Media Coverage - 2020

Media coverage published in 2020

Treating the underlying causes of healthcare’s cyber security symptoms

October 18, 2020

Health Tech World

Chris Morales, our head of security analytics, shares his thoughts on security in healthcare. Through Vectra's own research as well as in the wider industry context, it's understood that the real threat is already in healthcare networks in the form of privileged access misuse; the growth in healthcare IoT devices is overwhelming and dangerous; and a majority of attacks occur due to negligence and a lack of security awareness by insiders.

Text Link

Hackers target Pfizer exposing sensitive patient information

October 25, 2020

The National

Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information. Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.

Text Link

Cybercriminals Could be Coming After Your Coffee

October 23, 2020

Dark Reading

While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity—or even become entry points for attacks against enterprise assets.

Text Link

These Are the Most Exploited Flaws by Chinese Hackers According to the NSA

October 21, 2020

Tech Nadu

The NSA has gathered enough cyber-attack data from Chinese hackers and has the list with the most exploited flaws. Oliver Tavakoli, our CTO, comments on the breadth of products covered by the list of CVEs.

Text Link

Malicious SharePoint and OneDrive Links Are a Phishing Scammer’s Dream

October 22, 2020

SC Magazine

Attackers are exploiting the rapid adoption of cloud-based collaboration services such as Microsoft’s SharePoint Online and OneDrive by leveraging them as a social engineering tool to trick users into clicking on malicious links, often for the purpose of wire fraud or supply chain fraud. Oliver Tavakoli, CTO at Vectra, agreed that these kind of phishing scams tend to be more successful since the email is sourced by an internal party, rather than being from an external party pretending to be internal, and the links to SharePoint or OneDrive files reinforce to the victim that this is an internal communication.

Text Link

The Covid effect on cybercrime

October 20, 2020

Gulf News

With people’s health, jobs and finances all under threat, cyber monitors report an increase in e-mails enticing users to click on unsafe links, purportedly offering information on rising local case numbers, advice on safety measures, tips for claiming stimulus cheques, as well as alerts on coronavirus-linked investment opportunities or relief donations. Ammar Enaya, our Regional Director (METNA), talks about how ransomware, privileged access abuse, data loss and poorly configured services that create vulnerabilities are significant risks.

Text Link

How cyber-attackers use Microsoft 365 tools to steal data

October 16, 2020

Security Brief New Zealand

It’s been well documented that 2020 has seen a sharp rise in cyber-attacks, and almost no industry has been spared. Software tools, especially those that facilitate remote collaboration, have seen a surge in user engagement - but even these aren’t immune to the proliferation of cyber-attacks. Microsoft’s Office 365 is no exception, as explained in Vectra's 2020 Spotlight Report on Office 365.


Text Link

NSA: Chinese Hackers Exploiting 25 Vulnerabilities

October 21, 2020

Gov Info Security

The U.S. National Security Agency (NSA) is warning that Chinese-linked hacking groups are exploiting 25 vulnerabilities in software systems and network devices as part of cyberespionage campaigns - which means patching is urgent. NSA analysts say China-backed hackers are targeting the U.S. Defense Department as well as America's national security systems and the private defense industry, using vulnerabilities as launching pads into networks, according to the alert.

Text Link

Dealing With Insider Threats in the Age of COVID

October 21, 2020

Dark Reading

Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working. Hitesh Sheth, our CEO, discusses how organizations can navigate the distributed workforce landscape when it comes to insider threats, and recommends security postures that anticipate the actual threats themselves by proactively detecting and responding to malicious behaviors that can lead to a data breach or theft.

Text Link

NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities

October 21, 2020

Security Magazine

The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.

Text Link

Trust in Remote Working Tools Declines as Need for Security Increases

October 21, 2020

Infosecurity Magazine

As it becomes evident that the WFH model is going to be with us well into 2021 and there is a sense that many companies will not return to a pre-pandemic models of almost everyone working from an office all the time, longer-term and more sustainable investments into how employees connect to applications are being undertaken. Zero-trust and a bias toward cloud-native delivery of applications have become central to that direction.

Text Link

NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers

October 21, 2020

Security Week

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors. The exploits themselves also cover a broad range of steps in the cyberattack lifecycle, indicating that many of the attacks in which these exploits were observed were already pretty deep into the attack progression – and many were likely found only after-the-fact through deep forensic efforts rather than having been identified while the attacks were active.

Text Link

How Organizations Can Do Their Part And Be CyberSmart Beyond National Cyber Security Awareness Month

October 20, 2020

AIThority

October is Cyber Security Awareness Month, which was created to raise awareness around the importance of cybersecurity and provide organizations with resources to be safer and more secure online. Chris Morales, head of security analytics, shares his thoughts on security Microsoft Office 365.

Text Link

Comment les cyberattaquants se servent des outils Microsoft 365 pour dérober les données des entreprises?

October 15, 2020

Global Security Mag

Microsoft 365 est en effet la plateforme adoptée par bon nombre de ces utilisateurs pour le partage de données, le stockage et la communication d’entreprise, ce qui en fait une cible particulièrement convoitée par les cybercriminels.

Text Link

Comment les cybers attaquants exploitent Microsoft 365 pour s’emparer des données des entreprises?

October 16, 2020

IT for Business

Vectra, spécialiste de la « détection et réponse » réseau, publie une intéressante étude sur les menaces ciblant Office 365 et ses utilisateurs.

Text Link

Barnes & Noble gets hacked; notifies customers of possible data breach

October 16, 2020

Security Week

Barnes & Noble, American bookseller, has notified customers of a possible data breach that may have affected their personal information. Tim Wade, our Technical Director on the CTO Team, notes that incident response can be complex and messy, and the Barnes and Noble statement likely reflects that reality.

Text Link

Barnes & Noble Investigates Hacking Incident

October 15, 2020

Data Breach Today

Barnes & Noble is investigating a security incident involving unauthorized access to its corporate systems, including those storing customers' email addresses as well as billing and shipping addresses and telephone numbers. Tim Wade, our technical director on the CTO team, discusses how attackers are constantly looking to take advantage of any weak point in your security posture just to gain entry to IT infrastructure.

Text Link

Microsoft Office 365 Accounts a Big Target for Attackers

October 15, 2020

Dark Reading

Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity. In new research, Vectra found that attackers are widely using Office 365 accounts to move laterally to other users and accounts within an enterprise, carry out command-and-control communications, and perform other malicious activities.

Text Link

Vectra highlights how Office 365 tools are used in enterprise cyberattacks

October 15, 2020

TECHx

With more than 250 million active users each month, Office 365 is the foundation of enterprise data sharing, storage, and communication for many organizations. This makes it a prime target for cyberattackers, who use Office 365's built-in tools and services to conduct breaches.

Text Link

Vectra releases its 2020 Spotlight Report on Microsoft Office 365

October 15, 2020

Security MEA

Vectra's Spotlight Report on Microsoft Office 365 analyzes the usage patterns and behaviors of attackers within Office 365 services and tools. Ideally, when security teams face attacks within their Office 365 environments, they will have solid information and expectations about SaaS platforms to easily pinpoint and mitigate malicious behaviors and privilege abuse.

Text Link

Cybercriminals are stealing data using Microsoft’s Office 365 tools, Vectra

October 15, 2020

ITP.net

According to Vectra's Spotlight Report on Microsoft Office 365, cybercriminals can launch attacks that are far more sophisticated targeting legitimate tools and services such as Power Automate (an application which lets users create custom integrations and automated workflows between Office 365 applications), Microsoft eDiscovery (an electronic discovery tool that searches across Office 365 applications/data and exports the results), and OAuth (an open standard for access authentication).

Text Link

Poor identity controls allow attackers to exploit Office 365

October 15, 2020

Enterprise Times

Vectra's Spotlight Report on Microsoft Office 365 showcases how Office 365 is attractive to cybercriminals because it provides a single gateway to infiltrate multiple applications. Matt Walmsley discusses how attackers utilize internal phishing, among other techniques, to perform lateral movement privilege escalation and reconnaissance behaviors.

Text Link

Troubled by Security Risks Posed by Avionics Systems, GAO Urges FAA to Boost Oversight

October 14, 2020

SC Magazine

Airplane manufacturers have cybersecurity controls in place and there haven’t been reports of successful cyberattacks on commercial airplane IT systems to date, but evolving cyber threats could put future flight safety at risk if the FAA doesn’t prioritize oversight. Tim Wade, technical director of the CTO Team at Vectra, says it’s encouraging that technology has evolved to the point where previously unconsidered attack vectors are possible and relevant, highlighting that security has become an ongoing – not just a point-in-time – activity.

Text Link

Cybercriminals are using legitimate Office 365 services to launch attacks

October 14, 2020

Help Net Security

Vectra's new Spotlight Report on Microsoft Office 365 enumerates the leading suspicious behaviors that occur when cyberattackers infiltrate an organization.

Text Link

The case for behavior-based threat detection

October 14, 2020

Tahawul Tech

Ammar Enaya, Regional Director – METNA, Vectra, explains how focusing on attacker behavior can improve threat detection. By combining data science, machine learning and behavioral analysis, automated threat management detects malicious behaviors inside the network, regardless of the attacker’s attempt to evade signatures and whether it’s an insider or outsider threat.

Text Link