Cloud Busted, Keeping Secrets Safe, Arresting Developments, RATs... Everywhere, Real or Fake, and Sudden Exposure. It's CISO Intelligence for Friday, 10th October 2025.

Table of Contents

1. SonicWall Scramble: The Firewall Kerfuffle
2. The Cyber Security Debt: A Hacker's Favorite Loan
3. London's Custodial Crisis: Ransomware Inflicts Childcare Centers
4. PureRAT Attack Chain: RATs and Cheese - Cybercriminals Go Gourmet!
5. Attack of the ClayRat: When Fake Apps Get Too Real
6. Discord in Pandemonium: When Blunders Go Viral

SonicWall Scramble: The Firewall Kerfuffle

When your firewall config files take a walk on the dark side.

What You Need to Know

The cybersecurity landscape took a shocking turn as SonicWall revealed a breach where threat actors accessed firewall configuration files across its entire cloud backup customer base. This breach doesn't just impact the integrity of customer security but highlights a significant vulnerability in cloud-backup protocols. Executives must ensure immediate risk assessment, communication clarity, and re-evaluation of all cloud integration protocols. Action is required to comprehend the scope and counter future threats.

CISO focus: Data Breach and Incident Response
Sentiment: Strong Negative
Time to Impact: Immediate

Earlier this month, SonicWall unearthed an unsettling reality – threat actors had infiltrated its cloud servers, extracting firewall configuration files of numerous customers. Often seen as a robust bastion in the cybersecurity realm, SonicWall now faces questions about its efficacy in safeguarding sensitive client data.

The SonicWall Security Snafu: Breach Details

• Extent of Breach: It impacts all customers using SonicWall’s cloud backup service, making this an all-encompassing compromise.
• Potential Data Exposure: Firewall configuration files contain sensitive information that, if misused, can lead to further unauthorized access and data breaches.
• Immediate Response: SonicWall has urged customers to reset passwords and review compromised configurations.

Why This Matters

The theft of firewall configurations from SonicWall is an alarming signal, not just for the company but for the cybersecurity industry. These configurations can be recipe books for hackers, granting them a strategic insight into the defenses of numerous networks, potentially aiding in crafting attacks perfectly tailored to bypass these defenses.

Implications

• Reputation at Risk: For a brand like SonicWall, renowned for network security, this breach could erode trust and diminish reputation.
• Client Vulnerability: Clients must immediately rectify the situation by strengthening their own security protocols.
• Industry-Wide Repercussions: This breach casts doubt on the safety of cloud-based security solutions, prompting a broader industry review.

The Industry Wake-Up Call

As cloud solutions continue to be integrated within cybersecurity frameworks, these systems' vulnerabilities become glaringly apparent. The SonicWall instance underlines the urgent need for robust and secure cloud infrastructure.

Key Areas for Strengthening

• Enhanced Monitoring: Increase surveillance and auditing within cloud environments to detect anomalies early.
• Data Encryption: Ensure all configuration files and sensitive data are encrypted, making any acquired information less useful as is.
• Regular Security Drills: Simulate breaches to train systems and staff in rapid and effective incident responses.

Recommendations for Companies

• Conduct a thorough risk assessment of current security practices.
• Revisit your cloud security policies.
• Engage in an open dialogue with vendors on their security measures.

When Firewalls Fail: Conclusion

Just as medieval fortresses sometimes fell not by siege but by betrayal within, this breach serves as a stark reminder that internal processes and oversight can be as critical as external threats. Cybersecurity strategies must increasingly account for and mitigate such internal vulnerabilities.

Vendor Diligence Questions

1. What specific security measures and protocols does your cloud service employ to protect configuration files and data?
2. How often do you conduct vulnerability assessments and audits on your cloud infrastructure?
3. Can you provide a detailed incident response plan and SLAs in case of such breaches?

Action Plan

1. Immediate Communication: Notify all teams and relevant stakeholders about the breach details and implications.
2. Password Reset Procedures: Ensure all affected clients change passwords and take guided remedial actions.
3. Configuration Audit: Promptly perform a system-wide firewall configuration audit to check for any unauthorized changes or potential vulnerabilities.
4. Incident Report & Analysis: Request a detailed incident report from SonicWall to analyze weaknesses and establish preventive measures.
5. Vendor Dialogue: Engage in discussions with SonicWall to evaluate their enhanced security measures post-breach.

Source: SonicWall: Firewall configs stolen for all cloud backup customers

The Cyber Security Debt: A Hacker's Favorite Loan

Because ignoring security debt is like leaving the front door open with a 'Do Not Disturb, Hacker at Work' sign on it.

What You Need to Know

Security debt is crippling organizations by accumulating vulnerabilities that can be exploited by cybercriminals. This pressing issue requires immediate board attention and a strategic reevaluation. Executive management should prioritize risk management frameworks that identify, mitigate, and continuously assess vulnerabilities in the system architecture. This involves aligning cybersecurity investment with business outcomes and ensuring cross-functional participation in resolving security responsibilities.

CISO focus: Risk Management and Mitigation
Sentiment: Strong Negative
Time to Impact: Immediate

Cybersecurity debt is the quiet specter haunting the boardrooms of companies small and large. Like financial debt, this security liability accumulates over time, resulting in a tangle of outdated protocols, unpatched software, and neglected systems that leaves organizations vulnerable to cyber threats. But unlike financial debt, a security breach's cost doesn't just hit the balance sheet; it can devastate a company's reputation and customer trust overnight.

The Growing Burden of Security Debt

Security debt refers to the myriad potential security vulnerabilities that accumulate over time, much like debris in an alleyway. These vulnerabilities stem from diverse origins: rapidly deployed software lacking rigorous security checks, deferred maintenance, and insufficient funding for upgrading legacy systems. The digital landscape's evolution requires organizations to stay agile in the face of emerging threats, but security debt makes this agility elusive.

Why It Matters Now More than Ever

The explosion of digital transformation initiatives, spurred on by the COVID-19 pandemic, has stretched cybersecurity resources thin. According to a 2023 Cybersecurity Ventures report, there will be a cyberattack every 11 seconds by the end of this year. This underscores the urgent need for businesses to address their mounting security debt. Left unattended, the vulnerabilities in these systems can lead to breaches where sensitive customer information or proprietary corporate data is compromised.

The Cost of Ignoring Security Debt

Ignoring security debt not only increases the likelihood of breaches but can also inflate recovery costs exponentially. Studies show that the average cost of a data breach in 2023 will exceed $4 million. These costs are not just financial, involving steep regulatory fines and lost profits, but also bear significant reputational damage affecting long-term business viability.

Attack Vectors and Security Oversight

Security debt opens doors to numerous attack vectors. These include:

• Phishing Attacks: Continually exploit employee vulnerabilities due to inadequate training and outdated security measures.
• Ransomware: Finds an easy path in legacy systems, holding companies hostage with threat of public data disclosure.
• Insider Threats: Enabled by gaps in information governance and access controls.

Strategies for Recovery and Mitigation

CISOs and their teams need actionable strategies to manage and ultimately eliminate security debt:

• Inventory Vulnerabilities: Conduct comprehensive audits to identify existing vulnerabilities. Engage with third-party experts to provide fresh perspectives.
• Prioritization and Alignment: Rank vulnerabilities based on threat level and business impact. Align risk management with strategic business objectives.
• Investment in Futureproofing: Redirect resources towards modern infrastructure that incorporates security by design principles.

Cross-Functional Collaboration

Organizations must break down silos and encourage inter-departmental collaboration, recognizing that cyber risk management is not solely an IT responsibility. Legal, compliance, and operational teams should be engaged to handle the multifaceted challenges security debt presents.

Say Goodbye to Security Debt, Say Hello to Security Credibility

As companies continue to digitize, the calls for robust security frameworks grow ever louder. CISOs must spearhead efforts to clean house, ensuring that every digital nook and cranny is fortified against intrusion. This involves acknowledging security debt as a core business risk.

Vendor Diligence Questions

1. How does your tool assist in identifying and remediating security debt effectively?
2. What specific protocols do you offer to prevent the recurrence of vulnerabilities?
3. Can your solution integrate seamlessly with our existing infrastructure without introducing new risks?

Action Plan

1. Vulnerability Assessment: Conduct a thorough audit of existing systems and processes to identify potential vulnerabilities.
2. Develop a Prioritization Roadmap: Create a timeline for addressing vulnerabilities based on their potential impact and remediation resources available.
3. Implement Continuous Monitoring and Training: Establish ongoing monitoring systems and regularly train staff to recognize and thwart potential attacks.

Source: How CISOs can get out of security debt and why it matters

London's Custodial Crisis: Ransomware Inflicts Childcare Centers

When data ransom involves kindergarteners, the "time-out" gets a whole lot longer.

What You Need to Know

Two individuals have been apprehended by the London Metropolitan Police in connection to a ransomware attack targeting childcare centers, identified as part of the Radiant gang. This attack has compromised sensitive data, including personal information of children, highlighting significant vulnerabilities in our current cybersecurity protocols. Your immediate attention is required to strengthen data protection strategies and evaluate current systems for potential risks.

CISO focus: Data Protection and Incident Response
Sentiment: Strong Negative
Time to Impact: Immediate

In a chilling reminder of the crucial need for robust cybersecurity across all sectors, the London Metropolitan Police recently arrested two individuals connected to a cyberattack against a series of childcare centers. Labelled as members of the notorious Radiant gang, the suspects allegedly exploited vulnerabilities to breach sensitive databases, spilling personal information of children and families into the darkest corners of the web.

Arrest in Detail

The suspects, aged 17 and 22, were apprehended in Bishop's Stortford, marking a significant development in a case that has sent shockwaves through both the cybersecurity and childcare communities. This breach involved sensitive data—including names, photographs, and family contact information—being published on the dark web, creating a volatile intersection of cybersecurity and public safety concerns.

Radiant Gang: Culprits of Chaos

The Radiant gang's audacious attack, publicized on their dark web portal, effectively manipulated the inherent vulnerabilities within Kido's network, a chain of prominent childcare centers. By exploiting weak defenses, this gang reiterated the universal truth of cybersecurity: no sector is immune, and complacency is a silent accomplice to crime.

In their modus operandi, Radiant reportedly used typical ransomware techniques while demonstrating a brutal, public-facing data dump tactic. This has propelled a wave of anxiety among parents and caregivers, reflecting the palpable fear tied to the digital age's reach into our daily lives.

Resonating Consequences

The ripple effects of such an attack are far-reaching, sparking debate over how and to what extent organizations must protect sensitive information. For cybersecurity experts, this incident amplifies the urgency to revisit emergency protocols and transactional privacy measures.

Experts underscore that this breach is not just another tally in the growing list of cybercrimes but a pivotal indication of evolving ransomware goals—where attackers increasingly target sectors historically considered lower-risk. Ray Walsh, digital privacy expert at ProPrivacy, highlights, "This attack demonstrates a staggering level of immorality that most would rather continue to perceive as fiction."

The Ongoing Battle Against Cybercrime

Law enforcement's success in capturing these suspects underpins the persistent tactical advances required in cybercrime investigations. As cybercriminals grow bolder, the importance of cross-sector collaboration and comprehensive cybersecurity education becomes paramount, demanding persistent advancements in forensic capabilities and intellectual vigilance.

Mitigation Strategies: Building the Digital Trench

In the aftermath, organizations must critically assess their cybersecurity frameworks to prevent future breaches:

• Risk Assessment: Regular risk evaluation and robust system audits can expose potential weaknesses.
• Data Encryption: Ensuring sensitive data is encrypted at rest and in transmission provides layers of security.
• Access Control: Implementing stringent user access controls can significantly reduce unauthorized data exposure.
• Incident Response Plans: Establishing clear, actionable incident response strategies ensures quicker recovery and damage containment.

In today’s digital era, the playground for knowledge bears unseen dangers that necessitate vigilant guardianship. Securing the digital fiefdom isn’t just about technology; it’s about protecting the lives it touches. As we ponder the Radiant case, the imperative becomes clear: vigilance isn't optional—it's a mandate.

Vendor Diligence Questions

1. How does your data management software assure encryption and data integrity specifically for sensitive information like children's data?
2. Can you provide evidence of third-party audits confirming the robustness of your cybersecurity infrastructure?
3. How do you ensure compliance with data protection regulations, specifically for managing and reporting breaches involving minors?

Action Plan for the CISO Team

• Immediate Audit: Conduct a comprehensive audit of current security protocols within all vulnerable departments.
• Security Training: Initiate mandatory cybersecurity awareness trainings tailored to data protection specific to your sector.
• Policy Revamp: Review data handling and retention policies to ascertain alignment with latest data protection laws.
• Vendor Assessment: Conduct thorough diligence on all third-party vendors connected to sensitive data environments.

Source: Reuters

PureRAT Attack Chain: RATs and Cheese - Cybercriminals Go Gourmet!

Cybercriminals' menu goes RATletante – not quite Ratatouille but close!

What You Need to Know

The recently dissected PureRAT malware attack chain, detailed through thorough investigation, transitions from a stealthy infostealer to a fully operational Remote Access Trojan (RAT). This evolution indicates heightened sophistication in cyber-attacks, demanding immediate attention from cybersecurity teams. Organizations are expected to reinforce their defenses, focusing on robust detection and response plans to mitigate such threats.

CISO focus: Advanced Persistent Threats
Sentiment: Negative
Time to Impact: Immediate

A recent report from BleepingComputer lays bare the insidious machinations of the PureRAT attack chain—a malware sequence that begins as a benign infostealer before evolving into a full-fledged Remote Access Trojan. This shift represents a significant escalation in threat sophistication, demanding immediate and comprehensive action from organizations worldwide.

PureRAT Attack Chain Unveiled

PureRAT's strategy unfolds in stages, piquing attention with its initial infostealer deployment. Cyber criminals use this phase to covertly infiltrate systems, harvesting valuable data without setting off alarm bells. However, this is merely the precursor to PureRAT’s true capabilities as it promptly transitions into a Remote Access Trojan, granting attackers full control over compromised machines.

This bifurcated approach not only increases the attack's stealth but also provides its operators with flexible avenues to exploit and profit from the resources they compromise.

The Threat Landscape

PureRAT isn’t an anomaly in today's threat landscape; it exemplifies a broader trend towards multi-stage attacks that morph and adapt. The use of a RAT further allows cybercriminals to perform extensive espionage activities, conduct further breaches, and establish enduring footholds within targeted networks.

Aside from data theft, PureRAT can facilitate distributed denial-of-service (DDoS) attacks, install additional malware, or corrupt systems outright, underscoring the diverse nature of threats these advanced malware pose.

Defensive Strategies and Technologies

Given this risk, organizations must prioritize the following defense strategies:

• Robust Endpoint Protection: Upgrade to advanced antivirus solutions capable of behavioral analysis and machine learning to detect anomalous activities indicative of PureRAT.
• Network Segmentations: Limit the spread of malware by creating isolated network segments, ensuring that compromised segments minimize the overall impact.
• Regular Threat Intelligence Updates: Stay informed of the latest attack vectors and developments in malware behaviors to adapt defenses accordingly.

Operational Imperatives

For security teams, the immediate action must involve a sweeping audit of existing network defenses and the implementation of updated security measures. This includes leveraging AI technologies for threat detection, deploying comprehensive monitoring tools, and conducting regular penetration tests to identify vulnerabilities before threat actors do.

When Cybersecurity Isn't Spelt with an R-AT

The PureRAT scenario reflects the critical need for heightened vigilance and rapid adaptability in cybersecurity strategies. Ignoring these evolving threats is akin to rolling out the red carpet for cybercriminals already elbow-deep in the digital cookie jar.

Action is imperative, not optional, and cybersecurity teams must be nimble, informed, and proactive to thwart these dynamic threats that continue to test our defenses daily.

Vendor Diligence Questions

1. How does your security solution detect and respond to multi-stage malware like PureRAT?
2. What AI-driven techniques do your products use to identify and mitigate emerging Advanced Persistent Threats (APTs)?
3. Can your system offer real-time threat intelligence updates and integration with our existing security infrastructure?

Action Plan

For the Team Reporting to the CISO:

1. Conduct Comprehensive Risk Assessments: Review current systems for vulnerabilities using automated scanning tools and manual assessments.
2. Implement Zero Trust Architecture: Enforce strict least-privilege policies across the network, ensuring that users and programs only have access to what is absolutely necessary.
3. Enhance Incident Response: Develop and routinely test incident response plans to ensure rapid and effective action in the event of a compromise.
4. Training and Awareness: Initiate regular training sessions for employees to recognize phishing attempts and other social engineering tactics used to infiltrate networks.

Source: From infostealer to full RAT: dissecting the PureRAT attack chain

Attack of the ClayRat: When Fake Apps Get Too Real

Rats in the code, but not a drop to debug.

What You Need to Know

Executive management needs to be aware of a new cyber threat targeting Android users through malicious fake apps mimicking popular applications like WhatsApp and TikTok. These apps deliver ClayRat spyware, designed to infiltrate devices and collect sensitive data. The company must ensure robust cybersecurity practices are in place to protect its infrastructure and users. Immediate actions are necessary to mitigate potential exposure and enhance overall security posture. Please prioritize securing mobile endpoints and user education on app downloads.

CISO Focus: Mobile Security & Malware Protection
Sentiment: Strong Negative
Time to Impact: Immediate

In the ever-evolving landscape of cyber threats, Android users are the latest targets of a new spyware known as ClayRat. This insidious malware masquerades as trusted apps, leveraging the popularity of WhatsApp and TikTok to ensnare unsuspecting users. Here's how it operates and what you need to do to keep your data out of its clutches.

ClayRat Spyware: An Emerging Threat

At its core, ClayRat capitalizes on user trust in established brands. By mimicking widely used apps such as WhatsApp and TikTok, malicious actors distribute the spyware to a broad audience. Once installed, ClayRat infiltrates the device, extracting sensitive information, including contacts, messages, and location data.

Key Features of ClayRat

• Masquerading as Popular Applications: ClayRat is disguised as legitimate looking apps, raising no immediate suspicion.
• Data Harvesting: It collects and transmits user data back to command and control (C2) servers.
• Stealthy Operations: Employs obfuscation techniques to evade detection by traditional antivirus solutions.

Immediate Impact on Users

The ramifications for victims of ClayRat are severe, potentially leading to identity theft, financial loss, and further exploitation. Businesses with employees using Android devices must act swiftly to secure their data.

How to Avoid the Trap

Security experts recommend downloading apps exclusively from trusted sources like the Google Play Store. However, vigilance remains paramount given that malicious apps occasionally slip through even trusted platforms.

Warning Signs of Infection

• Unusual Device Behaviour: Frequent crashes or sudden slowdowns might indicate the presence of spyware.
• Unexpected Data Usage: Sudden spikes in data consumption could be a red flag for data theft.
• Battery Drain: Persistent, unexplained battery depletion could suggest malicious activity.

Organizational Impact and Response

Businesses must prioritize safeguarding their mobile infrastructure. The following steps can dramatically reduce the risk from threats like ClayRat:

• Strengthening User Authentication: Implement multifactor authentication (MFA) to secure user accounts.
• Conducting Regular Security Audits: Frequent assessments will identify vulnerabilities in mobile applications and infrastructure.
• Educating Employees: Regular training sessions on identifying malicious apps and reporting suspicious activities are crucial.

Vendor Diligence Questions:

1. How does our current mobile security solution detect and mitigate threats from side-loaded apps?
2. What measures are in place to ensure apps are regularly vetted from internal and external sources?
3. Can we verify the integrity of the applications used organization-wide? What tools do we use for code reviews?

Action Plan

Immediate Steps

1. Audit Mobile Devices: Conduct a comprehensive review of all company-issued and BYOD Android devices for unauthorized applications.
2. Update Security Protocols: Ensure all mobile devices are using the latest security updates, and apps are from verified sources.
3. Enhance Monitoring Tools: Deploy advanced threat detection tools that focus on behavioural analytics across mobile applications.

Long-Term Strategies

• App Whitelisting: Develop a policy that only allows the installation of pre-approved apps.
• Security Awareness Campaign: Launch a bi-annual campaign to enhance awareness across the organization.
• Strategic Partnerships: Consider collaborating with cybersecurity firms specializing in mobile threats to lead proactive defense strategies.

In a world where digital threats rapidly adapt to users' habits, remaining vigilant is the best defense. ClayRat's emergence as a threat reminds us of the ever-constant need for robust security measures and informed digital hygiene.

Embrace security as a continuous dialogue, lest the "rats" find a way in through unattended digital "cracks."

Sources

1. The Hacker News: New ClayRat Spyware Targets Android Users
2. "Android Security Updates," Last Updated October 2023, Android's Official Developer Page.
3. "Cybersecurity Protocols for Mobile Devices," Journal of Cyber Intelligence, August 2023.

Discord in Pandemonium: When Blunders Go Viral

When IDs get leaked, who’s watching your backdoor?

What You Need to Know

Discord has confirmed a significant breach involving a staggering 70,000 government-issued IDs, resulting from a third-party breach. This breach highlights critical gaps in vendor management and data security strategies. Executives must assess the robustness of third-party relationships, review security protocols, and elevate communication channels with cybersecurity teams to fortify defenses against similar exploits.

CISO focus: Third-Party Risk Management
Sentiment: Strong Negative
Time to Impact: Immediate

In a digital era where privacy is paramount, breaches that expose sensitive information can cause a tsunami of repercussions. This article delves into the recent confirmation by Discord about a colossal breach that exposed 70,000 government-issued IDs due to a third-party vulnerability. This exposé not only unwraps the series of events leading up to this security fiasco but also highlights a manifest dereliction in third-party oversight—a crucial lesson for organizations that digitize trust without verifying foundations.

The Shockwave of a Leak

Discord's confirmation of the breach sends shockwaves through the digital communication landscape. With over 70,000 government IDs compromised due to a third-party misstep, the implications are immediate and chilling. Government-issued identification documents are prime targets for illegal activities such as identity theft, fraud, and more, raising alarm bells for both individuals and corporations. While Discord has been front and center in addressing the breach, the speed and gravity of the situation demand rigorous scrutiny and an expedient remedy.

Transition from Trust to Turmoil

The breach underscores a growing cybersecurity conundrum—how we trust third-party vendors with sensitive data. As organizations, including Discord, lean heavily on external partnerships for data handling and services, the breach reiterates the notorious weak link in the security chain. Discord’s situation exemplifies a classic lapse in vetting third-party defenses, revealing that a partnership without proper due diligence can rapidly transform trust into turmoil.

Sluggish Communication or Swift Recovery?

Despite the magnitude of the breach, Discord’s response was a cocktail of haste and vigilance. In a digital terrain where swift communication mitigates fallout, Discord's expedient transparency is noteworthy yet its pre-breach risk assessment practices beckon reconsideration. The damage inflicted by the exposure is not solely quantified by the breach size but also the eroding trust from users and partners.

Reassessing Third-Party Alliances

Institutions globally are now urged to scrutinize their networks and configurations. Evaluating existing vendor partnerships and recalibrating privacy postures is imperative. The Discord fiasco serves as a solemn reminder of the trenches where third-party relationships can flounder without stringent oversight mechanisms.

• Evaluate: Conduct thorough risk assessments of pre-existing vendor contracts focusing on privacy protocols.
• Monitor: Deploy regular audits and penetration tests to identify potential vendor vulnerabilities.
• Strengthen: Establish robust incident response strategies specifically addressing third-party breach scenarios.

Butterflies of Discord – Flap Hard

In addressing such crises, entities must prioritize agile remediation while ensuring long-term resilience. Implementing AI-driven anomaly detection tools, revisiting vendor contracts, and championing transparency with stakeholders forge a stronger shield against similar threats.

Vendor Diligence Questions

1. What specific security measures does the vendor have in place to protect sensitive data?
2. How regularly does the vendor perform security audits and penetration testing?
3. Can the vendor provide recent audit reports or compliance certifications?

Action Plan

1. Immediate Investigation: Launch a thorough investigation into the third-party vendor’s security practices.
2. Communicate with Affected Parties: Ensure transparent communication with affected users, including details of the breach and steps being taken.
3. Review and Update Contracts: Revise vendor contracts to include stricter security requirements and compliance deadlines.
4. Boost Internal Security: Enhance internal systems to detect and mitigate breaches more effectively.
5. Develop Recovery Protocols: Establish recovery protocols to address potential future breaches swiftly.

Sources:

• "Discord Confirms 70,000 Government IDs Exposed in Third-Party Breach." DataBreaches.net
• “The Unseen Threat: Third-Party Cyber Risk.” Cybersecurity Ventures.
• “Building Resilience: Vendor Risk Management in Cybersecurity.” Gartner Research.

CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career.

We're passionate advocates for good cybersecurity at home, at work, and in government.

Thank you so much for your support!

CISO Intelligence by Jonathan Care is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International