This week Adaptiva launched what it claims is the first autonomous endpoint patching solution for third-party Windows apps. There were several research reports published, including ones from Dragos, Sophos and Check Point Research
Appointments
Neustar Security Services announced the appointment of Alice Palmer as chief marketing officer.
Customer
Medigate by Claroty, healthcare’s leading clinical device data security and integration platform, announced a new partnership with Cabrini Technology Group, the largest medical technology service provider in Australia and New Zealand.
Noname Security, the most complete, proactive API security platform, announced it has partnered with Aflac, the leading provider of supplemental health insurance in the United States, to protect Aflac’s global estate of APIs.
Financial Reports
Check Point Software revealed its Q3 2022 results. Total revenue was $578 million, up 8% YoY. Security subscription revenues were up 13% Yoy to $216 million. Gil Shwed, Founder and CEO of Check Point Software Technologies, commented: “We delivered strong third-quarter results reflecting solid execution during the quarter. Revenues came in toward the high-end of our projections, while non-GAAP earnings per share exceeded projections. Product and Security Subscription revenues increased by 13%, driven by double-digit growth in Harmony, CloudGuard and Quantum network security gateways.
“During the quarter we expanded the Infinity platform with the introduction of Horizon, an industry-leading security operations solutions and services suite. Horizon for XDR, MDR and events leverages the company’s prevention-first approach to improve defenses across the network, cloud, and endpoints to prevent future cyberattacks.”
Product
LogRhythm, the company helping busy and lean security operation teams save the day, announced its technology integration with Gigamon, the leading deep observability company. LogRhythm and Gigamon are working together to help organizations around the globe increase visibility and protect against modern cyberattacks.
Ivanti announced additional capabilities for the Ivanti Neurons platform to help protect the user experience, productivity, and organizational assets. They include Ivanti Neurons for Zero Trust Access, Ivanti Neurons for Secure Access and Ivanti Neurons for Patch Management.
Dr Srinivas Mukkamala, Chief Product Officer, Ivanti commented, “Ivanti has seen tremendous momentum across our entire product suite while staying laser-focused on an exceptional experience for our customers. Cybersecurity Awareness Month is an important initiative and provides an opportunity for all organizations to harden their security posture and improve risk management. As organizations move from reactive to proactive cybersecurity strategies it significantly lowers the probability of a successful cyberattack.”
Ivanti Wavelink announced the integration of Ivanti Neurons for MDM, a cloud-based modern device management solution that can secure and manage any device, any OS, anywhere across your supply chain operation throughout its lifecycle. With this launch, Ivanti Neurons for MDM can now manage rugged mobile devices.
Trustwave announced enhanced Co-Managed SOC capabilities designed to maximize the threat detection and response value of SIEM (Security Information and Event Management) deployments, avoid unnecessary costs, and reduce alert noise by up to 90%. Trustwave’s offering is a holistic partnership in which Trustwave serves as an extension of its clients’ security operations teams. The new capabilities include a dedicated cyber success team and access to security colony, a tool repository.
Threats
Dragos published information from its research on PIPEDREAM. Key takeaways include:
- EVILSCHOLAR can target CODESYSv3 devices. Schneider Electric controllers are likely only the initial target.
- BADOMEN can manipulate the 1S-Series of Servo Drives, not just the specific R88D-1SN10F-ECT Servo Drive.
- BADOMEN cannot manipulate Omron Safety Controllers, but this is likely the next step in its development.
- EVILSCHOLAR and BADOMEN can achieve logic corruption and manipulation on target PLCs for disruption and destructive effects.
Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor DEV-0832, also known as Vice Society. DEV-0832’s latest payload is a Zeppelin variant that includes Vice Society-specific file extensions, such as .v-s0ciety, .v-society, and, most recently, .locked. The Microsoft assessment is that the group does not always deploy ransomware. It may also extort using only exfiltrated stolen data.
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
Research
Check Point Research published its Brand Phishing Report for Q3 2022. The report highlights the brand’s criminals most frequently imitated in their attempts to steal individuals’ personal information or payment credentials during July, August and September. DHL took the top spot in Q3, accounting for 22% of all phishing attempts worldwide. Microsoft is in second place (16%), and LinkedIn has fallen into third, making up just 11% of scams, compared to 52% in Q1 and 45% in Q2.
Dragos published its industrial ransomware analysis for Q3 2022. Ransomware continues to be one of the most threatening financial and operational risks to industrial organizations worldwide during the third quarter of 2022. Dragos is aware of multiple new ransomware groups targeting industrial entities during Q3, like SPARTA BLOG, BIANLIAN, Donuts, ONYX, and YANLUOWANG.
Dragos is aware of 128 ransomware incidents in the third quarter of 2022 compared to 125 in the previous quarter. The Lockbit ransomware family accounted for 33% and 35%, respectively, of the total ransomware incidents that target industrial organizations and infrastructures in the last two quarters, as the group added new capabilities in its new Lockbit 3.0 strain.
Sophos published a new sectoral survey report, “The State of Ransomware in Manufacturing and Production.” It found that the sector had the highest average ransom payment across all sectors—$2,036,189 versus $812,360, respectively. 66% of manufacturing and production organizations surveyed reported an increase in the complexity of cyber attacks, and 61% reported an increase in the volume of cyber-attacks compared to the previous year’s survey. The increase in complexity and volume is also 7% and 4% higher than the cross-sector average, respectively.
