NIBS (credit image/Pixabay/ Ryan McGuire)Last week Protegrity made two changes in its senior leadership team. Dante Malagrinò, previously Chief Technology Officer, has been appointed Chief Product Officer. Mimecast and WSO2 also announced a new appointment. Several reports by Avast, ESET, and Sophos were published

Avast

Avast published its Q2 Threat Report. It found that over 75% of all threat detections on desktops were attributed to scams, phishing, and malvertising. Phishing accounted for 25% of all threats in Q2. Data for the quarter, April through June 2023, also showed a significant increase in overall cyber risks, with an increase of 24% in unique attacks blocked over the previous period, the highest risk seen in three years.

Jakub Kroustek, Avast Malware Research Director, commented, “Our findings signify a marked shift in the cybersecurity landscape. Not only are the number of threats some of the highest on record, but malicious actors are also turning more to psychological manipulation more often than traditional techniques of malware attacks. This results in the need for our security to adapt but also the need for people to better understand scams and educate themselves as an additional layer of defense.”  

While adware showed a decline in prevalence in Q2 over the previous quarter, it persists across desktop, mobile, and browser platforms. One notable example is the HiddenAds campaign, an adware threat attached to well-known gaming applications which garnered tens of millions of downloads during its app store reign.

Ransomware remained an ongoing concern in Q2 of 2023. Despite a slight decline in prevalence, ransomware authors persist in targeting victims, relying increasingly on targeted attacks and exploits to penetrate company networks.

Check Point Software Technologies

Check Point Software Technologies Ltd signed a definitive agreement to acquire Perimeter 81, a pioneering Security Service Edge (SSE) company. With this acquisition, Check Point will help organizations accelerate the adoption of secure access across remote users, sites, the cloud, datacentres, and the internet, all while aiming to deliver the most secure and fastest SSE solution in the market. Under the terms of the agreement, Check Point will acquire Perimeter 81 for approximately $490 million on a cash-free, debt-free basis.

Gil Shwed, CEO at Check Point Software Technologies, said, “With the advent of hybrid work and the rise of cloud transformation, the demand for security services that expand beyond the network perimeter is increasing. By leveraging Perimeter 81´s capabilities and integrating them into the Check Point Infinity platform, we continue with our vision to deliver the best security through comprehensive, collaborative and consolidated solutions.”

Dragos

Dragos announced a partnership with Amazon to allow customers to acquire the Dragos Platform from the  AWS Marketplace. There is now support for Dragos SiteStore and Dragos CentralStore on the AWS cloud.

Dynatrace

Dynatrace announced the introduction of Security Analytics, a new Dynatrace platform solution designed to help organizations better defend against threats to their hybrid and multi-cloud environments.

Dynatrace Security Analytics leverages Davis AI, which combines predictive and causal AI techniques to provide security analysts with the precise answers and data context they need to prioritize and investigate threats and vulnerabilities. Later this year, Security Analytics will also include generative AI capabilities as part of Dynatrace’s planned expansion to provide a hypermodal AI offering through Davis.

Steve Tack, SVP of Product Management at Dynatrace, said, “In today’s rapidly evolving threat landscape, organizations face an unprecedented risk of cyberattacks that can wreak havoc on their operations and customers’ trust.

“With Dynatrace Security Analytics, analysts can quickly investigate and verify what happened and leverage observability and security data in full context to analyze and take proactive action to strengthen defenses. Combining these new security analytics with our platform’s other application security capabilities enables our customers to successfully deliver digital transformation with the confidence that their hybrid and multi-cloud environments are well protected.”

ESET

ESET Research has discovered a new cyberespionage group, MoustachedBouncer. It is named after its presence in Belarus and is aligned with the interests of the local government. Active since at least 2014, the group targets only foreign embassies, including European ones, in Belarus.

Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level within Belarus to compromise its targets. The group uses two separate toolsets that ESET has named NightClub and Disco.

According to ESET telemetry, the group targets foreign embassies in Belarus. ESET has identified four countries whose embassy staff have been targeted: two from Europe, one from South Asia, and one from Africa.

While ESET Research tracks MoustachedBouncer as a separate group, it has found elements that make ESET assess with low confidence that it is collaborating with another active espionage group, Winter Vivern, which has targeted government staff of several European countries, including Poland and Ukraine, in 2023.

ESET researcher Matthieu Faou, who discovered the new threat group, said, “This adversary-in-the-middle technique occurs only against a few selected organizations, perhaps just embassies, not countrywide. The AitM scenario reminds us of the Turla and StrongPity threat actors, who have trojanized software installers on the fly at the ISP level.

“While the compromise of routers in order to conduct AitM attacks on embassy networks cannot be fully discarded, the presence of lawful interception capabilities in Belarus suggests the traffic mangling is happening at the ISP level rather than on the targets’ routers.

“The main takeaway is that organizations in foreign countries where the internet cannot be trusted should use an end-to-end encrypted VPN tunnel to a trusted location for all their internet traffic in order to circumvent any network inspection devices. They should also use top-quality, updated computer security software.”

Fortra

Fortra announced new integrations for its offensive security solutions that streamline vulnerability management, penetration testing, and red teaming capabilities. Working together, the solutions apply the same techniques threat actors use to identify and exploit gaps in an organization’s security. With this proactive security approach, customers can find and fix weaknesses in their security posture before they are exploited.

Mark Bell, Managing Director Infrastructure Protection at Fortra, commented, “Proactively seeking out your own security weaknesses has become essential to stay ahead and reduce risks. Like the old saying goes, ‘to catch a criminal, you must think like a criminal,’ and that is exactly what an offensive security approach does—before customers are exploited.

“Fortra’s goal is to offer customers the very best protection, in the most streamlined and easy-to-implement way. The interoperability of these solutions removes complexity for customers, improving their efficiency and expediting remediation. The layered approach combines the strengths of each solution for more complete security assessment, testing and management.”

Fortra has five configurations for an enhanced security stance and centralized control:

  • Essentials – Combines Fortra’s Frontline VM with Core Impact
  • Advanced – Combines Core Impact and Cobalt Strike
  • Elite – Combines Frontline VM, Core Impact, and Cobalt Strike
  • Red Team – Integrates seamlessly into Cobalt Strike’s flexible command and control framework, Outflank Security Tooling extends a company’s red teaming capabilities
  • Advanced Red Team – Combines Core Impact, Cobalt Strike and Outflank Security Tooling to safely evaluate security gaps, defences and security strategies using the same tactics as today’s threat actors.

LastPass

LastPass announced the availability of FIDO2 authenticators, including biometrics, fingerprint or face ID, and hardware keys, for its Passwordless Login solution. This innovation allows LastPass customers to experience a seamless passwordless login to their vaults with the added security of FIDO2’s open authentication standard hosted by the FIDO Alliance, the widely adopted standard for many authentication and passwordless technologies.

Karim Toubba, CEO of LastPass, said, “LastPass is proud to continue leading the charge towards a passwordless future, first by eliminating most passwords from daily life and today by offering even greater security and authority in our passwordless solution.

“Not only does meeting the FIDO2 compliance standard provide our customers with the industry standard for security and a simplified login experience, but it also promises them greater authentication choices, seamlessly – contributing to better password hygiene, higher adoption, less time and money wasted on resolving lockouts, and a stronger overall security posture.”

Microsoft

Microsoft announced new advanced multi-cloud posture management capabilities for Google Cloud Platform (GCP) in Microsoft Defender for Cloud to help customers proactively prevent breaches across multi-cloud and hybrid environments.

Microsoft Defender for Cloud became the first cloud provider to offer multi-cloud workload protection for cloud infrastructure, applications, and data across the full lifecycle for all three public clouds.

On August 15, 2023, Defender CSPM will extend its advanced agentless scanning, data-aware security posture, cloud security graph, and attack path analysis capabilities to GCP, providing a single contextual view of cloud risks across Amazon Web Services (AWS), Azure, GCP, and hybrid environments.

Cloud Security Manager, Mercedes-Benz Group AG, said, “We chose Microsoft Defender for Cloud as our CNAPP because of the robust, intelligent end-to-end cloud security it provides with proactive CSPM and in protecting our cloud workloads. We’ve already been impressed with the value of Microsoft’s cloud workload protection, so it was an easy choice to also use Defender CSPM.

“Its agentless scanning allows us to quickly gain insights about our VMs, storage accounts, and containers, and attack path analysis with its contextual insights helps us prioritize and remediate risks. Defender for Cloud is critical in further helping our security teams save time to focus on preventing security incidents and give us peace of mind by knowing we have security across the application lifecycle.”

Mimecast

Mimecast has appointed James Morgan as its Senior Vice President for the EMEA region. Morgan will be responsible for the EMEA GTM strategy, leading internal teams and working with regional partners to help organisations safeguard their data, people and communications.

David Helfer, Chief Revenue Officer, Mimecast, commented, “We are excited to have James join our EMEA team. His channel expertise will help us strengthen relationships with both existing and prospective partners and provide the right solutions for them and their customers. The three decades worth of experience he brings will be a huge benefit to our company as we continue to execute on our channel strategy.”

Privacera

Privacera achieved recertification for SOC 2 Type 2 Compliance, which means Privacera complies with System and Organization Controls as defined by the American Institute of Certified Public Accountants.

Balaji Ganesan, CEO and co-founder at Privacera commented, “Earning the SOC 2 Type 2 recertification is a testament to our unwavering commitment to the security and privacy of our customers’ data.

“Privacera understands the critical importance of protecting and governing sensitive information in today’s data-driven landscape. This recertification underscores our dedication to providing the most robust and trustworthy data security and governance solutions to our clients.”

Sophos

Sophos published a report titled  “Clustering Attacker Behavior Reveals Hidden Patterns.” It revealed the connections between the most prominent ransomware groups in 2023, including Royal.

Sophos X-Ops investigated four different ransomware attacks, one involving Hive, two by Royal, and one by Black Basta, and noticed distinct similarities between the attacks. Despite Royal being a notoriously closed-off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities.

Andrew Brandt, principal researcher, Sophos, commented, “Because the ransomware-as-a-service model requires outside affiliates to carry out attacks, it’s not uncommon for there to be crossover in the tactics, techniques, and procedures (TTPs) between these different ransomware groups. However, in these cases, the similarities we’re talking about are at a very granular level.

“These highly specific, unique behaviors suggest that the Royal ransomware group is much more reliant on affiliates than previously thought. The new insights we’ve gained about Royal’s work with affiliates and possible ties to other groups speak to the value of Sophos’ in-depth, forensic investigations.

“While threat activity clusters can be a stepping stone to attribution, when researchers focus too much on the ‘who’ of an attack, then they can miss critical opportunities for strengthening defenses. Knowing highly specific attacker behavior helps managed detection and response teams react faster to active attacks. It also helps security providers create stronger protections for customers.

“When protections are based on behaviors, it doesn’t matter who is attacking—Royal, Black Basta, or otherwise—potential victims will have the necessary security measures in place to block subsequent attacks that display some of the same distinct characteristics.”

Tenable

Tenable launched ExposureAI, which has new generative AI capabilities and services across the Tenable One Exposure Management Platform. It also introduced Tenable  Exposure Graph, a scalable data lake, Powered by Snowflake that fuels the ExposureAI engine.

Tenable ExposureAI provides three new categories of generative AI-based preventive security capabilities that are foundational to exposure management programs:

  • Search – enables security teams to ask questions using natural language search queries to analyze assets and exposures across their environments, understand relevant contextual information and prioritize remediation efforts
  • Explain – provides specific mitigation guidance that leverages Tenable’s unrivalled exposure data to provide security teams with clear visibility and succinct analysis of complex attack paths, specific assets or security findings.
  • Action – delivers actionable insights and recommended actions based on the highest impact exposures, empowering security teams to proactively address risks and reduce their organization’s overall exposure.

Glen Pendley, Chief Technology Officer, Tenable, commented,  “For years, Tenable has used its market-leading vulnerability management data and applied AI techniques to help organizations prioritize vulnerabilities based on true risk to the business. AI is a part of our DNA. Now we’re using generative AI to put more power than ever in the hands of security teams to inform their exposure management programs and root out cyber risk wherever it exists.”

Trend Micro

Trend Micro announced its Q2 fiscal 2023 results. It delivered the 99th profitable quarter. Eva Chen, Trend Micro CEO and co-founder commented, “While organizations worldwide battle decreasing resources and consistent cyber threats, we are focused on meeting one of their biggest cybersecurity needs: risk visibility.

“ Innovations in generative AI and our cybersecurity platform allow organizations to simplify their security and reduce risk, which we now see happening more frequently.”

Key figures included:

  • Consolidated net sales of 60,831 million Yen (or US $442 million, 137.61 JPY = 1USD), up 11% YoY
  • operating income of 8,639 million Yen (or US $62 million)
  • Increase of 23% in enterprise annual recurring revenue (ARR), totalling more than US$722 million
  • Increase of 8% to 436,000 active subscription customers
  • Increase of 22% year-over-year (YoY), totalling over 71 million+ enterprise assets protected

Trend Micro also shared more details of its ongoing commitment to protect global customers worldwide from emerging AI threats.

Jon Clay, VP of threat intelligence at Trend: “AI tools like ChatGPT are taking the world by storm, but the technology is already being used by opportunistic threat actors to take advantage of gaps in enterprise security. Trend is leading the way globally in mitigating these threats through a prolific output of groundbreaking research and its own use of AI to supercharge both ASRM and XDR.”

Trend successfully blocked 73 billion threats for its global customer base in the first half of 2023, marking a 16% year-on-year increase. Those figures illustrate the growing power of its threat detection capabilities and the sheer scale of today’s threat landscape.

At Black Hat 2023, Trend Micro also revealed that its Zero Day Initiative program has published advisories addressing over 1000 unique vulnerabilities in 2023. The real-world impact if these vulnerabilities were weaponized would amount to time and financial losses of over 10 times the cost of prevention.

Kevin Simzer, COO at Trend, said, “Our proactive investment of millions each year into vulnerability research and purchases saves billions in recovery for both our customers and the industry as a whole,” said “A concerning trend is being documented of companies lacking transparency around vulnerability disclosure vendor patching, which pose a threat to the security of the digital world.”

WSO2

WSO2 announced that Nina Hargus had joined the WSO2 board of directors. Nina brings more than three decades of experience in growing and transforming companies. Most recently, she served as CMO and head of strategy at Virtustream, a Dell company, following CMO roles at EMC and VCE.

Dr Sanjiva Weerawarana, WSO2 founder and CEO, commented, “As enterprises accelerate their initiatives to become digitally driven businesses, we’re delivering a new generation of cloud-native solutions that empower them to rapidly innovate fresh digital experiences.

“We are thrilled to team with Nina, a widely recognized expert in marketing strategies that support company transformation and growth. As a board member, she will be instrumental in helping to evolve WSO2’s branding and ensure that marketing initiatives align with our broader business objectives.”

Security news from the week beginning 31st July 2023

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here