Overview

Dubai is making significant strides in integrating advanced technologies while emphasizing strong cybersecurity frameworks. A recent study by the World Economic Forum (WEF), titled “Navigating Cyber Resilience in the Age of Emerging Technologies,” highlights how the city is utilizing technologies such as artificial intelligence (AI), blockchain, quantum computing, and smart city solutions across critical sectors.

The Dubai Electronic Security Center (DESC) plays a central role in supporting the secure adoption of these emerging technologies. Initiatives such as the Dubai Cyber Security Strategy and the UAE National Strategy for Artificial Intelligence 2031, along with policies like the Dubai AI Security Policy and autonomous vehicle security standards, aim to balance innovation with a focus on digital security.

This blog delves into DESC’s contributions, Dubai’s cybersecurity strategies, and the city’s efforts to enhance cyber resilience and enable secure digital transformation.

The Role of DESC in Dubai’s Cybersecurity Strategy

The Dubai Electronic Security Center (DESC) is at the heart of Dubai’s digital transformation. As a key player in Dubai’s Cyber Security Strategy, DESC focuses on securing digital assets, fostering innovation, and establishing Dubai as a leading secure digital hub.

His Excellency Yousuf Hamad Al Shaibani, CEO of DESC, highlighted the center’s proactive measures, saying, “The Center continues to coordinate with governmental, regional, and international entities to study the security requirements of modern and emerging technologies and set standards and controls that ensure their safe adoption across various sectors.”

DESC has introduced multiple initiatives to ensure the secure implementation of emerging technologies:

• Dubai AI Security Policy: A framework for safe use of AI technologies across sectors.
• Autonomous Vehicle Security Specification: The first of its kind globally, providing security standards for self-driving vehicles.
• RZAM Cybersecurity Application: A real-time solution leveraging AI to protect internet users from malicious websites and phishing attacks.

These policies stress Dubai’s efforts to create a secure environment for the adoption of advanced technologies.

Advancing Emerging Technologies

Dubai’s leadership in cybersecurity is closely aligned with the UAE National Strategy for Artificial Intelligence 2031. This strategy, combined with substantial investments in technologies such as quantum computing, 5G communications, and the Internet of Things (IoT), is designed to drive innovation while maintaining robust digital safeguards.

For example, DESC has been instrumental in supporting Dubai’s Self-Driving Transport (SDT) Strategy. The SDT Strategy aims to convert 25% of Dubai’s total transportation to self-driving vehicles by 2030. To achieve this, DESC recently published a study on connected vehicles, highlighting the security specifications required to mitigate cyber risks in IoT-enabled transport systems.

The Economic Impact of AI

Artificial intelligence is central to Dubai’s digital transformation efforts. The WEF report estimated that AI will contribute USD 320 billion to the UAE economy by 2030. In line with this, DESC issued a detailed study examining AI’s potential across various sectors in Dubai.

This study analyzed:

• AI’s Economic Contributions: Estimating how AI can drive Dubai’s economic growth.
• Ethical and Societal Considerations: Exploring the implications of widespread AI adoption.
• Risk Mitigation: Identifying challenges and solutions for safe AI integration.
• Stakeholder Collaboration: Promoting partnerships to enhance AI research and application.

These efforts are part of a broader vision to position Dubai as a global hub for AI research, development, and implementation.

Global Partnerships and Regulatory Frameworks

DESC has also been instrumental in establishing partnerships with public and private stakeholders at both local and international levels. By collaborating with research institutions and global technology leaders, Dubai is developing regulatory frameworks to safely integrate cutting-edge technologies.

These partnerships are crucial in fostering an environment where innovation can thrive without compromising security. Policies such as the Dubai AI Security Policy and the autonomous vehicle security standards reflect the city’s commitment to balancing innovation with cybersecurity.

Building a Resilient Digital Infrastructure

Dubai’s success in integrating new technologies is rooted in its digital infrastructure and forward-looking strategies. The Dubai Cyber Security Strategy serves as a guiding framework for ensuring the resilience and reliability of digital systems.

By focusing on key areas like secure IoT adoption, AI governance, and blockchain implementation, DESC is driving Dubai’s vision of a smart and secure city. These efforts are complemented by national initiatives such as the UAE’s investments in advanced communication technologies like 5G and quantum computing.

The Future of Cyber Resilience in Dubai

Dubai’s approach to cybersecurity offers valuable lessons for other cities and nations seeking to embrace emerging technologies. With DESC leading the charge, Dubai is not only addressing present-day challenges but also preparing for future risks associated with digital transformation. Its comprehensive strategies and global collaborations ensure that innovation is securely integrated into all aspects of life.

References: https://www.desc.gov.ae/world-economic-forum-study-highlights-descs-innovative-efforts-in-securing-emerging-technologies/

The post DESC Leads Dubai’s Journey to Becoming the World’s Safest Digital City appeared first on Cyble.

Blog – Cyble – ​Read More

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has published the updated version of the Trusted Internet Connections (TIC) 3.0 Security Capabilities Catalog (SCC) version 3.2. This new release incorporates essential updates based on the latest National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) Version 2.0, ensuring that TIC continues to adapt to modern technologies.

The SCC provides a comprehensive set of deployable security controls, capabilities, and best practices to assist federal agencies in implementing secure network environments. With this update, the catalog enhances the guidance for the secure implementation of technology solutions and ensures agencies remain compliant with cybersecurity standards.

The TIC 3.0 SCC serves as a foundational guide for federal agencies, enabling them to meet stringent security requirements across various computing environments. It offers a thorough catalog of security capabilities designed to protect federal information and mitigate cyber risks. By leveraging the latest NIST CSF mappings, the catalog helps agencies strengthen their cybersecurity postures through a series of strategic and technical security measures.

One of the important aspects of the TIC 3.0 SCC Version 3.2 is its alignment with the NIST CSF, which is structured around the core functions of Govern, Identify, Protect, Detect, Respond, and Recover. This mapping ensures that the security controls and capabilities within the catalog are aligned with best practices in risk management, incident detection, and threat response.

The Role of the Security Capabilities Catalog

The SCC is an important resource that assists agencies in applying best practices and risk management principles to protect information in various computing scenarios. This includes guidance for different networking environments, such as cloud, mobile, and traditional on-premises infrastructure. As the federal government continues to transition to more decentralized and cloud-based environments, the TIC 3.0 SCC helps agencies ensure that they maintain security measures across their entire IT ecosystem.

Agencies are encouraged to apply guidance within the SCC to identify potential risks and implement compensating controls when necessary. These controls address potential gaps or residual risks that might remain after deploying the recommended security capabilities. Additionally, CISA emphasizes the importance of collaborating with vendors to ensure that security solutions are adequately implemented, configured, and maintained. This collaboration ensures that agencies can fulfill security requirements and remain protected.

Security Objectives of Security Capabilities Catalog TIC 3.0

The TIC program outlines a set of security objectives aimed at mitigating risks and securing federal data as it moves through various trust zones. As federal agencies increasingly leverage cloud and mobile services, TIC’s security objectives are designed to provide consistent and scalable protections regardless of where the data resides or how it is transmitted.

The objectives of TIC 3.0 include:

1. Manage Traffic: This objective focuses on observing and filtering data connections to ensure they align with authorized activities. It also applies the principle of least privilege and default-deny policies.
2. Protect Traffic Confidentiality: This ensures that only authorized parties can access data in transit, protecting the confidentiality of sensitive government communications.
3. Protect Traffic Integrity: The integrity of data during transmission is critical to prevent and detect any alterations that could indicate a cyberattack or data breach.
4. Ensure Service Resiliency: With cyber threats constantly evolving, the ability to ensure the continuous operation of critical services and applications is a central focus of TIC 3.0.
5. Ensure Effective Response: This objective encourages agencies to establish processes for timely responses to cybersecurity incidents, with a focus on adapting security policies as new threats emerge.

These objectives are designed to align with the functions of the NIST Cybersecurity Framework, ensuring that TIC 3.0 offers a comprehensive approach to securing federal networks.

Universal and PEP Security Capabilities

The SCC is divided into two main sections: Universal Security Capabilities and PEP (Policy Enforcement Point) Security Capabilities. These capabilities are critical in securing federal networks and ensuring agencies can manage cybersecurity risks efficiently.

Universal Security Capabilities

Universal security capabilities are high-level principles that are applicable to all federal agencies, irrespective of their individual use cases. These capabilities help agencies implement broad cybersecurity measures that apply to enterprise-level risks. Some of the key universal security capabilities include:

• Backup and Recovery: Ensures data and configurations are backed up and can be quickly restored after an incident, failure, or corruption.
• Central Log Management with Analysis: This function collects, stores, and analyzes telemetry to support security analysis and detect malicious activity.
• Incident Response Planning and Handling: Helps agencies prepare for and respond to cyberattacks, ensuring that recovery and detection measures are in place.
• Least Privilege: Grants minimum resources and authorizations necessary for entities to perform their functions, reducing exposure to potential threats.
• Patch Management: Identifies, acquires, installs, and verifies patches to secure systems from known vulnerabilities.

These capabilities are mapped to the NIST CSF, providing a comprehensive set of actions for each area. This ensures that agencies can implement the appropriate security measures based on the severity of the risk.

PEP Security Capabilities

The PEP capabilities focus on specific technical implementations and are more granular in nature. These capabilities support the TIC 3.0 security objectives and are aligned with Zero Trust Architectures. For example, the following PEP security capabilities are critical in network environments:

• Anti-malware: Detects and quarantines malicious code that could compromise the integrity of the network.
• Network Segmentation: Divides networks to reduce attack surfaces and limit the potential spread of cyber threats.
• Multi-factor Authentication: Adds an additional layer of authentication, ensuring that only authorized users gain access to sensitive data.

These PEP capabilities can be adapted depending on the agency’s specific requirements, such as the use of cloud, email, web, or network security solutions.

Conclusion

As cybersecurity threats become increasingly sophisticated, the TIC 3.0 SCC will continue to adapt to new changes. The document is periodically updated to reflect new security practices and technologies. Agencies are encouraged to actively engage with CISA and vendors to ensure that their implementations remain effective.

The TIC 3.0 SCC version 3.2 is a crucial update in protecting federal networks. As agencies adopt more complex computing environments, the need for new and upgraded security measures like the Security Capabilities Catalog, Trusted Internet Connections, and TIC frameworks grows. This updated catalog equips agencies with the tools to understand these challenges, ensuring the protection of sensitive information while maintaining secure operations.

References

• https://www.cisa.gov/news-events/news/updated-tic-30-security-capabilities-catalog-scc-v32
• https://www.cisa.gov/sites/default/files/2024-11/TIC%203.0%20Security%20Capabilities%20Catalog508%20v3.2%20%28Volume%203%29.pdf
• https://www.cisa.gov/sites/default/files/publications/CISA_TIC%203.0%20Vol.%202%20Reference%20Architecture.pdf#:~:text=The%20purpose%20of%20the%20TIC%203.0%20Reference%20Architecture,cases.%20The%20Reference%20Architecture%20can%20be%20leveraged%20to%3A

The post CISA Releases Updated TIC 3.0 Security Capabilities Catalog (SCC) Version 3.2 appeared first on Cyble.

Blog – Cyble – ​Read More

Welcome to ANY.RUN’s monthly updates, where we give you all the details on our latest features and enhancements. 

November has been a month of innovation at ANY.RUN, with major upgrades. We’ve launched Smart Content Analysis as part of Automated Interactivity, updated the home screen of TI Lookup featuring an interactive MITRE ATT&CK matrix connected with real-world samples, and expanded our detection capabilities with new YARA rules, signatures, and Suricata rules for even more comprehensive threat coverage. 

Here’s everything you need to know about our November updates! 

Product Updates 

Automated Interactivity: Stage 2 

Last year, we introduced Automated Interactivity, a feature that simulates user behavior inside the ANY.RUN sandbox to automatically trigger cyberattacks. It was a game-changer, helping analysts streamline tasks like clicking buttons or solving CAPTCHA challenges. 

Now, we’re thrilled to unveil Stage 2 of this feature: Smart Content Analysis, a major upgrade that offers better detection and execution of complex threats. 

This update makes your security workflow more efficient by enhancing detection capabilities, automating time-consuming tasks, and simplifying complex analyses. It saves analysts valuable time, provides deeper insights, and helps teams respond to threats faster and more effectively. 

What is Smart Content Analysis? 

Smart Content Analysis enhances Automated Interactivity by analyzing and detonating malware and phishing attacks at every step of the kill chain. Here’s how it works: 

• Identifying content: It scans for URLs, email attachments, or hidden malicious components. 

• Extracting key data: This includes extracting URLs from QR codes or bypassing rewritten links from security filters. 

• Simulating actions: It interacts with extracted content, such as opening links, solving CAPTCHA challenges, or launching payloads. 

Automated Interactivity is available to Hunter and Enterprise-plan users and can be manually enabled in any sandbox session.  

MITRE ATT&CK Techniques with Real-World Samples inside TI Lookup 

We’re thrilled to announce a major update to TI Lookup, now featuring a redesigned home screen integrated with the MITRE ATT&CK matrix. This upgrade turns the matrix into an interactive tool, bridging the gap between theoretical frameworks and practical, real-world threat analysis. 

What’s new? 

• Interactive MITRE ATT&CK matrix: All techniques and tactics are now neatly organized in a functional, actionable layout. 

• Filtering options: Prioritize techniques by risk level—red for high risk, yellow for moderate, and blue for less urgent. 

• Real-world sample connections: Click on any technique to see related malware samples and how they behave in real attacks. 

Best of all, this feature is completely free and available to everyone right now. Dive into the MITRE ATT&CK matrix on TI Lookup and start exploring it today! 

Threat Coverage Update 

Enhanced Network Threat Detection 

In November, we expanded our Suricata rule collection with an additional 7,206 rules, significantly enhancing network threat detection.  

The new rules were added using domains derived directly from Public submissions, supplemented by data from TI Lookup and advanced processing logic.  

Key highlights: 

• Focus on threat group activity: We continue to monitor the operations of major threat groups and phishing kits, leveraging this information to enhance detection capabilities. 

• Community engagement: Regular updates and insights into phishing threats are shared through our dedicated weekly post on X, helping you stay informed about the latest developments in the phishing and malware attacks. 

Recent Updates in Suricata Rules 

Our latest Suricata updates have focused on enhancing detection accuracy for phishing campaigns and domain-related threats. Here are some examples of the recent additions: 

MassBass phishing campaign detection– A massive phishing attack that we named MassBass, has been identified and tagged in our Suricata rules: 

• MassBass Example 1 
• MassBass Example 2 

TI Lookup: Search MassBass-related rules and insights here 

CrossDomain rules detection– These Suricata rules for domains were created using data from public submissions and include “CrossDomain” in their rule names. 

• CrossDomain Task Example 1 
• CrossDomain Task Example 2 

TI Lookup: You can explore CrossDomain-related activity and insights using our TI Lookup tool: 
Search CrossDomain 

New Signatures 

This month, we’ve added a total of 56 new signatures to enhance our detection capabilities, covering a wide range of malicious behaviors and threats. 

• Office/archive exploit: Detection of deliberately damaged files exploiting the self-repair mechanism. 
• Kms tool: Identification of unauthorized kms activation tools. 
• Torvil mutex: Discovery of torvil-related mutex activity. 
• Cve-2024-43451: a critical vulnerability (example session). 
• Untrusted certificate execution: alerting on files executed with untrusted certificates. 
• Silentkill: a sophisticated malware strain identified. 
• Rhysida: a ransomware strain (example session). 
• Secretsdump: detection of credential-stealing activity. 
• Gumen: a unique malware variant (example session). 
• Badrabbit: identification of the infamous ransomware. 
• Ateraagent: detection of unauthorized agent installations (example session). 
• Lunam and Luna: discovery of related malware strains (example session). 
• Behavioral detection of attempts to establish rdp connections using configuration files extracted from outlook emails. 
• Identification of conti-based ransomware, formbook, and xworm. 
• Detection of expresszip malware (example session). 

Browser extension module

A new signature module for browser extensions was introduced, enabling in-depth content analysis of web pages. Besides, the following signatures were added: 

• Obfuscated JavaScript. 
• Fake Microsoft authentication pages. 
• Email addresses embedded in URLs. 
• Phishing kits such as Tycoon2fa and Mamba2fa. 

New YARA Rules  

This month, 9 new YARA rules were implemented, further enhancing our detection capabilities. Notable additions include: 

• winPEAS detection (example session) 
• rhysida YARA rule (example session) 

APT Detection Update 

This month, we’ve enhanced our detection capabilities against APT groups, specifically focusing on Lazarus and Rhysida. To address these threats, we’ve added 2 YARA rules and approximately 20 tailored signatures, ensuring more precise tracking and analysis of their activity. 

Get Your Black Friday Deals from ANY.RUN! 

Black Friday 2024 is here, and ANY.RUN has prepared exclusive time-limited offers to help you save big while enhancing your security workflow: 

• Hunter Plan: Get two annual subscriptions for the price of one—perfect for individual researchers who want to collaborate. 

• Enterprise Plan: Buy 5 licenses and get 2 free, or 10 licenses with 3 free plus a complimentary Threat Intelligence Lookup plan. Special renewal bonuses available! 

• TI Lookup: Double your search requests with every subscription purchase. 

Offers will expire on December 8th, 11:59 PM PST. Don’t miss out: secure your deal today! 

About ANY.RUN  

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.  

With ANY.RUN you can: 

• Detect malware in seconds
• Interact with samples in real time
• Save time and money on sandbox setup and maintenance
• Record and study all aspects of malware behavior
• Collaborate with your team 
• Scale as you need

Explore all Black Friday 2024 offers →

The post Release Notes: MITRE ATT&CK Matrix with Samples, Upgraded Automated Interactivity, Expanded Threat Coverage, and More appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More