What could the Biden presidency mean for cybersecurity?
The Biden administration begins at a time when cyberattacks against the US public and private sector are at an all-time high, meaning those in the cybersecurity community and beyond will be keenly watching to see what changes are brought about by the change of leadership and its strategy for protecting against nation-state attacks.
Researchers Find New Form of Malware Used in the SolarWinds Attack
Detailed Monday by researchers at Symantec, the malware, dubbed “Raindrop,” is a loader designed to deliver a payload of Cobalt Strike. That’s a form of penetration testing software favored by hackers which leaked online in November.
#Inauguration2021: Cyber-Experts React as Joe Biden Set to Become 46th US President
Experts in the cybersecurity field have commented on the key cybersecurity matters that are likely to play pivotal roles in the Biden/Harris administration over the next four years. Biden therefore has a huge amount of work to do in the cybersecurity area, with attacks at an all-time high against the US public and private sector, says Chris Morales, our head of security analytics.
New Malware Discovered in SolarWinds Investigation
The malware, Raindrop is a loader which delivers a payload of Cobalt Strike. Raindrop is very similar to the already documented Teardrop tool, but there are some key differences between the two. Our head of security analytics, Chris Morales, shares that we are now getting into the semantics of minutia of how different malware worked so they can be named and detected with a signature. This is all great after the fact once we already know the attack occurred, however, it did not help when it mattered most.
How Bad Actors Are Now Using Vishing
The FBI has released a private industry notification detailing how cybercriminals have been exploiting network access and escalating network privilege. As remote work has become the norm during the pandemic, many companies have adapted to changing environments and technologies. Due to this, network access and privilege escalation may not be monitored as closely.
Incoming Biden administration looks to shake up US cybersecurity policy
With cyber-attacks against the US public and private sector at an all-time high, as evidenced by the recent SolarWinds supply chain hack, the incoming Biden administration has a huge amount of work to do in the cybersecurity arena.
FBI Warns of Increase in Vishing Attacks
The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
The complex cyberattack campaign against major US government agencies and corporations including Microsoft and FireEye has driven home the reality of how attackers are setting their sights on targets' cloud-based services such as Microsoft 365 and Azure Active Directory to access user credentials — and ultimately the organizations' most valuable and timely information.
2020’s biggest AI stories
Unlike prior decades, the penetration of AI into society and the promise of attainable pragmatic solutions seems likely to sustain AI progress for the foreseeable future. The predictions focus primarily on key learnings from the past year, as well as anticipated trends and areas of clear business necessity.
US Issues Warning Over Recent Cyberattacks Targeting Cloud Services
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency today issued a warning concerning several recent cyberattacks targeting various cloud services.
Google: Attacker ‘Likely’ Had Access to Android Zero-Day Vulnerabilities
Google’s Project Zero on Tuesday introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.
CISA: Hackers Bypassed MFA to Access Cloud Service Accounts
In a new alert, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.
US Government Warns of Cyberattacks Targeting Cloud Services
Organizations with remote workers who use cloud-based services are being warned of several recent successful cyberattacks against those services. Vectra's Tim Wade discusses an organization's ability to quickly zero in on an active risk and then take appropriate action to reduce the impact.
CISA Warns of Surge in Attacks Targeting Cloud Services
CISA reports in an alert issued Wednesday that attacks targeting cloud services have steadily increased since many organizations switched to a largely remote workforce as a result of the COVID-19 pandemic, with employees using a mix of corporate-owned and personal devices to access these services. Attackers are taking advantage of lax security practices, such as weak passwords and workers accessing data from unsecured laptops.
CISA Says Multiple Attacks on Cloud Services Bypassed Multifactor Authentication
The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday said it discovered several recent successful cyberattacks against the cloud services of multiple organizations, offering guidance on how security teams can bolster associated security. CISA said in its report that threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.
CISA Aware of Several Cyberattacks Against Various Organizations’ Cloud Services
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors are using phishing and other vectors to exploit poor cyber hygiene practices within a victims’ cloud services configuration.
Breadth vs Depth: Attacker behaviour detection
Any piece of cloud service, software or hardware could represent a way into the system if a new vulnerability is discovered by hackers. Cyber criminals are continually looking for new exploits, producing new strains of malware or tinkering with existing strains just enough to alter their threat profile and evade signature-based detection solutions. Tactics have also evolved at a rapid pace, from the use of social engineering techniques in the initial attack to methods for evading detection once a network is compromised.
Mimecast certificate compromised by a threat actor
A Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor. Oliver Tavakoli, CTO, says that all of the organization’s digital certificates (ones the organization owns and has private keys for) should be destroyed and recreated in this instance.
Sunspot Malware Scoured Servers for SolarWinds Builds That it Could Weaponize
Forensic investigators have discovered a novel malware program used in the SolarWinds supply-chain attack – one designed specifically to seek out developers’ builds of the SolarWinds Orion IT management platform and then replace a source file with the Sunburst backdoor.
Researchers See Links Between SolarWinds Sunburst Malware and Russian Turla APT Group
Researchers at Kaspersky said they found code similarities between the Sunburst malware deployed on SolarWinds Orion servers and known versions of Kazuar backdoors linked to the Russian APT group Turla. Oliver Tavakoli, chief technology officer at Vectra, added that these types of findings reinforce the fact that attackers don’t reinvent their attack methodologies and tools from scratch.
Hackers Compromise Mimecast Certificate Used to Connect to Microsoft 365
A security certificate issued by Mimecast Services Ltd. that’s used to authenticate some of the company’s products with Microsoft Corp. 365 Exchange Web Services has been hacked. Oliver Tavakoli, our CTO, shared his thoughts about how attackers can use the private key to perform any actions that the certificate entitles.
2020’s Biggest Stories in AI
2020 provided a glimpse of just how much AI is beginning to penetrate everyday life. It seems likely that in the next few years we’ll regularly (and unknowingly) see AI-generated text in our social media feeds, advertisements, and news outlets. The implications of AI being used in the real world raise important questions about the ethical use of AI as well. Christopher Thissen, Ben Wiener, and Sohrob Kazerounian from Vectra share their insights.
Vectra: What the cybersecurity industry can expect in 2021
Oliver Tavakoli, our CTO, looks back to the year that was and shares insights into the year to come for the cybersecurity landscape.
US intelligence agencies say Russian threat actors are likely behind SolarWinds hack
The National Security Council (NSC) staff released an update regarding its investigative and mitigation efforts of the recent cybersecurity incident involving federal government and private companies. The NSC stood up a task force known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA to coordinate the investigation and remediation of this cyber incident.
Hackers ransom La Rochelle after a cyber attack
Pas de trêve de fin d'année pour les cybercriminels. Victime d'une importante cyberattaquelors du week-end de Noël, la ville de La Rochelle (Charente-Maritime) a reçu une bienmauvaise carte de vœux. Le groupe russophone Netwalker a revendiqué lundi sur son blog l'attaque contre les servicesinformatiques et surtout le vol de données dont il a publié un échantillon accompagné d'uncompte à rebours de deux semaines.
Kawasaki Heavy Industries, a Partner of Defense Companies and Agencies, Reports Breach
Managing access control and data permissions is difficult without a proper understanding of the who, what, and where of data access models. To truly understand data flow and access, organizations need to observe privilege based on real world activity and assess the access that does occur. This would allow an organization to differentiate between what should and should not occur.
Cyber Attack, Terrorism, Theft and Scams: Threats to Covid-19 Vaccines
La France a mis en place un protocole sécuritaire très strict afin d’acheminer et stocker ces vaccins en France, alors que la menace qui plane sur ces antidotes au coronavirus est protéiforme.
Critical Flaws Put Dell Wyse Thin Client Devices at Risk
Researchers at the security firm CyberMDX have uncovered two significant vulnerabilities in certain Dell Wyse thin client devices that, if exploited, could enable threat actors to remotely run malicious code and access files on affected devices.
Have you been impacted by the massive SolarWinds hack?
Vectra's Ammar Enaya says this is a significant example of a well-executed supply chain attack compromising a popular IT administration tool as a penetration mechanism. The subsequent exploitation of authentication controls enabled the threat actor to pivot to the cloud and operate undetected for an extended time in Microsoft 365, which allowed them to gather intelligence.
SolarWinds hack: Security experts weigh in on US cyber-attack
The SolarWinds hack, which is reportedly being link to Russia, is shaping up to be the biggest cyber-attack this year. The attack targeted the US government, its agencies and several other private companies. It was first discovered by cybersecurity firm FireEye, and since then more developments are being reported each day.
Highly Skilled Hackers Breach US Agencies and Private Companies
United States officials have blamed Russian hackers for recent breaches at federal agencies, companies, and high-profile cybersecurity vendor FireEye, with the malicious activity appearing to come from highly skilled attackers. "Attackers could also set up automated workflows to consolidate all the activities and run them autonomously while quietly exfiltrating data," Vectra's Matt Walmsley shares.
The 25 Best Cyber Security Books — Recommendations from the Experts
While all of these things together sound like the makings of a best-selling fiction novel, the cyber security industry – and all of the threats and dangers that exist within it – is all too real. That’s one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment. Hashed Out reached out to many IT and cyber security experts within the industry to inquire about their favorite books on cyber security and create a comprehensive list of the “best cyber security books.”
Officials use language of war, deterrence to discuss US response to suspected Russian hack
The recentbreach, which began in March, targeted the SolarWinds Orion software, a popular IT network administration tool used by companies around the world and by U.S. government agencies including the Department of Homeland Security, the Treasury Department, the Department of Commerce, the Department of Energy, the Pentagon and the White House. The hackers attached malware to a SolarWinds software update that was downloaded by as many as 18,000 organizations.
Officials Use Language of War, Deterrence to Discuss US Response to Suspected Russian Hack
Causing 18,000 organizations, the vast majority of which were not actually targets of interest, to have to remediate and possibly rebuild their devices and networks represent a huge amount of collateral damage," Vectra's Oliver Tavakoli said. "Obviously, the concept of collateral damage exists on a spectrum – but we can probably all agree this attack was on the far end of the spectrum.
Vectra and Baidam to offer cybersecurity scholarships for Indigenous peoples
Vectra AI has formed a new partnership with Baidam Solutions. This partnership provides First Nations’ people with scholarships, a full education and technical skills to combat the rise in cyberattacks against businesses, government and infrastructure.
5 NDR Vendors to Watch in 2021
Solutions Review’s NDR Vendors to Watch is an annual listing of solution providers we believe are worth monitoring. Companies are commonly included if they demonstrate a product roadmap aligning with our meta-analysis of the marketplace. Other criteria include recent and significant funding, talent acquisition, a disruptive or innovative new technology or product, or inclusion in a major analyst publication.
The SolarWinds Perfect Storm: Default Password, Access Sales and More
A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password (“SolarWinds123”) that gave attackers an open door into its software-updating mechanism; and, SolarWinds’ deep visibility into customer networks.
SolarWinds Cyberattack Likely Affected Thousands Worldwide
Vectra's Matt Walmsley comments on the recent SolarWinds breach, discussing how security teams need to drastically reduce the overall risk of a breach by gaining instant visibility and understanding of who and what is accessing data or changing configurations, regardless of how they are doing it, and from where.
Cyber Experts Weigh-In on FireEye Breach, SolarWinds Supply Chain Attack
The recent supply chain attack, which has affected around 18,000 SolarWinds Orion customers, is thought to have been executed by a sophisticated nation-state threat actor. Vectra's Matt Walmsley says that IT administrators and security teams have access to highly privileged credentials as part of their legitimate work. Attacking the digital supply chain of their software tools is an attempt to gain penetration and persistence right at the heart of their operations, gain privileged access and to provide springboard out across their digital hybrid-cloud enterprise.
US Treasury, Commerce Departments Hacked
A number of key US government departments have been hacked, with concern that the attack has allowed a foreign power to monitor American government communication.
A Safe Return to Office May Mean Higher Burden for Companies to Collect, Protect Medical Data
For many businesses, recovery from the pandemic fallout hinges in part on employees working safely and virus-free outside their homes. That leaves organizations facing the very real possibility that they will serve as both trackers and guardians of health data to ensure the safety of employees.
Here Are the Critical Responses Required of All Businesses After SolarWinds Supply-Chain Hack
SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. John Mancini, senior product manager at Vectra, said that a core point of the DHS’ guidance for remediating the SolarWinds hack is to analyze for any listed indicators of compromise and then “identify potential behaviors in metadata that may be related to the compromise.”
Email Systems Breached at the US Treasury and Commerce Departments
Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.
Cybersecurity in 2021: 5 Trends Security Pros Need to Know
With 2021 fast approaching, cybersecurity experts and analysts note that cybersecurity will continue to evolve even as most of the world enters a post-COVID-19 era, with cybercriminals, threat actors and nation-state hackers ready to take advantage of whatever may happen next. This will keep CISOs, their security teams, as well as their counterparts in IT, trying to catch up and stay ahead.
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
In what may well turn out to be one of the most significant supply-chain attacks in recent years, a likely nation-state backed group compromised systems at SolarWinds and inserted malware into updates of the company's widely used Orion network management products that were released between March and June 2020. Matt Walmsley, EMEA director at Vectra, says the attackers likely manipulated Security Assertion Mark-up Language (SAML) authentication tokens used in Single Sign On to try and escalate privileges in the early stages of the campaign.
Hackers breach US agencies, Homeland Security a reported target
The US Department of Homeland Security was the third federal department to be targeted in a major cyberattack, US media reported Monday, a day after Washington revealed the hack which may have been coordinated by a foreign government.
Hackers breach US agencies, Homeland Security a reported target
Cyberespionnage des Agences US : comment les attaquants compromettent les comptes Microsoft 365 commente Vectra
L’Agence de cybersécurité et de sécurité des infrastructures (CISA) du gouvernement américain a publié une directive d’urgence appelant « toutes les agences fédérales américaines à examiner leurs réseaux à la recherche d’indicateurs de compromission et à déconnecter ou éteindre immédiatement les produits SolarWinds Orion ».
Hackers breach US agencies, Homeland Security a reported target
SolarWinds over the weekend admitted that hackers had exploited a backdoor in an update of some of its software released between March and June. The hacks are part of a wider campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers' computer systems.
The next big thing in security
Oliver Tavakoli, our CTO, shares his thoughts on the upcoming cybersecurity trends to watch.
How Worried Should I Be About My Password Being Compromised, Stolen In A Data Breach? Experts Say This
After a major data breach, do criminals actually have your password even if it has been encrypted? Companies have various ways of encrypting passwords. There are also techniques called salting and hashing. The upshot is, the average user will not take the time to find out how the affected company does their encrypting—or hashing or salting for that matter.
Why accelerated cloud adoption exposes organisations to security risk
Chris Fisher, Vectra's director of security engineering APJ, shares that as our reliance on technology grows exponentially, so does the need for robust cybersecurity to protect users and keep data and business operations safe from hackers.
IoT Cybersecurity Improvement Act Signed Into Law
The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards.
Europol Warns of COVID-19 Vaccine Crime Gangs
As the time for distribution of COVID-19 vaccines comes closer, law enforcement agencies across the world are warning of organized crime threats, including schemes to sell counterfeit vaccine on the dark web, as well as physical and virtual attacks targeting supply chain companies.
Russian Hackers Exploit VMware Bug
To exploit VMware's vulnerability, an attacker must have access to the device’s management interface. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data. Chris Morales, our head of security analytics, discusses howthat this is why granted access does not equate to trusted access.
Suspicious Email Aimed to Get Users to Give up Office 365 Credentials
Researchers at Abnormal Security said Monday they blocked an attack where a malicious email impersonating one of their customer’s vendors bypassed the customer’s Proofpoint gateway and set up a trap to steal Office 365 credentials. Chris Morales, head of security analytics at Vectra, said the known partner compromise technique equates to internal spear phishing, when a phishing email that originates from a trusted and legitimate connection doesn’t get blocked by the email gateway.
Channel round-up: Who’s gone where?
With the market demand for NDR solutions is generating significant traction among forward-thinking enterprises with this set to continue into 2021, we're excited to welcome Jerome Jullien to the Vectra team as vice-president of international partner sales.
Vectra unveils new Vice President of International Partner Sales
With more than 25 years’ experience in Enterprise Technology, including managing Channels, System Integrator and Service Provider (SI/SP) and Alliances, Jerome Jullien, now Vice President of International Sales, brings a strong track record of building successful business models for the Channel and will play a key role in managing and driving sales via the Vectra partner ecosystem.
How to protect against ransomware
Instead of monolithic ransomware, or a single piece of software that did everything and was highly automated, today’s ransomware tends to be modular and often obtained from a malicious developer or acquired “as a service”. There’s an organized dark ecosystem for ransomware with component and service supply chains, not dissimilar to the structures and practices we see in the legitimate world. It’s expeditious to change and morph, which makes traditional fingerprinting for signatures less effective.
IBM Uncovers Global Email Attack on COVID Vaccine Supply Chain
This week, IBM Security X-Force uncovered a global phishing campaign targeting the COVID-19 Vaccine Cold Chain. The company’s task force dedicated to tracking down COVID-19 cyber security threats said it discovered fraudulent emails impersonating a Chinese business executive at a credible cold-chain supply company. The emails, dating back to September, targeted organizations across six countries, including Italy, Germany, South Korea, Czech Republic, greater Europe and Taiwan, the company said.
Vectra appoints Jerome Jullien as Vice President of International Partner Sales
We are thrilled to announce the appointment of Jerome Jullien as Vice President of International Partner Sales to its leadership team.
Ransomware gang says they stole 2 million credit cards from E-Land
Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. This is a timely reminder that ransomware operators have changed their tactics and become far more targeted. Not only are they performing data theft and public bullying, but they remain active inside an organization for extended periods prior to detection.
BEC Scammers Leverage Email Auto-Forward Rules to Intersect Financial Transactions
The FBI this week made public a private industry notification warning that business email compromise (BEC) scammers are exploiting web-based email clients’ auto-forwarding rules to secretly gather intel on their targets and also hide their fraudulent communications. Moreover, if organizations fail to sync their web-based email clients with their desktop-based clients, this suspicious activity may go unnoticed by infosec personnel.
Phishing campaign threatens coronavirus vaccine supply chain
A calculated cybercriminal operation is targeting companies in the coronavirus vaccine supply chain with phishing emails that appear to be designed to steal sensitive user credentials, IBM Security X-Force said in a report released Thursday. The targeted organizations are all associated with a COVID-19 cold chain, a component of the overall supply chain that ensures the safe storage of vaccines in cold environments during storage and transportation.
Vectra nomme Jérôme Jullien au poste de Vice-Président des Ventes aux Partenaires Internationaux
Vectra annonce le recrutement, au sein de son équipe de direction, de Jérôme Jullien au poste de Vice-Président des Ventes aux partenaires internationaux.
Vectra sets A/NZ channel in sights with new leadership hire
Jerome Jullien has been appointed to the leadership team of network threat detection and response (NDR) vendor, Vectra, as the international partner sales vice president.
Editor's Question - How can SME's best protect their company's data
Organizations that conduct almost all of their business online now face needing to protect an expanded threat surface. Ammar Enaya, our METNA regional director, shares his takes on how business can protect their data in the cloud.
Sales of CEO Email Accounts May Give Cyber Criminals Access to the "Crown Jewels" of a Company
A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Email and password combinations are being sold for anywhere from $100 to $1,500 on Exploit.in, an underground hacker forum populated by Russian speakers.
FBI: BEC Scams Are Using Email Auto-Forwarding
If businesses do not configure their network to routinely sync their employees' web-based emails to their internal network, an intrusion may be left unidentified until the computer sends an update to the security appliance set up to monitor changes within the email applications. This leaves the employee and all connected networks vulnerable to cybercriminals.
Machine Learning Models for Smart Cities
Artificial intelligence (AI) and machine learning (ML) will help make it possible to create an urban landscape that enables safe, efficient, convenient and self-optimizing traffic eco-systems, while dealing with highly increased complexity. As cities become “smarter”, data collected from sensors regarding energy consumption, traffic, sanitation, will all increase at a scale that makes it difficult for certain types of tasks to be done well by humans alone, or would be unthinkable without the aid of automated system.
On the Horizon
Next year we will also see more blurred lines across traditional channel boundaries. Sandra Hilt, senior director of channel sales for EMEA, at Vectra, shares her thoughts on how today’s channel partners are increasingly positioned as service-led, trusted advisors to their customers. Consequently, the offering of different service engagements is becoming more and more important.
Vectra Extends NDR to the Cloud With New Capabilities
The new cloud capabilities allow Vectra and its users to track and link accounts and data in cloud and hybrid environments. This helps users prevent the loss of visibility when environments expand to the cloud where users leverage multiple accounts and may access resources from shadow IT devices.
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
Techday's 10 Minute IT Jams provide sharp, to-the-point insights into emerging and established technology companies that operate in the Asia-Pacific region. In Techday's second IT Jam with Vectra AI, they speak with head of security engineering Chris Fisher, who discusses the organizational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organizations should take to protect employees from attacks.
CISA warns public about online holiday shopping scams
With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.
AI AND EQ
Adam Mendler sat down with our CEO, Hitesh Sheth, for a one-on-one interview. Hitesh shared his perspective on leadership, AI, and technology trends.