Posts by External News-Site

Belgian and Dutch authorities have arrested eight suspects in connection with a “phone phishing” gang that primarily operated out of the Netherlands with an aim to steal victims’ financial data and funds.
As part of the international operation, law enforcement agencies carried out 17 searches in different locations in Belgium and the Netherlands, Europol said. In addition, large amounts of cash,

​Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. […]

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024.
“Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user’s email to numerous mailing lists simultaneously,” Rapid7

​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. […]

The European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).

These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity in managed security services, the Council of the EU said in a statement.

“In view of the fast-evolving threat landscape, the threat of possible large-scale cybersecurity incidents causing significant disruption or damage to critical infrastructure demands a heightened preparedness of the Union’s cybersecurity framework,” the Council’s statement read.

The legislation will come into effect 20 days after publication in the EU’s official journal.

“It has the potential to enhance cross-border threat detections and response capabilities by forcing collaboration, improving threat intelligence sharing and strengthening overall cybersecurity resilience in the EU,” said Madelein van der Hout, senior analyst at Forrester. “Success will really depend on effective implementation and ongoing commitment from member states.”

Enhancing threat detection and preparedness

The Cyber Solidarity Act introduces a new cybersecurity alert system, creating a network of national and cross-border cyber hubs across the EU. These hubs will monitor and act on cyber threats using advanced technologies like AI and data analytics. This coordinated infrastructure is designed to share warnings and actionable insights across borders, ensuring a more unified response to cyber incidents.

“These cyber hubs will use state-of-the-art technology to detect and share timely warnings on cyber threats across borders,” the statement explained.

Analysts noted that while the Act is a positive step, the EU should not stop at regional collaboration.

“Cybersecurity challenges are inherently cross-border and require collaboration to address effectively,” said Faisal Kawoosa, Founder and lead analyst at Techarc. “The Solidarity Act is a positive step toward fostering information-sharing and collective learning across the EU. However, its impact could be limited if it doesn’t extend collaboration beyond the region. Threats often originate outside the EU, and working as a single block under the Act could streamline and expedite such efforts within the EU, but broader partnerships may be necessary to achieve global effectiveness.”

To address vulnerabilities in critical sectors such as healthcare, energy, and transport, the act also establishes an emergency mechanism. This includes preparedness measures such as stress testing entities for potential weaknesses and developing common risk scenarios and methodologies.

Streamlining incident response

A key component of the act is the creation of a cybersecurity reserve composed of private-sector response teams. These teams will be on standby to assist member states and EU institutions during significant cyber incidents. The reserve is supported by technical mutual assistance measures that promote collaboration among member states.

Additionally, an incident review mechanism will evaluate the efficacy of these emergency responses, ensuring continuous improvement in the EU’s cybersecurity strategies.

This feedback loop will help refine response efforts and identify gaps in preparedness, the statement added.

Addressing practical hurdles

While the unified SOC and enhanced information-sharing mechanisms are pivotal elements of the Cyber Solidarity Act, implementing such a system may encounter challenges.

“Two key challenges stand out,” Kawoosa said. “First, the hybrid system’s effectiveness hinges on extensive information sharing among member nations while balancing compliance with varying domestic data privacy and security laws. Despite having umbrella regulations, nuanced differences persist across countries. Second, establishing a unified Security Operations Center (SOC) will require clear definitions of its functions, limitations, and scope. Coordination with multiple law enforcement agencies across the region will further add complexity.”

According to Madelein, while the Cyber Solidarity Act presents a framework for enhancing cybersecurity across Europe, there are several challenges.

“The first is coordination complexity: the logistical challenges of coordinating efforts across multiple nations with different legal frameworks and operational protocols could hinder effective implementation. For instance, data localization laws mandate that data must be stored within the country of origin, leading to operational hurdles for companies operating across borders. The evolving nature of these regulations adds another layer of complexity requiring organizations to continuously adapt their practices to remain compliant,” Madelein said.

“Second is sustained investment: continuous funding and resource allocation will be necessary to maintain and evolve these initiatives in response to an ever-evolving threat landscape.  We also see infrastructure disparities: the technological infrastructure supporting cybersecurity varies significantly between nations. Some regions may lack the necessary resources or expertise to implement.”

She feels security risk is another major challenge. “Transportation of data across borders increases vulnerabilities to cyber threats. Data may pass through jurisdiction with weaker measures, raising concerns about breaches and misuse.”

These issues underscore the complexities involved in ensuring cross-border cybersecurity collaboration without undermining national regulations or operational efficiency.

Standardizing managed security services

A targeted amendment to the 2019 Cybersecurity Act complements the primary legislation by recognizing the growing importance of managed security services. This provision will enable the development of European certification schemes for specialized cybersecurity interventions, including incident handling, penetration testing, security audits, and technical consulting, the statement added.

The move addresses a critical gap in the current cybersecurity landscape. By creating standardized certification processes, the EU aims to foster trust, increase service quality, and prevent market fragmentation. Some member states had already begun developing national certification schemes, and this legislation provides a unified, comprehensive framework.

“This targeted amendment will enable the establishment of European certification schemes for these managed security services,” the Council’s statement read.  “It will help to increase their quality and comparability, foster the emergence of trusted cybersecurity service providers, and avoid fragmentation of the internal market given that some member states have already started the adoption of national certification schemes for managed security services.”

These certifications are expected to help businesses evaluate service providers more effectively, improving confidence in outsourcing critical cybersecurity functions.

“This will create a unified and standardized framework across the region,” Kawoosa noted, highlighting how the framework simplifies compliance, making it easier for businesses to navigate varying regulations in different member states.

“It is necessary in building trust among consumers and businesses,” Madelein pointed out. “Harmonization of cybersecurity standards is important in bringing better and more secure solutions. It also attracts investment investors are more inclined to support companies that operate within well-defined regulations.”

The proposals originated from the European Commission on April 18, 2023, and underwent extensive collaborative refinement. On March 6, 2024, co-legislators reached a provisional agreement, marking a significant milestone in digital policy development.

Both legislative acts are set to be published in the EU’s official journal in the coming weeks.

Storm-1811’s latest help desk scam begins with email bombing leading to IT impersonation and ends with Black Basta ransomware 

Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.

Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. […]