April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
The U.S. Coast Guard (USCG) oversees approximately 800 waterfront facilities that, among other activities, transfer hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles. These “maritime bulk liquid transfers” increasingly rely on computers to operate valves and pumps, monitor sensors and perform many other vital safety and security functions. This makes the whole system more vulnerable to cybersecurity issues ranging from malware to human error, and is the reason behind a new voluntary cybersecurity guide for the industry.
Maritime bulk liquid transfer processes are part of a complex and sophisticated supply chain of the oil and natural gas industry that brings together various types of organizations and systems. The USCG and industry representatives joined with the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), to develop a profile to help those organizations assess their cybersecurity risk (link is external).
The document is the first in a series of planned profiles that will help maritime industry organizations make the most of the voluntary Framework for Improving Critical Infrastructure Cybersecurity, published by NIST in February 2014. The profile pulls into one document recommended cybersecurity safeguards to provide a starting point for organizations to review and adapt their risk management processes, and it describes a desired minimum state of cybersecurity.
“Working with the U.S. Coast Guard to engage the oil and natural gas industry in creating this profile is a prime example of the collaboration that takes place at the NCCoE,” said Don Tobin, NIST senior security engineer. “Organizations working in this critical mission area can leverage the profile to develop a plan to reach their desired state of cybersecurity.”
The profile is aimed at those involved in overseeing, developing, implementing and managing the cybersecurity components of maritime bulk liquid transfer. This includes operations executives, risk managers, cybersecurity professionals and vessel operators. It recognizes a need for security controls on operational technologies such as storage, transfer, pressure and vapor monitoring, emergency response and spill mitigation systems. The profile provides guidance on appropriate security controls for information technology to reliably support these increasingly connected processes, as well as traditional ones such as human resources, training and business communication.
“These facilities face inherent cybersecurity vulnerabilities and the U.S. Coast Guard hopes this profile will assist organizations with mitigating them, and provide a long-term process for developing an internal cyber risk management program,” said Lt. Josephine Long, a marine safety expert in the Critical Infrastructure Branch within the USCG’s Office of Port & Facility Compliance.
The profile can help individual companies clarify how cybersecurity fits into their mission priorities and how best to allocate resources to secure their information and operational systems. Benefits also include improved understanding of the environment to foster consistent analysis of cybersecurity risks, and alignment of industry and USCG cybersecurity priorities.
According to Long, the USCG plans to work with the NCCoE to build additional profiles that will cover mobile offshore drilling operations, passenger vessel and terminal operations.
The NCCoE works with industry, academia and other government agencies to address real-world cybersecurity problems with existing technology.
The Maritime Bulk Liquid Transfer Cybersecurity Framework Profile (link is external) is available on the USCG website, and more information is available in a blog post (link is external) on Maritime Commons (link is external).
Cybercrime victims in western Michigan will soon have one number to call for help thanks to the Cybercrime Support Network and AT&T
GRAND RAPIDS, Mich.-- Cybercrime affects millions of Americans each year. The Federal Bureau of Investigation Internet Crime Complaint Center (IC3) has identified 38 cybercrime categories, and complaints to IC3 in 2016 totaled $1.33 Billion in losses by almost 300k complaints1. This represents only an estimated 15% of the total number of cybercrime victims each year. Without a central reporting number, victims waste time searching for the resources and support they need.
This fast-growing crime preys on children and adults, small and large business, public and private sector, seniors and singles and leaves behind emotionally and financially exhausted victims with little understanding of who or where to turn. It is a stealth crime and victims often fail to realize its impact until the perpetrator is long gone. Even the first step in recovery—reporting the crime at the state or local level—can be confounding.
The Cybercrime Support Network (CSN), a nonprofit corporation, is working with federal, state and local law enforcement and the United Way Worldwide National 211 system to add services to the already established 211 infrastructures to serve the growing number of cybercrime victims. AT&T is the first private-sector sponsor of the project.
"We are thankful for the support of AT&T on this project, we share a strong commitment to combat cyber threats and to the state of Michigan where we are launching our first pilot," says Kristin Judge, chief executive officer, Cybercrime Support Network. CSN is launching a pilot in western Michigan this fall to train 911 and 211 front line specialists to triage cybercrime calls. After the internal training is complete, the community will be trained to call 211 for help.
"AT&T has invested in our Michigan communications networks, our people and local communities for 138 years. Working side-by-side with CSN, state government, and local agencies to further cyber response and support is integral to our mission," says Roger Blake regional vice president, AT&T Public Sector.
The goals of the program in West Michigan include: (i) building awareness, giving voice and serving victims of cybercrime, (ii) connecting victims to local, state and federal law enforcement, when required, (iii) identifying community resources for recovery and crime victim compensation, and (iv) improving education and restitution options for victims.
In addition to AT&T, this program is a collaborative engagement between CSN, Michigan 211, and Heart of West Michigan Regional 211 and is the first and only nonprofit, public-private partnership to meet the unsupported needs of cybercrime victims. "Our collective vision to foster collaboration, provide training and create resources for the community is shared by each of these organizations," says Tom Page, Director, MI 211.
The goal by 2021 is that citizens calling 211 for cybercrime assistance will be as commonplace as calling 911 in an emergency. When cybercrime victims reach out for help they will receive informed, compassionate and expert support in seeking recovery. To stay connected with this critical program and to sponsor, please visit www.Cybercrimesupport.org.
1Federal Bureau of Investigation, 2016 Internet Crime Report, https://pdf.ic3.gov/2016_IC3Report.pdf
About Cybercrime Support Network
The Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet challenges facing millions of people and businesses affected each and every day by cybercrime. Currently, victims struggle to find the right help, and responses from law enforcement vary by jurisdiction.
CSN is bringing together partners around the country to create a coordinated system to support cybercrime victims. Soon, the victims will have one number to call and reach a referral specialist who can navigate them through the process of response and recovery. Stay connected with CSN on Twitter @cybersupportnet.
AT&T Inc. (NYSE: T) helps millions around the globe connect with leading entertainment, business, mobile and high speed internet services. We offer the nation's best data network** and the best global coverage of any U.S. wireless provider. We're one of the world's largest providers of pay TV. We have TV customers in the U.S. and 11 Latin American countries. Nearly 3.5 million companies, from small to large businesses around the globe, turn to AT&T for our highly secure smart solutions.
AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand and not by AT&T Inc. Additional information about AT&T products and services is available at about.att.com. Follow our news on Twitter at @ATT, on Facebook at facebook.com/att and on YouTube at youtube.com/att.
© 2017 AT&T Intellectual Property. All rights reserved. AT&T, the Globe logo and other marks are trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
**Claim based on the Nielsen Certified Data Network Score. Score includes data reported by wireless consumers in the Nielsen Mobile Insights survey, network measurements from Nielsen Mobile Performance and Nielsen Drive Test Benchmarks for Q1 + Q2 2017 across 121 markets.
Coop Employs Cognito from Vectra to Protect its Retail Operations from Cyber attacks and Augment its Security Operations Team
Vectra®, the leader in automating the hunt for in-progress cyber attacks, today announced a multi-year agreement to provide its Cognito™ AI threat hunting platform to Coop Group, one of Switzerland's largest retail and wholesale companies. Coop selected the Cognito AI platform from Vectra as an innovative approach to increasing cybersecurity operational efficiency and efficacy.
With 2,476 sales outlets and over 85,000 employees, Coop is a large and highly distributed organisation. With the retail industry being a significant target for cybercriminals*, Coop decided that perimeter defences alone are insufficient to safeguard customer information, internal systems and point of sale systems. As a result, Coop set out to find technology that would enable them to detect and respond to cyber attacks in real time and prevent or significantly mitigate the impact of a data breach.
Coop identified significant economic and security gains resulting from the introduction of AI security automation. After evaluating multiple solutions, it turned to Vectra and its Cognito AI platform to help them detect cyber attacks in real time and speed response by augmenting their security operations team.
Cognito detects both known and unknown threats through the analysis of malicious attacker behaviours, rather than simple signature profiling of exiting threats. It will augment the Coop cybersecurity analysts by rapidly detecting, triaging and correlating threats to uncover in-progress cyber attacks before they become critical security incidents. Cognito detects threats created by malware, ransomware, advanced attackers abusing credentials and rogue insiders, regardless of the device or software used, and at a speed and scale humans alone cannot match.
"Enterprises like Coop are under immense pressure to reduce the time to detect and respond to attacks," said Gerard Bauer, vice president of EMEA at Vectra. "Security teams are overwhelmed with the manual task of triaging and correlating security events and struggle to fill open cybersecurity jobs. The Cognito AI platform automates threat hunting, triage and correlation for the Coop security team, and prioritises threats based on risk level so they can respond immediately. Cognito has reduced the security operations workload for enterprises by 168x**, shortening incident response from days to minutes."
To learn more about the Cognito platform, and how it combines machine learning and behavioural analytics to hunt ongoing threats, visit https://vectra.ai/cognito.
Vectra® is transforming cybersecurity with AI. Its Cognito platform automates cyber attack detection and response from data centre and cloud workloads to user and IoT devices. Cognito correlates threats, prioritises hosts based on risk and provides rich context to empower response with existing security systems, reducing security operations workload by 168x. Vectra was named "Most Innovative Emerging Company" in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra has been issued 5 U.S. patents with 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit https://vectra.ai.
Vectra, the Vectra Networks logo and 'Security that thinks' are registered trademarks, and Cognito, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.
In 2016 almost 1.1 billion identities were stolen globally. This number is up dramatically from a reported 563.8 million identities stolen in 2015. In addition, the same Symantec Internet Security Threat Report placed the United States at the top of the list for both the number of breaches by country (1,023) and the number of identities stolen by country.
New York State’s Division of Financial Security and other government entities around the globe have been monitoring this increased cybercriminal threat and determining means to help protect the private information of individuals as well as the information technology systems of regulated organizations.
New York State’s Division of Financial Security released new cybersecurity requirements (23 NYCRR 500), directly affecting the way that financial data is managed going forward. Applicable to financial services companies operating in New York State, these regulations declare that, on an annual basis, financial firms are required to prepare and submit a Certification of Compliance with the NY DFS Cybersecurity Regulations to the superintendent, commencing on February 15, 2018.
The scope of this legislation describes measures related to: cybersecurity programs and policy, personnel, resources and training, penetration testing and assessments, audit trails, access privileges, application security, third parties, NPI (Non Public Information) encryption, data retention, incident response and notification.
Among other requirements, this regulation dictates that companies declare any cyberattack to the superintendent within 72 hours. In the past, many companies chose to not disclose information related to these hacking exposures because much of their cost stems from damage to brand reputation and the necessary steps required to rebuild the trust of their clients post-attack.
Similar to the NY DFS proposal, the Federal Reserve Board (FSD), the Office of the Comptroller of the Currency (OCC), and the FDIC issued an advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management and resilience standards for large banking organizations. Additionally, the states of Vermont and Colorado have released laws pertaining to cybersecurity and the improved protection and monitoring of data.
Two technologies specifically called out in the new NYS DFS Cybersecurity requirements, Multi-factor Authentication (MFA) and Risk Based Authentication (RBA), are key methods of complying with regulation and defending against attacks.
Multi-factor authentication is defined as using at least two factors to authenticate a person, generally a combination of:
- “Something I Have” — this could be a hardware token, a mobile soft token, etc.
- “Something I Know” — like a PIN code, a password, and
- “Something I Am” — such as a fingerprint or face recognition.
With MFA, the two factors are fully independent from each other (i.e. the failure of one factor would not compromise the other one).
Risk based authentication is the capacity to detect anomalies or changes in the normal use patterns of a person as part of the authentication process, require additional verification if an anomaly is detected to avoid any breach.
It is more efficient to avoid hacking and cyber-attacks in the first place by focusing attention on the security of the applications being accessed, both externally and internally. To learn more about these regulations and how similar standards will impact you, visit www.hidglobal.com/iam.
HID FARGO Connect Cuts the Cord Between Printers and Dedicated PCs for a New Way to Create and Securely Issue IDs
AUSTIN, Texas, October 17, 2017 – HID Global, a worldwide leader in trusted identity solutions, today announced its cloud-based HID FARGO® Connect™ solution has won the 2017 Campus Safety Best Awards in the Access Control & Identity Management category. As the world’s first cloud-based card personalization and issuance solution, HID FARGO Connect untethers printers from dedicated computers to offer a new way to create, personalize and securely issue IDs and credentials.
“HID FARGO Connect addresses a growing market demand to simplify the management and delivery of IDs, especially for high-volume issuance requirements in environments with large populations,” said Craig Sandness, Vice President and Managing Director of Secure Issuance with HID Global. “This recognition underscores yet another solution from HID Global that powers trusted identities through an innovative approach to card personalization.”
HID FARGO Connect makes it possible to issue ID cards from anywhere and from any device via the web—all in a trusted environment that leverages the industry’s most secure cloud technologies with end-to-end encryption. Users can create new cards or issue replacements, encode data and manage print queues through a secure and trusted system.
The Campus Safety Magazine 2017 BEST award honors superior products and services for K-12 campuses, institutions of higher education and healthcare organizations.
Click here to learn more about HID FARGO Connect.
Stay Connected with HID Global
About HID Global
HID Global powers the trusted identities of the world’s people, places and things. We make it possible for people to transact safely, work productively and travel freely. Our trusted identity solutions give people convenient access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people around the world use HID products and services to navigate their everyday lives, and over 2 billion things are connected through HID technology. We work with governments, educational institutions, hospitals, financial institutions, industrial businesses and some of the most innovative companies on the planet. Headquartered in Austin, Texas, HID Global has over 3,000 employees worldwide and operates international offices that support more than 100 countries. HID Global® is an ASSA ABLOY Group brand. For more information, visit www.hidglobal.com.
# # #
® HID and the HID logo are trademarks or registered trademarks of HID Global or its licensors in the U.S. and/or other countries. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners.
August 2017 by Marc Jacob
BeyondTrust, the cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, announced today that its PowerBroker privileged access management platform, powered by BeyondInsight, is the first PAM platform available on Google Cloud. As the only complete PAM platform available on Google Cloud, BeyondTrust, which is already available on Amazon Web Services and Microsoft Azure Marketplace, can now provide additional cloud-based deployment options and maximum flexibility for customers.
While today’s announcement ushers in a new offering for BeyondTrust and its platform, currently also available as software, virtual and physical appliances, it significantly magnifies BeyondTrust’s cloud availability, providing the necessary resources to manage cloud instances, cloud services, and cloud applications. It also enhances BeyondTrust’s offering for Managed Services Providers (MSPs) in search of new security services for their customers. Customers and partners alike can benefit from BeyondTrust’s industry-unique cloud connectors for managing other cloud instances and passwords, and not only for Google.
BeyondTrust’s Google Cloud instance is supported by a Bring Your Own Licensing (BYOL) model that can be used with:
- PowerBroker Password Management – Privileged password and privileged session management that improves accountability and control over shared passwords by securing, controlling, alerting and recording access
- PowerBroker Privilege Management (UNIX, Linux, Windows, Mac) – Multilayered privilege protection that enforces least privilege and appropriate use across physical and virtual systems efficiently, without disrupting user productivity
- Retina CS – Centralized Vulnerability Management with advanced analytics, reporting and remediation that targets “real” threats.
All solutions in the platform benefit from central policy management, workflow, auditing, reporting, threat and behavioral analytics, and connectors delivered natively in BeyondInsight.
Pricing and Availability
BeyondTrust’s PAM platform is available on Google Cloud now. Licensing will follow a BYOL model and pricing is based on instance type and runtime parameters.
Zoran to Lead CyberArk’s Global Sales Organization, Drive Increased Adoption of Privileged Account Security Worldwide
Newton, Mass. and Petach Tikva, Israel –August 8, 2017– CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced the promotion of Ron Zoran to the newly created position of Chief Revenue Officer (CRO), effective immediately. Zoran will be responsible for executing the company’s worldwide sales strategy across sales, sales engineering, and channels to drive revenue growth across all geographies.
Since CyberArk’s founding in 1999, Zoran has held leadership positions across the organization in sales management, research and development, and technical support. Most recently as Vice President of Sales for the Americas, Zoran led the U.S., Canada and Latin America sales, sales engineering and channel sales teams increasing revenue in those regions from $34 million in 2013 to more than $130 million in 2016, representing a three-year CAGR of 58%. Under his leadership, CyberArk, nearly tripled the Americas customer base to about 1,800 customers, increased penetration of the Fortune 500, and successfully expanded the company’s presence in the US Federal vertical, as well as in Canada and Latin America. The company also strengthened its channel relationships, increasing collaboration with advisory firms, systems integrators and value added resellers.
“Ron’s proven track record across every role he’s held at CyberArk, his passion for our mission and deep security expertise gives me great confidence in Ron’s ability to deliver results and enable CyberArk to fully capitalize on our tremendous opportunity,” said Udi Mokady, CyberArk Chairman and CEO. “With Ron at the helm of our global sales organization, we will drive consistent best practices across all sales, sales engineering and channel sales to enable CyberArk to expand our market reach, drive growth and scale our operations.”
“CyberArk is the undisputed leader in privileged account security with the best and only solution that helps organizations protect their privileged accounts across the enterprise, in the cloud and across the DevOps pipeline,” said Zoran. “I am passionate about driving customer adoption of privileged account security as a critical and measureable layer of security for organizations to defend against an increasingly complex threat landscape. I look forward to taking CyberArk to the next level of growth and market leadership.”
Prior to joining CyberArk, Zoran spent 6 years as an Officer and R&D Group Manager at the Technological Computer Center of the Israeli Defense Forces. Zoran holds an MBA from Northeastern University and a B.A. in Computer Science from Bar-Ilan University.
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 50 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the CyberArk blog, or follow on Twitter via @CyberArk, LinkedIn or Facebook.
Ankur Chadda, Director of Product Marketing, Gurucul - www.gurucul.com
I confess. I've read the book Borderless Behavior Analytics – Who’s Inside? What’re They Doing? three times. I keep discovering new insights on addressing the vanishing security perimeter based on what organizations are doing in response to this challenge.
In chapter five, Robert Rodriguez , Chairman and Founder of the Security Innovation NetworkTM (SINET) , describes a number of compelling developments. SINET is an international community building organization whose mission is to advance innovation and enable global collaboration between the public and private sectors to defeat cybersecurity threats. Rodriguez's observations are both authoritative and enlightening.
He observed that many CISOs have recognized the need to move from automation to orchestration of cyber security to enable centralized visibility and decision-making. This means putting in place an infrastructure to integrate all the monitoring, data collection, analysis, control and response components needed for a holistic and flexible model with the flexibility to adapt to future needs.
This orchestration capability can help assure comprehensive remediation of threats. Eventually, some form of attribution should be included because a number of industries and corporations are battling with this challenge. Nevertheless, in order to do proper attribution, it must become clearly mandated within the cybersecurity industry. That’s something to look forward to in the future.
In terms of other trends, Rodriguez notes that it is disappointing we’re not seeing more disruptive innovation in cybersecurity. He has not seen anyone inventing fire or the light bulb. Meanwhile, it’s a cat and mouse game. Sometimes we’re staying ahead of adversaries, and other times we’re not. What’s needed are intelligence-based solutions that can recognize the weakness in security defenses, attacker strengths and likely scenarios.
One of the inhibiting factors of dynamic innovation in cybersecurity, however, has been the rapid evolution and transformation of the Internet. Use cases rise in popularity, and quickly morph into something drastically new. Facebook is a good example. It is very different today, compared to its original incarnation. Multiply this phenomenon exponentially, and you have today’s Internet. From a cyber security standpoint, we’re trying to work backwards to fix a framework which is extremely porous. In many respects, we’re chasing a moving target.
The hope for productive change in cybersecurity lies inherently with risk takers and early adopters. These change agents are willing to take the leap of faith needed to implement next-generation security approaches, many of which are now drawing strength from analytics and machine learning models. Part of the challenge in the government sector, is that there’s no reward for taking risks. Primarily because there are no profit margins or shareholder value, no driving motivation to deliver more for less. The culture in government, therefore, is different than in the commercial world.
Nevertheless, government CISOs are increasingly looking to risk takers and early adopters in both the public and private sectors to inform their thinking and challenge their strategic planning assumptions. The book I mentioned earlier, Borderless Behavior Analytics – Who’s Inside? What’re They Doing? , is one resource where readers can hear first hand accounts of cyber security transformation projects from leading CIOs and CISOs that span a wide range of vertical industry perspectives.
New Firebox M Series appliances help SMBs keep up with the rising tide of encrypted traffic with best-in-class performance and security
SEATTLE – August 15, 2017 – WatchGuard® Technologies, a leader in advanced network security solutions, today announced hardware upgrades to its Firebox® M Series to handle the rapid proliferation of encrypted web traffic and offer more flexibility with added copper and fiber ports. With the new M470, M570 and M670 appliances, users can add additional network modules to increase the number of copper or fiber ports available to support the growing use of 10G fiber in midsize enterprise data centers. The new Firebox M Series appliances also enable users to inspect encrypted traffic with industry-leading performance with all security services enabled. According to Miercom, an independent testing lab, the updated Firebox M370 performs full HTTPS inspection 94% faster than competing solutions.
Network defenses that don’t adequately process and inspect encrypted traffic leave employees, customers and partners vulnerable to cyber attacks. According to a 2016 Ponemon study, 41 percent of attacks in 2016 used encryption to either disguise their entry into the network or hide their connection to a Command and Control server. NSS Labs, Inc. forecasts that as adoption rates continue to climb, 75 percent of web traffic will be encrypted by 2019. A firewall that lacks the processing power necessary to inspect high volumes of encrypted traffic will either need to turn off some security services or compromise throughput in order to manage the burden.
Dramatically Improved Performance: As validated by Miercom, the new Firebox M Series offers approximately three times the performance of competing products.
Flexibility Through Increased Port Density: All new appliances (except the M370) have an expansion slot for additional ports. 4x10 Gb fiber, 8x1 Gb copper or 8x1 Gb fiber network modules are available as well.
Intel processors with AES-NI and CaveCreek crypto acceleration: New chipsets allow the new M Series appliances industry-leading performance in HTTPS content inspection and fast processing of traffic even with all security services enabled.
Brendan Patterson, Director of Product Management at WatchGuard Technologies:
“As adoption rates for encryption continue to climb, organizations need to know that their UTM offers performance levels that can process the growing torrent of encrypted traffic, and the security services capable of detecting threats that might be lurking within that traffic. With the new M Series, we offer dramatic improvements in throughput to ensure our customers don’t have to choose between performance and security.”
Robert Smithers, CEO, Miercom:
“Based on results of our testing, the WatchGuard Firebox M370 displayed exceptional performance, outperforming its competitors for stateless and stateful traffic throughput scenarios. Its high-rate, non-degrading performance with security features enabled earns it the Miercom Performance Verified certification.
About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader in network security, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for distributed enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.
Kaspersky Lab announced its latest quarterly threat intelligence report, which shows sophisticated threat actors unleashed a wealth of new and enhanced malicious tools, including three zero-day exploits and two unprecedented attacks: WannaCry and ExPetr. The report highlights the expert analysis of these advanced attacks and other trends in cybersecurity from the second quarter of 2017.
From April to the end of June, experts witnessed significant developments in targeted attacks by, among others, Russian-, English-, Korean-, and Chinese-speaking threat actors. These developments showed that sophisticated, malicious activity is happening continuously across the world and are increasing the risk of companies and non-commercial organizations becoming collateral damage of cyber warfare. The allegedly nation-state backed WannaCry and ExPetr destructive epidemics, whose victims included many companies and organizations globally, became the first example of this new and dangerous trend.
According to the Kaspersky Lab report, highlights in Q2 of 2017 include:
- Three Windows zero-day exploits being used in-the-wild by the Russian-speaking Sofacy and Turla threat actors - Sofacy, also known as APT28 or FancyBear, deployed the exploits against a range of European targets, including government and political organizations. The threat actor was also observed trying out some experimental tools, most notably against a French political party member in advance of the French national elections.
- Gray Lambert - Kaspersky Lab analyzed the most advanced toolkit to date for the Lamberts group, a highly sophisticated and complex, English-speaking cyberespionage family, identifying two new related malware families.
- The WannaCry attack on May 12 and the ExPetr attack on June 27 - While very different in nature and targets, both were surprisingly ineffective as ‘ransomware.’ For example, in the case of WannaCry, its rapid global spread and high profile put a spotlight on the attackers’ Bitcoin ransom account and made it hard for them to cash out. This suggests that the real aim of the WannaCry attack was data destruction. Kaspersky Lab experts discovered further ties between the Lazarus group and WannaCry. The pattern of destructive malware disguised as ransomware showed itself again in the ExPetr attack.
- ExPetr, targeting organizations in the Ukraine, Russia and elsewhere in Europe – It also appeared to be ransomware but turned out to be purely destructive. The motive behind the ExPetr attacks remains a mystery. Kaspersky Lab experts have established a low confidence link to the threat actor known as Black Energy.
“We have long maintained the importance of truly global threat intelligence to aid defenders of sensitive and critical networks,” said Juan Andres Guerrero-Saade, senior security researcher, Global Research and Analysis Team, Kaspersky Lab. “We continue to witness the development of overzealous attackers with no regard for the health of the internet and those in vital institutions and businesses who rely on it on a daily basis. As cyberespionage, sabotage, and crime run rampant, it’s all the more important for defenders to band together and share cutting-edge knowledge to better defend against all threats.”
The Q2 APT Trends report summarizes the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the second quarter of 2017, the Kaspersky Lab Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting. For more information, please contact: [email protected]
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.