Cyberattacks Target Websites of German Airports, Admin


The websites of German airports, public administration bodies and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group”, authorities said Thursday.

The Federal Cyber Security Authority (BSI) had “knowledge of DDoS attacks against targets in Germany”, a spokesman told AFP.

A distributed denial-of-service (DDoS) attack is designed to overwhelm the target with a flood of internet traffic, preventing the system from functioning normally.

The attacks were aimed “in particular at the websites of airports”, as well as some “targets in the financial sector” and “the websites of federal and state administrations”, the spokesman said.

The attack had been “announced by the Russian hacker group Killnet”, the 
BSI spokesman said. 

The group’s call to arms was in response to Chancellor Olaf Scholz’s announcement Wednesday that Germany would send Leopard 2 tanks to Ukraine to help repel the Russian invasion, according to financial daily Handelsblatt.

Attributing Thursday’s attacks directly to the hacker group, however, was “particularly hard”, the BSI spokesman said.

“They call for action and then a lot of people take part,” he said. The attacks made “some websites unavailable”, the BSI said, without there being “any indication of direct impacts on (the organisations’) services”.

Attacks on public administrations were “largely repelled with no serious 
impacts”, the BSI said.

The interior ministry for southwestern Baden-Wuerttemberg state acknowledged “nationwide” DDoS attacks since Wednesday evening against websites, including those of public administration and the regional police.

Germany is on high alert for cyberattacks in the wake of Russia’s war in Ukraine.

The Federal Office for Information Security said in October that the threat level for hacking attacks and other cybercrime activities was higher “than ever”.

The post Cyberattacks Target Websites of German Airports, Admin appeared first on SecurityWeek.

Forward Networks Raises $50 Million in Series D Funding


Forward Networks, a company that specializes in security and reliability solutions for large enterprise networks, has raised $50 million in a Series D funding round.

The funding round, which brings the total invested in the company to more than $110 million, was led by MSD Partners, with participation from Section 32, Omega Venture Partners, Goldman Sachs Asset Management, Threshold Ventures, A. Capital and Andreessen Horowitz.

Forward Networks’ product creates a digital twin of the customer’s network, helping them gain insights that can be used to make better decisions and improve their network’s security, compliance and health. The platform supports AWS, Google Cloud Platform, and Microsoft Azure.

For network security, the company’s platform provides attack surface management, vulnerability management and security posture management capabilities. 

Forward Networks claims to have quadrupled its customer base since 2019 and achieved an ARR growth of 139% from 2021 to 2022. 

Related: Network Security Company Corsa Security Raises $10 Million

Related: Whistic Raises $35 Million in Series B Funding for Vendor Security Network

Related: Network Security Firm Portnox Raises $22 Million in Series A Funding

Related: Zero Trust Network Access Provider Banyan Security Raises $30 Million

The post Forward Networks Raises $50 Million in Series D Funding appeared first on SecurityWeek.

Password Dependency: How to Break the Cycle


The world has been taught numerous life lessons over the last couple of years, but it’s clear that millions of people still haven’t learned one of the most basic when it comes to security. A report from NordPass has revealed that millions of people still haven’t broken the habit of using easy-to-remember, but easy-to-hack passwords. Of the 200 most common passwords, ‘password’ took the number one spot, but unfortunately for the more than four million people using it, it can be broken in less than a second. Other popular passwords included ‘guest’ and the ever-so-creative ‘123456’. When it comes to breaches, all roads still lead to identity. Hackers don’t hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done?

Typically, hackers seek the path of least resistance and target the weakest link in the cyber defense chain ― humans. Consequently, most of today’s data breaches are front-ended by credential harvesting campaigns, followed by credential stuffing attacks. Once inside, hackers can fan out and move laterally across the network, hunting for privileged accounts and credentials that help them gain access to an organization’s most critical infrastructure and sensitive data. In fact, a study by the Identity Defined Security Alliance (IDSA) reveals credential-based data breaches are both ubiquitous (94% of survey respondents experienced an identity-related attack) and highly preventable (99%).

Today’s economic climate exacerbates these cyber risks, and the impact of the COVID-19 pandemic has led to an acceleration in digital transformation and technical change that will further stress-test organizations’ dependency on passwords. This creates new challenges in minimizing access-related risks across traditional datacenters, cloud, and DevOps environments. As a result, organizations need to look beyond usernames and passwords when it comes to granting access to valuable data and critical systems. While employee education and training can help, what’s needed are additional measures to ensure secure access…which is what Zero Trust Network Access (ZTNA) provides.

ZTNA solutions create an identity- and context-based, logical access boundary around an application or a set of applications. Access is granted to users based on a broad set of factors, for instance, the device being used, as well as other attributes such as the device posture (e.g., if anti-malware is present and functioning), time/date of the access request, and geolocation. Upon assessing the contextual attributes, the solution then dynamically offers the appropriate level of access at that specific time. As there is a constant change in the risk levels of users, devices, and applications, access decisions are made for each individual access request.

Roadmap to Success

When it comes to implementing emerging technologies like ZTNA, it is always important to listen to the early adopters, as they can provide insights into key factors to success and help avoid pitfalls. Organizations that have recently adopted ZTNA report the following key factors were critical to their success:

  • Assess Application Usage Prior to ZTNA Implementation: Since one of the contextual attributes in making access decisions is the relationship between users and applications, it’s essential to gain insights into the application usage prior to the implementation process. To assist with this discovery process, some early adopters of ZTNA reported that they leveraged endpoint visibility solutions to gain insights into the usage of both installed and Web applications. Others simply interviewed the heads of specific departments (e.g., sales, finance, HR) to gather details. The insights were subsequently used to map users with the required application access and ultimately influence the scope of the policies.
  • Define Granular Access Policies: Don’t treat ZTNA the same way as traditional VPNs, whereby users are granted access to all applications. Instead, spend some time to draw up granular access policies that are derived from identifying specific use cases (e.g., contractor access, access to highly sensitive applications) and define user-specific policies.
  • Eliminate Standing Application Entitlements: Take the opportunity to clean up application access privileges based on your assessment of application usage as part of the rollout of the ZTNA project.
  • Establish a Continuous Feedback Loop: As your business needs constantly evolve, so should your application access policies. Thus, it is essential to fine-tune established access policies on an ongoing basis. Many early adopters of ZTNA policies recommended a quarterly audit/review process during the initial phase of the implementation process, and then switching to a bi-annual process once the ZTNA program has matured. Ultimately, you want to establish a mindset that focuses on continuous improvement and refinement of the access policies.
  • Assure User and Business Leader Buy-In: As with all technology implementations, it is vital to assure buy-in from both business leaders and users as early as possible. For example, implementing a user focus group as part of your initial planning process is a good strategy. These participants contribute to try-storming and provide early input, as well as raise any concerns about user experience prior to moving into the implementation phase. This saves costs by avoiding otherwise necessary rounds of iterations and helps increase adoption rates overall.
  • Select Best-of-Breed Solutions: Evaluate ZTNA offerings for their ability to be resilient, meaning functioning across disruptions, unintentional decay, or malicious actions that are fundamental to their operations. Assess solutions for the capability to gather deep visibility into all endpoints, data, network, and applications within your organization. Consider ZTNA solutions that conform with the National Institute of Standards and Technology (NIST) Zero Trust Architecture, whereby the policy enforcement should be as close as possible to the user, meaning they should be enforced directly at the endpoint.

While there are a variety of paths to break the dependency on passwords, ZTNA allows organizations to minimize their attack surface while ensuring the productivity of their remote workforce.

The post Password Dependency: How to Break the Cycle appeared first on SecurityWeek.

NSA Publishes Security Guidance for Organizations Transitioning to IPv6


The National Security Agency (NSA) has published guidance to help the Department of Defense (DoD) and other system administrators identify and mitigate cyber risks associated with transitioning to Internet Protocol version 6 (IPv6).

Developed by the Internet Engineering Task Force (IETF), IPv6 is the latest iteration of the protocol that is used to identify and locate systems and route traffic across the internet, offering technical benefits and security improvements over its predecessor, IPv4, including a much broader address space.

The transition to IPv6, the NSA points out, is expected to have the biggest impact on network infrastructure, with all networked hardware and software affected in one way or the other, and will also impact cybersecurity.

“IPv6 security issues are quite similar to those from IPv4. That is, the security methods used with IPv4 should typically be applied to IPv6 with adaptations as required to address the differences with IPv6. Security issues associated with an IPv6 implementation will generally surface in networks that are new to IPv6, or in early phases of the IPv6 transition,” the NSA’s IPv6 security guidance reads (PDF).

According to the NSA, issues that networks new to IPv6 are expected to encounter include the lack of mature configuration and network security tools and the lack of administrator experience in IPv6.

While transitioning to the newer protocol version, federal and DoD networks are expected to operate dual stack, by running both IPv4 and IPv6 simultaneously, which raises additional security concerns and increases attack surface.

“The network architecture and knowledge of those who configure and manage an IPv6 implementation have a big impact on the overall security of the network. As a result, the actual security posture of an IPv6 implementation can vary,” the NSA says.

The use of stateless address auto-configuration (SLAAC), an automatic method of assigning IPv6 addresses to hosts, the NSA says, raises privacy concerns because the information contained in the assigned address could be used to identify network equipment and individuals using it.

“NSA recommends assigning addresses to hosts via a Dynamic Host Configuration Protocol version 6 (DHCPv6) server to mitigate the SLAAC privacy issue. Alternatively, this issue can also be mitigated by using a randomly generated interface ID that changes over time, making it difficult to correlate activity while still allowing network defenders requisite visibility,” the agency notes.

Furthermore, the NSA recommends avoiding the use of tunnels to transport packets, noting that tunneling increases attack surface. “Configure perimeter security devices to detect and block tunneling protocols that are used as transition methods. In addition, disable tunneling protocols on all devices where possible,” the agency says.

For dual-stack networks, the NSA recommends deploying IPv6 cybersecurity mechanisms that correspond to those implemented for IPv4, such as firewall rules, and blocking other transition mechanisms, such as tunneling and translation.

Because multiple network addresses are commonly assigned to the same interface in IPv6, administrators should review filtering rules or access control lists (ACLs) to ensure that only traffic from authorized addresses is permitted, and should also log all traffic and review logs regularly.

To better protect and to improve IPv6 security on a network, the NSA also recommends ensuring that network administrators receive proper training and education regarding IPv6 networks.

“While there are convincing reasons to transition from IPv4 to IPv6, security is not the main motivation. Security risks exist in IPv6 and will be encountered, but they should be mitigated with a combination of stringently applied configuration guidance and training for system owners and administrators during the transition,” the NSA notes.

Related: US Government Agencies Issue Guidance on Threats to 5G Network Slicing

Related: NSA Publishes Guidance on Mitigating Software Memory Safety Issues

Related: US Agencies Publish Security Guidance on Implementing Open RAN Architecture

The post NSA Publishes Security Guidance for Organizations Transitioning to IPv6 appeared first on SecurityWeek.

Severe Vulnerabilities Allow Hacking of Asus Gaming Router


Cisco’s Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers.

A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring.

read more