In today’s episode, MITRE debuted EMB3D, a threat model enhancing cybersecurity of embedded devices through collaboration with industry experts. The model aligns with existing frameworks and suggests mechanisms to mitigate threats, aiming to fortify the security ecosystem. Separately, the Black Basta ransomware group’s new social engineering tactics, combining email DDoS and vishing, have been exposed by CISA and FBI, underscoring the importance of vigilance against evolving attack vectors in cybersecurity. Lastly, LayerX’s 2024 Browser Security Report sheds light on browser risks in enterprises, urging leaders to address vulnerabilities and recommending proactive security measures. For more information, visit https://www.helpnetsecurity.com/2024/05/13/mitre-emb3d-framework/, https://www.helpnetsecurity.com/2024/05/13/black-basta-social-engineering/, and https://thehackernews.com/2024/05/the-2024-browser-security-report.html.

EMB3D, cybersecurity, embedded devices, collaborative efforts, Black Basta, campaign, vishing, ransomware, LayerX, browser extensions, AI-powered threats, enterprise

Search phrases:

1. EMB3D cybersecurity threat model for embedded devices
2. collaborative efforts in EMB3D model development
3. challenges in embedded device security
4. Black Basta social engineering campaign
5. Black Basta ransomware group access methods
6. protecting organizations from Black Basta vishing techniques
7. LayerX browser extensions security risks
8. AI-powered threats in browser security
9. mitigating browser-based risks in enterprise
10. protecting sensitive data in the enterprise

Transcript:

may14

​

Every web session is a security minefield with unmanaged devices, browser extensions, and AI powered threats posing significant risks. This was revealed

in the 2024 Browser Security Report by LayerX. What steps can security leaders take to mitigate these evolving browser based risks and protect sensitive data in the enterprise? Black Basta is at it again, utilizing a new social engineering campaign, combining email DDoS and vishing techniques to trick employees into downloading remote access tools.

What steps can organizations take to protect themselves from falling victim to these social engineering tactics?

And finally, MITRE has just released a new framework. called EMBED, which is a security threat model for embedded devices, which will provide a knowledge base of cyber threats to embedded devices, and the mechanisms required to mitigate them.

How will this model address the evolving challenges in embedded device security? You’re listening to The Daily Decrypt.

LayerX has just released the annual browser security report for 2024, and it reveals that browsers have become a prime target for cyberattacks, leading to various threats like account takeovers, malicious extensions, and phishing attacks within enterprises. The report highlights that unmanaged devices and personal browser profiles are major risk factors, with 62 percent of the workforce using unmanaged devices and 45 percent using personal browser profiles,

which can increase the likelihood of data leaks or phishing incidents. Approximately 33 percent of all extensions in organizations are deemed high risk, with 1 percent confirmed. As malicious attackers exploit deceptive extensions to compromise user data and direct users to phishing sites.

Now browsers are in a very. unique position to be either very beneficial or very harmful to users because they sit between you and the websites that are trying to get your information.

And we, as users, don’t treat browsers this way. We treat them just the same. like a window on our computer,

but they’re responsible for communicating with the internet.

And so, yeah, they have the opportunity to implement security measures that can help protect us from these attacks that happen in the browser, or they have the opportunity to provide malicious extensions

and other mechanisms for attackers to get access to our data.

So along with the recommendations from this report, The Daily Decrypt recommends checking out some

legit browser extensions that might help you identify malicious ones. Now, you gotta be extra careful when you’re trying to download browser extensions, especially ones that will help you identify malicious ones.

But one that my mom brought to my attention is called guard. io, or guard ee oh. And though I don’t love the thought of placing trust in a browser extension to help you avoid getting phished or getting your credentials stolen, Because that trust might cause you to be a little more laxadaisical and click links that you normally wouldn’t.

So, I don’t love that thought, but it is true. good at scanning the reputation of the browser extensions that you have installed and will check the browser extensions that you are going to install for malicious use across the internet.

And for the enterprise users out there who are in a position to make some decisions, this report recommends enforcing regular browser updates, which is also applicable to just the general daily user.

Implement stringent extension control. shouldn’t be allowing your employees to add any extension to their browser that they want. It’s got to be limited.

Continue training your employees on identifying suspicious activities within the browser.

Enforce multi factor authentication throughout your entire enterprise. And, and deploy advanced threat detection tools for proactive defense.

Blackpasta is at it again. Blackpasta is a ransomware as a service operator and is employing a new social engineering tactic combining email, denial of service, and vishing to trick employees into downloading remote access tools.

So, they’re going to start by spamming your inbox with junk email, then pose as IT team members over the phone to offer assistance in installing remote monitoring tools,

perhaps in order to address this large influx in spam.

And these remote monitoring tools will allow them to access your computer and potentially pivot to other devices in your company’s network.

Now this is going to be an effective tactic, because people hate spam. Alright, they want to get rid of it. If IT is recognizing that you’re getting crap spammed out of you, then they’re gonna, you know, you’re gonna feel confident that IT has identified this problem that you’re seeing and is coming to fix it, right?

You’re in distress, you want an urgent solution to fix this problem. Oh, there’s a call from your IT department. Sure. Yeah, I’ll download this tool so you can get in there and you can fix this spam. All right.

Well, here’s your official warning from the Daily Decrypt. Keep an eye out for that call. If your IT department is calling you on your personal phone, Ask yourself, hey, do we use Slack? Do we use Teams? Shouldn’t they be emailing me? Is there a ServiceNow ticket? think about it for a second. You know, the spam is gonna be there.

Let’s make sure that that’s actually your IT department. What can you do? Ask to give them a call back. Go into your workplace, ask your boss for the number of the IT department, and call them. And say, Hey, did you guys just call me? I’m getting a lot of spam,

and I got a call from a random number saying they were on it. And if they say no, please report it to your IT department. Hopefully the IT person on the phone will prompt you to do that, but please report it to the IT department.

And if you’re in IT and you manage an IT department,

make sure you’re not allowing remote access tools to be installed and launched from your end points.

Application management is a huge hill to climb, but definitely start by not allowing any remote access tools, except for the ones that you specifically use.

And hey, set up an alert, set up a log monitoring service that will monitor for Remote access tools being launched in your environment by non technical users.

And really continue to encourage your employees to report things they find suspicious. If it makes you go, hmm, you should probably report it.

And finally, MITRE, who we know for the famous attack and defend frameworks,

has partnered with Neo Little Thunder Pearson, Red Balloon Security, and Narf Industries to release a new threat model called Embed,

which is specifically designed for embedded devices. This model aims to provide a common understanding of cyber threats to embedded devices and the necessary security mechanisms to mitigate these threats.

The embed model received significant interest for peer review from a variety of industries, including energy, water, manufacturing, aerospace, health, automotive, and more, and organizations piloted the threat model and provided essential feedback contributing to the refinement and enhancement of the modelscontent and usability

Threats identified within the embed framework are mapped to device properties, aiding users in developing accurate threat models tailored to specific embedded devices. The framework encompasses device vendors, asset owners, security researchers, and testing organizations.

The embed framework is designed to evolve continuously with new threats and mitigations being added as new threat actors emerge and vulnerabilities are discovered. This framework is intended to be a community resource where all information is open and publicly available, allowing for submissions of additions and revisions by the security community like you.

Now the embed framework is doing a great job at describing what it does. Um, embedded devices are becoming a. Bigger and bigger security risk by the day. And so this is definitely needed in the security community. But what embed is not good at is telling me what embed stands for. Looking at the MITRE website, looking at these articles, I’m not able to see what it stands for.

All right. That’s going to help me remember what it is. So if you find out what embed stands for, please drop a comment, shoot me a DM on Instagram. I’d love to know.

This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don’t forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.