Chief information risk officers must have a keen understanding of — and interaction with — the business.

Twenty-five years ago, when I was the chief information security officer for Visa, my role was very technically focused. Times have changed, however, and so have the objectives that guided CISOs in the past. The CISO role is becoming broader and more complex. To address the evolving cybersecurity threat landscape, the role requires a deep understanding of risk and strong business acumen, as well as a firm grasp of what's important to the success of the business. Some have started calling this new brand of security leader the chief information risk officer, or CIRO.

There are five unique traits that CIROs will need to develop to differentiate themselves from their CISO predecessors and stay relevant in modern times.

**1\. CIROs Are Mission-Aligned**

CIROs will align their security mission with that of the broader business. To do that, CIROs must demonstrate keen awareness of the organization's value chain. When I'm doing CISO coaching, one of the first things I ask is, "What are the three goals your CEO has set for the year?" You'd be surprised how many don't know — and I think that information is absolutely essential for any security leader going forward. CIROs must tie their program back to the objectives the CEO has set for the year. How will the team help grow the business? If there are mergers and acquisitions coming up, how can security contribute to a safe and successful transaction?

**2\. CIROs Make and Own Their Decisions**

Modernity is all about developing critical thinking skills, as well as engagement with executive management. CIROs will spend more time managing up than managing down. They should be empathetic and transparent in their interactions, and own their decisions. I was a security leader in very large companies. I had a great middle management team that could manage the day-to-day workers or the operational side. My goal was more to manage the organization from the top down. I had to make great decisions and stick to those decisions, adjusting when necessary. No decision is perfect, but indecision is far worse. It's all part of being agile.

**3\. CIROs Value People  
**

The CIRO role requires the ability to manage people, mentoring them over time to develop their skills and responsibilities. CIROs also need to earn and maintain trust. Good CIROs have and understand people skills; great CIROs will master them.

**4\. CIROs Measure What Matters  
**

A CISO today might say, "We blocked 10 billion spam attempts last year." That's a really impressive number — too bad it doesn't really matter. CIROs need a short list of metrics that matter. And what matters is being able to communicate the value of the security program and to demonstrate that progress is being made quarter over quarter. CIROs must strive for continuous improvement and have numbers that back up their teams' efforts.

**5\. CIROs Are Part of a Community  
**

CIROs need to make sure they're talking to and working with all the different business lines within the company, but also with industry peers, partners, and third-party organizations. And, as industry leaders, CIROs should give back and participate in support groups like the Security Advisor Alliance. The benefits go both ways, of course, as this kind of collaboration helps CIROs better understand what's going on in the broader security industry.

**Security Evolution Starts at the Top  
**

Whether the title is CIRO, CISO, or something else entirely, the next generation of security leaders will be fluent in business. They will understand the adaptive strategies and initiatives that drive the business. They will be comfortable communicating with other executives across the organization to expand that understanding. And they will make efforts to map their risk management program back to those objectives. Tighter integration between security and business is coming, and that shared culture will help security teams know what they need to protect and how they can do a better job of protecting it.

5 Traits That Differentiate CISOs From CIROs

NEW YORK, July 11, 2022 /PRNewswire/ -- To help organizations adopt zero trust more quickly and efficiently, Deloitte is launching a new managed service – Zero Trust Access— that offers a cloud-native approach to securing communications between users, on any device, and enterprise applications, wherever they may reside.

The Zero Trust concept commits to removing implicit trust within an information technology (IT) ecosystem and replacing it with a risk-based approach to accessing organizational resources across identities, workloads, data, networks and devices. This trend is gaining momentum, given legacy approaches to security architecture are no longer suitable to secure the ubiquitous nature of the modern enterprise.

Part of the newly expanded Zero Trust by Deloitte, Zero Trust Access facilitates zero trust adoption and the evolving needs of organizations in protecting their applications, infrastructure, and data. Following the integration of recently acquired talent and technology into existing Deloitte services, the Zero Trust Access managed service connects users to applications through a frictionless cloud-native solution that is inherently scalable, resilient, agile, and secure. Further, the managed service is available standalone, integrated with other Deloitte offerings, or as part of a broader solution leveraging technologies from Deloitte's alliances ecosystem.

"As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust," said Andrew Rafla, Deloitte Risk & Financial Advisory's zero trust offering leader and principal, Deloitte & Touche LLP. "Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogenous solutions to achieve similar outcomes."

With innovative data protection leveraging device-level secure microcontainer technology, Zero Trust Access helps protect infrastructure while also enabling organizations to protect sensitive enterprise data and enforce least privilege through dynamic access control to enterprise assets. The managed service can replace remote access solutions inclusive of virtual private network (VPN), virtual desktop infrastructure (VDI), and desktop as a service (DaaS), all of which typically require significant capital expenditure for infrastructure, high operating costs, and technology management overhead.

Zero Trust Access includes features such as ephemeral connectivity built upon secure peer-to-peer (P2P) communication, conditional access and continuous authorization, as well as robust data protection for data at-rest, in-use, and in-transit are consistently applied to each session, regardless of the type or location of the applications being accessed (e.g., legacy hosted applications, software as a service (SaaS), thick-client, web-based applications). Implementation of Zero Trust Access can help organizations leverage outcome-based solutions that improve business agility, enhance user productivity, and reduce cost and complexity of security operations.

"Beginning zero trust adoption isn't simple, fast or easy for most organizations," Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP. "We're launching Zero Trust Access as the first in many adoption-enabling services and solutions to come, so that our clients are better able to modernize their security programs, enable agile operations and confidently advance with emerging technologies and transformative risk management principles that can build more resilient security practices."

**About Deloitte**

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Building on more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte's more than 345,000 people worldwide connect for impact at www.deloitte.com.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

SOURCE Deloitte

Deloitte Launches Zero Trust Access, a New Managed Security Service

Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.

It's a question every enterprise faces: How comfortable do we feel moving sensitive data to the cloud, bearing in mind the associated security and privacy risks?

Though global cloud adoption is expanding rapidly, security and privacy remain top concerns. For example, the Cloud Security Alliance survey last year showed security and privacy to be the leading worry for 58% of 1,900 professionals involved in cloud deployments.

That is why inside many companies, tension continues to simmer between development shops that see the scalable, flexible public cloud as an ideal innovation engine and security gatekeepers whose risk intolerance has earned them a reputation as the Department of No.

But what if organizations could have greater assurance that their data is protected from hackers and other prying eyes? What if reluctance about moving sensitive data to the cloud was alleviated?

Such is the promise of an emerging shift in data security: confidential computing.

Confidential computing not only reassures enterprises about the safety of moving more of their workloads to the public cloud, it also can enhance data security in any type of deployment and offer a host of business benefits.

An explanation of what confidential computing is must start with a description of the three stages of the data life cycle.

**Data in Motion**

When users send data, it is encrypted while transmitting across networks. Whether the user is someone in a company sending data to the cloud or a consumer sharing their credit card information with an online retailer, that's true. Standardized encryption technologies such as TLS protect the data during its journey.

**Data at Rest**

This is the designation for passive data that is not being computed on and is sitting in storage — records in databases, files on hard disks, etc. Organizations use disk encryption and other security technologies to safeguard data at rest.

**Data in Use**

This is where data is computed-on in some way. To do that, data must first be moved from the hard disk into system memory — aka RAM — and become unencrypted. At this stage, data becomes vulnerable to compromise due to a potential vulnerability within the millions lines of code that comprise the cloud provider’s system software operating system, hypervisor, firmware, or a cloud administrator. This is a large attack surface, and this is what consumers who move their confidential data from an on-premises setup to a public cloud worry about.

Confidential computing is an extra layer of security that extends encryption protection to data during runtime. It achieves this by running workloads in isolated hardware-encrypted environments, or trusted execution environments, that prevent unauthorized access or modification of applications and data while in use.

This eases a set of potential security threats in moving data to the cloud, such as a hypervisor vulnerability allowing other virtual machines to leak private data, or a rogue cloud provider employee with access to a company's physical machine backdooring a workflow.

There's a lot of industry buzz about confidential computing for a few reasons. The first is obvious: The rising number of cyberattacks is spurring a need for better data security.

Second, technologies that enable confidential computing, such as security features in operating systems and on CPUs, have achieved industrial strength, as with AMD-SEV and Intel SGX.

Third, the major public cloud providers, in particular Google Cloud Platform and Microsoft Azure, have been beefing up their confidential computing capabilities.

A note on that third point: Though much of the discussion about confidential computing has centered on its usefulness in securing sensitive data as it moves to the public cloud, its advantages are equally compelling and relevant for protecting data in use in many more environments, namely edge and on-premises deployments.

The space keeps heating up. For example, in May, AMD announced new confidential computing virtual machines for Google Cloud.

Confidential computing also has the support of a project community at the Linux Foundation, with commitments from nearly 40 member organizations and contributions from several open source projects.

Confidential computing has significant real-world benefits. Take financial services, for example. In that industry, business processes such as anti-money laundering and fraud detection require financial institutions to share data with external parties.

With confidential computing, they can process data from multiple sources without exposing customers' personal data. They can run analytics on the combined data sets to, say, detect the movement of money by one user among multiple banks, without introducing security and privacy problems.

By unlocking data computing scenarios that weren't possible before, confidential computing should be an important security and privacy advance for years to come.

How Confidential Computing Locks Down Data, Regardless of Its State

If you're not teaching all of your employees proper security hygiene, you are leaving the door open to risk. Close that door by providing accessible training.

Many studies show that companies with gender and racial diversity within their board, leadership team, and workforce are more likely to have increased profitability and greater competitive advantage. Equitable access for all employees is an important part of ensuring diversity with the organization, but companies have a long way to go when it comes to accessibility, especially for people with disabilities.

According to the World Economic Forum, businesses that include disabled people see as much of an improvement in performance as those with higher degrees of female and racial minority representation. "With 28% higher revenue, double net income, 30% higher profit margins, and strong next generation talent acquisition and retention, a disability-inclusive business strategy promises a significant return on investment," its Valuable 500 project asserts.

Within cybersecurity, security awareness training programs are an incredibly important part of preventing breaches, given most attacks use some form of social engineering. However, many such programs are not fully accessible for all employees. This increases the risk of security threats, as a swath of employees are not educated or trained to recognize security threats, properly respond, and escalate.

For many, their online experience is already challenged by language barriers. An estimated 98% of Web pages are published in just 12 languages, and more than half of them are English, yet less than half of the world's population speaks one of those 12 languages as their first language.

This is compounded by the difficulties put in the way of people with disabilities. The average website home page contains more than 50 accessibility errors. Combine that with the poor digital usage rates of individuals who need accessible content most, and you can see how a significant number of users aren't getting the information they need to keep them, as well as their employers, safe from cybersecurity threats.

Human error exposes organizations to tremendous risk, as cyber breaches are often caused by these mistakes. When companies don't prioritize accessibility in training employees, they exclude a portion of their workforce who then cannot help combat cyber threats. If your security awareness training program isn't inclusive of diverse populations and does not meet minimum accessibility standards, you are more vulnerable to attack, and those you have not trained will be your weakest spots.

**What Is Accessible Security Awareness Training?**

Accessible security awareness training maximizes inclusivity — or, to reverse the thinking slightly, minimizes the number of people excluded from the program. This means the training content can be viewed by individuals who prefer learning in a language not considered the main language in your city or country, and individuals living with a disability and/or who use assistive technology, such as a screen reader, to consume digital content.

Basically, the training must be designed with all users in mind. From text courses to interactive learning and overall structure, there are a lot of variables to consider. Built-in customization gives those who require an alternate learning experience the opportunity to tailor training to their specific needs. This can be as simple as a tick box that serves as an opt-in for the accessible version of your security awareness training.

**7 Ways to Make Security Awareness Training More Accessible**

Truly accessible security awareness training content is built from the ground up, with various measures considered early in the creative process. Here are seven tips to help make your security awareness training more accessible to all users:

1.  Write clearly and concisely for better understanding.
2.  Make training available in multiple languages.
3.  Clean up your lesson structure to make content streamlined.
4.  Carefully consider the colors and contrasts you use.
5.  Use descriptive links and alt text.
6.  If video is essential, use closed captions.
7.  Use pop-out windows to maintain interactivity.

By considering these tips when designing your security awareness training program, you are including all people within your organization, which supports a culture of vigilant employees.

We implement security awareness training to equip our employees with the best tools possible, so they can help prevent cyberattacks and breaches. We need to make sure everyone is as safe online as they possibly can be. If accessibility is not present, we are failing our employees and creating risk within our organization.

Remember to check in on your organization's security awareness training program and determine what improvements can be made. Listen to your employees and recognize their needs so that you create the best possible first line of defense against security threats.

Accessible Cybersecurity Awareness Training Reduces Your Risk of Cyberattack

Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.

The rising cost of ransomware attacks is helping push significant premium increases in cyber-insurance policies in the UK and US, new data shows.

With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cybersecurity insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber-insurance industry.

However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.

Nik Whitfield, founder and chairman of Panaseer, notes that 82% of insurers surveyed said they expect the rise in premiums to continue. "The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive," he explains.

Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analyzing cyber-risk. "Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it," Whitfield says. "Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance."

The survey found that the most important factor when assessing potential customers' security posture is their cloud security — cited by 40% of survey respondents — followed by security awareness (36%), application security (32%), vulnerability management (31%), privileged access management (31%), and patch management (30%).

One of the likely challenges in the market, Whitfield points out, is the high degree of hesitancy many organizations may have about handing over privileged information about the inner workings of their security posture. "No one wants to share their security information with anybody else because that creates a security risk, and it feels vulnerable to expose intimate information about your security posture to others," he says.

Worst case, there will be companies unable to get insurance because they can't provide sufficient information to get reasonably priced insurance, according to Whitfield.

"In those cases, they will have to do something more extreme, such as providing evidence, information, and hopefully work with their insurer to improve their security posture," Whitfield notes. "It's like any type of risk — the better the risk looks to the insurer, the better your premiums and the easier it will be to get insured. And it'll be no different in cyber."

**Cyber Insurance Market Waffles on Pricing**

The survey indicates that many insurers don't yet have the answer to how to price cybersecurity insurance: While 47% of total respondents said they are "very confident" in their underwriting process, 44% are only "somewhat confident."

"There's some conflicting results that show on the one hand, they're confident in their models, but on the other hand, they're not really confident that they understand how to price it," Whitfield explains. "This is going to evolve over time. But there needs to be an openness and awareness and a conversation with the market about how to do this."

Complicating matters is that the past is never a good predictor when it comes to cybersecurity. "For some kind of risks, the past can give you a good handle on what's going to happen in the future," he says. "In cyber, it's just not the case. We have active adversaries. We have new tools, techniques, and procedures to gain access to our environments, new malware, new applications. The past is no predictor of the future. And that's what makes it so difficult for them to price this."

Insurers and brokers are charging more for policies and setting higher requirements as they face an increasingly complex threat landscape that has taken on a global nature, while the frequency and severity of attacks are increasing.  

A Kaspersky study released in January 2022 and conducted in October 2021 indicated investing in cyber insurance is a growing proactive trend; 28% of respondents said their company annually invests anywhere from $25,000 to $50,000 per year.

From Whitfield's perspective, the outlook for cybersecurity threats is going to get worse before it gets better. "The risk to businesses has been increasing, and the number of breaches and the cost of a breach has been rising steadily in the last few years," he says.

So, how can the insurance industry both support business and make a return at the same time? It will take a partnership between the insured and the insurer, he explains. "I don't think it could be forced by one party or the other, and it needs to be settled with evidence rather than a questionnaire finding out what the opinion of an organization is about a security posture." 

That means insurers getting hard data about an organization's security posture, provided in an efficient, timely way, and with high-quality data that can be relied on. "That will be the real revolution in the cyber-insurance industry," Whitfield says.

Ransomware Scourge Drives Price Hikes in Cyber Insurance

The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure.

As more organizations migrate their data, applications, and workloads to the cloud, securing the infrastructure remains a challenge. Security teams don't always know exactly what is happening within each cloud environment, making it difficult to detect when security policies are being violated.

That's the problem Paladin Cloud aims to solve with its security-as-code platform.

Paladin Cloud’s platform is intended to help developers and DevOps teams safeguard their applications and data, both in testing and production. It accomplishes this goal by providing teams with full visibility into the organization's various cloud services and systems. The platform includes a plug-in-based architecture that helps developers connect to and ingest data from sources including code repositories, threat intelligence systems, container scanning, API gateways, and cloud-based enterprise systems such as Kubernetes.

Supported vendor systems include Qualys Vulnerability Assessment Platform, Bitbucket, Trend Micro Deep Security, Tripwire, Venafi Certificate Management, and Red Hat. Security teams can write rules based on data collected by these plugins to get a complete picture of the organization's cloud security posture.

"The platform discovers assets, evaluates policy, creates issues for policy violations, and prioritizes remediation," according to a page on Paladin Cloud's GitHub repository. If fixes for policy violations have already been defined, then the platform can go ahead and execute those actions to remediate the issues. This way, the platform provides automatic detection and remediation of violations, such as unauthorized access, misconfigured systems, and insecure APIs.

Organizations can also take advantage of the platform's extensible policy management to oversee hybrid clouds, where the data and applications are hosted on both public and private infrastructure.

Paladin Cloud lists various out-of-the-box features on its GitHub page, including continuous asset discovery, ability to search all discovered resources, custom policies and custom auto-fix actions, dynamic asset grouping to view compliance, exception management, OAuth2 support, and role-based access control.

The platform is now generally available for Amazon Web Services, Google Cloud, and Microsoft Azure. Along with announcing the platform's availability, the company announced a $3.3 million seed financing round.

Paladin Cloud Launches New Cloud Security and Governance Platform

"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.

Threat actors are increasingly using fake Microsoft and Google software updates to try to sneak malware on target systems.

The latest example is "HavanaCrypt," a new ransomware tool that researchers from Trend Micro recently discovered in the wild disguised as a Google Software Update application. The malware's command and-control (C2) server is hosted on a Microsoft Web hosting IP address, which is somewhat uncommon for ransomware, according to Trend Micro.

Also notable, according to the researchers, is HavanaCrypt's many techniques for checking if it is running in a virtual environment; the malware's use of code from open source key manager KeePass Password Safe during encryption; and its use of a .Net function called "QueueUserWorkItem" to speed up encryption. Trend Micro notes that the malware is likely a work-in-progress because it does not drop a ransom note on infected systems.

HavanaCrypt is among a growing number of ransomware tools and other malware that in recent months have been distributed in the form of fake updates for Windows 10, Microsoft Exchange, and Google Chrome. In May, security researchers spotted ransomware dubbed "Magniber" doing the rounds disguised as Windows 10 updates. Earlier this year, researchers at Malwarebytes observed the operators of the Magnitude Exploit Kit trying to fool users into downloading it by dressing the malware as a Microsoft Edge update.

As Malwarebytes noted at the time, fake Flash updates used to be a fixture of Web-based malware campaigns until Adobe finally retired the technology because of security concerns. Since then, attackers have been using fake versions of other frequently updated software products to try to trick users into downloading their malware — with browsers being one of the most frequently abused.

Creating fake software updates is trivial for attackers, so they tend to use them to distribute all classes of malware including ransomware, info stealers, and Trojans, says an analyst with Intel 471 who requested anonymity. "A non-technical user might be fooled by such techniques, but SOC analysts or incident responders will likely not be fooled," the analyst says.

Security experts have long noted the need for organizations to have multi-layered defenses in place to defend against ransomware and other threats. This includes having controls for endpoint detection and response, user and entity behavior-monitoring capabilities, network segmentation to minimize damage and limit lateral movement, encryption, and strong identity and access control -- including multi-factor authentication. 

Since adversaries often target end users, it is also critical for organizations to have strong practices in place for educating users about phishing risks and social engineering scams designed to get them to download malware or follow links to credential harvesting sites.

**How HavanaCrypt Works**

HavanaCrypt is .Net malware that uses an open-source tool called Obfuscar to obfuscate its code. Once deployed on a system, HavanaCrypt first checks to see if the "GoogleUpdate" registry is present on the system and only continues with its routine if the malware determines the registry is not present.

The malware then goes through a four-stage process to determine if the infected machine is in a virtualized environment. First it checks the system for services such as VMWare Tools and vmmouse that virtual machines typically use. Then it looks for files related to virtual applications, followed by a check for specific file names used in virtual environments. Finally, it compares the infected systems' MAC address with unique identifier prefixes typically used in virtual machine settings. If any of checks show the infected machine to be in a virtual environment, the malware terminates itself, Trend Micro said.

Once HavanaCrypt determines it's not running in a virtual environment, the malware fetches and executes a batch file from a C2 server hosted on a legitimate Microsoft Web hosting service. The batch file contains commands for configuring Windows Defender in such a manner that it allows detected threats. The malware also stops a long list of processes, many of which are related to database applications such as SQL and MySQL or to desktop applications such as Microsoft Office.

HavanaCrypt's next steps include deleting shadow copies on the infected systems, deleting functions for restoring data, and gathering system information such as the number of processors the system has, processor type, product number, and BIOS version. The malware uses the QueueUserWorkItem function and code from KeePass Password Safe as part of the encryption process.

"QueueUserWorkItem is a standard technique for creating thread pools," says the analyst from Intel 471. "The use of thread pools will speed up encryption of the files on the victim machine."

With KeePass, the ransomware author has copied code from the password manager tool and used this code in their ransomware project. "The copied code is used to generate pseudorandom encryption keys," the analyst notes. "If the encryption keys were generated in a predictable, repeatable way, then it might be possible for malware researchers to develop decryption tools."

The attacker's use of a Microsoft hosting service for the C2 server highlights the broader trend by attackers to hide malicious infrastructure in legitimate services to evade detection. "There is a great deal of badness hosted in cloud environments today, whether it's Amazon, Google, or Microsoft and many others," says John Bambenek, principal threat hunter at Netenrich. "The highly transient nature of the environments makes reputation systems useless."

Fake Google Software Updates Spread New Ransomware

Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.

A little social engineering and commercially available remote administration tools (RATs) and other software are all the new Luna Moth ransom group has needed to infiltrate victims' systems and extort payments.

The threat group is essentially pulling off ransom attacks without the ransomware, according to researchers at Sygnia, who today published their findings on Luna Moth.

With co-opted branding from Zoho Masterclass and Duolingo, Luna Moth launches a classic phishing campaign to compromise victim devices and exfiltrate any available data. Phishing emails request a payment for a subscription and offer a PDF attachment with a cell phone number to call for more information. When the victim calls to discuss the invoice, the call is answered by the threat actor, who will try to trick the victim into installing Atera, a widely available RAT, giving the attackers full device control.

The researchers observed Luna Moth abusing other off-the-shelf remote administration tools including Splashtop, Syncro, and AnyDesk for device takeover. In addition to RATs, commercially available tools like SoftPerfect Network Scanner, SharpShares, and Rclone were used to access and exfiltrate data, the researchers added.

"The tools are stored on compromised machines under false names masquerading as legitimate binaries," Sygnia said it in its report on Luna Moth. "These tools, in addition to the RATs, provide the threat actors with the means to conduct basic reconnaissance activities, access additional available assets, and exfiltrate data from compromised networks."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

'Luna Moth' Group Ransoms Data Without the Ransomware

Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.

Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organizations more than $343 billion over the next five years. 

Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report. 

"Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution," Nick Maynard, the report's author, explained in a statement along with the latest online payment fraud findings. "Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Online Payment Fraud Expected to Cost $343B Over Next 5 Years

**LONDON, 11 July, 2022 –** Global research and advisory firm Omdia today unveils its Data Center Thermal Management and Sustainability Intelligence Service. The new annual service offers technology manufacturers, vendors and service providers comprehensive insight and analysis of sustainable data center practices and strategies, with a focus on new technologies such as liquid cooling and energy storage.

Increasing compute requirements continue to drive data center development requiring new approaches to thermal management. At the same time, data center operators and end-users are looking for data centers with sustainability credentials and are making purchasing decisions based on the presence of practices that reduce greenhouse gas emissions.

“While the use of air-cooled equipment dominates data centers today, liquid cooling solutions are gaining interest because they improve the power-to-cooling ratio, address new workload needs and help to achieve sustainability goals. Omdia predicts the liquid cooling market will top $1 billion in 2025,” said Moises Levy, PhD, Senior Principal Analyst, Data Center Physical Infrastructure, Omdia.

Levy added, “The data center thermal management market, which includes the liquid cooling market, is on track to reach $7.7 billion by 2025. The adoption of hybrid solutions involving air and liquid cooling will continue to increase globally in data centers, driven by energy consumption concerns and sustainability goals.”

Through market trends, surveys and reports as well as analyst insights and briefings, the Data Center Thermal Management and Sustainability Intelligence Service will help to:

*   Understand data center investment enabling sustainability
*   Compare and contrast the actions and practices of data center operators
*   Outline ways to improve resource efficiency
*   Offer thermal management strategies and insights into strategy evolution
*   Follow key trends such as AI-based analytics for data center management, equipment renewal, reuse and more

To learn more about the Data Center Thermal Management and Sustainability Intelligence Service please click here.

**ABOUT OMDIA**

Omdia is a leading research and advisory group focused on the technology industry. With clients operating in over 120 countries, Omdia provides market-critical data, analysis, advice, and custom consulting.

Omdia was formed in 2020 following the merger of IHS Markit, Tractica, Ovum and Heavy Reading. Sitting at the heart of the Informa Tech portfolio, Omdia reaches over four million technology decision makers, influencers and practitioners that form part of the wider Informa Tech community and has specialist research practices focusing on Enterprise IT, AI, Internet of Things, Communications Service Providers, Cybersecurity, Components & Devices, Media & Entertainment and Government & Manufacturing.

Source

DARKReading