Valid as of today SC-400 VCE that never go wrong. gives you the legitimate, Latest, and 2022 refreshed Microsoft Information Protection Administrator Practice Test and gave a 100 percent Guarantee. Anyway, 24 hours practice with VCE test system is required. Simply download SC-400 study guide and Study Guide from your download segment and begin rehearsing. It will simply require 24 hours to prepare you for a genuine SC-400 test.

Exam Code: SC-400 Practice test 2022 by team
Microsoft Information Protection Administrator
Microsoft Administrator techniques
Killexams : Microsoft Administrator techniques - BingNews Search results Killexams : Microsoft Administrator techniques - BingNews Killexams : Reset Administrator password in Windows 11/10 using Sticky Keys

For a general Windows user, resetting a lost or forgotten administrative password can be a bit troublesome if you don’t have the proper tools and techniques to reset it, depending on the underlying OS that you’re using. However, there are several third-party free password recovery tools available in the market that can help you reset your password, but that’s not our Topic here. In this guide, we show you how to reset & recover a lost or forgotten Windows password using a simple Sticky Keys trick.

Sticky Keys enables users to enter key combinations by pressing keys in sequence rather than simultaneously. This is desirable, especially for users who are unable to press the keys in combination due to some physical challenges. Although the method of enabling Sticky keys helps in simplifying various tasks, its system files can be replaced.

You can replace an Ease of Access system file like sethc.exe, with a Command Prompt, and then use cmd.exe to make system changes.

Before proceeding with this method, please make a note of the following:

  1. When you reset a Windows password, all the files that have been compressed/encrypted using tools such as Encrypting File Systems (EFS) will be lost.
  2. Stored Internet Explorer passwords and settings will be lost as well.

So if you have a backup it will be good for you.

TIP: Our Ease Of Access Replacer lets you replace Ease of Access button in Windows with useful tools, including CMD.

For resetting the password, you will need a Windows PE bootable drive which can be used to access the command prompt where you will have to set the new password.

Follow the below steps once you have the Windows PE DVD booted and ready.

1. Boot from the Windows PE DVD and open Command Prompt from the Advanced troubleshooting menu.

2. Enter the drive letter where your Operating System is installed, which is usually the C: Drive. Initially, you should be on X: drive which is the default residence for Windows PE.

3. Type in the below command after replacing C with the drive where Windows is installed on your PC.

copy C:\Windows\system32\sethc.exe C:\

Reset Administrator password

4. After taking the backup of the original file, run the below command to replace it in the original location.

copy /y C:\Windows\system32\cmd.exe C:\windows\system32\sethc.exe

The above command should replace the sethc.exe file with the cmd.exe file.

5. Now, restart your PC and navigate to the screen where it requires a password. Press the SHIFT key 5 times.

6. A command prompt window should open where you can enter the below command and reset your account password. You can get the list of current users on your PC by using the command net user.

net user your_account  new_password

How to reset forgotten Administrator password using sticky keys trick in Windows

Well, that’s it! You should be able to reset the password now.

Once you are in, you should replace the cmd.exe file with the original sethc.exe system file.

How to reset forgotten Windows administrator password using sticky keys trick
Wed, 03 Aug 2022 02:32:00 -0500 en-us text/html
Killexams : Microsoft’s Warning About How Hackers Are Bypassing MFA – What You Need to Know

How Hackers Are Bypassing MFA

With many companies shifting to multi-factor authentication (MFA) for verifying users, hackers have had to change their approach. Microsoft recently issued a warning that threat actors are gaining ground by adapting their techniques to bypass MFA protections. Luckily, the company has advice on how businesses can mitigate these attacks making things more difficult for remote workers.

The Rise of MFA

Five years ago, most companies still relied on password access to resources. That became a problem as hackers used various ways to access those credentials. Social engineering was particularly effective, especially if a bad actor managed to imitate a higher-up in the company to manipulate an unsuspecting employee into giving up valuable information.

Today, many users access work resources from a personal device like a cell phone or home PC. These unmanaged devices are a prime target for token theft, a method increasingly used by hackers. Because they typically have weaker security protections, cyber thieves can get what they need from untracked personal devices without being detected by corporate IT security.

Microsoft raised the alarm about token theft being used to bypass MFA because of how relatively easy it can be to do. You don’t need to be a master coder or purchase expensive hacking tools to initiate a bypass MFA attack. The methods are difficult to detect because most businesses aren’t actively looking out for the threat.

Top Bypass MFA Attack Methods

Adversary-in-the-middle (AiTM) frameworks and pass-the-cookie attacks are the leading methods employed by threat actors to get past MFA protections.

AiTM Frameworks

Similar to tools used to steal passwords in the past, hackers use AiTM frameworks to intercept tokens. A top example is Evilginx2, which inserts a false framework between an employee and a work application they’re trying to access. If successful, the bad actor can seize both a user’s credentials and the generated MFA token.

It’s bad enough if a hacker phishes a regular user. They can wreak a lot more havoc if they get hold of a token with Global Administration privilege. They can try and completely hijack an Azure AD tenant, resulting in loss of control and a compromised tenant.

Pass-the-Cookie Attacks

A pass-the-cookie attack compromises browser cookies to gain access to corporate resources. Cookies get created and stored for a session after getting authenticated by Azure AD in a browser. If a hacker can break into a personal device, they can steal that cookie and pass it to a different browser or system, easily bypassing company security checks.

More employees are working from home than ever, connected to company workspaces by a personal device. The lack of security protections on those devices makes them an ever-growing threat to an organization’s security posture. Many people use the same device to log in for work and to browse their social media profiles. If they’re signed into both at the same time, a cyber attacker could easily compromise tokens generated for both.

There’s a lot of malware available that malicious actors can use to hack browser cookies. A bad actor doesn’t need to know anything about a user’s email address or password. They only need the information held within the cookie.

Dealing With MFA Bypass Attacks

Below is an overview of what Microsoft believes organizations should do to protect themselves against the rise in MFA bypass attacks.

Increased Visibility

Microsoft recommends that organizations make inroads into gaining more visibility into how users authenticate themselves. Companies should know which devices are being used by employees to log into various resources. Incorporating compliance tools along with other device-based conditional policies makes it easier to track and update them through security patches, antivirus software, and endpoint detection and response (EDR) solutions.

Adherence to Security Baselines

Microsoft also recommends following its security baselines to lower the risk of an end-user’s device being compromised by an MFA bypass attack. Using conditional access policies and other controls can also lower instances of token theft.

  • Making session lifetime shorter forces users to authenticate themselves more frequently
  • Cutting down on how long a token remains viable forces hackers to make more token theft attempts, increasing their chance of getting caught
  • Using Microsoft Defender for Cloud apps to implement Conditional Access App Control offers protection against workers using unmanaged devices

Blocking of Initial Access

Companies should use phishing-resistant MFA solutions for added protection. The loss of convenience for users is worth boosting the security around Global Admin privileges and high-risk business applications.

Segregation of Privileged Users

It’s also a good idea to move users with advanced tenant privileges into a separate cloud-only identity. That’s the only space where they should be free to perform any administrative activities. Doing so reduces the attack services in case any on-premises services get compromised.

Because it may not be practical for organizational decision-makers to enforce strict controls over all devices and applications, the focus should be placed on protecting:

  • Users like Global Admins, Billing Admins, and Authentication Admins
  • Finance applications a hacker could use for financial gain
  • Applications containing a lot of personally identifiable information (PII)
  • Access to productivity cloud apps and Office 365 services like Teams and SharePoint

Detecting and Responding to Bypass MFA Attacks

Companies can flag suspicious token events using protections like Microsoft Defender for Cloud Apps and Azure Active Directory Identity Protection. Organizations should focus on tracking high-severity alerts and users who constantly trigger warnings.

After a token gets stolen, businesses can revoke refresh tokens and force users to reauthenticate themselves. Resetting user passwords is a critical part of the revocation process. Keep in mind that the compromised token doesn’t get invalidated immediately. They can remain functional for up to an hour, giving hackers enough time to do what they want with a user’s account.

Organizations should reinforce their security protections by setting alerts to review high-risk tenant modifications, including the creation of or changes to:

  • Security configurations
  • Exchange transport rules
  • Privileged users or roles

Protect Your Company Against Advanced Security Threats

Axiad Cloud portfolio helps organizations protect their users, machines, and interactions with a set of powerful products driven from a SaaS platform. Learn more about how we can help by scheduling a demo of our solution.

The post Microsoft’s Warning About How Hackers Are Bypassing MFA – What You Need to Know appeared first on Axiad.

*** This is a Security Bloggers Network syndicated blog from Blog - Axiad authored by Axiad Team. Read the original post at:

Tue, 06 Dec 2022 05:31:00 -0600 by Axiad Team on December 6, 2022 en-US text/html Killexams : Best Database Certifications for 2022
  • Database technology is crucial in multiple applications and computing tasks, and certifications help demonstrate job readiness and core competencies. 
  • Before pursuing a database platform certification, you should have a solid background in relational database management systems and the SQL language. 
  • Valuable certifications are typically tied to specific technology companies and their platforms, such as IBM, Microsoft, Oracle and SAP.
  • This article is for IT professionals considering database certifications to further their careers. 

While database platforms have come and gone through the decades, database technology is still critical for multiple applications and computing tasks. IT professionals often seek database certifications to demonstrate their knowledge and expertise as they navigate their career paths and pursue professional growth. 

While database certifications may not be as bleeding edge as Google cloud certifications, cybersecurity certifications, storage certifications or digital forensics certifications, database professionals at all levels possess in-demand career skills — and a plethora of database-related jobs are waiting to be filled.

We’ll look at some of the most in-demand certifications for database administrators, database developers and anyone else who works with databases.

What to know about database roles and certifications

To get a better grasp of available database certifications, it’s helpful to group these certs around job responsibilities. This reflects the maturity of database technology and its integration into most aspects of commercial, scientific and academic computing. As you read about the various database certification programs, keep these job roles in mind: 

  • Database administrator (DBA). A DBA is responsible for installing, configuring and maintaining a database management system (DBMS). The job is often tied to a specific platform, such as Oracle, MySQL, DB2 or SQL Server.
  • Database developer. A database developer works with generic and proprietary application programming interfaces (APIs) to build applications that interact with a DBMS. Like DBA roles, database developer positions are also often platform-specific.
  • Database designer or database architect. A database designer or architect researches data requirements for specific applications or users and designs database structures and application capabilities to match.
  • Data analyst or data scientist. A data analyst or scientist is responsible for analyzing data from multiple disparate sources to discover previously hidden insights, determine the meaning behind data, and make business-specific recommendations.
  • Data mining or business intelligence (BI) specialist. A data mining or BI specialist focuses on dissecting, analyzing and reporting important data streams, such as customer, supply chain and transaction data and histories.
  • Data warehousing specialist. A data warehousing specialist assembles and analyzes data from multiple operational systems (such as orders, transactions, supply chain information and customer data) to establish data history, analyze trends, generate reports and forecasts, and support general ad hoc queries. 

These database job roles highlight two critical issues to consider if you want to be a database professional:

  1. You need a solid general background. First, a background in relational database management systems, including an understanding of Structured Query Language (SQL), is a fundamental prerequisite for database professionals of all stripes. 
  2. There’s a focus on proprietary technologies. Second, although various efforts to standardize database technology exist, much of the whiz-bang capability that databases and database applications deliver comes from proprietary, vendor-specific technologies. Serious, heavy-duty database skills and knowledge are tied to specific platforms, including various Oracle products (such as the open-source MySQL environment and Oracle itself,) Microsoft SQL Server and IBM DB2. Most of these certifications relate directly to those enormously popular platforms. 

Did you know?Did you know? NoSQL databases — called “not only SQL” or “non-relational” databases — are increasingly used in big data applications associated with some of the best big data certifications for data scientists, data mining and warehousing, and business intelligence.

Best database certifications

Here are details on our five best database certification picks for 2022.

1. IBM Certified Database Administrator — DB2 12

IBM is one of the leaders in the worldwide database market by any objective measure. The company’s database portfolio includes industry-standard DB2, as well as the following:

  • IBM Compose
  • Information Management System (IMS)
  • Informix
  • Cloudant
  • IBM Open Platform with Apache Hadoop

IBM also has a long-standing and well-populated IT certification program that has been around for more than 30 years and encompasses hundreds of individual credentials. 

After redesigning its certification programs and categories, IBM now has a primary data-centric certification category called IBM Data and AI. It includes a range of database credentials: 

  • Database Associate
  • Database Administrator
  • System Administrator
  • Application Developer 

IBM’s is a big and complex certification space, but one where particular platform allegiances are likely to guide readers toward the handful of items most relevant to their interests and needs. 

Database professionals who support DB2 (or aspire to) on IBM’s z/OS should check out the IBM Associate Certified DBA — Db2 12 certification. It’s an entry-level test that addresses routine planning, working with SQL and XML, security, operations, data concurrency, application design, and concepts around database objects.

This certification requires candidates to pass one exam. Pre-exam training and familiarity with concepts, or hands-on experience, are recommended but not required. 

IBM Certified Database Administrator — DB2 facts and figures

Certification name

IBM Certified Database Administrator — Db2 12 (z/OS)

Prerequisites and required courses

None required; recommended courses are available.

Number of exams

One: C1000-122: Db2 12 for z/OS DBA Fundamentals (63 questions, 90 minutes)

Cost per exam

$200 (or local currency equivalent) per exam. Sign up for exams at Pearson VUE.


Self-study materials

The certification page includes self-study materials, including a study guide and a learning path. 

Did you know? IBM’s certification offerings are among the best system administrator certifications IT professionals can achieve.

2. Microsoft Azure

Microsoft Azure offers a broad range of tools and add-ons for business intelligence. Azure is a cloud computing platform for application management and Microsoft-managed data centers. Microsoft certifications include various Azure offerings based on job role and experience level.

Microsoft’s certification program is role-centric, centered on the skills you need to succeed in specific technology jobs. Because Azure has such a broad scope, Azure certifications span multiple job roles. However, specific certifications exist for the following positions:

  • Data Analysts
  • Data Engineers
  • Data Scientists
  • Database Administrators 

There are also certifications for learners at different experience levels. 

For those looking to take their Azure knowledge to the next level, the Microsoft Certified: Azure Data Fundamentals certification is the perfect place to start. This certification is for beginner database administrators interested in using Azure and mastering data in the cloud. It offers foundational knowledge of core concepts while reinforcing concepts for later use in other Azure role-based certifications, such as those listed below: 

  • Azure Database Administrator Associate
  • Azure Data Engineer Associate
  • Data Analyst Associate 

Azure Data Fundamentals certification facts and figures

Certification name

Microsoft Certified: Azure Data Fundamentals

Prerequisites and required courses 

This certification does not have any prerequisites. However, for absolute beginners, Microsoft offers an Azure Fundamentals certification. 

Number of exams

One exam, DP-900, which is administered via Pearson VUE or Certiport.

Cost per exam

The test costs $99 in the United States, though the cost changes based on where it is proctored. 


Self-study materials

Microsoft offers one of the world’s largest and best-known IT certification programs, so the test is well supported with books, study guides, study groups, practice questions and other materials. Microsoft also offers a free online learning path.

3. Oracle Certified Professional, MySQL 5.7 Database Administrator 

Oracle runs its certifications under the auspices of Oracle University. The Oracle Database Certifications page lists separate tracks depending on job role and product. MySQL is perhaps the leading open-source relational database management system (RDBMS). Since acquiring Sun Microsystems in 2010 (which had previously acquired MySQL AB), Oracle has rolled out a paid version of MySQL and developed certifications to support the product. 

If you’re interested in pursuing an Oracle MySQL certification, you can choose between MySQL Database Administration and MySQL Developer. 

The Oracle Certified Professional, MySQL 5.7 Database Administrator (OCP) credential recognizes professionals who can accomplish the following tasks:

  • Install, optimize and monitor MySQL Server.
  • Configure replication.
  • Apply security.
  • Schedule and validate database backups. 

The certification requires candidates to pass a single test (the same test can be taken to upgrade a prior certification). Oracle recommends training and on-the-job experience before taking the exam.

Oracle Certified Professional, MySQL 5.7 Database Administrator facts and figures

Did you know? According to Oracle, approximately 1.8 million Oracle Certified professionals globally hold certifications to advance their networking careers and professions to validate their IT expertise. 

4. Oracle Database SQL Certified Associate Certification

For individuals interested in working in the Oracle environment who have the necessary experience to become a database administrator, Oracle’s Database SQL Certified Associate Certification is another top Oracle certification and an excellent starting point. This test encompasses an understanding of fundamental SQL concepts that individuals must grasp for database projects. 

By earning the certification, individuals demonstrate that they have a range of knowledge in core SQL concepts:

  • Familiarity with queries, data modeling, and normalization
  • Strong base understanding of the underlying SQL language
  • An ability to create and manipulate Oracle Database tables 

This certification also requires candidates to pass a single exam. While Oracle does not specify any prerequisites, the company does state candidates should have familiarity working with the command line. 

Oracle Database SQL Certified Associate Certification facts and figures

5. SAP HANA: SAP Certified Technology Associate — SAP HANA 2.0 SPS05

SAP SE has an extensive portfolio of business applications and analytics software, including cloud infrastructure, applications and storage. The SAP HANA platform’s foundation is an enterprise-grade relational database management system that can be run as an appliance on-premises or in the cloud. The cloud platform lets customers build and run applications and services based on SAP HANA. 

SAP offers a comprehensive certification program built to support its various platforms and products. We’re featuring the SAP Certified Technology Associate — SAP HANA cert because it aligns closely with other certifications we’ve highlighted and is in high demand among employers, according to job board surveys. 

This certification ensures database professionals can install, manage, monitor, migrate and troubleshoot SAP HANA systems. It covers the following skills:

  • Managing users and authorizations
  • Applying security
  • Ensuring high availability 
  • Effective disaster-recovery techniques 

SAP recommends that certification candidates get hands-on practice through formal training or on-the-job experience before attempting this exam. The SAP Learning Hub is a subscription service that gives certification candidates access to a library of learning materials, including e-learning courses and course handbooks. 

The annual subscription rate for individual users on the Professional certification track is $2,760. This online training program is designed for those who run, support, or implement SAP software solutions. Though this may seem like a steep price for online training, you will likely be able to pass any SAP certification exams you put your mind to by leveraging all the learning resources available to SAP Learning Hub Professional subscribers. 

Typically, SAP certifications achieved on one of the two most latest SAP solutions are considered current and valid. SAP contacts professionals whose certifications are nearing end-of-life status and provides information on maintaining their credentials.

SAP Certified Technology Associate facts and figures

Certification name

SAP Certified Technology Associate — SAP HANA 2.0 SPS05

Prerequisites and required courses    

None required.

Recommended: Hands-on experience and the following courses: 

  • SAP HANA Installation & Operations SPS12 (HA200) 
  • High Availability and Disaster Tolerance Administration SPS05 (HA201)
  • Monitoring and Performance Tools SPS05 (HA215)
  • Database Migration using DMO SPS05 (HA250)

Number of exams

One exam: SAP Certified Technology Associate — SAP HANA 2.0 SPS05, test code C_HANATEC_17 (80 questions, 180 minutes)

Cost per exam



Self-study materials

The certification web page includes a link to trial questions. SAP HANA trade books and certification guides are available on Amazon. The SAP Help Center offers product documentation and a training and certification FAQs page. The SAP Learning Hub (available on a subscription basis) provides access to online learning content.

Tip: To broaden your skill set, consider pursuing the best sales certifications to better sell and implement various IT solutions, including databases.

Beyond the top 5 database certifications

Additional database certification programs can further the careers of IT professionals who work with database management systems. 

While most colleges with computer science programs offer database tracks at the undergraduate, master and Ph.D. levels, well-known vendor-neutral database certifications exist, including the following: 

  • ICCP certifications. The Institute for the Certification of Computing Professionals (ICCP) offers its unique Certified Data Professional and Certified Data Scientist credentials. Learn more about ICCP certifications from the ICCP website.
  • Enterprise DB certifications. EnterpriseDB administers a small but effective certification program with two primary certs: the EDB Certified Associate and the EDB Certified Professional

These are some additional certifications: 

These credentials represent opportunities for database professionals to expand their skill sets — and salaries. However, such niches in the database certification arena are generally only worth pursuing if you already work with these platforms or plan to work for an organization that uses them.

Key takeaway: Pursuing additional database certifications can be helpful for professional development if you already work with these platforms or plan to work with them in the future. 

Job board search results

Before pursuing certifications, consider their popularity with employers to gain a helpful perspective on current database certification demand. Here’s a job board snapshot to give you an idea of what’s trending.




 LinkedIn Jobs 



IBM Certified Database Administrator — DB2






Azure Data Fundamentals






Oracle Certified Professional, MySQL Database Administrator






Oracle Database SQL Certified Associate Certification












If the sheer number of available database-related positions isn’t enough motivation to pursue a certification, consider average salaries for database administrators. SimplyHired reports $91,949 as the national average in the U.S., ranging from $64,171 to over $131,753. Glassdoor’s reported average is somewhat lower at $84,161, with a top rung for experienced senior DBAs right around $134,000.

Choosing the right certification

Choosing the best IT certifications to enhance your skills and boost your career can be overwhelming, especially as many available certifications are for proprietary technologies. While picking a database certification can feel like locking yourself into a single technology family, it is worth remembering that many database skills are transferable. Additionally, pursuing any certification shows your willingness to learn and demonstrates competence to current and future employers. 

Ultimately, choosing which certification to pursue depends on the technologies you use at work or would like to use at a future employer.

Jeremy Bender contributed to the reporting and writing in this article. 

Mon, 05 Dec 2022 10:00:00 -0600 en text/html
Killexams : What Every Enterprise Can Learn From Russia’s Cyber Assault on Ukraine

Throughout the ongoing war on Ukraine, known and suspected Russian nation-state actors have compromised Ukrainian targets. They’ve used a combination of techniques including phishing campaigns, exploiting unpatched vulnerabilities in on-premises servers, and compromising upstream IT service providers. These threat actors have also developed and used destructive wiper malware or similarly destructive tools on Ukrainian networks.

Between late February and early April 2022, Microsoft saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine. After each wave of attacks, threat actors modified the malware to better avoid detection. Based on these observations, we’ve developed strategic recommendations to global organizations on how to approach network defense in the midst of military conflict.

Common Russian Intrusion Techniques

Russia-aligned cyber operations have deployed several common tactics, techniques, and procedures. These include:

  • Exploiting public-facing applications or spear-phishing with attachments/links for initial access.
  • Stealing credentials and leveraging valid accounts throughout the attack life cycle, including within Active Directory Domain Services and through virtual private networks (VPNs) or other remote access solutions. This has made identities a key intrusion vector.
  • Using valid administration protocols, tools, and methods for lateral movement, relying on compromised administrative identities in particular.
  • Utilizing known, publicly available offensive capabilities, sometimes disguising them with actor-specific methods to defeat static signatures.
  • “Living off the land” during system and network discovery, often using native utilities or commands that are nonstandard for the environments.
  • Leveraging destructive capabilities that access raw file systems for overwrites or deletions.

5 Ways to Safeguard Your Operations

Based on our observations in Ukraine so far, we recommend taking the following steps to safeguard your organization.

1. Minimize credential theft and account abuse: Protecting user identities is a critical component of network security. We recommend enabling multifactor authentication (MFA) and identity detection tools, applying least-privilege access, and securing the most sensitive and privileged accounts and systems.

2. Secure Internet-facing systems and remote access solutions: Ensure your Internet-facing systems are updated to the most secure levels, regularly evaluated for vulnerabilities and audited for changes to system integrity. Anti-malware solutions and endpoint protection can detect and prevent attackers, while legacy systems should be isolated to prevent them from becoming an entry point for persistent threat actors. Additionally, remote access solutions should require two-factor authentication and be patched to the most secure configuration.

3. Leverage anti-malware, endpoint detection, and identity protection solutions: Defense-in-depth security solutions combined with trained, capable personnel can empower organizations to identify, detect, and prevent intrusions impacting their business. You can also enable cloud-protections to identify and mitigate known and novel network threats at scale.

4. Enable investigations and recovery: Auditing of key resources can help enable investigations once a threat is detected. You can also prevent delays and decrease dwell time for destructive threat actors by creating and enacting an incident response plan. Ensure your business has a backup strategy that accounts for the risk of destructive actions and is prepared to exercise recovery plans.

5. Review and implement best practices for defense in depth: Whether your environment is cloud-only or a hybrid enterprise spanning cloud(s) and on-premises data centers, we have developed extensive resources and actionable guidance to help Improve your security posture and reduce risk. These security best practices cover syllabus like governance, risk, compliance, security operations, identity and access management, network security and containment, information protection and storage, applications, and services.

What This Means for the Global Cybersecurity Landscape

As the war in Ukraine progresses, we expect to discover new vulnerabilities and attack chains as a result of the ongoing conflict. This will force already well-resourced threat actors to reverse patches and carry out “N-day attacks” tailored to underlying vulnerabilities. All organizations associated with the conflict in Ukraine should proactively protect themselves and monitor for similar actions in their environments.

Microsoft respects and acknowledges the ongoing efforts of Ukrainian defenders and the unwavering support provided by the national Computer Emergency Response Team of Ukraine (CERT-UA) to protect their networks and maintain service during this challenging time. For a more detailed timeline of Russia’s cyber assault on Ukraine, explore the full report.

Read more Partner Perspectives from Microsoft.

Mon, 28 Nov 2022 23:53:00 -0600 en text/html
Killexams : When Net Neutrality Blocks End Users From Freely Learning Online

Oak National Academy in United Kingdom launched in the early weeks of the pandemic in response to sudden school closures. Millions of children were at home, and most schools were unprepared for the months of remote learning to come. Oak assembled a group of teachers to record lessons for students aged 4-16 and uploaded them to Oak’s platform. With government assistance, more teachers were recruited to develop an entire English national curriculum – 10,000 objects in all. It became the national online classroom, free and easy for all to use.

At the start, Oak did not realize the challenges of connectivity, either with end users and because of regulation. One in five Oak users did not have a laptop or tablet. Rather they used a mobile phone, frequently a parent’s. These were often the children from the most disadvantaged families which use pre-paid, pay-as-you-go accounts to limit expense and data use.

Figures from the UK telecom regulator Ofcom show that as almost 1 million UK children only access the internet through 3G or 4G mobile wireless connections, and half a million children have no access at all. Another Ofcom survey shows that 1 in 5 families, 4.7million households, struggle financially. Even though the UK has some of the lowest mobile broadband prices in the world, some consumers cut expenditures on food and clothing to pay for connectivity. A typical Oak lesson can consume 250MB of data, and a student accessing 4 lessons a day could use some 5GB of data a week.

In autumn 2020, Oak initiated a dialogue with broadband providers to zero-rate its educational content. Oak provided 11 UK broadband providers with the content through a single domain. At the time Ofcom waived the UK’s net neutrality rules to allow this to proceed, but only on a temporary emergency pandemic response.

In October 2022, Ofcom proposed to make zero rated programs like Oak’s legal from the get-go. Matt Hood, CEO of Oak National Academy, said, “We are delighted Ofcom has proposed relaxing the rules. Zero-rating played a vital role in ensuring children from disadvantaged homes were able to keep learning during the pandemic and beyond without racking up big data charges. We believe Ofcom could go further to develop a universal and permanent solution that makes sure all young people can access basic educational services online for free. That could be in the form of all core educational services automatically being zero-rated. But a major push is also required on social tariffs so all families on benefits and therefore eligible are made aware of the offer and can make use of it.”

Why does Europe ban zero rated online education?

Ironically the net neutrality rules which were proffered to protect end user rights have done the opposite. Even though European Parliament law does not contain the terms “net neutrality” or “zero rating”, a series of European Court of Justice rulings have made the practice illegal. It's a far cry from the original conception of “zero rating” which came from European Economic Community in the 1950s. When value added tax (VAT) was imposed on goods, certain “essential” items like food, medicines, books, and wheelchairs were “zero rated” and hence not taxed. The court rulings effectively end the freedom of end users and content providers like Oak to contract with broadband providers for free access to essential programs. The UK, no longer part of the EU, could hobble its solution together because it has its own law.

The European Union and India are the outliers on banning a practice which is enjoyed by most of the world’s mobile users. It’s estimated that as many as 1 billion people have come online for the first time because of free data programs, notably partnerships between mobile operators and Meta (formerly Facebook). Indeed using innovative partnerships to close the digital divide for the remaining 3 billion people still offline is the life’s work of Doreen Bogdan Martin, now the Chair and first female leader of the International Telecommunications Union.

The US took a decidedly different approach to zero rating in 2017 when Federal Communication Commission (FCC) Chairman Ajit Pai declared that the FCC would not block consumer-friendly services. “These free-data plans have proven to be popular among consumers, particularly low-income Americans, and have enhanced competition in the wireless marketplace…Going forward, the Federal Communications Commission will not focus on denying Americans free data.”

US policymakers were right to reverse such harmful regulation well before the pandemic. More than 90 percent of US households with children used some online learning during the pandemic. US operators launched a variety to programs to keep Americans connected. The pandemic also exposed broadband affordability challenges which Congress is trying to address and ideally will incorporate the role of technology companies which profit directly from more users online.

Why limit end user rights in the name of neutrality?

Many net neutrality proponents counter that deviations from uniform pricing and traffic control are unfair and discriminatory. Rather than zero rate, they prefer unlimited plans with no data caps, so any app can be used without charge beyond the subscription allotment. It sounds good on the surface, but it makes networks more costly to build. From a consumer perspective, it’s a price control which denies consumers their freedom of choice to pay different rates for different data. Moreover as shown with Oak, prevailing UK policy unwittingly prohibits data discounts to promote socially beneficial applications and services for education, health, employment and so on.

Consumers, no strangers to differential pricing, enjoy this scores of apps using these techniques and technologies, notably ride hailing. Indeed off peak discounts, third party subsidies, and scaling prices for quality of delivery are commonplace for many apps and industries, but they are illegal for broadband.

Consider: most people don’t want advertisements, but under net neutrality, they must pay for ad data equally as for the content they want to see. Online advertising can consume as much as 25 percent of the cost of a mobile subscription, with video ads devouring as much as 40 percent of the data. One consumer-friendly feature would be to lower the resolution of ads, but that’s verboten.

Similarly on fixed networks, infrastructure costs for video streaming entertainment are applied across all users regardless of whether they view the content or not. Thus broadband policy socializes the cost for what is privately beneficial, a boon the world’s biggest internet platforms Google, Netflix, Amazon, Microsoft etc. They comprise as much as 80 percent of total internet data and are the leading net neutrality supporters. Naturally you want all data to be priced “equally” when it is disproportionately yours.

University of Valencia researchers document that net neutrality has effectively strengthened large content providers at the expense of small ones: “Big Tech companies, sheltered by the net neutrality policy, have flourished. They now have the power to exclude minor companies, and therefore their contents, from the Internet market in de facto defiance of the net neutrality principle.”

Such a dynamic played out in 2016 in India with the Google-supported campaign to criminalize data pricing differentiation like free WhatsApp for the poor, a platform used extensively for healthcare and emergencies. While Facebook was the target of the backlash, the policy succeeded to perpetuate Google’s advertising monopoly (some 75 percent in India today) and to delay homegrown Indian startups from getting a foothold in the ad market. Note, however, that during the pandemic India’s telecom regulator relented to allow zero rating for apps from the World Health Organization and India’s Ministry of Health and Family Welfare.

Self-defeating prophesies and policies

Consider “sponsored data”, the other side of zero rating, in which a content provider pays for the data. For example, a health care provider sponsors data for patients to watch videos on chronic disease management. Paying for patient’s data or subscription outright more than covers the cost to avoid an adverse health event. Indeed researchers at the Toulouse School of Economics find that sponsored data boosts consumption of high-value content, decreases network providers’ incentives to exclude low-value content, and compensates for the “missing price” of internet content. However beneficial sponsored data may be, it too is outlawed under net neutrality. While large tech platforms enjoy “sponsoring” their services through advertising, they don’t want the same benefit to be exercised by upstarts.

Another proffered regulatory solution is to allow zero rating through predetermined “categories”, for example all video streaming must be zero rated if one app is to be zero rated. However not all apps need or want zero rating. The point for the large tech companies is to blot any differentiation which presents competition.

Alternatively some claim that access to popular apps should not be free. However, if the problem is that the app has too large market share or behaves anti-competitively, authorities should address the issue with the app provider directly. Instead, policymakers have unwittingly punished consumers and broadband providers by saddling them with the regulation.

Rather than creating more regulatory bureaucracy, a better solution is to allow all zero rating and pro-consumer pricing. Authorities have sufficient tools to intervene if a problem emerges. Literally billions of users outside of Europe and India use some kind of zero rating, and there is no evidence of systematic harm.

Online learning is here to stay, but policy is needed to ensure it’s accessible to all

Education has been moving online for some time, but the pandemic made it permanent. Oak observed that 55 percent of teachers said they have shifted to collecting homework online, 39 percent to grading online. Oak’s zero rating program during the pandemic was universal and effective, serving all UK families and students without additional administration from parents or schools. Oak wants Ofcom to ensure a long-term policy solution for free access to online education and hopes that the net neutrality review will break the data barrier for disadvantaged children and ensure they have access to a full education. The UK should make broadband policy which legitimately serves end users, instead of honoring pseudo-consumer concepts perpetuated by Big Tech for its financial benefit.

Sun, 11 Dec 2022 19:32:00 -0600 Roslyn Layton en text/html
Killexams : Teen hacking group to be investigated by Cyber Safety Review Board

The Biden administration announced Friday the U.S. would investigate latest hacks linked to a teenage cybercriminal group that focused on extortion.

The U.S. Cyber Safety Review Board, a 15-member panel of experts from across government and private sector, will probe a series of high-profile hacks by the group, known as Lapsus$.

Homeland Security Secretary Alejandro Mayorkas said its goal is to "evaluate how this group has allegedly impacted some of the biggest companies in the world, in some cases, with relatively unsophisticated techniques, and determine how people can build resilience against innovative social engineering tactics and address international partnership in combatting criminal cyber actors."

The board did not list which hacks it would probe, but high-profile victims of Lapsus$ include Uber, Microsoft, Okta and Samsung, according to previous releases by the companies.

Like many cybercriminal gangs, Lapsus$ is an evolving group of cyber hackers that maintains an anonymous online presence. Earlier this year, London Police arrested seven individuals – ages 16 to 21 – believed to be tied to the hacking gang. Security experts and government officials believe the group still poses a threat.

The group has routinely relied on stolen login credentials to pilfer company data – demanding high extortion checks from victims to stop any leak of stolen information.

For instance, during its breach of Uber, the company said Lapsus$ posted messages to the company's internal slack message board, including a "graphic image."

But the intrusions have also gone after proprietary information. According to Microsoft, the hacking group has left a few breadcrumbs. "Unlike most activity groups that stay under the radar, DEV-0537 doesn't seem to cover its tracks," the company wrote in a March blog post. "They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations."

In a briefing Friday, Mayorkas called the cyber threat facing the U.S."as diverse and severe as its ever been" and went on to say that "nation-states like China, Russia, Iran and North Korea, as well as non-state criminal cyber gangs continue to conduct espionage, steal intellectual property and mine scores of Americans' personal data."

DHS' relatively new cyber board, which draws its authority from an executive order signed by President Joe Biden last year, lacks regulatory authority and indicated its work will not be punitive — it won't fine any companies involved.

Modeled after the National Transportation Safety Board, the panel investigates high-profile cyber intrusions and publishes security recommendations. In July, the cyber board published its inaugural investigation, determining that the Log4j bug poses a persistent vulnerability, but did not lead to any "significant" attacks on critical infrastructure.

Friday's announcement marks a pivot for the board, which will shift investigatory efforts from a specific vulnerability to a prolific hacking group.

Led by Chair Rob Silvers, the undersecretary for policy at the Department of Homeland Security, and Vice Chair Heather Adkins, senior director of security engineering at Google, the new group promised it would "move quickly" on its next investigation and work with government partners including the Department of Justice, but did not offer a timeline.

Adkins said the group aimed to "go deeper" to "provide the kind of advice that creates new foundations for cybersecurity in the ecosystem."

New trailers out for summer blockbusters

Police say 6 people may have lived in house where Idaho students were found dead

House January 6 committee meets to discuss possible criminal referrals

Fri, 02 Dec 2022 06:05:00 -0600 en-US text/html
Killexams : MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity.

"The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up.

MuddyWater, also called Boggy Serpens, Cobalt Ulster, Earth Vetala, Mercury, Seedworm, Static Kitten, and TEMP.Zagros, is said to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).

Active since at least 2017, attacks mounted by the espionage group have typically targeted telecommunications, government, defense, and oil sectors.

The current intrusion set follows MuddyWater's long-running modus operandi of using phishing lures that contain direct Dropbox links or document attachments with an embedded URL pointing to a ZIP archive file.

It's worth mentioning here that the messages are sent from already compromised corporate email accounts, which are being offered for sale on the darknet by webmail shops like Xleet, Odin, Xmina, and Lufix anywhere between $8 to $25 per account.

While the archive files have previously harbored installers for legitimate tools like ScreenConnect and RemoteUtilities, the actor was observed switching to Atera Agent in July 2022 in a bid to fly under the radar.

But in a further sign that the campaign is being actively maintained and updated, the attack tactics have been tweaked yet again to deliver a different remote administration tool named Syncro.

The integrated MSP software offers a way to completely control a machine, allowing the adversary to conduct reconnaissance, deploy additional backdoors, and even sell access to other actors.

"A threat actor that has access to a corporate machine via such capabilities has nearly limitless options," Kenin noted.

The findings come as Deep Instinct also uncovered new malware components employed by a Lebanon-based group tracked as Polonium in its attacks aimed exclusively at Israeli entities.

"Polonium is coordinating its operations with multiple tracked actor groups affiliated with Iran's Ministry of Intelligence and Security (MOIS), based on victim overlap and [a number of] common techniques and tooling," Microsoft noted in June 2022.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Thu, 08 Dec 2022 17:43:00 -0600 en text/html
Killexams : Teenagers led a group of hackers who breached some of the world's biggest tech companies. The government wants to know how they did it.

The Biden administration announced Friday the U.S. would investigate latest hacks linked to a teenage cybercriminal group that focused on extortion.

The U.S. Cyber Safety Review Board, a 15-member panel of experts from across government and private sector, will probe a series of high-profile hacks by the group, known as Lapsus$.  

Homeland Security Secretary Alejandro Mayorkas said its goal is to "evaluate how this group has allegedly impacted some of the biggest companies in the world, in some cases, with relatively unsophisticated techniques, and determine how people can build resilience against innovative social engineering tactics and address international partnership in combatting criminal cyber actors." 

The board did not list which hacks it would probe, but high-profile victims of Lapsus$ include Uber, Microsoft, Okta and Samsung, according to previous releases by the companies.  

Like many cybercriminal gangs, Lapsus$ is an evolving group of cyber hackers that maintains an anonymous online presence. Earlier this year, London Police arrested seven individuals – ages 16 to 21 – believed to be tied to the hacking gang. Security experts and government officials believe the group still poses a threat.  

The group has routinely relied on stolen login credentials to pilfer company data – demanding high extortion checks from victims to stop any leak of stolen information. 

For instance, during its breach of Uber, the company said Lapsus$ posted messages to the company's internal slack message board, including a "graphic image." 

But the intrusions have also gone after proprietary information. According to Microsoft, the hacking group has left a few breadcrumbs. "Unlike most activity groups that stay under the radar, DEV-0537 doesn't seem to cover its tracks," the company wrote in a March blog post. "They go as far as announcing their attacks on social media or advertising their intent to buy credentials from employees of target organizations." 

In a briefing Friday, Mayorkas called the cyber threat facing the U.S."as diverse and severe as its ever been" and went on to say that "nation-states like China, Russia, Iran and North Korea, as well as non-state criminal cyber gangs continue to conduct espionage, steal intellectual property and mine scores of Americans' personal data." 

DHS' relatively new cyber board, which draws its authority from an executive order signed by President Joe Biden last year, lacks regulatory authority and indicated its work will not be punitive — it won't fine any companies involved.  

Modeled after the National Transportation Safety Board, the panel investigates high-profile cyber intrusions and publishes security recommendations. In July, the cyber board published its inaugural investigation, determining that the Log4j bug poses a persistent vulnerability, but did not lead to any "significant" attacks on critical infrastructure.  

Friday's announcement marks a pivot for the board, which will shift investigatory efforts from a specific vulnerability to a prolific hacking group. 

Led by Chair Rob Silvers, the undersecretary for policy at the Department of Homeland Security, and Vice Chair Heather Adkins, senior director of security engineering at Google, the new group promised it would "move quickly" on its next investigation and work with government partners including the Department of Justice, but did not offer a timeline.  

Adkins said the group aimed to "go deeper" to "provide the kind of advice that creates new foundations for cybersecurity in the ecosystem." 

Fri, 02 Dec 2022 06:34:00 -0600 en-US text/html
Killexams : With Lapsus$, cyber review board draws mixed reviews

With help from Eric Geller 

Driving the Day

The Cyber Safety Review Board has identified a rabble-rousing extortion group as the subject of its second-ever review. It’s a choice that some deem far-sighted — and others fear misses the mark.

HAPPY MONDAY, and welcome to Morning Cybersecurity! “Goblin Mode” has been named Oxford English Dictionary’s 2022 word of the year — and I have absolutely nothing smart to say about that.

Got tips, feedback or other commentary? Send them my way at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.

Today's Agenda

Homeland Security Secretary Alejandro Mayorkas speaks at a Center for Strategic and International Studies event on the “convergence” of national and homeland security. 2 p.m.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

At the Agencies

MISSED OPPORTUNITY? — DHS’s decision to direct the Cyber Safety Review Board to study the Lapsus$ hacker ring is drawing a mixture of criticism and praise from the cybersecurity community, with experts divided about the value of probing a group whose remarkable success and conspicuous style have already made it the subject of extensive public review.

The argument for — A member of the 10-month-old independent investigatory group, which is staffed by public and private cybersecurity experts, told MC they were happy with the decision to make Lapsus$ the focus of board’s second-ever review because it represented “the most dangerous threat actor today … and it's not even close.”

The individual, who was granted anonymity to speak openly about the board, defended the idea that a review of Lapsus$ could add significant value to the community, even though there is voluminous reporting on how it used basic malware and innovative social engineering techniques to run amok through well-resourced technology companies, among them Okta, Uber, Microsoft and Rockstar Games.

“To the best of our knowledge, there has not been a public, comprehensive review of Lapsus$ tradecraft, or why they were so effective against the most well-resourced companies on the planet,” said the CSRB board member.

Because their techniques will likely be picked up by other hacking groups, “a CSRB review can add significant value to the community,'' added the individual.

The argument against — The shortcomings of DHS’s choice have less to do with what it did direct the independent board to study than what it didn’t, argued Trey Herr, director of the Atlantic Council’s Cyber Statecraft Initiative.

“The government is giving up an opportunity to do a whole lot more,” said Herr, who lamented that the government and private sector already have multiple projects dedicated to understanding Lapsus$ and the digital extortion racket more broadly.

Meanwhile, the CSRB has again punted on the idea of conducting a review of the SolarWinds campaign — the issue President Joe Biden first directed the board to investigate when he established the CSRB in May 2021.

Official response? — Asked why DHS neglected to assign a study of the infamous Russian campaign for the second time, a spokesperson for the department told MC it conducts reviews on syllabus “that are most relevant to the current threat landscape and that can have an immediate impact.”

“The review into Lapsus$ is a clear opportunity to achieve that,” continued the spokesperson.

Room for improvement — Six other security experts and former U.S. officials who spoke with MC came out 4-2 in favor of the Lapsus$ choice. But almost every one qualified their answers because they weren’t sure why the board made its choice or where they intended to take the study.

And that speaks to a related issue for the CSRB, said Josh Corman, former chief strategist on CISA’s Covid-19 task force.

“The need for a trustworthy institution like the CSRB cannot be understated,” said Corman, now vice president of cyber safety strategy at Claroty. But “to establish that trust, it likely needs greater transparency regarding the criteria and process for nominating, prioritizing and selecting different topics.”

On the Hill

FIRST IN MC: THE OLD COLLEGE TRY — A freshman House Democrat who has taken an interest in cyber policy issues wants the White House to figure out new ways to get cybersecurity education into college classrooms, with a view toward diversifying the largely white, male field.

Rep. Ritchie Torres (D-N.Y.) on Friday introduced a bill, first reported by MC, that would require National Cyber Director Chris Inglis to convene a task force to produce “recommendations and guidance with respect to how to increase and promote cybersecurity courses, degrees, and programs in institutions of higher education in order to Improve the diversity of the cybersecurity workforce.”

— Why it matters: Torres, a member of the House Homeland Security Committee, has stood out at panel hearings for his sharp questioning of Biden administration officials over cybersecurity shortcomings. In August, he told Eric and Maggie that he’s unsatisfied with the administration’s largely non-regulatory approach to protecting critical infrastructure.

With two longtime cyber-focused House lawmakers retiring in January, Torres is poised to become a more prominent advocate for cyber issues in the newly Republican-controlled chamber.

The new bill represents Torres’ attempt to increase pressure on the White House to prod colleges and universities into creating more pathways to cyber careers for more people.

— What he’s saying: “Fostering a culture of cybersecurity in all arenas of life is a matter of urgency, and nowhere more so than in higher education,” Torres told MC. “The lack of training in cybersecurity – even among graduates of computer science – has left a dangerous void in contemporary cyber education.” He cited “the history of malign neglect” that led to the Log4j vulnerability crisis, which “could have been prevented if the software developers had been sufficiently educated about best practices in secure coding.”

— How it would work: The bill would direct Inglis to assemble a team comprising representatives from CISA and higher education institutions, including those specifically serving Hispanic, Black and tribal populations. The task force would be required to submit an initial report with recommendations after one year, with subsequent reports due every two years.

— What’s next: Torres’ bill now awaits committee consideration. In the meantime, Inglis’ office is already working on a cyber workforce and education strategy that could either include or lead to the development of recommendations similar to what Torres envisions.

At the Agencies

IN THE NICK OF TIME — The Office and Management and Budget has published guidance instructing federal agencies how to request opt-outs for a first-of-its-kind Internet of Things security law, just days before a key provision of the law takes effect.

The Friday memo from OMB director Shalanda D. Young stipulates that federal chief information officers can receive waivers to procure or use connected devices that do not meet new NIST standards surrounding IoT security and bug reporting if they file reports that include a rationale for the decision, information on how long they expect the carve-outs to apply and the signature of an agency head.

Ringing the bell — The memo came less than 24 hours after the Government Accountability Office warned OMB that a failure to produce the guidance before today — when federal agencies will be restricted from using or procuring noncompliant IoT devices — “could result in a range of inconsistent actions across agencies.”


RANSOMWARE TRENDS — The LockBit ransomware group accounted for more than a third of all ransomware attacks in the first half of 2022, finds research out this morning from cybersecurity firm Looking Glass. According to ransomware experts MC has interviewed in latest weeks, that’s due to two factors: First, the group has introduced updates to its code automating how affiliates — hackers to whom LockBit contracts out attacks — identify and exploit vulnerabilities in a network. Moreover, the group has built a network of top-tier affiliates.

RISE OF THE INFOSTEALER — Malicious software purpose-built to pilfer people’s log-in information is the new craze in the criminal underground, according to data out this morning from Accenture. The researchers believe the cheap, effective and easy-to-use nature of info-stealers produced a “marked increase” in the number of credentials for sale between July and October of this year. Another driver of their popularity? The very same Lapsus$, who relied heavily on info-stealers during its jaunt through some of the world’s biggest tech companies.

LOG4J THORN IN THE SIDE — The first subject of a CSRB review, Log4J, continues to pose a major threat to organizations, finds research out this morning from cybersecurity firm Arctic Wolf. Twenty-five percent of the victims the firm works with saw hackers try to exploit the bug in the widely-used Java logging framework in the last year, while 60 percent of the Log4J cases it responded to traced back to top-tier ransomware groups, like the aforementioned LockBit. Though the initial CSRB report warned the problem would plague the security community for a decade or more, its “sobering” to see the bug become such a popular target for hackers, concluded Arctic Wolf.

Tweet of the Weekend

Security researcher Matt Tait, formerly of GCHQ and Corellium, has an interesting write-up that examines how Russia might be using Telegram to conduct espionage in occupied portions of Ukraine.

Quick Bytes

— The original equipment manufacturers of Android phones had their certificates stolen to spread malware. (Wired)

— CommonSpirit Health finally fesses up to suffering a ransomware incident. (

— A new wiper that masquerades as ransomware is wreaking havoc in Russia. (Ars Technica)

— Russia is coordinating Ukraine hacks with missiles and could increasingly target European allies, Microsoft warns. (POLITICO)

Chat soon. 

Stay in touch with the whole team: Eric Geller ([email protected]); Maggie Miller ([email protected]); John Sakellariadis ([email protected]); and Heidi Vogt ([email protected]).


Mon, 05 Dec 2022 00:00:00 -0600 en text/html
Killexams : Microsoft defines digital threat landscape, advocates for stronger defense and resiliency in PHL

Cybersecurity has become a complex and critical imperative today and the need for improved cybersecurity and resiliency has driven governments and organizations the world over into a complex race to adapt and respond to threats, in order to continue providing critical services for the wellbeing and safety of their citizens. In response, Microsoft recently released its Microsoft Digital Defense Report 2022, which dives into today’s most relevant and pressing cybersecurity issues and examines the evolving global threat landscape.

The annual report was first released by Microsoft in 2020, drawing on the company’s unique vantage point on security. With billions of global customers, Microsoft is able to aggregate security data from over 1.4 billion devices powered by Windows worldwide and 43 trillion signals and threats analyzed daily. These factors, along with a $20 billion investment in cloud security over the next five years, give Microsoft a high-fidelity picture of the current state of cybersecurity. The report shares unique insights on impending digital threats from over 130 Microsoft experts and contributors, offers real-world guidance and outlines crucial actions that can help Improve cybersecurity and resiliency across ecosystems and industries.

Understanding the state of cybercrime

Cybercriminals continue to act as sophisticated profit enterprises. Attackers are finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure. Microsoft’s report highlights two of the most rampant cyberattacks, ransomware, and phishing, then puts them into the context of nation-state threats.

Organizations worldwide have experienced steady growth in ransomware attacks beginning in 2019. However, law enforcement operations and geopolitical events in the last year had a significant impact on cybercriminal organizations. In the last year alone, the number of estimated password attacks per second increased by 74%. Many of these fueled ransomware attacks, leading to ransom demands that more than doubled.

At the same time, there has been a steady year-over-year increase in phishing emails. The shift to remote work in 2020 and 2021 saw a substantial increase in phishing attacks aiming to capitalize on the changing work environment. Phishing attacks—a common entry point for most cyberattacks—have increased by over 300% worldwide, with over 710 million phishing emails blocked weekly in 2021 alone.

The two cyberattacks are only amplified by nation-state threats—cyber threat activities that originate in a specific country with the apparent intent of furthering national interests. In latest years, nation-state threats have caused growing tension between countries, which further drives the importance of strengthening cybersecurity postures. Microsoft underscores that nation-state groups’ targeting of critical infrastructure increased by 40% in the past year alone, with actors focusing on companies in the IT sector, financial services, transportation systems, and communications infrastructure.

“Cybercrime has grown more intricate over the years. We are seeing attacks that are much faster, more deliberate, and smarter,” said Abbas Kudrati, Chief Cyber Security Advisor of Microsoft Asia Pacific. “The trillions of data signals we analyze from our worldwide ecosystem of products and services reveal the ferocity, scope, and scale of digital threats across the globe. Microsoft is taking action to defend our customers and the digital ecosystem against these threats, and throughout the Digital Defense Report we offer our best advice on the steps individuals, organizations, and enterprises can take to defend against these increasing digital threats..”

Establishing good cyber hygiene and strengthening infrastructure security

Insights from the Microsoft Digital Defense Report 2022  make it clear that to minimize risks and losses, governments and organizations must first have a solid cyber resiliency foundation.

“Given the increase of rampant cyberattacks, we cannot ensure 100% security against cybercrime. However, we need to start thinking about how we can create a more resilient environment,” said Kudrati. “Organizations need to develop a plan that focuses on minimizing the impact and improving recovery time against attacks. It is crucial for them to find the right technology to keep them protected and resilient.”

Microsoft emphasized the importance of adherence to basic security practices and behaviors—enabling multi-factor authentication, applying security patches, being intentional about privileged s, and deploying modern security solutions from any leading provider. The average enterprise has 3,500 connected devices that are not protected by basic endpoint protections, and attackers take advantage.

It is also critical to detect attacks early. In many cases, the outcome of a cyberattack is determined long before the attack begins. Attackers use vulnerable environments to gain initial access, conduct surveillance, and wreak havoc by lateral movement and encryption or exfiltration.

Finally, as this year’s report explores, bridging the security skills gap and increasing the security professional population must be addressed by the private sector and governments alike—and organizations need to make security a part of their culture.

Building a safer and more resilient cyberspace for the Philippines

In latest years, Microsoft has worked closely with the Philippine government to activate a number of policies and frameworks such as the Critical Infrastructure Protection Act proposed by the Senate, DICT’s Cloud-First Policy and an AI Governance Framework to ensure the responsible use of artificial intelligence across both public and private sectors.

As the new Philippine administration looks towards refreshing the National Cybersecurity Plan alongside its prioritization of digital acceleration, Microsoft is partnering with national government agencies to build a safer cyberspace for the nation and its citizens. The massive number of signals it receives and analyzes allows Microsoft to assess the threat landscape and provide data-driven insights to support the development of Philippine policies on cybersecurity.

“The Philippines ranked 61st to of 194 countries in the ITU Global Cybersecurity Index. If you probe a bit deeper, one of the pillars we need to Improve on the most is organizational measures, which refers to the nation’s cybersecurity strategy and its implementation,” said Dale Jose, National Technology and Security Officer of Microsoft Philippines, “It is more crucial than ever to develop a better cyber defense posture in the country as it is fundamental to establishing stronger grounds for digitalization. Now, we put the MDDR into the Philippine context and discuss action points the government must prioritize in order to prepare for, respond to, and recover from cyberattacks and security breaches.”

For this, Microsoft’s policy recommendations for the Philippine government include:

  • Assessing the feasibility of adopting zero trust principles
  • Protecting the country’s critical through consistent security baselines
  • Strengthening incident response and recovery through a reporting obligation
  • Building interoperability and cooperation to address the growing threat of cybercrime;
  • Advancing information sharing for cybersecurity deference and response
  • Leveraging hyperscale cloud technology to Improve cybersecurity and operational resiliency
  • Fostering enhanced supply chain security
  • Enhancing cybersecurity transparency and assurance through certifications and labels
  • Strengthening the Internet of Things (IoT) security
  • Responding to new and ongoing AI security risks and opportunities
  • Advancing 5G infrastructure security

Microsoft is also joining hands with its customers, partners, and communities to foster collaboration, share knowledge, and further build strength in security for organizations nationwide. Most recently, Microsoft partnered with the Information Security Officers Group (ISOG) to dive into the findings of the Microsoft Digital Defense Report 2022 for the C-level and security experts in their community.

“Microsoft has been a partner to the Philippines for nearly thirty years and we will continue to do so even as technology evolves and changes the world we live in. We are committed to helping organizations work towards a more secure and resilient future,” said Jose.  

Microsoft also releases a quarterly cyberthreat intelligence brief called Cyber Signals, which offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors. As such, it is a valuable resource to Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers, and their teams as they evolve technologies, policies, and processes. 

Access the full Microsoft Digital Defense Report 2022 here.

Thu, 08 Dec 2022 08:41:00 -0600 en-US text/html
SC-400 exam dump and training guide direct download
Training Exams List