Written by: Csaba Krasznay, Director of Cybersecurity Research Institute at University of Public Service
A new chapter in the security of our world began on 24 February 2022. It's time to prepare your organization against an even stronger wave of cyberattacks.
A new chapter in the security of our world began on 24 February 2022. And the term "our world" must also include cyberspace, as the Ukraine-Russia war has openly demonstrated our dependence on information systems and the vulnerability of this ecosystem. Although the war news has so far focused on classic armed conflict, more and more is being learned about the activities and tools of individual, state and non-state hacker groups. The Cybersecurity and Infrastructure Security Agency (CISA), for example, is constantly raising awareness of both newly discovered codes attacking industrial systems and well-known yet routinely exploited vulnerabilities. Companies can be prepared for a renewed focus on cyber operations as the battle for physical space subsides, with potentially less emphasis on financial gain and more on destruction.
All this has occurred shortly after COVID led most companies to make a decade-long leap in digital transformation. Much of enterprise IT has moved to the cloud, and solutions that exchange data via APIs have become common. However, the rapid digital transition has by definition been driven by a focus on efficiency rather than cybersecurity. It is no coincidence that Gartner predicts that APIs will be the most attacked interfaces in 2022.
So even in a disrupted global security environment, the predictions of experts suggest that Western companies and critical infrastructure operators could have months to prepare for increased cyberattacks. Of course, years of work cannot be completed in this timeframe, but significant results can be achieved in the short term by adopting Zero Trust planning principles. CISA's recommendation, for example, highlights the importance of network micro-segmentation, increased control of privileged users and detection of signs of unusual behavior, and an overall reduction in the attack surface. In practice, these tasks are challenging enough individually, but meeting the full CISA list is almost an impossible task for most companies, while the likelihood of experiencing a cyber attack is higher than ever.
New types of challenges therefore require new types of solutions. Of course, you can't jump years ahead in product development, but re-tuning, integrating and re-designing existing solutions to a Zero Trust approach can provide a quick and cost-effective way to strengthen your cybersecurity. This is why Balasys has come up with an innovation that can provide an effective solution to current challenges such as API interface management and security support, filtering of traffic from the web with web application firewall (WAF) and micro-segmentation of the network, and filtering of malicious traffic with a behavioral analysis. The solution is available as Proxedo API Lifecycle Platform (PALP).
Ez a blogposzt a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA 4.0) License feltételei mellett licencelődik.
Bitcoin account hijacking using OSINT techniques
Researchers at Kudelski Security have managed to break Bitcoin and Ethereum wallets using a novel attack against one of the most popular asymmetric key algorithms of modern cryptography, ECDSA.
Chinese researchers: RSA is breakable. Others: Do not panic!
In a recent publication, Chinese researchers claim that there is an existing algorithm that, even with today's quantum computers, makes it possible to break the RSA algorithm, which is the fundamental basis of secure internet communication. At the same time, there are doubts about the reliability of the publication.