Last week security news came from various vendors. Check Point, Dragos, F-Secure, Infoblox, ManageEngine, and Microsoft published research reports and insights. Products were launched or updated by Infoblox, and there were new partnerships for LogRhythm with Zscaler and ALEF Distribution in Romania.
Check Point
Check Point Research has published its Brand Phishing Report for Q1 2023. The report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during January, February, and March 2023. The technology sector was most imitated, with shipping and retail next. The top brands included:
- Walmart – 16%
- DHL – 13%
- Microsoft 12%
Omer Dembinsky, Data Group Manager at Check Point Software, commented, “Criminal groups orchestrate phishing campaigns to get as many people to part with their personal data as possible. In some cases, attacks are designed to obtain account information, as seen with the Raiffeisen campaigns. Others are deployed to steal payment details, which we witnessed with popular streaming service Netflix.
“The best defense against phishing threats, as ever, is knowledge. Employees should be given appropriate training to spot suspicious traits such as misspelled domains, typos, incorrect dates, and other details that can expose a malicious email or link.”
Corero
Dakota Carrier Network, North Dakota’s largest fibre optic network, has selected Corero Network Security to deliver DDoS protection services across its network, protecting customers from attacks and offering an incremental revenue-generating DDoS protection as-a-service to its customers.
Ashley Stephenson, CTO at Corero Network Security, said, “We’re delighted to be working with DCN to support their goals of superior customer service and reducing the risk of downtime caused by DDoS attacks. We’re proud to be a partner in their dedication to providing secure communications infrastructure in the face of evolving attacks.”
Dragos
Dragos announced the one-year anniversary of the launch of Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team). It is the industry’s first cybersecurity resource designed to provide industrial asset owners and operators with free OT-specific cybersecurity resources to help them build their OT cybersecurity programs, improve their security postures, and reduce OT risk.
Dragos OT-CERT partners include the National Association of Manufacturers, Emerson, Rockwell Automation, and seven Information Sharing and Analysis Centers: E-ISAC (electricity), OT-ISAC (operational technology), MFG-ISAC (manufacturing), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), WaterISAC (water), MM-ISAC (mining and metals), the Massachusetts Cybersecurity Program within the Massachusetts Commonwealth Fusion Center, and Catalyst Connection, a member of the NIST Manufacturing Extension Partnership.
In its Q1 Industrial Ransomware Attack Analysis report, Dragos revealed that 21 of the 61 ransomware groups that Dragos tracks caused significant damage to industrial organizations through continually evolving tactics. Dragos observed two new and significant trends: zero-day vulnerabilities and the exploitation of recently discovered vulnerabilities.
Dragos detected 214 ransomware incidents in the first quarter of 2023, a 13% increase from the previous quarter. The impact of ransomware attacks on industrial organizations is more difficult to counter and more disruptive than in previous quarters.
44% of the 214 ransomware attacks recorded globally impacted industrial organizations and infrastructure in North America, for a total of 95 incidents, which is twice the number it reported last quarter for North America. 67% of ransomware attacks impacted the manufacturing sector (143 incidents total), the same number of incidents in the last quarter.
F-Secure
F-Secure published its annual consumer threat guide. It found that cybercriminals follow consumers, whether that is Netflix, Facebook or Steam. F‑Secure’s Threat Intelligence found that the most imitated social media platform used to spread phishing threats in 2022 was Facebook, the most popular social network on earth, at 62%. Steam, the largest distribution platform for PC games, was the most popular gaming platform to spoof at 37%.
Laura Kankaala, F‑Secure Threat Intelligence Lead, commented, “Cyber criminals benefit from the fact that we spend so much of our lives online. And they know they can reach us on the online services that we use.
“ Because ultimately what they want is our attention. They want to trick us into acting against our own interests to click on malicious links or download malware. So, they spam our email inboxes, tag us in comments on social media, or send us direct messages in gaming or dating apps. Cyber attacks in general have become very personal. And little is more personal than the credentials that secure our intimate digital moments.”
The report covers the following topics:
- Malware and info stealers: A comprehensive look at the threats consumers are most likely to face.
- Security and the smart home: A review of challenges faced by consumers, hardware manufacturers and communication service providers due to the swelling numbers of connected devices in the home.
- Phishing for new victims: A look at the emerging phishing trends for 2023, focusing on the growing risks in gaming and social media.
- Cyber security is getting personal: An examination of cyber security issues that arise from adding a digital dimension to interpersonal relationships.
- Trends and predictions: F‑Secure researchers, analysts, and threat hunters reveal what they see on the leading edge of cyber security.
Infoblox
Infoblox published a threat report blog on a remote access trojan (RAT) toolkit with DNS command and control (C2). The toolkit created an anomalous DNS signature observed in enterprise networks across technology, healthcare, energy, financial and other sectors within the US, Europe, South America, and Asia. Some of these communications go to a controller in Russia.
Renée Burton, Senior Director of Threat Intelligence for Infoblox, said, “Decoy Dog is a stark reminder of the importance of having a strong, protective DNS strategy. Infoblox is focused on detecting threats in DNS, disrupting attacks before they start, and allowing customers to focus on their own business.”
Its findings are a stark reminder of the threats that constantly emerge.
- The remote access trojan (RAT) Pupy was active in multiple enterprise networks in early April 2023. This C2 communication has gone undiscovered since April 2022.
- The RAT was detected from anomalous DNS activity on limited networks and in network devices such as firewalls, not user devices such as laptops or mobile devices.
- C2 communications are made over DNS and are based on an open-source RAT called Pupy. While this is an open-source project, it has been consistently associated with nation-state actors.
- Organizations with protective DNS can mitigate their risk. BloxOne Threat Defense customers are protected from these suspicious domains.
Infoblox continues to urge organizations to block the following domains:
- claudfront[.]net
- allowlisted[.]net
- atlas-upd[.]com
- ads-tm-glb[.]click
- cbox4[.]ignorelist[.]com
- hsdps[.]cc
Infoblox also announced new critical security enhancements to Infoblox BloxOne® Threat Defense, offering Lookalike Domain Monitoring and protection against emerging threats to help prevent cybercrime as phishing attacks make headlines across the globe.
LastPass
LastPass announced LastPass University, a richly resourced training platform featuring live and on-demand coursework to help business administrators, their end users and partners deepen their LastPass product knowledge and password management skills.
Abby Miller, Senior Vice President of Customer Experience at LastPass, commented, “LastPass University embodies our commitment to help customers get the most out of our products and be more protected. Instead of searching online or submitting a support ticket, they can now get all the best information and training in one place, whether they need quick tips or a deep dive.”
LastPass University includes specialized training and certification for partners. It enables partners to achieve one of four tiered statuses – from Associate to Platinum. The partner training is a foundational part of LastPass’ new Allegiance Partner Program, to be rolled out in detail next month.
LogPoint
CABI, an international, inter-governmental, not-for-profit organization, has selected Logpoint to provide its SIEM and SOAR solutions. Logpoint will be essential for CABI’s IT and cybersecurity operations, centralizing everything in a single pane of glass, increasing visibility across the infrastructure, and reducing the workload through automation and increased efficiency.
Jamie Brown, CABI Security Engineer, said, “Logpoint’s user-friendly SIEM and SOAR solutions are an ideal fit for our requirements. We like the ease of use and the streamlining of services, as well as the elimination of manual triaging, which allows us to make better decisions about our security efforts. We are able to detect and prevent security breaches before they become a problem, freeing up time previously spent on manual processes.”
LogRhythm
LogRhythm launched a strategic partnership with ALEF Distribution RO to bring new cybersecurity innovations to Romania. The partnership enables ALEF Group to provide its Romanian customers with threat mitigation tools to defend against the latest cyber risks as the country’s economy grows.
Gabriel Ciucu, Managing Director at ALEF Distribution RO, commented, “As Romania’s economy grows, organisations are increasingly adopting IT security solutions to provide reliable and comprehensive protection against modern, targeted attacks. Our partnership with LogRhythm is a recent example of how we are putting our customer’s needs first with wider technology support and access to innovative security solutions.
“Our customers benefit from more agile and intelligent security protection. We are looking forward to supporting our Romanian partners with leading-edge capabilities and long-term experience with LogRhythm.”
LogRhythm announced its partnership with Zscaler, the leader in cloud security. LogRhythm and Zscaler work together to help organizations around the globe increase network insight and address a variety of cloud access security challenges faced by the modern SOC. LogRhythm SIEM and the Zscaler Zero Trust Exchange platform provide unparalleled visibility and security to facilitate a modern Zero Trust architecture.
Andrew Hollister, Chief Information Security Officer at LogRhythm, said, “Securing an organization’s systems and networks begins with high-fidelity and trustworthy log data. LogRhythm’s expertise in turning log data into actionable insights delivered through dashboards and analytics is unrivalled in the industry. The combined benefits of LogRhythm SmartResponse and Zscaler Internet Access facilitate modern Zero Trust architecture that is the security backbone of companies across the globe.”
ManageEngine
ManageEngine announced the results of its State of ITOM in the 2023 study, which examined the trends observed in ITOM. In today’s digital landscape, providing a seamless customer experience (CX) has become a top priority for IT operations teams. 62% of the respondents said that a unified ITOM solution with observability and AIOps functions would help them to proactively identify performance bottlenecks.
They are increasingly turning to observability and AIOps to achieve this. However, the study found that organizations face several challenges while adopting both technologies.
- Over 57% of the respondents stated that their organization was not fully familiar with the concept of observability.
- Over 65% of respondents said their organizations lacked a proper understanding of AIOps and their use cases.
Mathivanan Venkatachalam, vice president at ManageEngine, said, “Despite the challenges, the benefits of observability and AIOps in delivering superior customer experiences and driving business growth are clear. As organizations continue to prioritize CX initiatives, they are likely to invest in these technologies. We are committed to providing world-class solutions that will empower ITOps teams in their journey.”
Microsoft
A new study by Forrester Consulting, commissioned by Microsoft and titled The Total Economic Impact™ Of Microsoft Entra, found that customers enjoyed a return on investment (ROI) of 240%. The report further highlighted X areas of improvement
- Modernised identity and consolidated vendors.
- Increased identity team efficiency
- Accelerated development velocity
- Increased worker productivity and reduced IT friction
As one customer put it, a senior security engineer in the software industry, “If you have your applications integrated with Azure AD, you can have a really, really sweet user experience, security model, and simple administration.”
Noname Security
Noname Security announced its partnership with Wiz, the leading cloud security platform and the world’s fastest-growing software company, to help customers improve security posture by enabling complete visibility, context, and control of infrastructure hosting mission-critical and highly sensitive APIs to minimize and remediate risk.
Aner Morag, Vice President of Technology of Noname Security, commented, “While APIs enable business, they require proper build, deployment, and maintenance to ensure viable security.
“Wiz is a clear leader in cloud security and is the fastest-growing software company ever due to the company’s success in protecting and servicing hundreds of the world’s leading organizations. We’re proud to partner with their team to provide customers with visibility and intelligence across their API ecosystem to find, build, and maintain secure APIs throughout the entire lifecycle.”
The partnership will allow customers to proactively improve their security posture, find and fix breaches faster and ensure compliance.
Oron Noah, Director of Product Management at Wiz, said, “Together, Noname Security and Wiz provide security, application and cloud technology teams with complete visibility into their entire API ecosystem to ensure confidentiality, integrity, context and availability while also reducing time to market and increasing application uptime. We are proud to combine Wiz’s Cloud Native Application Protection Platform with Noname Security’s API security platform to provide customers with full cyber-risk coverage.”
Veeam
RC Willey, a leading American home furnishings company, selected Veeam Data Platform Advanced Edition as the core platform for its new data protection strategy. With Veeam, RC Willey can keep pace with thousands of items of inventory in constant motion between its suppliers, distribution centres, stores and customers by providing the top backup and recovery solution to ensure the business never has to suffer from downtime or data loss.
Chris Weiss, Senior Systems Administrator at RC Willey, said, “The whole data protection process must be totally reliable from end to end. It doesn’t matter how fast your backups are if you can’t recover your systems within a reasonable time. And, it doesn’t matter how quick your recovery process is if the data wasn’t backed up successfully in the first place.”
“Veeam helps us recover data from almost any recovery point in almost no time. We can successfully recover files from tape backups made months ago and restore corrupted virtual machines (VMs) in 20 minutes. But the jewel in the crown is Veeam’s Continuous Data Protection (CDP).
“For Tier-1 systems, our RPO is just five seconds, and we can fail over to an alternate site within minutes — so we can be confident that our business-critical inventory management systems never miss a beat. Visibility is great, too. Veeam ONE™ gives us real-time insight into what’s happening with our backups. It gives us richer information than other reporting tools that cost significantly more.”
Kasten by Veeam, the market leader for Kubernetes backup and disaster recovery, today announced that its KubeCampus.io Kubernetes learning platform now has over 20,000 registered users and is expanding to include its first partners, Scality and StormForge. KubeCampus.io has increased its user base by 50% in 2022 and now reports nearly 12,500 courses completed and thousands of learning resources downloaded.
Tom Leyden, vice president of marketing at Kasten by Veeam, said, “Building on the tremendous success of KubeCampus, the logical next step is to add resources that will continue to enrich the learning experience. Collaborating with our partners to expand content and instruction will give users more learning opportunities, more industry experts to consult, and more chances to be certified in leading technologies. Partners can benefit as well by taking advantage of opportunities to drive thought leadership and introduce their technology to prospective customers.”
WatchGuard
WatchGuard announced further expansion of its presence in India, with a new office in Noida, capable of supporting the company’s aggressive hiring plans in the region.
Prakash Panjwani, CEO of WatchGuard Technologies, commented, “Our growing presence in India has and will continue to be instrumental in accelerating the company’s innovation, as the R&D team there has made significant contributions to our efforts for building a scalable platform that elevates the practice of modern cybersecurity delivery for managed service providers. We are excited to support the team’s continued growth in India by expanding our office space, and hiring across several functions to support our growth plans in 2023.”
Awanti Singh, vice president & country operations manager of the India Center of Excellence at WatchGuard Technologies, added, “We are proud to have built a team in India that mirrors WatchGuard’s strong culture of teamwork and collaboration and of caring for each other, our partners and customers. As we embark on another phase of growth, both for the team in India and the company overall, there is a tremendous opportunity to continue driving market-changing innovation that redefines security delivery for MSPs and better protects our customers.”
