Kaspersky Lab Survey: Over Half Of Cybersecurity Professionals Not Allowed To Share Findings

A survey by Kaspersky Lab found that over half (52%) of IT and cybersecurity professionals are barred by company rules from sharing their findings with outsiders. This may have major cybersecurity implications and in many ways, preventing hacks, discovering vulnerabilities, and securing systems are all harder to do if professionals aren’t exchanging knowledge.

Worryingly, the survey also pointed out that only 44% of respondents have actually made their discoveries public. In companies where external sharing is allowed, 77% of cybersecurity analysts did so. But when it isn’t allowed, only 8% did – presumably in a clandestine manner and at the risk of being terminated.

Kaspersky experts noted that company-mandated secrecy is driven by worries that cybercriminals may react and adapt if they know they’ve been detected. Sergey Soldatov, head of Kaspersky Lab’s Security Operations Center, emphasised the need for balance.

“Any information about a threat will help your peers to investigate an attack and plan an effective response,” he said, but added, “until you know whether a response’s actions will be successful or not, you can’t reveal that a company is doing something, since attackers will easily understand that they were detected and go underground.”

The results from the survey which is titled IT Security Economics 2020 were based on correspondence with over 5,200 IT professionals across 31 countries in June 2020. The final report is rather long but if you want to have a go with it yourself, check out Kaspersky Lab’s blog right here.

Google Says North Korea Hackers Are Targeting Cybersecurity Research Via Social Media

Google recently made a startling discovery revolving around North Korean hackers and cybersecurity researchers. According to the search engine’s Threat Analysis Group, the former is targeting the latter and going after them via a variety of social media platforms.

The alleged hackers supposedly work their con by posing as researchers, while also created several fake social media profiles on platforms that include Twitter and LinkedIn. If that wasn’t enough, they also set up fake blogs that they then get the unsuspecting researcher to write guest posts about software bugs that they’ve encountered.

The deception doesn’t stop there either. Once enough trust has been gained, the hacker would then make the step to ask the researcher if they would work together. If they agreed, the hacker would then share “collaboration tools” with them; unbeknown to the researcher, those tools actually contain malicious codes that, once opened, installs malware on to the researcher’s system.

Google says that one likely reason behind North Korea’s decision to target cybersecurity researcher is also one of the most obvious: it’s so that the country and its team of hackers can gain insight into security vulnerabilities and then exploit them for their own nefarious purpose.

It goes without saying and we’re sure that you all know, that this isn’t North Korea’s first time both under the spotlight and on the cybersecurity stage. The company has proven its cyber prowess in the past, the most prominent case in recent memory being the hacking of Sony Pictures in 2014. Because of the movie, The Interview, which featured a satirical adaptation of Kim Jong Un, the current communist dictator and ruler of the country.

The country has also been known to engage in cyber thievery, the most common among them having been the alleged theft of Bitcoin over the past several years.