Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.

Source: MedStockPhotos via Alamy Stock Photo

An unmitigated revamp of healthcare cybersecurity is coming in 2025, and experts warn that the compliance burden for organizations will be steep.

Since 2005, healthcare organizations have been subject to Security Standards for the Protection of Electronic Protected Health Information ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a set of national standards designed to protect electronic protected health information (ePHI). But while threats to ePHI have risen year after year, the Security Rule has remained staid, last updated in January 2013.

Last week, the US Department of Health and Human Services (HHS), via its Office for Civil Rights (OCR), proposed a long-awaited update to the Security Rule. The 400-page working draft is as serious as its length would suggest, with extensive new requirements for providers, plans, clearinghouses, and their business associates. And while the requirements are all standard best practices, experts point out that this new update is more significant and less flexible than any previous version of HIPAA has been.

**Multifactor Authentication, Encryption & Risk**

Since the beginning, HIPAA has always been the best, yet insufficient, regulation dictating cybersecurity for the healthcare industry.

"\[There's\] a history of the focus being in the wrong place because of the way HIPAA was laid out in the mid-1990s," says Errol Weiss, chief information security officer (CISO) of the Healthcare Information Sharing and Analysis Center (Health-ISAC). "At the time, there was this big push to transfer medical and health records to the electronic medium. And with the advent of the HIPAA regulations, it was all about protecting patient privacy but not necessarily securing those records."

HIPAA's focus on privacy limited its ability to address more diverse cybersecurity threats in the 2010s, particularly ransomware. Meanwhile, instead of using it as a baseline for developing a robust security posture, organizations tended to treat HIPAA more as a set of boxes to check. "It ended up driving budgets toward compliance and not necessarily security. And in the past five or six years, we've seen what happens in an environment that's not properly secured, not properly tied down, not properly backed up, when they're hit by ransomware," Weiss says.

HHS highlighted this same point in a statement released alongside the draft Security Rule. From 2018 to 2023, it reported, large-scale healthcare breaches rose 102%, and the individuals affected rose 1,002%, primarily thanks to ransomware. 2023 set a new record, with more than 167 million individuals affected.

The newly proposed Security Rule aims to fix things up, with a laundry list of new requirements that touch on patch management, access controls, multifactor authentication (MFA), encryption, backup and recovery, incident reporting, risk assessments, compliance audits, and more.

As Lawrence Pingree, vice president at Dispersive, acknowledges, "People have a love-hate relationship with regulations. But there's a lot of good that comes from HIPAA becoming a lot more prescriptive. Whenever you are more specific about the security controls that they must apply, the better off you are."

**HIPAA Grows Teeth**

Pingree recalls how "HIPAA, for a long time, had a kind of wide-angle lens. 'Thou shalt protect your data.' And, frankly, those nebulous rules mean that you get lots of different, varying interpretations."

Historically, in fact, this has been HIPAA's great downfall.

It's just about impossible to impose universally effective cybersecurity rules on an entire industry. Smaller and larger organizations have different needs and different capabilities — and budgets. The threat landscape is constantly changing, so rules designed today may prove obsolete tomorrow. To account for this inevitability, the original HIPAA Security Rule included its provision 164.306, which drew a distinction between "addressable" and "required" rules. For addressable rules, organizations could "assess whether each implementation specification is a reasonable and appropriate safeguard in its environment, when analyzed with reference to the likely contribution to protecting electronic protected health information," according to HIPAA. An organization might decide that a rule was not appropriate or reasonable in its case due to the specifics of its infrastructure, its size or capabilities, the costs of implementing any given security measure, etc.

Joseph J. Lazzarotti, principal at Jackson Lewis P.C., says provision 164.306 allowed for the kind of flexibility businesses always ask for: "That we're not expecting the same thing from every solo practitioner on Main Street in the Midwest versus the large hospital on the East Coast. There are obviously going to be different expectations for compliance."

But some healthcare organizations exploited this legal flexibility to avoid having to invest in more security defenses. "We are concerned that some regulated entities proceed as if compliance with an addressable implementation specification is optional," HHS wrote in its latest proposal. "That interpretation is incorrect and weakens the cybersecurity posture of regulated entities."

The new Security Rule would eliminate the required-addressable distinction, forcing all regulated organizations to comply with the same rules, regardless of circumstance.

**New Costs for Data Health With HIPAA**

This newer, stricter Security Rule would force major hospitals on the East Coast and solo practitioners in the Midwest alike to implement a lot of new cybersecurity measures, and it won't be cheap. According to a Dec. 27 press briefing from Anne Neuberger, deputy national security adviser for cyber and emerging technology, the White House estimates that implementation costs will run around $9 billion in the first year following the rule change, then another $6 billion in years two through five.

The Health-ISAC's Weiss worries that isn't realistic for many healthcare organizations. "When you look at these organizations, many are, at best, operating on thin profit margins as it is," he says. "Many of them are in the red, and can't afford stuff like this."

"Even if they're already following all the NIST controls," Dispersive's Pingree estimates, implementing the new HIPAA security rules "could cost as low as $100,000 for a small doctor's office, or it could be many millions if you're a big medical group."

One possible way stretched healthcare organizations might navigate all these new rules and their associated costs is with an outsourced, virtual chief information security officer (vCISO), according to Weiss. Because "it's not just about buying the technology. It's also about recruiting and retaining the cybersecurity expertise that you need to run," he says.

"These organizations don't know where to start," he continues. "The cybersecurity market is very confusing. There are a lot of players. There are a lot of solutions. So if you have $100 to spend on cybersecurity, where do you spend that? They need help to be able to figure all of that out. And I think something like a virtual CISO can help implement a strategy, and then be around on a virtual basis — to check in, to be a resource for that organization when they have questions and they need some help. It seems like a decent model for these small rural hospitals that could not necessarily justify or hire a full-time CISO."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

New HIPAA Cybersecurity Rules Pull No Punches

The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.

Source: Bjanka Kadic via Alamy Stock Photo

NEWS BRIEF

Apple has agreed to pay a $95 million cash settlement to wrap up a proposed class action lawsuit, Lopez v. Apple, Inc., involving mobile device owners reporting that the tech company has routinely recorded conversations after unintentionally activating Siri.

The class action lawsuit period spans from Sept. 17, 2014, to Dec. 31 of last year, the time period Apple was implementing the "Hey, Siri" feature, which the plaintiffs allege made unauthorized recordings.

Two of the plaintiffs note of their personal issues with the feature, stating that by mentioning things such as Air Jordan sneakers and Olive Garden restaurants, ads were then triggered for these products. Another plaintiff began receiving ads for a surgical procedure they had only privately discussed with their health provider.

The plaintiffs may seek up to $28.5 million in fees as well as $1.1 million for expenses in this case. The members of the suit, estimated to be in the tens of millions, would likely receive up to $20 per Siri-enabled Apple device, should the settlement be agreed upon.

In agreeing to settle, however, Apple has denied any wrongdoing on its part.

This preliminary settlement was filed just this Tuesday and will require approval from US District Judge Jeffrey White before any steps forward can be taken.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Apple Offers $95M to Settle Siri Privacy Lawsuit

Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant.
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the

Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations

Your messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there's no time like the present to do some digital decluttering.

If you're worried about possible expansions of government surveillance and access to your information, or simply want to do some digital purging so you're not saddled with old data, there are a bunch of concrete steps you can take to protect your digital privacy. Just as archeologists study carefully preserved tombs and ancient trash heaps to gain insight into historic communities, your long-forgotten digital footprint could be more revealing and sensitive than you realize. And while you can't control everything—particularly information stolen in breaches or gathered by data brokers—you probably have a digital attic full of old data that you can delete or download and save offline. First stop? Old message histories.

Chats are a good place to start your digital decluttering. Their real-time nature makes it easy to forget that if you don't have auto-delete turned on for a chat (or if a platform doesn't offer it), all of those “be there in 10 minutes,” “wait, what color is this dress???” and “welp, I have covid” messages are still knocking around years later. If you sent them on an end-to-end encrypted platform like Signal or WhatsApp, they only exist on your device and the devices of the other person or people you were chatting with. That means that for governments or bad actors to read them, they would need direct control of your device—a good level of protection, though not foolproof.

Crucially, though, messages that you sent on regular web apps like Slack, Facebook Messenger for most of its history, and Google Chat/Hangouts/Gchat are sitting on a cloud server somewhere. And while they're probably stored in an encrypted form to protect against theft, the platform itself has the keys to decrypt your data and would be able to comply with government requests for it, no matter how old the information is. Sure, all of those “u up?"s may not seem significant now, but years and years of chat histories can paint a very detailed picture of your life, associations, political beliefs, and past movements and activity.

“Doing a good digital cleaning from time to time is a great habit, especially with social media and old chat messages,” says Kenn White, security principal at the database developer MongoDB and director of the Open Crypto Audit Project. “Who you were five or 10 years ago is probably very different than who you are today, so it's worth asking yourself, ‘Do I really need those seven-year-old inside jokes and sarcastic posts? Do I need to keep old group chat messages and carry them forward to every new phone I get?’”

Some programs like Apple's Messages make it easy to auto-delete your chat histories after a set period of time. On iOS, go to **Settings** > **Apps** > **Messages** and then scroll and tap **Keep Messages**. Then choose whether to keep messages forever, for one year, or for 30 days before auto-deleting.

On the free version of Slack, data older than a year is automatically deleted. The company keeps data forever on paid plans, unless the administrator sets up rolling deletion. This is useful if you have an active Slack with your friends, but most people who use Slack at work don't make decisions about administrative policies and can't control deletion. Keep this in mind for any communication you do on an employer's platforms. You may be able to go through and delete messages or files one by one, but you likely won't have the access to make policy decisions about automatic or batch deletion.

Similarly, you may want to go through your chats on Android or iOS and delete old SMS conversations. Meta's Messenger now offers auto-delete options, but for your existing chats, you have to go down the list on desktop or in the Messenger mobile app and delete chats one by one. Meta's other chat platforms, Instagram Chat and WhatsApp, are similar, except that WhatsApp has been end-to-end encrypted since 2016 instead of adding the protection recently.

Consider whether you've spent time chatting on other social platforms as well. X, for example, has been through a lot of changes since Elon Musk bought Twitter more than two years ago and took the company private again. Musk promised that he would add end-to-end encryption to DMs on X, and eventually debuted an opt-in encryption feature with the paid tier of the platform, but the company doesn't definitively say that the tool offers full end-to-end encryption and it isn't open source for vetting. You can delete individual messages or go through your chat list and delete whole DM conversations if you want to pare down the data you're keeping on the platform.

If you've had Gmail for a long time, the messenger service “Google Talk,” once colloquially known as “Gchat,” may have a special place in your heart. And perhaps, over the years, you went through the saga in which Gchat—which was once known for interoperability with platforms like AIM—became the siloed Google chat platform Hangouts, and then transformed again into what is now called Google Chat. Your chats on this platform through the years are still hanging around, but they're not all in the same place.

The crucial thing to understand is that Gchat was fully integrated with Gmail and wasn't a separate platform, so your chat histories all saved in your mail archive. To find them now, open Gmail and **search for the phrase in:chats** (using no quotation marks). Hundreds or thousands of chats from May 2013 and earlier may pop up. They must be deleted directly from Gmail. After May 2013, Google migrated Gchat users to Hangouts, and that history has come forward into what is now Google Chat, so you can delete whole chats or individual messages there.

“Messages sent and received with history on in Google Talk from before May 2013 (the time when Google Hangouts launched) are stored in Gmail under the ‘in:chats’ label. Those messages are not available in Google Chat and can be deleted directly from Gmail only,” Google spokesperson Ross Richendrfer tells WIRED. “In terms of Hangouts data—which was merged with Chat—core Chat controls (including deletion) will work.”

There are lots of other chat apps to consider, too, where old messages may still be lurking. Think about Skype chat or GroupMe. And there's one other complicating factor when you declutter your messages: Most deletion features only delete data from your account, and the messages live on in the accounts of the person or people you were chatting with. To do a total digital detox you need to recruit your community to delete their message archives as well.

Additionally, you may feel sentimental about burning your letters (aka deleting all of your old chats). If you're sad about hitting that trash icon, consider downloading chat histories with your closest friends or other loved ones and storing them on an encrypted external hard drive before deleting them from the cloud. This way, you don't have to give up that slice of life completely, but the data isn't controlled by other entities anymore.

“Some apps, including Signal, give one the ability to set a ‘self-destruct’ time on messages, perhaps in hours or weeks. This is worth considering to reduce your exposure, particularly if you travel outside the country, are politically active, or in any way have a higher public profile,” MongoDB's White says. “It's easy to dismiss the potential of attacks on our personal data and physical safety as something that's only a concern for some James Bond–type scenarios, but the hard truth is that threats exist in many forms, both online and in person.”

Hey, Maybe It's Time to Delete Some Old Chat Histories

The results of Dark Reading's 2024 Strategic Security Survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption, such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025.

Source: John Williams RF via Alamy Stock Photo

Enterprise IT and security managers had a lot to worry about in 2024, such as the exploding number of vulnerabilities, increased volume of threats against their organizations, constant drumbeat of data breaches, and steady stream of user errors and behaviors to manage. Also a big concern was the growing risk exposure as a result of their organizations' increased reliance on cloud technologies.

Respondents to Dark Reading's Strategic Security Survey revealed growing concerns about risks tied to cloud services. In the face of rising adoption of cloud services for data storage, applications, and business operations, organizations appear to be particularly worried about their dependence on cloud providers' security measures and their reduced control over data in cloud environments. Thirty-five percent of organizations, compared with just 23% in the 2023 survey, reported using between 10 and 29 cloud applications internally. Most organizations said they work with multiple cloud providers, which contributes to the visibility challenges. Almost half (48%) rely on two or three providers, and 60% use between two to five cloud service providers.

The near ubiquity of the cloud means organizations are increasingly concerned about cloud security threats. Exploits targeting cloud service providers is the top worry for almost half of the respondents (49.6%), followed closely by cloud services breaches and intrusions (47.8%). The lack of data visibility in cloud environments and an inability to enforce security policies on cloud-stored data tie for third place (39.1%). In comparison, the 2023 survey revealed 45% of respondents worried about cloud exploits, 38% worried about cloud services breaches, and 24% worried about the inability to enforce security policies in the cloud.

The complexity of cloud security is further highlighted by organizations' staffing and control concerns. Overreliance on cloud service providers to detect data breaches was cited by 28.7% of respondents, while 19.1% expressed concern about unclear incident-response protocols with their cloud service providers. Notably, the percentage of organizations worried about their inability to enforce security policies on cloud-stored data increased from 24.4% in 2023 to 39.1% in 2024, suggesting a growing awareness of the challenges in maintaining security control in cloud environments. These findings indicate that while organizations continue to embrace cloud services, they struggle with visibility, control, and the division of security responsibilities between themselves and their cloud service providers.

Security teams have long grappled with the challenges posed by the shared responsibility model with cloud providers, where the provider and the organization have to work together to handle their part of the security tasks. The survey found that organizations are increasingly including the challenges of shared responsibility models, data sovereignty issues, and loss of control in their risk assessments. For instance, 39% are worried about risks tied to a lack of visibility in cloud environments, and an identical proportion believed their inability to enforce enterprise data security policies in the cloud has put them at risk. Nearly three in 10 (29%) are concerned about their overreliance on cloud vendors to detect security issues.

**About the Author**

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

Managing Cloud Risks Gave Security Teams a Big Headache in 2024

In what's being called a "major cybersecurity incident," Beijing-backed adversaries broke into cyber vendor BeyondTrust to access the US Department of the Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.

Source: trekandshoot via Alamy Stock Photo

UPDATE: This story was updated on Dec. 30 to include a statement from a BeyondTrust spokesperson.

The US Department of the Treasury alerted lawmakers on Monday that Chinese state-backed threat actors were able to compromise its systems and steal data from workstations earlier this month.

Because an advanced persistent threat (APT) group is suspected to be behind the hack, it is being treated as a "major cybersecurity incident," the disclosure letter from the Treasury Department said. The letter was sent to the chairman and ranking member of the Senate committee that oversees the agency.

Adversaries broke into the Treasury Department through third-party cybersecurity vendor BeyondTrust and "...gained access to a remote key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users," the letter explained. "With access to the stolen key, the threat actor was able to override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users."

BeyondTrust has more than 20,000 customers across more than 100 countries who use its privileged remote access tools, according to its website, which also states that the company is used among 75% of Fortune 100 organizations. The company has not responded to Dark Reading's request for comment.

BeyondTrust told the Treasury Department about the issue on Dec. 8; the department, along with the Cybersecurity and Infrastructure Security Agency and the FBI, is investigating the compromise, according to the letter.

A BeyondTrust advisory said the company was alerted on Dec. 5 to a compromised API key, which was immediately revoked. Impacted customers have already been notified, and the company is working with them on remediation, according to a statement from a BeyondTrust spokesperson.

"BeyondTrust previously identified and took measures to address a security incident in early December 2024 that involved the Remote Support product," the statement said. "No other BeyondTrust products were involved."

**'Epic' Chinese Hack of US Treasury**

The revelation that Beijing was able to strike right at the heart of America's federal capitalist system itself comes as the federal government continues to grapple with the sprawling and coordinated Chinese-backed cyberattacks against telecommunications companies in the US. Once inside, hackers from groups including Salt Typhoon accessed call data and text messages of an unknown number of Americans. So far Chinese hacking groups have been discovered inside at least nine different telecom networks in the US.

While investigations into the US Treasury breach are ongoing, these brazen Chinese acts of cyber espionage are almost to certain to require dicey diplomatic maneuvering. That could prove to be difficult to pull off during the murky transition period from the Biden administration to the incoming Trump administration.

"Beijing's routine denial of responsibility for cyberespionage incidents raises diplomatic challenges with the US in addressing such breaches effectively since there's lack of transparency and accountability/coordination," said Lawrence Pingree, vice president of Dispersive, in a statement provided to Dark Reading.

It's still unclear whether the Chinese hackers were able to crack the application's secrets or a cryptographic key, he added.

"Secrets and cryptographic key management are critical elements of managing software API access and thus if deficient in some way, or a compromise occurs via a developer's endpoint, the breach of those secrets and authentication keys can create these types of epic breaches," Pingree said.

The breach also shows that cybersecurity vendors remain a favorite target of sophisticated state threat actors, according to former NSA cyber expert Evan Dornbush, who provided a statement in reaction to the breach.

"The cybersecurity world is reeling from yet another high-profile breach, this time targeting the clients of security vendor BeyondTrust," Dornbush said. "This incident joins a growing list of attacks on security firms, including Okta (whose breach directly impacted BeyondTrust as a customer), LastPass, SolarWinds, and Snowflake."

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Chinese State Hackers Breach US Treasury Department

IN THIS ARTICLE: Hackers have released what they claim to be the second batch of data stolen in…

****IN THIS ARTICLE:****

*   **Hackers’ Claims:** IntelBroker released a second batch of extracted Cisco data, amounting to 4.84 GB, from the October 2024 breach, claiming it is part of a 4.5 TB trove.

*   **Leaked Data Contents:** The data includes sensitive files such as software artifacts, network configurations, testing logs, cloud server images, and cryptographic signatures, exposing intellectual property and operational insights.

*   **Misconfigured Resource Exploitation:** The data originated from a misconfigured, public-facing DevHub resource left exposed without password protection, allowing hackers to download it.

*   **Cisco’s Response:** Cisco acknowledged the incident, stated public access was disabled, and confirmed no servers were breached or sensitive data compromised, though hackers contest this claim.

*   **IntelBroker’s Track Record:** The hacker, known for breaching Apple, AMD, Europol, and others, highlights ongoing exploitation of misconfigured systems, a persistent issue in cybersecurity.

Hackers have released what they claim to be the second batch of data stolen in the alleged Cisco data incident from October 2024. According to **IntelBroker**, the hacker behind the breach, the latest leak, published on Christmas Eve on Breach Forums, contains 4.84 GB of data, part of an allegedly stolen 4.5 TB.

IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

As seen by Hackread.com, the leaked data includes a trove of sensitive files, such as proprietary software development artifacts like Java binaries, source code, and application archives; network-related files including Cisco XRv9K virtual router images and configurations; testing logs and scripts; operational data such as Zero Touch Provisioning (ZTP) logs and packages; cloud server disk images; and cryptographic signatures for payment SDKs like Weixin Pay.

Additionally, the leak contains configuration files, internal project archives, and other miscellaneous documents, potentially exposing intellectual property, network configurations, and operational insights.

File tree shared by IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

****Background****

Notably, the leaked data originates from a misconfigured, public-facing DevHub resource that Cisco reportedly left exposed without password protection or security authentication, enabling the hackers to download the entire dataset **in October 2024.**

IntelBroker who accessed the misconfigured server claims they managed to extract 4.5TB of information. The first part of the data leak, which included 2.9 GB of files, was **published on December 17, 2024**.

****Cisco’s Response****

Cisco **acknowledged** (PDF) the October 2024 incident and stated that public access was disabled. The company also confirmed that none of its servers were breached and no sensitive data was compromised. However, the hackers claim otherwise, particularly regarding the extracted data.

Regarding the latest leak, Cisco noted on its incident response page that it is aware of the claims made by IntelBroker, asserting that the data published this time also stems from the October 14, 2024, incident.

> _“On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.”_  
> 
> Cisco

****Intel Broker and Previous Breaches****

Intel Broker is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **Staffing giant Robert Half**
*   **U.S. contractor Acuity Inc.**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Nevertheless, the partial leak goes on to show ongoing exploitation of misconfigured systems and exposed data. The scale of exploitation is evident, as even high-profile hackers like ShinyHunters and Nemesis **have targeted** misconfigured servers and S3 buckets.

1.  **IntelBroker Claim Access to Nokia Internal Data, Selling for $20K**
2.  **Europol Hacked: IntelBroker Claims Major Law Enforcement Breach**
3.  **IntelBroker Space-Eyes Breach, Targeting US National Security Data**
4.  **IntelBroker Claims Breach of Top Cybersecurity Firm, Selling Access**
5.  **AMD Data Breach: IntelBroker Claims Theft of Employee, Product Info**

Hackers Release Second Batch of Stolen Cisco Data

As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years.

Source: Golden Dayz via Shutterstock

Rising Internet adoption and digital transformation initiatives are exposing organizations in Africa to a growing range of cyber threats.

One manifestation of the trend is a steady increase in distributed denial-of-service (DDoS) attacks on organizations in a handful of North African countries — which also happen to be the ones with the highest Internet penetration rates in the region.

**Surge in DDoS Activity**

A recent analysis of threat activity data during the first half of 2024 by Netscout showed a 30% increase in DDoS attacks in the Middle East and Africa overall compared with the previous quarter. Countries that experienced the largest growth in DDoS attacks included Algeria, Morocco, Tunisia, and Egypt.

Morocco, which has a 90% Internet penetration rate, reported 61,000 DDoS attacks during the first half of 2024, which was the highest number of DDoS attacks in the region during the period. A plurality of the attacks — 16,461 — targeted wireless telecom producers in the region; more than 6,000 were directed at wired telecom companies; and the rest affected organizations across multiple industry sectors.

Organizations in Egypt, another country in the region with a high Internet penetration rate, collectively experienced some 45,108 DDoS attacks in the first half of the year, with wired telecom carriers being the most frequently targeted entities, followed by wireless carriers and educational institutions. Netscout found some of the highest bandwidth attacks during the time period in Egypt, with the biggest one clocking in at a hefty 332.96 Gbit/s.

Related:China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking

The story with Tunisia, which experienced 4,511 DDoS attacks in the first six months, was similar in terms of victimology: most victims were wired or wireless telecom providers. However, Netscout found threat actors deploying a larger number of DDoS attacks against Tunisian organizations than organizations in other countries. The largest such attack type involved a startling 27 vectors, including Apple Remote Management Service, Connection-less Lightweight Directory Access Protocol (CLDAP) , Constrained Application Protocol (COAP), and Domain Name System (DNS) amplification techniques for significantly increasing the power of an attack.

**Geopolitical Tensions, "Online-Ness" Drive Cyber Activity**

"These attacks can be attributed in part to businesses in countries such as Morocco, Tunisia, Egypt, Libya, and Algeria increasing their online presence over the past year," says Richard Hummel, director of threat intelligence at Netscout. "While digital transformation is generally a cause for celebration, unfortunately, it also means that more devices and services can be disrupted by attacks."

Related:'SloppyLemming' APT Abuses Cloudflare Service in Pakistan Attacks

A larger attack surface, however, is not the only reason for the increased DDoS activity in Africa and the Middle East, Hummel says. "Geopolitical tensions in these regions are also fueling a surge in hacktivist activity as real-world political disputes spill over into the digital world," he says. "Unfortunately, hacktivists often target critical infrastructure like government services, utilities, and banks to cause maximum disruption."

And DDoS attacks are by no means the only manifestation of the new threats that organizations in Africa are having to contend with as they broaden their digital footprint.

**Growing Cyber-Espionage, Cybercrime Risks**

The Africa Center for Strategic Studies in a recent report assessed that the increasing spread of IT, communications, and related technologies in the region is rapidly amplifying and altering threats against organizations — and raising national security challenges in the process. The center, which is a US Department of Defense institution, expects that over the next few years organizations in Africa will have to contend with a many of the same cyber threats that entities in other regions of the world have had to contend with for years.

Related:IDF Has Rebuffed 3B Cyberattacks Since Oct. 7, Colonel Claims

One of them is cyber espionage. "Cyberspace has fundamentally changed the methods and means through which states gather information on one another and their citizens," the Africa Center report noted. "Though the most significant cyberespionage concerns in Africa have centered around China, espionage and surveillance capabilities are rapidly diffusing across the continent."

Attacks on critical infrastructure and financially motived attacks by organized crime are other looming concerns. In the center's assessment, Africa's government networks and networks belonging to the military, banking, and telecom sectors are all vulnerable to disruptive cyberattacks. Exacerbating the concern is the relatively high potential for cyber incidents resulting from negligence and accidents.

Organized crime gangs — the scourge of organizations in the US, Europe, and other parts of the world, present an emerging threat to organizations in Africa, the Center has assessed.  "Growing internet penetration rates in Africa has both led to new kinds of cyber-dependent criminal activities, such as business email compromise or romance scams, as well transformed the financing and market dynamics of more traditional organized crime networks." Supply chain attacks are another major and emerging concern, especially given the high reliance on foreign suppliers among organizations in Africa.

Agnidipta Sarkar, vice president and CISO advisory at ColorToken, says organizations in Africa are going to come under growing pressure to implement defenses against new cyber threats, even as they embark on their digital transformation journey.

"The ability to continue business operations, despite cyberattacks, will encourage investments in the region," he predicts. "Effectively reporting breaches will emerge as a highly sought-after capability for CISOs, especially \[for\] those who can."

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

DDoS Attacks Surge as Africa Expands Its Digital Footprint

A US court ruled against NSO Group, an Israeli spyware maker, finding them liable for hacking WhatsApp users. The ruling has major implications for the surveillance technology industry."

****SUMMARY****

*   **NSO Group Held Accountable:** A U.S. court ruled against NSO Group for hacking WhatsApp accounts, violating U.S. law and its terms of service.

*   **Pegasus Spyware Abuse:** NSO exploited a WhatsApp flaw to install Pegasus spyware on 1,400 devices, targeting activists, journalists, and officials.

*   **WhatsApp Lawsuit Victory:** WhatsApp sued NSO in 2019 after discovering the spyware attack, marking a major win for privacy rights.

*   **Court Rejects NSO’s Defense:** The court dismissed NSO’s claims of immunity, holding it liable despite its stated anti-terrorism purpose.

*   **Spyware Industry Implications:** The ruling sets a precedent for accountability, boosting privacy advocacy efforts against invasive technologies.

The Israeli spyware company NSO Group has been held liable for compromising the accounts of hundreds of WhatsApp users, marking a significant legal victory for Meta Platforms.

****The Ruling****

In a landmark ruling, U.S. District Judge Phyllis Hamilton found the NSO Group responsible for hacking and breaching the world’s leading messaging app WhatsApp’s terms of service, compromising the accounts of hundreds of its users. 

According to court documents (PDF), the NSO Group exploited a vulnerability in the messaging app to install its powerful Pegasus spyware on at least 1,400 devices. This spyware, known for its ability to infiltrate phones and extract sensitive data, was allegedly used to target journalists, human rights activists, political dissidents, and government officials, raising serious concerns about privacy and human rights.

****Background Details****

For your information, WhatsApp filed the lawsuit in 2019, accusing NSO Group of accessing its servers without authorization to deploy Pegasus. It was reported by Hackread.com that the NSO Group was suspected of exploiting a new “MMS Fingerprint” attack on WhatsApp, exposing device information without user interaction. 

Hackread.com also reported earlier this year that WhatsApp discovered the vulnerability in May 2019, which let attackers install Pegasus spyware on users’ devices. The flaw was then used to target government officials and activists globally. WhatsApp sued NSO Group for the exploitation 

The Israeli firm, which claims its technology is used to combat terrorism and crime, argued that its actions were justified and that it should be shielded from liability. However, the court rejected these arguments, finding that it was responsible for the breach and that its actions violated US law.

This ruling has major implications for the spyware industry, which operates in a legal gray area. It establishes a precedent that companies like NSO Group can be held accountable for the misuse of their technology, even if they claim to be providing services to legitimate government agencies. The decision is also a major victory for privacy advocates, who have long warned about the dangers of invasive surveillance technologies.

WhatsApp hailed the ruling as a “huge win for privacy,” emphasizing that it would continue to work to protect user communications from such attacks. 

“We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions,” Will Cathcart, the head of WhatsApp stated.

1.  **ChatGPT’s Training Methods Challenged in Lawsuit**
2.  **Apple loses lawsuit against cyber security startup Corellium**
3.  **Amazon Files Lawsuits Against Fraudsters Over Fake Reviews**
4.  **YouTube MP3 Converter Site Shut Down After Labels Win Lawsuit**
5.  **Dutch Watchdog Sues Adobe Over Mass Collection of Citizen Data**

WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group

Explore how Ethereum revolutionizes industries with smart contracts, DeFi, NFTs, gaming, DAOs, and sustainability, shaping the future of…

Explore how Ethereum revolutionizes industries with smart contracts, DeFi, NFTs, gaming, DAOs, and sustainability, shaping the future of business innovation and blockchain technology.

Vitalik Buterin developed Ethereum in 2014 after taking inspiration from Bitcoin. However, he envisioned an open-source blockchain through which users could access smart contracts and trade cryptocurrency by excluding third parties. The reasons were clear: traditional financial companies risk compromising users’ data and exposing them to cybersecurity threats, which are less likely to occur on the blockchain, where users can maintain anonymity. Decentralization ensures robust maintenance through a network of global nodes and validators.

Since the blockchain offered developers many perspectives and tools, cryptocurrency has also become popular, reaching second place after Bitcoin. Now, you can buy Ethereum with a debit card or credit through Google Pay or Apple Pay, making it highly accessible globally.  Hence, one can say Ethereum’s future is bright, especially since the blockchain might become an innovative solution to modern problems. Here’s how. 

****Ethereum will promote the DeFi market** **

Decentralized Finance (DeFi) is expected to be the future of the financial industry, as it will merge features of decentralization, transparency and immutability into financial service companies like banks. This will be possible as security protocols, software, and hardware advancements will replace our current outdated systems. The financial sector of the future will ensure high accessibility to all communities, low fees for interest rates and autonomy due to decentralization. 

DeFi will be helpful for: 

*   Liquidity pools;
*   Prediction markets;
*   Non-fungible tokens;
*   Decentralized exchanges;

Developing DeFi apps might seem time-consuming at the moment. Moreover, we’re currently navigating uncertainty in regulations for crypto and blockchain, as well as in security measures, so it might take some time until DeFi apps can be safely used worldwide. 

****Ethereum will ensure access to smart contracts** **

Smart contracts are what made Ethereum so demanded by companies. They automatically seal contracts when the parties involved accomplish the predetermined instructions. Therefore, smart contracts could save companies a lot of time and money by employing automation, so there’s no need for third parties to be involved. 

Smart contracts can be useful in DeFi, for example, as they can allow fast and easy landing and borrowing. They can also help the supply chain management sector by automating the process of verifying product origin and tracing their history. Due to their benefits of interoperability and scalability, smart contracts can be applied to real estate, healthcare, and every other type of business. 

****Ethereum will innovate gaming** **

The gaming industry is one of the most successful ones, being one of the few sectors that flourished during the pandemic and continued growing after. Some of the most recent innovations in gaming include cloud gaming, AI-based development, and Virtual Reality, so it’s constantly changing to meet customer demands and expectations. 

Luckily, the Ethereum blockchain has already hopped on the trends, which is why blockchain P2E (play-to-earn) games are now widespread. Axie Infinity, the Sandbox, and Decentraland have already amassed millions of plays worldwide, allowing gamers to earn crypto while playing fun games. Most of these games are already based on the Ethereum blockchain as the network offers developers plenty of tools and mediums, so we expect it to innovate the gaming industry further. 

****Ethereum will enhance governance through DAOs****

In centralized networks, governance is based on a single central entity that makes all the critical decisions and manages businesses. While this system can be efficient because it ensures security and compliance, it can make it difficult for networks to scale and expose organizations to resistance to change. 

That’s why many are excited about working through DAOs (decentralized autonomous organizations) on Ethereum. Decisions here are made by multiple individuals, so participants are empowered to contribute to the group’s well-being. At the same time, participants’ votes are visible on the public blockchain, encouraging users to work together in building a safe space for investors and developers. 

****Ethereum can navigate business sustainability** **

Business sustainability is the latest industry trend, as companies must keep up with customer demand for green and ethical products. However, there are various challenges along the way, especially when it comes to holding companies accountable for their impact on nature. 

That’s where the Ethereum blockchain could help bring more transparency into the business area by tracking how much energy a business consumes and the carbon emissions resulting from various manufacturing or waste management actions. Ethereum is already equipped with such technology that can help assess external information through blockchain oracles. This technology would allow smart contracts to receive and send information on energy reports from the weather, for example. 

****Ethereum will power up non-fungible tokens** **

NFTs have been trending for a while as they offer investors new opportunities to expand their portfolios in a fun way. At the same time, the underlying technology allows for tokenizing real-world assets, from parcels of land to vehicles. 

The Ethereum blockchain allowed NFTs to grow and flourish, as artists had all the tools necessary to create and share them with communities. But in the future, we expect the blockchain to make it convenient for anyone to mint and trade NFTs, as the number of users that use NFTs is expected to grow to 11.64m by 2025, according to Statista. 

****Ethereum can ensure self-sovereign identity** **

Centralized systems expose users to cybersecurity vulnerabilities, leading to identity theft and unauthorized access. Luckily, with Ethereum blockchains, users will be able to store data on the network and choose who they’re sharing it with. 

This is called self-sovereign identity (SSI), which uses blockchain technology to make data more private and offer users control over their personal information. However, this would require them to use multiple identity platforms and keep track of their data alone. 

****Is Ethereum the perfect tool for future business innovation?** **

The Ethereum blockchain is an advanced network through which developers can learn to create NFTs, dApps, DAOs, and much more. The infrastructure uses smart contracts to deploy anything on the blockchain. Therefore, we expect Ethereum to become the driving force of future decentralization and efficiency. Users on the blockchain can promote DeFi, benefit from DAO governance, and make businesses more sustainable, which will ensure empowerment and high accessibility at the same time. 

1.  Could Bitcoin Be The Future Of DeFi?
2.  Is the Blockchain Secure? Yes, and Here’s Why
3.  Accepting Ethereum (ETH) for Businesses, An Overview
4.  Exploring the Phenomenal Rise of Ethereum as a Digital Asset
5.  Ethereum’s Layer 2 Solutions Could Outrun the Main Blockchain

_Editor’s Note: The information provided in this article is for informational purposes only and should not be considered financial advice. Please conduct your own research and consult a professional advisor before making any financial decisions, including buying or investing in cryptocurrency._

Tag

#apple