3 Interesting Articles

Google Authenticator can now sync 2FA codes to the cloud
Tech Crunch: Google has released a new feature for its two-factor authentication (2FA) app, Google Authenticator. The new feature allows users to sync their 2FA codes to the cloud, making it easier to transfer accounts to new devices or access them across multiple devices. In the past, one-time Authenticator codes were typically saved on a single device. This resulted in the loss of the ability to access a service that was set up with 2FA if the device was misplaced or lost. Some users may be wary of syncing their sensitive codes in Google’s cloud but there are other options for 2FA, such as Authy or Duo.

To combat cybercrime, US law enforcement increasingly prioritizes disruption
Cyber Scoop: US law enforcement is changing its approach for cybercrime enforcement. While some investigations still lead to arrests and jail time, operations are now pivoting to disrupting the online crimes and preventing ransomware payments. Earlier this year a coalition of international law enforcement took down parts of the Hive ransomware syndicate and no arrests were made. Instead, investigators snooped in the Hive network for months and disrupted attacks that would have caused $130 million in ransomware payments. The Department of Justice has been directed to disrupt and prevent the next victim rather than waiting to tie up the investigation and handing it to the US Attorney’s Office.

Malware-Free Cyberattacks Are On the Rise; Here’s How to Detect Them
Dark Reading: Earlier this week at the RSA Conference in San Francisco, it was emphasized in the keynote speech that malware-free cyberattacks are becoming increasingly prevalent as a means of infiltrating and compromising a network. Surprisingly, a staggering 71% of enterprise attacks in 2022 were conducted without the use of malware, as per the insights shared by CrowdStrike CEO Jeff Hurtz and President Michael Sentonas. Rather, attackers take advantage of legitimate tools and protocols to penetrate and traverse a targeted environment. The traditional malware detection methods such as Endpoint Detection and Response (EDR) and other detection tools are not effective as there is no malicious code to identify. Instead, companies must focus on gathering extensive telemetry from the endpoint and employ AI and machine learning to detect anomalous activity as an indication of malicious behavior.

2 Stats You Should Know

72% of organizations say it’s the everyday employee who is just trying to do their job who may inadvertently expose sensitive information along the way. (source)

1 out of every 10 records in the cloud is exposed to all employees. (source)

1 More Thing

Two weeks ago we informed our readers about the FBI warning regarding the threat of juice hacking. However, here’s an alternative perspective from respected security mind, Bob Lord. In his words, “[t]here’s only one problem with these warnings about juice jacking: There is no evidence it happens in the wild.” It’s worth a quick read. In our opinion, if you’re concerned about being at risk, it is better to err on the side of caution until more information becomes available.