Tag Archive for: InfoSec

Ransomware attacks register record speeds thanks to success of infosec industry • The Register

/in


The time taken by cyber attackers between gaining an initial foothold in a victim’s environment and deploying ransomware has fallen to 24 hours, according to a study.

In nearly two-thirds of cases analysed by Secureworks’ researchers, cybercriminals were deploying ransomware within a day, and in more than 10 percent of incidents it was deployed within five hours.

This average dwell time has dropped significantly in 2023, down from 4.5 days in 2022 and 5.5 days the year before that.

The findings remained consistent across the year’s incidents, researchers noted, not being influenced by specific ransomware variants of cybercrime groups.

Dwell times in some cases were longer when data exfiltration occurred before ransomware was deployed – a double extortion scenario.

However, this wasn’t true in every case, and as Microsoft revealed last week in its annual threat intelligence report, double extortion events accounted for just 13 percent of ransomware incidents in the past year.

Secureworks said that ransomware attacks are being carried out with less complexity than in years gone by, with the days of organization-wide encryption incidents becoming increasingly more difficult to pull off.

“The cybersecurity industry is undoubtedly getting better at detecting the activity that has historically preceded ransomware, such as the use of offensive security toolkits like Cobalt Strike,” Secureworks said in its “State of The Threat Report.” 

“This may be a factor in forcing ransomware operators to work more quickly.”

As detection technologies become more effective, cybercriminals are naturally forced to adapt to a changing defensive landscape, having to complete their attacks faster.

Secureworks’ experts also said the popularity of the ransomware-as-a-service (RaaS) model could also provide an explanation for shorter attacks. 

With effective ransomware payloads, complete with easy-to-follow instructions for affiliates to use them, the RaaS model makes executing attacks possible for even the least-skilled criminals.

This lowering of the barrier to enter the ransomware market as an affiliate has led to an increase in attacks overall, and June broke the single-month record for…

Source…

Publisher’s Spotlight: The Zero Day Initiative (ZDI): Financially Rewarding InfoSec Researchers

/in


Formed by TrendMicro, the Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately to the affected vendors by financially rewarding researchers. At the time, there was a perception by some in the information security industry that those who find vulnerabilities are malicious hackers looking to do harm. Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who discover new flaws in software.

Incorporating the global community of independent researchers also augments their internal research organizations with the additional zero-day research and exploit intelligence. This approach coalesced with the formation of the ZDI, launched on July 25, 2005.

Today, the ZDI represents the world’s largest vendor-agnostic bug bounty program. Their approach to the acquisition of vulnerability information is different than other programs. No technical details concerning the vulnerability are sent out publicly until the vendor has released a patch.

One of their cool events is Pwn2Own, held in multiple countries – here’s their recent scoreboard from their Vancouver, Canada event:

Publisher’s Spotlight: The Zero Day Initiative (ZDI): Financially Rewarding InfoSec Researchers

Contestants disclosed 27 unique zero-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, Synacktiv (@Synacktiv), for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3:

Publisher’s Spotlight: The Zero Day Initiative (ZDI): Financially Rewarding InfoSec Researchers

They do not resell or redistribute the vulnerabilities that are acquired through the ZDI.  Submitting through the ZDI program also relieves you from the burden of tracking the bug with the vendor.  They make every effort to work with vendors to ensure they understand the technical details and severity of a reported security flaw, which leaves researchers free to go find other bugs.  They will let you know where things stand with all your own current cases with regards to vendor disclosure. In no cases will an acquired vulnerability be “kept quiet” because a product vendor does not wish to address it.

Interested researchers provide them with exclusive information about previously un-patched vulnerabilities they have discovered.  The ZDI then collects…

Source…

Infosec products of the month: July 2023

/in


Here’s a look at the most interesting products from the past month, featuring releases from: BreachRx, Code42, ComplyAdvantage, Darktrace, Dig Security, Diligent, Fidelis Cybersecurity, Hubble, Netscout, Panorays, Privacera, Regula, SeeMetrics, Tenable, and WatchGuard.

infosec products July 2023

WatchGuard expands identity protection capabilities with AuthPoint Total Identity Security

AuthPoint Total Identity Security enables MSPs to offer their customers credentials monitoring, on-demand dark web exposure alerts, and password management to reduce issues related to credential compromise with an all-in-one mobile authenticator app for iOS and Android.

infosec products July 2023

NETSCOUT enhances its AED with ML-based Adaptive DDoS Protection

Deployed at the internet edge in front of any firewall, AED screens incoming and outgoing traffic using stateless packet processing, global DDoS threat intelligence, and ML to block inbound cyber threats, including DDoS attacks and other bulk malicious traffic. It protects and reduces the load on firewalls, load balancers, or VPN concentrators and stops the proliferation of malware within an organization.

infosec products July 2023

Fidelis Active Directory Intercept enables identification of AD issues

Fidelis Cybersecurity released the new Fidelis Active Directory Intercept, a capability that combines network detection and response, deception technology, and Active Directory (AD) security, as part of their Fidelis Network and Deception 9.6.1 product release.

infosec products July 2023

Hubble Aurora empowers businesses to gain insights into their technology ecosystems

Aurora builds on the foundation of Hubble’s existing Asset Intelligence platform, providing users with asset visibility and insights into their cybersecurity posture, with new features such as a no-code dashboarding interface and a rich, open schema and SDK for integrating Hubble Asset Intelligence into third-party applications.

infosec products July 2023

Regula enhances document examination capabilities to help forensic experts fight identity fraud

The update of the Regula 4306 is centered around light sources that are indispensable for thorough document examination, including relief and various security features, especially those invisible to the naked eye. The redesigned device boasts of…

Source…

Obrela at InfoSec Europe, the Largest Cyber Security Conference

/in


Obrela, a leading cyber security service provider announced today it will exhibit in Infosecurity Europe 2023. The event will take place at the ExCel in London on 20-22 June.

With Security as the first priority, always, the Obrela team of experts will be available to help professional delegates to achieve security over everything through the latest services available. Obrela at stand K90, including our CEO, Mr. George Patsis will welcome visitors to discuss the prevailing challenges in CyberDefense and to best address the new Cyber Risk Landscape. Delegates can book their meetings with Obrela’s executives and learn more about the unrivalled capabilities of the Obrela Manage Detection and Response (MDR) Solution. 

The latest upgraded Enterprise Grade MDR solution can benefit end users and partners alike.

Obrela delivers cyber security using a disruptive business model: Cyber Security as a Service, which addresses an emerging demand for Service Providers that can offer an “Umbrella” of end-to-end security services under which allows clients to rest assured and focus on their business.

Obrela has successfully delivered MDR and Cyber Risk Management in real-time for over a decade to international organisations. The acknowledged expertise and noteworthy customer base have been incorporated in the new product range of services available to organisations thus making Obrela one of the largest and most innovative cyber security service providers in EMEA. 

During the event, the Obrela team will showcase the range of our service offering:

  • MDR: Turnkey threat detection and response service that helps our clients manage operational risk and significantly reduce the mean time to detect and respond to cyberattacks. Our MDR is a mission-critical service that combines artificial and human intelligence to dynamically protect clients’ digital universe and digital assets by identifying, predicting, and preventing cyber threats in real-time.

  • MRC: An “umbrella” of solutions that enable clients to effectively manage and orchestrate various aspects of cybersecurity such as governance, risk, compliance, and operations. Our comprehensive approach streamlines these diverse facets of cybersecurity,…

Source…