Feds Issue Warning About Surge in Hospital Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the Department of Health and Human Services are warning healthcare providers to take precautions to protect their networks from threats, which include attempts to infect systems with Ryuk ransomware. CISA, FBI, and HHS encourage healthcare organizations to maintain business continuity plans to minimize service interruptions.
Hackers target Pfizer exposing sensitive patient information
Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information. Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Cybercriminals Could be Coming After Your Coffee
While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity—or even become entry points for attacks against enterprise assets.
Malicious SharePoint and OneDrive Links Are a Phishing Scammer’s Dream
Attackers are exploiting the rapid adoption of cloud-based collaboration services such as Microsoft’s SharePoint Online and OneDrive by leveraging them as a social engineering tool to trick users into clicking on malicious links, often for the purpose of wire fraud or supply chain fraud. Oliver Tavakoli, CTO at Vectra, agreed that these kind of phishing scams tend to be more successful since the email is sourced by an internal party, rather than being from an external party pretending to be internal, and the links to SharePoint or OneDrive files reinforce to the victim that this is an internal communication.
NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers
The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The exploits themselves also cover a broad range of steps in the cyberattack lifecycle, indicating that many of the attacks in which these exploits were observed were already pretty deep into the attack progression – and many were likely found only after-the-fact through deep forensic efforts rather than having been identified while the attacks were active.
Trust in Remote Working Tools Declines as Need for Security Increases
As it becomes evident that the WFH model is going to be with us well into 2021 and there is a sense that many companies will not return to a pre-pandemic models of almost everyone working from an office all the time, longer-term and more sustainable investments into how employees connect to applications are being undertaken. Zero-trust and a bias toward cloud-native delivery of applications have become central to that direction.
NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
Dealing With Insider Threats in the Age of COVID
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working. Hitesh Sheth, our CEO, discusses how organizations can navigate the distributed workforce landscape when it comes to insider threats, and recommends security postures that anticipate the actual threats themselves by proactively detecting and responding to malicious behaviors that can lead to a data breach or theft.
NSA: Chinese Hackers Exploiting 25 Vulnerabilities
The U.S. National Security Agency (NSA) is warning that Chinese-linked hacking groups are exploiting 25 vulnerabilities in software systems and network devices as part of cyberespionage campaigns - which means patching is urgent. NSA analysts say China-backed hackers are targeting the U.S. Defense Department as well as America's national security systems and the private defense industry, using vulnerabilities as launching pads into networks, according to the alert.
These Are the Most Exploited Flaws by Chinese Hackers According to the NSA
The NSA has gathered enough cyber-attack data from Chinese hackers and has the list with the most exploited flaws. Oliver Tavakoli, our CTO, comments on the breadth of products covered by the list of CVEs.
How Organizations Can Do Their Part And Be CyberSmart Beyond National Cyber Security Awareness Month
October is Cyber Security Awareness Month, which was created to raise awareness around the importance of cybersecurity and provide organizations with resources to be safer and more secure online. Chris Morales, head of security analytics, shares his thoughts on security Microsoft Office 365.
The Covid effect on cybercrime
With people’s health, jobs and finances all under threat, cyber monitors report an increase in e-mails enticing users to click on unsafe links, purportedly offering information on rising local case numbers, advice on safety measures, tips for claiming stimulus cheques, as well as alerts on coronavirus-linked investment opportunities or relief donations. Ammar Enaya, our Regional Director (METNA), talks about how ransomware, privileged access abuse, data loss and poorly configured services that create vulnerabilities are significant risks.
Treating the underlying causes of healthcare’s cyber security symptoms
Chris Morales, our head of security analytics, shares his thoughts on security in healthcare. Through Vectra's own research as well as in the wider industry context, it's understood that the real threat is already in healthcare networks in the form of privileged access misuse; the growth in healthcare IoT devices is overwhelming and dangerous; and a majority of attacks occur due to negligence and a lack of security awareness by insiders.
How cyber-attackers use Microsoft 365 tools to steal data
It’s been well documented that 2020 has seen a sharp rise in cyber-attacks, and almost no industry has been spared. Software tools, especially those that facilitate remote collaboration, have seen a surge in user engagement - but even these aren’t immune to the proliferation of cyber-attacks. Microsoft’s Office 365 is no exception, as explained in Vectra's 2020 Spotlight Report on Office 365.
Barnes & Noble gets hacked; notifies customers of possible data breach
Barnes & Noble, American bookseller, has notified customers of a possible data breach that may have affected their personal information. Tim Wade, our Technical Director on the CTO Team, notes that incident response can be complex and messy, and the Barnes and Noble statement likely reflects that reality.
Comment les cybers attaquants exploitent Microsoft 365 pour s’emparer des données des entreprises?
Vectra, spécialiste de la « détection et réponse » réseau, publie une intéressante étude sur les menaces ciblant Office 365 et ses utilisateurs.
Poor identity controls allow attackers to exploit Office 365
Vectra's Spotlight Report on Microsoft Office 365 showcases how Office 365 is attractive to cybercriminals because it provides a single gateway to infiltrate multiple applications. Matt Walmsley discusses how attackers utilize internal phishing, among other techniques, to perform lateral movement privilege escalation and reconnaissance behaviors.
Cybercriminals are stealing data using Microsoft’s Office 365 tools, Vectra
According to Vectra's Spotlight Report on Microsoft Office 365, cybercriminals can launch attacks that are far more sophisticated targeting legitimate tools and services such as Power Automate (an application which lets users create custom integrations and automated workflows between Office 365 applications), Microsoft eDiscovery (an electronic discovery tool that searches across Office 365 applications/data and exports the results), and OAuth (an open standard for access authentication).
Vectra releases its 2020 Spotlight Report on Microsoft Office 365
Vectra's Spotlight Report on Microsoft Office 365 analyzes the usage patterns and behaviors of attackers within Office 365 services and tools. Ideally, when security teams face attacks within their Office 365 environments, they will have solid information and expectations about SaaS platforms to easily pinpoint and mitigate malicious behaviors and privilege abuse.
Vectra highlights how Office 365 tools are used in enterprise cyberattacks
With more than 250 million active users each month, Office 365 is the foundation of enterprise data sharing, storage, and communication for many organizations. This makes it a prime target for cyberattackers, who use Office 365's built-in tools and services to conduct breaches.
Microsoft Office 365 Accounts a Big Target for Attackers
Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity. In new research, Vectra found that attackers are widely using Office 365 accounts to move laterally to other users and accounts within an enterprise, carry out command-and-control communications, and perform other malicious activities.
Barnes & Noble Investigates Hacking Incident
Barnes & Noble is investigating a security incident involving unauthorized access to its corporate systems, including those storing customers' email addresses as well as billing and shipping addresses and telephone numbers. Tim Wade, our technical director on the CTO team, discusses how attackers are constantly looking to take advantage of any weak point in your security posture just to gain entry to IT infrastructure.
Comment les cyberattaquants se servent des outils Microsoft 365 pour dérober les données des entreprises?
Microsoft 365 est en effet la plateforme adoptée par bon nombre de ces utilisateurs pour le partage de données, le stockage et la communication d’entreprise, ce qui en fait une cible particulièrement convoitée par les cybercriminels.
Research identifies how cyberattackers use Microsoft Office 365 tools
Vectra's 2020 Spotlight Report pinpoints the vulnerabilities in Microsoft Office 365, revealing that cyberattackers use built-in services to infiltrate and breach organizations.
Vectra Security Research Identifies How Cyberattackers Use Microsoft Office 365 Tools To Steal Data
User account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organization’s network. This kind of account takeover ultimately cause the loss of personal data from organizations in Australia in recent months.
The case for behavior-based threat detection
Ammar Enaya, Regional Director – METNA, Vectra, explains how focusing on attacker behavior can improve threat detection. By combining data science, machine learning and behavioral analysis, automated threat management detects malicious behaviors inside the network, regardless of the attacker’s attempt to evade signatures and whether it’s an insider or outsider threat.
Cybercriminals are using legitimate Office 365 services to launch attacks
Vectra's new Spotlight Report on Microsoft Office 365 enumerates the leading suspicious behaviors that occur when cyberattackers infiltrate an organization.
Troubled by Security Risks Posed by Avionics Systems, GAO Urges FAA to Boost Oversight
Airplane manufacturers have cybersecurity controls in place and there haven’t been reports of successful cyberattacks on commercial airplane IT systems to date, but evolving cyber threats could put future flight safety at risk if the FAA doesn’t prioritize oversight. Tim Wade, technical director of the CTO Team at Vectra, says it’s encouraging that technology has evolved to the point where previously unconsidered attack vectors are possible and relevant, highlighting that security has become an ongoing – not just a point-in-time – activity.
Office 365: A Favorite for Cyberattack Persistence
Vecrtra's recent Spotlight Report on Office 365 highlights how cyberattackers use legitimate Microsoft services to conduct attacks. Chris Morales, head of security analytics, talks about the ways in which breaches can occur in Office 365.
Attackers use Office 365 tools to steal data
As organizations begin to adopt security measures to protect user accounts, such as multi-factor authentication (MFA), Vectra's Spotlight Report on Office 365 reveals that 40% of organizations still suffer from Office 365 breaches. The study reveals that user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organization's network.
How Cyberattackers Use Microsoft Office 365 Tools Against Organizations to Steal Data
Since Office 365 is the foundation of enterprise data sharing, storage, and communication for many of those users, it is an incredibly rich treasure trove for attackers. Vectra's Spotlight Report on Office 365 shows how breaching software-as-a-service (SaaS) user accounts is one of the fastest-growing and most prevalent problems for organizations, even before COVID-19 forced the vast and rapid shift to remote work.
Latest Vectra Research Identifies How Cyberattackers Use Microsoft Office 365 Tools Against Organizations
The 2020 Spotlight Report on Microsoft Office 365 zeroes in on the use of Office 365 in enterprise cyberattacks. The report explains how cybercriminals use built-in Office 365 services to conduct attacks and take over user accounts.
Vectra Research Classifies How Cyberattackers Use Microsoft Office 365 Tools Against Businesses
The release of Vectra's 2020 Spotlight Report on Office 365 revealed that Microsoft Office 365 is a prime target for cyberattackers, often using Microsoft's built-in services to infiltrate. Attackers will continue to exploit human behaviors, social engineering, and identity theft to establish a foothold and to steal data in every type of organization.
The case for behaviour-based threat detection
Ammar Enaya, our regional director of METNA, talks through the importance of a behavior-based approach to threat detection.
Tech Report Weekly: WFH glory at Zoomtopia, ASOS results, World Summit AI
Matt Walmsley, our EMEA director, reacts to the news that Public Health England lost thousands of COVID-19 test results as a result of using an Excel spreadsheet to manage the data. His comments are featured as the quote of the week.
The Cloud Story
With more organizations transitioning to the cloud, ways of thinking about and conducting business have undergone transformations. Matt Walmsley, our EMEA director, shared his perspective on how channel partners can grow their cloud business.
Threat Actors, TA505 and MERCURY, Exploiting ZeroLogon to Attack and Gain Account Control Privileges
With Microsoft's recent warning about more cybercriminals exploiting ZeroLogon in attacks, there's been much discussion on the ways to combat this vulnerability. Our EMEA director, Matt Walmsley, advises that security teams should pay close attention to systems which can report when user accounts or hosts are being used to access network services and objects they don’t normally access.
2020 School Year Brings Cybersecurity Concerns Along With COVID-19
COVID-19 has forced many schools to transition to remote learning for the 2020 school year, surfacing a slew of concerns regarding cybersecurity. Oliver Tavakoli, our CTO, shares his thoughts on the prevalence of cyberattacks in this novel remote learning landscape.
Ensuring secure data centre operations and avoiding cyberattacks
A discussion of the different variables that contribute to secure operations in data centers. Our EMEA Director, Matt Walmsley, weighs in on the sophisticated, long-term methodologies used when targeting data centers.
“Wholly inappropriate”: Excel use for coronavirus test data slammed by cybersecurity experts
There has been outcry from IT and cybersecurity professionals surrounding the addition of Microsoft Excel to the test-and-trace system for coronavirus test data. Matt Walmsley, our EMEA director, offers his thoughts on the use of Excel for this purpose.
Industry Reactions to New Pastebin Security Features: Feedback Friday
In response to two new features released by Pastebin (Burn After Read and Password Protected Pastes), Tim Wade, our technical director, applauds the prioritization of individual privacy protections.
Ensuring secure data centre operations and avoiding cyberattacks
Our EMEA Director, Matt Walmsley, shares his insights on potential threats to data centers. He enumerates and explains critical attack vectors used to target data centers: co-opting administrative access, local authentication loopholes, and hardware backdoors.
Video: 10 Minute IT Jams - Who is Vectra AI?
Techday's 10 Minute IT Jams provide sharp, to-the-point insights into emerging and established technology companies that operate in the Asia-Pacific region. Vectra's head of security engineering, Chris Fisher, discusses key products and offerings, updates on operations in the A/NZ region, and the latest improvements on products.
Inside the unusual world of cyber insurance, where ransoms are legally paid to criminal hackers
Matt Walmsley, our director of product marketing in EMEA, discusses ransomware attacks and the resulting need for cyberinsurance.
Warning: Attackers Exploiting Windows Server Vulnerability
Microsoft has shared the existence of a ZeroLogon vulnerability in its software. Brian Davis, our director of federal security solutions, warns that hackers can exploit this weakness to breach a network and conduct remote actions that allow them to gain control or attempt to exfiltrate data.
6 Things to Know About the Microsoft 'Zerologon' Flaw
Our senior consulting analyst, Luke Richards, shares his insights about netlogon and zerologon in repsonse to a new identified vulnerability in Microsoft's security.
Microsoft warns ‘ZeroLogon’ Windows Server vulnerability is being exploited in the wild
Vulnerabilities like ZeroLogon provide reminders of cybersecurity weaknesses when it comes to relying heavily on signatures, according to Brian Davis, our director of federal security solutions.
How to win the cybersecurity battle in healthcare
Chris Morales, our head of security analytics, sheds light on the things he's learned about cyberattacks in the healthcare industry, emphasizing three main points that lead to breaches: privileged access misuse, the growth of IoT healthcare devices, and a lack of security awareness by insiders.
Vectra AI and Exclusive Networks sign partnership to integrate NDR tech
Vectra announces its partnership with Exclusive Networks, enabling their NDR solution to integrate with Exclusive Networks's current EDR and SIEM offerings.
A Connected World
IoT has become integral to enterprise technology roadmaps when it comes to the digital transformation journey, especially with COVID-19 ushering in an increased adoption of cloud technologies. Ammar Enaya, our regional director of METNA, discusses how the exponential growth in IoT can be attributed to a set of factors including efficiency gains and new value creation opportunities.