Security news this week is abridged due to illness, but Enterprise Times covered a lot last week. At the beginning of the week, in the first to publish, we revealed that Austal USA has become the latest victim of the newly emerged Hunters International cybercrime gang.
BlueVoyant published, “The State of Supply Chain Defense Annual Global Insights Report”. Orange Cyberdefense released its Security Navigator 2024 report (registration required).
N-able added Generative AI to its RMM platform, N-central. Egress added advanced graymail detection capabilities to its cloud security offering.
A partnership between Temu and HackerOne to create a new bug bounty program. Another partnership announced is between Certa and Castellum.AI, a global financial crime risk platform, to extend its third-party management platform.
Francisco Partners completed its all-cash acquisition of Blancco Technology Group. Mine announced a $30 million Series B funding round.
Enterprise Times also published an interview with co-founder and CEO of WSO2, Sanjiva Weerawarana.
Cisco
Cisco unveiled the Cisco AI Assistant for Security. It marks a major step in making artificial intelligence pervasive in the Security Cloud, Cisco’s unified, AI-driven, cross-domain security platform. The AI Assistant will help customers make informed decisions, augment their tool capabilities and automate complex tasks.
Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, said, “To be an AI-first company, you must be a data-first company. With our extensive native telemetry, Cisco is uniquely positioned to deliver cybersecurity solutions that allow businesses to confidently operate at machine scale, augmenting what humans can do alone. Today’s announcement is a monumental step forward. This advancement will help tip the scales in favor of defenders, empowering customers with AI built pervasively throughout the Cisco Security Cloud.”
Claroty
Claroty released new research showing that 75% of respondents reported being targeted by ransomware in the past year. The report, “The Global State of Industrial Cybersecurity 2023: New Technologies, Persistent Threats, and Maturing Defenses,” is based on a global independent survey of 1,100 information technology (IT) and operational technology (OT) security professionals who work in critical infrastructure sectors. Exploring industry challenges faced in the past year, their impact on OT security programs, and priorities moving forward.
Yaniv Vardi, CEO at Claroty, said, “Our study shows that there is clearly no shortage of challenges facing OT security professionals, but we also found tremendous room for opportunity and appetite to mature security posture across industrial environments. Organizations are already working to bolster their risk assessment, vulnerability management and network segmentation practices in order to be highly proactive in their defense of cyber-physical systems.”
Claroty also announced the appointment of Andrew Lintell as General Manager of EMEA. A transformational sales leader with over 20 years of cybersecurity experience. Lintell will focus on further establishing Claroty’s presence in the region amid rapidly growing demand for its industry-leading solutions by industrial, healthcare, commercial, and government enterprises.
Dragos
Dragos announced the Dragos Community Defense Program to provide free OT cybersecurity software for small water, electric, and natural gas providers. Initially available in the United States, offerings include the award-winning Dragos Platform and Neighborhood Keeper.
The Dragos Community Defense Program gives under-resourced US-based utility providers with under $100M in annual revenue access to Dragos products that provide a robust, multi-layered foundation for building and growing their OT cybersecurity programs, improving their security postures, and reducing OT cyber risk.
The program includes the Dragos Platform, Neighborhood Keeper, and access to the Dragos Academy.
ESET
ESET Announced a strategic partnership with a Dutch company, KPN, the leading telecommunications and IT provider in the Netherlands. Through this collaboration, ESET introduces ESET NetProtect to KPN’s customers, a cutting-edge DNS Filtering solution designed to protect home networks, including IoT devices, against malware, phishing, and unwanted content.
Gijs Isbouts, VP of KPN Veilig, said, “Smart TVs, smart lamps or a smart (energy) meter,.. we are increasingly digitally connected, and the number of smart devices in our homes has skyrocketed, so it feels like a mission for us to ensure that our customers really feel safe online.
“New times call for new solutions, and that is exactly what we are tackling here together with Eset. Our solution, KPN Safe Network at Home, which we offer together with Eset, enables our customers to maintain control over their online security at home, without having to be technically skilled and the great thing is that you enable it with just the click of a button.”
ESET researchers also published information about the alarming growth in deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds.
The key findings from the research included:
- Deceptive SpyLoan apps analyzed by ESET researchers request various kinds of sensitive information from their users and exfiltrate it to the attackers’ servers.
- This data is then used to harass and blackmail users of these apps and, according to user reviews, was used even where a loan was not provided.
- ESET telemetry shows a discernible growth in these apps across unofficial third-party app stores, Google Play, and websites since the beginning of 2023.
- Malicious loan apps focus on potential borrowers based in Southeast Asia, Africa, and Latin America.
Forescout
Forescout released “SIERRA:21 — Living on the Edge,” an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. The report — produced by Forescout Research — Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in critical infrastructure — emphasizes the continued risk to critical infrastructure and sheds light on possible mitigations.
Fortra
Fortra introduced a transformative advancement in email security with the launch of Cloud Email Protection. This integrated cloud email security (ICES) solution sets a new standard by seamlessly blending artificial intelligence, threat intelligence, and automated remediation to stop advanced threats that elude traditional defences and make it through to corporate inboxes.
Fortra also announced that the CVE program had authorized it as a CVE Numbering Authority (CNA). This designation allows Fortra to assign and publicly disclose Common Vulnerabilities and Exposures (CVEs) that enable IT and cybersecurity professionals to prioritize and rapidly address vulnerabilities in software.
Gatewatcher
Gatewatcher announced an expanded partnership with Elcore, a specialized distributor of IT solutions. The full range of solutions and products from Gatewatcher will be available to Elcore partners in 5 more CIS countries: Georgia, Armenia, Moldova, Romania, and Bulgaria.
Infoblox
infoblox commissioned a Forrester Consulting Total Economic Impact Study. The study reveals how vulnerabilities in DNS are severely impacting enterprises’ bottom lines. It showed higher network availability generated $500,225 in benefits. Including productivity gains, from the avoidance of unplanned downtime. The report underscores the critical nature of Domain Name System (DNS) as a critical network service for modern enterprise IT infrastructure.
Lansweeper
Lansweeper announced a new partnership with TeamViewer. TeamViewer, a leading global provider of remote connectivity and workplace digitalization solutions, will integrate Lansweeper’s technology for asset discovery and inventory into its remote monitoring and management (RMM) offering.
For Lansweeper, the partnership means that their technology can reach a whole new audience. This audience has needs that their technology can solve, but that otherwise may not fit in Lansweeper’s chosen strategy. Thanks to this Lansweeper-TeamViewer Partnership, IT departments will have a comprehensive, unified IT management solution to support daily operations.
Dave Goossens, CEO at Lansweeper, said, “TeamViewer’s more than 600.000 customers will now have access to Lansweeper’s unique discovery and inventory technology. We’re excited to be part of this solution, having an automated, always up-to-date inventory is crucial for efficient and cost-effective IT management.”
Frank Ziarno, Vice President of Product Management at TeamViewer, noted, “By integrating powerful technology like Lansweeper’s IT asset discovery and inventory capabilities into our RMM offering, we are able to provide a comprehensive single-vendor solution that enables IT administrators to maintain IT landscapes at scale. This is a significant step forward in our commitment to simplifying IT management.”
LRQA Nettitude
LRQA Nettitude announced its status as an Assured Service Provider in the newly launched National Cyber Security Centre (NCSC) Cyber Incident Exercising (CIE) scheme. In collaboration with CREST and IASME, this scheme provides organizations with access to trusted cybersecurity providers that can test the effectiveness of cyber incident response plans and strengthen incident management processes.
As a recognised Assured Service Provider, LRQA Nettitude offers tailored tabletop and live-play cyber incident exercises. These exercises, designed for a single client organization, allow participants to discuss and practice their roles and responsibilities in a controlled environment.
Tenable
Tenable published a study revealing that 40% of cyberattacks breach Saudi Arabian organisations’ defences. This forces security teams to focus time and efforts on reactively mitigating cyberattacks rather than preventing them in the first instance. With 68% of Saudi organisations confident that their cybersecurity practices are capable of successfully reducing the organisation’s risk exposure, there is work to be done.
Maher Jadallah, Senior Director of Middle East & North Africa, Tenable, said, “Far too many security teams are being overwhelmed by the sheer volume of cyberattacks they have to react to, rather than focusing efforts on reducing risks. As the attack surface becomes ever more complex, caused by trends like cloud migration and AI, this imbalance will only deepen.
“Firefighting is not just exhausting, but also leaves the organisation open to unacceptable risks. Security teams need to change tactic to focus instead on preventative security that deflects cyberattacks and stops threat actors gaining a toehold into the infrastructure. That will need security leadership to be involved in high-end business decision making rather than consulted after the fact. Only then will steps be taken to reduce risks and strengthen defences.”
Trend Micro
Trend Micro warned of the transformative role of generative AI (GenAI) in the cyber threat landscape. And a coming tsunami of sophisticated social engineering tactics and identity theft-powered GenAI tools. This came as the company published the Trend Micro 2024 cybersecurity predictions.
Eric Skinner, VP of market strategy at Trend, said, “Advanced large language models (LLMs), proficient in any language, pose a significant threat as they eliminate the traditional indicators of phishing such as odd formatting or grammatical errors, making them exceedingly difficult to detect. Businesses must transition beyond conventional phishing training and prioritize the adoption of modern security controls. These advanced defenses not only exceed human capabilities in detection but also ensure resilience against these tactics.”
Trustwave
Trustwave unveiled comprehensive research highlighting the distinct cybersecurity threats confronting manufacturers. The report, “2023 Manufacturing Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,” explores industry-specific threats and risks, equipping manufacturers with practical insights and actionable mitigation strategies to fortify their defenses.
Key findings included:
- The threat group LockBit accounted for 36% of ransomware incidents targeting the manufacturing sector
- 45% of all reported incidents in manufacturing can be attributed to Credential Access
- 72% of malicious email attachment types sent to manufacturers are HTML attachments
Trustwave CISO Kory Daniels said, “The digital transformation sweeping through the manufacturing industry has led to a convergence of OT and IT business environments, effectively expanding the potential attack surface for cyber threat actors and ransomware. Our latest threat briefing is a valuable resource for cyber defenders building comprehensive security strategies that strengthen resilience, continuously assess risks of critical infrastructure, and empower the continuity of essential operations.”
Veeam
Veeam Software announced the promotion of Tim Pfaelzer as General Manager and Senior Vice President of Europe, Middle East, and Africa (EMEA). He is responsible for Veeam’s business operations across all segments and markets across the region.
Veeam Software released general availability of the new Veeam Data Platform 23H2 update. Including Veeam Backup & Replication v12.1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of new features and enhancements designed to not only protect enterprises’ most critical data, but to enable them with radical resilience to bounce forward from ransomware and cyber-attacks.
Danny Allan, CTO at Veeam, said, “The latest Veeam Data Protection Trends Report found that 85% of organizations experienced at least one ransomware attack in the last year, while only 16% were able to recover without paying the ransom.
“Ensuring your organization is protected and resilient in the event of an attack is the only way to make your business immune to its impacts. The new Veeam Data Platform 23H2 update, including Veeam Backup & Replication v12.1, builds on what Veeam does best: reducing downtime and data loss for our 450,000 customers. This latest release provides the shortest gap between cyber incidents and recovery, arming our customers with radical resilience to keep their business running and moving forward.”
WatchGuard
WatchGuard announced the findings of its latest Internet Security Report, Detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the data show increasing instances of remote access software abuse, the rise of cyber adversaries using password-stealers and info-stealers to thieve valuable credentials. Aldo, threat actors pivoting from utilizing scripting to employing other living-off-the-land techniques to initiate an endpoint attack.
Key findings include:
- Threat actors increasingly use remote management tools and software to evade anti-malware detection, which both the FBI and CISA have acknowledged.
- Medusa ransomware variant surged in Q3, driving endpoint ransomware attacks to increase by 89%.
- Threat actors pivot from using script-based attacks and increasingly employ other living-off-the-land techniques.
- Malware arriving over encrypted connections declined to 48%.
- An email-based dropper family that delivers malicious payloads comprised four of the Top 5 encrypted malware detections in Q3.
- Commoditized malware emerges.
- Network attacks saw a 16% increase in Q3.
- Three new signatures appeared in the Top 50 network attacks.
Corey Nachreiner, Chief Security Officer at WatchGuard, said, “Threat actors continue using different tools and methods in their attack campaigns, making it critical for organizations to keep abreast of the latest tactics to fortify their security strategy.
“Modern security platforms that include firewalls and endpoint protection software can deliver enhanced protection for networks and devices. But when it comes to attacks that employ social engineering tactics, the end user becomes the last line of defense between malicious actors and their success in infiltrating an organization. It’s important for organizations to provide social engineering education as well as adopt a unified security approach that provides layers of defense, which can be administered effectively by managed service providers.”
WSO2
WSO2 announced the availability of Asgardeo Software as a Service Identity Management Solution in the Microsoft Azure Marketplace. This is an online store providing applications and services for use on Azure. WSO2 customers can now take advantage of the productive and trusted Azure cloud platform with streamlined deployment and management.
Geethika Cooray, Vice President and General Manager of identity and access management at WSO2, said, “WSO2 Asgardeo facilitates secure and seamless collaboration between businesses by supporting standard identity federation protocols. It allows businesses to establish trust and share resources securely with their partners. With WSO2’s Asgardeo IAM solution running on Azure and available on the Azure Marketplace, development teams can now easily build, deploy and manage their cloud-native applications with greater efficiency and agility.”