NIBS (credit image/Pixabay/ Ryan McGuire)New last week included iDenfy partnering with ByNoGame. The latter is to use the iDenfy anti-fraud tools as part of its plan to deliver a more secure global sales platform. Akamai has released its latest report showing that DDoS attacks are most like to hit EMEA organisations.

Abacus Group

Abacus Group announced its inclusion on the Data Privacy Framework (DPF) participants’ list. The company says it ‘reflects its ongoing commitment to client data privacy and protection.”

The Data Privacy Framework (DPF) is administered by the International US Department of Commerce. It allows Abacus Group to facilitate safe and reliable personal data transfers to the United States from the European Union (EU), United Kingdom (UK) and Switzerland. It also ensures that it meets data protection compliance requirements under EU, UK and Swiss law.

Mark Kenny, Senior Director of Operations, Abacus Group. said, “Data protection is of paramount importance to our operations and a key foundation of trust with our customers, vendors, partners, and employees.

“Our inclusion on the DPF list reinforces to every stakeholder and business we work with that we take their data privacy and security seriously and follow the appropriate practises to keep it secure. Data protection is everyone’s business, and we believe that every organisation has a responsibility to safeguard it.”

Akamai

Akamai Technologies, Inc has released a new State of the Internet looking at the most interesting security stories of the year. A Year in Review: A Look at 2023’s Cyber Trends and What’s to Come finds that the Europe, Middle East, and Africa (EMEA) region was the most targeted by Distributed Denial-of-Service (DDoS) attacks in particular. It expects EMEA will continue to be caught in the crosshairs of DDoS attack events.
The report also finds that in EMEA:

  • Half (50.1%) of all malicious bot activity targeted commerce, followed by other digital media at 15.3% and video media at 12.2% in the period January 2022 – October 2023.
  • Commerce remains the top vertical for web application and API attacks, with attacks now topping 6.5 billion (up from 4.6 billion, a 41% increase since Akamai’s March 2023 report).
  • Although manufacturing has moved up from fourth to replace financial services in the third position, attacks against financial services have climbed 70% since reported in June 2023, reaching 1.7 billion, up from 1 billion.

Richard Meeus, Director of Security Technology and Strategy at Akamai. “Businesses should increase the effectiveness of their efforts to protect themselves by following best practices for cyber and operational alignment while also proactively working on their backup plans. This way they can get ahead of the curve and protect themselves in 2024.”

BlueVoyant

BlueVoyant has signed a strategic alliance with Ernst & Young LLP (EY US). It will see the two companies work to help enterprises improve the use of Microsoft 365 E5 advanced security tools and solutions.

The alliance gives organisations “better together” access to BlueVoyant’s robust Sentinel and Defender technical skills and Managed Detection and Response (MDR) services, as well as the extensive experience of EY US as a trusted business and technology advisor to global enterprises.

Jim Rosenthal, BlueVoyant CEO, said: “Corporate networks have become increasingly challenging to defend against cyber attacks, with more frequent and more sophisticated attacks both directly and through third-party relationships. 

“BlueVoyant is excited to collaborate with EY US to protect enterprises around the world from cyber disruptions. The outstanding consulting services of EY US combined with BlueVoyant’s platform provide effective and efficient cyber defence.”

ESET

ESET has published its second analysis of the Telekopye toolkit that allows anyone to pull off online scams easily. It published the first part back in August, which it said points to Russia as the source. This second analysis digs deeper into how new attackers are recruited, the way it works and the scan scenarios.

Phishing websites, emails, SMS messages and fake screenshots are all part of the capabilities of Telekopye. With the tool under active development, new capabilities can be added at any time. It is also delivered as a Telegram bot. ESET refers to victims as Mammoths and attackers as Neanderthals.

Recruitment is done through advertising on underground forums and other channels. The adverts are explicit and new Neanderthals to “fill out an application, answering basic questions like what experience they have in this line of “work.” If approved by existing group members with sufficiently high rank, the new Neanderthals can start using Telekopye to its full potential.”

ESET researcher Radek Jizba, who investigated Telekopye said, “In almost every group of Neanderthals, we can find references to manuals with online market research from which Neanderthals draw their strategies and conclusions.” He goes on to say, “Manuals recommend that Neanderthals, in the buyer scam scenario, pick items with a price between €9.50 to €290.”

Logpoint

Logpoint has announced it has completed a SOC 2 Type II audit. The audit is an essential element of SOC 2. Type I shows that companies have the right tools and processes in place but adding Type II audits strengthens SOC2 compliance considerably.

Christian Have, Logpoint CTO, said, “The SOC 2 Type II compliance audit is a testament to security being at the center of everything we do at Logpoint. We have built our solution with security in mind from the ground up. So, we are happy with the confirmation that we ensure that our customers’ data and that Logpoint’s solutions are well secured.”

According to Logpoint, this adds the SOC2 Type II attestation to its EAL3+ certification, the highest security standard achieved by a SIEM vendor.

N-able

N-able has announced Cove Data Protection for Microsoft 365 now protects Microsoft Teams from data loss. The solution, available to any organisation and MSPs delivers a unified dashboard to protect critical data in Microsoft 365 Exchange, OneDrive, SharePoint, and now Teams.

Since launching the solution, more than 6,000 N-able partners are utilizing it to help prevent data loss across more than 58,000 customer domains.

Chris Groot, general manager of Cove Data Protection, said, “Microsoft 365 offers excellent productivity tools for organizations, but many are often surprised to find that even Microsoft recommends an additional backup of their data versus relying solely on their own data retention.

“External and internal threats, accidental deletion, and regional compliance regulations make backing up Microsoft 365 data vitally important. The addition of Teams adds another layer to our partners’ backup and disaster recovery framework, helping MSPs strengthen their risk and compliance stance across the full threat lifecycle from one unified management console.”

Noname Security

Noname Security has announced integrations with three Security Orchestration, Automation, and Response (SOAR) platform providers: SwimlaneTines, and Palo Alto Networks. These integrations enable joint customers to automate and streamline their API security incident response processes, enhance threat detection, accelerate remediation, and improve visibility and reporting.

Karl Mattson, CISO at Noname Security, said, “API usage has hit an inflection point, prompting security teams to acknowledge the imperative need for API security as an integral part of IT workflows. By integrating with key SOAR platforms, Noname Security offers immediate access to the best protection against threat actors looking to take advantage of weak or non-existent API security.

“The integration of the Noname API Security Platform with some of the most widely used orchestration, automation, and response platforms is a significant milestone in the evolution of our partner ecosystem. Today’s news ensures that customers of both Noname and the SOAR community are secure.”

There are four key benefits that the combined Noname Security and SOAR platform integrations offer:

  • Enhanced threat detection
  • Streamlined incident response
  • Efficient remediation
  • Improved visibility and reporting

Tenable

Tenable has released more information from its recent global survey on the success of cyber attacks over the last two years. This week, it has published reports on Mexico and Brazil.

Over the last two years, the ability of cybersecurity teams in Mexico were able to preventatively defend or block just 57% of the cyberattacks they encountered. It means 43% of attacks launched against them are successful and must be remediated after the fact. By comparison, teams in Brazil were able to deal with 59% of the cyberattacks encountered, and 41% were successful, requiring remediation after the fact.

As with all the other reports in this series, the risks associated with cloud infrastructure were singled out as the primary problem. This is down to the complexity in trying to correlate user and system identities, access and entitlement data.

According to the Mexico report, “the vast majority of respondents (77%) view cloud infrastructure as the greatest source of exposure risk in their organization. In order, the highest perceived risks come from the use of public cloud (33%), multi-cloud and/or hybrid cloud (23%), private cloud infrastructure (11%) and cloud container management tools (11%).”

The Brazil report shows similar numbers, with “(78%) viewing cloud infrastructure as the greatest source of exposure risk in their organization. In order, the highest perceived risks come from the use of public cloud (28%), multi-cloud and/or hybrid cloud (28%), private cloud infrastructure (10%) and cloud container management tools (12%).”

Over the past few weeks, similar numbers have been published for other countries.

WithSecure

WithSecure has given an update on its Co-Monitoring service. It says that it continues to, “power growth for partners looking to provide effective detection and response capabilities to mid-market organizations that lack in-house resources to monitor their IT infrastructure around the clock.”

Trials of the service started in May before going live in October. Since then, WithSecure has seen positive take-up by partners. Importantly for WithSecure Elements EDR customers, the Co-Monitoring service is available as an add-on. The company says that the benefits it delivers include:

  • Monitoring (24/7 or out-of-hours) of severe-risk detections by WithSecure™.
  • Validation and investigation of severe-risk detections by a human threat analyst.
  • Confirmed attacks are escalated directly to partners or on-call customers.
  • Threat analysts provide containment advice for fast and effective remediation.
  • Possibility to escalate to Incident Response services, with or without an IR Retainer.

According to Mike Lahosky, Director of Sales Enablement and Delivery at Vortalsoft Inc., WithSecure Co-Monitoring has allowed them to make significant, demonstratable security improvements for customers who have already taken the service into use.

“The benefit to them is that we have also bridged a number of gaps with this service in regard to critical patching, which helps us as an MSP to know that we can help our customers be more secure. I’m also able to show them through the dashboard their patch and security status, especially when it affects their critical servers. In a way, it allows us to push our customers to be as secure as possible,” he said.

ZScaler Threatlabz

ZScaler Threatlabz has released a new blog written by Apoorva Ravikrishnan, Senior Manager of Product Management at ZScaler. Titled How to stay protected on the web this holiday season, it looks at attack trends during the holiday period and gives recommendations on how to protect sensitive information.

It warns of the risks from typical attacks like phishing and web skimming. On the former, Ravikrishnan points out how phishing scams have become more sophisticated and harder to detect and block.

On the latter, she says, “Web skimming attacks have become increasingly popular among malicious actors.” One reason is that they are easy to execute and hard to detect. Of concern, is not that web skimming attacks are a constant threat, as is phishing, but that there is a spike around the holiday period.

Perhaps the most important part of this blog is the guidelines for shopping on corporate devices. For many people, it’s something that is hard to avoid, whether that device is a phone, tablet, laptop or computer. Ravikrishnan gives 10 useful tips, including, don’t do it if you can avoid it.

Security news from the week beginning 13 November 2023

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here