Read: Transforming Back Office Operations with Intelligent Automation

The June 2024 Option One Cybersecurity Briefing

By OptionOne Technologies

We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.

Cybersecurity Threat News

Google Introduces AI-Powered Threat Research Framework “Project Naptime”

Google has introduced Project Naptime, a new framework designed to help a large language model (LLM) conduct vulnerability research. The goal is to enhance automated discovery methods, The Hacker News reported.

“The Naptime architecture is centered around the interaction between an AI agent and a target codebase,” Sergei Glazunov and Mark Brand from Google Project Zero stated.

The framework equips the AI agent with specialized tools to simulate the work of a human security researcher.

Project Naptime gets its name because it allows humans to take breaks while the AI assists with research. The approach leverages advances in code understanding and reasoning capabilities of LLMs.

The project includes tools such as a Code Browser, a Python script runner in a sandboxed environment, a Debugger for observing program behavior, and a Reporter for tracking task progress. Google claims that Naptime is model-agnostic and backend-agnostic, and it excels at identifying buffer overflow and advanced memory corruption flaws.

CYBERSECEVAL 2 benchmarks show significant improvements in these areas compared to OpenAI’s GPT-4 Turbo. The researchers noted, “Naptime enables an LLM to perform vulnerability research that closely mimics the iterative, hypothesis-driven approach of human security experts.”

Sophos Releases State of Ransomware in Financial Services 2024 Report

Sophos recently released its State of Ransomware in Financial Services report for 2024, drawing on the insights and experiences of 592 IT and cybersecurity leaders. According to an article by Sophos News, “This year’s report sheds light on new areas of study for the sector, including an exploration of ransom demands vs. ransom payments and how often financial services organizations receive support from law enforcement bodies to remediate the attack.”

According to the report, 65% of financial services organizations have been hit by ransomware so far in 2024, in line with the 64% rate reported in 2023. Furthermore, 90% of financial services organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack. Of the attempts, just under half (48%) were successful.

The mean cost for financial services organizations to recover from a ransomware attack was $2.58 million in 2024.

About half of the organizations surveyed (51%) paid the ransom to get data back. Notably, victims reported using multiple approaches this year to recover encrypted data, such as by paying the ransom and using backups. Altogether, 37% that had data encrypted reported using more than one method to get their data back.

You can download the full report here.

The US government has banned Kaspersky from selling products in the country due to the company’s alleged ties to the Russian regime, Infosecurity Magazine reported. On June 20, 2024, the Bureau of Industry and Security issued a Final Determination stopping Kaspersky Lab, Inc. from providing any services in the US.

This ban includes the US subsidiary, affiliates, subsidiaries, and resellers, preventing them from selling or updating Kaspersky’s software. Consumers and businesses have until September 29, 2024, to switch to alternative cybersecurity solutions.

Commerce Secretary Gina Raimondo stated the company is under the influence of Moscow, posing a risk to US infrastructure. “The US must act against Russia’s capacity and intent to collect and weaponize the personal information of Americans,” she said.

Sellers who violate the restrictions will face fines. The Department of Commerce will also list two Russian and one UK unit of Kaspersky for collaborating with Russian military intelligence.

Kaspersky has faced US government scrutiny for several years. In 2017, the DHS ordered all agencies to stop using Kaspersky products, a measure that became law in December 2017. In 2022, the FCC listed the firm as a threat to national security.

Kaspersky, headquartered in Moscow, serves over 400 million users and 270,000 clients worldwide. According to the Commerce Department, Kaspersky’s US customer base is significant and includes critical national infrastructure businesses.

Cybersecurity Tips

CISOs Must Plan for Both Disaster and Ransomware Recovery

Although ransomware incidents often make headlines, natural disasters can have a devastating impact on organizations as well. That’s why security leaders must prepare for both eventualities, CSO Online reported.

Ensuring network and operational resilience involves both electronic and physical documentation for backup. Physical copies must be kept alongside electronic ones to provide tangible access during digital system failures.

Engineers must be prepared to handle incidents including natural disasters and ransomware attacks. The network team must be involved in disaster recovery discussions.

During disasters, the primary focus must be on restoring systems and minimizing downtime. Natural disasters can disable hardware and connectivity, complicating recovery efforts.

In ransomware attacks, the infrastructure usually remains intact, but data and applications are compromised. Isolated recovery environments and strong data recovery and cybersecurity measures are essential.

Organizations need a comprehensive IT asset inventory, including hardware, software, and network resources, to effectively plan for recovery. Ranking asset importance helps in assessing risks accurately.

Appointing a disaster recovery leader skilled in IT and project management ensures plans are actionable. This leader should facilitate regular testing of backup and recovery processes.

“If you don’t test your backups and your team’s process for restoring, you’re setting yourself up for failure,” says Amar Ramakrishnan, vice president of product management at BackBox. A capable team and clear internal communication plans are crucial for effective disaster recovery.

Thanks for Reading

That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.