain persistence beyond their initially compromised account. The NSA guidance also recommends utilizing privileged access management (PAM) solutions for advanced capabilities such as just-in-time access control.

Identity governance utilizes hardware, software, and digital environments to enable its implementation, and this is where environmental hardening comes into play. The NSA guidance points out that environmental hardening activities such as patching, asset management, and networking segmentation, along with other security best practices are key to mitigating the potential for compromised credentials, as well as limiting the blast radius, should an incident occur.

It is well known that malicious actors regularly try to compromise IAM components, so ensuring the security of environments in which those components operate is a key consideration. This includes performing activities such as creating a comprehensive asset inventory, understanding the connectivity of the assets youve identified, and protecting assets appropriately based on how critical they are to a business. You dont apply the same level of resources and rigor to a publicly available, non-sensitive system as you do to your crown jewel systems, for example.

Knowing that credentials are a key target for malicious actors, utilizing techniques such as identity federation and single sign-on can mitigate the potential for identity sprawl, local accounts, and a lack of identity governance. This may involve extending SSO across internal systems and also externally to other systems and business partners.

SSO also brings the benefit of reducing the cognitive load and burden on users by allowing them to use a single set of credentials across systems in the enterprise, rather than needing to create and remember disparate credentials. Failing to implement identity federation and SSO inevitably leads to credential sprawl with disparate local credentials that generally arent maintained or governed and represent ripe targets for bad actors.

SSO is generally facilitated by protocols such as SAML or Open ID Connect (OIDC). These protocols help exchange authentication and authorization data between entities such as Identity Providers (IdP)s and service providers. It is key for organizations utilizing SSO to understand the protocols involved as well as how the service providers involved have secured the protocols and the services themselves. The guidance provides a logical depiction of an example authorization data flow.

Best practices for implementing identity federation and SSO include knowing what systems in the environment are integrated with SSO or utilizing local identities, understanding how your trusted partners may leverage local accounts, and utilizing configuration management solutions to support identifying, tracking, and reporting on local account usage in an environment while working to get more systems federated and integrated with SSO to cut down on local account usage and its associated risks.

By now, most CISOs should be familiar with MFA. But for those who arent, at a high level, MFA requires users to utilize multiple factors as part of their authentication activities. Think of a username and password plus an SMS text or code sent to an authentication app on your phone. As shown in the NSA guidance, these factors typically take the form of using something you have, know, or are (such as biometrics) as validation tools.

We know that malicious actors are after credentials to carry out their activities and the use of MFA significantly decreases the risk of compromised credentials, particularly high-assurance approaches such as phishing-resistant MFA.

MFA helps mitigate situations in which passwords have been exposed through external system compromises or by unauthorized users who convince victims to share their passwords. The use of strong MFA form factors ensures that the exposure of a username and password alone wont leave an account compromised. The NSA guidance ranks MFA types, from weakest to strongest as SMS or voice, app-based MFA, and phishing-resistant MFA such as PKI-based systems and fast-identity hardware tokens (FIDO).

It is often said that many organizations are already compromised they just dont know it yet. This is where activities such as identity access management auditing and monitoring come into play, with value beyond compliance purposes: it helps identify anomalous or malicious activity present in an environment.

IAM auditing can provide insight into how systems are being used or abused, detect problems earlier in their lifecycle, aid in gathering forensic evidence which may be needed later as well as ensure privileged users know their activities are being monitored.

To prepare to implement successful and effective IAM auditing and monitoring, organizations need to first understand what normal behavior is, be familiar with organizationally defined policies and processes, as well as identify users with access to critical assets so they know what users and activities are the most critical to audit and monitor.

Organizations also need to ensure they have sufficient tooling and analytical capabilities in place to make use of the collected data and telemetry, as well as ensuring they have tooling in place to gather and consolidate it, to begin with. Organizations will also want to ensure they are not collecting noise and irrelevant data that simply distract from signals that are of real concern and pose risks to the organization.

Organizations looking to implement NSA-recommended identity and access management (IAM) protocols, the agency provides an appendix in the guidance that provides a detailed checklist for each of the areas discussed throughout this article. This provides a quick punch list approach to allow organizations to tackle the most pressing and key activities when it comes to securing their IAM processes and systems.

See the original post:
Embracing zero-trust: a look at the NSAs recommended IAM best practices for administrators - CSO Online

New Delhi: Iran on Monday, May 1, called for greater use of national currency in trade, even as India reportedly conveyed that the recent reconciliation between Tehran and Riyadh would have a profound impact in changing regional equations at the international level.

This was allegedly discussed during the delegation-level meeting of Irans Secretary of the Supreme National Security Council (SNSC) Ali Shamkhani with visiting National Security Advisor Ajit Doval in Tehran on Monday, Iranian state media IRNA reported. The Indian NSA also called on Iranian President Ebrahim Raisi and Foreign Minister Hossein Amirabdollahian. There is no public readout of the meetings from the Indian side.

According to Indian government data, bilateral trade between India and Iran grew by 48% to reach $2.5 billion in 2022. This increase was largely due to an increase in Iranian petroleum exports to India. Western sanctions have largely impeded trade ties due to restrictions over financial transactions.

This year, bilateral trade dropped by 13% in the first two months. However, Irans exports grew by 91% to India in the two months compared to the same period in 2022.

The Iranian national security advisor told his Indian counterpart it would be helpful to activate the rial-rupee mechanism, as per Tasnim news agency.

Advertisement

Advertisement

He emphasized that the launch of the financial transaction system using the currencies of Iran and India would be a major step towards the fulfilment of the common purposes in the economic field, said the Iranian news agency report.

Doval also reportedly asserted that Chabahar port in Iran, which is being supported by Indian firms, is the gateway for increased cooperation between the two countries.

According to Irna and Tasnim, Doval hailed the recent agreement between Iran and Saudi Arabia that restored diplomatic relations. The agreement, brokered by China, marked the end of seven years of diplomatic estrangement.

Indias public response to the deal had been a cautious statement that New Delhi had always favoured dialogue and diplomacy. Irna indicated that Doval was more expansive and noted that the Iran-Saudi agreement would have profound regional effects on changing relations in the international system.

The senior Indian official also spoke about the deep influence of Iranian culture in India as an indication of close ties between the two nations.

Not surprisingly, Afghanistan was on the agenda, with Doval batting for cooperation between Tehran and New Delhi to boost stability in Afghanistan. The Indian NSA also said, as per IRNA, that the two countries should work together to eradicate Takfiri terrorism in Afghanistan, a label used by Iran and the Taliban against IslamicState-Khorasan Province (IS-KP).

Iran has cultivated close ties with the Taliban, even before the insurgency had taken over Kabul in August 2021. While officially Tehran does not recognise the Taliban government, it allowed a Taliban-appointed official to take over the Afghan embassy to Iran.

See original here:
At NSA Talks, Iran Raises Rial-Rupee Trade, India Says Deal With Saudi Will Have 'Profound' Impact - The Wire

The National Sheep Association (NSA) has said that its 2023 NSA Welsh Sheep event next month will showcase the very best of commercial farming in Wales.

The event will welcome visitors to Red House Farm, Aberharesp, Powys, on Tuesday, May 16, 2023.

The on-farm event aims to be a technical and informative one that the NSA says is not to be missed by sheep producers far and wide.

This year, the association said, there will be a new emphasis on reaching out to tell the public of the positive story that is Welsh sheep farming.

The NSA said the event will feature a seminar tent that will have discussions on the role of lamb and mutton in the human diet.

As well as this, conversations will be held surrounding the sustainability of sheep farming and the importance of looking after the next sheep farming generation.

The seminars will be chaired by John Yeomans, NSA Cymru committee member; Phil Stocker, NSA chief executive; and Catherine Smith, chair of Hybu Cig Cymru Meat Promotion Wales (HCC).

Yeomans will chair the discussion on lamb and muttons role in the diet, and he will be joined by speakers Dr Eleri Thomas from HCC, Robbie Davison from Can Cook-Well Fed and Bob Kennard of British Heritage Sheep.

The NSA Welsh Sheep team said the discussion will focus on the criticism red meat has faced and how research needs to be used to challenge this.

This seminar will explore how our predominantly grass-fed lamb and mutton can fit with healthy eating messages, giving you some facts that can be used to dispel some of the myths around eating meat, it said.

NSA chief executive Stocker will chair the seminar on sheep sector sustainability, with guest speakers including Rachel Madeley Davies of HCC, Dr Janet Roden of Innovis, Prysor Williams of Bangor University and Nicky Naylor of Harper Adams University.

Stockers discussion will focus on how the Welsh sheep sector aims to produce high quality food sustainably, and fit in other interests around land management including the increasing demands relating to carbon sequestration.

Questions will be asked in relation to what can be done to reduce emissions in the sector, the potential for grasslands to outperform mass forestry in terms of its delivery of public goods, and how pastures and farm infrastructure may need to be managed differently to deliver more.

The events final seminar, on the next generation of sheep farmers chaired by Smith, will feature the following speakers:

The discussion will be centered on making the next generation of sheep farming enthusiastic and well-educated on the industry.

NSA Welsh Sheep said the young farmers need security and support as well as the potential for viable and rewarding businesses and careers.

This seminar will consider what it will take to further grow a positive recognition of sheep farmers and what we can do to ensure a satisfying and fulfilling future, it said.

Continue reading here:
NSA event to showcase 'very best' of Welsh sheep farming - Agriland.co.uk