Apex Sentinel Group’s Post

Since October 2023, Iranian actors have been utilizing various tactics, including password spraying and 'push bombing' multifactor authentication, to compromise user accounts and gain access to organizations. These actors often manipulate MFA registrations to maintain persistent access and conduct network reconnaissance to obtain additional credentials. The authoring agencies have identified that these Iranian actors sell the obtained information on cyber criminal forums, potentially leading to further malicious activities. Stay informed by reading more about this from CISA: [Link to report](https://lnkd.in/enzcUpsm).

State security agencies from the US, Canada, and Australia have issued a joint advisory warning of Iranian cyber threats targeting multiple critical infrastructure sectors since October 2023. These sectors include healthcare, government, information technology, engineering, and energy. The advisory does not specify the geographic regions affected or how the attacks were attributed to Iran-based actors. The cyber attackers likely aimed to steal credentials and sensitive information to gain further access. The agencies believe these Iranian threat actors acted as initial access brokers (IAB), selling the compromised information to other cybercriminals for further malicious use. The attackers employed various techniques, including brute force, password spraying, and multifactor authentication (MFA) push bombing, to infiltrate user accounts and compromise organizations. Further details on the techniques used are available from the source. #threatintelligence #datasecurity #cybersecurity https://lnkd.in/eDb5g6M2

The head of British Columbia’s civil service has confirmed that a “state or state-sponsored actor” is behind multiple cyber-security incidents against provincial government networks. The first breach was detected on April 10, followed by further “incidents” on April 29 and May 5. While the province insists there is no evidence at this point that sensitive information was compromised, provincial authorities continue to monitor the situation. Cyber attacks and breaches are becoming more and more prevalent, with governmental infrastructure a key target. Is your organization prepared for a cybersecurity breach? Contact your HUB International Canada cyber expert to help you customize a risk management and insurance program for your operations. #LifeAtHub #Cybersecurity #RiskManagement

A Chinese security firm has suffered a massive data leak, revealing that state security agents pay large sums of money to collect data on various individual and organisational targets. They then try to sell this data to prospective clients. The Guardian quotes computer security expert Alan Woodward as saying that the Chinese state is collecting “as much data as [it] can” “in case it proves useful” – as opposed to hacking groups linked to the Russian state, which tend to focus on more targeted ransomware attacks and system disruptions. With cyberattacks rising (and becoming increasingly sophisticated), it’s more important than ever that organisations are prepared to protect their systems and train their teams. #cybersecurity #crisistraining https://lnkd.in/eQGaqJgs

FBI confirms China-linked cyber espionage involving breached telecom providers: After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part of a “broad and significant cyber espionage campaign.” “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private … More → The post FBI confirms China-linked cyber espionage involving breached telecom providers appeared first on Help Net Security.

🌐🔐 Cybersecurity and telecommunications are deeply interconnected, as secure communication networks are the backbone of modern society. Recent warnings from the FBI and CISA about cyberattacks targeting U.S. telecoms emphasize the need for strong cybersecurity. Threats like data breaches, service disruptions, and espionage highlight the vulnerability of telecom systems. To counteract these risks, measures such as advanced encryption 🔒, secure authentication methods 🔑, and proactive monitoring 🌐 are vital. Safeguarding telecom infrastructure ensures resilience against cyber threats, protecting both critical services and sensitive information 📞🛡️ #CustomerExperience #CXTrends #Expo #CXInnovation #CustomerJourney #CustomerSuccess #ExperienceMatters #VoiceOfCustomer #ServiceDesign

🇨🇳 CISA & FBI: Chinese Hackers Compromise U.S. Telecom Networks 🇺🇸 CISA and the FBI report that Chinese hackers have breached U.S. telecom networks, potentially exposing sensitive communications. This attack underscores the critical need for enhanced network security. 🔒 #CyberSecurity #Telecom #CISA #NetworkSecurity

CIS publishes new report on defining "Reasonable Data Security" The Center for Internet Security (CIS) recently published this guide in collaboration with other cybersecurity and legal experts in an attempt to help organizations understand what "Reasonable Data Security" means and also to provide prescriptive controls that any organization regardless of industry can implement to protect its organization and mitigate harm to others. The CIS calls on regulators to better articulate what their regulations mean when they demand reasonable safeguards. They have done an excellent job of aggregating various federal and state regulations to show that the CIS Critical Security Controls can serve as a standard by providing adequate coverage. The report can be found here: https://lnkd.in/dS2wFU_h..

EU Parliament approves Cyber Resilience Act The European Union (EU) Parliament approved Tuesday new #cyber_resilience standards to protect all #digital_products in the EU from #cyber_threats. The regulation aims to ensure that products with digital features are #secure to use, #resilient against #cyber_threats, and provide enough information about their security properties. The regulation also highlighted that secure internet is indispensable for the functioning of #critical_infrastructures and for society as a whole. More details in this article written by Anna Ribeiro https://lnkd.in/eJHKjWQa