Skip to main content

Friday Five: Zero-Trust Guidance, IP Theft, Surging Cybercrime, & More

by Robbie Araiza on Friday March 8, 2024

Contact Us
Free Demo
Chat

An FBI report on rising cybercrime topped this week's headlines and was further underscored by an IP theft scandal at Google, but new initiatives from the White House and NSA aim to combat such threats. Get up to speed on these stories and more in this week's Friday Five!

BIDEN’S NEW DATA SECURITY ORDER LEAVES INDUSTRY OFFICIALS, PRIVACY ADVOCATES SCRATCHING THEIR HEADS BY DAVID DIMOLFETTA

A new White House directive aims to empower agencies to prevent Americans' sensitive data from being accessed by foreign adversaries, but industry executives express concerns that it could disrupt current data flow mechanisms and privacy advocates argue it doesn't go far enough. The directive aims to block data transactions with countries like China and Russia, citing national security risks. Furthermore, the order contemplates restrictions on data broker transactions and holds individuals liable for selling bulk personal or government data to adversarial nations. The impact on U.S. spy agencies relying on data broker transactions remains unclear.

Read more

NSA SHARES ZERO-TRUST GUIDANCE TO LIMIT ADVERSARIES ON THE NETWORK BY IONUT ILASCU

The National Security Agency (NSA) has released new guidance on implementing zero-trust framework principles to help organizations limit adversaries' movement on internal networks. Zero-trust architecture involves strict controls for accessing resources on the network, regardless of their location, to minimize the impact of breaches. The NSA's guidance focuses on the network and environment component, which includes all hardware and software assets, non-person entities, and inter-communication protocols. The guidance outlines maturity levels for data flow mapping, macro and micro-segmentation, and software-defined networking, with the goal of achieving an enterprise architecture that resists, identifies, and responds to threats.

Read more

GOOGLE ENGINEER CAUGHT STEALING AI TECH SECRETS FOR CHINESE FIRMS BY BILL TOULAS

Linwei (Leon) Ding, a former Google software engineer, has been indicted by the U.S. Department of Justice for allegedly stealing trade secrets related to Google's artificial intelligence (AI) technologies. The charges state that Ding stole proprietary information about Google's advanced supercomputing data centers and transferred it to two Chinese companies. The stolen trade secrets include details about GPU and TPU chips, software enabling chip communication and task execution, and the Cluster Management System orchestrating thousands of chips into a supercomputer. Despite Google detecting unauthorized data transfer, Ding allegedly lied to investigators and faces a maximum penalty of 10 years in prison and fines.

Read more

FBI: CYBERCRIME COST AMERICANS OVER $12.5B IN 2023 BY SIMON HENDERY

The FBI's Internet Crime Complaint Center (IC3) revealed a 22% surge in reported cybercrime costs in the U.S. for 2023 in its annual report, surpassing $12.5 billion. With a record 880,418 complaints, up nearly 10%, investment fraud and business email compromise (BEC) led in losses. Investment fraud complaints totaled over 29,000, with losses at $4.57 billion, notably $3.94 billion in cryptocurrency fraud. BEC attacks incurred $2.9 billion in losses. Ransomware incident reports rose by 18%, costing $59.6 million, with the healthcare/public health sector, critical manufacturing, and government facilities coming in as the three most targeted groups. The figures may underestimate actual losses, as reporting remains incomplete.

Read more

ATTACK WRANGLES THOUSANDS OF WEB USERS INTO A PASSWORD-CRACKING BOTNET BY DAN GOODIN

Hackers have repurposed hundreds of compromised WordPress sites into command-and-control servers for password-cracking attacks. The attack, identified by researcher Denis Sinegubko, uses a JavaScript script hosted on 708 infected sites to force visitors' browsers into brute-force attempts on thousands of other WordPress sites. The attackers follow a multi-stage process that includes obtaining URLs, extracting usernames, injecting malicious scripts, brute-forcing credentials through visitors' browsers, and verifying compromised credentials. The attack leverages the unwitting participation of visitors, making it challenging to filter and block such malicious requests. The ongoing campaign highlights the need for user vigilance and potential countermeasures like using browser extensions or ad blockers to block JavaScript on unknown sites.

Read more

Tags:  Data Security Cybercrime Zero Trust Botnet Insider Threat

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.

Get the latest security insights
delivered to your inbox each week.