Richard Giddey

New BunnyLoader threat emerges as a feature-rich malware-as-a-service

New BunnyLoader threat emerges as a feature-rich malware-as-a-service

Security researchers discovered a new malware-as-a-service (MaaS) named ‘BunnyLoader’ advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard.

The malware is under rapid development, with updates adding new features and bug fixes. It can currently download and execute payloads, log keys, steal sensitive data and cryptocurrency, and execute remote commands.

The first version of BunnyLoader emerged on September 4. Since then, its developers added more functions, like multiple anti-detection mechanisms and extra info-stealing capabilities, releasing a second major version towards the end of the month.

Researchers at cloud security company Zscaler note that BunnyLoader is quickly becoming popular among cybercriminals as a feature-rich malware available for a low price.

BunnyLoader promoted on hacker forum
BunnyLoader promoted on hacker forum (Zscaler)

BunnyLoader overview

BunnyLoader’s command and control panel allows even low-skilled cybercriminals set a second-stage payload, enable keylogging, credential stealing, clipboard manipulation (for stealing cryptocurrency), and running remote commands on infected devices.

Main malware functions directly available through the panel
Main malware functions directly available through the panel (Zscaler)

In a recent report, researchers say that after being executed on a compromised device, BunnyLoader creates a new value in the Windows Registry for persistence, hides its window, sets a mutex to avoid multiple instances of itself, and registers the victim into the control panel.

Victims listed on the panel
Victims listed on the panel (Zscaler)

The malware performs several checks to determine if it’s running on a sandbox or simulated environment and throws a fake architecture incompatibility error if the result is positive.

Apart from the mentioned functions, the malware also features modules to steal data stored on web browsers (passwords, credit cards, browsing history), cryptocurrency wallets, VPNs, messaging apps, and more, essentially acting as a standard info-stealer.

All stolen data are compressed into a ZIP archive before they are exfiltrated to the threat actor’s command and control (C2) server.

Data exfiltrated by BunnyLoader
Data exfiltrated by BunnyLoader (Zscaler)

According to the researchers, BunnyLoader supports writing payloads to the disk before executing them, and can also run them from the system memory (fileless) using the process hollowing technique.

Rapid development

Zscaler monitored the malware’s development and announcements on multiple hacking forums and noticed that it went through numerous updates since its initial release.

Here’s a summary of BunnyLoader’s development timeline:

In its current state, BunnyLoader is sold for $250, while the “private stub” version, which features stronger anti-analysis, in-memory injection, AV evasion, and additional persistence mechanisms, sells for $350.

This low price, combined with the rapid development cycle, make BunnyLoader a lucrative choice for cybercriminals seeking early-bird deals on emerging malware projects before they gain prominence and increase their rates.

Zscaler’s report provides technical details that can help detect the malware before it establishes persistence as well as indicators of compromise that could prevent an infection. 

This content was originally published here.

New BunnyLoader threat emerges as a feature-rich malware-as-a-service Read More »

Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads – Infosecurity Magazine

AI-assisted cybersecurity: 3 key components you can't ignore | VentureBeat

Microsoft’s Bing Chat has come under scrutiny due to a significant security concern – the infiltration of malicious ads.

Malwarebytes researchers have now demonstrated how unsuspecting users seeking software downloads can be tricked into visiting malicious websites and unwittingly downloading malware.

Bing Chat, an artificial intelligence (AI) interactive text and image application powered by OpenAI’s GPT-4 and debuted in February 2023, has achieved impressive engagement numbers. It recorded over one billion chats within just six months of its release, according to an advisory published by Malwarebytes on Thursday. 

This rising popularity has attracted advertisers seeking to reach a vast user base, but this has also created a channel for potential abuse.

One of the methods used to introduce ads into Bing Chat conversations involves displaying an ad when a user hovers over a link preceding the organic search result. Despite a small “Ad” label next to these links, it’s easy for users to overlook this distinction, potentially leading them to click on deceptive ads disguised as legitimate search results.

The consequences of such deceptive ads are alarming. When users click on these links, they are directed to fake sites closely mimicking the official ones, or they are sent to decoy pages. The ultimate goal of these tactics is to lure victims into downloading an installer that appears harmless but actually harbors malicious elements. Malwarebytes confirmed it has observed these tactics in action.

According to the company, this incident serves as a stark reminder that online advertising remains a lucrative target for threat actors who aim to divert users to sites harboring malware. In this case, a legitimate Australian business had its ad account hacked, underscoring the need for constant vigilance in the ever-evolving digital landscape.

The security experts advised users to exercise caution while browsing and to employ security tools offering web protection, ad blocking and malware detection to enhance their online security.

The researchers also said they have reported this security breach to Microsoft, underlining the importance of staying proactive in safeguarding the online search and advertising environment.

This content was originally published here.

Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads – Infosecurity Magazine Read More »

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection

Introduction

Organisations must take a multifaceted approach to secure their digital assets in an era of rapidly evolving cyber threats. This comprehensive article delves deep into the labyrinth of infrastructure security, examining its various components: the software layer, the hardware layer, and advanced security measures. The endgame here is to arm organisations with the knowledge to construct a resilient infrastructure that is adept at mitigating present-day risks and future-proofed against emerging threats.

The Software Layer: Where Complexity Meets Vulnerability

The Ever-Evolving Landscape of Software Vulnerabilities

Introduction

The software layer is a complex beast, continually evolving and presenting new challenges and vulnerabilities. In the current digital milieu, this layer is the cornerstone for productivity and vulnerability. Think of it as an advanced game of chess, where strategic manoeuvring isn’t just a matter of choice but an absolute necessity.

The Risks

Navigating this layer goes beyond patching holes and staying compliant with industry standards. We’re looking at an escalating landscape of zero-day exploits, advanced persistent threats (APTs), and increasingly sophisticated malware campaigns. The digital realm is a battlefield where new tactics emerge from the adversary almost daily.

Real-World Case Study

In 2019, a financial services company based in Australia was compliant with ISO/IEC 27001. The article discusses the importance of a multifaceted approach to secure digital assets. It highlights the significance of a resilient infrastructure that can mitigate present-day risks and future-proof against emerging threats. The article delves into the complexities of the software layer, the cornerstone of both productivity and vulnerability. It provides real-world case studies demonstrating the value of a proactive stance towards security. The article offers insights into the nuanced challenges of creating a secure software layer, such as keeping a keen eye on changes in software updates that can inadvertently open up new attack vectors. The article concludes with the importance of taking a strategic and technological approach to security and understanding the specific nuances of an organisation’s software stack for comprehensive security. The article discusses the importance of a multifaceted approach to secure digital assets. It highlights the significance of a resilient infrastructure that can mitigate present-day risks and future-proof against emerging threats. The article delves into the complexities of the software layer, the cornerstone of both productivity and vulnerability. It provides real-world case studies demonstrating the value of a proactive stance towards security. The article offers insights into the nuanced challenges of creating a secure software layer, such as keeping a keen eye on changes in software updates that can inadvertently open up new attack vectors. The article concludes with the importance of taking a strategic and technological approach to security and understanding the specific nuances of an organisation’s software stack for comprehensive security. The article discusses the importance of a multifaceted approach to secure digital assets. It highlights the significance of a resilient infrastructure that can mitigate present-day risks and future-proof against emerging threats. The article delves into the complexities of the software layer, the cornerstone of both productivity and vulnerability. It provides real-world case studies demonstrating the value of a proactive stance towards security. The article offers insights into the nuanced challenges of creating a secure software layer, such as keeping a keen eye on changes in software updates that can inadvertently open up new attack vectors. The article concludes with the importance of taking a strategic and technological approach to security, understanding the specific nuances of an organisation’s software stack for comprehensive security, and successfully thwarting a ransomware attack. How did they do it? Their defence strategy consisted of next-generation antivirus software, further strengthened by an up-to-date intrusion detection system. This incident underlines the value of a proactive stance compared to other organisations that only react post-compromise, often when it’s too late.

The Solutions

While traditional rule-based security mechanisms offer a certain level of protection, they must be more adequate to counter sophisticated attacks. Next-gen software solutions are the way forward, with capabilities like real-time threat intelligence, behavioural analytics, and deep integration with globally recognised frameworks like the NIST Cybersecurity Framework.

Old Tech vs. New Tech

It’s essential to understand that traditional antivirus solutions were engineered for a different era. They are generally rule-based and are not designed to tackle modern threats like APTs. Contrast this with state-of-the-art Endpoint Detection and Response (EDR) solutions like CrowdStrike’s Falcon, which utilises behavioural analytics to identify abnormal behaviour, offering more robust security mechanisms.

Brands and Why Choose Them

For a good reason, cloud-native platforms are gaining significant traction in the security landscape. Solutions like CrowdStrike’s Falcon, built on a cloud-native architecture, enable automated threat hunting and expedited incident response. This dynamism dramatically reduces the time required to identify, mitigate, and recover from security incidents, giving organisations the upper hand in the relentless cyber warfare game.

The Nuanced Challenges

Every organisation’s software stack blends old and new, a mix of legacy systems and modern solutions. These nuances make it critical for security teams to understand their specific environments in-depth. It’s like having a comprehensive map of the landscape you are defending.

A Deeper Dive into Software Update Challenges

Updates to software layers can be a double-edged sword. While they often introduce new features and patches for known vulnerabilities, they can also inadvertently open up new attack vectors. Security teams must keep a keen eye on these changes, practising a proactive rather than a reactive approach to security.

Concluding Thoughts on the Software Layer

Creating a secure software layer is a continuous process requiring a mix of technological prowess, strategic insight, and real-world practicality. Organisations should aim not only to understand the inherent risks in their software but also to stay updated on emerging threats and security solutions.

The Hardware Layer: The Silent Guardian of Cybersecurity

Introduction

While software takes much of the limelight in cybersecurity discussions, hardware’s role as the first line of defence is often underestimated. Think of hardware as a medieval fortress’s physical walls and fortifications—absolutely crucial but easy to overlook until it’s too late.

The Risks

The hardware layer is prone to a myriad of physical and digital threats. While digital attacks like malware and ransomware often make headlines, physical threats like fire, flooding, and unauthorised access can be equally devastating. The need for more attention to these risks can spell catastrophe for organisations.

The Solutions

Today’s hardware solutions have come a long way. Multi-tiered physical security features, like biometric authentication and advanced fire-suppression systems, offer added layers of security. These features typically align with international standards like ISO/IEC 27001, providing an added layer of assurance.

Old Tech vs. New Tech

Traditional hardware solutions, like RAID configurations, were somewhat reliable in the past but are increasingly prone to failure. On the other hand, Modern Software-Defined Storage (SDS) solutions offer advanced features like automated failover and data replication, providing far more resilience against physical and digital threats.

Brands and Why Choose Them

Choosing the proper hardware is critical, and there’s no one-size-fits-all solution here. Companies like Dell EMC offer hardware solutions that provide up.

To military-grade security, others like Cisco focus more on network-centric hardware security solutions. A blend of these might offer the most comprehensive security infrastructure.

Additional Considerations

The effectiveness of your hardware layer can be severely compromised if it’s not seamlessly integrated with your software and procedural protocols. An excellent firewall can only do so much if your team is unaware of how to manage and maintain it properly.

Concluding Thoughts on the Hardware Layer

Securing your hardware is just as crucial as safeguarding your software. Combining state-of-the-art hardware solutions with best practices like regular patch management can go a long way in building a resilient cybersecurity posture.

Advanced Security Measures: Going the Extra Mile

The Sophistication of Modern Cyber Threats

Introduction

It’s abundantly clear that in the kaleidoscope of modern cybersecurity, basic measures just won’t cut it anymore. The digital realm is flooded with advanced and sophisticated threats like spear-phishing, SQL injections, and Cross-Site Scripting (XSS) attacks, which can quickly bypass traditional security measures.

The Risks

As cyber threats become more sophisticated, the level of risk escalates correspondingly. It’s no longer about protecting against viruses and malware; the threat landscape now includes highly targeted attacks that can cripple an organisation’s operations and reputation.

Real-World Case Study

Target, Yahoo, Zappos, Equifax, Epic Games, TalkTalk, LinkedIn, and Sony Pictures fell victim to a SQL injection attack. The financial repercussions were massive, not to mention the erosion of consumer trust and the cost of remediation.

The Solutions

Several measures can effectively counter advanced threats, including adherence to comprehensive guidelines like the OWASP Top Ten. Next-generation firewalls, Data Loss Prevention (DLP) systems, and behavioural analytics tools offer additional security layers.

Old Tech vs. New Tech

Although effective to an extent, traditional firewalls need more sophistication to deal with current threats. Next-gen firewalls with features like Deep Packet Inspection (DPI) offer a far more nuanced approach to threat detection and prevention.

Brands and Why Choose Them

Companies like Palo Alto Networks and Fortinet offer cutting-edge, machine learning-powered solutions that proactively adapt to evolving threats. When it comes to advanced security measures, choosing a brand that invests in R&D can make a significant difference.

The Human Factor

The most advanced tech solutions can only be effective if the human element is addressed. Human error, negligence, or ignorance can introduce significant vulnerabilities, making ongoing training and awareness initiatives critical.

Advanced Security Considerations

When considering advanced security measures, it’s also crucial to consider additional elements like multi-factor authentication, encryption, and secure code reviews. These are no longer ‘good-to-have’ features but essential layers of a resilient cybersecurity strategy.

Concluding Thoughts on Advanced Security Measures

In today’s cyber environment, where risks are continually evolving, taking your security measures to the next level is not just advisable—it’s imperative. Integrating advanced technologies and adherence to robust security frameworks can significantly boost an organisation’s resilience against modern threats.

Conclusion and Final Thoughts

Building a resilient infrastructure involves far more than installing the latest antivirus or implementing a firewall. It’s a multi-layered challenge that demands a carefully orchestrated blend of state-of-the-art technology, best practices, and human vigilance. Each layer—software, hardware, and advanced security measures—offers challenges and solutions. By developing a nuanced understanding of each, organisations can not only mitigate immediate threats but also prepare for future uncertainties.

In a world where digital transformation is no longer a choice but a necessity, there is no room for complacency. By fortifying every layer of their infrastructure with proactive, robust, and technologically advanced measures, organisations can build a genuinely resilient framework that can withstand the relentless onslaught of modern cyber threats.

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection Read More »

Strategies For Merchant Ransomware Protection

Strategies For Merchant Ransomware Protection

Ransomware attacks have become a significant threat to businesses of all sizes, including merchants who rely on electronic payment systems for their operations. These malicious attacks can lock you out of your critical systems, encrypt your data, and demand a hefty ransom in exchange for the decryption key. To safeguard your business and customer data, implementing robust ransomware protection strategies is essential. In this article, we will explore effective strategies for merchant ransomware protection.

One of the weakest links in any cybersecurity defense is often human error. Employees can unintentionally download malicious files or click on phishing emails, making it crucial to invest in ongoing cybersecurity training and awareness programs. Ensure that your staff is well-informed about the risks associated with ransomware attacks and understands the importance of following security protocols and best practices.

Regularly backing up your critical data is a fundamental ransomware protection strategy. By maintaining up-to-date backups stored in a secure, offline location, you can quickly recover your data without having to pay a ransom. Automated backup solutions can help ensure that your data is consistently protected.

Network segmentation involves dividing your network into smaller, isolated segments to limit the lateral movement of ransomware within your systems. If an attacker gains access to one part of your network, segmentation can help contain the breach, preventing it from spreading to other critical systems. Implementing robust access controls and firewall rules is essential for effective network segmentation.

Outdated software and operating systems are often the entry points for ransomware attacks. Hackers exploit known vulnerabilities in older versions of software to gain access to systems. Regularly update your software, including operating systems, applications, and security solutions, to patch these vulnerabilities and reduce the risk of exploitation.

Endpoint security solutions provide a crucial layer of defense against ransomware attacks. Utilize advanced antivirus and antimalware software that can detect and block ransomware threats. Additionally, consider endpoint detection and response (EDR) solutions that provide real-time monitoring and threat response capabilities.

Email remains a common vector for ransomware distribution. Implement robust email filtering and content scanning solutions to detect and block malicious attachments and links. Train employees to recognize phishing attempts and avoid clicking on suspicious email content.

MFA adds an extra layer of security by requiring users to provide multiple forms of identification before gaining access to systems or data. Implement MFA for critical systems and accounts to protect against unauthorized access, even if login credentials are compromised.

In the event of a ransomware attack, having a well-defined incident response plan is crucial. This plan should outline the steps to take when an attack is detected, including isolating affected systems, notifying relevant parties, and involving law enforcement if necessary. Regularly test and update your incident response plan to ensure its effectiveness.

Consider investing in cybersecurity insurance to mitigate the financial impact of a ransomware attack. While insurance won’t prevent an attack, it can help cover the costs associated with data recovery, legal fees, and potential ransom payments.

Stay informed about emerging ransomware threats by monitoring cybersecurity news and utilizing threat intelligence services. Proactive monitoring can help you detect potential threats early and take preventive measures to protect your systems.

Ransomware attacks continue to evolve and pose a significant threat to merchants and businesses worldwide. Implementing a comprehensive ransomware protection strategy is essential to safeguard your data, operations, and reputation. By combining employee training, robust cybersecurity measures, and proactive planning, you can significantly reduce the risk of falling victim to ransomware and minimize its impact on your business. Remember that cybersecurity is an ongoing process, and staying vigilant is key to staying protected in the ever-evolving threat landscape.

This content was originally published here.

Strategies For Merchant Ransomware Protection Read More »

Ransomware attacks down in August after record levels in July

Ransomware attacks down in August after record levels in July

August 2023 saw a drop in ransomware attacks, according to NCC Group’s August Threat Pulse, with 390 attacks representing a 22% drop from July. 

It comes after back-to-back record months in June and July, largely the result of Cl0ps MOVEit exploitation and the ongoing impact of the attack. 

Lockbit 3.0 back in the top spot

Lockbit 3.0 returned to pole position in August, responsible for carrying out the largest volume of attacks at 125, 32% of total attacks in the month. It represents a 150% month-on-month increase on its July activity. BlackCat took the second spot with 41 attacks (11%), followed by 8Base with 32 (8%).

As expected, there was a steep fall in activity from Cl0p. The repercussions from its MOVEit exploitation seem to have largely subsided, with the group responsible for only 1% (3) of all attacks, a 98% decrease from July and June where Cl0p launched 161 ransomware attacks. 

Cl0ps slowdown of activity in August is similar to patterns witnessed in March earlier this year, after its mass exploitation of the GoAnywhere vulnerability was followed by a quiet period of attacks from the group.

Akira, a more recent ransomware player whose activity was first noted in April, has climbed to fourth place in August, after ranking in 8th place in July. The group focused 26% of its activity in the industrials sector and had a particular focus on the education sector. 

Industrials continues to be the most targeted region

Industrials continues to be the most targeted sector representing 31% of all attacks in August. Threat actors continue to target the sector to exploit personally identifiable information (PII) and intellectual property (IP), with larger organisations remaining a specifically active target for threat actors looking to increase their revenue from ransomware attacks. 

The top three industries within the sector targeted in August were professional and commercial services followed by machinery, tools, heavy vehicles, trains and ships, with construction and engineering placing third. 

North America remains the most targeted sector 

The report found 47% of all ransomware attacks in July took place in North America, consistent with previous months. However, the region experienced a 7% relative drop in August, as compared to July where it held 54% of all victims. Europe remains in second place with 108 victims in August, representing 28% of total attacks. 

Interestingly, the volume of ransomware attacks experienced in Asia has climbed in comparison to recent months, accounting for 15% of the total – an amount not witnessed since February this year. 

Spotlight: Geopolitical influence on cyber crime 

The overall rise in attacks within Asia comes as we witness several geopolitically motivated ransomware campaigns by Chinese threat actor Flax Typhoon, overlapping with Ethereal Panda.  

The group’s targeting of Taiwanese organisations across different industries has highlighted how ongoing political tensions continue to have a significant impact on the global cybercrime landscape, posing particular risks to education, manufacturing and critical infrastructure.

The methods adopted by Flax Typhoon also risk being deployed in attacks beyond Taiwan, posing severe risks to wider international security. The group favours Living Off the Land (LOTL) techniques, a method that does not require file installs, code or scripts, that is becoming increasingly popular due to its difficulty to detect. 

“After two record months for ransomware attacks, the fall in attacks in August was to be expected,” says Matt Hull, Global Head of Threat Intelligence at NCC Group. 

“The number of victims in June and July was somewhat inflated by the huge success that Cl0p had exploiting the vulnerability in the MoveIT platform. This being said, the number of recorded victims in August were still significantly higher than this time last year,” he says.

“In our Threat Spotlight, we highlight the ever-persistent threat of cyber espionage by Nation State Groups and look specifically at the activities of China against Taiwan,” Hull says. 

“What we do know is that there is historical evidence that tactics, techniques and procedures are shared by multiple threat Groups in China. 

“As such, with any new campaign it is a necessary reminder to governments and businesses alike that we must remain alert to the activities of threat actors so that we can better prevent and protect against possible intrusion.”

This content was originally published here.

Ransomware attacks down in August after record levels in July Read More »

OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats

OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats

Tampa, FL – September 21, 2023 — OPSWAT, a leader in critical infrastructure protection (CIP) cybersecurity solutions, sponsored the SANS 2023 ICS/OT Cybersecurity Survey, which unveils a distinct reality: despite notable improvements in defense strategies, including increased ICS cybersecurity awareness and enhanced incident response plans, survey respondents collectively consider current cybersecurity threats to ICS as severe/critical (25%) and high (44%). As a result, the top three items of utmost importance for ICS security programs in 2023 have been identified as network visibility, risk assessments, and transient device threat detection.

ICS/OT environments are becoming increasingly interconnected and complex, offering efficiency and innovation. However, this also exposes organizations to heightened vulnerabilities from relentless cyber threats. Dean Parsons, a SANS Certified Instructor, practitioner, and ICS/OT cybersecurity assessment expert, emphasizes, “This year’s survey reveals several notable changes compared to previous years. We see significant efforts in crucial areas and, regrettably, a lack of commitment in some equally important, evolving domains. However, there is a silver lining in the form of increased investments in asset inventorying, network-specific ICS/OT visibility and detection systems, and the development, training, and retention of staff with the required specific ICS security skillsets.”

Compromised IT Leads to Comprised OT

Respondents are predominantly concerned with and have experienced ICS incidents involving malware threats or attackers breaching the IT business network. These breaches often enable access and pivoting into the ICS/OT environment. Compromises in IT systems leading to threats entering OT/ICS networks ranked highest, followed by compromises of engineering workstations and external remote services.

To address these threats effectively, understanding the specific vectors within the top threat vector is essential. Questions arise about why IT compromises lead to ICS breaches, the enabling factors behind such breach points, methods used to compromise engineering stations, and the ownership of these critical processes. Luckily, penetration testing is occurring at multiple levels, with a focus on Levels 3, DMZ, and Level 2, indicating proactive measures to assess and enhance ICS security.

IT and OT Collaboration and Training

The report highlights a significant trend towards IT/OT staff convergence, with 38% of all respondents now responsible for both ICS and IT security, indicating increased responsibilities in 2023 compared to the 20% reported in 2022.

Incident Response 

Cybersecurity solution providers are frequently consulted (43%) when signs of infection or infiltration emerge, emphasizing the need for specialized expertise in incident response. Additionally, a quarter of respondents were uncertain about having an exercised and documented plan for operating ICS engineering systems in reduced capacity, and only 56% currently possess a dedicated ICS/OT Incident Response Plan.

“Building resilient critical infrastructure requires a proactive approach to cybersecurity as noted with the SANS’ report findings,” said Yiyi Miao, OPSWAT’s Chief Product Officer. “At OPSWAT, we’re committed to empowering organizations to safeguard their vital systems through effective industry-leading solutions.”

Download the SANS ICS/OT Cybersecurity Survey: 2023’s Challenges and Tomorrow’s Defenses. 

About SANS 

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s and bachelor’s degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to manage their “human” cybersecurity risk easily and effectively. SANS also delivers a wide variety of free resources to the InfoSec community, including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet’s early warning system — the Internet Storm Center. At the heart of SANS are the many security practitioners representing varied global organizations, from corporations to universities, working together to support and educate the global information security community. SANS.org 

About OPSWAT 

For the last 20 years OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a “Trust no file. Trust no device.™” philosophy, OPSWAT solves customers’ challenges around the world with zero-trust solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world’s critical infrastructure and helps secure our way of life; visit www.opswat.com

This content was originally published here.

OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats Read More »

ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data

ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data

CLIFTON, N.J., Sept. 19, 2023 /PRNewswire/ — ClassLink, the leading provider of identity and access management (IAM) products for education, unveils Scope Your Google Directory, a timely ClassLink Academy course designed to protect schools from directory scraping.

In today’s digital age, schools’ increasing reliance on technology to streamline operations brings new challenges and threats, including directory scraping.

Directory scraping is the automated process of extracting information from online directories, often without the consent or knowledge of the organization that owns the directory. This information can include names, email addresses, phone numbers, and other personal data of students, faculty, and staff.

Directory scraping can have consequences for schools and lead to various issues, including data breaches, phishing attacks, identity theft, privacy violations, and potential misuse of sensitive information.

Schools should take proactive measures against directory scraping to protect their data and ensure data privacy. One effective strategy is directory scoping. Directory scoping involves controlling the visibility and accessibility of directory information to limit the exposure of sensitive data.

To assist schools in implementing effective directory scoping measures, ClassLink is pleased to offer the ‘Scope Your Google Directory’ course. This comprehensive course equips educational institutions with the knowledge and tools to secure their Google directory effectively. Admins can also learn how to mitigate scraping using ClassLink OneSync and other tools to safeguard sensitive data.

“The Scope Your Google Directory course is designed to keep school leaders up-to-date on best practices when it comes to protecting student, faculty, and staff data from bad actors. It empowers schools to take the necessary actions against data scraping to ensure that public directory data remains secure.” – Jeff Janover, VP of Security and Interoperability, ClassLink

This course, available to all ClassLink customers, can be accessed for free by logging in to ClassLink Academy and adding it to the course listings page from the course catalog.

About ClassLink

ClassLink is a global education provider of identity and analytics products that create more time for learning and help schools better understand digital engagement. As leading advocates for open data standards, we offer instant access to apps and files with single sign-on, streamline class rostering, automate account provisioning, and provide actionable analytics. ClassLink empowers 20 million students and staff in over 2,600 school systems. Visit classlink.com to learn more.

About ClassLink Academy

ClassLink Academy is a comprehensive online training platform designed to provide technical administrators, educational leaders, instructors, and students with top-notch resources. Its primary goal is to elevate user proficiency and comprehension in utilizing ClassLink’s suite of products. Visit classlink.com/academy to learn more.

This content was originally published here.

ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data Read More »

Cisco acquires cybersecurity firm Splunk for jaw-dropping $28B | VentureBeat

Cisco acquires cybersecurity firm Splunk for jaw-dropping $28B | VentureBeat

Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

Cisco today announced it is acquiring cybersecurity and observability leader Splunk in a cash deal worth $28 billion. 

The San Jose, California-based networking giant said the move will bring together both companies’ capabilities to drive the next generation of AI-enabled security and observability and make organizations of all sizes more secure and digitally resilient in today’s data-driven, hyperconnected world. 

“From threat detection and response to threat prediction and prevention, we will help make organizations of all sizes more secure and resilient,” Chuck Robbins, the chairman and CEO of Cisco, said in a statement.

The deal, which values each Splunk share at $157, is expected to close by the end of the third quarter of 2024. It is subject to regulatory approvals and other customary closing conditions. Upon close, Splunk’s president and CEO Gary Steele will join Cisco’s executive leadership team reporting to Robbins.

VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.

Strengthening cybersecurity and observability play

Cisco has already established a significant presence in cybersecurity.

The company offers a wide range of products and services to protect networks, data and applications from cyber threats, including firewalls, intrusion prevention systems (IPS), VPNs and endpoint security solutions.

Now, as the threat landscape continues to expand and the data ecosystem becomes more complex with the advent of generative AI and other evolving technologies, the company is teaming up with Splunk to bolster its cybersecurity play.

With this acquisition, Splunk’s security capabilities will complement Cisco’s existing portfolio of solutions, providing enterprises with strengthened security analytics and coverage from devices to applications to clouds.

Splunk was founded in 2003 by Erik Swan, Michael Baum and Rob Das with a mission to make big data searchable. Over the years, the platform evolved into a full-fledged tool for searching, monitoring, analyzing and visualizing machine-generated data in real-time, covering data points from websites, applications, sensors, devices and everything else that makes up the IT Infrastructure. This drove its application across multiple segments, including IT operations, business intelligence and cybersecurity (threat detection and management). 

Cisco notes that the companies’ combined capabilities will also provide observability across hybrid and multi-cloud environments, enabling enterprises to deliver smooth application experiences that power their digital businesses. This will also help enterprises with their AI efforts and allow for greater investments in new solutions, the company added.

“Together, we will form a global security and observability leader that harnesses the power of data and AI to deliver excellent customer outcomes and transform the industry. We’re thrilled to join forces with a long-time and trusted partner that shares our passion for innovation and world-class customer experience, and we expect our community of Splunk employees will benefit from even greater opportunities as we bring together two respected and purpose-driven organizations,” Steele said in the same statement.

Not the only acquisition in cybersecurity

While the deal stands out due to its massive size, it comes as another notable move from Cisco in the security and observability space.

Earlier this year, the company also acquired cloud security software company Lightspin Technologies; Smartlook, a digital experience and analytics solution that monitors user engagement on websites and mobile applications in real-time; and Armorblox, a company focused on the use of large language models (LLMs) and natural language understanding in cybersecurity.

For fiscal year 2023, the company’s total revenue guidance stands at $57 billion with a year-over-year increase of 11%.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

This content was originally published here.

Cisco acquires cybersecurity firm Splunk for jaw-dropping $28B | VentureBeat Read More »

Understanding the Differences Between On-Premises and Cloud Cybersecurity

Understanding the Differences Between On-Premises and Cloud Cybersecurity

The difference between managing cybersecurity in on-premises and cloud environments is not unlike playing traditional versus three-dimensional chess. While the tactics are similar and goals are the same — reduce risk, protect confidential data, meet compliance requirements, and the like — the cloud adds complexity that completely changes the dynamic. The cloud’s architecture, lack of change controls, and subtle and not-so-subtle differences in various cloud platforms’ basic design and operations make cloud security more complex.

While migrating to infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), software-as-a-service (SaaS), and serverless computing is well established, some veteran technical and management staff who were trained in on-premises environments still bring that operational bias to managing clouds. However, the nature of cloud environments means security and technical teams need a different mindset to understand and manage their new attack surface.

Three Clouds, Three Environments

Organizations often use multiple vendors’ clouds, whether to meet specific operational needs, optimize price and performance, or access specialized capabilities. Most midsize to large organizations use two or more clouds (making them multicloud) in conjunction with on-premises servers and infrastructure (referred to as hybrid cloud).

Microsoft Azure is the popular choice if you’re running Windows for your in-house applications. There is a natural gravity to move to Azure once it no longer makes sense to deploy more racks in your data center. If you are deploying large-scale Web apps, the natural affinity is towards Amazon Web Services (AWS), although Google Cloud Platform (GCP) is also attractive for these use cases. GCP is also known for its analytics capabilities (BigQuery), so some organizations use it exclusively as a data lake with advanced analytics.

To effectively protect every cloud environment, cybersecurity teams must be security experts for each one. But there is a disconnect between how much additional work people think two or three clouds should entail and the work it actually entails, as each cloud’s attack surface is distinct. So, splitting your workloads across two clouds almost doubles the knowledge and work required compared to running all your workloads in a single cloud.

DMZ Differences

Another difference is that an on-premises data center has a well-defined demilitarized zone (DMZ) to protect external-facing services, while cloud environments mostly don’t.

A physical data center has a clear (often physical) DMZ where multiple security controls and monitoring are implemented. There are clear pathways into and out of a data center that an adversary’s command-and-control channel and exfiltration traffic would need to traverse.

In the cloud, the DMZ is more of a logical construct, and often the DMZ’s reality does not align with the organization’s mental model. It is not unusual for a scan to find unexpected holes exposing organizational data outside the environment. Chasing down and managing your DMZ requires specialized expertise that security architects who focus on on-premises networks may not have.

Leaky Cloud Services

Attackers can leverage many multitenant cloud services to communicate in and out of a cloud environment in a way that bypasses the tenant’s network. A classic example is when an attacker breaks into an AWS environment and expands access (from the Internet or another AWS tenant) to an S3 bucket. You can’t observe an attacker reading 10GB of content from the S3 bucket on the tenant’s network; because it occurs in the cloud service provider’s backplane, it is basically invisible to the tenant. If that same 10GB of content was exfiltrated from an on-premises network, it likely would be flagged and the security team notified.

If this were just about having the right controls for cloud storage services in place, it might seem like a manageable problem. But each service in the cloud has its own features and controls, and some may enable hidden external communication. Your cybersecurity team must be able to find all of them (not just the ones you intend to use) and have the necessary controls and monitoring in place.

Problems With Updates

Cloud providers make regular updates, such as adding new services, improving capabilities in existing ones, or changing a service’s default settings. Even services you don’t intend to use can expose you to risk, as attackers who have burrowed into your environment can leverage a leaky service to establish external communications. Or, the provider might change a service’s default configuration from restrictive to permissive policies, blindly exposing you to risk. These are not just theoretical scenarios — attackers are already leveraging these capabilities.

Compare this to an on-prem data center, where you are in control of software updates. You would not install software that you did not intend to use, as it would expose you to more risk and more work. On-prem data centers tend to have the opposite problem: known vulnerabilities are not patched quickly enough. You might spend a lot of time and money deciding which software patches are critical so that you can reduce your attack surface to the greatest possible extent with the minimum possible number of software updates.

Protecting Your Cloud

Understanding the structural and operational differences between on-premises and cloud operations is essential. To start, while it may seem business-friendly to allow each business unit to choose its preferred cloud platform, each new cloud comes with substantial additional work to secure it.

Ignoring the risks, including training and staffing priorities, will expose you to threats when many advanced attackers are focusing on your cloud footprint. Today’s innovative cloud attacks will be tomorrow’s run-of-the-mill breaches.

This content was originally published here.

Understanding the Differences Between On-Premises and Cloud Cybersecurity Read More »

How to Get Your Board on Board With Cybersecurity

How to Get Your Board on Board With Cybersecurity

Nearly three-quarters (73%) of cybersecurity industry leaders have experienced burnout in the last 12 months — and who can blame them?

The shift to remote and hybrid work models has increased organizations’ reliance on cloud services, limiting security teams’ visibility into employee network and endpoint environments. But reduced visibility places company data at greater risk of cyber threats, and the subsequent surge in software supply chain attacks and ransomware incidents has cast a spotlight on the significance of cybersecurity. As a result, CISOs face more pressure than ever to maintain robust cyber defenses.

However, the role of the CISO has also evolved in other ways. With the frequency and severity of cyberattacks increasing, security has become a board-level issue given the potential reputational, financial, and operational damage associated with an attack. While it’s a positive development that more C-suite and board leaders are becoming active participants in cybersecurity conversations, it has also placed added pressure on CISOs, who must communicate advanced security protocols to a non-technical audience and justify their defense plans.

To champion cybersecurity initiatives while staying within budget constraints and aligning investments with overarching business goals, you need more than technical prowess. You must be able to effectively communicate and collaborate with your C-suite peers — and that’s sometimes not as easy as it sounds.

Four Ways CISOs Can Elevate Leadership Skills to Champion Cybersecurity

You know better than anyone that business success goes hand in hand with having proper cybersecurity processes and defenses in place. An effective cybersecurity strategy not only safeguards sensitive data but also yields significant cost savings and risk mitigation by preventing data exposure, curtailing downtime costs, and preserving the organization’s reputation.

As you embrace a more visible leadership role, alignment with your C-suite counterparts hinges on your ability to communicate, listen, and guide. Consider these tactics and strategies to hone your leadership skills so you can help your organization make more-informed cybersecurity decisions:

Ready to Lead Your Organization to a More Secure Future?

Your role as CISO is simultaneously growing in complexity and importance. In addition to remaining aware of emerging cyber threats and risk-mitigation strategies, you must also advocate for cybersecurity policies and investments that are in budget and align with the organization’s overarching business objectives.

In prioritizing your own professional development alongside companywide security initiatives, you can effectively defend your organization’s digital assets while fostering a culture of proactive defense.

This content was originally published here.

How to Get Your Board on Board With Cybersecurity Read More »

Scroll to Top