Last week reports on cybersecurity were published by Corero, Ivanti, Secureworks and Sophos. The latter revealed that cybercriminals are taking advantage of the ChatGPT hype. Veeam and GrounLabs announced appointments with two familiar faces. IBM also announced another acquisition as it looked to strengthen its Guardium family of data security products
Check Point Software Technologies
Check Point Software Technologies Ltd announced the general availability of its industry-leading Next-Generation Cloud Firewall natively integrated with Microsoft Azure Virtual WAN to provide customers with top-notch security. The integration provides advanced threat prevention and multi-layered network security across public, private and hybrid-clouds. It will enable businesses to confidently migrate to Azure with maximum operational efficiency. CloudGuard will provide the following benefits:
- Industry-leading threat prevention
- Cloud-native and integrated security
- Greater operational efficiency and simplicity
TJ Gonen, VP of Cloud Security at Check Point Software Technologies, said, “Cloud computing allows companies to add onto their cloud workloads in seconds, and they need security that is agile, reduces complexity, and is focused on prevention-first. We are proud to collaborate with Microsoft to provide Azure Virtual WAN customers with the integrated protection of CloudGuard Network Security, powered by AI, to secure their cloud instances against any advanced threats, bolstering their digital transformation with confidence.”
Reshmi Yandapalli, Principal Product Manager at Microsoft, commented, “Microsoft Azure Virtual WAN is a network-as-a-service that provides customers with a range of benefits simplifying networking, security and routing functionalities to drive scalability, cost savings and improved performance.
“The native integration between Azure Virtual WAN and Check Point CloudGuard (generally available) enhances and complements Azure Virtual WAN security, offering our customers centralized security in an intuitive and simple offering through the Azure Marketplace.”
Corero published its annual DDoS Threat Intelligence Report. The report revealed a 300% increase in carpet bomb DDoS attacks. Legacy detection techniques often fail to accurately identify these attacks, leading to incomplete mitigation or false positives. Other key findings included:
- There were over seven times as many Mirai-like DDoS attacks in 2022 than in 2021. These botnet attacks are difficult to mitigate and can cause significant damage to businesses.
- Twice as many DDoS attacks targeting DNS (Domain Name System) services in 2022 than in 2020. This attack vector has become popular as an easy way for attackers to disrupt communications to and from websites, internet-connected devices, and applications.
Ashley Stephenson, CTO of Corero Network Security, said, “We continue to see significant changes in the global DDoS attack landscape, with increased attack volume, frequency and variation. The exponential rise of ‘carpet bomb’ attacks presents a triple threat as they evade, neutralize, or overload traditional DDoS protections.”
Ground Labs has appointed Don Kaye as chief operating officer and chief commercial officer. Kaye served as Ground Labs’ chief revenue officer from 2019 through 2021.
Stephen Cavey, Ground Labs co-founder and chief evangelist, commented, “Don’s vast knowledge and experience, combined with his proven understanding of the data privacy, data security and data management landscape, will contribute significantly to Ground Labs’ leadership team. His operational and revenue leadership acumen will play a critical role as we continue to grow and scale in 2023 and beyond.”
IBM has acquired Polar Security, an innovator in technology that helps companies discover, continuously monitor and secure cloud and software-as-a-service (SaaS) application data – and addresses the growing shadow data problem. Terms were not disclosed.
Founded in January 2021, Polar Security is a pioneer of data security posture management (DSPM) – an emerging cybersecurity segment that reveals where sensitive data is stored, who has access to it, how it’s used, and identifies vulnerabilities with the underlying security posture, including with policies, configurations, or data usage. IBM plans to integrate Polar Security’s DSPM technology within its Guardium family of leading data security products.
In a LinkedIn post, Guy Shanny, co-founder and CEO, wrote, “What a crazy week it’s been…exciting times! Polar Security has been acquired by IBM and joining forces with the fantastic IBM Guardium family to provide a next generation data security platform.”
Ivanti has published the Ransomware Index Report jointly with Securin and Cyware. It reveals that Ransomware attacks are rising, with attackers targeting over 7,000 products across 121 vendors used by enterprises for their operations. In March 2023, the total number of breaches reported was higher than those reported in the previous three years combined. Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims.
The key findings included:
- In Q1 2023, 12 new vulnerabilities have become associated with ransomware.
- The complete MITRE ATT&CK kill chain is present in 59 vulnerabilities; two vulnerabilities are brand new.
- Popular scanners do not detect 18 vulnerabilities associated with ransomware, exposing enterprises to significant risks.
- Open-source vulnerabilities have increased, with 119 ransomware-associated vulnerabilities now present in multiple vendors and products. This is an extremely pressing concern since open-source codes are used widely in many tools.
- Two APT groups have newly begun using ransomware as a weapon of choice, including DEV-0569 and Karakurt, bringing the overall number of APT groups capitalizing on ransomware to 52.
Aaron Sandeen, CEO and Co-founder of Securin, said, “We keep hearing from our customers across all industries how mitigating risk is in their top three priorities, and when we juxtapose it with our research findings, we find the risks escalating every quarter. Shortages in security talent and tightening IT budgets constrict enterprises from facing these challenges head-on. The safety of both private and public organizations depends on addressing this challenge across all fronts.
“For years now, we’ve warned our customers about vulnerabilities ignored by software manufacturers and repositories like the NVD and MITRE. Our predictive threat intelligence platform has been able to warn customers of threats long before they were actively adopted by the ransomware gangs currently plaguing organizations across the globe.”
Nethone has gained SOC (System and Organization Controls) 2 Type 2 attestation. The company, therefore, is now fully SOC 2 standard compliant.
Mark Burton, Chief Technology Officer at Nethone, commented, “We are delighted to be able to offer our customers the additional reassurance of knowing that we have achieved SOC2 type 2 attestation in addition to ISO27001, demonstrating our commitment to ensure that Nethone meets the very highest standards of security and privacy.”
Secureworks Counter Threat Unit (CTU) has revealed a thriving infostealer market that serves as a key enabler for the most damaging forms of cybercrime, such as ransomware attacks, In its latest report. “The Growing Threat From Infostealers” reveals that infostealer malware, which consists of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and marketplaces.
The volume of logs, or collections of stolen data, available for sale increasing at alarming rates. The overall growth of the Russian Market was 670% between June 2021 and May 2023.
Don Smith, VP of Secureworks CTU, commented, “Infostealers are a natural choice for cybercriminals who are looking to rapidly gain access to businesses and then monetize that access,” said “They are readily available for purchase, and within as little as 60 seconds generate an immediate result in the form of stolen credentials and other sensitive information.
“However, what has really changed the game, as far as infostealers are concerned, is improvements in the various ways that criminals use to trick users into installing them such as fake messaging apps and cloned websites. That, coupled with the development of dedicated marketplaces for the sale and purchase of this stolen data, makes it even harder for victims to detect and remove infostealers.”
“What we are seeing is an entire underground economy and supporting infrastructure built around infostealers, making it not only possible but also potentially lucrative for relatively low-skilled threat actors to get involved. Coordinated global action by law enforcement is having some impact, but cybercriminals are adept at reshaping their routes to market.
“Ensuring that you implement multi-factor authentication to minimize the damage caused by the theft of credentials, being careful about who can install third-party software and where it is downloaded from, and implementing comprehensive monitoring across host, network and cloud are all key aspects of a successful defense against the threat of infostealers.”
Sophos announced it had uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users and bring in thousands of dollars monthly. In Sophos X-Ops’ latest report, “’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” these apps have popped up in both the Google Play and Apple App Store, and, because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users into signing up for a subscription that can cost hundreds of dollars a year.
Sean Gallagher, principal threat researcher at Sophos, stated, “Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT.
“These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment.”
Veeam Software appointed Shiva Pillay as the new General Manager and Senior Vice President of Americas for Veeam. Pillay was the Veeam General Manager & Senior Vice President for Asia Pacific and Japan (APJ) at Veeam. He joined the company in 2018. He successfully led sales, channels and alliances, and regional pre-sales during this time.
John Jester, chief revenue officer (CRO) at Veeam, said, “Shiva has been an extraordinary member of our leadership team at Veeam. He understands what drives our employees, pushes our partners to mutual success, and the evolution of our customers’ needs. The Americas is a pivotal region for Veeam, and I’m confident that under Shiva’s leadership will maintain its strong growth trajectory and accelerate enterprise presence as we strive to keep businesses running and build a safer, more secure future with the new Veeam Data Platform.”