GUEST OPINION: While evolving cloud technologies offer businesses enhanced opportunities across many areas of operations, the added security risks of hybrid infrastructure are leaving security teams struggling with increased alert fatigue, which could heighten the chance of a breach.
Woj explores the escalating challenges faced by Security Operations Centre (SOC) teams in combating sophisticated cyber threats.
Tithirat Siripattanalert, Group CISO and CDO, True Digital Group commented: “Organizations in Thailand have been bearing the brunt of cyberattacks...
Before the situation escalates further, security leaders must drill down on what security teams genuinely need...
The retail sector has made headlines due to many high-profile (and costly) data breaches. What can retailers do to stay clear of the front pages?
Microsoft'ss new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily spread laterally to other Azure tenants.
A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants.
<p id="">Vectra AI has released a new research report identifying that 97 percent of analysts are worried they will miss security events, with 71 percent admitting their organization may have been compromised and they don't know about it yet.
A report from cybersecurity experts Vectra AI surveying more than 2,000 IT security analysts found that nearly all (97%) are worried they'll miss important security events, while 71% admitted to possibly being compromised, but not knowing.
Recent Salesforce research shows 52 percent of consumers expect their offers to be personalized. To create these tailored offerings and drive a seamless customer experience, retailers gather vast amounts of personally identifiable information (PII) -- from addresses to purchasing history and payment information. This makes them an irresistible -- and relatively low risk -- target for cybercriminals.
With the popularity of cloud-native applications and solutions on the rise, ransomware is also becoming an unfortunate reality for businesses in every industry.
[...] Rob Rosiello, SVP at <strong id="">Vectra AI,</strong> singles out the ransomware threat as the key takeaway from this year's report. "This year's DBIR should act as a stark reminder that organisations cannot afford to fall into the trap of ransomware fatigue, as attacks become more frequent and costly," he tells <em id="">Assured Intelligence</em>. [...]
Unsustainable pressures are being placed on cyber leaders and professionals' mental health because of a combination of factors, such as the growing attack surface, increasing cybersecurity and data regulations and the on-going skills shortage.
Kevin Kennedy, SVP Products, explains how Vectra AI provides enterprises with real-time attack signal intelligence using the power of its 'North Star'
After conferring with security heads from far and wide over the past few months, Vectra EMEA CTO, Steve Cottrell shares some of the best pieces of advice given.
Disneyland Anaheim's Instagram and Facebook accounts were hacked. Vectra CTO for SaaS Protect, Aaron Turner explains why organizations should look to manage the risks of corporate social media accounts.
North Korean state-sponsored cyber threat actors have used Maui ransomware to target both the healthcare and public health sectors, according to U.S. cybersecurity alerts.
Defending organizations' IT networks and data has never been tougher for tech and cybersecurity pros.
Artificial intelligence is more artificial than intelligent.
The Fourth of July weekend is upon us, and so is the risk of a cyberattack. See how to make sure your organization says safe.
Tim Wade, Deputy Chief Technology Officer at Vectra shares about the hype around Artificial Intelligence.
Surviving a ransomware attack is possible, as long as we apply preparation and intentionality to our defense posture.
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.
Security experts react following the latest T-Mobile Data Breach.
Vectra AI released a new Security Workforce report highlighting how mounting pressure on security professionals is creating a health crisis in cybersecurity.
Researchers reported on the first publicly known case of malware specifically designed to execute in an AWS Lambda environment.
With ransomware being so prevalent, what should organizations be doing to detect it, mitigate its impact, and prevent any future attacks?
The AvosLocker Ransomware as a Service (RaaS) group has targeted critical infrastructure sectors in the US, such as financial services, manufacturing and government facilities, the FBI said.
Aaron Turner, VP of SaaS Posture at Vectra sits down with ABC 4 Utah to explain how Vectra is able transfer the best cybersecurity knowledge to a company in a really repeatable way.
Vectra CEO, Hitesh Sheth explains how no intelligence agency is certain how the cyber dimension of the Ukraine conflict will evolve.
Steve Cottrell, EMEA Chief Technology Officer at Vectra AI, spoke to Technology magazine about how it helps businesses facing increasing cyber threats
Steve Cottrell, EMEA CTO at Vectra AI, comments about the fine issued by the ICO to Tuckers Sollicitors.
A cloud security report found that only 16% of respondents have comprehensive DevSecOps in place, while some 37% are starting to incorporate some aspect of DevSecOps within their organizations.
A look at 20 network security vendors offering everything from log filtering and encrypted traffic visibility to containerized firewalls and SD-WAN.
Vectra CEO, Hitesh Sheth explains how AI has become pervasive—and increasingly important to our quality of life while it'ss also making an impact on today's cyber landscape.
Ransomware gangs are continuing to evolve new tactics and techniques, and organizations need to be better prepared to defend against them in 2022.
There was a lot to learn from breaches, vulnerabilities, and attacks this year.
A local electric cooperative serving western Colorado'ss Montrose and Delta counties, says a cyberattack first detected Nov. 7 has disabled billing systems and wiped out 20 to 25 years's worth of historic data.
The world of cybersecurity changed for good on Dec. 13, 2020 as a result of the massive cyberattack on SolarWinds.
Experts give their take on the state of cybersecurity as we near the end of 2021.
Over the last year, ethical hackers have prevented more than US$27 billion in cybercrime, according to a report released Tuesday by a leading bug bounty platform.
New research that found some 80% of ethical hackers have recently identified a vulnerability they had not encountered before the pandemic.
Modern complexities of rogue devices, remote employees, and multi-cloud environments have brought previously unseen levels of unpredictability to the SOC.
A report on cloud adoption found cloud usage among respondents has grown to 90%, while 48% say they plan to migrate half or more of their apps to the cloud in 2022.
Here's a look at the most disruptive security incidents associated with AWS misconfigurations and how businesses can prevent misconfigurations in the future.
The U.S. Department of State will create a Bureau of Cyberspace and Digital Policy, led by a Senate-confirmed ambassador-at-large, to advance its cybersecurity diplomacy efforts.
Since taking office in January, the Biden administration has made cybersecurity one of its top priorities.
The Russian-based cybercrime group responsible for the high-profile attack on software maker SolarWinds last year is continuing to take aim at the global supply chain, according to a warning issued by Microsoft this week.
Why it's important to make the most of machine learning when managing cyber-security incidents.
Acer has confirmed that its servers in Taiwan have also been breached, after hackers themselves shared details about the incident with privacy watchdogs, Privacy Affairs.
As security teams start to fight back, attackers have only become more sophisticated. Here are six key trends that your security team should be tracking to ensure that your organization remains cyber resilient.
The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.
A new bill introduced would require ransomware victims to disclose ransom payments within 48 hours of payment — including the amount of ransom demanded and paid the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom.
A new report from Forrester Research indicates organizations should tread carefully between engagement, empathy and punishment because punishment has the tendency to reinforce employees' negative perceptions and resentment of the security team.
No Internet-connected device appears to be safe from potentially being abused by a newly theorized form of distributed denial of service attack.
An Illinois man ran a successful computer takedown service until the feds stepped in.
Vectra Technical Director to the CTO Office, Tim Wade explains how Resilience shifts the focus toward eliminating the probable impact of the full attack chain.
In the sprawling IT landscapes of today, artificial intelligence (AI) will play a decisive role in this war against ransomware, giving organizations the best chance to defeat motivated attackers.
Vectra CEO, Hitesh Sheth explains how AI is the greatest ally when it comes to creating a secure future. AI can learn the differences between normal and malicious activity — independently, without requiring human input.
The security team at the Australian telco got its network detection response down from four hours down to one hour a day.
Organizations aren't maintaining regular patching: With nearly half of all databases globally (46%) containing a vulnerability and the average number of Common Vulnerabilities and Exposures (CVEs) per database standing at 26, it's clear that businesses are ignoring one of the basic tenets of data security which is to patch and update databases as soon and often as possible.
One out of every two on-premises databases globally has at least one vulnerability, finds a new study.
A dual U.S.-Canadian national has been sentenced to more than 11 years in federal prison for conspiring to launder tens of millions of dollars in wire and bank fraud schemes, according to the U.S. Department of Justice. Officials say the activity included cash-out scams for North Korean hackers, including the criminal gang Lazarus Group, which has been associated with a military unit for the authoritarian regime.
It was a short hiatus for the REvil ransomware group that signed off in July following several high-profile attacks by the Russia-based crew on such companies as global meat processor JBS and tech services provider Kaseya.
Chris Fisher, our Director of Security Engineering APJ, discusses how public and private sector organisations – from government and military to banking, energy and transportation – have become digital-centric to seek economic savings, productivity gains and to create customer and citizen value.
Microsoft has a sizeable global channel that raises the question of whether that is the model that all vendors should be aspiring to follow.
Based on industry reports over the past few days, it appears that Paragon Software will include its New Technology File System 3 (NTFS3) kernel driver in the recent Linux Kernel 5.15 release, which promises improved support for Microsoft'ss NTFS file system.
Over the course of the pandemic, one of the biggest disruptions the world faced was to critical national infrastructure, specifically supply chains. Border and port closures, mandated work from home policies, and severe shortages of citizen essential products including PPE and pharmaceuticals, have highlighted vulnerabilities in production, supply, and logistics. Asia is now experiencing a renewed surge in Covid-19 infections, which continues to impact supply chains across the world and manufacturers are yet again faced with complexities.
David Larrimore has been named chief technology officer for DHS, a role he previously held at Immigration and Customs Enforcement between 2016 and 2019. Between federal appointments, Larrimore was lead solution engineer at Salesforce.
The United States Department of Homeland Security (DHS) has announced two senior cybersecurity appointments.<br>
A vendor with a checkered security incident past is not automatically disqualified from future contracts. Rather, there is a playbook for due diligence.
The operators of LockFile ransomware have adopted new techniques, including "intermittent encryption," to help evade detection, according to cybersecurity firm Sophos.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are customarily closed—in the United States, as recently as the Fourth of July holiday in 2021.<br>
Citing damaging ransomware attacks that it, along with the FBI, has observed over recent holidays, the Cybersecurity and Infrastructure Security Agency issued an alert warning organizations to be prepared as the Labor Day holiday nears.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a new cybersecurity advisory to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends.
After Bangkok Airways disclosed that it had been clobbered by a cyberattack last week, the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline's encrypted files on its leak site.
The LockFile ransomware family has made an impression in the relatively short amount of time it's been around. The malware garnered a lot of attention over the past several months after being detected exploiting high-profile Microsoft vulnerabilities dubbed ProxyShell and PetitPortam.
New research released by Nozomi Networks in tandem with SANS found that 91% of respondents are using cloud technologies to directly support some aspect of industrial control system (ICS) operations.
Public and private sector organisations – from government and military to banking, energy and transportation – have become digital-centric to seek economic savings, productivity gains and to create customer and citizen value.
Despite security improvements over the last seven years, the U.S. Agency for International Development - USAID - needs to better protect the large amounts of personal identifiable data - such as Social Security numbers - that the agency collects, according to an inspector general'ss audit.
The hoards of consumer information that companies collect multiply the damaging effects of data breaches, lawyers and cybersecurity specialists say. In an estimated 1,700 publicly reported data breaches during the first half of 2021, more than 18 billion pieces of information have been exposed, according to research from cybersecurity company Risk Based Security Inc.
Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2.
As Digital Transformation efforts continue, the survey found that AWS is becoming an even more critical component to organisations that are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service.
The scope of a cyberattack at T-Mobile US keeps growing, as the operator today confirmed personal data on at least 54 million people was exposed and stolen. It pegged the number of people affected at nearly 49 million people earlier this week.
Accenture suffered a LockBit ransomware attack that reportedly encrypted at least 2,500 computers and leaked client information.
A newly published Office of the Inspector General report detailing how the U.S. Census Bureau mishandled a January 2020 cybersecurity incident is a strong reminder to the business community to follow best practices such as IT asset management, frequent vulnerability scanning and mitigation, comprehensive event logging and prompt notification and incident response when a possible incident is suspected.
The U.S. Census Bureau was targeted by a cyberattack last year that compromised some systems but did not result in the theft of census data, according to a new report from the Office of the Inspector General.
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. Determining how hard a target you present for the current wave of human-driven ransomware involves multiple considerations. There are four steps to analyzing how prepared you are for a ransomware attack.
According to a watchdog report, U.S. Census Bureau computer servers were exploited in January 2020 during a cybersecurity attack, but hackers' attempts to keep access to the system were unsuccessful.
T-Mobile USA officials have confirmed that the records of 47.8 million current, former and prospective customers were stolen in a "highly sophisticated cyberattack" late last week.<br>
T-Mobile US has said cyber attackers who breached its computer networks stole personal details of more than 40 million past, current and prospective customers.
Mobile telecommunication company T-Mobile has confirmed a data breach that reportedly affects nearly all of its U.S. customers. Hackers gained access to the company's systems and hacked servers and databases containing the personally identifiable information of approximately 100 million customers.
Microsoft on Monday announced that it received the approval to launch Azure Government Top Secret for its military and intelligence customers.
Global e-commerce giant Amazon is reportedly considering plans to implement a keyboard-stroke monitoring solution for its customer-service representatives.
A proliferation of ransomware attacks has created ripple effects worldwide. Such criminal attacks have since increased in scale and magnitude, as critical hospital and infrastructure targets were shut down.
T-Mobile said in a statement that it had determined that "unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved." The company noted that it's "confident that the entry point used to gain access has been closed" and that a review is ongoing.
T-Mobile is investigating a reported breach in which a hacker claims to be selling the personal information of over 100 million of its customers.
T-Mobile said on Monday it was looking into claims that a hacker has stolen data related to more than 100 million T-Mobile customers in the United States and aims to sell access to part of the information for around $277,000.<br>
Over one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to new research.
Researchers on Friday reported that an insecure direct object reference (IDOR) vulnerability allowed for the reading and modifying of all user workouts on the cloud-based Wodify fitness platform.
Information technology consulting giant Accenture PLC has been struck by ransomware that resulted in customer data stolen.
Accenture, the multinational consulting firm with tens of billions USD in annual revenue and over half a million employees worldwide, is being blackmailed by the LockBit ransomware group, which has launched a successful attack against them.
Accenture officials are saying they staved off a ransomware attack this week by a cybercriminal ring using the LockBit malware even as the hacker group claimed to have captured data from the massive global IT and business consulting firm and has threatened to release it.<br>
Accenture sent an internal memo confirming that attackers stole client information & work materials in a July 30 "incident."
A group using the LockBit ransomware says it struck the IT consulting firm Accenture and threatened to release data within hours.
In a report on remote workforce security, 52 percent of the U.S. IT and cybersecurity professionals surveyed revealed they experienced remote workers finding workarounds to their organizations' security policies.
Vectra AI has released the findings of its new PaaS and IaaS Security Survey Report. The report presents the results of a survey of 317 IT executives all using AWS, 70 percent coming from organizations of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations.
As ransomware and nation-state attacks have become more destructive, older methods of protecting networks and infrastructure, such as perimeter defenses and penetration resistance, can no longer protect organizations's assets and data.
In the wake of a relentless wave of supply chain attacks, security leaders must heed this famous line and change their approach. When relying on traditional prevention-based strategies, victims have faced costly and humiliating results time and time again.<br>
Sharing threat intelligence and proof-of-concept exploits can often help other organizations better defend themselves, but such efforts are hampered by obstacles and restrictions.
In response to the number of high-profile ransomware incidents, the Federal Government has launched Operation Orcus. The cross-agency initiative is designed to target ransomware attacks that have direct links to sophisticated organised crime groups, both in Australia and globally. The Australian Federal Police are leading the initiative, with the Australian Cyber Security Centre (ACSC), Australia Criminal Intelligence Commission, AUSTRAC, and state and territory police agencies also joining the force.
With competitive corporate pressures to reduce IT operations and security costs, transitioning workloads and data to the cloud are unstoppable — but the most challenging question is how to govern the process to ensure a predictable, accountable, and scalable transition, and resulting cloud infrastructure that accounts for the diverse interests of the internal stakeholders and the regulators.
The expansion of AWS services has naturally led to increased complexity and risk. In fact, all of the companies surveyed have experienced at least one security incident in their public cloud environment in the last 12 months. Gartner anticipated that over 99% of cloud breaches will have a root cause of customer misconfiguration.
Every organisation deploying Amazon Web Services (AWS) has experienced at least one security incident.
New report finds 100% of companies have experienced a security incident, but continue to expand their footprint as 64% report deploying new AWS services weekly.
Organizations count on multifactor authentication (MFA) to prevent attacks. However, the belief that you'sre 100% protected because of MFA is just false. Even though there are statistics that highlight how MFA can reduce the risk of identity compromise by 99% over passwords, attackers still know how to bypass it. Our CEO, Hitesh Sheth, shares his thoughts on why MFA isn'st enough.
New report from Vectra AI finds 100% of companies have experienced a security incident, but continue to expand their footprint as 64% report deploying new AWS services weekly.
Vectra AI released the findings of the PaaS & IaaS Security Survey Report. The report compiled the answers of 317 IT executives all using AWS, 70% coming from organization of 1,000+ employees. The findings show a rapid expansion and reliance on AWS services while simultaneously showcasing security blind spots within many organizations.
As digital transformation efforts continue, the survey found that AWS is becoming an even more critical component to organizations who are regularly deploying new workloads, leveraging deployments in multiple regions and are relying on more than one AWS service.
Organizations hit by ransomware attacks also report tightened budgets and lingering impacts on productivity, profitability and security posture, suggesting the extensive damage caused in the wake of ransomware attacks has long-lasting effects.
Varonis on Thursday released a report indicating that companies have to focus a bit more on securing their SaaS applications. The study found that 44% of cloud privileges are misconfigured, 3 out of 4 cloud identities for external contractors remain active after they leave, and 15% of employees transfer business-critical data to their personal cloud accounts.
Threat detection and response leader Vectra AI has released details of the top five Microsoft Azure AD and Office 365 threat alerts triggered within financial services organisations. The analysis, conducted during early 2021, recorded and categorised the potential threats detected by Vectra's Cognito Network and Cloud Detection Platform deployments. Each of these detections represents an anomalous behaviour, and therefore helps security teams spot and stop cyber-attacks within their Microsoft cloud environments.
After focusing almost exclusively on Russia for the first seven months of his presidency, Joe Biden's White House shifted part of its cybersecurity attention to China on July 12, with the administration blaming hackers associated with one of the country's security services with carrying out attacks on vulnerable versions of Microsoft Exchange email servers earlier this year.
A little over 10 years ago, Google launched their Vulnerability Rewards Program (VRP), with the goal of establishing a channel for security security researchers to report bugs to Google and offer an efficient way for Google to thank them for helping make Google, users, and the Internet a safer place.
Google celebrated the anniversary of its Vulnerability Rewards Program (VRP) by launching bughunters.google.com, a site that brings together all of the VRPs it has for Google, Android, Abuse, Chrome, and Play, and puts them on a single intake form that aims to make it easier for bug hunters to submit issues.<br>
The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber attacks, targeting both Linux and Microsoft systems and expanding its geographical reach, according to security researchers with Microsoft.
Vectra is positioned as an integral part of the Microsoft Zero Trust model; it assumes breaches by investigating the behaviour of users, workloads, networks and devices as though they originate from an untrusted network. It does so by leveraging its analytics and understanding of users and accounts, tracking them between on-premises and cloud.
A short-lived outage at the content delivery network supplier Akamai on Thursday, which briefly knocked offline many corporate websites, is another indicator that companies need resiliency built into their systems. That means they should avoid relying on just one CDN provider, security experts say.
The massive hack of the Microsoft Exchange email server software that took place early this year is estimated to have hit tens of thousands of victims, causing disproportionate chaos for smaller businesses. The Biden administration has formally declared that Chinese state-backed APT groups are to blame.
iPhone users, drop what you're doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS.
Organized by Amnesty International and the Paris-based non-profit Forbidden Stories, the Pegasus Project involves 80 journalists in 10 countries. Its subject is the Pegasus spyware sold by NSO Group, a powerful tool that is supposed to only be available to law enforcement and intelligence agencies for legitimate and legal uses.
Vectra AI has announced the Vectra Cognito platform will deliver key Zero Trust capabilities for Microsoft 365 and Microsoft Azure customers. The company says it's uniquely positioned as an integral part of the model, which assumes breaches by investigating the behaviour of users, workloads, networks, and devices as though they originate from an untrusted network.
The software company at the center of a huge ransomware attack this month has obtained a universal key to unlock files of the hundreds of businesses and public organizations crippled by the hack.
Reports that the NSO Group's Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal.
The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a "naming-and-shaming" approach — but researchers aren't convinced the efforts will come to much in terms of deterring future activity.
UK rail operator Northern suffered a cyber attack targeting its newly installed self-serve ticketing machines across Northern England, forcing the operator to take all the ticketing machines offline.
Managing access control and data permissions is difficult without a proper understanding of the who, what, and where of data access models. To truly understand data flow and access, organizations need to observe privilege based on real world activity and assess the access that does occur. This would allow an organization to differentiate between what should and should not occur.
Researchers at the security firm CyberMDX have uncovered two significant vulnerabilities in certain Dell Wyse thin client devices that, if exploited, could enable threat actors to remotely run malicious code and access files on affected devices.
Vectra'ss Ammar Enaya says this is a significant example of a well-executed supply chain attack compromising a popular IT administration tool as a penetration mechanism. The subsequent exploitation of authentication controls enabled the threat actor to pivot to the cloud and operate undetected for an extended time in Microsoft 365, which allowed them to gather intelligence.
The SolarWinds hack, which is reportedly being link to Russia, is shaping up to be the biggest cyber-attack this year. The attack targeted the US government, its agencies and several other private companies. It was first discovered by cybersecurity firm FireEye, and since then more developments are being reported each day.
United States officials have blamed Russian hackers for recent breaches at federal agencies, companies, and high-profile cybersecurity vendor FireEye, with the malicious activity appearing to come from highly skilled attackers. "Attackers could also set up automated workflows to consolidate all the activities and run them autonomously while quietly exfiltrating data," Vectra'ss Matt Walmsley shares.
The recentbreach, which began in March, targeted the SolarWinds Orion software, a popular IT network administration tool used by companies around the world and by U.S. government agencies including the Department of Homeland Security, the Treasury Department, the Department of Commerce, the Department of Energy, the Pentagon and the White House. The hackers attached malware to a SolarWinds software update that was downloaded by as many as 18,000 organizations.
Causing 18,000 organizations, the vast majority of which were not actually targets of interest, to have to remediate and possibly rebuild their devices and networks represent a huge amount of collateral damage," Vectra'ss Oliver Tavakoli said. "Obviously, the concept of collateral damage exists on a spectrum – but we can probably all agree this attack was on the far end of the spectrum.
While all of these things together sound like the makings of a best-selling fiction novel, the cyber security industry – and all of the threats and dangers that exist within it – is all too real. That's one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment. Hashed Out reached out to many IT and cyber security experts within the industry to inquire about their favorite books on cyber security and create a comprehensive list of the "best cyber security books."
Vectra AI has formed a new partnership with Baidam Solutions. This partnership provides First Nations' people with scholarships, a full education and technical skills to combat the rise in cyberattacks against businesses, government and infrastructure.
Solutions Review's NDR Vendors to Watch is an annual listing of solution providers we believe are worth monitoring. Companies are commonly included if they demonstrate a product roadmap aligning with our meta-analysis of the marketplace. Other criteria include recent and significant funding, talent acquisition, a disruptive or innovative new technology or product, or inclusion in a major analyst publication.
The recent supply chain attack, which has affected around 18,000 SolarWinds Orion customers, is thought to have been executed by a sophisticated nation-state threat actor. Vectra'ss Matt Walmsley says that IT administrators and security teams have access to highly privileged credentials as part of their legitimate work. Attacking the digital supply chain of their software tools is an attempt to gain penetration and persistence right at the heart of their operations, gain privileged access and to provide springboard out across their digital hybrid-cloud enterprise.
Vectra'ss Matt Walmsley comments on the recent SolarWinds breach, discussing how security teams need to drastically reduce the overall risk of a breach by gaining instant visibility and understanding of who and what is accessing data or changing configurations, regardless of how they are doing it, and from where.
A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password ("SolarWinds123") that gave attackers an open door into its software-updating mechanism; and, SolarWinds' deep visibility into customer networks.
For many businesses, recovery from the pandemic fallout hinges in part on employees working safely and virus-free outside their homes. That leaves organizations facing the very real possibility that they will serve as both trackers and guardians of health data to ensure the safety of employees.
SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. John Mancini, senior product manager at Vectra, said that a core point of the DHS' guidance for remediating the SolarWinds hack is to analyze for any listed indicators of compromise and then "identify potential behaviors in metadata that may be related to the compromise."
A number of key US government departments have been hacked, with concern that the attack has allowed a foreign power to monitor American government communication.
In what may well turn out to be one of the most significant supply-chain attacks in recent years, a likely nation-state backed group compromised systems at SolarWinds and inserted malware into updates of the company'ss widely used Orion network management products that were released between March and June 2020. Matt Walmsley, EMEA director at Vectra, says the attackers likely manipulated Security Assertion Mark-up Language (SAML) authentication tokens used in Single Sign On to try and escalate privileges in the early stages of the campaign.
With 2021 fast approaching, cybersecurity experts and analysts note that cybersecurity will continue to evolve even as most of the world enters a post-COVID-19 era, with cybercriminals, threat actors and nation-state hackers ready to take advantage of whatever may happen next. This will keep CISOs, their security teams, as well as their counterparts in IT, trying to catch up and stay ahead.
Hackers working on behalf a foreign government are believed to be behind a highly sophisticated attack into a range of key government networks, including in the Treasury and Commerce Departments, and other agencies. The hackers had free access to their email systems.
Business Times
SolarWinds over the weekend admitted that hackers had exploited a backdoor in an update of some of its software released between March and June. The hacks are part of a wider campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers's computer systems.
The US Department of Homeland Security was the third federal department to be targeted in a major cyberattack, US media reported Monday, a day after Washington revealed the hack which may have been coordinated by a foreign government.<a href="http://www.digitaljournal.com/news/world/hackers-breach-us-agencies-homeland-security-a-reported-target/article/582585#ixzz6geNQYiN0"></a>
After a major data breach, do criminals actually have your password even if it has been encrypted? Companies have various ways of encrypting passwords. There are also techniques called salting and hashing. The upshot is, the average user will not take the time to find out how the affected company does their encrypting—or hashing or salting for that matter.
Oliver Tavakoli, our CTO, shares his thoughts on the upcoming cybersecurity trends to watch.
Chris Fisher, Vectra'ss director of security engineering APJ, shares that as our reliance on technology grows exponentially, so does the need for robust cybersecurity to protect users and keep data and business operations safe from hackers.
The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards.
With the market demand for NDR solutions is generating significant traction among forward-thinking enterprises with this set to continue into 2021, we'sre excited to welcome Jerome Jullien to the Vectra team as vice-president of international partner sales.
As the time for distribution of COVID-19 vaccines comes closer, law enforcement agencies across the world are warning of organized crime threats, including schemes to sell counterfeit vaccine on the dark web, as well as physical and virtual attacks targeting supply chain companies.
To exploit VMware'ss vulnerability, an attacker must have access to the device's management interface. This access can allow attackers to forge security assertion markup language (SAML) credentials to send seemingly authentic requests to gain access to protected data. Chris Morales, our head of security analytics, discusses howthat this is why granted access does not equate to trusted access.
Researchers at Abnormal Security said Monday they blocked an attack where a malicious email impersonating one of their customer's vendors bypassed the customer's Proofpoint gateway and set up a trap to steal Office 365 credentials. Chris Morales, head of security analytics at Vectra, said the known partner compromise technique equates to internal spear phishing, when a phishing email that originates from a trusted and legitimate connection doesn't get blocked by the email gateway.
With more than 25 years' experience in Enterprise Technology, including managing Channels, System Integrator and Service Provider (SI/SP) and Alliances, Jerome Jullien, now Vice President of International Sales, brings a strong track record of building successful business models for the Channel and will play a key role in managing and driving sales via the Vectra partner ecosystem.
Instead of monolithic ransomware, or a single piece of software that did everything and was highly automated, today's ransomware tends to be modular and often obtained from a malicious developer or acquired "as a service". There's an organized dark ecosystem for ransomware with component and service supply chains, not dissimilar to the structures and practices we see in the legitimate world. It's expeditious to change and morph, which makes traditional fingerprinting for signatures less effective.
This week, IBM Security X-Force uncovered a global phishing campaign targeting the COVID-19 Vaccine Cold Chain. The company's task force dedicated to tracking down COVID-19 cyber security threats said it discovered fraudulent emails impersonating a Chinese business executive at a credible cold-chain supply company. The emails, dating back to September, targeted organizations across six countries, including Italy, Germany, South Korea, Czech Republic, greater Europe and Taiwan, the company said. <br>
We are thrilled to announce the appointment of Jerome Jullien as Vice President of International Partner Sales to its leadership team.
The FBI this week made public a private industry notification warning that business email compromise (BEC) scammers are exploiting web-based email clients' auto-forwarding rules to secretly gather intel on their targets and also hide their fraudulent communications. Moreover, if organizations fail to sync their web-based email clients with their desktop-based clients, this suspicious activity may go unnoticed by infosec personnel.
A calculated cybercriminal operation is targeting companies in the coronavirus vaccine supply chain with phishing emails that appear to be designed to steal sensitive user credentials, IBM Security X-Force said in a report released Thursday. The targeted organizations are all associated with a COVID-19 cold chain, a component of the overall supply chain that ensures the safe storage of vaccines in cold environments during storage and transportation.
Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. This is a timely reminder that ransomware operators have changed their tactics and become far more targeted. Not only are they performing data theft and public bullying, but they remain active inside an organization for extended periods prior to detection.
Organizations that conduct almost all of their business online now face needing to protect an expanded threat surface. Ammar Enaya, our METNA regional director, shares his takes on how business can protect their data in the cloud.
If businesses do not configure their network to routinely sync their employees's web-based emails to their internal network, an intrusion may be left unidentified until the computer sends an update to the security appliance set up to monitor changes within the email applications. This leaves the employee and all connected networks vulnerable to cybercriminals.
The U.S. Federal Bureau of Investigation (FBI) issued a Private Industry Notification alert, noting that cybercriminals are increasingly implementing auto-forwarding rules on victims's web-based email clients to conceal their activities. According to the FBI, cybercriminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Email and password combinations are being sold for anywhere from $100 to $1,500 on Exploit.in, an underground hacker forum populated by Russian speakers.
Jerome Jullien has been appointed to the leadership team of network threat detection and response (NDR) vendor, Vectra, as the international partner sales vice president.
Artificial intelligence (AI) and machine learning (ML) will help make it possible to create an urban landscape that enables safe, efficient, convenient and self-optimizing traffic eco-systems, while dealing with highly increased complexity. As cities become "smarter", data collected from sensors regarding energy consumption, traffic, sanitation, will all increase at a scale that makes it difficult for certain types of tasks to be done well by humans alone, or would be unthinkable without the aid of automated system.
Next year we will also see more blurred lines across traditional channel boundaries. Sandra Hilt, senior director of channel sales for EMEA, at Vectra, shares her thoughts on how today's channel partners are increasingly positioned as service-led, trusted advisors to their customers. Consequently, the offering of different service engagements is becoming more and more important.
The new cloud capabilities allow Vectra and its users to track and link accounts and data in cloud and hybrid environments. This helps users prevent the loss of visibility when environments expand to the cloud where users leverage multiple accounts and may access resources from shadow IT devices.
Adam Mendler sat down with our CEO, Hitesh Sheth, for a one-on-one interview. Hitesh shared his perspective on leadership, AI, and technology trends.
With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.<br>
Australia's health sector is constantly the target of cyberattacks, and in the first half of 2020, a total o of all Australian data breaches were in the health sector. The real threat is already in healthcare networks in the form of privileged access misuse, the growth in healthcare IoT devices, and that the majority of attacks occur due to underinvestment in security operations or a lack of security awareness by insiders.
Techday'ss 10 Minute IT Jams provide sharp, to-the-point insights into emerging and established technology companies that operate in the Asia-Pacific region. In Techday'ss second IT Jam with Vectra AI, they speak with head of security engineering Chris Fisher, who discusses the organizational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organizations should take to protect employees from attacks.
With the end of the year nearing, two U.S. government agencies are warning shoppers to be cautious of online holiday shopping scams, fake emails and unencrypted financial transactions. Vectra'ss Chris Morales noted that emails containing deals and links to discount websites that seem too good to be true will be the main cause of security issues during the upcoming Black Friday and Cyber Monday.
Vectra has announced broader and deeper cloud capabilities to track and link accounts and data in hybrid environments.
This Presidential election campaign has seen myriad stories and comments published online by supporters on both sides looking to influence voters. While many were written by humans, an increasing number were generated by AI. Advances in machine learning mean AI generated text is now almost indistinguishable from anything written by people.
Organizations in the public and private sectors will continue to grapple with the security implications of remote or hybrid work environments. Between March and July approximately one-third of organizations said ransomware delivered by phishing increased over the five months prior. And more than half recorded a security incident, such as a breach. In the months that have followed, the threats have only accelerated as attackers show an appetite for exploiting anything COVID.
By seamlessly integrating with SaaS applications like Office 365, IaaS providers, identity providers and cloud virtualization platforms, Vectra is giving visibility into who and what is accessing data, regardless of how and where.
Private and trusted networks cannot be protected by old network security focused on malware signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has created a network where user identity has become the new perimeter
Vectra empowers security teams with continued analysis of how users are accessing, using and configuring cloud services based on logs from SaaS, and account usage from Identity Providers (IdPs) like Microsoft Azure AD. Vectra is uniquely positioned to protect this network of hybrid on-premise and cloud connectivity.
Menlo Labs discovered that there are 49 different versions of Chrome being used by their customers as of November 17. Vectra'ss Tim Wade explains that so long as there are zero days, which appears to be an indefinitely long, unceasing period of time, prevention will have a failure rate. What's more important than prevention is resilience, which involves identifying security investments that minimize the impact of an attack.
We'sve been working from home for months and there is more of it to come. Just to cheer us up even more Chris Morales, head of security analytics for Vectra, says a load of our commonly-used apps may be insecure. Listen to this podcast for his tips!
Vectra's network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks. Targeted credential-based attacks are so powerful that they render some prevention processes useless - particularly email security, multifactor authentication (MFA), cloud access security brokers (CASBs).
Private and trusted networks cannot be protected by legacy network security focused on signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has redefined the network and user identity has become the new perimeter. Vectra'ss cloud capabilities monitor threats across cloud, hybrid, and on-premise networks
Analyzing the psychological underpinnings of an insider threat case is a complex undertaking because there is little evidence and scant public data about insider threat incidents.
Vectra announced broader and deeper cloud capabilities to track and link accounts and data in hybrid environments. Vectra empowers security teams with continued analysis of how users are accessing, using and configuring cloud services based on logs from SaaS, and account usage from Identity Providers (IdPs) like Microsoft Azure AD.
The rise of targeted credential-based attacks negate email security, multifactor authentication (MFA), cloud access security brokers (CASBs), and other threat-prevention approaches normally established to protect users because these malicious account-based attacks look like legitimate user actions. Vectra ties together all host and account interactions as they move between cloud and on-premise environments in one consolidated view, to drastically reduce the overall risk of a breach.
Vectra is first to use cloud identities to track and link interactions between hosts and accounts across the entire network. Vectra's enhanced capabilities mark the first, and only, NDR solution that can detect and stop threats across the entire network, tying together attacker activities and progression between cloud, hybrid, and on-premise networks.
Private and trusted networks cannot be protected by old network security focused on malware signatures and anomaly detection alone. As workload shifts from clients, servers, and endpoints to the public cloud, this proliferation has created a network where user identity has become the new perimeter. Vectra is uniquely positioned to protect this network of hybrid on-premise and cloud connectivity with our learning behavioral models that stitch together hosts and on-premise and cloud identities to stop attacks earlier in the kill chain.
Modern day enterprise security is like guarding a fortress that is being attacked on all fronts, from digital infrastructure to applications to network endpoints. That complexity is why AI technologies such as deep learning and machine learning have emerged as game-changing defensive weapons in the enterprise's arsenal over the past three years.
An unauthorized person apparently gained access to a database of insurance software firm Vertafore earlier this year and compromised the driver'ss license data of over 27 million Texas citizens, the company detailed this week. The possibility that a system vulnerability does not exist could mean the data was obtained through a database configuration error, says Tim Wade, Vectra'ss technical director of the CTO team.
Experts have warned that cybercrime is likely to increase as more people prioritize online shopping over in-store purchases due to the Covid-19 pandemic. <em>The National</em> spoke to a number of cyber security experts who offered readers tips to help keep the online criminals at bay.
Organizations's migration to the cloud is a broad term that encompasses many different trends, three of which our CTO, Oliver Tavakoli, unpack and discuss in his article.
Healthcare facilities have become an increasingly popular target for ransomware groups in the past year. While an uptick in cyber attacks on United States hospitals might otherwise be attributed to that general trend, the FBI is warning that it has evidence of a coordinated criminal attack on the country's healthcare system.
Hackers selling network access to 7,500 educational establishments have reportedly dropped their asking price. Reports emerged last week that access was being sold by a threat actor on multiple Russian hacker forums and as well as educational organizations. The package also included access to corporate networks from other verticals, such as entertainment and the bar industry.
In the run-up to the 2020 U.S. elections, with reports of possible hacking and disinformation campaigns on everyone's mind, it was easy to have missed a rare press release issued by the National Security Agency (NSA)—a part of the federal government not known for making significant public announcements. While it's still unusual for the NSA to publicly list a series of vulnerabilities that are actively exploited by nation-state threat actors, the agency has been taking on a more public-facing role when it comes to cybersecurity.
A major global cyber threat to election security was squashed by the FBI with the help of Silicon Valley social media companies. Hitesh Sheth, our CEO, was interviewed to give his thoughts on using cybersecurity to combat the spread of disinformation.
When it comes to managing cyber-threats, the traditional focus has been on prevention, but today, good cyber-health requires a more balanced approach as more organisations experience increasingly complex and targeted attacks.
Vectra announced the appointment of Garry Veale as regional director for the United Kingdom and Ireland, following another calendar quarter of exceptional business growth. As NDR continues to gain momentum and recognition as essential to business security operations and incident response, Veale will play a pivotal role in driving the continued success of Vectra expansion across the region.
The COVID-19 pandemic and the newly distributed workforce that it engendered upended security strategies and forced a rethink of approaches to securing remote workers and supply chains at many companies. With more users accessing enterprise systems and data from their homes, attack surfaces increased dramatically. Enterprise security teams found themselves scrambling to implement new controls to manage threats due to their increased risk exposure.
Our CEO, Hitesh Sheth, sat down for an executive Q&A to share career advice and other lessons he'ss learned while working.
Besides civil unrest and other physical security threats, the 2020 election also faces significant digital threats that could wreak havoc on U.S. election infrastructure and the legitimacy of the results.
Identifying behavior is critical for detecting and stopping threats before they cause damage. Vectra help Federal Agencies hunt down attacker behaviors and shuts them down, stopping breaches at speed and scale.
CISA released a joint statement co-authored with the FBI and HHS describing the tactics, techniques and procedures (TTPs) that are being used by cybercriminals to extort healthcare organizations and hospitals with ransomware during COVID-19.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. Criminals have moved to lower volume, but highly targeted ransomware attacks. These are multifaceted, complex, and unfold over extended periods of time and increasingly use the legitimate tools within networks and cloud services.
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the Department of Health and Human Services are warning healthcare providers to take precautions to protect their networks from threats, which include attempts to infect systems with Ryuk ransomware. CISA, FBI, and HHS encourage healthcare organizations to maintain business continuity plans to minimize service interruptions.<br>
Recent reports from the Federal Bureau of Investigation (FBI) indicate that hackers are unleashing a major ransomware attack wave on hospitals across the United States. In what they term "a wave of data-scrambling extortion attempts" aiming to lock up hospital IT environments even as the COVID-19 epidemic spikes.
Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information. Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.<br>
While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity—or even become entry points for attacks against enterprise assets.
Attackers are exploiting the rapid adoption of cloud-based collaboration services such as Microsoft's SharePoint Online and OneDrive by leveraging them as a social engineering tool to trick users into clicking on malicious links, often for the purpose of wire fraud or supply chain fraud. Oliver Tavakoli, CTO at Vectra, agreed that these kind of phishing scams tend to be more successful since the email is sourced by an internal party, rather than being from an external party pretending to be internal, and the links to SharePoint or OneDrive files reinforce to the victim that this is an internal communication.
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working. Hitesh Sheth, our CEO, discusses how organizations can navigate the distributed workforce landscape when it comes to insider threats, and recommends security postures that anticipate the actual threats themselves by proactively detecting and responding to malicious behaviors that can lead to a data breach or theft.
The U.S. National Security Agency (NSA) is warning that Chinese-linked hacking groups are exploiting 25 vulnerabilities in software systems and network devices as part of cyberespionage campaigns - which means patching is urgent. NSA analysts say China-backed hackers are targeting the U.S. Defense Department as well as America'ss national security systems and the private defense industry, using vulnerabilities as launching pads into networks, according to the alert.
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The exploits themselves also cover a broad range of steps in the cyberattack lifecycle, indicating that many of the attacks in which these exploits were observed were already pretty deep into the attack progression – and many were likely found only after-the-fact through deep forensic efforts rather than having been identified while the attacks were active.
The NSA has gathered enough cyber-attack data from Chinese hackers and has the list with the most exploited flaws. Oliver Tavakoli, our CTO, comments on the breadth of products covered by the list of CVEs.