The radical transformation of digital crime has forced corporations to abandon static security schemes. In response to this situation, the fifteenth edition of ESET Security Day, one of the most significant annual technology events held in the Venezuelan capital, took place to showcase the new cybersecurity paradigm, where attacks have ceased to be isolated incidents and have become automated operations enhanced by Artificial Intelligence (AI) tools.

Michele Flammia, General Manager of ESET Venezuela, highlighted the value of these informative forums for protecting the region’s business ecosystem. During the event, the brand’s specialists demonstrated, through a live simulation, how modern groups operate and how technologies such as XDR (Extended Detection and Response) and threat intelligence allow for action before the impact materializes.

Innovation in response and strategic advantages

Camila Oliveira, Channel Manager of ESET LATAM (currently based in the regional office in Argentina), addressed cybersecurity as a competitive advantage, inspired by Stephen Covey’s bestseller, The 7 Habits of Highly Effective People. During his presentation, he detailed the capabilities of the continuous training programs (AARNES) and the value of the managed detection service:

“We want companies to understand that technology and cybersecurity are not an expense, but an investment. ESET’s Managed Detection and Response (MDR) service has the shortest detection time on the market. Competitors use this technology differently, as they don’t offer 24/7 support and their response times are longer,” Oliveira emphasized.

The democratization of attacks through Artificial Intelligence

David González, Security Researcher at ESET Mexico, delivered a keynote address on the impact of generative AI models since the arrival of ChatGPT, a platform that has already reached 400 million users. The expert warned that this widespread adoption has led to a dangerous reduction in the technical barrier for criminals:

“In the cybercriminal world, we are witnessing a democratization of capabilities. It is no longer necessary to possess advanced technical knowledge to carry out an attack; AI allows for the generation of malicious code or the compromise of organizations in a matter of minutes. Time is working against the defenders,” González warned. Given this, he urged organizations to adopt the Diamond Model to dynamically analyze four key aspects of the adversary: ​​infrastructure, capabilities (such as zero-day exploits), victims, and the attacker’s motivations.

An unprotected market against autonomous attacks

For his part, José Luis Rangel, Commercial Manager of  ESET Venezuela warned about the growing interest of digital criminal organizations in targeting critical sectors such as healthcare, energy, and telecommunications using autonomous AI agents. Rangel posed a direct question to the companies and attendees: “What are you doing? It is important that we consider what the organization is doing to prepare before an attack occurs.”

Finally, Carlos López, Pre-Sales Manager at ESET Venezuela, provided critical metrics on corporate neglect in the face of technological evolution over the last 15 years. He explained that between 35 % and 37 % of companies lack basic defenses, and only 41 % have proactive detection and response capabilities.

In addition, 39 % of firms do not have a defined policy for the use of artificial intelligence, which facilitates data breaches. The regional situation reflects that one in four organizations in Latin America does not implement basic security measures, 51 % report having suffered incidents, and it is estimated that an attack occurs every 39 seconds globally.

The speakers emphasized that companies can no longer rely on reactive solutions, which compels corporate leaders to become directly involved in cyber defense and adopt advanced visibility tools to neutralize threats before suffering irreversible financial impacts.

For more information, visit the ESET website: https://www.eset.com/ve/. You can also follow them on social media: Instagram (@esetla) and Facebook (ESET).

Thanks to on-site coverage, more information from ESET and Comstat Rowland Comunicaciones Estratégicas Integrales.

Audiovisual production: Jesús Ramírez

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada ESET Security Day Venezuela: Experts reveal that one-third of companies lack basic protection apareció primero en Bitfinance.

Last November, the UK’s Security Service alerted members of Parliament about a foreign intelligence-gathering scheme: two LinkedIn profiles were contacting people working in British politics to request “insider information.” The MI5 revelations triggered a £170 million ($230 million) government initiative to address espionage threats against Parliament. While this is a high-profile case, ESET, a leading company in proactive threat detection, states that it is far from the first or only one. The site could also be a veritable treasure trove of corporate data that could be maliciously used to support fraud or threat campaigns.

Therefore, it is important to learn from this analysis and valuable professional opinion provided by ESET.

LinkedIn has amassed over one billion members worldwide since its founding in 2003. This represents a vast pool of potential targets for state-backed or financially motivated threat actors. Firstly, it is an extraordinary source of information where malicious actors can discover the roles and responsibilities of key individuals within a target company and reconstruct or reshape the relationships between individuals and projects they might be working on. Furthermore, it provides credibility and cover because, as a professional network, it is frequented by both high-level executives and lower-level employees, and it is a context in which a victim is more likely to open a direct message or InMail from someone on the platform than an unsolicited email.

On the other hand, it bypasses “traditional” security because there is no guarantee that phishing messages, malware, or spam won’t get through; and due to the site’s perceived credibility, target users may be more likely to click on malicious content. Finally, it’s easy to start operating; anyone can create a profile and begin lurking on the site to gather intelligence or send phishing messages and Business Enforcement (BEC) scams. Furthermore, attackers can hijack existing accounts or create fake identities before posing as candidates and recruiters for positions and jobs. The large number of compromised credentials circulating on cybercrime forums (due in part to infostealers) makes this relatively easy.

There are several ways threat actors can operationalize their malicious campaigns:

• Phishing and spearphishing: By using the information users share in their profiles, attackers can customize phishing campaigns (fake emails) to increase their success rate.
• Direct attacks: Contact can be made directly through malicious links designed to deploy malware, such as infostealers, or promote fake job offers intended to steal credentials.
• BEC: Similar to phishing, LinkedIn provides a wealth of intelligence that can be used to make Business Email Compromise attacks appear more convincing. It can help scammers identify who reports to whom, what projects they are working on, and the names of partners or suppliers.
• Deepfakes: LinkedIn can also host videos of targeted individuals, which can be used to create deepfakes and employ them in subsequent phishing, BEC, or social media scams.
• Account hijacking: Fake LinkedIn pages (phishing), infostealers, credential stuffing, and other techniques can help attackers take control of user accounts. These hijacked accounts can then be used in subsequent attacks targeting their contacts.
• Attacks on suppliers: LinkedIn can also be tracked for information about partners of a target company, who would also be targeted with phishing as part of a malicious “domino effect” strategy.

“The challenge posed by threats on LinkedIn is that IT departments find it difficult to obtain accurate information about the extent of the risk their employees face, and the tactics used to attack them. However, it makes sense to include LinkedIn threat scenarios like those described above in security awareness training courses. Employees should also be warned about the risk of oversharing information on the platform and given guidance on how to detect fake accounts and typical phishing lures,” says Mario Micucci, Cybersecurity Researcher at ESET Latin America.

ESET provides information on various threat groups that have used some of these tactics

• The Lazarus Group (North Korea) has posed as recruiters on LinkedIn to install malware on the computers of people working at an aerospace company, according to ESET Research. In fact, the research team also recently described the “Wagemole” campaigns, in which individuals aligned with North Korea attempt to obtain employment at foreign companies.
• ScatteredSpider contacted MGM’s help desk, impersonating an employee whose identity they obtained from LinkedIn, in order to gain access to the organization. The subsequent ransomware attack resulted in losses of $100 million.
• A spearphishing campaign called “Ducktail” targeted marketing and human resources professionals on LinkedIn, delivering malware and stealing information through links sent via direct message. The malware was hosted in the cloud.

Prevention

“To prevent account hijacking, a policy of regularly updating patches should be followed, security software should be installed on all devices (from a trusted vendor), and multifactor authentication should be enabled. Additionally, in corporate environments, it may be worthwhile to organize specific training sessions for executives, who are often the most frequent targets of attacks. Above all, ensure that the team is aware that, even on a network considered trustworthy like LinkedIn, not everyone acts in good faith or in their best interest,” recommends the ESET researcher.

ESET invites you to learn more about cybersecurity by visiting:  https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla)  and Facebook (ESET).

Information and image provided by ESET

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Malicious actors hunt and manipulate on the important LinkedIn network; we must protect ourselves apareció primero en Bitfinance.

Mobile phones can become the gateway for viruses or cyberattacks through spam or malicious calls on a daily basis.

Google recommends protective measures for iOS and Android that are highly effective against the incursion of hackers and other digital pirates.

Specifically, they warn about the need to activate the caller ID for the Phone app, which launches an alert about a possible spam call when it is received.

The function helps to identify whether the incoming call is from known people or not, and whether it poses a potential threat to the user, who has the power to grant access to the call or directly block the number.

Through this app, it is possible to receive information about the number of the incoming call in a hidden manner in order to decide the next action regarding it.

M.Pino

With information from international media

(Reference image source: Getty Images for Unsplash+)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Protection against spam calls apareció primero en Bitfinance.