The economic impact from cybercrime continues to increase and as we enter 2025 we thought it well worth reviewing the key cybersecurity observations and lessons from 2024. This series of articles will wrap up with an opinion about what we believe is the trend leading us into 2025. Be more Proactive with Cyber Security   Observation 1: Surging Zero-Day Exploits 2024 has been a landmark year for cybersecurity, with a significant increase in the discovery and exploitation of zero-day vulnerabilities. These unpatched security flaws have become a primary tool for cybercriminals, posing serious challenges for cybersecurity teams. The volume of reported CVE’s in 2024 should act as a reminder that no system is ever totally secure, and with some of the most impactful affecting FortiManager, Google Chrome and Windows, a large percentage of businesses globally were in the direct firing line. The evolving tactics and strategies of attackers suggest this line of attack is not going away.   Observation 2: Nation-State and Cybercrime Collaboration Observation of several high-profile attacks has suggested that the level of collaboration between nation-state actors and cybercriminals, increasingly blurring the line between these actors. Nation-state sponsored attackers initially used zero-days in targeted attacks, which were then escalated to widespread exploitation to cover their tracks.   Lesson 1: You must have a proactive defence strategy The best defence against cyber threats is awareness and preparation. Organisations must stay informed of emerging threats, maintain staff awareness training and prioritise the patching of weaponised CVE’s. These actions, however, won't help much if the adversary is using valid stolen or created credentials.  Therefore, the foundation of proactive defence strategy must be to deploy the latest and strongest identity management system as your first priority.   Why is identity important ? Implementing strong identity verification can prevent unauthorised access even if a zero-day exploit is used. Implementing a phish-resistant MFA solution can significantly enhance security by ensuring that even if credentials are compromised, unauthorised access is prevented.   Resilience in the face of Ransomware  Observation 3: Ransomware attacks surge A significant increase in ransomware attacks affecting various sectors including healthcare, finance, and critical infrastructure occurred in 2024. The top 5 confirmed attacks include Change Healthcare (US), LoanDepot (US), MediSecure (Aus), Izumi Co (Japan), Evolve Bank & Trust (US) in which an estimated 140 million records were stolen. Aside from data theft, these attacks led to substantial service disruptions and financial losses.   Observation 4: Ransomware targeting service providers and supply chain networks Ransomware attacks in 2024 highlighted the fragility of supply chains and business continuity. A cyberattack on the parent company of major US supermarket chains disrupted services across its entire network impacting more than 2,000 stores for several days.   Observatio n 5: Cybercriminal “Whack-a-Mole” While law enforcement efforts to combat ransomware gangs were able to disrupt the LockBit gang, which saw 34 servers seized, cryptocurrency accounts frozen, 1,000 decryption keys obtained and that two individuals arrested, they were reportedly ‘back on line’ within 2 weeks. Furthermore, new ransomware groups like RansomHub have become prominent.   Lesson 2: Resilience in the Face of Ransomware Limiting the spread is a critical factor in network resilience when faced with a ransomware attack. Backups, patching, antivirus/antimalware and EDR tools are all important, but as ransomware gangs target business disruption through attacking supply chains and service providers, network resilience is key . Implementing network segmentation can help limit the spread of ransomware, by blocking common pathways and protecting the most valuable assets which can significantly reduce the impact of a ransomware attack. More importantly, identity-based segmentation can help isolate compromised accounts and prevent lateral movement within the network.   Why is identity important? Implementing strong identity verification can help ensure that only authorised personnel can access critical systems, reducing the risk of ransomware attacks. A phish-resistant MFA solution can help protect against ransomware by ensuring that only authorised personnel can access critical systems, reducing the risk of attacks spreading and building resiliency. Critical Infrastructure needs an IT security focus Observation 6: Attacks on Critical Infrastructure (CI) rise as IT system defences become stronger. Attacks on critical infrastructure reached new levels in 2024, so much so that the US Cybersecurity and Infrastructure Security Agency (CISA) issued a notice warning that US government-run water systems were at risk. Attackers shifted their focus to more the vulnerable systems like water processing plants and power grids as they represent a much easier target. This is because there is often a lack of visibility into connected Operational Technology (OT) devices, making threat detection extremely difficult.   Observation 7: OT teams need to take more precautions when connecting devices online One of the key issues is the fact that many CI operators continue to connect industrial tools to the internet to remotely manage them. Different from IT (which has a relatively shorter life cycle), much of the industrial systems operate using legacy equipment that was never designed with cybersecurity in mind, leaving devices exposed to relatively unsophisticated methods such as the use of default passwords or conducting brute force attacks.   Lesson 3: Critical Infrastructure needs an IT security focus The time to invest in an “IT style” cybersecurity strategy for operational technology (OT) systems is now. This strategy needs to cover the systems in use, how they can be managed in a critical operations environment as well as upskilling personnel who are generally not IT professionals who are more familiar with cyberattacks and the required defences. Collaboration between IT and OT teams will be crucial for securing these systems, using the lessons learned in traditional cybersecurity practice – especially around strong identity and access controls.   Why is identity important? Implementing strong identity verification can help ensure that only authorised personnel can access critical systems. A phish-resistant MFA solution can help protect against unauthorised access, and strong managed hardware based VPN connectivity can be used to prevent exposing devices themselves to the internet.   Phish-resistant MFA should be employed on every system and device.   Observation 8: Phishing techniques will continue to grow in sophistication Phishing was the leading attack vector in 2024, reportedly up 58% on 2023. Cybercriminals are employing increasingly sophisticated methods to deceive individuals, with AI now able to create more convincing and tailored messages to individual targets, increasing the likelihood of success. Expecting humans to be able to effectively discern the difference between an advanced AI crafted email, online chat, phone or video deepfake call will soon become an inappropriate defensive tactic.   Observation 9: Proliferation of online tools The number of phishing kits available on the dark web has apparently increased by 50% in 2024. These tools are now so advanced, even novice cybercriminals can effortlessly launch sophisticated campaigns, and impersonate brands, governments, banks and service organisations. With success rates rising from 14% to 18% attackers are clearly becoming adept at manipulating victims to bypass poor security.   Lesson 4: Phish Resistant MFA should be employed on every system and device. Humans will always be able to be manipulated, and therefore identity and authentication mechanisms must be phish-resistant. Second factor authentication systems should now be considered as providing no added security, and only phish-resistant MFA should be utilised (where ever possible using separate purpose-built hardware authenticator).    Why is identity important? Phishing   has a single goal in mind – credential theft. Implementing a phish-resistant MFA solution will prevent your organisation from becoming another statistic and will significantly enhance your security posture by ensuring that even if credentials are compromised, unauthorised access is prevented. Trends to expect in 2025   In the part of this article, we look ahead to the cybersecurity trends and challenges expected in 2025.   Continued Rise of Zero-Days:  We predict the ongoing increase in zero-day vulnerabilities and exploits. Why? Simply put software is complex (more than ever) and adversaries are now very focused on finding and exploiting software flaws. Phish-resistant MFA will become the minimum standard:  More organisations will deploy phish-resistant MFA, phone-based authentication apps will be widely breached. Passkeys will be more widely adopted:  however, enterprise and government will be slower to adopt due to legacy equipment and systems which are not passkey ready. Account recovery processes will be targeted: Especially for passkey-protected accounts, attackers are now more likely to focus on finding weaknesses in account recovery and reset requests and pivot to phishing for recovery keys. AI will be widely adopted by adversaries to be more targeted and efficient with their attacks: Emails, SMS, chats, phone calls, deep fake videos will be almost impossible for humans to decern as fakes. Evolving Ransomware Tactics:  Ransomware operators will target new sectors, such as service and supply chain organisations, seeking to disrupt operations as much as steal personal data. Focus on Critical Infrastructure: Attackers see CI as a strategic and much softer target and will seek out any unprotected operational and edge devices. More executive prosecution for cyber incidents:  Litigation for cyber incidents will increase as tightened laws around liability of senior management take hold. The Rise of Identity-Based Security: Traditional security measures like firewalls and VPNs are no longer sufficient. The focus of security for organisations will change to be on verifying and securing the identities of users and devices accessing systems.   Who is VeroGuard Systems? VeroGuard is a leading digital identity technology company that understands the importance of a secure, verified and reusable identity in today’s hybrid IT environments.  The VeroGuard Platform provides our customers with a bank-to-bank level identity verification system and when combined with our VeroCard offers Next Generation Authentication solutions, where authentication is linked to identity verification with every authentication request. VeroGuard NFA can secure legacy authentication protocols and support the latest Cloud systems with passkeys - all with a phish-resistant and identity aware overlay.   One more Trend for 2025 1.       Next Generation Authentication will be the security foundation for all digital transformation.

On Friday (July 19, 2024), CrowdStrike’s 'Falcon' product was sent an automatic remote content update for Microsoft Windows hosts (which it does on a regular basis). Unfortunately, the update had a defect. When uploaded, the defect triggered widescale failures of computers and systems with Microsoft operating systems that were online. This is being described as the largest IT outage in history.  How has this affected VeroGuard? The VeroGuard Platform was  not  affected by the CrowdStrike-caused outage and has continued to operate normally. Our customers using the VeroGuard verification services continue to use our services without interruption. For any customer whose PCs or laptops were impacted during the period that their devices were compromised as they tried to find workarounds, customers could, nonetheless, continue to use VeroGuard without needing to worry about downstream attacks on their users’ credentials or ID's, because the VeroGuard Platform operates independently of other cloud services and remains vigilant even if a device is compromised. A shift to stronger identity protection rather than reliance on detection models CrowdStrike is embedded software detection that works with a computer’s operating system, essentially watching and assessing code to determine if a cyber threat is present.  As each new variant of a threat is developed by an adversary, CrowdStrike must identify the threat and update their application.  The VeroGuard Platform works 'out of band' as the guardian rather than the detector. As such, the VeroGuard Platform rarely needs updates, which typically are functional improvements and not a reaction to each new threat. Fundamentally, the VeroGuard Platform is designed and built to defend the primary attack surfaces (over 95% of all attacks), which are identity and credentials.  Regardless of the source or type of attack, VeroGuard will stop the adversary from gaining control or executing actions in a system or network. In practical terms, the majority of cyber breaches over the past two years either started with a credential breach or had lateral movement using credentials acquired inside the network after the breach. An outage that raises many questions. CrowdStrike has said that the global outage was not caused by a cyber-attack, but the release of a defective update. The big questions by journalists and industry experts have included: the nature, robustness and effectiveness of testing procedures for updates and patches on cloud systems; the risk of concentration of internet services, and the impact when one of them has a major outage; and the potentially catastrophic impact of a mega cybersecurity breach to critical infrastructure and services. is a global defect-caused outage better than a global cyber breach? (i.e.: speed to deploy updates) The World Economic Forum has stated that, in 2023, the economic impact from cybercrime was over US$8 trillion and, by 2027, the impact is forecast to rise to over US$24 trillion. Time for a new approach Given the clear unprecedented impact of the CrowdStrike outage and the questions that it has raised around the design, robustness and assumptions underlying global IT infrastructure protection, it is clear that a new approach to cybersecurity is needed. The new approach needs to: improve an organisations' and individuals’ security online from credential and ID compromise; not be largely dependent on centralised detection software and services that are clearly under increasing pressures and can cause major global disruptions to systems and networks when that pressure leads to mistakes; be able to operate in a distributed way like bank switches, whereby a single failure does not bring down multiple industries and geographies; protect identity and credentials at all times, regardless of the choice of environment (cloud, on-premise or hybrid) and the status of the applications, network and systems; and not result in widespread scamming each time a new incident occurs by improving the verification of both parties in all high value transactions. The VeroGuard Platform addresses these issues. #VeroGuard #DigitalIdentity #DigitalID #identity #cybersecurity #cybercrime  Want to discuss how VeroGuard can change your organisations cyber-protection profile? Contact Us using the form below. Originally published on LinkedIn 22 July 2024

Published on Defence Connect 17 Feb 2023 Opinion: Recent national concerns about the risk of installed Chinese-manufactured security cameras at sensitive government sites have exposed the tip of an iceberg, explains cyber security and IT industry veteran Nic Nuske. The ensuing political debate also repeated the mistaken belief that Australia has no manufacturing capacity that delivers quality surveillance with no risk to data. Let’s start with the government’s response of “remove the cameras” and “review their installation”. Removing Chinese-made cameras will eliminate manufactured threats in those devices. It is not going far enough, however, when it comes to addressing the cyber risks inherent to connecting any camera or device to the internet. Raising the profile of these serious threats to business and government warrants endorsement, first, to prevent declines in public confidence, and second, to encourage local solutions. Positive action to remediate or remove the cameras warrants applause. Replacing the cameras now is an important security action for Australia. However, for the purposes of long-term strategies, it is critical to understand that threats embedded at the time of manufacture are not the only risks to cameras and other devices exposed to the internet. For example, Chinese hackers exploit more zero-day threats in devices made outside China than any other group. Cyber security weaknesses inherent to machines plague device and equipment manufacturers and are being regularly exploited by bad actors. As we connect more and more devices to the internet in the name of productivity, efficiency, and mobility, we are witnessing an exponential increase in cyber threats and breaches that exploit device security irrelevant of the place of manufacture. It is well documented that many devices (machines and sensors) have little or insufficient security to protect against increasingly sophisticated crime.  The Office of the Australian Information Commissioner reported last year that there were 853 notifiable data breaches in 2021–22. Around 20 per cent of those were in health service providers, followed by finance, legal and accounting, education and Australian government agencies. The list shows that data breaches have become ever-present with some jaw-dropping losses of data. The Australian Cyber Security Centre’s latest threat report shows the centre received more than 76,000 cyber crime reports in the 2022 financial year, up 13 per cent on the previous year. That’s one attack every seven minutes, on average. The cost of dealing with cyber attacks, as Optus and Medibank have discovered, is huge. Video surveillance systems bring with them some extra challenges to cyber security including an additional layer of abstraction (the visual layer), however many of the cyber issues for machines are common to any device, machine, or sensor connecting with the internet. The possible risks embedded at the time of manufacture (intentional or not) can lead to and/or compound many other risks. The most common threats to devices exposed to online connections can be summarised as follows: Protection of passwords and credentials. Secure and timely updates and delivery of firmware and other patches to machines. Networks and protocols that don’t have robust, end-to-end hardware-based encryption. The use of mobile apps to access data and control devices. A lack of processing capacity in the device to perform effective encryption of communications. Emerging capability by organisations to identify and track all devices connected to their network impacting deployment and management of cyber security to all endpoints. When cameras and other devices, along with their control systems, connect to the internet, they become a “weak link” that can allow hackers to take control of the device and its functions and/or infiltrate an entire IT system.  Yet it is inevitable that cameras, surveillance systems, and other devices will be connected to the internet at some time. AI and BI will rely on data gathering and exchange to be effective. Cloud services are changing the economics and dynamics for IT and OT systems. One Australian company tackling these issues head-on is VeroGuard Systems, which has developed the world’s first identity and communications platform that utilises hardware security module (HSM) identity management and communications on open networks for any device or machine. The advanced, secure platform has been developed in Australia. Adding further to the company’s sovereign status is that it manufactures products at its Edinburgh, South Australia facility. One of the products, VeroMod, is an HSM that can connect with any camera, device, or machine. VeroMods, operating with the certified VeroGuard platform, provide any machine with an ultra-secure digital ID. The solution delivers military-grade protection of the ID and verified zero-trust access to or from the connected machine. VeroMod also takes on the cryptographic workload for devices communicating at “secret” and above levels. The company has also embedded an HSM into its Australian-built cameras. This eliminates any risks of breaches to the camera, its data, or systems, even when the connections are direct-to-the-internet. The company’s chairman and co-CEO, H Daniel Elbaum, says, “We have for the first time brought a technology to open networks that eliminates identity and security risks to any machine including surveillance systems”. The company’s VeroMod and cameras connect to the VeroGuard platform, which has been certified Common Criteria for access on open networks by the Australian Cyber Security Centre and is a global one-of-a-kind. Removing Chinese-made security cameras can eliminate their embedded threats, however, security vulnerabilities will continue to be uncovered in the peripheral connectivity, software VPNs, and even the devices themselves. These all represent significant attack surfaces for threat actors looking to exploit these systems and are urgently in need of actions to prevent the growing threats inherent to connecting machines to the internet. There is a solution, and it’s Australian made.

​VeroGuard Systems, in conjunction with Data61, is proud to introduce the most secure cloud storage solution ever conceived. VeroVault provides a level of data protection significantly higher than previously possible in the cloud. For Government A unified, universal digital identity platform for Government departments accelerates the ability to bring services online for citizens, secures data and improves administrational procedure. Click below to discover how VeroGuard can help to streamline your Government department. Find Out More Find Out More For Corporate Industry leading ID management solutions, secure remote login options for staff and the ability to store your organisation’s data assets with confidence. A single, unified system to achieve all this and more. Unique Online Data Storage Here’s how it works. First, the end user is verified and logs in using a PIN on their VeroCard, leveraging the power of indisputable verification to protect the data at the source. The data is encrypted using the physical Hardware Security Module in the VeroCard, ensuring that the data is protected in transit. The encrypted packets of data are then split and stored across a vast array of multiple VeroVault servers, a process not unlike Redundant Array of Independent Disks (RAID). Absolute Online Data Protection VeroVault was designed on the principle that data must be protected at every stage of communication. Protecting data while at rest in the cloud alone is simply not good enough. Utilising a combination of indisputable ID verification, hardware encryption and multi-server data splitting, our proprietary solution directly addresses critical security concerns at all three stages of online communication. VeroVault provides much more than just protection for data at the source, it also takes measures to protect the data while it’s in transit and at rest. Get VeroGuard Other Products VeroCard VeroMod VeroVault VeroVault VeroGuard Systems, in conjunction with Data61, is proud to introduce the most secure cloud storage solution ever conceived. VeroVault provides a level of data protection significantly higher than previously possible in the cloud. Products Solution: Data Protection

Amongst the most pressing concerns currently holding back the effective implementation of a digital economy is that of delivering a secure digital identity. For Government A unified, universal digital identity platform for Government departments accelerates the ability to bring services online for citizens, secures data and improves administrational procedure. Click below to discover how VeroGuard can help to streamline your Government department. Find Out More Find Out More For Corporate Industry leading ID management solutions, secure remote login options for staff and the ability to store your organisation’s data assets with confidence. A single, unified system to achieve all this and more. Citizen ID The transition to a digital economy requires a trusted, efficient and unified secure method for accessing government services. A VeroGuard Citizen ID seamlessly connects citizens to government services and stops access by impostors to provide trust between citizens and Government. Our platform not only switches between government and corporate applications, but is designed to certify into existing financial networks to utilise existing schemes and settlements at cardholder present level online. It automatically complies with banking identity frameworks and existing retail payment terminals. Citizen ID allows for easy and ultra-secure access to online services for any level of government. It is a universal solution that enables secure online proof of age, online voting, E-health data, E-Prescriptions, digital public transport wallets, event ticketing and so much more. For more information: VeroGuard Citizen ID Business ID Protect your supply chain with the best available security and discover the absolute surety of non-repudiable verification. VeroGuard Business ID is a unified and indisputable solution for verifying the source of all interactions between organisations in your supply chain. In addition to identity management, the solution provides unmatched protection for documents and data, reduces cycle times and prevents the need for data re-entry. It's a universal ID layer for any existing platform that enables a single user account with authentication to access any authorised system. A VeroGuard Business ID provides indisputable, non-repudiable proof of identity for all digital communications and transactions. Our solution verifies every interaction between businesses, as well as those between business and government. VeroGuard stops unauthorised access to systems and data. For more information: VeroGuard Business ID Employee ID Deliver unmatched identity and access management with black-box to black-box level security for communications and data across a single network for organisations and their eco-systems. A VeroGuard employee ID is a unique digital ID allowing for anchored identification, single sign-on, multi-purpose access and verification unified at the user with interoperability across in-house, cloud and hybrid environments. It enables simple, ultra-secure messaging and verifiable identity across the internet, interoperable and compatible with most applications and operating systems. A VeroGuard employee ID replaces ID cards, e-wallets, proximity cards for building access, credit and debit cards, tokens, loyalty cards, licences, e-signatures and more. It’s the only solution that provides indisputable, non-repudiable verification for absolute digital protection. For more information: VeroGuard Employee ID Get VeroGuard Other Solutions Machines People Data Protection Unified, Universal Digital Identity for People Amongst the most pressing concerns currently holding back the effective implementation of a digital economy is that of delivering a secure digital identity. Current identity systems are based on face-to-face interactions, and on physical documents and processes. In a world that is ever more governed by digital transactions and data, existing methods for managing security and privacy are not adequate. The number of identity dependent transactions is growing through increased use of digital channels, and the complexity of these transactions is increasing just as rapidly. Customers have come to expect seamless delivery of services across all platforms and regulators are demanding more transparency around every transaction. Meanwhile, cyber criminals are using more sophisticated technology and tools to conduct their illicit activity. This issue affects every segment of the economy, from government to corporate and even the private citizen. Discover why indisputable, non-repudiable verification of identity is critical to any response against this threat. SOLUTIONS Product: VeroCard

Vero Machine Identity is a Hardware Security Module (HSM) based solution that provides unparalleled security for IoT devices and applications. For Government A unified, universal digital identity platform for Government departments accelerates the ability to bring services online for citizens, secures data and improves administrational procedure. Click below to discover how VeroGuard can help to streamline your Government department. Find Out More Find Out More For Corporate Industry leading ID management solutions, secure remote login options for staff and the ability to store your organisation’s data assets with confidence. A single, unified system to achieve all this and more. Get VeroGuard Other Solutions Machines People Data Protection Machine Identity for IoT Vero Machine Identity is a Hardware Security Module (HSM) based solution that provides unparalleled security for IoT devices and applications. The module provides absolute protection for all internet connected devices, including AI/BI engines and tools. It works in conjunction with the VeroGuard network to provide HSM to HSM authentication of device identity. VeroGuard machine identity can be used to secure any type of device and handles the processing load for cryptographic calculations, meaning the IoT machines are not impacted by the security workload. It can be easily embedded into any device without fuss and connects directly to the VeroGuard network to protect both the device itself and any data it transmits. The solution is compatible with existing platforms and requires no upgrade to systems, offering connectivity that includes RJ, CAT, cellular (2G/3/4g/5g) WiFi or BPL/PLC. SOLUTIONS Product: VeroMod Machine ID In order to create an irrefutable identity for any device, VeroMod is simply integrated into the device, or via RJS connection. The machine requests connection and is verified with non-repudiable out of band and hardware encrypted multi factor authentication. At this point, VeroGuard provides HSM to HSM authentication and verification of machine identity, which allows encrypted tunnels to open, connecting machine to machine. All communications are AS 2805/ISO 8583 messaging and VeroMod handles the processing load for cryptographic calculations. Meanwhile, IoT machines are not impacted in any way. Machine ID is tamper resistant, utilises a unique key for every transaction and, with no known source of encryption, exposes no user authentication information. It is a simple and cost effective solution for securing all device data and communications. For more information: VeroGuard Protecting the IoT