NIBS (credit image/Pixabay/ Ryan McGuire)Last week, low-code AI platform vendor Predibase released research looking at Large Language Model (LLM) adoption. The report offered some sober reading for those embracing or planning to embrace LLMs. Portkey.ai has announced a successful US$3 million seed funding round as it builds out its Large Language Model Ops (LLMOps) solution. Nethone has announced that it can now detect all VPNs and proxies to help reduce fraud.

Babel Street

Babel Street launched its latest AI modules powered by Rosette® Text Analytics. Babel Street acquired Rosette in December 2022, further solidifying the company’s commitment to leading-edge AI solutions for threat, identity, and enterprise intelligence.

The four modules include:

  • Match Identity: offers capabilities to match and transliterate entities, including names, organizations, and other data fields, with precision and accuracy, also enabling configuration and fine-tuning
  • Analyze language: enables identification of languages, words, sentences, lemmas, and parts of speech, ultimately facilitating comprehensive language analysis.
  • Extract and Link Information: empowers users to discover and link information, plus custom train models to gather relevant information
  • Interpret Content: assists users in extracting essential information to understand semantics, sentiments, and topics within the analyzed content.

Catherine Havasi, Chief of Innovation and Technology Strategy at Babel Street, said, “Organization leaders ultimately want peace of mind when it comes to decision-making for high-stakes situations in today’s complex, data-driven world. Our new AI-powered modules simplify the intricacies and experience of the decision-making process and enhance decision-making power with full transparency and explainability. This empowers our customers to operate with unprecedented efficiency, foresight, and security.”

Check Point

Check Point Research published its 2023 Mid-Year Security Report. The report uncovers an unsettling 8% surge in global weekly cyberattacks in the second quarter, the most significant increase in two years, highlighting how attackers have cunningly combined next-gen AI technologies with long-established tools like USB devices to conduct disruptive cyberattacks. The report also showcases how ransomware attacks have escalated in the first half of the year with new ransomware groups coming into the scene.

Key insights from the 2023 Mid-Year Security Report include:

  • Ransomware groups have stepped up their game, exploiting vulnerabilities in commonly used corporate software and shifting their approach from data encryption to data theft.
  • USB Devices have resurfaced as significant threats, with state-affiliated groups and cybercriminals deploying USB drives as vectors for infecting organizations globally.
  • Hacktivism has risen, with politically motivated groups launching attacks on selected targets.
  • Artificial Intelligence misuse has amplified, with generative AI tools used to craft phishing emails, keystroke monitoring malware, and basic ransomware code, calling for stronger regulatory measures.

Maya Horowitz, VP of Research at Check Point Software, commented, “Criminal activities have continued to rise in the first half of the year, with an 8% surge in global weekly cyberattacks in the second quarter marking the highest volume in two years. Familiar threats such as ransomware and hacktivism have evolved further, with threat groups modifying their methods and tools to infect and affect organizations worldwide. Even legacy technology such as USB storage devices, which have long been gathering dust in desk drawers, have gained popularity as a malware messenger.

“Organizations need to build a cyber resiliency strategy and strengthen their defenses by adopting a prevention-first, integrated approach to cyber security. Cyberattacks are inevitable but can be largely prevented by proactive measures and the right security technologies”.

ESET

ESET researchers have recently discovered and analyzed the Telekopye and Spacecolon toolset.

Telekopye

Telekopye is a toolkit that helps less technical people pull off online scams more easily. ESET estimates that Telekopye has been in use since at least 2015. Key findings included:

  • Telekopye is a toolkit that operates as a Telegram bot and helps less technical scammers trick their victims.
  • The toolkit targets online marketplaces, mainly those popular in Russia (but not exclusively – e.g., BlaBlaCar or eBay).
  • It has been uploaded to VirusTotal multiple times, primarily from Russia, Ukraine and Uzbekistan. These are the countries from which attackers usually operate and comprise the majority of targeted markets.
  • Telekopye creates phishing web pages from predefined templates, then generates and sends phishing emails and SMS messages.
  • According to ESET telemetry, this tool is still in use and active development.
  • ESET Research devised the name Telekopye as a combination of Telegram and kopye (копье), the Russian word for spear, due to the use of highly targeted (aka spear-) phishing.

Radek Jizba, ESET Researcher, said, “We discovered the source code of a toolkit that helps scammers so much in their endeavors that they don’t need to be particularly well versed in IT, instead they only need a silver tongue to persuade their victims. This toolkit is implemented as a Telegram bot that, when activated, provides several easy-to-navigate menus in the form of clickable buttons that can accommodate many scammers at once,” elaborates ESET researcher. “Victims of this scam operation are called Mammoths by the scammers. For the sake of clarity, and following the same logic, we refer in our findings to the scammers using Telekopye as Neanderthals.

“The easiest way to tell whether you are being targeted by a Telekopye scammer, or any other scammer, is by looking for anomalies, mistakes and discrepancies in the language used. Insist on in-person money and goods exchange whenever possible when dealing with secondhand goods on online marketplaces and avoid sending money unless you are certain where it will go,”

Spacecolon

ESET Research has released its analysis of Spacecolon, a small toolset used to deploy variants of Scarab ransomware to victims all over the world. Key findings included:

  • Spacecolon is a small toolset used to deploy variants of Scarab ransomware to victims worldwide, and ESET Research believes it is of Turkish origin.
  • Spacecolon’s operators, named CosmicBeetle by ESET, have no clear targeting, with the highest detections in European countries, Turkey, and Mexico.
  • Spacecolon can serve as a remote access trojan that can extract sensitive information and/or deploy Scarab ransomware.
  • CosmicBeetle probably compromises web servers vulnerable to the ZeroLogon or those with RDP credentials that it can brute force.
  • CosmicBeetle appears to be preparing the distribution of new ransomware that we have named ScRansom.

Jakub Souček, ESET researcher and author of the analysis, said, “We have not observed any pattern to Spacecolon’s victims besides them being vulnerable to the initial access methods employed by CosmicBeetle. Neither have we found any pattern among the targets’ areas of focus or size. However, to name a few (by type and geography), we have observed Spacecolon at a hospital and tourist resort in Thailand, an insurance company in Israel, a local governmental institution in Poland, an entertainment provider in Brazil, an environmental company in Turkey, and a school in Mexico,”

Logpoint

Logpoint published an analysis of the 8base ransomware group. It identified the group as a persistent and formidable adversary in the ever-changing landscape of cyber threats, targeting multiple sectors, especially small and medium-sized industries. The group appeared in March 2022, and since June, the activity level has increased significantly, putting the group in the top 5 most active.

Anish Bogati, Logpoint Security Research Engineer, said, “In general, small and medium-sized organizations are more likely to struggle with small security budgets and cybersecurity shortages, which is a dangerous cocktail when a ransomware group like 8base is coming for them. Small and medium-sized organizations, in particular, should familiarize themselves with 8base, and more importantly, ramp up on security measures to safeguard against it. Understanding the adversary is the key to devising better defensive strategies.”

“Small and medium-sized organizations must ensure capabilities that enable them to detect and respond to 8base activity at any stage of the infection. Proper logging, visibility of assets, and monitoring are essential to a robust cybersecurity strategy because they provide an overview of the network and help to detect anomalies like file dropped in publicly writable folders, modification of registry values and suspicious scheduled task that may indicate a security threat like 8base is at large.”

LRQA

LRQA announced the appointment of Ian Spaulding as its new Chief Executive Officer (CEO), effective 1 September 2023. Current CEO Paul Butcher has decided to step down and will support the organization in an advisory capacity to the board.

LRQA’s Chairman, Martin Blackburn, said, “As an experienced and successful CEO for more than ten years with ELEVATE, and a member of LRQA’s executive committee since ELEVATE was acquired by LRQA, Ian has a deep understanding of our business, clients and market. He is ideally placed to lead the continued execution of our strategy to become the leading global assurance partner in the market and to build on the growth that Paul has unlocked over the past five years. I am deeply grateful to Paul for his vision, leadership and energy during a time of rapid and ambitious transformation. I wish him the very best with his future plans.”

Ian Spaulding said, “As LRQA’s incoming CEO, I want to fundamentally help companies run better businesses. Assurance can help our clients connect the dots between their operations, meet international standards, give confidence to external stakeholders, and help anticipate business risks that haven’t even emerged yet. This is a new era of risk, one that is continuously evolving and expanding, and it’s time to future-proof your business. It will be an honor to help clients on that journey as CEO of LRQA, continuing the extraordinary work delivered by Paul to redefine the assurance market.”

Qualys

Qualys announced the publication of its inaugural Environmental, Social, and Governance (ESG) Report, showcasing its robust adherence to responsible business practices and sustainable operations.

The report covered four pillars:

  • Governance and Ethical Practices
  • Customer-Centric Approach
  • Team and Community Support
  • Sustainable Operations

Sumedh Thakar, president and CEO of Qualys, commented,  “Qualys’ ESG Report reflects our unwavering commitment to governance, environmental stewardship, and social responsibility.“By prioritizing ethical actions, we cultivate trust among customers, partners, and stakeholders, which is essential to our business strategy and long-term value creation. As we integrate ESG into the fabric of our business, we thank our team, customers, and board for shaping a secure world.”

Secureworks

Secureworks announced a new technology partnership with Akamai, the cloud company that powers and protects life online. The alliance between the companies will empower security operations teams with the data and intelligence needed to scale secure access in an era when a work-anywhere approach has led to identity becoming the new perimeter.

The first phase of the alliance is now live with the integration between Secureworks Taegis and Akamai Enterprise Application Access (EAA), a zero-trust network access (ZTNA) solution. For mutual customers, telemetry from EAA is infused with additional context from Secureworks Threat Intelligence so that customers can make informed decisions about access to applications and systems. As new alerts are introduced, they can be correlated with data from across the infrastructure, then prioritized and responded to quickly and efficiently.

Chris Bell, VP of Alliances, Corporate Development and Strategy, said, “Cybersecurity must enable businesses and their teams to move fast and freely. Open ecosystems that correlate and enrich data to provide enhanced context and intelligence are the bedrock of cyber resilience. It’s for this reason we’re committed to building and developing the industry’s most open and transparent platform. Because when security is seamless, customers thrive. We know that Akamai shares that vision and are confident that customers reap significant benefits from our partnership.”

Pavel Gurvich, Senior Vice President and General Manager, Enterprise Security at Akamai, said, “The relentless pace of the global economy requires enterprises to deploy security that does not adversely impact employee productivity. We engineer high-performing security solutions that can deliver fast and reliable employee experiences. Our partnership with Secureworks can automatically generate data that companies need to respond quickly to complex threats, coupled with rich threat intelligence to understand and mitigate risk.”

Sonatype

Sonatype announced new product capabilities for Sonatype Repository Firewall, Sonatype Nexus Repository and Sonatype Lifecycle. Bolstering Sonatype’s industry-leading software supply chain management platform, these enhancements are designed to give organizations greater control of their software development life cycle (SDLC) while meeting the evolving needs of DevSecOps – empowering developer teams and their organizations to deliver innovative software safer, faster, and at scale.

The new features include:

  • Sonatype Lifecycle and Sonatype Repository Firewall are now available on AWS Marketplace.
  • Sonatype Repository Firewall is also now available as a SaaS solution
  • Sonatype Lifecycle Is enhanced with improved navigation, compatibility enhancements, and extended inclusion of wildcard characters.
  • Sonatype Repository Firewall enhancements feature cleaner views and improved discoverability of specific repositories and violations to simplify automated policy enforcement.
  • A new onboarding experience for Sonatype Repository Firewall and Nexus Repository
  • Improved Search Capabilities within the Sonatype Nexus Repository

 

  • Deeper Customization Capabilities: Sonatype Lifecycle added customization options, including CVSS Vector Strings, Severity, and CWE-IDs.
  • Sonatype Lifecycle has supercharged observed license detection with its Advanced Legal Pack.
  • Sonatype Repository Firewall improved its ability to block malicious open source at the door with improved AI and ML-driven malicious package detection.

Mitchell Johnson, Chief Product Development Officer at Sonatype, said, “In today’s rapidly evolving digital landscape, organizations are in a continuous innovation cycle to retain their competitive edge, making speed paramount to success. That means software developers not only serve as a business-critical function to drive innovation and revenue, but also play a crucial role in fortifying ecosystems against relentless cyber threats. With this enhanced product functionality, Sonatype is enabling developers and engineering teams to accelerate productivity without sacrificing security. Teams can identify and mitigate risk earlier, innovate faster, and develop software fearlessly.”

Sophos

Sophos released its Active Adversary Report for Tech Leaders 2023, an in-depth look at attacker behaviours and tools during the first half of 2023.

Sophos X-Ops found that median attacker dwell time—when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks and to five days for ransomware attacks. In 2022, the median dwell time decreased from 15 to 10 days. In addition, Sophos X-Ops found that it took, on average, less than a day—approximately 16 hours—for attackers to reach Active Directory (AD), one of the most critical assets for a company.

John Shier, field CTO Sophos, commented, “Attacking an organization’s Active Directory infrastructure makes sense from an offensive view. AD is usually the most powerful and privileged system in the network, providing broad access to the systems, applications, resources and data that attackers can exploit in their attacks. When an attacker controls AD, they can control the organization. The impact, escalation, and recovery overhead of an Active Directory attack is why it’s targeted.”

“Getting to and gaining control of the Active Directory server in the attack chain provides adversaries several advantages. They can linger undetected to determine their next move, and, once they’re ready to go, they can blast through a victim’s network unimpeded.

“Full recovery from a domain compromise can be a lengthy and arduous effort. Such an attack damages the foundation of security upon which an organization’s infrastructure relies. Very often, a successful AD attack means a security team has to start from scratch.”

Sophos launched Sophos Incident Response Retainer. It provides organizations with speedy access to Sophos’ industry-first fixed-cost incident response service that includes 45 days of 24/7 Managed Detection and Response (MDR).

The retainer cuts red tape, allowing Sophos incident responders to quickly jump into active cyberattacks to investigate and remediate them. External vulnerability scanning and critical preparedness guidance are also included in the retainer, enabling organizations to proactively improve their existing security resilience by pinpointing and resolving issues that reduce the likelihood of a breach in the first place.

Rob Harrison, vice president of product management at Sophos, said, “Incident response retainers help organizations prepare in advance for the fastest response time possible to defend against active cyberattacks. Due to today’s complex and mixed-vendor computing environments, skills shortages, evolving attacker behaviors, and cyber insurance requirements, it’s critical that all organizations have pre-determined incident response plans in place. Tangible ‘readiness’ is now a key component for cyber resilience.

“Adversaries will often abuse the same weakness in a single system, and it’s not unusual for multiple, different attackers to go after the same target if there’s potential exposure. Sophos’ goal is to immediately stop active attacks and make sure complete remediation is achieved, regardless of how many hours it takes. We are the only security vendor that offers this caliber of retainer services for urgent security incidents.”

Trend Micro

Trend Micro announced an extension to its partner program. It launched a new offering designed to empower MSSPs, service partners and pure-play managed detection and response (MDR) companies to build or grow their MDR and SOC-as-a-service offerings. The new program will further enable the global ecosystem of MSSP partners that customers rely on amidst a cybersecurity skills shortage.

Louise McEvoy, vice president of US channels at Trend, said, “Breaches are on the rise, but many global organizations can’t afford the investment of time, resources and staff that a full SOC requires. And those that can often find their analysts frustrated by tool sprawl and overwhelmed by alerts. This opens a lucrative and important opportunity for MSSPs to deliver more value to customers, as long as they can find the right platform to deliver SOCaaS.”

Trend Vision One for Service Providers provides turnkey threat detection and response with extended SOAR capabilities built for managed security service partners, offering multi-tenant SOC capabilities and hundreds of third-party integrations across the IT environment and with other security vendors.

Partners who sign up for Trend Vision One™ for Service Providers will also receive industry-leading benefits, including:

  • White-glove onboarding and enablement, leveraging Trend’s industry know-how and working with hundreds of SOCs to help partners accelerate the adoption and delivery of SOCaaS and MDR
  • Highly competitive pricing to allow new and existing MSSPs to penetrate the market quicker
  • Choice of partnership, which means partners can choose the partnership right for their business:
    • Fully managed MDR or SOCaaS
    • API integration to offer co-managed services for “bring your own technology” clients, where MSSPs help configure and manage Trend SOAR solutions deployed on customers’ premises

Security news from the week beginning 14th August 2023

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here