Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.

This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cybersecurity communities to bring the security of cryptocurrencies into line.

**A History of Heists  
**The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.

However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cybercriminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.

There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people. Axie Infinity, for example, has millions of players around the world, and in the wake of the Ronin Network attack, regular users reported losing tens of thousands of dollars. In some cases, this was their livelihood, with many players in the Philippines playing to win digital assets as a full-time job.

**Crypto Goes Mainstream  
**This demonstrates how digital assets have become more deeply ingrained into our society since the Mt. Gox hack. Cryptocurrency is now used by a far broader cross-section of the population (13% of Americans traded crypto in 2020), major companies now accept it as payment (such as Tesla), and nations have integrated cryptocurrencies into their economies.

El Salvador famously became the first country to adopt Bitcoin as an official currency in 2021, but many countries are now looking to join the party. The UK, for example, recently announced its intention to become a "global hub" for the crypto industry, proposing new regulations for stablecoins and even an NFT backed by the Royal Mint. President Biden’s Executive Order on Digital Assets, released in March, also acknowledged the growing role of cryptocurrencies in the US economy.

**The Knock-on Effects of a Hack  
**As digital assets become deeply ingrained into our lives, the attacks against them have wider societal impacts. For example, crypto is the currency of choice for cybercriminal activity and the Dark Web, including ransomware attackers, malware operators, scammers, human traffickers, dark-net market operators, and terrorist groups.

Their vulnerability and the ease in which they can be laundered therefore contributes to the coffers of cybercriminals. An analysis of wallets controlled by cybercriminals suggested that at least $8.6 billion of cryptocurrency was laundered in 2021. There is also evidence of stolen cryptocurrencies funding hostile nation-states, with North Korean groups reported to have stolen $400 million of cryptocurrency last year, potentially to offset financial sanctions.

This criminal activity also creates a burden on law enforcement around the world. In 2021, the Department of Justice launched the National Cryptocurrency Enforcement Team (NCET), focusing specifically on crime involving digital assets. In one single seizure this year, the task force obtained 94,000 Bitcoin ($3.6 billion), demonstrating the scale of the illegal market it is trying to tackle.

**Security and Regulation  
**First, crypto companies need to improve their cybersecurity — fast. The Ronin Network admitted that it took six days to notice that a hacker had exploited a security flaw and stolen $540 million worth of cryptocurrency. This level of security is unacceptable. If these organizations are asking users to trust them with assets, they must provide the security to protect them. If they don’t invest in security, the attacks will continue and users will very quickly lose confidence in these platforms.

Second, the increasing severity of these attacks supports the argument that crypto companies require greater regulation. Regulated financial institutions cannot afford to get away with the loss of millions in assets. Of course, attacks do happen, but regulations hold the security of regulated institutions to a sufficient standard that losses are mitigated. When these standards are not met, there are consequences put in place by the regulators.

We have to eliminate the perception that crypto hacks are inconsequential, only affecting those at the margins of society. They are not: Thousands of people are affected directly, with ever more joining the cryptocurrency world every day. Moreover, with cryptocurrencies funding the criminal community, these hacks will increasingly impact everyone whether you directly engage with digital assets or not.

Crypto Hacks Aren’t a Niche Concern; They Impact Wider Society

An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.

At least eight governments around the world have purchased a package of Android zero-day exploits from a company called Cytrox and are using them to install spyware on targets' mobile phones. The development highlights the sophistication of off-the-shelf surveillance offerings, according to a recent report. 

Google's Threat Analysis Group (TAG) said that by taking advantage of the time difference that keep some systems from being updated for hours after patches were released, the Cytrox exploits allowed governments to target Android users with malware to record audio, add CA certificates, and hide apps, Google's TAG said.

The report explained that the governments of Armenia, Côte d’Ivoire, Egypt, Greece, Indonesia, Madagascar, Serbia, and Spain are confirmed to have used the Cytrox exploits in at least three state-backed campaigns, adding there are likely others. 

"Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits," the TAG report said, adding that the group is currently tracking more than 30 additional surveillance vendors with the capability of selling tools to state-backed actors. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Multiple Governments Buying Android Zero-Days for Spying: Google

NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.

Cybersecurity experts are awaiting the imminent announcement from the National Institute for Standards (NIST) of its recommended post-quantum computing (PQC) encryption algorithms, an important milestone in a years-long process that started back in 2016 with 82 candidates. NIST has signaled it will reveal its decision imminently — possibly just before or during the RSA Conference in San Francisco in two weeks, amid a swirl of new activity in the field of quantum computing.

The PQC algorithms would join RSA and elliptic curve cryptography (ECC) as a new generation of NIST-recommended encryption standards. The PQC algorithms promise to enable encryption that is exponentially more powerful than current standards, which will become essential when quantum computers are available for commercial use.

Once NIST reveals which four algorithms it is endorsing, the next phase of drafting standards will begin. That process is expected to take roughly a year. But the pending decision will establish which algorithms to focus on. While the NIST selection will allow stakeholders to apply them to their offerings, many providers say that is just one part of the solution. Several startups focused on addressing PQC are now coming out of stealth. The latest came last Thursday, when QuSecure, a San Mateo, Calif.-based company formed three years ago, officially launched both itself and its first PQC product, called QuProtect. QuSecure describes QuProtect as an orchestration platform that can protect data in transit and at rest encrypted with the new PQC algorithms.

**A 'Perfect Storm' for Quantum Computing**

NIST's selection, until recently considered at least a year away, would come amid a perfect storm unfolding this month in quantum computing, all signaling that CISOs should accelerate their PQC strategies. Recent disclosures portend that quantum computing could become commercially available sooner than once thought likely. Notably, IBM two weeks ago revealed that it will release a 433-qubit processor called IBM Osprey by the end of this year, more than a threefold increase from IBM Eagle, a 127-qubit processor introduced in November 2021. IBM's updated roadmap calls for the introduction of a 1,000-qubit processor next year called IBM Candor. In three years, IBM plans to deliver a multi-cluster offering capable of exceeding 4,000 qubits.

"By 2025, we will have effectively removed the main boundaries in the way of scaling quantum processors up with modular quantum hardware and the accompanying control electronics and cryogenic infrastructure," Jay Gambetta, VP of quantum computing and an IBM Fellow, explained in a May 10 blog post. During that same week, D-Wave Systems announced the availability of its Advantage quantum computer via the Leap quantum cloud service, a part of the University of Southern California-Lockheed Martin Quantum Computing Center hosted at USC's Information Sciences Institute (ISI).

After the creation of Shor's algorithm in 1994, researchers realized that once quantum computers arrive with an abundant level of scale and precision, they will be able to break current forms of encryption. Besides RSA and ECC, quantum computers are expected to break the long-trusted Diffie-Hellman key exchange algorithm used for modern cryptographic communications including SSL, TLS, PKI, and IPsec.

Meanwhile, efforts to provide protections from quantum computing is accelerating. The recent White House directives emphasized that the government and industry should move forward with NIST's standards as well as calling for swift passage of the Bipartisan Innovation Act, legislation reintroduced last year as the Endless Frontier Act by US Senate Majority Leader Chuck Schumer, Senator Todd Young (R-IN), Representative Ro Khanna (D-CA), and Representative Mike Gallagher (R-WI). The bill seeks to boost funding in research and the advance of technology deemed critical to US national security, which includes artificial intelligence, PQC, and semiconductors.

Following the White House directive, the US House of Representatives Oversight and Government Reform Committee on May 11 unanimously passed the Quantum Computing Cybersecurity Preparedness Act, a bill proposed by US Representative Nancy Mace (R-SC) seeking to advance the migration of federal government IT systems with PQC capabilities. The legislation now sits before the House for consideration.

**Building QuProtect**

QuSecure was founded by chairman and COO Skip Sanzeri, CEO Dave Krauthamer, and chief product officer Rebecca Krauthamer, who is also a member of the World Economic Forum's Global Future Council on Quantum Computing.

Sanzeri tells Dark Reading that roughly 15 customers are now piloting QuProtect, including several branches of the US Department of Defense and large enterprise businesses. The only commercial customer QuSecure has permission to reference is Franklin Templeton, the New York-based diversified investment firm with roughly $1.5 trillion in assets under management as of April 30, which is best known for its large mutual funds. QuSecure is incubated within Franklin Templeton, which is also an investor in the company.

While Franklin Templeton declined to comment on its QuProtect pilot, Sanzeri says it is currently in beta there. "We are moving to the next step to a broader rollout," Sanzeri says. While Sanzeri said he was restricted in the amount of detail he could offer, it has established the quantum communications link between its servers and select institutional customers. The technology doesn't require the customers to add anything on their end, he says.

The QuProtect communications channels can run on servers on premises and in the cloud, Sanzeri adds. Eventually, it will run on network switches as well, according to Sanzeri, who says QuSecure has been in talks with players including Cisco, Fortinet, Juniper Networks, and Palo Alto Networks. "The switch providers are very standards based," Sanzeri says. "And one of the reasons why they haven't necessarily adopted this yet, across the board is because NIST hasn't finalized their standards. But once they do, then I think the switch providers will all come along nicely."

QuProtect provides a secure communications channel designed to protect any node on a network and is designed to use any of the NIST-approved PQC algorithms. Sanzeri claims QuSecure is the first company that is offering a complete PQC platform. "There are some point solutions out there that might be focusing on, say, quantum random number generation, or possibly just on cryptography," Sanzeri says. "And we think that is fine. However, it's not enough. If you're going to protect the enterprise, you need to be able to protect holistically."

Vincent Berk, chief strategy officer of QuantumXchange, which provides software that uses PQC keys shared on two specific endpoints, disputes QuSecure's claim of being the only company developing a complete offering. "To claim you're the first one that brings post quantum cryptographic solutions to the entire world, I can make that exact same claim for QuantumXchange, and we can start bickering over what we consider post quantum hard," Berk says.

Nevertheless, Berk, who joined QuantumXchange earlier this year after serving as CTO and chief security architect at Riverbed Technology, believes the QuSecure has a viable offering. "What I think they're doing a great job of is they're trying to make it as easy as possible to get you to know that you can trust your new cryptographic algorithms are working for you," Berk adds.

QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries seeking to distribute malware to a mass audience.

The latest case in point is a malicious package for distributing Cobalt Strike on Windows, macOS, and Linux systems, which was uploaded to the widely used Python Package Index (PyPI) registry for Python application developers. The "pymafka" package has a name that's very similar to "PyKafka," a popular Apache Kafka client for Python that has been downloaded more than 4.2 million times so far.

More than 300 users were tricked into downloading the malicious package, thinking it was the legitimate code, before researchers at Sonatype discovered the issue and reported it to the PyPI registry. It has since been removed, but applications that incorporated the malicious script remain a threat.

**Second Typosquatting Incident in a Month**

The incident marks the second typo-squatting incident involving the Apache Kafka project that Sonatype researchers uncovered this month. Earlier, they discovered a package on PyPI that had the same name as a Kafka-related Python project on GitHub called "karaspace." Though the malicious package on PyPI had the same name as the legitimate project, it was designed to steal IP addresses, user names, and other information for fingerprinting devices on which the package was installed.

In a blog Friday, Sonatype described pymafka as designed to detect the platform on which it is installed and then embed an OS-appropriate version of a Cobalt Strike beacon on the device. Cobalt Strike is often used maliciously for lateral movement within a target network environment.  

Sonatype said it observed the executables being downloaded from an IP address associated with cloud-hosting provider Vultr. Once installed on a system, the beacon attempts to communicate with a China-based IP address assigned to Alibaba. 

"Less than a third of antivirus engines detected the samples as malicious at the time of our submission to VirusTotal, although that's still a better detection rate than the zero-detections seen in some of our earlier discoveries," according to Sonatype.

**Blind Trust**

The pymafka incident is the latest in a growing number of security incidents involving PyPI and other public repositories. For instance, last November researchers from JFrog discovered 11 malicious Python packages on PyPI. In July, they discovered malicious PyPI packages attempting to steal credit-card data and other information from some 30,000 systems on which the packages had been installed. The same month, a Japanese researcher reported a security issue that gave attackers a way to remotely execute malicious code on the registry.  

"Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure," JFrog warned last year. "Sometimes malware packages are allowed to be uploaded to the package repository, giving malicious actors the opportunity to use repositories to distribute viruses and launch successful attacks on both developer and \[continuous integration/continuous delivery\] CI/CD machines in the pipeline."

Concerns over the growing attacker interest in public repositories have prompted several security initiatives at PyPI in recent years. These include the addition of two-factor authentication as a log-in option and API tokens for uploading software to the registry, a dependency resolver to ensure the pip package installer installs the right versions of package dependencies, and creating databases of known Python vulnerabilities in PyPI projects.

Concerns over software supply-chain security has prompted other, more strategic initiatives as well. Earlier this month, the National Institute of Standards and Technology (NIST) updated its cybersecurity guidance with new recommendations for addressing risks in the software supply chain. MITRE, too, has released a prototype framework called System of Trust that organizations can use to evaluate the security practices of service providers and suppliers in the software supply chain.

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures .

Cybercriminal use of the Linux Trojan known as XorDdos is on the rise, according to a new report, which found a 254% increase in malicious activity against Linux endpoints using the malware over the last six months. 

It was first discovered in 2014, and the Microsoft 365 Defender Research Team explained in a recent blog post that the XorDdos Trojan targets Linux cloud and Internet of Things (IoT) endpoints, and deploys botnets to carry out distributed denial-of-service (DDoS) attacks. 

The team added that the attacks fit a wider trend of attacks targeting Linux-based systems. 

"By compromising IoT and other internet-connected devices, XorDdos amasses botnets that can be used to carry out DDoS attacks," the team wrote in describing the rise of the XorDdos Trojan. "DDoS attacks in and of themselves can be highly problematic for numerous reasons, but such attacks can also be used as cover to hide further malicious activities, like deploying malware and infiltrating target systems."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

The modern workplace is changing at a pace never seen before in history. A lot of this stemmed from COVID and remote work necessities, with 74% of CFOs noting they've adopted some kind of telecommuting policies due to coronavirus challenges. Now, more than ever, the employee experience (EX) is critical for keeping us connected and productive. That applies not just from a company growth perspective, but from a cybersecurity one.  

EX is a combination of three things: Policies, environment/culture, and tools. The key to addressing all three lies in empathy, as discussed in the book _Empathy In Action: How to Deliver Great Customer Experiences at Scale_, by Tony Bates and Dr. Natalie Petouhoff. In their book, the two position empathy as a business strategy. It’s also something that we can use to address cybersecurity.

The cybersecurity field isn’t always rewarding. It can be a relatively thankless and stressful position. COVID hasn't helped, with 70% of cybersecurity professionals reporting consistently high stress levels of cybersecurity professionals reporting consistently high stress levels. Mental health issues and even suicides are increasing among those who work in these environments. We must address the issue empathetically not just to protect systems but to save lives.

**Creating a Frictionless Office Environment Through Zero Trust  
**Zero trust is a bit misleading, because it's a technology methodology and a policy that's all about enabling EX. With zero trust in place, access is denied as the baseline. So how does that build EX? To understand, we have to compare zero trust to the traditional office network.

This is made up of company devices, software, and workers on a separate network from the Internet. Everything touching that network has been rigorously vetted to gain a "trusted" status that allows it to connect without question. Workers are expected to adhere to strict controls, confining them to certain devices, software, and practices.

This is where shadow IT rears its head. Inevitably workers end up routing around trusted devices and software to get their jobs done, creating untrustworthy networks of tools.

To respond, the industry — led by Google — came out with zero trust. Enterprises just assume everyone — software, devices, and people — are bad actors until proven otherwise. This creates a much simpler world to defend. And simpler, easier, and more streamlined experience is what EX is all about.

Zero trust is also a means of simplifying policy, which can bleed into the next point: building a blameless culture.

**Stopping Threats With a Blameless Culture**

Some 43% of employees admit to making an error at work that compromised cybersecurity. It's highly unlikely that cybersecurity professionals at those companies have corresponding reports for all those incidents. People do not like to admit when they do something wrong. They especially don't like to admit it when there are potential repercussions like job loss, demotions, or other disciplinary measures.

Meanwhile, when responding to a threat, cybersecurity professionals need clear information. They will not get this in a culture of fear. That culture of fear expands to IT and cybersecurity professionals responding to incidents, as well.

With a blameless culture, there is clear transparency of the events going on at the time of a security incident. Individuals, unafraid of repercussions, come forward with key information and increase the likelihood of resolution.

Blameless culture leads right back to EX. It does not mean a complete lack of accountability, nor does it excuse any malicious action. Zero trust is about how you create open cultures that enhance the resilience of your business. Much of that centers on the tools provided to workers.

**Empowerment Through Software Enablement**  
Software tools, especially in today’s tech-connected world, set the foundation for the employee experience. There are dozens of examples of technology improving employee productivity and happiness. The most effective, based on a Forrester study, tend to target two things:  

*   **Everyday productivity gains:** Tasks that employees have to tackle every single day are the ones where they see the most benefit when technology is deployed.

*   **Daily stress:** Barriers to their ability to do their jobs stem from technology that is outdated or difficult to understand. Technology that is easy to use eliminates this stress.

Software that meets these standards is well designed and enhances tasks. It does not create new ones. When building these tools and enterprise capabilities, it's important to take that EX into account. That should occur regardless of whether that tool is aimed at a business analyst seeking revenue guidance or cybersecurity experts on the hunt for vulnerabilities.

A culture of trust, combined with tools designed around EX, work together to help organizations become resilient. When viewed through an empathetic lens, it's easier to establish the right policies and technology to help workers be happier, healthier, and more productive.

Why the Employee Experience Is Cyber Resilience

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.

ROCKLEDGE, Fla. and MUSKEGON, Mich., May 23, 2022 /PRNewswire/ -- Valeo Networks, a leading Managed Security Service Provider (MSSP), today announced the acquisition of Next I.T., a Michigan-based Managed Service Provider (MSP). Financial terms are not being released.

A recognized and highly respected MSP, Next I.T. is the sixth and largest acquisition to date for Valeo Networks and further supports its goal of building a national network of IT and cybersecurity experts to comprehensively support and protect its client base.

The company will continue to operate as DBA Next I.T. (A Valeo Networks Company), and maintain its current Michigan office locations in Muskegon, Kalamazoo, and Traverse City. The Next I.T. team consists of Microsoft Certified Engineers, Cisco Certified Engineers, and certified technicians in both HP and Dell. They specialize in providing IT solutions for clients across a wide range of industries, including manufacturing, non-profits, and healthcare.

"We are thrilled to welcome Next I.T. to the Valeo Networks family," said Travis Mack, CEO, Valeo Networks. "Their deep skill set and broad expertise will be an excellent fit within our organization, as we continue to advance our nationwide growth strategy. As with each of our divisions, we will partner with Next I.T. to strengthen resources and capabilities in cybersecurity, managed services, cloud solutions, and compliance."

"I am excited for Next I.T. to join Valeo Networks and be part of a larger organization," said Eric Ringelberg, CEO, Next I.T. "With as much as we have grown over the past twenty-one years and having robust IT services in place, this was the natural next step for our continued growth. The Valeo leadership team really stood out to me in offering a true partnership, holding the same values, and having a track record of keeping its acquired companies intact. I look forward to accelerating Next I.T.'s growth throughout the Midwest region with the resources, capital backing, and collaboration that Valeo Networks provides."

**About Next I.T.  
**Next I.T., an award-winning Managed Service Provider (MSP), specializes in industry-specific solutions that leverage technology, increase productivity, and reduce risk for small and medium-sized businesses. It offers a full line of computer hardware, telecommunication equipment, and the professional expertise with remote capabilities to install and service systems. Next I.T. is headquartered in Muskegon, MI, with additional branches in Kalamazoo and Traverse City. For more information, visit www.next-it.net.

**About Valeo Networks  
**Valeo Networks is a full-service, award-winning Managed Security Service Provider (MSSP) that serves State, County, Municipal markets; small-to-medium businesses (SMBs); and non-profit organizations. Firmly seated in the top 5% of revenue generating MSSPs nationwide—making it one of the largest MSSPs nationally—Valeo Networks provides solutions in the areas of cybersecurity, compliance, cloud, network infrastructure, and managed IT services. With over 20 years of industry experience, Valeo Networks is headquartered in Rockledge, FL, with additional locations nationwide. Learn more at www.valeonetworks.com.

Valeo Networks Acquires Next I.T.

IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.

_**Fountain Valley, CA – May 23, 2022 –**_ Kingston Digital, Inc., the Flash memory affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, today announced the release of the newest addition to its encrypted lineup, **IronKey Vault Privacy 80 External SSD** (VP80ES). This marks Kingston’s first innovative OS-independent external SSD with **touch-screen** and **hardware-encryption** for data protection.

Using IronKey VP80ES is as innate as unlocking a smartphone and simple drag & drop file transfers. Featuring an intuitive color touch-screen and FIPS 197 certified with XTS-AES 256-bit encryption, VP80ES is designed to protect data while also being user-friendly. The drive is ideal to safeguard against Brute Force attacks and BadUSB with digitally-signed firmware for users from small-to-medium businesses (SMB) to content creators. Its military-grade security measures make it greatly superior over using the internet and Cloud services for securing important company information, documents, or high-res images and videos.

Along with its ease of use and hardware encryption, VP80ES offers additional features for data protection, like **Multi-Password (Admin/User) Option** with **PIN/Passphrase modes** and **Configurable Password Rules**. With Admin option, choose between numeric PIN or Passphrase modes, set Configurable Password Rules, or enable extended security options like maximum number of shared password attempts, minimum password length of 6-64 characters, alphanumeric password rules, auto-timeout to lock drive, randomize touch-screen layout and Secure-Erase to ensure maximum protection of your important files. The Admin password can be used to restore data and access should the User password be forgotten. For additional peace of mind, VP80ES’ Brute Force attack protection crypto-erases the drive if the Admin and User passwords are entered incorrectly 15 times1 in a row by default.

Don’t fear forgetting your password, though: with the use of the ‘space’ character it can be easier to remember a passphrase as a list of words, a memorable quote, or lyrics from a favorite song. Otherwise, the PIN pad can be used to unlock VP80ES, just as you would on a mobile device. To reduce failed login attempts and frustration, tap the “eye” button to view the password as entered. VP80ES is bundled with a neoprene travel case and two USB 3.2 Gen 1 adapter cables to easily connect to USB Type-C®2 or Type-A supporting computers and other devices, making it the perfect companion that enables portable productivity and convenience when you need secured data and content on-the-go.

“As more and more people continue to work from home and outside of company firewalls, we want to provide higher capacity options of user-friendly military-grade security for small and medium businesses to complement our existing encrypted USB drives,” said Richard Kanadjian, encrypted business manager, Kingston. “IronKey Vault Privacy 80ES does just that. Between the color touch-screen, the myriad security features, and its small form factor, users can truly control their data in their own hands.”

Kingston IronKey Vault Privacy 80 External SSD is available in 480GB, 960GB, and 1920GB capacities and is backed by a limited three-year warranty, free technical support and legendary Kingston reliability.

For more information visit kingston.com.

**IronKey Vault Privacy 80 External SSD**

**Part Number**

**Capacity**

IKVP80ES/480G

480GB IronKey VP80ES

IKVP80ES/960G

960GB IronKey VP80ES

IKVP80ES/1920G

1920GB IronKey VP80ES

**Kingston IronKey Vault Privacy 80 External SSD Features and Specifications****:**

*   **Safeguard Important Data with FIPS 197 Certified XTS-AES 256-bit Encryption:** Built-in protections against BadUSB, Brute Force attacks and Common Criteria EAL5+ certified secure microprocessor.3
*   **Unique Intuitive Touch-screen:** Protecting your data is easy with the intuitive, user-friendly color touch-screen.
*   **Enable Multi-Password (Admin/User) Option with PIN/Passphrase modes:** Multi-Password Option for Data Recovery with Admin access.
*   **Configurable Password Rules:** Manage the number of password attempts, minimum password length of 6-64 characters, and numeric or alphabet password rules.
*   **Extended Security Options:** Adjustable auto-timeout to lock drive, randomize touch-screen layout and Secure-Erase the drive to wipe out all passwords and encryption key.
*   Dual Read-Only (Write-Protect) Mode Settings: Defend against cybersecurity threats from compromised systems using two levels of Read-only protection
*   **Interface:** USB 3.2 Gen 1
*   **Connector:** Type-C
*   **Package Includes:** Neoprene travel case, USB 3.2 Gen 1 C-to-C cable,

USB 3.2 Gen 1 C-to-A cable

*   **Capacities4:** 480GB, 960GB, 1920GB
*   **Speed:** Up to 250MB/s read, 250MB/s write
*   **Dimensions:** 122.5 mm x 84.2 mm x 18.5 mm
*   **Operating Temperature:** 0°C to 45°C
*   **Storage Temperature:** \-20°C to 60°C
*   **Compatibility:** USB 3.0/USB 3.1/USB 3.2 Gen 1
*   **Warrant/Support5:** Limited 3-year warranty
*   **Compatible with:** OS-independent:

Microsoft Windows®, macOS®, Linux®, Chrome OS™ or any system that supports a USB mass storage device.

1 Brute Force attack protection crypto-erase adjustable from 10-30 password attempts

2 USB Type-C® and USB-C® are registered trademarks of USB Implementers Forum.

3 Hardware Certified with built-in protection mechanisms designed to defend against external tampering and physical attacks.

4 Some of the listed capacity on a flash storage device is used for formatting and other functions and thus is not available for data storage. As such, the actual available capacity for data storage is less than what is listed on the products. For more information, go to Kingston's Flash Memory Guide.

5 Limited 3-year warranty. See kingston.com/wa for details.

**Kingston can be found on**:

YouTube Instagram

Facebook LinkedIn

Twitter Kingston Is With You

**About Kingston Technology Company, Inc.**

From big data, to laptops and PCs, to IoT-based devices like smart and wearable technology, to design-in and contract manufacturing, Kingston helps deliver the solutions used to live, work and play. The world’s largest PC makers and cloud-hosting companies depend on Kingston for their manufacturing needs, and our passion fuels the technology the world uses every day. We strive beyond our products to see the bigger picture, to meet the needs of our customers and offer solutions that make a difference. To learn more about how Kingston Is With You, visit Kingston.com.

Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection

What subsequent protections do you have in place when your first line of defense goes down?

News that Okta was hacked by the Lapsus$ group in January has caused serious waves in the identity security space.

With the company considered a pillar of security, the confirmed hack of Okta has led many to question the wisdom of being so dependent on their identity manager. Interestingly, many are asking how to move past having a single source of truth for our access control that can also be a single source of failure.

For an industry focused on zero trust, there's a lot of faith put into a couple of security pillars. So what happens when they get knocked? Does the rest of our security infrastructure come crashing down?

**Identity at the Center of Security  
**For many organizations, Okta is the go-to for everything access security when it comes to identity.

These identity providers (IdPs) help organizations manage their identity directories, offer authentication services like single sign-on and multifactor authentication (MFA), and generally make it easier for dealing with the on- and offboarding of employees in the organization.

All great things.

The problem comes when we place way too much trust in any one solution because it can become a single point of failure.

The question becomes: What do you have in place to pick up the baton of security when the first line of defense goes down?

**Guarding the Guardians  
**Even under normal circumstances, we only see the access that we have provisioned ourselves through our IdPs or identity governance and administration (IGA) tools.

If our IdP is compromised, and therefore untrusted, then how are we validating the information that it is providing?

What we need is additional layers of security and visibility. There should be a segregation of duties between the infrastructure that manages our access and the tools that validate that access.

Our tools have to tell us not only what we think we have, but what are really facts in the field that can impact our security.

The way to achieve this is through extensive connectivity with all your organization's apps and services. It is not enough to have visibility in your AWS if your users are also utilizing GitHub, Google Docs, and many other cloud services that businesses depend on for day-to-day work.

We need to see all of the activity happening not only with our identities, but also from the asset side to see which nonfederated (local IAM/external users/service principals) are accessing our assets.

If we can understand how access privileges are being used, then we can pick up on suspicious activity and reduce our exposure with least privilege.

Credentials will be compromised and accounts taken over. Here are three ways we can limit the damage and make it harder for hackers to reach their objectives.

**1. Reduce Your Exposure  
**Avoid those self-inflicted wounds by plugging basic holes in your security. Make sure that every admin user has MFA enabled. It's not perfect, but it is a helpful barrier to make them work harder and can prevent 99.9% of the attacks.

Revoke unused privileges. If an identity has not used a privilege in 30 or 60 days, then they probably do not need it for their day-to-day work.

Perform periodic access reviews where managers and app owners have to approve or revoke access privileges for employees and others. Provide them with the sufficient data to make accurate decisions and avoid rubber stamping. Do these periodically to ensure that everyone has the right baseline level of access.

**2\. Continuously Monitor For Issues  
**Once you have a secure baseline of access privileges, you have to continuously monitor that it stays that way.

The way to do it is with policies that can be monitored and alerted on if violations occur. For example if a new admin is created or an access privilege has not been used in 30 days.

Setting enforceable guardrails will enable you to respond quickly and avoid privilege sprawl or risky exposures.

**3. Secure Your Supply Chain  
**Make sure that everyone in your supply chain or other partners are keeping to your standards.

If a mistake or failure to follow best practices on the part of your third party-vendor impacts your customers, it becomes your responsibility to inform them of your expectations and enforce them.

You can pick your metaphor, but a defense-in-depth approach requires that we not put all of our eggs in one product basket or another. Every solution has its limitations and can only play a part in the overall security array.

While authentication and IdP tools are essential first steps, they provide identity and access infrastructure. We need to ask what's happening in the infrastructure and monitor it to become more resilient and ensure that a mistake with a single vendor will not leave us exposed.

After the Okta Breach, Diversify Your Sources of Truth

In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.

Phishing emails intended to look like a DHL communications are now coming loaded with a new twist — a version of a chatbot that helps drive targets to malicious links, according to a new report.

That is to say, it behaves like a chatbot, but behind the scenes, the scripts are pre-programed to respond with stock phrases based on a victim's answer, according to researchers at Trustwave who reported the phishing campaign tactic. But the effect is the same — targets think they're talking to a live DHL representative.

After clicking, the victim's browser opens a PDF file with another link asking the person to "Fix delivery," the Trustwave team reported. The chatbot will ask the victim to confirm a delivery address and tracking number, and it will even present a fake CAPTCHA to make everything seem legitimate. Eventually, the target will be asked to enter in login credentials and credit card information, which is promptly harvested.

Because chatbots are widely used by brands to interact with customers online, end users aren't suspicious of interacting with them, the Trustwave team added — making this a perfect social-engineering ploy.

"This is what the perpetrators of this phishing campaign are trying to capitalize on," the chatbot phishing report added. "Aside from spoofing the target brand on the phishing email and website, the chatbot-like component \[is what\] slowly lures the victim to the actual phishing pages."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading