Last week Enterprise Times spoke with Jack Chapman, VP of Threat Intelligence, Egress, about the company’s Email Security Risk report. It was not the only report published, with others coming from Avast, Check Point Software, Ivanti, NICE and Privacera. There were also product announcements from 11:11 Systems, Logpoint, Microsoft and Sophos
11:11 Systems
11:11 Systems announced the general availability of 11:11 Managed Backup for Cohesity, a fully managed service for on-premises data protection. Combining Cohesity’s solution deployed onsite with 11:11’s onboarding, configuration and ongoing management, customers get comprehensive protection from a secure, scalable backup offering in a single, seamless solution. In a ransomware attack, customers can quickly recover at scale.
Justin Giardina, CTO of 11:11 Systems, commented, “A growing number of organizations want a turnkey backup-as-a-service solution. For businesses facing rapid growth and expansion, a lack of hardware or internal resources, and the looming risk of data loss due to cybercrime, 11:11 Managed Backup for Cohesity can address these challenges while saving on costs. The powerful combination of 11:11 and Cohesity offers a scalable solution for customers looking for the benefits of fully managed onsite data protection.”
Avast
The Avast Q4/2022 Threat Report shows monthly threats increased by 11.1% in Q4 compared to Q3 in the UK.
Jakub Kroustek, Avast Malware Research Director, commented, “At the end of 2022, we have seen an increase in human-centered threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cybercriminals succeed.
“When people face surprising pop-up messages or emails, we recommend they stay calm and take a moment to think before they act. Threats are so ubiquitous today that it’s hard for consumers to keep up. It is our mission to help protect people by detecting threats and alerting users before they can do any harm, using the latest AI-based technology.”
There was an increase in tech support scams especially affecting the United States, Brazil, Japan, Canada, and France. Refund and invoice fraud rose 14% from October to November 2022 and another 22% in December.
Avast researchers saw a significant increase of 600% of the Arkei information stealer in the UK, which steals data from browsers’ autofill forms, passwords and other sources. A 57% increase in people and businesses protected against AgentTesla, a strain of malware that often spreads through phishing emails to businesses and is designed to steal credentials. A 37% increase in RedLine stealer, which often spreads in cracked games and services, stealing information from browsers and crypto wallets.
Avast researchers in the quarter also discovered two sophisticated zero-day exploits. Avast protected its users as both were exploited in the wild. The first, CVE-2022-3723, was a type confusion in V8 and used to do a ‘get Remote Code Execution’ (RCE) against Google Chrome.
Check Point Software Technologies
Check Point Software Technologies Ltd published its Global Threat Index for February 2023. February saw Remcos Trojan return to the top ten list for the first time since December 2022. Threat actors reported using it to target Ukrainian government entities through phishing attacks. Emotet Trojan and Formbook Infostealer ranked second and third, respectively, while Education/Research remained the most targeted industry.
Despite researchers identifying a 44% decrease in the average number of weekly attacks per organization between October 2022 and February 2023, Ukraine remains a popular target for cybercriminals following the Russian invasion. In the most recent campaign, attackers impersonated Ukrtelecom JSC in a mass email distribution, using a malicious RAR attachment to spread the Remcos Trojan, which has returned to the top malware list for the first time since October 2022.
Maya Horowitz, VP of Research at Check Point Software, commented, “While there has been a decrease in the number of politically motivated attacks on Ukraine, they remain a battleground for cybercriminals.
“Hacktivism has typically been high on the agenda for threat actors since the Russo-Ukrainian war began, and most have favored disruptive attack methods such as DDoS to garner the most publicity. However, the latest campaign used a more traditional route of attack, using phishing scams to obtain user information and extract data.
“It’s important that all organizations and government bodies follow safe security practices when receiving and opening emails. Do not download attachments without scanning the properties first. Avoid clicking on links within the body of the email and check the sender address for any abnormalities such as additional characters or misspellings.”
The report highlights the top three: Malware families, Attacked industries, exploited vulnerabilities and mobile malware.
Dragos
Dragos published its latest Knowledge Pack. It lists newly disclosed vulnerabilities in over 800 products from vendors, including Siemens, Mitsubishi Electric, Weidmueller, SAUTER Controls, and Baicells. Over 280 characterizations and 560 detections are included in KP-2023-002 for customers running Dragos Platform 2.x.
Europol
On 28 February 2023, the German Regional Police (Landeskriminalamt Nordrhein-Westfalen) and the Ukrainian National Police (Націона́льна полі́ція Украї́ни), with support from Europol, the Dutch Police (Politie) and the United States Federal Bureau of Investigations (FBI), targeted suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware.
German authorities are aware of 37 victims of this ransomware group, all companies. One of the most serious attacks was perpetrated against the University Hospital in Düsseldorf. In the US, victims paid at least 40 million euros between May 2019 and March 2021.
Authorities arrested individuals in Germany and Ukraine, and several pieces of equipment are being analysed.
Ivanti
Ivanti announced the results of its Government Cybersecurity Status Report. Ivanti worked with cybersecurity experts and surveyed more than 800 government workers globally to understand the attitudes and actions of government workers related to cybersecurity.
The report revealed that hybrid work has opened up yet another frontier of vulnerability. 70% of government workers report they work virtually at least some of the time. The proliferation of devices, users, and locations adds complexity and new vulnerabilities for government security teams to tackle – while also combatting increasingly sophisticated threat actors.
With generative AI making phishing emails increasingly more realistic, the human-sized gaps in cybersecurity are placing government agencies and organizations at increased risk of a successful ransomware attack. Also, 5% of government workers have fallen victim to phishing attempts by clicking a link or sending money.
According to the report, a “not my job” attitude is contributing to the security risk for the public sector:
- 34% of government employees do not believe their actions impact their organization’s ability to stay safe
- 17% don’t feel safe reporting security mistakes they’ve made to the cybersecurity team
- 36% did not report a phishing email they received at work
- Alarmingly, 21% don’t care if their organization gets hacked
Srinivas Mukkamala, Chief Product Officer at Ivanti, said, “We are in a state of urgency when it comes to securing critical infrastructure, along with public sector employees and the extremely sensitive data they have access to.
“Government leaders around the world have recognized this urgency and are taking steps to combat ransomware, misinformation, and to protect their critical assets and infrastructure. If we don’t focus on cybersecurity as a team effort and provide proactive security measures that enable a better employee experience, security teams and governments will continue to face an uphill battle.”
Logpoint
Logpoint has launched AgentX, an endpoint agent for Windows, Linux, MacOS, and Cloud deployments. AgentX gathers telemetry and adds interrogation, compliance checks, and vulnerability management capabilities to Logpoint’s security operations platform, converging SIEM, SOAR, and UEBA technologies, to improve overall security posture significantly.
Christian Have, Logpoint CTO, said, “Our vision is to drive accelerated detection and response to threats. Adding AgentX to our platform changes the paradigm from log-collection to observability and interrogation to action-driven response. AgentX expands the visibility of our security operations platform. Analysts can detect and respond to threats from a single console with end-to-end playbooks, analytics and use-cases shipped for common threats and techniques.
“The compliance capabilities that AgentX offers solve two of the main challenges compliance and security teams face today. First, identifying critical events for compliance reporting and monitoring. Second, knowing if and when a device enters a non-compliance state.”
Microsoft
In a blog by Tulika Gupta, Senior Product Marketing Manager, Strategic Partnerships and Integrations, Adobe, Microsoft revealed the availability of Microsoft Purview Information Protection. It helps organizations discover, identify, classify, and protect sensitive data that is business critical and then manage and protect it across their digital estate.
Adobe and Microsoft introduced new functionality at Microsoft Ignite in October 2022 that brings the same classification, labelling, and protection already available to Microsoft Word documents, Excel spreadsheets, and PowerPoint presentations to the PDF file format through Acrobat Desktop.
For Acrobat Pro or Standard users with a Microsoft 365 E3 or higher subscription, the Protect tool can access information protection within Adobe Acrobat. The “Select a Microsoft Sensitivity label” option can apply a sensitivity label. The sensitivity label dialogue box displays a list of labels already configured in the Microsoft Purview Compliance Portal, ensuring consistency across Microsoft 365 apps and Acrobat. Each sensitivity label can include headers, footers, and watermarks to visually indicate the applied label.
NICE
NICE released “The 2023 NICE Actimize Fraud Insights Report,” which delves deeply into the banking and payments landscape and uncovers the most pressing threats and patterns impacting financial institutions.
From 2021 to 2022, attempted fraud transactions skyrocketed by 92%, and attempted fraud amounts soared by 146%. This alarming trend highlights two key points: first, there is a dramatic increase in overall transaction volumes, and second, fraudsters are becoming bolder and targeting higher fraud amounts.
The report also stated that fraud is not limited to one specific channel; it’s a complex, multi-channel threat shaped by digital transformation, changing consumer behaviours and shifting fraud patterns. It also estimated that the absolute amount of Attempted Authorized Payments Fraud overtook Account Takeover Fraud amounts with a 45.9% year-over-year increase from 2021 to 2022.
59% of new account fraud is mule related, and most of these accounts demonstrate mule characteristics within 30 days, indicating that fraud is being conducted almost instantly. Money is typically moved in a mule network within two hours before it’s completely gone, exiting the account within 12 hours.
Craig Costigan, CEO of NICE Actimize, commented, “Fraudsters are leveraging faster payments innovation to conduct sophisticated scams involving money mules who transfer funds away from the FI—funds that are often unrecoverable.
“As the digital landscape evolves, so do fraudsters’ tactics. The threats identified in our report are a glaring reminder of the ever-present risk that looms over digital channels and payments. Financial institutions must fortify their defenses, and review digital channel controls, to stay ahead of new and emerging threats.”
Noname Security
CompuNet has joined the Noname, Unnamed Partner Program.
Colleen Tillman, Director of Sales at CompuNet, commented, “CompuNet has been partnering with our customers to design and build effective security solutions around data security, identity access management, applications security, web and email security. We have been consulting with our customers leveraging a variety of security frameworks as well as industry best practices to guide them on their journey to a mature security posture.
“CompuNet takes pride in designing tailored solutions to solve complex problems for our clients. We are thrilled to partner with Noname, as we believe that our clients deserve the best security solutions and IT services. With Noname’s expertise in API security and CompuNet’s IT services, we are confident that our clients will experience improved protection for their information and systems.”
Privacera
Privacera released new research highlighting 2023 data security governance (DSG) trends and how organisations plan to address challenges over the coming months. The key findings included:
- 74% said their need for a scalable DSG strategy would increase substantially over the year
- 54% plan on investing more in 2023 and beyond on a scalable DSG strategy
- 40% plan to increase their budgets by 16%-30% this year
76% also shared that their organization is investing in processes and technologies that help automate data governance and broader compliance initiatives to stay ahead of regulatory requirements. The top priorities for respondents are:
- Protecting all data assets within the organization – 81%
- Assessing risk level and implementing mitigation strategies – 64%
- Reducing time to insights/analytics through appropriate data access policies – 58%
Balaji Ganesan, CEO of Privacera, commented, “While it is vital to build a strategy around how data is collected and consumed, there also need to be processes in place to support secure access. Tackling data access to sensitive data is a vital piece of the puzzle when it comes to data governance.
“DSG helps streamline the process with workflows that route requests to the right people and grant access once approved, taking pressure off the data team, empowering data owners, and ensuring everything is monitored and governed.”
“Data governance not only reduces business risk but can also improve operational efficiency and drive business growth. For example, respondents shared that DSG is helping their organization with business goals such as revenue or customer growth, customer experience, and R&D/product innovation.”
Sophos
Sophos announced a range of new security products extending its industry-leading endpoint security offerings. They include:
- Adaptive active adversary protection: Sophos Intercept X immediately enables heightened defences when it detects a “hands-on-keyboard” endpoint intrusion.
- Linux malware protection enhancements: On-access malware scanning and quarantine capabilities improve real-time prevention of security incidents within Linux operating environments.
- Account health check: Intuitive, real-time health check monitoring of security configurations and policy settings with the ability to automatically return to recommended settings in a single click, optimizing security posture and enabling organizations to promptly re-establish security best practices.
- Integrated ZTNA agent for Windows and macOS devices
- A new lightweight agent sees a 40% reduction of its memory footprint and an increase in processing power
Raja Patel, senior vice president of products at Sophos, said, “Ransomware remains one of the most prevalent and damaging cyberthreats to organizations, with Sophos incident responders still consistently remediating ransomware activity worldwide.
“Now isn’t the time for organizations to let their guard down because of any perceived reduction in attacks; in fact, they should be strengthening defences as attacks are now more intricate and difficult to detect, requiring advanced security techniques that can sense and then quickly adapt to better protect themselves.
“Sophos endpoint security is widely recognized as the industry gold standard, and we’re consistently innovating our market-leading, intelligent endpoint technologies to keep organizations ahead of unrelenting attackers.”