Vectra AI in the News in 2023
Retail Sector Cyber Attacks: Shopping for Security
The retail sector has made headlines due to many high-profile (and costly) data breaches. What can retailers do to stay clear of the front pages?
New Microsoft Azure AD CTS feature can be abused for lateral movement
Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily spread laterally to other Azure tenants.
Beware of overly permissive Azure AD cross-tenant synchronization policies
A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants.
71 percent of organizations may have been breached and not know about it
Vectra AI has released a new research report identifying that 97 percent of analysts are worried they will miss security events, with 71 percent admitting their organization may have been compromised and they don’t know about it yet.
Many businesses don't even know they've been hit by a security breach
A report from cybersecurity experts Vectra AI surveying more than 2,000 IT security analysts found that nearly all (97%) are worried they’ll miss important security events, while 71% admitted to possibly being compromised, but not knowing.
What a steal! How retailers can protect customer data from cybercriminals
Recent Salesforce research shows 52 percent of consumers expect their offers to be personalized. To create these tailored offerings and drive a seamless customer experience, retailers gather vast amounts of personally identifiable information (PII) -- from addresses to purchasing history and payment information. This makes them an irresistible -- and relatively low risk -- target for cybercriminals.
What You Really Need to Know About Verizon’s 2023 Data Breach Investigations Report: A Five-Minute Read
[...] Rob Rosiello, SVP at Vectra AI, singles out the ransomware threat as the key takeaway from this year’s report. “This year’s DBIR should act as a stark reminder that organisations cannot afford to fall into the trap of ransomware fatigue, as attacks become more frequent and costly,” he tells Assured Intelligence. [...]
Attacker behaviour, AI and cloud-native applications
With the popularity of cloud-native applications and solutions on the rise, ransomware is also becoming an unfortunate reality for businesses in every industry.
Cyber Leaders’ Plea to Tackle the Industry’s Mental Health Crisis
Unsustainable pressures are being placed on cyber leaders and professionals’ mental health because of a combination of factors, such as the growing attack surface, increasing cybersecurity and data regulations and the on-going skills shortage.
Kevin Kennedy: Applied AI is Vectra’s ‘North Star’
Kevin Kennedy, SVP Products, explains how Vectra AI provides enterprises with real-time attack signal intelligence using the power of its ‘North Star’
Vectra AI in the News in 2022
Lessons for CISO Success from a Grizzled Veteran
After conferring with security heads from far and wide over the past few months, Vectra EMEA CTO, Steve Cottrell shares some of the best pieces of advice given.
Disneyland Hack Reveals Dangers of Social Media Account Takeover
Disneyland Anaheim’s Instagram and Facebook accounts were hacked. Vectra CTO for SaaS Protect, Aaron Turner explains why organizations should look to manage the risks of corporate social media accounts.
Maui Ransomware Targets Healthcare, Public Health Sector and Critical Infrastructure
North Korean state-sponsored cyber threat actors have used Maui ransomware to target both the healthcare and public health sectors, according to U.S. cybersecurity alerts.
Red Team vs. Blue Team: How They Impact Your Cybersecurity Career
Defending organizations’ IT networks and data has never been tougher for tech and cybersecurity pros.
Bias in Artificial Intelligence: Can AI be Trusted?
Artificial intelligence is more artificial than intelligent.
Tips to Bolster Cybersecurity, Incident Response This 4th of July Weekend
The Fourth of July weekend is upon us, and so is the risk of a cyberattack. See how to make sure your organization says safe.
A Guide to Surviving a Ransomware Attack
Surviving a ransomware attack is possible, as long as we apply preparation and intentionality to our defense posture.
Cyber Conflict Overshadowed a Major Government Ransomware Alert
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.
Latest T-Mobile Data Breach Has Some Wondering ‘How Lapsus$ Got Access in the First Place’
Security experts react following the latest T-Mobile Data Breach.
CRN: Coolest Network Security Companies of 2022
A look at 20 network security vendors offering everything from log filtering and encrypted traffic visibility to containerized firewalls and SD-WAN.
How To Avoid Getting Hacked
Aaron Turner, VP of SaaS Posture at Vectra sits down with ABC 4 Utah to explain how Vectra is able transfer the best cybersecurity knowledge to a company in a really repeatable way.
Reacting with Confidence to a New Trojan Horse Cyber Threat
Vectra CEO, Hitesh Sheth explains how AI has become pervasive—and increasingly important to our quality of life while it's also making an impact on today’s cyber landscape.
Hard Truths from Ukraine: The Government Cannot Save us in Cyberwar
Vectra CEO, Hitesh Sheth explains how no intelligence agency is certain how the cyber dimension of the Ukraine conflict will evolve.
FBI Warns of Cyberattacks Using AvosLocker Ransomware
The AvosLocker Ransomware as a Service (RaaS) group has targeted critical infrastructure sectors in the US, such as financial services, manufacturing and government facilities, the FBI said.
Techniques for Ransomware Detection
With ransomware being so prevalent, what should organizations be doing to detect it, mitigate its impact, and prevent any future attacks?
First Malware Targeting AWS Lambda Serverless Cloud Environment Discovered
Researchers reported on the first publicly known case of malware specifically designed to execute in an AWS Lambda environment.
Vectra Research Exposes Cybersecurity Health Crisis
Vectra AI released a new Security Workforce report highlighting how mounting pressure on security professionals is creating a health crisis in cybersecurity.
Tuckers Solicitors ICO Fine
Steve Cottrell, EMEA CTO at Vectra AI, comments about the fine issued by the ICO to Tuckers Sollicitors.
Steve Cottrell, EMEA CTO at Vectra AI, on cyber threats
Steve Cottrell, EMEA Chief Technology Officer at Vectra AI, spoke to Technology magazine about how it helps businesses facing increasing cyber threats
Only 16% of Organizations Have Comprehensive DevSecOps in Place
A cloud security report found that only 16% of respondents have comprehensive DevSecOps in place, while some 37% are starting to incorporate some aspect of DevSecOps within their organizations.
Defending Against Modern Ransomware Tactics
Ransomware gangs are continuing to evolve new tactics and techniques, and organizations need to be better prepared to defend against them in 2022.
Vectra AI in the News in 2021
2021 State of Security Podcast
Experts give their take on the state of cybersecurity as we near the end of 2021.
7 of the Most Impactful Cybersecurity Incidents of 2021
There was a lot to learn from breaches, vulnerabilities, and attacks this year.
Attack Wipes 25 Years' Worth of Data from Local Electric Co.
A local electric cooperative serving western Colorado's Montrose and Delta counties, says a cyberattack first detected Nov. 7 has disabled billing systems and wiped out 20 to 25 years' worth of historic data.
SolarWinds Attack: One Year Later, Cybersecurity Lessons for Pros
The world of cybersecurity changed for good on Dec. 13, 2020 as a result of the massive cyberattack on SolarWinds.
Most Ethical Hackers Identifying Vulnerabilities They Did Not See Before the Pandemic
New research that found some 80% of ethical hackers have recently identified a vulnerability they had not encountered before the pandemic.
Bugcrowd Reports Ethical Hackers Prevented $27B in Cybercrime
Over the last year, ethical hackers have prevented more than US$27 billion in cybercrime, according to a report released Tuesday by a leading bug bounty platform.
SOC Modernisation: A Digital Labrador for Next-Level Cybersecurity
Modern complexities of rogue devices, remote employees, and multi-cloud environments have brought previously unseen levels of unpredictability to the SOC.
48% of Companies Plan to Migrate Half or More of Their Apps to the Cloud in 2022
A report on cloud adoption found cloud usage among respondents has grown to 90%, while 48% say they plan to migrate half or more of their apps to the cloud in 2022.
Top 5 AWS Misconfigurations That Led to Data Leaks in 2021
Here’s a look at the most disruptive security incidents associated with AWS misconfigurations and how businesses can prevent misconfigurations in the future.
US State Department to Create Dedicated Cyber Office
The U.S. Department of State will create a Bureau of Cyberspace and Digital Policy, led by a Senate-confirmed ambassador-at-large, to advance its cybersecurity diplomacy efforts.
SolarWinds Attackers Targeting Resellers, Service Providers: Microsoft
The Russian-based cybercrime group responsible for the high-profile attack on software maker SolarWinds last year is continuing to take aim at the global supply chain, according to a warning issued by Microsoft this week.
Ransomware: Why These Attacks Continue to Cause Cyber Risk
Since taking office in January, the Biden administration has made cybersecurity one of its top priorities.
Acer confirms new attack on servers
Acer has confirmed that its servers in Taiwan have also been breached, after hackers themselves shared details about the incident with privacy watchdogs, Privacy Affairs.
Ransomware's Evolution: 6 Key Trends to Watch
As security teams start to fight back, attackers have only become more sophisticated. Here are six key trends that your security team should be tracking to ensure that your organization remains cyber resilient.
Right place, right time: machine learning in cyber incident response
Why it’s important to make the most of machine learning when managing cyber-security incidents.
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.
Ransom Disclosure Act Would Require Victims to Disclose Ransom Payments Within 48 Hours
A new bill introduced would require ransomware victims to disclose ransom payments within 48 hours of payment — including the amount of ransom demanded and paid the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom.
Successfully Influencing Employee Security Behavior
A new report from Forrester Research indicates organizations should tread carefully between engagement, empathy and punishment because punishment has the tendency to reinforce employees’ negative perceptions and resentment of the security team.
New Twist on DDoS Technique Poses Threat to CSP Networks
No Internet-connected device appears to be safe from potentially being abused by a newly theorized form of distributed denial of service attack.
What Is the Difference Between Security and Resilience?
Vectra Technical Director to the CTO Office, Tim Wade explains how Resilience shifts the focus toward eliminating the probable impact of the full attack chain.
Why AI is a Critical Weapon in the War on Ransomware
In the sprawling IT landscapes of today, artificial intelligence (AI) will play a decisive role in this war against ransomware, giving organizations the best chance to defeat motivated attackers.
Illinois Man Ran Business Telling Clients How to Launch Computer Attacks: DOJ
An Illinois man ran a successful computer takedown service until the feds stepped in.
How Superloop Reduced False Positives with Behavioral Threat Detection
The security team at the Australian telco got its network detection response down from four hours down to one hour a day.
Use AI to Beat the Bad Guys
Vectra CEO, Hitesh Sheth explains how AI is the greatest ally when it comes to creating a secure future. AI can learn the differences between normal and malicious activity — independently, without requiring human input.
Half of On-Prem Databases Contain Security Vulnerabilities
Organizations aren’t maintaining regular patching: With nearly half of all databases globally (46%) containing a vulnerability and the average number of Common Vulnerabilities and Exposures (CVEs) per database standing at 26, it’s clear that businesses are ignoring one of the basic tenets of data security which is to patch and update databases as soon and often as possible.
Executives' Ransomware Concerns are High, Yet Few are Prepared for Attacks
One out of every two on-premises databases globally has at least one vulnerability, finds a new study.
REvil Ransomware Group Resurfaces After Two Months Away
It was a short hiatus for the REvil ransomware group that signed off in July following several high-profile attacks by the Russia-based crew on such companies as global meat processor JBS and tech services provider Kaseya.
Cybercrime Money Launderer Handed 11-Year Sentence
A dual U.S.-Canadian national has been sentenced to more than 11 years in federal prison for conspiring to launder tens of millions of dollars in wire and bank fraud schemes, according to the U.S. Department of Justice. Officials say the activity included cash-out scams for North Korean hackers, including the criminal gang Lazarus Group, which has been associated with a military unit for the authoritarian regime.
Wake-up call required to defend APAC’s critical national infrastructure
Chris Fisher, our Director of Security Engineering APJ, discusses how public and private sector organisations – from government and military to banking, energy and transportation – have become digital-centric to seek economic savings, productivity gains and to create customer and citizen value.
Is having many partners always better?
Microsoft has a sizeable global channel that raises the question of whether that is the model that all vendors should be aspiring to follow.
NTFS Support in New Linux Kernel Promises to Make New Release More Cryptographically Sound
Based on industry reports over the past few days, it appears that Paragon Software will include its New Technology File System 3 (NTFS3) kernel driver in the recent Linux Kernel 5.15 release, which promises improved support for Microsoft's NTFS file system.
Protecting Asia Pacific’s supply chain from cyber risk
Over the course of the pandemic, one of the biggest disruptions the world faced was to critical national infrastructure, specifically supply chains. Border and port closures, mandated work from home policies, and severe shortages of citizen essential products including PPE and pharmaceuticals, have highlighted vulnerabilities in production, supply, and logistics. Asia is now experiencing a renewed surge in Covid-19 infections, which continues to impact supply chains across the world and manufacturers are yet again faced with complexities.
DHS Announces David Larrimore as CTO
David Larrimore has been named chief technology officer for DHS, a role he previously held at Immigration and Customs Enforcement between 2016 and 2019. Between federal appointments, Larrimore was lead solution engineer at Salesforce.
DHS Announces Two Senior Cybersecurity Appointments
The United States Department of Homeland Security (DHS) has announced two senior cybersecurity appointments.
Behind the Firewall: What to Do if Your Vendor Has a Security Incident
A vendor with a checkered security incident past is not automatically disqualified from future contracts. Rather, there is a playbook for due diligence.
LockFile Ransomware Using New Techniques to Evade Detection
The operators of LockFile ransomware have adopted new techniques, including "intermittent encryption," to help evade detection, according to cybersecurity firm Sophos.
LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files
After Bangkok Airways disclosed that it had been clobbered by a cyberattack last week, the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline’s encrypted files on its leak site.
CISA Warns of Holiday Ransomware Attacks
Citing damaging ransomware attacks that it, along with the FBI, has observed over recent holidays, the Cybersecurity and Infrastructure Security Agency issued an alert warning organizations to be prepared as the Labor Day holiday nears.
FBI and CISA Issue Warning for Labor Day Holiday
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a new cybersecurity advisory to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends.
CISA: Examine Cybersecurity Posture Ahead of Labor Day Holiday
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are customarily closed—in the United States, as recently as the Fourth of July holiday in 2021.
LockFile Ransomware Uses Unique Methods to Avoid Detection
The LockFile ransomware family has made an impression in the relatively short amount of time it’s been around. The malware garnered a lot of attention over the past several months after being detected exploiting high-profile Microsoft vulnerabilities dubbed ProxyShell and PetitPortam.
Cloud technologies omnipresent with ICS operations
New research released by Nozomi Networks in tandem with SANS found that 91% of respondents are using cloud technologies to directly support some aspect of industrial control system (ICS) operations.
Defending SEA’s critical national infrastructure from cyber threats
Public and private sector organisations – from government and military to banking, energy and transportation – have become digital-centric to seek economic savings, productivity gains and to create customer and citizen value.
Audit: USAID Needs to Enhance Data Protections
Despite security improvements over the last seven years, the U.S. Agency for International Development - USAID - needs to better protect the large amounts of personal identifiable data - such as Social Security numbers - that the agency collects, according to an inspector general's audit.
Vectra AI reveals cybersecurity blind spots in PaaS and IaaS environments with security survey
As Digital Transformation efforts continue, the survey found that AWS is becoming an even more critical component to organisations that are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service.
Company Data Hoards Create Tempting Targets for Hackers
The hoards of consumer information that companies collect multiply the damaging effects of data breaches, lawyers and cybersecurity specialists say. In an estimated 1,700 publicly reported data breaches during the first half of 2021, more than 18 billion pieces of information have been exposed, according to research from cybersecurity company Risk Based Security Inc.
T-Mobile’s Repeated Security Blunders Yield Lessons for Rivals
The scope of a cyberattack at T-Mobile US keeps growing, as the operator today confirmed personal data on at least 54 million people was exposed and stolen. It pegged the number of people affected at nearly 49 million people earlier this week.
Census Cyberattack Report Highlights Missteps for Businesses to Avoid
A newly published Office of the Inspector General report detailing how the U.S. Census Bureau mishandled a January 2020 cybersecurity incident is a strong reminder to the business community to follow best practices such as IT asset management, frequent vulnerability scanning and mitigation, comprehensive event logging and prompt notification and incident response when a possible incident is suspected.
How Ready Are You for a Ransomware Attack?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. Determining how hard a target you present for the current wave of human-driven ransomware involves multiple considerations. There are four steps to analyzing how prepared you are for a ransomware attack.
US Census Bureau Cyberattack Was Unsuccessful
According to a watchdog report, U.S. Census Bureau computer servers were exploited in January 2020 during a cybersecurity attack, but hackers’ attempts to keep access to the system were unsuccessful.
Government Report Finds Census Bureau Hacked But Data Not Stolen
The U.S. Census Bureau was targeted by a cyberattack last year that compromised some systems but did not result in the theft of census data, according to a new report from the Office of the Inspector General.
Accenture Downplays the LockBit Ransomware Attack That Reportedly Encrypted 2,500 Computers, Leaking 6 Terabytes of Data
Accenture suffered a LockBit ransomware attack that reportedly encrypted at least 2,500 computers and leaked client information.
T-Mobile confirms hack of 40 million customers' data
T-Mobile US has said cyber attackers who breached its computer networks stole personal details of more than 40 million past, current and prospective customers.
T-Mobile Confirms Data Breach, Says Too Early to Assess Damage
T-Mobile USA officials have confirmed that the records of 47.8 million current, former and prospective customers were stolen in a “highly sophisticated cyberattack” late last week.
Top 5 Techniques Attackers Use to Bypass MFA
Organizations count on multifactor authentication (MFA) to prevent attacks. However, the belief that you're 100% protected because of MFA is just false. Even though there are statistics that highlight how MFA can reduce the risk of identity compromise by 99% over passwords, attackers still know how to bypass it. Our CEO, Hitesh Sheth, shares his thoughts on why MFA isn't enough.
T-Mobile's Data Breach Affects Nearly All its US Customers
Mobile telecommunication company T-Mobile has confirmed a data breach that reportedly affects nearly all of its U.S. customers. Hackers gained access to the company’s systems and hacked servers and databases containing the personally identifiable information of approximately 100 million customers.
T-Mobile Confirms it was Hacked Again
T-Mobile said in a statement that it had determined that “unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved.” The company noted that it’s “confident that the entry point used to gain access has been closed” and that a review is ongoing.
Privacy vs security: Amazon's plans to monitor employees' keystrokes raise concerns
Global e-commerce giant Amazon is reportedly considering plans to implement a keyboard-stroke monitoring solution for its customer-service representatives.
Microsoft Launches Azure Cloud for National Security
Microsoft on Monday announced that it received the approval to launch Azure Government Top Secret for its military and intelligence customers.
T-Mobile Investigating Reported Data Breach Involving 100 Million Customers
T-Mobile is investigating a reported breach in which a hacker claims to be selling the personal information of over 100 million of its customers.
T-Mobile Investigating Claims That 100 Million of its Customers Were Hacked
T-Mobile said on Monday it was looking into claims that a hacker has stolen data related to more than 100 million T-Mobile customers in the United States and aims to sell access to part of the information for around $277,000.
Ransomware Mitigation Steps to Take Now — Or Else
A proliferation of ransomware attacks has created ripple effects worldwide. Such criminal attacks have since increased in scale and magnitude, as critical hospital and infrastructure targets were shut down.
Vulnerability Potentially Exposes the Sensitive Data of All Users of Wodify Fitness Platform
Researchers on Friday reported that an insecure direct object reference (IDOR) vulnerability allowed for the reading and modifying of all user workouts on the cloud-based Wodify fitness platform.
Over a Third of Organizations Damaged by Ransomware or Breach
Over one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to new research.
Accenture Attack Highlights Evolving Ransomware Threats
Accenture officials are saying they staved off a ransomware attack this week by a cybercriminal ring using the LockBit malware even as the hacker group claimed to have captured data from the massive global IT and business consulting firm and has threatened to release it.
$50M Payment Demanded from Accenture in Ransomware Attack
Information technology consulting giant Accenture PLC has been struck by ransomware that resulted in customer data stolen.
Accenture Is Hours Away From Exposure as LockBit Is Ready to Release Stolen Data
Accenture, the multinational consulting firm with tens of billions USD in annual revenue and over half a million employees worldwide, is being blackmailed by the LockBit ransomware group, which has launched a successful attack against them.
Accenture Confirms LockBit Ransomware Attack
Accenture sent an internal memo confirming that attackers stole client information & work materials in a July 30 “incident.”
Group Claims to Strike Accenture in Ransomware Attack
A group using the LockBit ransomware says it struck the IT consulting firm Accenture and threatened to release data within hours.
Half of IT Pros Say Remote Workers Dodging Security Precautions
In a report on remote workforce security, 52 percent of the U.S. IT and cybersecurity professionals surveyed revealed they experienced remote workers finding workarounds to their organizations’ security policies.
Survey shows increasing organizational reliance on AWS; and highlights security blind spots
Vectra AI has released the findings of its new PaaS and IaaS Security Survey Report. The report presents the results of a survey of 317 IT executives all using AWS, 70 percent coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations.
NIST Guidance Focuses on Creating 'Cyber Resiliency'
As ransomware and nation-state attacks have become more destructive, older methods of protecting networks and infrastructure, such as perimeter defenses and penetration resistance, can no longer protect organizations' assets and data.
Transparency After a Cyber Attack: How Much is Too Much?
Sharing threat intelligence and proof-of-concept exploits can often help other organizations better defend themselves, but such efforts are hampered by obstacles and restrictions.
Kaseya: the turning point for supply chain attacks?
In the wake of a relentless wave of supply chain attacks, security leaders must heed this famous line and change their approach. When relying on traditional prevention-based strategies, victims have faced costly and humiliating results time and time again.
A major industry wake-up call is needed to shield Australian critical national infrastructure from increased cyber threat
In response to the number of high-profile ransomware incidents, the Federal Government has launched Operation Orcus. The cross-agency initiative is designed to target ransomware attacks that have direct links to sophisticated organised crime groups, both in Australia and globally. The Australian Federal Police are leading the initiative, with the Australian Cyber Security Centre (ACSC), Australia Criminal Intelligence Commission, AUSTRAC, and state and territory police agencies also joining the force.
Establishing a comprehensive cloud governance strategy
With competitive corporate pressures to reduce IT operations and security costs, transitioning workloads and data to the cloud are unstoppable — but the most challenging question is how to govern the process to ensure a predictable, accountable, and scalable transition, and resulting cloud infrastructure that accounts for the diverse interests of the internal stakeholders and the regulators.
Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey
The expansion of AWS services has naturally led to increased complexity and risk. In fact, all of the companies surveyed have experienced at least one security incident in their public cloud environment in the last 12 months. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration.
Companies continue with cloud despite security blind spots
New report finds 100% of companies have experienced a security incident, but continue to expand their footprint as 64% report deploying new AWS services weekly.
Cloud misconfiguration a growing cause of security incidents
Every organisation deploying Amazon Web Services (AWS) has experienced at least one security incident.
Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments With Security Survey
As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service.
New research highlights significant AWS security blindspots
Vectra AI released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organization of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations.
Cyber-security blind spots in PaaS and IaaS environments
New report from Vectra AI finds 100% of companies have experienced a security incident, but continue to expand their footprint as 64% report deploying new AWS services weekly.
Almost Three-Quarters of Financial Services Institutions Trigger Suspicious Office 365 Download Alerts Every Week
Threat detection and response leader Vectra AI has released details of the top five Microsoft Azure AD and Office 365 threat alerts triggered within financial services organisations. The analysis, conducted during early 2021, recorded and categorised the potential threats detected by Vectra’s Cognito Network and Cloud Detection Platform deployments. Each of these detections represents an anomalous behaviour, and therefore helps security teams spot and stop cyber-attacks within their Microsoft cloud environments.
Ransomware Attacks Leave Lasting Damage
Organizations hit by ransomware attacks also report tightened budgets and lingering impacts on productivity, profitability and security posture, suggesting the extensive damage caused in the wake of ransomware attacks has long-lasting effects.
Study: 44% of Cloud Privileges Are Misconfigured
Varonis on Thursday released a report indicating that companies have to focus a bit more on securing their SaaS applications. The study found that 44% of cloud privileges are misconfigured, 3 out of 4 cloud identities for external contractors remain active after they leave, and 15% of employees transfer business-critical data to their personal cloud accounts.
Google Launches Bug Hunters Community
A little over 10 years ago, Google launched their Vulnerability Rewards Program (VRP), with the goal of establishing a channel for security security researchers to report bugs to Google and offer an efficient way for Google to thank them for helping make Google, users, and the Internet a safer place.
China and Cybersecurity: What IT and Security Pros Need to Know
After focusing almost exclusively on Russia for the first seven months of his presidency, Joe Biden’s White House shifted part of its cybersecurity attention to China on July 12, with the administration blaming hackers associated with one of the country’s security services with carrying out attacks on vulnerable versions of Microsoft Exchange email servers earlier this year.
LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk
The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber attacks, targeting both Linux and Microsoft systems and expanding its geographical reach, according to security researchers with Microsoft.
Google Launches New Site for Bug Hunters
Google celebrated the anniversary of its Vulnerability Rewards Program (VRP) by launching bughunters.google.com, a site that brings together all of the VRPs it has for Google, Android, Abuse, Chrome, and Play, and puts them on a single intake form that aims to make it easier for bug hunters to submit issues.
Vectra AI partners with Microsoft on zero trust security framework
Vectra is positioned as an integral part of the Microsoft Zero Trust model; it assumes breaches by investigating the behaviour of users, workloads, networks and devices as though they originate from an untrusted network. It does so by leveraging its analytics and understanding of users and accounts, tracking them between on-premises and cloud.
Resiliency Is Key to Surviving a CDN Outage
A short-lived outage at the content delivery network supplier Akamai on Thursday, which briefly knocked offline many corporate websites, is another indicator that companies need resiliency built into their systems. That means they should avoid relying on just one CDN provider, security experts say.
US & Intelligence Allies Formally Accuse Chinese State-Backed Hackers of the Microsoft Exchange Cyber Attacks, but Stop Short of Sanctions
The massive hack of the Microsoft Exchange email server software that took place early this year is estimated to have hit tens of thousands of victims, causing disproportionate chaos for smaller businesses. The Biden administration has formally declared that Chinese state-backed APT groups are to blame.
Kaseya Obtains Universal Decryptor for REvil Ransomware
Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2.
Tech Firm Hit by Giant Ransomware Hack Gets Key to Unlock Victims’ Data
The software company at the center of a huge ransomware attack this month has obtained a universal key to unlock files of the hundreds of businesses and public organizations crippled by the hack.
Data Leak Reveals Pegasus Spyware Found In Use Unlawfully in 20 Countries, With Capability to Break Current iPhone Security
Organized by Amnesty International and the Paris-based non-profit Forbidden Stories, the Pegasus Project involves 80 journalists in 10 countries. Its subject is the Pegasus spyware sold by NSO Group, a powerful tool that is supposed to only be available to law enforcement and intelligence agencies for legitimate and legal uses.
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
iPhone users, drop what you’re doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS.
Microsoft partners with Vectra AI on Zero Trust security framework
Vectra AI has announced the Vectra Cognito platform will deliver key Zero Trust capabilities for Microsoft 365 and Microsoft Azure customers. The company says it’s uniquely positioned as an integral part of the model, which assumes breaches by investigating the behaviour of users, workloads, networks, and devices as though they originate from an untrusted network.
Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal
Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal.
Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say
The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a “naming-and-shaming” approach — but researchers aren’t convinced the efforts will come to much in terms of deterring future activity.
Rail operator Northern shuts all ticket machines following a ransomware attack
UK rail operator Northern suffered a cyber attack targeting its newly installed self-serve ticketing machines across Northern England, forcing the operator to take all the ticketing machines offline.
Vectra AI in the News in 2020
Kawasaki Heavy Industries, a Partner of Defense Companies and Agencies, Reports Breach
Managing access control and data permissions is difficult without a proper understanding of the who, what, and where of data access models. To truly understand data flow and access, organizations need to observe privilege based on real world activity and assess the access that does occur. This would allow an organization to differentiate between what should and should not occur.
Critical Flaws Put Dell Wyse Thin Client Devices at Risk
Researchers at the security firm CyberMDX have uncovered two significant vulnerabilities in certain Dell Wyse thin client devices that, if exploited, could enable threat actors to remotely run malicious code and access files on affected devices.
SolarWinds hack: Security experts weigh in on US cyber-attack
The SolarWinds hack, which is reportedly being link to Russia, is shaping up to be the biggest cyber-attack this year. The attack targeted the US government, its agencies and several other private companies. It was first discovered by cybersecurity firm FireEye, and since then more developments are being reported each day.
Vectra and Baidam to offer cybersecurity scholarships for Indigenous peoples
Vectra AI has formed a new partnership with Baidam Solutions. This partnership provides First Nations’ people with scholarships, a full education and technical skills to combat the rise in cyberattacks against businesses, government and infrastructure.
Officials Use Language of War, Deterrence to Discuss US Response to Suspected Russian Hack
Causing 18,000 organizations, the vast majority of which were not actually targets of interest, to have to remediate and possibly rebuild their devices and networks represent a huge amount of collateral damage," Vectra's Oliver Tavakoli said. "Obviously, the concept of collateral damage exists on a spectrum – but we can probably all agree this attack was on the far end of the spectrum.
Have you been impacted by the massive SolarWinds hack?
Vectra's Ammar Enaya says this is a significant example of a well-executed supply chain attack compromising a popular IT administration tool as a penetration mechanism. The subsequent exploitation of authentication controls enabled the threat actor to pivot to the cloud and operate undetected for an extended time in Microsoft 365, which allowed them to gather intelligence.
Officials use language of war, deterrence to discuss US response to suspected Russian hack
The recentbreach, which began in March, targeted the SolarWinds Orion software, a popular IT network administration tool used by companies around the world and by U.S. government agencies including the Department of Homeland Security, the Treasury Department, the Department of Commerce, the Department of Energy, the Pentagon and the White House. The hackers attached malware to a SolarWinds software update that was downloaded by as many as 18,000 organizations.
The 25 Best Cyber Security Books — Recommendations from the Experts
While all of these things together sound like the makings of a best-selling fiction novel, the cyber security industry – and all of the threats and dangers that exist within it – is all too real. That’s one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment. Hashed Out reached out to many IT and cyber security experts within the industry to inquire about their favorite books on cyber security and create a comprehensive list of the “best cyber security books.”
Highly Skilled Hackers Breach US Agencies and Private Companies
United States officials have blamed Russian hackers for recent breaches at federal agencies, companies, and high-profile cybersecurity vendor FireEye, with the malicious activity appearing to come from highly skilled attackers. "Attackers could also set up automated workflows to consolidate all the activities and run them autonomously while quietly exfiltrating data," Vectra's Matt Walmsley shares.
5 NDR Vendors to Watch in 2021
Solutions Review’s NDR Vendors to Watch is an annual listing of solution providers we believe are worth monitoring. Companies are commonly included if they demonstrate a product roadmap aligning with our meta-analysis of the marketplace. Other criteria include recent and significant funding, talent acquisition, a disruptive or innovative new technology or product, or inclusion in a major analyst publication.
Cyber Experts Weigh-In on FireEye Breach, SolarWinds Supply Chain Attack
The recent supply chain attack, which has affected around 18,000 SolarWinds Orion customers, is thought to have been executed by a sophisticated nation-state threat actor. Vectra's Matt Walmsley says that IT administrators and security teams have access to highly privileged credentials as part of their legitimate work. Attacking the digital supply chain of their software tools is an attempt to gain penetration and persistence right at the heart of their operations, gain privileged access and to provide springboard out across their digital hybrid-cloud enterprise.
SolarWinds Cyberattack Likely Affected Thousands Worldwide
Vectra's Matt Walmsley comments on the recent SolarWinds breach, discussing how security teams need to drastically reduce the overall risk of a breach by gaining instant visibility and understanding of who and what is accessing data or changing configurations, regardless of how they are doing it, and from where.
The SolarWinds Perfect Storm: Default Password, Access Sales and More
A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password (“SolarWinds123”) that gave attackers an open door into its software-updating mechanism; and, SolarWinds’ deep visibility into customer networks.
Here Are the Critical Responses Required of All Businesses After SolarWinds Supply-Chain Hack
SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. John Mancini, senior product manager at Vectra, said that a core point of the DHS’ guidance for remediating the SolarWinds hack is to analyze for any listed indicators of compromise and then “identify potential behaviors in metadata that may be related to the compromise.”
A Safe Return to Office May Mean Higher Burden for Companies to Collect, Protect Medical Data
For many businesses, recovery from the pandemic fallout hinges in part on employees working safely and virus-free outside their homes. That leaves organizations facing the very real possibility that they will serve as both trackers and guardians of health data to ensure the safety of employees.
US Treasury, Commerce Departments Hacked
A number of key US government departments have been hacked, with concern that the attack has allowed a foreign power to monitor American government communication.
Hackers breach US agencies, Homeland Security a reported target
SolarWinds over the weekend admitted that hackers had exploited a backdoor in an update of some of its software released between March and June. The hacks are part of a wider campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers' computer systems.
Hackers breach US agencies, Homeland Security a reported target
Hackers breach US agencies, Homeland Security a reported target
The US Department of Homeland Security was the third federal department to be targeted in a major cyberattack, US media reported Monday, a day after Washington revealed the hack which may have been coordinated by a foreign government.
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack
In what may well turn out to be one of the most significant supply-chain attacks in recent years, a likely nation-state backed group compromised systems at SolarWinds and inserted malware into updates of the company's widely used Orion network management products that were released between March and June 2020. Matt Walmsley, EMEA director at Vectra, says the attackers likely manipulated Security Assertion Mark-up Language (SAML) authentication tokens used in Single Sign On to try and escalate privileges in the early stages of the campaign.
How Worried Should I Be About My Password Being Compromised, Stolen In A Data Breach? Experts Say This
After a major data breach, do criminals actually have your password even if it has been encrypted? Companies have various ways of encrypting passwords. There are also techniques called salting and hashing. The upshot is, the average user will not take the time to find out how the affected company does their encrypting—or hashing or salting for that matter.
Cybersecurity in 2021: 5 Trends Security Pros Need to Know
With 2021 fast approaching, cybersecurity experts and analysts note that cybersecurity will continue to evolve even as most of the world enters a post-COVID-19 era, with cybercriminals, threat actors and nation-state hackers ready to take advantage of whatever may happen next. This will keep CISOs, their security teams, as well as their counterparts in IT, trying to catch up and stay ahead.
The next big thing in security
Oliver Tavakoli, our CTO, shares his thoughts on the upcoming cybersecurity trends to watch.
Email Systems Breached at the US Treasury and Commerce Departments
Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.
Why accelerated cloud adoption exposes organisations to security risk
Chris Fisher, Vectra's director of security engineering APJ, shares that as our reliance on technology grows exponentially, so does the need for robust cybersecurity to protect users and keep data and business operations safe from hackers.
IoT Cybersecurity Improvement Act Signed Into Law
The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards.
Vectra unveils new Vice President of International Partner Sales
With more than 25 years’ experience in Enterprise Technology, including managing Channels, System Integrator and Service Provider (SI/SP) and Alliances, Jerome Jullien, now Vice President of International Sales, brings a strong track record of building successful business models for the Channel and will play a key role in managing and driving sales via the Vectra partner ecosystem.
Channel round-up: Who’s gone where?
With the market demand for NDR solutions is generating significant traction among forward-thinking enterprises with this set to continue into 2021, we're excited to welcome Jerome Jullien to the Vectra team as vice-president of international partner sales.
Suspicious Email Aimed to Get Users to Give up Office 365 Credentials
Researchers at Abnormal Security said Monday they blocked an attack where a malicious email impersonating one of their customer’s vendors bypassed the customer’s Proofpoint gateway and set up a trap to steal Office 365 credentials. Chris Morales, head of security analytics at Vectra, said the known partner compromise technique equates to internal spear phishing, when a phishing email that originates from a trusted and legitimate connection doesn’t get blocked by the email gateway.
Russian Hackers Exploit VMware Bug
To exploit VMware's vulnerability, an attacker must have access to the device’s management interface. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data. Chris Morales, our head of security analytics, discusses howthat this is why granted access does not equate to trusted access.
Europol Warns of COVID-19 Vaccine Crime Gangs
As the time for distribution of COVID-19 vaccines comes closer, law enforcement agencies across the world are warning of organized crime threats, including schemes to sell counterfeit vaccine on the dark web, as well as physical and virtual attacks targeting supply chain companies.
Vectra appoints Jerome Jullien as Vice President of International Partner Sales
We are thrilled to announce the appointment of Jerome Jullien as Vice President of International Partner Sales to its leadership team.
How to protect against ransomware
Instead of monolithic ransomware, or a single piece of software that did everything and was highly automated, today’s ransomware tends to be modular and often obtained from a malicious developer or acquired “as a service”. There’s an organized dark ecosystem for ransomware with component and service supply chains, not dissimilar to the structures and practices we see in the legitimate world. It’s expeditious to change and morph, which makes traditional fingerprinting for signatures less effective.
IBM Uncovers Global Email Attack on COVID Vaccine Supply Chain
This week, IBM Security X-Force uncovered a global phishing campaign targeting the COVID-19 Vaccine Cold Chain. The company’s task force dedicated to tracking down COVID-19 cyber security threats said it discovered fraudulent emails impersonating a Chinese business executive at a credible cold-chain supply company. The emails, dating back to September, targeted organizations across six countries, including Italy, Germany, South Korea, Czech Republic, greater Europe and Taiwan, the company said.
FBI: BEC Scams Are Using Email Auto-Forwarding
If businesses do not configure their network to routinely sync their employees' web-based emails to their internal network, an intrusion may be left unidentified until the computer sends an update to the security appliance set up to monitor changes within the email applications. This leaves the employee and all connected networks vulnerable to cybercriminals.
Phishing campaign threatens coronavirus vaccine supply chain
A calculated cybercriminal operation is targeting companies in the coronavirus vaccine supply chain with phishing emails that appear to be designed to steal sensitive user credentials, IBM Security X-Force said in a report released Thursday. The targeted organizations are all associated with a COVID-19 cold chain, a component of the overall supply chain that ensures the safe storage of vaccines in cold environments during storage and transportation.
BEC Scammers Leverage Email Auto-Forward Rules to Intersect Financial Transactions
The FBI this week made public a private industry notification warning that business email compromise (BEC) scammers are exploiting web-based email clients’ auto-forwarding rules to secretly gather intel on their targets and also hide their fraudulent communications. Moreover, if organizations fail to sync their web-based email clients with their desktop-based clients, this suspicious activity may go unnoticed by infosec personnel.
Ransomware gang says they stole 2 million credit cards from E-Land
Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. This is a timely reminder that ransomware operators have changed their tactics and become far more targeted. Not only are they performing data theft and public bullying, but they remain active inside an organization for extended periods prior to detection.
Sales of CEO Email Accounts May Give Cyber Criminals Access to the "Crown Jewels" of a Company
A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Email and password combinations are being sold for anywhere from $100 to $1,500 on Exploit.in, an underground hacker forum populated by Russian speakers.
FBI Warns of BEC Scammers Using Email Forwarding
The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification alert, noting that cybercriminals are increasingly implementing auto-forwarding rules on victims' web-based email clients to conceal their activities. According to the FBI, cybercriminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
On the Horizon
Next year we will also see more blurred lines across traditional channel boundaries. Sandra Hilt, senior director of channel sales for EMEA, at Vectra, shares her thoughts on how today’s channel partners are increasingly positioned as service-led, trusted advisors to their customers. Consequently, the offering of different service engagements is becoming more and more important.
Editor's Question - How can SME's best protect their company's data
Organizations that conduct almost all of their business online now face needing to protect an expanded threat surface. Ammar Enaya, our METNA regional director, shares his takes on how business can protect their data in the cloud.
Vectra sets A/NZ channel in sights with new leadership hire
Jerome Jullien has been appointed to the leadership team of network threat detection and response (NDR) vendor, Vectra, as the international partner sales vice president.
Machine Learning Models for Smart Cities
Artificial intelligence (AI) and machine learning (ML) will help make it possible to create an urban landscape that enables safe, efficient, convenient and self-optimizing traffic eco-systems, while dealing with highly increased complexity. As cities become “smarter”, data collected from sensors regarding energy consumption, traffic, sanitation, will all increase at a scale that makes it difficult for certain types of tasks to be done well by humans alone, or would be unthinkable without the aid of automated system.
Vectra Extends NDR to the Cloud With New Capabilities
The new cloud capabilities allow Vectra and its users to track and link accounts and data in cloud and hybrid environments. This helps users prevent the loss of visibility when environments expand to the cloud where users leverage multiple accounts and may access resources from shadow IT devices.
The psychology behind an insider threat
Analyzing the psychological underpinnings of an insider threat case is a complex undertaking because there is little evidence and scant public data about insider threat incidents.
Treating the underlying causes of cyber symptoms
Australia’s health sector is constantly the target of cyberattacks, and in the first half of 2020, a total o of all Australian data breaches were in the health sector. The real threat is already in healthcare networks in the form of privileged access misuse, the growth in healthcare IoT devices, and that the majority of attacks occur due to underinvestment in security operations or a lack of security awareness by insiders.
AI AND EQ
Adam Mendler sat down with our CEO, Hitesh Sheth, for a one-on-one interview. Hitesh shared his perspective on leadership, AI, and technology trends.
CISA warns public about online holiday shopping scams
With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.
US government warns of online holiday shopping scams
With the end of the year nearing, two U.S. government agencies are warning shoppers to be cautious of online holiday shopping scams, fake emails and unencrypted financial transactions. Vectra's Chris Morales noted that emails containing deals and links to discount websites that seem too good to be true will be the main cause of security issues during the upcoming Black Friday and Cyber Monday.
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
Techday's 10 Minute IT Jams provide sharp, to-the-point insights into emerging and established technology companies that operate in the Asia-Pacific region. In Techday's second IT Jam with Vectra AI, they speak with head of security engineering Chris Fisher, who discusses the organizational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organizations should take to protect employees from attacks.
Vectra expands cloud services to detect and stop threats across entire network
Vectra empowers security teams with continued analysis of how users are accessing, using and configuring cloud services based on logs from SaaS, and account usage from Identity Providers (IdPs) like Microsoft Azure AD. Vectra is uniquely positioned to protect this network of hybrid on-premise and cloud connectivity.
Vectra announces enhanced cloud capabilities
Private and trusted networks cannot be protected by old network security focused on malware signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has created a network where user identity has become the new perimeter
Vectra expands cloud services to see attacks moving between the cloud, hybrid and on-premises
Vectra has announced broader and deeper cloud capabilities to track and link accounts and data in hybrid environments.
AI and the US election
This Presidential election campaign has seen myriad stories and comments published online by supporters on both sides looking to influence voters. While many were written by humans, an increasing number were generated by AI. Advances in machine learning mean AI generated text is now almost indistinguishable from anything written by people.
Organizations look ahead to 2021 return to office, refocus on hybrid security
Organizations in the public and private sectors will continue to grapple with the security implications of remote or hybrid work environments. Between March and July approximately one-third of organizations said ransomware delivered by phishing increased over the five months prior. And more than half recorded a security incident, such as a breach. In the months that have followed, the threats have only accelerated as attackers show an appetite for exploiting anything COVID.
Vectra improves cloud services to protect complex hybrid networks
By seamlessly integrating with SaaS applications like Office 365, IaaS providers, identity providers and cloud virtualization platforms, Vectra is giving visibility into who and what is accessing data, regardless of how and where.
Chrome gets patched again, but 83% of users aren’t running the latest version
Menlo Labs discovered that there are 49 different versions of Chrome being used by their customers as of November 17. Vectra's Tim Wade explains that so long as there are zero days, which appears to be an indefinitely long, unceasing period of time, prevention will have a failure rate. What’s more important than prevention is resilience, which involves identifying security investments that minimize the impact of an attack.
Vectra expands NDR capabilities across all network environments
Private and trusted networks cannot be protected by legacy network security focused on signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has redefined the network and user identity has become the new perimeter. Vectra's cloud capabilities monitor threats across cloud, hybrid, and on-premise networks
Vectra expands NDR capabilities across all network environments
Vectra’s network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks. Targeted credential-based attacks are so powerful that they render some prevention processes useless - particularly email security, multifactor authentication (MFA), cloud access security brokers (CASBs).
Safe as houses?
We've been working from home for months and there is more of it to come. Just to cheer us up even more Chris Morales, head of security analytics for Vectra, says a load of our commonly-used apps may be insecure. Listen to this podcast for his tips!
What enterprise CISOs need to know about AI and cybersecurity
Modern day enterprise security is like guarding a fortress that is being attacked on all fronts, from digital infrastructure to applications to network endpoints. That complexity is why AI technologies such as deep learning and machine learning have emerged as game-changing defensive weapons in the enterprise’s arsenal over the past three years.
Vectra Launches First NDR Solution That Can Detect and Stop Threats Across the Entire Network
Private and trusted networks cannot be protected by old network security focused on malware signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has created a network where user identity has become the new perimeter. Vectra is uniquely positioned to protect this network of hybrid on-premise and cloud connectivity with our learning behavioral models that stitch together hosts and on-premise and cloud identities to stop attacks earlier in the kill chain.
Vectra Expands Cloud Services
The rise of targeted credential-based attacks negate email security, multifactor authentication (MFA), cloud access security brokers (CASBs), and other threat-prevention approaches normally established to protect users because these malicious account-based attacks look like legitimate user actions. Vectra ties together all host and account interactions as they move between cloud and on-premise environments in one consolidated view, to drastically reduce the overall risk of a breach.
Vectra Expands Cloud Services To See Attacks Moving Between The Cloud, Hybrid And On-Premise To Drastically Reduce The Risk Of Breaches
Vectra is first to use cloud identities to track and link interactions between hosts and accounts across the entire network. Vectra’s enhanced capabilities mark the first, and only, NDR solution that can detect and stop threats across the entire network, tying together attacker activities and progression between cloud, hybrid, and on-premise networks.
Vectra expands cloud services
Vectra announced broader and deeper cloud capabilities to track and link accounts and data in hybrid environments. Vectra empowers security teams with continued analysis of how users are accessing, using and configuring cloud services based on logs from SaaS, and account usage from Identity Providers (IdPs) like Microsoft Azure AD.
Data of 27 Million Texas Drivers Compromised in Breach
An unauthorized person apparently gained access to a database of insurance software firm Vertafore earlier this year and compromised the driver's license data of over 27 million Texas citizens, the company detailed this week. The possibility that a system vulnerability does not exist could mean the data was obtained through a database configuration error, says Tim Wade, Vectra's technical director of the CTO team.
How to protect yourself from cybercrime this Christmas
Experts have warned that cybercrime is likely to increase as more people prioritize online shopping over in-store purchases due to the Covid-19 pandemic. The National spoke to a number of cyber security experts who offered readers tips to help keep the online criminals at bay.
How the Cloud Changes Everything
Organizations' migration to the cloud is a broad term that encompasses many different trends, three of which our CTO, Oliver Tavakoli, unpack and discuss in his article.
Wave of Cyber Attacks Hits US Healthcare System as FBI Warns of Coordinated Criminal Campaign
Healthcare facilities have become an increasingly popular target for ransomware groups in the past year. While an uptick in cyber attacks on United States hospitals might otherwise be attributed to that general trend, the FBI is warning that it has evidence of a coordinated criminal attack on the country’s healthcare system.
Price Dropped on Hacked Educational RDP Details
Hackers selling network access to 7,500 educational establishments have reportedly dropped their asking price. Reports emerged last week that access was being sold by a threat actor on multiple Russian hacker forums and as well as educational organizations. The package also included access to corporate networks from other verticals, such as entertainment and the bar industry.
Government Security Alerts: Why Cybersecurity Pros Must Pay Attention
In the run-up to the 2020 U.S. elections, with reports of possible hacking and disinformation campaigns on everyone’s mind, it was easy to have missed a rare press release issued by the National Security Agency (NSA)—a part of the federal government not known for making significant public announcements. While it’s still unusual for the NSA to publicly list a series of vulnerabilities that are actively exploited by nation-state threat actors, the agency has been taking on a more public-facing role when it comes to cybersecurity.
Silicon Valley Social Media Companies Work With FBI to Squash Global Cyber Threats
A major global cyber threat to election security was squashed by the FBI with the help of Silicon Valley social media companies. Hitesh Sheth, our CEO, was interviewed to give his thoughts on using cybersecurity to combat the spread of disinformation.
Vectra appoints Garry Veale as regional director for the United Kingdom and Ireland
Vectra announced the appointment of Garry Veale as regional director for the United Kingdom and Ireland, following another calendar quarter of exceptional business growth. As NDR continues to gain momentum and recognition as essential to business security operations and incident response, Veale will play a pivotal role in driving the continued success of Vectra expansion across the region.
The rise of viral threats and network detection and response
When it comes to managing cyber-threats, the traditional focus has been on prevention, but today, good cyber-health requires a more balanced approach as more organisations experience increasingly complex and targeted attacks.
Security risks surrounding the presidential election, and the importance of voter data protection
Besides civil unrest and other physical security threats, the 2020 election also faces significant digital threats that could wreak havoc on U.S. election infrastructure and the legitimacy of the results.
6 Cybersecurity Lessons From 2020
The COVID-19 pandemic and the newly distributed workforce that it engendered upended security strategies and forced a rethink of approaches to securing remote workers and supply chains at many companies. With more users accessing enterprise systems and data from their homes, attack surfaces increased dramatically. Enterprise security teams found themselves scrambling to implement new controls to manage threats due to their increased risk exposure.
C-suite career advice: Hitesh Sheth, Vectra AI
Our CEO, Hitesh Sheth, sat down for an executive Q&A to share career advice and other lessons he's learned while working.
FBI: Ransomware Attacks Against Hospitals Are Imminent Threat
CISA released a joint statement co-authored with the FBI and HHS describing the tactics, techniques and procedures (TTPs) that are being used by cybercriminals to extort healthcare organizations and hospitals with ransomware during COVID-19.
Feds Issue Warning About Surge in Hospital Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the Department of Health and Human Services are warning healthcare providers to take precautions to protect their networks from threats, which include attempts to infect systems with Ryuk ransomware. CISA, FBI, and HHS encourage healthcare organizations to maintain business continuity plans to minimize service interruptions.
Ransomware Crisis Affecting U.S. Hospitals: What the Experts Say
Recent reports from the Federal Bureau of Investigation (FBI) indicate that hackers are unleashing a major ransomware attack wave on hospitals across the United States. In what they term “a wave of data-scrambling extortion attempts” aiming to lock up hospital IT environments even as the COVID-19 epidemic spikes.
CISA: Ransomware Activity Targeting the Healthcare and Public Health Sector
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. Criminals have moved to lower volume, but highly targeted ransomware attacks. These are multifaceted, complex, and unfold over extended periods of time and increasingly use the legitimate tools within networks and cloud services.
Treating the underlying causes of healthcare’s cyber security symptoms
Chris Morales, our head of security analytics, shares his thoughts on security in healthcare. Through Vectra's own research as well as in the wider industry context, it's understood that the real threat is already in healthcare networks in the form of privileged access misuse; the growth in healthcare IoT devices is overwhelming and dangerous; and a majority of attacks occur due to negligence and a lack of security awareness by insiders.
Hackers target Pfizer exposing sensitive patient information
Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information. Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Cybercriminals Could be Coming After Your Coffee
While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity—or even become entry points for attacks against enterprise assets.
These Are the Most Exploited Flaws by Chinese Hackers According to the NSA
The NSA has gathered enough cyber-attack data from Chinese hackers and has the list with the most exploited flaws. Oliver Tavakoli, our CTO, comments on the breadth of products covered by the list of CVEs.
Malicious SharePoint and OneDrive Links Are a Phishing Scammer’s Dream
Attackers are exploiting the rapid adoption of cloud-based collaboration services such as Microsoft’s SharePoint Online and OneDrive by leveraging them as a social engineering tool to trick users into clicking on malicious links, often for the purpose of wire fraud or supply chain fraud. Oliver Tavakoli, CTO at Vectra, agreed that these kind of phishing scams tend to be more successful since the email is sourced by an internal party, rather than being from an external party pretending to be internal, and the links to SharePoint or OneDrive files reinforce to the victim that this is an internal communication.
The Covid effect on cybercrime
With people’s health, jobs and finances all under threat, cyber monitors report an increase in e-mails enticing users to click on unsafe links, purportedly offering information on rising local case numbers, advice on safety measures, tips for claiming stimulus cheques, as well as alerts on coronavirus-linked investment opportunities or relief donations. Ammar Enaya, our Regional Director (METNA), talks about how ransomware, privileged access abuse, data loss and poorly configured services that create vulnerabilities are significant risks.
How cyber-attackers use Microsoft 365 tools to steal data
It’s been well documented that 2020 has seen a sharp rise in cyber-attacks, and almost no industry has been spared. Software tools, especially those that facilitate remote collaboration, have seen a surge in user engagement - but even these aren’t immune to the proliferation of cyber-attacks. Microsoft’s Office 365 is no exception, as explained in Vectra's 2020 Spotlight Report on Office 365.
NSA: Chinese Hackers Exploiting 25 Vulnerabilities
The U.S. National Security Agency (NSA) is warning that Chinese-linked hacking groups are exploiting 25 vulnerabilities in software systems and network devices as part of cyberespionage campaigns - which means patching is urgent. NSA analysts say China-backed hackers are targeting the U.S. Defense Department as well as America's national security systems and the private defense industry, using vulnerabilities as launching pads into networks, according to the alert.
Dealing With Insider Threats in the Age of COVID
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working. Hitesh Sheth, our CEO, discusses how organizations can navigate the distributed workforce landscape when it comes to insider threats, and recommends security postures that anticipate the actual threats themselves by proactively detecting and responding to malicious behaviors that can lead to a data breach or theft.
NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
Trust in Remote Working Tools Declines as Need for Security Increases
As it becomes evident that the WFH model is going to be with us well into 2021 and there is a sense that many companies will not return to a pre-pandemic models of almost everyone working from an office all the time, longer-term and more sustainable investments into how employees connect to applications are being undertaken. Zero-trust and a bias toward cloud-native delivery of applications have become central to that direction.
NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers
The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The exploits themselves also cover a broad range of steps in the cyberattack lifecycle, indicating that many of the attacks in which these exploits were observed were already pretty deep into the attack progression – and many were likely found only after-the-fact through deep forensic efforts rather than having been identified while the attacks were active.
How Organizations Can Do Their Part And Be CyberSmart Beyond National Cyber Security Awareness Month
October is Cyber Security Awareness Month, which was created to raise awareness around the importance of cybersecurity and provide organizations with resources to be safer and more secure online. Chris Morales, head of security analytics, shares his thoughts on security Microsoft Office 365.
Barnes & Noble gets hacked; notifies customers of possible data breach
Barnes & Noble, American bookseller, has notified customers of a possible data breach that may have affected their personal information. Tim Wade, our Technical Director on the CTO Team, notes that incident response can be complex and messy, and the Barnes and Noble statement likely reflects that reality.
Barnes & Noble Investigates Hacking Incident
Barnes & Noble is investigating a security incident involving unauthorized access to its corporate systems, including those storing customers' email addresses as well as billing and shipping addresses and telephone numbers. Tim Wade, our technical director on the CTO team, discusses how attackers are constantly looking to take advantage of any weak point in your security posture just to gain entry to IT infrastructure.
Microsoft Office 365 Accounts a Big Target for Attackers
Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity. In new research, Vectra found that attackers are widely using Office 365 accounts to move laterally to other users and accounts within an enterprise, carry out command-and-control communications, and perform other malicious activities.
Vectra highlights how Office 365 tools are used in enterprise cyberattacks
With more than 250 million active users each month, Office 365 is the foundation of enterprise data sharing, storage, and communication for many organizations. This makes it a prime target for cyberattackers, who use Office 365's built-in tools and services to conduct breaches.
Vectra releases its 2020 Spotlight Report on Microsoft Office 365
Vectra's Spotlight Report on Microsoft Office 365 analyzes the usage patterns and behaviors of attackers within Office 365 services and tools. Ideally, when security teams face attacks within their Office 365 environments, they will have solid information and expectations about SaaS platforms to easily pinpoint and mitigate malicious behaviors and privilege abuse.
Vectra AI in the News in 2019
Ransomware attacks are getting more ambitious as crooks target shared files
The warning about ransomware attacks against shared network files and cloud services comes in the 2019 Spotlight Report on Ransomware paper from cybersecurity company Vectra, which has tracked a rise in network file encryption attacks during 2019.
How AI and machine learning can help you defend the enterprise from cyberattacks
Vectra Cognito is an AI-powered security platform that uses an analysis of known malware payloads and techniques to inform the machine learning models to detect future or unknown threats.
Vectra research reveals 90% of surveyed organizations exhibit a form of malicious remote desktop protocol (RDP) behaviors
Data from Vectra confirms that RDP remains a very popular technique for cyberattackers, with 90% of these deployments exhibiting RDP attacker behavior detections.
Vectra expands operations in the Middle East to address the growing demand for network detection and response in the cloud
Vectra, the leader in network threat detection and response, today announced that it is expanding business operations in the Middle East to arm enterprise organizations and managed detection-and-response providers with a platform to stop in-progress cyberattacks in the cloud.
Black Friday & cyber Monday security tips
KTVU's Alex Savidge spoke to Chris Morales, head of security analytics at San Jose based Vectra about online safety tips this holiday shopping season.
Cyber risks force banks to rethink vendor relationships
Precisely what could either augment or replace the maligned questionnaire is unclear. Full audits of vendors are labor-intensive and expensive, Chris Morales, head of security analytics at Vectra, said in an interview.
Banks warned to expect 'tougher' breach enforcement amid poor 'cyber hygiene',
Kevin Vanhaelen, Asia-Pacific regional director for cyber security company Vectra AI, said that 36 breaches in four months indicated that there was "still room for improvement".
Bill would mandate 'cybersecurity experts' on corporate boards
At many companies, “board members have made cybersecurity a priority and the chief information security officer is frequently invited to present or submit content for the board members to review,” says Mike Banic, vice president of marketing at Vectra.
Vedantu data breach exposes 687,000 customer details
“Here we have yet another poorly secured database on the internet that’s been copied. Startups, by their very nature, are extremely agile, but this can’t be at the expense of good data management and security practices,” said Matt Walmsley, director EMEA at Vectra.
Targeted ransomware attacks on the rise as ‘spray and pray’ attacks decline
The overall number of ransomware attacks may be on the decline but attacks have become more targeted in an attempt to siphon bigger ransom payments, according to research by cybersecurity firm Vectra.
DZ BANK taps Vectra to combat cyberthreat
German lender DZ BANK has chosen Vectra’s Cognito cyberattack-detection and threat-hunting platform to identify hidden threats within its network in real time.
Remote desktop protocol a cyber-risk in 90% of organizations
Between January and June this year Vectra, which uses artificial intelligence to spot suspicious activity on a network, detected 26,800 “suspicious” RDP behaviours among its customers, spread across more than 350 deployments.
NSO denies having spyware that can hack cloud servers
“This all comes down to an individual’s view on what is ethical, or what the legal use of these types of tools is exactly," says Matt Walmsley, EMEA Director at cybersecurity firm Vectra.
Neuralink security “has to be solid” to avoid brain hacking
Oliver Tavakoli, chief technology officer at cybersecurity firm Vectra, compares Neuralink’s potential to change our bodies to gene-editing tool CRISPR, in that both “can be good and for evil”.
Morrisons targeted by bogus ‘Willian Wilke’ email
“Attribution and understanding motivation of attacks or incidents is never precise so I’m not surprised there is confusion and speculation around this story,” said Matt Walmsley, head of EMEA marketing at cybersecurity firm Vectra.
Google fined €50m in “one of the first high-profile tests of GDPR”
“I’d expect Google to challenge the ruling, and we may see the conclusion produce an important test in law that will bring clarity around GDPR implementation for others,” says Matt Walmsley, EMEA director at Vectra.
Mass hack of German politicians 'very damaging' to government credibility
“For a country that holds individual privacy so dearly and has some of the region’s strictest data protection laws this is a very damaging attack, not least for the German government’s credibility to secure itself,” comments Matt Walmsley, EMEA director at Vectra.
Capital One breach: What was stolen in the mega hack and how?
However, Matt Walmsley, EMEA director at cybersecurity firm Vectra, said: “Cloud services, with all their many benefits, also come with unique security risks to be managed such as attacks directly aimed at cloud PaaS using stolen credentials, which would remain invisible to workload and cloud instance-centric security controls."
New European AI ethics guidelines announced
Matt Walmsley, EMEA director at Vectra, said: “It’s pleasing to see the EU commission moving from planning and debate towards pilot activity around securing trustworthy AI for us all.”
KI und Cyber Security in 2019
„Während viele Unternehmen bereits in Tools zur Cybersicherheit investiert haben, die grundlegende Techniken des maschinellen Lernens verwenden (wie Random Forest), wird Deep Learning im Jahr 2019 zur besten Methode für die Erkennung von Cyberangriffen werden“, sagt Gerard Bauer, Vizepräsident von EMEA bei Vectra.
Cyber security challenges in healthcare IoT devices
“In a hospital, the moving of patient data is quite normal,” explains Chris Morales, head of security analytics at Vectra.
If the police are vulnerable to cyber attacks, how safe is your firm?
Matt Walmsley, EMEA director at Vectra, said: “Whether they had a regulatory or legal need to inform the ICO isn’t clear – particularly if there has been no data breach.”
Sovereign fund tops up investment in cybersecurity
It was announced yesterday that the funding round was led by TCV, one of the largest private equity firms in the world, and brings the total raised by Vectra to $200 million.
12 Black Friday scams to watch out for
If you've never heard of a third-party website, avoid signing up for it, said Chris Morales, head of security analytics at Vectra.
Facebook confirms bug grants access to iPhone users' cameras
Despite the legitimate security concerns regarding Facebook, it appears this particular bug is nothing to worry about, said Chris Morales, head of security analytics at Vectra.
Daily Briefing - 08.08.19
Vectra research reveals that the most significant ransomware threat is the malicious encryption of shared network files in cloud service providers.
Banks warned to expect 'tougher' breach enforcement amid poor 'cyber hygiene',
"I would bet my bottom dollar that there are more that are yet to be discovered," says Kevin Vanhaelen, Asia-Pacific regional director for cyber security company Vectra.
Has your iPhone been hacked? Major attack may have exposed your data: Here’s how to stay safe
"These exploits have the ability to impact a significant share of mobile devices around the world," said Matt Walmsley, head of EMEA marketing at Vectra.
Is the world's growing reliance on a handful of cloud computing giants setting us on a path to disaster?
On an otherwise quiet Sunday last month, Snapchat failed, YouTube crashed and millions of Gmail users were left unable to log on to see their emails or documents.
Facebook's new cryptocurrency Libra has 'fundamentally bad design', claims top bitcoin developer
Matt Walmsley, director at artificial intelligence security firm Vectra, said regulators would still want to have oversight of the proposed new currency. “There are scant details of the proposed Libra block chain architecture. The UK’s Financial Services Authority would undoubtedly want to exert some kind of regulatory oversight.”
Tech firms race to get a camera in every home: Here’s how to protect your privacy
Matt Walmsley, EMEA Director at cybersecurity business Vectra, said: “Don’t just click through and accept the T&Cs without reading them. Look for options to manage the recording including limiting usage, sharing, and deletion, particularly if stored externally out in the cloud.”
Amazon employees listen in to thousands of customer Alexa recordings
Matt Walmsley, EMEA director at Vectra, said that the report is "a reminder that whilst AI is increasingly powering our digital services, there are often still humans involved in the background, either curating data or acting as an integral part to its processing."
Tech companies are collecting 'creepy' amounts of data on your every move: Here's what they know
“Taking this data just flat out seems creepy,” says Chris Morales, head of security analytics at Vectra. “This was always going to happen,” he said. “Let's call it what it is, Amazon and Google are data companies. Honestly, living in the Bay Area, knowing tech companies, they will try to get as much as they can until somebody says no to them.”
Vectra expands cybersecurity operations to APAC, opens regional headquarters in Sydney
Network threat detection and response services provider Vectra has established business operations in the Asia-Pacific region. Vectra has set up its regional headquarters in Sydney.
Ecuador citizens’ data breach holds lessons for enterprises
After a data breach of more than 20 million entries hit the country, it’s fairly likely that if you are one of Ecuador’s 16.6 million citizens, some data relating to you has just been disclosed.
How to protect your business from cyberattacks that exploit Microsoft's Remote Desktop Protocol
Vectra detected 26,800 suspicious RDP behaviors in more than 350 deployments from January to June of 2019, according to the report.
90% of businesses facing RDP attacks
Research from network threat detection and response company Vectra suggests that 90% of organizations could be facing some form of malicious RDP behaviors.
Researchers use lasers to hack smart speakers
"I find the idea of using lasers to issue voice commands as interesting but not compelling," observed Chris Morales, head of security analytics at Vectra.
'Serious' Linux Sudo bug's damage potential actually may be small
"The system configuration of allowing a user to run a command as any user except does not seem normal to me," says Chris Morales, head of security analytics at Vectra.
Microsoft exposes Russian cyberattacks on phones, printers, video decoders
The lack of security progress can be frustrating to practitioners, suggested Chris Morales, head of security analytics at Vectra.
Deepin Linux: security threat or safe to use?
"I would feel more comfortable with open source code because anyone can review the code itself to understand what is happening and then modify the code as necessary," Chris Morales, head of security analytics at Vectra, told LinuxInsider.
Should you use a VPN for security? Experts weight in
“Think carefully about the VPN provider you use. Many of the free VPN providers are in the business of monetizing your personal data to pay for their services," says Chris Morales, the head of security analytics at Vectra.
Johannesburg city council network down following a cyberattack
“Extortion is a well-established approach for cyber-criminals and is used through tactics that include threatening denial of service, doxing, and ransomware," says Matt Walmsley, EMEA Director at Vectra.
Vectra: Healthcare IoT devices and unsecured networks make industry a target for cyber attacks
“When you factor in how long it takes to discover a digital breach and a lean security staff in many healthcare providers, it becomes apparent that healthcare needs the awareness of what happens inside their network to quickly know the difference between what is an attack or business as usual,” Chris Morales, head of security analytics at Vectra.
Healthcare organizations must recruit CIOs with an understanding of today’s cybersecurity landscape
Chris Morales, head of security analytics at Vectra says the combination of IoT devices, legacy systems, unpartitioned networks, and weak access controls makes providers particularly vulnerable.
Is the cloud safe? – Reducing business risk as enterprises aggressively move to the public cloud
In this podcast, TCV’s Tim McAdam and Vectra CEO, Hitesh Sheth, talk about what it takes to reduce business risk in the cloud – and keeping enterprises, consumers and their transactions/interactions secure – while capitalizing on the tremendous opportunities the cloud offers.
Vectra unveils privilege-aware network detection and response solution
“The real-time assessment of trust is performed by continuously observing the behaviour of user accounts, services and hosts on the network,” said Dr. Jacob Sendowski, director of product management at Vectra.
Vectra to address growing demand for cloud NDR solutions in Middle East
Fueled by a recent $100 million Series E funding round, Vectra regional headquarters in Dubai is crucial to the company’s global go-to-market channel strategy to deliver advanced AI to detect and respond faster to cyberattacks.
Biggest ransomware threat is the network: Vectra
The 2019 Spotlight Report on Ransomware is based on observations and data from the 2019 Black Hat Edition of the Attacker Behavior Industry Report, which reveals behaviours and trends in networks from a sample of over 350 opt-in Vectra customers.
Vectra expands Middle East operations
Regional presence is critical to the company’s global go-to-market channel strategy to deliver advanced AI to detect and respond faster to cyberattacks.
Why humans remain at the core of good security operations
The use of AI in cybersecurity not only expands the scope of what a single security expert is able to monitor, but importantly, it also enables the discovery of attacks that would have otherwise been undetectable by a human.
TCV backs Vectra in $100 million fundraising round
Technology-focused growth equity investor TCV led a $100 million fundraising round for Vectra, which offers network detection and response solutions.
Banks warned to expect 'tougher' breach enforcement amid poor 'cyber hygiene'
Kevin Vanhaelen, Asia-Pacific regional director for cyber security company Vectra AI, said that 36 breaches in four months indicated that there was "still room for improvement".
City of Johannesburg threatened with ransomware data release
“Extortion is a well-established approach for cyber criminals and is used through tactics that include threatening denial of service, doxing, and ransomware,” explained Matt Walmsley, EMEA director at Vectra.
UK's NCSC suggests automatic blocking of common passwords
"Easy to remember phrases are stronger than 12-digit passwords using numbers and characters,” says Chris Morales, head of security analytics at Vectra.
UK government proposes digital harms legislation to regulate online content
Matt Walmsley, EMEA director at Vectra, notes that artificial intelligence is both the cause and cure for some of the problems. "We've already seen with the Cambridge Analytica scandal that the speed and scale at which data is now processed and acted upon can have significant societal impact.
"Splintering" makes hacking passwords 14 million percent harder
Whether it will be accepted by the market is a different matter. "Personally, I find blockchain is a solution looking for a problem," comments Chris Morales, head of security analytics at Vectra.
Ransomware causes disruptions at Johannesburg power company
Matt Walmsley, EMEA Director at Vectra, commented on the incident, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organizations who they believe will have a higher likelihood of paying a meaningful level of ransom.”
Organizations warned of dual threat posed by RDP and disruptive ransomware
"Having gained access to the infrastructure, reconnoitered the network, moved laterally through it, and exfiltrated all they want," Vectra's head of security analytics Chris Morales told SecurityWeek, "ransomware might be the final act of getting as much money as possible."
Network shares are a primary target for ransomware
The migration from encrypting local files to encrypting network shares is behind what Chris Morales, head of security analytics at Vectra, believes will be the next focus for targeted ransomware: cloud providers and MSSPs.
Myers-Briggs study examines employee personality traits and cyber behaviors
"I will say that scoring users is not a new concept in cyber security," Chris Morales, head of security analytics at threat hunting firm Vectra, told Security Week.
Inside GCHQ's proposed backdoor into end-to-end encryption
Chris Morales, head of security analysis says, “I understand why government agencies want access, but I also believe it fundamentally breaks the entire trust model of encryption and makes the entire of point of encrypting data for privacy useless. If the backdoor exists, who is going to 'watch' the 'watchers'?"
Industry reactions to nation-state hacking of global telcos
“The point being these attacks involved the use of already known tools common to anyone on the internet, yet the attacks still work,” says Chris Morales, head of security analytics at Vectra.
Industry reactions to massive Ecuador data leak
“While cloud computing’s instant provisioning and scale are valuable benefits, cloud administrators must know what they’re doing and ensure appropriate access controls are in place to protect their data," says Chris Morales, head of security analytics at Vectra.
Industry reactions to massive data leak in Germany
"Erosion of confidence in the government could benefit nation states wishing to promote political instability in Germany and it was interesting to see that the members of the right wing AfD party were not reportedly affected," says Matt Walmsley, EMEA director at Vectra.
Imperva notifies Cloud WAF customers of security incident
“Losing SSL certificates and API access to an enterprise network is concerning. Secure web gateways, firewalls, intrusion detection and prevention systems, and data loss prevention (DLP) products all perform some form of SSL intercept and decryption to perform DPI,” Chris Morales, Head of Security Analytics at Vectra.
Impact of U.S. government shutdown on cybersecurity
“The biggest concern about the shutdown is that it would hamper the government’s ability to attract and retain good cybersecurity talent," says Chris Morales, head of security analytics at Vectra. "Private sector cybersecurity jobs pay much more lucrative salaries and benefits, which makes it much harder for government agencies to compete."
Hacker erases email provider's servers, backups
"This kind of destructive attack, with no stated motive or demands, is quite rare. An organization losing all of their data, and all of their customer data, is a nightmare scenario that could easily put a small company out of business and cause a huge financial impact on a large enterprise,” says Chris Morales, head of security analytics at Vectra.
Google launches new cloud security services
“Any type of new services offered by the cloud vendors are useful, but there isn’t anything new being offered that was not already on offer by an existing vendor,” says Chris Morales, head of security analytics at Vectra.
Can you trust security vendor surveys?
“When you read the results,” suggests Chris Morales, head of security analytics at Vectra, “always read the questions first to identify potential bias or if they are leading the respondent.
Artificial intelligence threat detection firm Vectra raises $100 million
Vectra CEO Hitesh Sheth told SecurityWeek that the new funds will primarily be used for global market expansion.
Apple unveils privacy-focused authentication system
“Google once had the slogan ‘don’t be evil’. It is all big companies trying to be the central point of authentication. I’m sure it works great, however, I think the privacy angle is more geared towards marketing than anything else,” says Chris Morales, head of security analytics at Vectra.
The active cyber defense bill is back on the table
"Notice that after any major cyber-attack, it usually takes weeks to determine who's responsible for it, and even those determinations are hedged with uncertainty," warns Hitesh Sheth, CEO of threat detection firm Vectra.
Spectre, Meltdown vulnerabilities will haunt industry for years
"While these are scary threats, the ability to execute an attack using these flaws is hard," says Chris Morales, head of security analytics at Vectra. "The speed to extract data from system memory is very low and stealing anything more than a simple password could take days or much longer."
90 Percent of organizations exhibit malicious Remote Desktop Protocol (RDP) behaviors
The Remote Desktop Protocol (RDP) is one of the top tools utilized by cyber attackers to move laterally and exfiltrate data from a network before introducing their malicious software to perform internal reconnaissance, according to a new Vectra 2019 Spotlight Report on RDP.
Capital One: What’s in your cloud?
"It would be easy to say Capital One should have not made this kind of mistake, but when organizations transition to the cloud, these type of mistakes and misconfigurations are unfortunately common," says Chris Morales, head of security analytics at Vectra.
Ransomware = Biggest threat to cloud, data and enterprise infrastructures
According to the “Vectra 2019 Spotlight Report on Ransomware”, recent ransomware attacks have cast a wider net to ensnare cloud, data center and enterprise infrastructures.
Capital One announces data breach affecting 100 million customers
Chris Morales, head of security analytics at Vectra, “It’s still early, and I think this one is going to develop out a bit more. However, I wouldn’t put it at the same level as the Equifax breach."
City power hit by ransomware attack
Matt Walmsley, EMEA Director at Vectra, says, “We’re seeing ransomware becoming a far more focused tactic where cybercriminals take time to profile and target organizations who they believe will have a higher likelihood of paying a meaningful level of ransom."
How to meet the growing demand for cybersecurity professionals
According to Mike Banic, Vice President of Marketing at Vectra, “One of the things we find in Ireland is there are a lot of engineers that have great cloud skill sets,” he says. “They have cyber experience and the platform-level experience we need for cloud. Having those skills allows us to have the team take ownership of a complete product.”
Healthcare industry at risk due to IoT devices and human error
"Healthcare IT security teams are often kept in the dark and behind the curve when it comes to changes in infrastructure,” says Chris Morales, Head of Security Analytics, Vectra.
March Madness signals opening of phishing season
“Typically, an organizer will send out links from a sports-centric website to the interested participants to allow them to join a group. This creates a situation where the participant may be unaware of the authenticity or safety of the website for the link sent by the organizer, making their personal data vulnerable to cross-site scripting attacks, hidden redirects and website forgery,” says Mike Banic, VP of marketing at Vectra.
Privacy versus security battleground in 2019
"This raises the question, are cybersecurity and privacy mutually exclusive? Or is it possible to have both? A quick analysis of the commercial solutions available from cybersecurity suppliers provides valuable insight,” explains Mike Banic, vice president of marketing at Vectra.
Do not use: Top 15 'worst passwords'
"I understand the intent of providing a black list of passwords users should not use. However, I think the larger problem is that passwords are a poor choice of authentication and we are stuck with it," says Chris Morales, head of security analytics at Vectra.
Apple launches new 'private, secure' sign in
“It is all big companies trying to be the central point of authentication. I’m sure it works great, however, I think the privacy angle is more geared towards marketing than anything else,” says Chris Morales, head of security analytics at Vectra.
Hacker hits 'secure email' company, wipes out U.S. database
Chris Morales, head of security analytics at Vectra says, ”the first thought that comes to mind is this is a service being sold as a secure email. The second is that if this is secure email then where are the offline backups and archives?”
Citrix breach: What we know so far
"While we often point to lack of maturity of security operations as to why a company would miss an attack, it is even more unfortunate when a security vendor is compromised who does have the skills and capabilities to defend against cyber attacks,” says Chris Morales, head of security analytics at Vectra.
Industrie 4.0: 2019 muss das Jahr der IIoT-Sicherheit werden
Der Bericht von Vectra kam zu dem Schluss, dass "IIoT-Geräte zusammen eine riesige, leicht zu durchdringende Angriffsfläche bieten, die es Cyber-Kriminellen ermöglicht, im Inneren zu suchen, um kritische Assets zu stehlen und die Infrastruktur zu stören."
UK ‘solidifies’ plans for offensive cyber capabilities
Matt Walmsley, EMEA Director at Vectra commented to SC Media UK: "The need to deny, degrade, or counter digital attacks by nation states, and other nefarious groups means that offensive cyber competencies are part of the arsenal that modern governments all have access to."
The state of cybersecurity in the healthcare industry and how it is improving
Vectra’s Attacker Behaviour Industry Report 2019, reveals that some of the most common attack behaviours against healthcare institutions from external threat actors are Command and Control (C&C) and reconnaissance.
Ransomware attack cripples Johannesburg power supplier
"We’re seeing ransomware becoming a far more focused tactic where cyber-criminals take time to profile and target organizations who they believe will have a higher likelihood of paying a meaningful level of ransom," said Vectra director Matt Walmsley.
IT professionals struggling to secure multiple cloud solutions at enterprises
“In some cases, ‘stealth IT’ means security and IT teams may not even know that new cloud services are being commissioned, and are creating visibility, control, and compliance gaps," says Matt Walmsley, EMEA director at Vectra.
NCSC “achieving its aims” with reduced criminal infrastructures attacking UK
Criminal cyber-infrastructures used to attack the UK have fallen with two thirds fewer IP addresses used by attackers in 2018 says the NCSC's latest Active Cyber Defense (ADC) report published earlier this week.
Microsoft confirms BlueKeep campaign, reiterates call to patch
"RDP is a valuable mechanism for threat actors to progress their attacks and certainly has a broader utility than simple cryptojacking attempts. RDP remains a widely exposed and vulnerable attack surface and will likely continue in the near future due to the protocol’s prevalent use," Vectra EMEA director Matt Walmsley told SC Media UK.
LockerGoga ransomware blamed for Norsk Hydro attack - impacts aluminium prices
Norwegian aluminum producer Norsk Hydro has confirmed it was hit by the LockerGoga ransomware variant on Monday evening and had to shut down some of its plants as a result.
Do you know how much your smart device knows about you?
From home entertainment and lighting to heating and cameras, almost every aspect of our lives can now be connected to a smart device that can respond to our every whim.
ICO data: Only 1 in 4 breached businesses compliant with GDPR due to slow reporting
Matt Walmsley, EMEA director at Vectra told SC Media UK: "Detection and response capabilities are a major security gap that’s important and urgent for many organisations to still address as the ability to know if one is compromised is fundamental to effective risk management.
Humans are 'better than AI' at discovering vulnerabilities, say humans
Matt Walmsley, EMEA Director at Vectra said: "Human creativity, intuition and contextual understanding remains at the very heart of good cyber-security practice and staying current with your patching is a key task to reducing your attack surface."
Half a million Ubiquiti devices potentially vulnerable
"Making device discovery ports and management interfaces available to public IP address ranges is never going to end well. This is an example of simplicity being traded against security, and in many cases, I suspect unknowingly so,” says Matt Walmsley, EMEA director at Vectra.
Google fined €50 million for breach of GDPR rules
Matt Walmsley, EMEA director at Vectra says: " I’d expect Google to challenge the ruling, and we may see the conclusion produce an important test in law that will bring clarity around GDPR implementation for others."
Vectra AI in the News in 2018
IA et cybersécurité: Info ou intox?
Vectra se démarque de Darktrace en proposant des modèles mathématiques de détection développés et testés sur un groupe de sociétés utilisant la solution, testés et calibrés avant d'être déployés en production pour l'ensemble du client de base.
Vectra scores $36 million for AI-enhanced cyberattack detection
Vectra, founded in 2010, plans to use its new capital on a broader global marketing campaign and for improvements to its software. To that end, the company is opening a new research and development center in Dublin, Ireland, where as many as 100 new hires will be made over a five-year period.
Zakrzewski’s take: AI’s asymmetrical cyberthreat
Many professionals at the RSA event in San Francisco said attackers are gaining the upper hand, in part because they're using AI. Vectra CEO Hitesh Sheth says it's a constant asymmetrical battle between hackers and the companies pedaling new solutions at RSA. "Really smart hackers are better than most of the vendors here today," he says.
How hackers use hidden tunnels to steal data and avoid detection
“It’s just like taking apart a car, moving it in small pieces and reassembling it on the outside,” says Chris Morales, head of security analytics at Vectra. Hidden tunnels can be created by hackers after they get a foothold into a company’s network through, for example, phishing attacks or exploiting an unpatched vulnerability.
Cybersecurity AI market worth $2 billion in 2018, will hit $30 billion by 2025
Artificial intelligence in security industry is expected to be valued at $2 billion in 2018 and is likely to reach $30 billion by 2025, at a CAGR of +30% during the forecast period insights shared in a detailed report by Research N Reports. Vectra is named in the report as a key innovator.
Following Tesla’s saboteur discovery, is AI the answer to corporate sabotage?
Employees pose a huge risk to their employers, even more so than cybercriminals, explains Chris Morales, head of security analytics at Vectra. However, most employers do not have security systems in place to stop attacks from internal sources.
30 years ago the Morris Worm changed our view of cybersecurity. What’s changed since?
"Enterprises are unable to spot reconnaissance and lateral movement attack behaviors, and security analysts and threat hunters cannot operate at the speed and scale to manually identify threats and close down their lines of communication and movement," says Matt Walmsley, Vectra EMEA director.
Marriott hack reaction: “It’s likely that every living human has been hacked”
“With a real treasure trove of valuable personal information having been lifted, this is undoubtedly going to damage the Marriot Starwood brands, and could have a significant direct impact for their affected customers identity assurance,” says Matt Walmsley, EMEA director at Vectra.
UK government launches IoT code of practice: Industry experts react
Matt Walmsley, EMEA director at Vectra, says that while the Code of Practice recognizes key IoT risks, there are problems surrounding it. “Voluntary codes of practices will likely only attract organizations who are already proactive and bought into addressing the issues the Code of Practice seeks to address,” he says.
Facebook security breach: Social media giant likely to escape $1.6 billion fine
"This particular software flaw compromise “isn’t surprising,“ says Chris Morales, head of security analytics at Vectra. "All code has these forms of flaw that allow unintended use of software, and the more complex the software gets the more likely these type of flaws exist."
Hackers are increasingly targeting energy companies – here’s how
“When attackers move laterally inside a network, it exposes a larger attack surface that increases the risk of data acquisition and exfiltration,” said Branndon Kelley, CIO of American Municipal Power, an electric-power generator utility that serves municipalities in nine states.
People plus machines, not people or machines: Experts respond to Bank of England AI comments
"AI augments nearly everything people do," says Matt Walmsley, EMEA director at Vectra. "What we need to remember is that AI runs on data, and that data belongs to people. People and AI combined are more efficient and productive than people or AI alone.”
UK could lead in AI, but only if ethical norms are set
AI could really make a difference in the world, especially in cybersecurity, says Matt Walmsley, EMEA director at Vectra. “AI is used to combat cybersecurity adversaries by analyzing digital communications in real-time and spotting the hidden signals to identify nefarious behavior, a task that is simply beyond humans alone."
Cyberattack risk for manufacturers outpaces other sectors
A 2018 spotlight report on manufacturing developed by Vectra shows that though some sectors like retail are more likely to experience reportable breaches involving personal data, manufacturing organizations outpace them in other areas of risk.
Anti-hacking firm’s €10m state support
The Irish Strategic Investment Fund has invested €10 million in a U.S.-based artificial intelligence cybersecurity business. The state-backed fund is one of a number of investors in a funding round worth of total of €30 million to Vectra, a California-based software company.
Prices plunge as bitcoin hovers close to 'death cross'
Vectra released a report Thursday showing that college students have begun mining cryptocurrencies at a significant rate. Higher education "easily surpassed" all other industries in "cryptocurrency-mining attack behaviors" from August 2017 through January 2018, Vectra found.
Hackers are traveling with you on your long-distance trip
Critical control systems on airplanes, trains and cars can be compromised. "A passenger could hack the onboard network, compromise users on the shared Wi-Fi hotspot or worse, bypass the firewall to compromise critical control systems while the vehicle is in operation," says Chris Morales, head of security analytics at Vectra.
Employee sabotage damaged Tesla production system
Because they are trusted and often have streamlined access to internal systems, employees can threaten corporate infrastructure unless the company takes extra security measures, says Chris Morales, head of security analytics at Vectra.
Russian hackers targeted Cancer Research UK and other British businesses
Magecart, an anonymous Russian group of cyber criminals, tried to steal the card details of people in the UK who had brought items through the cancer charity’s online gift shop. Matt Walmsley, EMEA director at Vectra, warned that charities are an “irresistible target” to hackers because they process large numbers of online payments.
Manufacturing industry at higher risk of cyberattacks thanks to industrial IoT
The manufacturing industry is displaying higher rates of cyberattack-related lateral movement and reconnaissance, according to a Vectra report released on Wednesday. This is due to the confluence of both operational technology and enterprise information technology networks, said the report.
Cyberattacks increasingly targeting enterprise IT networks in energy and utilities industry
Cyberattacks targeting energy and utilities firms have increased inside enterprise IT networks, rather than the critical infrastructure, according to Vectra's 2018 Spotlight Report on Energy and Utilities.
Cyberattacks against energy and utilities firms begin inside enterprise IT networks
“The covert abuse of administrative credentials provides attackers with unconstrained access to critical infrastructure systems and data," says David Monahan, managing research director of Enterprise Management Associates. "This is one of the most crucial risk areas in the cyberattack lifecycle.”
A cyber-skills shortage means students are being recruited to fight off hackers
“No matter how much revenue you have, you can’t find the people,” says Hitesh Sheth, CEO of Vectra, which makes the AI software the Texas A&M University System uses. “People leave in 12 months because someone else will give them a 30% bump in pay.”
Google shows off new Android dev tools
Smaller yet expanding devices may be more appealing to hackers than to consumers, warned Mike Banic, vice president of marketing at Vectra. The number of mobile vulnerabilities is highest on Android apps, largely due to its open source nature and the questionable security of third-party app stores.
Multi-pronged approach to tackle cyberskills gap
“Over time, enterprise has built technologies and bolted them on, and there is a way that you can remove the layers with AI, because it is a big data analysis — taking what all of these various components are doing as part of the evolution and really bringing it back into one product,” says Matt Walmsley, EMEA director at Vectra.
Autonomous apps and infrastructure: Who is in control?
"Organizations are moving towards more automation for very rational reasons," says Matt Walmsley, EMEA director at Vectra. "We need to understand how new AI tools work. This is new technology and we need to understand the fundamentals so we can understand how they work."
ISIF invests in cybersecurity firm Vectra
The Ireland Strategic Investment Fund (ISIF) committed €10 million to Vectra, a San Jose, U.S.-based cybersecurity company. The investment capital will assist Vectra in creating a research and development centre in Dublin. ISIF is part of a larger funding round of €30 million.
Violation massive de données des clients Starwood
"Les attaquants avancent lentement et par étapes pour obtenir des privilèges et adopter une variété de comportements avant d’accéder aux données souhaitées, de les exfiltrer," explique Gregory Cardiet, expert en cybersécurité chez Vectra. "La détection de ces comportements à un stade précoce est essentielle."
Les hackers creusent, aujourd’hui encore, des tunnels pour braquer les banques
C’est ce qu’il ressort du Rapport Spotlight 2018 sur les services financiers*, de Vectra, qui s’attache à analyser et présenter les comportements des hackers opérant dans les services financiers et 13 autres secteurs.
AI-powered U.S. cybersecurity firm Vectra brings 100 jobs to Dublin
Dublin will soon have a new R&D centre with 100 new jobs, thanks to U.S.-based AI-powered cybersecurity software firm Vectra. Vectra’s Irish R&D centre will be its first outside the US and comes off the back of an investment of about €10m from the Ireland Strategic Investment Fund (ISIF).
How are cybercriminals targeting financial services firms?
Vectra detected significantly more hidden command-and-control tunnels per 10,000 devices in financial services than all other industries combined, and more than twice as many hidden data-exfiltration tunnels per 10,000 devices in financial services than all other industries.
Are college students hopping on the cryptocurrency bandwagon?
Chris Morales, head of security analytics at Vectra, told Siliconrepublic.com: “Students who mine cryptocurrency are simply being opportunistic as the value of cryptocurrencies surged over the past year, with the value of bitcoin peaking at $19,000 in January 2018. "
Meltdown et Spectre : Deux failles processeurs qui agitent le bocal de la sécurité IT
"La faille Meltdown permet aux pirates d'élever les privilèges d'accès et d'exécuter du code pour lire et accéder à la mémoire au niveau du noyau, ce qui expose les mots de passe du système", évoque Chris Morales, responsable des analyses de sécurité chez Vectra.
L’intelligence artificielle au secours de la cybersécurité
«Ce que l’IA sait bien faire, c’est lire des paquets réseaux à grande vitesse et les comparer à des modèles de comportement, complète Grégory Cardiet, ingénieur avant-vente de Vectra. Est-ce que cette machine a un comportement d’attaque ? Certains malwares sont inconnus au bataillon. Ils n’ont été créés que pour ce client, le vol d’information est silencieux.»
Cryptojacking, ransomware threats continue to grow, warns NCSC
“The notion of a defined perimeter no longer works – the ‘attack surface’ is growing exponentially through the increasing use of IoT, mobile and BYOD computing, and digital supply chains, all of which provide hackers with a myriad of new entry points to make their assaults," says Matt Walmsley, Vectra EMEA director.
Government, tech firms invest £1bn in British AI industry
“Artificial Intelligence is here to stay, and will touch many parts of our working and private lives," says Matt Walmsley, EMEA director at Vectra. "It is yet to become truly autonomous in the workplace, but its deployment is already increasingly common in areas like decision support.”
AI needs ethics code, says House of Lords
“AI in today’s workplace is more ‘Robocop’ than ‘Terminator’s SkyNet,’" says Matt Walmsley, EMEA director at Vecta. "It augments human capabilities so that systems can operate at speeds and scales that humans alone cannot. In this context, moral risk is extremely low.”
AI to create jobs, claims PwC report
“AI is already changing the workplace, and in some areas creating new work opportunities,” says Matt Walmsley, EMEA director at Vectra. “In adversarial world of cybersecurity, AI is addressing a significant professional skills and resource gap and is reducing the barrier to entry to the cybersecurity profession.”
UK spy agency joins NSA in sharing zero-day disclosure process
"Zero days are saved for the most critical needs," says Chris Morales, head of security analytics at Vectra. Most attackers don’t like to waste this type of knowledge when they can simply convince a user to give them access to their system instead."
UK publishes minimum cybersecurity standard for government departments
Matt Walmsley, EMEA director at Vectra, notes the document focuses on the detection of known and common attacks. "Advanced attackers launch previously unseen threats using legitimate tools, zero-day vulnerabilities and exploits that bypass traditional signature defenses and detection approaches."
Reconnaissance, lateral movement soar in manufacturing industry
Vectra discovered a significant volume of malicious internal behavior, which suggests that adversaries are already inside the network. For example, Vectra noted that in many instances there was twice as much lateral movement as command-and-control traffic.
Ransomware hits Ukrainian energy ministry website
Matt Walmsley, EMEA director at Vectra, points out that there’s no evidence that the ministry’s internal systems or data has been breached. Only the web-facing service has been compromised in what appears to have been cyber-vandalism or low-level cybercrime unlikely to generate any significant monetary gain.
Ransomware hits the city of Atlanta
"The ability to detect the precursor behaviors of ransomware is the only way to get ahead of the attack," says Matt Walmsley, Vectra EMEA director. "Unfortunately, that's almost impossible to do using traditional manual threat hunting techniques. That's why forward-thinking enterprises are increasingly using AI-powered threat detection."
PyRoMine cryptominer spreads via NSA-linked exploit
“It was expected that attackers would replace ransomware with cryptomining as the most popular form of opportunistic attack," says Chris Morales, head of security analytics at Vectra. "We can see that many people simply are not paying ransoms, like in the recent case of the city of Atlanta."
NIST's new advice on medical IoT devices
"The most important aspects of any IoT security strategy are device identification, network segmentation and network traffic analytics," says Chris Morales, head of security analytics at Vectra. "IoT becomes a big data problem with lots of devices producing huge amounts of data and a large amount of remote access."
Microsoft patches remote code execution flaw in CredSSP
“In the big picture, there are a lot of variables that have to be right in a targeted environment for this attack to succeed," says Chris Morales, head of security analytics at Vectra. "Most importantly, the attacker needs to already be on the network and in a position between the clients and servers."
The malicious use of artificial intelligence in cybersecurity
“We must adopt defensive methodologies that are flexible and resilient rather than fixed and impermeable,” says Vectra CTO Oliver Tavakoli. “This is particularly difficult for legacy security vendors who are apt to layer AI on existing workflows rather than rethinking what they do in light of the possibilities that AI brings to the table.”
Industry reactions to USPS exposing user data
"Misconfiguration of systems is as big of a risk as system vulnerabilities," says Chris Morales, head of security analytics at Vectra. "APIs for external service integration is important to offer services to customers, but poor security practices in API access and design puts enterprises in danger."
Hidden tunnels to steal data are more widespread in financial services industry
From August 2017 through January 2018, Vectra's AI-based Cognito cyberattack-detection and threat-hunting platform monitored network traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments.
Hacker detection firm Vectra raises $36 million
Vectra today announced that it has closed a $36 million Series D funding round, bringing the total amount raised to date by the company to $123 million. The investment will be used to expand sales and marketing, fuel product development of its Cognito threat hunting platform, and open a new R&D center in Dublin, Ireland.
Cybersecurity tech accord: Marketing move or serious security?
"GDPR will have more impact since it has real teeth in the form of fines that can be as much as 4% of annual revenue if the personal information of EU based citizens is exposed or misused, and organizations must provide notification within 72 hours," says Mike Banic, vice president at Vectra.
Cyberattacks against energy sector are higher than average
"It's very easy for an attacker to get into an energy utility network, use the tools that are already there, such as Outlook web access, and then hide within the signal of things that are already happening," says Chris Morales, head of security analytics at Vectra.
The current limitations and future potential of AI in cybersecurity
"A form of deep learning known as convolutional neural networks has proven effective for image recognition because it performs comparative analysis based on pixels rather than the entire image," says Chris Morales, Vectra head of security analytics. "This is like looking at the individual trees rather than the forest."
Cryptomining rampant in higher education
Deeper analysis of these figures in Vectra's 2018 Attacker Behavior Industry Report shows the different stages of the attackers' kill chain found within different vertical industry sectors. Overall, 37% of detections denote C&C activity, 31% denote reconnaissance activity, 24% denote lateral movement, and 6% actual exfiltration attempts.
CISOs and the quest for cybersecurity metrics fit for business
“This is not a vendor issue,” said Chris Morales, head of security analytics at Vectra. The issue is about what makes a good metric. Morales goes deeper and offers specific metrics to include: dwell time, lateral movement, reinfection, network coverage and response time.
Attackers circumvent two-factor authentication protections to hack Reddit
"The level of detail Reddit provides," says Chris Morales, head of security analytics at Vectra, "is more than many larger organizations have provided on much more significant breaches. These details are based on an investigation and explain what happened during the breach."
Addressing the 3-million-person cybersecurity workforce gap
"AI augments the human capabilities to work at the scale and speed that manual approaches simply can't touch," says Chris Morales, head of security analytics at Vectra. "This would invaluable, given that a lack of time is one of the top job concerns being cited from IT and security professionals."
Operation Prowli infects 40,000 systems for cryptomining
"Cryptojacked machines are at the greatest risk when the price of cryptocurrencies fall because the profitability drops and the bot-herder who owns the machine may sell it to someone who wants to steal your sensitive data," says Mike Banic, vice president of marketing at Vectra.
UNC researchers pitch framework to fight password re-use
"It isn't password security that's critical or even whether it's re-used," says Mike Banic, Vectra vice president of marketing. "It's the use of two-factor authentication that better protects someone's identity and personally identifiable information. Just as you can't get drivers to use their turn signals, you can't get them to stop using weak passwords.
China suspected of massive Marriott data breach
"Hacks are getting bigger because the volume of data generated on the Internet every single day is so large," says Chris Morales, head of security analytics at Vectra. "Just like a user employs a search engine to get information, a cyber spy will search massive online databases for information."
Marriott: 500 million guest records compromised in data breach
"Data exfiltration inside encryption can circumvent security controls like data loss prevent," Morales says Chris Morales, head of security analytics at Vectra. "Systems that watch for exfiltration behaviors, rather than trying to inspect the data payloads, can provide a way to handle this challenge."
Facebook's data breach: Will it be the first test of GDPR?
"A lot of content that users post on Facebook is shared publicly and cannot be classified as private information," says Chris Morales, head of security analytics at Vectra. "This data breach is different than leaking your personal credit card, health information, or even your personal browsing history."
50 million Facebook accounts exposed due to software vulnerability
"All code has these forms of flaws that allow the unintended use of software," says Chris Morales, head of security analytics at Vectra. "The more complex the software gets, the more likely these types of flaws will exist."
House bill would create federal standards for data breach notifications
"I don't expect these laws to have any impact because financial institutions cannot report on what they do not know," says Chris Morales, head of security analytics at Vectra. "It took Equifax 78 days to even know a problem existed. They responded and reported the breach within 30 days after knowing."
Tor browser flaw could allow governments to bypass security settings
Tor is used by attackers as a form of bypassing perimeter security controls to establish remote access and for command and control," says Chris Morales, head of security analytics at Vectra. "It is also used to anonymize activity on the web that a person would not want to be monitored by an ISP or government entity."
Industrial manufacturing sector increasingly susceptible to cyberattacks
"Most manufacturers focus on ensuring global supply-chain up-time without enough regard to the ease an attacker can move about these large networks of machines communicating to cloud infrastructure and to other devices through automated processes," says Chris Morales, head of security analytics at Vectra.
Continued Russian attacks show weakness of industrial control systems
"Organizations need technology that automates the real-time analysis of communication, devices, administrators, and human behaviors on a converged network to detect intentional attacks or unintentional consequences," says Chris Morales, head of security analytics at Vectra.
LabCorp investigating possible attack and data breach
This latest incident shows that hospitals and healthcare organizations remain a target for attackers looking to steal personal data and other information, says Hitesh Sheth, the president and CEO of Vectra, which uses artificial intelligence and machine learning to detect hidden threats against enterprise networks.
Automated network security Is crucial, but no panacea
"The security industry is struggling with managing security at scale on a large amount of devices and at speeds that address problems as they occur," says Chris Morales, head of security analytics at Vectra. "It is becoming impossible for manual process to achieve the necessary scale and speed."
Cybercriminals using hidden tunnels to attack banks, financial institutions
Using its own Cognito detection and threat-hunting software, Vectra collected metadata and network traffic from 4.5 million devices from banks, financial institutions, as well as other enterprises, between August 2017 and January of this year.
Over 300,000 cybersecurity jobs remain open in the United States
There are over 300,000 cybersecurity jobs open within the United States, which includes more than 13,000 positions within state and federal agencies, according to an industry study released earlier this month.
TeenSafe data leak shows cloud security weaknesses
"TeenSafe is responsible for securing their customer's information in the cloud," says Chris Morales, head of security analytics at Vectra. "Even if this server was on-premises at TeenSafe within their perimeter security controls, this type of data should be secured with encryption and administrative access controls."
At-risk routers and Russian hacking plans stir talk at RSA
"This may seem like 'cybersecurity 101' advice but, only last month, default settings in some Cisco switches allowed over 168,000 devices exposed to the internet to be identified as vulnerable to illicit remote command execution via an admin protocol," says Matt Walmsley, EMEA director at Vectra.
Bitcoin, cryptocurrency mining find a home in higher education
The apparent open-ended market for cryptocurrency mining in higher education is one of several findings Vectra published in a study, "Attacker Behavior Industry Report," which the security vendor released Thursday ahead of next month's RSA conference in San Francisco.
Four years in Europe: Lessons in cybersecurity
"What is abundantly clear is that the sudden rise in demand for talent against a backdrop of relatively flat supply has created a hiring bottleneck in the path to establish a stronger security posture," writes Oliver Tavakoli, chief technology officer at Vectra.
Equifax breach still fuzzy in the rear-view mirror
It took Equifax months to identify an attack occurred and longer to properly respond and report the attack,” says Chris Morales, head of security analytics at Vectra. “The biggest issue is the ability to detect, respond, learn, and adapt quickly to attacks when they occur, before it can cause damage.”
Steigende Cyberrisiken und fehlende Ressourcen
Mit weiteren Cyberangriffen mittels Würmern ist ebenso zu rechnen wie mit Ransomware. Das ist ein Problem, denn wie in vielen technischen Sparten herrscht auch in der IT-Sicherheit chronischer Fachkräftemangel, der auch 2018 nicht abnehmen wird, meint Gérard Bauer, Vice President EMEA bei Vectra.
Das Netzwerk vor Cloud-Eindringlingen schützen
"Sicherheitsmanager stehen beim Schutz der IT-Infrastruktur vor einer großen Herausforderung, obwohl ihre Oberfläche durch Cloud-Migration stark vergrößert wird", schreibt Gerard Bauer, Vice President EMEA bei Vectra. "Mithilfe von KI können Eindringlinge erkannt werden, bevor sie einen Wolkenschaden verursachen."
Marriott Starwood data breach details: What was taken?
Incident response continues to take too long as security teams try to figure out what happened and how do we stop it happening again, says Chris Morales, head of security analytics at Vectra. "It's important to spot and close down an attacker earlier in its lifecycle to minimize or stop a breach from occurring."
Studie: Fertigungsbranche ist durch IIoT-Geräte und Industrie-4.0-Initiativen erhöhtem Risiko von Cyberangriffen ausgesetzt
Vectra, Anbieter von Lösungen für KI-basierte Erkennung von Cyberangriffen und die Verfolgung von IT-Bedrohungen, beobachtet mehrere Besonderheiten bei Angriffen auf die IT in der Fertigungsindustrie.
Vectra raises $123 million for global push of its AI-based security platform
Security startup Vectra closed a $36 million Series D funding round, bringing its total funding to $123 million. The company will use the latest investment to help build a research and development center in Dublin as it pushes its artificial intelligence (AI)-based platform into the global market.
Cybersecurity: Where the women aren’t
“The SIA Women in Security Forum will also inevitably provide an invaluable forum for mentorship of our future women leaders,” says Emily Corazza, manager of technology partnerships and strategic alliances at Vectra. “This isn’t just about women, it’s about creating accepting environments for diversity across the board.”
Trickbot banking malware has new trick up its sleeve
Matt Walmsley, Vectra EMEA director Vectra, says Trickbot's use of a network worm means it spreads like wildfire across vulnerable systems. “There are technical workarounds for the configuration of SMB v1 to mitigate against Trickbot, but most enterprises are blind to spotting active attacks inside the network as it moves laterally."
Share of cryptomining attacks grew from 7% to 32% of all attacks in just six months
Matt Walmsley, EMEA director at Vectra, told SC Magazine that the surge in cryptomining attacks is because of the financial opportunities that arise from cryptocurrency market values and the anonymity of the transactions.
Rampant cryptojacking harming organisations' cybersecurity, experts reveal
"There is a pattern between cryptocurrency values and the amount of cryptojacking that occurs," says Matt Walmsley, EMEA director at Vectra. "As cryptocurrency values increased, we found a corresponding uptick in the number of computers on university campuses performing mining or being cryptojacked by miners."
Protecting your 'digital jewels' from new public cloud threats
"What escapes most enterprise IT organizations is that attackers are probably already inside the network," says Matt Walmsley, Vectra EMEA director. T"hey hide by blending in with normal user traffic or in encrypted communications. And they hide in workloads where cloud service providers (CSPs) have zero visibility."
Hackers using brute-force attacks to infiltrate e-mail systems protected by MFA
"The task of quickly spotting the attacker behavior is beyond the speed and scale of humans alone," says Matt Walmsley, EMEA director at Vectra. "AI is now being used to combat cybersecurity adversaries by analyzing digital communications in real time and spotting the hidden signals to identify nefarious behavior."
Hackers attack energy companies' IT systems rather than ICS, says report
The Vectra 2018 Spotlight Report on Energy and Utilities said that while ICS is in the crosshairs, most attacks against the energy and utilities industry occur and succeed inside the enterprise IT network – not in the critical infrastructure.
GDPR comes into effect today: Fines will be levied
“GDPR is driving enterprises to encrypt PII but an unintended consequence is that encryption gives cyberattackers safe harbour in which to operate with impunity," says Matt Walmsley, Vectra EMEA director. "The hyper growth of encrypted communications is blinding traditional security that relies on deep packet inspection."
Email compromise to exceed £6.4 bn in 2018 as attacks increase say NCSC/NCA
"We need to put in place capabilities that detect and respond in real-time to active threats that have bypassed defensive controls and gained access and persistence within the organization," says Matt Walmsley, Vectra EMEA director. "Only then do we have the chance to get ahead of the attacks before they become critical security incidents.”
Dogcall RAT links NOKKI malware with Reaper Group – indicators provided
"The analysis and identification of signatures for the initial infection is always behind the threat becoming known and out in the wild," says Matt Walmsley, EMEA director at Vectra. "It’s not enough to build stronger defenses. Motivated and well-resourced attackers will always find a way given enough time and persistence."
Cyber tzar in cabinet called for to give CNI a policy lead
"The cybersecurity skills gap is alive and well, it’s challenging to hire and retrain cybersecurity talent," says Matt Walmsley, EMEA director at Vectra. "Within the next three years there will be in excess of 350,000 unfilled European cyber-security jobs than candidates."
Costly cryptojacking overtakes ransomware in the enterprise threat stakes
Chris Morales, head of security analytics at Vectra, warns that the enterprise must tighten up software supply chain assurance and balance the risks and rewards of internet access and browser controls. "Organizations need to balance that against constraining legitimate organizational digital activities," he says.
CNI needs shoring up after US, UK blame Russia for attacks
"Make sure you're not exposing your equipment's management interfaces and ensure you have changed the default admin credentials,” says Matt Walmsley, EMEA director at Vectra. “For perimeter devices with internet connectivity this is doubly important.”
AI defense versus IoT threat: And the winner is...
"Perimeter detection is designed to prevent attacks but that is always a law of diminishing returns, even when applying AI to breach prevention," says Chris Morales, head of security analytics at Vectra. "Even the best tools only achieve a 99 percent efficacy, regardless of vendor claims."
Active Directory attack could enable malicious domain controller setup
“Attackers establish a point of presence, perform reconnaissance, move laterally and escalate privileges, all before they move towards data manipulation, theft, or denial," says Matt Walmsley, Vectra EMEA director. "This means that there are many opportunities to detect and respond to active attackers."
£50m for law enforcement as government ups ante on cyberdefense
"Having the NCSC's oversight and support to UK businesses and public sectors for significant cyber issues is good news," says Matt Walmsley, Vectra EMEA director. "However, ultimately UK organizations can't rely on legislation, policing, or the government to minimise their cyber risk, instead they need to take direct ownership."
Zyklon password stealer exploits Microsoft vulnerabilities via spam campaign
“What stands out is that the Zyklon malware is being packaged with pricing tiers based on features,” says Chris Morales, Vectra head of security analytics. The malware is a very capable piece of code, yet it exhibits a sequence of common attacker behaviors similar to any other attack with the intent to infect, spy, spread, and steal.
Twitter urges users to change passwords after finding bug in password storage system
Whether serendipitous or ironic, Global Password Day found Twitter advising users to change their passwords after a bug in its password storage system. "Twitter is one of many web-based and mobile applications that do not require dual-factor authentication as the default,” says Mike Banic, vice president of marketing at Vectra.
Microsoft patches Remote Desktop Protocol exploit
“As long as companies properly monitor their internal environments for attacker behaviors, and can correlate this type of behavior with other attacker behaviors, they should have sufficient visibility to detect and respond to this type of reconnaissance behavior,” says Chris Morales, head of security analytics at Vectra.
Vectra AI in the News in 2017
Anime makeover app Meitu has major privacy red flags
The popular app that transforms your selfie into an adorable anime character demands access to your personal data and smartphone features to collect personal and private information about you. “Many apps collect data but they are usually from well-known firms we already trust,” says security researcher Greg Linares at Vectra.
Cyber insurance could lower risk of hacks before an M&A deal is completed
"Knowing that attackers may have free rein in a network for 99 days before they are detected, acquiring companies should be prepared for the potential risk and liability of a cyberattack for at least one quarter past the close of a deal," says Vectra CEO Hitesh Sheth.
NSA hack tool wielding follow-up worm oozes onto scene
“EternalRocks is the difficult second album from the community that gave us WannaCry," says Matt Walmsley, director of EMEA at Vectra. "It’s darker, more refined, but targeting the same audience and more of their favourite NSA 'Shadow Broker' exploits. All in the hope people failed to patch WannaCry."
China-based hacking crew pokes holes in UK firms and drains data
"These criminals continue to play a long game, prepared to wait months – even years – to harvest valuable data without being noticed," says Matt Walmsley, Vectra EMEA director. "Malicious code or indeed a live connection to a bad actor can sit, unnoticed like a leech, harvesting useful data slowly and consistently."
Yahoo! boo! hoo! hoo!: Verizon! hits! brakes! on! $4.8bn! biz! gobble!
"Businesses that lack transparency and willingness to discuss security matters in an honest and open way will impact the bottom line, and along with it their market value and reputation," says Vectra CSO Günter Ollmann. "This highlights that security is a strategic issue and shoud be included as part of any M&A due diligence.
Oops...some HP laptops shipped with hidden keylogger
Keyloggers are an important weapon in the arsenal of cyberattackers, says Chris Morales, Vectra head of security analytics. "They're often used in the recon phase of targeted attacks to steal user credentials and other sensitive information that are used to compromise user accounts. Keyboard loggers are hard to spot with consumer anti-virus."
Real-time security using artificial intelligence
Automation and the use of artificial intelligence-based methods to detect, triage and correlate cyber security attacks in enterprise networks can be a powerful means for rapid risk reduction. We recently connected with Vectra CEO Hitesh Sheth to better understand how all this can be accomplished on a modern platform.
Could scrapping the U.S. specialist worker visa scheme harm its competitiveness?
While the Trump administration's controversial travel ban continues to be blocked by courts, there's one visa category might be successfully targeted – the tech industry-favored H-1B. Vectra CEO Hitesh Sheth talks to @ShareRadioUK about how scrapping the new H-1B visa program could hurt America's competitiveness.
Was Sie zu Machine Learning und KI wissen sollten
Mehr Sicherheitsprodukte verwenden künstliche Intelligenz und maschinelles Lernen, um Bedrohungen zu erkennen. Das AI-basierte Cybersecurity-Unternehmen Vectra gibt neun Tipps, wie Lösungen bewertet werden können.
Nine security startups worth watching in 2017
Vectra applies machine learning to extract data from the network, distilling that information, and doing something useful with it. It is among the new wave of security companies that detects attacks in progress. To do this Vectra keeps a watch and gathers data based on everything in the network, keeping a real-time record of the activity.
Web app vulnerability enables Equifax breach affecting up to 143 million
Chris Morales, head of security analytics at Vectra commented "Enterprises have to realise they cannot address cyber-security by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today's advanced attackers.”
UniCredit Bank's third party leads to hack on 400,000 clients
As the second breach that UniCredit have experienced in a year, Matt Walmseley, EMEA director for Vectra told SC, “UniCredit needs to a take hard look at its security posture as well as that of its supply chain. It must make efforts to learn and adapt to new and changing threats. Automating the way that cyber-security personnel monitor and discover hidden threats is essential to protect customer information and identities.”
Vectra named a finalist for SC Awards Europe 2017
The editorial staff at SC Magazine named Vectra a finalist in two categories for SC Awards Europe 2017. Vectra is a finalist in the Best Behaviour Analytics/Enterprise Threat Detection category as well as Best Newcomer Security Company of the Year. "It is important to encourage and praise innovation, recognize those who raise the bar," says Tony Morbin, editor in chief at SC Media.
UK ushers in a new era with National Cyber Security Centre
Matt Walmsley, Vectra EMEA director, says that while the NCSC's role is welcome, the private sector needs to up its game: “As critical national infrastructure finally gets the attention it needs, the private sector must play its part or the overall effort will amount to little if a full scale cyber attack befalls key services – public or otherwise.
Most UK Uber users and drivers caught up in data breach
"We're now at a time where artificial intelligence needs to be introduced to identify and respond to threats automatically and in real-time, a task that humans alone are simply incapable of performing at adequate scale and speed," says Matt Walmsley, Vectra EMEA director.
Hotel hit by ransomware attack, report of guests trapped untrue
“Organizations may be repeatedly held hostage with new ransomware attacks – often by the same attackers," says Vectra CSO Günter Ollmann. "Professional hackers already know the network (of their previous ransomware victims) and know what pressures they can apply to guarantee payment."
Hikvision patches camera flaw that could allow hackers to execute code
Matt Walmsley, Vectra EMEA director, says the most effective, low-cost solution to securing IoT devices is for manufactures to better educate customers. “Smart devices need secure credentials that let the purchaser configure the device for their network and ensure the latest firmware images are installed."
Reaching the tipping point
Security experts are still divided on the battle between on-premises and cloud services, but the biggest threats remain those coming from the inside. Vectra CEO Hitesh Sheth says that “Bad actors will focus on the soft underbelly of data centers by gaining control of firewalls, servers and switches that make up the physical infrastructure.”
As CISOs look for more clarity in the noise, is the cloud the answer?
"Hijacking an open server port is the most effective way to install a backdoor in compromised cloud workloads," says Vectra CTO Oliver Tavakoli. "Our ability to detect the presence of previously unseen backdoors by monitoring traffic within the cloud provides unique protection against this important attacker technique.”
Are over-confident employees to blame for phishing success?
Not a big fan of phishing training for employees, Vectra CSO Günter Ollmann tells SC Media that “There’s always a better mousetrap. An informed attacker has the ability to make an attack indistinguishable from regular traffic so you end up training staff to be suspicious of every email.”
Arabic, Urdu, Persian, Pashto InPage processor used by three malware families
“We see this trend all the time in targeted attacks,” says Chris Morales, head of security analytics at Vectra. “Attackers understand their target's working environment, identify key software to compromise, and then once they establish a foothold, the attacker begins to snoop around for data to steal.”
Verizon to buy Yahoo for $4.48 billion
"There's an assumption that if breached organizations are sufficiently instrumented, they can detect breaches, track attackers' activities and enumerate precisely what data they had access to," says Vectra CSO Günter Ollmann. Unfortunately, most organizations aren't sophisticated enough to identify this level of threat activity.
Uber hid massive hack compromising data of 57 million for a year
“This breach happened at the same time Uber was under investigation by U.S regulators for the 2014 breach,” says Chris Morales, head of security analytics at Vectra. “There are many breach notification laws, especially in California, that require immediate notification to consumers. We are the ones put at risk here, not Uber.”
Researchers find multiple malware families leveraging InPage exploit
“We see this trend all the time in targeted attacks,” says Chris Morales, head of security analytics at Vectra. “Attackers identify key software to compromise to initially infect the target, establish a foothold and begin to snoop around for data to steal.”
Researchers untangle Patchwork gang's cyberespionage attacks
“The motivation of the attacker is always financial or competitive gain or theft of intellectual property,” says Chris Morales, Vectra head of security analytics. “The constantly changing landscape makes it nearly impossible to track cyberespionage organizations without a team of researchers focused on attribution.”
Leaked NSA hacking tools prove to be eternally annoying
EternalRocks is targeting the same SMB demographic, but it has been described as more sophisticated, if less dangerous. Chris Morales, head of security analytics at Vectra, described the new worm as being darker and more refined and if left undetected has the ability to rapidly spread.
HP fixes hidden, deactivated keylogger in 460 laptop models
"Why would a hardware vendor install this kind of software on their computers?" asks Chris Morales, head of security analytics at Vectra. "The key logger was a software development or test tool that should have been removed before the code was released. Any attacker could easily monitor everything a user does on their system.”
How's he doing so far?
"In response to an executive order that leaked in February, this should still be a step in the right direction," says Vectra CEO Hitesh Sheth. "We're long overdue for a revamp of the government's existing policies, such as the archaic Continuous Diagnostics and Mitigation program, and it appears that the executive order should help to do this."
Cyberthieves loot tens of millions in bitcoin from NiceHash cryptocurrency marketplace
“If you are risk averse, transfer deposits made to your bitcoin wallet to a hard currency account with a bank,” says Matt Walmsley, Vectra EMEA director. However, he added, "Many exchanges may limit the amount you can transfer in one instance and you may not be able to empty your account, so buyers beware.”
Cloudflare patches bug that dumped data, but...
Vectra CSO Günter Ollmann commended Cloudflare for its rapid reaction to the vulnerability once they had been alerted to its existence – quickly removing the vulnerable process and effectively fixing it over the course of a few days. "Their detailed step-through of the vulnerability clearly underlines the severity of the issue."
Künstliche Intelligenz für Cybersicherheit
Die Coop-Gruppe nutzt die auf KI basierende Cognito-Plattform von Vectra zur Erkennung von Cyberbedrohungen. Mit 2.476 Filialen und mehr als 85.000 Mitarbeitern ist Coop einer der größten Einzel- und Großhändler in der Schweiz.
Fixes MIA for many Linux kernel flaws
The positive view is that the community constantly reviews Linux source code and can respond before attackers do, Chris Morales, head of security analytics tells LinuxInsider. "The negative view is that open source code is not maintained regularly and depends on an army of volunteers to keep safe. The truth is somewhere in between."
The love-hate relationship with SIEMs
To know SIEM is to love it. And hate it. It collects the logs from an enterprise infrastructure, provides context and correlates sources. The first SIEMs were a giant leap forward in the fight against cyber threats. Accent on the “were.” Today, if a SIEM is your most sophisticated cybersecurity technology, it’s like bringing a knife to a gunfight.
Automate your SOC through intelligent metadata analysis
I recently had the opportunity to chat with two experts in SOC-based metadata analysis, Hitesh Sheth and Kevin Moore from Vectra Networks. During our discussion, we focused on the question of how best to automate a SOC, and both men made it clear that three fundamental design issues must be addressed: Scale, accuracy, and richness.
Using machine learning for threat detection
The city of Peterborough, Ontario tried Darktrace and Vectra Cognito. It chose Vectra. After deploying Cognito, “We left it alone for a couple of days to learn and that was it," says Nick Powers, the city's IT security manager. “We are better positioned from incident detection and response than we were six months ago."
Künstliche Intelligenz hilft bei Hacker-Abwehr
„KI sollte dazu dienen, die Tätigkeit menschlicher Analysten zu unterstützen, damit diese ihren Job smarter und effizienter erledigen können," betont Gérard Bauer, vice-president EMEA bei Vectra. „In der Praxis bedeutet dies, die Arbeitslast zu reduzieren, damit sich die Security-Teams auf die wichtigsten Vorkommnisse konzentrieren können.“
Datendiebstahl im großen Stil bei Uber
"Die einzige Möglichkeit, Zwischenfälle wie die bei Uber zu stoppen, besteht darin, zu akzeptieren, dass sich Angreifer bereits im Netzwerk befinden und sie schnell finden, bevor sie Schaden anrichten und Daten stehlen", sagt Gerard Bauer, Vice President EMEA bei Vectra.
Sicher in der Public Cloud und Schutz im Rechenzentrum
Vectra, führend in der Automatisierung der Erkennung laufender Cyberangriffe mittels künstlicher Intelligenz (KI) und maschinellem Lernen (ML), stellt auf der diesjährigen it-sa 2017 zahlreiche Neuerungen vor.
Report on the Protection of the Constitution analysis cyber attacks
The new “Report on the Protection of the Constitution” highlights the diversity and increase of politically motivated cyber attacks on German organizations. The most devastating attacks are targeted and in which the criminals have to find only one loophole to get into the network, where they are undisturbed and can do a lot of harm.
Ransomware-Attacke „Petya“ alarmiert Unternehmen
Ähnliche Malware - wie WannaCry und Conficker -, die in früheren Angriffen verwendet wurden, hat sich wie ein Wurm verbreitet und wurde in den ersten Stadien der Angriffe von künstlichen Intelligenzsystemen erkannt und gestoppt, sagt Gerard Bauer, VP von EMEA bei Vectra.
Automatisierung unverzichtbar für sicheren IT-Betrieb
Automation in IT is skeptically assessed in many IT departments, according to a recent study by Techconsult. Numerous employees are concerned about the reduction of jobs when standard processes are automated. Vectra Networks is strongly opposed to this thesis. The IT security company, which specializes in machine learning and artificial intelligence, sees automation as much more than an indispensable element in an economical and secure IT operation.
Cyberkriminelle lernen voneinander: Unternehmen noch nicht!
Der gegenwärtige Angriff scheint eine Variante von Petya zu sein - auch bekannt als Goldeneye - kombiniert die Eigenschaften von Petya und WannaCry: Missbrauch einer Windows-Anfälligkeit im Zusammenhang mit einer wurmähnlichen Ausbreitung, sagt Gerard Bauer, VP von EMEA bei Vectra.
EU-Parlamentarier fordern Ende-zu-Ende-Verschlüsselung aller Kommunikation
"Wie Google und Mozilla bestätigen, sind heute mehr als 50 Prozent der Online-Kommunikation verschlüsselt", sagt Gérard Bauer, Vizepräsident von EMEA bei Vectra. "Diese Entwicklung wird sich noch weiter fortsetzen, zumal Anbieter von Video-Streaming zunehmend auf Verschlüsselung angewiesen sind."
Wannacry attackes still lingering
Many enterprise organizations are currently evaluating the Vectra Cognito platform, and over the past weeks, several customers detected WannaCry attacker behaviors. Just because the headlines stopped, doesn’t mean that the attack did.
Autonomous detection of cyber threats
Vectra, a provider of automated detection of ongoing cyber attacks, has received five new patents in the United States for advanced analysis of IT security automated by artificial intelligence (AI).
Sicherheitslücken durch SSL/TLS-Entschlüsselung
Vectra Networks highlights the risks of SSL / TLS decryption and deep packet inspection by conventional IT security solutions. Thus, US-Cert (U.S. Computer Emergency Readiness Team) has issued a warning that the current method of intercepting HTTPS (HTTPS Interception) weakens the security of the transport layer (TLS).
Security automation isn’t AI security
What is confusing security technology buyers is the inclusion of AI buzzwords around products and services that are merely delivering automation. The automation of security event handling doesn’t require AI – at least not the kind or level of AI that will cause a global economic and employment transformation.
How humans blended with AI can better defend
"AI automates repetitive tasks at massive scale and makes human security analysts better in the same way financial analysis tools enable bankers to be better," says Chris Morales, Vectra head of security analytics. "Similarly, AI can benefit from human intelligence by learning from the conclusions humans make based on AI’s automated analysis."
A reversed approach to tackling insider threats
"For organizations to seize the day and successfully reverse the odds on an attacker, they need to look inward and instrument their networks for real-time threat visibility," Vectra CSO Günter Ollmann writes in Infosecurity magazine. "Luckily, ease of deployment has come along in leaps and bounds in recent years. It’s much easier than people think."
Unicredit Reveals Double Breaches Affecting 400,000 Users
In response to news that around 400,000 Italian bank accounts have been accessed in one of Europe’s largest data breaches, Matt Walmsley, EMEA director of Vectra, comments: “As the second breach in ten months, UniCredit needs to take hard look at its security posture as well as that of its supply chain. It must make efforts to learn and adapt to new and changing threats. Automating the way that cybersecurity personnel monitor and discover hidden threats is essential to protect customer information and identities.”
OneLogin reports unauthorized access, user data compromised
"It's not the first time a breach has occurred at OneLogin and if lessons are learned, it comes with a hefty cost," says Matt Walmsley, Vectra EMEA director. "The clean-up and forensic phase is expensive and time consuming. It drains resources that would be better used for detection and rapid response.”
National Cyber Security Centre opened by the Queen
“A good offensive needs to be paired with a rapid defensive position," says Matt Walmsley, Vectra EMEA director. "The onus is now on the industry to respond to central government strategy and ensure they have the training, processes and technologies in place to enable them to reduce the risks and impact of cyber attacks.”
Millions of Android apps at risk from Eavesdropper vulnerability
“The risk with third-party services is exposure through unknown system and application vulnerabilities," says Chris Morales, head of security analytics at Vectra. "Organizations should do their own security assessments of third-party services and externally monitor the activities on these services, independent of the service provider."
Effective machine learning: Know your data and where it comes from
When implementing machine learning, it’s important to fully understand your data and where it comes from, says Vectra CTO Oliver Tavakoli. Attackers can use techniques to attack and pollute your data, which can affect the algorithm’s ability to draw correct and accurate conclusions, resulting in flawed results.
Healthcare the top-targeted vertical for cybercrime
Cyber-attack rates are up by more than 200%, but not all targets are equally affected. When it comes who is in the crosshairs of cyber-criminals, healthcare feels the brunt, on average. According to the Vectra Post-Intrusion Report covering Q1 trends, healthcare had 164 threats detected per 1,000 host devices.
Savoir ce qui se passe vraiment sur SI: casse-tête du RSSI
AI propose désormais de plus en plus de fonctionnalités de sécurité, en commençant par la possibilité d'automatiser le traitement de ces volumes de données, alertes, gérables et intégrant des algorithmes d'apprentissage automatique détectant le comportement agresseur, explique Christophe Jolly, directeur France chez Vectra.
The spread of the Petya global ransomware attack
"The attacker just needs to succeed once and the attack surface is too large," says Chris Morales, head of security analytics at Vectra. "By adding worm-like spreading to PetWrap, the attacker has created a pyramid scheme that encrypts the boot record of the computer, not just the files."
Why cybercriminals like AI as much as cyberdefenders do
Penny Crosman writes about how IT teams as well as cyber attackers use artificial intelligence. Greenhill & Company’s CIO, John Shaffer discusses his use of Cognito, “What you’re really interested in is trying to figure out what the smart actors are doing. That’s where machine learning and AI come into play.”
Security Operations automatisieren und Cyber-Angriffe schneller erkennen
Um den Zeitaufwand für Sicherheitsoperationen von Tagen auf Minuten zu reduzieren, haben Vectra und Phantom ihre Zusammenarbeit angekündigt und die Vectra App für Phantom-Lösungen entwickelt.
Künstliche Intelligenz und automatisierte Angriffserkennung
Vectra Networks, a leading provider of automated detection of ongoing cyber attacks, and Demisto, Inc. specializing in security automation and orchestration work together.
Ransomware WannaCrypt: Les défenses périmétriques des entreprises ne suffisent plus
L’attaque mondiale par ransomware WannaCrypt, qui a particulièrement touché les entreprises vendredi 12 mai, a exploité une faille de sécurité Windows, pourtant patchée par l’éditeur. Dans une tribune, Christophe Jolly, Directeur France de Vectra Networks, analyse l’attaque.
Nation-state attackers shut down industrial plant with new ICS malware
"The IoT and IT/OT convergence is accelerated by the speed of business and the implementation of AI to drive decisions in ICS environments," says Chris Morales, Vectra head of security analytics. "In addition, more ICS devices are running commercial operating systems, exposing ICS systems to a wider swath of known vulnerabilities."
New infosec products of the week: September 8, 2017
“Vectra is advancing automated threat hunting with the introduction of Attack Campaigns. The Vectra Cognito platform now further automates threat hunting by exposing the relationships between threat detections on separate workloads and devices to understand the activity and scope of attack campaigns.”
AI is key to speeding up threat detection and response
Time is the most important factor in detecting network breaches and, consequently, in containing cyber incidents and mitigating the cost of a breach.
Photo gallery: Black Hat USA 2017
Photos from the Business Hall and the Arsenal at Black Hat USA 2017 at Las Vegas
Attack rates are increasing across the board
Finance and technology sectors are most resilient to cyber intrusions, new research from Vectra has found. The company released the results of its Post-Intrusion Report, based on data from nearly 200 of its enterprise customers. They looked at the prevalence of strategic phases of the attack lifecycle.
OneLogin suffers data breach, again
“Attackers often target supply chains as a point of focus – they hold valuable information about customers," says Matt Walmsley, Vectra EMEA director. "And single sign-on is like a master key, offering users easy access to multiple apps and sites. It is also a tantalizing prize for cybercriminals to steal."
Of machines and men: AI and the future of cybersecurity
"While Ghost in the Shell takes place in 2029, we will likely arrive there sooner," says Vectra CSO Günter Ollmann. AI cyber threat hunters are already patrolling organizations. The melding of AI with human intelligence is happening now. In 12 years, a body-and-mind collaboration will no longer be science fiction."
In an Evolving Threat Landscape, Healthcare IT Security Leaders Face the Growing Challenge of IoT Devices
As cyber attacks against the healthcare industry continue to evolve, IoMT devices are becoming a bigger target. Data security leaders at patient care organizations now see the vulnerability of IoMT as a top concern in large part because connected medical devices are proliferating in health care. “The trend is not slowing down,” Shrestha said, noting that in the first quarter of this year, healthcare faced more cyber attacks than any other industry vertical, citing data from Vectra Networks. “As you can see, we’re in the midst of an unprecedented barrage of cybersecurity attacks. The time to take action is now. The industry has recognized the challenge and is responding.”
Le distributeur suisse Coop choisit Vectra pour protéger son activité contre les cyber-attaques
Vectra a annoncé la signature d'un accord pluriannuel avec Coop Group, l'une des principales entreprises suisses de vente en gros et au détail, pour installer Cognito, une plateforme de détection des menaces basée sur l'intelligence artificielle.
l’intelligence artificielle est la réponse pour parer les malwares
Pour sa première participation aux Assises de la Sécurité, Vectra présentera ses solutions qui utilisent l’intelligence artificielle pour transformer la cybersécurité. Pour Christophe Jolly, Directeur France de Vectra, l’intelligence artificielle est la réponse pour parer les malwares de toutes sortes.
Vectra identifies financial sector as on track to face cyber attacks
In the new Post-Intrusion Report from Vectra, finance and technology proved most resilient. These industries have below-average detection rates, with 37 and 38 detections per 1,000 hosts, respectively. This indicates the presence of stronger policies, mature response capabilities, and better control of the attack surface.
Can AI defend our financial institutions against hackers?
Could artificial intelligence defend us against thieves and barbarians at our digital gates? Or will machine learning be one more addition to cyber criminals’ ever-growing arsenals? Vendors range from newer entrants like Deep Instinct and Vectra Networks to established industry players like Splunk.
Huge Equifax breach hits 143 million consumers
Commenting on the leak, Chris Morales, head of security analytics at Vectra, said “Enterprises have to realise they cannot address cybersecurity by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today’s advanced attackers.”
Three lessons to learn from the Uber breach
Chris Morales, head of security analytics at Vectra, notes that the challenge is that traditional security and methods for internal data centers don't have the same visibility in cloud environments. "Companies like Uber who rely on cloud infrastructure need a security strategy with processes and tools that provide visibility into cloud attacks."
Un républicain prépare une loi qui prévoit que les entreprises piratées puissent faire de même
Pour Hitesh Sheth, le PDG de l’entreprise de cybersécurité Vectra Networks, pour commencer, lorsqu’il y a réplication, se pose la question fondamentale de savoir qui cibler. Notez qu'après une attaque numérique majeure, il faut généralement des semaines pour déterminer qui en est responsable et même ces déterminations sont couvertes d'incertitude.
GDPR: Raising the bar for cybersecurity
New legislation to be introduced next year will raise the bar for cybersecurity. Matt Walmsley, EMEA director at Vectra, tells defence features writer Mark Lane that artificial intelligence will allow organizations to meet the requirements of the General Data Protection Regulation and avoid fines.
The hottest security products and the vendors who shape them
When it comes to AI and machine learning, Vectra is one to watch, according to Dark Reading. Vectra was cited by Dark Reading for its playbooks that speed-up the response to in-progress cyber attacks, integration with other security products, and several patents for AI-based threat hunting.
Comparing Private and Public Cloud Threat Vectors
As more companies are considering putting mission-critical applications and data into the public cloud, it's worth examining the differences in private versus public clouds. The lesson: don't assume that the same tools you use in your private cloud will adequately protect you in the public cloud.
Comparing private and public cloud threat vectors
Many companies moving from a private cloud to a cloud service are unaware of increased threats. It's worth examining the differences in private versus public clouds when it comes to threats that applications and data encounter. When I talk to customers about the differences, I use a metaphor of what's happening onstage versus backstage.
Death of the Tier 1 SOC analyst
Texas A&M found a way to train the next-generation SOC analysts using Vectra. Dark Reading reports that the university added AI-based Vectra to the SOC to cut the time to vet alerts, a process that often took hours to reach the action phase. AI now provides context to alerts and now it only takes 15-20 minutes to triage them.
How ready are you to stop an advanced attack?
In his latest installment in the CSO “Thinking Security” column, Vectra CTO Oliver Tavakoli explores the benefits of running red team exercises. Red team exercises enable organizations to understand how to respond when dealing with real-world advanced attacks and adapt to respond quickly to these threats.
What is a botnet? And why they aren't going away anytime soon
"Consumers have no security controls to monitor botnet activity on their personal networks," Chris Morales, head of security analytics at Vectra, tells CSO magazine. "Security teams prioritize attacks targeting their own resources rather than attacks emanating from their network to external targets.”
Who wins in a world of 100% encrypted traffic?
“Different applications and processes have unique communication patterns," Vectra CTO Oliver Tavakoli writes in CSO. "Attacker traffic often looks different from user traffic, whether it is encrypted or not. Instead of looking inside the encrypted stream, sophisticated math is used to find signals that indicate a threat.”
How AI can help you stay ahead of cybersecurity threats
DAQRI, a maker of augmented reality for the industrial workplace, uses Vectra to monitor network traffic from 1,200 devices. "When you look at traffic, you can see if someone is doing port scans, jumping from host to host or transferring large amounts of data in an unconventional way," says Minuk Kim, senior director of IT and security at DAQRI.
SOAPA is having a positive impact on cybersecurity
Mike Banic, Vectra Networks' vice president of marketing, discusses SOAPA's effect on cybersecurity, including data collection, technology integration, machine learning, and partner ecosystems.
Seven sure-fire ways to fail at data analytics
Organizations need to “clean out debris — incomplete and broken data — and massage data from different sources to make it compatible, comprehensible and as easy as possible to analyze,” says Vectra CTO Oliver Tavakoli. “Make the data as self-describing as possible so all members of the team understand the meaning of the various bits.”
Emerging Tech Hub: Vectra hunts partners for threat detection platform
Vectra is hunting for channel partners in the UK after trebling its revenue in Q3, says Matt Walmsley, head of EMEA marketing. Vectra revenue jumped 294 percent in the third quarter this year, which Walmsley said was driven by a need for enterprises to address the detection gap that allows cybercriminals to easily breach networks.
Uber data breach scandal: A shocked tech industry reacts to the cover-up
"The lesson here is don’t assume the same security tools used in a private cloud will protect you in the public cloud," says Chris Morales, head of security analytics at Vectra. "To detect malicious behavior in the public cloud, you have to know what can be attacked and understand how it would be done.”
Vectra identifies healthcare as the industry most highly targeted by cyber attacks
Healthcare is the most frequently targeted industry, with 164 threats detected per 1,000 host devices, followed by education and media, which had 145 and 123 detections per 1,000 host devices, respectively. The food and beverage industry was the least targeted industry with 17 detections per 1,000 hosts.
The robot will see you now: AI in healthcare cybersecurity
The growing danger posed by cyber criminals to UK healthcare is nothing to be sneezed at. In recent years network security in hospitals and other medical facilities has taken a hit due to an industry-wide cyber skills shortage, a persistent reliance on vulnerable legacy systems, and the proliferation of poorly secured internet-connected devices. For opportunistic hackers, hungry for patient data and opportunities to hold crucial devices and services hostage with ransomware, healthcare offers a lucrative and all-too-often easy venture.
Artificial intelligence can't replace human touch in cybersecurity
The ability of AI “to find the cyberattack-needle in the big-data-haystack outstrips the ability of programmers to manually create the code that performs this analysis,” says Vectra CTO Oliver Tavakoli. But "the question of what it all means still requires human analysis and judgment by employees of the company."
Russia Suspected in U.S. Power Plant Hacks
Hitesh Sheth President/CEO Vectra Networks Inc Discussing hackers working for a foreign government recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former U.S. officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.
Why cybercriminals like AI as much as cyberdefenders do
Penny Crosman writes about how IT teams as well as cyber attackers use artificial intelligence. Greenhill & Company’s CIO, John Shaffer discusses his use of Cognito, “What you’re really interested in is trying to figure out what the smart actors are doing. That’s where machine learning and AI come into play.”
Video: How new H-1B visa rules will negatively affect tech startups
Abuses by some companies trying to undercut qualified American workers by bringing in cheap labor has prompted tough new H-1B visa rules. However, these new rules will have negative affect on tech startups like Vectra, who must try to find and hire highly skilled cybersecurity professionals with unique and often rare qualifications.
Five characteristics of AI technologies worth investing in
"I was an investor in Vectra during my time at Intel Capital," writes Ken Elefant at Sorenson Capital. "By comparing outside network data to the log inside the enterprise, Vectra can automate the process of detecting attacks. Human workers simply could not wrap their arms around such a broad distribution of information."
Video: What is WannaCry and what you can do about it
Vectra CEO Hitesh Sheth discusses the recent WannaCry ransomware cyber attack on Fox Business News and explains how using artificial intelligence to defend against future attacks can lead to early detection and mitigation.
Video: Russian government hackers reportedly used Kaspersky software to steal NSA secrets
Vectra CEO Hitesh Sheth talks with Fox Business News about the recent theft of U.S. classified information from an NSA contractor’s computer by hackers who were reportedly working for the Russian government.
Rise of the machines: cognitive computers in cybersecurity
Oliver Tavakoli, CTO of Vectra Networks, said “Human experts have an increasingly important role to play in this process of protecting customers, in tandem with machine learning… We humans have creativity, empathy, emotion, physicality and insight that can be mixed with powerful AI combination – affording the ability to contextualize large amounts of data”
The Daily Briefing
Vectra announced it has been awarded five United States patents for its advanced cyber security analytics capabilities automated by artificial intelligence. The issued patents help security teams identify, score and correlate individual attacker behaviors.
Vectra AI in the News in 2016
Vectra extends its threat management into the data center
Vectra, which has been focusing on campus networks, is expanding its reach to the data center and the public cloud. The company is among a new wave of security companies that detect attacks in progress. Vectra's new strategies detect bad behavior because intruders in the data center don’t have the same goals as intruders in the campus network do.
AI: Revolutionizing the information security industry
Günter Ollmann, CSO at Vectra, explores how the information security industry is starved of experienced security workers and how it is proving detrimental to its advancement and exposing IT systems and Internet businesses to criminality and ransom. In the next 25 years, AI defense systems will unleash unimaginable ways to combat cyber threats.
Data integrity: The next big threat
Vectra CTO Oliver Tavakoli explains to SC Magazine that the variety, volume and velocity inherent in big data makes it difficult to ensure integrity of all of the data. To combat this challenge, Tavakoli encourages organizations to always pay attention to where the data is coming from and to encrypt the data.
Compliance doesn’t equal security but it sure does help
As more business decisions rely on big data analytics, cybercriminals have greater incentive to pollute the incoming data to alter decisions or make them predictable so they can be monetized, says Vectra CTO Oliver Tavakoli. This can cause a hedge fund to buy or sell a stock. “Criminals can make large sums of money front-running the transaction.”
Camouflaging state-sponsored malware attacks
Most organizations continue to struggle with malware-based intrusions, according to this column written by Vectra CSO Günter Ollmann. Despite the deployment of policies, user education, enforcement chokepoints, data inspection, and regular assessments of defenses, malware remains the primary method of breaching the corporate network.
On the Wire podcast: Wade Williamson
To cut through the noise and nonsense surrounding ransomware in the enterprise, Dennis Fisher, editor-in-chief at On the Wire, called Wade Williamson of Vectra Networks to discuss the ways in which organizations are detecting and dealing with ransomware on a network level and how they’re implementing and using threat intelligence feeds.
Microsoft splats bug that turns printers into drive-by exploit kits
“The problem is these are system-level drivers housed on printers, which themselves are not typically well-secured. So we have a weakly secured device that talks to nearly every Windows end-user device and is trusted to deliver a system-level driver without checks or warnings,” says Wade Williamson, Vectra director of threat analytics.
Attackers opt for discreet methods to spy inside the network
Vectra researchers found that the use of HTTP and HTTPS command-and-control attacks using hidden tunnels made a significant jump this year. HTTP and HTTPS C&C is an emerging technique that allows attackers to pass hidden messages and steal data within protocols that are generally not blocked by perimeter firewalls.
Even in the tech industry, sticky tape remains a preferred security measure
The risk isn’t limited to traditional webcams, says Vectra CSO Günter Ollmann, whose company found vulnerabilities in an inexpensive networked camera earlier this year. Internet-enabled home security cameras and networked TVs can also be hacked. So can videoconferencing tools in offices, which can be used as a gateway into other office machines.
Ancient Windows printer flaw exposes you to malware
Researchers at Vectra discovered a roughly 20-year-old flaw in Windows Print Spooler (which oversees the printing process) that lets attackers slip malware on to a PC. The spooler doesn't verify that a printer's drivers are legitimate so it's possible for attackers to install maliciously-coded drivers thorough the Internet or the printer itself.
Windows print spooler flaws lead to code execution
Networked printers have always posed an interesting attack vector, mostly for academics looking for vulnerabilities, and vandals sending garbage to the print bin. Microsoft, today, however patched a legitimate vulnerability that an attacker could abuse to attack corporate and home networks.
Inexpensive webcam turned into a backdoor
Researchers at Vectra today released a report demonstrating how a $30 D-Link webcam can be abused by attackers and turned into a medium for sending additional commands or stealing data.
Günter Ollmann on the future of ransomware, exploit kits and IoT
Günter Ollmann, CSO at Vectra networks, talks to Mike Mimoso at Black Hat about ransomware as a prototype for malware going forward, as well as the long-term future of exploit kits and whether IoT is something that can be secured sooner rather than later.
How predictive analytics discovers a data breach before it happens
We have to consider that the tools and tactics of our adversaries will evolve and change in parallel with ours, warns Oliver Tavakoli, CTO at cybersecurity firm Vectra Networks. “After several years spent trying to perfect predictive analytics, attackers will counter with feints and pattern randomization."
Pwned by your printer! Microsoft patches critical printer spooler bug
The hole was reported to Microsoft by security researchers from Vectra Networks, and it’s one of those bugs about which you can’t help thinking, “Golly gosh, that should never have happened.” Fortunately, as far as we know, Vectra was the first company to figure this one out, and disclosed it responsibly to Microsoft, which has now issued a patch.
What will the next ransomware note say?
In 2017, ransomware will be used with other techniques for blended attacks, says Vectra CSO Günter Ollmann. Despite ransomware detection improvements made in 2016, most organizations still do not have a sufficient offline backup strategy to restore files, whether the ransom is paid or the attacker provides the encryption key.
Is your webcam a backdoor?
While stories appear every day regarding the vulnerabilities of smart fridges and TVs, IoT technologies like webcams represent a far more desirable target for hackers. Vectra Threat Labs, a research arm of Vectra Networks, detailed today how consumer-grade Internet of Things products – in this case, a Wi-Fi security camera – are hackable and programmable as “permanent backdoors.”
2016 EdTech Digest award finalists and winners
Vectra Networks is recognized by EdTech Digest for its achievements in automated threat management in the security and privacy solutions category.
Kritische Windows-Lücke: Drucker können Malware einschleusen
Vectra Networks hat seine jüngsten Ergebnisse des Vectra Threat Labs veröffentlicht. Das berichtet das Online IT- und Business Magazin ZDNet. Die Experten der Forschungseinrichtung haben eine kritische Sicherheitslücke bei Microsoft Windows entdeckt, die es Hackern mithilfe von infizierten oder fingierten Druckertreibern ermöglicht, die Systemkontrolle über Computer innerhalb eines Netzwerks zu erlangen.
Phishing techniques infect political targets with Trojan malware
Moonlight group is likely to be involved in cyberespionage, warns Vectra Networks. “They put effort into crafting the emails, the websites, the documents they've created, putting a fair amount of energy into it. But beyond that the underlying tech is off the shelf," says Vectra CTO Oliver Tavakoli, emphasizing how attackers don't need sophisticated hacking skills.
Every version of Windows hit by 'critical' security flaw
Microsoft has patched a security vulnerability found in every supported version of Windows, which if exploited could allow an attacker to take over a system. Nicolas Beauchesne, a senior security researcher at Vectra Networks, was credited with finding the flaw.
Cybersecurity predictions for 2016: How are they doing?
Vectra's prediction that 2016 would see ransomware "focus more on holding enterprise assets hostage and less on individuals," is supported by a recent report that shows nearly 40% of businesses surveyed experienced a ransomware attack in the last year. Over a third lost revenue and 20% had to completely cease business operations.
Critical security update issued for Windows print spooler on Windows Vista and later
Every now and then we like to make our audience aware of important security updates to Windows machines, and today Microsoft issued a critical security bulletin about just such a thing. This bulletin covers a vulnerability in the Windows Print Spooler Components system of Windows version from Vista on that could cause some security issues.
Passcode influencers: Trump won’t improve cybersecurity
"Just as hacking, cybersecurity and email breaches have been core to the election process, they will continue to grow and affect the U.S. government," says Vectra CSO Günter Ollmann. "Hence, in Trump's presidency, the U.S. government and agencies will have their hands forced in dealing with this invasive hacking epidemic.
IT Sicherheit – Intelligente Abwehr
Traditionelle IT-Sicherheitslösungen gelangen an ihre Grenzen und können keinen ausreichenden Schutz mehr bieten. Im Zuge dieser Entwicklung setzt sich die künstliche Intelligenz (KI) als neuartiger Sicherheitsansatz immer weiter durch. Oliver Tavakoli, CTO bei Vectra berichtet in einem aktuellen Beitrag auf VDI Nachrichten, worin die Vorteile des maschinellen Lernens liegen.
Keeping zombie botnets out of your home network
Your router, home Wi-Fi, refrigerator and webcams could be part of an international army of zombie attackers. “A newly installed Wi-Fi home router is likely to be compromised within weeks if the default passwords are not changed – or within a few hours if you live in a more densely populated metropolitan area,” says Vectra CSO Günter Ollmann.
Solar panels, vacation Wi-Fi at risk for hacking
“The bad guys communicate really, really well," says Vectra CSO Günter Ollmann. "They have an entire ecosystem for sharing and monetizing techniques. Our corporate security community doesn't have those tools, but we have Black Hat and DefCon and BSides."
Microsoft rolls out a patch to fix a 20-year-old security flaw; but is it really effective?
The security flaw enabled malicious users to covertly install a hand-picked malware on computers that connect to fake printers or devices that pose as printers. Vectra Networks security experts found that the issue dwells in the Windows Print Spooler component that connects to available printers.
20-year-old Windows printer security vulnerability discovered
This bug is actually a security vulnerability that was discovered in the Windows Print Spooler software. If the printer is connected to a network, like in an office, it could potentially spread to other PCs on the same network as well, infecting all of them in the process.
Security: Protecting privacy without prying
Cybercriminals stole more than twice as many data records in 2015 than the year before. That’s why 76 percent of U.S. executives are more concerned about cyber threats this year, according to PwC. As cybersecurity becomes a top priority for business and government, there remains serious debate about whether the right to data privacy must be sacrificed to provide adequate protection.
'Moonlight' Middle East hacking group exposed
A hacking group is running a wide ranging cyber-espionage campaign against targets in the Middle East. Security firm Vectra Networks says it has identified over 200 samples of malware generated by the group over the last two years. The assaults are not technically sophisticated but nonetheless tricky in their use of social engineering tactics.
It's 2016 and Windows lets crims poison your printer drivers
Among the Microsoft messes fixed in latest round of Patch Tuesday updates is a doozy that lets remote attackers compromise Windows machines thanks to a critical security vulnerability affecting printer drivers. Vectra CSO Günter Ollmann described the exploit as a "powerful" watering hole attack that helps hackers move easily to other hosts.
Print servers menacing Windows PCs – yup, it's Patch Tuesday
A man-in-the-middle attacker on a network can execute code on a remote vulnerable machine, or elevate their privileges if already running code on a system. Essentially, a rogue printer server on a network can inject malware into connected PCs. All supported versions of Windows and Windows Server are vulnerable.
$30 webcam spun into persistent network backdoor
Vectra Networks security wonks have spun a cheap webcam into a persistent network backdoor. The junk hacking expedition led Vectra's chief security chap Gunter Ollman into the internals of the D-Link DCS 930L, a network camera that can be had for US$30.
20-year-old Windows printer flaw exposes you to malware
Vectra looked into the printer installation process in a number of different versions of Windows and found a common problem that is old enough to remember when Kanye West was just a rapper.
Yahoo to face 'serious questions' in UK
"By calling it 'state sponsored' organisations, are attempting to deflect the discussion from the types of tools used and their failed defences, and to posit that they had no chance of protecting their data because 'the government did it'," said Günter Ollmann, chief security officer at Vectra Networks.
How to handle the new U.S.-EU data regulations
The U.S.-EU Privacy Shield is seen – from a European perspective – as weak, and unable to prevent NSA surveillance of EU citizens. "The Privacy Shield is taking so long to agree due to the vast legal differences between the EU and U.S., especially when it comes to the handling of personal data," says Günter Ollmann, CSO at Vectra Networks.
IoT security tips to protect your small business
"You should keep Internet-enabled devices – like video cameras—on a separate network from the primary business network that deals with customer financial transactions, like point of sale systems, intellectual property, or any form of regulated data," said Chris Morales, head of security analytics at Vectra.
Hat Sandboxing als Hacker-Abwehr ausgedient?
Hat das Thema Sandboxing 2015 noch beachtliche Investitionen hervorgebracht, zeichnet sich für 2016 eine Trendwende ab. So setzt sich in Unternehmen zunehmend die Erkenntnis durch, dass durch entsprechend programmierte Schadsoftware diese Form der Perimeter-Abwehr immer leichter umgangen werden kann.
Druckertreiber – nützliches Tool für Hacker
Mit Malware infizierte oder fingierte Druckertreiber stellen in Microsoft Windows eine kritische Sicherheitslücke für netzwerke dar. Das berichtet Gérard Bauer, vice president EMEA bei Vectra, auf Silicon.de. Bauer gibt Einblick in die Angriffstechnik von Cyber-Kriminellen und erklärt Lösungsansätze, mit denen sich Unternehmen schützen können.
Vectra stellt Ransomware-Erkennung für Firmen vor
Der Sicherheitsanbieter Vectra hat seine X-Series genannte, zentrale Angriffserkennungsplattform um Algorithmen zur Identifizierung von Attacken mit Erpresser-Software erweitert. Die Plattform soll dadurch stattfindende Ransomware-Angriffe auf ein Unternehmen unmittelbar erfassen und verhindern können, dass Daten von einem oder mehreren Computern aus dem Firmennetzwerk verschlüsselt sowie der Zugriff darauf – im günstigsten Fall – nur nach Zahlung eines Lösegeldes an den Hacker erfolgen kann.
Middle Easterners targeted in 'Moonlight' espionage campaign
Researchers at Vectra Networks have been monitoring the group for the past two years and determined that its operations focus on Middle Eastern political issues. The threat actor has been dubbed “Moonlight” based on the name of a command-and-control (C&C) domain used in the attacks.
The rapid evolution of ransomware in the enterprise
While early versions of ransomware targeted individuals, the approach is now rapidly evolving and has been successfully adapted to target enterprises. This has literally raised the stakes, prompting considerable changes to current best practices in order to protect enterprise data from ransomware.
The practical side of data science to security
Today, data science and machine learning are essential everyday tools that can help you keep pace with faster and more automated threats. As their individual techniques continue to evolve at a rapid clip, it’s important as security professionals to understand how we can use these technologies in everyday practice.
Microsoft patches 20-year-old critical printer vulnerability
Security researchers at the Vectra Threat Labs recently discovered two security issues affecting the Windows Print Spooler components and say that they allow an attacker to compromise systems via the printer itself. These are a remote code execution flaw and an elevation of privilege vulnerability, both of which were patched by Microsoft.
Lateral movement: When cyber attacks go sideways
The lateral movement phase of a cyber attack will continue to be of strategic importance to the overall success of cybercriminals, writes Wade Williamson, director of threat analytics at Vectra. And as these attackers get better at patient, low-and-slow intrusions, their lateral movement skills will evolve and improve over time.
July 2016: A perfect vulnerability storm
July was the busiest month in recent memory for vulnerabilities, says Wade Williamson, Vectra director of threat analytics. The vulns were copious and severe, and all the big vendors seemed to suffer. And while every organization strives to keep their technology patched and updated, months like this remind us that it is impossible to be perfect.
IoT devices easily hacked to be backdoors
Many consumer-grade Internet of Things (IoT) products, such as Wi-Fi security web cameras, include security flaws that allow attackers to reprogram them and use them as persistent backdoors, Vectra Networks warns.
The intruder's kill chain – Detecting a subtle presence
Vectra's recently released Post-Intrusion Report offers good news and bad news for security teams. The good news shows that more companies are successfully detecting intrusions before attackers manage to exfiltrate data. The bad news is that intruders are developing new and more professional ways of hiding their presence.
Hunting the snark with machine learning, artificial intelligence and cognitive computing
Vectra CSO Günter Ollmann explains that the unsupervised learning element comes from first baselining the network’s usual behavior. The system then monitors for any abnormal behavior on the network. It can be aided, he added, with "hints," or manually labeled events – but basically it works on its own.
Going deeper on behavioral detection
"Behavior-based detection models see things that simple signatures miss, and provide more clarity than only looking at anomalies," writes Wade Williamson, director of threat analytics at Vectra. "These are complimentary approaches that need to work with one another in context. This gives us multiple perspectives to detect threats."
Firmware, controllers and BIOS: Subterranean malware blues
With all the effort expended on securing virtualized environments, one of the biggest vulnerabilities is in hardware, says Wade Williamson, Vectra director of threat analytics. This is true not just in the data center, but in our laptops. The underlying firmware, controllers, and BIOS can undercut what we think we know about a device.
Don't become a cybersecurity data pack rat
When it comes to finding active attacks, too much data can overwhelm staff to the point that threats get lost in the noise, writes Wade Williamson, director of threat analytics at Vectra. Without a clear notion of how to use the data, a big-data security analytics project can pile up to the point that it becomes unusable and paralyzes the organization.
Distinguishing threat intelligence from threat data
Intelligence should make you better prepared to evaluate and solve new problems that you haven’t encountered before. Data, on the other hand, is akin to being given the answers to a test. If the questions on the test are changed, then you are going to be in serious trouble.
Charting a middle path on the encryption debate
The debate on encryption is replaying across the spectrum of information security. The issue is that while everyone wants their own data to remain private, things get a bit murky when bad guys start using encryption to hide their actions.
Bringing cybersecurity to the data center
We need to recognize the uniqueness of the data center and the threats they face, while recognizing that this uniqueness does not make them separate. Look for the attack techniques that are unique to the data center, while retaining the context of everything we've learned in the campus. This requires some planning, but is achievable.
Beyond the hype of data science
Security vendors old and new are touting the powers of data science to solve security problems. To keep our collective heads above water, it is important to understand the realities behind these technologies so we can separate the truth from the hype and make well-informed security decisions.
The risk and rise of ransomware
Ransomware is popular because the malware can be monetised anonymously and quickly. "Through the use of bitcoin payment systems," explains Günter Ollmann, CSO at Vectra Networks, "the criminal can force the victim to pay the ransom in a monetary unit that facilitates complete anonymity and can be trivially converted to cash."
NSA spy details how to tap into webcam on Mac without user noticing
"If these gadgets are not regularly updated to address vulnerabilities, then they are left open to exploitation," says Vectra EMEA Director Matt Walmsley. "There's now a lot of pressure on the manufacturers to raise their game and support the embedded software side of things as long and as vigorously as, say, a PC operating system vendor does.”
Hackers shift to Neutrino exploit kit to spread CryptXXX ransomware
Vectra CSO Günter Ollmann tells SC Magazine that the exploit kit change is likely driven by infection performance – which supports the idea that additional AV products would be less capable of detecting the threat. “Anti-malware technologies that use static signatures will likely be slow to react to the change of threat vector and distribution.”
Hack turns cheap D-Link webcam into a network backdoor
Vectra describes how its threat labs researchers bought the consumer-grade Wi-Fi webcam for U.S. $30 (£20), and cracked open its Linux kernel to create a persistent access point into a network. This meant criminals could use the camera to control remote attacks and siphon out stolen corporate data.
AI in cyber-security: Are we trying to run before we can crawl?
Vectra CTO Oliver Tavakoli said it best: “We need to use machine learning where it makes sense – when we analyze advanced of attacks, correlate behavior and conduct data reduction. When we call it AI, we're constructing a narrative that is often used by marketing to build buzz. The term is one of pop culture rather than an actual scientific term.”
Comcast XFINITY flaw sounds Internet-of-Things security alarm
What can and should be done to improve IoT security? Achim Kraus, EMEA technical leader at Vectra, is clear on the answer. While stopping every unknown exploit against a non-PC device is impossible, devices on the growing IoT map pose a potential IT security threat.
By the numbers: Just how important is transparency to security posture?
Symantec's new report includes interesting numbers on how many companies fail to report breaches. Not so fast, says Vectra CSO Günter Ollmann, who told SC that there is "no easy answer to the debate over breach disclosure" because there is no accepted definition of what qualifies as a breach. And since many companies can't identify threat activity, "if you can't observe it, how can you prove you were breached?"
Are our data centres insecure?
A challenge facing virtualised data centres is securing the physical infrastructure on which the virtual or shared service sits. The point of attack is the area outside of the hypervisor and virtual machines, utilising support and management protocols such as IPMI. It is the physical infrastructure – the servers, switches and firewalls – that is being targeted.
Review: A 'complete and focused package that is well worth the price'
This is about as simple for the operator as it gets. For a very focused tool, this one excels at what it does and is quite good at peripheral tasks associated with its main mission. There are lots of resources on its website in the form of white papers, a Vectra boot camp and others. The Vectra Threat Labs turn out some of the more useful and interesting research we've seen. Overall, this is a rather complete and quite focused package that is well worth the price.
Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals
Following a data breach at HEI Hotels & Resorts, Vectra CSO Günter Ollmann explains why the hospitality industry continues to serve as a target of attack. Because the hospitality industry “depends heavily on transient and temporary staff, they are more prone to physical subversion of their systems.”
Microsoft's Patch Tuesday updates led by rare print spooler bug
This bulletin contains CVE-2016-3238 and CVE-2016-3239, which if exploited could allow an attacker to execute a man-in-the-middle attack on a workstation or print server allowing remote code execution.
Industry pros consider widespread affects of Windows printer flaw
Discovered by researchers at Vectra, the flaw allows any printer or device that mimics a printer to install malware on computers on a local area network. The print spooler does not authenticate printer drivers, allowing attackers to infect multiple computers on the network and continue to infect other devices as they discover the driver.
Debate: Closing the security gap is a people problem.
"For 30 years, we've tried to train users to employ longer and more complex passwords," said Vectra CSO Günter Ollmann. "Yet they consistently trip over their own feet with something as simple as an eight-character alphanumeric string. With three decades of failure under our belts, why haven't we learned that goldfish can't climb trees?"
D-Link flaw affects 400,000 devices
A web camera's code vulnerability discovered by Senrio researchers was reused across the manufacturer's product lines, affecting more than 120 products and 400,000 individual devices. In January, Vectra Networks hacked D-Link's consumer-grade Wi-Fi webcam and used the web camera to create a persistent access point into corporate networks.
Microsoft fixes decades-old printer bug in Windows
The primary problem is that an attacker could compromise a printer – a not-so-secure device, Vectra notes – which then allows the printer to distribute malware disguised as system-level printer drivers. Attackers then gain access to the infected system to spread malware to anyone else foolish enough to try connecting to the printer.
Twelve paytech trends for 2016
As 2016 blasts into gear, cybersecurity expert Gerard Bauer, VP EMEA at Vectra Networks, chimes in on the big paytech trends for 2016, including increasing cyber attacks on mobile devices.
Apple letter on iPhone security draws muted tech industry response
Gunter Ollmann, chief security officer at Vectra Networks, argued that the government’s demand that Apple help unlock the San Bernardino shooter’s iPhone was in line with similar one-time requests and that Apple was creating an unnecessarily high-stakes battle by framing the unlocking as creating a universal back door.
Microsoft issues new Windows 10 preview build, patches critical flaws
Described as a "watering hole" attack, the 20-year-old printer vulnerability was identified and analyzed by security researcher Nick Beauchesne. Noting that Microsoft worked with the cybersecurity firm Vectra Networks to investigate the vulnerability, Beauchesne posted an analysis of his findings on Vectra's website.
Hackers may go holiday shopping online, too
Employees who reuse credentials or shop from their work computers are at risk, says Chris Morales, head of security analytics at Vectra. Fake Best Buy or Amazon promotional emails could be a phishing attack infecting computers with ransomware or exploits to initiate a targeted cyber attack, while everyone is supposed to be enjoying holiday cheer.
Eleven tips for spotting insider threats
“Insider threats can include a combination of malicious insiders, compromised insiders, and careless insiders,” says Wade Williamson, director of product marketing at Vectra Networks. “You will need clear visibility for identifying all of these threats, but they will differ in behavior and how security will be able to detect them.”
Vectra Networks discovers vulnerabilities in Wi-Fi security webcams
Vectra Networks’s research arm Vectra Threat Labs has verified that consumer-grade Internet of Things (IoT) products, such as Wi-Fi security web cameras, can be hacked and reprogrammed to serve as permanent backdoors, enabling potential attackers to remotely command and control a cyber attack without being detected by traditional security products.
Industry views: Should Apple unlock iPhones for the security services?
Günter Ollmann, chief security officer at Vectra Networks, warns, “Since Apple has attempted to deny the FBI request citing use of backdoors, should they lose this legal argument, the repercussions could be extensive to the entire security industry."
Vectra Networks rolls out global partner programme
Threat management player deems the time to be right to launch a global programme and deepen relationships with channel partners. Matt Walmsley, EMEA director at Vectra, commented, “The profile of partners we are working with are related to our security and networking with skills helping customers tackle the cyber security skills gap."
Was gegen Cyberattacken hilft
In vielen modernen Industrieunternehmen bilden digitale Netzwerke längst das Rückgrat der Maschine-zu-Maschine-Kommunikation. Dies wissen jedoch auch Hacker. Wie Unternehmen im Zeitalter der Industrie 4.0. ihre sensiblen Daten mit Hilfe von Data Science und maschinellem Lernen vor Hacker-Angriffen schützen können.
Microsoft patches remote flaw dating back to Win 95
Among the critical flaws, the most severe was one which affects all versions of Windows back to Windows 95 and involves the way that client devices interact with network printers. Theoretically, an attacker could use this hole to execute code at system level either over a local network or the Internet.
Gesucht: Die Nadel im Heuhaufen der IT-Security (Wanted: The needle in the haystack of IT security)
Verhaltensanalysen sowie ein mehrschichtiger Sicherheitsansatz unterstützen Unternehmen, Cyberattacken schneller und zielgenauer aufzudecken. Gastbeitrag von Gérard Bauer. (Behavioral analysis and a multilayered security approach help companies uncover cyber attacks faster and more accurately. Guest article by Gérard Bauer.)
US-Wahl 2016 und der Umgang mit Big Data
Große Daten-und Datenwissenschaften können verschiedene Arten von Prognosen zu erstellen. Das Brexit-Referendum und die US-Wahlen von 2016 führten zu zwei Ergebnissen, die sich stark von den vorhergesagten Ergebnissen unterschieden. David Pegna, Leiter der Data Science bei Vectra, erklärt, was Cyber-Sicherheit aus den großen Datenfehlern lernen kann.
Der Kanarienvogel in der Ransomware-Mine
Da es Firmen immer öfter an personellen und finanziellen Ressourcen fehlt, stellt sich die Frage, mit welchen Methoden die Daten-Verschlüsselung durch Ransomware-Angriffe kosteneffizient und zuverlässig verhindert werden kann. Vectra CSO Günter Ollmann erklärt in einem ausführlichen Beitrag auf IT-Sicherheit.de, was es mit dem Prinzip des Kanarienvogels auf sich hat und wie IT Security Teams damit auf einfache Weise Ransomware erkennen und abwehren können.
Encrypt everthing. Don't let security be the reason you don't (and attackers do)
Chris Morales, head of security analytics at Vectra, says encrypted network traffic is having an impact on security that relies on deep packet inspection, whose efficacy degrades as more traffic is encrypted. Even worse, traditional security responses to handling encrypted traffic will suffer due to certificate and public key pinning built into applications.
Evaluating AI-powered threat detection technologies
Unlike signature-based detection systems, today’s AI-powered security technologies are rarely suited to a plug-it-in-and-watch-it-light-up evaluation strategy. They often include a mix of supervised and unsupervised machine learning, automated threat hunting, trained classifiers, and focus on reducing erroneous and unactionable alerts.
Election 2016: The bungling of big data
The accuracy of polling results failed miserably in the 2016 election. From a data science perspective, what are the lessons learned from the big data polling blunders in election predictions? The lesson is all about using the right data for the problem at hand, and not about questioning if the data is right. The same applies for cybersecurity.
Exploiting the firewall beachhead: A history of backdoors into critical infrastructure
Firewalls have rarely been a hindrance to breaching a network and siphoning data, according to IT Security Guru. Vectra CSO Günter Ollmann explores the history of the firewall over the last three decades and how vulnerable it is to targeted and persistent attacks by sophisticated adversaries, particularly through the use of backdoors.
Yahoo hack – industry reactions
Matt Walmsley, EMEA director at Vectra, comments on the Yahoo hack: “It’s concerning how many organisations are unaware of huge data breaches taking place in their networks. Research shows that about two out of 10 data breaches are detected internally – leaving around 80% to be detected by external discovery and third-party agencies.”
Time to update how we manage and address malware infections
As advances in network-based detection increase the fidelity and coverage of malware and threats, the possibility of specific attribution will continue to recede, says Mike Banic, vice president of marketing at Vectra. The malware ecosystem continues to evolve swiftly, and security researchers and professionals need to adapt accordingly.
Ancient Windows printer flaw exposes you to malware
Researchers at Vectra Networks have discovered a roughly 20-year-old flaw in Windows Print Spooler (which oversees the printing process) that lets attackers slip malware on to a PC. As the spooler doesn’t verify that a printer’s drivers are legitimate when you plug the hardware in, it’s possible for attackers to install maliciously-coded drivers thorough either the internet or the printer itself.
Canary in the ransomware mine
"I’m often asked how organisations can stop ransomware from shutting down their business in the cheapest and most robust way?" Günter Ollmann, CSO of Vectra Networks tells IT Security Guru. "The quickest no-frills way of mitigating the network encryption piece of ransomware is actually pretty simple and follows the canary-in-a-coal-mine principle.”
Dezente Methoden für Netzwerk-Spionage
Hackerangriffe werden immer unauffälliger. Das ist ein Ergebnis des aktuellen Post Intrusion Reports von Vectra Networks. Die Studie befasst sich mit realen Praxisfälle, in denen Hacker die vorhandene Perimeter-Abwehr umgangen haben, und analysiert die Aktivität von Cyberkriminellen, nachdem diese ins Netzwerk eingedrungen sind.
Vectra Networks bietet neu globales Channel-Programm
Die Partner von Vectra Networks können neu von einem globalen Channel-Programm des Unternehmens profitieren. Dieses bietet ihnen mitunter Zugang zum Partner Portal von Vectra Networks sowie Zusatzleistungen wie Trainings und gemeinsame Marketingaktionen. [Partners of Vectra Networks can take advantage of the company's new global channel program. This provides access to the partner portal and additional services, such as training and joint marketing campaigns.]
A drop in the ocean: Industry pros react to TalkTalk data breach fine
“Autonomous, behaviour-based threat monitoring can prevent a repeat of the same type of attack for any company, without requiring a major capital investment in more IT security staff,” Vectra CSO Günter Ollmann tells ITProPortal. "This new type of security approach allows known and unknown malware and attack vectors to be spotted.
Hackers can take over your PC through your printer
“This research underscores the many possibilities that IoT devices, like printers, present to attackers,” said Vectra CSO Günter Ollmann. “Such devices are rarely assessed for security flaws, backdoors, or as watering hole threats, and represent a growing blind spot for both corporate and home networks.”
DPI goes blind as encryption adoption increases
As the encryption of North-South corporate network traffic reaches levels of 60 per cent or more in most environments, organisations are finding themselves in the uncomfortable position of having to plan for the abandonment of the DPI-based perimeter defences they’ve depended upon for a decade and a half.
Cyber attackers are getting quieter once they’re inside the network
"No matter how much money you spend on prevention, perfection is not attainable," writes Wade Williamson, director of threat analytics at Vectra. "The good news is that even though attackers will almost always find a way in, security teams are able to find and stop those intrusions before data is compromised."
What the ‘Snooper’s Charter’ could mean for encryption
Last month, a U.S. magistrate ordered Apple to help the FBI hack into an iPhone used by the alleged gunman in the San Bernardino, Calif. mass shooting. This set off a legal fight whose outcome will impact digital privacy worldwide. In the UK, the legal battle over encryption raises questions about the proposed Snooper’s Charter. But is it all a little too late?
Vectra AI in the News in 2015
Researchers: VPN service Hola big security risk (Dutch)
The free VPN service Hola can be used for DDoS attacks, and malware communicated over the network. In addition, the software is such a big security risk that users should uninstall it immediately, say researchers at security company Vectra.
Cyber defenders 'boot camp' prepares students for mission-critical roles in wake of OPM breach
Against the backdrop of the U.S. Office of Personnel Management breach, the 2015 edition of the Laboratory’s Cyber Defenders internship offers an especially compelling introduction to cybersecurity for students who may soon serve on the front lines of cyberdefense.
Video: Are the economic consequences of cyber attacks severe enough?
Hitesh Sheth, president and CEO of Vectra Networks, says advanced economies now have cyber as part of their arsenal, and economic impacts are key during breaches.
Video: Vectra CEO comments on upcoming White House summit on cybersecurity
The White House Summit on Cybersecurity and Consumer Protection will be held at Stanford University on Friday, Feb. 13. Hitesh Sheth, president and CEO of Vectra Networks, will be attending the summit to talk shop.
Microsoft patches Hacking Team Windows kernel zero-day
The Internet Explorer bulletin, MS15-065, patches 29 vulnerabilities in the browser, including a Jscript9 memory corruption bug.
Audio: Obama convenes Stanford summit on 'evil layer cake' of cyberthreats
The Internet has become a rough neighborhood. The bad guys are hacking into computer systems as often as they can. The risk of getting hacked and what to do about it was why President Obama came to Stanford University to convene a White House summit on cybersecurity.
Hackers are using increasingly sophisticated methods to plunder assets, gain attention, and line their pockets – all while wreaking possible havoc on your organization. Cybersecurity experts give an overview of some of the biggest threats currently on the cyberscape.
Network-based threat detection: Overcoming the limitations of prevention
Organizations continue to invest heavily to block advanced attacks, on both endpoints and networks. Despite all this investment devices continue to be compromised in increasing numbers, and high-profile breaches continue unabated. Something isn’t adding up.
Report finds hackers delving deep into compromised networks
A report studying compromised networks from the firm Vectra finds a big jump in “lateral movement,” as hackers delve deeper into hacked organizations.
Another Hacking Team zero-day surfaces, this time in Internet Explorer
According to security researchers at Vectra Networks, this latest vulnerability in Internet Explorer was patched in amongst Microsoft's latest Update Tuesday fixes, which came out on 14 July 2015.
A look at real risks to school networks, with a level-headed security approach
Unlike vendors that attempt to make every piece of malware sound like the end of the world, it is important to show IT security teams which threats actually pose the greatest risks to the university.
EdTech Digest awards program 2015
In keeping with the mission of EdTech Digest, we are proud to share these cool tools, bold leaders and innovative trendsetters that we hope will inspire learners and leaders everywhere.
Data science, machine learning and behavioral analysis help identify new security threats
Automated network threat detection tools that use data science, machine learning and behavioral analysis work with perimeter security to help organizations meet security goals defined in the CIS Critical Security Controls recommendations and protect against attackers, according to a new report from the SANS Institute.
Hola VPN still riddled with security holes, researchers claim
The controversial VPN network has allegedly already been tapped for criminal means – and security problems have by no means been resolved.
VTech Holdings: Data from 5 million customer accounts breached
VTech, maker of electronic toys for kids, said that 5 million of its customer accounts were leaked in a data breach that accessed user names, birthdays and passwords but not their credit card or personally identifiable information. Company officials noted that the breach was mounted by an "unauthorized party."
TalkTalk receives ransom demand following website hack
TalkTalk Telecom Group PLC said Friday it has received a ransom demand from someone claiming responsibility for a criminal hack of its website that could have resulted in the theft of data from its database.
Microsoft kills two security bugs
Vectra Networks discovered a security flaw in the latest version of Internet Explorer 11 on Windows 7 and Windows 8.1 devices through monitoring an online conversation between a security researcher and malware developer Hacker Team regarding the sale of information relating to the flaw.
Targeted attacks on the rise; companies must be on the defensive
Vectra Networks has announced the results of its second edition Post-Intrusion Report, which details threats to evade perimeter defenses and what attackers do once they get in a network.
Hacking Team leak reveals zero-day Internet Explorer 11 bug
Security company Vectra Networks has detected a zero-day vulnerability affecting Microsoft's Internet Explorer (IE) 11, after scanning through the huge cache of data logs leaked from Hacking Team.
Detecting and preventing cyberattacks in your network
Despite being vulnerable to cyberattacks, many universities still have insufficient threat management defenses. Attackers can easily evade perimeter security defenses and spy, spread and steal for the better part of a year, undetected. In the process, they'll take vital research data, personal info and financial records from campus community members.
How one university addresses targeted attacks in progress
Hernan Londono, associate CIO at Barry University in Miami, talks about embracing campus mobility and BYOD, and explains why a strong Advanced Persistent Threat (APT) defense is vital to protecting the university's network from mobile devices that it doesn't own or manage.
Vectra is among 16 technology innovators at SINET
The capstone event of SINET is its yearly innovation showcase in Washington, D.C., the last of which was held Nov. 3-4. The showcase brought together innovative solutions from 16 firms, including Vectra, selected by a collective of seasoned judges.
Video: Top Vectra executive talks about cyber security with TMCnet editors
Vice president of marketing Mike Banic shares the company's latest developments and discusses its recent advancements in the real-time detection of in-progress cyber attacks that spread inside networks.
Breaking news from DARPA
The Christian Science Monitor's new Passcode cyber news service concluded its launch yesterday with a conference devoted to "the future of cybersecurity innovation." Co-sponsored by Invincea and Vectra, the session focused on DARPA's Plan X as an instance of what such innovation might look like.
Vectra Networks expands in DACH region
Vectra has entered the European market, starting in the DACH region with headquarters in Zurich. The company specialising in detecting cyber attacks is first focusing its expansion on building partner networks in different countries; LC Systems is the first partner in Switzerland. In Germany, Vectra will work with Telonic, IT-Cube and Indevis.
Report shows surge in indicators of cyber attackers
Vectra Networks is out with the second edition of the company’s Post-Intrusion Report, a real-world study about threats that evade perimeter defenses and what attackers do once they get inside your network. It is both illuminating and disturbing.
Vectra protects distributed enterprise blind spots from persistent cyber attacks
Vectra Networks, an innovator in solutions that enable IT to detect cyber attacks in real-time while they are in progress, has announced new capabilities that can provide the good guys the expanded visibility they desire and the bad guys something to think about.
Why does it take so long to spot active data breaches?
The U.S. Department of Homeland Security acknowledged earlier this month that data from the Office of Personnel Management and the Interior Department was compromised by hackers, potentially affecting millions of federal employees.
Cybersecurity should be everyone’s concern
Hitesh Sheth, CEO of Vectra Networks, offers a few truths about cybersecurity to the nontech business leadership.
Why ransomware is not going away any time soon
Ransomware is targeting enterprise networks with a vengeance. In addition to user hard drives, it's been increasingly successful at encrypting file-shares and network drives. Consequently, ransomware has evolved from a mere nuisance to a potentially debilitating attack that holds critical business assets and intellectual property hostage.
Recently patched Internet Explorer flaw added to Angler exploit kit
The Jscript9 memory corruption vulnerability (CVE-2015-2419) affecting Internet Explorer 11 was identified by Vectra Threat Labs while analyzing files leaked as a result of the data breach at Italian surveillance software maker Hacking Team. The flaw was identified from an email in which someone offered to sell the exploit to the Hacking Team.
Microsoft patches Hacking Team zero-days, other vulnerabilities
Microsoft has released 14 bulletins as part of its July 2015 security updates. One of the zero-day vulnerabilities is a Jscript9 memory corruption vulnerability (CVE-2015-2419) identified by researchers at Vectra. The flaw affects Internet Explorer 11 and it can be exploited to gain complete control of a vulnerable system.
From malware atoms to cybersecurity chemistry
As cyber attackers have evolved, they have become more patient, long-term and strategically focused on the key assets deep within a network. Instead of a smash-and-grab robbery performed at the time of infection, attackers have adopted a slow-and-steady approach to take full advantage of the access they gain after a successful infection.
Herding unicorns: Managing the asymmetric struggle of IT security
IT security is renowned for being in a state of constant evolution. New threats and attack strategies pop up constantly, and security vendors offer up shiny new products designed to keep the attackers at bay.
Getting proactive against insider threats
In light of the seemingly endless parade of high-profile breaches, it’s easy to focus on external threats, while losing sight of insider threats. The Information Security Community on LinkedIn recently completed a far-reaching survey of its members on the topic of insider threats, and the results are illuminating.
Feedback Friday: Industry reactions to Duqu 2.0 attacks
The existence of a new version of the notorious Duqu worm has come to light this week. This highly sophisticated piece of malware has been used by threat actors in targeted attacks aimed at several major organizations, including Russia-based security firm Kaspersky Lab.
Data breaches by the numbers
Data breaches are constantly in the news whether in the form of sensational attacks against the likes of Ashley Madison or potentially more serious and far-reaching attacks such as those against health insurer Anthem or the U.S. Office of Personnel Management.
Banking malware redefined
For several years now, cybercrime in the financial sector was synonymous with banking botnets such as Zeus and Carberp. By and large, these malware families and their many descendants worked by infecting banking customer’s computers and either stealing passwords or manipulating online banking sessions to steal funds.
Adobe patches many flaws in Flash Player, Acrobat, Reader
Updates released on Tuesday by Adobe for Flash Player, Reader and Acrobat address a significant number of vulnerabilities that expose the users of these products to hacker attacks. The work of experts from Vectra Networks has been acknowledged in finding and reporting vulnerabilities.
Vectra Networks comments on Dridex malware threat
The National Crime Agency has issued a warning that a new version of the Dridex malware is targeting the UK, with £20 million having already been purported stolen by this attack.
Algorithms are the key to detecting and mitigating cyber attacks
Gerard Bauer, vice president of EMEA sales at Vectra, shares his security predictions for 2016.
Addressing cybersecurity and the insider threat
In the wake of massive data breaches at the U.S. Office of Personnel Management, health insurer Anthem and retailer Target, an enterprise’s initial reaction might be to tighten the security around networks and data. However, you may be forgetting one critical component: The insider threat.
Nothing's sacred: VTech hackers stole kids photos and chat histories
VTech hackers purportedly made off with millions of pieces of customer information and have now been revealed to have stolen photos and private chat histories, too. VTech sold an app called Kid Connect that lets parents use their smartphones to talk to their kids through their VTech devices.
EC3 in cooperative action to target Dridex banking malware
EC3, NCA, FBI and a range of other bodies have targeted the Dridex banking malware, including using a sinkhole operation to sever communications between infected botnets and their controlling cyber-criminals.
Rethink your cybersecurity strategy
Security breaches are inevitable, and it's not the fault of the quality of your perimeter defense tools or your IT security staff. The problem is your fundamental approach. Here are four reasons to rethink a perimeter-focused approach to cybersecurity...
Targeted attacks rise, cyber attackers spreading through networks, report says
Lateral movement and reconnaissance detections observed in a Vectra Networks Post-Intrusion Report, released Tuesday, show a sharp upturn in targeted attacks that have penetrated the perimeter.
Closing the gate: Data leak prevention
“Outbound traffic is the key enabler of modern attacks – it links internal malware to the outside attacker, allowing a near infinite ability for the attack to adapt and spread over time,” notes Wade Williamson, director of product marketing at Vectra Networks, a San Jose-based vendor of cyber attack detection technology.
Taking stock: Ranking the next bllion-dollar cybersecurity markets
Venky Ganesan, managing director at Menlo Ventures, writes, “I believe there will be significant winners…notably those that reduce false positives and prioritize workflows for better incident response and remediation. Among the early leaders are companies such as Exabeam, LightCyber, Securonix and Vectra Networks."
Cybersecurity students learn by hacking at RIT Collegiate Pentesting Competition
Rochester Institute of Technology is already planning its second Collegiate Pentesting Competition after the success of its first annual event held Nov. 7–8 in Rochester, N.Y. Teams from nine regional universities faced-off at RIT as they broke into computer networks, evaluated their weak points and presented plans to better secure them.
Vectra sponsors collegiate competition to battle cyber threats
A new competition at Rochester Institute of Technology allows students to attack the problem of cyber security from a different perspective. Instead of defending themselves against attackers, as other cyber threat competitions do, these students create a full-fledged plan of attack and launch it against a network.
Hola browser extension should be uninstalled, researchers say
Vectra studied Hola and concluded it “contains a variety of features that make it an ideal platform for executing targeted cyber attacks.” The communication protocol used by Hola, for example, has been found in five malware samples on VirusTotal, Vectra wrote.
Video: Tavis Smiley and Vectra CTO discuss recent cyber attacks
Oliver Tavakoli sheds light on how the public can keep information safe in today’s Internet-driven world.
Vectra Networks ships a new sensor for its attack-detection gear
Vectra Networks is rolling out a new appliance that gives its attack-detection gear better visibility into potentially malicious activity on corporate networks.
Vectra correlates odd bits of user behavior that signal an attack in progress
By correlating seemingly odd bits of user activity that individually might be ignored, Vectra formulates a threat-certainty score that prioritizes events and, ideally, triggers alerts to security operations people before any communications leaves the company.
Report: Insider threats are rising but IT security budgets are not
While insider threats are rising, IT security budgets are not, according to the Insider Threat Spotlight Report released by Vectra Networks. Of those surveyed, 68 percent feel vulnerable to insider threats and less than half feel they have sufficient control over insider threats.
High-severity Internet Explorer 11 vulnerability identified after Hacking Team breach
After analyzing the leaked data from last week's attack on Hacking Team, Vectra researchers discovered a previously unknown high severity vulnerability in Internet Explorer 11, which impacts a fully patched IE 11 web browser on both Windows 7 and Windows 8.1.
Stagnant budgets and rising insider security threats
A Vectra Networks survey of more than 500 cybersecurity professionals in the Information Security Community on LinkedIn reveals that insider threats are rising, but IT security budgets are not. Of those surveyed, 68 percent feel vulnerable to insider threats and less than half feel they have sufficient control over insider threats.
Innovation Sandbox finalists named at RSA Conference
Vectra is a finalist in the annual RSA Innovation Sandbox Contest. The competition aims to encourage out-of-the-box ideas and new technologies that transform the information security industry.
Angler EK exploits recently patched Internet Explorer bug to deliver ransomware
If they haven't already, Internet Explorer users would do well to implement the security update provided by Microsoft last month, as among the fixed vulnerability is one that is currently being exploited via the popular commercial Angler exploit kit.
Automated threat management: No signature required
The industry approach to detecting threats is inherently reactive, ceding the first-mover advantage to the cyber criminals. Defenses – based on signatures, reputation lists and blacklists – are only designed to recognize threats that have been previously seen. This means someone needs to be the first victim, and everyone hopes it’s not them.
How long is the wait?
We spend a lot of time waiting and we have grown accustomed to it. Having to wait even extends to cybersecurity. Waiting twenty minutes for a table may be tolerable, but waiting for an update to secure your network is not.
Report: Little being done to combat insider threats
Despite high profile cases of employees stealing information from intelligence agencies and the military, companies and organizations are taking few steps to thwart insider threats, according to the report, "Insider Threat Spotlight Report," sponsored by Vectra Networks.
Video: Are most companies in the dark about hack attacks?
Vectra Networks CEO Hitesh Sheth discusses cyber-attacks, the importance of discovering breaches and the security of networks.
Cyber attackers can be stopped after they get in your network
Clearly, mere humans can't deal with that flood of threats and sort out the real ones from the pesky nuisances. We must use machine learning and behavioral analysis to track threats inside large computer networks.
Cybercriminalité: L'usage de Tor a explosé de 1,000%
Afin de mener leurs opérations de cybercrimes, les pirates sont de plus en plus nombreux à recourir aux réseaux Internet anonymes comme Tor. En 2015, son utilisation a bondi de 1 000% par rapport à l'année précédente selon un rapport de Vectra Networks.
Vectra Networks veut détecter les signaux faibles sur le réseau
Vectra Networks n’es plus exactement ce que l’on appelle une jeune pousse. L’entreprise existe depuis quatre ans. Mais sa technologie a récemment été distinguée par l’Innovation Sandbox de la dernière édition de RSA Conference.
The phases of a data breach: Finding the attack before the damage is done
A new report from security firm Vectra looks at the strategic phases of a cyberattack and what companies can do to shore up their defenses.
Report: Three percent of firms studied were victims of data theft
Vectra Networks says metadata from 40 customer network it analyzed showed one or more indicators of a targeted (as opposed to opportunistic) attack in every company that bypassed any defence the organization threw up. Not only that, three per cent of the companies showed evidence of data theft.
Angreifer meist monatelang unbemerkt aktiv
Echtzeit-Erkennung von laufenden Cyber-Angriffen: Vectra Networks verstärkt Engagement gegen Cyberangriffe in DACH; Neuer Post-Intrusion Report analysiert Angriffsverhalten auf IT-Infrastrukturen
Vectra Networks nimmt DACH-Region ins Visier
Vectra Networks hat den Eintritt in den europäischen Markt gewagt und setzt in einem ersten Schritt auf die DACH-Region. Diese soll von Zürich aus koordiniert werden.
The state of cybersecurity: What 2016 will bring
In 2016, what organisations need are tools that identify the activities of the attacker inside a network before a data breach occurs, with a focus on how to quickly intervene, minimise the time they are exposed and reduce the impact of cyberthreats.
No signatures required
However, the most dangerous threat to data, user and system security is not the known known, but rather the unknown unknowns – the threats that have yet to be captured in the wild and mapped. We don’t know if they exist, we don’t have visibility into what they do, and there’s no way signatures can catch them.
Das IT-Sicherheitsgesetz unter die Lupe genommen
Die Sicherheit von Unternehmen sowie der Schutz der Bürger im Internet sollen verbessert werden – so sieht es das jüngst verabschiedete IT-Sicherheitsgesetz vor. Ziel ist es, die digitalen Infrastrukturen Deutschlands zu den sichersten der Welt zu machen.
Security-Anbieter Vectra Networks sucht Channelpartner
Vectra Networks, ein US-Anbieter von Threat-Management-Lösungen, will ab sofort auch auf dem europäischen Markt aktiv tätig werden, wie er heute mitteilt. Der Security-Spezialist startet dabei mit der DACH-Region und koordiniert diese Bemühungen von Zürich aus.
Winners of the 11th annual 2015 Info Security Global Excellence Awards
Vectra wins three distinguished awards in the 2015 Global Excellence Awards program.
Uncovering covert attack communications inside your network
Cyber attackers are slipping through perimeter defenses and hiding in the shadows and dark corners of networks.
Perimeter security has perfect amnesia
Perimeter security is designed to prevent the bad guys from getting into your network, but it is failing more and more frequently. It is designed to look at a group of packets, inspect them for threats, and immediately decide to either forward them on to their final destination or drop them.
Can we protect data without prying?
Are cybersecurity and privacy mutually exclusive, or is it possible to have both? Oliver Tavakoli, CTO of Vectra Networks, offers a quick analysis of the commercial solutions available from well-known cybersecurity suppliers to provide valuable insight.
Expert comment: TalkTalk cyber breach
For the third time, UK telecoms provider TalkTalk has fallen victim to a cyber-breach and there could be as many as four million customers affected.
Fleeting strategic importance? 2016, the year of the CISO
The core view of most of the experts we spoke to was that, while it is not clear if there is a higher number of CISOs now, these individuals are definitely gaining a stronger position within the business.
Les techniques d'intrusions de réseaux informatiques évoluent
Selon un rapport de Vectra Networks, les cyberattaques ciblées sont en nette augmentation. L’usage de réseaux tels que Tor se généralise.
Report finds evidence of surge in targeted cyberattacks
In the wake of recent cyberattacks, including the high-profile breach of the U.S. Office of Personnel Management, a new report from Vectra Networks has found a massive surge in the number of targeted cyberattacks, calling into question whether organizations are prepared to meet this threat.
Automated threat detection helps fulfill protection goals of critical security controls
New technologies, such as machine learning, have evolved to help organizations improve their response to modern attacks. Although the financial industry has been using machine learning since the 1970s to detect fraudulent behavior, use of machine learning in the information security sector is a recent phenomenon.
A CISO's strategy for fighting phishing attacks
Hacker attacks often start with spear-phishing attempts used to obtain credentials or deliver malware. But healthcare entities can take steps to help prevent these scams from being successful, says Connie Barrera, CISO of Jackson Health System in Miami.
Behavioral analysis could have prevented the Anthem breach
There’s a universal truth regarding every cyber attack: attack behavior never appears normal. This seemingly simple fact holds true whether the attack was executed by a first-timer or perpetrated by a nation-state and is crucial to preventing future information security breaches like Anthem’s.
Forbes hottest cybersecurity startups of 2015
In 2015, there were few hotter areas in Silicon Valley than cybersecurity, and Vectra ranked in the top 10 of that competitive group.
Virtually every organization has been hacked
There's no use in wondering anymore when your organization will be victimized by a cyberattack, it has already happened, to everyone. That is the take of an article at CIO, which noted that virtually every company has by now been compromised.
Insider threat control: Using predictive and real-time analytics
According to a new security report, fewer than half of organizations have appropriate controls to prevent insider attacks. That would be the routine controls – the standard, basic stuff one would think every company uses and has used for years.
Security specialists see cyber threats growing
A new survey of 500 cyber security professionals shows privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations (59 percent).
Q&A with Black Hat and DEF CON founder Jeff Moss
In-demand consultant and former hacker Jeff Moss offers his takes on trends, privacy, machine learning – and why you should always keep your keys in your pocket.
Adobe, Microsoft and Oracle patch for Hacking Team flaws
Zero-days patched across major vendors expand the fallout from the Hacking Team breach, but that's not the only source of vulnerability disclosures this month.
Survey: Fighting insider attacks is tough
Fighting insider threats is a tough task for enterprise security organizations. Just how tough is revealed in a recent report by Crowd Research Partners, conducted in cooperation with the Information Security Community on LinkedIn.
The old way of stopping cyber attacks is no longer working
Firewalls alone may not be enough to stop cyber attacks. For that, there’s data science.
Protecting the university network and flagging attacks — in real time
Higher education is a key target for cyber attacks because of the open networks common on college and university campuses. Thousands of students and faculty wander on and off the network with their own devices, bringing viruses and malware to the wider community and creating nightmares for security teams.
University ramps up mobile network protection
Santa Clara University has deployed Vectra Networks’ X-series platform to protect private university and student information on its campus network from malware and today’s advanced persistent threats.
Vectra Networks targets enterprise security blind spots
Vectra Networks introduces a threat detection platform that extends automated real-time cybersecurity into all corners of an organization, including previous blind spots such as remote sites and internal network segments.
Hacking Team dump: Windows zero-day, Microsoft patches flaw pitched to spyware vendor
Vectra says it notified Microsoft about the flaw on July 9, then waited to release details of the flaw until a Windows fix had been released, just five days later. "They were able to work on this very quickly," says threat researcher Wade Williamson, director of product marketing at Vectra.
The unintended attack surface of the Internet of things
While consumer Wi-Fi products may seem like an odd choice for intensive threat research, Vectra Threat Labs found that vulnerabilities in consumer and Internet of Things gear can end up having a much larger impact on enterprise security than you might think.
Vectra discovers high-severity Internet Explorer 11 vulnerability following Hacking Team
The Vectra Threat Labs found exploitable use-after-free vulnerability that lets attackers bypass standard memory protections in popular Web browser.
Threat intelligence needs to grow up
Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.
Vectra AI in the News in 2014
Vectra launches real-time detection platform to curb insider threats
Vectra Networks announced release of a real-time detection platform to protect organizations and government agencies from insider and target threats.
Video: Tracking cyber threats from inside a company
CEO Hitesh Sheth tells Bloomberg TV's Pimm Fox how Community Threat Analysis dynamically creates a clear picture of typical network access through the entire corporate network, identifying anomalies and flagging unauthorized access to documents, data and intellectual property, making it an effective way of recognizing insider attacks.
Video: Bloomberg TV features Vectra in a discussion about security vulnerabilities in U.S. companies
Vectra Networks CEO Hitesh Sheth and CrowdStrike CEO George Kurtz comment on the Chinese hackers that stole personal information from 4.5 million patients of Community Health Systems and discuss how vulnerable U.S. companies are to hackers. They speak with Pimm Fox on "Taking Stock."
Computer Technology Review Top 25 must-have software apps
Every year Computer Technology Review ranks the top 25 software applications that you absolutely must check out. This year, new-comer Vectra Networks is in the mix.
Cyber attacks: We're fighting an asymmetric war
Cybercriminals' ability to attack is outpacing our ability to defend. We are fighting an asymmetric war. Resources are one challenge, but so are the defensive tactics. Organizations rely on security best practices and products that were developed to counter a different threat – long before the rise of mobility, the cloud and well-organized criminals.
Stop allowing your security strategy to drain IT resources
Most organizations would say protecting high-value information and complying with regulations is a priority, but in practice, few businesses have enough IT security staff and resources to ensure that policies are defined and upheld, systems are secured, and users are trained.
Vectra security appliances use data science to think
Vectra differentiates real threats from noise, and as an attack intensifies, the Vectra platform reports updates in real time.
The inner workings of a targeted attack
Vectra Networks' X-series of appliances combine advanced analytics with AI to identify threats in real time.
U.S. Postal Service employees, retirees, customers exposed in hack attack
There's speculation that China might be behind a months-long hack attack that breached USPS servers, compromising personal data of workers and customers.
Vectra updates threat detection platform
The Vectra X-series platform is designed to detect sophisticated threats by using a combination of security research, data science and machine learning. According to the company, the product is capable of detecting attacks on all operating systems, applications and devices regardless of the method and location of the initial delivery.
Industry reactions to devastating Sony hack
The systems of entertainment giant Sony have been hacked once again, and although the full extent of the breach is not yet known, the incident will likely be added to the list of most damaging cyberattacks.
Feedback Friday: Executives targeted in 'darkhotel' attacks
When it comes to the darkhotel issue and the fast-evolving threat landscape, "what the malware is doing" is more important than "what the malware is."
First security platform that thinks
The Vectra X-series platform can detect attacks at every phase of a persistent attack, regardless of how the attack enters an organization’s network and the operating system, application or device being attacked.
Study: Organizations assailed by cyber attacks, 15 percent are targeted
Highly organized, sophisticated and successful cyber attacks continue to assail organizations and while most are opportunistic, a higher than expected percentage are targeted, according to results from a recent study.
Infosec pros worried BYOD ushers in security exploits, survey says
Despite the significant damage, including loss of company or client data and unauthorized access to data and systems that the use of privately owned devices without proper security can wreak, most organizations simply have not kept pace with the explosion in use of those personal devices in the workplace.
An epic ride: A look back at the ever-changing information security industry
“We've gone from an environment where people were essentially stationary with fixed computing assets to one where everything is porous and people are mobile and applications and data and information are all in the cloud,” says Hitesh Sheth, president and CEO for Vectra Networks.
Some U.S. retailers shun Apple Pay, eye rival payments system
Some large U.S. retailers are refusing to use Apple Inc's new electronic payments service as they commit to developing a rival payments system that would bolster their profits by eliminating credit card transaction fees.
Home Depot breach bigger than Target at 56 million cards
Vectra CEO Hitesh Sheth says that the recent Home Depot breach exposes a serious security weakness, noting that the company said hackers used unique, custom-built malware to compromise up to 56 million payment cards.
Vectra releases real-time threat detection platform to protect against targeted attacks
Vectra Networks has released an updated real-time detection platform – X-series platform – aimed for insider and targeted threats detection.
Enterprise organizations are taking steps to improve cybersecurity analytics
Last week, online retail giant eBay announced that it was hacked. Large organizations realize that they have to do more to protect themselves from cybercrime and are exploring ways to block threats and/or reduce the attack surface across their networks.
New products of the week 12.22.2014
Our roundup of intriguing new products from companies such as Dell, CloudBerry and Vectra (See Slide 16).
Is IT really ready for BYOD security challenges?
LinkedIn survey finds enterprise mobility still in infancy.
Ten security startups to watch
Security start-ups arise because they have fresh approaches to fighting malware and cyber-espionage or combatting the insider threat through network monitoring. In this round-up of some of the newer security firms, Distil Networks, Observable Networks and Vectra Networks fit into that category.
What attackers do after bypassing perimeter defenses
Vectra Networks collected data over five months from more than 100,000 hosts within sample organizations to gain a deeper understanding of breaches that inevitably bypass perimeter defenses, and what attackers do once inside networks.
How organizations deal with BYOD and mobile security
Report shows that 21 percent of organizations who acknowledge broad use of privately owned devices do not support those devices within their organizations.
Detecting cyber attacks in a mobile and BYOD organization
Explore the challenges, understand needs and evaluate mobile device management as an approach to detecting attacks. It can lead to a flexible, highly efficient solution that detects all phases of an active attack on mobile devices, regardless of device type, operating system or applications installed.
More exploits expected to enter organizations via mobile devices
The second annual BYOD and Mobile Security Study reveals more exploits entering organizations via mobile devices. All told, this reality a now a top BYOD security concern, experts reveal.
NotCompatible mobile malware gets badder
The new "C" version of the NotCompatible malware that targets Android devices is very difficult to stop – but it's not that hard to avoid.
What attackers do after a breach
An attack happens and he or she is able to squeeze by the perimeter defense; that is just the beginning for an assault on a network, a new report shows.
Cyber security goes mobile
Mobile technology advances have brought about the once-unfathomable prospect that wireless security is at least on a par with traditional computing and networking systems – the very ones currently fending off an unprecedented wave of cyberattacks.
Defense in depth for advanced threat protection
Defense in Depth is practical strategy and "best practices" strategy in that it relies on the intelligent application of techniques and technologies that exist today.
Firms turn blind-eye to BYOD policy
Close to one-fourth of organizations that have broad use of BYOD devices do not support their use, opening up the enterprise to security risks such as malware infection.
Three steps to a more secure BYOD program
Despite all the warnings in the tech media about Bring-Your-Own-Device, or BYOD, security risks, a minority of organizations have implemented policies or processes to address BYOD, a new study finds.
Vectra X-series platform identifies threats in real-time
Real-time cyber-attack detector Vectra Networks has introduced a real-time detection platform for insider and targeted threats.
Targeted attacks cause damage in multiple ways
Overall, 15 percent of hosts in the participating organizations experienced a targeted attack, according to a Vectra Networks report.
BYOD programs leave several security holes open
Just 21 percent of more than 1,100 IT security practitioners said their organizations have fully implemented BYOD policies, processes and infrastructure, according to recent survey.
Review: Vectra X-series prevents data breaches with AI
Frank Ohlhorst details how data breaches happen and what Vectra’s X-series security appliances can do to detect and prevent them.
New bash bugs surface
If you patched your Linux-based systems before 1:11 a.m. Eastern Daylight Time yesterday for the major Shellshock vulnerability in the Bash function, your work is not done here yet. New bugs have been reported in Bash, so it's probably time to patch again, security experts warn.
From malware to breach
Got malware? More than likely you do, but don't panic: The bulk of infections can be traced to standard botnet activity like spamming and click-fraud rather than data theft, a new study of real-world breaches has found.
Information overload: Finding signals in the noise
Sometimes it's possible to have too much threat data.
Vectra raises $25 million to fend off cyberattacks in real time
Vectra Networks Inc., a San Jose startup whose software aims to protect corporate and government IT systems against cyberattacks, has raised $25 million in capital provided by Accel Partners, Khosla Ventures and Intel Capital.
Video: Bloomberg TV talks with Vectra CEO about cyber protection and privacy
Bloomberg TV host Pimm Fox speaks with Vectra CEO Hitesh Sheth on how Vectra works, its contextual reporting and protecting organizations while maintaining privacy.
Vectra detects cyberattacks in real-time, raises $25 million
Accel Partners and existing investors just dropped a new $25 million into Vectra Networks, a security startup deeply connected to U.S. national security officials.
Vectra launches real-time threat detection
Vectra Networks has released its updated X-series platform, the first real-time detection solution designed to discover insider and targeted threats. The new platform promises to help organizations gain instant visibility into potential threats by leveraging a combination of dynamic community threat analysis and real-time detection of cyberattacks.
Vectra post-breach report reveals attacker habits
Ten percent of hosts experience at least one or more cyberattacks that bypass enterprise security perimeter defenses, according to a new study by security solution provider Vectra Networks.
Why breach detection is your new must-have cyber security tool
It's time for CIOs to start focusing on the next line of defense in the war against cyber crime: an emerging area called breach detection, which focuses on identifying long-tail intrusions after they happen and mitigating their damage, partly through the use of big-data technologies. Your company’s information security may depend on it.
Data science and machine learning will fight cyber-attacks, says Vectra Networks: 2015 Tech Predictions
Vectra VP of Marketing Mike Banic predicts data science and machine learning will become the focus of the fight on cyber-attacks, cyber security will get social, and new entrants will continue to disrupt the cyber security market.
Industrial computers emerge as another Heartbleed worry
As if there weren't a sufficient number of things to worry about related to the Heartbleed vulnerability disclosed earlier this month, you can now add this to the list: Many of the world's computers used to control and manage heavy industrial equipment may be vulnerable, too.
Vectra: 79 percent of organizations lack BYOD policies
New study shows malware protection is a requirement for mobile security.
Getting a clear picture of a computer network’s security
Security experts say the only hope of protecting corporate networks from hackers is something the industry calls “defense in depth.” The phrase simply means that plugging in one traditional defense – antivirus software, or a firewall, is no longer going to cut it.
Put the insider threat in your sights
Regardless of how well we secure our assets from outside parties, we ultimately need to give access to our employees, contractors and partners in order for them to do their jobs. Misuse of this privileged access, whether through data theft or damage, is an unfortunate, yet inherent risk of doing business for most organizations.
Vectra report reveals what attackers do once they bypass perimeter defenses
This is the first report, using real-world data from the Vectra X-series platforms currently in production networks, that reveals what attackers do within a network once they evade perimeter defenses.
BYOD and other hazards
Mobile technologies can be a boon to productivity, but they also introduce cyber-security vulnerabilities that technologists and insurers are laboring to protect.
Vectra to use Series C to grow real-time cyber threat detection
Vectra Networks, Inc. announced on August 5 it had raised a new $25 million round of funding to boost sales and marketing for its behavior-based cyber security solution.
Vectra raises $25 million to stop cyberattacks in progress
Cybersecurity firms now recognize that cybercriminals are so good at penetrating corporate and government IT systems that they can no longer be entirely blocked. One of these firms, Vectra Networks, has raised another $25 million in funding to detect and prioritize attacks in real time so customers can decide which ones to fight first.
Survey roundup: False sense of security?
A report by data security company Vectra Networks looks at how cybercriminals bypass perimeter defenses, andwhat they do inside a network once they have gained access.
Survey roundup: Culture change top compliance goal
Ben DiPietro of the Wall Street Journal looks at recent surveys and reports dealing with risk and compliance issues, including the new BYOD and Mobility Report from Vectra and the Information Security Group on LinkedIn.
New firm pitches cybersecurity for less well-heeled
Some big-name former Washington officials are backing a new cybersecurity company that seeks to help less-well-heeled clients. Vectra uses an approach en vogue: Identifying hackers already in the system rather than trying to keep them out.
Breach detection, Sony Entertainment and Vectra Networks
Working in information security for the past 20 years, I have seen a lot. Though there have been many multi-million dollar impact breaches, the recent Sony Pictures hack and subsequent data exposure and extortion is probably the most impactful to a company out of the previous breaches this year.